diff -Nru exim4-4.95/debian/changelog exim4-4.96/debian/changelog --- exim4-4.95/debian/changelog 2022-06-03 21:37:10.000000000 +0000 +++ exim4-4.96/debian/changelog 2022-07-14 08:33:39.000000000 +0000 @@ -1,3 +1,111 @@ +exim4 (4.96-3ubuntu1) kinetic; urgency=medium + + * Merge with Debian unstable. (LP: #1971274) Remaining changes: + - Show Ubuntu distribution in SMTP banner + + d/p/fix_smtp_banner.patch: Show Ubuntu distribution + in SMTP banner. + + Build-Depends on lsb-release to detect Distribution. + - Disable external SPF support to avoid Build-Depends on libspf2-dev + (only available in universe). SPF can still be implemented via + spf-tools-perl, as documented in exim4.conf.template. (LP #1952738) + This reverts Vcs-Git commit 494f1fe, first released in 4.95~RC0-1. + Changes: + + d/control: drop Build-Depends on libspf2-dev. + + d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based + on spfquery.mail-spf-perl from spf-tools-perl. + + d/EDITME.exim4-heavy.diff: disable support for libspf2. + + -- Christian Ehrhardt Thu, 14 Jul 2022 10:33:39 +0200 + +exim4 (4.96-3) unstable; urgency=medium + + * Fix error messages of test-groff -b -mandoc -dAD=l -rF0 -rHY=0 -t -w w -z + on processing update-exim4.conf.8 and exim4-config_files.5. Also make + mandoc -lint update-exim4.conf.8 happy. (Thanks, Bjarni Ingi Gislason for + patch and report.) + Closes: #1014347, #1014349, #1014356 + * 75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch: + Bug 2903: avoid exit on an attempt to rewrite a malformed address. + * Add dovecot server-side AUTH example. Closes: #1014235 + + -- Andreas Metzler Wed, 13 Jul 2022 13:22:40 +0200 + +exim4 (4.96-1) unstable; urgency=low + + * New upstream version, almost identical to RC2. + * Upload to unstable. + * Extend debian/NEWS. + * Update lintian-overrides for new lintian version. + + -- Andreas Metzler Sun, 26 Jun 2022 14:11:00 +0200 + +exim4 (4.96~RC2-1) experimental; urgency=low + + * New upstream version. + + Drop 75_*.patch. + + -- Andreas Metzler Thu, 16 Jun 2022 10:32:16 +0200 + +exim4 (4.96~RC1-2) experimental; urgency=low + + * Update from upstream GIT master: + + 75_70-Debug-clarify-SMTP-DATA-ops-in-transport.patch + + 75_71-Docs-more-info-on-PIPECONNECT.patch + + 75_72-TLS-resumption-disable-on-continued-connection.patch + + 75_73-Logging-distinguish-mem-allocation-errors.patch + + 75_74-typo.patch + + 75_75-TLS-resumption-fix-for-PIPECONNECT.patch + + 75_76-DEBUG-clarify-multiline-smtp-responses.patch + + 75_77-CHUNKING-fix-second-message-on-conn-when-first-rejec.patch + + 75_78-CHUNKING-handle-protocol-errors-during-reception.patch + + -- Andreas Metzler Sat, 28 May 2022 11:41:06 +0200 + +exim4 (4.96~RC1-1) experimental; urgency=low + + * Merge 4.95-6: + 75_68-GnuTLS-Do-not-free-the-cached-creds-on-transport-con.patch: + Fix segfault on deferred delivery on first MX. Closes: #1004740 + (Huge thanks to Gedalya for finding/setting up a reproducer and taking + this upstream.) + * New upstream version. + * Pull 75_69-ARC-reset-headers-before-signing-for-secondary-MX.-B.patch to + fix a crash when built against libarc. + + -- Andreas Metzler Sat, 21 May 2022 13:09:06 +0200 + +exim4 (4.96~RC0-1) experimental; urgency=low + + * Drop code for upgrading from ancient (4.80-7 and earlier) versions in + maintainer-scripts. Closes: #1000962 + * New upstream version. + + Drop cherrypicked patches. + + Unfuzz patches (including EDITME*). + + Uses pcre2 (Closes: #1000107), update b-d to libpcre2-dev. + + The allow_insecure_tainted_data main config option and the + "taint" log_selector were removed, add entry to NEWS. + + -- Andreas Metzler Sun, 24 Apr 2022 18:38:06 +0200 + +exim4 (4.95-6) unstable; urgency=high + + * Drop code for upgrading from ancient (4.80-7 and earlier) versions in + maintainer-scripts. Closes: #1000962 + * 75_68-GnuTLS-Do-not-free-the-cached-creds-on-transport-con.patch: + Fix segfault on deferred delivery on first MX. Closes: #1004740 + + -- Andreas Metzler Fri, 20 May 2022 19:37:43 +0200 + +exim4 (4.95-5) unstable; urgency=medium + + * More upstream fixes: + + 75_60-Utilities-fix-exiqgrep-perl-syntax-add-testcases.-Bu.patch + Closes: #1006661 + + 75_64-Logging-fix-crash-on-local_part-utf8-conversion-fail.patch + * Update exiqgrep manpage. + + -- Andreas Metzler Sun, 10 Apr 2022 13:57:43 +0200 + exim4 (4.95-4ubuntu3) kinetic; urgency=medium * d/p/lp1974214-segfault-smtp-delivery-0{1,2}.patch: Fix segfault when diff -Nru exim4-4.95/debian/control exim4-4.96/debian/control --- exim4-4.95/debian/control 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/control 2022-07-14 08:33:39.000000000 +0000 @@ -10,7 +10,7 @@ Andreas Metzler , Marc Haber , Homepage: https://www.exim.org/ -Standards-Version: 4.6.0 +Standards-Version: 4.6.1 Rules-Requires-Root: binary-targets Vcs-Git: https://salsa.debian.org/exim-team/exim4.git Vcs-Browser: https://salsa.debian.org/exim-team/exim4 @@ -26,7 +26,7 @@ libidn2-dev, libldap2-dev, libpam0g-dev, - libpcre3-dev, + libpcre2-dev, libperl-dev, libpq-dev, libsasl2-dev, diff -Nru exim4-4.95/debian/copyright exim4-4.96/debian/copyright --- exim4-4.95/debian/copyright 2020-08-24 20:02:46.000000000 +0000 +++ exim4-4.96/debian/copyright 2022-07-14 08:23:37.000000000 +0000 @@ -56,7 +56,7 @@ ----------------------------------------------------------------- exim is Copyright (c) 1995 - 2018 University of Cambridge. - Copyright (c) 2006-2020 The Exim Maintainers + Copyright (c) 2006-2022 The Exim Maintainers The original licence is as follows (from the file NOTICE in the upstream distribution); a copy of the GNU GPL version 2 is available in @@ -220,6 +220,7 @@ PDKIM - a RFC4871 (DKIM) implementation http://duncanthrax.net/pdkim/ +Copyright (c) The Exim Maintainers 2021 - 2022 Copyright (C) 2009 - 2016 Tom Kistner Copyright (C) 2016 - 2020 Jeremy Harris diff -Nru exim4-4.95/debian/debconf/conf.d/auth/30_exim4-config_examples exim4-4.96/debian/debconf/conf.d/auth/30_exim4-config_examples --- exim4-4.95/debian/debconf/conf.d/auth/30_exim4-config_examples 2020-08-24 20:02:46.000000000 +0000 +++ exim4-4.96/debian/debconf/conf.d/auth/30_exim4-config_examples 2022-07-14 08:23:37.000000000 +0000 @@ -191,6 +191,34 @@ # server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}} # .endif +# Use dovecot as authentication backend +# Requires changes to dovecot configuration: +# 8X--------------------- +# --- /etc/dovecot/conf.d/10-master.conf 2020-12-22 13:26:52.000000000 +0000 +# +++ /etc/dovecot/conf.d/10-master.conf 2022-07-13 11:17:02.479100984 +0000 +# @@ -108,6 +108,14 @@ +# # mode = 0666 +# #} +# +# +### SASL listener for exim start +# + # SASL exim +# + unix_listener /var/spool/exim4/dovecot.auth-client { +# + mode = 0660 +# + group = Debian-exim +# + } +# +### SASL listener for exim end +# + +# # Auth process is run as this user. +# #user = $default_internal_user +# } +# 8X--------------------- +# +# dovecot_plain_server: +# driver = dovecot +# public_name = PLAIN +# server_socket = /var/spool/exim4/dovecot.auth-client +# server_set_id = $auth1 + ############## # See /usr/share/doc/exim4-base/README.Debian.gz ############## diff -Nru exim4-4.95/debian/EDITME.exim4-heavy.diff exim4-4.96/debian/EDITME.exim4-heavy.diff --- exim4-4.95/debian/EDITME.exim4-heavy.diff 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/EDITME.exim4-heavy.diff 2022-07-14 08:31:43.000000000 +0000 @@ -1,5 +1,5 @@ ---- EDITME.exim4-light 2021-11-14 12:07:47.245686377 +0000 -+++ EDITME.exim4-heavy 2021-11-14 12:07:38.789844252 +0000 +--- EDITME.exim4-light 2022-04-24 16:10:21.182203632 +0000 ++++ EDITME.exim4-heavy 2022-04-24 16:12:10.372328631 +0000 @@ -320,7 +320,7 @@ # This one is very special-purpose, so is not included by default. @@ -50,8 +50,8 @@ # LDAP_LIB_TYPE=NETSCAPE # LDAP_LIB_TYPE=SOLARIS -@@ -497,6 +497,9 @@ - # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3 -llmdb +@@ -504,6 +504,9 @@ + # LOOKUP_LIBS += -llmdb +LOOKUP_INCLUDE=-I/usr/include/mysql -I`pg_config --includedir` @@ -60,7 +60,7 @@ #------------------------------------------------------------------------------ # Compiling the Exim monitor: If you want to compile the Exim monitor, a # program that requires an X11 display, then EXIM_MONITOR should be set to the -@@ -505,7 +508,7 @@ +@@ -512,7 +515,7 @@ # files are defaulted in the OS/Makefile-Default file, but can be overridden in # local OS-specific make files. @@ -69,7 +69,7 @@ #------------------------------------------------------------------------------ -@@ -515,7 +518,7 @@ +@@ -522,7 +525,7 @@ # and the MIME ACL. Please read the documentation to learn more about these # features. @@ -78,7 +78,7 @@ # If you have content scanning you may wish to only include some of the scanner # interfaces. Uncomment any of these lines to remove that code. -@@ -769,8 +772,8 @@ +@@ -759,8 +762,8 @@ # configuration to make use of the mechanism(s) selected. AUTH_CRAM_MD5=yes @@ -89,7 +89,7 @@ AUTH_EXTERNAL=yes # AUTH_GSASL=yes # AUTH_GSASL_PC=libgsasl -@@ -778,8 +781,8 @@ +@@ -768,8 +771,8 @@ # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 AUTH_PLAINTEXT=yes @@ -100,7 +100,7 @@ # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 # requires multiple pkg-config files to work with Exim, so the second example -@@ -792,7 +795,7 @@ +@@ -782,7 +785,7 @@ # Similarly for GNU SASL, unless pkg-config is used via AUTH_GSASL_PC. # Ditto for AUTH_HEIMDAL_GSSAPI(_PC). @@ -109,7 +109,7 @@ # AUTH_LIBS=-lgsasl # AUTH_LIBS=-lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lroken -lcrypt -@@ -1004,7 +1007,7 @@ +@@ -994,7 +997,7 @@ # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded # Perl costs quite a lot of resources. Only do this if you really need it. @@ -118,7 +118,7 @@ #------------------------------------------------------------------------------ -@@ -1014,7 +1017,7 @@ +@@ -1004,7 +1007,7 @@ # that the local_scan API is made available by the linker. You may also need # to add -ldl to EXTRALIBS so that dlopen() is available to Exim. @@ -127,7 +127,7 @@ #------------------------------------------------------------------------------ -@@ -1024,11 +1027,11 @@ +@@ -1014,11 +1017,11 @@ # support, which is intended for use in conjunction with the SMTP AUTH # facilities, is included only when requested by the following setting: @@ -141,7 +141,7 @@ #------------------------------------------------------------------------------ -@@ -1042,7 +1045,7 @@ +@@ -1032,7 +1035,7 @@ # If you may want to use inbound (server-side) proxying, using Proxy Protocol, # uncomment the line below. @@ -150,7 +150,7 @@ #------------------------------------------------------------------------------ -@@ -1397,7 +1400,7 @@ +@@ -1387,7 +1390,7 @@ # local part) can be increased by changing this value. It should be set to # a multiple of 16. diff -Nru exim4-4.95/debian/EDITME.exim4-light.diff exim4-4.96/debian/EDITME.exim4-light.diff --- exim4-4.95/debian/EDITME.exim4-light.diff 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/EDITME.exim4-light.diff 2022-07-14 08:23:37.000000000 +0000 @@ -1,5 +1,5 @@ ---- src/EDITME 2021-11-14 12:07:09.000000000 +0000 -+++ EDITME.exim4-light 2021-11-14 12:07:47.245686377 +0000 +--- src/EDITME 2022-04-24 16:09:23.000000000 +0000 ++++ EDITME.exim4-light 2022-04-24 16:10:21.182203632 +0000 @@ -99,7 +99,7 @@ # /usr/local/sbin. The installation script will try to create this directory, # and any superior directories, if they do not exist. @@ -113,7 +113,7 @@ #------------------------------------------------------------------------------ # If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate -@@ -504,7 +505,7 @@ +@@ -511,7 +512,7 @@ # files are defaulted in the OS/Makefile-Default file, but can be overridden in # local OS-specific make files. @@ -122,16 +122,16 @@ #------------------------------------------------------------------------------ -@@ -579,7 +580,7 @@ +@@ -586,7 +587,7 @@ # Uncomment the following lines to add SRS (Sender Rewriting Scheme) support - # using only native facilities. See EXPERIMENTAL_SRS_ALT for an alternative. + # using only native facilities. -# SUPPORT_SRS=yes +SUPPORT_SRS=yes #------------------------------------------------------------------------------ -@@ -712,7 +713,7 @@ +@@ -709,7 +710,7 @@ # CONFIGURE_OWNER setting, to specify a configuration file which is listed in # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. @@ -140,9 +140,9 @@ #------------------------------------------------------------------------------ -@@ -755,6 +756,9 @@ - # upgrading old (possibly insecure) configurations to more secure ones. - ALLOW_INSECURE_TAINTED_DATA=yes +@@ -745,6 +746,9 @@ + + # WHITELIST_D_MACROS=TLS:SPOOL +# Mailscanner uses -DOUTGOING. +WHITELIST_D_MACROS=OUTGOING @@ -150,7 +150,7 @@ #------------------------------------------------------------------------------ # Exim has support for the AUTH (authentication) extension of the SMTP # protocol, as defined by RFC 2554. If you don't know what SMTP authentication -@@ -764,16 +768,16 @@ +@@ -754,16 +758,16 @@ # included in the Exim binary. You will then need to set up the run time # configuration to make use of the mechanism(s) selected. @@ -170,7 +170,7 @@ # AUTH_SPA=yes # AUTH_TLS=yes -@@ -802,7 +806,7 @@ +@@ -792,7 +796,7 @@ # one that is set in the headers_charset option. The default setting is # defined by this setting: @@ -179,7 +179,7 @@ # If you are going to make use of $header_xxx expansions in your configuration # file, or if your users are going to use them in filter files, and the normal -@@ -889,6 +893,7 @@ +@@ -879,6 +883,7 @@ # description of the API to this function, see the Exim specification. DLOPEN_LOCAL_SCAN=yes @@ -187,7 +187,7 @@ # If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the # linker flags. Without it, the loaded .so won't be able to access any -@@ -927,6 +932,7 @@ +@@ -917,6 +922,7 @@ # to form the final file names. Some installations may want something like this: # LOG_FILE_PATH=/var/log/exim_%slog @@ -195,7 +195,7 @@ # which results in files with names /var/log/exim_mainlog, etc. The directory # in which the log files are placed must exist; Exim does not try to create -@@ -975,7 +981,7 @@ +@@ -965,7 +971,7 @@ # files. Both the name of the command and the suffix that it adds to files # need to be defined here. See also the EXICYCLOG_MAX configuration. @@ -204,7 +204,7 @@ COMPRESS_SUFFIX=gz -@@ -990,7 +996,7 @@ +@@ -980,7 +986,7 @@ # ZCAT_COMMAND=zcat # # Or specify the full pathname: @@ -213,7 +213,7 @@ #------------------------------------------------------------------------------ # Compiling in support for embedded Perl: If you want to be able to -@@ -1022,6 +1028,7 @@ +@@ -1012,6 +1018,7 @@ # You probably need to add -lpam to EXTRALIBS, and in some releases of # GNU/Linux -ldl is also needed. @@ -221,7 +221,7 @@ #------------------------------------------------------------------------------ -@@ -1030,7 +1037,7 @@ +@@ -1020,7 +1027,7 @@ # If you may want to use outbound (client-side) proxying, using Socks5, # uncomment the line below. @@ -230,7 +230,7 @@ # If you may want to use inbound (server-side) proxying, using Proxy Protocol, # uncomment the line below. -@@ -1048,10 +1055,10 @@ +@@ -1038,10 +1045,10 @@ # If you want IDNA2008 mappings per RFCs 5890, 6530 and 6533, you additionally # need libidn2 and SUPPORT_I18N_2008. @@ -244,7 +244,7 @@ #------------------------------------------------------------------------------ -@@ -1128,6 +1135,8 @@ +@@ -1118,6 +1125,8 @@ # CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux @@ -253,7 +253,7 @@ #------------------------------------------------------------------------------ # TCP wrappers: If you want to use tcpwrappers from within Exim, uncomment -@@ -1440,6 +1449,7 @@ +@@ -1430,6 +1439,7 @@ # file can be specified here. Some installations may want something like this: # PID_FILE_PATH=/var/lock/exim.pid @@ -261,7 +261,7 @@ # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory # using the name "exim-daemon.pid". -@@ -1473,6 +1483,7 @@ +@@ -1463,6 +1473,7 @@ # messages become "invisible" to the normal management tools. # SUPPORT_MOVE_FROZEN_MESSAGES=yes @@ -269,8 +269,8 @@ #------------------------------------------------------------------------------ -@@ -1515,3 +1526,6 @@ - # CFLAGS += -DMEASURE_TIMING +@@ -1510,3 +1521,6 @@ + # DISABLE_CLIENT_CMD_LOG=yes # End of EDITME for Exim 4. + diff -Nru exim4-4.95/debian/EDITME.eximon.diff exim4-4.96/debian/EDITME.eximon.diff --- exim4-4.95/debian/EDITME.eximon.diff 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/EDITME.eximon.diff 2022-07-14 08:23:37.000000000 +0000 @@ -1,5 +1,5 @@ ---- exim_monitor/EDITME 2021-07-11 21:31:28.000000000 +0200 -+++ EDITME.eximon 2021-07-17 11:37:55.387629476 +0200 +--- exim_monitor/EDITME 2022-04-23 17:28:29.000000000 +0000 ++++ EDITME.eximon 2022-04-24 16:09:36.590969180 +0000 @@ -1,6 +1,7 @@ ################################################## # The Exim Monitor # diff -Nru exim4-4.95/debian/exim4-base.postinst exim4-4.96/debian/exim4-base.postinst --- exim4-4.95/debian/exim4-base.postinst 2020-08-24 20:02:46.000000000 +0000 +++ exim4-4.96/debian/exim4-base.postinst 2022-07-14 08:23:37.000000000 +0000 @@ -28,16 +28,6 @@ install -d -oDebian-exim -gDebian-exim -m750 /var/spool/exim4/db \ /var/spool/exim4/input /var/spool/exim4/msglog - # fix permissions on upgrades - if dpkg --compare-versions "$2" le "4.30-1" ; then - find /var/log/exim4 /var/spool/exim4 -group mail \ - \( -type f -or -type d \) -print0 | \ - xargs -0r chgrp Debian-exim - find /var/log/exim4 /var/spool/exim4 -user mail \ - \( -type f -or -type d \) -print0 | \ - xargs -0r chown Debian-exim - fi - # Paranoia check: On any db upgrade throw away hints # databases. if test -r /var/lib/exim4/berkeleydbvers.txt ; then diff -Nru exim4-4.95/debian/exim4-base.preinst exim4-4.96/debian/exim4-base.preinst --- exim4-4.95/debian/exim4-base.preinst 2020-08-24 20:02:46.000000000 +0000 +++ exim4-4.96/debian/exim4-base.preinst 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ -#! /bin/sh - -set -e - - -# Remove a no-longer used conffile -rm_conffile() { - local PKGNAME="$1" - local CONFFILE="$2" - - [ -e "$CONFFILE" ] || return 0 - - local md5sum="$(md5sum $CONFFILE | sed -e 's/ .*//')" - local old_md5sum="$(dpkg-query -W -f='${Conffiles}' $PKGNAME | \ - sed -n -e "\' $CONFFILE ' { s/ obsolete$//; s/.* //; p }")" - if [ "$md5sum" != "$old_md5sum" ]; then - echo "Obsolete conffile $CONFFILE has been modified by you." - echo "Saving as $CONFFILE.dpkg-bak ..." - mv -f "$CONFFILE" "$CONFFILE".dpkg-bak - else - echo "Removing obsolete conffile $CONFFILE ..." - rm -f "$CONFFILE" - fi -} - -case "$1" in -install|upgrade) - # Remove post-wheezy - if test -e /etc/cron.monthly/exim4-base && \ - dpkg --compare-versions "$2" le "4.80-7~"; then - rm_conffile mypackage "/etc/cron.monthly/exim4-base" - fi -esac - -#DEBHELPER# diff -Nru exim4-4.95/debian/exim4-config.config exim4-4.96/debian/exim4-config.config --- exim4-4.95/debian/exim4-config.config 2020-08-24 20:02:46.000000000 +0000 +++ exim4-4.96/debian/exim4-config.config 2022-07-14 08:23:37.000000000 +0000 @@ -810,11 +810,3 @@ db_get exim4/dc_postmaster || true dc_postmaster="$(printf '%s\n' "$RET" | stripwhitespace)" - -# this has been commented out for a long time, remove by the end of 2007 -# if [ "${dc_eximconfig_configtype}" = "satellite" ] || [ "${dc_eximconfig_configtype}" = "local" ] ; then -# # reset dc_relay_domains dc_relay_nets and dc_other_hostnames -# db_set exim4/dc_relay_domains "" -# db_set exim4/dc_relay_nets "" -# db_set exim4/dc_other_hostnames "" -# fi diff -Nru exim4-4.95/debian/exim4-config.lintian-overrides exim4-4.96/debian/exim4-config.lintian-overrides --- exim4-4.95/debian/exim4-config.lintian-overrides 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/exim4-config.lintian-overrides 2022-07-14 08:23:37.000000000 +0000 @@ -1,4 +1,4 @@ -exim4-config: non-standard-file-perm etc/exim4/passwd.client 0640 != 0644 +exim4-config: non-standard-file-perm 0640 != 0644 [etc/exim4/passwd.client] # Invocation of update-inetd is conditional on its presence: # if ... command -v update-inetd > /dev/null ; then ... diff -Nru exim4-4.95/debian/exim4-config.postinst exim4-4.96/debian/exim4-config.postinst --- exim4-4.95/debian/exim4-config.postinst 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/exim4-config.postinst 2022-07-14 08:23:37.000000000 +0000 @@ -159,27 +159,6 @@ esac } -# remove orphaned autogenerated conffile if unmodified. 4.20-2. -if [ "$1" = "configure" ] && \ - dpkg --compare-versions "$2" le-nl "4.20-1" ; then - - for i in /etc/exim4/conf.d/rewrite/30_exim4-config_email-addresses \ - /etc/exim4/conf.d/rewrite/35_exim4-config_masquerade ; do - if unmodified "$i"; then - echo "Removing orphaned unmodified configfile $i" 1>&2 - rm "$i" - fi - done - -fi -if [ "$1" = "configure" ] && \ - dpkg --compare-versions "$2" le-nl "4.20-2" ; then - if unmodified "/etc/exim4/conf.d/main/03_exim4-config_neverusers"; then - echo "Removing orphaned unmodified configfile /etc/exim4/conf.d/main/03_exim4-config_neverusers" 1>&2 - rm "/etc/exim4/conf.d/main/03_exim4-config_neverusers" - fi -fi - # Disable orphaned inetd-entries from exim (v3) caused by bugs #202670 # and #182206. if [ "$1" = "configure" ] &&\ @@ -206,22 +185,6 @@ /etc/exim4/passwd.client fi - if dpkg --compare-versions "$2" le "4.30-1" ; then - find /etc/exim4 -user mail \( -type f -or -type d \) -print |\ - while read i ; - do - if ! dpkg-statoverride --list "$i" > /dev/null ; then - chown Debian-exim "$i" - fi - done - find /etc/exim4 -group mail \( -type f -or -type d \) -print |\ - while read i ; - do - if ! dpkg-statoverride --list "$i" > /dev/null ; then - chgrp Debian-exim "$i" - fi - done - fi fi case "$1" in @@ -238,18 +201,6 @@ done >> $UE4CC fi - # If this is a fresh installation generate dummy files, which - # will be overwritten by update-exim4.conf - # if we add stuff later, we have to compare versions: - # if [ -z "$2" ] || [ "$2" = "" ] || dpkg --compare-versions "$2" lt "4.14-0.4" ; then - # for file in /etc/exim4/conf.d/main/03_exim4-config_neverusers ;do - # if [ ! -f "$file" ] ; then - # echo "# d41d8cd98f00b204e9800998ecf8427e" > "$file" - # chmod 644 "$file" - # fi - # done - #fi - # generate defaultfile update-exim4defaults --init @@ -394,15 +345,5 @@ ;; esac -# remove orphaned conffile if unmodified. 4.20-2. -if [ "$1" = "configure" ] && \ - dpkg --compare-versions "$2" le-nl "4.20-1" && \ - [ -e /etc/exim4/email-addresses ] && \ - [ "$(md5sum /etc/exim4/email-addresses | cut -d\ -f1)" = "6bea09fbb18e4676012105fa5fc726c6" ] -then - echo "Removing orphaned unmodified configfile /etc/exim4/email-addresses" 1>&2 - rm /etc/exim4/email-addresses -fi - #DEBHELPER# diff -Nru exim4-4.95/debian/exim4-config.preinst exim4-4.96/debian/exim4-config.preinst --- exim4-4.95/debian/exim4-config.preinst 2020-08-24 20:02:46.000000000 +0000 +++ exim4-4.96/debian/exim4-config.preinst 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e - -if [ -n "$EX4DEBUG" ]; then - echo "now debugging $0 $@" - set -x -fi - -# Remove a no-longer used conffile -# Solution and code taken from http://wiki.debian.org/DpkgConffileHandling -# and "beautified" (hopefully not broken) -rm_conffile() { - PKGNAME="$1" - CONFFILE="$2" - - if [ -e "$CONFFILE" ]; then - md5sum="$(md5sum "$CONFFILE" | sed -e "s/ .*//")" - old_md5sum="$(dpkg-query -W -f='${Conffiles}' $PKGNAME | sed -n -e "\' $CONFFILE'{s/ obsolete$//;s/.