Re: [exim-dev] SASL error message

On 26/04/2023 13:18, Peter Rindfuss via Exim-dev wrote: I use Debian 11 Exim 4.94.2 (exim4-daemon-heavy), which has Cyrus SASL support compiled in. My configuration does not use any SASL features, though. Since I installed some SASL components for reasons unrelated to Exim, I see the

Re: [exim-dev] user file write permissions

On 24/04/2023 02:43, exim--- via Exim-dev wrote: I am curious as to how exim writes to a users home directory. I have done a lot of searching and could not find anything specific. as exim runs as an unprivileged user as far as I can tell it has no rights to modify a users home folder, yet it

Re: [exim-dev] Help debugging a tls smtp session

On 28/03/2023 13:48, Andrew C Aitchison via Exim-dev wrote: I'm attempting to write CLIENTID support for Exim. My current attempt is available at   https://www.aitchison.me.uk/exim/clientid.20230325.patch I am using the exim test suite. Below is the significant part of    runtest --keep

Re: [exim-dev] Are bug system emails to exim-dev moderated or slow ?

On 14/03/2023 08:17, Andrew C Aitchison via Exim-dev wrote: Are these messages moderated Yes. Blame spammers. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Re: [exim-dev] MAX_LOCALHOST_NUMBER and LOCALHOST_MAX

On 05/01/2023 11:49, Andrew C Aitchison via Exim-dev wrote: I have been reading about exim message ids (for enhancement https://bugs.exim.org/show_bug.cgi?id=2956 ). I see that the code has both src/config.h.defaults:#define MAX_LOCALHOST_NUMBER    256 and src/exim.h-#if BASE_62 == 62

Re: [exim-dev] [Bug 2911] New: setting dns_again_means_nonexist to a list containing @mx_ lookups causes segfault

On 23/08/2022 20:12, Viktor Dukhovni via Exim-dev wrote: Note that if this also potentially applies to TLSA lookups, then downgrading SRVFAIL (try again) to NXDOMAIN breaks the downgrade resistance of DANE. Yup, it would be too easy to write a configuration that did that. I'll add code to

Re: [exim-dev] [Bug 2954] New: tls_eccurve (>= OpenSSL 3.0.0) dysfunctional

On 02/01/2023 04:16, Viktor Dukhovni via Exim-dev wrote: Mind you, things are a bit complicated with TLS 1.3, where ECDHE groups and FFDHE groups are unified and always negotiated, and setting the grouplist to just ECDHE groups will disable FFDHE. Is there any particular advantage, or

Re: [exim-dev] Build failure since commit 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2

On 01/09/2022 10:46, Martin D Kealey via Exim-dev wrote: it appears that the build consistently fails as of: commit 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 Give 32da632 a go? I think I'll change the build-time auto-WITH_CONTENT_SCAN when you have EXPERIMENTAL_DCC into a hard error; I'd not

Re: [exim-dev] dsearch erroneously requires directory "read" permission

On 15/08/2022 10:21, Martin D Kealey via Exim-dev wrote: Even though lstat alone would work (proving the existence of the parent directory, the ability to traverse it, and the existence of the target filename), dsearch_open calls exim_opendir, and then immediately closes it, and then fails

Re: [exim-dev] add routing to external MX

On 06/08/2022 12:07, Jan Willem Stegink via Exim-dev wrote: * When a domain is created to be moved while testing and setting up: Mail from another domain on the shared server goes to the preparated site unable to receive mail. * When a domain has MS Exchange: originaldomain.com ->

[exim-dev] heimdal_gssapi authenticator

Does anyone out there use the above? Build with it? My initial attempts to build (having not found an obvious fedora library package for heimdall, yet) are tripping over a possibly incompatible /usr/include/krb5.h There's also no testsuite coverage. Finding out if there are actually any users

Re: [exim-dev] Exim 4.96-RC0 released

On 30/04/2022 09:34, Andreas Metzler via Exim-dev wrote: (requirement for quoting in query-style lookups Those are not hard-fails as currently implemented. and taint-check exec arguments for transport-initiated external processes). These are. -- Cheers, Jeremy -- ## List details at

Re: [exim-dev] [exim-announce] Exim 4.96-RC0 released

On 26/04/2022 08:28, Andrew C Aitchison via Exim-dev wrote: • Jeremy Harris via Exim-announce [2022-04-23 20:23]: Notable removals since 4.95:   - the "allow_insecure_tainted_data" main config option and the "taint" log_selector.  These were previously deprecated. That isn't a good 

