notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.

Get notified when packages are built

A new feature has been added. FreshPorts already tracks package built by the FreeBSD project. This information is displayed on each port page. You can now get an email when FreshPorts notices a new package is available for something on one of your watch lists. However, you must opt into that. Click on Report Subscriptions on the right, and New Package Notification box, and click on Update.

FInally, under Watch Lists, click on ABI Package Subscriptions to select your ABI (e.g. FreeBSD:14:amd64) & package set (latest/quarterly) combinatio for a given watch list. This is what FreshPorts will look for.

non port: mail/exim/options

Number of commits found: 45

Wednesday, 17 Jan 2024
17:46 Dima Panov (fluffy) search for other commits by this committer
mail/exim: Add DMARC option to DEFAULT list (+)

GMail recently changed game rules. Again.
DMARC is a good companion to the DKIM/SPFF

Requested by:	ler
commit hash: ccd0ac57e90db47d4ed76b1c6965e7f2acff8ad5 commit hash: ccd0ac57e90db47d4ed76b1c6965e7f2acff8ad5 commit hash: ccd0ac57e90db47d4ed76b1c6965e7f2acff8ad5 commit hash: ccd0ac57e90db47d4ed76b1c6965e7f2acff8ad5 ccd0ac5
Thursday, 9 Nov 2023
07:03 Kurt Jaeger (pi) search for other commits by this committer Author: Chris Collins
mail/exim: re-add support for Alternative SRS

PR:		266465
Approved by:	fluffy (maintainer, implicit)
Author:    	Chris Collins <chrysalis@chrysalisnet.org>
commit hash: 2ce476eea4a37b1735316edc26a5d8df2bb3e48e commit hash: 2ce476eea4a37b1735316edc26a5d8df2bb3e48e commit hash: 2ce476eea4a37b1735316edc26a5d8df2bb3e48e commit hash: 2ce476eea4a37b1735316edc26a5d8df2bb3e48e 2ce476e
Saturday, 24 Jun 2023
18:00 Dima Panov (fluffy) search for other commits by this committer
mail/exim: list AUTH_TLS in OPTIONS_GROUP_AUTH (+)

PR:	271881
commit hash: faf12943ab65431502e89b301ce60ba243f668bc commit hash: faf12943ab65431502e89b301ce60ba243f668bc commit hash: faf12943ab65431502e89b301ce60ba243f668bc commit hash: faf12943ab65431502e89b301ce60ba243f668bc faf1294
Tuesday, 28 Dec 2021
19:23 Dima Panov (fluffy) search for other commits by this committer
mail/exim: update to 4.95 release (+)

Finally, Exim will be pushed to 4.95 release.
Long wait was caused by some criticals errors in vanilla release,
upstream fixes got a some time to come.

* Apply sendfile patch, fixes SIGSEGV using clamd via TCP [1]
* Convert select() to poll(), fixes crashes (SIGSEV) on FreeBSD 12.2 [2]

PR:	258848 [1], 259822 [2]
Sponsored by:	Netzkommune GmbH
commit hash: 99c5dc1049a23570016dcb5ac44882e408800622 commit hash: 99c5dc1049a23570016dcb5ac44882e408800622 commit hash: 99c5dc1049a23570016dcb5ac44882e408800622 commit hash: 99c5dc1049a23570016dcb5ac44882e408800622 99c5dc1
Tuesday, 4 May 2021
15:57 Dima Panov (fluffy) search for other commits by this committer
mail/exim:	update to 4.94.2 security release

