diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2020-08-19 21:09:04 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2020-08-26 23:48:33 +0100 |
| commit | d8e99d6047e709b35eabb1395c2046100d1a1dda (patch) | |
| tree | b95baa3fd41afdd9a1243b29e679c12fcfa96143 | |
| parent | 976ef0e5fa7896394fe045e824dfb3e7d7502a68 (diff) | |
| download | exim4-d8e99d6047e709b35eabb1395c2046100d1a1dda.tar.gz | |
DANE: force SNI to use $domain. Bug 2265
Note: this is not a complete fix for the issue
(cherry picked from commit 7044dd8fd62e215572ecf5a2c7f1bb9581cf6628)
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 14 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 10 | ||||
| -rw-r--r-- | src/src/receive.c | 2 | ||||
| -rw-r--r-- | src/src/smtp_in.c | 2 | ||||
| -rw-r--r-- | src/src/tls-gnu.c | 2 | ||||
| -rw-r--r-- | src/src/tls-openssl.c | 1 | ||||
| -rw-r--r-- | src/src/transports/smtp.c | 1 | ||||
| -rw-r--r-- | test/confs/5820 | 3 | ||||
| -rw-r--r-- | test/confs/5840 | 3 | ||||
| -rw-r--r-- | test/log/2030 | 2 | ||||
| -rw-r--r-- | test/log/2031 | 4 | ||||
| -rw-r--r-- | test/log/2130 | 2 | ||||
| -rw-r--r-- | test/log/2131 | 4 | ||||
| -rw-r--r-- | test/log/5820 | 10 | ||||
| -rw-r--r-- | test/log/5840 | 10 | ||||
| -rw-r--r-- | test/stderr/5820 | 2 | ||||
| -rw-r--r-- | test/stderr/5840 | 2 |
17 files changed, 49 insertions, 25 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 616534bef..279b82859 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -25669,7 +25669,11 @@ ciphers is a preference order. .option tls_sni smtp string&!! unset .cindex "TLS" "Server Name Indication" .vindex "&$tls_sni$&" -If this option is set then it sets the $tls_out_sni variable and causes any +If this option is set +.new +and the connection is not DANE-validated +.wen +then it sets the $tls_out_sni variable and causes any TLS session to pass this value as the Server Name Indication extension to the remote side, which can be used by the remote side to select an appropriate certificate and private key for the session. @@ -29315,6 +29319,11 @@ nothing more to it. Choosing a sensible value not derived insecurely is the only point of caution. The &$tls_out_sni$& variable will be set to this string for the lifetime of the client connection (including during authentication). +.new +If DAVE validated the connection attempt then the value of the &%tls_sni%& option +is forced to the domain part of the recipient address. +.wen + Except during SMTP client sessions, if &$tls_in_sni$& is set then it is a string received from a client. It can be logged with the &%log_selector%& item &`+tls_sni`&. @@ -29518,7 +29527,7 @@ by (a) is thought to be smaller than that of the set of root CAs. It also allows the server to declare (implicitly) that connections to it should use TLS. An MITM could simply fail to pass on a server's STARTTLS. -DANE scales better than having to maintain (and side-channel communicate) copies of server certificates +DANE scales better than having to maintain (and communicate via side-channel) copies of server certificates for every possible target server. It also scales (slightly) better than having to maintain on an SMTP client a copy of the standard CAs bundle. It also means not having to pay a CA for certificates. @@ -29663,6 +29672,7 @@ If DANE is requested and useable (see above) the following transport options are tls_verify_certificates tls_crl tls_verify_cert_hostnames + tls_sni .endd If DANE is not usable, whether requested or not, and CA-anchored diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index ae4050322..ec1b03304 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -91,6 +91,16 @@ JH/24 Bug 2634: Fix a taint trap seen on NetBSD: the testing coded for is_tainted() had an off-by-one error in the overenthusiastic direction. Find and fix by Gavan. Although NetBSD is not a supported platform for 4.94 this bug could affect other platforms. +JH/21 Bug 2630: Fix eol-replacement string for the ${readsocket } expansion. + Previously when a whitespace character was specified it was not inserted + after removing the newline. + +JH/22 Bug 2265: Force SNI usage for smtp transport DANE'd connections, to be + the domain part of the recipient address. This overrides any tls_sni + option set, which was previously used. + +JH/23 Logging: with the +tls_sni log_selector, do not wrap the received SNI + in quotes. Exim version 4.94 diff --git a/src/src/receive.c b/src/src/receive.c index 0db897e9e..ec90e93cd 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -4004,7 +4004,7 @@ if (LOGGING(tls_certificate_verified) && tls_in.cipher) if (LOGGING(tls_peerdn) && tls_in.peerdn) g = string_append(g, 3, US" DN=\"", string_printing(tls_in.peerdn), US"\""); if (LOGGING(tls_sni) && tls_in.sni) - g = string_append(g, 3, US" SNI=\"", string_printing(tls_in.sni), US"\""); + g = string_append(g, 2, US" SNI=", string_printing2(tls_in.sni, SP_TAB|SP_SPACE)); #endif if (sender_host_authenticated) diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 526164c46..a13f0ed63 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1811,7 +1811,7 @@ if (LOGGING(tls_certificate_verified) && tls_in.cipher) if (LOGGING(tls_peerdn) && tls_in.peerdn) g = string_append(g, 3, US" DN=\"", string_printing(tls_in.peerdn), US"\""); if (LOGGING(tls_sni) && tls_in.sni) - g = string_append(g, 3, US" SNI=\"", string_printing(tls_in.sni), US"\""); + g = string_append(g, 2, US" SNI=", string_printing2(tls_in.sni, SP_TAB|SP_SPACE)); return g; } #endif diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 875c82efa..a34633390 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -2863,7 +2863,7 @@ DEBUG(D_tls) debug_printf("initialising GnuTLS as a client on fd %d\n", cctx->so /* If dane is flagged, have either request or require dane for this host, and a TLSA record found. Therefore, dane verify required. Which implies cert must be requested and supplied, dane verify must pass, and cert verify irrelevant -(incl. hostnames), and (caller handled) require_tls */ +(incl. hostnames), and (caller handled) require_tls and sni=$domain */ if (conn_args->dane && ob->dane_require_tls_ciphers) { diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index a62322928..054b23d0c 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -3197,6 +3197,7 @@ tlsp->tlsa_usage = 0; #ifndef DISABLE_OCSP { # ifdef SUPPORT_DANE + /*XXX this should be moved to caller, to be common across gnutls/openssl */ if ( conn_args->dane && ob->hosts_request_ocsp[0] == '*' && ob->hosts_request_ocsp[1] == '\0' diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 8492a7f25..28dd8ff24 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -2020,6 +2020,7 @@ if (!continue_hostname) { case OK: sx->conn_args.dane = TRUE; ob->tls_tempfail_tryclear = FALSE; + ob->tls_sni = sx->addrlist->domain; break; case FAIL_FORCED: break; default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER, diff --git a/test/confs/5820 b/test/confs/5820 index 76dc75efe..7ee165221 100644 --- a/test/confs/5820 +++ b/test/confs/5820 @@ -16,7 +16,8 @@ acl_smtp_rcpt = accept logwrite = "rcpt ACL" acl_smtp_rcpt = accept verify = recipient/callout .endif -log_selector = +received_recipients +tls_peerdn +tls_certificate_verified +log_selector = +received_recipients +tls_peerdn +tls_certificate_verified \ + +tls_sni queue_run_in_order diff --git a/test/confs/5840 b/test/confs/5840 index 5852ef2c0..1b3b122b3 100644 --- a/test/confs/5840 +++ b/test/confs/5840 @@ -16,7 +16,8 @@ acl_smtp_rcpt = accept logwrite = "rcpt ACL" acl_smtp_rcpt = accept verify = recipient/callout .endif -log_selector = +received_recipients +tls_peerdn +tls_certificate_verified +log_selector = +received_recipients +tls_peerdn +tls_certificate_verified \ + +tls_sni queue_run_in_order diff --git a/test/log/2030 b/test/log/2030 index d64f145d9..9c926fd6e 100644 --- a/test/log/2030 +++ b/test/log/2030 @@ -5,6 +5,6 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 SNI <fred> -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI="fred" S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=fred S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <CALLER@test.ex> R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/2031 b/test/log/2031 index 37679a24b..3b8f61de8 100644 --- a/test/log/2031 +++ b/test/log/2031 @@ -8,10 +8,10 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 SNI <fred> -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI="fred" S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=fred S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <CALLER@test.ex> R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 SNI <bill> -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI="bill" S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for abcd@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=bill S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for abcd@test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <abcd@test.ex> R=server 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed diff --git a/test/log/2130 b/test/log/2130 index 564aa0a95..fc45c0a47 100644 --- a/test/log/2130 +++ b/test/log/2130 @@ -5,6 +5,6 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 SNI <fred> -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI="fred" S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=fred S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <CALLER@test.ex> R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/2131 b/test/log/2131 index e5c93f700..38aa87171 100644 --- a/test/log/2131 +++ b/test/log/2131 @@ -8,10 +8,10 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 SNI <fred> -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI="fred" S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=fred S=sss id=E10HmaX-0005vi-00@myhost.test.ex for CALLER@test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <CALLER@test.ex> R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 SNI <bill> -1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI="bill" S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for abcd@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=bill S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for abcd@test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <abcd@test.ex> R=server 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed diff --git a/test/log/5820 b/test/log/5820 index 62425a1d0..a26927024 100644 --- a/test/log/5820 +++ b/test/log/5820 @@ -81,17 +81,17 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for