Re: [exim-dev] exim 4.95: Remote host closed connection in response to end of data

On 04/01/2022 17:21, Zakaria via Exim-dev wrote: tls_verify_certificates = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem hosts_require_tls = host_list The solution it might be just with my case. Also, I noticed LMTP server IP must be exposed to internet via port, in

Re: [exim-dev] exim 4.95: Remote host closed connection in response to end of data

On 04/01/2022 17:24, Axel Rau via Exim-dev wrote: Disabling pipelining on the transport stops the issue. Sounds like you've found a sufficient workaround, but you should raise a bug against the imap server for failing to understand TCP. -- Cheers, Jeremy -- ## List details at

Re: [exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)

On 05/01/2022 15:46, Andrew C Aitchison via Exim-dev wrote: Jeremy, Heiko, is it OK to be discussing this here ? I'm ok with it, as the CVE is already public. If you are concerned, I'm happy with offline mail too. -- Cheers, Jeremy -- ## List details at

Re: [exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)

On 04/01/2022 11:11, Harry Mills via Exim-dev wrote: We are running exim 4.94.2-2 from EPEL on Centos8. Specific code protecting against the alleged attack appeared in Exim in 2011. That was for release 4.76 . Unless the reporter is claiming a regression... -- Cheers, Jeremy -- ## List

Re: [exim-dev] CVE-2021-38371 (allows response injection during MTA SMTP sending)

On 04/01/2022 11:11, Harry Mills via Exim-dev wrote: We have a PCI DSS compliance failure for CVE-2021-38371, the details page (linked from mitre.org site) gives a 404 and we cannot find any other details on what this CVE refers to, or whether or not a fix is available. We are running exim

Re: [exim-dev] [Bug 2822] Issues with DHE ciphers - problems with GnuTLS implementation?

On 19/10/2021 20:40, Viktor Dukhovni via Exim-dev wrote: Though my comment likely won't make it into the ticket log You could always comment on the bug, using the bugzilla web interface. The link was in the mail you replied to. -- Cheers, Jeremy -- ## List details at

Re: [exim-dev] PCRE(2) and 4.95.1 - was Re: buildfarm animals

On 03/10/2021 12:19, Andrew C Aitchison via Exim-dev wrote: Can we have a 4.95.1 with pcre2 "now", then the security fix wont include this  change ? The whole point of making the library change early in the dev cycle is to get operational experience *before* making a release. This can be done

Re: [exim-dev] buildfarm animals

On 03/10/2021 06:23, Andreas Metzler via Exim-dev wrote: 4.95.1 would presumably be a security release. I do not think making the pcre change (33 files changed, 498 insertions(+), 384 deletions(-)) part of a security release would be good practise. Possibly you are correct. We can decide if

Re: [exim-dev] buildfarm animals

On 02/10/2021 20:00, Andrew C Aitchison wrote: Will 4.95.1 (if such happens) use pcre or pcre2 ? Pcre2. Pcre is dead, as I said. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Re: [exim-dev] buildfarm animals

On 12/09/2021 16:33, Jeremy Harris via Exim-dev wrote: The 4.next branch is now expecting the pcre2 library, replacing the original pcre library; the latter having gone end-of-life. Buildfarm animal maintainers, please check that the required packages are installed to support

Re: [exim-dev] buildfarm animals

On 14/09/2021 12:57, Jeremy Harris via Exim-dev wrote: On 14/09/2021 12:49, Fabian Groffen wrote: Is it possible to first check for PCRE2_CONFIG and then bark when PCRE_CONFIG is found?  papua has both installed, but since I cannot change config per branch, if I could set both PCRE2_CONFIG

Re: [exim-dev] buildfarm animals

On 14/09/2021 12:49, Fabian Groffen wrote: Is it possible to first check for PCRE2_CONFIG and then bark when PCRE_CONFIG is found? papua has both installed, but since I cannot change config per branch, if I could set both PCRE2_CONFIG and PCRE_CONFIG, both old and new strategies could run.

[exim-dev] buildfarm animals

The 4.next branch is now expecting the pcre2 library, replacing the original pcre library; the latter having gone end-of-life. Buildfarm animal maintainers, please check that the required packages are installed to support this. The buildfarm status page entry for your animal will go red if not.

