Exim MTA development

Jeremy Harris | 1 Feb 2012 22:30

[Bug 1201] forwarding to a content-scanning site is a bounce-generator

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1201

Jeremy Harris <jgh146exb <at> wizmail.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #540 is|0                           |1
           obsolete|                            |

--- Comment #4 from Jeremy Harris <jgh146exb <at> wizmail.org>  2012-02-01 21:30:39 ---
Created an attachment (id=541)
 --> (http://bugs.exim.org/attachment.cgi?id=541)
TLS cutthrough delivery

--

-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

Phil Pennock | 4 Feb 2012 08:39

SASL changes: branch sasl_fixes

Folks,

In debugging why my GSSAPI authenticator (cyrus_sasl driver) had stopped
working, I made a number of fixes, which are on the sasl_fixes branch.
Does anyone fancy giving them a look over for sanity?

$tls_bits is a new variable; that's fed into
sasl_setprop(..,SASL_SSF_EXTERNAL, ...) for the Exim-as-server case.
Should probably be done for the client too.

In the end, my problems are caused by Heimdal; I've sent mail to
heimdal-discuss <at> :
  http://permalink.gmane.org/gmane.comp.encryption.kerberos.heimdal.general/6701

(I noticed this in Heimdal 1.4, not sure when the problem was
introduced).

In short: KRB5_KTNAME is no longer honoured for processes that have had
security boundary transitions, such as Exim.  So using a different
keytab is impossible at present, thus the client library falls back to
trying to get "host/$system_primary_hostname" credentials from the KDC.

Once I figure out, or am told, the API to use to override the keytab in
source, I'll add a HEIMDAL build-option to Exim and add the knobs to let
that be set.  This means bypassing the cyrus-sasl abstraction layer, but
we don't appear to have a choice.

If there's anyone using MIT's Kerberos implementation reading: is there
an API call needed to override the keytab there too?
--

--

(Continue reading)

Phil Pennock | 14 Feb 2012 03:52

GNU SASL gsasl integration into Exim

Folks,

A first cut at GNU SASL (gsasl) integration has been written for Exim.

At this time, it's server-only.  I'm not sure whether or not to
integrate this for release as part of the next Exim.  Feedback may make
the difference, but something more informative than "+1"/"me too"
please.

This authentication driver can be built into Exim at the same time as
Cyrus SASL.  It provides the mechanism work, but does not provide
authentication sources (an inherent difference between the two
libraries).  You'll need to use server_condition or server_password for
that, depending upon the mechanism used.

The code is on the gsasl branch of git:
  http://git.exim.org/exim.git/shortlog/refs/heads/gsasl
and includes full documentation.

I've built the PDF and made it available at:
  http://www.exim.org/~pdp/spec-gsasl-dev.pdf
Note that this claims to be for 4.77.  The major changes are to chapter
33 and the insertion of a new chapter 38.

There are a number of open issues:

 (1) Versioning of available features and library interfaces is not
     ideal.  I wrote and tested against gsasl 1.6.1.

 (2) Some aspects of the API do not let Exim generically support future

(Continue reading)

Phil Pennock | 17 Feb 2012 14:38

Testing needed: heimdal_gssapi authenticator

Adventurous folks already using Heimdal needed for testing git branch of
Exim.  Docs not yet updated.

Per my mail of 2012-02-04, """Heimdal 1.4 put in some restrictions on
honouring a value of $KRB5_KTNAME inherited from the environment, which
means that at present there's no way to make Exim work with a
non-default keytab file."""

I've added a "heimdal_gssapi" authenticator, server-only.  I've
developed and tested against Heimdal 1.4 on FreeBSD.