t1@dane256ee.test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=dane256ee.test.ex S=sss id=E10HmaX-0005vi-00@myhost.test.ex for t1@dane256ee.test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 => :blackhole: <t1@dane256ee.test.ex> R=server 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for t2@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmaY-0005vi-00@myhost.test.ex for t2@mxdane512ee.test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <t2@mxdane512ee.test.ex> R=server 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 "rcpt ACL" 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for t4@mxdane256ta.test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane256ta.test.ex S=sss id=E10HmbB-0005vi-00@myhost.test.ex for t4@mxdane256ta.test.ex 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <t4@mxdane256ta.test.ex> R=server 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D @@ -123,13 +123,13 @@ 1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <t17@danebroken5.test.ex> R=server 1999-03-02 09:44:33 10HmbU-0005vi-00 Completed 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmbX-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbW-0005vi-00@myhost.test.ex for t18a@danemixed.test.ex +1999-03-02 09:44:33 10HmbX-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=danemixed.test.ex S=sss id=E10HmbW-0005vi-00@myhost.test.ex for t18a@danemixed.test.ex 1999-03-02 09:44:33 10HmbX-0005vi-00 => :blackhole: <t18a@danemixed.test.ex> R=server 1999-03-02 09:44:33 10HmbX-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 TLS error on connection from localhost [127.0.0.1] (recv): A TLS fatal alert has been received: Certificate is bad 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmcA-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbZ-0005vi-00@myhost.test.ex for t20@danebroken8.example.com +1999-03-02 09:44:33 10HmcA-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=danebroken8.example.com S=sss id=E10HmbZ-0005vi-00@myhost.test.ex for t20@danebroken8.example.com 1999-03-02 09:44:33 10HmcA-0005vi-00 => :blackhole: <t20@danebroken8.example.com> R=server 1999-03-02 09:44:33 10HmcA-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D diff --git a/test/log/5840 b/test/log/5840 index c20028825..b351197e2 100644 --- a/test/log/5840 +++ b/test/log/5840 @@ -81,22 +81,22 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for t1@dane256ee.test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=dane256ee.test.ex S=sss id=E10HmaX-0005vi-00@myhost.test.ex for t1@dane256ee.test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 => :blackhole: <t1@dane256ee.test.ex> R=server 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for t2@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmaY-0005vi-00@myhost.test.ex for t2@mxdane512ee.test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <t2@mxdane512ee.test.ex> R=server 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 "rcpt ACL" 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbB-0005vi-00@myhost.test.ex for t4@mxdane256ta.test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane256ta.test.ex S=sss id=E10HmbB-0005vi-00@myhost.test.ex for t4@mxdane256ta.test.ex 1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <t4@mxdane256ta.test.ex> R=server 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for t5@mxdane256tak.test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane256tak.test.ex S=sss id=E10HmbD-0005vi-00@myhost.test.ex for t5@mxdane256tak.test.ex 1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <t5@mxdane256tak.test.ex> R=server 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D @@ -130,7 +130,7 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (SSL_accept): error: <<detail omitted>> 1999-03-02 09:44:33 "rcpt ACL" -1999-03-02 09:44:33 10HmcA-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbZ-0005vi-00@myhost.test.ex for t20@danebroken8.example.com +1999-03-02 09:44:33 10HmcA-0005vi-00 <= <> H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=danebroken8.example.com S=sss id=E10HmbZ-0005vi-00@myhost.test.ex for t20@danebroken8.example.com 1999-03-02 09:44:33 10HmcA-0005vi-00 => :blackhole: <t20@danebroken8.example.com> R=server 1999-03-02 09:44:33 10HmcA-0005vi-00 Completed 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D diff --git a/test/stderr/5820 b/test/stderr/5820 index 032f2b9f3..5bb902961 100644 --- a/test/stderr/5820 +++ b/test/stderr/5820 @@ -9,7 +9,7 @@ >>> host in helo_verify_hosts? no (option unset) >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) ->>> processing "accept" (TESTSUITE/test-config 87) +>>> processing "accept" (TESTSUITE/test-config 88) >>> check verify = recipient/callout >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing rcptuser@dane256ee.test.ex diff --git a/test/stderr/5840 b/test/stderr/5840 index dbd4d235c..423ed83a3 100644 --- a/test/stderr/5840 +++ b/test/stderr/5840 @@ -9,7 +9,7 @@ >>> host in helo_verify_hosts? no (option unset) >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) ->>> processing "accept" (TESTSUITE/test-config 92) +>>> processing "accept" (TESTSUITE/test-config 93) >>> check verify = recipient/callout >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing rcptuser@dane256ee.test.ex |