From 2a4d620121a148e163f36346b755d7da9d199f6b Mon Sep 17 00:00:00 2001 From: Graeme Walker Date: Thu, 10 Aug 2023 12:00:00 +0000 Subject: [PATCH] v2.5 --- .readthedocs.yaml | 15 + ChangeLog | 15 + LICENSE | 5 +- Makefile.am | 23 +- Makefile.in | 70 +- NEWS | 200 +- README | 130 +- README.md | 133 +- README.rst | 153 +- VERSION | 2 +- aclocal.m4 | 75 +- bin/Makefile.am | 56 +- bin/Makefile.in | 95 +- bin/emailrelay-bcc-check.pl | 2 +- bin/emailrelay-check-ipaddress.js | 2 +- bin/emailrelay-check-ipaddress.pl | 2 +- bin/emailrelay-deliver.sh.in | 70 - bin/emailrelay-dkim-signer.pl | 2 +- bin/emailrelay-edit-content.js | 2 +- bin/emailrelay-edit-envelope.js | 2 +- bin/emailrelay-ldap-verify.py | 4 +- bin/emailrelay-multicast.sh | 2 +- bin/emailrelay-notify.sh.in | 2 +- bin/emailrelay-resubmit.js | 2 +- bin/emailrelay-resubmit.sh.in | 2 +- bin/emailrelay-rot13.pl | 2 +- bin/emailrelay-sendmail.pl | 9 +- bin/emailrelay-service-install.js | 2 +- bin/emailrelay-set-from.js | 5 +- bin/emailrelay-set-from.pl | 5 +- bin/emailrelay-set-message-id.js | 77 + bin/emailrelay-submit.sh.in | 2 +- bin/emailrelay.sh.in | 26 +- bsd/Makefile.am | 2 +- bsd/Makefile.in | 35 +- bsd/emailrelay-bsd.sh.in | 2 +- compile | 17 +- configure | 726 ++--- configure.ac | 21 +- configure.sh | 15 +- debian/Makefile.am | 5 +- debian/Makefile.in | 36 +- debian/changelog | 17 +- debian/compat | 1 - debian/conffiles | 0 debian/control | 12 +- debian/copyright | 2 +- debian/emailrelay.default | 5 +- debian/emailrelay.init | 26 +- debian/emailrelay.pam | 2 + debian/rules | 6 +- depcomp | 10 +- doc/Makefile.am | 46 +- doc/Makefile.in | 80 +- doc/authentication.png | Bin 18610 -> 18029 bytes doc/authentication.svg | 66 +- doc/changelog.html | 89 +- doc/changelog.md | 23 +- doc/changelog.rst | 29 +- doc/changelog.txt | 15 + doc/{conf.py.sphinx => conf.py} | 6 +- doc/developer.html | 202 +- doc/developer.md | 163 +- doc/developer.rst | 188 +- doc/developer.txt | 155 +- doc/doxygen-missing.html | 2 +- doc/doxygen.cfg.in | 304 +- doc/emailrelay-doxygen.css | 22 +- doc/emailrelay-filter-copy.1 | 57 - doc/emailrelay-man.html | 40 +- doc/emailrelay-passwd.1 | 4 +- doc/emailrelay-submit.1 | 5 +- doc/emailrelay.1 | 38 +- doc/emailrelay.css | 8 +- doc/forwardto.png | Bin 17782 -> 17759 bytes doc/forwardto.svg | 56 +- doc/index.html | 2 +- doc/mailserver.png | Bin 0 -> 34127 bytes doc/mailserver.svg | 482 +++ doc/man2html-missing.html | 2 +- doc/popbyname.png | Bin 0 -> 26486 bytes doc/popbyname.svg | 431 +++ doc/readme.html | 163 +- doc/readme.md | 133 +- doc/readme.rst | 153 +- doc/readme.txt | 130 +- doc/reference.html | 1649 ++++++---- doc/reference.md | 1330 +++++--- doc/reference.rst | 1426 +++++--- doc/reference.txt | 1295 +++++--- doc/serverclient.png | Bin 17485 -> 17498 bytes doc/serverclient.svg | 40 +- doc/userguide.html | 631 ++-- doc/userguide.md | 520 +-- doc/userguide.rst | 554 ++-- doc/userguide.txt | 513 +-- doc/whatisit.png | Bin 22985 -> 22906 bytes doc/whatisit.svg | 68 +- doc/windows.html | 133 +- doc/windows.md | 119 +- doc/windows.rst | 125 +- doc/windows.txt | 117 +- emailrelay.spec | 61 +- etc/Makefile.am | 66 +- etc/Makefile.in | 163 +- ...relay.auth.template => emailrelay.auth.in} | 0 ...relay.conf.template => emailrelay.conf.in} | 113 +- install-sh | 179 +- {bin => libexec}/AutoMakeParser.pm | 5 +- {bin => libexec}/CompilationDatabase.pm | 4 +- {bin => libexec}/ConfigStatus.pm | 60 +- libexec/Functions.pm | 163 + libexec/Makefile.am | 41 + libexec/Makefile.in | 475 +++ libexec/Reduce.pm | 359 ++ {bin => libexec}/doxygen.sh | 2 +- {bin => libexec}/make-format | 6 +- {bin => libexec}/make-manifest.sh | 2 +- {bin => libexec}/make-setup.sh | 33 +- {doc => libexec}/make-website | 31 +- {bin => libexec}/make2cdb | 20 +- {bin => libexec}/make2cmake | 31 +- {bin => libexec}/make2unity | 10 +- libexec/reduce | 140 + libexec/reduce.pl | 145 + {bin => libexec}/winbuild.pm | 105 +- m4/Makefile.am | 3 +- m4/Makefile.in | 34 +- m4/acinclude.m4 | 1080 ++++--- m4/m4_ax_cxx_compile_stdcxx.m4 | 103 +- m4/m4_ax_cxx_compile_stdcxx_11.m4 | 39 - missing | 16 +- po/Makefile.am | 10 +- po/Makefile.in | 41 +- po/Makevars | 2 +- po/POTFILES.in | 73 +- runperl.bat | 13 +- src/.clang-tidy | 28 +- src/.reduce.dat | 2874 +++++++++++++++++ src/Makefile.am | 18 +- src/Makefile.in | 52 +- src/gauth/Makefile.am | 25 +- src/gauth/Makefile.in | 85 +- src/gauth/gcram.cpp | 45 +- src/gauth/gcram.h | 4 +- src/gauth/gsaslclient.cpp | 98 +- src/gauth/gsaslclient.h | 17 +- src/gauth/gsaslclientsecrets.cpp | 2 +- src/gauth/gsaslclientsecrets.h | 25 +- src/gauth/gsaslserver.cpp | 2 +- src/gauth/gsaslserver.h | 15 +- src/gauth/gsaslserverbasic.cpp | 47 +- src/gauth/gsaslserverbasic.h | 7 +- src/gauth/gsaslserverfactory.h | 5 +- src/gauth/gsaslserverfactory_basic.cpp | 6 +- src/gauth/gsaslserverfactory_pam.cpp | 12 +- src/gauth/gsaslserverpam.cpp | 21 +- src/gauth/gsaslserverpam.h | 7 +- src/gauth/gsaslserversecrets.cpp | 2 +- src/gauth/gsaslserversecrets.h | 11 +- src/gauth/gsecret.cpp | 145 +- src/gauth/gsecret.h | 75 +- src/gauth/gsecrets.cpp | 148 +- src/gauth/gsecrets.h | 119 +- src/gauth/gsecretsfile.cpp | 332 +- src/gauth/gsecretsfile.h | 85 +- src/gconfig_defs.h.in | 15 +- src/gfilters/Makefile.am | 56 + src/gfilters/Makefile.in | 682 ++++ src/gfilters/gcopyfilter.cpp | 105 + src/gfilters/gcopyfilter.h | 62 + src/gfilters/gdeliveryfilter.cpp | 55 + src/gfilters/gdeliveryfilter.h | 60 + src/{gsmtp => gfilters}/gexecutablefilter.cpp | 96 +- src/{gsmtp => gfilters}/gexecutablefilter.h | 43 +- src/{gsmtp => gfilters}/gfilterchain.cpp | 65 +- src/{gsmtp => gfilters}/gfilterchain.h | 46 +- src/gfilters/gfilterfactory.cpp | 257 ++ src/gfilters/gfilterfactory.h | 90 + src/gfilters/gmessageidfilter.cpp | 119 + src/gfilters/gmessageidfilter.h | 63 + src/gfilters/gmxfilter.cpp | 213 ++ src/gfilters/gmxfilter.h | 98 + src/gfilters/gmxlookup.cpp | 313 ++ src/gfilters/gmxlookup.h | 111 + src/{gsmtp => gfilters}/gnetworkfilter.cpp | 62 +- src/{gsmtp => gfilters}/gnetworkfilter.h | 43 +- src/gfilters/gnullfilter.cpp | 108 + src/gfilters/gnullfilter.h | 86 + src/gfilters/gsimplefilterbase.cpp | 96 + src/gfilters/gsimplefilterbase.h | 78 + src/gfilters/gspamfilter.cpp | 140 + src/{gsmtp => gfilters}/gspamfilter.h | 48 +- src/gfilters/gsplitfilter.cpp | 165 + src/gfilters/gsplitfilter.h | 62 + src/glib/Makefile.am | 91 +- src/glib/Makefile.in | 330 +- src/glib/galign.h | 113 - src/glib/garg.cpp | 36 +- src/glib/garg.h | 12 +- src/glib/gassert.h | 12 +- src/glib/gbase64.cpp | 4 +- src/glib/gbase64.h | 2 +- src/glib/gbasicaddress.h | 62 + src/glib/gbatchfile.cpp | 2 +- src/glib/gbatchfile.h | 8 +- src/glib/gbuffer.h | 6 +- src/glib/gcall.h | 2 +- src/glib/gcleanup.h | 2 +- src/glib/gcleanup_unix.cpp | 10 +- src/glib/gcleanup_win32.cpp | 2 +- src/glib/gconvert.cpp | 20 +- src/glib/gconvert.h | 45 +- src/glib/gconvert_unix.cpp | 42 - src/glib/gconvert_win32.cpp | 2 +- src/glib/gdaemon.h | 2 +- src/glib/gdaemon_unix.cpp | 4 +- src/glib/gdaemon_win32.cpp | 2 +- src/glib/gdate.cpp | 22 +- src/glib/gdate.h | 12 +- src/glib/gdatetime.cpp | 181 +- src/glib/gdatetime.h | 2 +- src/glib/gdef.h | 44 +- src/glib/gdirectory.cpp | 29 +- src/glib/gdirectory.h | 14 +- src/glib/gdirectory_unix.cpp | 4 +- src/glib/gdirectory_win32.cpp | 2 +- src/glib/geightbit.h | 150 - src/glib/genvironment.cpp | 14 +- src/glib/genvironment.h | 4 +- src/glib/genvironment_unix.cpp | 6 +- src/glib/genvironment_win32.cpp | 8 +- src/glib/gexception.cpp | 2 +- src/glib/gexception.h | 2 +- src/glib/gexecutablecommand.cpp | 29 +- src/glib/gexecutablecommand.h | 26 +- src/glib/gexecutablecommand_win32.cpp | 64 - src/glib/gfbuf.h | 6 +- src/glib/gfile.cpp | 24 +- src/glib/gfile.h | 47 +- src/glib/gfile_unix.cpp | 55 +- src/glib/gfile_win32.cpp | 59 +- src/glib/gformat.cpp | 12 +- src/glib/gformat.h | 6 +- src/glib/ggetopt.cpp | 62 +- src/glib/ggetopt.h | 22 +- src/glib/ggettext.h | 21 +- src/glib/ggettext_none.cpp | 2 +- src/glib/ggettext_unix.cpp | 4 +- src/glib/ggettext_win32.cpp | 4 +- src/glib/ghash.cpp | 2 +- src/glib/ghash.h | 2 +- src/glib/ghashstate.h | 2 +- src/glib/ghostname.h | 2 +- src/glib/ghostname_unix.cpp | 2 +- src/glib/ghostname_win32.cpp | 2 +- src/glib/gidentity.h | 35 +- src/glib/gidentity_unix.cpp | 249 +- src/glib/gidentity_win32.cpp | 270 +- src/glib/gimembuf.h | 2 +- src/glib/glimits.h | 60 +- src/glib/glog.cpp | 12 +- src/glib/glog.h | 62 +- src/glib/glogoutput.cpp | 18 +- src/glib/glogoutput.h | 35 +- src/glib/glogoutput_unix.cpp | 4 +- src/glib/glogoutput_win32.cpp | 2 +- src/glib/glogstream.cpp | 4 +- src/glib/glogstream.h | 2 +- src/glib/gmapfile.cpp | 8 +- src/glib/gmapfile.h | 2 +- src/glib/gmd5.cpp | 30 +- src/glib/gmd5.h | 2 +- src/glib/gmsg.h | 2 +- src/glib/gmsg_mac.cpp | 60 + src/glib/gmsg_unix.cpp | 163 +- src/glib/gmsg_win32.cpp | 4 +- src/glib/gnewprocess.h | 288 +- src/glib/gnewprocess_unix.cpp | 87 +- src/glib/gnewprocess_win32.cpp | 161 +- src/glib/gomembuf.h | 2 +- src/glib/goption.cpp | 2 +- src/glib/goption.h | 6 +- src/glib/goptional.h | 23 +- src/glib/goptionmap.cpp | 13 +- src/glib/goptionmap.h | 5 +- src/glib/goptionparser.cpp | 61 +- src/glib/goptionparser.h | 25 +- src/glib/goptionreader.cpp | 68 + src/glib/goptionreader.h | 55 + src/glib/goptions.cpp | 39 +- src/glib/goptions.h | 28 +- src/glib/goptionsusage.cpp | 124 +- src/glib/goptionsusage.h | 22 +- src/glib/goptionvalue.h | 22 +- src/glib/gpam.h | 3 +- src/glib/gpam_linux.cpp | 20 +- src/glib/gpam_none.cpp | 2 +- src/glib/gpath.cpp | 46 +- src/glib/gpath.h | 4 +- src/glib/gpidfile.cpp | 4 +- src/glib/gpidfile.h | 2 +- src/glib/gprocess.h | 38 +- src/glib/gprocess_unix.cpp | 24 +- src/glib/gprocess_win32.cpp | 15 +- src/glib/grandom.cpp | 2 +- src/glib/grandom.h | 9 +- src/glib/grange.h | 76 + src/glib/greadwrite.cpp | 2 +- src/glib/greadwrite.h | 2 +- src/glib/groot.cpp | 11 +- src/glib/groot.h | 2 +- src/glib/gscope.h | 28 +- src/glib/gsignalsafe.h | 2 +- src/glib/gsleep.h | 4 +- src/glib/gslot.cpp | 2 +- src/glib/gslot.h | 44 +- src/glib/{gstrings.h => gstatemachine.cpp} | 17 +- src/glib/gstatemachine.h | 80 +- src/glib/gstr.cpp | 449 ++- src/glib/gstr.h | 89 +- src/glib/gstringarray.h | 2 +- src/glib/gstringfield.h | 99 +- src/glib/gstringlist.cpp | 8 +- src/glib/gstringlist.h | 2 +- src/glib/gstringmap.h | 2 +- src/glib/gstringtoken.h | 13 +- src/glib/gstringview.cpp | 56 +- src/glib/gstringview.h | 35 +- src/glib/gstringwrap.cpp | 2 +- src/glib/gstringwrap.h | 2 +- src/glib/gstrmacros.h | 2 +- src/glib/gtest.cpp | 2 +- src/glib/gtest.h | 2 +- src/glib/gthread.cpp | 4 +- src/glib/gtime.cpp | 26 +- src/glib/gtime.h | 2 +- src/glib/gxtext.cpp | 10 +- src/glib/gxtext.h | 2 +- src/gnet/Makefile.am | 431 +-- src/gnet/Makefile.in | 501 +-- src/gnet/gaddress.cpp | 25 +- src/gnet/gaddress.h | 6 +- src/gnet/gaddress4.cpp | 8 +- src/gnet/gaddress4.h | 2 +- src/gnet/gaddress6.cpp | 10 +- src/gnet/gaddress6.h | 2 +- src/gnet/gaddresslocal.h | 2 +- src/gnet/gaddresslocal_none.cpp | 2 +- src/gnet/gaddresslocal_unix.cpp | 8 +- src/gnet/gclient.cpp | 32 +- src/gnet/gclient.h | 52 +- src/gnet/gclientptr.cpp | 18 +- src/gnet/gclientptr.h | 114 +- src/gnet/gconnection.cpp | 2 +- src/gnet/gconnection.h | 2 +- src/gnet/gdescriptor.h | 2 +- src/gnet/gdescriptor_unix.cpp | 4 +- src/gnet/gdescriptor_win32.cpp | 2 +- src/gnet/gdnsbl.h | 4 +- src/gnet/gdnsbl_disabled.cpp | 2 +- src/gnet/gdnsbl_enabled.cpp | 2 +- src/gnet/gdnsblock.cpp | 159 +- src/gnet/gdnsblock.h | 21 +- src/gnet/gdnsmessage.cpp | 174 +- src/gnet/gdnsmessage.h | 96 +- src/gnet/gevent.h | 2 +- src/gnet/geventemitter.cpp | 2 +- src/gnet/geventemitter.h | 2 +- src/gnet/geventhandler.cpp | 4 +- src/gnet/geventhandler.h | 2 +- src/gnet/geventloggingcontext.cpp | 2 +- src/gnet/geventloggingcontext.h | 2 +- src/gnet/geventloop.cpp | 6 +- src/gnet/geventloop.h | 2 +- src/gnet/geventloop_epoll.cpp | 2 +- src/gnet/geventloop_select.cpp | 2 +- src/gnet/geventloop_win32.cpp | 8 +- src/gnet/geventloophandles.h | 137 +- ...ophandles.cpp => geventloophandles_st.cpp} | 11 +- src/gnet/gexceptionhandler.cpp | 2 +- src/gnet/gexceptionhandler.h | 2 +- src/gnet/gexceptionsink.cpp | 4 +- src/gnet/gexceptionsink.h | 2 +- src/gnet/gexceptionsource.cpp | 2 +- src/gnet/gexceptionsource.h | 6 +- src/gnet/gfutureevent.h | 2 +- src/gnet/gfutureevent_unix.cpp | 2 +- src/gnet/gfutureevent_win32.cpp | 2 +- src/gnet/ginterfaces.h | 51 +- src/gnet/ginterfaces_common.cpp | 95 +- src/gnet/ginterfaces_none.cpp | 44 +- src/gnet/ginterfaces_unix.cpp | 4 +- src/gnet/ginterfaces_win32.cpp | 2 +- src/gnet/glinebuffer.cpp | 13 +- src/gnet/glinebuffer.h | 7 +- src/gnet/glinestore.cpp | 6 +- src/gnet/glinestore.h | 2 +- src/gnet/glistener.h | 2 +- src/gnet/glocal.cpp | 32 +- src/gnet/glocal.h | 19 +- src/gnet/glocation.cpp | 6 +- src/gnet/glocation.h | 2 +- src/gnet/gmonitor.cpp | 38 +- src/gnet/gmonitor.h | 2 +- src/gnet/gmultiserver.cpp | 383 ++- src/gnet/gmultiserver.h | 31 +- .../gnameservers.h} | 22 +- src/gnet/gnameservers_unix.cpp | 45 + src/gnet/gnameservers_win32.cpp | 63 + src/gnet/gnetdone.cpp | 2 +- src/gnet/gnetdone.h | 2 +- src/gnet/gresolver.cpp | 4 +- src/gnet/gresolver.h | 2 +- src/gnet/gresolverfuture.cpp | 2 +- src/gnet/gresolverfuture.h | 2 +- src/gnet/gserver.cpp | 2 +- src/gnet/gserver.h | 6 +- src/gnet/gserverpeer.cpp | 10 +- src/gnet/gserverpeer.h | 19 +- src/gnet/gsocket.cpp | 10 +- src/gnet/gsocket.h | 51 +- src/gnet/gsocket_unix.cpp | 28 +- src/gnet/gsocket_win32.cpp | 9 +- src/gnet/gsocketprotocol.cpp | 8 +- src/gnet/gsocketprotocol.h | 17 +- src/gnet/gsocks.cpp | 2 +- src/gnet/gsocks.h | 2 +- src/gnet/gtask.cpp | 29 +- src/gnet/gtask.h | 2 +- src/gnet/gtimer.cpp | 2 +- src/gnet/gtimer.h | 2 +- src/gnet/gtimerlist.cpp | 6 +- src/gnet/gtimerlist.h | 2 +- src/gpop/Makefile.am | 67 +- src/gpop/Makefile.in | 137 +- src/gpop/gpop.h | 53 + src/gpop/gpop_disabled.cpp | 48 + src/gpop/gpop_enabled.cpp | 51 + src/gpop/gpopserver.cpp | 22 +- src/gpop/gpopserver.h | 23 +- src/gpop/gpopserverprotocol.cpp | 294 +- src/gpop/gpopserverprotocol.h | 34 +- src/gpop/gpopstore.cpp | 567 ++-- src/gpop/gpopstore.h | 173 +- src/gsmtp/Makefile.am | 99 +- src/gsmtp/Makefile.in | 288 +- src/gsmtp/gadminserver.cpp | 263 +- src/gsmtp/gadminserver.h | 137 +- src/gsmtp/genvelope.cpp | 303 -- src/gsmtp/genvelope.h | 77 - src/gsmtp/gexecutableverifier.cpp | 118 - src/gsmtp/gfactoryparser.cpp | 171 - src/gsmtp/gfactoryparser.h | 91 - src/gsmtp/gfilestore.cpp | 356 -- src/gsmtp/gfilter.cpp | 68 +- src/gsmtp/gfilter.h | 72 +- src/gsmtp/gfilterfactory.cpp | 73 - src/gsmtp/gfilterfactory.h | 77 - src/gsmtp/gfilterfactorybase.cpp | 50 + src/gsmtp/gfilterfactorybase.h | 62 + src/gsmtp/gnetworkverifier.cpp | 135 - src/gsmtp/gnewfile.cpp | 231 -- src/gsmtp/gnullfilter.cpp | 87 - src/gsmtp/gnullfilter.h | 75 - src/gsmtp/gprotocolmessage.cpp | 16 +- src/gsmtp/gprotocolmessage.h | 66 +- src/gsmtp/gprotocolmessageforward.cpp | 76 +- src/gsmtp/gprotocolmessageforward.h | 58 +- src/gsmtp/gprotocolmessagestore.cpp | 116 +- src/gsmtp/gprotocolmessagestore.h | 51 +- src/gsmtp/grequestclient.cpp | 19 +- src/gsmtp/grequestclient.h | 6 +- src/gsmtp/gsmtpclient.cpp | 266 +- src/gsmtp/gsmtpclient.h | 135 +- src/gsmtp/gsmtpclientprotocol.cpp | 1204 +++---- src/gsmtp/gsmtpclientprotocol.h | 391 +-- src/gsmtp/gsmtpclientreply.cpp | 207 ++ src/gsmtp/gsmtpclientreply.h | 150 + src/gsmtp/gsmtpforward.cpp | 370 +++ src/gsmtp/gsmtpforward.h | 167 + src/gsmtp/gsmtpserver.cpp | 238 +- src/gsmtp/gsmtpserver.h | 155 +- src/gsmtp/gsmtpserverbufferin.cpp | 126 + src/gsmtp/gsmtpserverbufferin.h | 140 + src/gsmtp/gsmtpserverflowcontrol.h | 20 + src/gsmtp/gsmtpserverparser.cpp | 275 ++ src/gsmtp/gsmtpserverparser.h | 98 + src/gsmtp/gsmtpserverprotocol.cpp | 1317 ++++---- src/gsmtp/gsmtpserverprotocol.h | 502 ++- src/gsmtp/gsmtpserversend.cpp | 292 ++ src/gsmtp/gsmtpserversend.h | 113 + src/gsmtp/gsmtpserversender.h | 76 + src/gsmtp/gsmtpservertext.cpp | 103 + src/gsmtp/gsmtpservertext.h | 68 + src/gsmtp/gspamclient.cpp | 14 +- src/gsmtp/gspamclient.h | 2 +- src/gsmtp/gspamfilter.cpp | 129 - src/gsmtp/gstoredfile.cpp | 418 --- src/gsmtp/gstoredfile.h | 130 - src/gsmtp/gstoredmessage.h | 174 - src/gsmtp/gverifier.cpp | 2 +- src/gsmtp/gverifier.h | 34 +- src/gsmtp/gverifierfactory.cpp | 48 - src/gsmtp/gverifierfactory.h | 52 - src/gsmtp/gverifierfactorybase.cpp | 32 + src/gsmtp/gverifierfactorybase.h | 59 + src/gsmtp/gverifierstatus.cpp | 10 +- src/gsmtp/gverifierstatus.h | 20 +- src/gssl/Makefile.am | 147 +- src/gssl/Makefile.in | 234 +- src/gssl/gssl.cpp | 26 +- src/gssl/gssl.h | 29 +- src/gssl/gssl_mbedtls.cpp | 262 +- src/gssl/gssl_mbedtls.h | 41 +- src/gssl/gssl_mbedtls_headers.h | 48 + src/gssl/gssl_mbedtls_keygen.cpp | 175 + src/gssl/gssl_mbedtls_keygen.h | 37 + src/gssl/gssl_mbedtls_utils.h | 111 + src/gssl/gssl_none.cpp | 18 +- src/gssl/gssl_openssl.cpp | 18 +- src/gssl/gssl_openssl.h | 10 +- src/gssl/gssl_use_both.cpp | 2 +- src/gssl/gssl_use_mbedtls.cpp | 2 +- src/gssl/gssl_use_openssl.cpp | 2 +- src/gssl/mbedtls-vsnprintf-fix-new.p1 | 28 + src/gssl/mbedtls-vsnprintf-fix.p1 | 24 + src/gstore/Makefile.am | 56 + src/gstore/Makefile.in | 678 ++++ src/gstore/genvelope.cpp | 399 +++ src/gstore/genvelope.h | 92 + src/gstore/gfiledelivery.cpp | 184 ++ src/gstore/gfiledelivery.h | 105 + src/gstore/gfilestore.cpp | 516 +++ src/{gsmtp => gstore}/gfilestore.h | 145 +- .../gmessagedelivery.cpp} | 7 +- src/gstore/gmessagedelivery.h | 65 + src/{gsmtp => gstore}/gmessagestore.cpp | 5 +- src/{gsmtp => gstore}/gmessagestore.h | 71 +- src/{gsmtp => gstore}/gmessagestore_unix.cpp | 4 +- src/{gsmtp => gstore}/gmessagestore_win32.cpp | 4 +- src/gstore/gnewfile.cpp | 191 ++ src/{gsmtp => gstore}/gnewfile.h | 54 +- src/{gsmtp => gstore}/gnewmessage.cpp | 7 +- src/{gsmtp => gstore}/gnewmessage.h | 67 +- src/gstore/gstoredfile.cpp | 386 +++ src/gstore/gstoredfile.h | 142 + src/{gsmtp => gstore}/gstoredmessage.cpp | 8 +- src/gstore/gstoredmessage.h | 115 + src/gui/Makefile.am | 28 +- src/gui/Makefile.in | 67 +- src/gui/emailrelay-gui.pro | 6 +- src/gui/emailrelay-gui.rc | 10 +- src/gui/emailrelay.no.qm_in | 1819 +++++------ src/gui/emailrelay_tr.no_NO.ts | 2 +- src/gui/gcominit.h | 4 +- src/gui/glibsources.cpp | 5 +- src/gui/gqt.h | 2 +- src/gui/guiaccess.h | 2 +- src/gui/guiaccess_mac.cpp | 2 +- src/gui/guiaccess_unix.cpp | 2 +- src/gui/guiaccess_win32.cpp | 2 +- src/gui/guiboot.h | 33 +- src/gui/guiboot_mac.cpp | 59 +- src/gui/guiboot_unix.cpp | 135 +- src/gui/guiboot_win32.cpp | 16 +- src/gui/guidialog.cpp | 2 +- src/gui/guidialog.h | 2 +- src/gui/guidir.cpp | 52 +- src/gui/guidir.h | 18 +- src/gui/guidir_mac.cpp | 84 +- src/gui/guidir_unix.cpp | 184 +- src/gui/guidir_win32.cpp | 104 +- src/gui/guilegal.cpp | 6 +- src/gui/guilegal.h | 2 +- src/gui/guilink.h | 11 +- src/gui/guilink_mac.cpp | 2 +- src/gui/guilink_unix.cpp | 4 +- src/gui/guilink_win32.cpp | 13 +- src/gui/guimain.cpp | 36 +- src/gui/guipage.cpp | 2 +- src/gui/guipage.h | 2 +- src/gui/{pages.cpp => guipages.cpp} | 74 +- src/gui/{pages.h => guipages.h} | 9 +- src/gui/installer.cpp | 91 +- src/gui/installer.h | 2 +- src/gui/serverconfiguration.cpp | 2 +- src/gui/serverconfiguration.h | 2 +- src/gverifiers/Makefile.am | 40 + src/gverifiers/Makefile.in | 634 ++++ src/gverifiers/gexecutableverifier.cpp | 138 + .../gexecutableverifier.h | 34 +- .../ginternalverifier.cpp | 16 +- src/{gsmtp => gverifiers}/ginternalverifier.h | 22 +- src/gverifiers/gnetworkverifier.cpp | 147 + src/{gsmtp => gverifiers}/gnetworkverifier.h | 30 +- src/gverifiers/guserverifier.cpp | 136 + src/gverifiers/guserverifier.h | 87 + src/gverifiers/gverifierfactory.cpp | 164 + src/gverifiers/gverifierfactory.h | 80 + src/main/Makefile.am | 346 +- src/main/Makefile.in | 468 ++- src/main/commandline.cpp | 211 +- src/main/commandline.h | 53 +- src/main/configuration.cpp | 1238 ++++--- src/main/configuration.h | 324 +- src/main/doxygen.h | 51 +- src/main/emailrelay.rc | 10 +- src/main/fakemc.c | 2 +- src/main/filter.cpp | 283 -- src/main/icon/Makefile.am | 2 +- src/main/icon/Makefile.in | 34 +- .../main/keygen.cpp | 47 +- src/main/legal.cpp | 4 +- src/main/legal.h | 2 +- src/main/licence.cpp | 2 +- src/main/licence.h | 2 +- src/main/main.cpp | 19 +- src/main/news.cpp | 2 +- src/main/news.h | 2 +- src/main/options.cpp | 123 +- src/main/options.h | 4 +- src/main/output.cpp | 2 +- src/main/output.h | 2 +- src/main/passwd.cpp | 4 +- src/main/run.cpp | 730 ++--- src/main/run.h | 107 +- src/main/servicecontrol.h | 2 +- src/main/servicecontrol_unix.cpp | 2 +- src/main/servicecontrol_win32.cpp | 26 +- src/main/serviceimp.h | 2 +- src/main/serviceimp_none.cpp | 19 +- src/main/serviceimp_win32.cpp | 4 +- src/main/servicewrapper.cpp | 6 +- src/main/start.cpp | 2 +- src/main/submission.cpp | 116 + src/{gauth/gvalid.h => main/submission.h} | 28 +- src/main/submit.cpp | 132 +- src/main/testrun.cpp | 998 ------ src/main/testrun.h | 233 -- src/main/unit.cpp | 481 +++ src/main/unit.h | 166 + src/main/winapp.cpp | 76 +- src/main/winapp.h | 33 +- src/main/winform.cpp | 82 +- src/main/winform.h | 20 +- src/main/winmain.cpp | 22 +- src/main/winmenu.cpp | 2 +- src/main/winmenu.h | 2 +- src/win32/Makefile.am | 8 +- src/win32/Makefile.in | 64 +- src/win32/empty.cpp | 2 +- src/win32/gappbase.cpp | 26 +- src/win32/gappbase.h | 6 +- src/win32/gappinst.cpp | 2 +- src/win32/gappinst.h | 2 +- src/win32/gcontrol.cpp | 31 +- src/win32/gcontrol.h | 10 +- src/win32/gcracker.cpp | 23 +- src/win32/gcracker.h | 35 +- src/win32/gdc.cpp | 2 +- src/win32/gdc.h | 6 +- src/win32/gdialog.cpp | 8 +- src/win32/gdialog.h | 2 +- src/win32/gpump.cpp | 82 +- src/win32/gpump.h | 29 +- src/win32/gscmap.cpp | 2 +- src/win32/gscmap.h | 12 +- src/win32/gsize.h | 2 +- src/win32/gstack.cpp | 2 +- src/win32/gstack.h | 2 +- src/win32/gtray.cpp | 4 +- src/win32/gtray.h | 2 +- src/win32/gwinbase.cpp | 2 +- src/win32/gwinbase.h | 2 +- src/win32/gwindow.cpp | 2 +- src/win32/gwindow.h | 2 +- test-driver | 18 +- test/AdminClient.pm | 18 +- test/Check.pm | 2 +- test/DnsServer.pm | 45 + test/Filter.pm | 40 +- test/Helper.pm | 13 +- test/Makefile.am | 66 +- test/Makefile.in | 155 +- test/NetClient.pm | 47 +- test/Openssl.pm | 2 +- test/OpensslCast.pm | 2 +- test/OpensslFileStore.pm | 2 +- test/OpensslRun.pm | 21 +- test/PopClient.pm | 21 +- test/Scanner.pm | 2 +- test/Server.pm | 150 +- test/SmtpClient.pm | 72 +- test/System.pm | 132 +- test/TestServer.pm | 16 +- test/Verifier.pm | 2 +- test/certificates/Makefile.am | 2 +- test/certificates/Makefile.in | 33 +- test/emailrelay_chain_test.sh | 249 +- test/emailrelay_test.pl | 735 ++++- test/emailrelay_test.sh | 2 +- test/emailrelay_test_client.cpp | 237 +- test/emailrelay_test_dnsserver.cpp | 316 ++ test/emailrelay_test_scanner.cpp | 4 +- test/emailrelay_test_server.cpp | 237 +- test/emailrelay_test_verifier.cpp | 104 +- unity/Makefile.am | 32 +- unity/Makefile.in | 63 +- winbuild.pl | 335 +- 710 files changed, 41355 insertions(+), 23081 deletions(-) create mode 100644 .readthedocs.yaml mode change 100755 => 100644 bin/emailrelay-check-ipaddress.js delete mode 100755 bin/emailrelay-deliver.sh.in mode change 100755 => 100644 bin/emailrelay-set-from.js create mode 100644 bin/emailrelay-set-message-id.js mode change 100755 => 100644 configure.ac delete mode 100644 debian/compat create mode 100644 debian/conffiles create mode 100644 debian/emailrelay.pam rename doc/{conf.py.sphinx => conf.py} (89%) delete mode 100644 doc/emailrelay-filter-copy.1 create mode 100644 doc/mailserver.png create mode 100644 doc/mailserver.svg create mode 100644 doc/popbyname.png create mode 100644 doc/popbyname.svg rename etc/{emailrelay.auth.template => emailrelay.auth.in} (100%) rename etc/{emailrelay.conf.template => emailrelay.conf.in} (83%) rename {bin => libexec}/AutoMakeParser.pm (98%) rename {bin => libexec}/CompilationDatabase.pm (96%) rename {bin => libexec}/ConfigStatus.pm (69%) create mode 100644 libexec/Functions.pm create mode 100644 libexec/Makefile.am create mode 100644 libexec/Makefile.in create mode 100644 libexec/Reduce.pm rename {bin => libexec}/doxygen.sh (96%) rename {bin => libexec}/make-format (96%) rename {bin => libexec}/make-manifest.sh (96%) rename {bin => libexec}/make-setup.sh (66%) rename {doc => libexec}/make-website (94%) rename {bin => libexec}/make2cdb (74%) rename {bin => libexec}/make2cmake (82%) rename {bin => libexec}/make2unity (92%) create mode 100755 libexec/reduce create mode 100755 libexec/reduce.pl rename {bin => libexec}/winbuild.pm (82%) delete mode 100644 m4/m4_ax_cxx_compile_stdcxx_11.m4 create mode 100644 src/.reduce.dat create mode 100644 src/gfilters/Makefile.am create mode 100644 src/gfilters/Makefile.in create mode 100644 src/gfilters/gcopyfilter.cpp create mode 100644 src/gfilters/gcopyfilter.h create mode 100644 src/gfilters/gdeliveryfilter.cpp create mode 100644 src/gfilters/gdeliveryfilter.h rename src/{gsmtp => gfilters}/gexecutablefilter.cpp (52%) rename src/{gsmtp => gfilters}/gexecutablefilter.h (57%) rename src/{gsmtp => gfilters}/gfilterchain.cpp (55%) rename src/{gsmtp => gfilters}/gfilterchain.h (53%) create mode 100644 src/gfilters/gfilterfactory.cpp create mode 100644 src/gfilters/gfilterfactory.h create mode 100644 src/gfilters/gmessageidfilter.cpp create mode 100644 src/gfilters/gmessageidfilter.h create mode 100644 src/gfilters/gmxfilter.cpp create mode 100644 src/gfilters/gmxfilter.h create mode 100644 src/gfilters/gmxlookup.cpp create mode 100644 src/gfilters/gmxlookup.h rename src/{gsmtp => gfilters}/gnetworkfilter.cpp (55%) rename src/{gsmtp => gfilters}/gnetworkfilter.h (60%) create mode 100644 src/gfilters/gnullfilter.cpp create mode 100644 src/gfilters/gnullfilter.h create mode 100644 src/gfilters/gsimplefilterbase.cpp create mode 100644 src/gfilters/gsimplefilterbase.h create mode 100644 src/gfilters/gspamfilter.cpp rename src/{gsmtp => gfilters}/gspamfilter.h (61%) create mode 100644 src/gfilters/gsplitfilter.cpp create mode 100644 src/gfilters/gsplitfilter.h delete mode 100644 src/glib/galign.h create mode 100644 src/glib/gbasicaddress.h delete mode 100644 src/glib/gconvert_unix.cpp delete mode 100644 src/glib/geightbit.h delete mode 100644 src/glib/gexecutablecommand_win32.cpp create mode 100644 src/glib/gmsg_mac.cpp create mode 100644 src/glib/goptionreader.cpp create mode 100644 src/glib/goptionreader.h create mode 100644 src/glib/grange.h rename src/glib/{gstrings.h => gstatemachine.cpp} (77%) rename src/gnet/{geventloophandles.cpp => geventloophandles_st.cpp} (80%) rename src/{glib/gexecutablecommand_unix.cpp => gnet/gnameservers.h} (71%) create mode 100644 src/gnet/gnameservers_unix.cpp create mode 100644 src/gnet/gnameservers_win32.cpp create mode 100644 src/gpop/gpop.h create mode 100644 src/gpop/gpop_disabled.cpp create mode 100644 src/gpop/gpop_enabled.cpp delete mode 100644 src/gsmtp/genvelope.cpp delete mode 100644 src/gsmtp/genvelope.h delete mode 100644 src/gsmtp/gexecutableverifier.cpp delete mode 100644 src/gsmtp/gfactoryparser.cpp delete mode 100644 src/gsmtp/gfactoryparser.h delete mode 100644 src/gsmtp/gfilestore.cpp delete mode 100644 src/gsmtp/gfilterfactory.cpp delete mode 100644 src/gsmtp/gfilterfactory.h create mode 100644 src/gsmtp/gfilterfactorybase.cpp create mode 100644 src/gsmtp/gfilterfactorybase.h delete mode 100644 src/gsmtp/gnetworkverifier.cpp delete mode 100644 src/gsmtp/gnewfile.cpp delete mode 100644 src/gsmtp/gnullfilter.cpp delete mode 100644 src/gsmtp/gnullfilter.h create mode 100644 src/gsmtp/gsmtpclientreply.cpp create mode 100644 src/gsmtp/gsmtpclientreply.h create mode 100644 src/gsmtp/gsmtpforward.cpp create mode 100644 src/gsmtp/gsmtpforward.h create mode 100644 src/gsmtp/gsmtpserverbufferin.cpp create mode 100644 src/gsmtp/gsmtpserverbufferin.h create mode 100644 src/gsmtp/gsmtpserverflowcontrol.h create mode 100644 src/gsmtp/gsmtpserverparser.cpp create mode 100644 src/gsmtp/gsmtpserverparser.h create mode 100644 src/gsmtp/gsmtpserversend.cpp create mode 100644 src/gsmtp/gsmtpserversend.h create mode 100644 src/gsmtp/gsmtpserversender.h create mode 100644 src/gsmtp/gsmtpservertext.cpp create mode 100644 src/gsmtp/gsmtpservertext.h delete mode 100644 src/gsmtp/gspamfilter.cpp delete mode 100644 src/gsmtp/gstoredfile.cpp delete mode 100644 src/gsmtp/gstoredfile.h delete mode 100644 src/gsmtp/gstoredmessage.h delete mode 100644 src/gsmtp/gverifierfactory.cpp delete mode 100644 src/gsmtp/gverifierfactory.h create mode 100644 src/gsmtp/gverifierfactorybase.cpp create mode 100644 src/gsmtp/gverifierfactorybase.h create mode 100644 src/gssl/gssl_mbedtls_headers.h create mode 100644 src/gssl/gssl_mbedtls_keygen.cpp create mode 100644 src/gssl/gssl_mbedtls_keygen.h create mode 100644 src/gssl/gssl_mbedtls_utils.h create mode 100644 src/gssl/mbedtls-vsnprintf-fix-new.p1 create mode 100644 src/gssl/mbedtls-vsnprintf-fix.p1 create mode 100644 src/gstore/Makefile.am create mode 100644 src/gstore/Makefile.in create mode 100644 src/gstore/genvelope.cpp create mode 100644 src/gstore/genvelope.h create mode 100644 src/gstore/gfiledelivery.cpp create mode 100644 src/gstore/gfiledelivery.h create mode 100644 src/gstore/gfilestore.cpp rename src/{gsmtp => gstore}/gfilestore.h (52%) rename src/{gauth/gvalid.cpp => gstore/gmessagedelivery.cpp} (85%) create mode 100644 src/gstore/gmessagedelivery.h rename src/{gsmtp => gstore}/gmessagestore.cpp (83%) rename src/{gsmtp => gstore}/gmessagestore.h (65%) rename src/{gsmtp => gstore}/gmessagestore_unix.cpp (90%) rename src/{gsmtp => gstore}/gmessagestore_win32.cpp (88%) create mode 100644 src/gstore/gnewfile.cpp rename src/{gsmtp => gstore}/gnewfile.h (54%) rename src/{gsmtp => gstore}/gnewmessage.cpp (79%) rename src/{gsmtp => gstore}/gnewmessage.h (50%) create mode 100644 src/gstore/gstoredfile.cpp create mode 100644 src/gstore/gstoredfile.h rename src/{gsmtp => gstore}/gstoredmessage.cpp (80%) create mode 100644 src/gstore/gstoredmessage.h rename src/gui/{pages.cpp => guipages.cpp} (97%) rename src/gui/{pages.h => guipages.h} (98%) create mode 100644 src/gverifiers/Makefile.am create mode 100644 src/gverifiers/Makefile.in create mode 100644 src/gverifiers/gexecutableverifier.cpp rename src/{gsmtp => gverifiers}/gexecutableverifier.h (57%) rename src/{gsmtp => gverifiers}/ginternalverifier.cpp (64%) rename src/{gsmtp => gverifiers}/ginternalverifier.h (66%) create mode 100644 src/gverifiers/gnetworkverifier.cpp rename src/{gsmtp => gverifiers}/gnetworkverifier.h (64%) create mode 100644 src/gverifiers/guserverifier.cpp create mode 100644 src/gverifiers/guserverifier.h create mode 100644 src/gverifiers/gverifierfactory.cpp create mode 100644 src/gverifiers/gverifierfactory.h delete mode 100644 src/main/filter.cpp rename test/emailrelay_test_keygen.cpp => src/main/keygen.cpp (56%) create mode 100644 src/main/submission.cpp rename src/{gauth/gvalid.h => main/submission.h} (58%) delete mode 100644 src/main/testrun.cpp delete mode 100644 src/main/testrun.h create mode 100644 src/main/unit.cpp create mode 100644 src/main/unit.h create mode 100644 test/DnsServer.pm create mode 100644 test/emailrelay_test_dnsserver.cpp diff --git a/.readthedocs.yaml b/.readthedocs.yaml new file mode 100644 index 0000000..1c02ccc --- /dev/null +++ b/.readthedocs.yaml @@ -0,0 +1,15 @@ +# .readthedocs.yaml +# Read the Docs configuration file +# See https://docs.readthedocs.io/en/stable/config-file/v2.html + +# Required +version: 2 + +build: + os: ubuntu-22.04 + tools: + python: "3.11" + +sphinx: + configuration: doc/conf.py + diff --git a/ChangeLog b/ChangeLog index ddbe2b0..61c02c0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,21 @@ E-MailRelay Change Log ====================== +2.4 -> 2.5 +---------- +* Multiple configurations in one process. +* SMTP PIPELINING (RFC-2920). +* SMTP CHUNKING/8BITMIME 'BDAT' extension (RFC-3030), disabled by default. +* SMTP SMTPUTF8 extension (RFC-6531), disabled by default. +* No 7-bit/8-bit check on received message content (see NEWS file). +* New built-in filters: "deliver:", "split:", "copy:", "mx:", "msgid:". +* New built-in address verifier: "account:" +* No ".local" files (see NEWS file). +* PAM authentication is now enabled with "--server-auth=pam:" not "/pam". +* Client authentication details can be given directly from the command-line. +* Multiple "client" authentication secrets, selected by a new envelope field. +* Main binary can act as a simple submission tool ("configure --enable-submission"). + 2.3 -> 2.4 ---------- * Multiple "--filter" and "--client-filter" options allowed. diff --git a/LICENSE b/LICENSE index 35ef004..d952823 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,5 @@ Licenses ======== -GPLv3 is used for E-MailRelay source code (see COPYING), but relicensing -requests will be considered. See also AUTHORS. +The GPLv3 license (GPL-3.0-or-later) is used for E-MailRelay source code +(see COPYING), except for a few files using the GNU All-permissive +license (FSFAP). diff --git a/Makefile.am b/Makefile.am index 46285fb..dabc40a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ # -## Copyright (C) 2001-2022 Graeme Walker +## Copyright (C) 2001-2023 Graeme Walker ## ## This program is free software: you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by @@ -59,9 +59,10 @@ EXTRA_DIST = \ autogen.sh \ winbuild.bat \ winbuild.pl \ - runperl.bat + runperl.bat \ + .readthedocs.yaml -SUBDIRS = bin src etc doc debian test m4 bsd po unity +SUBDIRS = libexec bin src etc doc debian test m4 bsd po unity # work-round PKG_CHECK_MODULES if no pkg-config ACLOCAL_AMFLAGS = -I m4 @@ -104,7 +105,7 @@ deb: $(DEB) $(DEB): dist -mv emailrelay-$(VERSION) emailrelay-$(VERSION).old.$$$$ || true tar -xzf $(TAR) - cd emailrelay-$(VERSION) && fakeroot debian/rules binary + cd emailrelay-$(VERSION) && fakeroot debian/rules binary # or dpkg-buildpackage -b --jobs=10 mkdir emailrelay-$(VERSION)/debian/source .PHONY: deb-src @@ -119,8 +120,8 @@ deb-src: dist tidy: $(MAKE) -C unity tidy -.PHONY: unitybuild -unitybuild: +.PHONY: unity +unity: $(MAKE) -C unity programs .PHONY: format @@ -129,8 +130,8 @@ format: .PHONY: cmake cmake: - @chmod +x bin/make2cmake || true - bin/make2cmake + @chmod +x libexec/make2cmake || true + libexec/make2cmake test -d build || mkdir build cd build && cmake -DCMAKE_MAKE_PROGRAM:FILEPATH=/usr/bin/make -DCMAKE_EXPORT_COMPILE_COMMANDS=ON .. @echo now run make from the '"build"' directory @@ -145,8 +146,10 @@ $(TAR): zip: $(ZIP) $(ZIP): $(TAR) - tar -xzf $(TAR) - sh -c "cd emailrelay-$(VERSION) && zip -r ../$(ZIP) ." + -mkdir zip.d 2>/dev/null + -@rm -rf zip.d/* 2>/dev/null + tar -C zip.d --strip-components=1 -xzf $(TAR) + sh -c "cd zip.d && zip -r ../$(ZIP) ." .PHONY: mbedtls mbedtls: diff --git a/Makefile.in b/Makefile.in index 21684e5..14f02b4 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -125,7 +125,6 @@ subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ - $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx_11.m4 \ $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -201,6 +200,7 @@ am__recursive_targets = \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ cscope distdir distdir-am dist dist-all distcheck +am__extra_recursive_targets = extra-recursive am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -223,7 +223,7 @@ CTAGS = ctags CSCOPE = cscope DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in AUTHORS COPYING ChangeLog \ - INSTALL NEWS README compile depcomp install-sh missing + INSTALL NEWS README compile install-sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -262,6 +262,8 @@ am__relativize = \ DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best DIST_TARGETS = dist-gzip +# Exists only to be overridden by the user if desired. +AM_DISTCHECK_DVI_TARGET = dvi distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' @@ -270,6 +272,7 @@ ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ARFLAGS = @ARFLAGS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -359,7 +362,7 @@ e_docdir = @e_docdir@ e_examplesdir = @e_examplesdir@ e_icondir = @e_icondir@ e_initdir = @e_initdir@ -e_libexecdir = @e_libexecdir@ +e_libdir = @e_libdir@ e_pamdir = @e_pamdir@ e_rundir = @e_rundir@ e_spooldir = @e_spooldir@ @@ -404,9 +407,10 @@ EXTRA_DIST = \ autogen.sh \ winbuild.bat \ winbuild.pl \ - runperl.bat + runperl.bat \ + .readthedocs.yaml -SUBDIRS = bin src etc doc debian test m4 bsd po unity +SUBDIRS = libexec bin src etc doc debian test m4 bsd po unity # work-round PKG_CHECK_MODULES if no pkg-config ACLOCAL_AMFLAGS = -I m4 @@ -506,6 +510,7 @@ $(am__recursive_targets): if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" +extra-local: ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique @@ -662,6 +667,10 @@ dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) +dist-zstd: distdir + tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst + $(am__post_remove_distdir) + dist-tarZ: distdir @echo WARNING: "Support for distribution archives compressed with" \ "legacy program 'compress' is deprecated." >&2 @@ -704,6 +713,8 @@ distcheck: dist eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ + *.tar.zst*) \ + zstd -dc $(distdir).tar.zst | $(am__untar) ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) @@ -719,7 +730,7 @@ distcheck: dist $(DISTCHECK_CONFIGURE_FLAGS) \ --srcdir=../.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ - && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ @@ -821,6 +832,10 @@ dvi: dvi-recursive dvi-am: +extra: extra-recursive + +extra-am: extra-local + html: html-recursive html-am: @@ -883,17 +898,18 @@ uninstall-am: uninstall-e_docDATA uninstall-local am--refresh check check-am clean clean-cscope clean-generic \ cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \ dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \ - distcheck distclean distclean-generic distclean-tags \ - distcleancheck distdir distuninstallcheck dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-e_docDATA \ - install-exec install-exec-am install-html install-html-am \ - install-info install-info-am install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \ - uninstall-am uninstall-e_docDATA uninstall-local + dist-zstd distcheck distclean distclean-generic distclean-tags \ + distcleancheck distdir distuninstallcheck dvi dvi-am extra-am \ + extra-local html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-e_docDATA install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \ + tags-am uninstall uninstall-am uninstall-e_docDATA \ + uninstall-local .PRECIOUS: Makefile @@ -930,7 +946,7 @@ deb: $(DEB) $(DEB): dist -mv emailrelay-$(VERSION) emailrelay-$(VERSION).old.