non port: mail/exim/options |
Number of commits found: 45 |
Wednesday, 17 Jan 2024
|
17:46 Dima Panov (fluffy)
mail/exim: Add DMARC option to DEFAULT list (+)
GMail recently changed game rules. Again.
DMARC is a good companion to the DKIM/SPFF
Requested by: ler
ccd0ac5 |
Thursday, 9 Nov 2023
|
07:03 Kurt Jaeger (pi) Author: Chris Collins
mail/exim: re-add support for Alternative SRS
PR: 266465
Approved by: fluffy (maintainer, implicit)
Author: Chris Collins <chrysalis@chrysalisnet.org>
2ce476e |
Saturday, 24 Jun 2023
|
18:00 Dima Panov (fluffy)
mail/exim: list AUTH_TLS in OPTIONS_GROUP_AUTH (+)
PR: 271881
faf1294 |
Tuesday, 28 Dec 2021
|
19:23 Dima Panov (fluffy)
mail/exim: update to 4.95 release (+)
Finally, Exim will be pushed to 4.95 release.
Long wait was caused by some criticals errors in vanilla release,
upstream fixes got a some time to come.
* Apply sendfile patch, fixes SIGSEGV using clamd via TCP [1]
* Convert select() to poll(), fixes crashes (SIGSEV) on FreeBSD 12.2 [2]
PR: 258848 [1], 259822 [2]
Sponsored by: Netzkommune GmbH
99c5dc1 |
Tuesday, 4 May 2021
|
15:57 Dima Panov (fluffy)
mail/exim: update to 4.94.2 security release
* New upstream security release.
+ Release based on +fixes branch.
+ Fixes multiple security vulnerabilities reported by Qualys and adds
related robustness improvements. (Special thanks to Heiko)
CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
CVE-2020-28007: Link attack in Exim's log directory
CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
CVE-2020-28012: Missing close-on-exec flag for privileged pipe
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
CVE-2020-28009: Integer overflow in get_stdinput()
CVE-2020-28015, CVE-28021: New-line injection into spool header file
CVE-2020-28026: Line truncation and injection in spool_read_header()
CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
CVE-2020-28017: Integer overflow in receive_add_recipient()
CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
CVE-2020-28011: Heap buffer overflow in queue_run()
CVE-2020-28010: Heap out-of-bounds write in main()
CVE-2020-28018: Use-after-free in tls-openssl.c
CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
CVE-2020-28014, CVE-2021-27216: PID file handling
CVE-2020-28008: Assorted attacks in Exim's spool directory
CVE-2020-28019: Failure to reset function pointer after BDAT error
* Incorporate debian patches to turn taint failures into warnings.
0a629bd |
Wednesday, 9 Sep 2020
|
12:09 fluffy
mail/exim: import exim-4.94+fixes branch as state of 2020.09.09
Used git diffs:
[27/37] Fix spelling of local_part_data in docs and debug output
[27/37] Fix spelling of local_part_data in docs and debug output
[28/37] Fix ${readsocket } eol-replacement. Bug 2630
[29/37] Taint: fix off-by-one in is_tainted(). Bug 2634
[30/37] Build: ifdef guard for EXPERIMENTAL_QUEUEFILE
[31/37] Taint: fix off-by-one in is_tainted(). Bug 2634
[32/37] DANE: force SNI to use $domain. Bug 2265
[33/37] DANE: Fix 2-rcpt message, diff domins case. Bug 2265
[34/37] Fix non-DANE build
[35/37] DANE: Fix 2 messages from queue case
[36/37] Fix non-DANE build
While here, make SPF option turned on by default
MFH: 2020Q3
|
Tuesday, 18 Feb 2020
|
18:54 vsevolod
- Fix build with no DANE
Reported by: Alexander Sheiko <adsh at univ.kiev.ua> via email
|
Monday, 16 Apr 2018
|
17:03 vsevolod
Fix SPF support, add experimental ARC option
Reported by: pi via email
|
Monday, 16 Jan 2017
|
13:03 vsevolod
- Remove obsoleted OLD_DEMIME option
- Enable CONTENT_SCAN by default to compensate OLD_DEMIME removal
PR: 215871
Submitted by: Mark Hills mark-freebsd at xwax.org
|
Monday, 2 Jan 2017
|
11:57 vsevolod
- Update to version 4.88
- Add experimental LMDB lookup option
- Add experimental queuefile option
- Remove rspamd pacth which is now included in Exim
Changes: ftp://ftp.exim.org/pub/exim/exim4/NewStuff
|