Re: [exim-dev] DANE library for Exim + OpenSSL and upcoming OpenSSL 3.0.0 release.

On 12/08/2021 21:30, Viktor Dukhovni via Exim-dev wrote: Perhaps you mean OpenBSD, FreeBSD 12 dropped LibreSSL and went back to OpenSSL. Nope. There's a buildfarm animal listed as "FreeBSD latest" showing as building with LibreSSL 3.3.3 -- Cheers, Jeremy -- ## List details at

Re: [exim-dev] DANE library for Exim + OpenSSL and upcoming OpenSSL 3.0.0 release.

On 12/08/2021 15:30, Viktor Dukhovni via Exim-dev wrote: You'd be able to drop the "danessl" library. You mean, the three source files. No library involved. then let it do all the work. And lose the observability we currently have. I bet the library implementations don't expose that.

Re: [exim-dev] DANE library for Exim + OpenSSL and upcoming OpenSSL 3.0.0 release.

On 12/08/2021 05:06, Viktor Dukhovni via Exim-dev wrote: The upcoming OpenSSL 3.0.0 release is now in beta and should ship some time in the next few months. This brings some low level changes to the library, that don't affect most applications, but may require changes in the legacy standalone

Re: [exim-dev] [PATCH] Docs: fix cross-reference for $spf_received

On 20/07/2021 12:19, Andreas Metzler via Exim-dev wrote: the existing cross-reference point is broken, also the description is unnecessary short, imho. Patch committed; thanks. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at

Re: [exim-dev] Junk in repo: doc/doc-docbook/spec.xfpt.readsock

On 20/07/2021 10:30, Andreas Metzler via Exim-dev wrote: doc/doc-docbook/spec.xfpt.readsock seems to have been accidentally added to the repository. Thanks; removed -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at

Re: [exim-dev] 4.95 - superfluous HELO check in ACL

On 17/07/2021 13:45, Andreas Metzler via Exim-dev wrote: require message = nice hosts say HELO first condition = ${if def:sender_helo_name} This should be superfluous due to:

Re: [exim-dev] Mail boincing back to bounces@servername instead of sender

On 11/06/2021 21:01, Rowney, Dion via Exim-dev wrote: If my replacement system I see the bounces are returning toboun...@myeximserver.com And I see the following in the logs: Jun 7 17:28:52 test exim[32705]: 2021-06-07 17:28:52.615 [32705] 1lqOfs-0008VV-Jb

Re: [exim-dev] servers expansion

On 12/06/2021 20:56, Andrew C Aitchison via Exim-dev wrote: On Sat, 12 Jun 2021, Jasen Betts via Exim-dev wrote: I'm wanting to be able to use expansion variables in the servers= parameter of query-style lookups. This immediately sounds dangerous. [suggested code change] This seems to work

Re: [exim-dev] Patch on exim-4.94+fixes applied after EOL

On 12/05/2021 19:08, Andreas Metzler via Exim-dev wrote: On 2021-05-09 Heiko Schlittermann via Exim-dev wrote: Andreas Metzler via Exim-dev (So 09 Mai 2021 08:06:11 CEST): Thanks, seems to have happened again with c1faf04b865465894c7ca41ab4585fb69d4a5936. How about closing this branch e.g.

Re: [exim-dev] [Bug 2730] New: EAI trace information doesn't log domains as U-labels

On 04/05/2021 23:59, Viktor Dukhovni via Exim-dev wrote: On May 4, 2021, at 2:48 PM, admin--- via Exim-dev wrote: https://bugs.exim.org/show_bug.cgi?id=2730 RFC 6531 says you SHOULD do this. In IETF-ese "SHOULD" means MUST unless there is a compelling technical reason not to do it, not do

Re: [exim-dev] [Bug 2702] New: XCLIENT ESMTP extension

On 22/02/2021 22:53, Vsevolod Stakhov via Exim-dev wrote: I have stopped to support it because the Exim developers were too reluctant to include that into the main distribution, so I have also removed it from the FreeBSD port. The code looks quite familiar from what I see... I should have said

Re: [exim-dev] [Bug 2702] New: XCLIENT ESMTP extension

On 22/02/2021 22:53, Vsevolod Stakhov via Exim-dev wrote: I have stopped to support it because the Exim developers were too reluctant to include that into the main distribution, so I have also removed it from the FreeBSD port. The code looks quite familiar from what I see... Looks similar to