$$$$ || true tar -xzf $(TAR) - cd emailrelay-$(VERSION) && fakeroot debian/rules binary + cd emailrelay-$(VERSION) && fakeroot debian/rules binary # or dpkg-buildpackage -b --jobs=10 mkdir emailrelay-$(VERSION)/debian/source .PHONY: deb-src @@ -945,8 +961,8 @@ deb-src: dist tidy: $(MAKE) -C unity tidy -.PHONY: unitybuild -unitybuild: +.PHONY: unity +unity: $(MAKE) -C unity programs .PHONY: format @@ -955,8 +971,8 @@ format: .PHONY: cmake cmake: - @chmod +x bin/make2cmake || true - bin/make2cmake + @chmod +x libexec/make2cmake || true + libexec/make2cmake test -d build || mkdir build cd build && cmake -DCMAKE_MAKE_PROGRAM:FILEPATH=/usr/bin/make -DCMAKE_EXPORT_COMPILE_COMMANDS=ON .. @echo now run make from the '"build"' directory @@ -971,8 +987,10 @@ $(TAR): zip: $(ZIP) $(ZIP): $(TAR) - tar -xzf $(TAR) - sh -c "cd emailrelay-$(VERSION) && zip -r ../$(ZIP) ." + -mkdir zip.d 2>/dev/null + -@rm -rf zip.d/* 2>/dev/null + tar -C zip.d --strip-components=1 -xzf $(TAR) + sh -c "cd zip.d && zip -r ../$(ZIP) ." .PHONY: mbedtls mbedtls: diff --git a/NEWS b/NEWS index db9d9e9..dc3f036 100644 --- a/NEWS +++ b/NEWS @@ -1,34 +1,178 @@ News ----- -Low-level changes include a rework of the event-loops. The Unix event loop -defaults to an epoll() implementation. +==== -The i18n of the main server (not the gui) has been extended somewhat by marking -for translation the text of most C++ exceptions. This is only relevant if -building "--with-gettext" and running with "--localedir". +Overview +-------- +The E-MailRelay 2.5 release is no longer just a store-and-forward SMTP relay or +proxy; it can do routing (improved from 2.4), client account selection and +message delivery, making it more useful as a general-purpose MTA. Routing and +client account selection are activated by having an external filter script to +edit e-mail message envelope files. -The "--anonyous" option has changed slightly in v2.4 so that it will now force -the AUTH parameter on the MAIL command to be "AUTH=<>". Replace "--anonymous" -with "--anonymous=vrfy,server,content" to keep the same behaviour as before. +Multiple configurations +----------------------- +In previous releases E-MailRelay runs with one spool directory and typically +one SMTP server and one SMTP client doing store-and-forward. In this release +one E-MailRelay process can have multiple configurations, each with their own +independent spool directory, SMTP server and SMTP client. Everything still +runs single-threaded (except as documented in "developer.txt"). -The "emailrelay-submit" utility's "--content" option no longer suppresses -reading of the standard input stream; there is a new "--no-stdin" option -instead. A dot on its own does not terminate the input any more, so use ^D or -^Z to stop reading from the terminal. Header-only content with no body text is -now permitted. +Refer to the reference document for more details. -Authentication using PAM no longer insists on TLS encryption because the -"--server-auth-config" option can be used to disable password authentication -over an unencypted connection. +More built-in filters and address verifiers +------------------------------------------- +E-MailRelay allows filters that are not simple scripts by using command-line +options like "--filter=exit:99" and "--filter=spam:localhost:783", with a +small number of special prefixes like "exit:", "net:", "file:" and "spam:". + +In this release there are more built-in filters and address verifiers, including +"deliver:", "split:", "mx:", "copy:" and "msgid:" filters and the "account:" +address verifier. + +Refer to the reference document for more details. + +Delivery +-------- +E-MailRelay can now act as a Message Delivery Agent (MDA) so it can deliver +e-mail messages to local mailboxes according to the e-mail addressees. + +A mailbox is a simple sub-directory of some delivery base directory, defaulting +to the spool directory. So Alice's mailbox might be the "alice" sub-directory +"/var/spool/emailrelay/alice", containing envelope and content files. Or it +can have its own "maildir" structure, "/var/spool/emailrelay/alice/new,cur,tmp", +in which case the content file will be delivered to the "cur" directory and +there will be no envelope file. + +Refer to the reference document for more details. + +Client account selection +------------------------ +This release allows for multiple client accounts to be used for SMTP +authentication when forwarding. A new "ClientAccountSelector" field in the +envelope file must match against the fifth field of a "client" line in the +secrets file. A filter should be used to fill in the selector field in the +envelope, typically based on the message addressing. + +When the account changes from one message to the next the SMTP connection is +dropped and re-connected. It is necessary to drop the connection because some +common SMTP servers do not allow re-authentication within an existing SMTP +connection. + +Client rows in the client secrets file can now have a fifth field for the +selector, but this raises a backwards compatibility issue because in previous +releases the fifth column (and beyond) in a client secrets file is ignored and +might be a comment without a leading '#' character. In upgrading, the first word +of the comment would be treated as a selector and the "client" row would be +effectively disabled resulting in a failure of message forwarding. Therefore, +fifth fields in the secrets file that start with '#' are treated as comments +(extending to the end of the line) and lines in the secrets file with six or +more fields result in a warning. It follows that filters should not generate +selectors starting with a '#' character. + +Local files +----------- +In previous releases ".local" message files were created for messages with local +recipients (as determined by an address verifier) in order to create a separate +path for messages sent to the local postmaster. These files are no longer +created because E-MailRelay can now run multiple filters in a chain and it is +easy enough to write a filter to separate out these messages. + +7BIT/8BITMIME +------------- +Previous versions of E-MailRelay test message content when a message is received +and populate the "Content" field of the envelope file as either "7bit" or +"8bit". However, the SMTP client code has always largely ignored this field and +it would attempt to forward 8-bit messages to a remote server that did not +advertise 8BITMIME, albeit with a warning in the log. + +In this release E-MailRelay no longer tests messages for eight-bit content, +so the envelope "Content" field will always be "8bit". If this is not the +desired behaviour then a filter script should be used to test for seven-bit or +eight-bit content and edit the "Content" value in the envelope file accordingly. + +If necessary the SMTP client can now be made to behave more strictly so that it +does not try to forward eight-bit messages to seven-bit servers (see +"--client-smtp-config"). + +PIPELINING +---------- +This release adds support for the PIPELINING SMTP extension. + +Previous releases allow pipelining of the SMTP QUIT command but otherwise +require SMTP requests and responses in turn (as per RFC-5321 2.1). In this +release the SMTP server code allows all SMTP commands to be pipelined, whether +or not the PIPELINING extension is advertised. The PIPELINING advertisement can +be disabled with the new "--server-smtp-config" command-line option. + +The response batching behaviour described by RFC-2920 is not implemented. + +The SMTP client code uses pipelining only for MAIL-FROM and RCPT-TO SMTP +commands when talking to a remote server that supports the PIPELINING extension. +This can be disabled using the "--client-smtp-config" command-line option so +then each MAIL-FROM or RCPT-TO request waits for a response before continuing. + +CHUNKING/BINARYMIME and SMTPUTF8 +-------------------------------- +This release adds support for the CHUNKING+BINARYMIME and SMTPUTF8 extensions +to SMTP, although they are disabled by default. + +It is important to note that if CHUNKING+BINARYMIME or SMTPUTF8 support is +enabled in the E-MailRelay server then the destination next-hop server must +also support these extensions. If the remote server does not support these +extensions then messages may fail immediately when they are forwarded. + +In principle filter scripts can be used to convert BINARYMIME and SMTPUTF8 +messages to non-BINARYMIME and non-SMTPUTF8 forms (RFC-3030 calls these +"gateway transformations"), but it might be easier to leave these extensions +disabled in the E-MailRelay server if there is any doubt about the capabilities +of the next-hop server. + +In previous releases address verifiers only need to deal with printable ASCII +addresses because of the character-set retrictions imposed by the SMTP protocol. +But if the the SMTPUTF8 extension is enabled in the E-MailRelay server then the +addresses passed to any address verifier script might contain UTF-8 characters +and this might require changes to the script. + +In passing, note that recipient addresses given to address verifier scripts are +as they appear on the wire, so a badly-behaved SMTP client might send addresses +containing double-quotes and backslash escapes that are semantically redundant. +For example, a message submitted to "\A\l\i\c\e"@example.com will have that +address passed to the verifier with all the redundant double quotes and +backslashes present. Normalising an address by removing quotes and backslashes +is reasonably easy in ASCII but might be more tricky with UTF-8. + +Another corner case with SMTPUTF8 is that the remote client might use the VRFY +SMTP command without the optional SMTPUTF8 parameter. In principle a UTF-8 +address verifier script should not then return UTF-8 results, but in practice +the script has no way of knowning whether the SMTPUTF8 parameter was used. If +necessary the VRFY command can be disabled by using "--anonymous". + +Hashed passwords +---------------- +Hashed passwords created by "emailrelay-passwd" that use the SHA-1 or SHA-256 +hashing algorithm will no longer work when E-MailRelay is built using the latest +versions of the OpenSSL and MbedTLS libraries. Both libraries have stopped +exposing the relevant state variables used within their hashing functions. MD5 +hashed passwords will still work. + +Code size +--------- +The source code now contains a lot of conditional compilation directives like +"#ifndef G_LIB_SMALL" that reduce the size of the built binaries. + +The Windows build and the build of the GUI on Linux are not affected because +they are built without the "G_LIB_SMALL" switch. + +These extra directives make the code rather ugly so they can be removed if +necessary by running: + + libexec/reduce.sh --undo + +Filter-copy utility +------------------- +The emailrelay-filter-copy utility was included in previous releases as a +set-user-id file program to copy e-mail message files into sub-directories for +"--pop-by-name" access. This can now be done by the built-in "copy:pop" filter, +albeit with minor differences in behaviour, so emailrelay-filter-copy has been +removed. -Limited support for routing is included. The envelope files have two new fields: -ForwardTo and ForwardToAddress. A filter script can examine the message content -and deposit the appropriate domain name and port number in the ForwardTo field. -If the SMTP client sees a ForwardTo value then it runs the client-filter early -allowing the client filter to do a DNS MX lookup of the ForwardTo value and -deposit the address into the ForwardToAddress field. If the SMTP client sees a -ForwardToAddress it will initiate a connection to that address to send the -message. The client-filter is run a second time in the normal way once the SMTP -session has been established. A connection to the main "--forward-to" address -will always be made even if all the messages are routed elsewhere, and each -routed connection will carry only one message. diff --git a/README b/README index 03c048a..d9290cf 100644 --- a/README +++ b/README @@ -1,101 +1,123 @@ E-MailRelay Readme ================== -Abstract --------- -E-MailRelay is an e-mail store-and-forward message transfer agent and proxy -server. It runs on Unix-like operating systems (including Linux and Mac OS X), -and on Windows. +Introduction +------------ +E-MailRelay is a lightweight SMTP store-and-forward mail server with POP access +to spooled messages. It can be used as a personal internet mail server with +SpamAssassin spam filtering and DNSBL connection blocking. Forwarding can be +to a fixed smarthost or using DNS MX routing. External scripts can be used for +address validation and e-mail message processing. -E-MailRelay does three things: it stores any incoming e-mail messages that -it receives, it forwards e-mail messages on to another remote e-mail server, -and it serves up stored e-mail messages to local e-mail reader programs. More -technically, it acts as a SMTP storage daemon, a SMTP forwarding agent, and -a POP3 server. - -Whenever an e-mail message is received it can be passed through a user-defined -program, such as a spam filter, which can drop, re-address or edit messages as -they pass through. - -E-MailRelay uses the same non-blocking i/o model as Squid and nginx giving -excellent scalability and resource usage. - -C++ source code is available and distribution is permitted under the GNU -General Public License V3. +E-MailRelay runs as a single process using the same non-blocking i/o model as +Squid and nginx giving excellent scalability and resource usage. Quick start ----------- +E-MailRelay can be run straight from the command-line, and on Windows you can +run "emailrelay.exe" or "emailrelay-textmode.exe" from the zip file without +going through the installation process. + To use E-MailRelay in store-and-forward mode use the "--as-server" option to start the storage daemon in the background, and then do delivery of spooled -messages by running with the "--as-client" option. +messages by running with "--as-client". -For example, to start a storage daemon listening on port 587 use a command -like this: +For example, to start a storage daemon in the background listening on port 10025 +use a command like this: - emailrelay --as-server --port 587 --spool-dir /tmp + emailrelay --as-server --port 10025 --spool-dir /tmp + +On Windows use "c:/temp" for testing, rather than "/tmp". + +Or to run it in the foreground: + + emailrelay --log --no-daemon --port 10025 --spool-dir /tmp And then to forward the spooled mail to "smtp.example.com" run something like this: emailrelay --as-client smtp.example.com:25 --spool-dir /tmp -To get behaviour more like a proxy you can add the "--poll" and "--forward-to" -options so that messages are forwarded continuously rather than on-demand. +To forward continuously you can add the "--poll" and "--forward-to" options to +the server command-line: -This example starts a store-and-forward server that forwards spooled-up e-mail -every minute: +For example, this starts a server that also forwards spooled-up e-mail every +minute: emailrelay --as-server --poll 60 --forward-to smtp.example.com:25 -Or for a proxy server that forwards each message soon after it has been -received, you can use "--as-proxy" or add "--forward-on-disconnect": +Or for a server that forwards each message as soon as it has been received, you +can use "--forward-on-disconnect": emailrelay --as-server --forward-on-disconnect --forward-to smtp.example.com:25 -To edit or filter e-mail as it passes through the proxy specify your filter +To edit or filter e-mail as it passes through the server specify your filter program with the "--filter" option, something like this: - emailrelay --as-proxy smtp.example.com:25 --filter addsig.js + emailrelay --as-server --filter /tmp/set-from.js -To run E-MailRelay as a POP server without SMTP use "--pop" and "--no-smtp": +Look for example filter scripts in the "examples" directory. - emailrelay --pop --no-smtp --log --close-stderr +E-MailRelay can also be used as a personal internet mail server: -The "emailrelay-submit" utility can be used to put messages straight into the -spool directory so that the POP clients can fetch them. +Use "--remote-clients" ("-r") to allow connections from outside the local +network, define your domain name with "--domain" and use an address verifier as +a first line of defense against spammers: -By default E-MailRelay will always reject connections from remote networks. To -allow connections from anywhere use the "--remote-clients" option, but please -check your firewall settings to make sure this cannot be exploited by spammers. + emailrelay --as-server -v -r --domain=example.com --address-verifier=account: + +Then enable POP access to the incoming e-mails with "--pop", "--pop-port" and +"--pop-auth": + + emailrelay ... --pop --pop-port 10110 --pop-auth /etc/emailrelay.auth + +Set up the POP account with a user-id and password in the "--pop-auth" secrets +file. The secrets file should contain a single line of text like this: + + server plain For more information on the command-line options refer to the reference guide or run: emailrelay --help --verbose -Packages --------- -To install on Linux from a RPM or DEB package: +Autostart +--------- +To install E-MailRelay on Windows run the "emailrelay-setup" program and choose +the automatic startup option on the last page so that E-MailRelay runs as a +Windows service. Use the Windows "Services" utility to configure the E-MailRelay +service as automatic or manual startup. - sudo $SHELL # or 'su' - rpm -i emailrelay*.rpm # if RPM - dpkg -i emailrelay*.deb # if DEB +To install E-MailRelay on Linux from a RPM package: -If your Linux system uses "systemd" then you should check the E-MailRelay -configuration file "/etc/emailrelay.conf" is as you want it and then run: + sudo rpm -i emailrelay*.rpm + +Or from a DEB package: + + sudo dpkg -i emailrelay*.deb + +To get the E-MailRelay server to start automatically you should check the +configuration file "/etc/emailrelay.conf" is as you want it and then run the +following commands to activate the "systemd" service: systemctl enable emailrelay systemctl start emailrelay systemctl status emailrelay -On other systems try these commands: +On other Linux systems try some combination of these commands to set up and +activate the E-MailRelay service: cp /usr/lib/emailrelay/init/emailrelay /etc/init.d/ - update-rc.d emailrelay enable || rc-update add emailrelay - invoke-rc.d emailrelay start || service emailrelay start - tail /var/log/messages /var/log/syslog 2>/dev/null + update-rc.d emailrelay enable + rc-update add emailrelay + invoke-rc.d emailrelay start + service emailrelay start + tail /var/log/messages + tail /var/log/syslog -On Windows run the setup program. +On BSD systems add this line to /etc/rc.conf: + + emailrelay_enable="YES" Documentation ------------- @@ -111,3 +133,7 @@ The following documentation is provided: Source code documentation will be generated when building from source if "doxygen" is available. +Feedback +-------- +To give feedback, including reviews, bug reports and feature requests, please +use the SourceForge project website at https://sourceforge.net/p/emailrelay diff --git a/README.md b/README.md index 1ba0df7..09006f7 100644 --- a/README.md +++ b/README.md @@ -1,107 +1,131 @@ E-MailRelay Readme ================== -Abstract --------- -E-MailRelay is an e-mail store-and-forward message transfer agent and proxy -server. It runs on Unix-like operating systems (including Linux and Mac OS X), -and on Windows. - -E-MailRelay does three things: it stores any incoming e-mail messages that -it receives, it forwards e-mail messages on to another remote e-mail server, -and it serves up stored e-mail messages to local e-mail reader programs. More -technically, it acts as a [SMTP][] storage daemon, a SMTP forwarding agent, and -a POP3 server. - -Whenever an e-mail message is received it can be passed through a user-defined -program, such as a spam filter, which can drop, re-address or edit messages as -they pass through. +Introduction +------------ +E-MailRelay is a lightweight [SMTP][] store-and-forward mail server with [POP][] access +to spooled messages. It can be used as a personal internet mail server with +SpamAssassin spam filtering and [DNSBL][] connection blocking. Forwarding can be +to a fixed smarthost or using DNS MX routing. External scripts can be used for +address validation and e-mail message processing. ![whatisit.png](whatisit.png) -E-MailRelay uses the same non-blocking i/o model as Squid and nginx giving -excellent scalability and resource usage. - -C++ source code is available and distribution is permitted under the GNU -General Public License V3. +E-MailRelay runs as a single process using the same non-blocking i/o model as +Squid and nginx giving excellent scalability and resource usage. Quick start ----------- +E-MailRelay can be run straight from the command-line, and on Windows you can +run `emailrelay.exe` or `emailrelay-textmode.exe` from the zip file without +going through the installation process. + To use E-MailRelay in store-and-forward mode use the `--as-server` option to start the storage daemon in the background, and then do delivery of spooled -messages by running with the `--as-client` option. +messages by running with `--as-client`. ![serverclient.png](serverclient.png) -For example, to start a storage daemon listening on port 587 use a command -like this: +For example, to start a storage daemon in the background listening on port 10025 +use a command like this: - emailrelay --as-server --port 587 --spool-dir /tmp + emailrelay --as-server --port 10025 --spool-dir /tmp + +On Windows use `c:/temp` for testing, rather than `/tmp`. + +Or to run it in the foreground: + + emailrelay --log --no-daemon --port 10025 --spool-dir /tmp And then to forward the spooled mail to `smtp.example.com` run something like this: emailrelay --as-client smtp.example.com:25 --spool-dir /tmp -To get behaviour more like a proxy you can add the `--poll` and `--forward-to` -options so that messages are forwarded continuously rather than on-demand. +To forward continuously you can add the `--poll` and `--forward-to` options to +the server command-line: ![forwardto.png](forwardto.png) -This example starts a store-and-forward server that forwards spooled-up e-mail -every minute: +For example, this starts a server that also forwards spooled-up e-mail every +minute: emailrelay --as-server --poll 60 --forward-to smtp.example.com:25 -Or for a proxy server that forwards each message soon after it has been -received, you can use `--as-proxy` or add `--forward-on-disconnect`: +Or for a server that forwards each message as soon as it has been received, you +can use `--forward-on-disconnect`: emailrelay --as-server --forward-on-disconnect --forward-to smtp.example.com:25 -To edit or filter e-mail as it passes through the proxy specify your filter +To edit or filter e-mail as it passes through the server specify your filter program with the `--filter` option, something like this: - emailrelay --as-proxy smtp.example.com:25 --filter addsig.js + emailrelay --as-server --filter /tmp/set-from.js -To run E-MailRelay as a [POP][] server without SMTP use `--pop` and `--no-smtp`: +Look for example filter scripts in the `examples` directory. - emailrelay --pop --no-smtp --log --close-stderr +E-MailRelay can also be used as a personal internet mail server: -The `emailrelay-submit` utility can be used to put messages straight into the -spool directory so that the POP clients can fetch them. +![mailserver.png](mailserver.png) -By default E-MailRelay will always reject connections from remote networks. To -allow connections from anywhere use the `--remote-clients` option, but please -check your firewall settings to make sure this cannot be exploited by spammers. +Use `--remote-clients` (`-r`) to allow connections from outside the local +network, define your domain name with `--domain` and use an address verifier as +a first line of defense against spammers: + + emailrelay --as-server -v -r --domain=example.com --address-verifier=account: + +Then enable POP access to the incoming e-mails with `--pop`, `--pop-port` and +`--pop-auth`: + + emailrelay ... --pop --pop-port 10110 --pop-auth /etc/emailrelay.auth + +Set up the POP account with a user-id and password in the `--pop-auth` secrets +file. The secrets file should contain a single line of text like this: + + server plain For more information on the command-line options refer to the reference guide or run: emailrelay --help --verbose -Packages --------- -To install on Linux from a RPM or DEB package: +Autostart +--------- +To install E-MailRelay on Windows run the `emailrelay-setup` program and choose +the automatic startup option on the last page so that E-MailRelay runs as a +Windows service. Use the Windows `Services` utility to configure the E-MailRelay +service as automatic or manual startup. - sudo $SHELL # or 'su' - rpm -i emailrelay*.rpm # if RPM - dpkg -i emailrelay*.deb # if DEB +To install E-MailRelay on Linux from a RPM package: -If your Linux system uses `systemd` then you should check the E-MailRelay -configuration file `/etc/emailrelay.conf` is as you want it and then run: + sudo rpm -i emailrelay*.rpm + +Or from a DEB package: + + sudo dpkg -i emailrelay*.deb + +To get the E-MailRelay server to start automatically you should check the +configuration file `/etc/emailrelay.conf` is as you want it and then run the +following commands to activate the `systemd` service: systemctl enable emailrelay systemctl start emailrelay systemctl status emailrelay -On other systems try these commands: +On other Linux systems try some combination of these commands to set up and +activate the E-MailRelay service: cp /usr/lib/emailrelay/init/emailrelay /etc/init.d/ - update-rc.d emailrelay enable || rc-update add emailrelay - invoke-rc.d emailrelay start || service emailrelay start - tail /var/log/messages /var/log/syslog 2>/dev/null + update-rc.d emailrelay enable + rc-update add emailrelay + invoke-rc.d emailrelay start + service emailrelay start + tail /var/log/messages + tail /var/log/syslog -On Windows run the setup program. +On BSD systems add this line to /etc/rc.conf: + + emailrelay_enable="YES" Documentation ------------- @@ -118,7 +142,12 @@ The following documentation is provided: Source code documentation will be generated when building from source if `doxygen` is available. +Feedback +-------- +To give feedback, including reviews, bug reports and feature requests, please +use the SourceForge project website at https://sourceforge.net/p/emailrelay +[DNSBL]: https://en.wikipedia.org/wiki/DNSBL [POP]: https://en.wikipedia.org/wiki/Post_Office_Protocol [SMTP]: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol diff --git a/README.rst b/README.rst index 7ae89f7..72a4745 100644 --- a/README.rst +++ b/README.rst @@ -1,49 +1,50 @@ -****************** -E-MailRelay Readme -****************** +****** +Readme +****** -Abstract -======== -E-MailRelay is an e-mail store-and-forward message transfer agent and proxy -server. It runs on Unix-like operating systems (including Linux and Mac OS X), -and on Windows. - -E-MailRelay does three things: it stores any incoming e-mail messages that -it receives, it forwards e-mail messages on to another remote e-mail server, -and it serves up stored e-mail messages to local e-mail reader programs. More -technically, it acts as a SMTP_ storage daemon, a SMTP forwarding agent, and -a POP3 server. - -Whenever an e-mail message is received it can be passed through a user-defined -program, such as a spam filter, which can drop, re-address or edit messages as -they pass through. +Introduction +============ +E-MailRelay is a lightweight SMTP_ store-and-forward mail server with POP_ access +to spooled messages. It can be used as a personal internet mail server with +SpamAssassin spam filtering and DNSBL_ connection blocking. Forwarding can be +to a fixed smarthost or using DNS MX routing. External scripts can be used for +address validation and e-mail message processing. .. image:: whatisit.png :alt: whatisit.png -E-MailRelay uses the same non-blocking i/o model as Squid and nginx giving -excellent scalability and resource usage. - -C++ source code is available and distribution is permitted under the GNU -General Public License V3. +E-MailRelay runs as a single process using the same non-blocking i/o model as +Squid and nginx giving excellent scalability and resource usage. Quick start =========== +E-MailRelay can be run straight from the command-line, and on Windows you can +run *emailrelay.exe* or *emailrelay-textmode.exe* from the zip file without +going through the installation process. + To use E-MailRelay in store-and-forward mode use the *--as-server* option to start the storage daemon in the background, and then do delivery of spooled -messages by running with the *--as-client* option. +messages by running with *--as-client*. .. image:: serverclient.png :alt: serverclient.png -For example, to start a storage daemon listening on port 587 use a command -like this: +For example, to start a storage daemon in the background listening on port 10025 +use a command like this: :: - emailrelay --as-server --port 587 --spool-dir /tmp + emailrelay --as-server --port 10025 --spool-dir /tmp + +On Windows use *c:/temp* for testing, rather than */tmp*. + +Or to run it in the foreground: + +:: + + emailrelay --log --no-daemon --port 10025 --spool-dir /tmp And then to forward the spooled mail to *smtp.example.com* run something like this: @@ -52,46 +53,63 @@ like this: emailrelay --as-client smtp.example.com:25 --spool-dir /tmp -To get behaviour more like a proxy you can add the *--poll* and *--forward-to* -options so that messages are forwarded continuously rather than on-demand. +To forward continuously you can add the *--poll* and *--forward-to* options to +the server command-line: .. image:: forwardto.png :alt: forwardto.png -This example starts a store-and-forward server that forwards spooled-up e-mail -every minute: +For example, this starts a server that also forwards spooled-up e-mail every +minute: :: emailrelay --as-server --poll 60 --forward-to smtp.example.com:25 -Or for a proxy server that forwards each message soon after it has been -received, you can use *--as-proxy* or add *--forward-on-disconnect*: +Or for a server that forwards each message as soon as it has been received, you +can use *--forward-on-disconnect*: :: emailrelay --as-server --forward-on-disconnect --forward-to smtp.example.com:25 -To edit or filter e-mail as it passes through the proxy specify your filter +To edit or filter e-mail as it passes through the server specify your filter program with the *--filter* option, something like this: :: - emailrelay --as-proxy smtp.example.com:25 --filter addsig.js + emailrelay --as-server --filter /tmp/set-from.js -To run E-MailRelay as a POP_ server without SMTP use *--pop* and *--no-smtp*: +Look for example filter scripts in the *examples* directory. + +E-MailRelay can also be used as a personal internet mail server: + +.. image:: mailserver.png + :alt: mailserver.png + + +Use *--remote-clients* (\ *-r*\ ) to allow connections from outside the local +network, define your domain name with *--domain* and use an address verifier as +a first line of defense against spammers: :: - emailrelay --pop --no-smtp --log --close-stderr + emailrelay --as-server -v -r --domain=example.com --address-verifier=account: -The *emailrelay-submit* utility can be used to put messages straight into the -spool directory so that the POP clients can fetch them. +Then enable POP access to the incoming e-mails with *--pop*, *--pop-port* and +\ *--pop-auth*\ : -By default E-MailRelay will always reject connections from remote networks. To -allow connections from anywhere use the *--remote-clients* option, but please -check your firewall settings to make sure this cannot be exploited by spammers. +:: + + emailrelay ... --pop --pop-port 10110 --pop-auth /etc/emailrelay.auth + +Set up the POP account with a user-id and password in the *--pop-auth* secrets +file. The secrets file should contain a single line of text like this: + +:: + + server plain For more information on the command-line options refer to the reference guide or run: @@ -100,18 +118,29 @@ or run: emailrelay --help --verbose -Packages -======== -To install on Linux from a RPM or DEB package: + +Autostart +========= +To install E-MailRelay on Windows run the *emailrelay-setup* program and choose +the automatic startup option on the last page so that E-MailRelay runs as a +Windows service. Use the Windows *Services* utility to configure the E-MailRelay +service as automatic or manual startup. + +To install E-MailRelay on Linux from a RPM package: :: - sudo $SHELL # or 'su' - rpm -i emailrelay*.rpm # if RPM - dpkg -i emailrelay*.deb # if DEB + sudo rpm -i emailrelay*.rpm -If your Linux system uses *systemd* then you should check the E-MailRelay -configuration file */etc/emailrelay.conf* is as you want it and then run: +Or from a DEB package: + +:: + + sudo dpkg -i emailrelay*.deb + +To get the E-MailRelay server to start automatically you should check the +configuration file */etc/emailrelay.conf* is as you want it and then run the +following commands to activate the *systemd* service: :: @@ -119,16 +148,25 @@ configuration file */etc/emailrelay.conf* is as you want it and then run: systemctl start emailrelay systemctl status emailrelay -On other systems try these commands: +On other Linux systems try some combination of these commands to set up and +activate the E-MailRelay service: :: cp /usr/lib/emailrelay/init/emailrelay /etc/init.d/ - update-rc.d emailrelay enable || rc-update add emailrelay - invoke-rc.d emailrelay start || service emailrelay start - tail /var/log/messages /var/log/syslog 2>/dev/null + update-rc.d emailrelay enable + rc-update add emailrelay + invoke-rc.d emailrelay start + service emailrelay start + tail /var/log/messages + tail /var/log/syslog + +On BSD systems add this line to /etc/rc.conf: + +:: + + emailrelay_enable="YES" -On Windows run the setup program. Documentation ============= @@ -145,7 +183,12 @@ The following documentation is provided: Source code documentation will be generated when building from source if *doxygen* is available. +Feedback +======== +To give feedback, including reviews, bug reports and feature requests, please +use the SourceForge project website at https://sourceforge.net/p/emailrelay +.. _DNSBL: https://en.wikipedia.org/wiki/DNSBL .. _POP: https://en.wikipedia.org/wiki/Post_Office_Protocol .. _SMTP: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol diff --git a/VERSION b/VERSION index 005119b..95e3ba8 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4.1 +2.5 diff --git a/aclocal.m4 b/aclocal.m4 index 7050dbb..11e0fa4 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.16.1 -*- Autoconf -*- +# generated automatically by aclocal 1.16.3 -*- Autoconf -*- -# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,7 +20,7 @@ You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002-2018 Free Software Foundation, Inc. +# Copyright (C) 2002-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -35,7 +35,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.16' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.16.1], [], +m4_if([$1], [1.16.3], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.16.1])dnl +[AM_AUTOMAKE_VERSION([1.16.3])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -110,7 +110,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2018 Free Software Foundation, Inc. +# Copyright (C) 1997-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -141,7 +141,7 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -332,7 +332,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -371,7 +371,9 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], done if test $am_rc -ne 0; then AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments - for automatic dependency tracking. Try re-running configure with the + for automatic dependency tracking. If GNU make was not used, consider + re-running the configure script with MAKE="gmake" (or whatever is + necessary). You can also try re-running configure with the '--disable-dependency-tracking' option to at least be able to build the package (albeit without support for automatic dependency tracking).]) fi @@ -396,9 +398,26 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])]) +# AM_EXTRA_RECURSIVE_TARGETS -*- Autoconf -*- + +# Copyright (C) 2012-2020 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_EXTRA_RECURSIVE_TARGETS +# -------------------------- +# Define the list of user recursive targets. This macro exists only to +# be traced by Automake, which will ensure that a proper definition of +# user-defined recursive targets (and associated rules) is propagated +# into all the generated Makefiles. +# TODO: We should really reject non-literal arguments here... +AC_DEFUN([AM_EXTRA_RECURSIVE_TARGETS], []) + # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -595,7 +614,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -616,7 +635,7 @@ if test x"${install_sh+set}" != xset; then fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2018 Free Software Foundation, Inc. +# Copyright (C) 2003-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -638,7 +657,7 @@ AC_SUBST([am__leading_dot])]) # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering -# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -673,7 +692,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -716,7 +735,7 @@ AC_SUBST([am__quote])]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2018 Free Software Foundation, Inc. +# Copyright (C) 1997-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -737,12 +756,7 @@ AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl if test x"${MISSING+set}" != xset; then - case $am_aux_dir in - *\ * | *\ *) - MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; - *) - MISSING="\${SHELL} $am_aux_dir/missing" ;; - esac + MISSING="\${SHELL} '$am_aux_dir/missing'" fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then @@ -755,7 +769,7 @@ fi # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -784,7 +798,7 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -831,7 +845,7 @@ AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -850,7 +864,7 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -931,7 +945,7 @@ AC_CONFIG_COMMANDS_PRE( rm -f conftest.file ]) -# Copyright (C) 2009-2018 Free Software Foundation, Inc. +# Copyright (C) 2009-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -991,7 +1005,7 @@ AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1019,7 +1033,7 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2018 Free Software Foundation, Inc. +# Copyright (C) 2006-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1038,7 +1052,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2018 Free Software Foundation, Inc. +# Copyright (C) 2004-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1171,5 +1185,4 @@ AC_SUBST([am__untar]) m4_include([m4/acinclude.m4]) m4_include([m4/m4_ax_cxx_compile_stdcxx.m4]) -m4_include([m4/m4_ax_cxx_compile_stdcxx_11.m4]) m4_include([m4/pkg.m4]) diff --git a/bin/Makefile.am b/bin/Makefile.am index c8187c8..f9c1d37 100644 --- a/bin/Makefile.am +++ b/bin/Makefile.am @@ -1,5 +1,5 @@ # -## Copyright (C) 2001-2022 Graeme Walker +## Copyright (C) 2001-2023 Graeme Walker ## ## This program is free software: you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by @@ -17,24 +17,29 @@ example_scripts_static = \ emailrelay-bcc-check.pl \ - emailrelay-check-ipaddress.js \ emailrelay-check-ipaddress.pl \ emailrelay-dkim-signer.pl \ emailrelay-ldap-verify.py \ emailrelay-multicast.sh \ emailrelay-rot13.pl \ - emailrelay-sendmail.pl \ + emailrelay-sendmail.pl + +example_scripts_js = \ + emailrelay-check-ipaddress.js \ + emailrelay-set-message-id.js \ emailrelay-set-from.js \ - emailrelay-set-from.pl + emailrelay-set-from.pl \ + emailrelay-edit-content.js \ + emailrelay-edit-envelope.js \ + emailrelay-resubmit.js \ + emailrelay-service-install.js example_scripts_in = \ - emailrelay-deliver.sh.in \ emailrelay-notify.sh.in \ emailrelay-resubmit.sh.in \ emailrelay-submit.sh.in example_scripts_out = \ - emailrelay-deliver.sh \ emailrelay-notify.sh \ emailrelay-resubmit.sh \ emailrelay-submit.sh \ @@ -46,41 +51,18 @@ init_script_in = \ init_script_out = \ emailrelay -work_scripts = \ - doxygen.sh \ - make-manifest.sh \ - make-setup.sh \ - make-format \ - make2cmake \ - make2cdb \ - make2unity \ - AutoMakeParser.pm \ - CompilationDatabase.pm \ - ConfigStatus.pm \ - winbuild.pm - -js_scripts = \ - emailrelay-edit-content.js \ - emailrelay-edit-envelope.js \ - emailrelay-resubmit.js \ - emailrelay-service-install.js - EXTRA_DIST = \ $(example_scripts_static) \ + $(example_scripts_js) \ $(example_scripts_in) \ - $(init_script_in) \ - $(work_scripts) \ - $(js_scripts) - -noinst_SCRIPTS = \ - $(work_scripts) \ - $(js_scripts) + $(init_script_in) e_examples_DATA = \ - $(example_scripts_static) + $(example_scripts_js) e_examples_SCRIPTS = \ - $(example_scripts_out) + $(example_scripts_out) \ + $(example_scripts_static) e_init_SCRIPTS = \ $(init_script_out) @@ -88,11 +70,7 @@ e_init_SCRIPTS = \ CLEANFILES = \ $(example_scripts_out) -do_sed = sed -e "s%__SPOOL_DIR__%${e_spooldir}%g" -e "s%__SBIN_DIR__%${sbindir}%g" -e "s%__SYSCONF_DIR__%${e_sysconfdir}%g" -e "s%__LIBEXEC_DIR__%${e_libexecdir}%g" -e "s%__RUN_DIR__%${e_rundir}%g" - -emailrelay-deliver.sh: emailrelay-deliver.sh.in - $(do_sed) < $(srcdir)/emailrelay-deliver.sh.in > emailrelay-deliver.sh - chmod +x emailrelay-deliver.sh +do_sed = sed -e "s%__SPOOL_DIR__%${e_spooldir}%g" -e "s%__SBIN_DIR__%${sbindir}%g" -e "s%__SYSCONF_DIR__%${e_sysconfdir}%g" -e "s%__LIB_DIR__%${e_libdir}%g" -e "s%__RUN_DIR__%${e_rundir}%g" emailrelay-notify.sh: emailrelay-notify.sh.in $(do_sed) < $(srcdir)/emailrelay-notify.sh.in > emailrelay-notify.sh diff --git a/bin/Makefile.in b/bin/Makefile.in index c72b31f..d7c66c4 100644 --- a/bin/Makefile.in +++ b/bin/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -94,7 +94,6 @@ subdir = bin ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ - $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx_11.m4 \ $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -132,7 +131,7 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(e_examplesdir)" \ "$(DESTDIR)$(e_initdir)" "$(DESTDIR)$(e_examplesdir)" -SCRIPTS = $(e_examples_SCRIPTS) $(e_init_SCRIPTS) $(noinst_SCRIPTS) +SCRIPTS = $(e_examples_SCRIPTS) $(e_init_SCRIPTS) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -153,6 +152,7 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac DATA = $(e_examples_DATA) +am__extra_recursive_targets = extra-recursive am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -160,6 +160,7 @@ ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ARFLAGS = @ARFLAGS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -249,7 +250,7 @@ e_docdir = @e_docdir@ e_examplesdir = @e_examplesdir@ e_icondir = @e_icondir@ e_initdir = @e_initdir@ -e_libexecdir = @e_libexecdir@ +e_libdir = @e_libdir@ e_pamdir = @e_pamdir@ e_rundir = @e_rundir@ e_spooldir = @e_spooldir@ @@ -284,24 +285,29 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ example_scripts_static = \ emailrelay-bcc-check.pl \ - emailrelay-check-ipaddress.js \ emailrelay-check-ipaddress.pl \ emailrelay-dkim-signer.pl \ emailrelay-ldap-verify.py \ emailrelay-multicast.sh \ emailrelay-rot13.pl \ - emailrelay-sendmail.pl \ + emailrelay-sendmail.pl + +example_scripts_js = \ + emailrelay-check-ipaddress.js \ + emailrelay-set-message-id.js \ emailrelay-set-from.js \ - emailrelay-set-from.pl + emailrelay-set-from.pl \ + emailrelay-edit-content.js \ + emailrelay-edit-envelope.js \ + emailrelay-resubmit.js \ + emailrelay-service-install.js example_scripts_in = \ - emailrelay-deliver.sh.in \ emailrelay-notify.sh.in \ emailrelay-resubmit.sh.in \ emailrelay-submit.sh.in example_scripts_out = \ - emailrelay-deliver.sh \ emailrelay-notify.sh \ emailrelay-resubmit.sh \ emailrelay-submit.sh \ @@ -313,41 +319,18 @@ init_script_in = \ init_script_out = \ emailrelay -work_scripts = \ - doxygen.sh \ - make-manifest.sh \ - make-setup.sh \ - make-format \ - make2cmake \ - make2cdb \ - make2unity \ - AutoMakeParser.pm \ - CompilationDatabase.pm \ - ConfigStatus.pm \ - winbuild.pm - -js_scripts = \ - emailrelay-edit-content.js \ - emailrelay-edit-envelope.js \ - emailrelay-resubmit.js \ - emailrelay-service-install.js - EXTRA_DIST = \ $(example_scripts_static) \ + $(example_scripts_js) \ $(example_scripts_in) \ - $(init_script_in) \ - $(work_scripts) \ - $(js_scripts) - -noinst_SCRIPTS = \ - $(work_scripts) \ - $(js_scripts) + $(init_script_in) e_examples_DATA = \ - $(example_scripts_static) + $(example_scripts_js) e_examples_SCRIPTS = \ - $(example_scripts_out) + $(example_scripts_out) \ + $(example_scripts_static) e_init_SCRIPTS = \ $(init_script_out) @@ -355,7 +338,7 @@ e_init_SCRIPTS = \ CLEANFILES = \ $(example_scripts_out) -do_sed = sed -e "s%__SPOOL_DIR__%${e_spooldir}%g" -e "s%__SBIN_DIR__%${sbindir}%g" -e "s%__SYSCONF_DIR__%${e_sysconfdir}%g" -e "s%__LIBEXEC_DIR__%${e_libexecdir}%g" -e "s%__RUN_DIR__%${e_rundir}%g" +do_sed = sed -e "s%__SPOOL_DIR__%${e_spooldir}%g" -e "s%__SBIN_DIR__%${sbindir}%g" -e "s%__SYSCONF_DIR__%${e_sysconfdir}%g" -e "s%__LIB_DIR__%${e_libdir}%g" -e "s%__RUN_DIR__%${e_rundir}%g" all: all-am .SUFFIXES: @@ -479,6 +462,7 @@ uninstall-e_examplesDATA: @list='$(e_examples_DATA)'; test -n "$(e_examplesdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(e_examplesdir)'; $(am__uninstall_files_from_dir) +extra-local: tags TAGS: ctags CTAGS: @@ -569,6 +553,10 @@ dvi: dvi-am dvi-am: +extra: extra-am + +extra-am: extra-local + html: html-am html-am: @@ -628,26 +616,23 @@ uninstall-am: uninstall-e_examplesDATA uninstall-e_examplesSCRIPTS \ .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ - ctags-am distclean distclean-generic distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am \ - install-e_examplesDATA install-e_examplesSCRIPTS \ - install-e_initSCRIPTS install-exec install-exec-am \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags-am \ - uninstall uninstall-am uninstall-e_examplesDATA \ - uninstall-e_examplesSCRIPTS uninstall-e_initSCRIPTS + ctags-am distclean distclean-generic distdir dvi dvi-am \ + extra-am extra-local html html-am info info-am install \ + install-am install-data install-data-am install-dvi \ + install-dvi-am install-e_examplesDATA \ + install-e_examplesSCRIPTS install-e_initSCRIPTS install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags-am uninstall uninstall-am \ + uninstall-e_examplesDATA uninstall-e_examplesSCRIPTS \ + uninstall-e_initSCRIPTS .PRECIOUS: Makefile -emailrelay-deliver.sh: emailrelay-deliver.sh.in - $(do_sed) < $(srcdir)/emailrelay-deliver.sh.in > emailrelay-deliver.sh - chmod +x emailrelay-deliver.sh - emailrelay-notify.sh: emailrelay-notify.sh.in $(do_sed) < $(srcdir)/emailrelay-notify.sh.in > emailrelay-notify.sh chmod +x emailrelay-notify.sh diff --git a/bin/emailrelay-bcc-check.pl b/bin/emailrelay-bcc-check.pl index 7bd338f..5c176a1 100755 --- a/bin/emailrelay-bcc-check.pl +++ b/bin/emailrelay-bcc-check.pl @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay-check-ipaddress.js b/bin/emailrelay-check-ipaddress.js old mode 100755 new mode 100644 index f3c51d1..a20ee86 --- a/bin/emailrelay-check-ipaddress.js +++ b/bin/emailrelay-check-ipaddress.js @@ -1,5 +1,5 @@ // -// Copyright (C) 2001-2022 Graeme Walker +// Copyright (C) 2001-2023 Graeme Walker // // Copying and distribution of this file, with or without modification, // are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay-check-ipaddress.pl b/bin/emailrelay-check-ipaddress.pl index c0d4fd8..2c4202a 100755 --- a/bin/emailrelay-check-ipaddress.pl +++ b/bin/emailrelay-check-ipaddress.pl @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay-deliver.sh.in b/bin/emailrelay-deliver.sh.in deleted file mode 100755 index be92336..0000000 --- a/bin/emailrelay-deliver.sh.in +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2001-2022 Graeme Walker -# -# Copying and distribution of this file, with or without modification, -# are permitted in any medium without royalty provided the copyright -# notice and this notice are preserved. This file is offered as-is, -# without any warranty. -# === -# -# emailrelay-deliver.sh -# -# Looks for local mail in the E-MailRelay spool directory and delivers is using -# 'procmail'. -# -# usage: emailrelay-deliver.sh [] -# -# This illustrates how delivery to local "postmaster" mailboxes could be done, -# although it is not likely to be a useful feature for a typical mail relay -# setup. -# - -store="__SPOOL_DIR__" -postmaster="root" -procmail="procmail" - -# parse the command line -# -if test $# -ge 1 -then - store="${1}" -fi - -# check the spool directory is valid -# -if test \! -d "${store}" -then - echo `basename $0`: invalid spool directory >&2 - exit 1 -fi - -# for each e-mail to a local recipient... -# -for file in "${store}"/emailrelay.*.envelope.local "" -do - if test -f "${file}" - then - content="`echo \"${file}\" | sed 's/envelope/content/'`" - - deliver_to="`fgrep X-MailRelay-To-Local ${file} | sed 's/X-MailRelay-To-Local: //' | tr -d '\015' | sed \"s/postmaster/${postmaster}/g\"`" - if test "${deliver_to}" = "" - then - deliver_to="${postmaster}" - fi - - # deliver using procmail - # - if test -f "${content}" - then - echo `basename $0`: delivering `basename "${content}"` to ${deliver_to} - "${procmail}" -d "${deliver_to}" < "${content}" - rc=$? - if test "${rc}" -eq 0 - then - rm -f "${file}" 2>/dev/null - fi - fi - fi -done - diff --git a/bin/emailrelay-dkim-signer.pl b/bin/emailrelay-dkim-signer.pl index 2fd98a9..a2e7cbf 100755 --- a/bin/emailrelay-dkim-signer.pl +++ b/bin/emailrelay-dkim-signer.pl @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay-edit-content.js b/bin/emailrelay-edit-content.js index a526ff5..3bc9bc7 100644 --- a/bin/emailrelay-edit-content.js +++ b/bin/emailrelay-edit-content.js @@ -1,5 +1,5 @@ // -// Copyright (C) 2001-2022 Graeme Walker +// Copyright (C) 2001-2023 Graeme Walker // // Copying and distribution of this file, with or without modification, // are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay-edit-envelope.js b/bin/emailrelay-edit-envelope.js index d3463dd..1f28766 100644 --- a/bin/emailrelay-edit-envelope.js +++ b/bin/emailrelay-edit-envelope.js @@ -1,5 +1,5 @@ // -// Copyright (C) 2001-2022 Graeme Walker +// Copyright (C) 2001-2023 Graeme Walker // // Copying and distribution of this file, with or without modification, // are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay-ldap-verify.py b/bin/emailrelay-ldap-verify.py index dcbf26f..adb497c 100755 --- a/bin/emailrelay-ldap-verify.py +++ b/bin/emailrelay-ldap-verify.