diff --git a/ChangeLog b/ChangeLog index f0321cd..9090e66 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,23 @@ E-MailRelay Change Log ====================== +2.0.1 -> 2.1 +------------ +* Backwards compatibility features for 1.9-to-2.0 transition removed. +* Better handling of too-many-connections on Windows. +* New "--idle-timeout" option for server-side connections. +* Support for RFC-5782 DNSBL blocking ("--dnsbl"). +* Filter scripts are given the path of the envelope file in argv2. +* Message files can be editied by "--client-filter" scripts. +* Better support for CRAM-SHAx authentication. +* New "--client-auth-config" and "--server-auth-config" options. +* New "--show" option on windows to better control the user interface style. +* The "--pop" option always requires "--pop-auth". +* No message is spooled if all its envelope recipients are local-mailboxes. +* TLS cipher name added to "Received" line as per RFC-8314 4.3. +* Certificate contents are not logged. +* Timestamp parts of spool filenames no longer limited to six digits. + 2.0 -> 2.0.1 ------------ * Make PLAIN client authentication work against servers with broken 334 responses. diff --git a/Makefile.am b/Makefile.am index 1b45f39..8456f04 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ # -## Copyright (C) 2001-2018 Graeme Walker +## Copyright (C) 2001-2019 Graeme Walker ## ## This program is free software: you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by @@ -19,7 +19,7 @@ # # Additional pseudo-targets for packaging: # * rpm - builds an rpm package using rpmbuild -# * deb - converts the rpm to a deb package using alien. +# * deb - builds a deb package using debhelper # # When running "make distcheck" consider doing this to avoid # a lengthy testing stage: @@ -53,36 +53,41 @@ uninstall-local: -for try in 1 2 3 4 ; do echo "$(e_pamdir)" "$(e_initdir)" "$(e_sysconfdir)" "$(e_examplesdir)" "$(e_libexecdir)" "$(e_spooldir)" "$(e_docdir)" "$(pkgdatadir)" | tr ' ' '\n' | grep "emailrelay$" | while read d ; do rmdir "$(DESTDIR)/$$d" 2>/dev/null ; done ; done RPM_ROOT ?= ${HOME}/rpmbuild -#RPM_ARCH ?= $(shell arch) -RPM_ARCH ?= x86_64 -RPM=$(RPM_ROOT)/RPMS/$(RPM_ARCH)/emailrelay-$(VERSION)-1.$(RPM_ARCH).rpm -DEB=emailrelay_$(VERSION)-1_$(RPM_ARCH).deb +#ARCH ?= $(shell arch) +ARCH ?= x86_64 +RPM=$(RPM_ROOT)/RPMS/$(ARCH)/emailrelay-$(VERSION)-1.$(ARCH).rpm TAR=emailrelay-$(VERSION).tar.gz +DEB=emailrelay_$(VERSION)_$(ARCH).deb .PHONY: rpm rpm: $(RPM) $(RPM): dist - -rm -rf $(RPM_ROOT)/BUILD/emailrelay-$(VERSION) + -rm -rf $(RPM_ROOT)/BUILD/emailrelay-$(VERSION)-1.$(ARCH) + test ! -d $(RPM_ROOT)/BUILD/emailrelay-$(VERSION)-1.$(ARCH) -mkdir -p $(RPM_ROOT)/BUILD $(RPM_ROOT)/SOURCES $(RPM_ROOT)/SPECS 2>/dev/null cp $(TAR) $(RPM_ROOT)/SOURCES/emailrelay-$(VERSION)-src.tar.gz cp $(top_srcdir)/emailrelay.spec $(RPM_ROOT)/SPECS/ - chown root:root $(RPM_ROOT)/SPECS/emailrelay.spec - -rm -f $(RPM) || true + -chown root:root $(RPM_ROOT)/SPECS/emailrelay.spec + -rm -f $(RPM) + test ! -f $(RPM) rpmbuild -ba $(RPM_ROOT)/SPECS/emailrelay.spec test -f $(RPM) .PHONY: deb deb: $(DEB) -$(DEB): $(RPM) +$(DEB): dist -mv emailrelay-$(VERSION) emailrelay-$(VERSION).old.$$$$ || true - alien --to-deb --generate --single --keep-version $(RPM) - sed -i 's/^Section:.*/Section: mail/' emailrelay-$(VERSION)/debian/control - sed -i 's/^Maintainer:.*/Maintainer: Graeme Walker /' emailrelay-$(VERSION)/debian/control - chmod +x $(top_srcdir)/debian/pre* $(top_srcdir)/debian/post* - cp $(top_srcdir)/debian/* emailrelay-$(VERSION)/debian/ - sed -i 's:dh_installchangelogs:dh_installchangelogs ; cp etc/init.d/emailrelay debian/emailrelay.init ; dh_installinit:' emailrelay-$(VERSION)/debian/rules - sed -i 's:dh_installdeb:dh_installdeb ; echo /etc/emailrelay.conf > debian/emailrelay/DEBIAN/conffiles:' emailrelay-$(VERSION)/debian/rules - cd emailrelay-$(VERSION) && debian/rules binary + tar xzf $(TAR) + cd emailrelay-$(VERSION) && fakeroot debian/rules binary + mkdir emailrelay-$(VERSION)/debian/source + +.PHONY: deb-src +deb-src: dist + -mv emailrelay-$(VERSION) emailrelay-$(VERSION).old.$$$$ || true + tar xzf $(TAR) + mkdir emailrelay-$(VERSION)/debian/source + echo 1.0 > emailrelay-$(VERSION)/debian/source/format + dpkg-source --build emailrelay-$(VERSION) diff --git a/Makefile.in b/Makefile.in index 0856f5b..94ebc2b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -21,7 +21,7 @@ # # Additional pseudo-targets for packaging: # * rpm - builds an rpm package using rpmbuild -# * deb - converts the rpm to a deb package using alien. +# * deb - builds a deb package using debhelper # # When running "make distcheck" consider doing this to avoid # a lengthy testing stage: @@ -102,10 +102,10 @@ PRE_UNINSTALL = : POST_UNINSTALL = : subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ + $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx_11.m4 \ - $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/acinclude.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ @@ -203,7 +203,7 @@ CTAGS = ctags CSCOPE = cscope DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/gconfig_defs.h.in \ - AUTHORS COPYING ChangeLog INSTALL NEWS README compile depcomp \ + AUTHORS COPYING ChangeLog INSTALL NEWS README compile \ install-sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) @@ -260,6 +260,7 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ +CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -268,15 +269,13 @@ DEPDIR = @DEPDIR@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ +EGREP = @EGREP@ EXEEXT = @EXEEXT@ -GCONFIG_CONFIGURATION = @GCONFIG_CONFIGURATION@ GCONFIG_HAVE_DOXYGEN = @GCONFIG_HAVE_DOXYGEN@ GCONFIG_HAVE_MAN2HTML = @GCONFIG_HAVE_MAN2HTML@ GCONFIG_QT_CFLAGS = @GCONFIG_QT_CFLAGS@ GCONFIG_QT_LIBS = @GCONFIG_QT_LIBS@ GCONFIG_QT_MOC = @GCONFIG_QT_MOC@ -GCONFIG_STATIC_END = @GCONFIG_STATIC_END@ -GCONFIG_STATIC_START = @GCONFIG_STATIC_START@ GCONFIG_TLS_LIBS = @GCONFIG_TLS_LIBS@ GCONFIG_WINDMC = @GCONFIG_WINDMC@ GCONFIG_WINDRES = @GCONFIG_WINDRES@ @@ -342,6 +341,7 @@ e_icondir = @e_icondir@ e_initdir = @e_initdir@ e_libexecdir = @e_libexecdir@ e_pamdir = @e_pamdir@ +e_rundir = @e_rundir@ e_spooldir = @e_spooldir@ e_sysconfdir = @e_sysconfdir@ exec_prefix = @exec_prefix@ @@ -391,9 +391,9 @@ SUBDIRS = bin src etc doc debian test m4 bsd # work-round PKG_CHECK_MODULES if no pkg-config ACLOCAL_AMFLAGS = -I m4 e_doc_DATA = COPYING AUTHORS INSTALL NEWS README ChangeLog -RPM = $(RPM_ROOT)/RPMS/$(RPM_ARCH)/emailrelay-$(VERSION)-1.$(RPM_ARCH).rpm -DEB = emailrelay_$(VERSION)-1_$(RPM_ARCH).deb +RPM = $(RPM_ROOT)/RPMS/$(ARCH)/emailrelay-$(VERSION)-1.$(ARCH).rpm TAR = emailrelay-$(VERSION).tar.gz +DEB = emailrelay_$(VERSION)_$(ARCH).deb all: gconfig_defs.h $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -895,35 +895,40 @@ uninstall-local: -for try in 1 2 3 4 ; do echo "$(e_pamdir)" "$(e_initdir)" "$(e_sysconfdir)" "$(e_examplesdir)" "$(e_libexecdir)" "$(e_spooldir)" "$(e_docdir)" "$(pkgdatadir)" | tr ' ' '\n' | grep "emailrelay$" | while read d ; do rmdir "$(DESTDIR)/$$d" 2>/dev/null ; done ; done RPM_ROOT ?= ${HOME}/rpmbuild -#RPM_ARCH ?= $(shell arch) -RPM_ARCH ?= x86_64 +#ARCH ?= $(shell arch) +ARCH ?= x86_64 .PHONY: rpm rpm: $(RPM) $(RPM): dist - -rm -rf $(RPM_ROOT)/BUILD/emailrelay-$(VERSION) + -rm -rf $(RPM_ROOT)/BUILD/emailrelay-$(VERSION)-1.$(ARCH) + test ! -d $(RPM_ROOT)/BUILD/emailrelay-$(VERSION)-1.$(ARCH) -mkdir -p $(RPM_ROOT)/BUILD $(RPM_ROOT)/SOURCES $(RPM_ROOT)/SPECS 2>/dev/null cp $(TAR) $(RPM_ROOT)/SOURCES/emailrelay-$(VERSION)-src.tar.gz cp $(top_srcdir)/emailrelay.spec $(RPM_ROOT)/SPECS/ - chown root:root $(RPM_ROOT)/SPECS/emailrelay.spec - -rm -f $(RPM) || true + -chown root:root $(RPM_ROOT)/SPECS/emailrelay.spec + -rm -f $(RPM) + test ! -f $(RPM) rpmbuild -ba $(RPM_ROOT)/SPECS/emailrelay.spec test -f $(RPM) .PHONY: deb deb: $(DEB) -$(DEB): $(RPM) +$(DEB): dist -mv emailrelay-$(VERSION) emailrelay-$(VERSION).old.$$$$ || true - alien --to-deb --generate --single --keep-version $(RPM) - sed -i 's/^Section:.*/Section: mail/' emailrelay-$(VERSION)/debian/control - sed -i 's/^Maintainer:.*/Maintainer: Graeme Walker /' emailrelay-$(VERSION)/debian/control - chmod +x $(top_srcdir)/debian/pre* $(top_srcdir)/debian/post* - cp $(top_srcdir)/debian/* emailrelay-$(VERSION)/debian/ - sed -i 's:dh_installchangelogs:dh_installchangelogs ; cp etc/init.d/emailrelay debian/emailrelay.init ; dh_installinit:' emailrelay-$(VERSION)/debian/rules - sed -i 's:dh_installdeb:dh_installdeb ; echo /etc/emailrelay.conf > debian/emailrelay/DEBIAN/conffiles:' emailrelay-$(VERSION)/debian/rules - cd emailrelay-$(VERSION) && debian/rules binary + tar xzf $(TAR) + cd emailrelay-$(VERSION) && fakeroot debian/rules binary + mkdir emailrelay-$(VERSION)/debian/source + +.PHONY: deb-src +deb-src: dist + -mv emailrelay-$(VERSION) emailrelay-$(VERSION).old.$$$$ || true + tar xzf $(TAR) + mkdir emailrelay-$(VERSION)/debian/source + echo 1.0 > emailrelay-$(VERSION)/debian/source/format + dpkg-source --build emailrelay-$(VERSION) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/NEWS b/NEWS index f16ea32..cbb6618 100644 --- a/NEWS +++ b/NEWS @@ -1,125 +1,15 @@ News ---- -E-MailRelay Version 2.0 is a major release, with more complete support for IPv6 -and TLS, a reworked Windows core, and non-blocking execution of external filters -and address verifiers. +E-MailRelay 2.1 removes the backwards-compatibility features that were put in +to make the migration from 1.9 to 2.0 smoother. Refer to the NEWS file from +the 2.0 release for the details. -Compatibility -------------- -There are some breaks in compatibility with earlier versions, althought most -have backwards-compatibility mitigations built into the 2.0 code: - -# TLS command-line options have changed - - The "--server-tls" options no longer takes a value; the certificate file - is given by a separate "--server-tls-certificate" option. A temporary - backwards-compatibility fix inserts "--server-tls-certificate" between - "--server-tls" and the filename, with a deprecation warning. - - The "--tls-config" options have changed. The certificate-verification - tweaks have become command-line options in their own right (such as - "--server-tls-verify") and the protocol version options are spelt out - as "tlsv1.1" etc. For example, "--tls-config=mbedtls,tlsv1.1,-tlsv1.2". - -# Reserved exit codes from filters are handled differently - - The reserved "--filter" exit codes are handled as shown below. The - ones that were explicitly documented behave in the same way, although - the 'rescan' feature (103) is no longer tied to "--poll". - -# The admin command-line has cosmetic changes - - The "--admin" command-line usage is a bit tidier, although the "flush" - command is unchanged. Users of the "notify" command should re-test. - -# Address verifier command-line is simpler - - The command-line passed to the external address verifier script is - simplified. Backwards compatibility is preserved by using a new - command-line option "--address-verifier" to replace "--verifier". For - forwards compatibility there requirement to supply an interface version - number. - -# The secrets file format has changed - - See below. - -# The message envelope format is updated - - The message envelope file format has changed, with full backwards - compatibility. The ClientName fields is removed, and the MailFromAuthIn - and MailFromAuthOut fields are added. - -Secrets file ------------- -The second field of the secrets file is now the password encoding rather than -the authentication mechanism. This can be made backwards compatible since in -earlier releases there was an unambiguous mapping of mechanism to format. - -In 2.0 the mechanism is not fixed; the client side protocol will try all of -the server's mechanisms for which it has compatible secrets, with plaintext -passwords being compatible with any mechanism. - -On the server side the server advertises all mechanisms, regardless of the -available secrets, since the client is expected to go through the list of -advertised mechanisms until it gets to one where there is an available server -secret. This is unlikely to cause a regression since only MD5 passwords can -result in an authentication mismatch and CRAM-MD5 is the first and most secure -mechanism advertised; to get a regression failure a CRAM-MD5 capable client -would see (eg.) LOGIN appear as an additional mechanism, and then perversely -choose LOGIN in preference to CRAM-MD5, and then give up before trying -CRAM-MD5. - -Filter exit codes ------------------ -For completeness, this is the filter exit code handling, showing how the -changes for 2.0 affect documented and undocumented exit codes in the -range 104 to 107: - -Server v1.9: -* 0 ok (commit of .new) -* 1..99 fail (rename .bad) -* 100 abandon (try to commit but ignore errors) (documented) -* 101 ok -* 102 abandon, re-scan (by expiring --poll timer) -* 103 ok, re-scan (documented) -* 104 abandon -* 105 ok -* 106 abandon, re-scan -* 107 ok, re-scan -* 108.. fail - -Server v2.0: -* 0 ok (commit of .new) -* 1..99 fail (rename .bad) -* 100 abandon (try to commit but ignore errors) (documented) -* 101 ok -* 102 abandon, re-scan (independent of --poll) -* 103 ok, re-scan (documented) -* 104 fail, re-scan -* 105.. fail - -Client v1.9: -* 0 ok (send, delete) -* 1..99 fail (dont send, rename .bad) -* 100 ignore (dont send, dont delete or rename) (documented) -* 101 ok -* 102 ok, stop scanning (documented) -* 103 ok -* 104 ignore -* 105 ok -* 106 ok, stop scanning -* 107 ok -* 108.. fail - -Client v2.0: -* 0 ok (send, delete) -* 1..99 fail (dont send, rename .bad) -* 100 ignore (dont send, dont delete or rename) (documented) -* 101 ok -* 102 ok, stop scanning (documented) -* 103 ok -* 104 ignore, stop scanning -* 105 fail, stop scanning -* 105.. fail +The creation of ".local" files for local-mailbox recipients has changed slightly +in this release in that normal message files are not created if the message only +has local-mailbox recipients. This will affect users of the "--address-verifier" +option where the verifier script returns zero. +The 2.1 release continues the migration from C++1998 to C++2011. It is still +possible to use C++1998, but in addition to loosing multithreading you might +also loose the installation/configuration GUI since Qt has dropped support for +C++1998. diff --git a/VERSION b/VERSION index 38f77a6..879b416 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0.1 +2.1 diff --git a/aclocal.m4 b/aclocal.m4 index abed8b0..a99cd41 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1186,7 +1186,7 @@ AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR +m4_include([m4/acinclude.m4]) m4_include([m4/m4_ax_cxx_compile_stdcxx.m4]) m4_include([m4/m4_ax_cxx_compile_stdcxx_11.m4]) m4_include([m4/pkg.m4]) -m4_include([acinclude.m4]) diff --git a/autogen.sh b/autogen.sh old mode 100644 new mode 100755 diff --git a/bin/Makefile.am b/bin/Makefile.am index 3866bab..fbe5c4c 100644 --- a/bin/Makefile.am +++ b/bin/Makefile.am @@ -1,5 +1,5 @@ # -## Copyright (C) 2001-2018 Graeme Walker +## Copyright (C) 2001-2019 Graeme Walker ## ## This program is free software: you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by @@ -18,8 +18,10 @@ example_scripts = \ emailrelay-bcc-check.pl \ emailrelay-multicast.sh \ - emailrelay-process.sh \ - emailrelay-sendmail.pl + emailrelay-rot13.pl \ + emailrelay-sendmail.pl \ + emailrelay-set-from.js \ + emailrelay-set-from.pl example_scripts_in = \ emailrelay-deliver.sh.in \ @@ -49,7 +51,6 @@ js_scripts = \ emailrelay-resubmit.js \ emailrelay-service-install.js - EXTRA_DIST = \ $(example_scripts) \ $(example_scripts_in) \ @@ -72,7 +73,7 @@ e_init_SCRIPTS = \ CLEANFILES = \ $(example_scripts_out) -do_sed = sed -e "s%__SPOOL_DIR__%${e_spooldir}%g" -e "s%__SBIN_DIR__%${sbindir}%g" -e "s%__SYSCONF_DIR__%${e_sysconfdir}%g" +do_sed = sed -e "s%__SPOOL_DIR__%${e_spooldir}%g" -e "s%__SBIN_DIR__%${sbindir}%g" -e "s%__SYSCONF_DIR__%${e_sysconfdir}%g" -e "s%__LIBEXEC_DIR__%${e_libexecdir}%g" -e "s%__RUNDIR__%${e_rundir}%g" emailrelay-deliver.sh: emailrelay-deliver.sh.in $(do_sed) < $(srcdir)/emailrelay-deliver.sh.in > emailrelay-deliver.sh diff --git a/bin/Makefile.in b/bin/Makefile.in index 6431b3e..aed9361 100644 --- a/bin/Makefile.in +++ b/bin/Makefile.in @@ -92,10 +92,10 @@ PRE_UNINSTALL = : POST_UNINSTALL = : subdir = bin ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ + $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx_11.m4 \ - $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/acinclude.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) @@ -169,6 +169,7 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ +CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -177,15 +178,13 @@ DEPDIR = @DEPDIR@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ +EGREP = @EGREP@ EXEEXT = @EXEEXT@ -GCONFIG_CONFIGURATION = @GCONFIG_CONFIGURATION@ GCONFIG_HAVE_DOXYGEN = @GCONFIG_HAVE_DOXYGEN@ GCONFIG_HAVE_MAN2HTML = @GCONFIG_HAVE_MAN2HTML@ GCONFIG_QT_CFLAGS = @GCONFIG_QT_CFLAGS@ GCONFIG_QT_LIBS = @GCONFIG_QT_LIBS@ GCONFIG_QT_MOC = @GCONFIG_QT_MOC@ -GCONFIG_STATIC_END = @GCONFIG_STATIC_END@ -GCONFIG_STATIC_START = @GCONFIG_STATIC_START@ GCONFIG_TLS_LIBS = @GCONFIG_TLS_LIBS@ GCONFIG_WINDMC = @GCONFIG_WINDMC@ GCONFIG_WINDRES = @GCONFIG_WINDRES@ @@ -251,6 +250,7 @@ e_icondir = @e_icondir@ e_initdir = @e_initdir@ e_libexecdir = @e_libexecdir@ e_pamdir = @e_pamdir@ +e_rundir = @e_rundir@ e_spooldir = @e_spooldir@ e_sysconfdir = @e_sysconfdir@ exec_prefix = @exec_prefix@ @@ -282,8 +282,10 @@ top_srcdir = @top_srcdir@ example_scripts = \ emailrelay-bcc-check.pl \ emailrelay-multicast.sh \ - emailrelay-process.sh \ - emailrelay-sendmail.pl + emailrelay-rot13.pl \ + emailrelay-sendmail.pl \ + emailrelay-set-from.js \ + emailrelay-set-from.pl example_scripts_in = \ emailrelay-deliver.sh.in \ @@ -335,7 +337,7 @@ e_init_SCRIPTS = \ CLEANFILES = \ $(example_scripts_out) -do_sed = sed -e "s%__SPOOL_DIR__%${e_spooldir}%g" -e "s%__SBIN_DIR__%${sbindir}%g" -e "s%__SYSCONF_DIR__%${e_sysconfdir}%g" +do_sed = sed -e "s%__SPOOL_DIR__%${e_spooldir}%g" -e "s%__SBIN_DIR__%${sbindir}%g" -e "s%__SYSCONF_DIR__%${e_sysconfdir}%g" -e "s%__LIBEXEC_DIR__%${e_libexecdir}%g" -e "s%__RUNDIR__%${e_rundir}%g" all: all-am .SUFFIXES: diff --git a/bin/doxygen.sh b/bin/doxygen.sh index c9f74c4..7161c0b 100644 --- a/bin/doxygen.sh +++ b/bin/doxygen.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -48,6 +48,9 @@ then cat > "${doxyfile_out}" rm -f doxygen.out html/index.html 2>/dev/null cat "${doxyfile_out}" | doxygen - > doxygen.out 2>&1 + if test ! -f "${subdir}/index.html" ; then + echo doxygen.sh: no html output generated by doxygen: check doxygen.out >&2 + fi test -f "${subdir}/index.html" else mkdir "${subdir}" 2>/dev/null diff --git a/bin/emailrelay-bcc-check.pl b/bin/emailrelay-bcc-check.pl index af085c8..c01c7ec 100755 --- a/bin/emailrelay-bcc-check.pl +++ b/bin/emailrelay-bcc-check.pl @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,20 +18,20 @@ # # emailrelay-bcc-check.pl # -# An example emailrelay filter script that rejects messages -# that have a non-empty "Bcc:" recipient list unless the "Bcc:" -# recipient list contains a single addressee that matches -# envelope recipient. +# An example E-MailRelay "--filter" script that rejects e-mail messages that +# have a non-empty "Bcc:" recipient list unless the "Bcc:" recipient list +# contains a single addressee that matches the envelope recipient. This has +# the effect of checking that a submitting user agent is behaving correctly +# as per RFC-5322 3.6.3. # -# Bcc handling is generally only a concern for e-mail user agent -# programs and not relays and proxies. User agents should -# normally submit a message separately for each Bcc recipient -# with either no "Bcc:" field or with the "Bcc:" field -# containing that one recipient (see RFC-5322). +# Bcc handling is generally only a concern for e-mail user agent programs +# and not relays and proxies. User agents should normally submit a message +# separately for each Bcc recipient with either no "Bcc:" field or with the +# "Bcc:" field containing that one recipient. # -# Note that correct parsing of content files is beyond the -# scope of a simple example script like this, and incorrect -# Bcc handling can have a serious privacy implications. +# Note that correct parsing of content files is beyond the scope of a simple +# example script like this, and incorrect Bcc handling can have a serious +# privacy implications. # use strict ; @@ -87,7 +87,7 @@ sub read_headers last if ( $line eq "" ) ; my ( $a , $b , $c , $d ) = ( $line =~ m/^(\S*):\s*(.*)|^(\s)(.*)/ ) ; if( $a ) { $h{$a} = $b ; $k = $a } - if( $k && $d ) { $h{$k} .= "$c$d" } + if( $k && $d ) { $h{$k} .= "$c$d" } # folding } return %h ; } diff --git a/bin/emailrelay-deliver.sh.in b/bin/emailrelay-deliver.sh.in old mode 100644 new mode 100755 index 5aed381..48253b3 --- a/bin/emailrelay-deliver.sh.in +++ b/bin/emailrelay-deliver.sh.