From bb1028e5e3fdf8660a2ceaf9a618f599785e7d19 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Mon, 4 Jul 2022 15:33:44 +0200 Subject: [PATCH] Up to 4.96; NOTE ALT SRS implementation is GONE and now there is a new (and incompatible) native SRS implementation --- ...better.patch => 90_localscan_dlopen.dpatch | 34 +- exim.spec | 26 +- exim4-EDITME.patch | 9 + seen.patch | 635 ------------------ ssl.patch | 20 - 5 files changed, 35 insertions(+), 689 deletions(-) rename localscan_dlopen_exim_4.20_or_better.patch => 90_localscan_dlopen.dpatch (96%) delete mode 100644 seen.patch delete mode 100644 ssl.patch diff --git a/localscan_dlopen_exim_4.20_or_better.patch b/90_localscan_dlopen.dpatch similarity index 96% rename from localscan_dlopen_exim_4.20_or_better.patch rename to 90_localscan_dlopen.dpatch index f139cb0..a49217c 100644 --- a/localscan_dlopen_exim_4.20_or_better.patch +++ b/90_localscan_dlopen.dpatch @@ -6,11 +6,11 @@ Description: Allow one to use and switch between different local_scan functions Author: David Woodhouse, Derrick 'dman' Hudson, Marc MERLIN Origin: other, http://marc.merlins.org/linux/exim/files/sa-exim-current/ Forwarded: https://bugs.exim.org/show_bug.cgi?id=2671 -Last-Update: 2021-07-28 +Last-Update: 2022-04-24 --- a/src/EDITME +++ b/src/EDITME -@@ -881,10 +881,25 @@ +@@ -871,10 +871,25 @@ # as the traditional crypt() function. # *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** @@ -38,7 +38,7 @@ Last-Update: 2021-07-28 # with the extension "texinfo" in the doc directory. You may find that the --- a/src/config.h.defaults +++ b/src/config.h.defaults -@@ -33,10 +33,12 @@ +@@ -31,10 +31,12 @@ #define AUTH_SPA #define AUTH_TLS @@ -53,10 +53,10 @@ Last-Update: 2021-07-28 #define CONFIGURE_FILE_USE_NODE --- a/src/globals.c +++ b/src/globals.c -@@ -119,10 +119,14 @@ +@@ -115,10 +115,14 @@ uschar *dsn_envid = NULL; int dsn_ret = 0; - const pcre *regex_DSN = NULL; + const pcre2_code *regex_DSN = NULL; uschar *dsn_advertise_hosts = NULL; +#ifdef DLOPEN_LOCAL_SCAN @@ -70,15 +70,16 @@ Last-Update: 2021-07-28 uschar *openssl_options = NULL; --- a/src/globals.h +++ b/src/globals.h -@@ -154,10 +154,13 @@ +@@ -153,10 +153,14 @@ extern uschar *dsn_envid; /* DSN envid string */ extern int dsn_ret; /* DSN ret type*/ - extern const pcre *regex_DSN; /* For recognizing DSN settings */ + extern const pcre2_code *regex_DSN; /* For recognizing DSN settings */ extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */ +#ifdef DLOPEN_LOCAL_SCAN +extern uschar *local_scan_path; /* Path to local_scan() library */ +#endif ++ /* Input-reading functions for messages, so we can use special ones for incoming TCP/IP. */ @@ -86,9 +87,9 @@ Last-Update: 2021-07-28 extern uschar * (*lwr_receive_getbuf)(unsigned *); --- a/src/local_scan.c +++ b/src/local_scan.c -@@ -4,60 +4,136 @@ - +@@ -5,60 +5,135 @@ /* Copyright (c) University of Cambridge 1995 - 2009 */ + /* Copyright (c) The Exim Maintainers 2021 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -141,7 +142,6 @@ Last-Update: 2021-07-28 -*/ +#ifdef DLOPEN_LOCAL_SCAN +#include -+#include +static int (*local_scan_fn)(int fd, uschar **return_text) = NULL; +static int load_local_scan_library(void); +#endif @@ -293,7 +293,7 @@ Last-Update: 2021-07-28 extern int recipients_count; /* Number of recipients */ extern recipient_item *recipients_list;/* List of recipient addresses */ extern unsigned char *sender_address; /* Sender address */ -@@ -233,6 +237,8 @@ +@@ -234,6 +238,8 @@ extern pid_t child_open_exim_function(int *, const uschar *); extern pid_t child_open_exim2_function(int *, uschar *, uschar *, const uschar *); extern pid_t child_open_function(uschar **, uschar **, int, int *, int *, BOOL, const uschar *); @@ -304,7 +304,7 @@ Last-Update: 2021-07-28 /* End of local_scan.h */ --- a/src/readconf.c +++ b/src/readconf.c -@@ -213,10 +213,13 @@ +@@ -210,10 +210,13 @@ #endif { "local_from_check", opt_bool, {&local_from_check} }, { "local_from_prefix", opt_stringptr, {&local_from_prefix} }, @@ -332,11 +332,11 @@ Last-Update: 2021-07-28 *************************************************/ /* -@@ -468,10 +469,11 @@ - uschar *ss = store_get(n + 1, is_tainted(s)); - Ustrncpy(ss, s, n); - ss[n] = 0; - return ss; +@@ -461,10 +462,11 @@ + uschar * + string_copyn_function(const uschar * s, int n) + { + return string_copyn(s, n); } +#pragma GCC visibility pop #endif diff --git a/exim.spec b/exim.spec index 16de1bb..e0c11ba 100644 --- a/exim.spec +++ b/exim.spec @@ -7,7 +7,6 @@ %bcond_without sasl # without SASL %bcond_without ldap # without LDAP support %bcond_without spf # without spf support -%bcond_without srs # without srs support %bcond_with dynamic # dynamic modules %bcond_without hiredis # without redis # opendmarc.spec not ready, so off by default @@ -23,15 +22,15 @@ Summary: University of Cambridge Mail Transfer Agent Summary(pl.UTF-8): Agent Transferu Poczty Uniwersytetu w Cambridge Summary(pt_BR.UTF-8): Servidor de correio eletrônico exim Name: exim -Version: 4.95 -Release: 4 +Version: 4.96 +Release: 1 Epoch: 2 License: GPL v2+ Group: Networking/Daemons/SMTP Source0: ftp://ftp.exim.org/pub/exim/exim4/%{name}-%{version}.tar.bz2 -# Source0-md5: 0c66c53a7c9ebdcfae04f9d25821333d +# Source0-md5: e04a7a2a3456facba0b86dcec0ef4865 Source1: ftp://ftp.exim.org/pub/exim/exim4/%{name}-html-%{version}.tar.bz2 -# Source1-md5: ce74af7115255c4184d97829575bf080 +# Source1-md5: 786f30ba262d34dfd47a10387f845d60 Source2: %{name}.init Source3: %{name}.cron.db Source4: %{name}4.conf @@ -56,12 +55,11 @@ Patch1: %{name}4-monitor-EDITME.patch Patch2: %{name}4-cflags.patch Patch3: exim-defs.patch Patch4: %{name}4-Makefile-Default.patch -# http://marc.merlins.org/linux/exim/files/sa-exim-cvs/localscan_dlopen_exim_4.20_or_better.patch -Patch5: localscan_dlopen_%{name}_4.20_or_better.patch -Patch6: ssl.patch +# dlopen patch from debian +Patch5: 90_localscan_dlopen.dpatch + Patch7: linelength-show.patch Patch8: %{name}-spam-timeout.patch -Patch9: seen.patch Patch20: %{name}4-disableSSLv3.patch URL: http://www.exim.org/ @@ -71,14 +69,13 @@ BuildRequires: db-devel BuildRequires: libidn-devel BuildRequires: libidn2-devel %{?with_spf:BuildRequires: libspf2-devel >= 1.2.5-2} -%{?with_srs:BuildRequires: libsrs_alt-devel >= 1.0} %{?with_lmdb:BuildRequires: lmdb-devel} %{?with_mysql:BuildRequires: mysql-devel} %{?with_dmarc:BuildRequires: opendmarc-devel} %{?with_ldap:BuildRequires: openldap-devel >= 2.3.0} BuildRequires: openssl-devel >= 0.9.7d BuildRequires: pam-devel -BuildRequires: pcre-devel +BuildRequires: pcre2-8-devel BuildRequires: perl-devel >= 1:5.6.0 %{?with_pgsql:BuildRequires: postgresql-devel} BuildRequires: readline-devel @@ -184,10 +181,9 @@ Pliki nagłówkowe dla Exima. %patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 + %patch7 -p1 %patch8 -p1 -%patch9 -p2 install %{SOURCE4} exim4.conf install %{SOURCE14} doc/config.samples.tar.bz2 @@ -219,10 +215,6 @@ LOOKUP_LIBS+=-lopendmarc SUPPORT_SPF=yes LOOKUP_LIBS+=-lspf2 %endif -%if %{with srs} -EXPERIMENTAL_SRS_ALT=yes -LOOKUP_LIBS+=-lsrs_alt -%endif %if %{with hiredis} LOOKUP_REDIS=yes LOOKUP_LIBS+=-lhiredis diff --git a/exim4-EDITME.patch b/exim4-EDITME.patch index 93de4d5..0703540 100644 --- a/exim4-EDITME.patch +++ b/exim4-EDITME.patch @@ -112,6 +112,15 @@ # If you have content scanning you may wish