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020-2022 +# Copyright (C) 2020-2023 # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright @@ -12,6 +12,8 @@ # # Example address verifier script using LDAP. # +# See also: https://www.python-ldap.org/en/python-ldap-3.3.0 +# import sys import ldap diff --git a/bin/emailrelay-multicast.sh b/bin/emailrelay-multicast.sh index 06637ac..2087cbb 100755 --- a/bin/emailrelay-multicast.sh +++ b/bin/emailrelay-multicast.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay-notify.sh.in b/bin/emailrelay-notify.sh.in index d076cca..217f135 100755 --- a/bin/emailrelay-notify.sh.in +++ b/bin/emailrelay-notify.sh.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay-resubmit.js b/bin/emailrelay-resubmit.js index a4a0d5f..f5a1b4a 100644 --- a/bin/emailrelay-resubmit.js +++ b/bin/emailrelay-resubmit.js @@ -1,5 +1,5 @@ // -// Copyright (C) 2001-2022 Graeme Walker +// Copyright (C) 2001-2023 Graeme Walker // // Copying and distribution of this file, with or without modification, // are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay-resubmit.sh.in b/bin/emailrelay-resubmit.sh.in index 1b516ee..e8e79ab 100755 --- a/bin/emailrelay-resubmit.sh.in +++ b/bin/emailrelay-resubmit.sh.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay-rot13.pl b/bin/emailrelay-rot13.pl index 6b1384b..013b01e 100755 --- a/bin/emailrelay-rot13.pl +++ b/bin/emailrelay-rot13.pl @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay-sendmail.pl b/bin/emailrelay-sendmail.pl index 706e604..22d3b8c 100755 --- a/bin/emailrelay-sendmail.pl +++ b/bin/emailrelay-sendmail.pl @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright @@ -19,13 +19,16 @@ use FileHandle ; use Getopt::Std ; my $exe = "/usr/sbin/emailrelay-submit" ; +my $usage = "usage: emailrelay-sendmail [-intUv] [-ABbCDdFfGhiLNnOopqRrtUVvX ] [-f ] [ ...]" ; # parse and mostly ignore sendmail command-line options -my $usage = "usage: emailrelay-sendmail [-intUv] [-ABbCDdFfGhiLNnOopqRrtUVvX ] [-f ] [ ...]" ; my %opt = () ; +$Getopt::Std::STANDARD_HELP_VERSION = 1 ; +sub HELP_MESSAGE() { print "$usage\n" } +sub VERSION_MESSAGE() {} getopts( 'A:B:b:C:D:d:F:f:Gh:iL:N:nO:o:p:q:R:r:tUV:vX:' , \%opt ) or die "$usage\n" ; my $from = defined($opt{f}) ? $opt{f} : $ENV{USER} ; -my @submit_args = ( "--content-date" , @ARGV ) ; # also consider using "--copy" +my @submit_args = ( "--content-date" , @ARGV ) ; # also consider adding "--copy" here # if "-t" read envelope 'to' addresses from content headers if( $opt{t} ) diff --git a/bin/emailrelay-service-install.js b/bin/emailrelay-service-install.js index 2c5e6a0..4a4d5f1 100644 --- a/bin/emailrelay-service-install.js +++ b/bin/emailrelay-service-install.js @@ -1,5 +1,5 @@ // -// Copyright (C) 2001-2022 Graeme Walker +// Copyright (C) 2001-2023 Graeme Walker // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by diff --git a/bin/emailrelay-set-from.js b/bin/emailrelay-set-from.js old mode 100755 new mode 100644 index 2b24293..273b6ba --- a/bin/emailrelay-set-from.js +++ b/bin/emailrelay-set-from.js @@ -1,5 +1,5 @@ // -// Copyright (C) 2001-2022 Graeme Walker +// Copyright (C) 2001-2023 Graeme Walker // // Copying and distribution of this file, with or without modification, // are permitted in any medium without royalty provided the copyright @@ -12,6 +12,9 @@ // An example "--filter" script that edits the content originator fields // (ie. From, Sender and Reply-To) to a fixed value. // +// Also consider setting the envelope-from field by editing the envelope +// file, as in emailrelay-edit-envelope.js. +// // See also: emailrelay-set-from.pl, RFC-2822 // try diff --git a/bin/emailrelay-set-from.pl b/bin/emailrelay-set-from.pl index 71791b7..7ad725f 100755 --- a/bin/emailrelay-set-from.pl +++ b/bin/emailrelay-set-from.pl @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright @@ -13,6 +13,9 @@ # An example E-MailRelay "--filter" script that edits the content originator # fields (ie. From, Sender and Reply-To) to a fixed value. # +# Also consider setting the envelope-from field by editing the envelope +# file. +# # See also: emailrelay-set-from.js, RFC-2822 # diff --git a/bin/emailrelay-set-message-id.js b/bin/emailrelay-set-message-id.js new file mode 100644 index 0000000..3135e55 --- /dev/null +++ b/bin/emailrelay-set-message-id.js @@ -0,0 +1,77 @@ +// +// Copyright (C) 2001-2023 Graeme Walker +// +// Copying and distribution of this file, with or without modification, +// are permitted in any medium without royalty provided the copyright +// notice and this notice are preserved. This file is offered as-is, +// without any warranty. +// === +// +// emailrelay-set-message-id.js +// +// An example "--filter" script that sets a message-id header if there +// is none. +// +try +{ + var domain = "example.com" ; + + var content = WScript.Arguments( 0 ) ; + var fs = WScript.CreateObject( "Scripting.FileSystemObject" ) ; + var in_ = fs.OpenTextFile( content , 1 , false ) ; + var out_ = fs.OpenTextFile( content + ".tmp" , 8 , true ) ; + + var re_message_id = /^Message-ID:/i ; + var re_fold = /^[ \t]/ ; + + var in_message_id = 0 ; + var have_message_id = 0 ; + while( !in_.AtEndOfStream ) + { + var line = in_.ReadLine() ; + if( line === "" ) + { + if( !have_message_id ) + { + var now = new Date() ; + var lhs = (now.getTime()/1000) + "." + (Math.random()*1000).toFixed(0) ) ; + var new_message_id = lhs + "@" + domain ; + out_.WriteLine( "Message-ID: " + new_message_id ) ; + } + out_.WriteLine( line ) ; + break ; + } + + if( line.match(re_message_id) ) + { + have_message_id = 1 ; + in_message_id = 1 ; + } + else if( in_message_id && line.match(re_fold) ) + { + } + else + { + in_message_id = 0 ; + out_.WriteLine( line ) ; + } + } + while( !in_.AtEndOfStream ) + { + var body_line = in_.ReadLine() ; + out_.WriteLine( body_line ) ; + } + + in_.Close() ; + out_.Close() ; + fs.DeleteFile( content ) ; + fs.MoveFile( content + ".tmp" , content ) ; + + WScript.Quit( 0 ) ; +} +catch( e ) +{ + WScript.StdOut.WriteLine( "<>" ) ; + WScript.StdOut.WriteLine( "<<" + e + ">>" ) ; + WScript.Quit( 1 ) ; +} diff --git a/bin/emailrelay-submit.sh.in b/bin/emailrelay-submit.sh.in index 2a95484..96c572e 100755 --- a/bin/emailrelay-submit.sh.in +++ b/bin/emailrelay-submit.sh.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # Copying and distribution of this file, with or without modification, # are permitted in any medium without royalty provided the copyright diff --git a/bin/emailrelay.sh.in b/bin/emailrelay.sh.in index 5d3f952..2bfb51a 100644 --- a/bin/emailrelay.sh.in +++ b/bin/emailrelay.sh.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -115,9 +115,9 @@ log_end_msg() # setup_config() { - if test ! -f "$CONFIG" -a -f "$CONFIG.template" + if test ! -e "$CONFIG" then - cp -p "$CONFIG.template" "$CONFIG" + echo "# emailrelay.conf" > "$CONFIG" fi } root_root() @@ -130,7 +130,7 @@ root_root() spooldir() { # Prints the spool directory path from the config file, but with a - # default because packaged installs may not edit the config file + # default because packaged installs might not edit the config file # like 'make install' does ( echo spool-dir /var/spool/emailrelay ; cat "$CONFIG" ) | \ tr '\t' ' ' | sed 's/ */ /g' | grep '^spool-dir [^ ]' | \ @@ -179,7 +179,6 @@ setup_sgid() setup_tools() { setup_sgid "__SBIN_DIR__/emailrelay-submit" - setup_sgid "__LIBEXEC_DIR__/emailrelay-filter-copy" } setup_openrc() { @@ -201,19 +200,6 @@ if test "$1" = "setup" ; then setup ; exit 0 ; fi # test -f /lib/lsb/init-functions && . /lib/lsb/init-functions -# Ignore /etc/default 'enabled' switch if running from systemd. -# -# (The 'enabled' mechanism is needed on non-systemd debian distros -# because the dpkg postinstall script starts the server, whereas -# on systemd systems the dpkg postinstall script's call to update-rc.d -# does nothing. On rpm or 'make install' systems the /etc/default file -# is not installed at all.) -# -if test -d /run/systemd/system -a "$PPID" -eq 1 -then - EMAILRELAY_ENABLED="1" -fi - case "$1" in restart|force-reload) @@ -261,10 +247,10 @@ case "$1" in if pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null then log_success_msg "$NAME is running" - true + exit 0 else log_failure_msg "$NAME is not running" - false + exit 32 # see guiboot_unix.cpp fi ;; diff --git a/bsd/Makefile.am b/bsd/Makefile.am index 638d6f6..d6a3a77 100644 --- a/bsd/Makefile.am +++ b/bsd/Makefile.am @@ -1,5 +1,5 @@ # -## Copyright (C) 2001-2022 Graeme Walker +## Copyright (C) 2001-2023 Graeme Walker ## ## This program is free software: you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by diff --git a/bsd/Makefile.in b/bsd/Makefile.in index 2614825..afde634 100644 --- a/bsd/Makefile.in +++ b/bsd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -93,7 +93,6 @@ subdir = bsd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ - $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx_11.m4 \ $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -150,6 +149,7 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +am__extra_recursive_targets = extra-recursive am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -157,6 +157,7 @@ ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ARFLAGS = @ARFLAGS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -246,7 +247,7 @@ e_docdir = @e_docdir@ e_examplesdir = @e_examplesdir@ e_icondir = @e_icondir@ e_initdir = @e_initdir@ -e_libexecdir = @e_libexecdir@ +e_libdir = @e_libdir@ e_pamdir = @e_pamdir@ e_rundir = @e_rundir@ e_spooldir = @e_spooldir@ @@ -353,6 +354,7 @@ uninstall-e_bsdinitSCRIPTS: files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ dir='$(DESTDIR)$(e_bsdinitdir)'; $(am__uninstall_files_from_dir) +extra-local: tags TAGS: ctags CTAGS: @@ -443,6 +445,10 @@ dvi: dvi-am dvi-am: +extra: extra-am + +extra-am: extra-local + html: html-am html-am: @@ -500,16 +506,17 @@ uninstall-am: uninstall-e_bsdinitSCRIPTS .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ - ctags-am distclean distclean-generic distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am \ - install-e_bsdinitSCRIPTS install-exec install-exec-am \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags-am \ - uninstall uninstall-am uninstall-e_bsdinitSCRIPTS + ctags-am distclean distclean-generic distdir dvi dvi-am \ + extra-am extra-local html html-am info info-am install \ + install-am install-data install-data-am install-dvi \ + install-dvi-am install-e_bsdinitSCRIPTS install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags-am uninstall uninstall-am \ + uninstall-e_bsdinitSCRIPTS .PRECIOUS: Makefile diff --git a/bsd/emailrelay-bsd.sh.in b/bsd/emailrelay-bsd.sh.in index a4b476c..56b8156 100755 --- a/bsd/emailrelay-bsd.sh.in +++ b/bsd/emailrelay-bsd.sh.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/compile b/compile index a85b723..23fcba0 100755 --- a/compile +++ b/compile @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2012-10-14.11; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ scriptversion=2012-10-14.11; # UTC # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -53,7 +53,7 @@ func_file_conv () MINGW*) file_conv=mingw ;; - CYGWIN*) + CYGWIN* | MSYS*) file_conv=cygwin ;; *) @@ -67,7 +67,7 @@ func_file_conv () mingw/*) file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` ;; - cygwin/*) + cygwin/* | msys/*) file=`cygpath -m "$file" || echo "$file"` ;; wine/*) @@ -255,7 +255,8 @@ EOF echo "compile $scriptversion" exit $? ;; - cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ + icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) func_cl_wrapper "$@" # Doesn't return... ;; esac @@ -339,9 +340,9 @@ exit $ret # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff --git a/configure b/configure index 5599dda..b496134 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for E-MailRelay 2.4.1. +# Generated by GNU Autoconf 2.69 for E-MailRelay 2.5. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='E-MailRelay' PACKAGE_TARNAME='emailrelay' -PACKAGE_VERSION='2.4.1' -PACKAGE_STRING='E-MailRelay 2.4.1' +PACKAGE_VERSION='2.5' +PACKAGE_STRING='E-MailRelay 2.5' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -628,7 +628,7 @@ e_systemddir e_rundir e_sysconfdir e_pamdir -e_libexecdir +e_libdir e_examplesdir e_spooldir e_trdir @@ -659,6 +659,8 @@ GCONFIG_TESTING_FALSE GCONFIG_TESTING_TRUE GCONFIG_MAC_FALSE GCONFIG_MAC_TRUE +GCONFIG_POP_FALSE +GCONFIG_POP_TRUE GCONFIG_INTERFACE_NAMES_FALSE GCONFIG_INTERFACE_NAMES_TRUE GCONFIG_INSTALL_HOOK_FALSE @@ -681,6 +683,7 @@ PKG_CONFIG_PATH PKG_CONFIG EGREP CXXCPP +ARFLAGS GCONFIG_WINDMC GCONFIG_WINDRES GCONFIG_HAVE_MAN2HTML @@ -796,6 +799,7 @@ enable_epoll enable_gui enable_install_hook enable_interface_names +enable_pop enable_mac enable_std_thread enable_testing @@ -803,6 +807,7 @@ enable_verbose enable_windows enable_uds enable_dnsbl +enable_submission with_doxygen with_gettext with_man2html @@ -1378,7 +1383,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures E-MailRelay 2.4.1 to adapt to many kinds of systems. +\`configure' configures E-MailRelay 2.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1445,7 +1450,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of E-MailRelay 2.4.1:";; + short | recursive ) echo "Configuration of E-MailRelay 2.5:";; esac cat <<\_ACEOF @@ -1473,6 +1478,7 @@ Optional Features: --enable-interface-names allow network interface names for defining listening addresses (default yes) + --enable-pop enable pop (default yes) --enable-mac enable building for mac os x (default auto) --enable-std-thread use std::thread or not (default auto) --enable-testing enable make check tests (default yes) @@ -1480,13 +1486,15 @@ Optional Features: --enable-windows enable building for windows (default auto) --enable-uds enable unix domain sockets (default auto) --enable-dnsbl enable DNSBL (default yes) + --enable-submission main binary is a submission tool when named + emailrelay-submit (default no) Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-doxygen generate source code documentation with doxygen (default auto) - --with-gettext use GNU gettext (default no) + --with-gettext use gettext (default auto) --with-man2html convert man pages to html using man2html (default auto) --with-openssl use openssl for tls layer (default auto) @@ -1579,7 +1587,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -E-MailRelay configure 2.4.1 +E-MailRelay configure 2.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2015,7 +2023,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by E-MailRelay $as_me 2.4.1, which was +It was created by E-MailRelay $as_me 2.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2570,12 +2578,7 @@ program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` am_aux_dir=`cd "$ac_aux_dir" && pwd` if test x"${MISSING+set}" != xset; then - case $am_aux_dir in - *\ * | *\ *) - MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; - *) - MISSING="\${SHELL} $am_aux_dir/missing" ;; - esac + MISSING="\${SHELL} '$am_aux_dir/missing'" fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then @@ -2880,7 +2883,7 @@ fi # Define the identity of the package. PACKAGE='emailrelay' - VERSION='2.4.1' + VERSION='2.5' # Some tools Automake needs. @@ -2964,6 +2967,46 @@ END fi fi +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=1;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + + ac_config_headers="$ac_config_headers src/gconfig_defs.h" @@ -4233,327 +4276,9 @@ ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ex ac_compiler_gnu=$ac_cv_cxx_compiler_gnu ac_success=no - if test x$ac_success = xno; then - for alternative in ${ax_cxx_compile_alternatives}; do - switch="-std=gnu++${alternative}" - cachevar=`$as_echo "ax_cv_cxx_compile_cxx11_$switch" | $as_tr_sh` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX supports C++11 features with $switch" >&5 -$as_echo_n "checking whether $CXX supports C++11 features with $switch... " >&6; } -if eval \${$cachevar+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_save_CXX="$CXX" - CXX="$CXX $switch" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -// If the compiler admits that it is not ready for C++11, why torture it? -// Hopefully, this will speed up the test. -#ifndef __cplusplus - -#error "This is not a C++ compiler" - -#elif __cplusplus < 201103L - -#error "This is not a C++11 compiler" - -#else - -namespace cxx11 -{ - - namespace test_static_assert - { - - template - struct check - { - static_assert(sizeof(int) <= sizeof(T), "not big enough"); - }; - - } - - namespace test_final_override - { - - struct Base - { - virtual void f() {} - }; - - struct Derived : public Base - { - virtual void f() override {} - }; - - } - - namespace test_double_right_angle_brackets - { - - template < typename T > - struct check {}; - - typedef check single_type; - typedef check> double_type; - typedef check>> triple_type; - typedef check>>> quadruple_type; - - } - - namespace test_decltype - { - - int - f() - { - int a = 1; - decltype(a) b = 2; - return a + b; - } - - } - - namespace test_type_deduction - { - - template < typename T1, typename T2 > - struct is_same - { - static const bool value = false; - }; - - template < typename T > - struct is_same - { - static const bool value = true; - }; - - template < typename T1, typename T2 > - auto - add(T1 a1, T2 a2) -> decltype(a1 + a2) - { - return a1 + a2; - } - - int - test(const int c, volatile int v) - { - static_assert(is_same::value == true, ""); - static_assert(is_same::value == false, ""); - static_assert(is_same::value == false, ""); - auto ac = c; - auto av = v; - auto sumi = ac + av + 'x'; - auto sumf = ac + av + 1.0; - static_assert(is_same::value == true, ""); - static_assert(is_same::value == true, ""); - static_assert(is_same::value == true, ""); - static_assert(is_same::value == false, ""); - static_assert(is_same::value == true, ""); - return (sumf > 0.0) ? sumi : add(c, v); - } - - } - - namespace test_noexcept - { - - int f() { return 0; } - int g() noexcept { return 0; } - - static_assert(noexcept(f()) == false, ""); - static_assert(noexcept(g()) == true, ""); - - } - - namespace test_constexpr - { - - template < typename CharT > - unsigned long constexpr - strlen_c_r(const CharT *const s, const unsigned long acc) noexcept - { - return *s ? strlen_c_r(s + 1, acc + 1) : acc; - } - - template < typename CharT > - unsigned long constexpr - strlen_c(const CharT *const s) noexcept - { - return strlen_c_r(s, 0UL); - } - - static_assert(strlen_c("") == 0UL, ""); - static_assert(strlen_c("1") == 1UL, ""); - static_assert(strlen_c("example") == 7UL, ""); - static_assert(strlen_c("another\0example") == 7UL, ""); - - } - - namespace test_rvalue_references - { - - template < int N > - struct answer - { - static constexpr int value = N; - }; - - answer<1> f(int&) { return answer<1>(); } - answer<2> f(const int&) { return answer<2>(); } - answer<3> f(int&&) { return answer<3>(); } - - void - test() - { - int i = 0; - const int c = 0; - static_assert(decltype(f(i))::value == 1, ""); - static_assert(decltype(f(c))::value == 2, ""); - static_assert(decltype(f(0))::value == 3, ""); - } - - } - - namespace test_uniform_initialization - { - - struct test - { - static const int zero {}; - static const int one {1}; - }; - - static_assert(test::zero == 0, ""); - static_assert(test::one == 1, ""); - - } - - namespace test_lambdas - { - - void - test1() - { - auto lambda1 = [](){}; - auto lambda2 = lambda1; - lambda1(); - lambda2(); - } - - int - test2() - { - auto a = [](int i, int j){ return i + j; }(1, 2); - auto b = []() -> int { return '0'; }(); - auto c = [=](){ return a + b; }(); - auto d = [&](){ return c; }(); - auto e = [a, &b](int x) mutable { - const auto identity = [](int y){ return y; }; - for (auto i = 0; i < a; ++i) - a += b--; - return x + identity(a + b); - }(0); - return a + b + c + d + e; - } - - int - test3() - { - const auto nullary = [](){ return 0; }; - const auto unary = [](int x){ return x; }; - using nullary_t = decltype(nullary); - using unary_t = decltype(unary); - const auto higher1st = [](nullary_t f){ return f(); }; - const auto higher2nd = [unary](nullary_t f1){ - return [unary, f1](unary_t f2){ return f2(unary(f1())); }; - }; - return higher1st(nullary) + higher2nd(nullary)(unary); - } - - } - - namespace test_variadic_templates - { - - template - struct sum; - - template - struct sum - { - static constexpr auto value = N0 + sum::value; - }; - - template <> - struct sum<> - { - static constexpr auto value = 0; - }; - - static_assert(sum<>::value == 0, ""); - static_assert(sum<1>::value == 1, ""); - static_assert(sum<23>::value == 23, ""); - static_assert(sum<1, 2>::value == 3, ""); - static_assert(sum<5, 5, 11>::value == 21, ""); - static_assert(sum<2, 3, 5, 7, 11, 13>::value == 41, ""); - - } - - // http://stackoverflow.com/questions/13728184/template-aliases-and-sfinae - // Clang 3.1 fails with headers of libstd++ 4.8.3 when using std::function - // because of this. - namespace test_template_alias_sfinae - { - - struct foo {}; - - template - using member = typename T::member_type; - - template - void func(...) {} - - template - void func(member*) {} - - void test(); - - void test() { func(0); } - - } - -} // namespace cxx11 - -#endif // __cplusplus >= 201103L - - - -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - eval $cachevar=yes -else - eval $cachevar=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - CXX="$ac_save_CXX" -fi -eval ac_res=\$$cachevar - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - if eval test x\$$cachevar = xyes; then - CXX="$CXX $switch" - if test -n "$CXXCPP" ; then - CXXCPP="$CXXCPP $switch" - fi - ac_success=yes - break - fi - done - fi if test x$ac_success = xno; then for alternative in ${ax_cxx_compile_alternatives}; do @@ -4577,7 +4302,11 @@ else #error "This is not a C++ compiler" -#elif __cplusplus < 201103L +// MSVC always sets __cplusplus to 199711L in older versions; newer versions +// only set it correctly if /Zc:__cplusplus is specified as well as a +// /std:c++NN switch: +// https://devblogs.microsoft.com/cppblog/msvc-now-correctly-reports-__cplusplus/ +#elif __cplusplus < 201103L && !defined _MSC_VER #error "This is not a C++11 compiler" @@ -4602,11 +4331,13 @@ namespace cxx11 struct Base { + virtual ~Base() {} virtual void f() {} }; struct Derived : public Base { + virtual ~Derived() override {} virtual void f() override {} }; @@ -5359,6 +5090,18 @@ $as_echo "$GCONFIG_WINDMC" >&6; } + gconfig_arflags="${ARFLAGS-cru}" + if test "`uname 2>/dev/null`" = "Linux" + then + if "${AR}" --version | grep "GNU ar" > /dev/null + then + gconfig_arflags="cr" + fi + fi + ARFLAGS="$gconfig_arflags" + + + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -6829,6 +6572,48 @@ $as_echo "#define GCONFIG_HAVE_CXX_STD_THREAD 0" >>confdefs.h fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for c++ std::string_view" >&5 +$as_echo_n "checking for c++ std::string_view... " >&6; } +if ${gconfig_cv_cxx_string_view+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + std::string_view sv("sv") ; + +int +main () +{ + + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_cxx_string_view=yes +else + gconfig_cv_cxx_string_view=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_cxx_string_view" >&5 +$as_echo "$gconfig_cv_cxx_string_view" >&6; } + if test "$gconfig_cv_cxx_string_view" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_CXX_STRING_VIEW 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_CXX_STRING_VIEW 0" >>confdefs.h + + fi + + @@ -8083,6 +7868,50 @@ $as_echo "#define GCONFIG_HAVE_FSOPEN 0" >>confdefs.h fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fopen_s()" >&5 +$as_echo_n "checking for fopen_s()... " >&6; } +if ${gconfig_cv_fopen_s+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + FILE * fp = 0 ; + errno_t e = 0 ; + +int +main () +{ + + e = fopen_s(&fp,"foo","w") ; + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_fopen_s=yes +else + gconfig_cv_fopen_s=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_fopen_s" >&5 +$as_echo "$gconfig_cv_fopen_s" >&6; } + if test "$gconfig_cv_fopen_s" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_FOPEN_S 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_FOPEN_S 0" >>confdefs.h + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _sopen()" >&5 $as_echo_n "checking for _sopen()... " >&6; } if ${gconfig_cv_sopen+:} false; then : @@ -8690,6 +8519,7 @@ $as_echo "#define GCONFIG_HAVE_WINDOWS_INIT_COMMON_CONTROLS_EX 0" >>confdefs.h + # if the configure script fails in this area then you are probably missing pkg.m4 @@ -8815,7 +8645,23 @@ $as_echo "no" >&6; } fi - # try pkg-config -- this says 'checking for QT' + # skip the madness if the user has specified everything we need + if test "$QT_MOC" != "" -a "$QT_CFLAGS" != "" -a "$QT_LIBS" != "" + then + if echo "$QT_MOC" | grep -q / + then + QT_LRELEASE="`dirname \"$QT_MOC\"`/lrelease" + else + QT_LRELEASE="lrelease" + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for QT" >&5 +$as_echo_n "checking for QT... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: overridden" >&5 +$as_echo "overridden" >&6; } + gconfig_have_qt=yes + else + + # try pkg-config -- this says 'checking for QT' pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for QT" >&5 @@ -8876,8 +8722,8 @@ fi echo "$QT_PKG_ERRORS" >&5 - gconfig_pkgconfig_qt=no - { $as_echo "$as_me:${as_lineno-$LINENO}: no QT 5 pkg-config" >&5 + gconfig_pkgconfig_qt=no + { $as_echo "$as_me:${as_lineno-$LINENO}: no QT 5 pkg-config" >&5 $as_echo "$as_me: no QT 5 pkg-config" >&6;} @@ -8885,8 +8731,8 @@ elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - gconfig_pkgconfig_qt=no - { $as_echo "$as_me:${as_lineno-$LINENO}: no QT 5 pkg-config" >&5 + gconfig_pkgconfig_qt=no + { $as_echo "$as_me:${as_lineno-$LINENO}: no QT 5 pkg-config" >&5 $as_echo "$as_me: no QT 5 pkg-config" >&6;} @@ -8896,48 +8742,48 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - gconfig_pkgconfig_qt=yes + gconfig_pkgconfig_qt=yes fi - # allow the moc command to be defined with QT_MOC on the configure - # command-line, typically also with CXXFLAGS and LIBS pointing to Qt - # headers and libraries + # allow the moc command to be defined with QT_MOC on the configure + # command-line, typically also with CXXFLAGS and LIBS pointing to Qt + # headers and libraries - if echo "$QT_MOC" | grep -q / - then - QT_LRELEASE="`dirname \"$QT_MOC\"`/lrelease" - else - QT_LRELEASE="lrelease" - fi - - # or build the moc command using pkg-config results - if test "$QT_MOC" = "" - then - if test "$gconfig_pkgconfig_qt" = "yes" + if echo "$QT_MOC" | grep -q / then - QT_MOC="`$PKG_CONFIG --variable=host_bins Qt5Core`/moc" - QT_LRELEASE="`$PKG_CONFIG --variable=host_bins Qt5Core`/lrelease" - QT_CHOOSER="`$PKG_CONFIG --variable=exec_prefix Qt5Core`/bin/qtchooser" - if test -x "$QT_MOC" ; then : ; else QT_MOC="" ; fi - if test -x "$QT_LRELEASE" ; then : ; else QT_LRELEASE="" ; fi - if test -x "$QT_CHOOSER" ; then : ; else QT_CHOOSER="" ; fi - if test "$QT_MOC" = "" -a "$QT_CHOOSER" != "" + QT_LRELEASE="`dirname \"$QT_MOC\"`/lrelease" + else + QT_LRELEASE="lrelease" + fi + + # or build the moc command using pkg-config results + if test "$QT_MOC" = "" + then + if test "$gconfig_pkgconfig_qt" = "yes" then - QT_MOC="$QT_CHOOSER -run-tool=moc -qt=qt5" - fi - if test "$QT_LRELEASE" = "" -a "$QT_CHOOSER" != "" - then - QT_LRELEASE="$QT_CHOOSER -run-tool=lrelease -qt=qt5" + QT_MOC="`$PKG_CONFIG --variable=host_bins Qt5Core`/moc" + QT_LRELEASE="`$PKG_CONFIG --variable=host_bins Qt5Core`/lrelease" + QT_CHOOSER="`$PKG_CONFIG --variable=exec_prefix Qt5Core`/bin/qtchooser" + if test -x "$QT_MOC" ; then : ; else QT_MOC="" ; fi + if test -x "$QT_LRELEASE" ; then : ; else QT_LRELEASE="" ; fi + if test -x "$QT_CHOOSER" ; then : ; else QT_CHOOSER="" ; fi + if test "$QT_MOC" = "" -a "$QT_CHOOSER" != "" + then + QT_MOC="$QT_CHOOSER -run-tool=moc -qt=qt5" + fi + if test "$QT_LRELEASE" = "" -a "$QT_CHOOSER" != "" + then + QT_LRELEASE="$QT_CHOOSER -run-tool=lrelease -qt=qt5" + fi fi fi - fi - # or find moc on the path - if test "$QT_MOC" = "" - then - # Extract the first word of "moc", so it can be a program name with args. + # or find moc on the path + if test "$QT_MOC" = "" + then + # Extract the first word of "moc", so it can be a program name with args. set dummy moc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } @@ -8977,11 +8823,11 @@ $as_echo "no" >&6; } fi - fi + fi - if test "$QT_LRELEASE" = "" - then - # Extract the first word of "lrelease", so it can be a program name with args. + if test "$QT_LRELEASE" = "" + then + # Extract the first word of "lrelease", so it can be a program name with args. set dummy lrelease; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } @@ -9021,40 +8867,41 @@ $as_echo "no" >&6; } fi - if test "$QT_LRELEASE" = "" - then - QT_LRELEASE=false + if test "$QT_LRELEASE" = "" + then + QT_LRELEASE=false + fi fi - fi - if test "$QT_MOC" != "" - then - { $as_echo "$as_me:${as_lineno-$LINENO}: QT moc command: $QT_MOC" >&5 + if test "$QT_MOC" != "" + then + { $as_echo "$as_me:${as_lineno-$LINENO}: QT moc command: $QT_MOC" >&5 $as_echo "$as_me: QT moc command: $QT_MOC" >&6;} - fi - - # set gconfig_have_qt, QT_CFLAGS and QT_LIBS iff we have a moc command - if test "$QT_MOC" != "" - then - gconfig_have_qt="yes" - if test "$gconfig_pkgconfig_qt" = "yes" - then - QT_CFLAGS="-fPIC `$PKG_CONFIG --cflags Qt5Widgets`" - QT_LIBS="`$PKG_CONFIG --libs Qt5Widgets`" - else - QT_CFLAGS="-fPIC" - QT_LIBS="" fi - else - gconfig_have_qt="no" - fi - # mac modifications - if test "$QT_MOC" != "" -a "`uname`" = "Darwin" - then - QT_DIR="`dirname $QT_MOC`/.." - QT_CFLAGS="-F $QT_DIR/lib" - QT_LIBS="-F $QT_DIR/lib -framework QtWidgets -framework QtGui -framework QtCore" + # set gconfig_have_qt, QT_CFLAGS and QT_LIBS iff we have a moc command + if test "$QT_MOC" != "" + then + gconfig_have_qt="yes" + if test "$gconfig_pkgconfig_qt" = "yes" + then + QT_CFLAGS="-fPIC `$PKG_CONFIG --cflags Qt5Widgets`" + QT_LIBS="`$PKG_CONFIG --libs Qt5Widgets`" + else + QT_CFLAGS="-fPIC" + QT_LIBS="" + fi + else + gconfig_have_qt="no" + fi + + # mac modifications + if test "$QT_MOC" != "" -a "`uname`" = "Darwin" + then + QT_DIR="`dirname $QT_MOC`/.." + QT_CFLAGS="-F $QT_DIR/lib" + QT_LIBS="-F $QT_DIR/lib -framework QtWidgets -framework QtGui -framework QtCore" + fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for QT compilation" >&5 @@ -9343,7 +9190,7 @@ fi : else -$as_echo "#define _DEBUG 1" >>confdefs.h +$as_echo "#define G_WITH_DEBUG 1" >>confdefs.h fi @@ -9472,6 +9319,28 @@ else fi +# Check whether --enable-pop was given. +if test "${enable_pop+set}" = set; then : + enableval=$enable_pop; +fi + + + if test "$enable_pop" = "no" + then + gconfig_use_pop="no" + else + gconfig_use_pop="yes" + fi + + if test "$gconfig_use_pop" = "yes"; then + GCONFIG_POP_TRUE= + GCONFIG_POP_FALSE='#' +else + GCONFIG_POP_TRUE='#' + GCONFIG_POP_FALSE= +fi + + # Check whether --enable-mac was given. if test "${enable_mac+set}" = set; then : enableval=$enable_mac; @@ -9647,6 +9516,23 @@ fi fi +# Check whether --enable-submission was given. +if test "${enable_submission+set}" = set; then : + enableval=$enable_submission; +fi + + + if test "$enable_submission" = "yes" + then + +$as_echo "#define GCONFIG_ENABLE_SUBMISSION 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_ENABLE_SUBMISSION 0" >>confdefs.h + + fi + # Check whether --with-doxygen was given. @@ -10181,13 +10067,13 @@ fi - if test "$e_libexecdir" = "" + if test "$e_libdir" = "" then - e_libexecdir="$libexecdir/$PACKAGE" + e_libdir="$libexecdir/$PACKAGE" fi if test "$e_examplesdir" = "" then - e_examplesdir="$libexecdir/$PACKAGE/examples" + e_examplesdir="$e_libdir/examples" fi if test "$e_sysconfdir" = "" then @@ -10211,7 +10097,7 @@ fi fi if test "$e_initdir" = "" then - e_initdir="$libexecdir/$PACKAGE/init" + e_initdir="$e_libdir/init" fi if test "$e_bsdinitdir" = "" then @@ -10219,7 +10105,7 @@ fi then e_bsdinitdir="$sysconfdir/rc.d" else - e_bsdinitdir="$libexecdir/$PACKAGE/init/bsd" + e_bsdinitdir="$e_libdir/init/bsd" fi fi if test "$e_icondir" = "" @@ -10256,7 +10142,7 @@ fi -ac_config_files="$ac_config_files Makefile src/Makefile src/glib/Makefile src/gssl/Makefile src/gnet/Makefile src/gauth/Makefile src/gsmtp/Makefile src/gpop/Makefile src/main/Makefile src/main/icon/Makefile src/win32/Makefile src/gui/Makefile bin/Makefile doc/Makefile etc/Makefile test/Makefile test/certificates/Makefile m4/Makefile bsd/Makefile debian/Makefile po/Makefile unity/Makefile" +ac_config_files="$ac_config_files Makefile libexec/Makefile src/Makefile src/glib/Makefile src/gssl/Makefile src/gnet/Makefile src/gauth/Makefile src/gstore/Makefile src/gsmtp/Makefile src/gpop/Makefile src/gfilters/Makefile src/gverifiers/Makefile src/main/Makefile src/main/icon/Makefile src/win32/Makefile src/gui/Makefile bin/Makefile doc/Makefile etc/Makefile test/Makefile test/certificates/Makefile m4/Makefile bsd/Makefile debian/Makefile po/Makefile unity/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -10419,6 +10305,10 @@ if test -z "${GCONFIG_INTERFACE_NAMES_TRUE}" && test -z "${GCONFIG_INTERFACE_NAM as_fn_error $? "conditional \"GCONFIG_INTERFACE_NAMES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${GCONFIG_POP_TRUE}" && test -z "${GCONFIG_POP_FALSE}"; then + as_fn_error $? "conditional \"GCONFIG_POP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${GCONFIG_MAC_TRUE}" && test -z "${GCONFIG_MAC_FALSE}"; then as_fn_error $? "conditional \"GCONFIG_MAC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -10868,7 +10758,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by E-MailRelay $as_me 2.4.1, which was +This file was extended by E-MailRelay $as_me 2.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -10934,7 +10824,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -E-MailRelay config.status 2.4.1 +E-MailRelay config.status 2.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -11066,13 +10956,17 @@ do "src/gconfig_defs.h") CONFIG_HEADERS="$CONFIG_HEADERS src/gconfig_defs.h" ;; "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "libexec/Makefile") CONFIG_FILES="$CONFIG_FILES libexec/Makefile" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/glib/Makefile") CONFIG_FILES="$CONFIG_FILES src/glib/Makefile" ;; "src/gssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/gssl/Makefile" ;; "src/gnet/Makefile") CONFIG_FILES="$CONFIG_FILES src/gnet/Makefile" ;; "src/gauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/gauth/Makefile" ;; + "src/gstore/Makefile") CONFIG_FILES="$CONFIG_FILES src/gstore/Makefile" ;; "src/gsmtp/Makefile") CONFIG_FILES="$CONFIG_FILES src/gsmtp/Makefile" ;; "src/gpop/Makefile") CONFIG_FILES="$CONFIG_FILES src/gpop/Makefile" ;; + "src/gfilters/Makefile") CONFIG_FILES="$CONFIG_FILES src/gfilters/Makefile" ;; + "src/gverifiers/Makefile") CONFIG_FILES="$CONFIG_FILES src/gverifiers/Makefile" ;; "src/main/Makefile") CONFIG_FILES="$CONFIG_FILES src/main/Makefile" ;; "src/main/icon/Makefile") CONFIG_FILES="$CONFIG_FILES src/main/icon/Makefile" ;; "src/win32/Makefile") CONFIG_FILES="$CONFIG_FILES src/win32/Makefile" ;; @@ -11764,7 +11658,9 @@ $as_echo X/"$am_mf" | { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "Something went wrong bootstrapping makefile fragments - for automatic dependency tracking. Try re-running configure with the + for automatic dependency tracking. If GNU make was not used, consider + re-running the configure script with MAKE=\"gmake\" (or whatever is + necessary). You can also try re-running configure with the '--disable-dependency-tracking' option to at least be able to build the package (albeit without support for automatic dependency tracking). See \`config.log' for more details" "$LINENO" 5; } diff --git a/configure.ac b/configure.ac old mode 100755 new mode 100644 index 7f06df5..db0e7ad --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -dnl Copyright (C) 2001-2022 Graeme Walker +dnl Copyright (C) 2001-2023 Graeme Walker dnl dnl This program is free software: you can redistribute it and/or modify dnl it under the terms of the GNU General Public License as published by @@ -19,10 +19,12 @@ dnl dnl Process this file with autoconf to produce a configure script. dnl -AC_INIT([E-MailRelay],[2.4.1],[],[emailrelay]) +AC_INIT([E-MailRelay],[2.5],[],[emailrelay]) AC_CONFIG_SRCDIR([src/glib/gdef.h]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE([no-define]) +AM_SILENT_RULES([no]) +AM_EXTRA_RECURSIVE_TARGETS([extra]) AC_CONFIG_HEADERS([src/gconfig_defs.h]) AM_MAINTAINER_MODE AC_DISABLE_OPTION_CHECKING @@ -31,7 +33,7 @@ dnl check for programs dnl AC_PROG_CC([cc gcc clang]) AC_PROG_CXX([c++ g++ clang++]) -AX_CXX_COMPILE_STDCXX_11([],[mandatory]) +AX_CXX_COMPILE_STDCXX([11],[noext],[mandatory]) AC_PROG_INSTALL AC_PROG_RANLIB AC_PROG_SED @@ -43,6 +45,7 @@ AC_CHECK_PROG([GCONFIG_HAVE_DOXYGEN],[doxygen],[yes]) AC_CHECK_PROG([GCONFIG_HAVE_MAN2HTML],[man2html],[yes]) GCONFIG_FN_PROG_WINDRES GCONFIG_FN_PROG_WINDMC +GCONFIG_FN_ARFLAGS dnl check for system libraries dnl @@ -71,7 +74,7 @@ GCONFIG_FN_QT_BUILD GCONFIG_FN_TLS_OPENSSL GCONFIG_FN_TLS_MBEDTLS -dnl "--enable-whatever" +dnl "--enable-whatever" for internal features dnl AC_ARG_ENABLE([bsd],AS_HELP_STRING([--enable-bsd],[enable building for bsd (default auto)])) GCONFIG_FN_ENABLE_BSD @@ -85,6 +88,8 @@ AC_ARG_ENABLE([install-hook],AS_HELP_STRING([--enable-install-hook],[enable fixi GCONFIG_FN_ENABLE_INSTALL_HOOK AC_ARG_ENABLE([interface-names],AS_HELP_STRING([--enable-interface-names],[allow network interface names for defining listening addresses (default yes)])) GCONFIG_FN_ENABLE_INTERFACE_NAMES +AC_ARG_ENABLE([pop],AS_HELP_STRING([--enable-pop],[enable pop (default yes)])) +GCONFIG_FN_ENABLE_POP AC_ARG_ENABLE([mac],AS_HELP_STRING([--enable-mac],[enable building for mac os x (default auto)])) GCONFIG_FN_ENABLE_MAC AC_ARG_ENABLE([std-thread],AS_HELP_STRING([--enable-std-thread],[use std::thread or not (default auto)])) @@ -99,12 +104,14 @@ AC_ARG_ENABLE([uds],AS_HELP_STRING([--enable-uds],[enable unix domain sockets (d GCONFIG_FN_ENABLE_UDS AC_ARG_ENABLE([dnsbl],AS_HELP_STRING([--enable-dnsbl],[enable DNSBL (default yes)])) GCONFIG_FN_ENABLE_DNSBL +AC_ARG_ENABLE([submission],AS_HELP_STRING([--enable-submission],[main binary is a submission tool when named emailrelay-submit (default no)])) +GCONFIG_FN_ENABLE_SUBMISSION -dnl "--with-whatever" +dnl "--with-whatever" for external dependencies dnl AC_ARG_WITH([doxygen],AS_HELP_STRING([--with-doxygen],[generate source code documentation with doxygen (default auto)])) GCONFIG_FN_WITH_DOXYGEN -AC_ARG_WITH([gettext],AS_HELP_STRING([--with-gettext],[use GNU gettext (default no)])) +AC_ARG_WITH([gettext],AS_HELP_STRING([--with-gettext],[use gettext (default auto)])) GCONFIG_FN_WITH_GETTEXT AC_ARG_WITH([man2html],AS_HELP_STRING([--with-man2html],[convert man pages to html using man2html (default auto)])) GCONFIG_FN_WITH_MAN2HTML @@ -121,7 +128,7 @@ GCONFIG_FN_SET_DIRECTORIES_E dnl generate files dnl -AC_CONFIG_FILES([Makefile src/Makefile src/glib/Makefile src/gssl/Makefile src/gnet/Makefile src/gauth/Makefile src/gsmtp/Makefile src/gpop/Makefile src/main/Makefile src/main/icon/Makefile src/win32/Makefile src/gui/Makefile bin/Makefile doc/Makefile etc/Makefile test/Makefile test/certificates/Makefile m4/Makefile bsd/Makefile debian/Makefile po/Makefile unity/Makefile]) +AC_CONFIG_FILES([Makefile libexec/Makefile src/Makefile src/glib/Makefile src/gssl/Makefile src/gnet/Makefile src/gauth/Makefile src/gstore/Makefile src/gsmtp/Makefile src/gpop/Makefile src/gfilters/Makefile src/gverifiers/Makefile src/main/Makefile src/main/icon/Makefile src/win32/Makefile src/gui/Makefile bin/Makefile doc/Makefile etc/Makefile test/Makefile test/certificates/Makefile m4/Makefile bsd/Makefile debian/Makefile po/Makefile unity/Makefile]) AC_OUTPUT dnl final warnings diff --git a/configure.sh b/configure.sh index 06b1932..bb488cc 100755 --- a/configure.sh +++ b/configure.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -31,8 +31,8 @@ # -w64 cross-compile for windows 64-bit with mingw-w64 # -p cross-compile for rpi # -g git-clone mbedtls and exit -# -S force e_systemddir for systemd -# -X suppress e_systemddir for systemd +# -S force e_systemddir +# -X suppress e_systemddir # # When cross-compiling with mbedtls the mbedtls source should be unpacked # into this base directory (see MBEDTLS_DIR below), or use '-g' to @@ -77,9 +77,12 @@ fi if test "0$opt_git" -eq 1 then - git clone https://salsa.debian.org/debian/mbedtls.git + branch="mbedtls-2.28" + #branch="master" + git clone https://github.com/Mbed-TLS/mbedtls.git + ( cd mbedtls && git checkout -q remotes/origin/$branch ) e="$?" - sed -i 's/defined._TRUNCATE./0/' mbedtls/library/platform.c + patch -d mbedtls/library -l -p1 < src/gssl/mbedtls-vsnprintf-fix-new.p1 || patch -d mbedtls/library -l -p1 < src/gssl/mbedtls-vsnprintf-fix.p1 if test "$e" -eq 0 -a "0$opt_mingw" -eq 0 then echo build with... @@ -196,7 +199,7 @@ then export AR="$SDK_TOOLCHAIN_DIR/bin/$TARGET-ar" export STRIP="$SDK_TOOLCHAIN_DIR/bin/$TARGET-strip" export CXXFLAGS="-fno-rtti -fno-threadsafe-statics -Os $CXXFLAGS" - export CXXFLAGS="$CXXFLAGS -DG_SMALL" + export CXXFLAGS="$CXXFLAGS -DG_LIB_SMALL -DG_SMALL" export LDFLAGS="$LDFLAGS -static" export LIBS="-lgcc_eh" if test -x "$CXX" ; then : ; else echo "error: no c++ compiler for target [$TARGET]: CXX=[$CXX]\n" ; exit 1 ; fi diff --git a/debian/Makefile.am b/debian/Makefile.am index 6f82903..c13edcf 100644 --- a/debian/Makefile.am +++ b/debian/Makefile.am @@ -1,5 +1,5 @@ # -## Copyright (C) 2001-2022 Graeme Walker +## Copyright (C) 2001-2023 Graeme Walker ## ## This program is free software: you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by @@ -19,9 +19,10 @@ EXTRA_DIST = \ emailrelay.init \ emailrelay.default \ emailrelay.service \ + emailrelay.pam \ changelog \ + conffiles \ control \ - compat \ copyright \ preinst \ postinst \ diff --git a/debian/Makefile.in b/debian/Makefile.in index 05c388a..a676c32 100644 --- a/debian/Makefile.in +++ b/debian/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -92,7 +92,6 @@ subdir = debian ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ - $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx_11.m4 \ $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -120,6 +119,7 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +am__extra_recursive_targets = extra-recursive am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -127,6 +127,7 @@ ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ARFLAGS = @ARFLAGS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -216,7 +217,7 @@ e_docdir = @e_docdir@ e_examplesdir = @e_examplesdir@ e_icondir = @e_icondir@ e_initdir = @e_initdir@ -e_libexecdir = @e_libexecdir@ +e_libdir = @e_libdir@ e_pamdir = @e_pamdir@ e_rundir = @e_rundir@ e_spooldir = @e_spooldir@ @@ -253,9 +254,10 @@ EXTRA_DIST = \ emailrelay.init \ emailrelay.default \ emailrelay.service \ + emailrelay.pam \ changelog \ + conffiles \ control \ - compat \ copyright \ preinst \ postinst \ @@ -295,6 +297,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): +extra-local: tags TAGS: ctags CTAGS: @@ -381,6 +384,10 @@ dvi: dvi-am dvi-am: +extra: extra-am + +extra-am: extra-local + html: html-am html-am: @@ -438,15 +445,16 @@ uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ - ctags-am distclean distclean-generic distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ - pdf-am ps ps-am tags-am uninstall uninstall-am + ctags-am distclean distclean-generic distdir dvi dvi-am \ + extra-am extra-local html html-am info info-am install \ + install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ + uninstall-am .PRECIOUS: Makefile diff --git a/debian/changelog b/debian/changelog index 2174cf4..f23926f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +emailrelay (2.5) unstable; urgency=low + * Multiple configurations in one process. + * SMTP PIPELINING (RFC-2920). + * SMTP CHUNKING/8BITMIME 'BDAT' extension (RFC-3030), disabled by default. + * SMTP SMTPUTF8 extension (RFC-6531), disabled by default. + * No 7-bit/8-bit check on received message content (see NEWS file). + * New built-in filters: "deliver:", "split:", "copy:", "mx:", "msgid:". + * New built-in address verifier: "account:" + * No ".local" files (see NEWS file). + * PAM authentication is now enabled with "--server-auth=pam:" not "/pam". + * Client authentication details can be given directly from the command-line. + * Multiple "client" authentication secrets, selected by a new envelope field. + * Main binary can act as a simple submission tool ("configure --enable-submission"). + -- maintainer graeme_walker Thu, 10 Aug 2023 00:00:00 +0000 + emailrelay (2.4) unstable; urgency=low * Multiple "--filter" and "--client-filter" options allowed. * TLS key and certificate files can be specified separately. @@ -9,7 +24,7 @@ emailrelay (2.4) unstable; urgency=low * The Linux event loop uses "epoll" by default rather than "select". * Some support for message routing (see NEWS). * Fix of error handling in network client filters ("--client-filter=net:...") [bug-id #50]. - -- maintainer graeme_walker Sun, 27 Nov 2022 00:00:00 +0000 + -- maintainer graeme_walker Thu, 10 Aug 2023 00:00:00 +0000 emailrelay (2.3) unstable; urgency=low * Unix domain sockets supported (eg. "--interface=/tmp/smtp.s"). diff --git a/debian/compat b/debian/compat deleted file mode 100644 index f599e28..