* //;p;}")" - if [ "$md5sum" != "$old_md5sum" ]; then - echo "Obsolete conffile $CONFFILE has been modified by you." - echo "Saving as $CONFFILE.dpkg-bak ..." - mv -f "$CONFFILE" "$CONFFILE".dpkg-bak - else - echo "Removing obsolete conffile $CONFFILE ..." - rm -f "$CONFFILE" - fi - fi -} - -case "$1" in -install|upgrade) - if dpkg --compare-versions "$2" lt "4.68-1"; then - rm_conffile exim4-config "/etc/exim4/conf.d/acl/20_exim4-config_whitelist_local_deny" - rm_conffile exim4-config "/etc/exim4/conf.d/router/250_exim4-config_lowuid" - fi -esac - -#DEBHELPER# diff -Nru exim4-4.95/debian/exim4-daemon-heavy.lintian-overrides exim4-4.96/debian/exim4-daemon-heavy.lintian-overrides --- exim4-4.95/debian/exim4-daemon-heavy.lintian-overrides 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/exim4-daemon-heavy.lintian-overrides 2022-07-14 08:23:37.000000000 +0000 @@ -1,6 +1,6 @@ -exim4-daemon-heavy: elevated-privileges usr/sbin/exim4 4755 root/root -exim4-daemon-heavy: package-contains-empty-directory usr/lib/exim4/local_scan/ +exim4-daemon-heavy: elevated-privileges 4755 root/root [usr/sbin/exim4] +exim4-daemon-heavy: package-contains-empty-directory [usr/lib/exim4/local_scan/] # required by FHS -exim4-daemon-heavy: ldconfig-escape usr/lib/sendmail -> usr/sbin/exim4 +exim4-daemon-heavy: ldconfig-escape usr/sbin/exim4 [usr/lib/sendmail] # false positive 973759 -exim4-daemon-heavy: debian-changelog-file-is-a-symlink usr/share/doc/exim4-daemon-heavy/changelog.gz +exim4-daemon-heavy: debian-changelog-file-is-a-symlink [usr/share/doc/exim4-daemon-heavy/changelog.gz] diff -Nru exim4-4.95/debian/exim4-daemon-light.lintian-overrides exim4-4.96/debian/exim4-daemon-light.lintian-overrides --- exim4-4.95/debian/exim4-daemon-light.lintian-overrides 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/exim4-daemon-light.lintian-overrides 2022-07-14 08:23:37.000000000 +0000 @@ -1,5 +1,5 @@ -exim4-daemon-light: elevated-privileges usr/sbin/exim4 4755 root/root +exim4-daemon-light: elevated-privileges 4755 root/root [usr/sbin/exim4] # required by FHS -exim4-daemon-light: ldconfig-escape usr/lib/sendmail -> usr/sbin/exim4 +exim4-daemon-light: ldconfig-escape usr/sbin/exim4 [usr/lib/sendmail] # false positive 973759 -exim4-daemon-light: debian-changelog-file-is-a-symlink usr/share/doc/exim4-daemon-light/changelog.gz +exim4-daemon-light: debian-changelog-file-is-a-symlink [usr/share/doc/exim4-daemon-light/changelog.gz] diff -Nru exim4-4.95/debian/exim4-dev.lintian-overrides exim4-4.96/debian/exim4-dev.lintian-overrides --- exim4-4.95/debian/exim4-dev.lintian-overrides 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/exim4-dev.lintian-overrides 2022-07-14 08:23:37.000000000 +0000 @@ -1,2 +1,2 @@ # false positive 973759 -exim4-dev: debian-changelog-file-is-a-symlink usr/share/doc/exim4-dev/changelog.gz +exim4-dev: debian-changelog-file-is-a-symlink [usr/share/doc/exim4-dev/changelog.gz] diff -Nru exim4-4.95/debian/eximon4.lintian-overrides exim4-4.96/debian/eximon4.lintian-overrides --- exim4-4.95/debian/eximon4.lintian-overrides 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/eximon4.lintian-overrides 2022-07-14 08:23:37.000000000 +0000 @@ -1,2 +1,2 @@ # false positive 973759 -eximon4: debian-changelog-file-is-a-symlink usr/share/doc/eximon4/changelog.gz +eximon4: debian-changelog-file-is-a-symlink [usr/share/doc/eximon4/changelog.gz] diff -Nru exim4-4.95/debian/manpages/exim4-config_files.5 exim4-4.96/debian/manpages/exim4-config_files.5 --- exim4-4.95/debian/manpages/exim4-config_files.5 2020-08-24 20:02:46.000000000 +0000 +++ exim4-4.96/debian/manpages/exim4-config_files.5 2022-07-14 08:23:37.000000000 +0000 @@ -65,25 +65,30 @@ /usr/share/doc/exim4\-base/README.Debian.gz. Please note that it is not possible to use delivery to arbitrary files, directories and to pipes. This is forbidden in Debian's exim4 default configuration. - +. +.LP You should at least set up an alias for postmaster in the /etc/aliases file. .SH /etc/email\-addresses is used to rewrite the email addresses of users. This is particularly useful for users who use their ISP's domain for email. - +. +.LP The file should contain lines of the form - +. +.LP .br user: someone@isp.com .br otheruser: someoneelse@anotherisp.com - +. +.LP This way emails from user will appear to be from someone@isp.com to the outside world. Technically, the from, reply\-to, and sender addresses, along with the envelope sender, are rewritten for users that appear to be in the local domain. - +. +.LP .SH /etc/exim4/local_host_blacklist .I [exim host list] is an optional file containing a list of IP addresses, networks and @@ -95,12 +100,15 @@ blocked, an explicit whitelist is read in from /etc/exim4/host_local_deny_exceptions. Entries in the whitelist override corresponding blacklist entries. - +. +.LP In the blacklist, the trick is to read a line break as "or" if it follows a positive item, and as "and" if it follows a negative item. - +. +.LP For example, a /etc/exim4/local_host_blacklist - +. +.LP .br 192.168.10.0/24 .br @@ -109,17 +117,20 @@ 172.16.10.0/24 .br 10.0.0.0/8 - +. +.LP Exim just evaluates left to right (or up-down in the file listing context), so you don't get the same kind of operator binding as in a programming language. - +. +.LP .SH /etc/exim4/host_local_deny_exceptions .I [exim host list] contains a list of IP addresses, networks and host names whose messages will be accepted despite the address is also listed in /etc/exim4/local_host_blacklist, overriding a blacklisting. - +. +.LP .SH /etc/exim4/local_sender_blacklist .I [exim address list] is an optional files containing a list of envelope senders whose @@ -130,12 +141,15 @@ method to whitelist addresses from being blocked, an explicit whitelist is read in from /etc/exim4/sender_local_deny_exceptions. Entries in the whitelist override corresponding blacklist entries. - +. +.LP In the blacklist, the trick is to read a line break as "or" if it follows a positive item, and as "and" if it follows a negative item. - +. +.LP For example, a /etc/exim4/local_sender_blacklist - +. +.LP .br domain1.example .br @@ -144,30 +158,35 @@ domain2.example .br domain3.example - +. +.LP Exim just evaluates left to right (or up-down in the file listing context), so you don't get the same kind of operator binding as in a programming language. - +. +.LP .SH /etc/exim4/sender_local_deny_exceptions .I [exim address list] is an optional file containing a list of envelope senders whose messages will be accepted despite the address being also listed in /etc/exim4/local_sender_blacklist, overriding a blacklisting. - +. +.LP .SH /etc/exim4/local_sender_callout .I [exim address list] is an optional file containing a list of envelope senders whose messages are subject to sender verification with a callout. This is a full exim4 address list, and all available features can be used. - +. +.LP .SH /etc/exim4/local_rcpt_callout .I [exim address list] is an optional file containing a list of envelope recipients for which incoming messages are subject to recipient verification with a callout. This is a full exim4 address list, and all available features can be used. - +. +.LP .SH /etc/exim4/local_domain_dnsbl_whitelist .I [exim address list] is an optional file containing a list of envelope senders whose @@ -176,7 +195,8 @@ This feature is intended to be used in case of a domain-based DNSBL being too heavy handed, for example listing entire top-level domains for their registry policies. - +. +.LP .SH /etc/exim4/hubbed_hosts .I [exim domain list] is an optional file containing a list of route_data records which can @@ -185,10 +205,12 @@ domain in the DNS but are not final destination of the messages, passing them on to a host which is not publicly reachable, or to temporarily fix mail routing in case of broken DNS setups. - +. +.LP The file should contain key-value pairs of domain pattern and route data of the form - +. +.LP .br domain: host-list options .br @@ -197,79 +219,98 @@ foo.example: internal.mail.example.com .br bar.example: 192.168.183.3 - +. +.LP which will cause mail for foo.example to be sent to the host internal.mail.example (IP address derived from A record only), and mail to bar.example to be sent to 192.168.183.3. - +. +.LP See spec.txt chapter 20.3 through 20.7 for a more detailed explanation of host list format and available options. - +. +.LP .SH /etc/exim4/passwd contains account and password data for SMTP authentication when the local exim is SMTP server and clients authenticate to the local exim. - +. +.LP The file should contain lines of the form - +. +.LP .br username:crypted-password:clear-password - +. +.LP crypted-password is the crypt(3)-created hash of your password. You can, for example, use the mkpasswd program from the whois package to create a crypted password. It is recommended to use a modern hash algorithm, see mkpasswd \-\-method=help. Consider not using crypt or MD5. - +. +.LP clear-password is only necessary if you want to offer CRAM-MD5 authentication. If you don't plan on doing so, the third column can be omitted completely. - +. +.LP This file must be readable for the Debian\-exim user and should not be readable for others. Recommended file mode is root:Debian\-exim 640. - +. +.LP .SH /etc/exim4/passwd.client contains account and password data for SMTP authentication when exim is authenticating as a client to some remote server. - +. +.LP The file should contain lines of the form - +. +.LP .br target.mail.server.example:login-user-name:password - +. +.LP which will cause exim to use login-user-name and password when sending messages to a server with the canonical host name target.mail.server.example. Please note that this does not configure the mail server to send to (this is determined in Debconf), but only creates the correlation between host name and authentication credentials to avoid exposing passwords to the wrong host. - +. +.LP Please note that target.mail.server.example is currently the value that exim can read from reverse DNS: It first follows the host name of the target system until it finds an IP address, and then looks up the reverse DNS for that IP address to use the outcome of this query (or the IP address itself should the query fail) as index into /etc/exim4/passwd.client. - +. +.LP This goes inevitably wrong if the host name of the mail server is a CNAME (a DNS alias), or the reverse lookup does not fit the forward one. - +. +.LP Currently, you need to manually lookup all reverse DNS names for all IP addresses that your SMTP server host name points to, for example by using the host command. If the SMTP smarthost alias expands to multiple IPs, you need to have multiple lines for all the hosts. When your ISP changes the alias, you will need to manually fix that. - +. +.LP You may minimize this trouble by using a wild card entry or regular expressions, thus reducing the risk of divulging the password to the wrong SMTP server while reducing the number of necessary lines. For a deeper discussion, see the Debian BTS #244724. - +. +.LP password is your SMTP password in clear text. If you do not know about your SMTP password, you can try using your POP3 password as a first guess. - +. +.LP This file must be readable for the Debian\-exim user and should not be readable for others. Recommended file mode is root:Debian\-exim 640. - +. +.LP .br # example for CONFDIR/passwd.client .br @@ -293,72 +334,87 @@ .br ^smtp[0\-9]*\\.mail\\.server\\.example:user:password .br - +. +.LP .SH /etc/exim4/exim.crt contains the certificate that exim uses to initiate TLS connections. This is public information and can be world readable. /usr/share/doc/exim4\-base/examples/exim\-gencert can be used to generate a private key and self-signed certificate. - +. +.LP .SH /etc/exim4/exim.key contains the private key belonging to the certificate in exim.crt. This file's contents must be kept secret and should have mode root:Debian\-exim 640. /usr/share/doc/exim4\-base/examples/exim\-gencert can be used to generate a private key and self-signed certificate. - +. +.LP .SH BUGS Plenty. Please report them through the Debian BTS - +. +.LP This manual page needs a major re-work. If somebody knows better groff than us and has more experience in writing manual pages, any patches would be greatly appreciated. - +. +.LP .SH NOTES .SS Unresolvable items in host lists - -Adding or keeping items in the abovementioned host lists which are not +. +.LP +Adding or keeping items in the abovementioned host lists which are not resolvable by DNS has severe consequences. - -e.g. if resolving a +. +.LP +e.g. if resolving a .B hostname in local_host_blacklist returns a temporary error (DNS timeout) exim will not be able to check whether a connecting host is part of the list. -Exim will therefore return a temporary SMTP error for +Exim will therefore return a temporary SMTP error for .I every connecting host. - +. +.LP On the other hand if there is a permanent error in resolving a name in the host list (the record was removed from DNS) exim behaves as if the host does not match the list. e.g. a local_host_blacklist consisting of - +. +.LP notresolvable.example.com:rejectme.example.com - +. +.LP is equivalent to an empty one. - Exim tries to match the IP-address of the connecting host to notresolvable.example.com, resolving this IP by DNS fails, exim behaves as if the connecting host does not match the list. List processing stops at this point! - -Starting the list with the special pattern +ignore_unknown as a +. +.LP +Starting the list with the special pattern +ignore_unknown as a safeguard against this behavior is strongly recommended if hostnames are used in hostlists. - -See Exim specification Chapter +. +.LP +See Exim specification Chapter .I Domain, host, address, and local part lists , section .I Behaviour when an IP address or name cannot be found. - +. +.LP .SH SEE ALSO .br .BR exim (8), .br -.BR update\-exim4.conf(8), +.BR update\-exim4.conf (8), .br -.BR /usr/share/doc/exim4\-base/, +.BR /usr/share/doc/exim4\-base/ , .br and for general notes and details about interaction with debconf -.BR /usr/share/doc/exim4\-base/README.Debian.gz - +.B /usr/share/doc/exim4\-base/README.Debian.gz +. +.LP .SH AUTHOR Marc Haber with help from Ross Boylan. - +. +.LP diff -Nru exim4-4.95/debian/manpages/exiqgrep.8 exim4-4.96/debian/manpages/exiqgrep.8 --- exim4-4.95/debian/manpages/exiqgrep.8 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/manpages/exiqgrep.8 2022-07-14 08:23:37.000000000 +0000 @@ -39,6 +39,9 @@ \fB\-C \fR Specify which exim.conf to use .TP +\fB\-E \fR +Specify a path for the exim binary, overriding the built-in one. +.TP \fB\-f \fR Match sender address (field is \(lq< >\(rq wrapped) .TP @@ -80,7 +83,9 @@ .TP \fB\-a\fR All recipients (including delivered) - +.PP +At least one selection option, or either the \fB\-c\fR or \fB\-h\fR option, +must be given. .SH BUGS This manual page needs a major re-work. If somebody knows better groff than us and has more experience in writing manual pages, any patches diff -Nru exim4-4.95/debian/manpages/update-exim4.conf.8 exim4-4.96/debian/manpages/update-exim4.conf.8 --- exim4-4.95/debian/manpages/update-exim4.conf.8 2020-08-24 20:02:46.000000000 +0000 +++ exim4-4.96/debian/manpages/update-exim4.conf.8 2022-07-14 08:23:37.000000000 +0000 @@ -19,10 +19,10 @@ .\" \(lqthis text is enclosed in double quotes\(rq .SH NAME update\-exim4.conf \- Generate exim4 configuration files. - +. .SH SYNOPSIS .B update\-exim4.conf [\-v|\-\-verbose] [\-h|\-\-help] [\-\-keepcomments] [\-\-removecomments] [\-o|\-\-output file] - +. .SH OPTIONS .TP .I \-\-check @@ -48,7 +48,7 @@ .TP .I \-v|\-\-verbose Enable verbose mode - +. .SH DESCRIPTION The script .B update\-exim4.conf @@ -72,16 +72,18 @@ router, transport, retry, rewrite and auth. Within each directory it takes files in lexical sort order by file name. It concatenates all these files and makes the debconf replacement described below. - +. +.LP If you are not using split configuration .B update\-exim4.conf concatenates /etc/exim4/exim4.conf.localmacros (if this file exists) and /etc/exim4/exim4.conf.template (in this order) and makes the debconf replacement described below. - +. +.LP In either case, before outputting the result -to /var/lib/exim4/config.autogenerated, +to /var/lib/exim4/config.autogenerated, .B update\-exim4.conf generates a number of exim configuration macros from the contents of dc_something from /etc/exim4/update\-exim4.conf.conf and inserts them @@ -94,19 +96,23 @@ makes no other changes to the configuration. This makes it very simple to make small changes to the configuration and still have the benefits of debconf. - +. +.LP On the other hand if you don't want to manage exim4.conf with debconf install your own handcrafted version as /etc/exim4/exim4.conf. Exim will use this file if it exists and ignore the autogenerated one. Additionally you might want to set .I dc_eximconfig_configtype=none -in /etc/exim4/update\-exim4.conf.conf to stop debconf from asking you questions about exim4. - +in /etc/exim4/update\-exim4.conf.conf to stop debconf from asking you +questions about exim4. +. +.LP .B update\-exim4.conf exits silently and does nothing if /etc/exim4/exim4.conf exists and \-o was not used to direct the output to a different file than /var/lib/exim4/config.autogenerated. - +. +.LP .B update\-exim4.conf will only use files in the conf.d directory that have a filename which consists only of letters, numbers, underscores and hyphens @@ -117,26 +123,29 @@ will use /etc/exim4/conf.d/foo/bar.rul instead of /etc/exim4/conf.d/foo/bar if the .rul file exists. This is meant to be helpful for easy interaction with packages extending Exim. - +. +.LP If the new configuration will be written to -/var/lib/exim4/config.autogenerated, +/var/lib/exim4/config.autogenerated, .B update\-exim4.conf will check the validity of the freshly generated configuration. If the new file is detected as invalid, update-exim4.conf leaves the old /var/lib/exim4/config.autogenerated untouched and exits with an error. - +. +.LP However, there are still possible invalidities that can only be detected at run time. This most notably applies to errors in expressions that are expanded at run time. - +. +.LP If the new configuration will be written to some other file, no validity checking occurs and that file will always be overwritten. - +. .SH EXAMPLES You want to be able to check exim's queue as normal user: Generate a new file, e.g. /etc/exim4/conf.d/main/40_local_mailq, containing only the line .I queue_list_requires_admin = false - +. .SH NOTES .B update\-exim4.conf changes the file permissions of the output file to the value of the environment @@ -144,7 +153,7 @@ /etc/exim4/update\-exim4.conf.conf nor in the environment it defaults to 0644. Change this to 0640 if you are keeping sensitive information (LDAP credentials et. al.) in there. - +. .SH CONFIGURATION VARIABLES All lists given in configuration variables are semicolon-separated. In the past, they used to be colon separated. This was changed to @@ -156,11 +165,13 @@ addresses, please prefix "<;" to explicitly specify the list separator as a semicolon. Otherwise, the code cannot tell an IP address from a colon-separated list of strange host names. - +. +.LP Using lookups like "dsearch;something" in update-exim4.conf.conf has never been supported and does no longer work! If you need this, please convert to directly setting the appropriate macros. - +. +.LP .B update\-exim4.conf evaluates these patterns in .B /etc/exim4/update\-exim4.conf.conf: @@ -170,10 +181,11 @@ .TP .I dc_eximconfig_configtype The main configuration type. Sets macro DC_eximconfig_configtype. The macro -usually contains a shorthand for one of the choices for the +usually contains a shorthand for one of the choices for the \(lqGeneral type of mail configuration\(rq debconf question (See README.Debian). - +. +.LP .RS .B dc_eximconfig_configtype <-> debconf configtype mapping: .PD 0.1 @@ -194,7 +206,7 @@ no configuration at this time .PD .RE - +. .TP .I dc_hide_mailname Boolean option that controls whether the local mailname in the headers of @@ -267,25 +279,25 @@ brackets, which might be the only possibility to specify delivery to an IPv6 address and a different port. Examples: .br -.BR host.domain.example +.B host.domain.example deliver to host looked up on DNS, tcp/25 .br -.BR host.domain.example::587 +.B host.domain.example::587 deliver to host looked up on DNS, tcp/587 .br -.BR 192.168.2.4 +.B 192.168.2.4 deliver to IPv4 host, tcp/25 .br -.BR 192.168.2.4::587 +.B 192.168.2.4::587 deliver to IPv4 host, tcp/587 .br -.BR [192.168.2.4]::587 +.B [192.168.2.4]::587 deliver to IPv4 host, tcp/587 .br -.BR 2001::0db8::f::4::::2 +.B 2001::0db8::f::4::::2 deliver to IPv6 host, tcp/25 .br -.BR [2001::0db8::f::4::::2]::587 +.B [2001::0db8::f::4::::2]::587 deliver to IPv6 host, tcp/587 .br This is used as value of the DCsmarthost macro. @@ -300,7 +312,7 @@ .I The macro MAIN_PACKAGE_VERSION is set to Debian's Version number of the package being installed for convenient inclusion in the configuration. - +. .SH RECOMMENDED USAGE If you are running exim as daemon (as it is in the default setup of the Debian packages) you should not invoke @@ -311,35 +323,32 @@ file. You should use .I invoke\-rc.d exim4 restart instead. - +. .SH BUGS This manual page needs a major re-work. If somebody knows better groff than us and has more experience in writing manual pages, any patches would be greatly appreciated. - +. .SH FILES -.LP .TP .B /var/lib/exim4/config.autogenerated Exim's main configuration file -.LP .TP .B /etc/exim4/exim4.conf Optional manually managed Exim main configuration file. Takes precedence over debconf managed one if it exists. -.LP .TP .B /etc/exim4/update-exim4.conf.conf Configuration file being written by exim4-config maintainer scripts, which may be hand-edited, and is read as input by update-exim4.conf. - +. .SH SEE ALSO .BR exim (8), -.BR exim4-config_files(5), +.BR exim4-config_files (5), /usr/share/doc/exim4\-base/ and for general notes and details about interaction with debconf /usr/share/doc/exim4\-base/README.Debian.gz - +. .SH AUTHOR Andreas Metzler .br diff -Nru exim4-4.95/debian/NEWS exim4-4.96/debian/NEWS --- exim4-4.95/debian/NEWS 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/NEWS 2022-07-14 08:23:37.000000000 +0000 @@ -1,3 +1,21 @@ +exim4 (4.96-1) unstable; urgency=low + + The allow_insecure_tainted_data main config option and the "taint" + log_selector were removed. (See previous entry for exim4 4.94-18.) + + Taint-check exec arguments for transport-initiated external processes. + Previously, tainted values could be used. This affects "pipe", "lmtp" + and "queryprogram" transport, transport-filter, and ETRN commands. The + ${run} expansion is also affected: in "preexpand" mode no part of the + command line may be tainted, in default mode the executable name may not + be tainted. + + Query-style lookups are now checked for quoting, if the query string is + built using untrusted data ("tainted"). For now lack of quoting is + merely logged; a future release will upgrade this to an error. + + -- Andreas Metzler Sun, 26 Jun 2022 14:11:00 +0200 + exim4 (4.94-18) experimental; urgency=medium Please consider exim 4.93/4.94 a *major* exim upgrade. It introduces the diff -Nru exim4-4.95/debian/patches/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch exim4-4.96/debian/patches/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch --- exim4-4.95/debian/patches/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch 1970-01-01 00:00:00.000000000 +0000 +++ exim4-4.96/debian/patches/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch 2022-07-14 08:23:37.000000000 +0000 @@ -0,0 +1,57 @@ +From e7ec503729970a03d4509921342bc81313976126 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris +Date: Tue, 12 Jul 2022 22:14:04 +0100 +Subject: [PATCH] Fix exit on attempt to rewrite a malformed address. Bug 2903 + +--- + doc/ChangeLog | 5 + + src/rewrite.c | 9 +- + test/confs/0471 | 7 + + test/log/0471 | 5 + + test/scripts/0000-Basic/0471 | 4 +- + test/stderr/0471 | 245 ++++++++++++++++++++++++++++++++++- + 6 files changed, 267 insertions(+), 8 deletions(-) + +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -1,9 +1,14 @@ + This document describes *changes* to previous versions, that might + affect Exim's operation, with an unchanged configuration file. For new + options, and new features, see the NewStuff file next to this ChangeLog. + ++JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address. ++ Make the rewrite never match and keep the logging. Trust the ++ admin to be using verify=header-syntax (to actually reject the message). ++ ++ + Exim version 4.96 + ----------------- + + JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from + after reception to before a subsequent reception. This should +--- a/src/rewrite.c ++++ b/src/rewrite.c +@@ -493,19 +493,18 @@ + empty address, overlong addres. Sometimes the result matters, sometimes not. + It seems this function is called for *any* header we see. */ + + if (!recipient) + { +- /* Handle unparesable addresses in the header. Slightly ugly because a ++ /* Log unparesable addresses in the header. Slightly ugly because a + null output from the extract can also result from a header without an +- address, "To: undisclosed recpients:;" being the classic case. */ ++ address, "To: undisclosed recpients:;" being the classic case. Ignore ++ this one and carry on. */ + + if ((rewrite_rules || routed_old) && Ustrcmp(errmess, "empty address") != 0) +- { + log_write(0, LOG_MAIN, "rewrite: %s", errmess); +- exim_exit(EXIT_FAILURE); +- } ++ + loop_reset_point = store_reset(loop_reset_point); + continue; + } + + /* If routed_old is not NULL, this is a rewrite caused by a router, diff -Nru exim4-4.95/debian/patches/75_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch exim4-4.96/debian/patches/75_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch --- exim4-4.95/debian/patches/75_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch 2022-05-26 17:31:06.000000000 +0000 +++ exim4-4.96/debian/patches/75_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,616 +0,0 @@ -From 1843f70b733127fcba3321d9d69359e05905f8cc Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Sat, 16 Oct 2021 00:12:16 +0100 -Subject: [PATCH] Avoid calling gettimeofday(), select() per char for cmdline - message submission. Bug 2819 - -Broken-by: 3c55eef240 ---- - doc/ChangeLog | 4 ++ - src/exim.c | 7 ++- - src/filtertest.c | 16 +++---- - src/functions.h | 4 ++ - src/globals.c | 21 +++++---- - src/globals.h | 3 ++ - src/receive.c | 78 ++++++++++++++++++++++------------ - src/smtp_in.c | 24 ++++++++++- - src/tls-gnu.c | 9 ++++ - src/tls-openssl.c | 8 ++++ - src/transports/autoreply.c | 13 +++--- - 11 files changed, 133 insertions(+), 54 deletions(-) - ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -1,9 +1,13 @@ - This document describes *changes* to previous versions, that might - affect Exim's operation, with an unchanged configuration file. For new - options, and new features, see the NewStuff file next to this ChangeLog. - -+JH/05 Bug 2819: speed up command-line messages being read in. Previously a -+ time check was being done for every character; replace that with one -+ per buffer. -+ - - Exim version 4.95 - ----------------- - - JH/01 Bug 1329: Fix format of Maildir-format filenames to match other mail- ---- a/src/exim.c -+++ b/src/exim.c -@@ -5382,11 +5382,11 @@ - - if (smtp_input) - { - if (!f.is_inetd) set_process_info("accepting a local %sSMTP message from <%s>", - smtp_batched_input? "batched " : "", -- (sender_address!