Thursday, 21 Apr 2016
|
15:52 vsevolod
- Update to 4.87
- Enable recommended default options
- Rename no longer experimental options
- Add rspamd shutdown patch
Exim 4.87 announce link:
https://lists.exim.org/lurker/message/20160406.181048.292a54e9.en.html
|
Monday, 27 Jul 2015
|
19:42 vsevolod
- Update to 4.86 [1]
- Add experimental INTERNATIONAL option
- Add experimental SOCKS option
- Removed rspamd extra patch (included by default now)
- Removed xclient patch (broken and not used)
Relnotes: ftp://ftp.exim.org/pub/exim/exim4/NewStuff [1]
|
Monday, 13 Jul 2015
|
11:52 vsevolod
- Restore LMTP support by default [1]
- Fix install commands in the Makefile
- Bump portrevision
PR: 201438
Submitted by: Gennady Proskurin <gpr at mail.ru>
|
Tuesday, 10 Feb 2015
|
12:57 vsevolod
Remove duplicated NIS option (no functional changes).
Submitted by: Ilya A. Arkhipov via IRC
|
Friday, 16 Jan 2015
|
14:19 vsevolod
- Add rspamd extra patch and option [1]
- Remove obsoleted POST-INSTALL note [2]
- Bump revision since options have been changed
Submitted by: swappers at gmail.com [1], pi@ [2]
|
Tuesday, 13 Jan 2015
|
13:45 vsevolod
- Update to 4.85
- Add DANE experimental support
- Add EVENT experimental support
- Drop SRS_ALT option as exim cannot work with libsrs2 so srs_alt is the only
option now
- Polish IGNORE messages
- Remove already included patch
- Update documentation slave ports
The ChangeLog/NewStuff/README.UPDATING can be reviewed at:
http://git.exim.org/exim.git/blob/exim-4_85:/doc/doc-txt/ChangeLog
http://git.exim.org/exim.git/blob/exim-4_85:/doc/doc-txt/NewStuff
http://git.exim.org/exim.git/blob/exim-4_85:/src/README.UPDATING
|
Tuesday, 4 Nov 2014
|
16:14 vsevolod
Remove outdated KAS patch and option.
|
Friday, 1 Aug 2014
|
13:55 vsevolod
- Add patch recommended by the exim developers to fix mime regression in 4.83
- Remove SA_1024 as it has been adandoned long ago [1]
- Fix message in post-install stage [1]
- Bump revision
Submitted by: Victor Ustugov via jabber [1]
|
Tuesday, 22 Jul 2014
|
15:39 vsevolod
Update to 4.83.
Changes in the port:
- Added new options:
* DNSSEC: validate peers using TLSA records
* PRDR: Per-Recipient-Data-Response support
* CERTNAMES: Check certiticates ownership
* DSN: Delivery Status Notifications
* PROXY: Experimental Proxy Protocol
- Enable OCSP stapling by default
- Disable NIS by default
- SRS support is now radio group
- DNSSEC and PRDR are now enabled by default
Changes in exim itself:
This release contains the following enhancements and bugfixes:
+ PRDR was promoted from Experimental to mainline
+ OCSP Stapling was promoted from Experimental to mainline
+ new Experimental feature Proxy Protocol
+ new Experimental feature DSN (Delivery Status Notifications)
+ TLS session improvements
+ TLS SNI fixes
+ LDAP enhancements
+ DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy
+ several new operations (listextract, utf8clean, md5, sha1)
+ enforce header formatting with verify=header_names_ascii
+ new commandline option -oMm
+ new TLSA dns lookup
+ new malware "sock" type
+ cutthrough routing enhancements
+ logging enhancements
+ DNSSEC enhancements
+ exiqgrep enhancements
+ deprecating non-standard SPF results
+ build and portability fixes
+ documentation fixes and enhancements
Uncompatible changes:
This release of Exim includes one incompatible fix: the behavior of
expansion of arguments to math comparison functions (<, <=, =, =>, >)
was unexpected, expanding the values twice. This fix also addresses a
security advisory, CVE-2014-2972. This is not a remote exploit, but if
content that is searched by the above math comparison functions is under
the control of an attacker, specially crafted data can be inserted that
will cause the Exim mail server to perform various file-system functions
as the exim user.
|
Friday, 18 Jul 2014
|
14:37 vsevolod
Restore srs_alt support.