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -10 diff --git a/debian/conffiles b/debian/conffiles new file mode 100644 index 0000000..e69de29 diff --git a/debian/control b/debian/control index 3afe463..aee657f 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: emailrelay Section: mail Priority: optional Maintainer: Graeme Walker -Build-Depends: debhelper (>= 9), autotools-dev, libssl-dev, libpam0g-dev +Build-Depends: debhelper-compat (= 13), autotools-dev, libssl-dev, libpam0g-dev Standards-Version: 3.9.8 Homepage: http://emailrelay.sourceforge.net @@ -10,8 +10,8 @@ Package: emailrelay Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: E-mail store-and-forward transfer agent and pop server. - E-MailRelay does three things: it stores any incoming e-mail messages that - it receives, it forwards e-mail messages on to another remote e-mail server, - and it serves up stored e-mail messages to local e-mail reader programs. More - technically, it acts as a SMTP storage daemon, a SMTP forwarding agent, and - a POP3 server. + E-MailRelay is a lightweight SMTP store-and-forward mail server with POP access + to spooled messages. It can be used as a personal internet mail server with + SpamAssassin spam filtering and DNSBL connection blocking. Forwarding can be + to a fixed smarthost or using DNS MX routing. External scripts can be used for + address validation and e-mail message processing. diff --git a/debian/copyright b/debian/copyright index 8096da7..877fde6 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,6 +1,6 @@ Copyright ========= -Copyright (C) 2001-2022 Graeme Walker +Copyright (C) 2001-2023 Graeme Walker Refer to the file COPYING (included), /usr/share/common-licenses/GPL-3, or for the terms of the GNU General Public License. diff --git a/debian/emailrelay.default b/debian/emailrelay.default index 5652a07..d3b42a0 100644 --- a/debian/emailrelay.default +++ b/debian/emailrelay.default @@ -1,3 +1,2 @@ -# change this to 1 to enable the emailrelay system-v init script -# and run 'service emailrelay start' when configured -EMAILRELAY_ENABLED=0 +# set EMAILRELAY_ENABLED=0 to disable sysv-init emailrelay start +#EMAILRELAY_ENABLED=0 diff --git a/debian/emailrelay.init b/debian/emailrelay.init index a91f33d..e4c8f08 100755 --- a/debian/emailrelay.init +++ b/debian/emailrelay.init @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2022 Graeme Walker +# Copyright (C) 2001-2023 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -115,9 +115,9 @@ log_end_msg() # setup_config() { - if test ! -f "$CONFIG" -a -f "$CONFIG.template" + if test ! -e "$CONFIG" then - cp -p "$CONFIG.template" "$CONFIG" + echo "# emailrelay.conf" > "$CONFIG" fi } root_root() @@ -130,7 +130,7 @@ root_root() spooldir() { # Prints the spool directory path from the config file, but with a - # default because packaged installs may not edit the config file + # default because packaged installs might not edit the config file # like 'make install' does ( echo spool-dir /var/spool/emailrelay ; cat "$CONFIG" ) | \ tr '\t' ' ' | sed 's/ */ /g' | grep '^spool-dir [^ ]' | \ @@ -179,7 +179,6 @@ setup_sgid() setup_tools() { setup_sgid "/usr/sbin/emailrelay-submit" - setup_sgid "/usr/lib/emailrelay/emailrelay-filter-copy" } setup_openrc() { @@ -201,19 +200,6 @@ if test "$1" = "setup" ; then setup ; exit 0 ; fi # test -f /lib/lsb/init-functions && . /lib/lsb/init-functions -# Ignore /etc/default 'enabled' switch if running from systemd. -# -# (The 'enabled' mechanism is needed on non-systemd debian distros -# because the dpkg postinstall script starts the server, whereas -# on systemd systems the dpkg postinstall script's call to update-rc.d -# does nothing. On rpm or 'make install' systems the /etc/default file -# is not installed at all.) -# -if test -d /run/systemd/system -a "$PPID" -eq 1 -then - EMAILRELAY_ENABLED="1" -fi - case "$1" in restart|force-reload) @@ -261,10 +247,10 @@ case "$1" in if pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null then log_success_msg "$NAME is running" - true + exit 0 else log_failure_msg "$NAME is not running" - false + exit 32 # see guiboot_unix.cpp fi ;; diff --git a/debian/emailrelay.pam b/debian/emailrelay.pam new file mode 100644 index 0000000..2b43476 --- /dev/null +++ b/debian/emailrelay.pam @@ -0,0 +1,2 @@ +# emailrelay pam configuration +auth requisite pam_unix.so nullok_secure diff --git a/debian/rules b/debian/rules index 9946c9f..3ee44e5 100755 --- a/debian/rules +++ b/debian/rules @@ -6,9 +6,9 @@ # %: - dh $@ --with autotools_dev + dh $@ --parallel --no-start override_dh_auto_configure: - # (the init script goes to one side under /usr/lib since we have debian/emailrelay.init) - dh_auto_configure -- --libexecdir=/usr/lib e_initdir=/usr/lib/emailrelay/init e_rundir=/run/emailrelay --without-doxygen --without-man2html --with-openssl --without-mbedtls --with-pam --disable-gui --disable-install-hook --disable-testing + # (the init script and pam file go to one side under /usr/lib since we have .init and .pam files in debian/) + dh_auto_configure -- e_libdir=/usr/lib/emailrelay e_initdir=/usr/lib/emailrelay/init e_rundir=/run/emailrelay e_pamdir=/usr/lib/emailrelay/pam --without-doxygen --without-man2html --with-openssl --without-mbedtls --with-pam --disable-gui --disable-testing diff --git a/depcomp b/depcomp index fc98710..6b39162 100755 --- a/depcomp +++ b/depcomp @@ -1,9 +1,9 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2013-05-30.07; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ scriptversion=2013-05-30.07; # UTC # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -783,9 +783,9 @@ exit 0 # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff --git a/doc/Makefile.am b/doc/Makefile.am index c7d7217..587c601 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,5 +1,5 @@ # -## Copyright (C) 2001-2022 Graeme Walker +## Copyright (C) 2001-2023 Graeme Walker ## ## This program is free software: you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by @@ -22,24 +22,21 @@ txt_files_install=\ userguide.txt userguide.md userguide.rst \ windows.txt windows.md windows.rst \ changelog.txt changelog.md changelog.rst \ - doxygen.cfg.in \ - index.rst conf.py.sphinx + doxygen.cfg.in + +txt_files_noinstall=\ + index.rst \ + conf.py man_files_install=\ emailrelay.1 \ emailrelay-passwd.1 \ - emailrelay-submit.1 \ - emailrelay-filter-copy.1 + emailrelay-submit.1 man_files_clean=\ emailrelay.1.gz \ emailrelay-passwd.1.gz \ - emailrelay-submit.1.gz \ - emailrelay-filter-copy.1.gz - -html_files_noinstall=\ - man2html-missing.html \ - doxygen-missing.html + emailrelay-submit.1.gz html_files_install=\ index.html \ @@ -51,6 +48,10 @@ html_files_install=\ windows.html \ changelog.html +html_files_noinstall=\ + man2html-missing.html \ + doxygen-missing.html + css_files_install=\ emailrelay.css \ emailrelay-doxygen.css @@ -59,25 +60,28 @@ svg_files_noinstall=\ authentication.svg \ forwardto.svg \ serverclient.svg \ - whatisit.svg + whatisit.svg \ + mailserver.svg \ + popbyname.svg png_files_install=\ authentication.png \ forwardto.png \ serverclient.png \ whatisit.png \ - download-button.png - + download-button.png \ + mailserver.png \ + popbyname.png EXTRA_DIST = \ $(man_files_install) \ $(txt_files_install) \ + $(txt_files_noinstall) \ $(css_files_install) \ $(png_files_install) \ $(svg_files_noinstall) \ $(html_files_install) \ - $(html_files_noinstall) \ - make-website + $(html_files_noinstall) noinst_SCRIPTS = .dox man1_MANS = $(man_files_install) @@ -86,7 +90,7 @@ CLEANFILES = $(noinst_SCRIPTS) $(man_files_clean) emailrelay-man.html doxygen.ou SUFFIXES = .txt .html -run_doxygen=$(top_srcdir)/bin/doxygen.sh +run_doxygen=$(top_srcdir)/libexec/doxygen.sh .dox: -@chmod +x $(run_doxygen) @@ -104,9 +108,6 @@ emailrelay-passwd.1.gz : emailrelay-passwd.1 emailrelay-submit.1.gz : emailrelay-submit.1 if test -n "$(GZIP)" ; then $(GZIP) -c "$(top_srcdir)/doc/emailrelay-submit.1" > emailrelay-submit.1.gz ; fi -emailrelay-filter-copy.1.gz : emailrelay-filter-copy.1 - if test -n "$(GZIP)" ; then $(GZIP) -c "$(top_srcdir)/doc/emailrelay-filter-copy.1" > emailrelay-filter-copy.1.gz ; fi - install-data-local: install-e_docDATA $(mkinstalldirs) "$(DESTDIR)$(e_docdir)/doxygen" if test -d doxygen ; then for file in doxygen/* ; do $(INSTALL) -m 644 "$$file" "$(DESTDIR)$(e_docdir)/$$file" || true ; done ; else true ; fi @@ -126,11 +127,10 @@ md: .PHONY: sphinx sphinx: - cp conf.py.sphinx conf.py sphinx-build -b html . ./_build .PHONY: website website: - @chmod +x $(top_srcdir)/doc/make-website || true - $(top_srcdir)/doc/make-website `cat $(top_srcdir)/VERSION` + @chmod +x $(top_srcdir)/libexec/make-website || true + $(top_srcdir)/libexec/make-website `cat $(top_srcdir)/VERSION` diff --git a/doc/Makefile.in b/doc/Makefile.in index 5557800..ccafc4c 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -94,7 +94,6 @@ subdir = doc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ - $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx_11.m4 \ $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -155,6 +154,7 @@ am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(e_docdir)" NROFF = nroff MANS = $(man1_MANS) DATA = $(e_doc_DATA) +am__extra_recursive_targets = extra-recursive am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -162,6 +162,7 @@ ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ARFLAGS = @ARFLAGS@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -251,7 +252,7 @@ e_docdir = @e_docdir@ e_examplesdir = @e_examplesdir@ e_icondir = @e_icondir@ e_initdir = @e_initdir@ -e_libexecdir = @e_libexecdir@ +e_libdir = @e_libdir@ e_pamdir = @e_pamdir@ e_rundir = @e_rundir@ e_spooldir = @e_spooldir@ @@ -291,24 +292,21 @@ txt_files_install = \ userguide.txt userguide.md userguide.rst \ windows.txt windows.md windows.rst \ changelog.txt changelog.md changelog.rst \ - doxygen.cfg.in \ - index.rst conf.py.sphinx + doxygen.cfg.in + +txt_files_noinstall = \ + index.rst \ + conf.py man_files_install = \ emailrelay.1 \ emailrelay-passwd.1 \ - emailrelay-submit.1 \ - emailrelay-filter-copy.1 + emailrelay-submit.1 man_files_clean = \ emailrelay.1.gz \ emailrelay-passwd.1.gz \ - emailrelay-submit.1.gz \ - emailrelay-filter-copy.1.gz - -html_files_noinstall = \ - man2html-missing.html \ - doxygen-missing.html + emailrelay-submit.1.gz html_files_install = \ index.html \ @@ -320,6 +318,10 @@ html_files_install = \ windows.html \ changelog.html +html_files_noinstall = \ + man2html-missing.html \ + doxygen-missing.html + css_files_install = \ emailrelay.css \ emailrelay-doxygen.css @@ -328,31 +330,35 @@ svg_files_noinstall = \ authentication.svg \ forwardto.svg \ serverclient.svg \ - whatisit.svg + whatisit.svg \ + mailserver.svg \ + popbyname.svg png_files_install = \ authentication.png \ forwardto.png \ serverclient.png \ whatisit.png \ - download-button.png + download-button.png \ + mailserver.png \ + popbyname.png EXTRA_DIST = \ $(man_files_install) \ $(txt_files_install) \ + $(txt_files_noinstall) \ $(css_files_install) \ $(png_files_install) \ $(svg_files_noinstall) \ $(html_files_install) \ - $(html_files_noinstall) \ - make-website + $(html_files_noinstall) noinst_SCRIPTS = .dox man1_MANS = $(man_files_install) e_doc_DATA = $(txt_files_install) $(html_files_install) $(css_files_install) $(png_files_install) CLEANFILES = $(noinst_SCRIPTS) $(man_files_clean) emailrelay-man.html doxygen.out doxygen.cfg doxygen/search/* doxygen/* SUFFIXES = .txt .html -run_doxygen = $(top_srcdir)/bin/doxygen.sh +run_doxygen = $(top_srcdir)/libexec/doxygen.sh all: all-am .SUFFIXES: @@ -448,6 +454,7 @@ uninstall-e_docDATA: @list='$(e_doc_DATA)'; test -n "$(e_docdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(e_docdir)'; $(am__uninstall_files_from_dir) +extra-local: tags TAGS: ctags CTAGS: @@ -538,6 +545,10 @@ dvi: dvi-am dvi-am: +extra: extra-am + +extra-am: extra-local + html: html-am html-am: @@ -597,17 +608,18 @@ uninstall-man: uninstall-man1 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ - ctags-am distclean distclean-generic distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-data-local install-dvi install-dvi-am \ - install-e_docDATA install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-man1 install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags-am \ - uninstall uninstall-am uninstall-e_docDATA uninstall-local \ - uninstall-man uninstall-man1 + ctags-am distclean distclean-generic distdir dvi dvi-am \ + extra-am extra-local html html-am info info-am install \ + install-am install-data install-data-am install-data-local \ + install-dvi install-dvi-am install-e_docDATA install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-man1 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags-am uninstall uninstall-am \ + uninstall-e_docDATA uninstall-local uninstall-man \ + uninstall-man1 .PRECIOUS: Makefile @@ -628,9 +640,6 @@ emailrelay-passwd.1.gz : emailrelay-passwd.1 emailrelay-submit.1.gz : emailrelay-submit.1 if test -n "$(GZIP)" ; then $(GZIP) -c "$(top_srcdir)/doc/emailrelay-submit.1" > emailrelay-submit.1.gz ; fi -emailrelay-filter-copy.1.gz : emailrelay-filter-copy.1 - if test -n "$(GZIP)" ; then $(GZIP) -c "$(top_srcdir)/doc/emailrelay-filter-copy.1" > emailrelay-filter-copy.1.gz ; fi - install-data-local: install-e_docDATA $(mkinstalldirs) "$(DESTDIR)$(e_docdir)/doxygen" if test -d doxygen ; then for file in doxygen/* ; do $(INSTALL) -m 644 "$$file" "$(DESTDIR)$(e_docdir)/$$file" || true ; done ; else true ; fi @@ -650,13 +659,12 @@ md: .PHONY: sphinx sphinx: - cp conf.py.sphinx conf.py sphinx-build -b html . ./_build .PHONY: website website: - @chmod +x $(top_srcdir)/doc/make-website || true - $(top_srcdir)/doc/make-website `cat $(top_srcdir)/VERSION` + @chmod +x $(top_srcdir)/libexec/make-website || true + $(top_srcdir)/libexec/make-website `cat $(top_srcdir)/VERSION` # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/doc/authentication.png b/doc/authentication.png index 481b62396b9130f3fbac8af974d27aac1b766641..183274a129ceaadc9a8f807a22e9d01d16bfc4c8 100644 GIT binary patch literal 18029 zcmdsf^;?u(_wOJGiYO}52ny2O4bsxx2uOoSBOQu}NOyy@fPhGMiIg-*gGhIGoi*=! zeXr}BAI=|e&f_D>%rJBBy;po<-3BTtNZrLG!bBhtccov5s~`|4e(?99Tj=oBIK@X9 z{y;MqkrzQAO2Y13yt)bBKQVrxB9B10Qy~z(9}tK$c*u7JfpBI)Al3{K2)=j(0^csV zMp*!!KsS<=5=UGke|@RXje4^;FcB_QFEQxoObiXI=*h&9o6sLS_-ANzoR~^Ea{9aXcf<02 zLf_L;ok9&Xk^3K1qEp&L|1~~!p`A>$(XaD>3|NBoM zWTdE{-zViR9hY-;T zLm%`1S{=%T_w=v1SFP7u+9xC%aPP6jY=fZl`XA>5vpX$f51OCTL=?TOm9(&+c|BUR zI92UfJ#&0`NXfzyUURtiZ*KElZ6!acKB?=e>)h&MU|c1B>P%`?RaJOIs)(dJdX3ZL zgw=!ig2cs zT@e&gT0cx~>sDAdds}obI;;)niA6P0aky7JI7D5aC;J=rfPzZyrhYCKp-fcd*jFub zMJb1+6T+4wfBU(Xn+Uy^FD=J^P^R!X{~OUXXzS_e88C=aLTD7kWJ-noupFYIQ_mM~ z^uF9VIB;_MfhmWE+Ps?3V^(23-V#YE%ky@FK&LP^M?UG{FvF*_zTw=rQ4<~03;uhp zX$F{&vf6VTEzY0*DbnvA$dp3S4K+F0nXB9VMNIh*Bde_X?Isb0ROrIaTwgN}oSO}?F*~#RuZ^h9u#k2DB zxw)w%s3o5)qrLXg>4r57Se2t;VC?_VwN-BLbd#c1tO|pDohX0ZzSteNI#bWTIax{l zR48jz)Yy7HmBI63X@_1wfa3TcA z_9h9DY>lQ>y>=n)2uA8a#Y~*loTj*X9@6 z6{dt9qnoBn)a-8C^~YlkUi=20yZ%GCtkF(K9%%ED*sVQ}Jgx~DCA-{DzYMK@3JY6a z8ORhko^lLT@NVFF$)Z*5KnY8mCCWCNWlxx+ybH>nXzIFN`Qx9?ZK7rkQZ_2Sxd7uv) zk)p2%#adZe+2opbbGnv$f4NU8TZNZz{B+5w*|7EFT`V%8WOZRr`AKwrLoQ#rk8+Fe zq~|0SMohe~F0s8YcBSN~aM%)p)eAI`HBpNCWrvua9*Js>+$%^_gsZD7%TfyK0l^>C z($~91Pt_jj*}b}+xRfIj4uqQj{Z%Xa#pUJWly55AxoO@;OTQC%=~%|pi}VtfdXn~+ zl57XRh@eVQAExuZWI@F9*pt(17A-*B{u~;@@fQ`5k-@}g(rYrQ(XFf#^~aP;6-bz= z_u%L2Z1K`!z>8&i*|nVJqhMx6h3WtP?_a~2_!IO!HU-Vk+FwmNJ_+OYB{kb-j9A^i zdlz>^alg}qEnN+7nsH!#v>4fEY-Stevt?pj*Ya|cg|zrhSrA$cp1i_WCln7JJc#dc zDJJQTV^&mBx?iYUnPbrColz*l8XF$o)Db~3UhBe)fXJB-DsF7btxznnW!|ak2p1ta zSp90W}t405li84!7lfw59#$B*6P#V8xa#uGca}kWK zI`Q?U@Jm7EQ4~CUfBbm>+Yqgfe z<;)Oq9~Zan4s%`8`=GbTdCB~!x zP5I@940k;^@(Emt4#cGT7DUC?$}{P28uTS4CCS1*sXIG%!)MUj$WHtO%q~86|;?Fn2dXM9` ziLvc(Dai?}r)y#$I^6pv z)WmPw*t#}SU^$c%A~tBh{)aJ?R8R)$GyofNa`N}Te+Lwt6{yi=V?GJz$G2;293OYQ zpO66A61JeZIZ=MP5T&?xLCVg?W-*v`yR)M6(L3em zPjTeINK4QC48*aXZFrg3J~^2L;W(79PX8-}czNYnoO@ng9u@(MFZ5+-F!Ag@_ZZzP zX}Ib?^AR)Z2oYSMP%9)G!k&j^f8&EogBDo|)d;o^nsk@fvN~OiTCsi#5vP?>p$;b! zuAJ^I(i$`fEOy1Tj*j9hD)xysIw&YAE+1`9{%mi@!N;e*tasa|x_$fhpp%M9r;>IPy`*2C^5c#YLa*)pqcy}}k)G_am6lj{S^rx%ks|8ZYC-N-T%jRODW85S8 zA{9n@n%byW?XWRjTiLIJl9QVo6&?K(^7DnFV!Jh$F$=+WErxhGs$j{?;fm(gR#b>N z0YSmtgM*)wlf;UOin*KX7s`~+p7jIp=}qSK(E+)RIQRj%-v$uoWTzFIkpJzsOzy(xpSMYC17KzSjXpjZ85t}| zJt}Wd>h+n+wKf5gpkmz1f{akhQ&~)p^*KL!13jRxEeJpG^Jj88y3bI&WKo*DGuM?n z7aeG6s%mSY78BB`eSHpjo~K@bhk}AKoUh)!`kHdAt-XDy-oqs$Gt=JL*>wD~shX|& zOSJc*Pl}(IuLb7?Kjw^$({~TVH}EWJ>aGKL=yS1)0nm01O58C+?C#M~j@$lHne}+2 zMxhSxh*lphE$sy?gh980K{K;N>J9A_^aR+h_7Gxj($)R8K-HV5nwpwReQ9ay&OvRW ze&}~!$jO;>gg?ce4mbhWs8#36>T$F&CqhUGbtYde@4Za6C{tXf8eK%E33Tg6m^U4& z_2^LL<>eRQeV@$#3q9Y5w}yjR(j0Fl4k9MVe*XOV9l!_In~7-S z11A1L4cQ<(MhigYjJg$B(BC^2dq)ZE=6{9M?f3FmpV6omjFef8tVIyzNQ#TUcs%&B z&UIiQNy|_{T`oF~)%e$UvmT;`vo(5sufvgmvyJelVqAX1KM>~ZtkoLFLeG4#ty)XFy zt(kYnG7eqx=zw z+NHk+I_VzT+uN%MZhiW6OCg1??R0AyRG}Q(7>Q#Iv%d6H)(iunXoAXjRMfW zT&6ymB1AC8UsyV1!Lcz}Sv>4?S}?TAY%Fj_|3nIgyMP;u8_x1M%$i>p*Z=yRz@8xB#wL8R zg9?4Zcz>x!tw5t^K-$Yf;W5?^ZZ1{2m}q*pvptxD!MY%BB zR*z3O=JAAHI7^vjp z!watCfG#?0PH;{Vv<2k`J^%ZhadO-WWnA~qM391i%PZReR=2$c0aTQ~PVW%OEao5) zxc&>I?)d#X3u=V*_>Z<#cMK|A|jb0ug7X)#5O>VY927azh8DwYoKyLtrN*pa{%!7kT>m272%K zbYjVaxZX^{*8l8`qJEr`{E(8B^?@(4J#{=sD2%OaKujT!yNK-T1D*DKctQT!rDiA< zBFlhI=$uXe&d*a^9`5aRu@{`5E~iDMrYb;Euk!z3&dcI+A42=$eE#Q~Zf&T~)#>s( z2}04U7)D(@f6=GvDNKRMOa#z@5EU~w`~z}F*WKp)@gZz6rfZx%vSQM-sm^pm#D3R$(j3wcAXwaO94a0@UP?(|QCgKY(_+USOLFjj!$mKNZEbDOj<>g0 zvUn(g4?(}iEDO$4%{3~~A`oz8u|cuP5ENm}I2_m;R#miL8>Y?uHlUImvjFRL?fU|u ze*x>Ls;-VmP7YScMYT4*o0apKemJATpAtKLOHFR45fffl!v=T4F5lf+W@m9T!$2Xu5=4H?-z<*RDFK#>svPKnI!R&3$AWlu8Cop-}03`|U+6>ld0 z&CiPg99a2NNQ~fj*~(JMmQnkr6#*c$)M-^k$~INC@_z0M7C$@ zs{ybBu+4_D0@1hpj>2C)nI{4Y7pu#bUXgx19WJHU!GP4s>1hN|Vp-<;pZwc(`%R{| zxj;J;myk$TqH#SfkCUhzZi{!(wngLxnWh_piYW^0mxU5g zZSdUdq^^VR&MQ=D-bV^(N*zjYdoUq8Nj)L9+D1^|JrbU#GRvVC^78Qhh8#q^c7J_` zPgeEsJ?8rm7KRPAMvN*-x!S=LF0c!v7G;`8YDId4L2d5`EKESIKuV#ZGrx_tL2^WV zfu()D9M1Ukm0+LIoSw>|f^Gd@K0u9NGT~H!M(#%&oglPUIV@s=tOfbDyHVQr?&r>$dB0VHw1G%#kfaL}yCFL%Fog4kzhu-A(A35r$ z>LUn3jD&H~JtnEnXW2}oN8_`DRT3UMU%>VQg}U5{TyN;^#?ek0 zKsN=74JkYL^$mp-wUjHOzE>mS->Vv0{4LwQR6(b$sRSsJ^Q)`U03BCGi^;aOwvaOG zpe%Cq=R=~ zeV_hTVsQH=Tplj21YE%C>Z-v0Z+71|)-$An?sjJfmcR^Pj~~6%S!e}w00rp=XtS{@ zh}g$Pn9-9y5+Z0o9?UwbieS zlOEsmooIxtqAbQ2v!29Ih0lM*#aZs}nG_eyRM{J2IrxDRv(S22FpBc?l4UL(+@l5Q zY!wtG2xzQNhDuYG{oie8g`T6K&dnj8>(sZ^$x}0uR8wczQZZIV0&K(ee&zdnvS_GJ z6|KsNs*=R+f37t4cypJrzOIhOprH;vfak#jtPcX!RaJ-z!zW@`-}RI8lpa)2WBKCi zyEYGWK1dEmUiLj!(*8@Nf`FQ~)B+-w&`cq#ZK@1_yZ-u&q@X+*4V4%{Ynz z%}{C%Cz( z_Wjk(EpKv4N(mxvUUqg>qQR1?q4h(cv_TQmm~i4 z&MNwnxWjB4FE!k+z+0M|pKpDKih=3%GCS}VdiGfDc7trLLQ2*$$U9%m`%*!`I!xUU zBVfJZFWOvZxi7xe^iHi(9gB=389WkCPfw(vZ)0PFU7rjP&}OF2t?&3(FkveICvs=0 z8x<%sLxT=8%xnZ$1XvX_);JFzW{rkOQUH}UYJPvy#MBgAz^!W1dVNJXIk}>ze24D! z2Z?P)PwDCJ{I?))O;s}hc}(pFvJa9Vztt!Y=L0O#_sxce*H@R{v`XFs%L`9UWvZ`) zs`3YDCB|5HsThIMn zC;{;P>iHo?$c_Z%p6tgc^H;UJhp6aShTThy;+tU(2U|2TQ-@o@#9W~eFwruU0KGCn z^}#L=_PM@{gEFX;E_(Cg;$kbIK`>E-!xyCDm7uT_9qU=^u-ReA?vEl@}s#LmHx zqAD~BK;9yts##8y(SojsG!3?K-c}MRYDH5>E>V9iX7;R(0M;@P1lw}3#@s&nYexl%LP@?4e&Jq zyBQWpr2jytaj9W!;fv+mJy25}#Rr0o2|(`0f>C%*olA1K1#lU!jk? zfgMuyjAqN?Bi%)fZ(7X&6Ilqb4%SB%WpKt6@0!NJGIjZ3VhlC*e8giZAzq8Q30Yx<%(gIW&7PmbUpjf^Nx$~el z^f>AYpKq|kt_0{5Qi0_P`69h7csQ&IieJ)~FHgY8i=TG{FB-Ypj*b`J7yqQ9Kk;pb z`OW3L3*UOGQe+PjE}(*0#~Cp62kYD%6S-{xDQANLFzA>$(1F}c5L;Hklv2-EO9z1E zR&*X`;EnRPd{jU4RqIEBkY6P2acOB}Vjr>6<&(G&aFt4s9H3tm6%`>hF;Lfb=K{!N zR(Tv2ZUKf$hsaec)KRagG~Bkp4tK~N4+^*X^DPiG#)6SS=&_K6S;sS;`|>&!)`1`( z0=)^HF;$RC?i?TU^96MaFk#Q(ML}_c(bdH%03DavN zfeQ{g`1$!|vrR+543?TJdV^PnltQV~Jl{hHgmXr>*4#rV3Y}&-Ib+{{^hn&$@QES) zSxIh>(25%XL?rrw2t?~B@eXRcG4?rdFB5X{s~R0RX1ty!c16da_4Yw0JzdER`>I_) zC11nc{Jw3Vwpcv!DFq{4$kWS@FT}zj#v*{_OdqoY8jJj_Yr;ktfK3*g3T^_3^FKk3 z_!Jb>+SeBbK229Nt>f&X`d1|sU%-W+&Jr1xXnhK8m?WA8vHZKbNN+D76?h?tH!|6g zH}Bx>KuRN!k_@0aXArBAaxS2{gViA^nOryW7_zv)i^9Y2H~m@k8@FESW^P;n%)N+o6#Ku39P9o1a2qG9>@GN&fbk&J zAa#01a7BQ_f|G-Heza-4`>&06rT_|>dwnVhBQnAqb}mnd6E?2uqwj&o1_{LOz2W*$ zf$|fne2_1F(K8a+FSeBpdiCzO`1ttXvqqbPRuT8ed2Kiy_}j6kknM~BY!WhZL89;k zD&)pw3lg)6d?pAD4+sc4fFh8_UxDWR5Fa0s$PCIc5H@9*0F8odi6A@zEOZFMPS{9C z&kA5#$wFR4K$=4#onKc&Tz(x{!&vh5zrf-33)uNZYTZt|P(vJQ09|ow>GC<7{x~H}vD#OT$C{z02TWvl=8l6O1ztf$|A1sFa7xbzzR&@65+*Sc)aaM;f1b+G~%zu^n` zU$v&|`eZ(gP{@-9au{+o2E%Kmpy}ott z9u+9wP>z;m+D~@pEk}zUgSrHC2B{qYRY7lpgalrI4a^0&8{q9cgGM0)^l)B?CL|pg zF3`mGYi?ri6A**AM@-&bu46L!;DIx(ERY3E6#Dke%nYx7r4|D$VSZ_eDn%)bTu?9t zuuxYl<9WZ=Z?NcPv=^^)7y-c)YUr-aN?BRa33?nogYvlTb4A)mEm%T+FHefHvTMBY zt#F$BrCh#qjz&SAN;c-}Ki|?prU+HYP!bI^$_P*cDy;VoVZ9jb?d^RN6Ab|r3b?eO zin;MICfZRMuEY~?vOt)_fosl|ja!*6=Z-tpmwcD;_YSjvQEEfiSDQ=%ZmZ-+w?J%z z0fYNMyE!cSeIYNV2Ra|g&;ZI0hy_g>nm*DM5_CWK3xhv(*H`CAf&Sek`op8w@fOiX z_k*P+8xl`&z4(t7S0XZf3psbdr%d2{jR)f`ND$Nvwu`2LS4?<#xL!yjTKX4p)`)Oh z5Gxq;s={IBB?1P6ZlI!qyO$0oISjXa1hMW{7+D{j7CiXspgohdhWJjyzlSo$e|Flj zeOS!@kf^ArASQdxVVa7~W~xfBnirM{KN>IS!3CYh6m&#zodySzo<`q?u`BEYXi2P) zaiD`BeIEeI&vp}gLOW}(F<8tBj6nNtbA{`WIk+uUR4Zk1^b%`4rJ^@ z$;P3Q`vP%%T9Z}+;uBa5;&O6W@S$wmUT37A9X_jgIBJI`2UlSoy_snLysc>m5OuZw zKNaQTgk&UwOuTrM-L&hG(Dj8Q5x326xYnOhibAU^J&%&(fom}V@H2tY0KjR<;DNKg zYC+Sfw7Kl>h5@+WDg1Givaw%AtO&V03F-rmB$p`YaYaNvV#VmUH8)~Etl^6Wko@8< zB1VQ1%AN7=cvfU32&)SPcNZXe3#d>DLSB5J&4gMwQ3`;gj@Aie0Xdh2tc%d2<>Fc9 zQV(0nG+<5yhgx9)kP{FZ^qbfjv!A>zE;uNeXgb2vMZ|^&Xt=(OH+}5CJ9vpefY=4y zEBdgk$@nUdQ)VfwQ0k&Rr&^Zx)aRlH39nqWdw;YAW?roDw2&E^kj}z zydl1W$M6@dMi|TM&$T6U$2iWB@uO4lQiSzsmeMOzXN;X6>vLU}&`P=7g?0oo57M{g zb6N>6nEcq{0Ie8;|5IS#gKD(7^gu(Ut`tF!Sa9L(4px)_%OJHPrGgQOnqCMP7N0B6 zynrq+s0OlMp!)#dLTWDpk3ei)80Jc#^63HU@9dUJ#l?|5;t+a62Y5j1XX28!JU*hL_4 zOArNAfB`9oguJmcPZ0)z#irRDuc=LmtfxO8e?AWctV_p{+O(X^T$*-W>EJiE^_ zRPtDKe}h#oXNChqCsE@cMoikQD&7-DMnzT=ImQ6DU@~X`=7V3omEExgtec(`#4wsOS5Q9NOGUPu$pSC|a zJ9|`B6%VLDjshFaO{4jtL`{3|ilPA!T^@v_)Cp zLNmo<&}xF}CaR%<2a0LbFQJP6nW)&j3hMmOX;O>t*f_c|bTqn&4bTWS9ftQ>r>9@K ze@dD_4n*U8*C_<{pFX-iuzu*KU~X!Pl#D^TeGXO*vQxnh@hbFgQ18_1(|1U3Zf%7I z1Ykh_@0mcA6a=2^ja}VE%lF9CJ4!$_9vUhQz25%Nx2cLUo%nNdY zg{QQ%fza~7aLS7Md8L^D zkfWhjbTT9lu(pgLl7ZD0KgW2Z9NxVMCL0U`X9F~h)rSd#3VQlNbQf$!qH^@|iJRpG z^j78cMMX?iHTibxd3N^BZ6oUbK|z@KF%SJk-^npaQK^1W>nPDOjhB-Qmh||-_UgOA zJ0f|4yXe7^Ln-u%I5iB9X=zupvT`zqOd}#9M69hD0A*6Lv$Ky@02T^M;dkLXqi0kD z;iHT5p0h}Y2^*+#GTDGu@h#IPb4RQ=NlA64rl;&3hyLZLXF8W|x)lDw1$j?$o^I1; zmB7xvxlP@FJ;lpbH{eE$OrT2M^QUo{;oaf%CLN1xF!Rw}_#_1z@5!WN!a>?*vE0YP zN!kQ2v8_7u*C%G>zBlif1r^p5cN(=>lo@hp_nWQ-D$4zHwDdU&V+ z>@&c^ZTa$2(mOlG^sx_h3b{0&gm;>N#If2wdev{iF({osVg>VE?bAJXU0h($482e? zBq{07+lTqlRrxR92=`mz>#0>l4N7GHl*s;`5>0ngrh4kF3f)3QfZRvD-jpPFyh&-A z(zM_sDf_iwBIq>Fix7`Y2u+?n%eLPT=dleXxI0GF__EQvUVQQ1k5S3JogKp!Vm}yp z!qO+*a&@hl+sYBiRL)eM^!}~xa#Ss2IXNqneIr}+qaKqK6GrtV_pnuopvj+PpF1hI zRf?f)d%j_UKlk~iFfe(aU}#qDll?8su#ynIL3}n)?`RxO%c>=C`|IOR0~XIfF95@O z2>KZL*wvscn%{YcP_I1{irbU*DCI#|-^{Ev#m%gRyIhLGH#BAZ7q&OgclYUKThFfZ zP;LAdqB*<`uJOgh+?PGv0>Z9jHDXi$6y8AjRO9N;zRc90sas2ahQ59ARm)nK!HQBX z?@4Z#EF(eghzzekRGhf4hT)f0Fg&$zxr^EqnGmKp;qyVB*Pv!L%xbsmJ04@fZG2qb znjxs4&QAF%=UM9kMhwg$_*`&W|^%~zkhZ<5ShNe)}o3kbC9#-q-Uc7anbFUXk9G%(rPA^UD z?CPqiotdl*G84Q9X-gqLTVS!FKRC!ns(VJdT!R^fOX+?&?VT?(VXsQ^$e_DD;(|5;uS5{nzu zNN$hLr1v%L>IFA+VMHwtotN7)T%C=Qtn(k*qTTg#-;rr7*_iS8pzwGr^o_^HPwj>) zo4d?Tgu$IAOWkb+S``;Ah>szOzmtq}28CUXir&OukA!&&I6swbxQxM{;E-@O|G*a2 z`MazS59h4?9wPQ~ho53L_19j^`gqCylUB(~vX}04v^N7O&=O%n6Jv8OV{U7U z>1Fc_J;8>sYb3r$@ZYh((!tkW81k-v9eT{zUyD@=+BGPe`-r8zJ8rB_Omhx#H?MJe z8kGW;rt4Th*mBSXcKuWHftVGi;+;U-10g*s|O_1iUBa5^~+$grGNF{ z#MR>gAueiDS(p^N*#g4d>2>?mP2u~G#(bwe!op)y19NlvBb4J%;#s&pgb5QwyiQT% z&hP$|?#1i0z=2sUdNvT;;1uH1C+@&56nICOwT`pSC$!J&;3`S4Dhiz+I&8ybyR@{t zx$PJ$BJV+jN}l1^U(IZ{QQNWRI7eZVpZyKir?0WKwcYCk1gi+V%KIBfgMTNZRUR;`1k1*@kH9utlIB;1A2JJji7m1(vv%gKb@LYeWdIvg3((#@XZGPVC? zGyXFQBsNoJyl8D`kUf6q%32{A)4Vw&#`ld~%=HhgZ_jeG(g&)HO2#nbiMd=OQT%2X zjSke!dS1dAx1N~x;GG?;{U)XmGP=?f9^79%f|0T^9nP5<((2fC&C9KwI9NzeUja9& z-I?686n)a8rfm)(R^ImgNLQ8Gnwq7PTAS9l!IC((cemqS&v+L%bi@{VAWoKQIrSPz z`+h7o;*i=$82HSJF3RAJRk=~y){loJqNux_7rv{GEm>JlTRk!&HtW%iormc{nGw3H zjd7RY$F=v^zWZ=rjae7eJMSI1>FKF`yKtkBG~Ocq^(M`>Yr*o)?Mq`o7&=EA{4yt} z7Ah)(uIcha9_ZN_kBD8^+xG#X3jR5aL;r{FK)OL)TIie=JV2pOK_M1UTZ`x0&v~b_ zi|xxuzV`9@ja5fe&-%_60#t&tb>6pER}-pgUt6A8x1JXj%dbC)Wrz0%K|nJvdSkNWVZotIxX$io?%=sDw|A8BRYN`h{J#vC zgdAe{`hY6xcKHP7sQW*r?TDP^UQf+L8?8nzpEnmr?`Bs=UfU0r!T1A=dDCaqFY_Gz zDLZNed93UJE7FE?ep@q?tzqValsFC~-f)>yFcpqw(M(gDgul*aOMC=s|JM;$4>y%x zqe;=j98+aFZ0v82ed*M{g&TXBmHMB2(52aagi049!zA8zAJ@yjbWVA=KsD;a2i>34 z&t9<*WqT<#Br_9*5Jh!9ductEos~76_b2}ug_x8^EGdA1P7^9l&iT|3bZip7z!6Nw zL{2Jp_8?qge>R7BM#NQ}JNuh7?3UT>fnTm*tbgQq39f->&q)4)W#HpNE67E4!p@$PT)v?c>i_3O8>b2Km_xZyIZh>Jl9yq>kr8A48vsYQp z-Oq32Yo^pWPB3CJ@L#^fifU}pof9x$>Z$G zu0=ZA(|fMLxHym>yENKpP7zoi@jUm4@lL~ck9dw#5ATZsjXF-(9YX-~+RxVQvtS@J z6r^}Mjc*-+Vm`jr7GX)p!l~`Q6=mKAO>s;1nF2HSwRoqeCf@r5`-om3sLdgF_mN&$ zy>1&jg&4KGxtSSmZGJZ5c3>q-!f(j!BK@E!qQUHJ)9}PZ1+$#OL~|>vnlgEcUvi8Y zwrahgOJ$o=9%A^xw4e=%{1khKUwu3c@E#==vkNRx z+2H&$Jb4Y4m`>h7czWv|-hA469Z*nk2V%vnz1NRHe}}dBfVjI)*t2&mFpWH_^Tg=r zoI!672S3Be0&kc`DkMYoTC(5#uWP<~VaEct7LQMJK-b>YEmSc|XnEIWXW66Rql<-1H^YHXC1zv9!lu9_|b-T``MX4L$_ zZ#=?EoALbEnyM<~V1N{Lp7_J&C)ne)(*34{$@x~aP4v_J{paN_TBrMxHq#0sg>T!e z%8kl(9JA6TN`D;?@}$lP^55t$@w#({MbZbLygF7pJU^SSzOa@5uL6cuo6lH}R7Cye z2Zdbbrbsm3GOQGiH_SD-m}yn-k^?}EVgWG=p+GY2=R>F(nx73LRrxw+Pmc1lj~y=- zc=5b0W#Q5B)x(cc`N~;Crs*2BaEN<)9|z)V-Cw;5lI0kr>BqAJgP8{;nTVo3Wu(1T zyFHOVO*(PSJwpF^hVu^jnG7Fn9_klRG?E29Dtu)hZArlXh70n$Q!ve}=EvT!;IPU& zGt=*;S$mEM4|lB;PKcbkw1cvky?XLNT#CAVb-F6yiG0w5fzP40(A_#nu|P;r_N5ez zhhX!@-3nE_I6k^e7Q%7sbBj_P)H-V2KGm^-d+Fe$gg)A?H~*X8eoLzqS$fXPL~iqw zpO05zyDO$vFgkW2=#~@?a?iI3#SMN;e{s&q&z8&#G;Z(Pg`nfjk0rvA#6qW_iqe*e z^QxDiUDa5vYUw7$A}0@$dh*sRj%l_~S}l^9oJ3xYu}2IBWbB-s!2oyM8z%e}EWE0w zE<5Rj`D?N}iZ14ItmaLcTKPf!Z82@)Gj4Ud^Lfp5hI8!H=jlpcG-@ANrW|evzKUHi z{4!ucqgg}(g6oG(;TyKc8BTYfD^+3T)N=li*|VRwAU6-kNRXo%!QzE^;Fo;$e>v1; z-=qxZ5%OEze-7u>2h|MH>ig@ySNdyHiNe=2NV4!VYk~Yys8my(W|g}9vY{EwB!qIA z@_o$H=?Wss%PRY4VAwa!L`;Bt{i)8i%`!jM-NVhWTqogp5gP$J0rSaLH`OGlqUKgt zdkc!4T1>cROL0ozXxR@6I|ujA)fs!zYF8QH?F9*7<~@@gFL&-mN?1Lr5Y1_O2t{Ci zHueq(Tcw`Wg|#z7?GPxQ~R6(U9ovSp}L-=VzTtW&Be!^SDym&-u z>`J%1%%qDnUgm9K_(r?@L3RrnYY|7M&|6XI#!q(0EkbHwg9oRdV3wu5bGnBx`hdP} zgSTsEUl~S5RJ*5+@58BfP6TrQ&zF}3(WbcbZ-xtw>(ZE$&H0t z>S1^vGY($)cW&+-42>Yb;(tOvu307_&BQD?&5N}CG``(>E-L!4LwxsFW|uc}w+S1r zp|q&JI17v?#R_wB;@+n|%v3R>Kj$RC3RO^uD6Le6TZT}od2C44kI35w?WTA>-$Fk% zWTu1r1Mu*wJ932bH?%JX?Nlbik`@+B4k&#bgMx$dogQ7I#Ss`eg51+N1uRNjb9E1hGh*$^6+?A5{P%fOM^qb87zcYXVycM z*H!k99$@V?x3^2Jks*_oUjpu_;>|{GkJ3?rMga`gMWq@vMr{1&(RSEJWUP3CWC24D zGJToM?RbWk*_ubmB9^r0jBt}6hu2#0SI-@qVC41a=pxqlcxd@$}okfNl61Tcc z9(kd0-4`RAN&9^i-q}otk#Hjj_aV;qpYkxc2^aK8f!&`tp$gU!dxwX}0c?clWsgHm z;{j^?L%8wMGyI+U+vU_sFCVj{3Zu!!!Hw~pLWfDy9NgzNNz+!u%acYWMqIiqz(?fG zCd)d3khU0dq>m$$igFPQ2G6d}&6A^7 zcILu}*bkV}LBLST$<}1?*JBghy83#1XLb9^oEH_vLv*McnR?UnUR!m{-TK`>&(cmA z4Xa1bee3&Tt*N2G2y+)YSlZ(SF?PS*Sm1ZKoq}XiFIVA>)yOw#7%AB~+7m4t`0uo!#SeK%qi?<=M!&4emt3_N zVr%W&XA;0caLlOqMsuN#I*)|9u=zep( ztVT(_U0q#=iC+4p<9g3#ZNXVZ4hKK3Pm)E07+O7^^)ZLL2aY|9K^u4V@Q|f0g<&rR zE6~`2f@DK+c+NYmgr%>~b&eXxXRo(C@q#w98b;?Esh#ba5@|Jyrc!p_%f`ZD-~0LT z!rd}?Rf;M~YzbH}+5LDDTLp$zR>|dQ2%!G7z+JO2QosU2Al%*a5EoaS+{U81rbb3H z6Kq(JFaNHsx%XL?>x2Xa-Jy%Ygm(~JaNw26W@~pmmrj9sa<~%?2ChKP#`%6YIRqXs zzh;)?jT<)zkoUATekMoW004umAl41;;=o)R$j5N|B2ot)TJ7lSip;r#G@n5&rHg?Z zv@9nYX4UA_Lsu_)&4tl9h~z`{o)J2C9XR8FJ zrKM%M*akj%FM<-^V+OMQoj%|6e|F;=?Q8Zzg_|68?D=1f`RNmXpaVCsRIS2UGY1!N$VI&d9>U$ik+^ z%ErgR!pFuz&%(mT!t(s)vH$<^18;0iEX~~h??1q*rN|3EK#2SVRa-MBmsbv^2)H$q h$VN3u3 literal 18610 zcmeIaWl+^^^ftN?1yR95kXBlyyAhF68l=0syOk121?dtHLCBGV$%(q?tIsN z{_i<6=fjyf-_JYGF!*eKamR}5y4JdPh`g)>?hWD_2m}IGO7f*50)a6AKUCMT;1hGJ zwcqgTs;P*K2m(c! zyW~m*0r&%!!E1?^h)eW;=`}gg@ClBcq`D&laitmkgAp?9y9pm+J4wliVJ}|4ilD{b z(2r+AASAq`UWzEYjiHdPZumpwE!&$`Qe1%?l74?F>18UNR$fKl%y7CHSI{Pge=Yaj zjaN!9vs}w#pD8|wp?u#T>bDm_;2~8wet1!2Bx!af>F4Oy>CwD?X?HSX55MUme)EhS z&z%?7AO8^@D6c}mKLT>1SsuV|Eo%Lz0e4=MOExOQhjt$Wa^bQWN*txf0e2e3?q#Dd z4W*V2gii^j;%~sGOrQSGjsJgJ9H$K?zdMxALYo`MN-Wjud<0t~DVBB?Iv<9M|4@16 zQl)+F$U};t|L{&cQzUOFV_;=#XQy#|JZXAbuOsG(=>F=E`%EAqy~givRa1#~++%0k zj)WDj&k$hak?IY7f3yCt$X_W(_G3&;4AnT!_3P>4;l$M!Cu_g0M*ESrn(qa~z&g4A zmDy70dTn3REVF4g92$SjoScry%KF!{-|KWGi{JaqzNr?HD`iVR77&;~Qlz*&_dMMA>bTTHO-E;1Axug6 zPN&ABuh>+MgV@|P@jkV*ISo7ksfVCf$i%#|v?= zfc;1@{6qcGU&ecDBaxn{eokUsIf3n~Hwl@toL2fbm>g0m^%F&dZd3GByYJeZ>IVl0 z4}5)1IO(y*cy@k{)Rz8;*^|OAk*AVh?t&sl=D71sX>swCKw7)L z#BxL)Kd|HTGj`(+{Ek@0wT;=3s&b!mzBhR)%?3sCS(0}XIm};lm2_r(&5nvmmVWh$ zFLy<}zrSBnQu29b-_}Y_T7QkFt1F>kZxl;61{uGLQD-dUp;tr(JwCHe^4HgKiWx6) zTnW{UqVH0Pv)E1wth-csq-D@oPaZm-M6ALKk=)k;QP0ZQ9i}Ds2lrkx*Zk>9U`J|m z*kk)+-!|#X5HsT-#=GE(yhAaromO?e?98`M93h@L)Ao_->a}YXRY&gc0?fIR1UQIYI&guI|^?*FV>BpL@W!zZOu|Fpd=SqW>VOKl#tSD@}+ZsaxF4jJ`9DIZi2{ zLi+qC&$WabZcJ2Ipkx&AQwxqbFkA7mw7MNO zm<&o;zs4W^TnawhKBa)Qz``SKOBeB<&}Oi2La){VYW&!GMKy+T(Q{-;eJlG_=*6nY z)CRI@p-YYHqlxzD`sz>~qKjJ z9bB@qvu76;nmfsK7t0LmSWTOf1s-G}CNCz#E~ng7tTaUA);)_-BH z-jl$wzjrlr%ULeu$cCc3LVeim!`cxO?sBTq$#+<`-6_Fd2x13(0{n# z>t@}_FWV`hJr6;!>e&R-RD0JVa!)cor|C%Hi$^>>@lhlrA_FqC1_lPd_MTwT>s0e- zmRdE8j2u2LrQUdHkv;lDyUGO|&4hXU+6OH8WM5)I6PhU8(>e2DN46A?+bWtT2b)t< z$Yz4e>Azn@1$MjG!yd9;iEa@xT?K3^Ll)e~T zqh&~aZs+#1Ds;)^)MvESFBS8z8Hd$Gxk6>{1YKs|`v$$XqWw#F!VjIAM9Yza?LYVB z{{B#Bf2vxrzEPHvBNe|GCFFhb(*{{N-l9EZ#)1D-`8}WWDvQko&y_1zCbX692|s@P z_}d1lQPVPyLUng-nktqSTopGdqBAfb&tfDF51R75Oi}#$s-jA=LI=F_iF`T&S>>AJ zdwIdj^;7{qG4IQ`1|ie=P_t(jBBa`j7gsEYf6PFX;jkPI`|#jdWtHTt5QExJznP|B z!(v{!saVfSQudLqKb@_eNU_e(J?nf;me#sWot>e=muJzl&7oEBGL43J*M^L1bmYKO zh}cb}OS!JIC3WLJQ@Le_#~xqA;1JYhn%MO2-8*`%au!T%JZdH;*~UT4>Vq*$tA9T+ z>|C5zc4a9laaR^M3>GZp20h+Aam?9r=`Az=_w%vm!TNSN#xApNZC86V9k1i!t)<>H zbW+x;a={I4zT($3BQLjadaL83J^${+uLRpQCq6H4@9o{)rm3kk@MO3&&bW#oG!TM* zvCp|js@IMbc&cQT3rfpJn21JIq zc!X>UpO}LK+sevHyfp0(mAtCZ_`tL@3bbcL%Lz4fuBG(`Wqtj6_rU`(CnpX%*bQp-kmnxIElpjB~&C-S-P`MxRz3VXUfDFE?q9~8|9c(L><67z#JcC~PilyI|FzD^&i-XL^P=|rKojdWxmPd2B`Yhd@;CVziZXo;;*f|4 zT0XwSdo-`w(n&_8!E3D`qmc4C1VHYy+h2WyjwAN7FJncBIEZmEFff$AD~G_+R93Y` z)_|||rHf!Xk9{Y%-AnIn^>*m~!IUZ<8q4*0-0u9u*=2K51}xOkD+!Xa>Go{%`cz$7 zKtO=+5A)T1k1Lp%Pn5sinVFdh2o6@NcC&vK%ODkUkLLRA+r0;@mW4VsuVDRPQpvoI zL15wb$2-OlY$RX3qNJg@Ry>+)thIEDN<6IGG#%hiT(N1d368Cp!l3iYzDFXLbq8#Q zR1%lz71|DG{TBK>tLEPBbNUvKf@ZgzB7MRjt zt`eO@)z|W;j~~B{)AdP!torSc)9POoh0oE<+mScf(nNq|%m%;Ry*!<|oH!re;o$8~ z3g>fKZv!ZT1`hyXQwaM_igUfCL-C)y=uH*ORmjBRv>f(I-%o?31I!ihtu;t*0A?CFB zTkGwqQEIia5jk6%BJ7)bIOUrL9xzurwsNk;T@$TQVo_v+3y z5YlF;xK{|?On!UsBv&bi&3cRjZ18fs;zP#t!ot^K7Qkj7GSd6Z22a@vmcRuW2yUw6 z?Y}KpF)Psk08Fotah2wEEH$9V_wTR6Y+|iT){_bD-$z4v@Oo^$t>uR5!9yBX!e?>{ z@@CpaoJFifR>;czFDGdmfacYUO^Te?hWW9+Wzf&}rlr9ncKTm4Z_kD@XAHROkj*sR z7B)IqA9X#u{0Y#QLAx>r!jbS_KD6_i^dz@Oknvx?abxyR$o&nUB=^LC6)MF%6~>-a z!Pg@N+6g@NvzRrduRcH3s`cXS^yW*603`GQHV%CHo8s3SFiOwmyJo;m(4k|Z!qLLA zK2Npq9!$W>iUC5~BPOPZ-@ku*Vin5fWWoSq7&T)no!9y+oh`wGj-MN=!-LU48rD$Y z*yx}vt3-`Kxj;+Z+G_9MZ`sO@Y@F3pgx|B)!Y#$7IP@#mhV!cmM<7+xO2^kX2HxCs zL*$OE<-%W5_+7KTPY)_iVo>K#Rer?ttpk`8fIL@yw$r({fjs?EfK2Q*c@;zdW!Ub4 z*bGFvNThMHgjD0+-G>0ih0piy+uPfNkq3W%rYiJz&2@9KJLZWJ{hROjLwTw>fNX41 z{vJY{wi+)D2d8m7JF;ietpy6PN=72<$F3(TD*8mbk^|y=j!Y8Q;d-(TAl!Xo6E`;= zL65z3-8!GqQmVFx8+X%9FH`r3`#P=DjCFF-w^oY_9Zm+#@yPgInwc$YrzJ&2)&JCQ zQmgSO@mLis2Ilg&%vRUqa09hb_8A4n*bFJfe7uwqBK@DKsj08~;UwGfdI4?|jeKbXV)giAs*T08=q)md+2z3D+#)9j7_14u(LQC-aLabe>1{PB|a8 z#x9W|Jz`Q(9fsbQ6D9E!^115WEMw@k6WP6Rf5EeA`_}I}Rhn zR?nX!2lb*t0pgR z_NMlMl$2Dmpr=Yrc7<^#0dORr@k)3U=yp!AF?PKwOV%K^SL-S{jQR~xn|V(LTx4 z=aLj(aHp)Mo8D6F^zd)8I4#Q~(3!@<;`<3{imU{((wT_U0{_8NWjoi8f{Kv+j@Jt7 z5L<_bOR%l0L}_8gY?G6d03_);kLnwp?`8AOL!kZw9%k|I7716_WR0g%p^hNz`g@&1 zQ(&fS1A;v*_W(63l91ET&867=A>yg01eJUTkrUt1X~c?R_5)#qodrst&V z|0v8z8aZ#=zzya8qsMZGhzMswAVoL*ImX5LrZ2nQ^z%rokR(l`+N`W0i_voXIcrA0 zVBn$|Vxjb^1<8CDzuU-RSdX4O34utI7fz2(f4-Ney7i-qMaG@6q&#+h5M(YcPB#Vm zh*|m3;dr#z6b+ofpj<}=8q0{;O}ebZl_JOmUkzl-6lvr`HrU>s5*Aju@4iI4>FSkc zty#+Id0>S`-(liZOFb!>|1o2YRQX&*niAm^@apA>ie2qA%My)+dYU8vzkcY1W<6et z(L?Z_C`X%(1gOt5l^^L41YqI1kYYV0i(Ls#5)|G}t-~p0{cHQl0`6>`4N}KD3nAg* z&45UqeG8lJFkmxn{BrD;okVRjeSP)W;Pe2s!6ciCPRT&!z?c-rvEEC7{Ui~Ei|-HS zH|XhIUYxV>H(~zL$iGF(69xPlS;D!6luqIM4AJ?@*1@=Kp6Iu3Ew<>6?x$6!`GUjv zNiUEY&KTux+Zh}T9pVtn+D#@{e0KzE=S%0WVI*HR({IkiMiStr&PrQ8pS(*=qW#h*0f~{Ou2cOjQ zYJ9qy>)9r?YgGzPQ$I?dZ9mtt!4%O7OK%}8FQ!1R{)@WAVu(^eAQ|4N^h1r6l9G~M zF{@3m@OW>1^nP#?njNMwo#EfS^h#8luZ~4&uo?E>0@Q#F6k~p4cAkhxl(W*Zga5I9 zB5HPa76BmQV^!$v$4{R=UB|`!3X5`!LMYkK&ktLt6>M^dAd{V-w?5bfOpgK%k0^CP$!`AVuusKtP zh-l_}agf)Tw8|ebz7k7)JR)5T!rS@LOfW@Tny_$RU!R2x#F{*q1vLnQmATPJjSxJgGz`9ct>`O8Sk{9#lR zq{;iV(uj1aV%n>OxGt_A|1gsBT)%be>U8~EOju8e@j74O+S*#+SSN3FRO@`afk#xh zpc1R5UZ6D{+yao8T16_^Nmva6_`)=TmY2;Sw?{7sRUw)96N2}^XAIdAfcJ$Za&;h^ z@4DXA_~(91RVaJ3^$qy@r_|Jodedqq?aG%P9(-I$w{$+GP)lnMW=Y+@@!;vp6h7y_ zYhaO@hY`Ib>?XI;ybp*FzL)3R4Gj%1U%r$tHj#nLuGY`DM*}fY&ewRr%*?FgzVN`c zPB3z3E>if4e4&Wo-titxr9AY7SaRJVyJ=5(6}|flEiF=rv6PP<`6*=DkiU!oDeM!? z>)E9xiBJMY9(Y=H@AD)Odf|wS6+wt>u7xNGUOhpm!ha$ zXKv=&BT5_`oZsdHL6C&m;cf)zn1N+w+;p7cZE!F`wIOfwu10-R&A4qIxMHfG;@ zUT40GR}YzeLOVua2C&ND_cu4IkUgywzS2fU)DWmm+oAwKQ~xcuHw2I_0nxFz+6Evh z8WGfZ9!@$gi`e_Zf`MGh2DDi^oS1WvmnV)v-Jy2`%;T<@f?AQmHBO7cbYQ&eV{q(NcIkxNq{d3gn$G9e-AvpmeoQ{;+baqi=u^77X~>xhc5c7Efu z3pH=VEn94BkFoqfLP&L+#i{4bS!(dd=5^b81i4!f@}=XUX4gI-`evXJMD9C_>E1fEkkdx*^ z><4f;*RUI?UJ6)D5im_a>qFTnkV6(mbbXCsVIYeqa@+Pe_6ja-l*O;1kX3|!Y{ngW zsz%r;VMhLOgGZ#YJl4+f&?|y@%M^-nMsD2x#NFm))32#$$)5LV~iY z{NoKosk?`dS%vQU{ik@-zc3=fQJU#vtGsg!3(H_gOlchUHr9L9(997+br|A}aD!NtV|g6(r$aJk!T2A|>(GH4RN@jjHQ zB4e3#g%H0r@~c8AH<~({pJ9M*3@pF0isyg7`t0lsk(=OgtD}deBnc zgN|k>4T!u59y-rEl*}Jl9*{E{{^$b&o|%p|4RQkST1m3~WmMUei>rM=n+p22YuMPB z+}J3Bis*NZ6NO7xdbWS~zk4^KP5t=SXY@pbgoKv&J%DJn+qeH0iHrwga}AX)*K{u( z&<}Behs-@-)WG*6tJ|=1Rro`;{Fl|bp94`{U2P=q{E-elCm=uk2(E&O<&BK@{A!$z z56sQY5!II$r);j-ZP7-<4`;UF4Iqtz(*1L80*`?>v?`R^=C8W*AoClF%sxqQSU^1x z;{)36DzZNymn$5B$_p9X)M?7>>T3T7_r?u>9g-}aXDM9PiE!`B2$;Tm<5HS0UVU=m zk|be*mcjAf!ddOHYdtTXZBtNz%tzOYGxq}RDy-+y(zhTnZTN&9(tuAu8h|ngEWbk( zEWkscQpU@Fzo1!SX)7e+Z)!!9BZaz4dv6Cem{tup{|y^TpSe*^TRHtUYQGmZq7Ebl z6gceXkmf?(zX!^;@nvMB!qJq^X*mkDdEQK@n*}z$iW<@J3?>!HV-w@@B%GVC?rqb|a|Qg`%L~sJ zqM{UTf-uUOHO^sx$pdx1zRnq#eo(7%05HYS`&vrsF{mbfz*wdj3^j<+j|NkO(EKeY z!}fDb3|iP8!ctDy>@DxLDESl>Jw@(O>)phoF=}SFx~m;6<}=jhkD!$9FCkmMBIT8%b>ZMs1| zG4Id90f`r~dk_>8KSAc$*DH44UDT>{!hx^@sdZ(fkOD*!Ll6Sc0gL{_3n-6n(k{@d*CLdR!Az#3+nAU8BNHB|t?sH$W8 z7)~uMC<#anvGh$CIFY>V>B-42uVaVb8jOGqZ;=bcL*+n^D+#bFG1?}Ta}{q9u?0L9 z4Z1@?AqN#!*hmAglNcuLM3C+818zi@t3e_X&-{4h+Ks5#*q}bMEEm)mFxTKB!`4s9 z$z4Dl&4#`|fa}>m%nE$1blW!2D6{DXX|5Nd6^7gXkgEAe0U0c;F(fi{X&X{0+H`+` zAXXK$0@eh~frgegC@gImvVR9;WVD70E=S40Ank2!0<1SfE=_3ARyi%?GU+|$amdnd zOVh%>A`uBr{4}2vb1v&Kr`9DC(kP67R$NYeDIWZsoDX1cp^PdeD_e_lcD*qGW68r@ zHbon*8HWMO!=GvlaB=O~&TEJb+GD@Xn*h?WJiG;pRY|EjP$OqSbc_H`be(j^h60jG zUb9ItTAGGkewRTHlJgxBlGl;sf@(kYF#NG_4H^S*0F~Ur^7rtl0OW_>rZ95BMA)X8 zg@r)z%!;*K2kbTpRn zE2d3UC=IhThI(0ZYils@JxsfkJydu=0mxgrX`&#Yk!gsCt_K7Yh?) zNR`40u=nVvZ@%lXC6qg@+`CUFYqT@pzWP>kab(itZ#w8UY7Ft+CXo3DPbn5Fi?&D| zx(EGX|E#!3Xrpn$#iJLvo`d`Fy6;f)yR6sG*!={vFFDZosV727Ma2s%1W>oL{{ySx zPdDH;;$QmA;)Q*M5KxH1OqM`RS4ZGeQ1pWMy*!W;c~aTM{~eUXJY!&lAs*rTz|1pX z((02+UtR?M97jR&OhM--cZN(YNJ9F6LdvY4Wr};z?Jo7wF))M?>2~W)C30^(UFiNR=_{75BnrKg^V&xxM7dg}_h$^`5R)a@(N zsZA9`x3DZgjf7bHMD1sKrRec?D+Rj1))a(m2qhuE;`Yn)ha6^ipe~jHnZhD7{1%jr z^ne^gqr+xtE4qOp=oV2U2xfreyRAjeEXu!=veO%`ZL)-#!Y zhB;c+>ziGGAf4S2tb3OwBkHBik+K z6V1u*Lv92z3(2U>p>D`x0TOCJP|)`r4T=^po(hlsr|8VB$0G38l3Ax3x?99-s)REw zMHX#XMi)TT2D*w3(_7y(Q7RCru$pR_`!i$5;=As(D3??iq^zMq44n?$N!&`X&#r_D z*UO>+c*equ(6xe-y%iWSaI1&sqh^WDwu>7X?pglhcx>gTdY|su9z-)}mNGyB0*iyC z1^u}intZQKrLzS$EN8Mm zAL}B&9j-X>L6xt|4+9es4_caNFkZ6}o5FYHCl_bCa&bL=*JsSBrNvTKOsA3b~d71%`aU%bHAEol$a;5yWoW`GIX%9p30QC4V4T#UEEBxvIJ%l z+-&egvX8P$Ln!o&W~b_uv0`YbSXG_H9>Y>K|IMlQJNB0n;lyH~D{gvf1F%Jd1|XNS zYipgrx(01DUd%&3VdEV1C%l7_Ky+-ZI7F9+TviXyPY->k_W?$uz5FLshoP-V$KN9? zp6{LCI}BhGkztI;mfP&U(^c+MNG>yRKoe-W*?R1^`|>_BROM^EPYu`-%)k#odRD?F zy8Az*%@AA|&2j(yc?s#T6_iw|Vv~ZhuJeUB-J@RL3sG3~4;k|L9-QK`WKs=uH!4pV zm##Bvlom{OtTUT9&K`v@jEI(KFgmXe&VWkt#p`%y^jA$*7B$fQ7GOMWam*A@k25Uw zvVAd6doP=EggvSIx8+Dgn(qY>pb519LJjtpH$OVWgEy_l13Le_fVw@Etr2ZO?kn@A z=!unPaX7`|dA;uGMTY}1VKSAG^Gbgp;EBsp{lj0KKz`8x-lSOFBA2ok$XLY~xH1}M zNP(Y1a0cAe0M?LKgQO-7 zq)t}nRpkg$-VCgdDtTXb*gvlf=H18D;BI@6sriiFY@Ha-TKLb7Sm$V&Ck3#HvLT@d zVviv^05tCh|9ch3geqn8Jw=tFwb#r(`V!@jbdvEOw3fiQ(eW?xH)vJ2Gu z9vNA_j^UsgM-0Q8PsIBc^2PcxPX~WIuRS~dbsqE6VNSSesHY-&iO2njT0tU%$N3E3 zl(H8MQan6P$aF2CSq~~?sPVEK5b7X@l%pK0-$0as5TUX}=8Y;DL3=mI2OCU@cWz5J zD$f%Wjr0RPUn(727M7Bf)B~=BE=jeuwT&-M3|f>N9UtG-dK5o>))0Vy{V@ka%)7vw zish2}jiG^a)>|zW#RerBDVG|_mm1OpKg6FAWCnIFF*%;K+4qR0%>m8I%F3Eh8K{2K zLYf4HvZacp)J!OMk+Y&kpe1i*IG?1-byFOAsXRA$O}gSmpwKg+&GC362?*^2Fdk8K zmk#VXw6a)DRv(w%b#cf9(+1Go0{+SCx`E~d@D4z{?ID*X_+kxE2LUDoWj;{+Gl27; zJ0_r%=Due|4Zy`|ZCEDd#ZQCg4``n+$h{HyNdM_XhZWZ@lxmAyP#RF&rtsc_F1Ro| z*P>ryz|DX%po>l~#l-A4CU~Lpg_cm;+uH$}KotQ>$|Gy64{sfvoZNf(P!d!pXk4R% zQZ~F=0U+jg<=ht#@Q~-F4igFNrf3&z0?{1g`m0y3Zb5CB4YYq}9qq>sXlaNG$o*Fk zCtyZ*$jN&^d_#`Wi_bHe6epk?^FTy}dM*aKRPBATrw`bHT>B=Wdt^Ya+dQ;5xBio5= zEG-R9Ah2CPh(mQ~);ll&BpwTBj+?tX8cYMzg6YC?nPw)FbP|=J(7lC7n^v2$yvT8s z3n^Z(hi^+7VDHY(o6u;szn5EB$P6|L^!FY(D=evqhzJ^s6BEAzEeDz;AqOx1tG|{? zOO?fT5hiXJTNhT(MjQ^f9=g&1EEbRc2+~{>1`-CgpPQSjPF|*w58!g2zf6r`)nRc{ zaITlk+Z#Fph{MItt&Nit54X3W1&t601$0to$iAi{XTFzBz7F|28I;U_|J0!P@jfz= zj+Zw9LLqvpWS^T26hxoy>Mm||kjf`CtqhY9rDLhJO!>c(lY_Y}t!8@r`ud_f%|Mv} zq1y`DIGKX*$XH|XlQpvP^WNT`)=-Y>ya0~U?FV=44ijY9 zT+E1ave;fo=M4cHyndr2xGs$X1H)&2_YmsUarJ&);I-3+Ta6=X3av;ypfE7)xQ=TW+ffr8gH8_G8O$MgtGH95XAlc`N@K=pWg`E z&U6-+=2>-s6}zR!qq5eqG~Low3_GKb#tX@`%Jf#(S;jjf0|r!NGZ* zAkDNjk!+_{^fV|5`1+!7;g)6ksdw#t-b+#EvxD#4LPg1=EfJc!?I!^H$?b$@gQhWs)XX$ zMI|N%4XsWnWPc@+dd>bRDjvF*iTzFr+l_$4V??FePzxd@t+ZamqDHN_`uoGEX?Z2i zc)d72;OKTKQPkOOf3M8nbE4A!ay*2hrTO|T(l|CTv1dP?r-Z>9+v|srNy!+jyRvO7 z9ko7N!qCzrpPA=Dd*vj$(D2t~BGYYqcJ)`ci|^ya3AqoxlbgX7dJ)yQ{NT#&t@EwdV|6=B1E$_-#-7->Q_>Z?ORFc`5t z-y>1uz5(jHKIu}O8*2GnwTTzHi%fQ0^~=aj(aGh@yV@7$7uK6#WrXZInYmr@yMi*r zLoa*{(;f4MT3XX&Oc&(pFj!n?BKN#c4G9?38*GzY`>UqtHA=ljaYxpTicRwsK_sY} zTkB@Mc5^a0b06f^(oKQ-o7PiCQx{1iZ}@92CWQ+|Op1%F7J_`eCUfqa3~ZOYb@e{; zDIMBOVO@QzX9B$kzK7(oyA-ozSy@EI6R|=+BPots1eF(Ke-iOG$9AtdPH!55Zc%L0 z#MM6_a~1pAJ@@`mip{x?mtTCRRL#dvc!kn_MI{bB`?b(3NS%{)_s+E3e0wpXnme6@ zD!A5toGVX-sWqvFugJ1@%8XN^#KrBT>lz+e#QbWBT86Cnu1Xq{x(>HN8_7!~y(kuF z4#OzlkMS{$Y2ybN+?x8UP8uGro9RNX&EKbvR(JKQNAvDmj-0>kGoxgAM3Ez#)_c&) z`S|gg?1_Sm%)vJ!ExBF>L1bG1^CIicT<&1LcA$gt>re6VSL#36sw!0|5-piV$9F9k z4a65uOZ-qFp$Jdusq$}iJnnF&^qX*d<7b67tz55nCLH5ycR zuClE=d_v*F_IYs7iGV?;fqf_yYdSLD^LV~E!E1XcV|>_k??|d8EUmpVd|dK1JDbZH z!{P*w+j!9$ViPyPZhVt5Cq>YawG#zWreHtn=3z9;zFye|zFdls-0?3t2Ur=6GK&E5 z%;`1DM?7t#YEn6lIwR)D?|0dkE+XT`1bTO6R;QQN{2Qk8Q&om6HqVNW*6I~#<+P>G zP1C+8w;Lpf*Z%ppT@1~UB89HQPotF--EG^h9#9Ch#F)QMUYI`+dh1fPJN7*?lKX(9 zq~XhGahP)a|rhV`Pi9*I|i3U02=8~Tj5 zm1mPtI9{i9oQN}To==O`9+z{b9tUS%8OoA4%x53_RqC}CR0N@)%TAnXQ57lt z)%9b#mk7OsY6@tpAa*1?Yb&~+b9B*Kg3qWJHDt-PJ4}-D$P~UHBF7W zzwftoySg3fkQ?c4MU7`g&J=a$wb3J$zZY{jlQ4L;4(+R}_ZW^{I0-`cOP#rF)Ix6y zr*?Ft`Jgj_aOuXvzwH6A+kq^FeEuL0*$)Ele4Qx3U&8+_JC-E5bY`Dk@#tX6obRMp zAZ+N_xi^N|ag%bGID2g^R;;hEn78&t)FVa1gWR%_AMqj(#V#&t2fr(<6pULArqi-# zd%cf~bA0ZPN~%+!@XUX0SzVKoPv(2HNmy2MP+zd1ZnL(}S9(!;HF(aXjX7~Q_vENB z&(zf2C+C21Yo|XGPQ7Rsv#I1g@NYORMQQP#23MXPmp80Be7*5iz09LW*e6>e5;^hY z>4z7fAvvzDIVN?Tvosv@zmk=r;bMB*82F-{;@%%v%3SptN~!iIYClwZQtHAW6ZSA|~ekAvN>jHg{)FpJC1*G?H)L zE#7~>PQ$5mJJwzsn1cLo`VSdc<}GuzwLzyEs*5AY_JM^|qxEGBi>S$`RFV_{#hnoc zwW*dYZh4!kIRlfdlEqCIm=f&Xv={C>W2&)JxWqa>+wPRF@D(i6Ybwj=AioUenyLJ_ z2#-K%Y@sfP|5kZocf>wv-)>`vBPacNn*86DnO>t3KliQt4tuymYw2@7SBeS@478)% zxkV-9hUv%La(nUgYu(@J(bbqRdhv>1G`T7z0-Y*0>4sGVUUg24B^JsV7M~sV&JH`v z!o`PBC2{2roIz4)xEV5eEmyG?GvPXceIp!kT;EWooL<)Xa|wRusgG22g9{+a3-nuu zPKby<-_dLS@Sw?xD|5)A!pY+%4?{uWo)EIaGHjs9DZD~AIO3(l%8oPW`ajm5Rr$9t zS2y=%wj!X{i?j}keGyizDdhW`CT(rZ4-ea)kEq6kzR5p*8pp)Te7EhoWModY>%a4d z?L40s?09U#Caw@NBiA!NB_^ikRka|rB14)iobmMCE*c+{u)c9{cq%3JBnxRqlMoY= zQJcek>KkL2wgPI{&;oR(%>Q$lc#>&iQ8qp_B_rFhCUQev(;LbINGOQgJQ|S}RBPd+ zH_g*vJjad@%Ngh^*OzI0A$sK1@#51bCAE{OcBeIVQd?W*)!~9hNMvl@9g;d50)DoH zvPSi%&`NqEn(mhVYMAYNJ|Y>|m*U^cf^N%K$#h91LuO~Zcz!c?Ckb`xa?6HnKvw-M zY;Dk)=J{{0^9nkxMvw|hC8>n3Kw@2Y!B)xp{B=sYNAV)EMV9X5j0P5u0R!V=eZo5m z##VIFYCdQ)7>L!Yl4IYLcvfLe!CHi)oTnHevU%``rC!)nNIv+5#cH=tM6Xa1dx@?q z^jJO&Zy~{EI&@9co(Ls~ZqJ&ufR68~o75A}EwahGMh+L9W%Igc6toQy!)KL&?(9Ne zlulzw1zkRTi|$*W^t@g?`cAx$WiIdb%D;kZz7!Eg+Y`M<#^-5%#U`JrRO#@;`D&j& z2hoQDMR@Z5D%K?FEh?m$gTBm_dW&LHqL=gkow@lKKq49M@v{q;?2}@@z<0}A^_|RI zU(cUy{+u5l`qNBj0Pex=YQ!Xp9DB2TH1>R~Zt#|$N$<$lIZMotP`PUBlme%4XbafZ zQNRZYa^n2K(tDt^xt$^0vT32gglX|vOjU*!JRkWbF{y74msqNTihy0eN#dJjl^eyN zZ3rjG#yA(#jKDCH>hMU7$9`=7atd$nGGY@}4xI$VhUL%wA!EXkjGz;Rr1~{Jx;v8l zrjBZQ;)za$1C2!45|eGsJ^@Sw(STU*n~yQeJ4c*(L5OUznt;&vTyGoggIx>MmusI3-_;34rA z(eCN2BeAyyga?hS4y!xc_j9z=284GH4l?8$l5#$e*iQ6J1ygMvO$7WgT4buOE5Hbm zYFFp0t{P|#<;E`Q4LyI&E^xj#u)34LJ}OK-H@A2cl7#6!zc3YE&V9Tns0PKnp#@Qi zl#~|1T+6U#1LG-OiDQcs-(sh5)+EOGZh{{wNg4%VsKu=Ke@X0cBeD2m0g2}!^eWg3 zOop^2g|F@GY>H1LIfZZQeSJMe%A$XH(X{8ebRViD0@;?*nTwaS5U~x!Zf>syJt3$X>w1;kdGvbZp_qc(FC%+=vB!_<)9{$NTP=!__IGwT>ukP^Xi|JH z+Z^Ux^f5~9;3(Y0_xJb5SXx#$Z&^2Gf%5}@iVS;-j9f1( zV$K?B$p<)TGfk50E!K6`0APX9FD#q??n~>@Z&|m+Sjzni8fAHT%S0Y1ee3A{B4I8c z(FD3Cq&9WrP)V=E56w&dX#q)IpR;o43;EB13($nYVZPmwe27y#v(E^p)ib|oWMoUS zP-0=)9?dqKq*zJ^n+~7Rrl|`e;(+j@Yjaj$ftxu#u!T-**DNJ8SqH4xA zB)SzEJVHiqF}n_esXzz)^~XLzVg^<~{}n z_Z}fh$tUM_M~{z=zVTlS4(_$C)|i%c<+$ggPb5)Iyo45wwqp+b&v{b}%m z^_EH;jWmVsy=?dAYHIP7XNUSLi(5ZADw8hx1@QDWU>eTuy|vI>8qwM@Ab-zLS|xVJWQ zgXxn5TcYi-G)3@0b(C{#v@RF)OW6y28uDP5hL_Mrw+EKs$kAX*E#Boz!7CnhM=jP( z{m76BO@v#q<&!aYo)WL)VXGEsDN#U!JRC;+2)!__e4~m9sg|L|?xg~4 z+&l9w4zv{Jq}`gS2M@$D@#e>)__lUv$;LaRBSgQ&2oV!$DS zwy@nv_GP9}tBq@_1!tnn!*GJI7AI-io8p<}y;%#UJ1ylB%?u%!J{Qm9K zFC!kdLfbzO4%IZpfw1^6@&0g={%~69Y$rgU@zRSV{Ibuul28RB5>P`B`+yJU`O&>F zpw+GR6!J)*Pnc?z+db~|#JkNbxt-Dc-i`9z+2h9`heG>KWL=#w6f3zex`QJlnel?j zlDa>DxT#-e=*nX=VcIlfr&q?G9ErUCtj+D#dPGuT`%2Z1TyU%mDrOa@mIRT0 z0p{e}4cHVvp|6r(D7()LI?AC`59dd~2A~uJ>KwF)LT$|%+p*5~dF(>iK!&SlEi%;| z+fvolC?U>~9nQ3YERWOMmLK=EzFhV4qHK~Z`6gF^+hcIlr%53rn^)JRAY8kf~CKoMGf`*IQULl?-s{2;;p zX>Ps?#f_j!ID7;L0N^~X6_;jgZMC};obL|1cSGREG zwV#geLp+`H>^{OA+~nVNjX$oc+vo2-+Ni0i`5)cg8=>Q&d1NFG z%2v5$>=afeKbYrSOrS?OnaBPe)WjXOrbQ5NsHF$=RH@gmn~d0?b7NnR;{BGIB71ie zEIV``FTo$-y9A;?eR=^MGq5q-vLCaf6BAbjQcO6Y>IS7mn1C}~tU`2mb+UWw*CC6c z6xkN<1lO0~P3jg6L}l!;xX>js-r6cr)7#q{33(S#)Gv;L4k_qG%>JM6Dk#=#xB_xB zuwWL|*V59|LPDuf+kj(xaM(^Hv+tXJ>^AZQ;`Eet%TDHrEX8Ml*XZMT&^-gqqBBr@ z`|qntc7|uZpufQc>;HUp$^ZFYm;aC7UDJ1oVXHP|SAE(-0AI~R<0Pi$WTfw8%xCCe z48IU;ENpCyEIf=X?8 - + image/svg+xml - + @@ -42,14 +42,14 @@ guidetolerance="10" inkscape:pageopacity="0" inkscape:pageshadow="2" - inkscape:window-width="1536" - inkscape:window-height="943" + inkscape:window-width="2108" + inkscape:window-height="1169" id="namedview3038" showgrid="false" - inkscape:zoom="0.41425821" - inkscape:cx="699.63064" + inkscape:zoom="0.7584233" + inkscape:cx="701.35349" inkscape:cy="362.80329" - inkscape:window-x="-12" + inkscape:window-x="0" inkscape:window-y="150" inkscape:window-maximized="0" inkscape:current-layer="layer4" /> @@ -90,26 +90,26 @@ style="fill:#161616" /> --client-auth + y="380.74576" + style="font-size:48px;line-height:1.25">--client-auth --server-auth + y="385.01154" + style="font-size:48px;line-height:1.25">--server-auth @@ -130,16 +130,16 @@ d="m 1680.1083,124.22703 c 7.0818,-0.2751 10.2071,-1.0243 14.2901,-2.5674 l 0,-2e-4 c 7.0507,-2.6646 11.1812,-6.0188 13.8472,-11.2445 1.9056,-3.7354 1.9254,-4.0795 0.3352,-5.8366 -3.0633,-3.3849 -8.2846,-4.43 -20.9479,-4.1932 -6.8882,0.1288 -13.6023,-0.2658 -15.7613,-0.926202 -3.4318,-1.0499 -3.9877,-0.9393 -6.3473,1.263102 -3.0038,2.8037 -5.8546,8.0568 -6.8328,12.5908 -0.9266,4.2944 1.6041,9.1015 5.2095,9.896 1.5025,0.3311 3.1819,0.783 3.7319,1.0042 0.55,0.2212 5.5,0.2275 11,0.014 m -0.3448,10.1672 c -0.39,-0.075 -0.7802,-0.1993 -2.1552,-0.4052 -12.019,-1.8001 -14.4349,-2.7238 -18.7581,-7.1721 -2.3812,-2.45 -4.9847,-6.023 -5.7857,-7.94 -4.7123,-11.2783 1.6556,-23.835002 15.8795,-31.312402 9.2319,-4.8531 12.0541,-4.7682 20.1517,0.6068 3.5494,2.3559 6.6277,3.5194 10.2516,3.8745 6.4828,0.6353 11.9926,3.4083 17.7688,8.942902 3.6122,3.4611 4.4922,4.9758 4.4922,7.7323 0,13.5694 -10.6345,21.7402 -32.2909,24.8103 -4.285,0.6075 -8.11,1.0432 -8.5,0.9683" style="fill:#161616" /> bob + sodipodi:role="line" + style="font-size:48px;line-height:1.25">bob server plain alice ...server plain alice ...server plain carol ...server plain carol ...server plain dave ... + id="tspan3411" + style="font-size:28px;line-height:1.25">server plain dave ... client plain bob ... + y="521.77808" + style="font-size:28px;line-height:1.25">client plain bob ... alice + sodipodi:role="line" + style="font-size:48px;line-height:1.25">alice