  * New upstream security release.
    + Release based on +fixes branch.
    + Fixes multiple security vulnerabilities reported by Qualys and adds
      related robustness improvements. (Special thanks to Heiko)
      CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
      CVE-2020-28007: Link attack in Exim's log directory
      CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
      CVE-2020-28012: Missing close-on-exec flag for privileged pipe
      CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
      CVE-2020-28009: Integer overflow in get_stdinput()
      CVE-2020-28015, CVE-28021: New-line injection into spool header file
      CVE-2020-28026: Line truncation and injection in spool_read_header()
      CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
      CVE-2020-28017: Integer overflow in receive_add_recipient()
      CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
      CVE-2020-28011: Heap buffer overflow in queue_run()
      CVE-2020-28010: Heap out-of-bounds write in main()
      CVE-2020-28018: Use-after-free in tls-openssl.c
      CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
      CVE-2020-28014, CVE-2021-27216: PID file handling
      CVE-2020-28008: Assorted attacks in Exim's spool directory
      CVE-2020-28019: Failure to reset function pointer after BDAT error
  * Incorporate debian patches to turn taint failures into warnings.
commit hash: 0a629bd71087f75c3b334edb53b01ec68709ab60 commit hash: 0a629bd71087f75c3b334edb53b01ec68709ab60 commit hash: 0a629bd71087f75c3b334edb53b01ec68709ab60 commit hash: 0a629bd71087f75c3b334edb53b01ec68709ab60 0a629bd
Wednesday, 9 Sep 2020
12:09 fluffy search for other commits by this committer
mail/exim: import exim-4.94+fixes branch as state of 2020.09.09

Used git diffs:

[27/37] Fix spelling of local_part_data in docs and debug output
[27/37] Fix spelling of local_part_data in docs and debug output
[28/37] Fix ${readsocket } eol-replacement.  Bug 2630
[29/37] Taint: fix off-by-one in is_tainted().  Bug 2634
[30/37] Build: ifdef guard for EXPERIMENTAL_QUEUEFILE
[31/37] Taint: fix off-by-one in is_tainted().  Bug 2634
[32/37] DANE: force SNI to use $domain.  Bug 2265
[33/37] DANE: Fix 2-rcpt message, diff domins case.  Bug 2265
[34/37] Fix non-DANE build
[35/37] DANE: Fix 2 messages from queue case
[36/37] Fix non-DANE build

While here, make SPF option turned on by default

MFH:		2020Q3
Original commitRevision:548081 
Tuesday, 18 Feb 2020
18:54 vsevolod search for other commits by this committer
- Fix build with no DANE

Reported by:	Alexander Sheiko <adsh at univ.kiev.ua> via email
Original commitRevision:526468 
Monday, 16 Apr 2018
17:03 vsevolod search for other commits by this committer
Fix SPF support, add experimental ARC option

Reported by:	pi via email
Original commitRevision:467490 
Monday, 16 Jan 2017
13:03 vsevolod search for other commits by this committer
- Remove obsoleted OLD_DEMIME option
- Enable CONTENT_SCAN by default to compensate OLD_DEMIME removal

PR:		215871
Submitted by:	Mark Hills mark-freebsd at xwax.org
Original commitRevision:431639 
Monday, 2 Jan 2017
11:57 vsevolod search for other commits by this committer
- Update to version 4.88
- Add experimental LMDB lookup option
- Add experimental queuefile option
- Remove rspamd pacth which is now included in Exim

Changes: ftp://ftp.exim.org/pub/exim/exim4/NewStuff
Original commitRevision:430351 
Thursday, 21 Apr 2016
15:52 vsevolod search for other commits by this committer
- Update to 4.87
- Enable recommended default options
- Rename no longer experimental options
- Add rspamd shutdown patch

Exim 4.87 announce link:
https://lists.exim.org/lurker/message/20160406.181048.292a54e9.en.html
Original commitRevision:413740 
Monday, 27 Jul 2015
19:42 vsevolod search for other commits by this committer
- Update to 4.86 [1]
- Add experimental INTERNATIONAL option
- Add experimental SOCKS option
- Removed rspamd extra patch (included by default now)
- Removed xclient patch (broken and not used)

Relnotes:	ftp://ftp.exim.org/pub/exim/exim4/NewStuff [1]
Original commitRevision:393028 
Monday, 13 Jul 2015
11:52 vsevolod search for other commits by this committer
- Restore LMTP support by default [1]
- Fix install commands in the Makefile
- Bump portrevision

PR:		201438
Submitted by:	Gennady Proskurin <gpr at mail.ru>
Original commitRevision:391892 
Tuesday, 10 Feb 2015
12:57 vsevolod search for other commits by this committer
Remove duplicated NIS option (no functional changes).