= NULL)? sender_address : originator_login); -+ sender_address ? sender_address : originator_login); - } - else - { - int old_pool = store_pool; - store_pool = POOL_PERM; -@@ -5432,11 +5432,12 @@ - mac_smtp_fflush(); - exim_exit(EXIT_SUCCESS); - } - } - --/* Otherwise, set up the input size limit here. */ -+/* Otherwise, set up the input size limit here and set no stdin stdio buffer -+(we handle buferring so as to have visibility of fill level). */ - - else - { - thismessage_size_limit = expand_string_integer(message_size_limit, TRUE); - if (expand_string_message) -@@ -5444,10 +5445,12 @@ - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to expand " - "message_size_limit: %s", expand_string_message); - else - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "invalid value for " - "message_size_limit: %s", expand_string_message); -+ -+ setvbuf(stdin, NULL, _IONBF, 0); - } - - /* Loop for several messages when reading SMTP input. If we fork any child - processes, we don't want to wait for them unless synchronous delivery is - requested, so set SIGCHLD to SIG_IGN in that case. This is not necessarily the ---- a/src/filtertest.c -+++ b/src/filtertest.c -@@ -43,15 +43,15 @@ - s = message_body_end; - body_len = 0; - body_linecount = 0; - header_size = message_size; - --if (!dot_ended && !feof(stdin)) -+if (!dot_ended && !stdin_feof()) - { - if (!f.dot_ends) - { -- while ((ch = getc(stdin)) != EOF) -+ while ((ch = stdin_getc(GETC_BUFFER_UNLIMITED)) != EOF) - { - if (ch == 0) body_zerocount++; - if (ch == '\n') body_linecount++; - if (body_len < message_body_visible) message_body[body_len++] = ch; - *s++ = ch; -@@ -60,11 +60,11 @@ - } - } - else - { - int ch_state = 1; -- while ((ch = getc(stdin)) != EOF) -+ while ((ch = stdin_getc(GETC_BUFFER_UNLIMITED)) != EOF) - { - if (ch == 0) body_zerocount++; - switch (ch_state) - { - case 0: /* Normal state */ -@@ -97,10 +97,11 @@ - } - READ_END: ; - } - if (s == message_body_end || s[-1] != '\n') body_linecount++; - } -+debug_printf("%s %d\n", __FUNCTION__, __LINE__); - - message_body[body_len] = 0; - message_body_size = message_size - header_size; - - /* body_len stops at message_body_visible; it if got there, we may have -@@ -248,11 +249,11 @@ - } - - /* For a filter, set up the message_body variables and the message size if this - is the first time this function has been called. */ - --if (message_body == NULL) read_message_body(dot_ended); -+if (!message_body) read_message_body(dot_ended); - - /* Now pass the filter file to the function that interprets it. Because - filter_test is not FILTER_NONE, the interpreter will output comments about what - it is doing. No need to clean up store. Indeed, we must not, because we may be - testing a system filter that is going to be followed by a user filter test. */ -@@ -267,14 +268,13 @@ - f.enable_dollar_recipients = FALSE; - f.system_filtering = FALSE; - } - else - { -- yield = (filter_type == FILTER_SIEVE)? -- sieve_interpret(filebuf, RDO_REWRITE, NULL, NULL, NULL, NULL, &generated, &error) -- : -- filter_interpret(filebuf, RDO_REWRITE, &generated, &error); -+ yield = filter_type == FILTER_SIEVE -+ ? sieve_interpret(filebuf, RDO_REWRITE, NULL, NULL, NULL, NULL, &generated, &error) -+ : filter_interpret(filebuf, RDO_REWRITE, &generated, &error); - } - - return yield != FF_ERROR; - } - ---- a/src/functions.h -+++ b/src/functions.h -@@ -66,10 +66,11 @@ - extern uschar *tls_field_from_dn(uschar *, const uschar *); - extern void tls_free_cert(void **); - extern int tls_getc(unsigned); - extern uschar *tls_getbuf(unsigned *); - extern void tls_get_cache(unsigned); -+extern BOOL tls_hasc(void); - extern BOOL tls_import_cert(const uschar *, void **); - extern BOOL tls_is_name_for_cert(const uschar *, void *); - # ifdef USE_OPENSSL - extern BOOL tls_openssl_options_parse(uschar *, long *); - # endif -@@ -148,10 +149,11 @@ - extern uschar *b64encode(const uschar *, int); - extern uschar *b64encode_taint(const uschar *, int, BOOL); - extern int b64decode(const uschar *, uschar **); - extern int bdat_getc(unsigned); - extern uschar *bdat_getbuf(unsigned *); -+extern BOOL bdat_hasc(void); - extern int bdat_ungetc(int); - extern void bdat_flush_data(void); - - extern void bits_clear(unsigned int *, size_t, int *); - extern void bits_set(unsigned int *, size_t, int *); -@@ -492,10 +494,11 @@ - uschar **, uschar *); - extern BOOL smtp_get_port(uschar *, address_item *, int *, uschar *); - extern int smtp_getc(unsigned); - extern uschar *smtp_getbuf(unsigned *); - extern void smtp_get_cache(unsigned); -+extern BOOL smtp_hasc(void); - extern int smtp_handle_acl_fail(int, int, uschar *, uschar *); - extern void smtp_log_no_mail(void); - extern void smtp_message_code(uschar **, int *, uschar **, uschar **, BOOL); - extern void smtp_proxy_tls(void *, uschar *, size_t, int *, int) NORETURN; - extern BOOL smtp_read_response(void *, uschar *, int, int, int); -@@ -521,10 +524,11 @@ - extern uschar *spool_sender_from_msgid(const uschar *); - extern int spool_write_header(uschar *, int, uschar **); - extern int stdin_getc(unsigned); - extern int stdin_feof(void); - extern int stdin_ferror(void); -+extern BOOL stdin_hasc(void); - extern int stdin_ungetc(int); - - extern void store_exit(void); - extern void store_init(void); - extern void store_writeprotect(int); ---- a/src/globals.c -+++ b/src/globals.c -@@ -169,20 +169,23 @@ - /* Input-reading functions for messages, so we can use special ones for - incoming TCP/IP. The defaults use stdin. We never need these for any - stand-alone tests. */ - - #if !defined(STAND_ALONE) && !defined(MACRO_PREDEF) --int (*lwr_receive_getc)(unsigned) = stdin_getc; -+int (*lwr_receive_getc)(unsigned) = stdin_getc; - uschar * (*lwr_receive_getbuf)(unsigned *) = NULL; --int (*lwr_receive_ungetc)(int) = stdin_ungetc; --int (*receive_getc)(unsigned) = stdin_getc; --uschar * (*receive_getbuf)(unsigned *) = NULL; --void (*receive_get_cache)(unsigned) = NULL; --int (*receive_ungetc)(int) = stdin_ungetc; --int (*receive_feof)(void) = stdin_feof; --int (*receive_ferror)(void) = stdin_ferror; --BOOL (*receive_smtp_buffered)(void) = NULL; /* Only used for SMTP */ -+int (*lwr_receive_ungetc)(int) = stdin_ungetc; -+BOOL (*lwr_receive_hasc)(void) = stdin_hasc; -+ -+int (*receive_getc)(unsigned) = stdin_getc; -+uschar * (*receive_getbuf)(unsigned *) = NULL; -+void (*receive_get_cache)(unsigned) = NULL; -+BOOL (*receive_hasc)(void) = stdin_hasc; -+int (*receive_ungetc)(int) = stdin_ungetc; -+int (*receive_feof)(void) = stdin_feof; -+int (*receive_ferror)(void) = stdin_ferror; -+BOOL (*receive_smtp_buffered)(void) = NULL; /* Only used for SMTP */ - #endif - - - /* List of per-address expansion variables for clearing and saving/restoring - when verifying one address while routing/verifying another. We have to have ---- a/src/globals.h -+++ b/src/globals.h -@@ -159,13 +159,16 @@ - /* Input-reading functions for messages, so we can use special ones for - incoming TCP/IP. */ - - extern int (*lwr_receive_getc)(unsigned); - extern uschar * (*lwr_receive_getbuf)(unsigned *); -+extern BOOL (*lwr_receive_hasc)(void); - extern int (*lwr_receive_ungetc)(int); -+ - extern int (*receive_getc)(unsigned); - extern uschar * (*receive_getbuf)(unsigned *); -+extern BOOL (*receive_hasc)(void); - extern void (*receive_get_cache)(unsigned); - extern int (*receive_ungetc)(int); - extern int (*receive_feof)(void); - extern int (*receive_ferror)(void); - extern BOOL (*receive_smtp_buffered)(void); ---- a/src/receive.c -+++ b/src/receive.c -@@ -42,46 +42,75 @@ - /* These are the default functions that are set up in the variables such as - receive_getc initially. They just call the standard functions, passing stdin as - the file. (When SMTP input is occurring, different functions are used by - changing the pointer variables.) */ - -+uschar stdin_buf[4096]; -+uschar * stdin_inptr = stdin_buf; -+uschar * stdin_inend = stdin_buf; -+ -+static BOOL -+stdin_refill(void) -+{ -+size_t rc = fread(stdin_buf, 1, sizeof(stdin_buf), stdin); -+if (rc <= 0) -+ { -+ if (had_data_timeout) -+ { -+ fprintf(stderr, "exim: timed out while reading - message abandoned\n"); -+ log_write(L_lost_incoming_connection, -+ LOG_MAIN, "timed out while reading local message"); -+ receive_bomb_out(US"data-timeout", NULL); /* Does not return */ -+ } -+ if (had_data_sigint) -+ { -+ if (filter_test == FTEST_NONE) -+ { -+ fprintf(stderr, "\nexim: %s received - message abandoned\n", -+ had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT"); -+ log_write(0, LOG_MAIN, "%s received while reading local message", -+ had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT"); -+ } -+ receive_bomb_out(US"signal-exit", NULL); /* Does not return */ -+ } -+ return FALSE; -+ } -+stdin_inend = stdin_buf + rc; -+stdin_inptr = stdin_buf; -+return TRUE; -+} -+ - int - stdin_getc(unsigned lim) - { --int c = getc(stdin); -+if (stdin_inptr >= stdin_inend) -+ if (!stdin_refill()) -+ return EOF; -+return *stdin_inptr++; -+} - --if (had_data_timeout) -- { -- fprintf(stderr, "exim: timed out while reading - message abandoned\n"); -- log_write(L_lost_incoming_connection, -- LOG_MAIN, "timed out while reading local message"); -- receive_bomb_out(US"data-timeout", NULL); /* Does not return */ -- } --if (had_data_sigint) -- { -- if (filter_test == FTEST_NONE) -- { -- fprintf(stderr, "\nexim: %s received - message abandoned\n", -- had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT"); -- log_write(0, LOG_MAIN, "%s received while reading local message", -- had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT"); -- } -- receive_bomb_out(US"signal-exit", NULL); /* Does not return */ -- } --return c; -+ -+BOOL -+stdin_hasc(void) -+{ -+return stdin_inptr < stdin_inend; - } - - int - stdin_ungetc(int c) - { --return ungetc(c, stdin); -+if (stdin_inptr <= stdin_buf) -+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in stdin_ungetc"); -+ -+*--stdin_inptr = c; -+return c; - } - - int - stdin_feof(void) - { --return feof(stdin); -+return stdin_hasc() ? FALSE : feof(stdin); - } - - int - stdin_ferror(void) - { -@@ -586,11 +615,11 @@ - the file copy. */ - - static void - log_close_chk(void) - { --if (!receive_timeout) -+if (!receive_timeout && !receive_hasc()) - { - struct timeval t; - timesince(&t, &received_time); - if (t.tv_sec > 30*60) - mainlog_close(); -@@ -652,15 +681,10 @@ - - if (!f.dot_ends) - { - int last_ch = '\n'; - --/*XXX we do a gettimeofday before checking for every received char, --which is hardly clever. The function-indirection doesn't help, but --an additional function to check for nonempty read buffer would help. --See stdin_getc() / smtp_getc() / tls_getc() / bdat_getc(). */ -- - for ( ; - log_close_chk(), (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF; - last_ch = ch) - { - if (ch == 0) body_zerocount++; ---- a/src/smtp_in.c -+++ b/src/smtp_in.c -@@ -561,10 +561,16 @@ - if (!smtp_refill(lim)) - return EOF; - return *smtp_inptr++; - } - -+BOOL -+smtp_hasc(void) -+{ -+return smtp_inptr < smtp_inend; -+} -+ - uschar * - smtp_getbuf(unsigned * len) - { - unsigned size; - uschar * buf; -@@ -743,10 +749,18 @@ - } - } - } - } - -+BOOL -+bdat_hasc(void) -+{ -+if (chunking_data_left > 0) -+ return lwr_receive_hasc(); -+return TRUE; -+} -+ - uschar * - bdat_getbuf(unsigned * len) - { - uschar * buf; - -@@ -782,40 +796,44 @@ - bdat_push_receive_functions(void) - { - /* push the current receive_* function on the "stack", and - replace them by bdat_getc(), which in turn will use the lwr_receive_* - functions to do the dirty work. */ --if (lwr_receive_getc == NULL) -+if (!lwr_receive_getc) - { - lwr_receive_getc = receive_getc; - lwr_receive_getbuf = receive_getbuf; -+ lwr_receive_hasc = receive_hasc; - lwr_receive_ungetc = receive_ungetc; - } - else - { - DEBUG(D_receive) debug_printf("chunking double-push receive functions\n"); - } - - receive_getc = bdat_getc; - receive_getbuf = bdat_getbuf; -+receive_hasc = bdat_hasc; - receive_ungetc = bdat_ungetc; - } - - static inline void - bdat_pop_receive_functions(void) - { --if (lwr_receive_getc == NULL) -+if (!lwr_receive_getc) - { - DEBUG(D_receive) debug_printf("chunking double-pop receive functions\n"); - return; - } - receive_getc = lwr_receive_getc; - receive_getbuf = lwr_receive_getbuf; -+receive_hasc = lwr_receive_hasc; - receive_ungetc = lwr_receive_ungetc; - - lwr_receive_getc = NULL; - lwr_receive_getbuf = NULL; -+lwr_receive_hasc = NULL; - lwr_receive_ungetc = NULL; - } - - /************************************************* - * SMTP version of ungetc() * -@@ -2574,16 +2592,18 @@ - smtp_inbuffer[IN_BUFFER_SIZE-1] = '\0'; - - receive_getc = smtp_getc; - receive_getbuf = smtp_getbuf; - receive_get_cache = smtp_get_cache; -+receive_hasc = smtp_hasc; - receive_ungetc = smtp_ungetc; - receive_feof = smtp_feof; - receive_ferror = smtp_ferror; - receive_smtp_buffered = smtp_buffered; - lwr_receive_getc = NULL; - lwr_receive_getbuf = NULL; -+lwr_receive_hasc = NULL; - lwr_receive_ungetc = NULL; - smtp_inptr = smtp_inend = smtp_inbuffer; - smtp_had_eof = smtp_had_error = 0; - - /* Set up the message size limit; this may be host-specific */ ---- a/src/tls-gnu.c -+++ b/src/tls-gnu.c -@@ -3136,10 +3136,11 @@ - state->xfer_buffer = store_malloc(ssl_xfer_buffer_size); - - receive_getc = tls_getc; - receive_getbuf = tls_getbuf; - receive_get_cache = tls_get_cache; -+receive_hasc = tls_hasc; - receive_ungetc = tls_ungetc; - receive_feof = tls_feof; - receive_ferror = tls_ferror; - receive_smtp_buffered = tls_smtp_buffered; - -@@ -3738,10 +3739,11 @@ - if (!ct_ctx) /* server */ - { - receive_getc = smtp_getc; - receive_getbuf = smtp_getbuf; - receive_get_cache = smtp_get_cache; -+ receive_hasc = smtp_hasc; - receive_ungetc = smtp_ungetc; - receive_feof = smtp_feof; - receive_ferror = smtp_ferror; - receive_smtp_buffered = smtp_buffered; - } -@@ -3852,10 +3854,17 @@ - /* Something in the buffer; return next uschar */ - - return state->xfer_buffer[state->xfer_buffer_lwm++]; - } - -+BOOL -+tls_hasc(void) -+{ -+exim_gnutls_state_st * state = &state_server; -+return state->xfer_buffer_lwm < state->xfer_buffer_hwm; -+} -+ - uschar * - tls_getbuf(unsigned * len) - { - exim_gnutls_state_st * state = &state_server; - unsigned size; ---- a/src/tls-openssl.c -+++ b/src/tls-openssl.c -@@ -3348,10 +3348,11 @@ - ssl_xfer_eof = ssl_xfer_error = FALSE; - - receive_getc = tls_getc; - receive_getbuf = tls_getbuf; - receive_get_cache = tls_get_cache; -+receive_hasc = tls_hasc; - receive_ungetc = tls_ungetc; - receive_feof = tls_feof; - receive_ferror = tls_ferror; - receive_smtp_buffered = tls_smtp_buffered; - -@@ -4124,10 +4125,16 @@ - /* Something in the buffer; return next uschar */ - - return ssl_xfer_buffer[ssl_xfer_buffer_lwm++]; - } - -+BOOL -+tls_hasc(void) -+{ -+return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm; -+} -+ - uschar * - tls_getbuf(unsigned * len) - { - unsigned size; - uschar * buf; -@@ -4413,10 +4420,11 @@ - #endif - - receive_getc = smtp_getc; - receive_getbuf = smtp_getbuf; - receive_get_cache = smtp_get_cache; -+ receive_hasc = smtp_hasc; - receive_ungetc = smtp_ungetc; - receive_feof = smtp_feof; - receive_ferror = smtp_ferror; - receive_smtp_buffered = smtp_buffered; - tls_in.active.tls_ctx = NULL; ---- a/src/transports/autoreply.c -+++ b/src/transports/autoreply.c -@@ -644,10 +644,11 @@ - if (text[Ustrlen(text)-1] != '\n') fprintf(fp, "\n"); - } - - if (ff) - { -+debug_printf("%s %d: ff\n", __FUNCTION__, __LINE__); - while (Ufgets(big_buffer, big_buffer_size, ff) != NULL) - { - if (file_expand) - { - uschar *s = expand_string(big_buffer); -@@ -667,16 +668,16 @@ - /* Copy the original message if required, observing the return size - limit if we are returning the body. */ - - if (return_message) - { -- uschar *rubric = (tblock->headers_only)? -- US"------ This is a copy of the message's header lines.\n" -- : (tblock->body_only)? -- US"------ This is a copy of the body of the message, without the headers.\n" -- : -- US"------ This is a copy of the message, including all the headers.\n"; -+debug_printf("%s %d: ret msg\n", __FUNCTION__, __LINE__); -+ uschar *rubric = tblock->headers_only -+ ? US"------ This is a copy of the message's header lines.\n" -+ : tblock->body_only -+ ? US"------ This is a copy of the body of the message, without the headers.\n" -+ : US"------ This is a copy of the message, including all the headers.\n"; - transport_ctx tctx = { - .u = {.fd = fileno(fp)}, - .tblock = tblock, - .addr = addr, - .check_string = NULL, diff -Nru exim4-4.95/debian/patches/75_32-Fix-PAM-auth.-Bug-2813.patch exim4-4.96/debian/patches/75_32-Fix-PAM-auth.-Bug-2813.patch --- exim4-4.95/debian/patches/75_32-Fix-PAM-auth.-Bug-2813.patch 2022-05-26 17:31:06.000000000 +0000 +++ exim4-4.96/debian/patches/75_32-Fix-PAM-auth.-Bug-2813.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -From 51be321b27825c01829dffd90f11bfff256f7e42 Mon Sep 17 00:00:00 2001 -From: Adam Lackorzynski -Date: Sat, 16 Oct 2021 16:30:07 +0100 -Subject: [PATCH] Fix PAM auth. Bug 2813 - ---- - src/auths/call_pam.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/auths/call_pam.c b/src/auths/call_pam.c -index 80bb23ec3..03b9be1a8 100644 ---- a/src/auths/call_pam.c -+++ b/src/auths/call_pam.c -@@ -88,7 +88,7 @@ for (int i = 0; i < num_msg; i++) - arg = US""; - pam_arg_ended = TRUE; - } -- reply[i].resp = CS string_copy_malloc(arg); /* PAM frees resp */ -+ reply[i].resp = strdup(CCS arg); /* Use libc malloc, PAM frees resp directly*/ - reply[i].resp_retcode = PAM_SUCCESS; - break; - --- -2.34.1 - diff -Nru exim4-4.95/debian/patches/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch exim4-4.96/debian/patches/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch --- exim4-4.95/debian/patches/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch 2022-05-26 17:31:06.000000000 +0000 +++ exim4-4.96/debian/patches/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -From df618101a5ea15dc90c4a2968798ef2be9dba16f Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Mon, 18 Oct 2021 11:01:47 +0100 -Subject: [PATCH] Exiqgrep: check arg parsing. Bug 2821 - ---- - src/exiqgrep.src | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/exiqgrep.src b/src/exiqgrep.src -index c8762df47..04602da68 100644 ---- a/src/exiqgrep.src -+++ b/src/exiqgrep.src -@@ -53,7 +53,7 @@ if ($ARGV[0] eq '--version') { - exit 0; - } - --getopts('hf:r:y:o:s:C:zxlibRcaG:',\%opt); -+if (!getopts('hf:r:y:o:s:C:zxlibRcaG:',\%opt) { &help; exit;} - if ($ARGV[0]) { &help; exit;} - if ($opt{h}) { &help; exit;} - if ($opt{a}) { $eargs = '-bp'; } --- -2.34.1 - diff -Nru exim4-4.95/debian/patches/75_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch exim4-4.96/debian/patches/75_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch --- exim4-4.95/debian/patches/75_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch 2022-05-26 17:31:06.000000000 +0000 +++ exim4-4.96/debian/patches/75_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,144 +0,0 @@ -From d73b9f478a2a5b299634acee4e05ff8ea25375a2 Mon Sep 17 00:00:00 2001 -From: John Paul Adrian Glaubitz -Date: Sun, 28 Nov 2021 17:26:40 +0000 -Subject: [PATCH] Fix basic memory use for SPARC. Bug 2838 - ---- - doc/ChangeLog | 5 +++++ - src/store.c | 34 +++++++++++++++++++--------------- - src/store.h | 2 +- - 3 files changed, 25 insertions(+), 16 deletions(-) - ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -4,10 +4,15 @@ - - JH/05 Bug 2819: speed up command-line messages being read in. Previously a - time check was being done for every character; replace that with one - per buffer. - -+JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, -+ though only once PCRE2 was introduced: the memory accounting used under -+ debug offset allocations by an int, giving a hard trap in early startup. -+ Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. -+ - - Exim version 4.95 - ----------------- - - JH/01 Bug 1329: Fix format of Maildir-format filenames to match other mail- ---- a/src/store.c -+++ b/src/store.c -@@ -190,11 +190,11 @@ - [POOL_TAINT_MESSAGE] = US"tainted", - }; - #endif - - --static void * internal_store_malloc(int, const char *, int); -+static void * internal_store_malloc(size_t, const char *, int); - static void internal_store_free(void *, const char *, int linenumber); - - /******************************************************************************/ - /* Initialisation, for things fragile with parameter channges when using - static initialisers. */ -@@ -859,30 +859,33 @@ - - Returns: pointer to gotten store (panic on failure) - */ - - static void * --internal_store_malloc(int size, const char *func, int line) -+internal_store_malloc(size_t size, const char *func, int line) - { - void * yield; - --if (size < 0 || size >= INT_MAX/2) -+/* Check specifically for a possibly result of conversion from -+a negative int, to the (unsigned, wider) size_t */ -+ -+if (size >= INT_MAX/2) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, -- "bad memory allocation requested (%d bytes) at %s %d", -- size, func, line); -+ "bad memory allocation requested (%lld bytes) at %s %d", -+ (unsigned long long)size, func, line); - --size += sizeof(int); /* space to store the size, used under debug */ -+size += sizeof(size_t); /* space to store the size, used under debug */ - if (size < 16) size = 16; - --if (!(yield = malloc((size_t)size))) -+if (!(yield = malloc(size))) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: " - "called from line %d in %s", size, line, func); - - #ifndef COMPILE_UTILITY --DEBUG(D_any) *(int *)yield = size; -+DEBUG(D_any) *(size_t *)yield = size; - #endif --yield = US yield + sizeof(int); -+yield = US yield + sizeof(size_t); - - if ((nonpool_malloc += size) > max_nonpool_malloc) - max_nonpool_malloc = nonpool_malloc; - - /* Cut out the debugging stuff for utilities, but stop picky compilers from -@@ -891,20 +894,20 @@ - #ifndef COMPILE_UTILITY - /* If running in test harness, spend time making sure all the new store - is not filled with zeros so as to catch problems. */ - - if (f.running_in_test_harness) -- memset(yield, 0xF0, (size_t)size - sizeof(int)); --DEBUG(D_memory) debug_printf("--Malloc %6p %5d bytes\t%-20s %4d\tpool %5d nonpool %5d\n", -+ memset(yield, 0xF0, size - sizeof(size_t)); -+DEBUG(D_memory) debug_printf("--Malloc %6p %5lld bytes\t%-20s %4d\tpool %5d nonpool %5d\n", - yield, size, func, line, pool_malloc, nonpool_malloc); - #endif /* COMPILE_UTILITY */ - - return yield; - } - - void * --store_malloc_3(int size, const char *func, int linenumber) -+store_malloc_3(size_t size, const char *func, int linenumber) - { - if (n_nonpool_blocks++ > max_nonpool_blocks) - max_nonpool_blocks = n_nonpool_blocks; - return internal_store_malloc(size, func, linenumber); - } -@@ -925,14 +928,15 @@ - */ - - static void - internal_store_free(void * block, const char * func, int linenumber) - { --uschar * p = US block - sizeof(int); -+uschar * p = US block - sizeof(size_t); - #ifndef COMPILE_UTILITY --DEBUG(D_any) nonpool_malloc -= *(int *)p; --DEBUG(D_memory) debug_printf("----Free %6p %5d bytes\t%-20s %4d\n", block, *(int *)p, func, linenumber); -+DEBUG(D_any) nonpool_malloc -= *(size_t *)p; -+DEBUG(D_memory) debug_printf("----Free %6p %5lld bytes\t%-20s %4d\n", -+ block, (unsigned long long) *(size_t *)p, func, linenumber); - #endif - free(p); - } - - void ---- a/src/store.h -+++ b/src/store.h -@@ -63,11 +63,11 @@ - typedef void ** rmark; - - extern BOOL store_extend_3(void *, BOOL, int, int, const char *, int); - extern void store_free_3(void *, const char *, int); - /* store_get_3 & store_get_perm_3 are in local_scan.h */ --extern void *store_malloc_3(int, const char *, int) ALLOC ALLOC_SIZE(1) WARN_UNUSED_RESULT; -+extern void *store_malloc_3(size_t, const char *, int) ALLOC ALLOC_SIZE(1) WARN_UNUSED_RESULT; - extern rmark store_mark_3(const char *, int); - extern void *store_newblock_3(void *, BOOL, int, int, const char *, int); - extern void store_release_above_3(void *, const char *, int); - extern rmark store_reset_3(rmark, const char *, int); - diff -Nru exim4-4.95/debian/patches/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch exim4-4.96/debian/patches/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch --- exim4-4.95/debian/patches/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch 2022-05-26 17:31:06.000000000 +0000 +++ exim4-4.96/debian/patches/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ -From 7ad863f3819407559cd654639c25dcae427c190f Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Sun, 6 Feb 2022 19:00:26 +0000 -Subject: [PATCH] Fix bogus error message copy. Bug 2857 - -Broken-by: bb43acbd98 ---- - src/parse.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/src/parse.c b/src/parse.c -index 5bf97eab9..edbee2646 100644 ---- a/src/parse.c -+++ b/src/parse.c -@@ -1354,15 +1354,16 @@ for (;;) - - if (special) - { -- uschar *ss = Ustrchr(s+1, ':') + 1; -+ uschar * ss = Ustrchr(s+1, ':') + 1; /* line after the special... */ - if ((options & specopt) == specbit) - { - *error = string_sprintf("\"%.*s\" is not permitted", len, s); - return FF_ERROR; - } -- while (*ss && isspace(*ss)) ss++; -- while (s[len] && s[len] != '\n') len++; -- *error = string_copyn(ss, s + len - ss); -+ while (*ss && isspace(*ss)) ss++; /* skip leading whitespace */ -+ if ((len = Ustrlen(ss)) > 0) /* ignore trailing newlines */ -+ for (const uschar * t = ss + len - 1; t >= ss && *t == '\n'; t--) len--; -+ *error = string_copyn(ss, len); /* becomes the error */ - return special; - } - --- -2.34.1 - diff -Nru exim4-4.95/debian/patches/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch exim4-4.96/debian/patches/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch --- exim4-4.95/debian/patches/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch 2022-05-26 17:31:06.000000000 +0000 +++ exim4-4.96/debian/patches/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,66 +0,0 @@ -From 7f8394e7c983b1c199866fc6b1c14feb857b651d Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Sun, 13 Feb 2022 12:00:55 +0000 -Subject: [PATCH] Fix include_directory in redirect routers. Bug 2715 - -Broken-by: 10c50704c1 ---- - doc/ChangeLog | 5 +++++ - src/parse.c | 9 ++++++--- - test/confs/0313 | 4 +++- - test/log/0313 | 2 ++ - test/scripts/0000-Basic/0313 | 2 ++ - 5 files changed, 18 insertions(+), 4 deletions(-) - ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -9,10 +9,15 @@ - JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, - though only once PCRE2 was introduced: the memory accounting used under - debug offset allocations by an int, giving a hard trap in early startup. - Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. - -+JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a -+ bad comparison between the option value and the name of the file to -+ be included was done, and a mismatch was wrongly identified. -+ 4.88 to 4.95 are affected. -+ - - Exim version 4.95 - ----------------- - - JH/01 Bug 1329: Fix format of Maildir-format filenames to match other mail- ---- a/src/parse.c -+++ b/src/parse.c -@@ -1422,11 +1422,13 @@ - /* Check file name if required */ - - if (directory) - { - int len = Ustrlen(directory); -- uschar *p = filename + len; -+ uschar * p; -+ while (len > 0 && directory[len-1] == '/') len--; /* ignore trailing '/' */ -+ p = filename + len; - - if (Ustrncmp(filename, directory, len) != 0 || *p != '/') - { - *error = string_sprintf("included file %s is not in directory %s", - filename, directory); -@@ -1448,13 +1450,14 @@ - } - while (*p) - { - uschar temp; - int fd2; -- uschar * q = p; -+ uschar * q = p + 1; /* skip dividing '/' */ - -- while (*++p && *p != '/') ; -+ while (*q == '/') q++; /* skip extra '/' */ -+ while (*++p && *p != '/') ; /* end of component */ - temp = *p; - *p = '\0'; - - fd2 = exim_openat(fd, CS q, O_RDONLY|O_NOFOLLOW); - close(fd); diff -Nru exim4-4.95/debian/patches/75_55-Specific-check-for-null-pointer.patch exim4-4.96/debian/patches/75_55-Specific-check-for-null-pointer.patch --- exim4-4.95/debian/patches/75_55-Specific-check-for-null-pointer.patch 2022-05-26 17:31:06.000000000 +0000 +++ exim4-4.96/debian/patches/75_55-Specific-check-for-null-pointer.