E-MailRelay Change Log

-

2.3 -> 2.4

+

2.4 -> 2.5

+
    +
  • Multiple configurations in one process.
    • +
  • SMTP PIPELINING (RFC-2920).
    • +
  • SMTP CHUNKING/8BITMIME 'BDAT' extension (RFC-3030), disabled by default.
    • +
  • SMTP SMTPUTF8 extension (RFC-6531), disabled by default.
    • +
  • No 7-bit/8-bit check on received message content (see NEWS file).
    • +
  • New built-in filters: deliver:, split:, copy:, mx:, msgid:.
    • +
  • New built-in address verifier: account:
    • +
  • No .local files (see NEWS file).
    • +
  • PAM authentication is now enabled with --server-auth=pam: not /pam.
    • +
  • Client authentication details can be given directly from the command-line.
    • +
  • Multiple client authentication secrets, selected by a new envelope field.
    • +
  • Main binary can act as a simple submission tool (configure --enable-submission).
    • +
+

2.3 -> 2.4

  • Multiple --filter and --client-filter options allowed.
  • TLS key and certificate files can be specified separately.
    • @@ -22,7 +37,7 @@
  • Some support for message routing (see NEWS).
  • Fix of error handling in network client filters (--client-filter=net:...) [bug-id #50].
-

2.2 -> 2.3

+

2.2 -> 2.3

  • Unix domain sockets supported (eg. --interface=/tmp/smtp.s).
  • Windows event log not used for verbose logging (prefer --log-file).
    • @@ -30,7 +45,7 @@
  • Optional base64 encoding of passwords in secrets files (plain:b).
  • Support for MbedTLS version 3.
-

2.1 -> 2.2

+

2.1 -> 2.2

  • Connections from IPv4 'private use' addresses are allowed by default (see --remote-clients).
  • Interface names can be used with --interface (eg. --interface=eth0).
    • @@ -46,7 +61,7 @@
  • Support for Windows XP restored when built with mingw-w64.
  • C++ 2011 compiler is required.
-

2.0.1 -> 2.1

+

2.0.1 -> 2.1

  • Backwards compatibility features for 1.9-to-2.0 transition removed.
  • Better handling of too-many-connections on Windows.
    • @@ -63,11 +78,11 @@
  • Certificate contents are not logged.
  • Timestamp parts of spool filenames no longer limited to six digits.
-

2.0 -> 2.0.1

+

2.0 -> 2.0.1

  • Make PLAIN client authentication work against servers with broken 334 responses.
-

1.9.2 -> 2.0

+

1.9.2 -> 2.0

  • Improved IPv6 support, with IPv4 and IPv6 used independently at run-time (see --interface).
  • Server process is not blocked during --filter or --address-verifier execution, if multi-threaded.
    • @@ -98,7 +113,7 @@
  • C++ 2011 is preferred, and required for multi-threading.
  • Support for very old versions of Windows is dropped.
-

1.9.1 -> 1.9.2

+

1.9.1 -> 1.9.2

  • Fixed a leak in the event-loop garbage collection.
  • A local hostname that fails to resolve is not an error.
    • @@ -114,11 +129,11 @@
  • Qt4 or Qt5 selected by the configure script.
  • Improved the RPM spec file.
-

1.9 -> 1.9.1

+

1.9 -> 1.9.1

  • Updated OpenSSL from 1.0.1e to 1.0.1g in the Windows build.
-

1.8.2 -> 1.9

+

1.8.2 -> 1.9

  • Added negotiated TLS/SSL for POP (ie. STLS).
  • The first two fields in the secrets files are reordered (with backwards compatibility).
    • @@ -143,17 +158,17 @@
  • Added Windows --peer-lookup option.
  • Fix for MD5 code in 64-bit builds.
-

1.8.1 -> 1.8.2

+

1.8.1 -> 1.8.2

  • Fix namespaces for gcc 3.4.
-

1.8 -> 1.8.1

+

1.8 -> 1.8.1

  • Changed the definition of --as-proxy to use --poll 0 rather than --immediate [bug-id 1961652].
  • Fixed stalling bug when using server-side TLS/SSL (--server-tls) [bug-id 1961655].
  • Improved Debian packaging for Linux (make deb).
-

1.7 -> 1.8

+

1.7 -> 1.8

  • Speed optimisations (as identified by KCachegrind/valgrind in KDevelop).
  • Build-time size optimisations (eg. ./configure --disable-exec --enable-small-exceptions ...).
    • @@ -169,7 +184,7 @@
  • Improved native support for Mac OS X (10.5) with graphical installation from disk image.
  • Compatibility with gcc 2.95 restored.
-

1.6 -> 1.7

+

1.6 -> 1.7

  • TLS/SSL support for SMTP using OpenSSL (./configure --with-openssl with --client-tls and --server-tls).
  • Authentication mechanism PLAIN added.
    • @@ -177,7 +192,7 @@
  • Windows service wrapper has an --uninstall option.
  • Windows installation GUI uninstalls the service before reinstalling it.
-

1.5 -> 1.6

+

1.5 -> 1.6

  • GPLv3 licence (see http://gplv3.fsf.org).
  • New --prompt-timeout switch for the timeout when waiting for the initial 220 prompt from the SMTP server.
    • @@ -197,7 +212,7 @@
  • Experimental SpamAssassin spamc/spamd protocol support.
  • Acceptance tests added to the distribution.
-

1.4 -> 1.5

+

1.4 -> 1.5

  • New installation and configuration GUI using TrollTech Qt 4.x (./configure --enable-gui)
  • Default address verifier accepts all addresses as valid and never treats them as local mailboxes.
    • @@ -212,7 +227,7 @@
  • Documentation also created in docbook format (requires xmlto).
  • Windows installation document revised.
-

1.3.3 -> 1.4

+

1.3.3 -> 1.4

  • POP3 server (enable with --pop, disable at build-time with ./configure --disable-pop).
  • Fix for logging reentrancy bug (affects ./configure --enable-debug with --debug).
    • @@ -226,7 +241,7 @@
  • The --dont-listen switch is now --no-smtp.
  • Better IPv6 support (Linux only).
-

1.3.2 -> 1.3.3

+

1.3.2 -> 1.3.3

  • No bind() for outgoing connections [bug-id 1051689].
  • Updated rpm spec file [bug-id 1224850].
    • @@ -235,21 +250,21 @@
  • Documentation of auth switches corrected.
  • State-machine template type declaration modernised, possibly breaking older compilers.
-

1.3.1 -> 1.3.2

+

1.3.1 -> 1.3.2

  • Fix for core dump when --client-filter pre-processing fails.
  • Revised code structure to prepare for asynchronous pre-processing.
  • Better diagnostics when pre-processor exec() fails.
  • Better cleanup of empty and orphaned files.
-

1.3 -> 1.3.1

+

1.3 -> 1.3.1

  • Windows resource leak from CreateProcess() fixed.
  • Windows dialog box double-close fix.
  • Some documentation for the --scanner switch.
  • New usage patterns section in the user guide.
-

1.2 -> 1.3

+

1.2 -> 1.3

  • Client protocol waits for a greeting from the server on startup [bug-id 842156].
  • Fix for incorrect backslash normalisation on --verifier command-lines containing spaces [bug-id 890646].
    • @@ -262,7 +277,7 @@
  • New switches for the configure script.
  • More JavaScript example scripts.
-

1.1.2 -> 1.2

+

1.1.2 -> 1.2

  • The --filter and --verifier arguments interpreted as command-lines; spaces in executable paths now need escaping.
  • The --interface switch applies to outgoing connections too.
    • @@ -271,7 +286,7 @@
  • Fix for dangling reference bug, seen after quit command on Windows.
  • JavaScript examples in the documentation.
-

1.1.1 -> 1.1.2

+

1.1.1 -> 1.1.2

  • Earlier check for un-bindable ports on startup, and later fork()ing [bug-id 776972].
  • Resolved the file-descriptor kludge for --verifier on Windows.
    • @@ -280,7 +295,7 @@
  • Pre-processor (--filter) program's standard output searched for a failure reason string.
  • Undocumented --scanner switch added for asynchronous processing by a separate network server.
-

1.1.0 -> 1.1.1

+

1.1.0 -> 1.1.1

  • Restored the fix for building with gcc2.96.
  • Support for MinGW builds on Windows.
    • @@ -290,7 +305,7 @@
  • Fix for make install when man2html is not available.
  • Updated init script.
-

1.0.2 -> 1.1.0

+

1.0.2 -> 1.1.0

  • In proxy mode unexpected client-side disconnects and timeouts do not leave .bad files [see also bug-id 659039].
  • By default proxy mode does not interpret addresses for local delivery (--postmaster).
    • @@ -305,14 +320,14 @@
  • Support for Sun WorkShop 5.0 added.
  • Documentation overhaul.
-

1.0.0 -> 1.0.2

+

1.0.0 -> 1.0.2

  • Support for trusted IP addresses, allowing certain clients to avoid authentication.
  • Address verifier interface extended to include authentication information.
  • New public mail relay section added to the user guide.
  • Example verifier scripts etc. added to the reference guide.
-

1.0.0 -> 1.0.1

+

1.0.0 -> 1.0.1

  • In proxy mode unexpected client-side disconnects and timeouts result in .bad files [bug-id 659039].
  • Require successful AUTH before MAIL FROM when using --server-auth.
    • @@ -325,7 +340,7 @@
  • Fix build when using gcc2.96 rather than gcc2.95 (1.0.0-pl1).
  • Fix default spool directory in example scripts (1.0.0-pl1).
-

0.9.9 -> 1.0.0

+

0.9.9 -> 1.0.0

  • Briefer --help output; works with --verbose.
  • Option to listen on a specific network interface (--interface).
    • @@ -338,7 +353,7 @@
  • EHLO response parsing is now case-insensitive [bug-id 561522].
  • Fewer missing-secrets warnings [bug-id 564987].
-

0.9.8 -> 0.9.9

+

0.9.8 -> 0.9.9

  • More flexible logging options (--verbose and --debug work better).
  • File Hierarchy Standard (FHS) option for configure (--enable-fhs).
    • @@ -354,14 +369,14 @@
  • Submit utility works under Windows. [rc2]
  • Improved Windows project files. [rc2]
-

0.9.7 -> 0.9.8

+

0.9.7 -> 0.9.8

  • Fix for running pre-processor (--filter) as root.
  • Ignore bogus AUTH=LOGIN lines in EHLO response.
  • Submit utility improved to work with mutt.
  • Installation of submit man page.
-

0.9.6 -> 0.9.7

+

0.9.6 -> 0.9.7

  • CRAM-MD5 authentication mechanism added.
  • Revoke root permissions at start up, and reclaim them when needed.
    • @@ -377,7 +392,7 @@
  • Submission utility emailrelay-submit added.
  • HTML4.0 compliant HTML documentation, using CSS.
-

0.9.5 -> 0.9.6

+

0.9.5 -> 0.9.6

  • SMTP AUTHentication extension -- LOGIN mechanism only.
  • Client-side protocol timeout.
    • @@ -387,7 +402,7 @@
  • Multiple hard-coded listening addresses supported at compile-time.
  • Fix for automatic reopening of stderr stream.
-

0.9.4 -> 0.9.5

+

0.9.4 -> 0.9.5

Windows fixes and improvements...

@@ -397,14 +412,14 @@
  • fix for content file deletion
  • fix for directory iterator
    • -

    0.9.3 -> 0.9.4

    +

    0.9.3 -> 0.9.4

    • Fixed memory leak when no --log switch.
    • Windows build is more gui and less command-line.
    • Info command added to the administration interface.
    • Doxygen files removed from binary RPM.
    -

    0.9.2 -> 0.9.3

    +

    0.9.2 -> 0.9.3

    • Proxy mode (--immediate and --as-proxy).
    • Message pre-processing (--filter).
      • @@ -412,7 +427,7 @@
    • Improved notification script, with MIME encoding.
    • Builds with old 2.91 version of gcc.
    -

    0.9.1 -> 0.9.2

    +

    0.9.1 -> 0.9.2

    • Better autoconf detection.
    • Workround for FreeBSD uname() feature.
      • @@ -420,7 +435,7 @@
    • Fixed a benign directory iterator bug.
    • Use of gcc's exception header.
    -

    0.9 -> 0.9.1

    +

    0.9 -> 0.9.1

    • Improved documentation from doxygen.
    • More complete use of namespaces.
      • @@ -430,4 +445,4 @@
    - + diff --git a/doc/changelog.md b/doc/changelog.md index e0d6533..c75d106 100644 --- a/doc/changelog.md +++ b/doc/changelog.md @@ -1,6 +1,22 @@ E-MailRelay Change Log ====================== +2.4 -> 2.5 +---------- + +* Multiple configurations in one process. +* [SMTP][] PIPELINING ([RFC-2920][]). +* SMTP CHUNKING/8BITMIME 'BDAT' extension ([RFC-3030][]), disabled by default. +* SMTP SMTPUTF8 extension ([RFC-6531][]), disabled by default. +* No 7-bit/8-bit check on received message content (see NEWS file). +* New built-in filters: `deliver:`, `split:`, `copy:`, `mx:`, `msgid:`. +* New built-in address verifier: `account:` +* No `.local` files (see NEWS file). +* [PAM][] authentication is now enabled with `--server-auth=pam:` not `/pam`. +* Client authentication details can be given directly from the command-line. +* Multiple `client` authentication secrets, selected by a new envelope field. +* Main binary can act as a simple submission tool (`configure --enable-submission`). + 2.3 -> 2.4 ---------- @@ -34,7 +50,7 @@ E-MailRelay Change Log * New `--log-address` option to aid adaptive firewalling. * Dynamic log file rolling when using `--log-file=%d`. * Choice of syslog 'facility' on Linux with `--syslog=local0` etc. -* Pipelined [SMTP][] QUIT commands sent by broken clients are tolerated. +* Pipelined SMTP QUIT commands sent by broken clients are tolerated. * Better handling of overly-verbose or unkillable `--filter` scripts. * Optional epoll event loop on Linux (`configure --enable-epoll`). * Some internationalisation support (see NEWS file). @@ -123,7 +139,7 @@ E-MailRelay Change Log * Added negotiated TLS/SSL for [POP][] (ie. `STLS`). * The first two fields in the secrets files are reordered (with backwards compatibility). -* Added Linux [PAM][] authentication (`configure --with-pam` and then `--server-auth=/pam`). +* Added Linux PAM authentication (`configure --with-pam` and then `--server-auth=/pam`). * Optional protocol-specific `--interface` qualifiers, eg. `--interface smtp=127.0.0.1,pop=192.168.1.1`. * Outgoing client connection bound with the first `--interface` or `--interface client=...` address. * Support for SMTP-over-TLS on outgoing client connection (`--client-tls-connection`) (cf. `STARTTLS`) @@ -457,8 +473,11 @@ Windows fixes and improvements... [FHS]: https://wiki.linuxfoundation.org/lsb/fhs [PAM]: https://en.wikipedia.org/wiki/Linux_PAM [POP]: https://en.wikipedia.org/wiki/Post_Office_Protocol +[RFC-2920]: https://tools.ietf.org/html/rfc2920 +[RFC-3030]: https://tools.ietf.org/html/rfc3030 [RFC-3848]: https://tools.ietf.org/html/rfc3848 [RFC-5782]: https://tools.ietf.org/html/rfc5782 +[RFC-6531]: https://tools.ietf.org/html/rfc6531 [RFC-8314]: https://tools.ietf.org/html/rfc8314 [SMTP]: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol [SOCKS]: https://en.wikipedia.org/wiki/SOCKS diff --git a/doc/changelog.rst b/doc/changelog.rst index 9ae4667..b47cf4c 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -1,6 +1,22 @@ -********************** -E-MailRelay Change Log -********************** +********** +Change Log +********** + +2.4 -> 2.5 +========== + +* Multiple configurations in one process. +* SMTP_ PIPELINING (RFC-2920_). +* SMTP CHUNKING/8BITMIME 'BDAT' extension (RFC-3030_), disabled by default. +* SMTP SMTPUTF8 extension (RFC-6531_), disabled by default. +* No 7-bit/8-bit check on received message content (see NEWS file). +* New built-in filters: *deliver:*, *split:*, *copy:*, *mx:*, *msgid:*. +* New built-in address verifier: *account:* +* No *.local* files (see NEWS file). +* PAM_ authentication is now enabled with *--server-auth=pam:* not */pam*. +* Client authentication details can be given directly from the command-line. +* Multiple *client* authentication secrets, selected by a new envelope field. +* Main binary can act as a simple submission tool (\ *configure --enable-submission*\ ). 2.3 -> 2.4 ========== @@ -35,7 +51,7 @@ E-MailRelay Change Log * New *--log-address* option to aid adaptive firewalling. * Dynamic log file rolling when using *--log-file=%d*. * Choice of syslog 'facility' on Linux with *--syslog=local0* etc. -* Pipelined SMTP_ QUIT commands sent by broken clients are tolerated. +* Pipelined SMTP QUIT commands sent by broken clients are tolerated. * Better handling of overly-verbose or unkillable *--filter* scripts. * Optional epoll event loop on Linux (\ *configure --enable-epoll*\ ). * Some internationalisation support (see NEWS file). @@ -124,7 +140,7 @@ E-MailRelay Change Log * Added negotiated TLS/SSL for POP_ (ie. *STLS*). * The first two fields in the secrets files are reordered (with backwards compatibility). -* Added Linux PAM_ authentication (*configure --with-pam* and then *--server-auth=/pam*). +* Added Linux PAM authentication (*configure --with-pam* and then *--server-auth=/pam*). * Optional protocol-specific *--interface* qualifiers, eg. *--interface smtp=127.0.0.1,pop=192.168.1.1*. * Outgoing client connection bound with the first *--interface* or *--interface client=...* address. * Support for SMTP-over-TLS on outgoing client connection (\ *--client-tls-connection*\ ) (cf. *STARTTLS*) @@ -458,8 +474,11 @@ Windows fixes and improvements... .. _FHS: https://wiki.linuxfoundation.org/lsb/fhs .. _PAM: https://en.wikipedia.org/wiki/Linux_PAM .. _POP: https://en.wikipedia.org/wiki/Post_Office_Protocol +.. _RFC-2920: https://tools.ietf.org/html/rfc2920 +.. _RFC-3030: https://tools.ietf.org/html/rfc3030 .. _RFC-3848: https://tools.ietf.org/html/rfc3848 .. _RFC-5782: https://tools.ietf.org/html/rfc5782 +.. _RFC-6531: https://tools.ietf.org/html/rfc6531 .. _RFC-8314: https://tools.ietf.org/html/rfc8314 .. _SMTP: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol .. _SOCKS: https://en.wikipedia.org/wiki/SOCKS diff --git a/doc/changelog.txt b/doc/changelog.txt index ddbe2b0..61c02c0 100644 --- a/doc/changelog.txt +++ b/doc/changelog.txt @@ -1,6 +1,21 @@ E-MailRelay Change Log ====================== +2.4 -> 2.5 +---------- +* Multiple configurations in one process. +* SMTP PIPELINING (RFC-2920). +* SMTP CHUNKING/8BITMIME 'BDAT' extension (RFC-3030), disabled by default. +* SMTP SMTPUTF8 extension (RFC-6531), disabled by default. +* No 7-bit/8-bit check on received message content (see NEWS file). +* New built-in filters: "deliver:", "split:", "copy:", "mx:", "msgid:". +* New built-in address verifier: "account:" +* No ".local" files (see NEWS file). +* PAM authentication is now enabled with "--server-auth=pam:" not "/pam". +* Client authentication details can be given directly from the command-line. +* Multiple "client" authentication secrets, selected by a new envelope field. +* Main binary can act as a simple submission tool ("configure --enable-submission"). + 2.3 -> 2.4 ---------- * Multiple "--filter" and "--client-filter" options allowed. diff --git a/doc/conf.py.sphinx b/doc/conf.py similarity index 89% rename from doc/conf.py.sphinx rename to doc/conf.py index d3fe573..e226fa1 100644 --- a/doc/conf.py.sphinx +++ b/doc/conf.py @@ -7,10 +7,10 @@ templates_path = ['_templates'] source_suffix = '.rst' master_doc = 'index' project = u'E-MailRelay' -copyright = u'2022, Graeme Walker' +copyright = u'2023, Graeme Walker' author = u'Graeme Walker' -version = u'2.4.1' -release = u'2.4.1' +version = u'2.5' +release = u'2.5' language = None today_fmt = '%Y-%m-%d' exclude_patterns = [] diff --git a/doc/developer.html b/doc/developer.html index 936d704..8f9d121 100644 --- a/doc/developer.html +++ b/doc/developer.html @@ -14,29 +14,16 @@ The main principles in the design of E-MailRelay can be summarised as:

      +
    • Functionality without imposing policy
    • Minimal third-party dependencies
    • Windows/Unix portability without #ifdefs
    • Event-driven, non-blocking, single-threaded networking code
      • -
    • Functionality without imposing policy
      • +
    • Multi-threading optional
    -

    Dependencies

    +

    Portability

    - E-MailRelay started life at a time when Linux had no decent package manager and - Windows was in the grip of DLL hell. As a result, a key principle is that it - has no dependencies other than a good C++ run-time. Since that time OpenSSL - has been introduced as a dependency to support TLS encryption, and the optional - configuration and installation GUI has been developed using the Qt toolkit. -

    - -

    - In those early years multi-threading support in C++ libraries was poor, so up - until version 2.0 the code was single-threaded throughout, and multi-threading - is still optional. -

    -

    Portability

    -

    - The E-MailRelay code is now written in C++11. Earlier versions of E-MailRelay - used C++03. + The E-MailRelay code is written in C++11. Earlier versions of E-MailRelay used + C++03.

    @@ -60,7 +47,7 @@ Underscores in source file names are used exclusively to indicate build-time alternatives.

    -

    Event model

    +

    Event model

    The E-MailRelay server uses non-blocking socket i/o, with a select() or epoll() event loop. This event model means that the server can handle multiple network @@ -69,6 +56,11 @@ executed (see --filter and --address-verifier).

    +

    + The advantages of a non-blocking event model are discussed in the well-known + C10K Problem document. +

    +

    This event model can make the code more complicated than the equivalent multi-threaded approach since (for example) it is not possible to wait for a @@ -76,17 +68,12 @@ might be other connections that need servicing half way through.

    -

    - The advantages of a non-blocking event model are discussed in the well-known - C10K Problem document. -

    -

    At higher levels the C++ slot/signal design pattern is used to propagate events between objects (not to be confused with operating system signals). The slot/signal implementation has been simplified compared to Qt or boost by not supporting signal multicasting, so each signal connects to no more than one - slot. + slot. The implementation now uses std::function.

    @@ -98,7 +85,7 @@ particularly when emitting more than one signal, defensive measures are required.

    -

    Module structure

    +

    Module structure

    The main C++ libraries in the E-MailRelay code base are as follows:

    @@ -121,12 +108,24 @@

    gsmtp

    - SMTP protocol and message-store classes. + SMTP protocol classes.

    gpop

    POP3 protocol classes.
    +

    gstore

    +
    + Message store classes. +
    +

    gfilters

    +
    + Built-in filters. +
    +

    gverifiers

    +
    + Built-in address verifiers. +

    All of these libraries are portable between Unix-like systems and Windows.

    @@ -135,7 +134,7 @@ Under Windows there is an additional library under src/win32 for the user interface implemented using the Microsoft Win32 API.

    -

    SMTP class structure

    +

    SMTP class structure

    The message-store functionality uses three abstract interfaces: MessageStore, NewMessage and StoredMessage. The NewMessage interface is used to create @@ -163,18 +162,25 @@

    - Message filtering (--filter) is implemented via an abstract Filter - interface. Concrete implementations are provided for doing nothing, running an - external executable program and talking to an external network server. + Message filtering (--filter) is implemented via an abstract GSmtp::Filter + interface. Concrete implementations in the GFilters namespace are provided for + doing nothing, running an external executable program, talking to an external + network server, etc.

    - The protocol, processor and message-store interfaces are brought together by the - high-level GSmtp::Server and GSmtp::Client classes. Dependency injection is - used to create the concrete instances of the ProtocolMessage and Filter - interfaces. + Address verifiers (--address-verifier) are implemented via an abstract + GSmtp::Verifier interface, with concrete implementations in the GVerifiers + namespace.

    -

    Event handling and exceptions

    + +

    + The protocol, processor and message-store interfaces are brought together by + the high-level GSmtp::Server and GSmtp::Client classes. Dependency + injection is used to create the concrete instances of the MessageStore, + Filter and Verifier interfaces. +

    +

    Event handling and exceptions

    The use of non-blocking i/o in the network library means that most processing operates within the context of an i/o event or timeout callback, so the top @@ -186,40 +192,42 @@

    The event loop delivers asynchronous socket events to the EventHandler - interface, timer events to the TimerBase interface, and 'future' events to the - FutureEventCallback interface. If any of the these event handlers throws an - exception then the event loop catches it and delivers it back to an exception - handler through the onException() method of an associated ExceptionHandler - interface. If an exception is thrown out of _this_ callback then the event loop - code lets it propagate back to main(), typically terminating the program. + interface, timer events to the TimerBase interface, and 'future' events to + the FutureEventCallback interface. If any of the these event handlers throws + an exception then the event loop catches it and delivers it back to an + exception handler through the onException() method of an associated + ExceptionHandler interface. If an exception is thrown out of _this_ callback + then the event loop code lets it propagate back to main(), typically + terminating the program.

    However, sometimes there are objects that need to be more resilient to exceptions. In particular, a network server should not terminate just because one of its connections fails unexpectedly. In these cases the owning parent - object receives the exception notification together with a pointer that - identifies the child object that threw the exception (ie. the exception - source). This allows the parent object to absorb the exception and delete the - child, without the exception killing the whole server. + object receives the exception notification together with an ExceptionSource + pointer that identifies the child object that threw the exception. This allows + the parent object to absorb the exception and delete the child, without the + exception killing the whole server.

    - Event sources in the event loop are held as a file descriptor, a windows event - handle, an EventHandler pointer, an ExceptionHandler pointer and an - ExceptionSource pointer. The first two together are known as a Descriptor, and - the last two together are known as an ExceptionSink. + Event sources in the event loop are typically held as a file descriptor and a + windows event handle, together known as a Descriptor. Event loop + implementations typically watch a set of Descriptors for events and call the + relevant EventHandler/ExceptionHandler code via the EventEmitter class.

    -

    Multi-threading

    +

    Multi-threading

    - Multi-threading can be used as a build-time option to make DNS lookup and the - execution of helper programs asynchronous; if enabled then std::thread is - used in a future/promise pattern to wrap up getaddrinfo() and waitpid() - system calls. The shared state comprises only the parameters and return results - from these system calls, and synchronisation back to the main thread uses the - event loop (see GNet::FutureEvent). + Multi-threading is used to make DNS lookup and external program asynchronous so + unless disabled at build-time std::thread is used in a future/promise pattern to + wrap up getaddrinfo() and waitpid() system calls. The shared state comprises + only the parameters and return results from these system calls, and + synchronisation back to the main thread uses the main event loop (see + GNet::FutureEvent). Threading is not used elsewhere so the C/C++ run-time + library does not need to be thread-safe.

    -

    E-MailRelay GUI

    +

    E-MailRelay GUI

    The optional GUI program emailrelay-gui uses the Qt toolkit for its user interface components. The GUI can run as an installer or as a configuration @@ -253,28 +261,52 @@

    When run in install mode the GUI expects to unpack all the E-MailRelay files from the payload into target directories. The payload is a simple directory - tree that lives alongside the GUI exectuable or inside the Mac application + tree that lives alongside the GUI executable or inside the Mac application bundle, and it contains a configuration file to tell the installer where to copy its files.

    -

    Windows build

    + +

    + When building the GUI program the library code shared with the main server + executable is compiled separately so that different GUI-specific compiler + options can be used. This is done as a 'unity build', concatenating the shared + code into one source file and compiling that for the GUI. (This technique + requires that private 'detail' namespaces are named rather than anonymous so + that there cannot be any name clashes within the combined anonymous namespace.) +

    +

    Windows build

    E-MailRelay can be compiled on Windows using Microsoft Visual Studio C++ (MSVC) - or mingw-w64. For MSVC builds there is a perl script (winbuild.pl) that creates - cmake files from the autotools makefiles, runs cmake to create the MSVC - project files and then runs msbuild to compile E-MailRelay. If perl, cmake, - MSVC, Qt and mbedTLS source are installed in the right way then the - winbuild.bat batch file should be able to do a complete MSVC release build - in one go. + or mingw-w64.

    - For MinGW cross-builds use ./configure.sh -m and make on a Linux box and + For MSVC builds there is a perl script (winbuild.pl) that creates cmake + files from the autotools makefiles, runs cmake to create the MSVC project + files and then runs msbuild to compile E-MailRelay. If perl, cmake, MSVC, Qt + and mbedTLS source are installed in the right way then the winbuild.bat batch + file should be able to do a complete MSVC release build in one go. After that + the winbuild-install.bat batch file can be used to create a distribution. +

    + +

    + When building for a public release the E-MailRelay setup program should be + statically linked and copied into the distribution created by winbuild.pl. + This requires a static build of Qt: edit msvc-desktop.conf to use /MT; + run configure.bat with -static -release; run nmake -f Makefile for + release then install. Then build the E-MailRelay GUI using + emailrelay-gui.pro: qmake CONFIG+='win static' emailrelay-gui.pro; + then mc messages.mc; then copy emailrelay-icon.ico; and finally + nmake -f Makefile.Release. +

    + +

    + For MinGW cross-builds use ./configure.sh -w64 and make on a Linux box and copy the built executables and the MinGW run-time to the target. Any extra run-time files can be identified by running dumpbin /dependents in the normal way.

    -

    Windows packaging

    +

    Windows packaging

    On Windows E-MailRelay is packaged as a zip file containing the executables (including the emailrelay GUI as emailrelay-setup.exe), documentation, and a @@ -284,15 +316,16 @@

    The Qt tool windeployqt is used to add run-time dependencies, such as the - Qt DLLs. + platform DLL. (Public releases of Windows builds are normally statically linked, + so many of the DLLs added by windeployqt are not needed.)

    - To target ancient versions of Windows start with a cross-build using MinGW; - then winbuild.pl mingw can be used to assemble a slimmed-down package for - distribution. + To target ancient versions of Windows start with a cross-build using MinGW + for 32-bit (./configure.sh -w32); then winbuild.pl mingw can be used to + assemble a slimmed-down package for distribution.

    -

    Unix packaging

    +

    Unix packaging

    On Unix-like operating systems it is more natural to use some sort of package derived from the make install process rather than an installer program, so @@ -303,7 +336,7 @@ Top-level makefile targets dist, deb and rpm can be used to create a binary tarball, a debian package, and an RPM package respectively.

    -

    Internationalisation

    +

    Internationalisation

    The GUI code has i18n support using the Qt framework, with the tr() function used throughout the GUI source code. The GUI main() function loads translations @@ -313,12 +346,17 @@

    - The non-GUI code has minimal i18n support using gettext(), mostly for startup - error messages and usage help. This is disabled by default and requires a - configure-script option (--with-gettext) to enable it at build-time and - a --localedir option at run-time. See also po/Makefile.am. + The non-GUI code has some i18n support by using gettext() via the inline txt() + and tx() functions defined in src/glib/ggettext.h. The configure script + detects gettext support in the C run-time library, but without trying different + compile and link options. See also po/Makefile.am.

    -

    Source control

    + +

    + On Windows the main server executable has a tabbed dialog-box as its user + interface, but that does not have any support for i18n. +

    +

    Source control

    The source code is stored in the SourceForge svn repository. A working copy can be checked out as follows: @@ -327,7 +365,7 @@ 

    $ svn co https://svn.code.sf.net/p/emailrelay/code/trunk emailrelay
    -

    Compile-time features

    +

    Compile-time features

    Compile-time features can be selected with options passed to the configure script. These include the following: @@ -350,10 +388,10 @@