Submitted by:	Ilya A. Arkhipov via IRC
Original commitRevision:378771 
Friday, 16 Jan 2015
14:19 vsevolod search for other commits by this committer
- Add rspamd extra patch and option [1]
- Remove obsoleted POST-INSTALL note [2]
- Bump revision since options have been changed

Submitted by:	swappers at gmail.com [1], pi@ [2]
Original commitRevision:377174 
Tuesday, 13 Jan 2015
13:45 vsevolod search for other commits by this committer
- Update to 4.85
- Add DANE experimental support
- Add EVENT experimental support
- Drop SRS_ALT option as exim cannot work with libsrs2 so srs_alt is the only
option now
- Polish IGNORE messages
- Remove already included patch
- Update documentation slave ports

The ChangeLog/NewStuff/README.UPDATING can be reviewed at:

http://git.exim.org/exim.git/blob/exim-4_85:/doc/doc-txt/ChangeLog
http://git.exim.org/exim.git/blob/exim-4_85:/doc/doc-txt/NewStuff
http://git.exim.org/exim.git/blob/exim-4_85:/src/README.UPDATING
Original commitRevision:376931 
Tuesday, 4 Nov 2014
16:14 vsevolod search for other commits by this committer
Remove outdated KAS patch and option.
Original commitRevision:372149 
Friday, 1 Aug 2014
13:55 vsevolod search for other commits by this committer
- Add patch recommended by the exim developers to fix mime regression in 4.83
- Remove SA_1024 as it has been adandoned long ago [1]
- Fix message in post-install stage [1]
- Bump revision

Submitted by:	Victor Ustugov via jabber [1]
Original commitRevision:363709 
Tuesday, 22 Jul 2014
15:39 vsevolod search for other commits by this committer
Update to 4.83.

Changes in the port:
- Added new options:
 * DNSSEC: validate peers using TLSA records
 * PRDR: Per-Recipient-Data-Response support
 * CERTNAMES: Check certiticates ownership
 * DSN: Delivery Status Notifications
 * PROXY: Experimental Proxy Protocol
- Enable OCSP stapling by default
- Disable NIS by default
- SRS support is now radio group
- DNSSEC and PRDR are now enabled by default

Changes in exim itself:
This release contains the following enhancements and bugfixes:
+ PRDR was promoted from Experimental to mainline
+ OCSP Stapling was promoted from Experimental to mainline
+ new Experimental feature Proxy Protocol
+ new Experimental feature DSN (Delivery Status Notifications)
+ TLS session improvements
+ TLS SNI fixes
+ LDAP enhancements
+ DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy
+ several new operations (listextract, utf8clean, md5, sha1)
+ enforce header formatting with verify=header_names_ascii
+ new commandline option -oMm
+ new TLSA dns lookup
+ new malware "sock" type
+ cutthrough routing enhancements
+ logging enhancements
+ DNSSEC enhancements
+ exiqgrep enhancements
+ deprecating non-standard SPF results
+ build and portability fixes
+ documentation fixes and enhancements

Uncompatible changes:
This release of Exim includes one incompatible fix: the behavior of
expansion of arguments to math comparison functions (<, <=, =, =>, >)
was unexpected, expanding the values twice. This fix also addresses a
security advisory, CVE-2014-2972. This is not a remote exploit, but if
content that is searched by the above math comparison functions is under
the control of an attacker, specially crafted data can be inserted that
will cause the Exim mail server to perform various file-system functions
as the exim user.
Original commitRevision:362549 
Friday, 18 Jul 2014
14:37 vsevolod search for other commits by this committer
Restore srs_alt support.

PR:		191950
Submitted by:	pi
Original commitRevision:362210 
Tuesday, 15 Jul 2014
16:14 adamw search for other commits by this committer
Add DOCS to OPTIONS_DEFINE to ports that check for PORT_OPTIONS:MDOCS.
Original commitRevision:361961 
Monday, 14 Jul 2014
10:45 vsevolod search for other commits by this committer
- Remove support of libsrs_alt as it is deprecated now
- Bump portrevision

Suggested by:	pi
Original commitRevision:361769 
Saturday, 5 Jul 2014
15:09 vsevolod search for other commits by this committer
- Add runtime dependency on perl for exim utilities [1], [2]
- Support berkeley DB lookups [3]
- Remove unnecessary options checks [1]
- Improve description for EXIMON option
- Bump portrevision