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,67 +0,0 @@ -From b249717db8ced250a586385f06e61cf7107d5222 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Fri, 18 Feb 2022 15:45:37 +0000 -Subject: [PATCH] Specific check for null pointer - ---- - src/smtp_out.c | 18 +++++++++++++----- - 1 file changed, 13 insertions(+), 5 deletions(-) - -diff --git a/src/smtp_out.c b/src/smtp_out.c -index 608a781eb..fc1e6cecd 100644 ---- a/src/smtp_out.c -+++ b/src/smtp_out.c -@@ -524,13 +524,21 @@ flush_buffer(smtp_outblock * outblock, int mode) - int rc; - int n = outblock->ptr - outblock->buffer; - BOOL more = mode == SCMD_MORE; -+client_conn_ctx * cctx; - - HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n, - more ? " (more expected)" : ""); - -+if (!(cctx = outblock->cctx)) -+ { -+ log_write(0, LOG_MAIN|LOG_PANIC, "null conn-context pointer"); -+ errno = 0; -+ return FALSE; -+ } -+ - #ifndef DISABLE_TLS --if (outblock->cctx->tls_ctx) -- rc = tls_write(outblock->cctx->tls_ctx, outblock->buffer, n, more); -+if (cctx->tls_ctx) /*XXX have seen a null cctx here, rvfy sending QUIT, hence check above */ -+ rc = tls_write(cctx->tls_ctx, outblock->buffer, n, more); - else - #endif - -@@ -544,7 +552,7 @@ else - requirement: TFO with data can, in rare cases, replay the data to the - receiver. */ - -- if ( (outblock->cctx->sock = smtp_connect(outblock->conn_args, &early_data)) -+ if ( (cctx->sock = smtp_connect(outblock->conn_args, &early_data)) - < 0) - return FALSE; - outblock->conn_args = NULL; -@@ -552,7 +560,7 @@ else - } - else - { -- rc = send(outblock->cctx->sock, outblock->buffer, n, -+ rc = send(cctx->sock, outblock->buffer, n, - #ifdef MSG_MORE - more ? MSG_MORE : 0 - #else -@@ -567,7 +575,7 @@ else - https://bugzilla.redhat.com/show_bug.cgi?id=1803806 */ - - if (!more) -- setsockopt(outblock->cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off)); -+ setsockopt(cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off)); - #endif - } - } --- -2.34.1 - diff -Nru exim4-4.95/debian/patches/90_localscan_dlopen.dpatch exim4-4.96/debian/patches/90_localscan_dlopen.dpatch --- exim4-4.95/debian/patches/90_localscan_dlopen.dpatch 2022-05-26 17:31:06.000000000 +0000 +++ exim4-4.96/debian/patches/90_localscan_dlopen.dpatch 2022-07-14 08:23:37.000000000 +0000 @@ -6,11 +6,11 @@ Author: David Woodhouse, Derrick 'dman' Hudson, Marc MERLIN Origin: other, http://marc.merlins.org/linux/exim/files/sa-exim-current/ Forwarded: https://bugs.exim.org/show_bug.cgi?id=2671 -Last-Update: 2021-07-28 +Last-Update: 2022-04-24 --- a/src/EDITME +++ b/src/EDITME -@@ -881,10 +881,25 @@ +@@ -871,10 +871,25 @@ # as the traditional crypt() function. # *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** @@ -38,7 +38,7 @@ # with the extension "texinfo" in the doc directory. You may find that the --- a/src/config.h.defaults +++ b/src/config.h.defaults -@@ -33,10 +33,12 @@ +@@ -31,10 +31,12 @@ #define AUTH_SPA #define AUTH_TLS @@ -53,10 +53,10 @@ #define CONFIGURE_FILE_USE_NODE --- a/src/globals.c +++ b/src/globals.c -@@ -119,10 +119,14 @@ +@@ -115,10 +115,14 @@ uschar *dsn_envid = NULL; int dsn_ret = 0; - const pcre *regex_DSN = NULL; + const pcre2_code *regex_DSN = NULL; uschar *dsn_advertise_hosts = NULL; +#ifdef DLOPEN_LOCAL_SCAN @@ -70,15 +70,16 @@ uschar *openssl_options = NULL; --- a/src/globals.h +++ b/src/globals.h -@@ -154,10 +154,13 @@ +@@ -153,10 +153,14 @@ extern uschar *dsn_envid; /* DSN envid string */ extern int dsn_ret; /* DSN ret type*/ - extern const pcre *regex_DSN; /* For recognizing DSN settings */ + extern const pcre2_code *regex_DSN; /* For recognizing DSN settings */ extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */ +#ifdef DLOPEN_LOCAL_SCAN +extern uschar *local_scan_path; /* Path to local_scan() library */ +#endif ++ /* Input-reading functions for messages, so we can use special ones for incoming TCP/IP. */ @@ -86,9 +87,9 @@ extern uschar * (*lwr_receive_getbuf)(unsigned *); --- a/src/local_scan.c +++ b/src/local_scan.c -@@ -4,60 +4,135 @@ - +@@ -5,60 +5,135 @@ /* Copyright (c) University of Cambridge 1995 - 2009 */ + /* Copyright (c) The Exim Maintainers 2021 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -292,7 +293,7 @@ extern int recipients_count; /* Number of recipients */ extern recipient_item *recipients_list;/* List of recipient addresses */ extern unsigned char *sender_address; /* Sender address */ -@@ -233,6 +237,8 @@ +@@ -234,6 +238,8 @@ extern pid_t child_open_exim_function(int *, const uschar *); extern pid_t child_open_exim2_function(int *, uschar *, uschar *, const uschar *); extern pid_t child_open_function(uschar **, uschar **, int, int *, int *, BOOL, const uschar *); @@ -303,7 +304,7 @@ /* End of local_scan.h */ --- a/src/readconf.c +++ b/src/readconf.c -@@ -213,10 +213,13 @@ +@@ -210,10 +210,13 @@ #endif { "local_from_check", opt_bool, {&local_from_check} }, { "local_from_prefix", opt_stringptr, {&local_from_prefix} }, @@ -331,11 +332,11 @@ *************************************************/ /* -@@ -468,10 +469,11 @@ - uschar *ss = store_get(n + 1, is_tainted(s)); - Ustrncpy(ss, s, n); - ss[n] = 0; - return ss; +@@ -461,10 +462,11 @@ + uschar * + string_copyn_function(const uschar * s, int n) + { + return string_copyn(s, n); } +#pragma GCC visibility pop #endif diff -Nru exim4-4.95/debian/patches/lp1966923-exiqgrep-syntax-error.patch exim4-4.96/debian/patches/lp1966923-exiqgrep-syntax-error.patch --- exim4-4.95/debian/patches/lp1966923-exiqgrep-syntax-error.patch 2022-05-26 17:30:51.000000000 +0000 +++ exim4-4.96/debian/patches/lp1966923-exiqgrep-syntax-error.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -From: Jeremy Harris -Date: Sun, 6 Mar 2022 14:25:13 +0000 -Subject: Utilities: fix exiqgrep perl syntax, add testcases. Bug 2821 - -Utilities: fix exiqgrep perl syntax, add testcases. Bug 2821 - -Broken-by: df618101a5 - -Origin: backport, https://git.exim.org/exim.git/commitdiff/42ed39da5af85552a35626348bb77e5576e18aa4 -Bug: https://bugs.exim.org/show_bug.cgi?id=2821 -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006661 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1966923 ---- - src/exiqgrep.src | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/src/exiqgrep.src b/src/exiqgrep.src -index 10664bb..9304160 100644 ---- a/src/exiqgrep.src -+++ b/src/exiqgrep.src -@@ -53,12 +53,14 @@ if ($ARGV[0] eq '--version') { - exit 0; - } - --if (!getopts('hf:r:y:o:s:C:zxlibRcaG:',\%opt) { &help; exit;} --if ($ARGV[0]) { &help; exit;} --if ($opt{h}) { &help; exit;} -+if (!getopts('hf:r:y:o:s:C:zxlibRcaG:E:',\%opt)) { &help; exit; } -+if ($opt{h}) { &help; exit; } -+if ($ARGV[0] || !($opt{f} || $opt{r} || $opt{s} || $opt{y} || $opt{o} || $opt{z} || $opt{x} || $opt{c})) -+ { &help; exit(1); } - if ($opt{a}) { $eargs = '-bp'; } - if ($opt{C} && -e $opt{C} && -f $opt{C} && -R $opt{C}) { $eargs .= ' -C '.$opt{C}; } - if ($opt{G}) { $eargs .= ' -qG'.$opt{G}; } -+if ($opt{E}) { $exim = $opt{E}; } - - # Read message queue output into hash - &collect(); -@@ -75,6 +77,7 @@ Exim message queue display utility. - - -h This help message. - -C Specify which exim.conf to use. -+ -E Specify exim binary to use. - - Selection criteria: - -f Match sender address sender (field is "< >" wrapped) diff -Nru exim4-4.95/debian/patches/lp1974214-segfault-smtp-delivery-01.patch exim4-4.96/debian/patches/lp1974214-segfault-smtp-delivery-01.patch --- exim4-4.95/debian/patches/lp1974214-segfault-smtp-delivery-01.patch 2022-06-03 21:37:10.000000000 +0000 +++ exim4-4.96/debian/patches/lp1974214-segfault-smtp-delivery-01.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,186 +0,0 @@ -From: Jeremy Harris -Date: Thu, 19 May 2022 14:23:02 +0100 -Subject: GnuTLS: Do not free the cached creds on transport connection close. - Bug 2886 - -Origin: upstream, https://git.exim.org/exim.git/commitdiff/8c74b00980bc7e3e479e8dfcd7c0008b2ac3f543 -Bug: https://bugs.exim.org/show_bug.cgi?id=2886 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1974214 -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004740 ---- - confs/2011 | 72 ++++++++++++++++++++++++++++++++++++++++++++++++ - log/2011 | 13 +++++++++ - rejectlog/2011 | 3 ++ - scripts/2000-GnuTLS/2011 | 20 ++++++++++++++ - src/tls-gnu.c | 8 ++---- - 5 files changed, 111 insertions(+), 5 deletions(-) - create mode 100644 confs/2011 - create mode 100644 log/2011 - create mode 100644 rejectlog/2011 - create mode 100644 scripts/2000-GnuTLS/2011 - -diff --git a/confs/2011 b/confs/2011 -new file mode 100644 -index 0000000..eac8ccd ---- /dev/null -+++ b/confs/2011 -@@ -0,0 +1,72 @@ -+# Exim test configuration 2011 -+ -+SERVER= -+ -+keep_environment = PATH:EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK -+add_environment = SSLKEYLOGFILE=DIR/spool/sslkeys -+exim_path = EXIM_PATH -+host_lookup_order = bydns -+spool_directory = DIR/spool -+ -+.ifdef SERVER -+log_file_path = DIR/spool/log/SERVER%slog -+.else -+log_file_path = DIR/spool/log/%slog -+.endif -+ -+gecos_pattern = "" -+gecos_name = CALLER_NAME -+dns_cname_loops = 9 -+chunking_advertise_hosts = * -+ -+.ifdef _HAVE_PIPE_CONNECT -+pipelining_connect_advertise_hosts = : -+.endif -+.ifdef _HAVE_DMARC -+dmarc_tld_file = -+.endif -+.ifdef _EXP_LIMITS -+limits_advertise_hosts = !* -+.endif -+ -+primary_hostname = test.ex -+ -+# ----- Main settings ----- -+ -+acl_smtp_rcpt = check_rcpt -+ -+log_selector = +received_recipients +dkim_verbose -+queue_only -+queue_run_in_order -+ -+# ----- ACL ----- -+begin acl -+ -+check_rcpt: -+ defer hosts = HOSTIPV4 -+ accept -+ -+# ----- Routers ----- -+ -+begin routers -+ -+d0: -+ driver = manualroute -+ route_list = * "HOSTIPV4::PORT_D : 127.0.0.1::PORT_D" -+ self = send -+ transport = gsmtp -+ -+# ----- Transports ----- -+ -+begin transports -+ -+gsmtp: -+ driver = smtp -+ allow_localhost -+ tls_verify_certificates = system -+ hosts_require_tls = * -+ -+begin retry -+* * F,5d,10s -+ -+# End -diff --git a/log/2011 b/log/2011 -new file mode 100644 -index 0000000..f0fad26 ---- /dev/null -+++ b/log/2011 -@@ -0,0 +1,13 @@ -+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss for fred@test.net -+1999-03-02 09:44:33 Start queue run: pid=pppp -+1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: SMTP error from remote mail server after RCPT TO:: 451 Temporary local problem - please try later -+1999-03-02 09:44:33 10HmaX-0005vi-00 => fred@test.net R=d0 T=gsmtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K C="250- 3nn byte chunk, total 3nn\\n250 OK id=10HmaY-0005vi-00" -+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -+1999-03-02 09:44:33 End queue run: pid=pppp -+ -+******** SERVER ******** -+1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one. -+ Suggested action: either install a certificate or change tls_advertise_hosts option -+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D -+1999-03-02 09:44:33 H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no F= temporarily rejected RCPT -+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex H=localhost (test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss id=E10HmaX-0005vi-00@test.ex for fred@test.net -diff --git a/rejectlog/2011 b/rejectlog/2011 -new file mode 100644 -index 0000000..b8ae22a ---- /dev/null -+++ b/rejectlog/2011 -@@ -0,0 +1,3 @@ -+ -+******** SERVER ******** -+1999-03-02 09:44:33 H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no F= temporarily rejected RCPT -diff --git a/scripts/2000-GnuTLS/2011 b/scripts/2000-GnuTLS/2011 -new file mode 100644 -index 0000000..c5504c3 ---- /dev/null -+++ b/scripts/2000-GnuTLS/2011 -@@ -0,0 +1,20 @@ -+# Cached CA bundle re-use -+# -+# Preload a message into spool -+exim -odq fred@test.net -+Subject: test -+ -+this is a test -+ -+**** -+# -+# Server to work against -+exim -DSERVER=server -bd -oX PORT_D -+**** -+# -+# Send message from spool -+exim -q -+**** -+# -+killdaemon -+no_msglog_check -diff --git a/src/tls-gnu.c b/src/tls-gnu.c -index 31327c8..01a04be 100644 ---- a/src/tls-gnu.c -+++ b/src/tls-gnu.c -@@ -1586,6 +1586,9 @@ return lifetime; - /* Preload whatever creds are static, onto a transport. The client can then - just copy the pointer as it starts up. */ - -+/*XXX this is not called for a cmdline send. But one needing to use >1 conn would benefit, -+and there seems little downside. */ -+ - static void - tls_client_creds_init(transport_instance * t, BOOL watch) - { -@@ -3061,8 +3064,6 @@ if (rc != GNUTLS_E_SUCCESS) - tls_error_gnu(state, US"gnutls_handshake", rc, errstr); - (void) gnutls_alert_send_appropriate(state->session, rc); - gnutls_deinit(state->session); -- gnutls_certificate_free_credentials(state->lib_state.x509_cred); -- state->lib_state = null_tls_preload; - millisleep(500); - shutdown(state->fd_out, SHUT_WR); - for (int i = 1024; fgetc(smtp_in) != EOF && i > 0; ) i--; /* drain skt */ -@@ -3749,9 +3750,6 @@ if (!ct_ctx) /* server */ - } - - gnutls_deinit(state->session); --gnutls_certificate_free_credentials(state->lib_state.x509_cred); --state->lib_state = null_tls_preload; -- - tlsp->active.sock = -1; - tlsp->active.tls_ctx = NULL; - /* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */ diff -Nru exim4-4.95/debian/patches/lp1974214-segfault-smtp-delivery-02.patch exim4-4.96/debian/patches/lp1974214-segfault-smtp-delivery-02.patch --- exim4-4.95/debian/patches/lp1974214-segfault-smtp-delivery-02.patch 2022-06-03 21:37:10.000000000 +0000 +++ exim4-4.96/debian/patches/lp1974214-segfault-smtp-delivery-02.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -From: Jeremy Harris -Date: Thu, 19 May 2022 14:24:48 +0100 -Subject: ARC: reset headers before signing for secondary MX. Bug 2886 - -Origin: upstream, https://git.exim.org/exim.git/commitdiff/5a8015582376ff3cc0c0d034d9237008b10d2164 -Bug: https://bugs.exim.org/show_bug.cgi?id=2886 -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1974214 -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004740 ---- - src/arc.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/arc.c b/src/arc.c -index a68ab6e..b150d3a 100644 ---- a/src/arc.c -+++ b/src/arc.c -@@ -1531,6 +1531,7 @@ void - arc_sign_init(void) - { - memset(&arc_sign_ctx, 0, sizeof(arc_sign_ctx)); -+headers_rlist = NULL; - } - - diff -Nru exim4-4.95/debian/patches/series exim4-4.96/debian/patches/series --- exim4-4.95/debian/patches/series 2022-06-03 21:37:10.000000000 +0000 +++ exim4-4.96/debian/patches/series 2022-07-14 08:30:29.000000000 +0000 @@ -6,15 +6,6 @@ 60_convert4r4.dpatch 67_unnecessaryCopt.diff 70_remove_exim-users_references.dpatch -75_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch -75_32-Fix-PAM-auth.-Bug-2813.patch -75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch -75_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch -75_45-Fix-bogus-error-message-copy.-Bug-2857.patch -75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch -75_55-Specific-check-for-null-pointer.patch +75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch 90_localscan_dlopen.dpatch fix_smtp_banner.patch -lp1966923-exiqgrep-syntax-error.patch -lp1974214-segfault-smtp-delivery-01.patch -lp1974214-segfault-smtp-delivery-02.patch diff -Nru exim4-4.95/debian/source/lintian-overrides exim4-4.96/debian/source/lintian-overrides --- exim4-4.95/debian/source/lintian-overrides 2022-03-30 17:32:02.000000000 +0000 +++ exim4-4.96/debian/source/lintian-overrides 2022-07-14 08:23:37.000000000 +0000 @@ -1,8 +1,8 @@ # -custom *is* built from the same source, just not uploaded to Debian. -exim4 source: version-substvar-for-external-package Depends * exim4-daemon-custom +exim4 source: version-substvar-for-external-package Depends ${source:Version} exim4 -> exim4-daemon-custom [debian/control:197] # These are Debian specific. # exim4 source: maintainer-manual-page debian/manpages/update-exim4.conf.8 # exim4 source: maintainer-manual-page debian/manpages/update-exim4.conf.template.8 # exim4 source: maintainer-manual-page debian/manpages/update-exim4defaults.8 -exim4 source: maintainer-manual-page debian/manpages/exim4-config_files.5 +exim4 source: maintainer-manual-page [debian/manpages/exim4-config_files.5] # exim4 source: maintainer-manual-page debian/exim4-localscan-plugin-config.1 diff -Nru exim4-4.95/doc/ChangeLog exim4-4.96/doc/ChangeLog --- exim4-4.95/doc/ChangeLog 2021-09-28 08:24:46.000000000 +0000 +++ exim4-4.96/doc/ChangeLog 2022-06-23 13:41:10.000000000 +0000 @@ -2,6 +2,155 @@ affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.96 +----------------- + +JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from + after reception to before a subsequent reception. This should + mean slightly faster delivery, and also confirmation of reception + to senders. + +JH/02 Move from using the pcre library to pcre2. The former is no longer + being developed or supported (by the original developer). + +JH/03 Constification work in the filters module required a major version + bump for the local-scan API. Specifically, the "headers_charset" + global which is visible via the API is now const and may therefore + not be modified by local-scan code. + +JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for + sendfile() didi not account for the way the ClamAV driver code called it. + +JH/05 Bug 2819: speed up command-line messages being read in. Previously a + time check was being done for every character; replace that with one + per buffer. + +JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string + sent was prefixed with a length byte. + +JH/07 Change the SMTP feature name for pipelining connect to be compliant with + RFC 5321. Previously Dovecot (at least) would log errors during + submission. + +JH/08 Remove stripping of the binaries from the FreeBSD build. This was added + in 4.61 without a reason logged. Binaries will be bigger, which might + matter on diskspace-constrained systems, but debug is easier. + +JH/09 Fix macro-definition during "-be" expansion testing. The move to + write-protected store for macros had not accounted for these runtime + additions; fix by removing this protection for "-be" mode. + +JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be + handing out large-numbered file descriptors, violating the usual Unix + assumption (and required by Posix) that the lowest possible number will be + allocated by the kernel when a new one is needed. In the daemon, and any + child procesees, values higher than 1024 (being bigger than FD_SETSIZE) + are not useable for FD_SET() [and hence select()] and overwrite the stack. + Assorted crashes happen. + +JH/11 Fix use of $sender_host_name in daemon process. When used in certain + main-section options or in a connect ACL, the value from the first ever + connection was never replaced for subsequent connections. Found by + Wakko Warner. + +JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, + though only once PCRE2 was introduced: the memory accounting used under + debug offset allocations by an int, giving a hard trap in early startup. + Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. + +JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value + with underbars is given. The write-protection of configuration introduced + in 4.95 trapped when normalisation was applied to an option not needing + expansion action. + +JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. + +JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon + failing to close the certificates directory, every hour or any time it + was touched. + +JH/16 Debugging initiated by an ACL control now continues through into routing + and transport processes. Previously debugging stopped any time Exim + re-execs, or for processing a queued message. + +JH/17 The "expand" debug selector now gives more detail, specifically on the + result of expansion operators and items. + +JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a + bad comparison between the option value and the name of the file to + be included was done, and a mismatch was wrongly identified. + 4.88 to 4.95 are affected. + +JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn. + +JH/20 When built with NDBM for hints DB's check for nonexistence of a name + supplied as the db file-pair basename. Previously, if a directory + path was given, for example via the autoreply "once" option, the DB + file.pag and file.dir files would be created in that directory's + parent. + +JH/21 Remove the "allow_insecure_tainted_data" main config option and the + "taint" log_selector. These were previously deprecated. + +JH/22 Fix static address-list lookups to properly return the matched item. + Previously only the domain part was returned. + +JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously + the call into OpenSSL to send a TLS Close was being repeated; this + resulted in the library waiting for the peer's Close. If that was never + sent we waited forever. Fix by tracking send calls. + +JH/24 The ${run} expansion item now expands its command string elements after + splitting. Previously it was before; the new ordering makes handling + zero-length arguments simpler. The old ordering can be obtained by + appending a new option "preexpand", after a comma, to the "run". + +JH/25 Taint-check exec arguments for transport-initiated external processes. + Previously, tainted values could be used. This affects "pipe", "lmtp" and + "queryprogram" transport, transport-filter, and ETRN commands. + The ${run} expansion is also affected: in "preexpand" mode no part of + the command line may be tainted, in default mode the executable name + may not be tainted. + +JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of + the the facility was not passed across execs, and only the first message + passed over a connection could use BDAT; any further ones using DATA. + +JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data + uses $sending_ip_address and an interface is specified. + Previously any use of the local address in the EHLO name disabled + PIPECONNECT, the common case being to use the rDNS of it. + +JH/28 OpenSSL: fix transport-required OCSP stapling verification under session + resumption. Previously verify failed because no certificate status is + passed on the wire for the restarted session. Fix by using the recorded + ocsp status of the stored session for the new connection. + +JH/29 TLS resumption: the key for session lookup in the client now includes + more info that a server could potentially use in configuring a TLS + session, avoiding oferring mismatching sessions to such a server. + Previously only the server IP was used. + +JH/30 Fix string_copyn() for limit greater than actual string length. + Previously the copied amount was the limit, which could result in a + overlapping memcpy for newly allocated destination soon after a + source string shorter than the limit. Found/investigated by KM. + +JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection + close; it may be needed for a subsequent connection. This caused a + SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas. + +JH/32 Fix CHUNKING for a second message on a connection when the first was + rejected. Previously we did not reset the chunking-offered state, and + erroneously rejected the BDAT command. Investigation help from + Jesse Hathaway. + +JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning + an empty address. Previously the expansion returned an error. + +HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending + proxy. Previously these were misparsed, leading to paniclog entries. + Exim version 4.95 ----------------- @@ -760,6 +909,10 @@ to do ARC verification. The Authentication-Results: header line added by the configuration then had no ARC item. +JH/48 Bug 2784: fix shutdown=no in the ${readsocket) expansion item. Previously + an incorrect mode was used for reading the result, resulting in it being + ignored. + Exim version 4.92 ----------------- diff -Nru exim4-4.95/doc/dbm.discuss.txt exim4-4.96/doc/dbm.discuss.txt --- exim4-4.95/doc/dbm.discuss.txt 2021-09-28 08:24:46.000000000 +0000 +++ exim4-4.96/doc/dbm.discuss.txt 2022-06-23 13:41:10.000000000 +0000 @@ -41,7 +41,8 @@ November 1999, version 3.0 was released, and the ending of support for 2.7.7, the last 2.x release, was announced for November 2000. (Support for 1.85 has already ceased.) There were further 3.x releases, but by the end of 2001, the -current release was 4.0.14. +current release was 4.0.14. In 2022 it was 5.3.28 on Linux (the then-owner +has developed it further but Exim does not support anything after 5.x). There are major differences in implementation and interface between the DB 1.x and 2.x/3.x/4.x releases, and they are best considered as two independent dbm diff -Nru exim4-4.95/doc/exim.8 exim4-4.96/doc/exim.8 --- exim4-4.95/doc/exim.8 2021-09-28 08:37:50.000000000 +0000 +++ exim4-4.96/doc/exim.8 2022-06-25 13:36:30.000000000 +0000 @@ -824,39 +824,70 @@ debugging, whereas \fB\-d\-all+filter\fP selects only filter debugging. Note that no spaces are allowed in the debug setting. The available debugging categories are: -.sp - acl ACL interpretation - auth authenticators - deliver general delivery logic - dns DNS lookups (see also resolver) - dnsbl DNS black list (aka RBL) code - exec arguments for execv() calls - expand detailed debugging for string expansions - filter filter handling - hints_lookup hints data lookups - host_lookup all types of name\-to\-IP address handling - ident ident lookup - interface lists of local interfaces - lists matching things in lists - load system load checks - local_scan can be used by local_scan() - lookup general lookup code and all lookups - memory memory handling - noutf8 modifier: avoid UTF\-8 line\-drawing - pid modifier: add pid to debug output lines - process_info setting info for the process log - queue_run queue runs - receive general