    - Copyright (C) 2001-2022 Graeme Walker + Copyright (C) 2001-2023 Graeme Walker

    - + diff --git a/doc/developer.md b/doc/developer.md index ba8796c..14c6a3a 100644 --- a/doc/developer.md +++ b/doc/developer.md @@ -5,27 +5,16 @@ Principles ---------- The main principles in the design of E-MailRelay can be summarised as: +* Functionality without imposing policy * Minimal third-party dependencies * Windows/Unix portability without #ifdefs * Event-driven, non-blocking, single-threaded networking code -* Functionality without imposing policy - -Dependencies ------------- -E-MailRelay started life at a time when Linux had no decent package manager and -Windows was in the grip of DLL hell. As a result, a key principle is that it -has no dependencies other than a good C++ run-time. Since that time OpenSSL -has been introduced as a dependency to support [TLS][] encryption, and the optional -configuration and installation GUI has been developed using the Qt toolkit. - -In those early years multi-threading support in C++ libraries was poor, so up -until version 2.0 the code was single-threaded throughout, and multi-threading -is still optional. +* Multi-threading optional Portability ----------- -The E-MailRelay code is now written in C++11. Earlier versions of E-MailRelay -used C++03. +The E-MailRelay code is written in C++11. Earlier versions of E-MailRelay used +C++03. The header files `gdef.h` in `src/glib` is used to fix up some compiler portability issues such as missing standard types, non-standard system headers @@ -51,19 +40,19 @@ connections simultaneously from a single thread, and even if multi-threading is disabled at build-time the only blocking occurs when external programs are executed (see `--filter` and `--address-verifier`). +The advantages of a non-blocking event model are discussed in the well-known +[C10K Problem](http://www.kegel.com/c10k.html) document. + This event model can make the code more complicated than the equivalent multi-threaded approach since (for example) it is not possible to wait for a complete line of input to be received from a remote [SMTP][] client because there might be other connections that need servicing half way through. -The advantages of a non-blocking event model are discussed in the well-known -[C10K Problem](http://www.kegel.com/c10k.html) document. - At higher levels the C++ slot/signal design pattern is used to propagate events between objects (not to be confused with operating system signals). The slot/signal implementation has been simplified compared to Qt or boost by not supporting signal multicasting, so each signal connects to no more than one -slot. +slot. The implementation now uses std::function. The synchronous slot/signal pattern needs some care when when the signalling object gets destructed as a side-effect of raising a signal, and that situation @@ -85,7 +74,7 @@ The main C++ libraries in the E-MailRelay code base are as follows: ### "gssl" ### - A thin layer over the third-party TLS libraries. + A thin layer over the third-party [TLS][] libraries. ### "gnet" ### @@ -100,13 +89,28 @@ The main C++ libraries in the E-MailRelay code base are as follows: ### "gsmtp" ### - SMTP protocol and message-store classes. + SMTP protocol classes. ### "gpop" ### POP3 protocol classes. + +### "gstore" ### + + Message store classes. + + +### "gfilters" ### + + Built-in filters. + + +### "gverifiers" ### + + Built-in address verifiers. + All of these libraries are portable between Unix-like systems and Windows. Under Windows there is an additional library under `src/win32` for the user @@ -134,14 +138,19 @@ pattern is used whereby the forwarding class uses an instance of the storage class to do the message storing and filtering, while adding in an instance of the `GSmtp::Client` class to do the forwarding. -Message filtering (`--filter`) is implemented via an abstract `Filter` -interface. Concrete implementations are provided for doing nothing, running an -external executable program and talking to an external network server. +Message filtering (`--filter`) is implemented via an abstract `GSmtp::Filter` +interface. Concrete implementations in the `GFilters` namespace are provided for +doing nothing, running an external executable program, talking to an external +network server, etc. -The protocol, processor and message-store interfaces are brought together by the -high-level `GSmtp::Server` and `GSmtp::Client` classes. Dependency injection is -used to create the concrete instances of the `ProtocolMessage` and `Filter` -interfaces. +Address verifiers (`--address-verifier`) are implemented via an abstract +`GSmtp::Verifier` interface, with concrete implementations in the `GVerifiers` +namespace. + +The protocol, processor and message-store interfaces are brought together by +the high-level `GSmtp::Server` and `GSmtp::Client` classes. Dependency +injection is used to create the concrete instances of the `MessageStore`, +`Filter` and `Verifier` interfaces. Event handling and exceptions ----------------------------- @@ -153,34 +162,36 @@ because it is not possible to put a single catch block around a particular high-level feature. The event loop delivers asynchronous socket events to the `EventHandler` -interface, timer events to the `TimerBase` interface, and 'future' events to the -`FutureEventCallback` interface. If any of the these event handlers throws an -exception then the event loop catches it and delivers it back to an exception -handler through the `onException()` method of an associated `ExceptionHandler` -interface. If an exception is thrown out of _this_ callback then the event loop -code lets it propagate back to `main()`, typically terminating the program. +interface, timer events to the `TimerBase` interface, and 'future' events to +the `FutureEventCallback` interface. If any of the these event handlers throws +an exception then the event loop catches it and delivers it back to an +exception handler through the `onException()` method of an associated +`ExceptionHandler` interface. If an exception is thrown out of _this_ callback +then the event loop code lets it propagate back to `main()`, typically +terminating the program. However, sometimes there are objects that need to be more resilient to exceptions. In particular, a network server should not terminate just because one of its connections fails unexpectedly. In these cases the owning parent -object receives the exception notification together with a pointer that -identifies the child object that threw the exception (ie. the exception -source). This allows the parent object to absorb the exception and delete the -child, without the exception killing the whole server. +object receives the exception notification together with an `ExceptionSource` +pointer that identifies the child object that threw the exception. This allows +the parent object to absorb the exception and delete the child, without the +exception killing the whole server. -Event sources in the event loop are held as a file descriptor, a windows event -handle, an EventHandler pointer, an ExceptionHandler pointer and an -ExceptionSource pointer. The first two together are known as a Descriptor, and -the last two together are known as an ExceptionSink. +Event sources in the event loop are typically held as a file descriptor and a +windows event handle, together known as a `Descriptor`. Event loop +implementations typically watch a set of Descriptors for events and call the +relevant EventHandler/ExceptionHandler code via the `EventEmitter` class. Multi-threading --------------- -Multi-threading can be used as a build-time option to make DNS lookup and the -execution of helper programs asynchronous; if enabled then std::thread is -used in a future/promise pattern to wrap up `getaddrinfo()` and `waitpid()` -system calls. The shared state comprises only the parameters and return results -from these system calls, and synchronisation back to the main thread uses the -event loop (see `GNet::FutureEvent`). +Multi-threading is used to make DNS lookup and external program asynchronous so +unless disabled at build-time std::thread is used in a future/promise pattern to +wrap up `getaddrinfo()` and `waitpid()` system calls. The shared state comprises +only the parameters and return results from these system calls, and +synchronisation back to the main thread uses the main event loop (see +`GNet::FutureEvent`). Threading is not used elsewhere so the C/C++ run-time +library does not need to be thread-safe. E-MailRelay GUI --------------- @@ -208,21 +219,39 @@ When run in configure mode the GUI normally ends up simply editing the When run in install mode the GUI expects to unpack all the E-MailRelay files from the payload into target directories. The payload is a simple directory -tree that lives alongside the GUI exectuable or inside the Mac application +tree that lives alongside the GUI executable or inside the Mac application bundle, and it contains a configuration file to tell the installer where to copy its files. +When building the GUI program the library code shared with the main server +executable is compiled separately so that different GUI-specific compiler +options can be used. This is done as a 'unity build', concatenating the shared +code into one source file and compiling that for the GUI. (This technique +requires that private 'detail' namespaces are named rather than anonymous so +that there cannot be any name clashes within the combined anonymous namespace.) + Windows build ------------- E-MailRelay can be compiled on Windows using Microsoft Visual Studio C++ (MSVC) -or mingw-w64. For MSVC builds there is a perl script (`winbuild.pl`) that creates -`cmake` files from the autotools makefiles, runs `cmake` to create the MSVC -project files and then runs `msbuild` to compile E-MailRelay. If perl, cmake, -MSVC, Qt and mbedTLS source are installed in the right way then the -`winbuild.bat` batch file should be able to do a complete MSVC release build -in one go. +or mingw-w64. -For MinGW cross-builds use `./configure.sh -m` and `make` on a Linux box and +For MSVC builds there is a perl script (`winbuild.pl`) that creates `cmake` +files from the autotools makefiles, runs `cmake` to create the MSVC project +files and then runs `msbuild` to compile E-MailRelay. If perl, cmake, MSVC, Qt +and mbedTLS source are installed in the right way then the `winbuild.bat` batch +file should be able to do a complete MSVC release build in one go. After that +the `winbuild-install.bat` batch file can be used to create a distribution. + +When building for a public release the E-MailRelay setup program should be +statically linked and copied into the distribution created by `winbuild.pl`. +This requires a static build of Qt: edit `msvc-desktop.conf` to use `/MT`; +run `configure.bat` with `-static -release`; run `nmake -f Makefile` for +`release` then `install`. Then build the E-MailRelay GUI using +`emailrelay-gui.pro`: `qmake CONFIG+='win static' emailrelay-gui.pro`; +then `mc messages.mc`; then copy `emailrelay-icon.ico`; and finally +`nmake -f Makefile.Release`. + +For MinGW cross-builds use `./configure.sh -w64` and `make` on a Linux box and copy the built executables and the MinGW run-time to the target. Any extra run-time files can be identified by running `dumpbin /dependents` in the normal way. @@ -235,11 +264,12 @@ On Windows E-MailRelay is packaged as a zip file containing the executables again, and while this duplication is not ideal it is at least straightforward. The Qt tool `windeployqt` is used to add run-time dependencies, such as the -Qt DLLs. +platform DLL. (Public releases of Windows builds are normally statically linked, +so many of the DLLs added by `windeployqt` are not needed.) -To target ancient versions of Windows start with a cross-build using MinGW; -then `winbuild.pl mingw` can be used to assemble a slimmed-down package for -distribution. +To target ancient versions of Windows start with a cross-build using MinGW +for 32-bit (`./configure.sh -w32`); then `winbuild.pl mingw` can be used to +assemble a slimmed-down package for distribution. Unix packaging -------------- @@ -258,10 +288,13 @@ from the `translations` sub-directory (relative to the executable), although that can be overridden with the `--qm` command-line option. Qt's `-reverse` option can also be used to reverse the widgets when using RTL languages. -The non-GUI code has minimal i18n support using gettext(), mostly for startup -error messages and usage help. This is disabled by default and requires a -configure-script option (`--with-gettext`) to enable it at build-time and -a `--localedir` option at run-time. See also `po/Makefile.am`. +The non-GUI code has some i18n support by using gettext() via the inline txt() +and tx() functions defined in `src/glib/ggettext.h`. The configure script +detects gettext support in the C run-time library, but without trying different +compile and link options. See also `po/Makefile.am`. + +On Windows the main server executable has a tabbed dialog-box as its user +interface, but that does not have any support for i18n. Source control -------------- @@ -292,4 +325,4 @@ Use `./configure --help` to see a complete list of options. [TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security _____________________________________ -Copyright (C) 2001-2022 Graeme Walker +Copyright (C) 2001-2023 Graeme Walker diff --git a/doc/developer.rst b/doc/developer.rst index 3476901..c27c10c 100644 --- a/doc/developer.rst +++ b/doc/developer.rst @@ -1,32 +1,21 @@ -*************************** -E-MailRelay Developer Guide -*************************** +*************** +Developer Guide +*************** Principles ========== The main principles in the design of E-MailRelay can be summarised as: +* Functionality without imposing policy * Minimal third-party dependencies * Windows/Unix portability without #ifdefs * Event-driven, non-blocking, single-threaded networking code -* Functionality without imposing policy - -Dependencies -============ -E-MailRelay started life at a time when Linux had no decent package manager and -Windows was in the grip of DLL hell. As a result, a key principle is that it -has no dependencies other than a good C++ run-time. Since that time OpenSSL -has been introduced as a dependency to support TLS_ encryption, and the optional -configuration and installation GUI has been developed using the Qt toolkit. - -In those early years multi-threading support in C++ libraries was poor, so up -until version 2.0 the code was single-threaded throughout, and multi-threading -is still optional. +* Multi-threading optional Portability =========== -The E-MailRelay code is now written in C++11. Earlier versions of E-MailRelay -used C++03. +The E-MailRelay code is written in C++11. Earlier versions of E-MailRelay used +C++03. The header files *gdef.h* in *src/glib* is used to fix up some compiler portability issues such as missing standard types, non-standard system headers @@ -52,19 +41,19 @@ connections simultaneously from a single thread, and even if multi-threading is disabled at build-time the only blocking occurs when external programs are executed (see *--filter* and *--address-verifier*). +The advantages of a non-blocking event model are discussed in the well-known +`C10K Problem `_ document. + This event model can make the code more complicated than the equivalent multi-threaded approach since (for example) it is not possible to wait for a complete line of input to be received from a remote SMTP_ client because there might be other connections that need servicing half way through. -The advantages of a non-blocking event model are discussed in the well-known -`C10K Problem `_ document. - At higher levels the C++ slot/signal design pattern is used to propagate events between objects (not to be confused with operating system signals). The slot/signal implementation has been simplified compared to Qt or boost by not supporting signal multicasting, so each signal connects to no more than one -slot. +slot. The implementation now uses std::function. The synchronous slot/signal pattern needs some care when when the signalling object gets destructed as a side-effect of raising a signal, and that situation @@ -77,19 +66,52 @@ required. Module structure ================ The main C++ libraries in the E-MailRelay code base are as follows: + +"glib" +------ Low-level classes for file-system abstraction, date and time representation, string utility functions, logging, command line parsing etc. - A thin layer over the third-party TLS libraries. +"gssl" +------ + A thin layer over the third-party TLS_ libraries. + + +"gnet" +------ Network and event-loop classes. + +"gauth" +------- Implements various authentication mechanisms. - SMTP protocol and message-store classes. +"gsmtp" +------- + SMTP protocol classes. + + +"gpop" +------ POP3 protocol classes. + +"gstore" +-------- + Message store classes. + + +"gfilters" +---------- + Built-in filters. + + +"gverifiers" +------------ + Built-in address verifiers. + All of these libraries are portable between Unix-like systems and Windows. Under Windows there is an additional library under *src/win32* for the user @@ -117,14 +139,19 @@ pattern is used whereby the forwarding class uses an instance of the storage class to do the message storing and filtering, while adding in an instance of the *GSmtp::Client* class to do the forwarding. -Message filtering (\ *--filter*\ ) is implemented via an abstract *Filter* -interface. Concrete implementations are provided for doing nothing, running an -external executable program and talking to an external network server. +Message filtering (\ *--filter*\ ) is implemented via an abstract *GSmtp::Filter* +interface. Concrete implementations in the *GFilters* namespace are provided for +doing nothing, running an external executable program, talking to an external +network server, etc. -The protocol, processor and message-store interfaces are brought together by the -high-level *GSmtp::Server* and *GSmtp::Client* classes. Dependency injection is -used to create the concrete instances of the *ProtocolMessage* and *Filter* -interfaces. +Address verifiers (\ *--address-verifier*\ ) are implemented via an abstract +*GSmtp::Verifier* interface, with concrete implementations in the *GVerifiers* +namespace. + +The protocol, processor and message-store interfaces are brought together by +the high-level *GSmtp::Server* and *GSmtp::Client* classes. Dependency +injection is used to create the concrete instances of the *MessageStore*, +*Filter* and *Verifier* interfaces. Event handling and exceptions ============================= @@ -136,34 +163,36 @@ because it is not possible to put a single catch block around a particular high-level feature. The event loop delivers asynchronous socket events to the *EventHandler* -interface, timer events to the *TimerBase* interface, and 'future' events to the -*FutureEventCallback* interface. If any of the these event handlers throws an -exception then the event loop catches it and delivers it back to an exception -handler through the *onException()* method of an associated *ExceptionHandler* -interface. If an exception is thrown out of _this_ callback then the event loop -code lets it propagate back to *main()*, typically terminating the program. +interface, timer events to the *TimerBase* interface, and 'future' events to +the *FutureEventCallback* interface. If any of the these event handlers throws +an exception then the event loop catches it and delivers it back to an +exception handler through the *onException()* method of an associated +*ExceptionHandler* interface. If an exception is thrown out of _this_ callback +then the event loop code lets it propagate back to *main()*, typically +terminating the program. However, sometimes there are objects that need to be more resilient to exceptions. In particular, a network server should not terminate just because one of its connections fails unexpectedly. In these cases the owning parent -object receives the exception notification together with a pointer that -identifies the child object that threw the exception (ie. the exception -source). This allows the parent object to absorb the exception and delete the -child, without the exception killing the whole server. +object receives the exception notification together with an *ExceptionSource* +pointer that identifies the child object that threw the exception. This allows +the parent object to absorb the exception and delete the child, without the +exception killing the whole server. -Event sources in the event loop are held as a file descriptor, a windows event -handle, an EventHandler pointer, an ExceptionHandler pointer and an -ExceptionSource pointer. The first two together are known as a Descriptor, and -the last two together are known as an ExceptionSink. +Event sources in the event loop are typically held as a file descriptor and a +windows event handle, together known as a *Descriptor*. Event loop +implementations typically watch a set of Descriptors for events and call the +relevant EventHandler/ExceptionHandler code via the *EventEmitter* class. Multi-threading =============== -Multi-threading can be used as a build-time option to make DNS lookup and the -execution of helper programs asynchronous; if enabled then std::thread is -used in a future/promise pattern to wrap up *getaddrinfo()* and *waitpid()* -system calls. The shared state comprises only the parameters and return results -from these system calls, and synchronisation back to the main thread uses the -event loop (see *GNet::FutureEvent*). +Multi-threading is used to make DNS lookup and external program asynchronous so +unless disabled at build-time std::thread is used in a future/promise pattern to +wrap up *getaddrinfo()* and *waitpid()* system calls. The shared state comprises +only the parameters and return results from these system calls, and +synchronisation back to the main thread uses the main event loop (see +\ *GNet::FutureEvent*\ ). Threading is not used elsewhere so the C/C++ run-time +library does not need to be thread-safe. E-MailRelay GUI =============== @@ -191,21 +220,39 @@ When run in configure mode the GUI normally ends up simply editing the When run in install mode the GUI expects to unpack all the E-MailRelay files from the payload into target directories. The payload is a simple directory -tree that lives alongside the GUI exectuable or inside the Mac application +tree that lives alongside the GUI executable or inside the Mac application bundle, and it contains a configuration file to tell the installer where to copy its files. +When building the GUI program the library code shared with the main server +executable is compiled separately so that different GUI-specific compiler +options can be used. This is done as a 'unity build', concatenating the shared +code into one source file and compiling that for the GUI. (This technique +requires that private 'detail' namespaces are named rather than anonymous so +that there cannot be any name clashes within the combined anonymous namespace.) + Windows build ============= E-MailRelay can be compiled on Windows using Microsoft Visual Studio C++ (MSVC) -or mingw-w64. For MSVC builds there is a perl script (\ *winbuild.pl*\ ) that creates -*cmake* files from the autotools makefiles, runs *cmake* to create the MSVC -project files and then runs *msbuild* to compile E-MailRelay. If perl, cmake, -MSVC, Qt and mbedTLS source are installed in the right way then the -*winbuild.bat* batch file should be able to do a complete MSVC release build -in one go. +or mingw-w64. -For MinGW cross-builds use *./configure.sh -m* and *make* on a Linux box and +For MSVC builds there is a perl script (\ *winbuild.pl*\ ) that creates *cmake* +files from the autotools makefiles, runs *cmake* to create the MSVC project +files and then runs *msbuild* to compile E-MailRelay. If perl, cmake, MSVC, Qt +and mbedTLS source are installed in the right way then the *winbuild.bat* batch +file should be able to do a complete MSVC release build in one go. After that +the *winbuild-install.bat* batch file can be used to create a distribution. + +When building for a public release the E-MailRelay setup program should be +statically linked and copied into the distribution created by *winbuild.pl*. +This requires a static build of Qt: edit *msvc-desktop.conf* to use */MT*; +run *configure.bat* with *-static -release*; run *nmake -f Makefile* for +*release* then *install*. Then build the E-MailRelay GUI using +\ *emailrelay-gui.pro*\ : *qmake CONFIG+='win static' emailrelay-gui.pro*; +then *mc messages.mc*; then copy *emailrelay-icon.ico*; and finally +\ *nmake -f Makefile.Release*\ . + +For MinGW cross-builds use *./configure.sh -w64* and *make* on a Linux box and copy the built executables and the MinGW run-time to the target. Any extra run-time files can be identified by running *dumpbin /dependents* in the normal way. @@ -218,11 +265,12 @@ On Windows E-MailRelay is packaged as a zip file containing the executables again, and while this duplication is not ideal it is at least straightforward. The Qt tool *windeployqt* is used to add run-time dependencies, such as the -Qt DLLs. +platform DLL. (Public releases of Windows builds are normally statically linked, +so many of the DLLs added by *windeployqt* are not needed.) -To target ancient versions of Windows start with a cross-build using MinGW; -then *winbuild.pl mingw* can be used to assemble a slimmed-down package for -distribution. +To target ancient versions of Windows start with a cross-build using MinGW +for 32-bit (\ *./configure.sh -w32*\ ); then *winbuild.pl mingw* can be used to +assemble a slimmed-down package for distribution. Unix packaging ============== @@ -241,10 +289,13 @@ from the *translations* sub-directory (relative to the executable), although that can be overridden with the *--qm* command-line option. Qt's *-reverse* option can also be used to reverse the widgets when using RTL languages. -The non-GUI code has minimal i18n support using gettext(), mostly for startup -error messages and usage help. This is disabled by default and requires a -configure-script option (\ *--with-gettext*\ ) to enable it at build-time and -a *--localedir* option at run-time. See also *po/Makefile.am*. +The non-GUI code has some i18n support by using gettext() via the inline txt() +and tx() functions defined in *src/glib/ggettext.h*. The configure script +detects gettext support in the C run-time library, but without trying different +compile and link options. See also *po/Makefile.am*. + +On Windows the main server executable has a tabbed dialog-box as its user +interface, but that does not have any support for i18n. Source control ============== @@ -255,6 +306,7 @@ copy can be checked out as follows: $ svn co https://svn.code.sf.net/p/emailrelay/code/trunk emailrelay + Compile-time features ===================== Compile-time features can be selected with options passed to the *configure* @@ -277,4 +329,4 @@ Use *./configure --help* to see a complete list of options. .. _SMTP: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol .. _TLS: https://en.wikipedia.org/wiki/Transport_Layer_Security -.. footer:: Copyright (C) 2001-2022 Graeme Walker +.. footer:: Copyright (C) 2001-2023 Graeme Walker diff --git a/doc/developer.txt b/doc/developer.txt index d476384..85b5029 100644 --- a/doc/developer.txt +++ b/doc/developer.txt @@ -4,27 +4,16 @@ E-MailRelay Developer Guide Principles ---------- The main principles in the design of E-MailRelay can be summarised as: +* Functionality without imposing policy * Minimal third-party dependencies * Windows/Unix portability without #ifdefs * Event-driven, non-blocking, single-threaded networking code -* Functionality without imposing policy - -Dependencies ------------- -E-MailRelay started life at a time when Linux had no decent package manager and -Windows was in the grip of DLL hell. As a result, a key principle is that it -has no dependencies other than a good C++ run-time. Since that time OpenSSL -has been introduced as a dependency to support TLS encryption, and the optional -configuration and installation GUI has been developed using the Qt toolkit. - -In those early years multi-threading support in C++ libraries was poor, so up -until version 2.0 the code was single-threaded throughout, and multi-threading -is still optional. +* Multi-threading optional Portability ----------- -The E-MailRelay code is now written in C++11. Earlier versions of E-MailRelay -used C++03. +The E-MailRelay code is written in C++11. Earlier versions of E-MailRelay used +C++03. The header files "gdef.h" in "src/glib" is used to fix up some compiler portability issues such as missing standard types, non-standard system headers @@ -50,19 +39,19 @@ connections simultaneously from a single thread, and even if multi-threading is disabled at build-time the only blocking occurs when external programs are executed (see "--filter" and "--address-verifier"). +The advantages of a non-blocking event model are discussed in the well-known +*C10K Problem* [http://www.kegel.com/c10k.html] document. + This event model can make the code more complicated than the equivalent multi-threaded approach since (for example) it is not possible to wait for a complete line of input to be received from a remote SMTP client because there might be other connections that need servicing half way through. -The advantages of a non-blocking event model are discussed in the well-known -*C10K Problem* [http://www.kegel.com/c10k.html] document. - At higher levels the C++ slot/signal design pattern is used to propagate events between objects (not to be confused with operating system signals). The slot/signal implementation has been simplified compared to Qt or boost by not supporting signal multicasting, so each signal connects to no more than one -slot. +slot. The implementation now uses std::function. The synchronous slot/signal pattern needs some care when when the signalling object gets destructed as a side-effect of raising a signal, and that situation @@ -90,11 +79,20 @@ The main C++ libraries in the E-MailRelay code base are as follows: Implements various authentication mechanisms. # "gsmtp" - SMTP protocol and message-store classes. + SMTP protocol classes. # "gpop" POP3 protocol classes. +# "gstore" + Message store classes. + +# "gfilters" + Built-in filters. + +# "gverifiers" + Built-in address verifiers. + All of these libraries are portable between Unix-like systems and Windows. Under Windows there is an additional library under "src/win32" for the user @@ -122,14 +120,19 @@ pattern is used whereby the forwarding class uses an instance of the storage class to do the message storing and filtering, while adding in an instance of the "GSmtp::Client" class to do the forwarding. -Message filtering ("--filter") is implemented via an abstract "Filter" -interface. Concrete implementations are provided for doing nothing, running an -external executable program and talking to an external network server. +Message filtering ("--filter") is implemented via an abstract "GSmtp::Filter" +interface. Concrete implementations in the "GFilters" namespace are provided for +doing nothing, running an external executable program, talking to an external +network server, etc. -The protocol, processor and message-store interfaces are brought together by the -high-level "GSmtp::Server" and "GSmtp::Client" classes. Dependency injection is -used to create the concrete instances of the "ProtocolMessage" and "Filter" -interfaces. +Address verifiers ("--address-verifier") are implemented via an abstract +"GSmtp::Verifier" interface, with concrete implementations in the "GVerifiers" +namespace. + +The protocol, processor and message-store interfaces are brought together by +the high-level "GSmtp::Server" and "GSmtp::Client" classes. Dependency +injection is used to create the concrete instances of the "MessageStore", +"Filter" and "Verifier" interfaces. Event handling and exceptions ----------------------------- @@ -141,34 +144,36 @@ because it is not possible to put a single catch block around a particular high-level feature. The event loop delivers asynchronous socket events to the "EventHandler" -interface, timer events to the "TimerBase" interface, and 'future' events to the -"FutureEventCallback" interface. If any of the these event handlers throws an -exception then the event loop catches it and delivers it back to an exception -handler through the "onException()" method of an associated "ExceptionHandler" -interface. If an exception is thrown out of _this_ callback then the event loop -code lets it propagate back to "main()", typically terminating the program. +interface, timer events to the "TimerBase" interface, and 'future' events to +the "FutureEventCallback" interface. If any of the these event handlers throws +an exception then the event loop catches it and delivers it back to an +exception handler through the "onException()" method of an associated +"ExceptionHandler" interface. If an exception is thrown out of _this_ callback +then the event loop code lets it propagate back to "main()", typically +terminating the program. However, sometimes there are objects that need to be more resilient to exceptions. In particular, a network server should not terminate just because one of its connections fails unexpectedly. In these cases the owning parent -object receives the exception notification together with a pointer that -identifies the child object that threw the exception (ie. the exception -source). This allows the parent object to absorb the exception and delete the -child, without the exception killing the whole server. +object receives the exception notification together with an "ExceptionSource" +pointer that identifies the child object that threw the exception. This allows +the parent object to absorb the exception and delete the child, without the +exception killing the whole server. -Event sources in the event loop are held as a file descriptor, a windows event -handle, an EventHandler pointer, an ExceptionHandler pointer and an -ExceptionSource pointer. The first two together are known as a Descriptor, and -the last two together are known as an ExceptionSink. +Event sources in the event loop are typically held as a file descriptor and a +windows event handle, together known as a "Descriptor". Event loop +implementations typically watch a set of Descriptors for events and call the +relevant EventHandler/ExceptionHandler code via the "EventEmitter" class. Multi-threading --------------- -Multi-threading can be used as a build-time option to make DNS lookup and the -execution of helper programs asynchronous; if enabled then std::thread is -used in a future/promise pattern to wrap up "getaddrinfo()" and "waitpid()" -system calls. The shared state comprises only the parameters and return results -from these system calls, and synchronisation back to the main thread uses the -event loop (see "GNet::FutureEvent"). +Multi-threading is used to make DNS lookup and external program asynchronous so +unless disabled at build-time std::thread is used in a future/promise pattern to +wrap up "getaddrinfo()" and "waitpid()" system calls. The shared state comprises +only the parameters and return results from these system calls, and +synchronisation back to the main thread uses the main event loop (see +"GNet::FutureEvent"). Threading is not used elsewhere so the C/C++ run-time +library does not need to be thread-safe. E-MailRelay GUI --------------- @@ -196,21 +201,39 @@ When run in configure mode the GUI normally ends up simply editing the When run in install mode the GUI expects to unpack all the E-MailRelay files from the payload into target directories. The payload is a simple directory -tree that lives alongside the GUI exectuable or inside the Mac application +tree that lives alongside the GUI executable or inside the Mac application bundle, and it contains a configuration file to tell the installer where to copy its files. +When building the GUI program the library code shared with the main server +executable is compiled separately so that different GUI-specific compiler +options can be used. This is done as a 'unity build', concatenating the shared +code into one source file and compiling that for the GUI. (This technique +requires that private 'detail' namespaces are named rather than anonymous so +that there cannot be any name clashes within the combined anonymous namespace.) + Windows build ------------- E-MailRelay can be compiled on Windows using Microsoft Visual Studio C++ (MSVC) -or mingw-w64. For MSVC builds there is a perl script ("winbuild.pl") that creates -"cmake" files from the autotools makefiles, runs "cmake" to create the MSVC -project files and then runs "msbuild" to compile E-MailRelay. If perl, cmake, -MSVC, Qt and mbedTLS source are installed in the right way then the -"winbuild.bat" batch file should be able to do a complete MSVC release build -in one go. +or mingw-w64. -For MinGW cross-builds use "./configure.sh -m" and "make" on a Linux box and +For MSVC builds there is a perl script ("winbuild.pl") that creates "cmake" +files from the autotools makefiles, runs "cmake" to create the MSVC project +files and then runs "msbuild" to compile E-MailRelay. If perl, cmake, MSVC, Qt +and mbedTLS source are installed in the right way then the "winbuild.bat" batch +file should be able to do a complete MSVC release build in one go. After that +the "winbuild-install.bat" batch file can be used to create a distribution. + +When building for a public release the E-MailRelay setup program should be +statically linked and copied into the distribution created by "winbuild.pl". +This requires a static build of Qt: edit "msvc-desktop.conf" to use "/MT"; +run "configure.bat" with "-static -release"; run "nmake -f Makefile" for +"release" then "install". Then build the E-MailRelay GUI using +"emailrelay-gui.pro": "qmake CONFIG+='win static' emailrelay-gui.pro"; +then "mc messages.mc"; then copy "emailrelay-icon.ico"; and finally +"nmake -f Makefile.Release". + +For MinGW cross-builds use "./configure.sh -w64" and "make" on a Linux box and copy the built executables and the MinGW run-time to the target. Any extra run-time files can be identified by running "dumpbin /dependents" in the normal way. @@ -223,11 +246,12 @@ On Windows E-MailRelay is packaged as a zip file containing the executables again, and while this duplication is not ideal it is at least straightforward. The Qt tool "windeployqt" is used to add run-time dependencies, such as the -Qt DLLs. +platform DLL. (Public releases of Windows builds are normally statically linked, +so many of the DLLs added by "windeployqt" are not needed.) -To target ancient versions of Windows start with a cross-build using MinGW; -then "winbuild.pl mingw" can be used to assemble a slimmed-down package for -distribution. +To target ancient versions of Windows start with a cross-build using MinGW +for 32-bit ("./configure.sh -w32"); then "winbuild.pl mingw" can be used to +assemble a slimmed-down package for distribution. Unix packaging -------------- @@ -246,10 +270,13 @@ from the "translations" sub-directory (relative to the executable), although that can be overridden with the "--qm" command-line option. Qt's "-reverse" option can also be used to reverse the widgets when using RTL languages. -The non-GUI code has minimal i18n support using gettext(), mostly for startup -error messages and usage help. This is disabled by default and requires a -configure-script option ("--with-gettext") to enable it at build-time and -a "--localedir" option at run-time. See also "po/Makefile.am". +The non-GUI code has some i18n support by using gettext() via the inline txt() +and tx() functions defined in "src/glib/ggettext.h". The configure script +detects gettext support in the C run-time library, but without trying different +compile and link options. See also "po/Makefile.am". + +On Windows the main server executable has a tabbed dialog-box as its user +interface, but that does not have any support for i18n. Source control -------------- @@ -275,4 +302,4 @@ Use "./configure --help" to see a complete list of options. _____________________________________ -Copyright (C) 2001-2022 Graeme Walker +Copyright (C) 2001-2023 Graeme Walker diff --git a/doc/doxygen-missing.html b/doc/doxygen-missing.html index 2d4a467..af95dfd 100644 --- a/doc/doxygen-missing.html +++ b/doc/doxygen-missing.html @@ -11,4 +11,4 @@ - + diff --git a/doc/doxygen.cfg.in b/doc/doxygen.cfg.in index 20ca8bb..ff8cd0f 100644 --- a/doc/doxygen.cfg.in +++ b/doc/doxygen.cfg.in @@ -1,4 +1,4 @@ -# Doxyfile 1.8.15 +# Doxyfile 1.9.1 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. @@ -197,6 +197,16 @@ SHORT_NAMES = NO JAVADOC_AUTOBRIEF = YES +# If the JAVADOC_BANNER tag is set to YES then doxygen will interpret a line +# such as +# /*************** +# as being the beginning of a Javadoc-style comment "banner". If set to NO, the +# Javadoc-style will behave just like regular comments and it will not be +# interpreted by doxygen. +# The default value is: NO. + +JAVADOC_BANNER = NO + # If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first # line (until the first dot) of a Qt-style comment as the brief description. If # set to NO, the Qt-style will behave just like regular Qt-style comments (thus @@ -217,6 +227,14 @@ QT_AUTOBRIEF = NO MULTILINE_CPP_IS_BRIEF = NO +# By default Python docstrings are displayed as preformatted text and doxygen's +# special commands cannot be used. By setting PYTHON_DOCSTRING to NO the +# doxygen's special commands can be used and the contents of the docstring +# documentation blocks is shown as doxygen documentation. +# The default value is: YES. + +PYTHON_DOCSTRING = YES + # If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the # documentation from any documented member that it re-implements. # The default value is: YES. @@ -253,12 +271,6 @@ TAB_SIZE = 4 ALIASES = -# This tag can be used to specify a number of word-keyword mappings (TCL only). -# A mapping has the form "name=value". For example adding "class=itcl::class" -# will allow you to use the command class in the itcl::class meaning. - -TCL_SUBST = - # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources # only. Doxygen will then generate output that is more tailored for C. For # instance, some of the names that are used will be different. The list of all @@ -299,19 +311,22 @@ OPTIMIZE_OUTPUT_SLICE = NO # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, and -# language is one of the parsers supported by doxygen: IDL, Java, Javascript, -# Csharp (C#), C, C++, D, PHP, md (Markdown), Objective-C, Python, Slice, +# language is one of the parsers supported by doxygen: IDL, Java, JavaScript, +# Csharp (C#), C, C++, D, PHP, md (Markdown), Objective-C, Python, Slice, VHDL, # Fortran (fixed format Fortran: FortranFixed, free formatted Fortran: # FortranFree, unknown formatted Fortran: Fortran. In the later case the parser # tries to guess whether the code is fixed or free formatted code, this is the -# default for Fortran type files), VHDL, tcl. For instance to make doxygen treat -# .inc files as Fortran files (default is PHP), and .f files as C (default is -# Fortran), use: inc=Fortran f=C. +# default for Fortran type files). For instance to make doxygen treat .inc files +# as Fortran files (default is PHP), and .f files as C (default is Fortran), +# use: inc=Fortran f=C. # # Note: For files without extension you can use no_extension as a placeholder. # # Note that for custom extensions you also need to set FILE_PATTERNS otherwise -# the files are not read by doxygen. +# the files are not read by doxygen. When specifying no_extension you should add +# * to the FILE_PATTERNS. +# +# Note see also the list of default file extension mappings. EXTENSION_MAPPING = @@ -329,10 +344,10 @@ MARKDOWN_SUPPORT = YES # to that level are automatically included in the table of contents, even if # they do not have an id attribute. # Note: This feature currently applies only to Markdown headings. -# Minimum value: 0, maximum value: 99, default value: 0. +# Minimum value: 0, maximum value: 99, default value: 5. # This tag requires that the tag MARKDOWN_SUPPORT is set to YES. -TOC_INCLUDE_HEADINGS = 0 +TOC_INCLUDE_HEADINGS = 5 # When enabled doxygen tries to link words that correspond to documented # classes, or namespaces to their corresponding documentation. Such a link can @@ -445,6 +460,19 @@ TYPEDEF_HIDES_STRUCT = NO LOOKUP_CACHE_SIZE = 0 +# The NUM_PROC_THREADS specifies the number threads doxygen is allowed to use +# during processing. When set to 0 doxygen will based this on the number of +# cores available in the system. You can set it explicitly to a value larger +# than 0 to get more control over the balance between CPU load and processing +# speed. At this moment only the input processing can be done using multiple +# threads. Since this is still an experimental feature the default is set to 1, +# which efficively disables parallel processing. Please report any issues you +# encounter. Generating dot graphs in parallel is controlled by the +# DOT_NUM_THREADS setting. +# Minimum value: 0, maximum value: 32, default value: 1. + +NUM_PROC_THREADS = 1 + #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- @@ -465,6 +493,12 @@ EXTRACT_ALL = NO EXTRACT_PRIVATE = NO +# If the EXTRACT_PRIV_VIRTUAL tag is set to YES, documented private virtual +# methods of a class will be included in the documentation. +# The default value is: NO. + +EXTRACT_PRIV_VIRTUAL = NO + # If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal # scope will be included in the documentation. # The default value is: NO. @@ -502,6 +536,13 @@ EXTRACT_LOCAL_METHODS = NO EXTRACT_ANON_NSPACES = NO +# If this flag is set to YES, the name of an unnamed parameter in a declaration +# will be determined by the corresponding definition. By default unnamed +# parameters remain unnamed in the output. +# The default value is: YES. + +RESOLVE_UNNAMED_PARAMS = YES + # If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all # undocumented members inside documented classes or files. If set to NO these # members will be included in the various overviews, but no documentation @@ -519,8 +560,8 @@ HIDE_UNDOC_MEMBERS = NO HIDE_UNDOC_CLASSES = NO # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend -# (class|struct|union) declarations. If set to NO, these declarations will be -# included in the documentation. +# declarations. If set to NO, these declarations will be included in the +# documentation. # The default value is: NO. HIDE_FRIEND_COMPOUNDS = NO @@ -539,11 +580,18 @@ HIDE_IN_BODY_DOCS = NO INTERNAL_DOCS = NO -# If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file -# names in lower-case letters. If set to YES, upper-case letters are also -# allowed. This is useful if you have classes or files whose names only differ -# in case and if your file system supports case sensitive file names. Windows -# and Mac users are advised to set this option to NO. +# With the correct setting of option CASE_SENSE_NAMES doxygen will better be +# able to match the capabilities of the underlying filesystem. In case the +# filesystem is case sensitive (i.e. it supports files in the same directory +# whose names only differ in casing), the option must be set to YES to properly +# deal with such files in case they appear in the input. For filesystems that +# are not case sensitive the option should be be set to NO to properly deal with +# output files written for symbols that only differ in casing, such as for two +# classes, one named CLASS and the other named Class, and to also support +# references to files without having to specify the exact matching casing. On +# Windows (including Cygwin) and MacOS, users should typically set this option +# to NO, whereas on Linux or other Unix flavors it should typically be set to +# YES. # The default value is: system dependent. CASE_SENSE_NAMES = YES @@ -782,7 +830,10 @@ WARN_IF_DOC_ERROR = YES WARN_NO_PARAMDOC = NO # If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when -# a warning is encountered. +# a warning is encountered. If the WARN_AS_ERROR tag is set to FAIL_ON_WARNINGS +# then doxygen will continue running as if WARN_AS_ERROR tag is set to NO, but +# at the end of the doxygen process doxygen will return with a non-zero status. +# Possible values are: NO, YES and FAIL_ON_WARNINGS. # The default value is: NO. WARN_AS_ERROR = NO @@ -813,13 +864,13 @@ WARN_LOGFILE = # spaces. See also FILE_PATTERNS and EXTENSION_MAPPING # Note: If this tag is empty the current directory is searched. -INPUT = __TOP_SRC__/src/glib __TOP_SRC__/src/gssl __TOP_SRC__/src/gnet __TOP_SRC__/src/gauth __TOP_SRC__/src/gsmtp __TOP_SRC__/src/gpop __TOP_SRC__/src/main/doxygen.h +INPUT = __TOP_SRC__/src/glib __TOP_SRC__/src/gssl __TOP_SRC__/src/gnet __TOP_SRC__/src/gauth __TOP_SRC__/src/gverifiers __TOP_SRC__/src/gfilters __TOP_SRC__/src/gstore __TOP_SRC__/src/gsmtp __TOP_SRC__/src/gpop __TOP_SRC__/src/main/doxygen.h # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses # libiconv (or the iconv built into libc) for the transcoding. See the libiconv -# documentation (see: https://www.gnu.org/software/libiconv/) for the list of -# possible encodings. +# documentation (see: +# https://www.gnu.org/software/libiconv/) for the list of possible encodings. # The default value is: UTF-8. INPUT_ENCODING = UTF-8 @@ -832,11 +883,15 @@ INPUT_ENCODING = UTF-8 # need to set EXTENSION_MAPPING for the extension otherwise the files are not # read by doxygen. # +# Note the list of default checked file patterns might differ from the list of +# default file extension mappings. +# # If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp, # *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, # *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, -# *.m, *.markdown, *.md, *.mm, *.dox, *.py, *.pyw, *.f90, *.f95, *.f03, *.f08, -# *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf, *.qsf and *.ice. +# *.m, *.markdown, *.md, *.mm, *.dox (to be provided as doxygen C comment), +# *.py, *.pyw, *.f90, *.f95, *.f03, *.f08, *.f18, *.f, *.for, *.vhd, *.vhdl, +# *.ucf, *.qsf and *.ice. FILE_PATTERNS = *.h *.cpp @@ -1050,6 +1105,44 @@ USE_HTAGS = NO VERBATIM_HEADERS = YES +# If the CLANG_ASSISTED_PARSING tag is set to YES then doxygen will use the +# clang parser (see: +# http://clang.llvm.org/) for more accurate parsing at the cost of reduced +# performance. This can be particularly helpful with template rich C++ code for +# which doxygen's built-in parser lacks the necessary type information. +# Note: The availability of this option depends on whether or not doxygen was +# generated with the -Duse_libclang=ON option for CMake. +# The default value is: NO. + +CLANG_ASSISTED_PARSING = NO + +# If clang assisted parsing is enabled and the CLANG_ADD_INC_PATHS tag is set to +# YES then doxygen will add the directory of each input to the include path. +# The default value is: YES. + +CLANG_ADD_INC_PATHS = YES + +# If clang assisted parsing is enabled you can provide the compiler with command +# line options that you would normally use when invoking the compiler. Note that +# the include paths will already be set by doxygen for the files and directories +# specified with INPUT and INCLUDE_PATH. +# This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES. + +CLANG_OPTIONS = + +# If clang assisted parsing is enabled you can provide the clang parser with the +# path to the directory containing a file called compile_commands.json. This +# file is the compilation database (see: +# http://clang.llvm.org/docs/HowToSetupToolingForLLVM.html) containing the +# options used when the source files were built. This is equivalent to +# specifying the -p option to a clang tool, such as clang-check. These options +# will then be passed to the parser. Any options specified with CLANG_OPTIONS +# will be added as well. +# Note: The availability of this option depends on whether or not doxygen was +# generated with the -Duse_libclang=ON option for CMake. + +CLANG_DATABASE_PATH = + #--------------------------------------------------------------------------- # Configuration options related to the alphabetical class index #--------------------------------------------------------------------------- @@ -1061,13 +1154,6 @@ VERBATIM_HEADERS = YES ALPHABETICAL_INDEX = YES -# The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in -# which the alphabetical index list will be split. -# Minimum value: 1, maximum value: 20, default value: 5. -# This tag requires that the tag ALPHABETICAL_INDEX is set to YES. - -COLS_IN_ALPHA_INDEX = 5 - # In case all classes in a project start with a common prefix, all classes will # be put under the same header in the alphabetical index. The IGNORE_PREFIX tag # can be used to specify a prefix (or a list of prefixes) that should be ignored @@ -1206,9 +1292,9 @@ HTML_TIMESTAMP = NO # If the HTML_DYNAMIC_MENUS tag is set to YES then the generated HTML # documentation will contain a main index with vertical navigation menus that -# are dynamically created via Javascript. If disabled, the navigation index will +# are dynamically created via JavaScript. If disabled, the navigation index will # consists of multiple levels of tabs that are statically embedded in every HTML -# page. Disable this option to support browsers that do not have Javascript, +# page. Disable this option to support browsers that do not have JavaScript, # like the Qt help browser. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. @@ -1238,10 +1324,11 @@ HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files will be # generated that can be used as input for Apple's Xcode 3 integrated development -# environment (see: https://developer.apple.com/xcode/), introduced with OSX -# 10.5 (Leopard). To create a documentation set, doxygen will generate a -# Makefile in the HTML output directory. Running make will produce the docset in -# that directory and running make install will install the docset in +# environment (see: +# https://developer.apple.com/xcode/), introduced with OSX 10.5 (Leopard). To +# create a documentation set, doxygen will generate a Makefile in the HTML +# output directory. Running make will produce the docset in that directory and +# running make install will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at # startup. See https://developer.apple.com/library/archive/featuredarticles/Doxy # genXcode/_index.html for more information. @@ -1283,8 +1370,8 @@ DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three # additional HTML index files: index.hhp, index.hhc, and index.hhk. The # index.hhp is a project file that can be read by Microsoft's HTML Help Workshop -# (see: https://www.microsoft.com/en-us/download/details.aspx?id=21138) on -# Windows. +# (see: +# https://www.microsoft.com/en-us/download/details.aspx?id=21138) on Windows. # # The HTML Help Workshop contains a compiler that can convert all HTML output # generated by doxygen into a single compiled HTML file (.chm). Compiled HTML @@ -1314,7 +1401,7 @@ CHM_FILE = HHC_LOCATION = # The GENERATE_CHI flag controls if a separate .chi index file is generated -# (YES) or that it should be included in the master .chm file (NO). +# (YES) or that it should be included in the main .chm file (NO). # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. @@ -1359,7 +1446,8 @@ QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help # Project output. For more information please see Qt Help Project / Namespace -# (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#namespace). +# (see: +# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#namespace). # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_QHP is set to YES. @@ -1367,8 +1455,8 @@ QHP_NAMESPACE = org.doxygen.Project # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt # Help Project output. For more information please see Qt Help Project / Virtual -# Folders (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#virtual- -# folders). +# Folders (see: +# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#virtual-folders). # The default value is: doc. # This tag requires that the tag GENERATE_QHP is set to YES. @@ -1376,30 +1464,30 @@ QHP_VIRTUAL_FOLDER = doc # If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom # filter to add. For more information please see Qt Help Project / Custom -# Filters (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom- -# filters). +# Filters (see: +# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom-filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_NAME = # The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see Qt Help Project / Custom -# Filters (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom- -# filters). +# Filters (see: +# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom-filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's filter section matches. Qt Help Project / Filter Attributes (see: -# http://doc.qt.io/archives/qt-4.8/qthelpproject.html#filter-attributes). +# https://doc.qt.io/archives/qt-4.8/qthelpproject.html#filter-attributes). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_SECT_FILTER_ATTRS = -# The QHG_LOCATION tag can be used to specify the location of Qt's -# qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the -# generated .qhp file. +# The QHG_LOCATION tag can be used to specify the location (absolute path +# including file name) of Qt's qhelpgenerator. If non-empty doxygen will try to +# run qhelpgenerator on the generated .qhp file. # This tag requires that the tag GENERATE_QHP is set to YES. QHG_LOCATION = @@ -1476,6 +1564,17 @@ TREEVIEW_WIDTH = 100 EXT_LINKS_IN_WINDOW = NO +# If the HTML_FORMULA_FORMAT option is set to svg, doxygen will use the pdf2svg +# tool (see https://github.com/dawbarton/pdf2svg) or inkscape (see +# https://inkscape.org) to generate formulas as SVG images instead of PNGs for +# the HTML output. These images will generally look nicer at scaled resolutions. +# Possible values are: png (the default) and svg (looks nicer but requires the +# pdf2svg or inkscape tool). +# The default value is: png. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_FORMULA_FORMAT = png + # Use this tag to change the font size of LaTeX formulas included as images in # the HTML documentation. When you change the font size after a successful # doxygen run you need to manually remove any form_*.png images from the HTML @@ -1496,8 +1595,14 @@ FORMULA_FONTSIZE = 10 FORMULA_TRANSPARENT = YES +# The FORMULA_MACROFILE can contain LaTeX \newcommand and \renewcommand commands +# to create new LaTeX commands to be used in formulas as building blocks. See +# the section "Including formulas" for details. + +FORMULA_MACROFILE = + # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see -# https://www.mathjax.org) which uses client side Javascript for the rendering +# https://www.mathjax.org) which uses client side JavaScript for the rendering # instead of using pre-rendered bitmaps. Use this if you do not have LaTeX # installed or if you want to formulas look prettier in the HTML output. When # enabled you may also need to install MathJax separately and configure the path @@ -1509,7 +1614,7 @@ USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # the MathJax output. See the MathJax site (see: -# http://docs.mathjax.org/en/latest/output.html) for more details. +# http://docs.mathjax.org/en/v2.7-latest/output.html) for more details. # Possible values are: HTML-CSS (which is slower, but has the best # compatibility), NativeMML (i.e. MathML) and SVG. # The default value is: HTML-CSS. @@ -1525,10 +1630,10 @@ MATHJAX_FORMAT = HTML-CSS # Content Delivery Network so you can quickly see the result without installing # MathJax. However, it is strongly recommended to install a local copy of # MathJax from https://www.mathjax.org before deployment. -# The default value is: https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/. +# The default value is: https://cdn.jsdelivr.net/npm/mathjax@2. # This tag requires that the tag USE_MATHJAX is set to YES. -MATHJAX_RELPATH = https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/ +MATHJAX_RELPATH = https://cdn.jsdelivr.net/npm/mathjax@2 # The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax # extension names that should be enabled during MathJax rendering. For example @@ -1539,7 +1644,8 @@ MATHJAX_EXTENSIONS = # The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces # of code that will be used on startup of the MathJax code. See the MathJax site -# (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an +# (see: +# http://docs.mathjax.org/en/v2.7-latest/output.html) for more details. For an # example see the documentation. # This tag requires that the tag USE_MATHJAX is set to YES. @@ -1567,7 +1673,7 @@ MATHJAX_CODEFILE = SEARCHENGINE = YES # When the SERVER_BASED_SEARCH tag is enabled the search engine will be -# implemented using a web server instead of a web client using Javascript. There +# implemented using a web server instead of a web client using JavaScript. There # are two flavors of web server based searching depending on the EXTERNAL_SEARCH # setting. When disabled, doxygen will generate a PHP script for searching and # an index file used by the script. When EXTERNAL_SEARCH is enabled the indexing @@ -1586,7 +1692,8 @@ SERVER_BASED_SEARCH = NO # # Doxygen ships with an example indexer (doxyindexer) and search engine # (doxysearch.cgi) which are based on the open source search engine library -# Xapian (see: https://xapian.org/). +# Xapian (see: +# https://xapian.org/). # # See the section "External Indexing and Searching" for details. # The default value is: NO. @@ -1599,8 +1706,9 @@ EXTERNAL_SEARCH = NO # # Doxygen ships with an example indexer (doxyindexer) and search engine # (doxysearch.cgi) which are based on the open source search engine library -# Xapian (see: https://xapian.org/). See the section "External Indexing and -# Searching" for details. +# Xapian (see: +# https://xapian.org/). See the section "External Indexing and Searching" for +# details. # This tag requires that the tag SEARCHENGINE is set to YES. SEARCHENGINE_URL = @@ -1671,13 +1779,14 @@ LATEX_CMD_NAME = MAKEINDEX_CMD_NAME = makeindex # The LATEX_MAKEINDEX_CMD tag can be used to specify the command name to -# generate index for LaTeX. +# generate index for LaTeX. In case there is no backslash (\) as first character +# it will be automatically added in the LaTeX code. # Note: This tag is used in the generated output file (.tex). # See also: MAKEINDEX_CMD_NAME for the part in the Makefile / make.bat. -# The default value is: \makeindex. +# The default value is: makeindex. # This tag requires that the tag GENERATE_LATEX is set to YES. -LATEX_MAKEINDEX_CMD = \makeindex +LATEX_MAKEINDEX_CMD = makeindex # If the COMPACT_LATEX tag is set to YES, doxygen generates more compact LaTeX # documents. This may be useful for small projects and may help to save some @@ -1763,9 +1872,11 @@ LATEX_EXTRA_FILES = PDF_HYPERLINKS = YES -# If the USE_PDFLATEX tag is set to YES, doxygen will use pdflatex to generate -# the PDF file directly from the LaTeX files. Set this option to YES, to get a -# higher quality PDF documentation. +# If the USE_PDFLATEX tag is set to YES, doxygen will use the engine as +# specified with LATEX_CMD_NAME to generate the PDF file directly from the LaTeX +# files. Set this option to YES, to get a higher quality PDF documentation. +# +# See also section LATEX_CMD_NAME for selecting the engine. # The default value is: YES. # This tag requires that the tag GENERATE_LATEX is set to YES. @@ -2166,12 +2277,6 @@ EXTERNAL_GROUPS = YES EXTERNAL_PAGES = YES -# The PERL_PATH should be the absolute path and name of the perl script -# interpreter (i.e. the result of 'which perl'). -# The default file (with absolute path) is: /usr/bin/perl. - -PERL_PATH = /usr/bin/perl - #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- @@ -2185,15 +2290,6 @@ PERL_PATH = /usr/bin/perl CLASS_DIAGRAMS = YES -# You can define message sequence charts within doxygen comments using the \msc -# command. Doxygen will then run the mscgen tool (see: -# http://www.mcternan.me.uk/mscgen/)) to produce the chart and insert it in the -# documentation. The MSCGEN_PATH tag allows you to specify the directory where -# the mscgen tool resides. If left empty the tool is assumed to be found in the -# default search path. - -MSCGEN_PATH = - # You can include diagrams made with dia in doxygen documentation. Doxygen will # then run dia to produce the diagram and insert it in the documentation. The # DIA_PATH tag allows you to specify the directory where the dia binary resides. @@ -2212,9 +2308,9 @@ HIDE_UNDOC_RELATIONS = YES # http://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent # Bell Labs. The other options in this section have no effect if this option is # set to NO -# The default value is: NO. +# The default value is: YES. -HAVE_DOT = NO +HAVE_DOT = YES # The DOT_NUM_THREADS specifies the number of dot invocations doxygen is allowed # to run in parallel. When set to 0 doxygen will base this on the number of @@ -2291,10 +2387,32 @@ UML_LOOK = NO # but if the number exceeds 15, the total amount of fields shown is limited to # 10. # Minimum value: 0, maximum value: 100, default value: 10. -# This tag requires that the tag HAVE_DOT is set to YES. +# This tag requires that the tag UML_LOOK is set to YES. UML_LIMIT_NUM_FIELDS = 10 +# If the DOT_UML_DETAILS tag is set to NO, doxygen will show attributes and +# methods without types and arguments in the UML graphs. If the DOT_UML_DETAILS +# tag is set to YES, doxygen will add type and arguments for attributes and +# methods in the UML graphs. If the DOT_UML_DETAILS tag is set to NONE, doxygen +# will not generate fields with class member information in the UML graphs. The +# class diagrams will look similar to the default class diagrams but using UML +# notation for the relationships. +# Possible values are: NO, YES and NONE. +# The default value is: NO. +# This tag requires that the tag UML_LOOK is set to YES. + +DOT_UML_DETAILS = NO + +# The DOT_WRAP_THRESHOLD tag can be used to set the maximum number of characters +# to display on a single line. If the actual line length exceeds this threshold +# significantly it will wrapped across multiple lines. Some heuristics are apply +# to avoid ugly line breaks. +# Minimum value: 0, maximum value: 1000, default value: 17. +# This tag requires that the tag HAVE_DOT is set to YES. + +DOT_WRAP_THRESHOLD = 17 + # If the TEMPLATE_RELATIONS tag is set to YES then the inheritance and # collaboration graphs will show the relations between templates and their # instances. @@ -2368,7 +2486,9 @@ DIRECTORY_GRAPH = YES # Note: If you choose svg you need to set HTML_FILE_EXTENSION to xhtml in order # to make the SVG files visible in IE 9+ (other browsers do not have this # requirement). -# Possible values are: png, jpg, gif, svg, png:gd, png:gd:gd, png:cairo, +# Possible values are: png, png:cairo, png:cairo:cairo, png:cairo:gd, png:gd, +# png:gd:gd, jpg, jpg:cairo, jpg:cairo:gd, jpg:gd, jpg:gd:gd, gif, gif:cairo, +# gif:cairo:gd, gif:gd, gif:gd:gd, svg, png:gd, png:gd:gd, png:cairo, # png:cairo:gd, png:cairo:cairo, png:cairo:gdiplus, png:gdiplus and # png:gdiplus:gdiplus. # The default value is: png. @@ -2484,9 +2604,11 @@ DOT_MULTI_TARGETS = NO GENERATE_LEGEND = YES -# If the DOT_CLEANUP tag is set to YES, doxygen will remove the intermediate dot +# If the DOT_CLEANUP tag is set to YES, doxygen will remove the intermediate # files that are used to generate the various graphs. +# +# Note: This setting is not only used for dot files but also for msc and +# plantuml temporary files. # The default value is: YES. -# This tag requires that the tag HAVE_DOT is set to YES. DOT_CLEANUP = YES diff --git a/doc/emailrelay-doxygen.css b/doc/emailrelay-doxygen.css index 73f47c1..a287a7e 100644 --- a/doc/emailrelay-doxygen.css +++ b/doc/emailrelay-doxygen.css @@ -1,5 +1,5 @@ /* - Copyright (C) 2001-2022 Graeme Walker + Copyright (C) 2001-2023 Graeme Walker */ /* @@ -36,6 +36,26 @@ pre.fragment { } +pre.fragment a +{ + color: black ; +} + +pre.fragment a:visited +{ + color: black ; +} + +a.option +{ + color: black ; +} + +a.option:visited +{ + color: black ; +} + code { /* font-weight: bold ; */ diff --git a/doc/emailrelay-filter-copy.1 b/doc/emailrelay-filter-copy.1 deleted file mode 100644 index 40f87e6..0000000 --- a/doc/emailrelay-filter-copy.1 +++ /dev/null @@ -1,57 +0,0 @@ -.\" Copyright (C) 2001-2022 Graeme Walker -.\" -.\" This program is free software: you can redistribute it and/or modify -.\" it under the terms of the GNU General Public License as published by -.\" the Free Software Foundation, either version 3 of the License, or -.\" (at your option) any later version. -.\" -.\" This program is distributed in the hope that it will be useful, -.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -.\" GNU General Public License for more details. -.\" -.\" You should have received a copy of the GNU General Public License -.\" along with this program. If not, see . -.TH EMAILRELAY-FILTER-COPY 1 local -.SH NAME -emailrelay-filter-copy \- an emailrelay filter program for pop-by-name -.SH SYNOPSIS -.B emailrelay-filter-copy -.I -.LP -.B emailrelay-filter-copy --d -.I -.LP -.B emailrelay-filter-copy -[--help] -.SH DESCRIPTION -The -.I emailrelay-filter-copy -utility can be used as an -.B E-MailRelay -.I "--filter" -program to copy e-mail messages from the main spool directory into -all available sub-directories. When using the -.I "--pop-by-name" -feature of the -.B E-MailRelay -server this results in messages being copied to all POP clients. -.LP -Only the message envelope is copied; the content file stays in -the main directory. If the envelope is successfully copied to -one or more sub-directories then it is removed from the main -spool directory and it will therefore not be available for SMTP -forwarding. -.LP -When using -.I "-d" -all envelope files in the spool directory are copied to all -sub-directories. This can be used after -.B emailrelay-submit -has deposited an envelope file into the main spool -directory, or perhaps periodically from cron. -.SH SEE ALSO -.BR emailrelay (1), -.SH AUTHOR -Graeme Walker, mailto:graeme_walker@users.sourceforge.net diff --git a/doc/emailrelay-man.html b/doc/emailrelay-man.html index a67f6a8..7890b27 100644 --- a/doc/emailrelay-man.html +++ b/doc/emailrelay-man.html @@ -99,6 +99,10 @@ Displays version information and then exits.

    SMTP client options

    +
    -c, --client-smtp-config <config> + +
    +Configures the SMTP client protocol using a comma-separated list of optional features, including 'pipelining', 'smtputf8strict', 'eightbitstrict' and 'binarymimestrict'.
    -f, --forward
    @@ -135,6 +139,10 @@ Specifies a timeout (in seconds) for receiving network traffic from remote SMTP
    Specifies a timeout (in seconds) for getting responses from remote SMTP servers. The default is 60 seconds. +
    --forward-to-all + +
    +Requires all recipient addresses to be accepted by the remote server before forwarding. This is currently the default behaviour so this option is for forwards compatibility only.
    --forward-to-some
    @@ -159,11 +167,15 @@ Allows incoming connections from addresses that are not local. The default behav
    --address-verifier <program>
    -Runs the specified external program to verify a message recipent's e-mail address. A network verifier can be specified as net:<tcp-address>. +Runs the specified external program to verify a message recipient's e-mail address. A network verifier can be specified as net:<tcp-address>. The account: built-in address verifier can be used to check recipient addresses against the list of local system account names.
    -A, --anonymous, --anonymous=<scope>
    Disables the server's SMTP VRFY command, sends less verbose SMTP greeting and responses, stops Received lines being added to mail message content files, and stops the SMTP client protocol adding AUTH= to the MAIL command. For finer control use a comma-separated list of things to anonymise: vrfy, server, content and/or client, eg. --anonymous=server,content. +
    -s, --delivery-dir <dir> + +
    +Specifies the base directory for mailboxes when delivering messages that have local recipients. This defaults to the main spool directory.
    --dnsbl <config>
    @@ -183,11 +195,15 @@ Specifies a timeout (in seconds) for running a --filter program. The defa
    -I, --interface <ip-address-list>
    -Specifies the IP network addresses or interface names used to bind listening ports. By default listening ports for incoming SMTP, POP and administration connections will bind the 'any' address for IPv4 and for IPv6, ie. 0.0.0.0 and ::. Multiple addresses can be specified by using the option more than once or by using a comma-separated list. Use a prefix of smtp=, pop= or admin= on addresses that should apply only to those types of listening port. Any link-local IPv6 addresses must include a zone name or scope id. Interface names can be used instead of addresses, in which case all the addresses associated with that interface at startup will used for listening. When an interface name is decorated with a -ipv4 or -ipv6 suffix only their IPv4 or IPv6 addresses will be used (eg. ppp0-ipv4). To inherit listening file descriptors from the parent process on unix use a syntax like this: --interface=smtp=fd#3,smtp=fd#4,pop=fd#5. +Specifies the IP network addresses or interface names used to bind listening ports. By default listening ports for incoming SMTP, POP and administration connections will bind the 'any' address for IPv4 and for IPv6, ie. 0.0.0.0 and ::. Multiple addresses can be specified by using the option more than once or by using a comma-separated list. Use a prefix of smtp=, pop= or admin= on addresses that should apply only to those types of listening port. Any link-local IPv6 addresses must include a zone name or scope id. Interface names can be used instead of addresses, in which case all the addresses associated with that interface at startup will used for listening. When an interface name is decorated with a -ipv4 or -ipv6 suffix only their IPv4 or IPv6 addresses will be used (eg. ppp0-ipv4). To inherit listening file descriptors from the parent process on unix use a syntax like this: --interface smtp=fd#3,smtp=fd#4,pop=fd#5.
    -w, --prompt-timeout <time>
    Specifies a timeout (in seconds) for getting the initial prompt from a remote SMTP server. If no prompt is received after this time then the SMTP dialog goes ahead without it. +
    -Z, --server-smtp-config <config> + +
    +Configures the SMTP server protocol using a comma-separated list of optional features, including 'pipelining', 'chunking', 'smtputf8', and 'smtputf8strict'.
    -M, --size <bytes>
    @@ -204,7 +220,7 @@ Enables the POP server, listening by default on port 110, providing access to sp
    -J, --pop-by-name
    -Modifies the spool directory used by the POP server to be a sub-directory with the same name as the POP authentication user-id. This allows multiple POP clients to read the spooled mail messages without interfering with each other, particularly when also using --pop-no-delete. Content files can stay in the main spool directory with only the envelope files copied into user-specific sub-directories. The emailrelay-filter-copy program is a convenient way of doing this when run via --filter. +Modifies the POP server's spool directory to be the sub-directory with the same name as the user-id used for POP authentication. This allows POP clients to see only their own messages after they have been moved into separate sub-directories typically by the built-in deliver: or copy: filters. Content files can remain in the main spool directory to save disk space; they will be deleted by the POP server when it deletes the last matching envelope file.
    -G, --pop-no-delete
    @@ -234,7 +250,7 @@ Enables the terminate command in the administration interface.
    -C, --client-auth <file>
    -Enables SMTP client authentication with the remote server, using the client account details taken from the specified secrets file. The secrets file should normally contain one line that starts with client and that line should have between four and five space-separated fields; the second field is the password encoding (plain or md5), the third is the user-id and the fourth is the password. The user-id is RFC-1891 xtext encoded, and the password is either xtext encoded or generated by emailrelay-passwd. If the remote server does not support SMTP authentication then the SMTP connection will fail. +Enables SMTP client authentication with the remote server, using the client account details taken from the specified secrets file. The secrets file should normally contain one line having between four and five space-separated fields. The first field must be client, the second field is the password type (plain or md5), the third is the xtext-encoded user-id and the fourth is the xtext-encoded password. Alternatively, the user-id and password fields can be Base64 encoded if the second field is plain:b. It is also possible to do without a secrets file and give the Base64 encoded user-id and password directly on the command-line or in the configuration file formatted as plain:<base64-user-id>:<base64-password>. Note that putting these account details on the command-line is not recommended because it will make the password easily visible to all users on the local machine.
    --client-auth-config <config>
    @@ -242,7 +258,7 @@ Configures the SMTP client authentication module using a semicolon-separated lis
    -S, --server-auth <file>
    -Enables SMTP server authentication of remote SMTP clients. Account names and passwords are taken from the specified secrets file. The secrets file should contain lines that have four space-separated fields, starting with server in the first field; the second field is the password encoding (plain or md5), the third is the client user-id and the fourth is the password. The user-id is RFC-1891 xtext encoded, and the password is either xtext encoded or generated by emailrelay-passwd. A special value of /pam can be used for authentication using linux PAM. +Enables SMTP server authentication of remote SMTP clients. Account names and passwords are taken from the specified secrets file. The secrets file should contain lines that have four space-separated fields, starting with server in the first field; the second field is the password encoding (plain or md5), the third is the client user-id and the fourth is the password. The user-id is RFC-1891 xtext encoded, and the password is either xtext encoded or generated by emailrelay-passwd. Alternatively, the username and password can be Base64 encoded if the second field is plain:b. A special value of pam: can be used for authentication using linux PAM.
    --server-auth-config <config>
    @@ -250,7 +266,7 @@ Configures the SMTP server authentication module using a semicolon-separated lis
    -F, --pop-auth <file>
    -Specifies a file containing valid POP account details. The file format is the same as for the SMTP server secrets file, ie. lines starting with server, with user-id and password in the third and fourth fields. A special value of /pam can be used for authentication using linux PAM. +Specifies a file containing valid POP account details. The file format is the same as for the SMTP server secrets file, ie. lines starting with server, with user-id and password in the third and fourth fields. A special value of pam: can be used for authentication using linux PAM.
     

    TLS options

    @@ -279,7 +295,7 @@ Defines the target server hostname in the TLS handshake. With --client-tls-co
    --client-tls-verify <ca-list>
    -Enables verification of the remote SMTP server's certificate against any of the trusted CA certificates in the specified file or directory. In many use cases this should be a file containing just your self-signed root certificate. Specify <default> for the TLS library's default set of trusted CAs. +Enables verification of the remote SMTP server's certificate against any of the trusted CA certificates in the specified file or directory. In many use cases this should be a file containing just your self-signed root certificate. Specify <default> (including the angle brackets) for the TLS library's default set of trusted CAs.
    --client-tls-verify-name <cname>
    @@ -291,7 +307,7 @@ Enables TLS for incoming SMTP and POP connections. SMTP clients can then request
    --server-tls-certificate <pem-file>
    -Defines the TLS certificate file when acting as a SMTP or POP server. This file must contain the server's private key and certificate chain using the PEM file format. Alternatively, use this option twice with the first one specifying the key file and the second the certificate file. Keep the file permissions tight to avoid accidental exposure of the private key. +Defines the TLS certificate file when acting as a SMTP or POP server. This file must contain the server's private key and certificate chain using the PEM file format. Alternatively, use this option twice with the first specifying the key file and the second the certificate file. Keep the file permissions tight to avoid accidental exposure of the private key.
    --server-tls-connection
    @@ -303,7 +319,7 @@ Makes the use of TLS mandatory for any incoming SMTP and POP connections. SMTP c
    --server-tls-verify <ca-list>
    -Enables verification of remote SMTP and POP clients' certificates against any of the trusted CA certificates in the specified file or directory. In many use cases this should be a file containing just your self-signed root certificate. Specify <default> for the TLS library's default set of trusted CAs. +Enables verification of remote SMTP and POP clients' certificates against any of the trusted CA certificates in the specified file or directory. In many use cases this should be a file containing just your self-signed root certificate. Specify <default> (including the angle brackets) for the TLS library's default set of trusted CAs.
    -9, --tls-config <options>
    @@ -340,7 +356,7 @@ Causes the process-id to be written into the specified file when the program sta
    -u, --user <username>
    -When started as root the program switches to a non-privileged effective user-id when idle. This option can be used to define the idle user-id and also the group ownership of new files and sockets. Specify root to disable all user-id switching. Ignored on Windows. +When started as root the program switches to a non-privileged effective user-id when idle or when running external filter scripts and address verifiers. This option can be used to define the non-privileged user-id. It also determines the group ownership of new files and sockets if the directory owner is not 'sticky'. Specify root to disable all user-id switching. Ignored on Windows.  

    Logging options

    @@ -357,7 +373,7 @@ Enables logging to the standard error stream and to the syslog. The --close-s
    -g, --debug
    -Enables debug level logging, if built in. Debug messages are usually only useful when cross-referenced with the source code and they may expose plaintext passwords and mail message content. +Enables debug level logging, if built in. Debug messages are usually only useful when cross-referenced with the source code and they may expose plain-text passwords and mail message content.
    --log-address
    @@ -423,4 +439,4 @@ This document was created by using the manual pages.
    - + diff --git a/doc/emailrelay-passwd.1 b/doc/emailrelay-passwd.1 index 2a1fb30..2565ab5 100644 --- a/doc/emailrelay-passwd.1 +++ b/doc/emailrelay-passwd.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2001-2022 Graeme Walker +.\" Copyright (C) 2001-2023 Graeme Walker .\" .\" This program is free software: you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by @@ -47,7 +47,7 @@ Specifies the hash function, such as MD5 or SHA1. MD5 is the default, and a hash Shows help text and exits. .TP .B \-b, --base64 -The input password is interpreted as being base-64 encoded. +The input password is interpreted as being Base64 encoded. .TP .B \-d, --dotted Generates a dotted decimal format, for backwards compatibility. diff --git a/doc/emailrelay-submit.1 b/doc/emailrelay-submit.1 index 7d04055..78e92d4 100644 --- a/doc/emailrelay-submit.1 +++ b/doc/emailrelay-submit.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2001-2022 Graeme Walker +.\" Copyright (C) 2001-2023 Graeme Walker .\" .\" This program is free software: you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by @@ -53,6 +53,9 @@ Adds a \fIDate:\fR content header if there is none. .B \-F, --content-from Adds the envelope 'from' addresses as a \fIFrom:\fR content header. .TP +.B \-I, --content-message-id \fI\fR +Adds a \fIMessage-ID:\fR content header if there is none. +.TP .B \-t, --content-to Adds the envelope 'to' addresses as \fITo:\fR content headers. .TP diff --git a/doc/emailrelay.1 b/doc/emailrelay.1 index 94e8a1d..ffa5327 100644 --- a/doc/emailrelay.1 +++ b/doc/emailrelay.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2001-2022 Graeme Walker +.\" Copyright (C) 2001-2023 Graeme Walker .\" .\" This program is free software: you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by @@ -72,6 +72,9 @@ Displays help text and then exits. Use with \fI--verbose\fR for more complete ou Displays version information and then exits. .SS SMTP client options .TP +.B \-c, --client-smtp-config \fI\fR +Configures the SMTP client protocol using a comma-separated list of optional features, including 'pipelining', 'smtputf8strict', 'eightbitstrict' and 'binarymimestrict'. +.TP .B \-f, --forward Causes spooled mail messages to be forwarded when the program first starts. .TP @@ -99,6 +102,9 @@ Specifies a timeout (in seconds) for receiving network traffic from remote SMTP .B \-T, --response-timeout \fI
    --client-tls-verify-name <cname>
    @@ -356,9 +387,9 @@
    Defines the TLS certificate file when acting as a SMTP or POP server. This file must contain the server's private key and certificate chain using the - PEM file format. Alternatively, use this option twice with the first one - specifying the key file and the second the certificate file. Keep the file - permissions tight to avoid accidental exposure of the private key. + PEM file format. Alternatively, use this option twice with the first + specifying the key file and the second the certificate file. Keep the file + permissions tight to avoid accidental exposure of the private key.
    --server-tls-connection
    @@ -376,8 +407,8 @@ Enables verification of remote SMTP and POP clients' certificates against any of the trusted CA certificates in the specified file or directory. In many use cases this should be a file containing just your self-signed root - certificate. Specify for the TLS library's default set of - trusted CAs. + certificate. Specify (including the angle brackets) for the + TLS library's default set of trusted CAs.
    --tls-config <options> (-9)
    @@ -428,9 +459,11 @@
    --user <username> (-u)
    When started as root the program switches to a non-privileged effective - user-id when idle. This option can be used to define the idle user-id and - also the group ownership of new files and sockets. Specify root to - disable all user-id switching. Ignored on Windows. + user-id when idle or when running external filter scripts and address + verifiers. This option can be used to define the non-privileged user-id. It + also determines the group ownership of new files and sockets if the + directory owner is not 'sticky'. Specify root to disable all user-id + switching. Ignored on Windows.

    Logging options

    @@ -452,7 +485,7 @@
    Enables debug level logging, if built in. Debug messages are usually only useful when cross-referenced with the source code and they may expose - plaintext passwords and mail message content. + plain-text passwords and mail message content.
    --log-address
    @@ -487,23 +520,70 @@ --as-server and --as-proxy.
    +

    Configuration

    - A configuration file can be used to provide additional options; put each - option on a separate line, use the long option names but without the double - dash, and separate the option name from the option value with spaces. + E-MailRelay is configured with command-line options and/or a configuration file. + The configuration filename is given as the last command-line parameter.

    - All command-line options that specify a filename can use a special @app - substitution variable that is interpreted as the directory that contains - the emailrelay executable or MacOS application bundle. + A configuration file should contain command-line options without double dashes, + with each option on a separate line. The option name and the option value should + be separated with a space. For example:

    -

    Message store

    + +
    + 
    # emailrelay.conf
+log
+#verbose # commented out
+spool-dir /tmp/spool
+port 10025
+
    +

    - Mail messages are stored as text files in the configured spool directory. Each - e-mail message is represented as an envelope file and a content file. The - envelope file contains parameters relevant to the SMTP dialogue, and the - content file contains the RFC-822 headers and body text. + All options that specify a filename can use a special @app substitution + variable that is interpreted as the directory that contains the emailrelay + executable or MacOS application bundle. +

    + +

    + It is possible to run multiple E-MailRelay instances in one process by prefixing + the --spool-dir option with an arbitrary name like in or out, ie. + --in-spool-dir and --out-spool-dir. Subsequent options like --in-port and + --out-port will then apply to the in and out instances separately. Any + options without a prefix will apply to the first instance and process-wide + options, including --log, --verbose --no-daemon and --user, will only + take effect if unprefixed or prefixed by the first instance name. For example: +

    + +
    + 
    # emailrelay.conf
+log
+user root
+# in...
+in-spool-dir /var/spool/in
+in-port 25
+in-remote-clients
+in-filter account:
+in-domain example.com
+# out...
+out-spool-dir /var/spool/out
+out-port 587
+out-forward-on-disconnect
+out-forward-to smtp.smarthost.com
    +
    +

    Message store

    +

    + E-mail messages are stored as text files in the configured spool directory; each + message is represented as an envelope file and a content file. The envelope file + contains parameters relevant to the SMTP dialogue, and the content file contains + the RFC-822 headers and body text. +

    + +

    + Envelope files can be modified by external filter scripts as long as the basic + structure is retained, and some E-MailRelay features such as routing and client + account selection can only be accessed in this way.

    @@ -521,14 +601,18 @@

  • .new -- while the envelope is first being written
  • .busy -- while the message is being forwarded
  • .bad -- if the message cannot be forwarded
    • -
  • .local -- for copies of the envelope file for delivery to local recipients

    • If an e-mail message cannot be forwarded the envelope file is given a .bad suffix, and the failure reason is written into the file.

    -

    Forwarding

    + +

    + Sub-directories of the main spool directory are sometimes used as mailboxes + containing e-mail messages that have been delivered to local e-mail recipients. +

    +

    Forwarding

    Spooled e-mail messages can be forwarded at various times, depending on the command-line options: @@ -537,7 +621,7 @@

    • when E-MailRelay first starts up (--as-client or --forward)
    • as each message is submitted, just before receipt is acknowledged (--immediate)
      • -
    • as soon as the submitting client connection disconnects (--forward-on-disconnect)
      • +
    • as soon as the submitting client disconnects (--forward-on-disconnect)
    • periodically (--poll=)
    • on demand using the administration interface's forward command (--admin=)
    • when a --filter script exits with an exit code of 103
      • @@ -548,106 +632,101 @@

      - When using --as-client, or --dont-serve and --forward, the spooled + When using --as-client, or --dont-serve with --forward, the spooled messages begin to be forwarded as soon as the program starts up, and the program terminates once they have all been sent.

      - By default all recipient e-mail addresses must be accepted by the remote server - when E-MailRelay forwards an e-mail message. If any one recipient is rejected - then the message will be left in the spool directory with a .bad suffix on - the envelope file. This behaviour can be changed by using --forward-to-some - command-line option so that forwarding will succeed for the valid recipients - and the failed message will contain the invalid ones. -

      -

      Mail processing

      -

      - The --filter command-line option allows you to specify a mail processing - program which operates on e-mail messages as they pass through the E-MailRelay - system. The filter program is run as soon as the e-mail message has been stored - in the spool directory, with the full path of the content file and envelope - file put on the command-line. + Normally when an e-mail message is forwarded all the remote recipient e-mail + addresses must be accepted by the remote server (--forward-to-all). If any one + recipient is rejected then the message will be failed and left in the spool + directory with a .bad suffix on the envelope file.

      - For example, the following command will start a proxy server on port 587 - which processes mail using the specified filter program, and then forwards the - mail on to the system's default MTA (on port 25): + However, if the --forward-to-some option is used then forwarding will succeed + for the valid recipients and the failed message will contain just the invalid + ones. (Future E-MailRelay releases might switch to --forward-to-some as the + default, so use --forward-to-all if that is what is required.) +

      + +

      + If an address verifier has previously determined that all the recipient + addresses in an e-mail message are local then it will be failed immediately when + forwarding, before any interaction with the remote server. +

      +

      Filters

      +

      + The --filter command-line option can be used to specify a program or script + that operates on e-mail messages as they pass through the E-MailRelay system. + The filter program is run as soon as the e-mail message has been stored in the + spool directory, with the full path of the content file and envelope file put + on the command-line. +

      + +

      + For example, the following command will start E-MailRelay as a proxy server + on port 587 that processes mail using the specified filter program, and then + forwards it on to the local system's default MTA on port 25:

      - 
      emailrelay --as-proxy=localhost:smtp --port=587 --no-syslog \
-  --filter=$HOME/myfilter --spool-dir=$HOME/spool
+       
      emailrelay --as-proxy=127.0.0.1:25 --port=587 --filter=@app/myfilter --spool-dir=@app/spool

      The filter program should terminate with an exit code of zero to indicate - success, or a value between 1 and 99 to indicate failure. Exit codes between - 100 and 115 are reserved for special processing: 100 is used to abandon the - current e-mail message (so the filter can delete the files), and 103 has the - effect of requesting a rescan of the spool directory if forwarding is - enabled (typically to pick up on new messages that the filter program has - created). + success, or a value between 1 and 99 to indicate failure.