PR:		189019 [2], 181863 [3]
Submitted by:	ak [1], tim at bishnet.net [2], odavydenko at gmail.com [3]
Original commitRevision:360760 
Friday, 4 Jul 2014
16:07 vsevolod search for other commits by this committer
- Use options knobs [1]
- Group options
- Remove deprecated checks

Submitted by:	ak [1]
Original commitRevision:360641 
12:51 vsevolod search for other commits by this committer
Add new options for exim:

- DMARC: experimental opendmarc support
- REDIS: redis database lookup
- OCSP: ocsp certificates stapling using openssl
Original commitRevision:360610 
Thursday, 6 Jun 2013
19:25 bapt search for other commits by this committer
Convert to new options framework
Original commitRevision:320120 
Thursday, 12 Jul 2012
09:05 rea search for other commits by this committer
mail/exim: upgrade to 4.80

Extracts from the NewStuff,
  ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.80

 1. New authenticator driver, "gsasl".  Server-only (at present).
    This is a SASL interface, licensed under GPL, which can be found at
    http://www.gnu.org/software/gsasl/.
    This system does not provide sources of data for authentication, so
    careful use needs to be made of the conditions in Exim.

 2. New authenticator driver, "heimdal_gssapi".  Server-only.
    A replacement for using cyrus_sasl with Heimdal, now that $KRB5_KTNAME
    is no longer honoured for setuid programs by Heimdal.  Use the
    "server_keytab" option to point to the keytab.

 3. The "pkg-config" system can now be used when building Exim to reference
    cflags and library information for lookups and authenticators, rather
    than having to update "CFLAGS", "AUTH_LIBS", "LOOKUP_INCLUDE" and
    "LOOKUP_LIBS" directly.  Similarly for handling the TLS library support
    without adjusting "TLS_INCLUDE" and "TLS_LIBS".

    In addition, setting PCRE_CONFIG=yes will query the pcre-config tool to
    find the headers and libraries for PCRE.

 4. New expansion variable $tls_bits.

 5. New lookup type, "dbmjz".  Key is an Exim list, the elements of which will
    be joined together with ASCII NUL characters to construct the key to pass
    into the DBM library.  Can be used with gsasl to access sasldb2 files as
    used by Cyrus SASL.

 6. OpenSSL now supports TLS1.1 and TLS1.2 with OpenSSL 1.0.1.

    Avoid release 1.0.1a if you can.  Note that the default value of
    "openssl_options" is no longer "+dont_insert_empty_fragments", as that
    increased susceptibility to attack.  This may still have interoperability
    implications for very old clients (see version 4.31 change 37) but
    administrators can choose to make the trade-off themselves and restore
    compatibility at the cost of session security.

 7. Use of the new expansion variable $tls_sni in the main configuration option
    tls_certificate will cause Exim to re-expand the option, if the client
    sends the TLS Server Name Indication extension, to permit choosing a
    different certificate; tls_privatekey will also be re-expanded.  You must
    still set these options to expand to valid files when $tls_sni is not set.

    The SMTP Transport has gained the option tls_sni, which will set a hostname
    for outbound TLS sessions, and set $tls_sni too.

    A new log_selector, +tls_sni, has been added, to log received SNI values
    for Exim as a server.

 8. The existing "accept_8bitmime" option now defaults to true.  This means
    that Exim is deliberately not strictly RFC compliant.  We're following
    Dan Bernstein's advice in http://cr.yp.to/smtp/8bitmime.html by default.
    Those who disagree, or know that they are talking to mail servers that,
    even today, are not 8-bit clean, need to turn off this option.

 9. Exim can now be started with -bw (with an optional timeout, given as
    -bw<timespec>).  With this, stdin at startup is a socket that is
    already listening for connections.  This has a more modern name of
    "socket activation", but forcing the activated socket to fd 0.  We're
    interested in adding more support for modern variants.

10. ${eval } now uses 64-bit values on supporting platforms.  A new "G" suffix
    for numbers indicates multiplication by 1024^3.

