Re: [exim-dev] user file write permissions

On Mon, 24 Apr 2023, exim--- via Exim-dev wrote: Hi I am curious as to how exim writes to a users home directory. I have done a lot of searching and could not find anything specific. as exim runs as an unprivileged user as far as I can tell it has no rights to modify a users home folder,

Re: [exim-dev] Help debugging a tls smtp session

-dev wrote: On 28/03/2023 13:48, Andrew C Aitchison via Exim-dev wrote: I'm attempting to write CLIENTID support for Exim. My current attempt is available at   https://www.aitchison.me.uk/exim/clientid.20230325.patch I am using the exim test suite. Below is the significant part of    runtest -

[exim-dev] Help debugging a tls smtp session

I'm attempting to write CLIENTID support for Exim. My current attempt is available at https://www.aitchison.me.uk/exim/clientid.20230325.patch I am using the exim test suite. Below is the significant part of runtest --keep 3752 When I do STARTTLS -> CLIENTID -> NOOP the CLIENTID gives

[exim-dev] Are bug system emails to exim-dev moderated or slow ?

I have noticed that emails from the exim bug system to the exim-dev list can take well over a day to arrive: Received: from localhost ([127.0.0.1]:59430 helo=hummus.exim.org) by hummus.exim.org with esmtp (Exim 4.94.2-31-g503e55a2c) (envelope-from ) id 1pbzJc-00074E-5o for

Re: [exim-dev] [Bug 2982] New: Writing logs to standard output

On Fri, 10 Mar 2023, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=2982 Bug ID: 2982 Summary: Writing logs to standard output Product: Exim Version: 4.96 Hardware: x86 OS: Linux Status: NEW

[exim-dev] Real data wanted for testing

I'm looking for exim logfiles and message headers to test that the new exim_msgdate utility reports the correct time for all message ids. I am particularly looking for logfiles and mail folders a) from systems that use the localhost_number feature and b)from non-UK time zones. I only really

[exim-dev] MAX_LOCALHOST_NUMBER and LOCALHOST_MAX

I have been reading about exim message ids (for enhancement https://bugs.exim.org/show_bug.cgi?id=2956 ). I see that the code has both src/config.h.defaults:#define MAX_LOCALHOST_NUMBER256 and src/exim.h-#if BASE_62 == 62 src/exim.h:# define LOCALHOST_MAX 16 src/exim.h-#else

Re: [exim-dev] [exim-announce] Exim 4.96-RC0 released

On Mon, 25 Apr 2022, Kirill Miazine via Exim-dev wrote: Beware that the just released RC0 for Exim 4.96 may break your Dovecot LDA delivery. It did break mine, which is similar to what is described on https://wiki.dovecot.org/LDA/Exim Here is the relevant ChangeLog entry: JH/25 Taint-check

[exim-dev] Exim security mailing list

I was surprised to discover that secur...@exim.org is a *moderated* list. Whilst the traffic is low, so the signal-noise ratio may be poor, I would guess that most list members are also moderators, so the benefit of moderation is low. Also security issues can be urgent so the moderation delay

Re: [exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)

On Tue, 4 Jan 2022, Harry Mills via Exim-dev wrote: Hi Jeremy, Thanks for the swift reply. Here is the (anonymised) output of the test tool for reference. It looks like exim 4.94.2 (Centos 8) is not vulnerable: python3 ./command-injection-tester --smtp As I understand

Re: [exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)

I guess we should also try to turn the appropriate fake-mail-server scripts into exim test scripts. I'd like to see which test shows the vulnerability and your results. Jeremy, Heiko, is it OK to be discussing this here ? On Wed, 5 Jan 2022, Harry Mills via Exim-dev wrote: Hi Andrew, You

[exim-dev] Restricted bugs and dev mailing list - was Re: [Bug 1895]

On Fri, 31 Dec 2021, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=1895 --- Comment #13 from Jeremy Harris --- ... content removed as a security precaution ... This morning I have received two comments on exim bug 1895 via the exim-dev mailing list, but when I

[exim-dev] PCRE(2) and 4.95.1 - was Re: buildfarm animals

On Sun, 3 Oct 2021, Andreas Metzler via Exim-dev wrote: On 2021-10-02 Jeremy Harris via Exim-dev wrote: On 02/10/2021 20:00, Andrew C Aitchison wrote: Will 4.95.1 (if such happens) use pcre or pcre2 ? Pcre2. Pcre is dead, as I said. Hello, 4.95.1 would presumably be a security release.