      - If the filter program terminates with a non-zero exit code then the first few - thousand characters of the standard output stream are searched for a line - starting with <> or [[error text]]. The text inside is taken - as a failure reason, and passed back to the SMTP client. A second error-text + When the filter program terminates with a non-zero exit code the envelope file + is given a .bad filename suffix so that it will not get picked up for + forwarding and the first few thousand characters of the filter's standard output + stream are searched for a line starting with <> or + [[error text]]. The text inside is taken as a failure reason and passed back + to the SMTP client and also written into the envelope file. A second error-text line can be used for additional diagnostics that will not be visible to the remote client.

      +

      + Filter exit codes between 100 and 115 are reserved for special processing: 100 + is used to abandon the current e-mail message so the filter can safely delete + the message files, and 103 has the effect of requesting a rescan of the spool + directory if forwarding is enabled, typically to pick up on new messages that + the filter program has created. +

      +

      The filter program can edit any part of the e-mail message's envelope file or content file: E-MailRelay remembers nothing about the e-mail message while the filter is running except the filename. However, if the message is deleted by - the filter program then E-MailRelay will complain, so to avoid the error - message use an exit code of 100. -

      - -

      - If the filter program creates completely new e-mail messages in the spool - directory then they may not be processed immediately, or they may be completely - ignored. To get E-MailRelay to pick up any new messages you create in the - spool directory use the special 103 exit code, or rely on the --poll - mechanism, or perhaps run emailrelay --as-client from within the filter - program. + the filter program then it should use an exit code of 100 to avoid spurious + warning messages.

      As an example of a simple filter program processor this shell script examines - the sending client's IP address and conditionally passes the message into - sendmail (using the sendmail command-line interface rather than SMTP): + the message envelope and deletes the e-mail message if it has come from a + particular IP address: 

      #!/bin/sh
 # filter.sh
-content="${1}"
-envelope="${2}"
-ip="`awk '/MailRelay-Client:/ {print $2;exit}' \"${envelope}\"`"
-if test "${ip}" = "192.168.0.2"
+content="$1"
+envelope="$2"
+ip="`sed -n -e '/MailRelay-Client:/{p;q}' \"$envelope\"`"
+if test "$ip" = "192.168.0.2"
 then
-    /usr/sbin/sendmail -t < "${content}"
-    rm -f "${envelope}" "${content}"
-    exit 100 # <= cancel further processing by emailrelay
+    rm -f "$envelope" "$content"
+    exit 100 # <= cancel further processing
 fi
 exit 0
      -

      - The first thing this script does is convert the path of the content file which - it is given, into the corresponding envelope file. It then extracts the - client's IP address out of the envelope file using awk. If this matches the - fixed address then it pipes the message content into sendmail, deletes the - e-mail message and exits with a value of 100. The exit value of 100 tells - E-MailRelay to forget the message, and not to complain about the files - disappearing. -

      -

      For Windows this example can be rewritten in JavaScript:

      @@ -664,8 +743,6 @@ var re = new RegExp( "MailRelay-Client: \(.*\)" ) ; var ip = e.match(re)[1] ; if( ip === "192.168.0.2" ) { - var sh = WScript.CreateObject( "Wscript.Shell" ) ; - sh.Run( "sendmail " + content ) ; // bogus fs.DeleteFile( content ) ; fs.DeleteFile( envelope ) ; WScript.Quit( 100 ) @@ -690,12 +767,11 @@ WScript.Quit( 0 ) ;

      E-MailRelay also has a --client-filter option that enables processing of e-mail messages just before they are forwarded, rather than after they are - stored. The disadvantage is that by then it is too late to notify the - submitting SMTP client of any processing failures, so in many store-and-forward - applications using --filter is more useful. The special exit code of 100 can - be used to ignore the current message, and 102 to stop scanning for more - spooled messages after processing the current one (eg. for simple - rate-limiting). + stored. The disadvantage is that by then it is too late to notify the submitting + SMTP client of any processing failures so in many store-and-forward applications + using --filter is more useful. The special exit code of 100 can be used to + ignore the current message, and 102 to stop scanning for more spooled messages + after processing the current one (eg. for simple rate-limiting).

      @@ -703,16 +779,30 @@ WScript.Quit( 0 ) ;

        -
      • The standard input and output are not used; the message filename is passed on the command-line.
        • +
      • The standard input and output are not used; the message filenames are passed on the command-line.
      • Programs are run with a reduced set of environment variables.
        • -
      • E-MailRelay files use CR-LF line terminators, as required by the RFCs.
        • -
      • Envelope files will have a file extension of .new or .busy when the program runs.
        • -
      • Windows scripts may need to be run via cscript or a batch file wrapper.
        • +
      • Message files use CR-LF line terminators.
        • +
      • Envelope files will have a file extension of .new or .busy when the filter runs.
        • +
      • Content files on Linux/Unix might be hard-linked if using --filter=split:.
        • +
      • On Linux/Unix the filter runs as an unprivileged user unless using --user=root.
      - +

      Network filters

      +

      + E-MailRelay filters are normally external programs or scripts that operate on + the message files in the spool directory, but filters can also be network + servers. +

      +

      net:

      +

      + To use a network server as a filter the --filter or --client-filter option + should start with net: followed by the address of the server: +

      + +
      + 
      --filter=net:localhost:10101
+
      +

      - It is also possible to do message filtering in a separate process by using - net: as the --filter or --client-filter option parameter. E-MailRelay connects to this address and then uses a simple line-based dialog as each e-mail message is processed: it sends the full path of the message content file in one line and expects the remote process to respond with an ok @@ -722,14 +812,444 @@ WScript.Quit( 0 ) ;

      - Alternatively, use spam: or spam-edit: to connect - to a SpamAssassim spamd server, or use exit: for simulating a - filter program that just does an exit with the specified exit code. + E-MailRelay is responsible for maintaining the connection to the net: server + so the server should not normally disconnect after responding.

      -

      Authentication

      +

      spam:

      - E-MailRelay can perform client-side authentication when connecting to remote - SMTP servers, and server-side authentication when remote clients connect to + It is also possible to use a SpamAssassin spamd server as an E-MailRelay + network filter by using spam: or spam-edit: instead of net:. +

      + +

      + Eg: +

      +
      + 
      --filter=spam-edit:127.0.0.1:783
+
      +
      +

      + Using spam: means that the e-mail message will be rejected outright if it + fails the SpamAssassin tests, whereas with spam-edit: the message content is + edited by SpamAssassin to hide the spam content within an attachment. +

      +

      Built-in filters

      +

      + E-MailRelay has a few built-in filters. +

      +

      exit:

      +

      + The simplest is the exit: filter that simulates a filter program that exits + immediately with a specific exit code: +

      + +
      + 
      --filter=exit:103
+
      +
      +

      + This is useful for the special exit codes, such as exit code 103 which requests + a rescan of the spool directory for forwarding. +

      +

      copy:

      +

      + The copy: filter copies the e-mail message's envelope and content files into + all the sub-directories of the main spool directory and then deletes the + original: +

      + +
      + 
      --filter=copy:
+
      +
      +

      + The copy: filter will not copy into a postmaster sub-directory or into any + sub-directory with a name starting with a dot. +

      + +

      + If any destination directories have new, tmp and cur sub-directories then + they are treated as maildir mailboxes. +

      + +

      + To save disk space the content files can be hard-linked by using copy:hardlink + (Linux/Unix only) or they can stay in the main spool directory by using + copy:pop. The copy:pop option is normally used with --pop-by-name: +

      + +
      + 
      --filter=copy:pop --pop --pop-by-name --pop-auth=...
      +
      +

      deliver:

      +

      + The deliver: filter is used to deliver copies of incoming e-mail messages into + a separate mailbox directory for each message recipient where the address + verifier has supplied a local mailbox name: +

      + +
      + 
      --filter=deliver:
+
      +
      +

      + If the message has no local recipients then the filter does nothing. If it has + only local recipients then it will be deleted once it has been copied into + mailboxes. +

      + +

      + The delivery base directory defaults to the main spool directory but it can be + overridden with the --delivery-dir option: +

      + +
      + 
      --filter=deliver: --delivery-dir=@app/mailboxes --spool-dir=@app/spool
+
      +
      +

      + Optional semi-colon separated parameters can be used to modify its behaviour: +

      + +
      + 
      --filter="deliver:hardlink;no_delete"
+
      +
      +

      + See Delivery below for more details. +

      +

      split:

      +

      + The split: filter can be used when outgoing e-mail messages need to be routed + to different next-hop servers according to the recipient addresses. The filter + examines the domain part of the recipient addresses in the SMTP envelope file + and if there is more than one domain then the message is copied so that each + copy relates to a single domain. It then copies the recipient address's domain + name into the ForwardTo field within the envelope file. +

      + +

      + Note that if new messages are created by the split: filter then they will not + be processed by any other server filters. +

      + +

      + Domain name comparisons are case-insensitive by default. For exact comparisons + use split:raw. This might be useful if an address verifier has already + sanitised the recipient addresses. +

      + +

      + On Linux/Unix the content file copies will be hard links where possible. +

      +

      mx:

      +

      + The mx: filter performs a DNS MX lookup on any ForwardTo domain given in + the envelope file and stores the resulting IP address in the + ForwardToAddress field. The ForwardTo field can optionally have a colon + separated numeric port number. +

      + +

      + The mx: filter should normally be run as a client filter (--client-filter) + so that the IP address is up-to-date when the forwarding connection is made. +

      + +

      + The split: and mx: filters work together to implement message routing: +

      + +
      + 
      --filter=split: --client-filter=mx:
+
      +
      +

      + By running as a client filter the mx: filter will pick up any new messages + created by split:. +

      + +

      + The filter can be configured with optional address for the DNS server after + the mx: string: +

      + +
      + 
      --client-filter="mx:127.0.0.1:53"
+
      +
      +

      + If the DNS server responds with a forwarding address of 0.0.0.0 then the + ForwardToAddress will be cleared and the message will be forwarded to the + default --forward-to address. +

      + +

      + See Routing below for more details. +

      +

      msgid:

      +

      + The msgid: filter adds a RFC-822 Message-ID header to the content file if it + does not have one already. +

      +

      Address verifiers

      +

      + By default the E-MailRelay server will accept all recipient addresses for + incoming e-mails as valid. This default behaviour can be modified by using an + external verifier program, specified with the --address-verifier command-line + option, so the verifier can choose which recipient addresses are accepted as + valid and which are rejected. +

      + +

      + Address verifiers can also be used to identify recipient addresses that are + local addresses with an associated mailbox. +

      + +

      + The verifier program is passed a command-line containing: (1) the recipient + e-mail address as supplied by the remote client, (2) the from e-mail address + as supplied by the client, or the empty string in the case of the VRFY + command, (3) the IP address and port of the far end of the client + connection, (4) the local fully qualified domain name, (5) the authentication + mechanism used by the client (if any, and none if trusted), and (6) either + the authentication name or the fourth field from authentication secrets file + if a trusted IP address. +

      + +

      + So, for example, a verifier program called myverifier might be run as if with + the following command-line: +

      + +
      + 
      myverifier bob@local.net alice@example.com 192.168.0.1:123 local.net login alice
+
      +
      +

      + The verifier program should generate two lines of output on the standard output + stream and then terminate with a specific exit code. +

      + +

      + For valid addresses the first line of output is ignored, the second line should + normally be copied from the first command-line argument, and the exit value + should be one. +

      + +
      + 
      #!/bin/sh
+# address verifier -- accept all (252)
+echo ""
+echo "$1"
+exit 1
+
      +
      +

      + The address verifier can also modify a recipient address, for example by + converting to lower-case: +

      + +
      + 
      #!/bin/sh
+# address verifier -- accept all and normalise (252)
+echo ""
+echo "$1" | tr '[A-Z]' '[a-z]'
+exit 1
+
      +
      +

      + The modified recipient address is stored in the envelope file and will be used + as the SMTP SEND-TO address when the message is forwarded. +

      + +

      + If the address verifier identifies a recipient address as being a local user + with an associated mailbox then it should write two lines to the standard + output -- the full name associated with the mailbox (only used in the response + to the VRFY command), and the mailbox name used for message delivery -- and then + exit with a value of zero. +

      + +
      + 
      #!/bin/sh
+# address verifier -- accept as local (250)
+echo Local Postmaster '<postmaster@localhost>'
+echo postmaster
+exit 0
+
      +
      +

      + Messages with recipient addresses that have been identified as local can be + delivered to the relevant mailbox by a filter such as the built-in deliver: + filter. Local recipient addresses are ignored when a message is forwarded by the + SMTP client. +

      + +

      + For invalid addresses the verifier's exit value should be non-zero and the first + line of output will be taken as the error response sent to the remote client. An + optional second output line can be used for diagnostic information that gets + recorded in the E-MailRelay log file. +

      + +
      + 
      #!/bin/sh
+# address verifier -- reject as invalid (550)
+echo invalid mailbox: $1
+exit 2
+
      +
      +

      + To indicate a temporary failure this can be changed to an exit code of 3. +

      + +
      + 
      #!/bin/sh
+# address verifier -- reject as temporarily invalid (450)
+echo mailbox unavailable: $1
+exit 3
+
      +
      +

      + If the verifier exit code is 100 then the connection is aborted immediately, + which may be useful in limiting the impact of denial of service attacks. +

      + +
      + 
      #!/bin/sh
+# address verifier -- abort
+exit 100
+
      +
      +

      + Any other exit code, from 4 to 99 or 101 and above, behaves in the same way + as an exit code of 2. +

      + +

      + On Windows address verifier scripts can be written in JavaScript, something + like this: +

      + +
      + 
      // verifier.js
+try
+{
+    var address = WScript.Arguments(0) ;
+    var local_domain = WScript.Arguments(3) ;
+    var auth_mechanism = WScript.Arguments(4) ;
+    var user = address.split(/@/)[0] || "" ;
+    var domain = address.split(/@/)[1] || "" ;
+	if( user === "postmaster" )
+	{
+    	WScript.Stdout.WriteLine( "Postmaster <postmaster@example.com>" ) ;
+    	WScript.Stdout.WriteLine( "postmaster" ) ;
+        WScript.Quit( 0 ) ; // accept for delivery to mailbox "postmaster"
+	}
+	else if( domain !== "example.com" )
+	{
+    	WScript.Stdout.WriteLine( "invalid domain" ) ;
+        WScript.Quit( 2 ) ; // reject (550)
+	}
+	else
+	{
+    	WScript.Stdout.WriteLine( "" ) ;
+    	WScript.Stdout.WriteLine( address ) ;
+    	WScript.Quit( 1 ) ; // accept
+	}
+}
+catch( e )
+{
+    WScript.Stdout.WriteLine( "mailbox unavailable" ) ;
+    WScript.Stdout.WriteLine( e ) ;
+    WScript.Quit( 3 ) ;
+}
      +
      +

      Address verifier servers

      +

      + E-MailRelay address verifiers are normally external programs or scripts but it + is also possible to do address verification in a separate network server if + the --address-verifier option starts with net: followed by the network + address and port number. +

      + +

      + Eg: +

      +
      + 
      --address-verifier=net:127.0.0.1:10101
+
      +
      +

      + In this case E-MailRelay will connect to the specified verifier daemon over the + network and send address verification requests as lines with pipe-delimited + fields. The expected response is another pipe-delimited line containing the same + information as returned by verifier scripts but in reverse, such as + 0|postmaster|Local Postmaster or + 2|mailbox unavailable. +

      + +

      + E-MailRelay is responsible for maintaining the connection to the net: server + so the server should not normally disconnect after responding. +

      +

      Built-in address verifiers

      +

      + There is one built-in address verifier called account:. +

      +

      account:

      +

      + The account: verifier does validation of recipient address against system + account names and the network domain or --domain value. For example, it will + accept alice@example.com only if there is a local system account called + alice and the local fully-qualified domain name is example.com. +

      + +

      + Eg: +

      +
      + 
      --address-verifier=account: --domain=example.com
+
      +
      +

      + The account: verifier can have one or more semi-colon separated configuration + parameters following the verifier name, including a user-id range (defaulting to + 1000-32767) that is used to obtain the list of system account names and + lowercase to convert upper-case 7-bit characters in the system account name to + lower-case, check and remote. +

      + +

      + Eg: +

      +
      + 
      --address-verifier="account:1000-1002;lc" --domain=example.com
+
      +
      +

      + With the check parameter the verifier will test whether the recipient address + is a local account but always accept the address as valid, whether it is a local + account or not. This is useful for outgoing traffic where local recipients can be + delivered immediately without being sent to the next-hop SMTP server. +

      + +

      + Eg: +

      +
      + 
      --address-verifier=account:check --domain=example.com --delivery-dir=@app/in
+
      +
      +

      + With the remote parameter the recipient address is valid only if it is a local + account but it is treated as not local so that the e-mail message will be + available for forwarding rather than delivery. +

      +

      Authentication

      +

      + E-MailRelay can perform 'client-side' authentication when connecting to remote + SMTP servers, and 'server-side' authentication when remote clients connect to the E-MailRelay server.

      @@ -750,6 +1270,13 @@ emailrelay --as-client=example.com:smtp --client-auth=/etc/emailrelay-server.aut contain at least one client entry.

      +

      + It is also possible to give the client authentication details directly by + specifying plain:: as the --client-auth + value. This is not recommended because it exposes the account details + through the process table, command-line history, etc. +

      +

      The server-side secrets file specified with --server-auth is used when a remote client tries to authenticate with the E-MailRelay server. The file @@ -770,7 +1297,7 @@ emailrelay --as-client=example.com:smtp --client-auth=/etc/emailrelay-server.aut

      - Lines have four white-space delimited fields: + Lines have four or five white-space delimited fields:

        @@ -778,90 +1305,114 @@ emailrelay --as-client=example.com:smtp --client-auth=/etc/emailrelay-server.aut
      • password-type
      • userid
      • password
        • +
      • client-account-selector (client-side, optional)

      The client-or-server field must be client or server; the password-type field should be plain or md5; the userid field is xtext-encoded user identifier; and the password field is the xtext-encoded plain password - or a base64-encoded HMAC-MD5 state. For client lines the password-type can - also be oauth. + or a base64-encoded HMAC-MD5 state from emailrelay-passwd. For client + lines the password-type can also be oauth.

      - The xtext encoding scheme is defined properly in RFC-3461, but basically it - says that non-alphanumeric characters (including space, +, # and =) should - be represented in uppercase hexadecimal ascii as +XX. So a space should be - written as +20; + as +2B; # as +23; and = as +3D. -

      - -

      - Base64 encoding can be used instead of xtext encoding for the user identifier - and plain password by replacing plain by plain:b. -

      - -

      - Note that modern email services will expect userids and passwords containing - non-ASCII characters to use UTF-8 encoding with RFC-4013 normalisation applied. -

      - -

      - Authentication proceeds according to an authentication 'mechanism' that is - advertised by the server and selected by the client. Many authentication - mechanisms have been defined and standardised, and the simplest ones just - exchange a username and plaintext password. E-MailRelay supports the PLAIN, - LOGIN and CRAM-MD5 mechanisms for both client-side and server-side - authentication as a minimum, but other mechanisms might be built in or - available via PAM (see below). -

      - -

      - The PLAIN, LOGIN and CRAM-MD5 mechanisms can use plaintext passwords, stored - in the secrets file using a password-type of plain. In addition, the - CRAM-MD5 mechanism can also make use of hashed passwords generated by the - emailrelay-passwd program and these are stored in the secrets file with a - password-type of md5. (Hashed passwords are marginally more secure because - the plaintext password which might be used on other accounts is not easily - recovered. However, hashed passwords can only be used for HMAC authentication - mechanisms that are based on the same hash function.) The XOAUTH2 mechanism - can be used for client-side authentication using tokens that have been - recently obtained from a third-party authentication server and added to the - secrets file with a password-type of oauth. -

      - -

      - In the following example bob is the username that E-MailRelay uses when - it authenticates with a remote SMTP server, and two usernames (alice and - carol) can be used by remote clients when they authenticate with the - E-MailRelay server: + For example:

      - 
      #
-# emailrelay secrets file
-#
+       
      # emailrelay secrets file
 client plain bob password123
 server plain alice e+3Dmc2
 server plain carol my+20password

      - Using MD5 hashes the same users would look like this: + The xtext encoding scheme is defined properly in RFC-3461, but basically it + says that non-alphanumeric characters (including space, +, # and =) should + be represented in uppercase hexadecimal ASCII as +XX. So a space should be + written as +20; + as +2B; # as +23; and = as +3D. +

      + +

      + Base64 encoding can be used instead of xtext encoding by replacing plain by + plain:b:

      - 
      #
-# emailrelay secrets file
-#
+       
      # emailrelay secrets file
+client plain:b Ym9i cGFzc3dvcmQxMjM= # bob
+server plain:b YWxpY2U= ZT1tYzI= # alice
+server plain:b Y2Fyb2w= bXkgcGFzc3dvcmQ= # carol
+
      
+
      +

      + Note that modern email services will expect user-ids and passwords containing + non-ASCII characters to use UTF-8 encoding with RFC-4013 normalisation. +

      + +

      + Multiple client accounts can be defined in the secrets file by using a fifth + field as an account selector. When an e-mail message is forwarded the + authentication account is chosen by matching the ClientAccountSelector in the + message envelope file (as set by a filter) with the account selector in the + secrets file: +

      + +
      + 
      # emailrelay secrets file
+client plain bob password123 # no selector, authenticate as bob
+client plain alice e+3Dmc2 use_alice # selector 'use_alice'
+client plain:b = = noauth # selector 'noauth', no authentication
+
      +
      +

      + Authentication proceeds according to an authentication 'mechanism' that is + advertised by the server and selected by the client. Many authentication + mechanisms have been defined and standardised, and the simplest ones just + exchange a username and plain-text password. E-MailRelay supports the PLAIN, + LOGIN and CRAM-MD5 mechanisms for both client-side and server-side + authentication as a minimum, with XOAUTH2 on for client-side authentication. + Other mechanisms might be built in or available via PAM (see below). +

      + +

      + The PLAIN, LOGIN and CRAM-MD5 mechanisms can use plain-text passwords, stored + in the secrets file using a password-type of plain. In addition, the + CRAM-MD5 mechanism can also make use of hashed passwords generated by the + emailrelay-passwd program and these are stored in the secrets file with a + password-type of md5. +

      + +

      + Hashed passwords are marginally more secure because the plain-text password + which might be used on other accounts is not easily recovered. However, hashed + passwords can only be used for HMAC authentication mechanisms that are based on + the same hash function. +

      + +

      + Using MD5 hashes the example secrets file would look like this: +

      + +
      + 
      # emailrelay secrets file
 client md5 bob 9N2IRYVXqu7SkOW1Xat+wpR9NbA2R6fb61XlmqW+46E=
 server md5 alice v1HOpuLIbbvgoJjhueeoqwfvtIp2C+gMA285ke+xxow=
 server md5 carol x6UJKQF9f7HfhS1M+PW4s8rXIoT+L+WoqLz+rBwSKbw=
      +

      + The XOAUTH2 mechanism can be used for client-side authentication using tokens + that have been recently obtained from a third-party authentication server and + added to the secrets file with a password-type of oauth. +

      +

      When the --server-auth option is used clients must authenticate with the - E-MailRelay server but it is possible to configure some client IP addresses as - 'trusted' so that connections from these addresses do not have to authenticate. + E-MailRelay server before they can send e-mail, but it is possible to configure + some client IP addresses as 'trusted' so that connections from these addresses + do not have to authenticate.

      @@ -877,13 +1428,11 @@ server md5 carol x6UJKQF9f7HfhS1M+PW4s8rXIoT+L+WoqLz+rBwSKbw=

      For example, this secrets file allows any client connecting over IPv4 from the 192.168.0.0/24 address range, or over IPv6 from the fe80::/64 or fc00::/7 - ranges, to connect without authentication: + ranges, to submit mail without requiring authentication:

      - 
      #
-# emailrelay secrets file
-#
+       
      # emailrelay secrets file
 server none 192.168.0.* localipv4
 server none fe80::/64 localipv6
 server plain alice e+3Dmc2
@@ -895,8 +1444,7 @@ server plain carol my+20password
      server that implements the SMTP AUTH extension with one of the supported
      mechanisms. If client-side authentication is required but the remote server
      does not support the AUTH extension, or does not support mechanisms for which
-     E-MailRelay has secrets, then an error will be logged and no messages will be
-     forwarded.
+     E-MailRelay has secrets, then forwarding will fail.
     
      
 
     
      
@@ -913,7 +1461,7 @@ server plain carol my+20password
      The TLS layer can also be used for authentication, independently of SMTP, as
      described below.
     
      
-   
      TLS encryption
       
+   
      TLS encryption
       
     
      
      E-MailRelay can use negotiated TLS to encrypt SMTP and POP sessions: use the
      --client-tls command-line option to enable client-side TLS encryption when
@@ -960,7 +1508,7 @@ server plain carol my+20password
      expect all connections to be using TLS from the start, so the whole SMTP
      dialogue is encrypted, without the need for STARTTLS.
     
      
-   
      PAM Authentication
       
+   
      PAM authentication
       
     
      
      E-MailRelay on Linux supports the use of PAM (Pluggable Authentication Modules)
      for authentication if it has been built with the --with-pam configure option.
@@ -973,7 +1521,7 @@ server plain carol my+20password
     
      
 
     
      
-     Use --server-auth=/pam and/or --pop-auth=/pam on the command-line to use
+     Use --server-auth=pam: and/or --pop-auth=pam: on the command-line to use
      PAM authentication for SMTP and POP respectively. The E-MailRelay server will
      then advertise an SMTP authentication mechanism of PLAIN and do the actual
      authentication via PAM.
@@ -997,7 +1545,149 @@ server plain carol my+20password
      --user=root command-line option to make sure that the process's effective
      user-id stays as root while it accesses the PAM system.
     
      
-   
      IP addresses
       
+   
      Routing
       
+    
      
+     E-MailRelay is often used to store-and-forward e-mail messages, with the
+     forwarded messages going to a smarthost for onward routing. (The smarthost
+     address is given by the --forward-to or --as-client command-line option.)
+    
      
+
+    
      
+     However, E-MailRelay can also be used to route outgoing e-mail messages directly
+     to their final destinations without needing a smarthost.
+    
      
+
+    
      
+     The ForwardToAddress field in every message envelope file is normally empty
+     but it can be populated by a filter script to activate message routing. If
+     E-MailRelay sees a transport address in the ForwardToAddress field when a
+     message is being forwarded then it will connect to that address rather than the
+     default --forward-to address from the command-line or configuration
+     file. And if every message is given a ForwardToAddress then the command-line
+     --forward-to address will not be used at all so it can be a dummy server on
+     the local machine.
+    
      
+
+    
      
+     The ForwardToAddress should normally be an IP address and port number obtained
+     from a MX DNS query but it can also be a domain name and port number, in which
+     case a normal A or AAAA DNS lookup is used to determine the network address.
+    
      
+
+    
      
+     Normal e-mail routing is done according to the domain names in the message
+     recipient addresses (so a message to alice@example.com gets routed to
+     example.com:25) and using MX DNS lookups. But if there are multiple recipients
+     with different domain names then the message will have to be split up into
+     independent copies. This means that normal e-mail routing is best done in two
+     stages: first use a filter to split the message into independent copies grouped
+     by domain, and then use a client filter to do MX DNS lookups on those domain
+     names to populate the ForwardToAddress.
+    
      
+
+    
      
+     (The built-in split: filter can be used to split messages by recipient domain
+     and store the domain name in the ForwardTo envelope field.)
+    
      
+
+    
      
+     If E-MailRelay sees a ForwardTo value in the envelope file when it is
+     forwarding a message and if there is a defined --client-filter then the filter
+     will be run early so that it can populate a ForwardToAddress before connecting
+     to the remote server. The contents of the ForwardTo field is not interpreted
+     by E-MailRelay itself; it causes the client filter to run early but then it is
+     up to the filter to make use of its value.
+    
      
+
+    
      
+     (The built-in mx: filter can be used to do a MX DNS lookup on the ForwardTo
+     domain and fill in the ForwardToAddress.)
+    
      
+
+    
      
+     Connection failures do not cause messages to fail so any messages routed to
+     unavailable addresses will stay in the spool directory. Use --poll to make
+     sure that these messages are retried and check the spool directory for old
+     messages files from time to time.
+    
      
+
+    
      
+     If routed SMTP connections need to authenticate using different client account
+     details then the filter that sets the ForwardToAddress in the message envelope
+     file should also populate the ClientAccountSelector field. The selector value
+     in the envelope is used to pick one of the client rows in the client secrets
+     file having a matching fifth field.
+    
      
+   
      Delivery
       
+    
      
+     When running in store-and-forward applications E-MailRelay does not concern
+     itself with message delivery; every e-mail message ends up in the main spool
+     directory without regard to the recipient addresses. However, it is quite easy
+     to write a delivery filter that examines the recipient addresses in each
+     message's envelope file and copies the message files into a separate mailbox
+     for each recipient.
+    
      
+
+    
      
+     A mailbox is normally just a sub-directory of the main spool directory with a
+     name derived from the first part of the recipient address. It is traditional to
+     have a catch-all mailbox called postmaster for unrecognised names.
+    
      
+
+    
      
+     Deriving a suitable mailbox name from the recipient address is best done by an
+     address verifier. The address verifier can check each recipient address, mapping
+     it to a mailbox name which then gets written to the envelope file's To-Local
+     list. After that the delivery filter just has to copy the message files into the
+     designated mailbox.
+    
      
+
+    
      
+     Once e-mail messages have been delivered into separate mailboxes they can be
+     accessed by individual users using POP with the --pop-by-name option. When a
+     user's e-mail user agent retrieves messages using POP it supplies a user-id for
+     authentication purposes and E-MailRelay will use this user-id to select the
+     appropriate mailbox from which to serve up e-mails.
+    
      
+
+    
      
+     Delivery is normally only relevant to incoming messages being received from
+     external systems, but it might also be desirable for outgoing messages that are
+     addressed to local users. For these messages is makes sense to deliver them
+     straight into incoming mailboxes rather have them forwarded to the smarthost and
+     then come back in again.
+    
      
+   
      deliver:
      
+    
      
+     The built-in deliver: filter does message delivery to the mailboxes associated
+     with any local recipient addresses. Once an address verifier has identified
+     one or more of the recipient addresses as local and the mailbox names have been
+     written into the envelope file the deliver: filter copies the message files
+     into the mailbox sub-directories. If all the recipient addresses were local then
+     the filter deletes the original message from the spool directory.
+    
      
+
+    
      
+     Eg:
+    
      
+      
      
+       
      --address-verifier=account: --filter=deliver:
+
      
+      
      
+    
      
+     The deliver: filter creates mailbox directories as necessary, but if the
+     mailbox directory already exists and has new, tmp and cur sub-directories
+     within it then it is treated as a maildir mailbox. In this case the content
+     file (only) is copied into the cur sub-directory. This can be useful for
+     serving up messages with an IMAP server such as dovecot.
+    
      
+
+    
      
+     Mailboxes are normally sub-directories of the spool directory, but the
+     --delivery-dir command-line option can be used to provide the deliver:
+     filter with a different base directory.
+    
      
+   
      IP addresses
       
     
      
      By default the E-MailRelay server listens for connections on the wildcard IPv4
      and IPv6 addresses, and when making outgoing connections it does not explicitly
@@ -1120,10 +1810,26 @@ server plain carol my+20password
        
      --as-client ipv4or6.example.com:25 --client-interface 0.0.0.0
 --as-client ipv4or6.example.com:25 --client-interface ::
      -

      Unix domain sockets

      +

      Socket activation

      - E-MailRelay on Unix will listen on unix-domain sockets instead of IPv4 or IPv6 - if the --interface option is given as an absolute file-system path: + On Linux/Unix systems E-MailRelay can be passed open listening file descriptors + at start-up by using the --interface option with a value like fd#3. This + allows a service management system to do the initial listening and only start up + the E-MailRelay server when a connection comes in. Systemd calls this "socket + activation". +

      + +

      + Eg: +

      +
      + 
      --interface=fd#4
+--interface=smtp=fd#5,pop=fd#6
      +
      +

      Unix domain sockets

      +

      + E-MailRelay on Linux/Unix will listen on unix-domain sockets instead of IPv4 or + IPv6 if the --interface option is given with an absolute file-system path:

      @@ -1169,11 +1875,11 @@ server plain carol my+20password --filter=spam:/run/spamd.s --filter=spam-edit:/run/spamd.s -

      SOCKS

      +

      SOCKS

      - E-MailRelay can use a SOCKS 4a proxy for establishing outgoing SMTP - connections; just append the SOCKS proxy address to the SMTP server's address, - separated by @. + E-MailRelay can use a SOCKS 4a proxy for establishing outgoing SMTP connections; + just append the SOCKS proxy address to the SMTP server's address, separated by + @.

      @@ -1190,334 +1896,17 @@ server plain carol my+20password establish the connection. The target SMTP server will see a connection coming from the Tor exit node rather than from the E-MailRelay server.

      -

      Address verification

      +

      SMTP extensions

      - By default the E-MailRelay server will accept all recipient addresses for - incoming e-mails as valid. This default behaviour can be modified by using an - external verifier program, specified with the --address-verifier command-line - option, so that you get to choose which recipient addresses are accepted as - valid and which are rejected. + Some standard extensions of the SMTP protocol can be enabled by using the + --server-smtp-config and --client-smtp-config command-line options. + These include the CHUNKING and SMTPUTF8 extensions defined in RFC-3030 and + RFC-6531 respectively. However, these extensions should only be enabled if the + next-hop SMTP server that you are forwarding to also supports them, otherwise + there is a risk that any mail messages that require those extensions will fail + to be forwarded.

      - -

      - Your verifier program is passed a command-line containing: (1) the recipient - e-mail address as supplied by the remote client, (2) the from e-mail address - as supplied by the client, or the empty string in the case of the VRFY - command, (3) the IP address and port of the far end of the client - connection, (4) the local fully qualified domain name, (5) the authentication - mechanism used by the client (if any, and none if trusted), and (6) either - the authentication name or the fourth field from authentication secrets file - if a trusted IP address. -

      - -

      - So, for example, a verifier program called myverifier might be run as if with - the following command-line: -

      - -
      - 
      myverifier bob@local.net alice@example.com 192.168.0.1:123 local.net login alice
-
      -
      -

      - The verifier program is expected to generate two lines of output on the - standard output stream and then terminate with a specific exit code. -

      - -

      - For future-proofing a verifier should report a version number of 2.0 if called - with a command-line starting with --emailrelay-version. -

      - -

      - For valid addresses the first line of output is ignored, the second line should - be copied from the first command-line argument, and the exit value should be - one. -

      - -
      - 
      #!/bin/sh
-# address verifier -- accept all (252)
-echo ""
-echo $1
-exit 1
-
      -
      -

      - If the address is valid but it should be delivered to a local mailbox rather - than forwarded then the verifier program should write two lines to the standard - output -- the full name associated with the mailbox, and the canonical mailbox - name -- and then exit with a value of zero. -

      - -
      - 
      #!/bin/sh
-# address verifier -- accept as local (250)
-echo Local Postmaster '<postmaster@localhost>'
-echo postmaster
-exit 0
-
      -
      -

      - For E-MailRelay local delivery just means that the message files in the spool - directory are copied to files with a .local filename suffix. If all the - envelope recipients are local-mailboxes then no normal message files are - created. This mechanism can be used to create a separate channel for - administrative messages such as delivery reports. -

      - -

      - For invalid addresses the exit value should be non-zero and the first line - of output is the error response. A second output line can be used for - diagnostic information that gets put into the E-MailRelay log file. -

      - -
      - 
      #!/bin/sh
-# address verifier -- reject as invalid (550)
-echo invalid mailbox: $1
-exit 2
-
      -
      -

      - To indicate a temporary failure this can be changed to an exit code of 3. -

      - -
      - 
      #!/bin/sh
-# address verifier -- reject as temporarily invalid (450)
-echo mailbox unavailable: $1
-exit 3
-
      -
      -

      - If the verifier exit code is 100 then the connection is aborted immediately, - which may be useful in limiting the impact of denial of service attacks: -

      - -
      - 
      #!/bin/sh
-# address verifier -- abort
-exit 100
-
      -
      -

      - Any other exit code, from 4 to 99 or 101 and above, behaves in the same way - as an exit code of 2. -

      - -

      - In this more complete example the verifier script accepts all addresses as - valid as long as they contain an at character: -

      - -
      - 
      #!/bin/sh
-# address verifier -- accept only if containing an at sign
-address="$1"
-expr "$address" : ".*@" > /dev/null || exit 2
-echo ""
-echo "$address"
-exit 1 # accept
-
      -
      -

      - As another example, this verifier script accepts all recipient addresses by - default but rejects remote addresses if the client has bypassed authentication - by connecting on a trusted IP address: -

      - -
      - 
      #!/bin/sh
-# address verifier
-if test "$1" = "--emailrelay-version" ; then echo 2.0 ; exit 0 ; fi
-address="$1"
-local_domain="$4"
-auth_mechanism="$5"
-host="`echo \"$address\" | sed 's/.*@//'`"
-if test "$auth_mechanism" = "none" -a "$host" != "$local_domain"
-then
-    echo "cannot relay without authentication"
-    exit 2 # reject the recipient address
-fi
-echo ""
-echo "$address"
-exit 1 # accept the recipient address
-
      -
      -

      - or written in JavaScript for Windows: -

      - -
      - 
      // verifier.js
-if( WScript.Arguments(0) === "--emailrelay-version" )
-{
-    WScript.Stdout.WriteLine( "2.0" ) ;
-    WScript.Quit( 0 ) ;
-}
-try
-{
-    var address = WScript.Arguments(0) ;
-    var local_domain = WScript.Arguments(3) ;
-    var auth_mechanism = WScript.Arguments(4) ;
-    var host = address.split(/@/)[1] || "" ;
-    if( ( auth_mechanism === "none" || !auth_mechanism ) && host !== local_domain )
-    {
-        WScript.Stdout.WriteLine( "cannot relay without authentication" ) ;
-        WScript.Quit( 2 ) ;
-    }
-    WScript.Stdout.WriteLine( "" ) ;
-    WScript.Stdout.WriteLine( address ) ;
-    WScript.Quit( 1 ) ;
-}
-catch( e )
-{
-    WScript.Stdout.WriteLine( "mailbox unavailable" ) ;
-    WScript.Stdout.WriteLine( e ) ;
-    WScript.Quit( 3 ) ;
-}
-
      -
      -

      - If this verifier script is used with a suitable --server-auth file then it - can be used to prevent open relay without restricting authenticated clients. -

      - -

      - It is also possible to verify addresses in a separate daemon process by using a - --address-verifier option of the form net:. In this case - E-MailRelay will connect to the specified verifier daemon over the network and - send address verification requests as lines with pipe-delimited fields. The - expected response is another pipe-delimited line containing the same - information as returned by verifier scripts but in reverse, such as - 0|postmaster|Local Postmaster or 2|mailbox unavailable. -

      -

      Connection blocking

      -

      - All incoming connections from remote network addresses are blocked by default, - but can be allowed by using the --remote-clients/-r option. This is to - guard against accidental exposure to the internet. -

      - -

      - Incoming SMTP connections can also be checked against DNSBL blocklists in order - to block connections from known spammers. Use the --dnsbl option to define a - list of DNSBL servers, together with a rejection threshold. If the threshold - number of servers 'deny' the incoming connection's network address then - E-MailRelay will drop the connection immediately. -

      - -

      - The --dnsbl configuration starts with the DNS server transport address and a - millisecond timeout, followed by the threshold and list of servers: -

      - -
      - 
      emailrelay -r --dnsbl 1.1.1.1:53,500,1,spam.example.com,block.example.com ...
-
      -
      -

      - A threshold of zero means that the DNSBL servers are consulted but connections - are always allowed. This can be combined with verbose logging (--log -v) - for initial testing. -

      - -

      - If the timeout period expires before a collective decision is reached then the - connection is allowed by default. This default behaviour can be changed by - using a negative timeout, but for finer control use a DNSBL proxy. -

      - -

      - Connections from loopback and private (RFC-1918) network addresses are never - checked. -

      -

      Security issues

      -

      - The following are some security issues that have been taken into consideration: -

      -

      Effective userid

      -
      - Suid privileges are revoked at start-up, switching the effective - userid/groupid to be the real userid/groupid values. If started as root - then the effective userid/groupid are switched at start-up to those of user - daemon. Special privileges are only reclaimed when needed to bind sockets - and do file i/o. Normally this means temporarily switching the userid and - groupid back to what they were at start-up. However, when writing spool files - after being started as root only the effective userid is changed, not the - groupid, so that new files have group ownership corresponding to the - daemon user. -
      -

      Execution environment

      -
      - The external filter programs are run with an almost empty set of environment - variables (PATH and IFS), and with no open file descriptors other than - stdin and stderr open onto /dev/null, and stdout open onto a pipe. -
      -

      Umask

      -
      - The program runs for most of the time with a umask of 077, switching to 007 - when creating spool files. -
      -

      Remote clients

      -
      - By default connections will be rejected if they come from remote machines. -
      -

      Remote configuration

      -
      - No configuration parameters can be changed through the administrative - interface. -
      -

      Use of exec() and system()

      -
      - No exec(), system() or popen() calls are used other than execve() to spawn the - mail filter and/or address verifier. -
      -

      File permissions

      -
      - After a normal installation the spool directory is has ownership of - root.daemon with permissions of -rwxrwxr-x and messages files are created - with permissions of -rw-rw----. This allows normal users to list messages - files but not read them. -

      - The emailrelay-submit program is given group ownership of daemon with its - group set-user-id flag set. This allows it to create message files in the - spool directory, and the files created end up owned by the submitter but with - group ownership of daemon. -
      -

      Logging

      -
      - Logging output is conditioned so that ANSI escape sequences cannot appear - in the log. -

      - Passwords and message content are not logged (except if using the --debug - option at run time with debug logging enabled at build time). -
      -

      Information leakage

      -
      - The --anonymous option can be used to reduce the amount of information - leaked to remote clients. -
      -

      Mandatory encryption

      -
      - When using PAM for authentication all clients are required to use - TLS/SSL encryption. -
      -

      - Security issues which relate to the SMTP protocol itself are beyond the scope - of this document, but RFC-2821 makes the following observation: "SMTP mail is - inherently insecure in that it is feasible for even [..] casual users to [..] - create messages that will trick a [..] recipient into believing that they came - from somewhere else. [..] Real [..] security lies [..] in end-to-end methods - [..] such as those which use digital signatures." -

      - -

      - The Authentication, PAM Authentication and TLS encryption sections - above also relate to security. -

      -

      Administration interface

      +

      Administration interface

      If enabled with the --admin command-line option, the E-MailRelay server will provide a network interface for performing administration tasks. This is a @@ -1551,62 +1940,186 @@ E-MailRelay> quit network status information and activity statistics, and notify enables asynchronous event notification.

      -

      Bcc handling

      +

      Connection blocking

      - E-MailRelay transfers e-mail messages without changing their content in any - way, other than by adding a Received header. In particular, if a message - contains a Bcc: header when it is submitted to the E-MailRelay server it - will have the same Bcc: header when forwarded. + All incoming connections from remote network addresses are blocked by default, + but can be allowed by using the --remote-clients or -r option. This is to + guard against accidental exposure to the internet.

      - It is normally the responsibility of the program that submits an e-mail - message to submit it separately for each Bcc recipient, removing the Bcc: - header from the message content or changing it to contain only the 'current' - recipient. If this is not done, perhaps through mis-configuration of the - e-mail user agent program, then Bcc recipients may be visible to the To - and Cc message recipients. + Incoming SMTP connections can also be checked against DNSBL blocklists in order + to block connections from known spammers. Use the --dnsbl option to define a + list of DNSBL servers, together with a rejection threshold. If the threshold + number of servers 'deny' the incoming connection's network address then + E-MailRelay will drop the connection immediately.

      - An E-MailRelay --filter script can be used to reject messages with incorrect - Bcc: headers, and an example script is included. + The --dnsbl configuration is a comma-separated list starting with a list of + DNSBL servers, optionally followed by the threshold, millisecond timeout and DNS + server transport address:

      -

      Routing

      + +
      + 
      emailrelay -r --dnsbl spam.example.com,block.example.com,1,500,1.1.1.1:53 ...
+
      +

      - E-MailRelay does not normally do any routing of e-mail messages; they are - all forwarded to a fixed smarthost address given by the --forward-to or - --as-client command-line options. + The threshold defaults to 1, the timeout defaults to a small number of seconds, + and the DNS server defaults to the first of the local system's configured + nameservers, so a simple list of DNSBL servers can be used: +

      + +
      + 
      emailrelay -r --dnsbl spam.example.com,block.example.com ...
+
      +
      +

      + For backwards compatibility the comma-separated fields can be reversed: +

      + +
      + 
      emailrelay -r --dnsbl 1.1.1.1:53,500,1,spam.example.com,block.example.com
+
      +
      +

      + A threshold of zero means that the DNSBL servers are consulted but connections + are always allowed. This can be combined with verbose logging (--log -v) for + initial testing: +

      + +
      + 
      emailrelay --log -v -r --dnsbl spam.example.com,block.example.com,0 ...
+
      +
      +

      + If the timeout period expires before a collective decision is reached then the + connection is allowed by default. This default behaviour can be changed by using + a negative timeout, so then unresponsive DNSBL servers might result in all + incoming connections being blocked: +

      + +
      + 
      emailrelay -r --dnsbl spam.example.com,block.example.com,1,-5000 ...
+
      +
      +

      + Connections from loopback and private (RFC-1918) network addresses are never + checked. +

      +

      POP server

      +

      + The POP protocol is designed to allow e-mail user agents to retrieve and delete + e-mail messages that have arrived at their final destination.

      - However, each message envelope file contains a ForwardToAddress field that - can be populated by filter scripts in order to route the message to some other - server. + The POP server in E-MailRelay is enabled with --pop and then --pop-auth to + point to the authentication secrets file. By default it serves up e-mail + messages that are in the main spool directory. However, having a POP client + delete messages in the E-MailRelay spool directory that would otherwise be + forwarded by SMTP is probably not a good idea. In this situation the + --pop-no-delete option can be used to make the POP delete command appear to + succeed but actually do nothing. This may confuse some POP clients resulting in + message duplication, but more capable user agents keep track of the messages + they have retrieved to avoid duplication.

      - If the ForwardTo field has any non-empty value then E-MailRelay runs its - client filter early to allow the client filter script to set or update the - ForwardToAddress before the outgoing connection is made. (The client filter is - run a second time as normal once the connection is made and the SMTP session has - been established.) + Another approach is to copy message files out of the main spool directory before + serving them up with POP, then the POP client can safely delete them without + affecting SMTP forwarding. The --pop-by-name option should be used to do this. + E-MailRelay will then serve up e-mail messages from a sub-directory of the main + spool directory, with the sub-directory name being just the name that the POP + client uses to authenticate.

      - Typically a --filter script would be used to examine the message content and - populate the ForwardTo field, then a --client-filter script would use - the ForwardTo value to populate the ForwardToAddress field with an up-to-date - forwarding address. + To get the e-mail message files into the --pop-by-name sub-directory a filter + script can be used. This should just copy the new envelope file and content file + into those sub-directories of the main spool directory for which there are + matching entries in the POP secrets file.

      - Note that a successful connection to the smarthost is required even if a message - is routed elsewhere. + To save disk space the POP server using --pop-by-name will look for content + files in the main spool directory if it cannot see the content file in the + sub-directory. In that case the POP delete command will delete the envelope + file from the sub-directory but only delete the content file if there are no + other envelope files with the same name in either the main spool directory or + any other sub-directory.

      -

      Files and directories

      +

      - On Unix-like systems E-MailRelay installs by default under /usr/local, but + Alternatively on Linux/Unix the filter script can copy content files using + hard links in order to save disk space. +

      + +

      + The built-in copy: filter can be used to support --pop-by-name. It copies + message files into all sub-directories (whether they have a matching POP account + or not) and by default it then deletes the original message files. To keep the + original files in the main spool directory so they can be forwarded use + copy:nodelete; to copy just the envelope file and leave the content file alone + use copy:pop; and to copy content files with hard links use copy:hardlink. + Remember to create matching sub-directories when adding users to the POP secrets + file. +

      + +

      + The built-in delivery: filter also works well with --pop-by-name. It copies + message files into sub-directories (now conceptually delivery mailboxes) + according to who the message is addressed to. This requires an address verifier + to interpret message recipient addresses as belonging to local users or not. See + Delivery above for more information. +

      +

      Run-time environment

      +

      + On Linux/Unix systems an E-MailRelay server started as root runs mostly with an + unprivileged effective user-id and group-id given by the --user command-line + option, defaulting to daemon. It switches back to root only when necessary + to access files, bind sockets etc. although when writing spool files only the + effective user-id is changed, not the group-id, so new files have group + ownership corresponding unprivileged user, even without the group sticky bit on + the directory. +

      + +

      + The program runs for most of the time with a umask of 077, switching to 007 + when creating files in the spool directory. After a normal installation the + spool directory has ownership of root.daemon with permissions of -rwxrwsr-x + so messages files are created with permissions of -rw-rw----. This allows + normal users to list messages files but not read them. +

      + +

      + The emailrelay-submit program normally has group ownership of daemon with + its group set-user-id flag set. This allows it to create message files in the + spool directory and the files created end up owned by the submitter but with + group ownership of daemon. +

      + +

      + External filters and address verifiers are executed as the unprivileged user and + they are given an almost empty set of environment variables (PATH and IFS), + and no open file descriptors other than stdin and stderr open onto + /dev/null, and stdout open onto a pipe. The execve() system call is used so + the security complications of system() or popen() are avoided. +

      + +

      + The effective user-id and group-id switching can be disabled by using + --user=root. +

      + +

      + On Windows all files are opened with the _SH_DENYNO option so they can be + accessed without sharing violations. +

      +

      Files and directories

      +

      + On Linux/Unix systems E-MailRelay installs by default under /usr/local, but binary distributions will probably have been built to install elsewhere.