11. The GnuTLS support has been revamped; the three options gnutls_require_kx,
    gnutls_require_mac & gnutls_require_protocols are no longer supported.
    tls_require_ciphers is now parsed by gnutls_priority_init(3) as a priority
    string, documentation for which is at:
    http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html

    SNI support has been added to Exim's GnuTLS integration too.

    For sufficiently recent GnuTLS libraries, ${randint:..} will now use
    gnutls_rnd(), asking for GNUTLS_RND_NONCE level randomness.

12. With OpenSSL, if built with EXPERIMENTAL_OCSP, a new option tls_ocsp_file
    is now available.  If the contents of the file are valid, then Exim will
    send that back in response to a TLS status request; this is OCSP Stapling.
    Exim will not maintain the contents of the file in any way: administrators
    are responsible for ensuring that it is up-to-date.

    See "experimental-spec.txt" for more details.

13. ${lookup dnsdb{ }} supports now SPF record types. They are handled
    identically to TXT record lookups.

14. New expansion variable $tod_epoch_l for higher-precision time.

15. New global option tls_dh_max_bits, defaulting to current value of NSS
    hard-coded limit of DH ephemeral bits, to fix interop problems caused by
    GnuTLS 2.12 library recommending a bit count higher than NSS supports.

16. tls_dhparam now used by both OpenSSL and GnuTLS, can be path or identifier.
    Option can now be a path or an identifier for a standard prime.
    If unset, we use the DH prime from section 2.2 of RFC 5114, "ike23".
    Set to "historic" to get the old GnuTLS behaviour of auto-generated DH
    primes.

17. SSLv2 now disabled by default in OpenSSL.  (Never supported by GnuTLS).
    Use "openssl_options -no_sslv2" to re-enable support, if your OpenSSL
    install was not built with OPENSSL_NO_SSL2 ("no-ssl2").

Extracts from the ChangeLog,
  ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.80

PP/01 Handle short writes when writing local log-files.
      In practice, only affects FreeBSD (8 onwards).
      Bugzilla 1053, with thanks to Dmitry Isaikin.

NM/01 Bugzilla 949 - Documentation tweak

NM/02 Bugzilla 1093 - eximstats DATA reject detection regexps
      improved.

NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs.

PP/02 Implemented gsasl authenticator.

PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option.

PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
      `pkg-config foo` for cflags/libs.

PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
      with rest of GSASL and with heimdal_gssapi.

PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
      `pkg-config foo` for cflags/libs for the TLS implementation.

PP/07 New expansion variable $tls_bits; Cyrus SASL server connection
      properties get this fed in as external SSF.  A number of robustness
      and debugging improvements to the cyrus_sasl authenticator.

PP/08 cyrus_sasl server now expands the server_realm option.

PP/09 Bugzilla 1214 - Log authentication information in reject log.
      Patch by Jeremy Harris.

PP/10 Added dbmjz lookup type.

PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid.

PP/12 MAIL args handles TAB as well as SP, for better interop with
      non-compliant senders.
      Analysis and variant patch by Todd Lyons.

NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated
      Bug report from Lars Müller <lars@samba.org> (via SUSE),
      Patch from Dirk Mueller <dmueller@suse.com>

PP/13 tls_peerdn now print-escaped for spool files.
      Observed some $tls_peerdn in wild which contained \n, which resulted
      in spool file corruption.

PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
      values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
      or write after TLS renegotiation, which otherwise led to messages
      "Got SSL error 2".

TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
      as a tracking header (ie: a signed header comes before the signature).
      Patch from Wolfgang Breyha.

JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
      comma-sep list; embedded commas doubled.

JH/02 Refactored ACL "verify =" logic to table-driven dispatch.

PP/15 LDAP: Check for errors of TLS initialisation, to give correct
      diagnostics.
      Report and patch from Dmitry Banschikov.

PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options".
      Removed SSL_clear() after SSL_new() which led to protocol negotiation
      failures.  We appear to now support TLS1.1+ with Exim.

PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
      lets Exim select keys and certificates based upon TLS SNI from client.
      Also option tls_sni on SMTP Transports.  Also clear $tls_bits correctly
      before an outbound SMTP session.  New log_selector, +tls_sni.

PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
      NULL dereference.  Report and patch from Alun Jones.