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/bin/emailrelay-edit-content.js b/bin/emailrelay-edit-content.js index d5ab894..715008b 100644 --- a/bin/emailrelay-edit-content.js +++ b/bin/emailrelay-edit-content.js @@ -1,5 +1,5 @@ // -// Copyright (C) 2001-2018 Graeme Walker +// Copyright (C) 2001-2019 Graeme Walker // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -64,6 +64,7 @@ try catch( e ) { // report errors using the special <<...>> markers + WScript.StdOut.WriteLine( "<>" ) ; WScript.StdOut.WriteLine( "<<" + e + ">>" ) ; WScript.Quit( 1 ) ; } diff --git a/bin/emailrelay-edit-envelope.js b/bin/emailrelay-edit-envelope.js index 515c8d3..6be9692 100644 --- a/bin/emailrelay-edit-envelope.js +++ b/bin/emailrelay-edit-envelope.js @@ -1,5 +1,5 @@ // -// Copyright (C) 2001-2018 Graeme Walker +// Copyright (C) 2001-2019 Graeme Walker // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -32,7 +32,7 @@ try { // parse the command-line to get the envelope filename var content = WScript.Arguments(0) ; - var envelope = content.substr(0,content.length-7) + "envelope.new" ; + var envelope = WScript.Arguments(1) ; // open the envelope file var fs = WScript.CreateObject( "Scripting.FileSystemObject" ) ; @@ -73,6 +73,7 @@ try catch( e ) { // report errors using the special <<...>> markers + WScript.StdOut.WriteLine( "<>" ) ; WScript.StdOut.WriteLine( "<<" + e + ">>" ) ; WScript.Quit( 1 ) ; } diff --git a/bin/emailrelay-multicast.sh b/bin/emailrelay-multicast.sh index ff69b0b..9d77e80 100755 --- a/bin/emailrelay-multicast.sh +++ b/bin/emailrelay-multicast.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,33 +18,33 @@ # # emailrelay-multicast.sh # -# An example "--filter" script that copies/links each new message into all -# avaliable sub-directories of the main spool directory. The original message -# files are deleted if they were successfully copied/linked into all +# An example E-MailRelay "--filter" script that copies/links each new message +# into all available sub-directories of the main spool directory. The original +# message files are deleted if they were successfully copied/linked into all # sub-directories. # -# This can be used for doing SMTP multicast by having an emailrelay forwarding +# This can be used for SMTP multicast by having an emailrelay forwarding # process polling each sub-directory. (For POP multicasting use the # "emailrelay-filter-copy" program with the "pop-by-name" feature so that # there is no need to copy or link content files.) # -# Hard links are used for the content files in order to conserve disk space. Log -# entries are written into the base envelope file to help with error recovery. +# Hard links are used for the content files in order to conserve disk space. +# Log entries are written into the base envelope file to help with error +# recovery. # -# The remote SMTP client which is submitting the message will be notified of any -# failures in this script via SMTP error responses. Alternatively an "exit 0" -# can be used to silently leave the message in the main spool directory (see -# below). +# By default errors in running this script are fed back to the remote SMTP +# client. Alternatively, edit the code below to ignore these errors and leave +# the submitted e-mail message in the main spool directory. # # parse the command-line # content="$1" -envelope="`echo \"${content}\" | sed 's/content$/envelope.new/'`" +envelope="$2" base_dir="`dirname \"${content}\"`" -if test "$1" = "" -o "${content}" = "${envelope}" -o "${base_dir}" = "." +if test "$1" = "" -o "${base_dir}" = "." then - echo usage: `basename $0` '' >&2 + echo usage: `basename $0` ' ' >&2 exit 2 fi @@ -82,8 +82,9 @@ then rm -f "${content}" "${envelope}" exit 100 else - # something failed -- tell the submitting smtp client - # replace these two lines with "exit 0" if the client should not know... + # something failed -- tell the submitting smtp client, or + # replace these three lines with "exit 0" if the client should not know... + echo "<>" echo "<<`basename $0`: `basename "${content}"`: failed to copy message into${error_list}>>" exit 1 fi diff --git a/bin/emailrelay-notify.sh.in b/bin/emailrelay-notify.sh.in old mode 100644 new mode 100755 index 77e57a0..5bc8c7a --- a/bin/emailrelay-notify.sh.in +++ b/bin/emailrelay-notify.sh.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -29,7 +29,8 @@ # # if test -f /var/spool/emailrelay/*.envelope.bad ; then echo Failed mail >&2 ; fi # -# or perhaps a cron entry like this (since output from a cron job gets sent as mail): +# or perhaps a cron entry like this, since output from a cron job gets sent +# as mail: # # 0 0 * * * /bin/cat /var/spool/emailrelay/*.envelope.bad 2>/dev/null # diff --git a/bin/emailrelay-process.sh b/bin/emailrelay-process.sh deleted file mode 100755 index 2b63664..0000000 --- a/bin/emailrelay-process.sh +++ /dev/null @@ -1,148 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2001-2018 Graeme Walker -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# === -# -# emailrelay-process.sh -# -# An example "--filter" script for the E-MailRelay SMTP server which does -# rot-13 masking. -# - -awk="awk" -tmp="/tmp/`basename $0`.$$.tmp" -log="/tmp/`basename $0`.out" -trap "rm -f \"${tmp}\" >/dev/null 2>&1 ; exit" 0 1 2 3 13 15 - -### -# ProcessContent() -# Processes the content part of an RFC822 message. This -# implementation does rot13 masking. -# -ProcessContent() -{ - "${awk}" ' - BEGIN { - map_upper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - map_lower = tolower(map_upper) - in_header = 1 - } - - function rot( n , c , map ) - { - return index(map,c) ? substr(map,((index(map,c)+n-1)%length(map))+1,1) : c - } - - function rot_c( n , c ) - { - return rot(n,rot(n,c,map_upper),map_lower) - } - - function rot_s( n , string ) - { - rot_s_result = "" - for( i = 1 ; i <= length(string) ; i++ ) - rot_s_result = rot_s_result rot_c(n,substr(string,i,1)) - return rot_s_result - } - - { - is_blank = match($0,"^[[:space:]]*$") - if( in_header && is_blank ) - in_header = 0 - - if( in_header ) - print - else - print rot_s(13,$0) - } - ' -} - -### -# Wrap() -# Processes an RCF822 message so that the original content -# appears as an attachment. -# -Wrap() -{ - "${awk}" -v boundary="-----`basename $0`.$$" -v message="$@" ' - BEGIN { - in_header = 1 - n = 1 - } - { - is_blank = match($0,"^[[:space:]]*$") - if( in_header && is_blank ) - { - printf( "Content-Type: multipart/mixed; boundary=\"%s\"\r\n" , boundary ) - printf( "\r\n" ) - printf( "\r\n" ) - printf( "--%s\r\n" , boundary ) - printf( "Content-Type: text/plain; charset=us-ascii\r\n" ) - printf( "\r\n" ) - printf( "%s\r\n" , message ) - printf( "\r\n" ) - printf( "--%s\r\n" , boundary ) - printf( "Content-Type: message/rfc822\r\n" ) - printf( "Content-Transfer-Encoding: 8bit\r\n" ) - printf( "Content-Description: encrypted message\r\n" ) - printf( "\r\n" ) - for( i = 1 ; i < n ; i++ ) - print header[i] - } - - if( in_header && is_blank ) - in_header = 0 - - if( in_header ) - { - header[n++] = $0 - - is_mime_content = match($0,"^Content-") - is_continuation = match($0,"^[[:space:]][[:space:]]*[^[:space:]]") - suppress = is_mime_content || (was_mime_content && is_continuation) - was_mime_content = suppress - - if( ! suppress ) - print - } - else - { - print - } - } - END { - printf( "--%s--\r\n" , boundary ) - printf( "\r\n" ) - } - ' -} - -Main() -{ - cat "${1}" | ProcessContent | Wrap "The original message has been encrypted..." > "${tmp}" - cp "${tmp}" "${1}" -} - -debug="0" -if test "${debug}" -eq 1 -then - Main "$@" > "${log}" 2>&1 -else - Main "$@" -fi - diff --git a/bin/emailrelay-resubmit.js b/bin/emailrelay-resubmit.js index 3b20f36..3653c58 100644 --- a/bin/emailrelay-resubmit.js +++ b/bin/emailrelay-resubmit.js @@ -1,5 +1,5 @@ // -// Copyright (C) 2001-2018 Graeme Walker +// Copyright (C) 2001-2019 Graeme Walker // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by diff --git a/bin/emailrelay-resubmit.sh.in b/bin/emailrelay-resubmit.sh.in old mode 100644 new mode 100755 index 4a3f408..b8d78c9 --- a/bin/emailrelay-resubmit.sh.in +++ b/bin/emailrelay-resubmit.sh.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/bin/emailrelay-rot13.pl b/bin/emailrelay-rot13.pl new file mode 100755 index 0000000..4cb724a --- /dev/null +++ b/bin/emailrelay-rot13.pl @@ -0,0 +1,93 @@ +#!/usr/bin/env perl +# +# Copyright (C) 2001-2019 Graeme Walker +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# === +# +# emailrelay-rot13.pl +# +# An example E-MailRelay "--filter" script that does rot-13 masking. +# + +use strict ; +use FileHandle ; +$SIG{__DIE__} = sub { (my $e = join(" ",@_)) =~ s/\n/ /g ; print "<>\n" ; exit 99 } ; + +my $content = $ARGV[0] ; +my $content_tmp = "$content.tmp" ; +my $fh_in = new FileHandle( $content , "r" ) or die "cannot open content file [$content]: $!\n" ; +my $fh_out = new FileHandle( "$content_tmp" , "w" ) or die "cannot open temporary file [$content_tmp]: $!\n" ; +my $boundary = "-----emailrelay-rot13-$$" ; +my $in_header = 1 ; +my @headers = () ; +while(<$fh_in>) +{ + chomp( my $line = $_ ) ; + $line =~ s/\r$// ; + + if( $in_header && ( $line =~ m/^\s/ ) && scalar(@headers) ) # folding + { + @headers[-1] .= "\r\n$line" ; + } + elsif( $in_header && ( $line =~ m/^$/ ) ) + { + $in_header = 0 ; + for my $h ( @headers ) + { + if( $h =~ m/^(subject|to|from):/i ) + { + print $fh_out $h , "\r\n" ; + } + } + print $fh_out "Content-Type: multipart/mixed; boundary=\"$boundary\"\r\n" ; + print $fh_out "\r\n" ; + print $fh_out "\r\n" ; + print $fh_out "--$boundary\r\n" ; + print $fh_out "Content-Type: text/plain; charset=us-ascii\r\n" ; + print $fh_out "\r\n" ; + print $fh_out "The original message has been masked...\r\n" ; + print $fh_out "\r\n" ; + print $fh_out "--$boundary\r\n" ; + print $fh_out "Content-Type: text/plain\r\n" ; + print $fh_out "Content-Transfer-Encoding: 8bit\r\n" ; + print $fh_out "Content-Description: masked message\r\n" ; + print $fh_out "\r\n" ; + print $fh_out join( "\r\n" , map { rot13($_) } (@headers,"") ) ; + } + elsif( $in_header ) + { + push @headers , $line ; + } + else + { + print $fh_out rot13($line) , "\r\n" ; + } +} +print $fh_out "--$boundary--\r\n" ; +print $fh_out "\r\n" ; + +$fh_in->close() or die ; +$fh_out->close() or die "cannot write new file [$content_tmp]: $!\n" ; +unlink( $content ) or die "cannot delete original file [$content]: $!\n" ; +rename( $content_tmp , $content ) or die "cannot rename [$content_tmp]: $!\n" ; +exit( 0 ) ; + +sub rot13 +{ + my ( $s ) = @_ ; + $s =~ tr/[a-m][n-z][A-M][N-Z]/[n-z][a-m][N-Z][A-M]/ ; + return $s ; +} + diff --git a/bin/emailrelay-sendmail.pl b/bin/emailrelay-sendmail.pl index ec0c3cc..e3d91fc 100755 --- a/bin/emailrelay-sendmail.pl +++ b/bin/emailrelay-sendmail.pl @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,11 +18,11 @@ # # emailrelay-sendmail.pl # -# A sendmail/emailrelay shim. Typically installed as /usr/sbin/sendmail or /usr/lib/sendmail. +# A sendmail/emailrelay shim. Typically installed as /usr/sbin/sendmail or +# /usr/lib/sendmail. # use strict ; use Getopt::Std ; -use FileHandle ; my $usage = "usage: emailrelay-sendmail [-intUv] [-BbCdFhNOopqRrVX ] [-f ]" ; my %opt = () ; diff --git a/bin/emailrelay-service-install.js b/bin/emailrelay-service-install.js index 0a65bf3..f358239 100644 --- a/bin/emailrelay-service-install.js +++ b/bin/emailrelay-service-install.js @@ -1,5 +1,5 @@ // -// Copyright (C) 2001-2018 Graeme Walker +// Copyright (C) 2001-2019 Graeme Walker // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -17,7 +17,8 @@ // // emailrelay-service-install.js // -// Runs "emailrelay-service --install" and then opens the service control panel. +// Runs "emailrelay-service --install" and then opens the Windows service +// control panel. // try diff --git a/bin/emailrelay-set-from.js b/bin/emailrelay-set-from.js new file mode 100755 index 0000000..3954cf2 --- /dev/null +++ b/bin/emailrelay-set-from.js @@ -0,0 +1,99 @@ +// +// Copyright (C) 2001-2019 Graeme Walker +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . +// === +// +// emailrelay-set-from.js +// +// An example "--filter" script that edits the content originator fields +// (ie. From, Sender and Reply-To) to a fixed value. +// +// See also: RFC-2822 +// +try +{ + var new_from = 'noreply@example.com' ; + var new_sender = '' ; + var new_reply_to = new_from ; + + var content = WScript.Arguments( 0 ) ; + var fs = WScript.CreateObject( "Scripting.FileSystemObject" ) ; + var in_ = fs.OpenTextFile( content , 1 , false ) ; + var out_ = fs.OpenTextFile( content + ".tmp" , 8 , true ) ; + + var re_from = /^From:/i ; + var re_sender = /^Sender:/i ; + var re_reply_to = /^Reply-To:/i ; + var re_fold = /^[ \t]/ ; + + var in_edit = 0 ; + while( !in_.AtEndOfStream ) + { + var line = in_.ReadLine() ; + if( line === "" ) + { + out_.WriteLine( line ) ; + break ; + } + + if( line.match(re_from) && new_from !== null ) + { + in_edit = 1 ; + line = "From: " + new_from ; + out_.WriteLine( line ) ; + } + else if( line.match(re_sender) && new_sender !== null ) + { + in_edit = 1 ; + line = "Sender: " + new_sender ; + if( new_sender !== "" ) + { + out_.WriteLine( line ) ; + } + } + else if( line.match(re_reply_to) && new_reply_to !== null ) + { + in_edit = 1 ; + line = "Reply-To: " + new_reply_to ; + out_.WriteLine( line ) ; + } + else if( in_edit && line.match(re_fold) ) + { + } + else + { + in_edit = 0 ; + out_.WriteLine( line ) ; + } + } + while( !in_.AtEndOfStream ) + { + var body_line = in_.ReadLine() ; + out_.WriteLine( body_line ) ; + } + + in_.Close() ; + out_.Close() ; + fs.DeleteFile( content ) ; + fs.MoveFile( content + ".tmp" , content ) ; + + WScript.Quit( 0 ) ; +} +catch +{ + WScript.StdOut.WriteLine( "<>" ) ; + WScript.StdOut.WriteLine( "<<" + e + ">>" ) ; + WScript.Quit( 1 ) ; +} diff --git a/bin/emailrelay-set-from.pl b/bin/emailrelay-set-from.pl new file mode 100755 index 0000000..1cd0f42 --- /dev/null +++ b/bin/emailrelay-set-from.pl @@ -0,0 +1,89 @@ +#!/usr/bin/env perl +# +# Copyright (C) 2001-2019 Graeme Walker +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# === +# +# emailrelay-set-from.pl +# +# An example E-MailRelay "--filter" script that edits the content originator +# fields (ie. From, Sender and Reply-To) to a fixed value. +# +# See also: RFC-2822 +# + +use strict ; +use FileHandle ; +$SIG{__DIE__} = sub { (my $e = join(" ",@_)) =~ s/\n/ /g ; print "<>\n" ; exit 99 } ; + +# originator fields (RFC-2822 3.6.2) +my $new_from = 'noreply@example.com' ; +my $new_sender = '' ; +my $new_reply_to = $new_from ; + +my $content = @ARGV[0] or die "usage error\n" ; + +my $in = new FileHandle( $content , "r" ) or die ; +my $out = new FileHandle( "$content.tmp" , "w" ) or die ; +my $in_body = undef ; +my $in_edit = undef ; +while(<$in>) +{ + if( $in_body ) + { + print $out $_ ; + } + else + { + chomp( my $line = $_ ) ; + $line =~ s/\r$// ; + + $in_body = 1 if ( $line eq "" ) ; + my $is_from = ( $line =~ m/^From:/i ) ; + my $is_sender = ( $line =~ m/^Sender:/i ) ; + my $is_reply_to = ( $line =~ m/^Reply-To:/i ) ; + + if( $in_body ) + { + print $out "\r\n" ; + } + elsif( $is_from && defined($new_from) ) + { + $in_edit = 1 ; + print $out "From: $new_from\r\n" ; + } + elsif( $is_sender && defined($new_sender) ) + { + $in_edit = 1 ; + print $out "Sender: $new_sender\r\n" unless $new_sender eq "" ; + } + elsif( $is_reply_to && defined($new_reply_to) ) + { + $in_edit = 1 ; + print $out "Reply-To: $new_reply_to\r\n" ; + } + elsif( $in_edit && $line =~ m/^[ \t]/ ) # original header was folded + { + } + else + { + $in_edit = undef ; + print $out $line , "\r\n" ; + } + } +} +$out->close() or die ; +rename( "$content.tmp" , $content ) or die ; +exit 0 ; diff --git a/bin/emailrelay-submit.sh.in b/bin/emailrelay-submit.sh.in old mode 100644 new mode 100755 index 8753ba2..e18f99d --- a/bin/emailrelay-submit.sh.in +++ b/bin/emailrelay-submit.sh.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,17 +18,16 @@ # # emailrelay-submit.sh # -# An example script that deposits e-mail messages into sub-directories -# of the main E-MailRelay spool directory depending on the "To:" -# address. This could be used with an E-MailRelay POP server running -# with the "pop-by-name" option so that messages get routed appropriately. +# An example script that reads an e-mail message from stdin and deposits in into +# a sub-directory of the E-MailRelay spool directory depending on the "To:" +# address. This could be used with an E-MailRelay POP server using the +# "--pop-by-name" option so that messages get routed appropriately. # -# usage: emailrelay-submit.sh +# See also 'man emailrelay-filter-copy'. # store="__SPOOL_DIR__" log="/var/log/emailrelay-submit.out" -awk="awk" # nawk tmp="/tmp/`basename $0.$$.tmp`" trap "rm -f \"${tmp}\" 2>/dev/null ; exit 0" 0 @@ -36,7 +35,7 @@ trap "rm -f \"${tmp}\" 2>/dev/null ; exit 1" 1 2 3 13 15 List() { - # Maps from the given "To:" address to a spool subdirectory -- edit as required + # Maps from the given "To:" address to a spool sub-directory -- edit as required to_="${1}" to_="`echo \"${to_}\" | tr '[A-Z]' '[a-z]'`" case "${to_}" in @@ -48,7 +47,7 @@ List() Create() { - # Creates a spool subdirectory if it doesnt already exist + # Creates a spool sub-directory if it doesnt already exist dir_="${1}" if test ! -f "${dir_}" then @@ -65,7 +64,7 @@ Main() cat > ${tmp} # parse out the "To:" address - to="`head -500 \"${tmp}\" | grep '^To:' | ${awk} '{print $2}'`" + to="`head -500 \"${tmp}\" | grep '^To:' | perl -ane 'print $F[1];exit'`" echo `basename $0`: to \"${to}\" # submit the message into the main spool directory @@ -78,7 +77,7 @@ Main() return fi - # link & copy into subdirectories + # link & copy into sub-directories copied="0" for name in `List "${to}"` "" do diff --git a/bin/emailrelay.sh.in b/bin/emailrelay.sh.in index 61cd2e7..97be695 100644 --- a/bin/emailrelay.sh.in +++ b/bin/emailrelay.sh.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,7 +18,7 @@ # # emailrelay # -# A shell-script wrapper for E-MailRelay for use in the SysV-init system. +# A start/stop script for E-MailRelay in the SysV init system. # # usage: emailrelay { start | stop | restart | force-reload | status } # @@ -30,34 +30,39 @@ # Required-Stop: $local_fs $network $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 -# Short-Description: E-MailRelay store-and-forward MTA. +# Short-Description: E-MailRelay mail server ### END INIT INFO ## PATH=/sbin:/bin:/usr/sbin:/usr/bin NAME=emailrelay -DESC=$NAME -CONFIG=__SYSCONF_DIR__/emailrelay.conf -RUNDIR=/var/run/$NAME -PIDFILE=$RUNDIR/$NAME.pid +DESC="E-MailRelay mail server" +CONFIG=__SYSCONF_DIR__/$NAME.conf +PIDFILE=__RUNDIR__/$NAME.pid GROUP=daemon DAEMON=__SBIN_DIR__/$NAME SUBMIT=__SBIN_DIR__/$NAME-submit -test -f /etc/default/$NAME && . /etc/default/$NAME +test -f __SYSCONF_DIR__/default/$NAME && . __SYSCONF_DIR__/default/$NAME test -f /etc/rc.conf.d/$NAME && . /etc/rc.conf.d/$NAME test -f /etc/default/rcS && . /etc/default/rcS -log_success_msg() { +# Default lsb functions in case there is no lsb/init-functions... +# +log_success_msg() +{ echo "$@" } -log_failure_msg() { +log_failure_msg() +{ echo "$@" } -log_warning_msg() { +log_warning_msg() +{ echo "$@" } -start_daemon() { +start_daemon() +{ if test "`cat \"$2\" 2>/dev/null`" -gt 0 2>/dev/null && kill -0 "`cat \"$2\"`" then : # running already @@ -66,24 +71,47 @@ start_daemon() { "$@" fi } -killproc() { +killproc() +{ shift kill `cat "$1" 2>/dev/null` 2>/dev/null } -pidofproc() { +pidofproc() +{ shift kill -0 `cat "$1" 2>/dev/null` 2>/dev/null } -log_daemon_msg() { - log_success_msg "$@" +log_daemon_msg() +{ + echo -n "$@" } -log_progress_msg() { +log_progress_msg() +{ :; } -log_end_msg() { - if test "$1" -eq 0 ; then log_success_msg "...ok" ; else log_failure_msg "...failed!" ; fi +log_end_msg() +{ + if test "$1" -eq 0 + then + log_success_msg " ... ok" + true + else + log_failure_msg " ... failed!" + false + fi } +# Setup functions... +# +# Some packaging scripts do "emailrelay setup" for some of their +# post-install steps, and "emailrelay setup" might also be useful +# administratively after editing the /etc/default file. The "start" +# sub-command below also uses setup_rundir() because the /run +# directory will not necessarily persist across a reboot. +# +# (This code must come before the potential 'init-functions' redirect +# to systemd.) +# setup_config() { if test ! -f "$CONFIG" -a -f "$CONFIG.template" @@ -91,44 +119,95 @@ setup_config() cp -p "$CONFIG.template" "$CONFIG" fi } - -setup_rundir() +root_root() { - if test ! -d "$1" - then - mkdir -p "$1" && chgrp "$GROUP" "$1" && chmod 770 "$1" - fi + # True if the given file exists and is owned by 'root.root', + # as if newly copied by the install process and never + # subsequently chown'ed by the administrator + ls -nd "$1" 2>/dev/null | cut -d' ' --fields=3,4 | grep -q '^0 0$' } - spooldir() { - cat "$CONFIG" | tr '\t' ' ' | sed 's/ */ /g' | grep '^spool-dir [^ ]' | tail -1 | cut -d' ' -f 2 + # Prints the spool directory path from the config file, but with a + # default because packaged installs may not edit the config file + # like 'make install' does + ( echo spool-dir /var/spool/emailrelay ; cat "$CONFIG" ) | \ + tr '\t' ' ' | sed 's/ */ /g' | grep '^spool-dir [^ ]' | \ + tail -1 | cut -d' ' -f 2 } - -setup_spooldir() +setup_rundir_imp() { - if test "$1" != "" + test -d "$1" || mkdir -p "$1" + if echo "$1" | grep -q "/emailrelay$" then - if test ! -d "$1" + if root_root "$1" then - mkdir -p "$1" && chgrp "$GROUP" "$1" && chmod 775 "$1" && chmod g+s "$1" + chgrp "$GROUP" "$1" + chmod 775 "$1" fi fi } - -# do some setup steps -- these should have been done by -# make-install or by the packaging scripts, but the /etc/default -# file could have been changed or something -- do this before -# the potential init-functions redirect to systemd -if test "$1" = "start" -then +setup_rundir() +{ + # Recreates the pidfile directory, which might disappear after a reboot + setup_rundir_imp "`dirname \"$PIDFILE\"`" +} +setup_spooldir_imp() +{ + test -d "$1" || mkdir -p "$1" + if root_root "$1" + then + chgrp "$GROUP" "$1" + chmod 775 "$1" + chmod g+s "$1" + fi +} +setup_spooldir() +{ + setup_spooldir_imp "`spooldir`" +} +setup_sgid() +{ + if root_root "$1" + then + chgrp "$GROUP" "$1" + chmod 755 "$1" + chmod g+s "$1" + fi +} +setup_tools() +{ + setup_sgid "__SBIN_DIR__/emailrelay-submit" + setup_sgid "__LIBEXEC_DIR__/emailrelay-filter-copy" +} +setup() +{ setup_config - setup_rundir "`dirname \"$PIDFILE\"`" 2>/dev/null - setup_spooldir "`spooldir`" 2>/dev/null -fi + setup_rundir + setup_spooldir + setup_tools +} +if test "$1" = "setup" ; then setup ; exit 0 ; fi +# Read lsb init-functions. Annoyingly, systemd sometimes hijacks this to +# generate a service file under /run/systemd, run systemctl etc, without +# ever returning to this script. +# test -f /lib/lsb/init-functions && . /lib/lsb/init-functions +# Ignore /etc/default 'enabled' switch if running from systemd. +# +# (The 'enabled' mechanism is needed on non-systemd debian distros +# because the dpkg postinstall script starts the server, whereas +# on systemd systems the dpkg postinstall script's call to update-rc.d +# does nothing. On rpm or 'make install' systems the /etc/default file +# is not installed at all.) +# +if test -d /run/systemd/system -a "$PPID" -eq 1 +then + EMAILRELAY_ENABLED="1" +fi + case "$1" in restart|force-reload) @@ -136,11 +215,25 @@ case "$1" in $0 start ;; + try-restart) + echo `basename $0`: $1 not implemented >&2 + exit 3 + ;; + *start) - log_daemon_msg "Starting $DESC" - log_progress_msg "$NAME" - start_daemon -p "$PIDFILE" -- "$DAEMON" --syslog --pid-file "$PIDFILE" "$CONFIG" - log_end_msg $? + if test "${EMAILRELAY_ENABLED:-1}" -eq 1 + then + log_daemon_msg "Starting $DESC" + log_progress_msg "$NAME" + setup_rundir + start_daemon -p "$PIDFILE" -- "$DAEMON" --as-server --syslog --pid-file "$PIDFILE" "$CONFIG" + e="$?" + log_end_msg $e + test "$e" -eq 0 + else + log_warning_msg "$NAME startup is disabled in __SYSCONF_DIR__/default/$NAME" + exit 0 + fi ;; stop) @@ -150,7 +243,7 @@ case "$1" in log_end_msg $? ;; - try-restart|reload|force-reload) + reload) echo `basename $0`: $1 not implemented >&2 exit 3 ;; @@ -167,16 +260,8 @@ case "$1" in ;; setup) - setup_rundir "`dirname \"$PIDFILE\"`" - setup_spooldir "`spooldir`" - - chmod 550 "$DAEMON" - chgrp "$GROUP" "$DAEMON" - chmod g+s "$DAEMON" - - chmod 555 "$SUBMIT" - chgrp "$GROUP" "$SUBMIT" - chmod g+s "$SUBMIT" + # never gets here -- see above + setup ;; *) diff --git a/bin/make-manifest.sh b/bin/make-manifest.sh index 04cef1f..e8f8339 100755 --- a/bin/make-manifest.sh +++ b/bin/make-manifest.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/bin/make-setup.sh b/bin/make-setup.sh index 0dfaab2..f3a6156 100755 --- a/bin/make-setup.sh +++ b/bin/make-setup.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -50,15 +50,19 @@ fi echo `basename $0`: running make install into $payload payload_path="`cd $payload && pwd`" ( cd ../.. && make install GCONFIG_HAVE_DOXYGEN=no DESTDIR=$payload_path ) > /dev/null 2>&1 -rm -rf $payload/usr/share/doc/emailrelay/doxygen -# check the "./configure" was done by "bin/configure-fhs.sh" (even on a mac) +# check the "./configure" was done by "bin/configure.sh" for FHS compliance if test ! -d "$payload/usr/lib/emailrelay" then echo `basename $0`: cannot see expected directories: configure with \"configure.sh\" >&2 exit 1 fi +# clean up the "make install" output +rm -f $payload/etc/emailrelay.conf.makeinstall 2>/dev/null +rm -f $payload/usr/sbin/emailrelay-gui +rm -rf $payload/usr/share/doc/emailrelay/doxygen + # add the icon cp "$icon" $payload/usr/lib/emailrelay/ 2>/dev/null @@ -67,7 +71,7 @@ cat <$payload/payload.cfg etc/emailrelay.conf=%dir-config%/emailrelay.conf etc/emailrelay.conf.template=%dir-config%/emailrelay.conf.template etc/emailrelay.auth.template=%dir-config%/emailrelay.auth.template -etc/init.d/emailrelay=%dir-install%/lib/emailrelay/emailrelay-startstop.sh +etc/init.d/emailrelay=%dir-config%/init.d/emailrelay usr/lib/=%dir-install%/lib/ usr/share/=%dir-install%/share/ usr/sbin/=%dir-install%/sbin/ diff --git a/bootstrap b/bootstrap old mode 100644 new mode 100755 diff --git a/bsd/Makefile.am b/bsd/Makefile.am index 49c778b..3ed5f5b 100644 --- a/bsd/Makefile.am +++ b/bsd/Makefile.am @@ -1,5 +1,5 @@ # -## Copyright (C) 2001-2018 Graeme Walker +## Copyright (C) 2001-2019 Graeme Walker ## ## This program is free software: you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by diff --git a/bsd/Makefile.in b/bsd/Makefile.in index b6b6292..9e91456 100644 --- a/bsd/Makefile.in +++ b/bsd/Makefile.in @@ -91,10 +91,10 @@ PRE_UNINSTALL = : POST_UNINSTALL = : subdir = bsd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ + $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx_11.m4 \ - $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/acinclude.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) @@ -166,6 +166,7 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ +CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -174,15 +175,13 @@ DEPDIR = @DEPDIR@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ +EGREP = @EGREP@ EXEEXT = @EXEEXT@ -GCONFIG_CONFIGURATION = @GCONFIG_CONFIGURATION@ GCONFIG_HAVE_DOXYGEN = @GCONFIG_HAVE_DOXYGEN@ GCONFIG_HAVE_MAN2HTML = @GCONFIG_HAVE_MAN2HTML@ GCONFIG_QT_CFLAGS = @GCONFIG_QT_CFLAGS@ GCONFIG_QT_LIBS = @GCONFIG_QT_LIBS@ GCONFIG_QT_MOC = @GCONFIG_QT_MOC@ -GCONFIG_STATIC_END = @GCONFIG_STATIC_END@ -GCONFIG_STATIC_START = @GCONFIG_STATIC_START@ GCONFIG_TLS_LIBS = @GCONFIG_TLS_LIBS@ GCONFIG_WINDMC = @GCONFIG_WINDMC@ GCONFIG_WINDRES = @GCONFIG_WINDRES@ @@ -248,6 +247,7 @@ e_icondir = @e_icondir@ e_initdir = @e_initdir@ e_libexecdir = @e_libexecdir@ e_pamdir = @e_pamdir@ +e_rundir = @e_rundir@ e_spooldir = @e_spooldir@ e_sysconfdir = @e_sysconfdir@ exec_prefix = @exec_prefix@ diff --git a/bsd/emailrelay-bsd.sh.in b/bsd/emailrelay-bsd.sh.in index 1dc553a..3ec1b54 100755 --- a/bsd/emailrelay-bsd.sh.in +++ b/bsd/emailrelay-bsd.sh.in @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -26,10 +26,10 @@ # emailrelay_enable="YES" # # Delegates to the linux start/stop script, which reads default directories -# etc. from "/etc/rc.conf.d/emailrelay" and the server command-line options -# from "/usr/local/etc/emailrelay.conf". +# from "/etc/rc.conf.d/emailrelay" (if present) and server command-line +# options from "/usr/local/etc/emailrelay.conf". # -# See also man rc(8). +# See also man rc(8), man service(8) # # PROVIDE: emailrelay # REQUIRE: DAEMON diff --git a/configure b/configure index a877c73..240c248 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for E-MailRelay 2.0.1. +# Generated by GNU Autoconf 2.69 for E-MailRelay 2.1. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,17 +577,54 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='E-MailRelay' PACKAGE_TARNAME='emailrelay' -PACKAGE_VERSION='2.0.1' -PACKAGE_STRING='E-MailRelay 2.0.1' +PACKAGE_VERSION='2.1' +PACKAGE_STRING='E-MailRelay 2.1' PACKAGE_BUGREPORT='' PACKAGE_URL='' -ac_unique_file="src/gsmtp/gsmtp.h" +ac_unique_file="src/glib/gdef.h" enable_option_checking=no +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS LIBOBJS +e_rundir e_sysconfdir e_pamdir e_libexecdir @@ -597,10 +634,6 @@ e_icondir e_bsdinitdir e_initdir e_docdir -GCONFIG_INSTALL_HOOK_FALSE -GCONFIG_INSTALL_HOOK_TRUE -GCONFIG_STATIC_END -GCONFIG_STATIC_START GCONFIG_PAM_FALSE GCONFIG_PAM_TRUE GCONFIG_TLS_USE_NONE_FALSE @@ -612,6 +645,8 @@ GCONFIG_TLS_USE_OPENSSL_TRUE GCONFIG_TLS_USE_BOTH_FALSE GCONFIG_TLS_USE_BOTH_TRUE GCONFIG_TLS_LIBS +GCONFIG_INSTALL_HOOK_FALSE +GCONFIG_INSTALL_HOOK_TRUE GCONFIG_TESTING_FALSE GCONFIG_TESTING_TRUE GCONFIG_WINDOWS_FALSE @@ -635,7 +670,8 @@ PKG_CONFIG_PATH PKG_CONFIG GCONFIG_ICONV_FALSE GCONFIG_ICONV_TRUE -GCONFIG_CONFIGURATION +EGREP +CXXCPP GCONFIG_WINDMC GCONFIG_WINDRES GCONFIG_HAVE_MAN2HTML @@ -754,13 +790,12 @@ enable_bsd enable_mac enable_windows enable_testing +enable_install_hook with_doxygen with_man2html with_openssl with_mbedtls with_pam -enable_static_linking -enable_install_hook ' ac_precious_vars='build_alias host_alias @@ -773,6 +808,7 @@ CPPFLAGS CXX CXXFLAGS CCC +CXXCPP PKG_CONFIG PKG_CONFIG_PATH PKG_CONFIG_LIBDIR @@ -1329,7 +1365,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures E-MailRelay 2.0.1 to adapt to many kinds of systems. +\`configure' configures E-MailRelay 2.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1396,7 +1432,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of E-MailRelay 2.0.1:";; + short | recursive ) echo "Configuration of E-MailRelay 2.1:";; esac cat <<\_ACEOF @@ -1424,8 +1460,6 @@ Optional Features: --enable-mac enable building for mac os x (default auto) --enable-windows enable building for windows (default auto) --enable-testing enable make check tests (default yes) - --enable-static-linking prefer static linking for some libraries (default - no) --enable-install-hook enable fixing up the start/stop configuration file at install time (default yes) @@ -1450,6 +1484,7 @@ Some influential environment variables: you have headers in a nonstandard directory CXX C++ compiler command CXXFLAGS C++ compiler flags + CXXCPP C++ preprocessor PKG_CONFIG path to pkg-config utility PKG_CONFIG_PATH directories to add to pkg-config's search path @@ -1525,7 +1560,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -E-MailRelay configure 2.0.1 +E-MailRelay configure 2.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1661,6 +1696,257 @@ fi } # ac_fn_c_try_link +# ac_fn_cxx_try_cpp LINENO +# ------------------------ +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_cxx_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_cxx_try_cpp + +# ac_fn_cxx_check_header_mongrel LINENO HEADER VAR INCLUDES +# --------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_cxx_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_cxx_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_cxx_check_header_mongrel + +# ac_fn_cxx_try_run LINENO +# ------------------------ +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_cxx_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_cxx_try_run + +# ac_fn_cxx_check_header_compile LINENO HEADER VAR INCLUDES +# --------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_cxx_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_cxx_check_header_compile + +# ac_fn_cxx_check_type LINENO TYPE VAR INCLUDES +# --------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_cxx_check_type () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof ($2)) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + +else + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_cxx_check_type + # ac_fn_cxx_try_link LINENO # ------------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. @@ -1710,7 +1996,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by E-MailRelay $as_me 2.0.1, which was +It was created by E-MailRelay $as_me 2.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2575,7 +2861,7 @@ fi # Define the identity of the package. PACKAGE='emailrelay' - VERSION='2.0.1' + VERSION='2.1' # Some tools Automake needs. @@ -4598,6 +4884,7 @@ $as_echo "#define HAVE_CXX11 1" >>confdefs.h fi + if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 @@ -4690,49 +4977,6 @@ else RANLIB="$ac_cv_prog_RANLIB" fi - -for ac_prog in gawk mawk nawk awk -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AWK+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$AWK"; then - ac_cv_prog_AWK="$AWK" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_AWK="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -AWK=$ac_cv_prog_AWK -if test -n "$AWK"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 -$as_echo "$AWK" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$AWK" && break -done - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 $as_echo_n "checking for a sed that does not truncate output... " >&6; } if ${ac_cv_path_SED+:} false; then : @@ -5096,12 +5340,6 @@ $as_echo "$GCONFIG_WINDMC" >&6; } - - GCONFIG_CONFIGURATION="`echo \"$ac_configure_args\" | tr ' ' '\n' | grep -E -- "--(with|enable|disable)" | tr '\n' ' ' | base64 2>/dev/null | tr -d '\n' | tr -d ' '`" - - - - ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -5163,9 +5401,13 @@ $as_echo "$ac_cv_search_gethostbyname" >&6; } ac_res=$ac_cv_search_gethostbyname if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - + gconfig_have_libnsl=yes +else + gconfig_have_libnsl=no fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing connect" >&5 $as_echo_n "checking for library containing connect... " >&6; } if ${ac_cv_search_connect+:} false; then : @@ -5219,7 +5461,9 @@ $as_echo "$ac_cv_search_connect" >&6; } ac_res=$ac_cv_search_connect if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - + gconfig_have_libsocket=yes +else + gconfig_have_libsocket=no fi @@ -5230,6 +5474,506 @@ ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C++ preprocessor" >&5 +$as_echo_n "checking how to run the C++ preprocessor... " >&6; } +if test -z "$CXXCPP"; then + if ${ac_cv_prog_CXXCPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CXXCPP needs to be expanded + for CXXCPP in "$CXX -E" "/lib/cpp" + do + ac_preproc_ok=false +for ac_cxx_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CXXCPP=$CXXCPP + +fi + CXXCPP=$ac_cv_prog_CXXCPP +else + ac_cv_prog_CXXCPP=$CXXCPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXXCPP" >&5 +$as_echo "$CXXCPP" >&6; } +ac_preproc_ok=false +for ac_cxx_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C++ preprocessor \"$CXXCPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_cxx_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + + ac_fn_cxx_check_header_mongrel "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_types_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_SYS_TYPES_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_SYS_TYPES_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "sys/stat.h" "ac_cv_header_sys_stat_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_stat_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_SYS_STAT_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_SYS_STAT_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "sys/wait.h" "ac_cv_header_sys_wait_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_wait_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_SYS_WAIT_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_SYS_WAIT_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "sys/mman.h" "ac_cv_header_sys_mman_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_mman_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_SYS_MMAN_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_SYS_MMAN_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "sys/select.h" "ac_cv_header_sys_select_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_select_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_SYS_SELECT_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_SYS_SELECT_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "sys/socket.h" "ac_cv_header_sys_socket_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_socket_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_SYS_SOCKET_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_SYS_SOCKET_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "sys/utsname.h" "ac_cv_header_sys_utsname_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_utsname_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_SYS_UTSNAME_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_SYS_UTSNAME_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "netdb.h" "ac_cv_header_netdb_h" "$ac_includes_default" +if test "x$ac_cv_header_netdb_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_NETDB_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_NETDB_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "netinet/in.h" "ac_cv_header_netinet_in_h" "$ac_includes_default" +if test "x$ac_cv_header_netinet_in_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_NETINET_IN_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_NETINET_IN_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "arpa/inet.h" "ac_cv_header_arpa_inet_h" "$ac_includes_default" +if test "x$ac_cv_header_arpa_inet_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_ARPA_INET_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_ARPA_INET_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default" +if test "x$ac_cv_header_stdint_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_STDINT_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_STDINT_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "inttypes.h" "ac_cv_header_inttypes_h" "$ac_includes_default" +if test "x$ac_cv_header_inttypes_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_INTTYPES_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_INTTYPES_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default" +if test "x$ac_cv_header_unistd_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_UNISTD_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_UNISTD_H 0" >>confdefs.h + +fi + + + ac_fn_cxx_check_header_mongrel "$LINENO" "errno.h" "ac_cv_header_errno_h" "$ac_includes_default" +if test "x$ac_cv_header_errno_h" = xyes; then : + +$as_echo "#define GCONFIG_HAVE_ERRNO_H 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_ERRNO_H 0" >>confdefs.h + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t" >&5 $as_echo_n "checking for socklen_t... " >&6; } if ${gconfig_cv_type_socklen_t+:} false; then : @@ -5240,29 +5984,21 @@ else /* end confdefs.h. */ #ifdef _WIN32 - #define __USE_W32_SOCKETS - #ifndef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #if (_WIN32_WINNT < _WIN32_WINNT_VISTA) - #undef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - #include #include + #include #include #else #include #include #endif + socklen_t len = 42 ; int main () { -socklen_t len = 42; return (int)len; + + len++ ; + ; return 0; } @@ -5295,11 +6031,15 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + errno_t e = 42 ; + int main () { -errno_t e = 42; return (int)e; + + ; return 0; } @@ -5335,11 +6075,13 @@ else #include #include + ssize_t e = 42 ; int main () { -ssize_t e = 42; return (int)e; + + ; return 0; } @@ -5354,11 +6096,13 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext /* end confdefs.h. */ #include + ssize_t e = 42 ; int main () { -ssize_t e = 42; return (int)e; + + ; return 0; } @@ -5381,6 +6125,293 @@ $as_echo "#define GCONFIG_HAVE_SSIZE_T 0" >>confdefs.h fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintptr_t" >&5 +$as_echo_n "checking for uintptr_t... " >&6; } +if ${gconfig_cv_type_uintptr_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + uintptr_t x = 0 ; + +int +main () +{ + + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_type_uintptr_t=yes +else + gconfig_cv_type_uintptr_t=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_type_uintptr_t" >&5 +$as_echo "$gconfig_cv_type_uintptr_t" >&6; } + if test "$gconfig_cv_type_uintptr_t" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_UINTPTR_T 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_UINTPTR_T 0" >>confdefs.h + + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for 'int64'" >&5 +$as_echo_n "checking for 'int64'... " >&6; } +if ${gconfig_cv_int64+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #ifdef _WIN32 + #include + INT64 n = 0 ; + UINT64 m = 0U ; + #else + #include + int64_t n = 0 ; + uint64_t m = 0U ; + #endif + +int +main () +{ + + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_int64=yes +else + gconfig_cv_int64=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_int64" >&5 +$as_echo "$gconfig_cv_int64" >&6; } + if test "$gconfig_cv_int64" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_INT64 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_INT64 0" >>confdefs.h + + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for 'int32'" >&5 +$as_echo_n "checking for 'int32'... " >&6; } +if ${gconfig_cv_int32+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #ifndef _WIN32 + #include + int32_t n = 0 ; + uint32_t m = 0U ; + #endif + +int +main () +{ + + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_int32=yes +else + gconfig_cv_int32=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_int32" >&5 +$as_echo "$gconfig_cv_int32" >&6; } + if