PR: 191950
Submitted by: pi
|
Tuesday, 15 Jul 2014
|
16:14 adamw
Add DOCS to OPTIONS_DEFINE to ports that check for PORT_OPTIONS:MDOCS.
|
Monday, 14 Jul 2014
|
10:45 vsevolod
- Remove support of libsrs_alt as it is deprecated now
- Bump portrevision
Suggested by: pi
|
Saturday, 5 Jul 2014
|
15:09 vsevolod
- Add runtime dependency on perl for exim utilities [1], [2]
- Support berkeley DB lookups [3]
- Remove unnecessary options checks [1]
- Improve description for EXIMON option
- Bump portrevision
PR: 189019 [2], 181863 [3]
Submitted by: ak [1], tim at bishnet.net [2], odavydenko at gmail.com [3]
|
Friday, 4 Jul 2014
|
16:07 vsevolod
- Use options knobs [1]
- Group options
- Remove deprecated checks
Submitted by: ak [1]
|
12:51 vsevolod
Add new options for exim:
- DMARC: experimental opendmarc support
- REDIS: redis database lookup
- OCSP: ocsp certificates stapling using openssl
|
Thursday, 6 Jun 2013
|
19:25 bapt
Convert to new options framework
|
Thursday, 12 Jul 2012
|
09:05 rea
mail/exim: upgrade to 4.80
Extracts from the NewStuff,
ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.80
1. New authenticator driver, "gsasl". Server-only (at present).
This is a SASL interface, licensed under GPL, which can be found at
http://www.gnu.org/software/gsasl/.
This system does not provide sources of data for authentication, so
careful use needs to be made of the conditions in Exim.
2. New authenticator driver, "heimdal_gssapi". Server-only.
A replacement for using cyrus_sasl with Heimdal, now that $KRB5_KTNAME
is no longer honoured for setuid programs by Heimdal. Use the
"server_keytab" option to point to the keytab.
3. The "pkg-config" system can now be used when building Exim to reference
cflags and library information for lookups and authenticators, rather
than having to update "CFLAGS", "AUTH_LIBS", "LOOKUP_INCLUDE" and
"LOOKUP_LIBS" directly. Similarly for handling the TLS library support
without adjusting "TLS_INCLUDE" and "TLS_LIBS".
In addition, setting PCRE_CONFIG=yes will query the pcre-config tool to
find the headers and libraries for PCRE.
4. New expansion variable $tls_bits.
5. New lookup type, "dbmjz". Key is an Exim list, the elements of which will
be joined together with ASCII NUL characters to construct the key to pass
into the DBM library. Can be used with gsasl to access sasldb2 files as
used by Cyrus SASL.
6. OpenSSL now supports TLS1.1 and TLS1.2 with OpenSSL 1.0.1.
Avoid release 1.0.1a if you can. Note that the default value of
"openssl_options" is no longer "+dont_insert_empty_fragments", as that
increased susceptibility to attack. This may still have interoperability
implications for very old clients (see version 4.31 change 37) but
administrators can choose to make the trade-off themselves and restore
compatibility at the cost of session security.
7. Use of the new expansion variable $tls_sni in the main configuration option
tls_certificate will cause Exim to re-expand the option, if the client
sends the TLS Server Name Indication extension, to permit choosing a
different certificate; tls_privatekey will also be re-expanded. You must
still set these options to expand to valid files when $tls_sni is not set.
The SMTP Transport has gained the option tls_sni, which will set a hostname
for outbound TLS sessions, and set $tls_sni too.
A new log_selector, +tls_sni, has been added, to log received SNI values
for Exim as a server.