PP/19 DNS resolver init changes for NetBSD compatibility.  (Risk of breakage
      on less well tested platforms).  Obviates NetBSD pkgsrc patch-ac.
      Not seeing resolver debug output on NetBSD, but suspect this is a
      resolver implementation change.

PP/20 Revert part of NM/04, it broke log_path containing %D expansions.
      Left warnings.  Added "eximon gdb" invocation mode.

PP/21 Defaulting "accept_8bitmime" to true, not false.

PP/22 Added -bw for inetd wait mode support.

PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
      locate the relevant includes and libraries.  Made this the default.

PP/24 Fixed headers_only on smtp transports (was not sending trailing dot).
      Bugzilla 1246, report and most of solution from Tomasz Kusy.

JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
      This may cause build issues on older platforms.

PP/25 Revamped GnuTLS support, passing tls_require_ciphers to
      gnutls_priority_init, ignoring Exim options gnutls_require_kx,
      gnutls_require_mac & gnutls_require_protocols (no longer supported).
      Added SNI support via GnuTLS too.
      Made ${randint:..} supplier available, if using not-too-old GnuTLS.

PP/26 Added EXPERIMENTAL_OCSP for OpenSSL.

PP/27 Applied dnsdb SPF support patch from Janne Snabb.
      Applied second patch from Janne, implementing suggestion to default
      multiple-strings-in-record handling to match SPF spec.

JH/04 Added expansion variable $tod_epoch_l for a higher-precision time.

PP/28 Fix DCC dcc_header content corruption (stack memory referenced,
      read-only, out of scope).
      Patch from Wolfgang Breyha, report from Stuart Northfield.

PP/29 Fix three issues highlighted by clang analyser static analysis.
      Only crash-plausible issue would require the Cambridge-specific
      iplookup router and a misconfiguration.
      Report from Marcin Mirosław.

PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy.

PP/31 %D in printf continues to cause issues (-Wformat=security), so for
      now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
      As part of this, removing so much warning spew let me fix some minor
      real issues in debug logging.

PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing
      assignment on my part.  Fixed.

PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit
      of NSS, for GnuTLS/NSS interop.  Problem root cause diagnosis by
      Janne Snabb (who went above and beyond: thank you).

PP/34 Validate tls_require_ciphers on startup, since debugging an invalid
      string otherwise requires a connection and a bunch more work and it's
      relatively easy to get wrong.  Should also expose TLS library linkage
      problems.

PP/35 Pull in <features.h> on Linux, for some portability edge-cases of
      64-bit ${eval} (JH/03).

PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of
      GNU libc to support some of the 64-bit stuff, should not lead to
      conflicts.  Defined before os.h is pulled in, so if a given platform
      needs to override this, it can.

PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought
      protection layer was required, which is not implemented.
      Bugzilla 1254, patch from Wolfgang Breyha.

PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
      into Exim, default to IKE id 23 from RFC 5114 (2048 bit).  Make
      tls_dhparam take prime identifiers.  Also unbreak combination of
      OpenSSL+DH_params+TLSSNI.

PP/39 Disable SSLv2 by default in OpenSSL support.

Changes in the port:

 - added knob to disable DKIM (requested by alex@ahhyes.net)

 - added knob to build with GnuTLS (requested by odhiambo@gmail.com)

 - fixed handling of 'twist' directives in hosts.allow

PR: 166396
QA page: http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80
Original commit
Tuesday, 18 Oct 2011
08:55 rea search for other commits by this committer
mail/exim: upgrade to 4.77

New stuff (from ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.77):
 1. New options for the ratelimit ACL condition: /count= and /unique=.
    The /noupdate option has been replaced by a /readonly option.

 2. The SMTP transport's protocol option may now be set to "smtps", to
    use SSL-on-connect outbound.

 3. New variable $av_failed, set true if the AV scanner deferred; ie, when
    there is a problem talking to the AV scanner, or the AV scanner running.

 4. New expansion conditions, "inlist" and "inlisti", which take simple lists
    and check if the search item is a member of the list.  This does not
    support named lists, but does subject the list part to string expansion.