message reception logic - resolver turn on the DNS resolver's debugging output - retry retry handling - rewrite address rewriting - route address routing - timestamp modifier: add timestamp to debug output lines - tls TLS logic - transport transports - uid changes of uid/gid and looking up uid/gid - verify address verification logic - all almost all of the above (see below), and also \fB\-v\fP + acl +ACL interpretation + auth +authenticators + deliver +general delivery logic + dns +DNS lookups (see also resolver) + dnsbl +DNS black list (aka RBL) code + exec +arguments for execv() calls + expand +detailed debugging for string expansions + filter +filter handling + hints_lookup +hints data lookups + host_lookup +all types of name\-to\-IP address handling + ident +ident lookup + interface +lists of local interfaces + lists +matching things in lists + load +system load checks + local_scan +can be used by local_scan() + lookup +general lookup code and all lookups + memory +memory handling + noutf8 +modifier: avoid UTF\-8 line\-drawing + pid +modifier: add pid to debug output lines + process_info +setting info for the process log + queue_run +queue runs + receive +general message reception logic + resolver +turn on the DNS resolver's debugging output + retry +retry handling + rewrite +address rewriting" + route +address routing + timestamp +modifier: add timestamp to debug output lines + tls +TLS logic + transport +transports + uid +changes of uid/gid and looking up uid/gid + verify +address verification logic + all +almost all of the above (see below), and also \fB\-v\fP .sp The all option excludes memory when used as +all, but includes it for \-all. The reason for this is that +all is something that people @@ -1478,8 +1509,11 @@ option is also present. If this option is given then the socket will not be created. This could be required if the system is running multiple daemons. +.sp The socket is currently used for +.sp fast ramp\-up of queue runner processes +.sp obtaining a current queue size .TP 10 \fB\-pd\fP diff -Nru exim4-4.95/doc/experimental-spec.txt exim4-4.96/doc/experimental-spec.txt --- exim4-4.95/doc/experimental-spec.txt 2021-09-28 08:24:46.000000000 +0000 +++ exim4-4.96/doc/experimental-spec.txt 2022-06-23 13:41:10.000000000 +0000 @@ -292,62 +292,6 @@ -SRS (Sender Rewriting Scheme) Support (using libsrs_alt) --------------------------------------------------------------- -See also the main docs, for an alternative native support implementation. - -Exim can be built with SRS support using Miles Wilton's -libsrs_alt library. The current version of the supported -library is 0.5, there are reports of 1.0 working. - -In order to use SRS, you must get a copy of libsrs_alt from - -https://opsec.eu/src/srs/ - -(not the original source, which has disappeared.) - -Unpack the tarball, then refer to MTAs/README.EXIM -to proceed. You need to set - -EXPERIMENTAL_SRS_ALT=yes - -in your Local/Makefile. - -The built-in support, included by SUPPORT_SRS, -shuold *not* be enabled if you wish to use the libsrs_alt -version. - -The following main-section options become available: - srs_config string - srs_hashlength int - srs_hashmin int - srs_maxage int - srs_secrets string - srs_usehash bool - srs_usetimestamp bool - -The redirect router gains these options (all of type string, unset by default): - srs - srs_alias - srs_condition - srs_dbinsert - srs_dbselect - -The following variables become available: - $srs_db_address - $srs_db_key - $srs_orig_recipient - $srs_orig_sender - $srs_recipient - $srs_status - -The predefined feature-macro _HAVE_SRS will be present. -Additional delivery log line elements, tagged with "SRS=" will show the srs sender. -For configuration information see https://github.com/Exim/exim/wiki/SRS . - - - - DCC Support -------------------------------------------------------------- Distributed Checksum Clearinghouse; http://www.rhyolite.com/dcc/ diff -Nru exim4-4.95/doc/filter.txt exim4-4.96/doc/filter.txt --- exim4-4.95/doc/filter.txt 2021-09-28 08:37:50.000000000 +0000 +++ exim4-4.96/doc/filter.txt 2022-06-25 13:36:30.000000000 +0000 @@ -2,25 +2,22 @@ Philip Hazel -Copyright (c) 2018 The Exim Maintainers +Copyright (c) 2021 The Exim Maintainers -Revision 4.95 28 Sep 2021 PH +Revision 4.96 25 Jun 2022 PH ------------------------------------------------------------------------------- TABLE OF CONTENTS 1. Forwarding and filtering in Exim - 1.1. Introduction 1.2. Filter operation 1.3. Testing a new filter file 1.4. Installing a filter file 1.5. Testing an installed filter file 1.6. Details of filtering commands - 2. Sieve filter files - 2.1. Recognition of Sieve filters 2.2. Saving to specified folders 2.3. Strings containing header names @@ -33,9 +30,7 @@ 2.10. String arguments 2.11. Number units 2.12. RFC compliance - 3. Exim filter files - 3.1. Format of Exim filter files 3.2. Data values in filter commands 3.3. String expansion @@ -76,8 +71,8 @@ 1. FORWARDING AND FILTERING IN EXIM This document describes the user interfaces to Exim's in-built mail filtering -facilities, and is copyright (c) The Exim Maintainers 2018. It corresponds to -Exim version 4.95. +facilities, and is copyright (c) The Exim Maintainers 2021. It corresponds to +Exim version 4.96. 1.1 Introduction @@ -1344,7 +1339,7 @@ e.g. $sender_address matches "(bill|john)@" For a "matches" test, after expansion of both strings, the second one is -interpreted as a regular expression. Exim uses the PCRE regular expression +interpreted as a regular expression. Exim uses the PCRE2 regular expression library, which provides regular expressions that are compatible with Perl. The match succeeds if the regular expression matches any part of the first diff -Nru exim4-4.95/doc/NewStuff exim4-4.96/doc/NewStuff --- exim4-4.95/doc/NewStuff 2021-09-28 08:24:46.000000000 +0000 +++ exim4-4.96/doc/NewStuff 2022-06-23 13:41:10.000000000 +0000 @@ -6,6 +6,30 @@ test from the snapshots or the Git before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.96 +------------ + + 1. A new ACL condition: seen. Records/tests a timestamp against a key. + + 2. A variant of the "mask" expansion operator to give normalised IPv6. + + 3. UTC output option for exim_dumpdb, exim_fixdb. + + 4. An event for failing TLS connects to the daemon. + + 5. The ACL "debug" control gains options "stop", "pretrigger" and "trigger". + + 6. Query-style lookups are now checked for quoting, if the query string is + built using untrusted data ("tainted"). For now lack of quoting is merely + logged; a future release will upgrade this to an error. + + 7. The expansion conditions match_ and inlist now set $value for + the expansion of the "true" result of the ${if}. With a static list, this + can be used for de-tainting. + + 8. Recipient verify callouts now set $domain_data & $local_part_data, with + de-tainted values. + Version 4.95 ------------ @@ -48,7 +72,7 @@ 13. Option "smtp_accept_max_per_connection" is now expanded. -14. Log selector "queue_size_exclusive", enabled by default, to exclude the +14. Log selector "queue_time_exclusive", enabled by default, to exclude the time taken for reception from QT log elements. 15. Main option "smtp_backlog_monitor", to set a level above which listen diff -Nru exim4-4.95/doc/OptionLists.txt exim4-4.96/doc/OptionLists.txt --- exim4-4.95/doc/OptionLists.txt 2021-09-28 08:24:46.000000000 +0000 +++ exim4-4.96/doc/OptionLists.txt 2022-06-23 13:41:10.000000000 +0000 @@ -296,6 +296,9 @@ home_directory string* unset transports 4.00 replaces individual options host_all_ignored string "defer" manualroute 4.67 host_find_failed string "freeze" manualroute 4.00 +host_name_extract string + "${if and {{match{.outlook.com\\$}{$host}} {match{$item}{\\N^250-([\\w.]+)\\s\\N}}} {$1}}" + smtp 4.96 host_lookup host list unset main 3.00 host_lookup_order string list "bydns:byaddr" main 4.30 host_reject_connection host list unset main 4.00 diff -Nru exim4-4.95/doc/spec.txt exim4-4.96/doc/spec.txt --- exim4-4.95/doc/spec.txt 2021-09-28 08:37:50.000000000 +0000 +++ exim4-4.96/doc/spec.txt 2022-06-25 13:36:30.000000000 +0000 @@ -2,16 +2,15 @@ Exim Maintainers -Copyright (c) 2021 The Exim Maintainers +Copyright (c) 2022 The Exim Maintainers -Revision 4.95 28 Sep 2021 EM +Revision 4.96 25 Jun 2022 EM ------------------------------------------------------------------------------- TABLE OF CONTENTS 1. Introduction - 1.1. Exim documentation 1.2. FTP site and websites 1.3. Mailing lists @@ -21,10 +20,8 @@ 1.7. Runtime configuration 1.8. Calling interface 1.9. Terminology - 2. Incorporated code 3. How Exim receives and delivers mail - 3.1. Overall philosophy 3.2. Policy control 3.3. User filters @@ -42,12 +39,10 @@ 3.15. Temporary delivery failure 3.16. Permanent delivery failure 3.17. Failures to deliver bounce messages - 4. Building and installing Exim - 4.1. Unpacking 4.2. Multiple machine architectures and operating systems - 4.3. PCRE library + 4.3. PCRE2 library 4.4. DBM libraries 4.5. Pre-building configuration 4.6. Support for iconv() @@ -65,17 +60,14 @@ 4.18. Setting up the spool directory 4.19. Testing 4.20. Replacing another MTA with Exim - 4.21. Upgrading Exim - 4.22. Stopping the Exim daemon on Solaris - + 4.21. Running the daemon + 4.22. Upgrading Exim + 4.23. Stopping the Exim daemon on Solaris 5. The Exim command line - 5.1. Setting options by program name 5.2. Trusted and admin users 5.3. Command line options - 6. The Exim runtime configuration file - 6.1. Using a different configuration file 6.2. Configuration file format 6.3. File inclusions in the configuration file @@ -99,9 +91,7 @@ 6.21. Changing list separators 6.22. Empty items in lists 6.23. Format of driver configurations - 7. The default configuration file - 7.1. Macros 7.2. Main configuration settings 7.3. ACL configuration @@ -110,10 +100,8 @@ 7.6. Default retry rule 7.7. Rewriting configuration 7.8. Authenticators configuration - 8. Regular expressions 9. File and database lookups - 9.1. Examples of different lookup syntax 9.2. Lookup types 9.3. Single-key lookup types @@ -141,9 +129,7 @@ 9.25. Special PostgreSQL features 9.26. More about SQLite 9.27. More about Redis - 10. Domain, host, address, and local part lists - 10.1. Expansion of lists 10.2. Negated items in lists 10.3. File names in lists @@ -166,9 +152,7 @@ 10.20. Address lists 10.21. Case of letters in address lists 10.22. Local part lists - 11. String expansions - 11.1. Literal text in expanded strings 11.2. Character escape sequences in expanded strings 11.3. Testing string expansions @@ -178,16 +162,12 @@ 11.7. Expansion conditions 11.8. Combining expansion conditions 11.9. Expansion variables - 12. Embedded Perl - 12.1. Setting up so Perl can be used 12.2. Calling Perl subroutines 12.3. Calling Exim functions from Perl 12.4. Use of standard output and error by Perl - 13. Starting the daemon and the use of network interfaces - 13.1. Starting a listening daemon 13.2. Special IP listening addresses 13.3. Overriding local_interfaces and daemon_smtp_ports @@ -197,9 +177,7 @@ 13.7. Examples of starting a listening daemon 13.8. Recognizing the local host 13.9. Delivering to a remote host - 14. Main configuration - 14.1. Miscellaneous 14.2. Exim parameters 14.3. Privilege controls @@ -223,20 +201,16 @@ 14.21. Routing and delivery 14.22. Bounce and warning messages 14.23. Alphabetical list of main options - 15. Generic options for routers 16. The accept router 17. The dnslookup router - 17.1. Problems with DNS lookups 17.2. Declining addresses by dnslookup 17.3. Private options for dnslookup 17.4. Effect of qualify_single and search_parents - 18. The ipliteral router 19. The iplookup router 20. The manualroute router - 20.1. Private options for manualroute 20.2. Routing rules in route_list 20.3. Routing rules in route_data @@ -245,10 +219,8 @@ 20.6. How the list of hosts is used 20.7. How the options are used 20.8. Manualroute examples - 21. The queryprogram router 22. The redirect router - 22.1. Redirection data 22.2. Forward files and address verification 22.3. Interpreting redirection data @@ -259,18 +231,14 @@ 22.8. Repeated redirection expansion 22.9. Errors in redirection lists 22.10. Private options for the redirect router - 23. Environment for running local transports - 23.1. Concurrent deliveries 23.2. Uids and gids 23.3. Current and home directories 23.4. Expansion variables derived from the address - 24. Generic options for transports 25. Address batching in local transports 26. The appendfile transport - 26.1. The file and directory options 26.2. Private options for appendfile 26.3. Operational details for appending @@ -280,31 +248,23 @@ 26.7. Using a maildirsize file 26.8. Mailstore delivery 26.9. Non-special new file delivery - 27. The autoreply transport - 27.1. Private options for autoreply - 28. The lmtp transport 29. The pipe transport - 29.1. Concurrent delivery 29.2. Returned status and data 29.3. How the command is run 29.4. Environment variables 29.5. Private options for pipe 29.6. Using an external local delivery agent - 30. The smtp transport - 30.1. Multiple messages on a single connection 30.2. Use of the $host and $host_address variables 30.3. Use of $tls_cipher and $tls_peerdn 30.4. Private options for smtp 30.5. How the limits for the number of hosts to try are used - 31. Address rewriting - 31.1. Explicitly configured address rewriting 31.2. When does rewriting happen? 31.3. Testing the rewriting rules that apply on input @@ -316,9 +276,7 @@ 31.9. The SMTP-time rewriting flag 31.10. Flags controlling the rewriting process 31.11. Rewriting examples - 32. Retry configuration - 32.1. Changing retry rules 32.2. Format of retry rules 32.3. Choosing which retry rule to use for address errors @@ -330,17 +288,13 @@ 32.9. Timeout of retry data 32.10. Long-term failures 32.11. Deliveries that work intermittently - 33. SMTP authentication - 33.1. Generic options for authenticators 33.2. The AUTH parameter on MAIL commands 33.3. Authentication on an Exim server 33.4. Testing server authentication 33.5. Authentication by an Exim client - 34. The plaintext authenticator - 34.1. Avoiding cleartext use 34.2. Plaintext server options 34.3. Using plaintext in a server @@ -348,39 +302,25 @@ 34.5. The LOGIN authentication mechanism 34.6. Support for different kinds of authentication 34.7. Using plaintext in a client - 35. The cram_md5 authenticator - 35.1. Using cram_md5 as a server 35.2. Using cram_md5 as a client - 36. The cyrus_sasl authenticator - 36.1. Using cyrus_sasl as a server - 37. The dovecot authenticator 38. The gsasl authenticator - 38.1. gsasl auth variables - 39. The heimdal_gssapi authenticator - 39.1. heimdal_gssapi auth variables - 40. The spa authenticator - 40.1. Using spa as a server 40.2. Using spa as a client - 41. The external authenticator - 41.1. External options 41.2. Using external in a server 41.3. Using external in a client - 42. The tls authenticator 43. Encrypted SMTP connections using TLS/SSL - 43.1. Support for the "submissions" (aka "ssmtp" and "smtps") protocol 43.2. OpenSSL vs GnuTLS 43.3. GnuTLS parameter computation @@ -399,9 +339,7 @@ 43.16. Self-signed certificates 43.17. TLS Resumption 43.18. DANE - 44. Access control lists - 44.1. Testing ACLs 44.2. Specifying when ACLs are used 44.3. The non-SMTP ACLs @@ -439,34 +377,31 @@ 44.35. Handling multiple DNS records from a DNS list 44.36. Detailed information from merged DNS lists 44.37. DNS lists and IPv6 - 44.38. Rate limiting incoming messages - 44.39. Ratelimit options for what is being measured - 44.40. Ratelimit update modes - 44.41. Ratelimit options for handling fast clients - 44.42. Limiting the rate of different events - 44.43. Using rate limiting - 44.44. Address verification - 44.45. Callout verification - 44.46. Additional parameters for callouts - 44.47. Callout caching - 44.48. Quota caching - 44.49. Sender address verification reporting - 44.50. Redirection while verifying - 44.51. Client SMTP authorization (CSA) - 44.52. Bounce address tag validation - 44.53. Using an ACL to control relaying - 44.54. Checking a relay configuration - + 44.38. Previously seen user and hosts + 44.39. Rate limiting incoming messages + 44.40. Ratelimit options for what is being measured + 44.41. Ratelimit update modes + 44.42. Ratelimit options for handling fast clients + 44.43. Limiting the rate of different events + 44.44. Using rate limiting + 44.45. Address verification + 44.46. Callout verification + 44.47. Additional parameters for callouts + 44.48. Callout caching + 44.49. Quota caching + 44.50. Sender address verification reporting + 44.51. Redirection while verifying + 44.52. Client SMTP authorization (CSA) + 44.53. Bounce address tag validation + 44.54. Using an ACL to control relaying + 44.55. Checking a relay configuration 45. Content scanning at ACL time - 45.1. Scanning for viruses 45.2. Scanning with SpamAssassin and Rspamd 45.3. Calling SpamAssassin from an Exim ACL 45.4. Scanning MIME parts 45.5. Scanning with regular expressions - 46. Adding a local scan function to Exim - 46.1. Building Exim to use a local scan function 46.2. API for local_scan() 46.3. Configuration options for local_scan() @@ -475,9 +410,7 @@ 46.6. Structure of recipient items 46.7. Available Exim functions 46.8. More about Exim's memory handling - 47. System-wide message filtering - 47.1. Specifying a system filter 47.2. Testing a system filter 47.3. Contents of a system filter @@ -486,9 +419,7 @@ 47.6. Adding and removing headers in a system filter 47.7. Setting an errors address in a system filter 47.8. Per-address filtering - 48. Message processing - 48.1. Submission mode for non-local messages 48.2. Line endings 48.3. Unqualified addresses @@ -510,9 +441,7 @@ 48.19. Case of local parts 48.20. Dots in local parts 48.21. Rewriting addresses - 49. SMTP processing - 49.1. Outgoing SMTP and LMTP over TCP/IP 49.2. Errors in outgoing SMTP 49.3. Incoming SMTP messages over TCP/IP @@ -524,14 +453,10 @@ 49.9. Incoming local SMTP 49.10. Outgoing batched SMTP 49.11. Incoming batched SMTP - 50. Customizing bounce and warning messages - 50.1. Customizing bounce messages 50.2. Customizing warning messages - 51. Some common configuration settings - 51.1. Sending mail to a smart host 51.2. Using Exim to handle mailing lists 51.3. Syntax errors in mailing lists @@ -545,10 +470,8 @@ 51.11. Intermittently connected hosts 51.12. Exim on the upstream server host 51.13. Exim on the intermittently connected client host - 52. Using Exim as a non-queueing client 53. Log files - 53.1. Where the logs are written 53.2. Logging to local files that are periodically "cycled" 53.3. Datestamped log files @@ -565,9 +488,7 @@ 53.14. Other log entries 53.15. Reducing or increasing what is logged 53.16. Message log - 54. Exim utilities - 54.1. Finding out what Exim processes are doing (exiwhat) 54.2. Selective queue listing (exiqgrep) 54.3. Summarizing the queue (exiqsumm) @@ -583,18 +504,14 @@ 54.13. exim_tidydb 54.14. exim_fixdb 54.15. Mailbox maintenance (exim_lock) - 55. The Exim monitor - 55.1. Running the monitor 55.2. The stripcharts 55.3. Main action buttons 55.4. The log display 55.5. The queue display 55.6. The queue menu - 56. Security considerations - 56.1. Building a more "hardened" Exim 56.2. Root privilege 56.3. Running Exim without privilege @@ -612,32 +529,23 @@ 56.15. Use of sprintf() 56.16. Use of debug_printf() and log_write() 56.17. Use of strcat() and strcpy() - 57. Format of spool files - 57.1. Format of the -H file 57.2. Format of the -D file - 58. DKIM, SPF, SRS and DMARC - 58.1. DKIM (DomainKeys Identified Mail) 58.2. Signing outgoing messages 58.3. Verifying DKIM signatures in incoming mail 58.4. SPF (Sender Policy Framework) 58.5. SRS (Sender Rewriting Scheme) 58.6. DMARC - 59. Proxies - 59.1. Inbound proxies 59.2. Outbound proxies 59.3. Logging - 60. Internationalisation - 60.1. MTA operations 60.2. MDA operations - 61. Events 62. Adding new drivers or lookup types @@ -688,8 +596,8 @@ 1.1 Exim documentation ---------------------- -This edition of the Exim specification applies to version 4.95 of Exim. -Substantive changes from the 4.94 edition are marked in some renditions of this +This edition of the Exim specification applies to version 4.96 of Exim. +Substantive changes from the 4.95 edition are marked in some renditions of this document; this paragraph is so marked if the rendition is capable of showing a change indicator. @@ -1016,11 +924,11 @@ A number of pieces of external code are included in the Exim distribution. * Regular expressions are supported in the main Exim program and in the Exim - monitor using the freely-distributable PCRE library, copyright (c) - University of Cambridge. The source to PCRE is no longer shipped with Exim, - so you will need to use the version of PCRE shipped with your system, or - obtain and install the full version of the library from ftp:// - ftp.csx.cam.ac.uk/pub/software/programming/pcre. + monitor using the freely-distributable PCRE2 library, copyright (c) + University of Cambridge. The source to PCRE2 is not longer shipped with + Exim, so you will need to use the version of PCRE2 shipped with your + system, or obtain and install the full version of the library from https:// + github.com/PhilipHazel/pcre2/releases. * Support for the cdb (Constant DataBase) lookup method is provided by code contributed by Nigel Metheringham of (at the time he contributed it) Planet @@ -1581,24 +1489,21 @@ check an address given in the SMTP EXPN command (see the expn option). * If the domains option is set, the domain of the address must be in the set - of domains that it defines. - - A match verifies the variable $domain (which carries tainted data) and - assigns an untainted value to the $domain_data variable. Such an untainted - value is often needed in the transport. For specifics of the matching - operation and the resulting untainted value, refer to section 10.9. + of domains that it defines. A match verifies the variable $domain (which + carries tainted data) and assigns an untainted value to the $domain_data + variable. Such an untainted value is often needed in the transport. For + specifics of the matching operation and the resulting untainted value, + refer to section 10.9. When an untainted value is wanted, use this option rather than the generic condition option. * If the local_parts option is set, the local part of the address must be in - the set of local parts that it defines. - - A match verifies the variable $local_part (which carries tainted data) and - assigns an untainted value to the $local_part_data variable. Such an - untainted value is often needed in the transport. For specifics of the - matching operation and the resulting untainted value, refer to section - 10.22. + the set of local parts that it defines. A match verifies the variable + $local_part (which carries tainted data) and assigns an untainted value to + the $local_part_data variable. Such an untainted value is often needed in + the transport. For specifics of the matching operation and the resulting + untainted value, refer to section 10.22. When an untainted value is wanted, use this option rather than the generic condition option. @@ -1818,7 +1723,7 @@ Exim is distributed as a gzipped or bzipped tar file which, when unpacked, creates a directory with the name of the current release (for example, -exim-4.95) into which the following files are placed: +exim-4.96) into which the following files are placed: ACKNOWLEDGMENTS contains some acknowledgments CHANGES contains a reference to where changes are documented @@ -1856,19 +1761,20 @@ necessary. A C99-capable compiler will be required for the build. -4.3 PCRE library ----------------- +4.3 PCRE2 library +----------------- -Exim no longer has an embedded PCRE library as the vast majority of modern -systems include PCRE as a system library, although you may need to install the -PCRE package or the PCRE development package for your operating system. If your -system has a normal PCRE installation the Exim build process will need no -further configuration. If the library or the headers are in an unusual location -you will need to either set the PCRE_LIBS and INCLUDE directives appropriately, -or set PCRE_CONFIG=yes to use the installed pcre-config command. If your -operating system has no PCRE support then you will need to obtain and build the -current PCRE from ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/. More -information on PCRE is available at https://www.pcre.org/. +Exim no longer has an embedded regular-expression library as the vast majority +of modern systems include PCRE2 as a system library, although you may need to +install the PCRE2 package or the PCRE2 development package for your operating +system. If your system has a normal PCRE2 installation the Exim build process +will need no further configuration. If the library or the headers are in an +unusual location you will need to either set the PCRE2_LIBS and INCLUDE +directives appropriately, or set PCRE2_CONFIG=yes to use the installed +pcre-config command. If your operating system has no PCRE2 support then you +will need to obtain and build the current PCRE2 from https://github.com/ +PhilipHazel/pcre2/releases. More information on PCRE2 is available at https:// +www.pcre.org/. 4.4 DBM libraries @@ -1914,14 +1820,17 @@ 5. To complicate things further, there are several very different versions of the Berkeley DB package. Version 1.85 was stable for a very long time, - releases 2.x and 3.x were current for a while, but the latest versions when - Exim last revamped support were numbered 4.x. Maintenance of some of the - earlier releases has ceased. All versions of Berkeley DB could be obtained - from http://www.sleepycat.com/, which is now a redirect to their new - owner's page with far newer versions listed. It is probably wise to plan to - move your storage configurations away from Berkeley DB format, as today - there are smaller and simpler alternatives more suited to Exim's usage - model. + releases 2.x and 3.x were current for a while, + + but the latest versions when Exim last revamped support were numbered 5.x. + Maintenance of some of the earlier releases has ceased, and Exim no longer + supports versions before 3.x. + + All versions of Berkeley DB could be obtained from http://www.sleepycat.com + /, which is now a redirect to their new owner's page with far newer + versions listed. It is probably wise to plan to move your storage + configurations away from Berkeley DB format, as today there are smaller and + simpler alternatives more suited to Exim's usage model. 