 (1) Pull Exim git.
 (2) Switch to heimdal branch (git checkout heimdal)
 (3) Note that for historical reasons, "src/" in releases corresponds to
     "src/src/" in git, so cd down one level into the first src.
 (4) Edit your usual Local/Makefile to include:
       AUTH_HEIMDAL_GSSAPI=yes
       AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
 (4a) If you don't have pkg-config installed, ignore that second _PC
      option and instead add the needed -I/include/paths to CFLAGS and
      the library specs to AUTH_LIBS, as per usual
 (4b) If you do have pkg-config but heimdal's package has a different
      name, change the value of the define
 (5) Install as usual
 (6) Use driver "heimdal_gssapi", set option "server_keytab"; if
     switching from "cyrus_sasl" driver, remember to drop the
     "server_mech" option.
 (7) Make sure keytab is readable by Exim runtime user
 (8) Let me know how you get on!

(Continue reading)

Jan van den Berg | 17 Feb 2012 13:21

Picon

[Bug 1212] New: Individual recipients_max per sender host IPrecipients_max

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1212
           Summary: Individual recipients_max per sender host
                    IPrecipients_max
           Product: Exim
           Version: N/A
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: wishlist
          Priority: medium
         Component: Delivery in general
        AssignedTo: nigel <at> exim.org
        ReportedBy: jan.vandenberg <at> isp.solcon.nl
                CC: exim-dev <at> exim.org

Hi,

atm recipients_max is a global exim setting for all users. I would like to be
able to differentiate.

We have some heavy users that use/need recipients_max to be high. However most
users don't use/need this. The problem with this is that we have set
recipients_max to a high number for those specific user. But when any other
users' mail account gets compromised by a spammer, they use this high number to
quickly send *a lot* of spam emails.
So that's why I'd like to be able to have global (low) recipients_max number
and a file with host IPs (that I trust) who can have: either a specific

(Continue reading)

Jan van den Berg | 17 Feb 2012 13:33

Picon

[Bug 1212] Individual recipients_max per sender host IP

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1212

Jan van den Berg <jan.vandenberg <at> isp.solcon.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Individual recipients_max   |Individual recipients_max
                   |per sender host             |per sender host IP
                   |IPrecipients_max            |

--

-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

Phil Pennock | 18 Feb 2012 11:07

Re: Testing needed: heimdal_gssapi authenticator

On 2012-02-17 at 08:38 -0500, Phil Pennock wrote:
> I have:
> 
> auth_gssapi:
>   driver        = heimdal_gssapi
>   public_name   = GSSAPI
>   server_hostname = smtp.spodhuis.org
>   server_realm  = SPODHUIS.ORG
>   server_keytab = /etc/kerberos/tabs/exim.keytab
>   server_set_id = $auth1

*cough*  "server_realm" is unused and there doesn't seem to be anything
sane to do with it in GSSAPI; the concept exists in Kerberos, but really
any tickets for the specified principal in the keytab will be used.

So I'm removing that option.

Oops.

(Bright side: I found this while documenting the driver, thus there will
 shortly exist documentation for this.)

-Phil

Jeremy Harris | 19 Feb 2012 17:32

[Bug 1214] New: Log lines for rejections should include authentication info

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1214
           Summary: Log lines for rejections should include authentication
                    info
           Product: Exim
           Version: 4.77
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: wishlist
          Priority: medium
         Component: Logging
        AssignedTo: nigel <at> exim.org
        ReportedBy: jgh146exb <at> wizmail.org
                CC: exim-dev <at> exim.org

Created an attachment (id=547)
 --> (http://bugs.exim.org/attachment.cgi?id=547)
patch for A= info in rejection lines in logs

Here's a patch which adds the "A=" clause to rejection lines in the logs.

--

-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

Phil Pennock | 19 Feb 2012 23:47

[Bug 1214] Log lines for rejections should include authentication info

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1214

Phil Pennock <pdp <at> exim.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #1 from Phil Pennock <pdp <at> exim.org>  2012-02-19 22:47:07 ---
Looks sane to me.  Applied, tested, works.  Sent upstream.