8. The existing "accept_8bitmime" option now defaults to true. This means
that Exim is deliberately not strictly RFC compliant. We're following
Dan Bernstein's advice in http://cr.yp.to/smtp/8bitmime.html by default.
Those who disagree, or know that they are talking to mail servers that,
even today, are not 8-bit clean, need to turn off this option.
9. Exim can now be started with -bw (with an optional timeout, given as
-bw<timespec>). With this, stdin at startup is a socket that is
already listening for connections. This has a more modern name of
"socket activation", but forcing the activated socket to fd 0. We're
interested in adding more support for modern variants.
10. ${eval } now uses 64-bit values on supporting platforms. A new "G" suffix
for numbers indicates multiplication by 1024^3.
11. The GnuTLS support has been revamped; the three options gnutls_require_kx,
gnutls_require_mac & gnutls_require_protocols are no longer supported.
tls_require_ciphers is now parsed by gnutls_priority_init(3) as a priority
string, documentation for which is at:
http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html
SNI support has been added to Exim's GnuTLS integration too.
For sufficiently recent GnuTLS libraries, ${randint:..} will now use
gnutls_rnd(), asking for GNUTLS_RND_NONCE level randomness.
12. With OpenSSL, if built with EXPERIMENTAL_OCSP, a new option tls_ocsp_file
is now available. If the contents of the file are valid, then Exim will
send that back in response to a TLS status request; this is OCSP Stapling.
Exim will not maintain the contents of the file in any way: administrators
are responsible for ensuring that it is up-to-date.
See "experimental-spec.txt" for more details.
13. ${lookup dnsdb{ }} supports now SPF record types. They are handled
identically to TXT record lookups.
14. New expansion variable $tod_epoch_l for higher-precision time.
15. New global option tls_dh_max_bits, defaulting to current value of NSS
hard-coded limit of DH ephemeral bits, to fix interop problems caused by
GnuTLS 2.12 library recommending a bit count higher than NSS supports.
16. tls_dhparam now used by both OpenSSL and GnuTLS, can be path or identifier.
Option can now be a path or an identifier for a standard prime.
If unset, we use the DH prime from section 2.2 of RFC 5114, "ike23".
Set to "historic" to get the old GnuTLS behaviour of auto-generated DH
primes.
17. SSLv2 now disabled by default in OpenSSL. (Never supported by GnuTLS).
Use "openssl_options -no_sslv2" to re-enable support, if your OpenSSL
install was not built with OPENSSL_NO_SSL2 ("no-ssl2").
Extracts from the ChangeLog,
ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.80
PP/01 Handle short writes when writing local log-files.
In practice, only affects FreeBSD (8 onwards).
Bugzilla 1053, with thanks to Dmitry Isaikin.
NM/01 Bugzilla 949 - Documentation tweak
NM/02 Bugzilla 1093 - eximstats DATA reject detection regexps
improved.
NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs.
PP/02 Implemented gsasl authenticator.
PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option.
PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
`pkg-config foo` for cflags/libs.
PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
with rest of GSASL and with heimdal_gssapi.
PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
`pkg-config foo` for cflags/libs for the TLS implementation.
PP/07 New expansion variable $tls_bits; Cyrus SASL server connection
properties get this fed in as external SSF. A number of robustness
and debugging improvements to the cyrus_sasl authenticator.
PP/08 cyrus_sasl server now expands the server_realm option.
PP/09 Bugzilla 1214 - Log authentication information in reject log.
Patch by Jeremy Harris.
PP/10 Added dbmjz lookup type.
PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid.
PP/12 MAIL args handles TAB as well as SP, for better interop with
non-compliant senders.
Analysis and variant patch by Todd Lyons.
NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated
Bug report from Lars Müller <lars@samba.org> (via SUSE),
Patch from Dirk Mueller <dmueller@suse.com>
PP/13 tls_peerdn now print-escaped for spool files.
Observed some $tls_peerdn in wild which contained \n, which resulted
in spool file corruption.
PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
or write after TLS renegotiation, which otherwise led to messages
"Got SSL error 2".
TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
as a tracking header (ie: a signed header comes before the signature).
Patch from Wolfgang Breyha.
JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
comma-sep list; embedded commas doubled.
JH/02 Refactored ACL "verify =" logic to table-driven dispatch.
PP/15 LDAP: Check for errors of TLS initialisation, to give correct
diagnostics.
Report and patch from Dmitry Banschikov.
PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options".
Removed SSL_clear() after SSL_new() which led to protocol negotiation
failures. We appear to now support TLS1.1+ with Exim.
PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
lets Exim select keys and certificates based upon TLS SNI from client.
Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly
before an outbound SMTP session. New log_selector, +tls_sni.
PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
NULL dereference. Report and patch from Alun Jones.
PP/19 DNS resolver init changes for NetBSD compatibility. (Risk of breakage
on less well tested platforms). Obviates NetBSD pkgsrc patch-ac.
Not seeing resolver debug output on NetBSD, but suspect this is a
resolver implementation change.
PP/20 Revert part of NM/04, it broke log_path containing %D expansions.
Left warnings. Added "eximon gdb" invocation mode.
PP/21 Defaulting "accept_8bitmime" to true, not false.
PP/22 Added -bw for inetd wait mode support.
PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
locate the relevant includes and libraries. Made this the default.
PP/24 Fixed headers_only on smtp transports (was not sending trailing dot).
Bugzilla 1246, report and most of solution from Tomasz Kusy.
JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
This may cause build issues on older platforms.
PP/25 Revamped GnuTLS support, passing tls_require_ciphers to
gnutls_priority_init, ignoring Exim options gnutls_require_kx,
gnutls_require_mac & gnutls_require_protocols (no longer supported).
Added SNI support via GnuTLS too.
Made ${randint:..} supplier available, if using not-too-old GnuTLS.
PP/26 Added EXPERIMENTAL_OCSP for OpenSSL.
PP/27 Applied dnsdb SPF support patch from Janne Snabb.
Applied second patch from Janne, implementing suggestion to default
multiple-strings-in-record handling to match SPF spec.
JH/04 Added expansion variable $tod_epoch_l for a higher-precision time.
PP/28 Fix DCC dcc_header content corruption (stack memory referenced,
read-only, out of scope).
Patch from Wolfgang Breyha, report from Stuart Northfield.
PP/29 Fix three issues highlighted by clang analyser static analysis.
Only crash-plausible issue would require the Cambridge-specific
iplookup router and a misconfiguration.
Report from Marcin MirosÅaw.
PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
PP/31 %D in printf continues to cause issues (-Wformat=security), so for
now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
As part of this, removing so much warning spew let me fix some minor
real issues in debug logging.
PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing
assignment on my part. Fixed.
PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit
of NSS, for GnuTLS/NSS interop. Problem root cause diagnosis by
Janne Snabb (who went above and beyond: thank you).
PP/34 Validate tls_require_ciphers on startup, since debugging an invalid
string otherwise requires a connection and a bunch more work and it's
relatively easy to get wrong. Should also expose TLS library linkage
problems.
PP/35 Pull in <features.h> on Linux, for some portability edge-cases of
64-bit ${eval} (JH/03).
PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of
GNU libc to support some of the 64-bit stuff, should not lead to
conflicts. Defined before os.h is pulled in, so if a given platform
needs to override this, it can.
PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought
protection layer was required, which is not implemented.
Bugzilla 1254, patch from Wolfgang Breyha.
PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make
tls_dhparam take prime identifiers. Also unbreak combination of
OpenSSL+DH_params+TLSSNI.
PP/39 Disable SSLv2 by default in OpenSSL support.
Changes in the port:
- added knob to disable DKIM (requested by alex@ahhyes.net)
- added knob to build with GnuTLS (requested by odhiambo@gmail.com)
- fixed handling of 'twist' directives in hosts.allow
PR: 166396
QA page: http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80
|
Tuesday, 18 Oct 2011
|
08:55 rea
mail/exim: upgrade to 4.77
New stuff (from ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.77):
1. New options for the ratelimit ACL condition: /count= and /unique=.
The /noupdate option has been replaced by a /readonly option.
2. The SMTP transport's protocol option may now be set to "smtps", to
use SSL-on-connect outbound.