 5. Unless the new EXPAND_LISTMATCH_RHS build option is set when Exim was
    built, Exim no longer performs string expansion on the second string of
    the match_* expansion conditions: "match_address", "match_domain",
    "match_ip" & "match_local_part".  Named lists can still be used.

Relevant entries from ChangeLog at
  ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.77:

TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o
      whitespace trailer

TF/02 Fix a couple more cases where we did not log the error message
      when unlink() failed. See also change 4.74-TF/03.

TF/03 Make the exiwhat support code safe for signals. Previously
      Exim might lock up or crash if it happened to be inside a call
      to libc when it got a SIGUSR1 from exiwhat.

      The SIGUSR1 handler appends the current process status to the
      process log which is later printed by exiwhat. It used to use
      the general purpose logging code to do this, but several
      functions it calls are not safe for signals.

      The new output code in the SIGUSR1 handler is specific to the
      process log, and simple enough that it's easy to inspect for
      signal safety.  Removing some special cases also simplifies the
      general logging code.  Removing the spurious timestamps from the
      process log simplifies exiwhat.

PP/02 Raise smtp_cmd_buffer_size to 16kB.
      Bugzilla 879.  Patch from Paul Fisher.

PP/07 Make maildir_use_size_file an _expandable_ boolean.
      Bugzilla 1089.  Patch from Heiko Schlittermann.

PP/08 Handle ${run} returning more data than OS pipe buffer size.
      Bugzilla 1131.  Patch from Holger Weitz.

PP/09 Handle IPv6 addresses with SPF.
      Bugzilla 860.  Patch from Wolfgang Breyha.

PP/10 GnuTLS: support TLS 1.2 & 1.1.
      Bugzilla 1156.
      Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler].
      Bugzilla 1095.

PP/12 fix uninitialised greeting string from PP/03 (smtps client
      support).

PP/13 shell and compiler warnings fixes for RC1-RC4 changes.

PP/14 fix log_write() format string regression from TF/03.
      Bugzilla 1152.  Patch from Dmitry Isaikin.

Other changes:
 - the patch for XCLIENT was updated to match the latest Exim sources;
 - removed already incorporated patch for exiqgrep;
 - removed Makefile.options and simplified OPTIONS handling.

PR: ports/161095, ports/161482, ports/157180
Original commit
Sunday, 9 Jan 2011
11:19 rea search for other commits by this committer
mail/exim: update to 4.73

Most notably, this version fixes local exim -> root escalation,
CVE-2010-4345.

Port had also gained configurable knob for disabling -D option
and make variables TRUSTED_CONFIG_LIST and WHITELIST_D_MACROS
to fine tune the behaviour of options -C and -D.

New items are documented at
  ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.73
Changelog is available at
  ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.73

Security: e4fcf020-0447-11e0-becc-0022156e8794 / CVE-2010-4345
PR: 152963 [1], 153711 [2]
Submitted by: Alexander Wittig <alexander@wittig.name> [1]
Approved by: garga (mentor)
Original commit
Wednesday, 5 May 2010
18:08 krion search for other commits by this committer
"Spamooborona 1024" software by Yandex allows to filter up to 1024
good messages per day for any mailhost. It is to note: 1024 - it is
not the total amount of messages scanned but the only good ones,
which aren't considered as spam. Once 1024 good messages get passed
through the filter, the rest of mail traffic will be passed without
considering spam or ham until the end of the day.

http://so.yandex.ru/companies/so1024.xml

The patch allows use of "Spamooborona 1024" with Exim by using
Local_scan()'s functionality provided by Yandex LLC.

PR:             ports/146215
Submitted by:   Alexey V.Degtyarev <alexey@renatasystems.org>
Original commit
Wednesday, 25 Nov 2009
12:29 krion search for other commits by this committer
Change WITH_DAEMON option description.