Commit: b98bb9ac90bfc9c812c4c660fe017284ee222686

--

-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

Jan van den Berg | 22 Feb 2012 19:33

Picon

[Bug 1212] Individual recipients_max per sender host IP

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1212

--- Comment #1 from Jan van den Berg <jan.vandenberg <at> isp.solcon.nl>  2012-02-22 18:33:07 ---
Created an attachment (id=548)
 --> (http://bugs.exim.org/attachment.cgi?id=548)
recipients_max_exception_hosts becomes available

--

-- 
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

Group

gmane.mail.exim.devel.

Project Web Page

Exim MTA development

Search Archive

Page

1 | 2 | 3

Articles in period: 20

February 2012

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

error message patch (23 May 2013)
[Bug 1358] New: Want a way to pull fields out of certificates (23 May 2013)
[Bug 321] Callouts and AUTH and LMTP (23 May 2013)
[exim-cvs] Documentation for udpsend and ${hexquote: (23 May 2013)
[Bug 425] Put captured subexpressions of regex and mime_regex ACL cond (12 May 2013)
logging of fakereject (12 May 2013)
[Bug 1353] New: Automated checks for unsorted option lists (8 May 2013)
[Bug 1352] New: Exim configuration error: main option "dns_retry" unkn (8 May 2013)
Security considerations: use_shell (6 May 2013)
Opportunistic DANE TLS mode for SMTP (2 May 2013)
Embedding Python (1 May 2013)
Administrivia: tahini downtime (1 May 2013)
[Bug 311] Add headers at top and middle (28 Apr 2013)
[Bug 305] Respect +tls_cipher +tls_peerdn in rejectlog entries (28 Apr 2013)
[Bug 141] Lookup host name from outgoing interface (28 Apr 2013)
[Bug 308] Add variable $router_name $transport_name (28 Apr 2013)
[Bug 425] Put captured subexpressions of regex and mime_regex ACL cond (28 Apr 2013)
[exim-cvs] Document PRDR, OCSP & DMARC options in OptionLists file. (23 Apr 2013)
[exim-cvs] Document PRDR, OCSP & DMARC options in OptionLists file. (22 Apr 2013)
Exim & proxy-protocol (22 Apr 2013)
[Bug 1349] New: small typo ("routing rule" used instead of "retry rule (21 Apr 2013)

Archives

30	May 2013
36	April 2013
56	March 2013
30	February 2013
27	January 2013
57	December 2012
52	November 2012
61	October 2012
69	September 2012
32	August 2012
63	July 2012
112	June 2012
241	May 2012
71	April 2012
38	March 2012
17	February 2012
35	January 2012
7	December 2011
39	November 2011
44	October 2011
59	September 2011
44	August 2011
7	July 2011
15	June 2011
62	May 2011
14	April 2011
44	March 2011
137	February 2011
150	January 2011
194	December 2010
14	November 2010
14	October 2010
56	September 2010
15	August 2010
52	July 2010
110	June 2010
59	May 2010
10	April 2010
17	March 2010
18	February 2010
65	January 2010
69	December 2009
163	November 2009
176	October 2009
21	September 2009
26	August 2009
30	July 2009
60	June 2009
15	May 2009
25	April 2009
25	March 2009
42	February 2009
29	January 2009
43	December 2008
29	November 2008
32	October 2008
61	September 2008
75	August 2008
47	July 2008
45	June 2008
80	May 2008
31	April 2008
33	March 2008
64	February 2008
116	January 2008
14	December 2007
26	November 2007
43	October 2007
25	September 2007
69	August 2007
63	July 2007
85	June 2007
31	May 2007
47	April 2007
67	March 2007
142	February 2007
119	January 2007
80	December 2006
72	November 2006
169	October 2006
129	September 2006
89	August 2006
66	July 2006
64	June 2006
26	May 2006
22	April 2006
43	March 2006
43	February 2006
42	January 2006
53	December 2005
60	November 2005
40	October 2005
136	September 2005
29	August 2005
77	July 2005
157	June 2005
42	May 2005
50	April 2005
127	March 2005
34	February 2005
8	January 2005
9	December 2004
37	November 2004
8	October 2004
9	August 2004
15	July 2004
23	June 2004
23	April 2004
44	March 2004

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template