1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
From 77cc1ad3058e4ef7ae82adb914ccff0be9fe2c8b Mon Sep 17 00:00:00 2001
From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
Date: Sat, 3 Apr 2021 09:29:13 +0200
Subject: [PATCH 18/23] update doc
---
doc/doc-docbook/spec.xfpt | 45 ++++++++++++++++++++++++++++++++++++++-
doc/NewStuff | 45 +++++++++++++++++++++++++++++++++++++++
2 files changed, 89 insertions(+), 1 deletion(-)
--- a/doc/NewStuff
+++ b/doc/NewStuff
@@ -4,10 +4,55 @@
This file contains descriptions of new features that have been added to Exim.
Before a formal release, there may be quite a lot of detail so that people can
test from the snapshots or the Git before the documentation is updated. Once
the documentation is updated, this file is reduced to a short list.
+Version 4.95
+------------
+
+ 1. The fast-ramp two phase queue run support, previously experimental, is
+ now supported by default.
+
+ 2. The native SRS support, previously experimental, is now supported. It is
+ not built unless specified in the Local/Makefile.
+
+ 3. TLS resumption support, previously experimental, is now supported and
+ included in default builds.
+
+ 4. Single-key LMDB lookups, previously experimental, are now supported.
+ The support is not built unless specified in the Local/Makefile.
+
+ 5. Option "message_linelength_limit" on the smtp transport to enforce (by
+ default) the RFC 998 character limit.
+
+ 6. An option to ignore the cache on a lookup.
+
+ 7. Quota checking during reception (i.e. at SMTP time) for appendfile-
+ transport-managed quotas.
+
+ 8. Sqlite lookups accept a "file=<path>" option to specify a per-operation
+ db file, replacing the previous prefix to the SQL string (which had
+ issues when the SQL used tainted values).
+
+ 9. Lsearch lookups accept a "ret=full" option, to return both the portion
+ of the line matching the key, and the remainder.
+
+10. A command-line option to have a daemon not create a notifier socket.
+
+11. Faster TLS startup. When various configuration options contain no
+ expandable elements, the information can be preloaded and cached rather
+ than the provious behaviour of always loading at startup time for every
+ connection. This helps particularly for the CA bundle.
+
+12. Proxy Protocol Timeout is configurable via "proxy_protocol_timeout"
+ main config option.
+
+13. Option "smtp_accept_msx_per_connection" is now expanded.
+
+13. A main config option "allow_insecure_tainted_data" allows to turn
+ taint errors into warnings.
+
Version 4.94
------------
1. EXPERIMENTAL_SRS_NATIVE optional build feature. See the experimental.spec
file.
--- a/doc/spec.txt
+++ b/doc/spec.txt
@@ -8650,12 +8650,20 @@
Whether a string is expanded depends upon the context. Usually this is solely
dependent upon the option for which a value is sought; in this documentation,
options for which string expansion is performed are marked with * after the
data type. ACL rules always expand strings. A couple of expansion conditions do
not expand some of the brace-delimited branches, for security reasons, and
-expansion of data deriving from the sender ("tainted data") is not permitted.
-
+expansion of data deriving from the sender ("tainted data") is not permitted
+(including acessing a file using a tainted name). The main config
+option allow_insecure_tainted_data can be used as mitigation during
+uprades to more secure configurations.
+
+Common ways of obtaining untainted equivalents of variables with tainted
+values come down to using the tainted value as a lookup key in a trusted
+database. This database could be the filesystem structure, or the
+password file, or accessed via a DBMS. Specific methods are indexed
+under "de-tainting".
11.1 Literal text in expanded strings
-------------------------------------
An uninterpreted dollar can be included in an expanded string by putting a
@@ -12946,10 +12954,12 @@
14.1 Miscellaneous
------------------
+add_environment environment variables
+allow_insecure_tainted_data turn taint errors into warnings
bi_command to run for -bi command line option
debug_store do extra internal checks
disable_ipv6 do no IPv6 processing
keep_malformed for broken files - should not happen
localhost_number for unique message ids in clusters
@@ -13553,10 +13563,20 @@
true, and also to add "@[]" to the list of local domains (defined in the named
domain list local_domains in the default configuration). This "magic string"
matches the domain literal form of all the local host's IP addresses.
+-----------------------------------------------------+
+|allow_insecure_tainted_data main boolean false |
++-----------------------------------------------------+
+
+The handling of tainted data may break older (pre 4.94) configurations.
+Setting this option to "true" turns taint errors (which result in a temporary
+message rejection) into warnings. This option is meant as mitigation only
+and deprecated already today. Future releases of Exim may ignore it.
+The taint log selector can be used to suppress even the warnings.
+
++-----------------------------------------------------+
|allow_mx_to_ip|Use: main|Type: boolean|Default: false|
+-----------------------------------------------------+
It appears that more and more DNS zone administrators are breaking the rules
and putting domain names that look like IP addresses on the right hand side of
@@ -35316,10 +35336,11 @@
smtp_mailauth AUTH argument to MAIL commands
smtp_no_mail session with no MAIL commands
smtp_protocol_error SMTP protocol errors
smtp_syntax_error SMTP syntax errors
subject contents of Subject: on <= lines
+*taint taint errors or warnings
*tls_certificate_verified certificate verification status
*tls_cipher TLS cipher suite on <= and => lines
tls_peerdn TLS peer DN on <= and => lines
tls_sni TLS SNI on <= lines
unknown_in_list DNS lookup failed in list match
@@ -35604,11 +35625,13 @@
* tls_certificate_verified: An extra item is added to <= and => log lines
when TLS is in use. The item is "CV=yes" if the peer's certificate was
verified using a CA trust anchor, "CA=dane" if using a DNS trust anchor,
and "CV=no" if not.
-
+ * taint: Log warnings about tainted data. This selector can't be
+ turned of if allow_insecure_tainted_data is false (which is the
+ default).
* tls_cipher: When a message is sent or received over an encrypted
connection, the cipher suite used is added to the log line, preceded by X=.
* tls_peerdn: When a message is sent or received over an encrypted
connection, and a certificate is supplied by the remote host, the peer DN
|