Re: [exim-dev] On Channel Binding over SMTL/TLS

On 10/01/2021 11:47, Дилян Палаузов via Exim-dev wrote: RFC 5929 Channel Bindings for TLS defines the tls-unique channel binding, stating that there was an old tls-unique, which was bad. The new tls-unique uses the most recent TLS Finished message sent in the token, whereas the old tls-unique

Re: [exim-dev] [Bug 2671] Consider integration of localscan_dlopen patch

On 07/11/2020 21:57, Andrew C Aitchison via Exim-dev wrote: Could exim provide two libraries, one for each type of module and have all interface between exim and the module code via the libraries ? I don't see how, without radically changing what both types of module (I assume you're talking

Re: [exim-dev] DKIM Signing and renewing DKIM certificates

On 31/10/2020 16:34, Mark Elkins via Exim-dev wrote: If I have to have a different selector for a new DKIM key pair - and I'm signing about 40 domains - is there a suggested way to manage the currently hard coded line in exim.conf of:- remote_smtp:   driver = smtp   dnssec_request_domains =

Re: [exim-dev] Static Analysis - was Re: [Bug 2648] Use of $authres

On 28/10/2020 09:58, Andrew C Aitchison via Exim-dev wrote: I don't know who instigated it, or how recently it ran, but https://lgtm.com/projects/g/Exim/exim/ is an online static analysis of exim. I am willing to go through the alerts in a general way if it will be useful, though I'm not

Re: [exim-dev] Will you accept a new acl_smtp_auth_unadvertised ?

On 15/09/2020 16:19, u34--- via Exim-dev wrote: > In general, will you incoporate something like that in the code? You could do that purely coded in ACL, using quit/notquit ACLs, $smtp_command_history, ratelimit, and connect ACL. I'm not convinced there's enough need for a new ACL type. --

Re: [exim-dev] ulong in exim_monitor/em_menu.c

On 12/09/2020 19:47, Richard Clayton via Exim-dev wrote: > in exim_monitor/em_menu.c > > 635 text_showf(text, "Format error in spool file %s: size=%lu\n", > buffer, > 636 (ulong)statbuf.st_size); > > sadly, when I compile with clang on FreeBSD "ulong" does not exist Thanks for

Re: [exim-dev] [Bug 2265] TLS SNI not auto-set for DANE clients

On 17/08/2020 23:33, Viktor Dukhovni via Exim-dev wrote: > The Exim case should be somewhat simpler since nothing is persisted > out of process Not so. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Re: [exim-dev] GDB step by step exim

On 16/07/2020 05:07, Dennis Roellke via Exim-dev wrote: > I’d like to understand better how exim processes EHLO messages. Most people don't need to deal at that level of detail. Why? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at

Re: [exim-dev] [Bug 2594] CNAME handling can break TLS certificate verification

On 09/06/2020 18:33, Viktor Dukhovni via Exim-dev wrote: > Perhaps so, but in the context of everything else in RFC6125, and the > specs for other protocols, ... it is fairly clear (to me anyway) that > the intent is to match the SMTP server name prior to CNAME expansion, > just like the

Re: [exim-dev] [Bug 2594] CNAME handling can break TLS certificate verification

On 08/06/2020 14:51, Viktor Dukhovni via Exim-dev wrote: > On Mon, Jun 08, 2020 at 12:48:22PM +, admin--- via Exim-dev wrote: > >> https://bugs.exim.org/show_bug.cgi?id=2594 >> >> --- Comment #1 from Jeremy Harris --- >> Can you locate a standards document specifying the name that should be

Re: [exim-dev] [Bug 2594] CNAME handling can break TLS certificate verification

On 08/06/2020 14:51, Viktor Dukhovni via Exim-dev wrote: > On Mon, Jun 08, 2020 at 12:48:22PM +, admin--- via Exim-dev wrote: > >> https://bugs.exim.org/show_bug.cgi?id=2594 >> >> --- Comment #1 from Jeremy Harris --- >> Can you locate a standards document specifying the name that should be

Re: [exim-dev] Documentation build

On 02/06/2020 22:33, Simon Arlott via Exim-dev wrote: > Version 2.0202 stops loading HTML entities by default. > Fix here: > https://github.com/Exim/exim-website/compare/master...nomis:perl-xml-libxml-2.0202-fix Thanks. Is this a stable interface to the library, and usable across a range of