Submitted by:   George L. Yermulnik <yz@yz.kiev.ua>, Alexey V. Degtyarev
<alexey@renatasystems.org>
Original commit
Sunday, 15 Nov 2009
18:18 krion search for other commits by this committer
Update to version 4.70
 - Add devel/pcre dependency
 - Add option for checking ACL in DCC
 - Add WITH_DEBUG option
 - Remove Domain Keys option
 - Remove DKIM option

Submitted by:   "Alexey V. Degtyarev" <alexey@renatasystems.org>
Original commit
Wednesday, 21 Oct 2009
19:59 krion search for other commits by this committer
- Convert existing infrastructure to OPTIONS
- Remove deprecated RCORDER, required by FreeBSD-5.x
- Remove deprecated WITH_PWCHECK
- Add option WITH_KAS, which installs mail/libspamtest to use
  Kaspersky Antispam library

Submitted by:   Alexey V. Degtyarev <alexey@renatasystems.org>
Original commit
Tuesday, 2 Jun 2009
09:44 krion search for other commits by this committer
Add support for XCLIENT command.

More info - http://www.postfix.org/XCLIENT_README.html

PR:             ports/133891
Submitted by:   Alexey V.Degtyarev <alexey@renatasystems.org>
Original commit
Saturday, 4 Oct 2008
16:04 skv search for other commits by this committer
Add support for DKIM (DomainKeys Identified Mail).

PR:             ports/127825
Submitted by:   skv
Approved by:    maintainer (krion)
Original commit
Thursday, 31 May 2007
06:48 krion search for other commits by this committer
Fix dovecot authentication.
Original commit
Tuesday, 4 Apr 2006
22:27 krion search for other commits by this committer
Update to 4.61
Original commit
Saturday, 25 Mar 2006
23:12 krion search for other commits by this committer
Add libsrs_alt support.
Some cleanups.

Submitted by:   Simon Dick <simond@irrelevant.org>
Original commit
Friday, 2 Dec 2005
10:06 skv search for other commits by this committer
Add DomainKeys support.

PR:             ports/89011
Submitted by:   skv
Approved by:    maintainer timeout
Original commit
Wednesday, 28 Sep 2005
10:12 krion search for other commits by this committer
Update to 4.53
Original commit
Wednesday, 2 Mar 2005
21:50 krion search for other commits by this committer
Update to 4.50

* Remove WITH/WITHOUT_EXISCAN variable, since exiscan code was
  merged into exim-4.50

* Introduce two new variables: WITH_CONTENT_SCAN and WITH_OLD_DEMIME.

* Enable WITH_OLD_DEMIME by default to preserve backward
  compatibility with deprecated "demime" ACL condition.  For Exim
  itself, setting WITH_OLD_DEMIME forces WITH_CONTENT_SCAN to be set.

* Remove POST-INSTALL-NOTES.exiscan-acl and xpatch-exiscan2 patches.

* Add experimental-spec.txt into docs, to inform about experimental
  features.

PR:             ports/78168
Submitted by:   krion
Approved by:    maintainer is currently MIA
Original commit
Thursday, 3 Feb 2005
03:55 eik search for other commits by this committer
- update SA-Exim to 4.2
- add support for Berkeley DB 4.3

Thanks to Sergey Matveychuk <sem@FreeBSD.org> for committing PR 76273.
Original commit
Sunday, 17 Oct 2004
12:05 eik search for other commits by this committer
Fix location of radiusclient.conf when RADIUS_TYPE=RADIUSCLIENT
Make some more options tunable

Noted by:       Jan-Peter Koopmann <Jan-Peter.Koopmann@seceidos.de>
Original commit
Monday, 11 Oct 2004
23:48 eik search for other commits by this committer
- update to Exim 4.43 and exiscan 28
- add support for the SA-Exim local_scan function
  + http://marc.merlins.org/linux/exim/sa.html
- new options WITH_SA_EXIM, WITH_AUTH_SASL, WITH_RADIUS_TYPE

- fix 150.exim-tidydb.sh when Exim is installed, but not run [1]

Submitted by:   Brian Somers <brian@Awfulhak.org> [1]
Original commit
Saturday, 17 Jul 2004
14:21 eik search for other commits by this committer
- Update to version 4.40

- Support for WITH_SPF and WITH_SRS via libspf2/libsrs2, needs exiscan

- Note for 5.x users: the default location of the start/stop file has changed.
  Build WITH_RCORDER=yes when you depend on the old behaviour

- WITH_OPENLDAP_VER and WITH_MYSQL_VER does no longer imply the corresponding
WITH_ variable.

- experimental support for optionsng from devel/portmk
Original commit

Number of commits found: 45