to only include some of the scanner # interfaces. Uncomment any of these lines to remove that code. +@@ -587,7 +587,7 @@ DISABLE_MAL_MKS=yes + + # Uncomment the following lines to add SRS (Sender Rewriting Scheme) support + # using only native facilities. +-# SUPPORT_SRS=yes ++SUPPORT_SRS=yes + + + #------------------------------------------------------------------------------ @@ -752,18 +753,18 @@ FIXED_NEVER_USERS=root # included in the Exim binary. You will then need to set up the run time # configuration to make use of the mechanism(s) selected. diff --git a/seen.patch b/seen.patch deleted file mode 100644 index 7a2a7fa..0000000 --- a/seen.patch +++ /dev/null @@ -1,635 +0,0 @@ -commit 2357aa78ccd7182cad14307eb89cb1065f078356 -Author: Jeremy Harris -Date: Sun Aug 1 18:15:39 2021 +0100 - - ACL: "seen" condition - -diff --git a/src/src/acl.c b/src/src/acl.c -index f47259ca0..be17b5768 100644 ---- a/src/src/acl.c -+++ b/src/src/acl.c -@@ -103,6 +103,7 @@ enum { ACLC_ACL, - ACLC_REGEX, - #endif - ACLC_REMOVE_HEADER, -+ ACLC_SEEN, - ACLC_SENDER_DOMAINS, - ACLC_SENDERS, - ACLC_SET, -@@ -288,6 +289,7 @@ static condition_def conditions[] = { - ACL_BIT_MIME | ACL_BIT_NOTSMTP | - ACL_BIT_NOTSMTP_START), - }, -+ [ACLC_SEEN] = { US"seen", TRUE, FALSE, 0 }, - [ACLC_SENDER_DOMAINS] = { US"sender_domains", FALSE, FALSE, - ACL_BIT_AUTH | ACL_BIT_CONNECT | - ACL_BIT_HELO | -@@ -2815,6 +2817,143 @@ return rc; - - - -+/************************************************* -+* Handle a check for previously-seen * -+*************************************************/ -+ -+/* -+ACL clauses like: seen = -5m / key=$foo / readonly -+ -+Return is true for condition-true - but the semantics -+depend heavily on the actual use-case. -+ -+Negative times test for seen-before, positive for seen-more-recently-than -+(the given interval before current time). -+ -+All are subject to history not having been cleaned from the DB. -+ -+Default for seen-before is to create if not present, and to -+update if older than 10d (with the seen-test time). -+Default for seen-since is to always create or update. -+ -+Options: -+ key=value. Default key is $sender_host_address -+ readonly -+ write -+ refresh=: update an existing DB entry older than given -+ amount. Default refresh lacking this option is 10d. -+ The update sets the record timestamp to the seen-test time. -+ -+XXX do we need separate nocreate, noupdate controls? -+ -+Arguments: -+ arg the option string for seen= -+ where ACL_WHERE_xxxx indicating which ACL this is -+ log_msgptr for error messages -+ -+Returns: OK - Condition is true -+ FAIL - Condition is false -+ DEFER - Problem opening history database -+ ERROR - Syntax error in options -+*/ -+ -+static int -+acl_seen(const uschar * arg, int where, uschar ** log_msgptr) -+{ -+enum { SEEN_DEFAULT, SEEN_READONLY, SEEN_WRITE }; -+ -+const uschar * list = arg; -+int slash = '/', equal = '=', interval, mode = SEEN_DEFAULT, yield = FAIL; -+BOOL before; -+int refresh = 10 * 24 * 60 * 60; /* 10 days */ -+const uschar * ele, * key = sender_host_address; -+open_db dbblock, * dbm; -+dbdata_seen * dbd; -+time_t now; -+ -+/* Parse the first element, the time-relation. */ -+ -+if (!(ele = string_nextinlist(&list, &slash, NULL, 0))) -+ goto badparse; -+if ((before = *ele == '-')) -+ ele++; -+if ((interval = readconf_readtime(ele, 0, FALSE)) < 0) -+ goto badparse; -+ -+/* Remaining elements are options */ -+ -+while ((ele = string_nextinlist(&list, &slash, NULL, 0))) -+ if (Ustrncmp(ele, "key=", 4) == 0) -+ key = ele + 4; -+ else if (Ustrcmp(ele, "readonly") == 0) -+ mode = SEEN_READONLY; -+ else if (Ustrcmp(ele, "write") == 0) -+ mode = SEEN_WRITE; -+ else if (Ustrncmp(ele, "refresh=", 8) == 0) -+ { -+ if ((refresh = readconf_readtime(ele + 8, 0, FALSE)) < 0) -+ goto badparse; -+ } -+ else -+ goto badopt; -+ -+if (!