[exim-dev] Documentation build

Any XML experts in the house? The nicely-complex and fragile house of cards that is the Exim documentation build no longer functions on my main build system, thanks to an upgrade from Fedora 31 to 32. Checking on VMs confirms. F32: broken. The symptom bites during the build of the website,

[exim-dev] exim 4.94 RC2 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I have built, and placed on the FTP site, Release Candidate 2 for exim release 4.94 ftp://ftp.exim.org/pub/exim/exim4/test/ The commit for RC2 is ef546e7882, at git://git.exim.org/exim.git No further new features will be accepted for 4.94;

Re: [exim-dev] exim 4.94 RC1 published

On 14/05/2020 17:42, Andreas Metzler via Exim-dev wrote: >> Changes since RC0: > > - $local_part_verified has been dropped again. $local_part_data should > work where $local_part_verified worked. Doh. Thanks. I'll try to remember to point it out in the next RC announcement also. -- Cheers,

[exim-dev] exim 4.94 RC1 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I have built, and placed on the FTP site, Release Candidate 1 for exim release 4.94 ftp://ftp.exim.org/pub/exim/exim4/test/ The commit for RC1 is 632b9f8daa, at git://git.exim.org/exim.git -

Re: [exim-dev] [Bug 2571] Out-of-bound buffer read leads to Authentication Bypass in Exim SPA authentication method

On 07/05/2020 16:57, admin--- via Exim-dev wrote: > https://bugs.exim.org/show_bug.cgi?id=2571 > > --- Comment #4 from Andreas Metzler --- > Should this get a CVE? Possibly. Pro: people who watch for CVEs get a heads-up they should pull in the fix. Con: because of the publication of

Re: [exim-dev] headers_rewrite

On 30/04/2020 13:49, Anderson Ouverney | Gk2 Cloud via Exim-dev wrote: > We are currently using exim on some cPanel servers we have, we are > implementing a central relay to improve email management and sending speed. > This relay only allows previously registered, authorized and authenticated >

[exim-dev] Next release starting; will be 4.94; RC 0 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It's time for another release. This will be mostly bugfixes content; for details please read the ChangeLog file. As far as features go: There is a major introduction of parallel-operations in 2-phase queue runs. This is expected to help a) sites

Re: [exim-dev] More taint fun (now 4.93.0.4/FreeBSD)

On 25/02/2020 02:15, Larry Rosenman via Exim-dev wrote: > What's a good work-around for this? First, check that your distro includes later fixes than that release. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/

Re: [exim-dev] Taint Issues: 4.93/FreeBSD port

On 20/02/2020 17:31, Larry Rosenman via Exim-dev wrote: > I tried to upgrade to 4.93 today, and had to roll back to 4.92.3. > Help? exim-4.93+fixes branch -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Re: [exim-dev] Recipient information

On 19/02/2020 20:32, Ygor Fernandes via Exim-dev wrote: > I have the following doubt, is it possible within acl_check_rcpt, the total > number of recipients? > > I try to use the variables $ rcpt_count and $ recipients_count but these do > not have the full value right away, but when forwarded to

Re: [exim-dev] SPF not working properly

On 19/12/2019 10:54, David Saez Padros via Exim-dev wrote: > On the new release i get a lot of spf failures that make me have to > disable spf. Thanks for the debug info. This looks like a variant of bug 2499. -- Cheers, Jeremy -- ## List details at

Re: [exim-dev] exim-4.93 crash with SMTP AUTH (pam)?

On 10/12/2019 16:54, Fabian Groffen via Exim-dev wrote: > Exim seems to crash when using SMTP AUTH. I've reproduced this locally. > Before I triage any further, is anyone able to use SMTP AUTH (using PAM) > with 4.93? Ugh. Could a problem with our talking to the PAM library. Are you up for a

Re: [exim-dev] [Bug 2458] 4.93rc0 - invalid prototypes in local_scan.h

On 24/11/2019 11:07, Magnus Holmgren via Exim-dev wrote: > Similar but different issue: I just now noticed that smtp_printf(), which is > part of the local_scan API, was changed two years ago with the addition of a > second, BOOL argument related to pipelining. I'm not sure how to know when to