6. Yet another DBM library, called tdb, is available from https:// sourceforge.net/projects/tdb/files/. It has its own interface, and also @@ -1937,6 +1846,8 @@ Similarly, for gdbm you set USE_GDBM, and for tdb you set USE_TDB. An error is diagnosed if you set more than one of these. +You can set USE_NDBM if needed to override an operating system default. + At the lowest level, the build-time configuration sets none of these options, thereby assuming an interface of type (1). However, some operating system configuration files (for example, those for the BSD operating systems and @@ -1950,6 +1861,9 @@ DBMLIB = -ldb DBMLIB = -ltdb +DBMLIB = -lgdbm -lgdbm_compat + +The last of those was for a Linux having GDBM provide emulated NDBM facilities. Settings like that will work if the DBM library is installed in the standard place. Sometimes it is not, and the library's header file may also not be in @@ -2431,7 +2345,7 @@ For the utility programs, old versions are renamed by adding the suffix .O to their names. The Exim binary itself, however, is handled differently. It is installed under a name that includes the version number and the compile number, -for example, exim-4.95-1. The script then arranges for a symbolic link called +for example, exim-4.96-1. The script then arranges for a symbolic link called exim to point to the binary. If you are updating a previous version of Exim, the script takes care to ensure that the name exim is never absent from the directory (as seen by other processes). @@ -2599,7 +2513,28 @@ Exim's interface to mail filtering available to them. -4.21 Upgrading Exim +4.21 Running the daemon +----------------------- + +The most common command line for launching the Exim daemon looks like + +exim -bd -q5m + +This starts a daemon which + + * listens for incoming smtp connections, launching handler processes for each + new one + + * starts a queue-runner process every five minutes, to inspect queued + messages and run delivery attempts on any that have arrived at their retry + time + +Should a queue run take longer than the time between queue-runner starts, they +will run in parallel. Numbers of jobs of the various types are subject to +policy controls defined in the configuration. + + +4.22 Upgrading Exim ------------------- If you are already running Exim on your host, building and installing a new @@ -2611,7 +2546,7 @@ configuration file. -4.22 Stopping the Exim daemon on Solaris +4.23 Stopping the Exim daemon on Solaris ---------------------------------------- The standard command for stopping the mailer daemon on Solaris is @@ -2944,7 +2879,7 @@ actually perform an ident callout when testing using -bh because there is no incoming SMTP connection. - Warning 2: Address verification callouts (see section 44.45) are also + Warning 2: Address verification callouts (see section 44.46) are also skipped when testing using -bh. If you want these callouts to occur, use -bhc instead. @@ -3516,38 +3451,38 @@ that no spaces are allowed in the debug setting. The available debugging categories are: - acl ACL interpretation - auth authenticators - deliver general delivery logic - dns DNS lookups (see also resolver) - dnsbl DNS black list (aka RBL) code - exec arguments for execv() calls - expand detailed debugging for string expansions - filter filter handling - hints_lookup hints data lookups - host_lookup all types of name-to-IP address handling - ident ident lookup - interface lists of local interfaces - lists matching things in lists - load system load checks - local_scan can be used by local_scan() (see chapter 46) - lookup general lookup code and all lookups - memory memory handling - noutf8 modifier: avoid UTF-8 line-drawing - pid modifier: add pid to debug output lines - process_info setting info for the process log - queue_run queue runs - receive general message reception logic - resolver turn on the DNS resolver's debugging output - retry retry handling - rewrite address rewriting - route address routing - timestamp modifier: add timestamp to debug output lines - tls TLS logic - transport transports - uid changes of uid/gid and looking up uid/gid - verify address verification logic - all almost all of the above (see below), and also -v + acl ACL interpretation + auth authenticators + deliver general delivery logic + dns DNS lookups (see also resolver) + dnsbl DNS black list (aka RBL) code + exec arguments for execv() calls + expand detailed debugging for string expansions + filter filter handling + hints_lookup hints data lookups + host_lookup all types of name-to-IP address handling + ident ident lookup + interface lists of local interfaces + lists matching things in lists + load system load checks + local_scan can be used by local_scan() (see chapter 46) + lookup general lookup code and all lookups + memory memory handling + noutf8 modifier: avoid UTF-8 line-drawing + pid modifier: add pid to debug output lines + process_info setting info for the process log + queue_run queue runs + receive general message reception logic + resolver turn on the DNS resolver's debugging output + retry retry handling + rewrite address rewriting" + route address routing + timestamp modifier: add timestamp to debug output lines + tls TLS logic + transport transports + uid changes of uid/gid and looking up uid/gid + verify address verification logic + all almost all of the above (see below), and also -v The "all" option excludes "memory" when used as "+all", but includes it for "-all". The reason for this is that "+all" is something that people tend to @@ -4254,9 +4189,9 @@ The socket is currently used for - + fast ramp-up of queue runner processes + o fast ramp-up of queue runner processes - + obtaining a current queue size + o obtaining a current queue size -pd @@ -5652,7 +5587,7 @@ address is refused. Verification consists of trying to route the address, to see if a bounce message could be delivered to it. In the case of remote addresses, basic verification checks only the domain, but callouts can be used -for more verification if required. Section 44.44 discusses the details of +for more verification if required. Section 44.45 discusses the details of address verification. accept hosts = +relay_from_hosts @@ -6182,17 +6117,17 @@ 8. REGULAR EXPRESSIONS Exim supports the use of regular expressions in many of its options. It uses -the PCRE regular expression library; this provides regular expression matching +the PCRE2 regular expression library; this provides regular expression matching that is compatible with Perl 5. The syntax and semantics of regular expressions is discussed in online Perl manpages, in many Perl reference books, and also in Jeffrey Friedl's Mastering Regular Expressions, which is published by O'Reilly (see http://www.oreilly.com/catalog/regex2/). The documentation for the syntax and semantics of the regular expressions that -are supported by PCRE is included in the PCRE distribution, and no further -description is included here. The PCRE functions are called from Exim using the -default option settings (that is, with no PCRE options set), except that the -PCRE_CASELESS option is set when the matching is required to be +are supported by PCRE2 is included in the PCRE2 distribution, and no further +description is included here. The PCRE2 functions are called from Exim using +the default option settings (that is, with no PCRE2 options set), except that +the PCRE2_CASELESS option is set when the matching is required to be case-insensitive. In most cases, when a regular expression is required in an Exim configuration, @@ -6271,6 +6206,9 @@ domains = lsearch;/some/file The first uses a string expansion, the result of which must be a domain list. + +The key for an expansion-style lookup must be given explicitly. + No strings have been specified for a successful or a failing lookup; the defaults in this case are the looked-up data and an empty string, respectively. The expansion takes place before the string is processed as a list, and the @@ -6293,6 +6231,10 @@ Any data that follows the keys is not relevant when checking that the domain matches the list item. +The key for a list-style lookup is implicit, from the lookup context, if the +lookup is a single-key type (see below). For query-style lookup types the key +must be given explicitly. + It is possible, though no doubt confusing, to use both kinds of lookup at once. Consider a file containing lines like this: @@ -6323,7 +6265,7 @@ * The single-key type requires the specification of a file in which to look, and a single key to search for. The key must be a non-empty string for the lookup to succeed. The lookup type determines how the file is searched. The - file string may not be tainted + file string may not be tainted. All single-key lookups support the option "ret=key". If this is given and the lookup (either underlying implementation or cached value) returns data, @@ -6333,6 +6275,10 @@ key value is assumed by Exim for query-style lookups. You can use whichever Exim variables you need to construct the database query. + If tainted data is used in the query then it should be quuted by using the + ${quote_:} expansion operator appropriate for the + lookup. + The code for each lookup type is in a separate source file that is included in the binary of Exim only if the corresponding compile-time option is set. The default settings in src/EDITME are: @@ -6455,7 +6401,7 @@ notation before executing the lookup.) One option is supported, "ret=full", to request the return of the entire - line rather than omitting the key porttion. Note however that the key + line rather than omitting the key portion. Note however that the key portion will have been de-quoted. * json: The given file is a text file with a JSON structure. An element of @@ -6986,7 +6932,7 @@ list. A third pseudo-type is CSA (Client SMTP Authorization). This looks up SRV -records according to the CSA rules, which are described in section 44.51. +records according to the CSA rules, which are described in section 44.52. Although dnsdb supports SRV lookups directly, this is not sufficient because of the extra parent domain search behaviour of CSA. The result of a successful lookup such as: @@ -7231,14 +7177,14 @@ quotes are used, backslash is interpreted in the usual way inside them. The following names are recognized: -DEREFERENCE set the dereferencing parameter -NETTIME set a timeout for a network operation -USER set the DN, for authenticating the LDAP bind -PASS set the password, likewise -REFERRALS set the referrals parameter -SERVERS set alternate server list for this query only -SIZE set the limit for the number of entries returned -TIME set the maximum waiting time for a query + DEREFERENCE set the dereferencing parameter + NETTIME set a timeout for a network operation + USER set the DN, for authenticating the LDAP bind + PASS set the password, likewise + REFERRALS set the referrals parameter + SERVERS set alternate server list for this query only + SIZE set the limit for the number of entries returned + TIME set the maximum waiting time for a query The value of the DEREFERENCE parameter must be one of the words "never", "searching", "finding", or "always". The value of the REFERRALS parameter must @@ -8751,11 +8697,8 @@ options for which string expansion is performed are marked with * after the data type. ACL rules always expand strings. A couple of expansion conditions do not expand some of the brace-delimited branches, for security reasons, and -expansion of data deriving from the sender ("tainted data") - -is not permitted (including acessing a file using a tainted name). The main -config option allow_insecure_tainted_data can be used as mitigation during -uprades to more secure configurations. +expansion of data deriving from the sender ("tainted data") is not permitted +(including acessing a file using a tainted name). Common ways of obtaining untainted equivalents of variables with tainted values come down to using the tainted value as a lookup key in a trusted database. @@ -9069,7 +9012,7 @@ present for "fail" to be recognized. ${extract json{}{}{}{}}, ${extract jsons{} - {}{}{}} +{}{}{}} The key and are first expanded separately. Leading and trailing white space is removed from the key (but not from any of the strings). The @@ -9115,7 +9058,7 @@ empty (for example, the fifth field above). ${extract json {}}{}{}{}}, ${extract jsons{< - number>}}{}{}{}} +number>}}{}{}{}} The argument must consist entirely of decimal digits, apart from leading and trailing white space, which is ignored. @@ -9170,8 +9113,8 @@ $hash{4}{62}{monty python}} yields fbWx $header_
: or $h_
:, $bheader_
: or $bh_< - header name>:, $lheader_
: or $lh_
:, $rheader_< - header name>: or $rh_
: +header name>:, $lheader_
: or $lh_
:, $rheader_< +header name>: or $rh_
: Substitute the contents of the named message header line, for example @@ -9184,17 +9127,17 @@ The difference between the four pairs of expansions is in the way the data in the header line is interpreted. - + rheader gives the original "raw" content of the header line, with no + o rheader gives the original "raw" content of the header line, with no processing at all, and without the removal of leading and trailing white space. - + lheader gives a colon-separated list, one element per header when there + o lheader gives a colon-separated list, one element per header when there are multiple headers with a given name. Any embedded colon characters within an element are doubled, so normal Exim list-processing facilities can be used. The terminating newline of each element is removed; in other respects the content is "raw". - + bheader removes leading and trailing white space, and then decodes + o bheader removes leading and trailing white space, and then decodes base64 or quoted-printable MIME "words" within the header text, but does no character set translation. If decoding of what looks superficially like a MIME "word" fails, the raw string is returned. If @@ -9202,7 +9145,7 @@ mark - this is what Exim does for binary zeros that are actually received in header lines. - + header tries to translate the string as decoded by bheader to a + o header tries to translate the string as decoded by bheader to a standard character set. This is an attempt to produce the same string as would be displayed on a user's MUA. If translation fails, the bheader string is returned. Translation is attempted only on operating @@ -9384,7 +9327,7 @@ given separator. ${lookup {} {} {} {}}, ${lookup < - search type> {} {} {}} +search type> {} {} {}} The two forms of lookup item specify data lookups in files and databases, as discussed in chapter 9. The first form is used for single-key lookups, @@ -9498,7 +9441,7 @@ absent, it defaults to 0. The result of the expansion is a prvs-signed email address, to be typically used with the return_path option on an smtp transport as part of a bounce address tag validation (BATV) scheme. For - more discussion and an example, see section 44.52. + more discussion and an example, see section 44.53. ${prvscheck{
}{}{}} @@ -9524,7 +9467,7 @@ All three variables can be used in the expansion of the third argument. However, once the expansion is complete, only $prvscheck_result remains - set. For more discussion and an example, see section 44.52. + set. For more discussion and an example, see section 44.53. ${readfile{}{}} @@ -9575,18 +9518,18 @@ The following option names are recognised: - + cache Defines if the result data can be cached for use by a later + o cache Defines if the result data can be cached for use by a later identical request in the same process. Values are "yes" or "no" (the default). If not, all cached results for this connection specification will be invalidated. - + shutdown Defines whether or not a write-shutdown is done on the + o shutdown Defines whether or not a write-shutdown is done on the connection after sending the request. Values are "yes" (the default) or "no" (preferred, eg. by some webservers). - + tls Controls the use of TLS on the connection. Values are "yes" or "no" - (the default). If it is enabled, a shutdown as descripbed above is - never done. + o tls Controls the use of TLS on the connection. Values are "yes" or "no" + (the default). If it is enabled, a shutdown as described above is never + done. A fourth argument allows you to change any newlines that are in the data that is read, in the same way as for readfile (see above). This example @@ -9598,13 +9541,13 @@ happens. Errors in these sub-expansions cause the expansion to fail. In addition, the following errors can occur: - + Failure to create a socket file descriptor; + o Failure to create a socket file descriptor; - + Failure to connect the socket; + o Failure to connect the socket; - + Failure to write the request string; + o Failure to write the request string; - + Timeout on reading from the socket. + o Timeout on reading from the socket. By default, any of these errors causes the expansion to fail. However, if you supply a fifth substring, it is expanded and used when any of the above @@ -9651,24 +9594,38 @@ This item inserts "raw" header lines. It is described with the header expansion item in section 11.5 above. -${run{ }{}{}} +${run {}{}{}} - The command and its arguments are first expanded as one string. The string + This item runs an external command, as a subprocess. + + One option is supported after the word run, comma-separated. + + If the option preexpand is not used, the command string is split into + individual arguments by spaces and then each argument is expanded. Then the + command is run in a separate process, but under the same uid and gid. As in + other command executions from Exim, a shell is not used by default. If the + command requires a shell, you must explicitly code it. The command name may + not be tainted, but the remaining arguments can be. + + Note: if tainted arguments are used, they are supplied by a potential + attacker; a careful assessment for security vulnerabilities should be done. + + If the option preexpand is used, + + the command and its arguments are first expanded as one string. The result is split apart into individual arguments by spaces, and then the command is - run in a separate process, but under the same uid and gid. As in other - command executions from Exim, a shell is not used by default. If the - command requires a shell, you must explicitly code it. - - Since the arguments are split by spaces, when there is a variable expansion - which has an empty result, it will cause the situation that the argument - will simply be omitted when the program is actually executed by Exim. If - the script/program requires a specific number of arguments and the expanded - variable could possibly result in this empty expansion, the variable must - be quoted. This is more difficult if the expanded variable itself could - result in a string containing quotes, because it would interfere with the - quotes around the command arguments. A possible guard against this is to - wrap the variable in the sg operator to change any quote marks to some - other character. + run as above. Since the arguments are split by spaces, when there is a + variable expansion which has an empty result, it will cause the situation + that the argument will simply be omitted when the program is actually + executed by Exim. If the script/program requires a specific number of + arguments and the expanded variable could possibly result in this empty + expansion, the variable must be quoted. This is more difficult if the + expanded variable itself could result in a string containing quotes, + because it would interfere with the quotes around the command arguments. A + possible guard against this is to wrap the variable in the sg operator to + change any quote marks to some other character. + + Neither the command nor any argument may be tainted. The standard input for the command exists, but is empty. The standard output and standard error are set to the same file descriptor. If the @@ -9770,14 +9727,14 @@ SRS encoding. See SECT 58.5 for details. -${substr{}{}{}} +${substr{}{}{}} The three strings are expanded; the first two must yield numbers. Call them and . If you are using fixed values for these numbers, that is, if < - string1> and do not change when they are expanded, you can use - the simpler operator notation that avoids some of the braces: + start> and do not change when they are expanded, you can use the + simpler operator notation that avoids some of the braces: - ${substr__:} + ${substr__:} The second number is optional (in both notations). If it is absent in the simpler format, the preceding underscore must also be omitted. @@ -10120,11 +10077,9 @@ colon-separation. If the optional type is given it must be one of "a", "d", "h" or "l" and selects address-, domain-, host- or localpart- lists to search among respectively. Otherwise all types are searched in an undefined - order and the first matching list is returned. - - Note: Neither string-expansion of lists referenced by named-list syntax - elements, nor expansion of lookup elements, is done by the listnamed - operator. + order and the first matching list is returned. Note: Neither + string-expansion of lists referenced by named-list syntax elements, nor + expansion of lookup elements, is done by the listnamed operator. ${local_part:} @@ -10132,7 +10087,7 @@ extracted from it. If the string does not parse successfully, the result is empty. The parsing correctly handles SMTPUTF8 Unicode in the string. -${mask:/} +${mask:/}, ${mask_n:/} If the form of the string to be operated on is not an IP address followed by a slash and an integer (that is, a network address in CIDR notation), @@ -10142,10 +10097,16 @@ ${mask:10.111.131.206/28} - returns the string "10.111.131.192/28". Since this operation is expected to - be mostly used for looking up masked addresses in files, the result for an - IPv6 address uses dots to separate components instead of colons, because - colon terminates a key string in lsearch files. So, for example, + returns the string "10.111.131.192/28". + + Since this operation is expected to be mostly used for looking up masked + addresses in files, the + + normal + + result for an IPv6 address uses dots to separate components instead of + colons, because colon terminates a key string in lsearch files. So, for + example, ${mask:3ffe:ffff:836f:0a00:000a:0800:200a:c031/99} @@ -10153,6 +10114,9 @@ 3ffe.ffff.836f.0a00.000a.0800.2000.0000/99 + If the optional form mask_n is used, IPv6 address result are instead + returned in normailsed form, using colons and with zero-compression. + Letters in IPv6 addresses are always output in lower case. ${md5:} @@ -10385,7 +10349,7 @@ literal question mark). ${utf8_domain_to_alabel:}, ${utf8_domain_from_alabel:}, $ - {utf8_localpart_to_alabel:}, ${utf8_localpart_from_alabel:} +{utf8_localpart_to_alabel:}, ${utf8_localpart_from_alabel:} These convert EAI mail name components between UTF-8 and a-label forms. For information on internationalisation support see 60.1. @@ -10407,12 +10371,12 @@ There are a number of symbolic operators for doing numeric comparisons. They are: - = equal - == equal - > greater - >= greater or equal - < less - <= less or equal + = equal + == equal + > greater + >= greater or equal + < less + <= less or equal For example: @@ -10492,26 +10456,26 @@ The following encryption types (whose names are matched case-independently) are supported: - + {md5} computes the MD5 digest of the first string, and expresses this + o {md5} computes the MD5 digest of the first string, and expresses this as printable characters to compare with the remainder of the second string. If the length of the comparison string is 24, Exim assumes that it is base64 encoded (as in the above example). If the length is 32, Exim assumes that it is a hexadecimal encoding of the MD5 digest. If the length not 24 or 32, the comparison fails. - + {sha1} computes the SHA-1 digest of the first string, and expresses + o {sha1} computes the SHA-1 digest of the first string, and expresses this as printable characters to compare with the remainder of the second string. If the length of the comparison string is 28, Exim assumes that it is base64 encoded. If the length is 40, Exim assumes that it is a hexadecimal encoding of the SHA-1 digest. If the length is not 28 or 40, the comparison fails. - + {crypt} calls the crypt() function, which traditionally used to use + o {crypt} calls the crypt() function, which traditionally used to use only the first eight characters of the password. However, in modern operating systems this is no longer true, and in many cases the entire password is used, whatever its length. - + {crypt16} calls the crypt16() function, which was originally created to + o {crypt16} calls the crypt16() function, which was originally created to use up to 16 characters of the password in some operating systems. Again, in modern operating systems, more characters may be used. @@ -10591,11 +10555,11 @@ the interpretation of the condition, the current list item is placed in a variable called $item. - + For forany, interpretation stops if the condition is true for any item, + o For forany, interpretation stops if the condition is true for any item, and the result of the whole condition is true. If the condition is false for all items in the list, the overall condition is false. - + For forall, interpretation stops if the condition is false for any + o For forall, interpretation stops if the condition is false for any item, and the result of the whole condition is false. If the condition is true for all items in the list, the overall condition is true. @@ -10612,8 +10576,8 @@ To scan a named list, expand it with the listnamed operator. forall_json{}{}, forany_json{}{}, forall_jsons{}{}, forany_jsons{}{} +condition>}, forall_jsons{}{}, forany_jsons{}{} As for the above, except that the first argument must, after expansion, be a JSON array. The array separator is not changeable. For the "jsons" @@ -10655,6 +10619,14 @@ ${if inlisti{Needle}{fOo:NeeDLE:bAr}} ${if forany{fOo:NeeDLE:bAr}{eqi{$item}{Needle}}} + The variable $value will be set for a successful match and can be used in + the success clause of an if expansion item using the condition. It will + have the same taint status as the list; expansions such as + + ${if inlist {$h_mycode:} {0 : 1 : 42} {$value}} + + can be used for de-tainting. Any previous $value is restored after the if. + isip {}, isip4 {}, isip6 {} The substring is first expanded, and then tested to see if it has the form @@ -10759,11 +10731,11 @@ The specific types of host list item that are permitted in the list are: - + An IP address, optionally with a CIDR mask. + o An IP address, optionally with a CIDR mask. - + A single asterisk, which matches any IP address. + o A single asterisk, which matches any IP address. - + An empty item, which matches only if the IP address is empty. This + o An empty item, which matches only if the IP address is empty. This could be useful for testing for a locally submitted message or one from specific hosts in a single test such as @@ -10771,9 +10743,9 @@ where the first item in the list is the empty string. - + The item @[] matches any of the local host's interface addresses. + o The item @[] matches any of the local host's interface addresses. - + Single-key lookups are assumed to be like "net-" style lookups in host + o Single-key lookups are assumed to be like "net-" style lookups in host lists, even if "net-" is not specified. There is never any attempt to turn the IP address into a host name. The most common type of linear search for match_ip is likely to be iplsearch, in which the file can @@ -10819,6 +10791,14 @@ have their local parts matched casefully. Domains are always matched caselessly. + The variable $value will be set for a successful match and can be used in + the success clause of an if expansion item using the condition. It will + have the same taint status as the list; expansions such as + + ${if match_local_part {$local_part} {alice : bill : charlotte : dave} {$value}} + + can be used for de-tainting. Any previous $value is restored after the if. + Note that is not itself subject to string expansion, unless Exim was built with the EXPAND_LISTMATCH_RHS option. @@ -10830,10 +10810,10 @@ pam {::...