(dbm = dbfn_open(US"seen", O_RDWR, &dbblock, TRUE, TRUE))) -+ { -+ HDEBUG(D_acl) debug_printf_indent("database for 'seen' not available\n"); -+ *log_msgptr = US"database for 'seen' not available"; -+ return DEFER; -+ } -+ -+dbd = dbfn_read_with_length(dbm, key, NULL); -+now = time(NULL); -+if (dbd) /* an existing record */ -+ { -+ time_t diff = now - dbd->time_stamp; /* time since the record was written */ -+ -+ if (before ? diff >= interval : diff < interval) -+ yield = OK; -+ -+ if (mode == SEEN_READONLY) -+ { HDEBUG(D_acl) debug_printf_indent("seen db not written (readonly)\n"); } -+ else if (mode == SEEN_WRITE || !before) -+ { -+ dbd->time_stamp = now; -+ dbfn_write(dbm, key, dbd, sizeof(*dbd)); -+ HDEBUG(D_acl) debug_printf_indent("seen db written (update)\n"); -+ } -+ else if (diff >= refresh) -+ { -+ dbd->time_stamp = now - interval; -+ dbfn_write(dbm, key, dbd, sizeof(*dbd)); -+ HDEBUG(D_acl) debug_printf_indent("seen db written (refresh)\n"); -+ } -+ } -+else -+ { /* No record found, yield always FAIL */ -+ if (mode != SEEN_READONLY) -+ { -+ dbdata_seen d = {.time_stamp = now}; -+ dbfn_write(dbm, key, &d, sizeof(*dbd)); -+ HDEBUG(D_acl) debug_printf_indent("seen db written (create)\n"); -+ } -+ else -+ HDEBUG(D_acl) debug_printf_indent("seen db not written (readonly)\n"); -+ } -+ -+dbfn_close(dbm); -+return yield; -+ -+ -+badparse: -+ *log_msgptr = string_sprintf("failed to parse '%s'", arg); -+ return ERROR; -+badopt: -+ *log_msgptr = string_sprintf("unrecognised option '%s' in '%s'", ele, arg); -+ return ERROR; -+} -+ -+ -+ - /************************************************* - * The udpsend ACL modifier * - *************************************************/ -@@ -3740,6 +3879,10 @@ for (; cb; cb = cb->next) - setup_remove_header(arg); - break; - -+ case ACLC_SEEN: -+ rc = acl_seen(arg, where, log_msgptr); -+ break; -+ - case ACLC_SENDER_DOMAINS: - { - uschar *sdomain; -diff --git a/src/src/dbstuff.h b/src/src/dbstuff.h -index 2f00dffb4..94db7f7fd 100644 ---- a/src/src/dbstuff.h -+++ b/src/src/dbstuff.h -@@ -788,6 +788,12 @@ typedef struct { - uschar bloom[40]; /* Bloom filter which may be larger than this */ - } dbdata_ratelimit_unique; - -+ -+/* For "seen" ACL condition */ -+typedef struct { -+ time_t time_stamp; -+} dbdata_seen; -+ - #ifndef DISABLE_PIPE_CONNECT - /* This structure records the EHLO responses, cleartext and crypted, - for an IP, as bitmasks (cf. OPTION_TLS). For LIMITS, also values -diff --git a/src/src/exim_dbutil.c b/src/src/exim_dbutil.c -index 13f74540e..45b778fc0 100644 ---- a/src/src/exim_dbutil.c -+++ b/src/src/exim_dbutil.c -@@ -21,7 +21,9 @@ argument is the name of the database file. The available names are: - misc: miscellaneous hints data - wait-: message waiting information; is a transport name - callout: callout verification cache -+ ratelimit: ACL 'ratelimit' condition - tls: TLS session resumption cache -+ seen: ACL 'seen' condition - - There are a number of common subroutines, followed by three main programs, - whose inclusion is controlled by -D on the compilation command. */ -@@ -38,6 +40,7 @@ whose inclusion is controlled by -D on the compilation command. */ - #define type_callout 4 - #define type_ratelimit 5 - #define type_tls 6 -+#define type_seen 7 - - - /* This is used by our cut-down dbfn_open(). */ -@@ -126,7 +129,7 @@ static void - usage(uschar *name, uschar *options) - { - printf("Usage: exim_%s%s \n", name, options); --printf(" = retry | misc | wait- | callout | ratelimit | tls\n"); -+printf(" = retry | misc | wait- | callout | ratelimit | tls | seen\n"); - exit(1); - } - -@@ -150,6 +153,7 @@ if (argc == 3) - if (Ustrcmp(argv[2], "callout") == 0) return type_callout; - if (Ustrcmp(argv[2], "ratelimit") == 0) return type_ratelimit; - if (Ustrcmp(argv[2], "tls") == 0) return type_tls; -+ if (Ustrcmp(argv[2], "seen") == 0) return type_seen; - } - usage(name, options); - return -1; /* Never obeyed */ -@@ -581,6 +585,7 @@ for (uschar * key = dbfn_scan(dbm, TRUE, &cursor); - dbdata_ratelimit *ratelimit; - dbdata_ratelimit_unique *rate_unique; - dbdata_tls_session *session; -+ dbdata_seen *seen; - int count_bad = 0; - int length; - uschar *t; -@@ -720,6 +725,11 @@ for (uschar * key = dbfn_scan(dbm, TRUE, &cursor); - session = (dbdata_tls_session *)value; - printf(" %s %.*s\n", keybuffer, length, session->session); - break; -+ -+ case type_seen: -+ seen = (dbdata_seen *)value; -+ printf("%s\t%s\n", keybuffer, print_time(seen->time_stamp)); -+ break; - } - } - store_reset(reset_point); -diff --git a/test/confs/0626 b/test/confs/0626 -new file mode 100644 -index 000000000..872c4b20a ---- /dev/null -+++ b/test/confs/0626 -@@ -0,0 +1,31 @@ -+# Exim test configuration 0626 -+# ACL seen condition -+ -+.include DIR/aux-var/std_conf_prefix -+ -+ -+# ----- Main settings ----- -+ -+primary_hostname = test.ex -+queue_only -+ -+acl_smtp_rcpt = chk_rcpt -+ -+# ----- ACL ----- -+ -+begin acl -+ -+chk_rcpt: -+ accept seen = OPT -+ -+# seen = never / $sender_host_addreee / per_call -+# seen = before=10s -+# seen = before=10s / write -+# seen = since / readonly -+# -+# seen = -10s -+# seen = -10s / readonly -+# seen = 2s -+# seen = 0s / update=20d -+# -+# End -diff --git a/test/scripts/0000-Basic/0626 b/test/scripts/0000-Basic/0626 -new file mode 100644 -index 000000000..6da58ee48 ---- /dev/null -+++ b/test/scripts/0000-Basic/0626 -@@ -0,0 +1,82 @@ -+# ACL 'seen' condition -+# -+exim -DOPT='-1s' -bh 127.0.0.1 -+HELO test -+MAIL FROM: -+RCPT TO: -+QUIT -+**** -+# Check that a hints DB was created. -+# Only the key is useful thanks to munging; should match the IP used above. -+dump seen -+# -+sleep 1 -+# should now see old-enough record -+exim -DOPT='-1s' -bh 127.0.0.1 -+HELO test -+MAIL FROM: -+RCPT TO: -+QUIT -+**** -+# force an update (visible via debug output in stdout for -bh) -+exim -DOPT='-1s / write' -bh 127.0.0.1 -+HELO test -+MAIL FROM: -+RCPT TO: -+QUIT -+**** -+# default key should change with ip -+exim -DOPT='-1s' -bh HOSTIPV4 -+HELO test -+MAIL FROM: -+RCPT TO: -+QUIT -+**** -+dump seen -+# explicit key (also checking expansion) -+exim -DOPT='-1s / key=${sender_host_address}_foo' -bh 127.0.0.1 -+HELO test -+MAIL FROM: -+RCPT TO: -+QUIT -+**** -+dump seen -+# check refresh -+sleep 1 -+exim -DOPT='-1s / refresh=1s' -bh 127.0.0.1 -+HELO test -+MAIL FROM: -+RCPT TO: -+QUIT -+**** -+# -+# -+# -+# -+# -+# test for seen-more-recently-than -+# that previous one should be no older than 5s, so this should pass -+# do not update -+# check list-parsing spaceless while we're here -+exim -DOPT='5s/key=${sender_host_address}_foo/readonly' -bh 127.0.0.1 -+HELO test -+MAIL FROM: -+RCPT TO: -+QUIT -+**** -+# check the above no-update by waiting longer than the later-than interval; should fail -+# should update -+sleep 2 -+exim -DOPT='1s / key=${sender_host_address}_foo' -bh 127.0.0.1 -+HELO test -+MAIL FROM: -+RCPT TO: -+QUIT -+**** -+# having updated, should pass -+exim -DOPT='1s / key=${sender_host_address}_foo' -bh 127.0.0.1 -+HELO test -+MAIL FROM: -+RCPT TO: -+QUIT -+**** -diff --git a/test/stderr/0626 b/test/stderr/0626 -new file mode 100644 -index 000000000..25e96bc4e ---- /dev/null -+++ b/test/stderr/0626 -@@ -0,0 +1,142 @@ -+>>> host in hosts_connection_nolog? no (option unset) -+>>> host in host_lookup? no (option unset) -+>>> host in host_reject_connection? no (option unset) -+>>> host in sender_unqualified_hosts? no (option unset) -+>>> host in recipient_unqualified_hosts? no (option unset) -+>>> host in helo_verify_hosts? no (option unset) -+>>> host in helo_try_verify_hosts? no (option unset) -+>>> host in helo_accept_junk_hosts? no (option unset) -+>>> test in helo_lookup_domains? no (end of list) -+>>> using ACL "chk_rcpt" -+>>> processing "accept" (TESTSUITE/test-config 19) -+>>> check seen = -1s -+>>> seen db written (create) -+>>> accept: condition test failed in ACL "chk_rcpt" -+>>> end of ACL "chk_rcpt": implicit DENY -+LOG: H=(test) [127.0.0.1] F= rejected RCPT -+>>> host in hosts_connection_nolog? no (option unset) -+>>> host in host_lookup? no (option unset) -+>>> host in host_reject_connection? no (option unset) -+>>> host in sender_unqualified_hosts? no (option unset) -+>>> host in recipient_unqualified_hosts? no (option unset) -+>>> host in helo_verify_hosts? no (option unset) -+>>> host in helo_try_verify_hosts? no (option unset) -+>>> host in helo_accept_junk_hosts? no (option unset) -+>>> test in helo_lookup_domains? no (end of list) -+>>> using ACL "chk_rcpt" -+>>> processing "accept" (TESTSUITE/test-config 19) -+>>> check seen = -1s -+>>> accept: condition test succeeded in ACL "chk_rcpt" -+>>> end of ACL "chk_rcpt": ACCEPT -+>>> host in hosts_connection_nolog? no (option unset) -+>>> host in host_lookup? no (option unset) -+>>> host in host_reject_connection? no (option unset) -+>>> host in sender_unqualified_hosts? no (option unset) -+>>> host in recipient_unqualified_hosts? no (option unset) -+>>> host in helo_verify_hosts? no (option unset) -+>>> host in helo_try_verify_hosts? no (option unset) -+>>> host in helo_accept_junk_hosts? no (option unset) -+>>> test in helo_lookup_domains? no (end of list) -+>>> using ACL "chk_rcpt" -+>>> processing "accept" (TESTSUITE/test-config 19) -+>>> check seen = -1s / write -+>>> seen db written (update) -+>>> accept: condition test succeeded in ACL "chk_rcpt" -+>>> end of ACL "chk_rcpt": ACCEPT -+>>> host in hosts_connection_nolog? no (option unset) -+>>> host in host_lookup? no (option unset) -+>>> host in host_reject_connection? no (option unset) -+>>> host in sender_unqualified_hosts? no (option unset) -+>>> host in recipient_unqualified_hosts? no (option unset) -+>>> host in helo_verify_hosts? no (option unset) -+>>> host in helo_try_verify_hosts? no (option unset) -+>>> host in helo_accept_junk_hosts? no (option unset) -+>>> test in helo_lookup_domains? no (end of list) -+>>> using ACL "chk_rcpt" -+>>> processing "accept" (TESTSUITE/test-config 19) -+>>> check seen = -1s -+>>> seen db written (create) -+>>> accept: condition test failed in ACL "chk_rcpt" -+>>> end of ACL "chk_rcpt": implicit DENY -+LOG: H=(test) [ip4.ip4.ip4.ip4] F= rejected RCPT -+>>> host in hosts_connection_nolog? no (option unset) -+>>> host in host_lookup? no (option unset) -+>>> host in host_reject_connection? no (option unset) -+>>> host in sender_unqualified_hosts? no (option unset) -+>>> host in recipient_unqualified_hosts? no (option unset) -+>>> host in helo_verify_hosts? no (option unset) -+>>> host in helo_try_verify_hosts? no (option unset) -+>>> host in helo_accept_junk_hosts? no (option unset) -+>>> test in helo_lookup_domains? no (end of list) -+>>> using ACL "chk_rcpt" -+>>> processing "accept" (TESTSUITE/test-config 19) -+>>> check seen = -1s / key=${sender_host_address}_foo -+>>> = -1s / key=127.0.0.1_foo -+>>> seen db written (create) -+>>> accept: condition test failed in ACL "chk_rcpt" -+>>> end of ACL "chk_rcpt": implicit DENY -+LOG: H=(test) [127.0.0.1] F= rejected RCPT -+>>> host in hosts_connection_nolog? no (option unset) -+>>> host in host_lookup? no (option unset) -+>>> host in host_reject_connection? no (option unset) -+>>> host in sender_unqualified_hosts? no (option unset) -+>>> host in recipient_unqualified_hosts? no (option unset) -+>>> host in helo_verify_hosts? no (option unset) -+>>> host in helo_try_verify_hosts? no (option unset) -+>>> host in helo_accept_junk_hosts? no (option unset) -+>>> test in helo_lookup_domains? no (end of list) -+>>> using ACL "chk_rcpt" -+>>> processing "accept" (TESTSUITE/test-config 19) -+>>> check seen = -1s / refresh=1s -+>>> seen db written (refresh) -+>>> accept: condition test succeeded in ACL "chk_rcpt" -+>>> end of ACL "chk_rcpt": ACCEPT -+>>> host in hosts_connection_nolog? no (option unset) -+>>> host in host_lookup? no (option unset) -+>>> host in host_reject_connection? no (option unset) -+>>> host in sender_unqualified_hosts? no (option unset) -+>>> host in recipient_unqualified_hosts? no (option unset) -+>>> host in helo_verify_hosts? no (option unset) -+>>> host in helo_try_verify_hosts? no (option unset) -+>>> host in helo_accept_junk_hosts? no (option unset) -+>>> test in helo_lookup_domains? no (end of list) -+>>> using ACL "chk_rcpt" -+>>> processing "accept" (TESTSUITE/test-config 19) -+>>> check seen = 5s/key=${sender_host_address}_foo/readonly -+>>> = 5s/key=127.0.0.1_foo/readonly -+>>> seen db not written (readonly) -+>>> accept: condition test succeeded in ACL "chk_rcpt" -+>>> end of ACL "chk_rcpt": ACCEPT -+>>> host in hosts_connection_nolog? no (option unset) -+>>> host in host_lookup? no (option unset) -+>>> host in host_reject_connection? no (option unset) -+>>> host in sender_unqualified_hosts? no (option unset) -+>>> host in recipient_unqualified_hosts? no (option unset) -+>>> host in helo_verify_hosts? no (option unset) -+>>> host in helo_try_verify_hosts? no (option unset) -+>>> host in helo_accept_junk_hosts? no (option unset) -+>>> test in helo_lookup_domains? no (end of list) -+>>> using ACL "chk_rcpt" -+>>> processing "accept" (TESTSUITE/test-config 19) -+>>> check seen = 1s / key=${sender_host_address}_foo -+>>> = 1s / key=127.0.0.1_foo -+>>> seen db written (update) -+>>> accept: condition test failed in ACL "chk_rcpt" -+>>> end of ACL "chk_rcpt": implicit DENY -+LOG: H=(test) [127.0.0.1] F= rejected RCPT -+>>> host in hosts_connection_nolog? no (option unset) -+>>> host in host_lookup? no (option unset) -+>>> host in host_reject_connection? no (option unset) -+>>> host in sender_unqualified_hosts? no (option unset) -+>>> host in recipient_unqualified_hosts? no (option unset) -+>>> host in helo_verify_hosts? no (option unset) -+>>> host in helo_try_verify_hosts? no (option unset) -+>>> host in helo_accept_junk_hosts? no (option unset) -+>>> test in helo_lookup_domains? no (end of list) -+>>> using ACL "chk_rcpt" -+>>> processing "accept" (TESTSUITE/test-config 19) -+>>> check seen = 1s / key=${sender_host_address}_foo -+>>> = 1s / key=127.0.0.1_foo -+>>> seen db written (update) -+>>> accept: condition test succeeded in ACL "chk_rcpt" -+>>> end of ACL "chk_rcpt": ACCEPT -diff --git a/test/stdout/0626 b/test/stdout/0626 -new file mode 100644 -index 000000000..44b481f31 ---- /dev/null -+++ b/test/stdout/0626 -@@ -0,0 +1,99 @@ -+ -+**** SMTP testing session as if from host 127.0.0.1 -+**** but without any ident (RFC 1413) callback. -+**** This is not for real! -+ -+220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -+250 