test "$gconfig_cv_int32" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_INT32 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_INT32 0" >>confdefs.h + + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for 'int16'" >&5 +$as_echo_n "checking for 'int16'... " >&6; } +if ${gconfig_cv_int16+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #ifndef _WIN32 + #include + int16_t n = 0 ; + uint16_t m = 0U ; + #endif + +int +main () +{ + + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_int16=yes +else + gconfig_cv_int16=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_int16" >&5 +$as_echo "$gconfig_cv_int16" >&6; } + if test "$gconfig_cv_int16" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_INT16 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_INT16 0" >>confdefs.h + + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for statbuf nanoseconds" >&5 +$as_echo_n "checking for statbuf nanoseconds... " >&6; } +if ${gconfig_cv_statbuf_nsec+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #ifdef _WIN32 + #include + #include + #include + #include + #include + #else + #include + #include + #include + #endif + struct stat statbuf ; + +int +main () +{ + + statbuf.st_atim.tv_nsec = 0 ; + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_statbuf_nsec=yes +else + gconfig_cv_statbuf_nsec=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_statbuf_nsec" >&5 +$as_echo "$gconfig_cv_statbuf_nsec" >&6; } + if test "$gconfig_cv_statbuf_nsec" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_STATBUF_NSEC 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_STATBUF_NSEC 0" >>confdefs.h + + fi + + + + + + + + + + ac_fn_cxx_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" +if test "x$ac_cv_type_pid_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_PID_T 1 +_ACEOF + + +$as_echo "#define GCONFIG_HAVE_PID_T 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_PID_T 0" >>confdefs.h + +fi + + ac_fn_cxx_check_type "$LINENO" "uid_t" "ac_cv_type_uid_t" "$ac_includes_default" +if test "x$ac_cv_type_uid_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_UID_T 1 +_ACEOF + + +$as_echo "#define GCONFIG_HAVE_UID_T 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_UID_T 0" >>confdefs.h + +fi + + ac_fn_cxx_check_type "$LINENO" "gid_t" "ac_cv_type_gid_t" "$ac_includes_default" +if test "x$ac_cv_type_gid_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_GID_T 1 +_ACEOF + + +$as_echo "#define GCONFIG_HAVE_GID_T 1" >>confdefs.h + +else + +$as_echo "#define GCONFIG_HAVE_GID_T 0" >>confdefs.h + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for c++ nullptr" >&5 $as_echo_n "checking for c++ nullptr... " >&6; } if ${gconfig_cv_cxx_nullptr+:} false; then : @@ -5390,10 +6421,13 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ + void * p = nullptr ; + int main () { -void * p = nullptr + + ; return 0; } @@ -5426,11 +6460,14 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -template struct Foo {static constexpr int foo = 1;}; + + template struct Foo {static constexpr int foo = 1;} ; + int main () { -int i = 1 ; + + ; return 0; } @@ -5455,6 +6492,47 @@ $as_echo "#define GCONFIG_HAVE_CXX_CONSTEXPR 0" >>confdefs.h fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for c++ class enums" >&5 +$as_echo_n "checking for c++ class enums... " >&6; } +if ${gconfig_cv_cxx_enum_class+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + enum class Type { t1 , t2 } ; + Type t = Type::t1 ; + +int +main () +{ + + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_cxx_enum_class=yes +else + gconfig_cv_cxx_enum_class=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_cxx_enum_class" >&5 +$as_echo "$gconfig_cv_cxx_enum_class" >&6; } + if test "$gconfig_cv_cxx_enum_class" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_CXX_ENUM_CLASS 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_CXX_ENUM_CLASS 0" >>confdefs.h + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for c++ noexcept" >&5 $as_echo_n "checking for c++ noexcept... " >&6; } if ${gconfig_cv_cxx_noexcept+:} false; then : @@ -5463,11 +6541,14 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -void fn() noexcept; + + void fn() noexcept ; + int main () { -int i = 1 ; + + ; return 0; } @@ -5506,12 +6587,12 @@ else #endif struct base { virtual void fn() {} } ; struct derived : public base { virtual void fn() override {} } ; + derived d ; int main () { - derived d ; ; return 0; @@ -5551,12 +6632,12 @@ else #endif struct base { virtual void fn() {} } ; struct derived : public base { virtual void fn() final {} } ; + derived d ; int main () { - derived d ; ; return 0; @@ -5590,11 +6671,15 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + std::make_unsigned::type i = 0U ; + int main () { -std::make_unsigned::type i = 0U ; + + ; return 0; } @@ -5627,11 +6712,16 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + std::vector v ; + int main () { -std::vector v; v.emplace_back(1); + + v.emplace_back(1) ; + ; return 0; } @@ -5664,11 +6754,21 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + #include + using std::size_t ; + void * x = 0 ; + int i[30] ; + void * p = &i[0] ; + size_t n = sizeof(i) ; + int main () { -void * p = nullptr; size_t n = 0U; std::align(alignof(long),1,p,n) ; + + x = std::align(alignof(long),2,p,n) ; + ; return 0; } @@ -5693,6 +6793,49 @@ $as_echo "#define GCONFIG_HAVE_CXX_ALIGNMENT 0" >>confdefs.h fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for c++ std::move" >&5 +$as_echo_n "checking for c++ std::move... " >&6; } +if ${gconfig_cv_cxx_move+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + struct X {} x ; + void fn( X&& ) ; + +int +main () +{ + + fn( std::move(x) ) ; + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_cxx_move=yes +else + gconfig_cv_cxx_move=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_cxx_move" >&5 +$as_echo "$gconfig_cv_cxx_move" >&6; } + if test "$gconfig_cv_cxx_move" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_CXX_MOVE 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_CXX_MOVE 0" >>confdefs.h + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for c++ std::shared_ptr and friends" >&5 $as_echo_n "checking for c++ std::shared_ptr and friends... " >&6; } if ${gconfig_cv_cxx_std_shared_ptr+:} false; then : @@ -5701,11 +6844,15 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + typedef std::shared_ptr ptr ; + int main () { -typedef std::shared_ptr ptr; + + ; return 0; } @@ -5808,6 +6955,7 @@ $as_echo "#define GCONFIG_HAVE_CXX_STD_THREAD 1" >>confdefs.h $as_echo "#define GCONFIG_HAVE_CXX_STD_THREAD 0" >>confdefs.h + gconfig_warnings="$gconfig_warnings std::thread_asynchronous_script_execution" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for c++ std::wstring" >&5 @@ -5818,11 +6966,15 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + std::wstring ws; + int main () { -std::wstring ws; + + ; return 0; } @@ -5847,6 +6999,151 @@ $as_echo "#define GCONFIG_HAVE_CXX_STD_WSTRING 0" >>confdefs.h fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for c++ eq delete" >&5 +$as_echo_n "checking for c++ eq delete... " >&6; } +if ${gconfig_cv_cxx_deleted+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #if defined(__GNUC__) && __cplusplus < 200000L + #error gcc is too noisy when using =delete without std=c++11 + #endif + struct X { X(const X&) = delete ; } ; + +int +main () +{ + + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_cxx_deleted=yes +else + gconfig_cv_cxx_deleted=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_cxx_deleted" >&5 +$as_echo "$gconfig_cv_cxx_deleted" >&6; } + if test "$gconfig_cv_cxx_deleted" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_CXX_DELETED 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_CXX_DELETED 0" >>confdefs.h + + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for c++ eq default" >&5 +$as_echo_n "checking for c++ eq default... " >&6; } +if ${gconfig_cv_cxx_defaulted+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #if defined(__GNUC__) && __cplusplus < 200000L + #error gcc is too noisy when using =delete without std=c++11 + #endif + struct X { X() = default ; } ; + +int +main () +{ + + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_cxx_defaulted=yes +else + gconfig_cv_cxx_defaulted=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_cxx_defaulted" >&5 +$as_echo "$gconfig_cv_cxx_defaulted" >&6; } + if test "$gconfig_cv_cxx_defaulted" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_CXX_DEFAULTED 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_CXX_DEFAULTED 0" >>confdefs.h + + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for c++ initializer_list" >&5 +$as_echo_n "checking for c++ initializer_list... " >&6; } +if ${gconfig_cv_cxx_initializer_list+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + struct X { X( std::initializer_list ) {} } ; + +int +main () +{ + + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_cxx_initializer_list=yes +else + gconfig_cv_cxx_initializer_list=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_cxx_initializer_list" >&5 +$as_echo "$gconfig_cv_cxx_initializer_list" >&6; } + if test "$gconfig_cv_cxx_initializer_list" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_CXX_INITIALIZER_LIST 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_CXX_INITIALIZER_LIST 0" >>confdefs.h + + fi + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ipv6" >&5 $as_echo_n "checking for ipv6... " >&6; } if ${gconfig_cv_ipv6+:} false; then : @@ -5857,19 +7154,8 @@ else /* end confdefs.h. */ #ifdef _WIN32 - #define __USE_W32_SOCKETS - #ifndef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #if (_WIN32_WINNT < _WIN32_WINNT_VISTA) - #undef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - #include #include + #include #include #else #include @@ -5877,15 +7163,16 @@ else #include #include #endif + struct sockaddr_in6 * p = 0; + int f = AF_INET6 ; + struct addrinfo ai ; + struct addrinfo *aip = 0 ; int main () { - struct sockaddr_in6 * p = 0; - int f = AF_INET6; - struct addrinfo * ai = 0; - getaddrinfo("","",ai,&ai); + getaddrinfo("local","http",&ai,&aip) ; ; return 0; @@ -5921,30 +7208,22 @@ else /* end confdefs.h. */ #ifdef _WIN32 - #define __USE_W32_SOCKETS - #ifndef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #if (_WIN32_WINNT < _WIN32_WINNT_VISTA) - #undef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - #include #include + #include #include #else #include #include #include #endif + struct sockaddr_in6 s ; int main () { -struct sockaddr_in6 s; s.sin6_len = 1; + + s.sin6_len = 1; + ; return 0; } @@ -5969,66 +7248,6 @@ $as_echo "#define GCONFIG_HAVE_SIN6_LEN 0" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for statbuf nanoseconds" >&5 -$as_echo_n "checking for statbuf nanoseconds... " >&6; } -if ${gconfig_cv_statbuf_nsec+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #ifdef _WIN32 - #define __USE_W32_SOCKETS - #ifndef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #if (_WIN32_WINNT < _WIN32_WINNT_VISTA) - #undef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - #include - #include - #include - #include - #include - #else - #include - #include - #include - #endif - -int -main () -{ -struct stat statbuf; statbuf.st_atim.tv_nsec = 0; - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - gconfig_cv_statbuf_nsec=yes -else - gconfig_cv_statbuf_nsec=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_statbuf_nsec" >&5 -$as_echo "$gconfig_cv_statbuf_nsec" >&6; } - if test "$gconfig_cv_statbuf_nsec" = "yes" ; then - -$as_echo "#define GCONFIG_HAVE_STATBUF_NSEC 1" >>confdefs.h - - else - -$as_echo "#define GCONFIG_HAVE_STATBUF_NSEC 0" >>confdefs.h - - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_ntop()" >&5 $as_echo_n "checking for inet_ntop()... " >&6; } if ${gconfig_cv_inet_ntop+:} false; then : @@ -6039,28 +7258,21 @@ else /* end confdefs.h. */ #ifdef _WIN32 - #define __USE_W32_SOCKETS - #ifndef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #if (_WIN32_WINNT < _WIN32_WINNT_VISTA) - #undef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - #include #include + #include #include #else #include #endif + char a[100] ; + char buffer[100] ; int main () { -inet_ntop(0,"",0,0); + + inet_ntop(AF_INET,a,buffer,10) ; + ; return 0; } @@ -6095,28 +7307,20 @@ else /* end confdefs.h. */ #ifdef _WIN32 - #define __USE_W32_SOCKETS - #ifndef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #if (_WIN32_WINNT < _WIN32_WINNT_VISTA) - #undef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - #include #include + #include #include #else #include #endif + char buffer[100] ; int main () { -inet_pton(0,"",(void*)0); + + inet_pton(AF_INET,"0",buffer) ; + ; return 0; } @@ -6141,6 +7345,12 @@ $as_echo "#define GCONFIG_HAVE_INET_PTON 0" >>confdefs.h fi + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpwnam" >&5 $as_echo_n "checking for getpwnam... " >&6; } if ${gconfig_cv_getpwnam+:} false; then : @@ -6152,11 +7362,14 @@ else #include #include + struct passwd * p = 0 ; int main () { -struct passwd *r = getpwnam("") + + p = getpwnam( "x" ) ; + ; return 0; } @@ -6192,14 +7405,15 @@ else #include #include + char buf[100] ; + struct passwd p ; + struct passwd * p_out = 0 ; int main () { - char c; - struct passwd *r; - getpwnam_r("",r,&c,0,&r) ; + getpwnam_r( "x" , &p , buf , 100U , &p_out ) ; ; return 0; @@ -6233,11 +7447,18 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + time_t t = 0 ; + struct tm b ; + struct tm * bp = 0 ; + int main () { -gmtime_r((time_t*)0,(struct tm*)0) ; + + bp = gmtime_r(&t,&b) ; + ; return 0; } @@ -6272,27 +7493,20 @@ else /* end confdefs.h. */ #ifdef _WIN32 - #define __USE_W32_SOCKETS - #ifndef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #if (_WIN32_WINNT < _WIN32_WINNT_VISTA) - #undef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - #include #include + #include #include #endif #include + time_t t = 0 ; + struct tm b ; int main () { -gmtime_s((struct tm*)0,(time_t*)0) ; + + gmtime_s( &b , &t ) ; + ; return 0; } @@ -6325,11 +7539,18 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + time_t t = 0 ; + struct tm b ; + struct tm * bp ; + int main () { -localtime_r((time_t*)0,(struct tm*)0) ; + + bp = localtime_r( &t , &b ) ; + ; return 0; } @@ -6364,27 +7585,20 @@ else /* end confdefs.h. */ #ifdef _WIN32 - #define __USE_W32_SOCKETS - #ifndef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #if (_WIN32_WINNT < _WIN32_WINNT_VISTA) - #undef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - #include #include + #include #include #endif #include + time_t t ; + struct tm b ; int main () { -localtime_s((struct tm*)0,(time_t*)0) ; + + localtime_s( &b , &t ) ; + ; return 0; } @@ -6419,27 +7633,19 @@ else /* end confdefs.h. */ #ifdef _WIN32 - #define __USE_W32_SOCKETS - #ifndef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #if (_WIN32_WINNT < _WIN32_WINNT_VISTA) - #undef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - #include #include + #include #include #endif #include + char buffer[100] ; int main () { -strncpy_s((char*)0,0U,"",0U) ; + + strncpy_s( buffer , sizeof(buffer) , "foo" , 3U ) ; + ; return 0; } @@ -6464,87 +7670,6 @@ $as_echo "#define GCONFIG_HAVE_STRNCPY_S 0" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bsd setpgrp" >&5 -$as_echo_n "checking for bsd setpgrp... " >&6; } -if ${gconfig_cv_setpgrp_bsd+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include - #include - -int -main () -{ -setpgrp(0,0) - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - gconfig_cv_setpgrp_bsd=yes -else - gconfig_cv_setpgrp_bsd=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_setpgrp_bsd" >&5 -$as_echo "$gconfig_cv_setpgrp_bsd" >&6; } - if test "$gconfig_cv_setpgrp_bsd" = "yes" ; then - -$as_echo "#define GCONFIG_HAVE_SETPGRP_BSD 1" >>confdefs.h - - else - -$as_echo "#define GCONFIG_HAVE_SETPGRP_BSD 0" >>confdefs.h - - fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for setgroups" >&5 -$as_echo_n "checking for setgroups... " >&6; } -if ${gconfig_cv_setgroups+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include - #include - #include - -int -main () -{ -setgroups(0,0) - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - gconfig_cv_setgroups=yes -else - gconfig_cv_setgroups=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_setgroups" >&5 -$as_echo "$gconfig_cv_setgroups" >&6; } - if test "$gconfig_cv_setgroups" = "yes" ; then - -$as_echo "#define GCONFIG_HAVE_SETGROUPS 1" >>confdefs.h - - else - -$as_echo "#define GCONFIG_HAVE_SETGROUPS 0" >>confdefs.h - - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getenv_s" >&5 $as_echo_n "checking for getenv_s... " >&6; } if ${gconfig_cv_getenv_s+:} false; then : @@ -6555,27 +7680,20 @@ else /* end confdefs.h. */ #ifdef _WIN32 - #define __USE_W32_SOCKETS - #ifndef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #if (_WIN32_WINNT < _WIN32_WINNT_VISTA) - #undef _WIN32_WINNT - #define _WIN32_WINNT _WIN32_WINNT_VISTA - #endif - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - #include #include + #include #include #endif #include + size_t n = 10 ; + char buf[10] ; int main () { -getenv_s((size_t*)0,(char*)0,0U,(const char*)0) ; + + getenv_s( &n , buf , 10U , "foo" ) ; + ; return 0; } @@ -6600,6 +7718,49 @@ $as_echo "#define GCONFIG_HAVE_GETENV_S 0" >>confdefs.h fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _fsopen()" >&5 +$as_echo_n "checking for _fsopen()... " >&6; } +if ${gconfig_cv_fsopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + FILE * fp = 0 ; + +int +main () +{ + + fp = _sfopen("foo","w",_SH_DENYNO) ; + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_fsopen=yes +else + gconfig_cv_fsopen=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_fsopen" >&5 +$as_echo "$gconfig_cv_fsopen" >&6; } + if test "$gconfig_cv_fsopen" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_FSOPEN 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_FSOPEN 0" >>confdefs.h + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for readlink" >&5 $as_echo_n "checking for readlink... " >&6; } if ${gconfig_cv_readlink+:} false; then : @@ -6608,11 +7769,17 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + long n = 0 ; + char buf[10] ; + int main () { -readlink((const char*)0,(char*)0,0U); + + n = readlink( "foo" , buf , sizeof(buf) ) ; + ; return 0; } @@ -6653,8 +7820,8 @@ int main () { - iconv_t i = iconv_open("","") ; - iconv(i,NULL,NULL,NULL,NULL) ; + iconv_t i = iconv_open( "C" , "utf8" ) ; + iconv( i , NULL , NULL , NULL , NULL ) ; iconv_close(i) ; ; @@ -6691,8 +7858,8 @@ int main () { - iconv_t i = iconv_open("","") ; - iconv(i,NULL,NULL,NULL,NULL) ; + iconv_t i = iconv_open( "C" , "utf8" ) ; + iconv( i , NULL , NULL , NULL , NULL ) ; iconv_close(i) ; ; @@ -6746,12 +7913,14 @@ else #include #include + char buf[100] ; + int rc = 0 ; int main () { - int rc = proc_pidpath((pid_t)1,(char*)0,(size_t)0); + rc = proc_pidpath( (pid_t)1 , buf , sizeof(buf) ) ; ; return 0; @@ -6777,6 +7946,108 @@ $as_echo "#define GCONFIG_HAVE_PROC_PIDPATH 0" >>confdefs.h fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bsd setpgrp" >&5 +$as_echo_n "checking for bsd setpgrp... " >&6; } +if ${gconfig_cv_setpgrp_bsd+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + +int +main () +{ + + setpgrp(0,0) ; + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_setpgrp_bsd=yes +else + gconfig_cv_setpgrp_bsd=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_setpgrp_bsd" >&5 +$as_echo "$gconfig_cv_setpgrp_bsd" >&6; } + if test "$gconfig_cv_setpgrp_bsd" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_SETPGRP_BSD 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_SETPGRP_BSD 0" >>confdefs.h + + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for setgroups" >&5 +$as_echo_n "checking for setgroups... " >&6; } +if ${gconfig_cv_setgroups+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + +int +main () +{ + + setgroups(0,0) ; + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + gconfig_cv_setgroups=yes +else + gconfig_cv_setgroups=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gconfig_cv_setgroups" >&5 +$as_echo "$gconfig_cv_setgroups" >&6; } + if test "$gconfig_cv_setgroups" = "yes" ; then + +$as_echo "#define GCONFIG_HAVE_SETGROUPS 1" >>confdefs.h + + else + +$as_echo "#define GCONFIG_HAVE_SETGROUPS 0" >>confdefs.h + + fi + + + + + + + + + + + + + + + + + + @@ -7226,11 +8497,15 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + SSL_CTX * p = 0 ; + int main () { -SSL_CTX * p = 0 ; return 1; + + ; return 0; } @@ -7265,92 +8540,7 @@ $as_echo "#define GCONFIG_HAVE_OPENSSL 0" >>confdefs.h int main () { -SSLv23_method(); return 1; - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - gconfig_ssl_openssl_sslv23_method=yes -else - gconfig_ssl_openssl_sslv23_method=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -SSLv3_method(); return 1; - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - gconfig_ssl_openssl_sslv3_method=yes -else - gconfig_ssl_openssl_sslv3_method=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -TLSv1_method(); return 1; - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - gconfig_ssl_openssl_tlsv1_method=yes -else - gconfig_ssl_openssl_tlsv1_method=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -TLSv1_1_method(); return 1; - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - gconfig_ssl_openssl_tlsv1_1_method=yes -else - gconfig_ssl_openssl_tlsv1_1_method=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -TLSv1_2_method(); return 1; - ; - return 0; -} -_ACEOF -if ac_fn_cxx_try_compile "$LINENO"; then : - gconfig_ssl_openssl_tlsv1_2_method=yes -else - gconfig_ssl_openssl_tlsv1_2_method=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -int -main () -{ -TLS_method(); return 1; +TLS_method(); ; return 0; } @@ -7361,6 +8551,7 @@ else gconfig_ssl_openssl_tls_method=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include @@ -7379,64 +8570,10 @@ else fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else - gconfig_ssl_openssl_sslv23_method=no - gconfig_ssl_openssl_sslv3_method=no - gconfig_ssl_openssl_tlsv1_1_method=no - gconfig_ssl_openssl_tlsv1_2_method=no gconfig_ssl_openssl_tls_method=no gconfig_ssl_openssl_min_max=no fi - if test "$gconfig_ssl_openssl_sslv23_method" = "yes" - then - -$as_echo "#define GCONFIG_HAVE_OPENSSL_SSLv23_METHOD 1" >>confdefs.h - - else - -$as_echo "#define GCONFIG_HAVE_OPENSSL_SSLv23_METHOD 0" >>confdefs.h - - fi - if test "$gconfig_ssl_openssl_sslv3_method" = "yes" - then - -$as_echo "#define GCONFIG_HAVE_OPENSSL_SSLv3_METHOD 1" >>confdefs.h - - else - -$as_echo "#define GCONFIG_HAVE_OPENSSL_SSLv3_METHOD 0" >>confdefs.h - - fi - if test "$gconfig_ssl_openssl_tlsv1_method" = "yes" - then - -$as_echo "#define GCONFIG_HAVE_OPENSSL_TLSv1_METHOD 1" >>confdefs.h - - else - -$as_echo "#define GCONFIG_HAVE_OPENSSL_TLSv1_METHOD 0" >>confdefs.h - - fi - if test "$gconfig_ssl_openssl_tlsv1_1_method" = "yes" - then - -$as_echo "#define GCONFIG_HAVE_OPENSSL_TLSv1_1_METHOD 1" >>confdefs.h - - else - -$as_echo "#define GCONFIG_HAVE_OPENSSL_TLSv1_1_METHOD 0" >>confdefs.h - - fi - if test "$gconfig_ssl_openssl_tlsv1_2_method" = "yes" - then - -$as_echo "#define GCONFIG_HAVE_OPENSSL_TLSv1_2_METHOD 1" >>confdefs.h - - else - -$as_echo "#define GCONFIG_HAVE_OPENSSL_TLSv1_2_METHOD 0" >>confdefs.h - - fi if test "$gconfig_ssl_openssl_tls_method" = "yes" then @@ -7466,11 +8603,15 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + mbedtls_ssl_context * p = 0 ; + int main () { -mbedtls_ssl_context * p = 0 ; return 1; + + ; return 0; } @@ -7490,11 +8631,15 @@ $as_echo "$gconfig_cv_ssl_mbedtls" >&6; } then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + int x = MBEDTLS_ERR_NET_RECV_FAILED; + int main () { -int x = MBEDTLS_ERR_NET_RECV_FAILED; + + ; return 0; } @@ -7508,11 +8653,15 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + int x = MBEDTLS_ERR_NET_RECV_FAILED; + int main () { -int x = MBEDTLS_ERR_NET_RECV_FAILED; + + ; return 0; } @@ -7709,7 +8858,6 @@ $as_echo "#define GCONFIG_ENABLE_STD_THREAD 0" >>confdefs.h fi fi - # Check whether --enable-debug was given. if test "${enable_debug+set}" = set; then : enableval=$enable_debug; @@ -7725,7 +8873,6 @@ $as_echo "#define _DEBUG 1" >>confdefs.h fi - # Check whether --enable-ipv6 was given. if test "${enable_ipv6+set}" = set; then : enableval=$enable_ipv6; @@ -7748,6 +8895,12 @@ $as_echo "$as_me: WARNING: ignoring --enable-ipv6" >&2;} gconfig_use_ipv6="yes" fi fi + + if test "$enable_ipv6" != "no" -a "$gconfig_use_ipv6" = "no" + then + gconfig_warnings="$gconfig_warnings ipv6_ipv6_networking" + fi + if test "$gconfig_use_ipv6" = "yes" ; then $as_echo "#define GCONFIG_ENABLE_IPV6 1" >>confdefs.h @@ -7766,7 +8919,6 @@ else fi - # Check whether --enable-gui was given. if test "${enable_gui+set}" = set; then : enableval=$enable_gui; @@ -7794,6 +8946,11 @@ $as_echo "$as_me: WARNING: ignoring --enable-gui: set QT_MOC, QT_LIBS and QT_CFL fi fi + if test "$enable_gui" != "no" -a "$QT_MOC" = "" + then + gconfig_warnings="$gconfig_warnings qt_graphical_user_interface" + fi + if test "$QT_MOC" != "" then { $as_echo "$as_me:${as_lineno-$LINENO}: QT version: $gconfig_qt" >&5 @@ -7818,7 +8975,6 @@ else fi - # Check whether --enable-verbose was given. if test "${enable_verbose+set}" = set; then : enableval=$enable_verbose; @@ -7834,13 +8990,13 @@ $as_echo "#define GCONFIG_NO_LOG 1" >>confdefs.h fi - # Check whether --enable-bsd was given. if test "${enable_bsd+set}" = set; then : enableval=$enable_bsd; fi + gconfig_bsd="$enable_bsd" if test "$enable_bsd" = "yes" -o "`uname`" = "NetBSD" -o "`uname`" = "FreeBSD" -o "`uname`" = "OpenBSD" ; then GCONFIG_BSD_TRUE= GCONFIG_BSD_FALSE='#' @@ -7850,7 +9006,6 @@ else fi - # Check whether --enable-mac was given. if test "${enable_mac+set}" = set; then : enableval=$enable_mac; @@ -7866,7 +9021,6 @@ else fi - # Check whether --enable-windows was given. if test "${enable_windows+set}" = set; then : enableval=$enable_windows; @@ -7898,7 +9052,6 @@ else fi - # Check whether --enable-testing was given. if test "${enable_testing+set}" = set; then : enableval=$enable_testing; @@ -7914,6 +9067,21 @@ else fi +# Check whether --enable-install-hook was given. +if test "${enable_install_hook+set}" = set; then : + enableval=$enable_install_hook; +fi + + + if test "$enable_install_hook" != "no"; then + GCONFIG_INSTALL_HOOK_TRUE= + GCONFIG_INSTALL_HOOK_FALSE='#' +else + GCONFIG_INSTALL_HOOK_TRUE='#' + GCONFIG_INSTALL_HOOK_FALSE= +fi + + # Check whether --with-doxygen was given. @@ -7934,7 +9102,6 @@ $as_echo "$as_me: WARNING: forcing use of doxygen even though not found" >&2;} - # Check whether --with-man2html was given. if test "${with_man2html+set}" = set; then : withval=$with_man2html; @@ -7953,7 +9120,6 @@ $as_echo "$as_me: WARNING: forcing use of man2html even though not found" >&2;} - # Check whether --with-openssl was given. if test "${with_openssl+set}" = set; then : withval=$with_openssl; @@ -8017,6 +9183,11 @@ fi GCONFIG_TLS_LIBS="" fi + if test "$gconfig_ssl_use_none" = "yes" -a "$with_openssl" != "no" + then + gconfig_warnings="$gconfig_warnings openssl/mbedtls_transport_layer_security" + fi + if test "$gconfig_ssl_use_both" = "yes"; then GCONFIG_TLS_USE_BOTH_TRUE= @@ -8054,7 +9225,6 @@ fi $as_echo "$as_me: using tls library: $gconfig_ssl_notice" >&6;} - # Check whether --with-pam was given. if test "${with_pam+set}" = set; then : withval=$with_pam; @@ -8068,11 +9238,16 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + pam_conv c ; pam_handle_t *pam = 0 ; int rc = 0 ; + int main () { -int rc = pam_start("","",(const struct pam_conv*)0,(pam_handle_t**)0) + + rc = pam_start("login","user",&c,&pam) ; + ; return 0; } @@ -8096,11 +9271,16 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + pam_conv c ; pam_handle_t *pam = 0 ; int rc = 0 ; + int main () { -int rc = pam_start("","",(const struct pam_conv*)0,(pam_handle_t**)0) + + rc = pam_start("login","user",&c,&pam) ; + ; return 0; } @@ -8124,11 +9304,16 @@ else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + pam_conv c ; pam_handle_t *pam = 0 ; int rc = 0 ; + int main () { -int rc = pam_start("","",(const struct pam_conv*)0,(pam_handle_t**)0) + + rc = pam_start("login","user",&c,&pam) ; + ; return 0; } @@ -8265,6 +9450,11 @@ $as_echo "$as_me: WARNING: forcing use of pam even though it does not seem to co fi fi + if test "$gconfig_pam_compiles" != "yes" -a "$with_pam" != "no" + then + gconfig_warnings="$gconfig_warnings pam_pam_authentication" + fi + if test "$gconfig_use_pam" = "yes" then @@ -8285,40 +9475,6 @@ fi -# Check whether --enable-static-linking was given. -if test "${enable_static_linking+set}" = set; then : - enableval=$enable_static_linking; -fi - - - if test "$enable_static_linking" = "yes" - then - GCONFIG_STATIC_START="-Xlinker -Bstatic" - GCONFIG_STATIC_END="${GCONFIG_ZLIB_LIBS} -Xlinker -Bdynamic -ldl" - else - GCONFIG_STATIC_START="" - GCONFIG_STATIC_END="" - fi - - - - -# Check whether --enable-install-hook was given. -if test "${enable_install_hook+set}" = set; then : - enableval=$enable_install_hook; -fi - - - if test "$enable_install_hook" != "no"; then - GCONFIG_INSTALL_HOOK_TRUE= - GCONFIG_INSTALL_HOOK_FALSE='#' -else - GCONFIG_INSTALL_HOOK_TRUE='#' - GCONFIG_INSTALL_HOOK_FALSE= -fi - - - if test "$e_libexecdir" = "" then @@ -8354,12 +9510,23 @@ fi fi if test "$e_bsdinitdir" = "" then - e_bsdinitdir="$libexecdir/$PACKAGE/init/bsd" + if test "$gconfig_bsd" = "yes" + then + e_bsdinitdir="$sysconfdir/rc.d" + else + e_bsdinitdir="$libexecdir/$PACKAGE/init/bsd" + fi fi if test "$e_icondir" = "" then e_icondir="$datadir/$PACKAGE" fi + if test "$e_rundir" = "" + then + # (linux fhs's "/run" not widely used) + e_rundir="/var/run/$PACKAGE" + fi + @@ -8543,6 +9710,10 @@ if test -z "${GCONFIG_TESTING_TRUE}" && test -z "${GCONFIG_TESTING_FALSE}"; then as_fn_error $? "conditional \"GCONFIG_TESTING\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${GCONFIG_INSTALL_HOOK_TRUE}" && test -z "${GCONFIG_INSTALL_HOOK_FALSE}"; then + as_fn_error $? "conditional \"GCONFIG_INSTALL_HOOK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${GCONFIG_TLS_USE_BOTH_TRUE}" && test -z "${GCONFIG_TLS_USE_BOTH_FALSE}"; then as_fn_error $? "conditional \"GCONFIG_TLS_USE_BOTH\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -8563,10 +9734,6 @@ if test -z "${GCONFIG_PAM_TRUE}" && test -z "${GCONFIG_PAM_FALSE}"; then as_fn_error $? "conditional \"GCONFIG_PAM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${GCONFIG_INSTALL_HOOK_TRUE}" && test -z "${GCONFIG_INSTALL_HOOK_FALSE}"; then - as_fn_error $? "conditional \"GCONFIG_INSTALL_HOOK\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 @@ -8964,7 +10131,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by E-MailRelay $as_me 2.0.1, which was +This file was extended by E-MailRelay $as_me 2.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -9030,7 +10197,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -E-MailRelay config.status 2.0.1 +E-MailRelay config.status 2.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -9908,3 +11075,16 @@ $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi + + for gconfig_w in $gconfig_warnings "" + do + if test "$gconfig_w" != "" + then + echo "$gconfig_w" | sed 's/_/ /g' | while read gconfig_what gconfig_stuff + do + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: missing $gconfig_what - no support for $gconfig_stuff" >&5 +$as_echo "$as_me: WARNING: missing $gconfig_what - no support for $gconfig_stuff" >&2;} + done + fi + done + diff --git a/configure.ac b/configure.ac old mode 100755 new mode 100644 index 352c30d..dbbf54c --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -dnl Copyright (C) 2001-2018 Graeme Walker +dnl Copyright (C) 2001-2019 Graeme Walker dnl dnl This program is free software: you can redistribute it and/or modify dnl it under the terms of the GNU General Public License as published by @@ -14,191 +14,107 @@ dnl You should have received a copy of the GNU General Public License dnl along with this program. If not, see . dnl === dnl +dnl configure.ac +dnl dnl Process this file with autoconf to produce a configure script. dnl -AC_INIT([E-MailRelay],[2.0.1],[],[emailrelay]) -AC_CONFIG_SRCDIR([src/gsmtp/gsmtp.h]) +AC_INIT([E-MailRelay],[2.1],[],[emailrelay]) +AC_CONFIG_SRCDIR([src/glib/gdef.h]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE([no-define]) AC_CONFIG_HEADERS([gconfig_defs.h]) AM_MAINTAINER_MODE AC_DISABLE_OPTION_CHECKING -dnl === -dnl check for programs... +dnl check for programs dnl AC_PROG_CC([cc gcc clang]) AC_PROG_CXX([c++ g++ clang++]) AX_CXX_COMPILE_STDCXX_11([],[optional]) -AC_PROG_RANLIB AC_PROG_INSTALL -AC_PROG_AWK +AC_PROG_RANLIB AC_PROG_SED AC_PROG_GREP -AC_CHECK_PROGS(MAKE,make gmake) -AC_CHECK_PROGS(AR,ar gar) -AC_CHECK_PROGS(GZIP,gzip) -AC_CHECK_PROG(GCONFIG_HAVE_DOXYGEN,doxygen,yes) -AC_CHECK_PROG(GCONFIG_HAVE_MAN2HTML,man2html,yes) +AC_CHECK_PROGS([MAKE],[make gmake]) +AC_CHECK_PROGS([AR],[ar gar]) +AC_CHECK_PROGS([GZIP],[gzip]) +AC_CHECK_PROG([GCONFIG_HAVE_DOXYGEN],[doxygen],[yes]) +AC_CHECK_PROG([GCONFIG_HAVE_MAN2HTML],[man2html],[yes]) GCONFIG_FN_PROG_WINDRES GCONFIG_FN_PROG_WINDMC -GCONFIG_FN_CONFIGURATION -dnl === -dnl check for libraries... +dnl check for system libraries dnl AC_LANG([C]) -GCONFIG_FN_SEARCHLIBS_POSIX +GCONFIG_FN_SEARCHLIBS_NAMESERVICE +GCONFIG_FN_SEARCHLIBS_SOCKET -dnl === -dnl check for header files, functions and typedefs... +dnl check for header files, functions, types etc. dnl AC_LANG([C++]) -GCONFIG_FN_TYPE_SOCKLEN_T -GCONFIG_FN_TYPE_ERRNO_T -GCONFIG_FN_TYPE_SSIZE_T -GCONFIG_FN_CXX_NULLPTR -GCONFIG_FN_CXX_CONSTEXPR -GCONFIG_FN_CXX_NOEXCEPT -GCONFIG_FN_CXX_OVERRIDE -GCONFIG_FN_CXX_FINAL -GCONFIG_FN_CXX_TYPE_TRAITS -GCONFIG_FN_CXX_EMPLACE -GCONFIG_FN_CXX_ALIGNMENT -GCONFIG_FN_CXX_SHARED_PTR -GCONFIG_FN_CXX_STD_THREAD -GCONFIG_FN_CXX_STD_WSTRING -GCONFIG_FN_IPV6 -GCONFIG_FN_SIN6_LEN -GCONFIG_FN_STATBUF_NSEC -GCONFIG_FN_INET_NTOP -GCONFIG_FN_INET_PTON -GCONFIG_FN_GETPWNAM -GCONFIG_FN_GETPWNAM_R -GCONFIG_FN_GMTIME_R -GCONFIG_FN_GMTIME_S -GCONFIG_FN_LOCALTIME_R -GCONFIG_FN_LOCALTIME_S -GCONFIG_FN_STRNCPY_S -GCONFIG_FN_SETPGRP_BSD -GCONFIG_FN_SETGROUPS -GCONFIG_FN_GETENV_S -GCONFIG_FN_READLINK -GCONFIG_FN_ICONV -GCONFIG_FN_PROC_PIDPATH +GCONFIG_FN_CHECK_HEADERS +GCONFIG_FN_CHECK_TYPES +GCONFIG_FN_CHECK_CXX +GCONFIG_FN_CHECK_NET +GCONFIG_FN_CHECK_FUNCTIONS + +dnl check for packages +dnl GCONFIG_FN_QT GCONFIG_FN_TLS_OPENSSL GCONFIG_FN_TLS_MBEDTLS -dnl === dnl initialise aclocal/pkg.m4... dnl # if the configure script fails in this area then you are probably missing pkg.m4 -PKG_PROG_PKG_CONFIG(0.9.0) +PKG_PROG_PKG_CONFIG([0.9.0]) -dnl === -dnl "--enable-std-thread" +dnl "--enable-whatever" dnl -AC_ARG_ENABLE(std-thread,AS_HELP_STRING([--enable-std-thread],[use std::thread or not (default auto)])) +AC_ARG_ENABLE([std-thread],AS_HELP_STRING([--enable-std-thread],[use std::thread or not (default auto)])) GCONFIG_FN_ENABLE_STD_THREAD - -dnl === -dnl "--enable-debug" -dnl -AC_ARG_ENABLE(debug,AS_HELP_STRING([--enable-debug],[enable extra debug messages at compile-time (default no)])) +AC_ARG_ENABLE([debug],AS_HELP_STRING([--enable-debug],[enable extra debug messages at compile-time (default no)])) GCONFIG_FN_ENABLE_DEBUG - -dnl === -dnl "--enable-ipv6" -dnl -AC_ARG_ENABLE(ipv6,AS_HELP_STRING([--enable-ipv6],[enable ipv6 (default auto)])) +AC_ARG_ENABLE([ipv6],AS_HELP_STRING([--enable-ipv6],[enable ipv6 (default auto)])) GCONFIG_FN_ENABLE_IPV6 - -dnl === -dnl "--enable-gui" -dnl -AC_ARG_ENABLE(gui,AS_HELP_STRING([--enable-gui],[enable configuration gui (requires Qt) (default auto)])) +AC_ARG_ENABLE([gui],AS_HELP_STRING([--enable-gui],[enable configuration gui (requires Qt) (default auto)])) GCONFIG_FN_ENABLE_GUI - -dnl === -dnl "--enable-verbose" -dnl -AC_ARG_ENABLE(verbose,AS_HELP_STRING([--enable-verbose],[enable verbose logging (default yes)])) +AC_ARG_ENABLE([verbose],AS_HELP_STRING([--enable-verbose],[enable verbose logging (default yes)])) GCONFIG_FN_ENABLE_VERBOSE - -dnl === -dnl "--enable-bsd" -dnl -AC_ARG_ENABLE(bsd,AS_HELP_STRING([--enable-bsd],[enable building for bsd (default auto)])) +AC_ARG_ENABLE([bsd],AS_HELP_STRING([--enable-bsd],[enable building for bsd (default auto)])) GCONFIG_FN_ENABLE_BSD - -dnl === -dnl "--enable-mac" -dnl -AC_ARG_ENABLE(mac,AS_HELP_STRING([--enable-mac],[enable building for mac os x (default auto)])) +AC_ARG_ENABLE([mac],AS_HELP_STRING([--enable-mac],[enable building for mac os x (default auto)])) GCONFIG_FN_ENABLE_MAC - -dnl === -dnl "--enable-windows" -dnl -AC_ARG_ENABLE(windows,AS_HELP_STRING([--enable-windows],[enable building for windows (default auto)])) +AC_ARG_ENABLE([windows],AS_HELP_STRING([--enable-windows],[enable building for windows (default auto)])) GCONFIG_FN_ENABLE_WINDOWS - -dnl === -dnl "--enable-testing" -dnl -AC_ARG_ENABLE(testing,AS_HELP_STRING([--enable-testing],[enable make check tests (default yes)])) +AC_ARG_ENABLE([testing],AS_HELP_STRING([--enable-testing],[enable make check tests (default yes)])) GCONFIG_FN_ENABLE_TESTING +AC_ARG_ENABLE([install-hook],AS_HELP_STRING([--enable-install-hook],[enable fixing up the start/stop configuration file at install time (default yes)])) +GCONFIG_FN_ENABLE_INSTALL_HOOK -dnl === -dnl "--with-doxygen" +dnl "--with-whatever" dnl AC_ARG_WITH(doxygen,AS_HELP_STRING([--with-doxygen],[generate source code documentation with doxygen (default auto)])) GCONFIG_FN_WITH_DOXYGEN - -dnl === -dnl "--with-man2html" -dnl AC_ARG_WITH(man2html,AS_HELP_STRING([--with-man2html],[convert man pages to html using man2html (default auto)])) GCONFIG_FN_WITH_MAN2HTML - -dnl === -dnl "--with-openssl"/"--with-mbedtls" -dnl AC_ARG_WITH(openssl,AS_HELP_STRING([--with-openssl],[use openssl for tls layer (default auto)])) AC_ARG_WITH(mbedtls,AS_HELP_STRING([--with-mbedtls],[use mbedtls for tls layer (default auto)])) GCONFIG_FN_TLS - -dnl === -dnl "--with-pam" -dnl AC_ARG_WITH(pam,AS_HELP_STRING([--with-pam],[use linux pam for authentication (default auto)])) GCONFIG_FN_WITH_PAM -dnl === -dnl "--enable-static-linking" -dnl -AC_ARG_ENABLE(static-linking,AS_HELP_STRING([--enable-static-linking],[prefer static linking for some libraries (default no)])) -GCONFIG_FN_ENABLE_STATIC_LINKING - -dnl === -dnl "--enable-install-hook" -dnl -AC_ARG_ENABLE(install-hook,AS_HELP_STRING([--enable-install-hook],[enable fixing up the start/stop configuration file at install time (default yes)])) -GCONFIG_FN_ENABLE_INSTALL_HOOK - -dnl === -dnl directory tweaking ... -dnl -dnl define e_ prefixed directory variables +dnl directory tweaking -- define e_ prefixed directory variables dnl dnl not AC_PREFIX_DEFAULT([/usr]) -GCONFIG_FN_SET_DIRECTORIES +GCONFIG_FN_SET_DIRECTORIES_E -dnl === -dnl generate files... +dnl generate files dnl AC_CONFIG_FILES([Makefile src/Makefile src/glib/Makefile src/gssl/Makefile src/gnet/Makefile src/gauth/Makefile src/gsmtp/Makefile src/gpop/Makefile src/main/Makefile src/main/icon/Makefile src/win32/Makefile src/gui/Makefile bin/Makefile doc/Makefile etc/Makefile test/Makefile test/certificates/Makefile m4/Makefile bsd/Makefile debian/Makefile]) AC_OUTPUT +dnl final warnings +dnl +GCONFIG_FN_WARNINGS diff --git a/configure.sh b/configure.sh index 5293a2d..6679b7c 100755 --- a/configure.sh +++ b/configure.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2001-2018 Graeme Walker +# Copyright (C) 2001-2019 Graeme Walker # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,11 +18,15 @@ # # configure.sh # -# A simple wrapper for the configure script. +# A simple wrapper for the autoconf configure script that specifies +# more sensible directories depending on the host environment and +# simplifies cross-compilation to windows or arm. # -# usage: configure.sh [-d] [-m] [] -# -d debug compiler flags (see also --enable-debug) +# usage: configure.sh [-d] [{-o|-m|-p}] [] +# -d debug compiler flags +# -o openwrt sdk and uclibc (edit as required) # -m mingw-w64 +# -p rpi # thisdir="`cd \`dirname $0\` && pwd`" @@ -33,11 +37,13 @@ then exit 1 fi +enable_debug="" if test "$1" = "-d" then shift export CFLAGS="-O0 -g" export CXXFLAGS="-O0 -g" + if expr "$*" : '.*enable.debug' ; then : ; else enable_debug="--enable-debug" ; fi : elif expr "$*" : '.