Re: [exim-dev] buildfarm animals

On Sat, 2 Oct 2021, Jeremy Harris via Exim-dev wrote: On 12/09/2021 16:33, Jeremy Harris via Exim-dev wrote: The 4.next branch is now expecting the pcre2 library, replacing the original pcre library; the latter having gone end-of-life. Buildfarm animal maintainers, please check that the

Re: [exim-dev] servers expansion

On Sat, 12 Jun 2021, Jasen Betts via Exim-dev wrote: I'm wanting to be able to use expansion variables in the servers= parameter of query-style lookups. I can use variables if I put servers= inside the query, but if servers= is used there I can't use tainted variables in the query. I crawled

Re: [exim-dev] [Bug 2737] New: $mime_filename considered as Tainted

On Thu, 6 May 2021, admin--- via Exim-dev wrote: As per the documentation https://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html#SECTscanmimepart the option 'decode = $mime_filename' can be used however within the MIME ACL. This now fails due to the

Re: [exim-dev] [Bug 2724] Email Address Internationalization Support Bug Report

On Mon, 3 May 2021, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=2724 Graeme Fowler changed: What|Removed |Added CC|

Re: [exim-dev] [Bug 2671] Consider integration of localscan_dlopen patch

On Fri, 6 Nov 2020, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=2671 --- Comment #2 from Jeremy Harris --- I had some hope that dlmopen() might help with the lookup-modules conflict. But I still can't see a way of getting the combination - dl{,m}open()'d local_scan code

[exim-dev] Static Analysis - was Re: [Bug 2648] Use of $authres

On Wed, 28 Oct 2020, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=2648 --- Comment #6 from Jeremy Harris --- This is the sort of thing that static analysis ought to find; we probably have an uninitialized variable. Unfortunately my ability to build for Coverity has

Re: [exim-dev] [Bug 2601] Taint for $sender_address_domain?

On Wed, 17 Jun 2020, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=2601 --- Comment #2 from marty...@mc2.dev --- Yes, but why do we trust message body then? Like: if $message_body matches "" then seen finish endif The thing I don't get - why is $message_body safer

Re: [exim-dev] [Bug 2594] New: CNAME handing can break TLS certificate verification

On Mon, 8 Jun 2020, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=2594 Bug ID: 2594 Summary: CNAME handing can break TLS certificate verification Component: TLS Assignee: jgh146...@wizmail.org Reporter:

Re: [exim-dev] callout message patches, bug #423

On Fri, 1 May 2020, Simon Arlott via Exim-dev wrote: On 2020-04-30 14:31, Jeremy Harris via Exim-dev wrote: As usual for our run-up to release, new features are still being accepted at this early stage. I'm still waiting for my patches for callout messages,

Re: [exim-dev] Mailop list: exim and google fighting over DKIM

On Sun, 28 Apr 2019, Andrew C Aitchison via Exim-dev wrote: Do the DKIM exim experts subscribe to the mailop list ? In https://bugs.exim.org/show_bug.cgi?id=2394 Simon Arlott suggests that the answer is "no". In that case (and especially since the links below are on a server

[exim-dev] Mailop list: exim and google fighting over DKIM

Do the DKIM exim experts subscribe to the mailop list ? There is an ongoing discussion on the mai...@mailop.org about a snafu with DKIM which implicates exim and google. The original report of the snafu (google rejections caused the list to auto-unsubscribe over a hundred subscribers of the

Re: [exim-dev] [Bug 1895] Default groups for DH possibly backdoored

On Tue, 19 Mar 2019, Viktor Dukhovni via Exim-dev wrote: On Tue, Mar 19, 2019 at 02:43:04AM +, admin--- via Exim-dev wrote: --- Comment #9 from Phil Pennock --- IMO yes we're ready to drop support for older OpenSSL. We set a clear policy, it's over a year (or two?) after that point, and

Re: [exim-dev] [Bug 2368] Exim 4.91-RC4 compile warning for unused result

On Sat, 2 Feb 2019, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=2368 Jeremy Harris changed: What|Removed |Added Resolution|---

Re: [exim-dev] Enable enable_prdr by default

On Fri, 11 Jan 2019, ? via Exim-dev wrote: Hello, the last discussion about PRDR http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt on ietf-s...@ietf.org was in March 2014. https://www.ietf.org/mail-archive/web/ietf-smtp/current/msg07655.html The question was if PRDR will

Re: [exim-dev] [Bug 2358] outbound ratelimit support

On Thu, 27 Dec 2018, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=2358 --- Comment #2 from Jeremy Harris --- It depends how complex you want it; for the simplest case place this class of messages in an alternate named queue, set up the queue-runner to run M times per

Re: [exim-dev] C99 coding features

On Thu, 16 Aug 2018, Jeremy Harris via Exim-dev wrote: Since f2ed27cf5f (between 4.89 & 4.90) we've documented a requirement on C99-capable compilers. This was the introduction of specified-initialiser use in the Exim code. How do people feel about other more-modern C features? This was

Re: [exim-dev] [Bug 1523] DANE support under GnuTLS

On Sat, 3 Mar 2018, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=1523 Jeremy Harris changed: What|Removed |Added