Re: [exim-dev] dnssec_request_domain router option in default config

On 19/10/2019 12:52, Andreas Metzler via Exim-dev wrote: > HS/06 Change the default of dnssec_request_domains to "*" > > The default config file still has a (single) explicit > "dnssec_request_domains = *", though. - That is an oversight, isn't it? Yes. No bad effect, but can (and will) be

Re: [exim-dev] misleading indent

On 19/10/2019 13:26, Andreas Metzler via Exim-dev wrote: > gcc (correctly) warns about two instances of misleading indentation. Correctly? I think not. Neither is associated with a flow-control; they are both purely blocks for the restriction of local-variable scope. Your suggested changes

Re: [exim-dev] dnsdb lookup question

On 14/10/2019 12:28, Graeme Fowler via Exim-dev wrote: > I have a requirement to specify a nameserver for a specific query, using > dnsdb. I don't think I can do that without adding the specific nameserver > address to /etc/resolv.conf, unless I'm missing some configuration option > that's

Re: [exim-dev] Debugging SMTP transport crash

On 27/09/2019 22:03, Florian Weimer via Exim-dev wrote: > How do I debug this? First try with debug commandline options. > Alternatively, I guess I could capture a coredump somehow, but that > might prove difficult as well due to the use of setuid etc. Yup. The /proc setuid-dump things. One

Re: [exim-dev] Excursus Retry 451 452 Strategies

On 29/07/2019 15:30, Дилян Палаузов via Exim-dev wrote: > imagine, a mail envolope contains many recipient, The server accepts the > first recipients and rejects the last > recipients, meaning “Too many recipients in this transaction”. > How can Exim be tweaked to retry immediately: > • Does

Re: [exim-dev] proactive exploit mitigation patches

On 25/07/2019 17:16, Ryan Castellucci via Exim-dev wrote: > I welcome any feedback on these proposed changes. Without denying the possible value of such restrictions, a more general protection against this class of exploits has been developed, and hit the git repo yesterday: f3ebb786e Track

Re: [exim-dev] Use transport_filter

On 25/07/2019 16:01, Ygor Fernandes via Exim-dev wrote: > It works perfectly, but when I put this question in an IF as below: > transport_filter = '${if eq{$a}{$b}{/etc/exim/test.sh ${message_id}{}}' > > It always generates the following log back to me: > transport filter process failed (127):

Re: [exim-dev] [exim-announce] CVE-2019-13917

On 25/07/2019 11:01, Fabian Groffen via Exim-dev wrote: > Is there an ETA for the sources to appear on the download servers? > I need those in order to update the package for Gentoo. Should be on the ftp site now; apologies for the delay. -- Cheers, Jeremy -- ## List details at

Re: [exim-dev] Relate Message_ids

On 04/07/2019 15:07, Ygor Fernandes via Exim-dev wrote: > I would like to know if they could help me, I have an environment where my > client connects to a server that I call RELAY this authenticates the data > and then fire the message to the server that I call SEND. > > The sending occurs

Re: [exim-dev] [exim] spool format error: size

On 02/05/2019 23:06, Magnus Holmgren via Exim-dev wrote: > That code is from SA-Exim, which implements a local_scan() function. What I > mean is: is there something wrong with this code, or has something been > broken > in Exim so that the permanent pool doesn't work? It looks right per the

Re: [exim-dev] Mailop list: exim and google fighting over DKIM

On 29/04/2019 20:06, Graeme Fowler via Exim-dev wrote: > On 29 Apr 2019, at 19:26, Andrew C Aitchison via Exim-dev > wrote: >> I will do so, either here or in that bug, when I can do so without causing >> more heat. > > The gist of the discussion (I’m a mailop subscriber) is manyfold: > > 1.