test.ex Hello test [127.0.0.1] -+250 OK -+550 Administrative prohibition -+221 test.ex closing connection -++++++++++++++++++++++++++++ -+127.0.0.1 07-Mar-2000 12:21:52 -+ -+**** SMTP testing session as if from host 127.0.0.1 -+**** but without any ident (RFC 1413) callback. -+**** This is not for real! -+ -+220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -+250 test.ex Hello test [127.0.0.1] -+250 OK -+250 Accepted -+221 test.ex closing connection -+ -+**** SMTP testing session as if from host 127.0.0.1 -+**** but without any ident (RFC 1413) callback. -+**** This is not for real! -+ -+220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -+250 test.ex Hello test [127.0.0.1] -+250 OK -+250 Accepted -+221 test.ex closing connection -+ -+**** SMTP testing session as if from host ip4.ip4.ip4.ip4 -+**** but without any ident (RFC 1413) callback. -+**** This is not for real! -+ -+220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -+250 test.ex Hello test [ip4.ip4.ip4.ip4] -+250 OK -+550 Administrative prohibition -+221 test.ex closing connection -++++++++++++++++++++++++++++ -+ip4.ip4.ip4.ip4 07-Mar-2000 12:21:52 -+127.0.0.1 07-Mar-2000 12:21:52 -+ -+**** SMTP testing session as if from host 127.0.0.1 -+**** but without any ident (RFC 1413) callback. -+**** This is not for real! -+ -+220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -+250 test.ex Hello test [127.0.0.1] -+250 OK -+550 Administrative prohibition -+221 test.ex closing connection -++++++++++++++++++++++++++++ -+127.0.0.1_foo 07-Mar-2000 12:21:52 -+ip4.ip4.ip4.ip4 07-Mar-2000 12:21:52 -+127.0.0.1 07-Mar-2000 12:21:52 -+ -+**** SMTP testing session as if from host 127.0.0.1 -+**** but without any ident (RFC 1413) callback. -+**** This is not for real! -+ -+220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -+250 test.ex Hello test [127.0.0.1] -+250 OK -+250 Accepted -+221 test.ex closing connection -+ -+**** SMTP testing session as if from host 127.0.0.1 -+**** but without any ident (RFC 1413) callback. -+**** This is not for real! -+ -+220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -+250 test.ex Hello test [127.0.0.1] -+250 OK -+250 Accepted -+221 test.ex closing connection -+ -+**** SMTP testing session as if from host 127.0.0.1 -+**** but without any ident (RFC 1413) callback. -+**** This is not for real! -+ -+220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -+250 test.ex Hello test [127.0.0.1] -+250 OK -+550 Administrative prohibition -+221 test.ex closing connection -+ -+**** SMTP testing session as if from host 127.0.0.1 -+**** but without any ident (RFC 1413) callback. -+**** This is not for real! -+ -+220 test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 -+250 test.ex Hello test [127.0.0.1] -+250 OK -+250 Accepted -+221 test.ex closing connection diff --git a/ssl.patch b/ssl.patch deleted file mode 100644 index 5b736c1..0000000 --- a/ssl.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/src/tls-openssl.c -+++ a/src/tls-openssl.c -@@ -232,10 +232,14 @@ static exim_openssl_option exim_openssl_options[] = { - { US"no_tlsv1", SSL_OP_NO_TLSv1 }, - #endif - #ifdef SSL_OP_NO_TLSv1_1 --# if SSL_OP_NO_TLSv1_1 == 0x00000400L -+# if OPENSSL_VERSION_NUMBER < 0x30000000L -+# if SSL_OP_NO_TLSv1_1 == 0x00000400L - /* Error in chosen value in 1.0.1a; see first item in CHANGES for 1.0.1b */ --# warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring --# else -+# warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring -+# define NO_SSL_OP_NO_TLSv1_1 -+# endif -+# endif -+# ifndef NO_SSL_OP_NO_TLSv1_1 - { US"no_tlsv1_1", SSL_OP_NO_TLSv1_1 }, - # endif - #endif -- 2.43.0