*enable.debug' >/dev/null then @@ -51,46 +57,102 @@ fi if test "$1" = "-m" then shift - export CXX="i686-w64-mingw32-g++" - export CC="i686-w64-mingw32-gcc" - export CXXFLAGS="-std=c++11 -pthread" - export LDFLAGS="-pthread" - $thisdir/configure --host i686-w64-mingw32 --enable-windows --disable-gui --disable-pam \ - --prefix=/usr --libexecdir=/usr/lib --docdir=/usr/share/doc --mandir=/usr/share/man "$@" + TARGET="i686-w64-mingw32" + export CXX="$TARGET-g++" + export CC="$TARGET-gcc" + export AR="$TARGET-ar" + export STRIP="$TARGET-strip" + export CXXFLAGS="$CXXFLAGS -std=c++11 -pthread" + export LDFLAGS="$LDFLAGS -pthread" + if test -x "`which $CXX`" ; then : ; else echo "error: no mingw c++ compiler: [$CXX]\n" ; exit 1 ; fi + $thisdir/configure $enable_debug --host $TARGET \ + --enable-windows \ + --disable-gui --without-pam --without-doxygen \ + --prefix=/usr --libexecdir=/usr/lib --sysconfdir=/etc \ + --localstatedir=/var e_initdir=/etc/init.d "$@" +: +elif test "$1" = "-p" +then + shift + TARGET="arm-linux-gnueabihf" + export CXX="$TARGET-g++" + export CC="$TARGET-gcc" + export AR="$TARGET-ar" + export STRIP="$TARGET-strip" + export CXXFLAGS="$CXXFLAGS -std=c++11 -pthread" + export LDFLAGS="$LDFLAGS -pthread" + $thisdir/configure $enable_debug --host $TARGET \ + --disable-gui --without-pam --without-doxygen \ + --prefix=/usr --libexecdir=/usr/lib --sysconfdir=/etc \ + --localstatedir=/var e_initdir=/etc/init.d "$@" +: +elif test "$1" = "-o" +then + shift + TARGET="mipsel-openwrt-linux-uclibc" + SDK_DIR="`find $HOME -maxdepth 3 -type d -iname openwrt-sdk\*uclibc\* 2>/dev/null | sort | head -1`" + SDK_TOOLCHAIN_DIR="`find \"$SDK_DIR/staging_dir\" -type d -iname toolchain-\*uclibc\* 2>/dev/null | sort | head -1`" + SDK_TARGET_DIR="`find \"$SDK_DIR/staging_dir\" -type d -iname target-\*uclibc\* 2>/dev/null | sort | head -1`" + export CC="$SDK_TOOLCHAIN_DIR/bin/$TARGET-gcc" + export CXX="$SDK_TOOLCHAIN_DIR/bin/$TARGET-c++" + export AR="$SDK_TOOLCHAIN_DIR/bin/$TARGET-ar" + export STRIP="$SDK_TOOLCHAIN_DIR/bin/$TARGET-strip" + export CXXFLAGS="-fno-rtti -fno-threadsafe-statics -Os $CXXFLAGS" + export LDFLAGS="-L$SDK_TARGET_DIR/usr/lib -luClibc++ $LDFLAGS" + export CPPFLAGS="-I$SDK_TARGET_DIR/usr/include/uClibc++ $CPPFLAGS" + if test -x "$CXX" ; then : ; else echo "error: no c++ compiler for target [$TARGET]: CXX=[$CXX]\n" ; exit 1 ; fi + if test -f "$SDK_TARGET_DIR/usr/lib/libuClibc++.so" ; then : ; else echo "error: no uclibc++ library under [$SDK_TARGET_DIR]\n" ; exit 1 ; fi + $thisdir/configure $enable_debug --host $TARGET \ + --disable-gui --without-pam --without-doxygen \ + --without-mbedtls --disable-std-thread \ + --prefix=/usr --libexecdir=/usr/lib --sysconfdir=/etc \ + --localstatedir=/var e_initdir=/etc/init.d "$@" + echo export PATH=\"$SDK_TOOLCHAIN_DIR/bin:\$PATH\" + echo export STAGING_DIR=\"$SDK_DIR/staging_dir\" : elif test "`uname`" = "NetBSD" then export CPPFLAGS="$CPPFLAGS -I/usr/X11R7/include" export LDFLAGS="$LDFLAGS -L/usr/X11R7/lib" - $thisdir/configure --prefix=/usr --libexecdir=/usr/lib --docdir=/usr/share/doc --mandir=/usr/share/man --sysconfdir=/etc e_bsdinitdir=/etc/rc.d "$@" + $thisdir/configure $enable_debug \ + --prefix=/usr --libexecdir=/usr/lib --sysconfdir=/etc \ + --localstatedir=/var e_bsdinitdir=/etc/rc.d "$@" : elif test "`uname`" = "FreeBSD" then export CPPFLAGS="$CPPFLAGS -I/usr/local/include -I/usr/local/include/libav" export LDFLAGS="$LDFLAGS -L/usr/local/lib -L/usr/local/lib/libav" - $thisdir/configure --prefix=/usr/local --mandir=/usr/local/man e_bsdinitdir=/usr/local/etc/rc.d "$@" + $thisdir/configure $enable_debug \ + --prefix=/usr/local --mandir=/usr/local/man \ + e_bsdinitdir=/usr/local/etc/rc.d "$@" : elif test "`uname`" = "OpenBSD" then export CPPFLAGS="$CPPFLAGS -I/usr/X11R6/include" export LDFLAGS="$LDFLAGS -L/usr/X11R6/lib" - $thisdir/configure --prefix=/usr/local --mandir=/usr/local/man e_bsdinitdir=/usr/local/etc/rc.d "$@" + $thisdir/configure $enable_debug \ + --prefix=/usr/local --mandir=/usr/local/man \ + e_bsdinitdir=/usr/local/etc/rc.d "$@" : elif test "`uname`" = "Darwin" then export CPPFLAGS="$CPPFLAGS -I/opt/local/include -I/opt/X11/include" export LDFLAGS="$LDFLAGS -L/opt/local/lib -L/opt/X11/lib" - $thisdir/configure --prefix=/opt/local --mandir=/opt/local/man "$@" + $thisdir/configure $enable_debug \ + --prefix=/opt/local --mandir=/opt/local/man "$@" : elif test "`uname`" = "Linux" then export CPPFLAGS export LDFLAGS - $thisdir/configure --prefix=/usr --libexecdir=/usr/lib --sysconfdir=/etc e_initdir=/etc/init.d e_spooldir=/var/spool/emailrelay "$@" + $thisdir/configure $enable_debug \ + --prefix=/usr --libexecdir=/usr/lib --sysconfdir=/etc \ + --localstatedir=/var e_initdir=/etc/init.d \ + e_rundir=/run/emailrelay "$@" : else export CPPFLAGS="$CPPFLAGS -I/usr/X11R7/include -I/usr/X11R6/include -I/usr/local/include -I/opt/local/include -I/opt/X11/include" export LDFLAGS="$LDFLAGS -L/usr/X11R7/lib -L/usr/X11R6/lib -L/usr/local/lib -L/opt/local/lib -L/opt/X11/lib" - $thisdir/configure "$@" + $thisdir/configure $enable_debug "$@" fi diff --git a/debian/Makefile.am b/debian/Makefile.am index beaaa73..462ac1d 100644 --- a/debian/Makefile.am +++ b/debian/Makefile.am @@ -1,5 +1,5 @@ # -## Copyright (C) 2001-2018 Graeme Walker +## Copyright (C) 2001-2019 Graeme Walker ## ## This program is free software: you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by @@ -14,4 +14,17 @@ ## You should have received a copy of the GNU General Public License ## along with this program. If not, see . # -EXTRA_DIST = preinst postinst prerm postrm copyright changelog + +EXTRA_DIST = \ + emailrelay.init \ + emailrelay.default \ + changelog \ + control \ + compat \ + copyright \ + preinst \ + postinst \ + prerm \ + postrm \ + rules + diff --git a/debian/Makefile.in b/debian/Makefile.in index a67b91c..a493562 100644 --- a/debian/Makefile.in +++ b/debian/Makefile.in @@ -13,6 +13,9 @@ # PARTICULAR PURPOSE. @SET_MAKE@ + +# +# VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -87,10 +90,10 @@ PRE_UNINSTALL = : POST_UNINSTALL = : subdir = debian ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ + $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx_11.m4 \ - $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/acinclude.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) @@ -133,6 +136,7 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ +CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -141,15 +145,13 @@ DEPDIR = @DEPDIR@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ +EGREP = @EGREP@ EXEEXT = @EXEEXT@ -GCONFIG_CONFIGURATION = @GCONFIG_CONFIGURATION@ GCONFIG_HAVE_DOXYGEN = @GCONFIG_HAVE_DOXYGEN@ GCONFIG_HAVE_MAN2HTML = @GCONFIG_HAVE_MAN2HTML@ GCONFIG_QT_CFLAGS = @GCONFIG_QT_CFLAGS@ GCONFIG_QT_LIBS = @GCONFIG_QT_LIBS@ GCONFIG_QT_MOC = @GCONFIG_QT_MOC@ -GCONFIG_STATIC_END = @GCONFIG_STATIC_END@ -GCONFIG_STATIC_START = @GCONFIG_STATIC_START@ GCONFIG_TLS_LIBS = @GCONFIG_TLS_LIBS@ GCONFIG_WINDMC = @GCONFIG_WINDMC@ GCONFIG_WINDRES = @GCONFIG_WINDRES@ @@ -215,6 +217,7 @@ e_icondir = @e_icondir@ e_initdir = @e_initdir@ e_libexecdir = @e_libexecdir@ e_pamdir = @e_pamdir@ +e_rundir = @e_rundir@ e_spooldir = @e_spooldir@ e_sysconfdir = @e_sysconfdir@ exec_prefix = @exec_prefix@ @@ -243,10 +246,19 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +EXTRA_DIST = \ + emailrelay.init \ + emailrelay.default \ + changelog \ + control \ + compat \ + copyright \ + preinst \ + postinst \ + prerm \ + postrm \ + rules -# -# -EXTRA_DIST = preinst postinst prerm postrm copyright changelog all: all-am .SUFFIXES: diff --git a/debian/changelog b/debian/changelog index 3dd226f..7de8f26 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,23 @@ +emailrelay (2.1) unstable; urgency=low + * Backwards compatibility features for 1.9-to-2.0 transition removed. + * Better handling of too-many-connections on Windows. + * New "--idle-timeout" option for server-side connections. + * Support for RFC-5782 DNSBL blocking ("--dnsbl"). + * Filter scripts are given the path of the envelope file in argv2. + * Message files can be editied by "--client-filter" scripts. + * Better support for CRAM-SHAx authentication. + * New "--client-auth-config" and "--server-auth-config" options. + * New "--show" option on windows to better control the user interface style. + * The "--pop" option always requires "--pop-auth". + * No message is spooled if all its envelope recipients are local-mailboxes. + * TLS cipher name added to "Received" line as per RFC-8314 4.3. + * Certificate contents are not logged. + * Timestamp parts of spool filenames no longer limited to six digits. + -- maintainer graeme_walker Mon, 16 Sep 2019 02:34:03 +0000 + emailrelay (2.0.1) unstable; urgency=low * Make PLAIN client authentication work against servers with broken 334 responses. - -- maintainer graeme_walker Tue, 13 Aug 2019 09:53:07 +0000 + -- maintainer graeme_walker Wed, 14 Aug 2019 00:00:00 +0000 emailrelay (2.0) unstable; urgency=low * Improved IPv6 support, with IPv4 and IPv6 used independently at run-time (see "--interface"). diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..e91122b --- /dev/null +++ b/debian/control @@ -0,0 +1,17 @@ +Source: emailrelay +Section: mail +Priority: optional +Maintainer: Graeme Walker +Build-Depends: debhelper (>= 9), autotools-dev +Standards-Version: 3.9.8 +Homepage: http://emailrelay.sourceforge.net + +Package: emailrelay +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: E-mail store-and-forward transfer agent and pop server. + E-MailRelay does three things: it stores any incoming e-mail messages that + it receives, it forwards e-mail messages on to another remote e-mail server, + and it serves up stored e-mail messages to local e-mail reader programs. More + technically, it acts as a SMTP storage daemon, a SMTP forwarding agent, and + a POP3 server. diff --git a/debian/copyright b/debian/copyright index 04ef40c..a7625a1 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,6 +1,6 @@ Copyright ========= -Copyright (C) 2001-2018 Graeme Walker +Copyright (C) 2001-2019 Graeme Walker Refer to the file COPYING (included), /usr/share/common-licenses/GPL-3, or for the terms of the GNU General Public License. diff --git a/debian/emailrelay.default b/debian/emailrelay.default new file mode 100644 index 0000000..5652a07 --- /dev/null +++ b/debian/emailrelay.default @@ -0,0 +1,3 @@ +# change this to 1 to enable the emailrelay system-v init script +# and run 'service emailrelay start' when configured +EMAILRELAY_ENABLED=0 diff --git a/debian/emailrelay.init b/debian/emailrelay.init new file mode 100755 index 0000000..79a4d24 --- /dev/null +++ b/debian/emailrelay.init @@ -0,0 +1,272 @@ +#!/bin/sh +# +# Copyright (C) 2001-2019 Graeme Walker +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# === +# +# emailrelay +# +# A start/stop script for E-MailRelay in the SysV init system. +# +# usage: emailrelay { start | stop | restart | force-reload | status } +# +# See also: install_initd, remove_initd +# +### BEGIN INIT INFO +# Provides: emailrelay +# Required-Start: $local_fs $network $syslog +# Required-Stop: $local_fs $network $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: E-MailRelay mail server +### END INIT INFO +## + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +NAME=emailrelay +DESC="E-MailRelay mail server" +CONFIG=/etc/$NAME.conf +PIDFILE=/run/emailrelay/$NAME.pid +GROUP=daemon +DAEMON=/usr/sbin/$NAME +SUBMIT=/usr/sbin/$NAME-submit + +test -f /etc/default/$NAME && . /etc/default/$NAME +test -f /etc/rc.conf.d/$NAME && . /etc/rc.conf.d/$NAME +test -f /etc/default/rcS && . /etc/default/rcS + +# Default lsb functions in case there is no lsb/init-functions... +# +log_success_msg() +{ + echo "$@" +} +log_failure_msg() +{ + echo "$@" +} +log_warning_msg() +{ + echo "$@" +} +start_daemon() +{ + if test "`cat \"$2\" 2>/dev/null`" -gt 0 2>/dev/null && kill -0 "`cat \"$2\"`" + then + : # running already + else + shift ; shift ; shift + "$@" + fi +} +killproc() +{ + shift + kill `cat "$1" 2>/dev/null` 2>/dev/null +} +pidofproc() +{ + shift + kill -0 `cat "$1" 2>/dev/null` 2>/dev/null +} +log_daemon_msg() +{ + echo -n "$@" +} +log_progress_msg() +{ + :; +} +log_end_msg() +{ + if test "$1" -eq 0 + then + log_success_msg " ... ok" + true + else + log_failure_msg " ... failed!" + false + fi +} + +# Setup functions... +# +# Some packaging scripts do "emailrelay setup" for some of their +# post-install steps, and "emailrelay setup" might also be useful +# administratively after editing the /etc/default file. The "start" +# sub-command below also uses setup_rundir() because the /run +# directory will not necessarily persist across a reboot. +# +# (This code must come before the potential 'init-functions' redirect +# to systemd.) +# +setup_config() +{ + if test ! -f "$CONFIG" -a -f "$CONFIG.template" + then + cp -p "$CONFIG.template" "$CONFIG" + fi +} +root_root() +{ + # True if the given file exists and is owned by 'root.root', + # as if newly copied by the install process and never + # subsequently chown'ed by the administrator + ls -nd "$1" 2>/dev/null | cut -d' ' --fields=3,4 | grep -q '^0 0$' +} +spooldir() +{ + # Prints the spool directory path from the config file, but with a + # default because packaged installs may not edit the config file + # like 'make install' does + ( echo spool-dir /var/spool/emailrelay ; cat "$CONFIG" ) | \ + tr '\t' ' ' | sed 's/ */ /g' | grep '^spool-dir [^ ]' | \ + tail -1 | cut -d' ' -f 2 +} +setup_rundir_imp() +{ + test -d "$1" || mkdir -p "$1" + if echo "$1" | grep -q "/emailrelay$" + then + if root_root "$1" + then + chgrp "$GROUP" "$1" + chmod 775 "$1" + fi + fi +} +setup_rundir() +{ + # Recreates the pidfile directory, which might disappear after a reboot + setup_rundir_imp "`dirname \"$PIDFILE\"`" +} +setup_spooldir_imp() +{ + test -d "$1" || mkdir -p "$1" + if root_root "$1" + then + chgrp "$GROUP" "$1" + chmod 775 "$1" + chmod g+s "$1" + fi +} +setup_spooldir() +{ + setup_spooldir_imp "`spooldir`" +} +setup_sgid() +{ + if root_root "$1" + then + chgrp "$GROUP" "$1" + chmod 755 "$1" + chmod g+s "$1" + fi +} +setup_tools() +{ + setup_sgid "/usr/sbin/emailrelay-submit" + setup_sgid "/usr/lib/emailrelay/emailrelay-filter-copy" +} +setup() +{ + setup_config + setup_rundir + setup_spooldir + setup_tools +} +if test "$1" = "setup" ; then setup ; exit 0 ; fi + +# Read lsb init-functions. Annoyingly, systemd sometimes hijacks this to +# generate a service file under /run/systemd, run systemctl etc, without +# ever returning to this script. +# +test -f /lib/lsb/init-functions && . /lib/lsb/init-functions + +# Ignore /etc/default 'enabled' switch if running from systemd. +# +# (The 'enabled' mechanism is needed on non-systemd debian distros +# because the dpkg postinstall script starts the server, whereas +# on systemd systems the dpkg postinstall script's call to update-rc.d +# does nothing. On rpm or 'make install' systems the /etc/default file +# is not installed at all.) +# +if test -d /run/systemd/system -a "$PPID" -eq 1 +then + EMAILRELAY_ENABLED="1" +fi + +case "$1" in + + restart|force-reload) + $0 stop + $0 start + ;; + + try-restart) + echo `basename $0`: $1 not implemented >&2 + exit 3 + ;; + + *start) + if test "${EMAILRELAY_ENABLED:-1}" -eq 1 + then + log_daemon_msg "Starting $DESC" + log_progress_msg "$NAME" + setup_rundir + start_daemon -p "$PIDFILE" -- "$DAEMON" --as-server --syslog --pid-file "$PIDFILE" "$CONFIG" + e="$?" + log_end_msg $e + test "$e" -eq 0 + else + log_warning_msg "$NAME startup is disabled in /etc/default/$NAME" + exit 0 + fi + ;; + + stop) + log_daemon_msg "Stopping $DESC" + log_progress_msg "$NAME" + killproc -p "$PIDFILE" "$DAEMON" + log_end_msg $? + ;; + + reload) + echo `basename $0`: $1 not implemented >&2 + exit 3 + ;; + + status) + if pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null + then + log_success_msg "$NAME is running" + true + else + log_failure_msg "$NAME is not running" + false + fi + ;; + + setup) + # never gets here -- see above + setup + ;; + + *) + echo usage: `basename $0` "{start|stop|restart|status}" >&2 + exit 2 + ;; + +esac diff --git a/debian/postinst b/debian/postinst old mode 100644 new mode 100755 index 44ca2f5..a2f33b1 --- a/debian/postinst +++ b/debian/postinst @@ -5,32 +5,18 @@ spool="/var/spool/emailrelay" submit="/usr/sbin/emailrelay-submit" +filtercopy="/usr/lib/emailrelay/emailrelay-filter-copy" init="/etc/init.d/emailrelay" -rundir="/var/run/emailrelay" +rundir="/run/emailrelay" emailrelay_setup() { - test -d "$spool" || mkdir "$spool" - if ls -nd "$spool" | cut -d' ' --fields=3,4 | grep -q '^0 0$' - then - chgrp daemon "$spool" && chmod 775 "$spool" && chmod g+s "$spool" - fi - - test -d "$rundir" || mkdir "$rundir" - if ls -nd "$rundir" | cut -d' ' --fields=3,4 | grep -q '^0 0$' - then - chgrp daemon "$rundir" && chmod 770 "$rundir" - fi - - if ls -n "$submit" | cut -d' ' --fields=3,4 | grep -q '^0 0$' - then - chgrp daemon "$submit" && chmod g+s "$submit" - fi - - if test -f "$init" -a ! -x "$init" + # use the init script for some post-install setup + if test -e "$init" -a ! -x "$init" then chmod +x "$init" fi + "$init" setup } emailrelay_fix_html() @@ -47,9 +33,11 @@ emailrelay_create_config() fi } -#DEBHELPER# - emailrelay_setup emailrelay_fix_html emailrelay_create_config +#DEBHELPER# + +exit 0 + diff --git a/debian/postrm b/debian/postrm old mode 100644 new mode 100755 index 51d1b26..b418dfa --- a/debian/postrm +++ b/debian/postrm @@ -4,15 +4,30 @@ # spool="/var/spool/emailrelay" -rundir="/var/run/emailrelay" +rundir="/run/emailrelay" -rm -f /usr/share/doc/emailrelay/changelog.html || true -if test "$1" = "purge" -then - rmdir "$spool" 2>/dev/null || true - rmdir "$rundir" 2>/dev/null || true - rm /etc/emailrelay.conf 2>/dev/null || true -fi +emailrelay_unfix_html() +{ + # see postinst + rm -f /usr/share/doc/emailrelay/changelog.html +} + +emailrelay_purge() +{ + # (purge deliberately fails if spooled messages exist) + #rm -rf "$spool" 2>/dev/null + rmdir "$spool" 2>/dev/null + rmdir "$rundir" 2>/dev/null + rm /etc/emailrelay.conf 2>/dev/null + rm -rf "/usr/share/doc/emailrelay/doxygen" 2>/dev/null +} #DEBHELPER# +emailrelay_unfix_html +if test "$1" = "purge" +then + emailrelay_purge +fi +exit 0 + diff --git a/debian/preinst b/debian/preinst old mode 100644 new mode 100755 index 6f9014c..2c9a457 --- a/debian/preinst +++ b/debian/preinst @@ -3,18 +3,5 @@ # preinst # -spool="/var/spool/emailrelay" - -create_spool() -{ - test -d "$spool" || mkdir "$spool" - if ls -nd "$spool" | cut -d' ' --fields=3,4 | grep -q '^0 0$' - then - chgrp daemon "$spool" && chmod 775 "$spool" - fi -} - -create_spool - #DEBHELPER# diff --git a/debian/prerm b/debian/prerm old mode 100644 new mode 100755 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..9946c9f --- /dev/null +++ b/debian/rules @@ -0,0 +1,14 @@ +#!/usr/bin/make -f +# +# rules +# +# See dh(1) and debhelper(7) +# + +%: + dh $@ --with autotools_dev + +override_dh_auto_configure: + # (the init script goes to one side under /usr/lib since we have debian/emailrelay.init) + dh_auto_configure -- --libexecdir=/usr/lib e_initdir=/usr/lib/emailrelay/init e_rundir=/run/emailrelay --without-doxygen --without-man2html --with-openssl --without-mbedtls --with-pam --disable-gui --disable-install-hook --disable-testing + diff --git a/depcomp b/depcomp index 4ebd5b3..fc98710 100755 --- a/depcomp +++ b/depcomp @@ -3,7 +3,7 @@ scriptversion=2013-05-30.07; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/doc/Makefile.am b/doc/Makefile.am index 369fb37..1cdf9cf 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,5 +1,5 @@ # -## Copyright (C) 2001-2018 Graeme Walker +## Copyright (C) 2001-2019 Graeme Walker ## ## This program is free software: you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by @@ -23,7 +23,7 @@ txt_files_install=\ windows.txt windows.md windows.rst \ changelog.txt changelog.md changelog.rst \ doxygen.cfg.in \ - index.rst conf.py + index.rst conf.py.sphinx man_files_install=\ emailrelay.1 \ @@ -83,7 +83,7 @@ man1_MANS = $(man_files_install) e_doc_DATA = $(txt_files_install) $(html_files_install) $(css_files_install) $(png_files_install) CLEANFILES = $(noinst_SCRIPTS) $(man_files_clean) doxygen.out doxygen.cfg doxygen/search/* doxygen/* -SUFFIXES = .txt .html .mu +SUFFIXES = .txt .html run_doxygen=$(top_srcdir)/bin/doxygen.sh @@ -125,10 +125,11 @@ md: .PHONY: sphinx sphinx: + cp conf.py.sphinx conf.py sphinx-build -b html . ./_build .PHONY: website website: @chmod +x make-website || true - ./make-website 2.0 + ./make-website 2.1 diff --git a/doc/Makefile.in b/doc/Makefile.in index 879d57e..8aa4288 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -92,10 +92,10 @@ PRE_UNINSTALL = : POST_UNINSTALL = : subdir = doc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/acinclude.m4 \ + $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx.m4 \ $(top_srcdir)/m4/m4_ax_cxx_compile_stdcxx_11.m4 \ - $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/acinclude.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) @@ -171,6 +171,7 @@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CXX = @CXX@ +CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -179,15 +180,13 @@ DEPDIR = @DEPDIR@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ +EGREP = @EGREP@ EXEEXT = @EXEEXT@ -GCONFIG_CONFIGURATION = @GCONFIG_CONFIGURATION@ GCONFIG_HAVE_DOXYGEN = @GCONFIG_HAVE_DOXYGEN@ GCONFIG_HAVE_MAN2HTML = @GCONFIG_HAVE_MAN2HTML@ GCONFIG_QT_CFLAGS = @GCONFIG_QT_CFLAGS@ GCONFIG_QT_LIBS = @GCONFIG_QT_LIBS@ GCONFIG_QT_MOC = @GCONFIG_QT_MOC@ -GCONFIG_STATIC_END = @GCONFIG_STATIC_END@ -GCONFIG_STATIC_START = @GCONFIG_STATIC_START@ GCONFIG_TLS_LIBS = @GCONFIG_TLS_LIBS@ GCONFIG_WINDMC = @GCONFIG_WINDMC@ GCONFIG_WINDRES = @GCONFIG_WINDRES@ @@ -253,6 +252,7 @@ e_icondir = @e_icondir@ e_initdir = @e_initdir@ e_libexecdir = @e_libexecdir@ e_pamdir = @e_pamdir@ +e_rundir = @e_rundir@ e_spooldir = @e_spooldir@ e_sysconfdir = @e_sysconfdir@ exec_prefix = @exec_prefix@ @@ -289,7 +289,7 @@ txt_files_install = \ windows.txt windows.md windows.rst \ changelog.txt changelog.md changelog.rst \ doxygen.cfg.in \ - index.rst conf.py + index.rst conf.py.sphinx man_files_install = \ emailrelay.1 \ @@ -347,12 +347,12 @@ noinst_SCRIPTS = .dox man1_MANS = $(man_files_install) e_doc_DATA = $(txt_files_install) $(html_files_install) $(css_files_install) $(png_files_install) CLEANFILES = $(noinst_SCRIPTS) $(man_files_clean) doxygen.out doxygen.cfg doxygen/search/* doxygen/* -SUFFIXES = .txt .html .mu +SUFFIXES = .txt .html run_doxygen = $(top_srcdir)/bin/doxygen.sh all: all-am .SUFFIXES: -.SUFFIXES: .txt .html .mu +.SUFFIXES: .txt .html $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ @@ -643,12 +643,13 @@ md: .PHONY: sphinx sphinx: + cp conf.py.sphinx conf.py sphinx-build -b html . ./_build .PHONY: website website: @chmod +x make-website || true - ./make-website 2.0 + ./make-website 2.1 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/doc/authentication.svg b/doc/authentication.svg index fb58e59..dbdc73b 100644 --- a/doc/authentication.svg +++ b/doc/authentication.svg @@ -1,6 +1,6 @@ - +