Re: [exim-dev] Mailop list: exim and google fighting over DKIM

On 29/04/2019 20:33, Brielle Bruns via Exim-dev wrote: > Heya, original cause of the havoc on mailop here! > > I'll try and answer whatever questions I can.  See below. > > > On 2019-04-29 19:06, Graeme Fowler wrote:> So *either* the > Debian-derived configuration (of which the original poster

Re: [exim-dev] Mailop list: exim and google fighting over DKIM

On 28/04/2019 16:42, Andrew C Aitchison via Exim-dev wrote: > Do the DKIM exim experts subscribe to the mailop list ? > > There is an ongoing discussion on the mai...@mailop.org > about a snafu with DKIM which implicates exim and google. > > The original report of the snafu (google rejections

Re: [exim-dev] Bug 2369: single-key lookup type based on libcorkipset

On 26/02/2019 18:23, Ian Zimmerman via Exim-dev wrote: > So at least this is a documentation bug. Notes added; 52af443324 and c77d3d85fe. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Re: [exim-dev] Bug 2369: single-key lookup type based on libcorkipset

On 26/02/2019 16:17, Ian Zimmerman via Exim-dev wrote: > On 2019-02-26 11:21, Jeremy Harris wrote: > >>> And bingo, it seems to not work as documented: > > devuan-205f!35 exim$ cat strange-iplist > "::::::0102:0203" : data > ":::102:203" : also_data > 1.2.3.4 :

Re: [exim-dev] Bug 2369: single-key lookup type based on libcorkipset

On 26/02/2019 02:19, Ian Zimmerman via Exim-dev wrote: > And bingo, it seems to not work as documented: Which bit are you saying doesn't match docs? So far, I see you giving a dot-group-hex ipv6 to an iplsearch lookup, which is wrong per docs: "key for an iplsearch lookup must be an IP address".

Re: [exim-dev] Bug 2369: single-key lookup type based on libcorkipset

On 24/02/2019 19:17, Jeremy Harris via Exim-dev wrote: > I don't know if a lookup done via the list-syntax > "hosts = corkipset:/filename" > will be different. Probably it will, sigh. Dots, and always seven. I tested by adding "pipeline_advertised_hosts = n

Re: [exim-dev] Bug 2369: single-key lookup type based on libcorkipset

On 24/02/2019 18:52, Jeremy Harris via Exim-dev wrote: > On 24/02/2019 18:11, Ian Zimmerman via Exim-dev wrote: >>> I'd expect conversion to unabbreviated form to have been done too. >> >> Do you mean I can expect an IPv6 address (mapped or not) to have exactly &

Re: [exim-dev] Bug 2369: single-key lookup type based on libcorkipset

On 24/02/2019 18:11, Ian Zimmerman via Exim-dev wrote: >> I'd expect conversion to unabbreviated form to have been done too. > > Do you mean I can expect an IPv6 address (mapped or not) to have exactly > 7 separators, whatever these might be? If yes, there is no ambiguity. That is my hope. But

Re: [exim-dev] Bug 2369: single-key lookup type based on libcorkipset

On 24/02/2019 07:47, Ian Zimmerman via Exim-dev wrote: > On 2019-02-10 23:03, Jeremy Harris wrote: > >> If you can reliably detect the ipv6-ness, yes, that sounds like the >> minimally intrusive way. > > How are the IPv4-mapped IPv6 addresses written in Exim? > > The straight translation to

Re: [exim-dev] Test suite unusable?

On 24/02/2019 02:23, Ian Zimmerman via Exim-dev wrote: > Do you have a suggestion for the version mismatch? Ignore it. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Re: [exim-dev] Test suite unusable?

On 24/02/2019 01:16, Ian Zimmerman via Exim-dev wrote: > devuan-205f!2 test$ ls -l aux-fixed/0037* > -rw-rw-r-- 1 itz eximtest 1660 Feb 23 13:33 aux-fixed/0037.f-1 Thanks! You found a testsuite bug; the message has been wrong since I first wrote it (and you're the first to notice!). It should

Re: [exim-dev] Test suite unusable?

On 23/02/2019 22:44, Ian Zimmerman via Exim-dev wrote: > the 2nd complaint is probably not a showstopper, but the only > world-writeable files are as follows: > > eximtest@devuan-205f:~/exim/test$ ls -lRa aux-fixed/ | grep 'w[-xsS] ' > lrwxrwxrwx 1 itz eximtest 15 Feb 23 13:33 9ec80de3.0 ->

Re: [exim-dev] [Bug 2376] New: log_message doesn't log if connection is interrupted (which is quite unexpected) while other rules in the same acl are applied

On 20/02/2019 12:25, Arkadiusz Miśkiewicz via Exim-dev wrote: > Is there a way to do ratelimit counting but make it return true, so > entire acl will fire? Have a very large limit (so it never exceeds it) and negate the condition. I suggest this rather than a zero limit as I cannot recall