      @@ -1624,7 +2137,7 @@ E-MailRelay> quit
    • e_icondir=<dir>
    • e_trdir=<dir>
    • e_initdir=<dir>
      • -
    • e_libexecdir=<dir>
      • +
    • e_libdir=<dir>
    • e_pamdir=<dir>
    • e_spooldir=<dir>
    • e_sysconfdir=<dir>
      • @@ -1638,12 +2151,14 @@ E-MailRelay> quit

      - For a directory structure conforming more closely to the File Hierarchy - Standard (FHS) use this configure command: + For a directory structure conforming more closely to the Linux File Hierarchy + Standard (FHS) use the configure.sh wrapper script:

      - 
      ./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib --sysconfdir=/etc e_initdir=/etc/init.d e_rundir=/run/emailrelay
+       
      ./configure.sh
+make
+sudo make install

      @@ -1664,10 +2179,10 @@ E-MailRelay> quit

      - Copyright (C) 2001-2022 Graeme Walker + Copyright (C) 2001-2023 Graeme Walker

      - + diff --git a/doc/reference.md b/doc/reference.md index 7a57d80..b3f271b 100644 --- a/doc/reference.md +++ b/doc/reference.md @@ -44,7 +44,13 @@ The `emailrelay` program supports the following command-line usage: Displays version information and then exits. -### [SMTP][] client options ### +### SMTP client options ### + +* \-\-client-smtp-config <config> (-c) + + Configures the [SMTP][] client protocol using a comma-separated list of optional + features, including 'pipelining', 'smtputf8strict', 'eightbitstrict' and + 'binarymimestrict'. * \-\-forward (-f) @@ -97,6 +103,12 @@ The `emailrelay` program supports the following command-line usage: Specifies a timeout (in seconds) for getting responses from remote SMTP servers. The default is 60 seconds. +* \-\-forward-to-all + + Requires all recipient addresses to be accepted by the remote server before + forwarding. This is currently the default behaviour so this option is for + forwards compatibility only. + * \-\-forward-to-some Allow forwarding to continue even if some recipient addresses on an e-mail @@ -125,8 +137,10 @@ The `emailrelay` program supports the following command-line usage: * \-\-address-verifier <program> - Runs the specified external program to verify a message recipent's e-mail - address. A network verifier can be specified as `net:`. + Runs the specified external program to verify a message recipient's e-mail + address. A network verifier can be specified as `net:`. The + `account:` built-in address verifier can be used to check recipient + addresses against the list of local system account names. * \-\-anonymous[=<scope>] (-A) @@ -135,7 +149,12 @@ The `emailrelay` program supports the following command-line usage: files, and stops the SMTP client protocol adding `AUTH=` to the `MAIL` command. For finer control use a comma-separated list of things to anonymise: `vrfy`, `server`, `content` and/or `client`, eg. - `--anonymous`=server,content. + `--anonymous=server`,content. + +* \-\-delivery-dir <dir> (-s) + + Specifies the base directory for mailboxes when delivering messages that + have local recipients. This defaults to the main spool directory. * \-\-dnsbl <config> @@ -181,7 +200,7 @@ The `emailrelay` program supports the following command-line usage: listening. When an interface name is decorated with a `-ipv4` or `-ipv6` suffix only their IPv4 or IPv6 addresses will be used (eg. `ppp0-ipv4`). To inherit listening file descriptors from the parent process on unix use a - syntax like this: `--interface`=smtp=fd#3,smtp=fd#4,pop=fd#5. + syntax like this: `--interface` smtp=fd#3,smtp=fd#4,pop=fd#5. * \-\-prompt-timeout <time> (-w) @@ -189,6 +208,12 @@ The `emailrelay` program supports the following command-line usage: SMTP server. If no prompt is received after this time then the SMTP dialog goes ahead without it. +* \-\-server-smtp-config <config> (-Z) + + Configures the SMTP server protocol using a comma-separated list of optional + features, including 'pipelining', 'chunking', 'smtputf8', and + 'smtputf8strict'. + * \-\-size <bytes> (-M) Limits the size of mail messages that can be submitted over SMTP. @@ -204,13 +229,13 @@ The `emailrelay` program supports the following command-line usage: * \-\-pop-by-name (-J) - Modifies the spool directory used by the POP server to be a sub-directory - with the same name as the POP authentication user-id. This allows multiple - POP clients to read the spooled mail messages without interfering with each - other, particularly when also using `--pop-no-delete`. Content files can - stay in the main spool directory with only the envelope files copied into - user-specific sub-directories. The `emailrelay-filter-copy` program is a - convenient way of doing this when run via `--filter`. + Modifies the POP server's spool directory to be the sub-directory with the + same name as the user-id used for POP authentication. This allows POP + clients to see only their own messages after they have been moved into + separate sub-directories typically by the built-in `deliver:` or `copy:` + filters. Content files can remain in the main spool directory to save disk + space; they will be deleted by the POP server when it deletes the last + matching envelope file. * \-\-pop-no-delete (-G) @@ -241,14 +266,18 @@ The `emailrelay` program supports the following command-line usage: * \-\-client-auth <file> (-C) Enables SMTP client authentication with the remote server, using the client - account details taken from the specified secrets file. The secrets file - should normally contain one line that starts with `client` and that line - should have between four and five space-separated fields; the second field - is the password encoding (`plain` or `md5`), the third is the user-id and - the fourth is the password. The user-id is [RFC-1891][] xtext encoded, and the - password is either xtext encoded or generated by `emailrelay-passwd`. If - the remote server does not support SMTP authentication then the SMTP - connection will fail. + account details taken from the specified secrets file. The secrets file + should normally contain one line having between four and five + space-separated fields. The first field must be `client`, the second field + is the password type (`plain` or `md5`), the third is the [xtext][]-encoded + user-id and the fourth is the xtext-encoded password. Alternatively, the + user-id and password fields can be [Base64][] encoded if the second field is + `plain:b`. It is also possible to do without a secrets file and give the + Base64 encoded user-id and password directly on the command-line or in the + configuration file formatted as `plain::`. + Note that putting these account details on the command-line is not + recommended because it will make the password easily visible to all users + on the local machine. * \-\-client-auth-config <config> @@ -268,8 +297,10 @@ The `emailrelay` program supports the following command-line usage: `server` in the first field; the second field is the password encoding (`plain` or `md5`), the third is the client user-id and the fourth is the password. The user-id is [RFC-1891][] xtext encoded, and the password is either - xtext encoded or generated by `emailrelay-passwd`. A special value of - `/pam` can be used for authentication using linux [PAM][]. + xtext encoded or generated by `emailrelay-passwd`. Alternatively, the + username and password can be Base64 encoded if the second field is + `plain:b`. A special value of `pam:` can be used for authentication using + linux [PAM][]. * \-\-server-auth-config <config> @@ -287,7 +318,7 @@ The `emailrelay` program supports the following command-line usage: Specifies a file containing valid POP account details. The file format is the same as for the SMTP server secrets file, ie. lines starting with `server`, with user-id and password in the third and fourth fields. A special value - of `/pam` can be used for authentication using linux PAM. + of `pam:` can be used for authentication using linux PAM. ### TLS options ### @@ -327,8 +358,8 @@ The `emailrelay` program supports the following command-line usage: Enables verification of the remote SMTP server's certificate against any of the trusted CA certificates in the specified file or directory. In many use cases this should be a file containing just your self-signed root - certificate. Specify `` for the TLS library's default set of - trusted CAs. + certificate. Specify `` (including the angle brackets) for the TLS + library's default set of trusted CAs. * \-\-client-tls-verify-name <cname> @@ -346,9 +377,9 @@ The `emailrelay` program supports the following command-line usage: Defines the TLS certificate file when acting as a SMTP or POP server. This file must contain the server's private key and certificate chain using the - PEM file format. Alternatively, use this option twice with the first one - specifying the key file and the second the certificate file. Keep the file - permissions tight to avoid accidental exposure of the private key. + PEM file format. Alternatively, use this option twice with the first + specifying the key file and the second the certificate file. Keep the file + permissions tight to avoid accidental exposure of the private key. * \-\-server-tls-connection @@ -366,8 +397,8 @@ The `emailrelay` program supports the following command-line usage: Enables verification of remote SMTP and POP clients' certificates against any of the trusted CA certificates in the specified file or directory. In many use cases this should be a file containing just your self-signed root - certificate. Specify `` for the TLS library's default set of - trusted CAs. + certificate. Specify `` (including the angle brackets) for the + TLS library's default set of trusted CAs. * \-\-tls-config <options> (-9) @@ -418,9 +449,11 @@ The `emailrelay` program supports the following command-line usage: * \-\-user <username> (-u) When started as root the program switches to a non-privileged effective - user-id when idle. This option can be used to define the idle user-id and - also the group ownership of new files and sockets. Specify `root` to - disable all user-id switching. Ignored on Windows. + user-id when idle or when running external filter scripts and address + verifiers. This option can be used to define the non-privileged user-id. It + also determines the group ownership of new files and sockets if the + directory owner is not 'sticky'. Specify `root` to disable all user-id + switching. Ignored on Windows. ### Logging options ### @@ -442,7 +475,7 @@ The `emailrelay` program supports the following command-line usage: Enables debug level logging, if built in. Debug messages are usually only useful when cross-referenced with the source code and they may expose - plaintext passwords and mail message content. + plain-text passwords and mail message content. * \-\-log-address @@ -476,20 +509,59 @@ The `emailrelay` program supports the following command-line usage: useful when operating as a background daemon and it is therefore implied by `--as-server` and `--as-proxy`. -A configuration file can be used to provide additional options; put each -option on a separate line, use the long option names but without the double -dash, and separate the option name from the option value with spaces. -All command-line options that specify a filename can use a special `@app` -substitution variable that is interpreted as the directory that contains -the `emailrelay` executable or MacOS application bundle. +Configuration +------------- +E-MailRelay is configured with command-line options and/or a configuration file. +The configuration filename is given as the last command-line parameter. + +A configuration file should contain command-line options without double dashes, +with each option on a separate line. The option name and the option value should +be separated with a space. For example: + + # emailrelay.conf + log + #verbose # commented out + spool-dir /tmp/spool + port 10025 + +All options that specify a filename can use a special `@app` substitution +variable that is interpreted as the directory that contains the `emailrelay` +executable or MacOS application bundle. + +It is possible to run multiple E-MailRelay instances in one process by prefixing +the `--spool-dir` option with an arbitrary name like `in` or `out`, ie. +`--in-spool-dir` and `--out-spool-dir`. Subsequent options like `--in-port` and +`--out-port` will then apply to the `in` and `out` instances separately. Any +options without a prefix will apply to the first instance and process-wide +options, including `--log`, `--verbose` `--no-daemon` and `--user`, will only +take effect if unprefixed or prefixed by the first instance name. For example: + + # emailrelay.conf + log + user root + # in... + in-spool-dir /var/spool/in + in-port 25 + in-remote-clients + in-filter account: + in-domain example.com + # out... + out-spool-dir /var/spool/out + out-port 587 + out-forward-on-disconnect + out-forward-to smtp.smarthost.com Message store ------------- -Mail messages are stored as text files in the configured spool directory. Each -e-mail message is represented as an envelope file and a content file. The -envelope file contains parameters relevant to the SMTP dialogue, and the -content file contains the [RFC-822][] headers and body text. +E-mail messages are stored as text files in the configured spool directory; each +message is represented as an envelope file and a content file. The envelope file +contains parameters relevant to the SMTP dialogue, and the content file contains +the [RFC-822][] headers and body text. + +Envelope files can be modified by external filter scripts as long as the basic +structure is retained, and some E-MailRelay features such as routing and client +account selection can only be accessed in this way. The filenames used in the message store have a prefix of `emailrelay`, followed by a process-id, timestamp and sequence number, and then `envelope` or @@ -501,11 +573,13 @@ The envelope file suffixes are: * `.new` \-\- while the envelope is first being written * `.busy` \-\- while the message is being forwarded * `.bad` \-\- if the message cannot be forwarded -* `.local` \-\- for copies of the envelope file for delivery to local recipients If an e-mail message cannot be forwarded the envelope file is given a `.bad` suffix, and the failure reason is written into the file. +Sub-directories of the main spool directory are sometimes used as mailboxes +containing e-mail messages that have been delivered to local e-mail recipients. + Forwarding ---------- Spooled e-mail messages can be forwarded at various times, depending on the @@ -513,92 +587,85 @@ command-line options: * when E-MailRelay first starts up (`--as-client` or `--forward`) * as each message is submitted, just before receipt is acknowledged (`--immediate`) -* as soon as the submitting client connection disconnects (`--forward-on-disconnect`) +* as soon as the submitting client disconnects (`--forward-on-disconnect`) * periodically (`--poll=`) * on demand using the administration interface's `forward` command (`--admin=`) * when a `--filter` script exits with an exit code of 103 These can be mixed. -When using `--as-client`, or `--dont-serve` and `--forward`, the spooled +When using `--as-client`, or `--dont-serve` with `--forward`, the spooled messages begin to be forwarded as soon as the program starts up, and the program terminates once they have all been sent. -By default all recipient e-mail addresses must be accepted by the remote server -when E-MailRelay forwards an e-mail message. If any one recipient is rejected -then the message will be left in the spool directory with a `.bad` suffix on -the envelope file. This behaviour can be changed by using `--forward-to-some` -command-line option so that forwarding will succeed for the valid recipients -and the failed message will contain the invalid ones. +Normally when an e-mail message is forwarded all the remote recipient e-mail +addresses must be accepted by the remote server (`--forward-to-all`). If any one +recipient is rejected then the message will be failed and left in the spool +directory with a `.bad` suffix on the envelope file. -Mail processing ---------------- -The `--filter` command-line option allows you to specify a mail processing -program which operates on e-mail messages as they pass through the E-MailRelay -system. The filter program is run as soon as the e-mail message has been stored -in the spool directory, with the full path of the content file and envelope -file put on the command-line. +However, if the `--forward-to-some` option is used then forwarding will succeed +for the valid recipients and the failed message will contain just the invalid +ones. (Future E-MailRelay releases might switch to `--forward-to-some` as the +default, so use `--forward-to-all` if that is what is required.) -For example, the following command will start a proxy server on port 587 -which processes mail using the specified filter program, and then forwards the -mail on to the system's default [MTA][] (on port 25): +If an address verifier has previously determined that all the recipient +addresses in an e-mail message are local then it will be failed immediately when +forwarding, before any interaction with the remote server. - emailrelay --as-proxy=localhost:smtp --port=587 --no-syslog \ - --filter=$HOME/myfilter --spool-dir=$HOME/spool +Filters +------- +The `--filter` command-line option can be used to specify a program or script +that operates on e-mail messages as they pass through the E-MailRelay system. +The filter program is run as soon as the e-mail message has been stored in the +spool directory, with the full path of the content file and envelope file put +on the command-line. + +For example, the following command will start E-MailRelay as a proxy server +on port 587 that processes mail using the specified filter program, and then +forwards it on to the local system's default [MTA][] on port 25: + + emailrelay --as-proxy=127.0.0.1:25 --port=587 --filter=@app/myfilter --spool-dir=@app/spool The filter program should terminate with an exit code of zero to indicate -success, or a value between 1 and 99 to indicate failure. Exit codes between -100 and 115 are reserved for special processing: 100 is used to abandon the -current e-mail message (so the filter can delete the files), and 103 has the -effect of requesting a rescan of the spool directory if forwarding is -enabled (typically to pick up on new messages that the filter program has -created). +success, or a value between 1 and 99 to indicate failure. -If the filter program terminates with a non-zero exit code then the first few -thousand characters of the standard output stream are searched for a line -starting with `<>` or `[[error text]]`. The text inside is taken -as a failure reason, and passed back to the SMTP client. A second error-text +When the filter program terminates with a non-zero exit code the envelope file +is given a `.bad` filename suffix so that it will not get picked up for +forwarding and the first few thousand characters of the filter's standard output +stream are searched for a line starting with `<>` or +`[[error text]]`. The text inside is taken as a failure reason and passed back +to the SMTP client and also written into the envelope file. A second error-text line can be used for additional diagnostics that will not be visible to the remote client. +Filter exit codes between 100 and 115 are reserved for special processing: 100 +is used to abandon the current e-mail message so the filter can safely delete +the message files, and 103 has the effect of requesting a rescan of the spool +directory if forwarding is enabled, typically to pick up on new messages that +the filter program has created. + The filter program can edit any part of the e-mail message's envelope file or content file: E-MailRelay remembers nothing about the e-mail message while the filter is running except the filename. However, if the message is deleted by -the filter program then E-MailRelay will complain, so to avoid the error -message use an exit code of 100. - -If the filter program creates completely new e-mail messages in the spool -directory then they may not be processed immediately, or they may be completely -ignored. To get E-MailRelay to pick up any new messages you create in the -spool directory use the special 103 exit code, or rely on the `--poll` -mechanism, or perhaps run `emailrelay --as-client` from within the filter -program. +the filter program then it should use an exit code of 100 to avoid spurious +warning messages. As an example of a simple filter program processor this shell script examines -the sending client's IP address and conditionally passes the message into -`sendmail` (using the sendmail command-line interface rather than SMTP): +the message envelope and deletes the e-mail message if it has come from a +particular IP address: #!/bin/sh # filter.sh - content="${1}" - envelope="${2}" - ip="`awk '/MailRelay-Client:/ {print $2;exit}' \"${envelope}\"`" - if test "${ip}" = "192.168.0.2" + content="$1" + envelope="$2" + ip="`sed -n -e '/MailRelay-Client:/{p;q}' \"$envelope\"`" + if test "$ip" = "192.168.0.2" then - /usr/sbin/sendmail -t < "${content}" - rm -f "${envelope}" "${content}" - exit 100 # <= cancel further processing by emailrelay + rm -f "$envelope" "$content" + exit 100 # <= cancel further processing fi exit 0 -The first thing this script does is convert the path of the content file which -it is given, into the corresponding envelope file. It then extracts the -client's IP address out of the envelope file using `awk`. If this matches the -fixed address then it pipes the message content into sendmail, deletes the -e-mail message and exits with a value of 100. The exit value of 100 tells -E-MailRelay to forget the message, and not to complain about the files -disappearing. - For Windows this example can be rewritten in JavaScript: // filter.js @@ -612,8 +679,6 @@ For Windows this example can be rewritten in JavaScript: var ip = e.match(re)[1] ; if( ip === "192.168.0.2" ) { - var sh = WScript.CreateObject( "Wscript.Shell" ) ; - sh.Run( "sendmail " + content ) ; // bogus fs.DeleteFile( content ) ; fs.DeleteFile( envelope ) ; WScript.Quit( 100 ) @@ -630,23 +695,34 @@ Either forward-slashes or back-slashes can be used. E-MailRelay also has a `--client-filter` option that enables processing of e-mail messages just before they are forwarded, rather than after they are -stored. The disadvantage is that by then it is too late to notify the -submitting SMTP client of any processing failures, so in many store-and-forward -applications using `--filter` is more useful. The special exit code of 100 can -be used to ignore the current message, and 102 to stop scanning for more -spooled messages after processing the current one (eg. for simple -rate-limiting). +stored. The disadvantage is that by then it is too late to notify the submitting +SMTP client of any processing failures so in many store-and-forward applications +using `--filter` is more useful. The special exit code of 100 can be used to +ignore the current message, and 102 to stop scanning for more spooled messages +after processing the current one (eg. for simple rate-limiting). Bear in mind the following points when writing `--filter` programs: -* The standard input and output are not used; the message filename is passed on the command-line. +* The standard input and output are not used; the message filenames are passed on the command-line. * Programs are run with a reduced set of environment variables. -* E-MailRelay files use CR-LF line terminators, as required by the RFCs. -* Envelope files will have a file extension of `.new` or `.busy` when the program runs. -* Windows scripts may need to be run via `cscript` or a batch file wrapper. +* Message files use CR-LF line terminators. +* Envelope files will have a file extension of `.new` or `.busy` when the filter runs. +* Content files on Linux/Unix might be hard-linked if using `--filter=split:`. +* On Linux/Unix the filter runs as an unprivileged user unless using `--user=root`. + +Network filters +--------------- +E-MailRelay filters are normally external programs or scripts that operate on +the message files in the spool directory, but filters can also be network +servers. + +### net: ### + +To use a network server as a filter the `--filter` or `--client-filter` option +should start with `net:` followed by the address of the server: + + --filter=net:localhost:10101 -It is also possible to do message filtering in a separate process by using -`net:` as the `--filter` or `--client-filter` option parameter. E-MailRelay connects to this address and then uses a simple line-based dialog as each e-mail message is processed: it sends the full path of the message content file in one line and expects the remote process to respond with an `ok` @@ -654,14 +730,323 @@ line if the message is to be accepted or an error message. If the error message contains a tab character then anything after the tab character is logged but otherwise ignored. -Alternatively, use `spam:` or `spam-edit:` to connect -to a SpamAssassim `spamd` server, or use `exit:` for simulating a -filter program that just does an exit with the specified exit code. +E-MailRelay is responsible for maintaining the connection to the `net:` server +so the server should not normally disconnect after responding. + +### spam: ### + +It is also possible to use a SpamAssassin `spamd` server as an E-MailRelay +network filter by using `spam:` or `spam-edit:` instead of `net:`. + +Eg: + + --filter=spam-edit:127.0.0.1:783 + +Using `spam:` means that the e-mail message will be rejected outright if it +fails the SpamAssassin tests, whereas with `spam-edit:` the message content is +edited by SpamAssassin to hide the spam content within an attachment. + +Built-in filters +---------------- +E-MailRelay has a few built-in filters. + +### exit: ### + +The simplest is the `exit:` filter that simulates a filter program that exits +immediately with a specific exit code: + + --filter=exit:103 + +This is useful for the special exit codes, such as exit code 103 which requests +a rescan of the spool directory for forwarding. + +### copy: ### + +The `copy:` filter copies the e-mail message's envelope and content files into +all the sub-directories of the main spool directory and then deletes the +original: + + --filter=copy: + +The `copy:` filter will not copy into a `postmaster` sub-directory or into any +sub-directory with a name starting with a dot. + +If any destination directories have `new`, `tmp` and `cur` sub-directories then +they are treated as [maildir][] mailboxes. + +To save disk space the content files can be hard-linked by using `copy:hardlink` +(Linux/Unix only) or they can stay in the main spool directory by using +`copy:pop`. The `copy:pop` option is normally used with `--pop-by-name`: + + --filter=copy:pop --pop --pop-by-name --pop-auth=... + +### deliver: ### + +The `deliver:` filter is used to deliver copies of incoming e-mail messages into +a separate mailbox directory for each message recipient where the address +verifier has supplied a local mailbox name: + + --filter=deliver: + +If the message has no local recipients then the filter does nothing. If it has +only local recipients then it will be deleted once it has been copied into +mailboxes. + +The delivery base directory defaults to the main spool directory but it can be +overridden with the `--delivery-dir` option: + + --filter=deliver: --delivery-dir=@app/mailboxes --spool-dir=@app/spool + +Optional semi-colon separated parameters can be used to modify its behaviour: + + --filter="deliver:hardlink;no_delete" + +See `Delivery` below for more details. + +### split: ### + +The `split:` filter can be used when outgoing e-mail messages need to be routed +to different next-hop servers according to the recipient addresses. The filter +examines the domain part of the recipient addresses in the SMTP envelope file +and if there is more than one domain then the message is copied so that each +copy relates to a single domain. It then copies the recipient address's domain +name into the `ForwardTo` field within the envelope file. + +Note that if new messages are created by the `split:` filter then they will not +be processed by any other server filters. + +Domain name comparisons are case-insensitive by default. For exact comparisons +use `split:raw`. This might be useful if an address verifier has already +sanitised the recipient addresses. + +On Linux/Unix the content file copies will be hard links where possible. + +### mx: ### + +The `mx:` filter performs a DNS MX lookup on any `ForwardTo` domain given in +the envelope file and stores the resulting IP address in the +`ForwardToAddress` field. The `ForwardTo` field can optionally have a colon +separated numeric port number. + +The `mx:` filter should normally be run as a client filter (`--client-filter`) +so that the IP address is up-to-date when the forwarding connection is made. + +The `split:` and `mx:` filters work together to implement message routing: + + --filter=split: --client-filter=mx: + +By running as a client filter the `mx:` filter will pick up any new messages +created by `split:`. + +The filter can be configured with optional address for the DNS server after +the `mx:` string: + + --client-filter="mx:127.0.0.1:53" + +If the DNS server responds with a forwarding address of `0.0.0.0` then the +`ForwardToAddress` will be cleared and the message will be forwarded to the +default `--forward-to` address. + +See `Routing` below for more details. + +### msgid: ### + +The `msgid:` filter adds a [RFC-822][] `Message-ID` header to the content file if it +does not have one already. + +Address verifiers +----------------- +By default the E-MailRelay server will accept all recipient addresses for +incoming e-mails as valid. This default behaviour can be modified by using an +external verifier program, specified with the `--address-verifier` command-line +option, so the verifier can choose which recipient addresses are accepted as +valid and which are rejected. + +Address verifiers can also be used to identify recipient addresses that are +local addresses with an associated mailbox. + +The verifier program is passed a command-line containing: (1) the recipient +e-mail address as supplied by the remote client, (2) the `from` e-mail address +as supplied by the client, or the empty string in the case of the `VRFY` +command, (3) the IP address and port of the far end of the client +connection, (4) the local fully qualified domain name, (5) the authentication +mechanism used by the client (if any, and `none` if trusted), and (6) either +the authentication name or the fourth field from authentication secrets file +if a trusted IP address. + +So, for example, a verifier program called `myverifier` might be run as if with +the following command-line: + + myverifier bob@local.net alice@example.com 192.168.0.1:123 local.net login alice + +The verifier program should generate two lines of output on the standard output +stream and then terminate with a specific exit code. + +For valid addresses the first line of output is ignored, the second line should +normally be copied from the first command-line argument, and the exit value +should be one. + + #!/bin/sh + # address verifier -- accept all (252) + echo "" + echo "$1" + exit 1 + +The address verifier can also modify a recipient address, for example by +converting to lower-case: + + #!/bin/sh + # address verifier -- accept all and normalise (252) + echo "" + echo "$1" | tr '[A-Z]' '[a-z]' + exit 1 + +The modified recipient address is stored in the envelope file and will be used +as the SMTP SEND-TO address when the message is forwarded. + +If the address verifier identifies a recipient address as being a local user +with an associated mailbox then it should write two lines to the standard +output \-\- the full name associated with the mailbox (only used in the response +to the VRFY command), and the mailbox name used for message delivery \-\- and then +exit with a value of zero. + + #!/bin/sh + # address verifier -- accept as local (250) + echo Local Postmaster '' + echo postmaster + exit 0 + +Messages with recipient addresses that have been identified as local can be +delivered to the relevant mailbox by a filter such as the built-in `deliver:` +filter. Local recipient addresses are ignored when a message is forwarded by the +SMTP client. + +For invalid addresses the verifier's exit value should be non-zero and the first +line of output will be taken as the error response sent to the remote client. An +optional second output line can be used for diagnostic information that gets +recorded in the E-MailRelay log file. + + #!/bin/sh + # address verifier -- reject as invalid (550) + echo invalid mailbox: $1 + exit 2 + +To indicate a temporary failure this can be changed to an exit code of 3. + + #!/bin/sh + # address verifier -- reject as temporarily invalid (450) + echo mailbox unavailable: $1 + exit 3 + +If the verifier exit code is 100 then the connection is aborted immediately, +which may be useful in limiting the impact of denial of service attacks. + + #!/bin/sh + # address verifier -- abort + exit 100 + +Any other exit code, from 4 to 99 or 101 and above, behaves in the same way +as an exit code of 2. + +On Windows address verifier scripts can be written in JavaScript, something +like this: + + // verifier.js + try + { + var address = WScript.Arguments(0) ; + var local_domain = WScript.Arguments(3) ; + var auth_mechanism = WScript.Arguments(4) ; + var user = address.split(/@/)[0] || "" ; + var domain = address.split(/@/)[1] || "" ; + if( user === "postmaster" ) + { + WScript.Stdout.WriteLine( "Postmaster " ) ; + WScript.Stdout.WriteLine( "postmaster" ) ; + WScript.Quit( 0 ) ; // accept for delivery to mailbox "postmaster" + } + else if( domain !== "example.com" ) + { + WScript.Stdout.WriteLine( "invalid domain" ) ; + WScript.Quit( 2 ) ; // reject (550) + } + else + { + WScript.Stdout.WriteLine( "" ) ; + WScript.Stdout.WriteLine( address ) ; + WScript.Quit( 1 ) ; // accept + } + } + catch( e ) + { + WScript.Stdout.WriteLine( "mailbox unavailable" ) ; + WScript.Stdout.WriteLine( e ) ; + WScript.Quit( 3 ) ; + } + +Address verifier servers +------------------------ +E-MailRelay address verifiers are normally external programs or scripts but it +is also possible to do address verification in a separate network server if +the `--address-verifier` option starts with `net:` followed by the network +address and port number. + +Eg: + + --address-verifier=net:127.0.0.1:10101 + +In this case E-MailRelay will connect to the specified verifier daemon over the +network and send address verification requests as lines with pipe-delimited +fields. The expected response is another pipe-delimited line containing the same +information as returned by verifier scripts but in reverse, such as +`0|postmaster|Local Postmaster ` or +`2|mailbox unavailable`. + +E-MailRelay is responsible for maintaining the connection to the `net:` server +so the server should not normally disconnect after responding. + +Built-in address verifiers +-------------------------- +There is one built-in address verifier called `account:`. + +### account: ### + +The `account:` verifier does validation of recipient address against system +account names and the network domain or `--domain` value. For example, it will +accept `alice@example.com` only if there is a local system account called +`alice` and the local fully-qualified domain name is `example.com`. + +Eg: + + --address-verifier=account: --domain=example.com + +The `account:` verifier can have one or more semi-colon separated configuration +parameters following the verifier name, including a user-id range (defaulting to +1000-32767) that is used to obtain the list of system account names and +`lowercase` to convert upper-case 7-bit characters in the system account name to +lower-case, `check` and `remote`. + +Eg: + + --address-verifier="account:1000-1002;lc" --domain=example.com + +With the `check` parameter the verifier will test whether the recipient address +is a local account but always accept the address as valid, whether it is a local +account or not. This is useful for outgoing traffic where local recipients can be +delivered immediately without being sent to the next-hop SMTP server. + +Eg: + + --address-verifier=account:check --domain=example.com --delivery-dir=@app/in + +With the `remote` parameter the recipient address is valid only if it is a local +account but it is treated as not local so that the e-mail message will be +available for forwarding rather than delivery. Authentication -------------- -E-MailRelay can perform `client-side` authentication when connecting to remote -SMTP servers, and `server-side` authentication when remote clients connect to +E-MailRelay can perform 'client-side' authentication when connecting to remote +SMTP servers, and 'server-side' authentication when remote clients connect to the E-MailRelay server. SMTP authentication is enabled with the `--client-auth` and `--server-auth` @@ -675,6 +1060,11 @@ The client-side secrets file specified with `--client-auth` is used when E-MailRelay acts as a client to talk to a remote server. The file should contain at least one `client` entry. +It is also possible to give the client authentication details directly by +specifying `plain::` as the `--client-auth` +value. This is not recommended because it exposes the account details +through the process table, command-line history, etc. + The server-side secrets file specified with `--server-auth` is used when a remote client tries to authenticate with the E-MailRelay server. The file should normally contain several `server` entries, one for each remote client. @@ -687,74 +1077,88 @@ The same secrets file may be specified for both `--client-auth` and The secrets file has a line-based format: blank lines are ignored and the hash character (#) is used for comments. -Lines have four white-space delimited fields: +Lines have four or five white-space delimited fields: * `client-or-server` * `password-type` * `userid` * `password` +* `client-account-selector` (client-side, optional) The `client-or-server` field must be `client` or `server`; the `password-type` field should be `plain` or `md5`; the `userid` field is xtext-encoded user identifier; and the `password` field is the xtext-encoded plain password -or a base64-encoded `HMAC-MD5` state. For `client` lines the password-type can -also be `oauth`. +or a base64-encoded `HMAC-MD5` state from `emailrelay-passwd`. For `client` +lines the password-type can also be `oauth`. -The `xtext` encoding scheme is defined properly in [RFC-3461][], but basically it -says that non-alphanumeric characters (including space, `+`, `#` and `=`) should -be represented in uppercase hexadecimal ascii as `+XX`. So a space should be -written as `+20`; `+` as `+2B`; `#` as `+23`; and `=` as `+3D`. +For example: -Base64 encoding can be used instead of xtext encoding for the user identifier -and plain password by replacing `plain` by `plain:b`. - -Note that modern email services will expect userids and passwords containing -non-ASCII characters to use UTF-8 encoding with [RFC-4013][] normalisation applied. - -Authentication proceeds according to an authentication 'mechanism' that is -advertised by the server and selected by the client. Many authentication -mechanisms have been defined and standardised, and the simplest ones just -exchange a username and plaintext password. E-MailRelay supports the PLAIN, -LOGIN and CRAM-MD5 mechanisms for both client-side and server-side -authentication as a minimum, but other mechanisms might be built in or -available via PAM (see below). - -The PLAIN, LOGIN and CRAM-MD5 mechanisms can use plaintext passwords, stored -in the secrets file using a password-type of `plain`. In addition, the -CRAM-MD5 mechanism can also make use of hashed passwords generated by the -`emailrelay-passwd` program and these are stored in the secrets file with a -password-type of `md5`. (Hashed passwords are marginally more secure because -the plaintext password which might be used on other accounts is not easily -recovered. However, hashed passwords can only be used for HMAC authentication -mechanisms that are based on the same hash function.) The XOAUTH2 mechanism -can be used for client-side authentication using tokens that have been -recently obtained from a third-party authentication server and added to the -secrets file with a password-type of `oauth`. - -In the following example `bob` is the username that E-MailRelay uses when -it authenticates with a remote SMTP server, and two usernames (`alice` and -`carol`) can be used by remote clients when they authenticate with the -E-MailRelay server: - - # # emailrelay secrets file - # client plain bob password123 server plain alice e+3Dmc2 server plain carol my+20password -Using `MD5` hashes the same users would look like this: +The `xtext` encoding scheme is defined properly in [RFC-3461][], but basically it +says that non-alphanumeric characters (including space, `+`, `#` and `=`) should +be represented in uppercase hexadecimal ASCII as `+XX`. So a space should be +written as `+20`; `+` as `+2B`; `#` as `+23`; and `=` as `+3D`. + +Base64 encoding can be used instead of xtext encoding by replacing `plain` by +`plain:b`: + + # emailrelay secrets file + client plain:b Ym9i cGFzc3dvcmQxMjM= # bob + server plain:b YWxpY2U= ZT1tYzI= # alice + server plain:b Y2Fyb2w= bXkgcGFzc3dvcmQ= # carol + +Note that modern email services will expect user-ids and passwords containing +non-ASCII characters to use UTF-8 encoding with [RFC-4013][] normalisation. + +Multiple client accounts can be defined in the secrets file by using a fifth +field as an account selector. When an e-mail message is forwarded the +authentication account is chosen by matching the `ClientAccountSelector` in the +message envelope file (as set by a filter) with the account selector in the +secrets file: + + # emailrelay secrets file + client plain bob password123 # no selector, authenticate as bob + client plain alice e+3Dmc2 use_alice # selector 'use_alice' + client plain:b = = noauth # selector 'noauth', no authentication + +Authentication proceeds according to an authentication 'mechanism' that is +advertised by the server and selected by the client. Many authentication +mechanisms have been defined and standardised, and the simplest ones just +exchange a username and plain-text password. E-MailRelay supports the PLAIN, +LOGIN and CRAM-MD5 mechanisms for both client-side and server-side +authentication as a minimum, with XOAUTH2 on for client-side authentication. +Other mechanisms might be built in or available via PAM (see below). + +The PLAIN, LOGIN and CRAM-MD5 mechanisms can use plain-text passwords, stored +in the secrets file using a password-type of `plain`. In addition, the +CRAM-MD5 mechanism can also make use of hashed passwords generated by the +`emailrelay-passwd` program and these are stored in the secrets file with a +password-type of `md5`. + +Hashed passwords are marginally more secure because the plain-text password +which might be used on other accounts is not easily recovered. However, hashed +passwords can only be used for HMAC authentication mechanisms that are based on +the same hash function. + +Using `MD5` hashes the example secrets file would look like this: - # # emailrelay secrets file - # client md5 bob 9N2IRYVXqu7SkOW1Xat+wpR9NbA2R6fb61XlmqW+46E= server md5 alice v1HOpuLIbbvgoJjhueeoqwfvtIp2C+gMA285ke+xxow= server md5 carol x6UJKQF9f7HfhS1M+PW4s8rXIoT+L+WoqLz+rBwSKbw= +The XOAUTH2 mechanism can be used for client-side authentication using tokens +that have been recently obtained from a third-party authentication server and +added to the secrets file with a password-type of `oauth`. + When the `--server-auth` option is used clients must authenticate with the -E-MailRelay server but it is possible to configure some client IP addresses as -'trusted' so that connections from these addresses do not have to authenticate. +E-MailRelay server before they can send e-mail, but it is possible to configure +some client IP addresses as 'trusted' so that connections from these addresses +do not have to authenticate. Trusted IP addresses are configured with lines in the secrets file having `server` in the first field, `none` in the second field, a wildcarded IP @@ -766,11 +1170,9 @@ purpose. Wildcarded IPv4 addresses can use a format like 192.168.0.0/24 or For example, this secrets file allows any client connecting over IPv4 from the 192.168.0.0/24 address range, or over IPv6 from the fe80::/64 or fc00::/7 -ranges, to connect without authentication: +ranges, to submit mail without requiring authentication: - # # emailrelay secrets file - # server none 192.168.0.* localipv4 server none fe80::/64 localipv6 server plain alice e+3Dmc2 @@ -780,8 +1182,7 @@ On the client side, authentication is performed when E-MailRelay connects to a server that implements the SMTP AUTH extension with one of the supported mechanisms. If client-side authentication is required but the remote server does not support the AUTH extension, or does not support mechanisms for which -E-MailRelay has secrets, then an error will be logged and no messages will be -forwarded. +E-MailRelay has secrets, then forwarding will fail. When E-MailRelay successfully authenticates with the remote server the authentication name is passed as the AUTH parameter of the SMTP MAIL FROM @@ -829,7 +1230,7 @@ Similarly, when using `--server-tls-connection` the E-MailRelay server will expect all connections to be using TLS from the start, so the whole SMTP dialogue is encrypted, without the need for `STARTTLS`. -PAM Authentication +PAM authentication ------------------ E-MailRelay on Linux supports the use of PAM (Pluggable Authentication Modules) for authentication if it has been built with the `--with-pam` configure option. @@ -838,7 +1239,7 @@ PAM authentication can be used to authenticate SMTP and POP connections coming in from remote clients; it cannot be used by E-MailRelay to supply passwords when acting as an SMTP client. -Use `--server-auth=/pam` and/or `--pop-auth=/pam` on the command-line to use +Use `--server-auth=pam:` and/or `--pop-auth=pam:` on the command-line to use PAM authentication for SMTP and POP respectively. The E-MailRelay server will then advertise an SMTP authentication mechanism of PLAIN and do the actual authentication via PAM. @@ -856,6 +1257,115 @@ read the shadow password database, so run the server as `root` and also add the `--user=root` command-line option to make sure that the process's effective user-id stays as `root` while it accesses the PAM system. +Routing +------- +E-MailRelay is often used to store-and-forward e-mail messages, with the +forwarded messages going to a `smarthost` for onward routing. (The smarthost +address is given by the `--forward-to` or `--as-client` command-line option.) + +However, E-MailRelay can also be used to route outgoing e-mail messages directly +to their final destinations without needing a smarthost. + +The `ForwardToAddress` field in every message envelope file is normally empty +but it can be populated by a filter script to activate message routing. If +E-MailRelay sees a transport address in the `ForwardToAddress` field when a +message is being forwarded then it will connect to that address rather than the +default `--forward-to` address from the command-line or configuration +file. And if every message is given a `ForwardToAddress` then the command-line +`--forward-to` address will not be used at all so it can be a dummy server on +the local machine. + +The `ForwardToAddress` should normally be an IP address and port number obtained +from a MX DNS query but it can also be a domain name and port number, in which +case a normal A or AAAA DNS lookup is used to determine the network address. + +Normal e-mail routing is done according to the domain names in the message +recipient addresses (so a message to `alice@example.com` gets routed to +`example.com:25`) and using MX DNS lookups. But if there are multiple recipients +with different domain names then the message will have to be split up into +independent copies. This means that normal e-mail routing is best done in two +stages: first use a filter to split the message into independent copies grouped +by domain, and then use a client filter to do MX DNS lookups on those domain +names to populate the `ForwardToAddress`. + +(The built-in `split:` filter can be used to split messages by recipient domain +and store the domain name in the `ForwardTo` envelope field.) + +If E-MailRelay sees a `ForwardTo` value in the envelope file when it is +forwarding a message and if there is a defined `--client-filter` then the filter +will be run early so that it can populate a `ForwardToAddress` before connecting +to the remote server. The contents of the `ForwardTo` field is not interpreted +by E-MailRelay itself; it causes the client filter to run early but then it is +up to the filter to make use of its value. + +(The built-in `mx:` filter can be used to do a MX DNS lookup on the `ForwardTo` +domain and fill in the `ForwardToAddress`.) + +Connection failures do not cause messages to fail so any messages routed to +unavailable addresses will stay in the spool directory. Use `--poll` to make +sure that these messages are retried and check the spool directory for old +messages files from time to time. + +If routed SMTP connections need to authenticate using different client account +details then the filter that sets the `ForwardToAddress` in the message envelope +file should also populate the `ClientAccountSelector` field. The selector value +in the envelope is used to pick one of the `client` rows in the client secrets +file having a matching fifth field. + +Delivery +-------- +When running in store-and-forward applications E-MailRelay does not concern +itself with message delivery; every e-mail message ends up in the main spool +directory without regard to the recipient addresses. However, it is quite easy +to write a `delivery` filter that examines the recipient addresses in each +message's envelope file and copies the message files into a separate `mailbox` +for each recipient. + +A `mailbox` is normally just a sub-directory of the main spool directory with a +name derived from the first part of the recipient address. It is traditional to +have a catch-all mailbox called `postmaster` for unrecognised names. + +Deriving a suitable mailbox name from the recipient address is best done by an +address verifier. The address verifier can check each recipient address, mapping +it to a mailbox name which then gets written to the envelope file's `To-Local` +list. After that the delivery filter just has to copy the message files into the +designated mailbox. + +Once e-mail messages have been delivered into separate mailboxes they can be +accessed by individual users using POP with the `--pop-by-name` option. When a +user's e-mail user agent retrieves messages using POP it supplies a user-id for +authentication purposes and E-MailRelay will use this user-id to select the +appropriate mailbox from which to serve up e-mails. + +Delivery is normally only relevant to incoming messages being received from +external systems, but it might also be desirable for outgoing messages that are +addressed to local users. For these messages is makes sense to deliver them +straight into incoming mailboxes rather have them forwarded to the smarthost and +then come back in again. + +### deliver: ### + +The built-in `deliver:` filter does message delivery to the mailboxes associated +with any local recipient addresses. Once an address verifier has identified +one or more of the recipient addresses as local and the mailbox names have been +written into the envelope file the `deliver:` filter copies the message files +into the mailbox sub-directories. If all the recipient addresses were local then +the filter deletes the original message from the spool directory. + +Eg: + + --address-verifier=account: --filter=deliver: + +The `deliver:` filter creates mailbox directories as necessary, but if the +mailbox directory already exists and has `new`, `tmp` and `cur` sub-directories +within it then it is treated as a `maildir` mailbox. In this case the content +file (only) is copied into the `cur` sub-directory. This can be useful for +serving up messages with an [IMAP][] server such as [dovecot][]. + +Mailboxes are normally sub-directories of the spool directory, but the +`--delivery-dir` command-line option can be used to provide the `deliver:` +filter with a different base directory. + IP addresses ------------ By default the E-MailRelay server listens for connections on the wildcard IPv4 @@ -934,10 +1444,23 @@ Eg: --as-client ipv4or6.example.com:25 --client-interface 0.0.0.0 --as-client ipv4or6.example.com:25 --client-interface :: +Socket activation +----------------- +On Linux/Unix systems E-MailRelay can be passed open listening file descriptors +at start-up by using the `--interface` option with a value like fd#3. This +allows a service management system to do the initial listening and only start up +the E-MailRelay server when a connection comes in. Systemd calls this "socket +activation". + +Eg: + + --interface=fd#4 + --interface=smtp=fd#5,pop=fd#6 + Unix domain sockets ------------------- -E-MailRelay on Unix will listen on unix-domain sockets instead of IPv4 or IPv6 -if the `--interface` option is given as an absolute file-system path: +E-MailRelay on Linux/Unix will listen on unix-domain sockets instead of IPv4 or +IPv6 if the `--interface` option is given with an absolute file-system path: Eg: @@ -967,9 +1490,9 @@ Eg: SOCKS ----- -E-MailRelay can use a [SOCKS][] 4a proxy for establishing outgoing SMTP -connections; just append the SOCKS proxy address to the SMTP server's address, -separated by `@`. +E-MailRelay can use a [SOCKS][] 4a proxy for establishing outgoing SMTP connections; +just append the SOCKS proxy address to the SMTP server's address, separated by +`@`. For example, this could be used to send e-mails via the Tor network, assuming there is a local Tor node running on port 9050: @@ -980,276 +1503,15 @@ The Tor system will then be used to resolve the `example.com` domain name and establish the connection. The target SMTP server will see a connection coming from the Tor exit node rather than from the E-MailRelay server. -Address verification --------------------- -By default the E-MailRelay server will accept all recipient addresses for -incoming e-mails as valid. This default behaviour can be modified by using an -external verifier program, specified with the `--address-verifier` command-line -option, so that you get to choose which recipient addresses are accepted as -valid and which are rejected. - -Your verifier program is passed a command-line containing: (1) the recipient -e-mail address as supplied by the remote client, (2) the `from` e-mail address -as supplied by the client, or the empty string in the case of the `VRFY` -command, (3) the IP address and port of the far end of the client -connection, (4) the local fully qualified domain name, (5) the authentication -mechanism used by the client (if any, and `none` if trusted), and (6) either -the authentication name or the fourth field from authentication secrets file -if a trusted IP address. - -So, for example, a verifier program called `myverifier` might be run as if with -the following command-line: - - myverifier bob@local.net alice@example.com 192.168.0.1:123 local.net login alice - -The verifier program is expected to generate two lines of output on the -standard output stream and then terminate with a specific exit code. - -For future-proofing a verifier should report a version number of `2.0` if called -with a command-line starting with `--emailrelay-version`. - -For valid addresses the first line of output is ignored, the second line should -be copied from the first command-line argument, and the exit value should be -one. - - #!/bin/sh - # address verifier -- accept all (252) - echo "" - echo $1 - exit 1 - -If the address is valid but it should be delivered to a local mailbox rather -than forwarded then the verifier program should write two lines to the standard -output \-\- the full name associated with the mailbox, and the canonical mailbox -name \-\- and then exit with a value of zero. - - #!/bin/sh - # address verifier -- accept as local (250) - echo Local Postmaster '' - echo postmaster - exit 0 - -For E-MailRelay local delivery just means that the message files in the spool -directory are copied to files with a `.local` filename suffix. If all the -envelope recipients are local-mailboxes then no normal message files are -created. This mechanism can be used to create a separate channel for -administrative messages such as delivery reports. - -For invalid addresses the exit value should be non-zero and the first line -of output is the error response. A second output line can be used for -diagnostic information that gets put into the E-MailRelay log file. - - #!/bin/sh - # address verifier -- reject as invalid (550) - echo invalid mailbox: $1 - exit 2 - -To indicate a temporary failure this can be changed to an exit code of 3. - - #!/bin/sh - # address verifier -- reject as temporarily invalid (450) - echo mailbox unavailable: $1 - exit 3 - -If the verifier exit code is 100 then the connection is aborted immediately, -which may be useful in limiting the impact of denial of service attacks: - - #!/bin/sh - # address verifier -- abort - exit 100 - -Any other exit code, from 4 to 99 or 101 and above, behaves in the same way -as an exit code of 2. - -In this more complete example the verifier script accepts all addresses as -valid as long as they contain an `at` character: - - #!/bin/sh - # address verifier -- accept only if containing an at sign - address="$1" - expr "$address" : ".*@" > /dev/null || exit 2 - echo "" - echo "$address" - exit 1 # accept - -As another example, this verifier script accepts all recipient addresses by -default but rejects remote addresses if the client has bypassed authentication -by connecting on a trusted IP address: - - #!/bin/sh - # address verifier - if test "$1" = "--emailrelay-version" ; then echo 2.0 ; exit 0 ; fi - address="$1" - local_domain="$4" - auth_mechanism="$5" - host="`echo \"$address\" | sed 's/.*@//'`" - if test "$auth_mechanism" = "none" -a "$host" != "$local_domain" - then - echo "cannot relay without authentication" - exit 2 # reject the recipient address - fi - echo "" - echo "$address" - exit 1 # accept the recipient address - -or written in JavaScript for Windows: - - // verifier.js - if( WScript.Arguments(0) === "--emailrelay-version" ) - { - WScript.Stdout.WriteLine( "2.0" ) ; - WScript.Quit( 0 ) ; - } - try - { - var address = WScript.Arguments(0) ; - var local_domain = WScript.Arguments(3) ; - var auth_mechanism = WScript.Arguments(4) ; - var host = address.split(/@/)[1] || "" ; - if( ( auth_mechanism === "none" || !auth_mechanism ) && host !== local_domain ) - { - WScript.Stdout.WriteLine( "cannot relay without authentication" ) ; - WScript.Quit( 2 ) ; - } - WScript.Stdout.WriteLine( "" ) ; - WScript.Stdout.WriteLine( address ) ; - WScript.Quit( 1 ) ; - } - catch( e ) - { - WScript.Stdout.WriteLine( "mailbox unavailable" ) ; - WScript.Stdout.WriteLine( e ) ; - WScript.Quit( 3 ) ; - } - -If this verifier script is used with a suitable `--server-auth` file then it -can be used to prevent open relay without restricting authenticated clients. - -It is also possible to verify addresses in a separate daemon process by using a -`--address-verifier` option of the form `net:`. In this case -E-MailRelay will connect to the specified verifier daemon over the network and -send address verification requests as lines with pipe-delimited fields. The -expected response is another pipe-delimited line containing the same -information as returned by verifier scripts but in reverse, such as -`0|postmaster|Local Postmaster ` or `2|mailbox unavailable`. - -Connection blocking -------------------- -All incoming connections from remote network addresses are blocked by default, -but can be allowed by using the `--remote-clients`/`-r` option. This is to -guard against accidental exposure to the internet. - -Incoming SMTP connections can also be checked against DNSBL blocklists in order -to block connections from known spammers. Use the `--dnsbl` option to define a -list of DNSBL servers, together with a rejection threshold. If the threshold -number of servers 'deny' the incoming connection's network address then -E-MailRelay will drop the connection immediately. - -The `--dnsbl` configuration starts with the DNS server transport address and a -millisecond timeout, followed by the threshold and list of servers: - - emailrelay -r --dnsbl 1.1.1.1:53,500,1,spam.example.com,block.example.com ... - -A threshold of zero means that the DNSBL servers are consulted but connections -are always allowed. This can be combined with verbose logging (`--log -v`) -for initial testing. - -If the timeout period expires before a collective decision is reached then the -connection is allowed by default. This default behaviour can be changed by -using a negative timeout, but for finer control use a DNSBL proxy. - -Connections from loopback and private ([RFC-1918][]) network addresses are never -checked. - -Security issues +SMTP extensions --------------- -The following are some security issues that have been taken into consideration: - -### Effective userid ### - - Suid privileges are revoked at start-up, switching the effective - userid/groupid to be the real userid/groupid values. If started as `root` - then the effective userid/groupid are switched at start-up to those of user - `daemon`. Special privileges are only reclaimed when needed to bind sockets - and do file i/o. Normally this means temporarily switching the userid and - groupid back to what they were at start-up. However, when writing spool files - after being started as `root` only the effective userid is changed, not the - groupid, so that new files have group ownership corresponding to the - `daemon` user. - - -### Execution environment ### - - The external filter programs are run with an almost empty set of environment - variables (`PATH` and `IFS`), and with no open file descriptors other than - `stdin` and `stderr` open onto `/dev/null`, and `stdout` open onto a pipe. - - -### Umask ### - - The program runs for most of the time with a `umask` of 077, switching to 007 - when creating spool files. - - -### Remote clients ### - - By default connections will be rejected if they come from remote machines. - - -### Remote configuration ### - - No configuration parameters can be changed through the administrative - interface. - - -### Use of exec() and system() ### - - No exec(), system() or popen() calls are used other than execve() to spawn the - mail filter and/or address verifier. - - -### File permissions ### - - After a normal installation the spool directory is has ownership of - `root.daemon` with permissions of `-rwxrwxr-x` and messages files are created - with permissions of `-rw-rw----`. This allows normal users to list messages - files but not read them. - - The `emailrelay-submit` program is given group ownership of `daemon` with its - group set-user-id flag set. This allows it to create message files in the - spool directory, and the files created end up owned by the submitter but with - group ownership of `daemon`. - - -### Logging ### - - Logging output is conditioned so that ANSI escape sequences cannot appear - in the log. - - Passwords and message content are not logged (except if using the `--debug` - option at run time with debug logging enabled at build time). - - -### Information leakage ### - - The `--anonymous` option can be used to reduce the amount of information - leaked to remote clients. - - -### Mandatory encryption ### - - When using PAM for authentication all clients are required to use - TLS/SSL encryption. - -Security issues which relate to the SMTP protocol itself are beyond the scope -of this document, but [RFC-2821][] makes the following observation: "SMTP mail is -inherently insecure in that it is feasible for even [..] casual users to [..] -create messages that will trick a [..] recipient into believing that they came -from somewhere else. [..] Real [..] security lies [..] in end-to-end methods -[..] such as those which use digital signatures." - -The `Authentication`, `PAM Authentication` and `TLS encryption` sections -above also relate to security. +Some standard extensions of the SMTP protocol can be enabled by using the +`--server-smtp-config` and `--client-smtp-config` command-line options. +These include the CHUNKING and SMTPUTF8 extensions defined in [RFC-3030][] and +[RFC-6531][] respectively. However, these extensions should only be enabled if the +next-hop SMTP server that you are forwarding to also supports them, otherwise +there is a risk that any mail messages that require those extensions will fail +to be forwarded. Administration interface ------------------------ @@ -1275,50 +1537,138 @@ The `list` command lists the messages in the spool directory, `status` provides network status information and activity statistics, and `notify` enables asynchronous event notification. -Bcc handling ------------- -E-MailRelay transfers e-mail messages without changing their content in any -way, other than by adding a `Received` header. In particular, if a message -contains a `Bcc:` header when it is submitted to the E-MailRelay server it -will have the same `Bcc:` header when forwarded. +Connection blocking +------------------- +All incoming connections from remote network addresses are blocked by default, +but can be allowed by using the `--remote-clients` or `-r` option. This is to +guard against accidental exposure to the internet. -It is normally the responsibility of the program that submits an e-mail -message to submit it separately for each `Bcc` recipient, removing the `Bcc:` -header from the message content or changing it to contain only the 'current' -recipient. If this is not done, perhaps through mis-configuration of the -e-mail user agent program, then `Bcc` recipients may be visible to the `To` -and `Cc` message recipients. +Incoming SMTP connections can also be checked against DNSBL blocklists in order +to block connections from known spammers. Use the `--dnsbl` option to define a +list of DNSBL servers, together with a rejection threshold. If the threshold +number of servers 'deny' the incoming connection's network address then +E-MailRelay will drop the connection immediately. -An E-MailRelay `--filter` script can be used to reject messages with incorrect -`Bcc:` headers, and an example script is included. +The `--dnsbl` configuration is a comma-separated list starting with a list of +DNSBL servers, optionally followed by the threshold, millisecond timeout and DNS +server transport address: -Routing -------- -E-MailRelay does not normally do any routing of e-mail messages; they are -all forwarded to a fixed `smarthost` address given by the `--forward-to` or -`--as-client` command-line options. + emailrelay -r --dnsbl spam.example.com,block.example.com,1,500,1.1.1.1:53 ... -However, each message envelope file contains a `ForwardToAddress` field that -can be populated by filter scripts in order to route the message to some other -server. +The threshold defaults to 1, the timeout defaults to a small number of seconds, +and the DNS server defaults to the first of the local system's configured +nameservers, so a simple list of DNSBL servers can be used: -If the `ForwardTo` field has any non-empty value then E-MailRelay runs its -client filter early to allow the client filter script to set or update the -`ForwardToAddress` before the outgoing connection is made. (The client filter is -run a second time as normal once the connection is made and the SMTP session has -been established.) + emailrelay -r --dnsbl spam.example.com,block.example.com ... -Typically a `--filter` script would be used to examine the message content and -populate the `ForwardTo` field, then a `--client-filter` script would use -the `ForwardTo` value to populate the `ForwardToAddress` field with an up-to-date -forwarding address. +For backwards compatibility the comma-separated fields can be reversed: -Note that a successful connection to the smarthost is required even if a message -is routed elsewhere. + emailrelay -r --dnsbl 1.1.1.1:53,500,1,spam.example.com,block.example.com + +A threshold of zero means that the DNSBL servers are consulted but connections +are always allowed. This can be combined with verbose logging (`--log -v`) for +initial testing: + + emailrelay --log -v -r --dnsbl spam.example.com,block.example.com,0 ... + +If the timeout period expires before a collective decision is reached then the +connection is allowed by default. This default behaviour can be changed by using +a negative timeout, so then unresponsive DNSBL servers might result in all +incoming connections being blocked: + + emailrelay -r --dnsbl spam.example.com,block.example.com,1,-5000 ... + +Connections from loopback and private ([RFC-1918][]) network addresses are never +checked. + +POP server +---------- +The POP protocol is designed to allow e-mail user agents to retrieve and delete +e-mail messages that have arrived at their final destination. + +The POP server in E-MailRelay is enabled with `--pop` and then `--pop-auth` to +point to the authentication secrets file. By default it serves up e-mail +messages that are in the main spool directory. However, having a POP client +delete messages in the E-MailRelay spool directory that would otherwise be +forwarded by SMTP is probably not a good idea. In this situation the +`--pop-no-delete` option can be used to make the POP delete command appear to +succeed but actually do nothing. This may confuse some POP clients resulting in +message duplication, but more capable user agents keep track of the messages +they have retrieved to avoid duplication. + +Another approach is to copy message files out of the main spool directory before +serving them up with POP, then the POP client can safely delete them without +affecting SMTP forwarding. The `--pop-by-name` option should be used to do this. +E-MailRelay will then serve up e-mail messages from a sub-directory of the main +spool directory, with the sub-directory name being just the name that the POP +client uses to authenticate. + +To get the e-mail message files into the `--pop-by-name` sub-directory a filter +script can be used. This should just copy the new envelope file and content file +into those sub-directories of the main spool directory for which there are +matching entries in the POP secrets file. + +To save disk space the POP server using `--pop-by-name` will look for content +files in the main spool directory if it cannot see the content file in the +sub-directory. In that case the POP delete command will delete the envelope +file from the sub-directory but only delete the content file if there are no +other envelope files with the same name in either the main spool directory or +any other sub-directory. + +Alternatively on Linux/Unix the filter script can copy content files using +hard links in order to save disk space. + +The built-in `copy:` filter can be used to support `--pop-by-name`. It copies +message files into all sub-directories (whether they have a matching POP account +or not) and by default it then deletes the original message files. To keep the +original files in the main spool directory so they can be forwarded use +`copy:nodelete`; to copy just the envelope file and leave the content file alone +use `copy:pop`; and to copy content files with hard links use `copy:hardlink`. +Remember to create matching sub-directories when adding users to the POP secrets +file. + +The built-in `delivery:` filter also works well with `--pop-by-name`. It copies +message files into sub-directories (now conceptually delivery mailboxes) +according to who the message is addressed to. This requires an address verifier +to interpret message recipient addresses as belonging to local users or not. See +`Delivery` above for more information. + +Run-time environment +-------------------- +On Linux/Unix systems an E-MailRelay server started as `root` runs mostly with an +unprivileged effective user-id and group-id given by the `--user` command-line +option, defaulting to `daemon`. It switches back to `root` only when necessary +to access files, bind sockets etc. although when writing spool files only the +effective user-id is changed, not the group-id, so new files have group +ownership corresponding unprivileged user, even without the group sticky bit on +the directory. + +The program runs for most of the time with a `umask` of 077, switching to 007 +when creating files in the spool directory. After a normal installation the +spool directory has ownership of `root.daemon` with permissions of `-rwxrwsr-x` +so messages files are created with permissions of `-rw-rw----`. This allows +normal users to list messages files but not read them. + +The `emailrelay-submit` program normally has group ownership of `daemon` with +its group set-user-id flag set. This allows it to create message files in the +spool directory and the files created end up owned by the submitter but with +group ownership of `daemon`. + +External filters and address verifiers are executed as the unprivileged user and +they are given an almost empty set of environment variables (`PATH` and `IFS`), +and no open file descriptors other than `stdin` and `stderr` open onto +`/dev/null`, and `stdout` open onto a pipe. The execve() system call is used so +the security complications of system() or popen() are avoided. + +The effective user-id and group-id switching can be disabled by using +`--user=root`. + +On Windows all files are opened with the _SH_DENYNO option so they can be +accessed without sharing violations. Files and directories --------------------- -On Unix-like systems E-MailRelay installs by default under `/usr/local`, but +On Linux/Unix systems E-MailRelay installs by default under `/usr/local`, but binary distributions will probably have been built to install elsewhere. Installation directories can be defined at build-time by the following @@ -1333,7 +1683,7 @@ Installation directories can be defined at build-time by the following * e_icondir=<dir> * e_trdir=<dir> * e_initdir=<dir> -* e_libexecdir=<dir> +* e_libdir=<dir> * e_pamdir=<dir> * e_spooldir=<dir> * e_sysconfdir=<dir> @@ -1343,10 +1693,12 @@ Installation directories can be defined at build-time by the following These are all defaulted to paths that are ultimately based on `--prefix`, so `./configure --prefix=$HOME` will work as expected. -For a directory structure conforming more closely to the File Hierarchy -Standard ([FHS][]) use this configure command: +For a directory structure conforming more closely to the Linux File Hierarchy +Standard ([FHS][]) use the `configure.sh` wrapper script: - ./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib --sysconfdir=/etc e_initdir=/etc/init.d e_rundir=/run/emailrelay + ./configure.sh + make + sudo make install It is possible to change the installation root directory after building by using `make DESTDIR= install` or `DESTDIR= make -e install`. @@ -1361,20 +1713,26 @@ and these default to `%ProgramFiles%/E-MailRelay` for programs and +[Base64]: https://en.wikipedia.org/wiki/Base64 [DNSBL]: https://en.wikipedia.org/wiki/DNSBL [FHS]: https://wiki.linuxfoundation.org/lsb/fhs +[IMAP]: https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol [MTA]: https://en.wikipedia.org/wiki/Message_transfer_agent [PAM]: https://en.wikipedia.org/wiki/Linux_PAM [POP]: https://en.wikipedia.org/wiki/Post_Office_Protocol [RFC-1891]: https://tools.ietf.org/html/rfc1891 [RFC-1918]: https://tools.ietf.org/html/rfc1918 -[RFC-2821]: https://tools.ietf.org/html/rfc2821 +[RFC-3030]: https://tools.ietf.org/html/rfc3030 [RFC-3461]: https://tools.ietf.org/html/rfc3461 [RFC-4013]: https://tools.ietf.org/html/rfc4013 +[RFC-6531]: https://tools.ietf.org/html/rfc6531 [RFC-822]: https://tools.ietf.org/html/rfc822 [SMTP]: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol [SOCKS]: https://en.wikipedia.org/wiki/SOCKS [TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security +[dovecot]: https://www.dovecot.org +[maildir]: https://en.wikipedia.org/wiki/Maildir +[xtext]: https://tools.ietf.org/html/rfc3461#section-4 _____________________________________ -Copyright (C) 2001-2022 Graeme Walker +Copyright (C) 2001-2023 Graeme Walker diff --git a/doc/reference.rst b/doc/reference.rst index 8a7978b..0dce153 100644 --- a/doc/reference.rst +++ b/doc/reference.rst @@ -1,6 +1,6 @@ -********************* -E-MailRelay Reference -********************* +********* +Reference +********* Command line usage ================== @@ -10,6 +10,10 @@ The *emailrelay* program supports the following command-line usage: emailrelay [