Re: [exim-dev] Administrivia: this should be munged

On 2017-02-05 at 14:43 +, Phil Pennock wrote: > Mailman on @exim.org should now be DMARC-munging, including for p=none > domains where failure to munge is a privacy breach. You know, that would have been a better test if I hadn't used my @exim.org address for the send. Hopefully the last

Re: [exim-dev] DNSSEC / log spam

On 2018-06-29 at 20:16 -0500, Larry Rosenman via Exim-dev wrote: > Greetings, > I have my DNS Zone DNSSEC enabled, but some of my dynamic > sub-domains are NOT DNSSEC due to HE.net not supporting DNSSEC yet. > can we suppress/change exim to not spam the logs with: > > Jun 29 20:12:53

Re: [exim-dev] DNSSEC / log spam

On 2018-06-30 at 00:01 -0400, Viktor Dukhovni via Exim-dev wrote: > So there is a potential solution, if you're > willing to change how manage _res.options. No. Messing with _res was always dangerous and since NetBSD went and made incompatible changes, life became hell.

[exim-dev] OpenSSL revamp work (WIP, nowhere near ready)

Nowhere near complete yet, but: https://git.exim.org/users/pdp/exim.git/shortlog/refs/heads/openssl_revamp git://git.exim.org/users/pdp/exim.git branch openssl_revamp What's there so far is a WIP commit showing how I think things should look from a parsing PoV and how the settings are

Re: [exim-dev] [Bug 2235] New: CVE-2018-6789

On 2018-02-09 at 15:32 +, Vsevolod Stakhov via Exim-dev wrote: > It seems that FreeBSD is no longer considered in CVE early disclosure, > isn't it? There has been no change from Exim's side in how this was communicated. We have an exim-maintainers mailing-list which has vetted people from any

[exim-dev] Bugzilla maintenance (security upgrade); old mail sent

Bugzilla had a security release today; I have upgraded bugs.exim.org to 4.4.13. Part of the pre-flight checklist involved running a sanity check, which found two bugs with unsent mail. I sent those mails out. This sent out messages dated 2017-03-07 for bugs 1294 and 1998. Sorry; if I'd known

[exim-dev] UTF-8 and Exim string operations

Anyone have strong feelings on how Exim should handle UTF-8 with operators such as ${length_1:STR} ? Document that the current operators work on bytes and add ulength_1 for being UTF-8 aware? Look at the top-bit being set and assume UTF-8, or will that break too much with all the places which

Re: [exim-dev] UTF-8 and Exim string operations

On 2018-08-17 at 10:36 -, Jasen Betts via Exim-dev wrote: > > and add ulength_1 for being UTF-8 aware? > > Would also need utf8-aware also substr and strlen. Yes, I was using length as an exemplar, not as an exhaustive list. :) I favored ulength too, but didn't want to just add a slew of

[exim-dev] build-farm / macOS

For awareness, I've applied on behalf of Exim to to get a free VM to be used as a build animal. If we're approved, we'll get rote paperwork every six months to confirm that we're actually still using it. I'd like to get macOS/Darwin builds back on the

[exim-dev] GnuTLS 3.6.3 / TLS 1.3

FWIW, if anyone is working on the GnuTLS integration these days: } From: Nikos Mavrogiannopoulos } Subject: gnutls 3.6.3 } } Hello, } I've just released gnutls 3.6.3. This is the first release which adds } full support of TLS1.3 (draft28), and several other features on the } 3.6.x branch. } } *

Re: [exim-dev] [Bug 2266] TLS SNI should default set

On 2018-04-20 at 19:16 -0400, Viktor Dukhovni via Exim-dev wrote: > In Postfix we have a notion that is the "next-hop" domain, > which is normally the envelope recipient domain, but when > a smarthost (or domain whose MX records are used for routing) > is specified, then the next-hop domain is the

Re: [exim-dev] [Bug 2266] TLS SNI should default set

On 2018-04-20 at 20:09 -0400, Viktor Dukhovni via Exim-dev wrote: > Question about this "$host". Are smarthost settings ever subject to > MX lookups, so that the actual remote SMTP server is one of the MX > hosts of the smarthost domain? Not with the format specified in the example

Re: [exim-dev] Preliminary dane_require_tls_ciphers support

On 2018-03-29 at 10:33 +0100, Jeremy Harris via Exim-dev wrote: > I'm unsure about the philosophy of the interface; having one option > override another. You mentioned "complex expansions" before in the > discussion but without detail. I assume that's the same consideration > as "lots of

Re: [exim-dev] Exim 4.91 RC1

On 2018-03-18 at 00:47 -0400, Viktor Dukhovni via Exim-dev wrote: > You may find the notes for the below commits to OpenSSL 1.1.0 and upcoming > 1.1.1 useful for building alternate versions of OpenSSL "on the side": > >

Re: [exim-dev] Exim 4.91 RC1

On 2018-03-17 at 15:00 +, Jeremy Harris via Exim-dev wrote: > > Enabling DMARC without enabling > >SPF led to a build failure almost at the very end. > > Compile-time or link-time failure? Do you think we need > a specific check early in the build? I think it was compile-time, but am