E-MailRelay Change Log

-

2.0 -> 2.0.1

+

2.0.1 -> 2.1

+
    +
  • Backwards compatibility features for 1.9-to-2.0 transition removed.
    • +
  • Better handling of too-many-connections on Windows.
    • +
  • New --idle-timeout option for server-side connections.
    • +
  • Support for RFC-5782 DNSBL blocking (--dnsbl).
    • +
  • Filter scripts are given the path of the envelope file in argv2.
    • +
  • Message files can be editied by --client-filter scripts.
    • +
  • Better support for CRAM-SHAx authentication.
    • +
  • New --client-auth-config and --server-auth-config options.
    • +
  • New --show option on windows to better control the user interface style.
    • +
  • The --pop option always requires --pop-auth.
    • +
  • No message is spooled if all its envelope recipients are local-mailboxes.
    • +
  • TLS cipher name added to Received line as per RFC-8314 4.3.
    • +
  • Certificate contents are not logged.
    • +
  • Timestamp parts of spool filenames no longer limited to six digits.
    • +
+

2.0 -> 2.0.1

  • Make PLAIN client authentication work against servers with broken 334 responses.
-

1.9.2 -> 2.0

+

1.9.2 -> 2.0

  • Improved IPv6 support, with IPv4 and IPv6 used independently at run-time (see --interface).
  • Server process is not blocked during --filter or --address-verifier execution, if multi-threaded.
    • @@ -44,7 +61,7 @@
  • C++ 2011 is preferred, and required for multi-threading.
  • Support for very old versions of Windows is dropped.
-

1.9.1 -> 1.9.2

+

1.9.1 -> 1.9.2

  • Fixed a leak in the event-loop garbage collection.
  • A local hostname that fails to resolve is not an error.
    • @@ -60,11 +77,11 @@
  • Qt4 or Qt5 selected by the configure script.
  • Improved the RPM spec file.
-

1.9 -> 1.9.1

+

1.9 -> 1.9.1

  • Updated OpenSSL from 1.0.1e to 1.0.1g in the Windows build.
-

1.8.2 -> 1.9

+

1.8.2 -> 1.9

  • Added negotiated TLS/SSL for POP (ie. STLS).
  • The first two fields in the secrets files are reordered (with backwards compatibility).
    • @@ -89,17 +106,17 @@
  • Added Windows --peer-lookup option.
  • Fix for MD5 code in 64-bit builds.
-

1.8.1 -> 1.8.2

+

1.8.1 -> 1.8.2

  • Fix namespaces for gcc 3.4.
-

1.8 -> 1.8.1

+

1.8 -> 1.8.1

  • Changed the definition of --as-proxy to use --poll 0 rather than --immediate [bug-id 1961652].
  • Fixed stalling bug when using server-side TLS/SSL (--server-tls) [bug-id 1961655].
  • Improved Debian packaging for Linux (make deb).
-

1.7 -> 1.8

+

1.7 -> 1.8

  • Speed optimisations (as identified by KCachegrind/valgrind in KDevelop).
  • Build-time size optimisations (eg. ./configure --disable-exec --enable-small-exceptions ...).
    • @@ -115,7 +132,7 @@
  • Improved native support for Mac OS X (10.5) with graphical installation from disk image.
  • Compatibility with gcc 2.95 restored.
-

1.6 -> 1.7

+

1.6 -> 1.7

  • TLS/SSL support for SMTP using OpenSSL (./configure --with-openssl with --client-tls and --server-tls).
  • Authentication mechanism PLAIN added.
    • @@ -123,7 +140,7 @@
  • Windows service wrapper has an --uninstall option.
  • Windows installation GUI uninstalls the service before reinstalling it.
-

1.5 -> 1.6

+

1.5 -> 1.6

  • GPLv3 licence (see http://gplv3.fsf.org).
  • New --prompt-timeout switch for the timeout when waiting for the initial 220 prompt from the SMTP server.
    • @@ -143,7 +160,7 @@
  • Experimental SpamAssassin spamc/spamd protocol support.
  • Acceptance tests added to the distribution.
-

1.4 -> 1.5

+

1.4 -> 1.5

  • New installation and configuration GUI using TrollTech Qt 4.x (./configure --enable-gui)
  • Default address verifier accepts all addresses as valid and never treats them as local mailboxes.
    • @@ -158,7 +175,7 @@
  • Documentation also created in docbook format (requires xmlto).
  • Windows installation document revised.
-

1.3.3 -> 1.4

+

1.3.3 -> 1.4

  • POP3 server (enable with --pop, disable at build-time with ./configure --disable-pop).
  • Fix for logging reentrancy bug (affects ./configure --enable-debug with --debug).
    • @@ -172,7 +189,7 @@
  • The --dont-listen switch is now --no-smtp.
  • Better IPv6 support (Linux only).
-

1.3.2 -> 1.3.3

+

1.3.2 -> 1.3.3

  • No bind() for outgoing connections [bug-id 1051689].
  • Updated rpm spec file [bug-id 1224850].
    • @@ -181,21 +198,21 @@
  • Documentation of auth switches corrected.
  • State-machine template type declaration modernised, possibly breaking older compilers.
-

1.3.1 -> 1.3.2

+

1.3.1 -> 1.3.2

  • Fix for core dump when --client-filter pre-processing fails.
  • Revised code structure to prepare for asynchronous pre-processing.
  • Better diagnostics when pre-processor exec() fails.
  • Better cleanup of empty and orphaned files.
-

1.3 -> 1.3.1

+

1.3 -> 1.3.1

  • Windows resource leak from CreateProcess() fixed.
  • Windows dialog box double-close fix.
  • Some documentation for the --scanner switch.
  • New usage patterns section in the user guide.
-

1.2 -> 1.3

+

1.2 -> 1.3

  • Client protocol waits for a greeting from the server on startup [bug-id 842156].
  • Fix for incorrect backslash normalisation on --verifier command-lines containing spaces [bug-id 890646].
    • @@ -208,7 +225,7 @@
  • New switches for the configure script.
  • More JavaScript example scripts.
-

1.1.2 -> 1.2

+

1.1.2 -> 1.2

  • The --filter and --verifier arguments interpreted as command-lines; spaces in executable paths now need escaping.
  • The --interface switch applies to outgoing connections too.
    • @@ -217,7 +234,7 @@
  • Fix for dangling reference bug, seen after quit command on Windows.
  • JavaScript examples in the documentation.
-

1.1.1 -> 1.1.2

+

1.1.1 -> 1.1.2

  • Earlier check for un-bindable ports on startup, and later fork()ing [bug-id 776972].
  • Resolved the file-descriptor kludge for --verifier on Windows.
    • @@ -226,7 +243,7 @@
  • Pre-processor (--filter) program's standard output searched for a failure reason string.
  • Undocumented --scanner switch added for asynchronous processing by a separate network server.
-

1.1.0 -> 1.1.1

+

1.1.0 -> 1.1.1

  • Restored the fix for building with gcc2.96.
  • Support for MinGW builds on Windows.
    • @@ -236,7 +253,7 @@
  • Fix for make install when man2html is not available.
  • Updated init script.
-

1.0.2 -> 1.1.0

+

1.0.2 -> 1.1.0

  • In proxy mode unexpected client-side disconnects and timeouts do not leave .bad files [see also bug-id 659039].
  • By default proxy mode does not interpret addresses for local delivery (--postmaster).
    • @@ -251,14 +268,14 @@
  • Support for Sun WorkShop 5.0 added.
  • Documentation overhaul.
-

1.0.0 -> 1.0.2

+

1.0.0 -> 1.0.2

  • Support for trusted IP addresses, allowing certain clients to avoid authentication.
  • Address verifier interface extended to include authentication information.
  • New public mail relay section added to the user guide.
  • Example verifier scripts etc. added to the reference guide.
-

1.0.0 -> 1.0.1

+

1.0.0 -> 1.0.1

  • In proxy mode unexpected client-side disconnects and timeouts result in .bad files [bug-id 659039].
  • Require successful AUTH before MAIL FROM when using --server-auth.
    • @@ -271,7 +288,7 @@
  • Fix build when using gcc2.96 rather than gcc2.95 (1.0.0-pl1).
  • Fix default spool directory in example scripts (1.0.0-pl1).
-

0.9.9 -> 1.0.0

+

0.9.9 -> 1.0.0

  • Briefer --help output; works with --verbose.
  • Option to listen on a specific network interface (--interface).
    • @@ -284,7 +301,7 @@
  • EHLO response parsing is now case-insensitive [bug-id 561522].
  • Fewer missing-secrets warnings [bug-id 564987].
-

0.9.8 -> 0.9.9

+

0.9.8 -> 0.9.9

  • More flexible logging options (--verbose and --debug work better).
  • File Hierarchy Standard (FHS) option for configure (--enable-fhs).
    • @@ -300,14 +317,14 @@
  • Submit utility works under Windows. [rc2]
  • Improved Windows project files. [rc2]
-

0.9.7 -> 0.9.8

+

0.9.7 -> 0.9.8

  • Fix for running pre-processor (--filter) as root.
  • Ignore bogus AUTH=LOGIN lines in EHLO response.
  • Submit utility improved to work with mutt.
  • Installation of submit man page.
-

0.9.6 -> 0.9.7

+

0.9.6 -> 0.9.7

  • CRAM-MD5 authentication mechanism added.
  • Revoke root permissions at start up, and reclaim them when needed.
    • @@ -323,7 +340,7 @@
  • Submission utility emailrelay-submit added.
  • HTML4.0 compliant HTML documentation, using CSS.
-

0.9.5 -> 0.9.6

+

0.9.5 -> 0.9.6

  • SMTP AUTHentication extension -- LOGIN mechanism only.
  • Client-side protocol timeout.
    • @@ -333,7 +350,7 @@
  • Multiple hard-coded listening addresses supported at compile-time.
  • Fix for automatic reopening of stderr stream.
-

0.9.4 -> 0.9.5

+

0.9.4 -> 0.9.5

Windows fixes and improvements...

@@ -343,14 +360,14 @@
  • fix for content file deletion
  • fix for directory iterator
    • -

    0.9.3 -> 0.9.4

    +

    0.9.3 -> 0.9.4

    • Fixed memory leak when no --log switch.
    • Windows build is more gui and less command-line.
    • Info command added to the administration interface.
    • Doxygen files removed from binary RPM.
    -

    0.9.2 -> 0.9.3

    +

    0.9.2 -> 0.9.3

    • Proxy mode (--immediate and --as-proxy).
    • Message pre-processing (--filter).
      • @@ -358,7 +375,7 @@
    • Improved notification script, with MIME encoding.
    • Builds with old 2.91 version of gcc.
    -

    0.9.1 -> 0.9.2

    +

    0.9.1 -> 0.9.2

    • Better autoconf detection.
    • Workround for FreeBSD uname() feature.
      • @@ -366,7 +383,7 @@
    • Fixed a benign directory iterator bug.
    • Use of gcc's exception header.
    -

    0.9 -> 0.9.1

    +

    0.9 -> 0.9.1

    • Improved documentation from doxygen.
    • More complete use of namespaces.
      • @@ -376,3 +393,4 @@
    + diff --git a/doc/changelog.md b/doc/changelog.md index 2e1640c..43990fc 100644 --- a/doc/changelog.md +++ b/doc/changelog.md @@ -1,6 +1,24 @@ E-MailRelay Change Log ====================== +2.0.1 -> 2.1 +------------ + +* Backwards compatibility features for 1.9-to-2.0 transition removed. +* Better handling of too-many-connections on Windows. +* New `--idle-timeout` option for server-side connections. +* Support for [RFC-5782][] [DNSBL][] blocking (`--dnsbl`). +* Filter scripts are given the path of the envelope file in argv2. +* Message files can be editied by `--client-filter` scripts. +* Better support for CRAM-SHAx authentication. +* New `--client-auth-config` and `--server-auth-config` options. +* New `--show` option on windows to better control the user interface style. +* The `--pop` option always requires `--pop-auth`. +* No message is spooled if all its envelope recipients are local-mailboxes. +* [TLS][] cipher name added to `Received` line as per [RFC-8314][] 4.3. +* Certificate contents are not logged. +* Timestamp parts of spool filenames no longer limited to six digits. + 2.0 -> 2.0.1 ------------ @@ -11,7 +29,7 @@ E-MailRelay Change Log * Improved IPv6 support, with IPv4 and IPv6 used independently at run-time (see `--interface`). * Server process is not blocked during `--filter` or `--address-verifier` execution, if multi-threaded. -* Support for the `mbedTLS` [TLS][] library as an alternative to OpenSSL (`configure --with-mbedtls`). +* Support for the `mbedTLS` TLS library as an alternative to OpenSSL (`configure --with-mbedtls`). * TLS server certificates specified with new `--server-tls-certificate` option, not `--server-tls`. * TLS servers enable client certificate verification with `--server-tls-verify`, not `--tls-config`. * TLS clients can verify server certificates with `--client-tls-verify` and `--client-tls-verify-name`. @@ -46,7 +64,7 @@ E-MailRelay Change Log * A warning is emitted if there is more than one client authentication secret. * Multiple `--interface` options are allowed separately on the command-line. * Added a new `--client-interface` option. -* The `Received` line is formatted as per RFC-3848 (`with ESMTPSA`). +* The `Received` line is formatted as per [RFC-3848][] (`with ESMTPSA`). * The LOGIN and PLAIN mechanisms in the secrets file are now equivalent. * The Windows service wrapper can use a configuration file to locate the startup batch file. * Simplified the implementation of the GUI installation program. @@ -395,9 +413,13 @@ Windows fixes and improvements... * Experimental compile-time support for IPv6. +[DNSBL]: https://en.wikipedia.org/wiki/DNSBL [FHS]: https://wiki.linuxfoundation.org/lsb/fhs [PAM]: https://en.wikipedia.org/wiki/Linux_PAM [POP]: https://en.wikipedia.org/wiki/Post_Office_Protocol +[RFC-3848]: https://tools.ietf.org/html/rfc3848 +[RFC-5782]: https://tools.ietf.org/html/rfc5782 +[RFC-8314]: https://tools.ietf.org/html/rfc8314 [SMTP]: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol [SOCKS]: https://en.wikipedia.org/wiki/SOCKS [TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security diff --git a/doc/changelog.rst b/doc/changelog.rst index 48614c9..503ad28 100644 --- a/doc/changelog.rst +++ b/doc/changelog.rst @@ -2,6 +2,24 @@ E-MailRelay Change Log ********************** +2.0.1 -> 2.1 +============ + +* Backwards compatibility features for 1.9-to-2.0 transition removed. +* Better handling of too-many-connections on Windows. +* New *--idle-timeout* option for server-side connections. +* Support for RFC-5782_ DNSBL_ blocking (\ *--dnsbl*\ ). +* Filter scripts are given the path of the envelope file in argv2. +* Message files can be editied by *--client-filter* scripts. +* Better support for CRAM-SHAx authentication. +* New *--client-auth-config* and *--server-auth-config* options. +* New *--show* option on windows to better control the user interface style. +* The *--pop* option always requires *--pop-auth*. +* No message is spooled if all its envelope recipients are local-mailboxes. +* TLS_ cipher name added to *Received* line as per RFC-8314_ 4.3. +* Certificate contents are not logged. +* Timestamp parts of spool filenames no longer limited to six digits. + 2.0 -> 2.0.1 ============ @@ -12,7 +30,7 @@ E-MailRelay Change Log * Improved IPv6 support, with IPv4 and IPv6 used independently at run-time (see *--interface*). * Server process is not blocked during *--filter* or *--address-verifier* execution, if multi-threaded. -* Support for the *mbedTLS* TLS_ library as an alternative to OpenSSL (\ *configure --with-mbedtls*\ ). +* Support for the *mbedTLS* TLS library as an alternative to OpenSSL (\ *configure --with-mbedtls*\ ). * TLS server certificates specified with new *--server-tls-certificate* option, not *--server-tls*. * TLS servers enable client certificate verification with *--server-tls-verify*, not *--tls-config*. * TLS clients can verify server certificates with *--client-tls-verify* and *--client-tls-verify-name*. @@ -47,7 +65,7 @@ E-MailRelay Change Log * A warning is emitted if there is more than one client authentication secret. * Multiple *--interface* options are allowed separately on the command-line. * Added a new *--client-interface* option. -* The *Received* line is formatted as per RFC-3848 (\ *with ESMTPSA*\ ). +* The *Received* line is formatted as per RFC-3848_ (\ *with ESMTPSA*\ ). * The LOGIN and PLAIN mechanisms in the secrets file are now equivalent. * The Windows service wrapper can use a configuration file to locate the startup batch file. * Simplified the implementation of the GUI installation program. @@ -396,9 +414,13 @@ Windows fixes and improvements... * Experimental compile-time support for IPv6. +.. _DNSBL: https://en.wikipedia.org/wiki/DNSBL .. _FHS: https://wiki.linuxfoundation.org/lsb/fhs .. _PAM: https://en.wikipedia.org/wiki/Linux_PAM .. _POP: https://en.wikipedia.org/wiki/Post_Office_Protocol +.. _RFC-3848: https://tools.ietf.org/html/rfc3848 +.. _RFC-5782: https://tools.ietf.org/html/rfc5782 +.. _RFC-8314: https://tools.ietf.org/html/rfc8314 .. _SMTP: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol .. _SOCKS: https://en.wikipedia.org/wiki/SOCKS .. _TLS: https://en.wikipedia.org/wiki/Transport_Layer_Security diff --git a/doc/changelog.txt b/doc/changelog.txt index f0321cd..9090e66 100644 --- a/doc/changelog.txt +++ b/doc/changelog.txt @@ -1,6 +1,23 @@ E-MailRelay Change Log ====================== +2.0.1 -> 2.1 +------------ +* Backwards compatibility features for 1.9-to-2.0 transition removed. +* Better handling of too-many-connections on Windows. +* New "--idle-timeout" option for server-side connections. +* Support for RFC-5782 DNSBL blocking ("--dnsbl"). +* Filter scripts are given the path of the envelope file in argv2. +* Message files can be editied by "--client-filter" scripts. +* Better support for CRAM-SHAx authentication. +* New "--client-auth-config" and "--server-auth-config" options. +* New "--show" option on windows to better control the user interface style. +* The "--pop" option always requires "--pop-auth". +* No message is spooled if all its envelope recipients are local-mailboxes. +* TLS cipher name added to "Received" line as per RFC-8314 4.3. +* Certificate contents are not logged. +* Timestamp parts of spool filenames no longer limited to six digits. + 2.0 -> 2.0.1 ------------ * Make PLAIN client authentication work against servers with broken 334 responses. diff --git a/doc/conf.py b/doc/conf.py.sphinx similarity index 89% rename from doc/conf.py rename to doc/conf.py.sphinx index b4c90fa..d428fef 100644 --- a/doc/conf.py +++ b/doc/conf.py.sphinx @@ -7,10 +7,10 @@ templates_path = ['_templates'] source_suffix = '.rst' master_doc = 'index' project = u'E-MailRelay' -copyright = u'2018, Graeme Walker' +copyright = u'2019, Graeme Walker' author = u'Graeme Walker' -version = u'2.0' -release = u'2.0' +version = u'2.1' +release = u'2.1' language = None today_fmt = '%Y-%m-%d' exclude_patterns = [] diff --git a/doc/developer.html b/doc/developer.html index 6b82674..2908e16 100644 --- a/doc/developer.html +++ b/doc/developer.html @@ -1,4 +1,4 @@ - + E-MailRelay Developer Guide @@ -23,7 +23,7 @@

    E-MailRelay started life at a time when Linux had no decent package manager and Windows was in the grip of DLL hell. As a result, a key principle is that it - has no dependencies other than a decent C++ runtime. Since that time OpenSSL + has no dependencies other than a good C++ runtime. Since that time OpenSSL has been introduced as a dependency to support TLS encryption, and the optional configuration and installation GUI has been developed using the Qt toolkit.

    @@ -39,20 +39,20 @@

    - The header files gdef.h in src/glib is used to fix up some compiler + The header files gdef.h in src/glib is used to fix up some compiler portability issues such as missing standard types, non-standard system headers - etc. Conditional compilation directives (#ifdef etc.) are largely confined + etc. Conditional compilation directives (#ifdef etc.) are largely confined this file in order to improve readability.

    Windows/Unix portability is generally addressed by providing a common class declaration with two implementations. The implementations are put into separate - source files with a _unix or _win32 suffix, and if necessary a 'pimple' (or + source files with a _unix or _win32 suffix, and if necessary a 'pimple' (or 'Bridge') pattern is used to keep the o/s-specific details out of the header. If only small parts of the implementation are o/s-specific then there can be - three source files per header. For example, gsocket.cpp, gsocket_win32.cpp - and gsocket_unix.cpp in the src/gnet directory. + three source files per header. For example, gsocket.cpp, gsocket_win32.cpp + and gsocket_unix.cpp in the src/gnet directory.

    @@ -65,7 +65,7 @@ This event model means that the server can handle multiple network connections simultaneously from a single thread, and even if multi-threading is disabled at build-time the only blocking occurs when external programs are executed (see - --filter and --address-verifier). + --filter and --address-verifier).

    @@ -77,7 +77,7 @@

    The advantages of a non-blocking event model are discussed in the well-known - C10K Problem document. + C10K Problem document.

    @@ -87,34 +87,44 @@ supporting signal multicasting, so each signal connects to no more than one slot.

    + +

    + The synchronous slot/signal pattern needs some care when when the signalling + object gets destructed as a side-effect of raising a signal, and that situation + can be non-obvious precisely because of the slot/signal code decoupling. In + most cases signals are emitted at the end of a function and the stack unwinds + back to the event loop immediately afterwards, but in other situations, + particularly when emitting more than one signal, defensive measures are + required. +

    Module structure

    The main C++ libraries in the E-MailRelay code base are as follows:

    -
    glib
    +
    glib
    Low-level classes for file-system abstraction, date and time representation, string utility functions, logging, command line parsing etc.
    -
    gssl
    +
    gssl
    A thin layer over the third-party TLS libraries.
    -
    gnet
    +
    gnet
    Network and event-loop classes.
    -
    gauth
    +
    gauth
    Implements various authentication mechanisms.
    -
    gsmtp
    +
    gsmtp
    SMTP protocol and message-store classes.
    -
    gpop
    +
    gpop
    POP3 protocol classes.
    @@ -124,45 +134,46 @@

    - Under Windows there is an additional library win32 for the user interface. + Under Windows there is an additional library under src/win32 for the user + interface implemented using the Microsoft Win32 API.

    SMTP class structure

    - The message-store functionality uses three abstract interfaces: MessageStore, - NewMessage and StoredMessage. The NewMessage interface is used to create - messages within the store, and the StoredMessage interface is used for + The message-store functionality uses three abstract interfaces: MessageStore, + NewMessage and StoredMessage. The NewMessage interface is used to create + messages within the store, and the StoredMessage interface is used for reading and extracting messages from the store. The concrete implementation - classes based on these interfaces are respectively FileStore, NewFile and - StoredFile. + classes based on these interfaces are respectively FileStore, NewFile and + StoredFile.

    - Protocol classes such as GSmtp::ServerProtocol receive network and timer - events from their container and use an abstract Sender interface to send + Protocol classes such as GSmtp::ServerProtocol receive network and timer + events from their container and use an abstract Sender interface to send network data. This means that the protocols can be independent of the network and event loop framework.