3. New variable $av_failed, set true if the AV scanner deferred; ie, when
there is a problem talking to the AV scanner, or the AV scanner running.
4. New expansion conditions, "inlist" and "inlisti", which take simple lists
and check if the search item is a member of the list. This does not
support named lists, but does subject the list part to string expansion.
5. Unless the new EXPAND_LISTMATCH_RHS build option is set when Exim was
built, Exim no longer performs string expansion on the second string of
the match_* expansion conditions: "match_address", "match_domain",
"match_ip" & "match_local_part". Named lists can still be used.
Relevant entries from ChangeLog at
ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.77:
TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o
whitespace trailer
TF/02 Fix a couple more cases where we did not log the error message
when unlink() failed. See also change 4.74-TF/03.
TF/03 Make the exiwhat support code safe for signals. Previously
Exim might lock up or crash if it happened to be inside a call
to libc when it got a SIGUSR1 from exiwhat.
The SIGUSR1 handler appends the current process status to the
process log which is later printed by exiwhat. It used to use
the general purpose logging code to do this, but several
functions it calls are not safe for signals.
The new output code in the SIGUSR1 handler is specific to the
process log, and simple enough that it's easy to inspect for
signal safety. Removing some special cases also simplifies the
general logging code. Removing the spurious timestamps from the
process log simplifies exiwhat.
PP/02 Raise smtp_cmd_buffer_size to 16kB.
Bugzilla 879. Patch from Paul Fisher.
PP/07 Make maildir_use_size_file an _expandable_ boolean.
Bugzilla 1089. Patch from Heiko Schlittermann.
PP/08 Handle ${run} returning more data than OS pipe buffer size.
Bugzilla 1131. Patch from Holger Weitz.
PP/09 Handle IPv6 addresses with SPF.
Bugzilla 860. Patch from Wolfgang Breyha.
PP/10 GnuTLS: support TLS 1.2 & 1.1.
Bugzilla 1156.
Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler].
Bugzilla 1095.
PP/12 fix uninitialised greeting string from PP/03 (smtps client
support).
PP/13 shell and compiler warnings fixes for RC1-RC4 changes.
PP/14 fix log_write() format string regression from TF/03.
Bugzilla 1152. Patch from Dmitry Isaikin.
Other changes:
- the patch for XCLIENT was updated to match the latest Exim sources;
- removed already incorporated patch for exiqgrep;
- removed Makefile.options and simplified OPTIONS handling.
PR: ports/161095, ports/161482, ports/157180
|
Sunday, 9 Jan 2011
|
11:19 rea
mail/exim: update to 4.73
Most notably, this version fixes local exim -> root escalation,
CVE-2010-4345.
Port had also gained configurable knob for disabling -D option
and make variables TRUSTED_CONFIG_LIST and WHITELIST_D_MACROS
to fine tune the behaviour of options -C and -D.
New items are documented at
ftp://exim.inode.at/exim/ChangeLogs/NewStuff-4.73
Changelog is available at
ftp://exim.inode.at/exim/ChangeLogs/ChangeLog-4.73
Security: e4fcf020-0447-11e0-becc-0022156e8794 / CVE-2010-4345
PR: 152963 [1], 153711 [2]
Submitted by: Alexander Wittig <alexander@wittig.name> [1]
Approved by: garga (mentor)
|
Wednesday, 5 May 2010
|
18:08 krion
"Spamooborona 1024" software by Yandex allows to filter up to 1024
good messages per day for any mailhost. It is to note: 1024 - it is
not the total amount of messages scanned but the only good ones,
which aren't considered as spam. Once 1024 good messages get passed
through the filter, the rest of mail traffic will be passed without
considering spam or ham until the end of the day.
http://so.yandex.ru/companies/so1024.xml
The patch allows use of "Spamooborona 1024" with Exim by using
Local_scan()'s functionality provided by Yandex LLC.
PR: ports/146215
Submitted by: Alexey V.Degtyarev <alexey@renatasystems.org>
|
Wednesday, 25 Nov 2009
|
12:29 krion
Change WITH_DAEMON option description.