Re: [exim-dev] Exim 4.91 RC1

On 2018-03-15 at 21:31 +, Jeremy Harris via Exim-dev wrote: > I have built and uploaded Exim 4.91 RC1 to: > > https://ftp.exim.org/pub/exim/exim4/test/ Building for `next-exim` on the exim.org box, the port-26 listener: * `EXPERIMENTAL_ARC` is not given with `=yes` in `src/EDITME`,

Re: [exim-dev] "25 lost" is giving me useful clues

On 2018-08-30 at 12:27 +0200, Mark Elkins via Exim-dev wrote: > What this is telling me is someone at 157.0.116.189 is making > connections to my mail server - presumable to see if they can detect the > accounts of users on my machine? This really belongs on exim-users, not exim-dev (bcc'd)

Re: [exim-dev] buildfarm client proposal: tests configure support

On 2018-09-21 at 00:15 +0200, Heiko Schlittermann via Exim-dev wrote: > Heiko Schlittermann via Exim-dev (Mi 19 Sep 2018 11:46:52 > CEST): > > I'll do so this evening (roughly UTC). > Almost …. > > I made the changes, pushed it and pulled it into macstadiums > /opt/buildfarm/home/code and

Re: [exim-dev] tls_sni = $host in default configuration file

On 2018-12-20 at 20:50 +, Jeremy Harris via Exim-dev wrote: > The wording "should be" could be relaxed slightly, maybe, since it isn't > required by Exim's parsing. "It is simplest to", perhaps? Didn't we used to require it? I forget. Feel free to update it. > I see you quietly removed

Re: [exim-dev] tls_sni = $host in default configuration file

On 2018-12-16 at 10:42 +, Jeremy Harris via Exim-dev wrote: > On 16/12/2018 10:20, Andreas Metzler via Exim-dev wrote: > > 4.92rc1 adds this to the smarthost_smtp transport: > > > > tls_sni = $host > > > > I do not think that always works as expected. Depending on the DNS setup > > (CNAME,

[exim-dev] Exim website: logos for testers

Folks, I'm setting up macOS buildfarm stuff for Exim using hosting provided for free by MacStadium. They ask that their logo be on our web landing-page, which seems eminently fair and "normal practice" to me. But at present, there are no such logos. The fix is to say: if you are providing a

[exim-dev] buildfarm client proposal: tests configure support

I've made the buildfarm repos visible† on git.exim.org since there's nothing secret in them and we point folks to them on public wiki pages, and all the repos can be cloned without authentication. I've pushed to buildfarm-client.git a new branch `test_configure_tuning` with one additional commit:

Re: [exim-dev] buildfarm client proposal: tests configure support

On 2018-09-16 at 12:49 +0100, Jeremy Harris via Exim-dev wrote: > The code addition looks reasonable on the surface. Go head and > push it to master. I'm going to let Heiko make his suggested improvements. > I'm not going to spend time trying to duplicate your work... > once you're up and

Re: [exim-dev] tls_sni = $host in default configuration file

On 2018-12-17 at 18:44 -, Jasen Betts via Exim-dev wrote: > What does DANE say we shoud ask for? I remember it being non-obvious but > easily explained. However I don't however remember the detail. RFC 7672 section 2.2.2. If DNSSEC is available for every step along the way, for all CNAMEs in

Re: [exim-dev] Mailop list: exim and google fighting over DKIM

On 2019-04-28 at 16:42 +0100, Andrew C Aitchison via Exim-dev wrote: > Do the DKIM exim experts subscribe to the mailop list ? I do, but I just started a new job and am behind on public mailing-lists. > There is an ongoing discussion on the mai...@mailop.org > about a snafu with DKIM which

Re: [exim-dev] dnsdb lookup question

On 2019-10-14 at 12:28 +0100, Graeme Fowler via Exim-dev wrote: > Am I (missing something) or am I about to head deep into the codebase > to work out how to extend the dnsdb code? If someone is volunteering :D then ripping out all of the system resolver usage and replacing it with a libgetdns

Re: [exim-dev] DANE support in Exim with OpenSSL

On 2020-07-06 at 01:07 -0400, Viktor Dukhovni via Exim-dev wrote: > I would like recommend that when convenient, Exim should probably do the > same. The documentation for the OpenSSL DANE API is at: LibreSSL. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim

Re: [exim-dev] GDB step by step exim

On 2020-07-16 at 00:07 -0400, Dennis Roellke via Exim-dev wrote: > I’d like to understand better how exim processes EHLO messages. Ideally, I > could use gdb to set a breakpoint and step through from wherever I want. > Unfortunately, exim just ignores any breakpoints... it hits them for sure, bc

Re: [exim-dev] Default received_headers_max should be increased dramatically

First up: looks like we had a moderation backlog, and new subscribers are moderated by default, so your message was stuck in moderation for far longer than normal. Sorry about that. Your moderation bit has been cleared. On 2020-11-27 at 15:13 +, Ian Jackson via Exim-dev wrote: >

Re: [exim-dev] DKIM Signing and renewing DKIM certificates

On 2020-10-31 at 18:34 +0200, Mark Elkins via Exim-dev wrote: >[quoting:] > Of course, when you change your DKIM key pair, the public key in the DKIM > record needs to be changed as well. That is very poorly phrased. One selector corresponds to one DNS record. There is no way to safely change