} Pluggable Authentication Modules (https://mirrors.edge.kernel.org/pub/linux - /libs/pam/) are a facility that is available in the latest releases of - Solaris and in some GNU/Linux distributions. The Exim support, which is - intended for use in conjunction with the SMTP AUTH command, is available - only if Exim is compiled with + /libs/pam/) are a facility that is available in Solaris and in some GNU/ + Linux distributions. The Exim support, which is intended for use in + conjunction with the SMTP AUTH command, is available only if Exim is + compiled with SUPPORT_PAM=yes @@ -10987,6 +10967,11 @@ of them are available only when Exim is compiled with specific options such as support for TLS or the content scanning extension. +Variables marked as tainted are likely to carry data supplied by a potential +attacker. Variables without such marking may also, depending on how their +values are created. Such variables should not be further expanded, used as +filenames or used as command-line arguments for external commands. + $0, $1, etc When a match expansion condition succeeds, these variables contain the @@ -10999,6 +10984,8 @@ the commands available in Exim filter files include an if command with its own regular expression matching condition. + If the subject string was tainted then any captured substring will also be. + $acl_arg1, $acl_arg2, etc Within an acl condition, expansion condition or expansion item any @@ -11044,9 +11031,8 @@ You can use $acl_verify_message during the expansion of the message or log_message modifiers, to include information about the verification - failure. - - Note: The variable is cleared at the end of processing the ACL verb. + failure. Note: The variable is cleared at the end of processing the ACL + verb. $address_data @@ -11125,6 +11111,8 @@ $authenticated_sender + Tainted + When acting as a server, Exim takes note of the AUTH= parameter on an incoming SMTP MAIL command if it believes the sender is sufficiently trusted, as described in section 33.2. Unless the data is the string "<>", @@ -11145,9 +11133,10 @@ possible to distinguish between "did not try to authenticate" ( $sender_host_authenticated is empty and $authentication_failed is set to "0") and "tried to authenticate but failed" ($sender_host_authenticated is - empty and $authentication_failed is set to "1"). Failure includes any - negative response to an AUTH command, including (for example) an attempt to - use an undefined mechanism. + empty and $authentication_failed is set to "1"). Failure includes + cancellation of a authentication attempt, and any negative response to an + AUTH command, (including, for example, an attempt to use an undefined + mechanism). $av_failed @@ -11219,10 +11208,10 @@ Results of DKIM verification. For details see section 58.3. $dkim_cur_signer, $dkim_verify_reason, $dkim_domain, $dkim_identity, - $dkim_selector, $dkim_algo, $dkim_canon_body, $dkim_canon_headers, - $dkim_copiedheaders, $dkim_bodylength, $dkim_created, $dkim_expires, - $dkim_headernames, $dkim_key_testing, $dkim_key_nosubdomains, - $dkim_key_srvtype, $dkim_key_granularity, $dkim_key_notes, $dkim_key_length +$dkim_selector, $dkim_algo, $dkim_canon_body, $dkim_canon_headers, +$dkim_copiedheaders, $dkim_bodylength, $dkim_created, $dkim_expires, +$dkim_headernames, $dkim_key_testing, $dkim_key_nosubdomains, $dkim_key_srvtype +, $dkim_key_granularity, $dkim_key_notes, $dkim_key_length These variables are only available within the DKIM ACL. For details see section 58.3. @@ -11246,6 +11235,8 @@ $domain + Tainted + When an address is being routed, or delivered on its own, this variable contains the domain. Uppercase letters in the domain are converted into lower case for $domain. @@ -11268,7 +11259,7 @@ The $domain variable is also used in some other circumstances: - + When an ACL is running for a RCPT command, $domain contains the domain + o When an ACL is running for a RCPT command, $domain contains the domain of the recipient address. The domain of the sender address is in $sender_address_domain at both MAIL time and at RCPT time. $domain is not normally set during the running of the MAIL ACL. However, if the @@ -11276,19 +11267,19 @@ sender domain is placed in $domain during the expansions of hosts, interface, and port in the smtp transport. - + When a rewrite item is being processed (see chapter 31), $domain + o When a rewrite item is being processed (see chapter 31), $domain contains the domain portion of the address that is being rewritten; it can be used in the expansion of the replacement address, for example, to rewrite domains by file lookup. - + With one important exception, whenever a domain list is being scanned, + o With one important exception, whenever a domain list is being scanned, $domain contains the subject domain. Exception: When a domain list in a sender_domains condition in an ACL is being processed, the subject domain is in $sender_address_domain and not in $domain. It works this way so that, in a RCPT ACL, the sender domain list can be dependent on the recipient domain (which is what is in $domain at this time). - + When the smtp_etrn_command option is being expanded, $domain contains + o When the smtp_etrn_command option is being expanded, $domain contains the complete argument of the ETRN command (see section 49.8). If the origin of the data is an incoming message, the result of expanding @@ -11299,12 +11290,10 @@ $domain_data - When the domains condition on a router - - or an ACL matches a domain against a list, the match value is copied to - $domain_data. This is an enhancement over previous versions of Exim, when - it only applied to the data read by a lookup. For details on match values - see section 10.5 et. al. + When the domains condition on a router or an ACL matches a domain against a + list, the match value is copied to $domain_data. This is an enhancement + over previous versions of Exim, when it only applied to the data read by a + lookup. For details on match values see section 10.5 et. al. If the router routes the address to a transport, the value is available in that transport. If the transport is handling multiple addresses, the value @@ -11335,6 +11324,8 @@ $header_ + Tainted + This is not strictly an expansion variable. It is expansion syntax for inserting the message header line with the given name. Note that the name must be terminated by colon or white space, because it may contain a wide @@ -11398,11 +11389,11 @@ host's name from its IP address, and the attempt is not successful, one of these variables is set to "1". - + If the lookup receives a definite negative response (for example, a DNS + o If the lookup receives a definite negative response (for example, a DNS lookup succeeded, but no records were found), $host_lookup_failed is set to "1". - + If there is any kind of problem during the lookup, such that Exim + o If there is any kind of problem during the lookup, such that Exim cannot tell whether or not the host name is defined (for example, a timeout for a DNS lookup), $host_lookup_deferred is set to "1". @@ -11468,6 +11459,8 @@ $local_part + Tainted + When an address is being routed, or delivered on its own, this variable contains the local part. When a number of addresses are being delivered together (for example, multiple RCPT commands in an SMTP session), @@ -11528,7 +11521,6 @@ $local_part_data When the local_parts condition on a router or ACL matches a local part list - the match value is copied to $local_part_data. This is an enhancement over previous versions of Exim, when it only applied to the data read by a lookup. For details on match values see section 10.5 et. al. @@ -11622,6 +11614,8 @@ $message_body + Tainted + This variable contains the initial portion of a message's body while it is being delivered, and is intended mainly for use in filter files. The maximum number of characters of the body that are put into the variable is @@ -11634,6 +11628,8 @@ $message_body_end + Tainted + This variable contains the final portion of a message's body while it is being delivered. The format and maximum size are as for $message_body. @@ -11658,6 +11654,8 @@ $message_headers + Tainted + This variable contains a concatenation of all the header lines when a message is being processed, except for lines added by routers or transports. The header lines are separated by newline characters. Their @@ -11666,6 +11664,8 @@ $message_headers_raw + Tainted + This variable is like $message_headers except that no processing of the contents of header lines is done. @@ -11717,10 +11717,10 @@ value may not, of course, be truthful. $mime_anomaly_level, $mime_anomaly_text, $mime_boundary, $mime_charset, - $mime_content_description, $mime_content_disposition, $mime_content_id, - $mime_content_size, $mime_content_transfer_encoding, $mime_content_type, - $mime_decoded_filename, $mime_filename, $mime_is_coverletter, - $mime_is_multipart, $mime_is_rfc822, $mime_part_count +$mime_content_description, $mime_content_disposition, $mime_content_id, +$mime_content_size, $mime_content_transfer_encoding, $mime_content_type, +$mime_decoded_filename, $mime_filename, $mime_is_coverletter, +$mime_is_multipart, $mime_is_rfc822, $mime_part_count A number of variables whose names start with $mime are available when Exim is compiled with the content-scanning extension. For details, see section @@ -11733,6 +11733,8 @@ $original_domain + Tainted + When a top-level address is being processed for delivery, this contains the same value as $domain. However, if a "child" address (for example, generated by an alias, forward, or filter file) is being processed, this @@ -11747,6 +11749,8 @@ $original_local_part + Tainted + When a top-level address is being processed for delivery, this contains the same value as $local_part, unless a prefix or suffix was removed from the local part, because $original_local_part always contains the full local @@ -11780,11 +11784,15 @@ $parent_domain + Tainted + This variable is similar to $original_domain (see above), except that it refers to the immediately preceding parent address. $parent_local_part + Tainted + This variable is similar to $original_local_part (see above), except that it refers to the immediately preceding parent address. @@ -11800,6 +11808,10 @@ transport_filter in chapter 24). It cannot be used in general expansion strings, and provokes an "unknown variable" error if encountered. + Note: This value permits data supplied by a potential attacker to be used + in the command for a pipe transport. Such configurations should be + carefully assessed for security vulnerbilities. + $primary_hostname This variable contains the value set by primary_hostname in the @@ -11809,7 +11821,7 @@ also $smtp_active_hostname. $proxy_external_address, $proxy_external_port, $proxy_local_address, - $proxy_local_port, $proxy_session +$proxy_local_port, $proxy_session These variables are only available when built with Proxy Protocol or SOCKS5 support. For details see chapter 59.1. @@ -11822,7 +11834,7 @@ $prvscheck_address, $prvscheck_keynum, $prvscheck_result These variables are used in conjunction with the prvscheck expansion item, - which is described in sections 11.5 and 44.52. + which is described in sections 11.5 and 44.53. $qualify_domain @@ -11877,6 +11889,8 @@ $received_for + Tainted + If there is only a single recipient address in an incoming message, this variable contains that address when the Received: header line is being built. The value is copied after recipient rewriting has happened, but @@ -11944,24 +11958,26 @@ In an ACL, when a recipient verification fails, this variable contains information about the failure. It is set to one of the following words: - + "qualify": The address was unqualified (no domain), and the message was + o "qualify": The address was unqualified (no domain), and the message was neither local nor came from an exempted host. - + "route": Routing failed. + o "route": Routing failed. - + "mail": Routing succeeded, and a callout was attempted; rejection + o "mail": Routing succeeded, and a callout was attempted; rejection occurred at or before the MAIL command (that is, on initial connection, HELO, or MAIL). - + "recipient": The RCPT command in a callout was rejected. + o "recipient": The RCPT command in a callout was rejected. - + "postmaster": The postmaster check in a callout was rejected. + o "postmaster": The postmaster check in a callout was rejected. The main use of this variable is expected to be to distinguish between rejections of MAIL and rejections of RCPT. $recipients + Tainted + This variable contains a list of envelope recipients for a message. A comma and a space separate the addresses in the replacement text. However, the variable is not generally available, to prevent exposure of Bcc recipients @@ -11993,8 +12009,12 @@ When a regex or mime_regex ACL condition succeeds, these variables contain the captured substrings identified by the regular expression. + If the subject string was tainted then so will any captured substring. + $reply_address + Tainted + When a message is being processed, this variable contains the contents of the Reply-To: header line if one exists and it is not empty, or otherwise the contents of the From: header line. Apart from the removal of leading @@ -12042,6 +12062,8 @@ $sender_address + Tainted + When a message is being processed, this variable contains the sender's address that was received in the message's envelope. The case of letters in the address is retained, in both the local part and the domain. For bounce @@ -12058,10 +12080,14 @@ $sender_address_domain + Tainted + The domain portion of $sender_address. $sender_address_local_part + Tainted + The local part portion of $sender_address. $sender_data @@ -12101,6 +12127,8 @@ $sender_helo_name + Tainted + When a message is received from a remote host that has issued a HELO or EHLO command, the argument of that command is placed in this variable. It is also set if HELO or EHLO is used when a message is received using SMTP @@ -12152,6 +12180,8 @@ $sender_host_name + Tainted + When a message is received from a remote host, this variable contains the host's name as obtained by looking up its IP address. For messages received by other means, this variable is empty. @@ -12178,21 +12208,21 @@ these lookups altogether. The lookup happens only if one or more of the following are true: - + A string containing $sender_host_name is expanded. + o A string containing $sender_host_name is expanded. - + The calling host matches the list in host_lookup. In the default + o The calling host matches the list in host_lookup. In the default configuration, this option is set to *, so it must be changed if lookups are to be avoided. (In the code, the default for host_lookup is unset.) - + Exim needs the host name in order to test an item in a host list. The + o Exim needs the host name in order to test an item in a host list. The items that require this are described in sections 10.14 and 10.18. - + The calling host matches helo_try_verify_hosts or helo_verify_hosts. In + o The calling host matches helo_try_verify_hosts or helo_verify_hosts. In this case, the host name is required to compare with the name quoted in any EHLO or HELO commands that the client issues. - + The remote host issues a EHLO or HELO command that quotes one of the + o The remote host issues a EHLO or HELO command that quotes one of the domains in helo_lookup_domains. The default value of this option is helo_lookup_domains = @ : @[] @@ -12215,7 +12245,7 @@ $sender_rate_xxx A number of variables whose names begin $sender_rate_ are set as part of - the ratelimit ACL condition. Details are given in section 44.38. + the ratelimit ACL condition. Details are given in section 44.39. $sender_rcvhost @@ -12263,6 +12293,8 @@ $smtp_command + Tainted + During the processing of an incoming SMTP command, this variable contains the entire command. This makes it possible to distinguish between HELO and EHLO in the HELO ACL, and also to distinguish between commands such as @@ -12278,6 +12310,8 @@ $smtp_command_argument + Tainted + While an ACL is running to check an SMTP command, this variable contains the argument, that is, the text that follows the command name, with leading white space removed. Following the introduction of $smtp_command, this @@ -12318,7 +12352,7 @@ 45.2. $spf_header_comment, $spf_received, $spf_result, $spf_result_guessed, - $spf_smtp_comment +$spf_smtp_comment These variables are only available if Exim is built with SPF support. For details see section 58.4. @@ -12495,6 +12529,8 @@ $tls_in_sni + Tainted + When a TLS session is being established, if the client sends the Server Name Indication extension, the value will be placed in this variable. If the variable appears in tls_certificate then this option and some others, @@ -13058,20 +13094,19 @@ 14.1 Miscellaneous ------------------ -add_environment environment variables -allow_insecure_tainted_data turn taint errors into warnings -bi_command to run for -bi command line option -debug_store do extra internal checks -disable_ipv6 do no IPv6 processing -keep_environment environment variables -keep_malformed for broken files - should not happen -localhost_number for unique message ids in clusters -message_body_newlines retain newlines in $message_body -message_body_visible how much to show in $message_body -mua_wrapper run in "MUA wrapper" mode -print_topbitchars top-bit characters are printing -spool_wireformat use wire-format spool data files when possible -timezone force time zone +add_environment environment variables +bi_command to run for -bi command line option +debug_store do extra internal checks +disable_ipv6 do no IPv6 processing +keep_environment environment variables +keep_malformed for broken files - should not happen +localhost_number for unique message ids in clusters +message_body_newlines retain newlines in $message_body +message_body_visible how much to show in $message_body +mua_wrapper run in "MUA wrapper" mode +print_topbitchars top-bit characters are printing +spool_wireformat use wire-format spool data files when possible +timezone force time zone 14.2 Exim parameters @@ -13271,6 +13306,7 @@ gnutls_compat_mode use GnuTLS compatibility mode gnutls_allow_auto_pkcs11 allow GnuTLS to autoload PKCS11 modules hosts_require_alpn mandatory ALPN +hosts_require_helo mandatory HELO/EHLO openssl_options adjust OpenSSL compatibility options tls_advertise_hosts advertise TLS to these hosts tls_alpn acceptable protocol names @@ -13672,16 +13708,6 @@ domain list local_domains in the default configuration). This "magic string" matches the domain literal form of all the local host's IP addresses. -+------------------------------------------------------------------+ -|allow_insecure_tainted_data|Use: main|Type: boolean|Default: false| -+------------------------------------------------------------------+ - -The handling of tainted data may break older (pre 4.94) configurations. Setting -this option to "true" turns taint errors (which result in a temporary message -rejection) into warnings. This option is meant as mitigation only and -deprecated already today. Future releases of Exim may ignore it. The taint log -selector can be used to suppress even the warnings. - +-----------------------------------------------------+ |allow_mx_to_ip|Use: main|Type: boolean|Default: false| +-----------------------------------------------------+ @@ -13877,32 +13903,32 @@ +---------------------------------------------------------------+ This option specifies the expiry time for negative callout cache data for a -domain. See section 44.45 for details of callout verification, and section -44.47 for details of the caching. +domain. See section 44.46 for details of callout verification, and section +44.48 for details of the caching. +---------------------------------------------------------------+ |callout_domain_positive_expire|Use: main|Type: time|Default: 7d| +---------------------------------------------------------------+ This option specifies the expiry time for positive callout cache data for a -domain. See section 44.45 for details of callout verification, and section -44.47 for details of the caching. +domain. See section 44.46 for details of callout verification, and section +44.48 for details of the caching. +--------------------------------------------------------+ |callout_negative_expire|Use: main|Type: time|Default: 2h| +--------------------------------------------------------+ This option specifies the expiry time for negative callout cache data for an -address. See section 44.45 for details of callout verification, and section -44.47 for details of the caching. +address. See section 44.46 for details of callout verification, and section +44.48 for details of the caching. +---------------------------------------------------------+ |callout_positive_expire|Use: main|Type: time|Default: 24h| +---------------------------------------------------------+ This option specifies the expiry time for positive callout cache data for an -address. See section 44.45 for details of callout verification, and section -44.47 for details of the caching. +address. See section 44.46 for details of callout verification, and section +44.48 for details of the caching. +--------------------------------------------------------------------+ |callout_random_local_part|Use: main|Type: string*|Default: see below| @@ -13913,7 +13939,7 @@ $primary_hostname-$tod_epoch-testing -See section 44.46 for details of how this value is used. +See section 44.47 for details of how this value is used. +-----------------------------------------------------+ |check_log_inodes|Use: main|Type: integer|Default: 100| @@ -14255,7 +14281,7 @@ +-------------------------------------------------------+ This option controls the depth of parental searching for CSA SRV records in the -DNS, as described in more detail in section 44.51. +DNS, as described in more detail in section 44.52. +---------------------------------------------------------+ |dns_csa_use_reverse|Use: main|Type: boolean|Default: true| @@ -14263,7 +14289,7 @@ This option controls whether or not an IP address, given as a CSA domain, is reversed and looked up in the reverse DNS, as described in more detail in -section 44.51. +section 44.52. +--------------------------------------------------+ |dns_cname_loops|Use: main|Type: integer|Default: 1| @@ -14382,8 +14408,8 @@ +-------------------------------------------------------------+ DSN extensions (RFC3461) will be advertised in the EHLO message to, and -accepted from, these hosts. Hosts may use the NOTIFY and ENVID options on RCPT -TO commands, and RET and ORCPT options on MAIL FROM commands. A NOTIFY=SUCCESS +accepted from, these hosts. Hosts may use the NOTIFY and ORCPT options on RCPT +TO commands, and RET and ENVID options on MAIL FROM commands. A NOTIFY=SUCCESS option requests success-DSN messages. A NOTIFY= option with no argument requests that no delay or failure DSNs are sent. Note: Supplying success-DSN messages has been criticised on privacy grounds; it can leak details of @@ -14821,6 +14847,13 @@ Note: prevention of fallback to in-clear connection is not managed by this option, and should be done separately. ++--------------------------------------------------------+ +|hosts_require_helo|Use: main|Type: host list*|Default: *| ++--------------------------------------------------------+ + +Exim will require an accepted HELO or EHLO command from a host matching this +list, before accepting a MAIL command. + +-----------------------------------------------------+ |hosts_proxy|Use: main|Type: host list*|Default: unset| +-----------------------------------------------------+ @@ -15348,14 +15381,12 @@ sharing a spool directory should need to modify the default. The option is expanded before use. If the platform supports Linux-style -abstract socket names, the result is used with