Submitted by: George L. Yermulnik <yz@yz.kiev.ua>, Alexey V. Degtyarev
<alexey@renatasystems.org>
|
Sunday, 15 Nov 2009
|
18:18 krion
Update to version 4.70
- Add devel/pcre dependency
- Add option for checking ACL in DCC
- Add WITH_DEBUG option
- Remove Domain Keys option
- Remove DKIM option
Submitted by: "Alexey V. Degtyarev" <alexey@renatasystems.org>
|
Wednesday, 21 Oct 2009
|
19:59 krion
- Convert existing infrastructure to OPTIONS
- Remove deprecated RCORDER, required by FreeBSD-5.x
- Remove deprecated WITH_PWCHECK
- Add option WITH_KAS, which installs mail/libspamtest to use
Kaspersky Antispam library
Submitted by: Alexey V. Degtyarev <alexey@renatasystems.org>
|
Tuesday, 2 Jun 2009
|
09:44 krion
Add support for XCLIENT command.
More info - http://www.postfix.org/XCLIENT_README.html
PR: ports/133891
Submitted by: Alexey V.Degtyarev <alexey@renatasystems.org>
|
Saturday, 4 Oct 2008
|
16:04 skv
Add support for DKIM (DomainKeys Identified Mail).
PR: ports/127825
Submitted by: skv
Approved by: maintainer (krion)
|
Thursday, 31 May 2007
|
06:48 krion
Fix dovecot authentication.
|
Tuesday, 4 Apr 2006
|
22:27 krion
Update to 4.61
|
Saturday, 25 Mar 2006
|
23:12 krion
Add libsrs_alt support.
Some cleanups.
Submitted by: Simon Dick <simond@irrelevant.org>
|
Friday, 2 Dec 2005
|
10:06 skv
Add DomainKeys support.
PR: ports/89011
Submitted by: skv
Approved by: maintainer timeout
|
Wednesday, 28 Sep 2005
|
10:12 krion
Update to 4.53
|
Wednesday, 2 Mar 2005
|
21:50 krion
Update to 4.50
* Remove WITH/WITHOUT_EXISCAN variable, since exiscan code was
merged into exim-4.50
* Introduce two new variables: WITH_CONTENT_SCAN and WITH_OLD_DEMIME.
* Enable WITH_OLD_DEMIME by default to preserve backward
compatibility with deprecated "demime" ACL condition. For Exim
itself, setting WITH_OLD_DEMIME forces WITH_CONTENT_SCAN to be set.
* Remove POST-INSTALL-NOTES.exiscan-acl and xpatch-exiscan2 patches.
* Add experimental-spec.txt into docs, to inform about experimental
features.
PR: ports/78168
Submitted by: krion
Approved by: maintainer is currently MIA
|
Thursday, 3 Feb 2005
|
03:55 eik
- update SA-Exim to 4.2
- add support for Berkeley DB 4.3
Thanks to Sergey Matveychuk <sem@FreeBSD.org> for committing PR 76273.
|
Sunday, 17 Oct 2004
|
12:05 eik
Fix location of radiusclient.conf when RADIUS_TYPE=RADIUSCLIENT
Make some more options tunable
Noted by: Jan-Peter Koopmann <Jan-Peter.Koopmann@seceidos.de>
|
Monday, 11 Oct 2004
|
23:48 eik
- update to Exim 4.43 and exiscan 28
- add support for the SA-Exim local_scan function
+ http://marc.merlins.org/linux/exim/sa.html
- new options WITH_SA_EXIM, WITH_AUTH_SASL, WITH_RADIUS_TYPE
- fix 150.exim-tidydb.sh when Exim is installed, but not run [1]
Submitted by: Brian Somers <brian@Awfulhak.org> [1]
|
Saturday, 17 Jul 2004
|
14:21 eik
- Update to version 4.40
- Support for WITH_SPF and WITH_SRS via libspf2/libsrs2, needs exiscan
- Note for 5.x users: the default location of the start/stop file has changed.
Build WITH_RCORDER=yes when you depend on the old behaviour
- WITH_OPENLDAP_VER and WITH_MYSQL_VER does no longer imply the corresponding
WITH_ variable.
- experimental support for optionsng from devel/portmk
| Number of commits found: 45 |
|