Re: [exim-dev] Bug 2369: single-key lookup type based on libcorkipset

On 10/02/2019 22:42, Ian Zimmerman via Exim-dev wrote: > Turns out the underlying library wants IPv6 addresses colon separated; > but in contexts where a host address is being tested for list > membership, exim passes it to the lookup as dot-separated. This is of > course documented in the Spec,

Re: [exim-dev] Bug 2369: single-key lookup type based on libcorkipset

On 04/02/2019 15:53, Ian Zimmerman via Exim-dev wrote: > Is there a document about the preferred project style? I've done a quick writeup here: https://github.com/Exim/exim/wiki/Exim-coding-style -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim

Re: [exim-dev] Enable enable_prdr by default

On 13/01/2019 10:06, Дилян Палаузов via Exim-dev wrote: > Anyway, implementing Sieve’s ereject will make it very easy to do rejecting > per recipient without explicit ACLs. Just > let the user upload Sieve. I suggest you try that before implying it will interwork with PRDR. I don't think it

Re: [exim-dev] Enable enable_prdr by default

On 11/01/2019 09:59, Дилян Палаузов via Exim-dev wrote: > To make progress with PRDR please switch the default for enable_prdr to True. Although doing so would be safe (a missing prdr ACL is defaulted to "accept"), it would be pointless from the point of view of the receiving end and somewhat

Re: [exim-dev] tls_sni = $host in default configuration file

On 04/01/2019 01:02, Florian Zumbiehl via Exim-dev wrote: > may I suggest you put that on the > website somewhere? It was already there, at https://bugs.exim.org/enter_bug.cgi -- Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at

Re: [exim-dev] tls_sni = $host in default configuration file

For the record, if you have a sensitive security issue, please mail secur...@exim.org -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

Re: [exim-dev] Tests with TLS 1.3?

On 24/12/2018 09:54, Andreas Metzler via Exim-dev wrote:> did anybody yet test exim with TLS 1.3? > > Server side (exim/GnuTLS accepting messages from swaks or mutt) seems to > work (see header), however I have yet to find a public SMTP server who > offers TLS 1.3, to test outgoing deliveries.

Re: [exim-dev] tls_sni = $host in default configuration file

On 19/12/2018 00:51, Phil Pennock via Exim-dev wrote: > I think this change is generally useful, in having a cleaner setup for a > very common use-case, and showing exactly where new macros should be > defined, which can reduce some of the pain encountered by newcomers to > Exim. The wording

Re: [exim-dev] tls_sni = $host in default configuration file

On 16/12/2018 10:20, Andreas Metzler via Exim-dev wrote: > 4.92rc1 adds this to the smarthost_smtp transport: > > tls_sni = $host > > I do not think that always works as expected. Depending on the DNS setup > (CNAME, round robin) $host will not contain the name of the selected > smarthost

Re: [exim-dev] [exim] Exim 4.92-RC1

On 14/12/2018 15:24, Paul Hecker via Exim-dev wrote: > can no longer compile this version with my current Makefile as there is > > WITH_CONTENT_SCAN=yes > > enabled and all other scanner interfaces disabled (as DISABLE_MAL_CLAM=yes, > DISABLE_MAL_AVAST=yes etc.). > > The error at compile-time

Re: [exim-dev] buildfarm client proposal: tests configure support

On 9/15/18 2:34 AM, Phil Pennock wrote: > I've pushed to buildfarm-client.git a new branch `test_configure_tuning` > with one additional commit: > > https://git.exim.org/buildfarm-client.git/shortlog/refs/heads/test_configure_tuning >

Re: [exim-dev] [Bug 2311] New: DANE verify fails with a TA-mode TLSA and a selfsigned sever cert

On 9/9/18 5:54 PM, Viktor Dukhovni via Exim-dev wrote: > This does not appear to be the right description. https://lists.exim.org/lurker/message/20180904.122640.3cbadefb.en.html The subject says "self signed". If it's not expected to work, perhaps you could explain why (on-list, to the

Re: [exim-dev] UTF-8 and Exim string operations

On 08/18/2018 08:38 AM, Heiko Schlittermann via Exim-dev wrote: > And a new addtional main option > > string_encoding = ascii | utf8 (default: ascii) > > which can then switch ${strlen:…} to be equivalent to ${ustrlen:…} I'm not particularly happy about global mode-switches. Too much

  1   2   >