a nul byte prefixed. Otherwise, -if nonempty, it should be a full path name and use a directory accessible to -Exim. - -If this option is set as empty, or the command line -oY option is used, or +abstract socket names, the result is used with a nul byte prefixed. Otherwise, +it should be a full path name and use a directory accessible to Exim. -the command line uses a -oX option and does not use -oP, then a notifier socket -is not created. +If this option is set as empty, or the command line -oY option is used, or the +command line uses a -oX option and does not use -oP, then a notifier socket is +not created. +-----------------------------------------------------------------------------+ | |Use: | Type: |Default: +no_sslv2 +no_sslv3 +single_dh_use| @@ -15546,14 +15577,17 @@ |pipelining_connect_advertise_hosts|Use: main|Type: host list*|Default: *| +------------------------------------------------------------------------+ -If Exim is built with the SUPPORT_PIPE_CONNECT build option this option +If Exim is built without the DISABLE_PIPE_CONNECT build option this option controls which hosts the facility is advertised to and from which pipeline early-connection (before MAIL) SMTP commands are acceptable. When used, the pipelining saves on roundtrip times. See also the hosts_pipe_connect smtp transport option. -The SMTP service extension keyword advertised is "PIPE_CONNECT". +The SMTP service extension keyword advertised is "PIPECONNECT"; it permits the +client to pipeline TCP connection and hello command (inclear phase), or +TLS-establishment and hello command (encrypted phase), on later connections to +the same host. +--------------------------------------------------+ |prdr_enable|Use: main|Type: boolean|Default: false| @@ -16095,11 +16129,9 @@ results in the transfer of a message. After the limit is reached, a 421 response is given to subsequent MAIL commands. This limit is a safety precaution against a client that goes mad (incidents of this type have been -seen). - -The option is expanded after the HELO or EHLO is received and may depend on -values available at that time. An empty or zero value after expansion removes -the limit. +seen). The option is expanded after the HELO or EHLO is received and may depend +on values available at that time. An empty or zero value after expansion +removes the limit. +---------------------------------------------------------------+ |smtp_accept_max_per_host|Use: main|Type: string*|Default: unset| @@ -16349,7 +16381,7 @@ Exim has two rate-limiting facilities. This section describes the older facility, which can limit rates within a single connection. The newer ratelimit -ACL condition can limit rates across all connections. See section 44.38 for +ACL condition can limit rates across all connections. See section 44.39 for details of the newer facility. When a host matches smtp_ratelimit_hosts, the values of smtp_ratelimit_mail and @@ -16828,10 +16860,9 @@ Name Indication extension, then this option and others documented in 43.12 will be re-expanded. -If this option is unset or empty a self-signed certificate will be - -used. Under Linux this is generated at daemon startup; on other platforms it -will be generated fresh for every connection. +If this option is unset or empty a self-signed certificate will be used. Under +Linux this is generated at daemon startup; on other platforms it will be +generated fresh for every connection. +----------------------------------------------+ |tls_crl|Use: main|Type: string*|Default: unset| @@ -16877,14 +16908,11 @@ The value of this option is expanded and indicates the source of DH parameters to be used by Exim. -This option is ignored for GnuTLS version 3.6.0 and later. The library manages -parameter negotiation internally. - -Note: The Exim Maintainers strongly recommend, for other TLS library versions, -using a filename with site-generated local DH parameters, which has been -supported across all versions of Exim. The other specific constants available -are a fallback so that even when "unconfigured", Exim can offer Perfect Forward -Secrecy in older ciphersuites in TLS. +Note: The Exim Maintainers strongly recommend using a filename with +site-generated local DH parameters, which has been supported across all +versions of Exim. The other specific constants available are a fallback so that +even when "unconfigured", Exim can offer Perfect Forward Secrecy in older +ciphersuites in TLS. If tls_dhparam is a filename starting with a "/", then it names a file from which DH parameters should be loaded. If the file exists, it should hold a @@ -16928,10 +16956,17 @@ suspicions about the integrity of some of the later IKE values, which led into RFC7919 providing new fixed constants (the "ffdhe" identifiers). -At this point, all of the "ike" values should be considered obsolete; they're +At this point, all of the "ike" values should be considered obsolete; they are still in Exim to avoid breaking unusual configurations, but are candidates for removal the next time we have backwards-incompatible changes. +Two of them in particular ("ike1" and "ike22") are called out by RFC 8247 as +MUST NOT use for IPSEC, and two more ("ike23" and "ike24") as SHOULD NOT. +Because of this, Exim regards them as deprecated; if either of the first pair +are used, warnings will be logged in the paniclog, and if any are used then +warnings will be logged in the mainlog. All four will be removed in a future +Exim release. + The TLS protocol does not negotiate an acceptable size for this; clients tend to hard-drop connections if what is offered by the server is unacceptable, whether too large or too small, and there's no provision for the client to tell @@ -18159,15 +18194,12 @@ Each list-element given must be of the form "name = value" and the names used must start with the string "r_". Values containing a list-separator should have them doubled. When a router runs, the strings are evaluated in order, to create -variables which are added to the set associated with the address. - -This is done immediately after all the preconditions, before the evaluation of -the address_data option. - -The variable is set with the expansion of the value. The variables can be used -by the router options (not including any preconditions) and by the transport. -Later definitions of a given named variable will override former ones. Variable -use is via the usual $r_... syntax. +variables which are added to the set associated with the address. This is done +immediately after all the preconditions, before the evaluation of the +address_data option. The variable is set with the expansion of the value. The +variables can be used by the router options (not including any preconditions) +and by the transport. Later definitions of a given named variable will override +former ones. Variable use is via the usual $r_... syntax. This is similar to the address_data option, except that many independent variables can be used, with choice of naming. @@ -20938,7 +20970,7 @@ which the message is being sent. For example: transport_filter = /some/directory/transport-filter.pl \ - $host $host_address $sender_address $pipe_addresses + $host $host_address $pipe_addresses Two problems arise if you want to use more complicated expansion items to generate transport filter commands, both of which due to the fact that the @@ -22767,6 +22799,9 @@ environment. The environment for the pipe transport is not subject to the add_environment and keep_environment main config options. +Note: Using enviroment variables loses track of tainted data. Writers of pipe +transport commands should be wary of data supplied by potential attackers. + DOMAIN the domain of the address HOME the home directory, if set HOST the host name when called from a router (see below) @@ -22859,6 +22894,8 @@ Exim, and each argument is separately expanded, as described in section 29.3 above. +No part of the resulting command may be tainted. + +--------------------------------------------------+ |environment|Use: pipe|Type: string*|Default: unset| +--------------------------------------------------+ @@ -23196,7 +23233,7 @@ local_delivery_cyrus: driver = pipe command = /usr/cyrus/bin/deliver \ - -m ${substr_1:$local_part_suffix} -- $local_part + -- $local_part_data user = cyrus group = mail return_output @@ -23208,7 +23245,6 @@ local_user_cyrus: driver = accept check_local_user - local_part_suffix = .* transport = local_delivery_cyrus Note the unsetting of message_prefix and message_suffix, and the use of @@ -23600,11 +23636,39 @@ that is used for helo_data to be obtained by a DNS lookup of the outgoing interface address, you could use this: -helo_data = ${lookup dnsdb{ptr=$sending_ip_address}{$value}\ +helo_data = ${lookup dnsdb{ptr=$sending_ip_address} \ + {${listextract{1}{<\n $value}}} \ {$primary_hostname}} The use of helo_data applies both to sending messages and when doing callouts. ++-----------------------------------------------------------------+ +|host_name_extract|Use: smtp|Type: string list*|Default: see below| ++-----------------------------------------------------------------+ + +Some mail-accepting sites (notably Microsoft) operate many servers behind a +network load-balancer. When this is done, with separated TLS session caches, +TLS session resuption becomes problematic. It will only succeed when the same +server happens to be selected by the load-balancer, matching the session stored +in the client's cache. + +Exim can pull out a server name, if there is one, from the response to the +client's SMTP EHLO command. The default value of this option: + + ${if and { {match {$host} {.outlook.com\$}} \ + {match {$item} {\N^250-([\w.]+)\s\N}} \ + } {$1}} + +suffices for one known case. During the expansion of this option the $item +variable will have the server's EHLO response. The result of the option +expansion is included in the key used to store and retrieve the TLS session, +for session resumption. + +Operators of high-load sites may wish to evaluate their logs for indications of +other destination sites operating load-balancers, and develop a suitable +expression for this option. The smtp:ehlo event and the $tls_out_resumption +variable will be useful for such work. + +-------------------------------------------------+ |hosts|Use: smtp|Type: string list*|Default: unset| +-------------------------------------------------+ @@ -23670,11 +23734,15 @@ See also the pipelining_connect_advertise_hosts main option. -Note: When the facility is used, the transport helo_data option will be -expanded before the $sending_ip_address variable is filled in. A check is made -for the use of that variable, without the presence of a "def:" test on it, but -suitably complex coding can avoid the check and produce unexpected results. You -have been warned. +Note: + +When the facility is used, if the transport interface option is unset the +helo_data option + +will be expanded before the $sending_ip_address variable is filled in. A check +is made for the use of that variable, without the presence of a "def:" test on +it, but suitably complex coding can avoid the check and produce unexpected +results. You have been warned. +---------------------------------------------------------+ |hosts_avoid_tls|Use: smtp|Type: host list*|Default: unset| @@ -23799,13 +23867,6 @@ connection is made. There will be no fallback to in-clear communication. See the dnssec_request_domains router and transport options. See section 43.18. -+--------------------------------------------------------+ -|hosts_require_helo|Use: smtp|Type: host list*|Default: *| -+--------------------------------------------------------+ - -Exim will require an accepted HELO or EHLO command from a host matching this -list, before accepting a MAIL command. - +------------------------------------------------------------+ |hosts_require_ocsp|Use: smtp|Type: host list*|Default: unset| +------------------------------------------------------------+ @@ -23829,12 +23890,9 @@ This option provides a list of servers to which, provided they announce authentication support, Exim will attempt to authenticate as a client when it -connects. If authentication fails - -and hosts_require_auth permits, - -Exim will try to transfer the message unauthenticated. See also chapter 33 for -details of authentication. +connects. If authentication fails and hosts_require_auth permits, Exim will try +to transfer the message unauthenticated. See also chapter 33 for details of +authentication. +--------------------------------------------------------+ |hosts_try_chunking|Use: smtp|Type: host list*|Default: *| @@ -23852,9 +23910,8 @@ If built with DANE support, Exim will look up a TLSA record for any host matching the list, If one is found and that lookup was DNSSEC-validated, then Exim requires that a DANE-verified TLS connection is made for that host; there -will be no fallback to in-clear communication. - -See the dnssec_request_domains router and transport options. See section 43.18. +will be no fallback to in-clear communication. See the dnssec_request_domains +router and transport options. See section 43.18. +--------------------------------------------------------+ |hosts_try_fastopen|Use: smtp|Type: host list*|Default: *| @@ -24146,14 +24203,11 @@ |tls_sni|Use: smtp|Type: string*|Default: unset| +----------------------------------------------+ -If this option is set - -and the connection is not DANE-validated - -then it sets the $tls_out_sni variable and causes any TLS session to pass this -value as the Server Name Indication extension to the remote side, which can be -used by the remote side to select an appropriate certificate and private key -for the session. +If this option is set and the connection is not DANE-validated then it sets the +$tls_out_sni variable and causes any TLS session to pass this value as the +Server Name Indication extension to the remote side, which can be used by the +remote side to select an appropriate certificate and private key for the +session. See 43.12 for more information. @@ -24229,7 +24283,10 @@ This option gives a list of hosts for which, on encrypted connections, certificate verification must succeed. The tls_verify_certificates option must also be set. If both this option and tls_try_verify_hosts are unset operation -is as if this option selected all hosts. +is as if this option selected all hosts. Warning: Including a host in +tls_verify_hosts does not require that connections use TLS. Fallback to +in-clear communication will be done unless restricted by the hosts_require_tls +option. +-----------------------------------------------------+ |utf8_downconvert|Use: smtp|Type: integer*|Default: -1| @@ -26003,10 +26060,9 @@ client_send = ^username^mysecret The lack of colons means that the entire text is sent with the AUTH command, -with the circumflex characters converted to NULs. - -Note that due to the ambiguity of parsing three consectutive circumflex -characters there is no way to provide a password having a leading circumflex. +with the circumflex characters converted to NULs. Note that due to the +ambiguity of parsing three consectutive circumflex characters there is no way +to provide a password having a leading circumflex. A similar example that uses the LOGIN mechanism is: @@ -26348,10 +26404,9 @@ PBKDF2-prepared password, hex-encoded. Note that this value will depend on the salt and iteration-count supplied by -the server. The option is expanded before use. - -During the expansion $auth1 is set with the client username, $auth2 with the -iteration count, and $auth3 with the salt. +the server. The option is expanded before use. During the expansion $auth1 is +set with the client username, $auth2 with the iteration count, and $auth3 with +the salt. The intent of this option is to support clients that can cache thes salted password to save on recalculation costs. The cache lookup should return an @@ -27497,14 +27552,11 @@ succeed respectively. The tls_verify_cert_hostnames option lists hosts for which additional name -checks are made on the server certificate. - -The match against this list is, as per other Exim usage, the IP for the host. -That is most closely associated with the name on the DNS A (or AAAA) record for -the host. However, the name that needs to be in the certificate is the one at -the head of any CNAME chain leading to the A record. - -The option defaults to always checking. +checks are made on the server certificate. The match against this list is, as +per other Exim usage, the IP for the host. That is most closely associated with +the name on the DNS A (or AAAA) record for the host. However, the name that +needs to be in the certificate is the one at the head of any CNAME chain +leading to the A record. The option defaults to always checking. The smtp transport has two OCSP-related options: hosts_require_ocsp; a host-list for which a Certificate Status is requested and required for the @@ -27601,7 +27653,8 @@ the lifetime of the client connection (including during authentication). If DANE validated the connection attempt then the value of the tls_sni option -is forced to the domain part of the recipient address. +is forced to the name of the destination host, after any MX- or +CNAME-following. Except during SMTP client sessions, if $tls_in_sni is set then it is a string received from a client. It can be logged with the log_selector item "+tls_sni". @@ -28188,6 +28241,9 @@ message override the banner message that is otherwise specified by the smtp_banner option. +For tls-on-connect connections, the ACL is run after the TLS connection is +accepted (however, host_reject_connection is tested before). + 44.5 The EHLO/HELO ACL ---------------------- @@ -28822,7 +28878,7 @@ described separately in section 44.22. The control modifier can be used in several different ways. For example: - + It can be at the end of an accept statement: + o It can be at the end of an accept statement: accept ...some conditions control = queue @@ -28830,7 +28886,7 @@ In this case, the control is applied when this statement yields "accept", in other words, when the conditions are all true. - + It can be in the middle of an accept statement: + o It can be in the middle of an accept statement: accept ...some conditions... control = queue @@ -28841,7 +28897,7 @@ conditions is false. In this case, some subsequent statement must yield "accept" for the control to be relevant. - + It can be used with warn to apply the control, leaving the decision + o It can be used with warn to apply the control, leaving the decision about accepting or denying to a subsequent verb. For example: warn ...some conditions... @@ -28852,7 +28908,7 @@ , so it does not add anything to the message and does not write a log entry. - + If you want to apply a control unconditionally, you can use it with a + o If you want to apply a control unconditionally, you can use it with a require verb. For example: require control = no_multiline_responses @@ -29195,18 +29251,51 @@ This control turns on debug logging, almost as though Exim had been invoked with "-d", with the output going to a new logfile in the usual logs - directory, by default called debuglog. The filename can be adjusted with - the tag option, which may access any variables already defined. The logging - may be adjusted with the opts option, which takes the same values as the - "-d" command-line option. Logging started this way may be stopped, and the - file removed, with the kill option. Some examples (which depend on - variables that don't exist in all contexts): + directory, by default called debuglog. + + Logging set up by the control will be maintained across spool residency. + + Options are a slash-separated list. If an option takes an argument, the + option name and argument are separated by an equals character. Several + options are supported: + + tag= The filename can be adjusted with thise option. + The argument, which may access any variables already defined, + is appended to the default name. + + opts= The argument specififes what is to be logged, + using the same values as the -d command-line option. + + stop Logging started with this control may be + stopped by using this option. + + kill Logging started with this control may be + stopped by using this option. + Additionally the debug file will be removed, + providing one means for speculative debug tracing. + + pretrigger= This option specifies a memory buffuer to be used + for pre-trigger debug capture. + Debug lines are recorded in the buffer until + and if) a trigger occurs; at which time they are + dumped to the debug file. Newer lines displace the + oldest if the buffer is full. After a trigger, + immediate writes to file are done as normal. + + trigger= This option selects cause for the pretrigger buffer + see above) to be copied to file. A reason of $*now* + take effect immediately; one of paniclog triggers + on a write to the panic log. + + Some examples (which depend on variables that don't exist in all contexts): control = debug control = debug/tag=.$sender_host_address control = debug/opts=+expand+acl control = debug/tag=.$message_exim_id/opts=+expand control = debug/kill + control = debug/opts=+all/pretrigger=1024/trigger=paniclog + control = debug/trigger=now control = dkim_disable_verify @@ -29331,11 +29420,11 @@ after all only a sop to broken clients, is implemented by doing two very easy things: - + Extra information that is normally output as part of a rejection caused + o Extra information that is normally output as part of a rejection caused by sender verification failure is omitted. Only the final line (typically "sender verification failed") is sent. - + If a message modifier supplies a multiline response, only the first + o If a message modifier supplies a multiline response, only the first line is output. The setting of the switch can, of course, be made conditional on the @@ -29389,12 +29478,12 @@ complement of "control = submission". It disables the fixups that are normally applied to locally-submitted messages. Specifically: - + Any Sender: header line is left alone (in this respect, it is a dynamic + o Any Sender: header line is left alone (in this respect, it is a dynamic version of local_sender_retain). - + No Message-ID:, From:, or Date: header lines are added. + o No Message-ID:, From:, or Date: header lines are added. - + There is no check that From: corresponds to the actual sender. + o There is no check that From: corresponds to the actual sender. This control may be useful when a remotely-originated message is accepted, passed to some scanning program, and then re-submitted for delivery. It can @@ -29751,7 +29840,7 @@ ratelimit = This condition can be used to limit the rate at which a user or host - submits messages. Details are given in section 44.38. + submits messages. Details are given in section 44.39. recipients =
@@ -29765,6 +29854,11 @@ non-SMTP ACLs. It causes the incoming message to be scanned for a match with any of the regular expressions. For details, see chapter 45. +seen = + + This condition can be used to test if a situation has been previously met, + for example for greylisting. Details are given in section 44.38. + sender_domains = This condition tests the domain of the sender of the message against the @@ -29804,7 +29898,7 @@ verify = csa This condition checks whether the sending host (the client) is authorized - to send email. Details of how this works are given in section 44.51. + to send email. Details of how this works are given in section 44.52. verify = header_names_ascii @@ -29832,7 +29926,7 @@ command. Details of address verification and the options are given later, starting - at section 44.44 (callouts are described in section 44.45). You can combine + at section 44.45 (callouts are described in section 44.46). You can combine this condition with the senders condition to restrict it to bounce messages only: @@ -29891,7 +29985,7 @@ This condition is relevant only after a RCPT command. It verifies the current recipient. Details of address verification are given later, - starting at section 44.44. After a recipient has been verified, the value + starting at section 44.45. After a recipient has been verified, the value of $address_data is the last value that was set while routing the address. This applies even if the verification fails. When an address that is being verified is redirected to a single address, verification continues with the @@ -29927,7 +30021,7 @@ you want to preserve the value for longer, you can save it in an ACL variable. - Details of verification are given later, starting at section 44.44. Exim + Details of verification are given later, starting at section 44.45. Exim caches the result of sender verification, to avoid doing it more than once per message. @@ -29979,9 +30073,9 @@ However, you can change this behaviour by putting one of the following special items in the list: -+include_unknown behave as if the item is on the list -+exclude_unknown behave as if the item is not on the list (default) -+defer_unknown give a temporary error + +include_unknown behave as if the item is on the list + +exclude_unknown behave as if the item is not on the list (default) + +defer_unknown give a temporary error Each of these applies to any subsequent items on the list. For example: @@ -30123,13 +30217,13 @@ RBL+ list and some other lists use a number of values with different meanings. The values used on the RBL+ list are: -127.1.0.1 RBL -127.1.0.2 DUL -127.1.0.3 DUL and RBL -127.1.0.4 RSS -127.1.0.5 RSS and RBL -127.1.0.6 RSS and DUL -127.1.0.7 RSS and DUL and RBL + 127.1.0.1 RBL + 127.1.0.2 DUL + 127.1.0.3 DUL and RBL + 127.1.0.4 RSS + 127.1.0.5 RSS and RBL + 127.1.0.6 RSS and DUL + 127.1.0.7 RSS and DUL and RBL Section 44.33 below describes how you can distinguish between different values. Some DNS lists may return more than one address record; see section 44.35 for @@ -30419,7 +30513,50 @@ dnslists = <; dnsbl.example.com/<|$acl_m_addrslist -44.38 Rate limiting incoming messages +44.38 Previously seen user and hosts +------------------------------------ + +The seen ACL condition can be used to test whether a situation has been +previously met. It uses a hints database to record a timestamp against a key. +host. The syntax of the condition is: + +seen =