    The interaction between the SMTP server protocol class and the message store is - mediated by the ProtocolMessage interface. Two main implementations of this - interface are available: one for normal spooling (ProtocolMessageStore), and - another for immediate forwarding (ProtocolMessageForward). The Decorator + mediated by the ProtocolMessage interface. Two main implementations of this + interface are available: one for normal spooling (ProtocolMessageStore), and + another for immediate forwarding (ProtocolMessageForward). The Decorator pattern is used whereby the forwarding class uses an instance of the storage class to do the message storing and filtering, while adding in an instance - of the GSmtp::Client class to do the forwarding. + of the GSmtp::Client class to do the forwarding.

    - Message filtering (--filter) is implemented via an abstract Filter + Message filtering (--filter) is implemented via an abstract Filter interface. Concrete implementations are provided for doing nothing, running an external executable program and talking to an external network server.

    The protocol, processor and message-store interfaces are brought together by the - high-level GSmtp::Server and GSmtp::Client classes. Dependency injection is - used to create the concrete instances of the ProtocolMessage and Filter + high-level GSmtp::Server and GSmtp::Client classes. Dependency injection is + used to create the concrete instances of the ProtocolMessage and Filter interfaces.

    Event handling and exceptions

    @@ -176,60 +187,52 @@

    - The event loop delivers asynchronous socket events to the EventHandler - interface, timer events to the TimerBase interface, and 'future' events to the - FutureEventCallback interface. If any of the these event handlers throws an - exception then the event loop will catch it and deliver it back to an exception - handler through the onException() method of an associated ExceptionHandler + The event loop delivers asynchronous socket events to the EventHandler + interface, timer events to the TimerBase interface, and 'future' events to the + FutureEventCallback interface. If any of the these event handlers throws an + exception then the event loop catches it and delivers it back to an exception + handler through the onException() method of an associated ExceptionHandler interface. If an exception is thrown out of _this_ callback then the event loop - code lets it propagate back to main(), typically terminating the program. + code lets it propagate back to main(), typically terminating the program.

    - Every pointer to an event callback interface is associated with an - ExceptionHandler. The default ExceptionHandler is the EventLoop - singleton, and a call to its onException() method terminates the event loop. + However, sometimes there are objects that need to be more resilient to + exceptions. In particular, a network server should not terminate just because + one of its connections fails unexpectedly. In these cases the owning parent + object receives the exception notification together with a pointer that + identifies the child object that threw the exception (ie. the exception + source). This allows the parent object to absorb the exception and delete the + child, without the exception killing the whole server.

    - This leads to a programming model where key objects are instantiated on the - heap and these objects delete themselves when they receive certain events from - the event loop. In the GNet library it is the ServerPeer and HeapClient - classes that do this lifetime management; instances of these classes delete - themselves when the associated network connection goes away and they - implement the ExceptionHandler interface so that they schedule their own - deletion when an exception is thrown. -

    - -

    - Special smart pointers are sometimes used for these self-deleting classes; the - smart pointer does not delete the contained object when it is reset, it just - tells the object to delete itself with a zero-length timer and then releases it - for garbage collection. + The combination of an exception handler and the optional exception source + pointer bound to it is known as an ExceptionSink.

    Multi-threading

    Multi-threading can be used as a build-time option to make DNS lookup and the execution of helper programs asynchronous; if std::thread is available then it - is used in a future/promise pattern to wrap up getaddrinfo() and waitpid() + is used in a future/promise pattern to wrap up getaddrinfo() and waitpid() system calls. The shared state comprises only the parameters and return results from these system calls, and synchronisation back to the main thread uses the - event loop (see GNet::FutureEvent). + event loop (see GNet::FutureEvent).

    E-MailRelay GUI

    - The optional GUI program emailrelay-gui uses the Qt toolkit for its user + The optional GUI program emailrelay-gui uses the Qt toolkit for its user interface components. The GUI can run as an installer or as a configuration - helper, depending on whether it can find an installation payload. Refer to - the comments in src/gui/guimain.cpp for more details. + helper, depending on whether it can find an installation payload. Refer to + the comments in src/gui/guimain.cpp for more details.

    The user interface runs as a stack of dialog-box pages with forward and back buttons at the bottom. Once the stack has been completed by the user then each page is asked to dump out its state as a set of key-value pairs (see - src/gui/pages.cpp). These key-value pairs are processed by an installer class - into a list of action objects (in the Command design pattern) and then the + src/gui/pages.cpp). These key-value pairs are processed by an installer class + into a list of action objects (in the Command design pattern) and then the action objects are run in turn. In order to display the progress of the installation each action object is run within a timer callback so that the Qt framework gets a chance to update the display between each one. @@ -243,8 +246,8 @@

    When run in configure mode the GUI normally ends up simply editing the - emailrelay.conf file (or emailrelay-start.bat on Windows) and/or the - emailrelay.auth secrets file. + emailrelay.conf file (or emailrelay-start.bat on Windows) and/or the + emailrelay.auth secrets file.

    @@ -257,29 +260,29 @@

    Windows packaging

    On Windows E-MailRelay is packaged as a zip file containing the executables - (including the emailrelay GUI as emailrelay-setup.exe), documentation, and a - payload directory tree. The payload contains many of the same files all over + (including the emailrelay GUI as emailrelay-setup.exe), documentation, and a + payload directory tree. The payload contains many of the same files all over again, and while this duplication is not ideal it is at least straightforward.

    - The Qt tool windeployqt is used to add run-time dependencies, such as the + The Qt tool windeployqt is used to add run-time dependencies, such as the Qt DLLs.

    Unix packaging

    On Unix-like operating systems it is more natural to use some sort of package - derived from the make install process rather than an installer program, so + derived from the make install process rather than an installer program, so the emailrelay GUI is not normally used.

    - Top-level makefile targets dist, deb and rpm can be used to create a + Top-level makefile targets dist, deb and rpm can be used to create a binary tarball, a debian package, and an RPM package respectively.

    Source control

    - The source code is stored in the SourceForge svn repository. A working + The source code is stored in the SourceForge svn repository. A working copy can be checked out as follows:

    @@ -288,29 +291,29 @@

    Compile-time features

    - Compile-time features can be selected with options passed to the configure + Compile-time features can be selected with options passed to the configure script. These include the following:

      -
    • Debug-level logging (--enable-debug)
      • -
    • Configuration GUI (--enable-gui)
      • -
    • PAM support (--with-pam)
      • +
    • Debug-level logging (--enable-debug)
      • +
    • Configuration GUI (--enable-gui)
      • +
    • PAM support (--with-pam)

    - Use ./configure --help to see a complete list of options and refer to - acinclude.m4 for more detailed comments. + Use ./configure --help to see a complete list of options and refer to + acinclude.m4 for more detailed comments.

    - Copyright (C) 2001-2018 Graeme Walker + Copyright (C) 2001-2019 Graeme Walker

    - + diff --git a/doc/developer.md b/doc/developer.md index 9ef7c9e..a277138 100644 --- a/doc/developer.md +++ b/doc/developer.md @@ -14,7 +14,7 @@ Dependencies ------------ E-MailRelay started life at a time when Linux had no decent package manager and Windows was in the grip of DLL hell. As a result, a key principle is that it -has no dependencies other than a decent C++ runtime. Since that time OpenSSL +has no dependencies other than a good C++ runtime. Since that time OpenSSL has been introduced as a dependency to support [TLS][] encryption, and the optional configuration and installation GUI has been developed using the Qt toolkit. @@ -64,6 +64,14 @@ slot/signal implementation has been simplified compared to Qt or boost by not supporting signal multicasting, so each signal connects to no more than one slot. +The synchronous slot/signal pattern needs some care when when the signalling +object gets destructed as a side-effect of raising a signal, and that situation +can be non-obvious precisely because of the slot/signal code decoupling. In +most cases signals are emitted at the end of a function and the stack unwinds +back to the event loop immediately afterwards, but in other situations, +particularly when emitting more than one signal, defensive measures are +required. + Module structure ---------------- The main C++ libraries in the E-MailRelay code base are as follows: @@ -95,7 +103,8 @@ The main C++ libraries in the E-MailRelay code base are as follows: All of these libraries are portable between Unix-like systems and Windows. -Under Windows there is an additional library `win32` for the user interface. +Under Windows there is an additional library under `src/win32` for the user +interface implemented using the Microsoft Win32 API. SMTP class structure -------------------- @@ -140,27 +149,21 @@ high-level feature. The event loop delivers asynchronous socket events to the `EventHandler` interface, timer events to the `TimerBase` interface, and 'future' events to the `FutureEventCallback` interface. If any of the these event handlers throws an -exception then the event loop will catch it and deliver it back to an exception +exception then the event loop catches it and delivers it back to an exception handler through the `onException()` method of an associated `ExceptionHandler` interface. If an exception is thrown out of _this_ callback then the event loop code lets it propagate back to `main()`, typically terminating the program. -Every pointer to an event callback interface is associated with an -`ExceptionHandler`. The default `ExceptionHandler` is the `EventLoop` -singleton, and a call to its `onException()` method terminates the event loop. +However, sometimes there are objects that need to be more resilient to +exceptions. In particular, a network server should not terminate just because +one of its connections fails unexpectedly. In these cases the owning parent +object receives the exception notification together with a pointer that +identifies the child object that threw the exception (ie. the exception +source). This allows the parent object to absorb the exception and delete the +child, without the exception killing the whole server. -This leads to a programming model where key objects are instantiated on the -heap and these objects delete themselves when they receive certain events from -the event loop. In the `GNet` library it is the `ServerPeer` and `HeapClient` -classes that do this lifetime management; instances of these classes delete -themselves when the associated network connection goes away and they -implement the `ExceptionHandler` interface so that they schedule their own -deletion when an exception is thrown. - -Special smart pointers are sometimes used for these self-deleting classes; the -smart pointer does not delete the contained object when it is reset, it just -tells the object to delete itself with a zero-length timer and then releases it -for garbage collection. +The combination of an exception handler and the optional exception source +pointer bound to it is known as an `ExceptionSink`. Multi-threading --------------- @@ -247,4 +250,4 @@ Use `./configure --help` to see a complete list of options and refer to [TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security _____________________________________ -Copyright (C) 2001-2018 Graeme Walker +Copyright (C) 2001-2019 Graeme Walker diff --git a/doc/developer.rst b/doc/developer.rst index 535281c..0b06295 100644 --- a/doc/developer.rst +++ b/doc/developer.rst @@ -15,7 +15,7 @@ Dependencies ============ E-MailRelay started life at a time when Linux had no decent package manager and Windows was in the grip of DLL hell. As a result, a key principle is that it -has no dependencies other than a decent C++ runtime. Since that time OpenSSL +has no dependencies other than a good C++ runtime. Since that time OpenSSL has been introduced as a dependency to support TLS_ encryption, and the optional configuration and installation GUI has been developed using the Qt toolkit. @@ -65,6 +65,14 @@ slot/signal implementation has been simplified compared to Qt or boost by not supporting signal multicasting, so each signal connects to no more than one slot. +The synchronous slot/signal pattern needs some care when when the signalling +object gets destructed as a side-effect of raising a signal, and that situation +can be non-obvious precisely because of the slot/signal code decoupling. In +most cases signals are emitted at the end of a function and the stack unwinds +back to the event loop immediately afterwards, but in other situations, +particularly when emitting more than one signal, defensive measures are +required. + Module structure ================ The main C++ libraries in the E-MailRelay code base are as follows: @@ -96,7 +104,8 @@ The main C++ libraries in the E-MailRelay code base are as follows: All of these libraries are portable between Unix-like systems and Windows. -Under Windows there is an additional library *win32* for the user interface. +Under Windows there is an additional library under *src/win32* for the user +interface implemented using the Microsoft Win32 API. SMTP class structure ==================== @@ -141,27 +150,21 @@ high-level feature. The event loop delivers asynchronous socket events to the *EventHandler* interface, timer events to the *TimerBase* interface, and 'future' events to the *FutureEventCallback* interface. If any of the these event handlers throws an -exception then the event loop will catch it and deliver it back to an exception +exception then the event loop catches it and delivers it back to an exception handler through the *onException()* method of an associated *ExceptionHandler* interface. If an exception is thrown out of _this_ callback then the event loop code lets it propagate back to *main()*, typically terminating the program. -Every pointer to an event callback interface is associated with an -\ *ExceptionHandler*\ . The default *ExceptionHandler* is the *EventLoop* -singleton, and a call to its *onException()* method terminates the event loop. +However, sometimes there are objects that need to be more resilient to +exceptions. In particular, a network server should not terminate just because +one of its connections fails unexpectedly. In these cases the owning parent +object receives the exception notification together with a pointer that +identifies the child object that threw the exception (ie. the exception +source). This allows the parent object to absorb the exception and delete the +child, without the exception killing the whole server. -This leads to a programming model where key objects are instantiated on the -heap and these objects delete themselves when they receive certain events from -the event loop. In the *GNet* library it is the *ServerPeer* and *HeapClient* -classes that do this lifetime management; instances of these classes delete -themselves when the associated network connection goes away and they -implement the *ExceptionHandler* interface so that they schedule their own -deletion when an exception is thrown. - -Special smart pointers are sometimes used for these self-deleting classes; the -smart pointer does not delete the contained object when it is reset, it just -tells the object to delete itself with a zero-length timer and then releases it -for garbage collection. +The combination of an exception handler and the optional exception source +pointer bound to it is known as an *ExceptionSink*. Multi-threading =============== @@ -250,4 +253,4 @@ Use *./configure --help* to see a complete list of options and refer to .. _SMTP: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol .. _TLS: https://en.wikipedia.org/wiki/Transport_Layer_Security -.. footer:: Copyright (C) 2001-2018 Graeme Walker +.. footer:: Copyright (C) 2001-2019 Graeme Walker diff --git a/doc/developer.txt b/doc/developer.txt index 6f9f3d1..2fed58b 100644 --- a/doc/developer.txt +++ b/doc/developer.txt @@ -13,7 +13,7 @@ Dependencies ------------ E-MailRelay started life at a time when Linux had no decent package manager and Windows was in the grip of DLL hell. As a result, a key principle is that it -has no dependencies other than a decent C++ runtime. Since that time OpenSSL +has no dependencies other than a good C++ runtime. Since that time OpenSSL has been introduced as a dependency to support TLS encryption, and the optional configuration and installation GUI has been developed using the Qt toolkit. @@ -63,6 +63,14 @@ slot/signal implementation has been simplified compared to Qt or boost by not supporting signal multicasting, so each signal connects to no more than one slot. +The synchronous slot/signal pattern needs some care when when the signalling +object gets destructed as a side-effect of raising a signal, and that situation +can be non-obvious precisely because of the slot/signal code decoupling. In +most cases signals are emitted at the end of a function and the stack unwinds +back to the event loop immediately afterwards, but in other situations, +particularly when emitting more than one signal, defensive measures are +required. + Module structure ---------------- The main C++ libraries in the E-MailRelay code base are as follows: @@ -88,7 +96,8 @@ The main C++ libraries in the E-MailRelay code base are as follows: All of these libraries are portable between Unix-like systems and Windows. -Under Windows there is an additional library "win32" for the user interface. +Under Windows there is an additional library under "src/win32" for the user +interface implemented using the Microsoft Win32 API. SMTP class structure -------------------- @@ -133,27 +142,21 @@ high-level feature. The event loop delivers asynchronous socket events to the "EventHandler" interface, timer events to the "TimerBase" interface, and 'future' events to the "FutureEventCallback" interface. If any of the these event handlers throws an -exception then the event loop will catch it and deliver it back to an exception +exception then the event loop catches it and delivers it back to an exception handler through the "onException()" method of an associated "ExceptionHandler" interface. If an exception is thrown out of _this_ callback then the event loop code lets it propagate back to "main()", typically terminating the program. -Every pointer to an event callback interface is associated with an -"ExceptionHandler". The default "ExceptionHandler" is the "EventLoop" -singleton, and a call to its "onException()" method terminates the event loop. +However, sometimes there are objects that need to be more resilient to +exceptions. In particular, a network server should not terminate just because +one of its connections fails unexpectedly. In these cases the owning parent +object receives the exception notification together with a pointer that +identifies the child object that threw the exception (ie. the exception +source). This allows the parent object to absorb the exception and delete the +child, without the exception killing the whole server. -This leads to a programming model where key objects are instantiated on the -heap and these objects delete themselves when they receive certain events from -the event loop. In the "GNet" library it is the "ServerPeer" and "HeapClient" -classes that do this lifetime management; instances of these classes delete -themselves when the associated network connection goes away and they -implement the "ExceptionHandler" interface so that they schedule their own -deletion when an exception is thrown. - -Special smart pointers are sometimes used for these self-deleting classes; the -smart pointer does not delete the contained object when it is reset, it just -tells the object to delete itself with a zero-length timer and then releases it -for garbage collection. +The combination of an exception handler and the optional exception source +pointer bound to it is known as an "ExceptionSink". Multi-threading --------------- @@ -235,4 +238,4 @@ Use "./configure --help" to see a complete list of options and refer to _____________________________________ -Copyright (C) 2001-2018 Graeme Walker +Copyright (C) 2001-2019 Graeme Walker diff --git a/doc/doxygen-missing.html b/doc/doxygen-missing.html index 9381bf5..7041b78 100644 --- a/doc/doxygen-missing.html +++ b/doc/doxygen-missing.html @@ -11,4 +11,4 @@ - + diff --git a/doc/doxygen.cfg.in b/doc/doxygen.cfg.in index 7633c14..1a72b5c 100644 --- a/doc/doxygen.cfg.in +++ b/doc/doxygen.cfg.in @@ -1,4 +1,4 @@ -# Doxyfile 1.8.14 +# Doxyfile 1.8.15 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. @@ -17,10 +17,10 @@ # Project related configuration options #--------------------------------------------------------------------------- -# This tag specifies the encoding used for all characters in the config file -# that follow. The default is UTF-8 which is also the encoding used for all text -# before the first occurrence of this tag. Doxygen uses libiconv (or the iconv -# built into libc) for the transcoding. See +# This tag specifies the encoding used for all characters in the configuration +# file that follow. The default is UTF-8 which is also the encoding used for all +# text before the first occurrence of this tag. Doxygen uses libiconv (or the +# iconv built into libc) for the transcoding. See # https://www.gnu.org/software/libiconv/ for the list of possible encodings. # The default value is: UTF-8. @@ -93,6 +93,14 @@ ALLOW_UNICODE_NAMES = NO OUTPUT_LANGUAGE = English +# The OUTPUT_TEXT_DIRECTION tag is used to specify the direction in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all generated output in the proper direction. +# Possible values are: None, LTR, RTL and Context. +# The default value is: None. + +OUTPUT_TEXT_DIRECTION = None + # If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member # descriptions after the members that are listed in the file and class # documentation (similar to Javadoc). Set to NO to disable this. @@ -238,6 +246,10 @@ TAB_SIZE = 4 # "Side Effects:". You can put \n's in the value part of an alias to insert # newlines (in the resulting output). You can put ^^ in the value part of an # alias to insert a newline as if a physical newline was in the original file. +# When you need a literal { or } or , in the value part of an alias you have to +# escape them by means of a backslash (\), this can lead to conflicts with the +# commands \{ and \} for these it is advised to use the version @{ and @} or use +# a double escape (\\{ and \\}) ALIASES = @@ -275,17 +287,26 @@ OPTIMIZE_FOR_FORTRAN = NO OPTIMIZE_OUTPUT_VHDL = NO +# Set the OPTIMIZE_OUTPUT_SLICE tag to YES if your project consists of Slice +# sources only. Doxygen will then generate output that is more tailored for that +# language. For instance, namespaces will be presented as modules, types will be +# separated into more groups, etc. +# The default value is: NO. + +OPTIMIZE_OUTPUT_SLICE = NO + # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, and # language is one of the parsers supported by doxygen: IDL, Java, Javascript, -# C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran: -# FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran: -# Fortran. In the later case the parser tries to guess whether the code is fixed -# or free formatted code, this is the default for Fortran type files), VHDL. For -# instance to make doxygen treat .inc files as Fortran files (default is PHP), -# and .f files as C (default is Fortran), use: inc=Fortran f=C. +# Csharp (C#), C, C++, D, PHP, md (Markdown), Objective-C, Python, Slice, +# Fortran (fixed format Fortran: FortranFixed, free formatted Fortran: +# FortranFree, unknown formatted Fortran: Fortran. In the later case the parser +# tries to guess whether the code is fixed or free formatted code, this is the +# default for Fortran type files), VHDL, tcl. For instance to make doxygen treat +# .inc files as Fortran files (default is PHP), and .f files as C (default is +# Fortran), use: inc=Fortran f=C. # # Note: For files without extension you can use no_extension as a placeholder. # @@ -296,7 +317,7 @@ EXTENSION_MAPPING = # If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments # according to the Markdown format, which allows for more readable -# documentation. See http://daringfireball.net/projects/markdown/ for details. +# documentation. See https://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you can # mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in # case of backward compatibilities issues. @@ -754,7 +775,8 @@ WARN_IF_DOC_ERROR = YES # This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that # are documented, but have no documentation for their parameters or return # value. If set to NO, doxygen will only warn about wrong or incomplete -# parameter documentation, but not about the absence of documentation. +# parameter documentation, but not about the absence of documentation. If +# EXTRACT_ALL is set to YES then this flag will automatically be disabled. # The default value is: NO. WARN_NO_PARAMDOC = NO @@ -814,7 +836,7 @@ INPUT_ENCODING = UTF-8 # *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, # *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, # *.m, *.markdown, *.md, *.mm, *.dox, *.py, *.pyw, *.f90, *.f95, *.f03, *.f08, -# *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf and *.qsf. +# *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf, *.qsf and *.ice. FILE_PATTERNS = *.c \ *.cc \ @@ -859,7 +881,8 @@ FILE_PATTERNS = *.c \ *.vhd \ *.vhdl \ *.ucf \ - *.qsf + *.qsf \ + *.ice # The RECURSIVE tag can be used to specify whether or not subdirectories should # be searched for input files as well. @@ -1012,7 +1035,7 @@ INLINE_SOURCES = NO STRIP_CODE_COMMENTS = NO # If the REFERENCED_BY_RELATION tag is set to YES then for each documented -# function all documented functions referencing it will be listed. +# entity all documented functions referencing it will be listed. # The default value is: NO. REFERENCED_BY_RELATION = NO @@ -1049,7 +1072,7 @@ SOURCE_TOOLTIPS = YES # # To use it do the following: # - Install the latest version of global -# - Enable SOURCE_BROWSER and USE_HTAGS in the config file +# - Enable SOURCE_BROWSER and USE_HTAGS in the configuration file # - Make sure the INPUT points to the root of the source tree # - Run doxygen as normal # @@ -1104,7 +1127,7 @@ IGNORE_PREFIX = # If the GENERATE_HTML tag is set to YES, doxygen will generate HTML output # The default value is: YES. -GENERATE_HTML = YES +GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of @@ -1259,13 +1282,13 @@ HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files will be # generated that can be used as input for Apple's Xcode 3 integrated development -# environment (see: https://developer.apple.com/tools/xcode/), introduced with -# OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a +# environment (see: https://developer.apple.com/xcode/), introduced with OSX +# 10.5 (Leopard). To create a documentation set, doxygen will generate a # Makefile in the HTML output directory. Running make will produce the docset in # that directory and running make install will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at -# startup. See https://developer.apple.com/tools/creatingdocsetswithdoxygen.html -# for more information. +# startup. See https://developer.apple.com/library/archive/featuredarticles/Doxy +# genXcode/_index.html for more information. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. @@ -1304,7 +1327,7 @@ DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three # additional HTML index files: index.hhp, index.hhc, and index.hhk. The # index.hhp is a project file that can be read by Microsoft's HTML Help Workshop -# (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on +# (see: https://www.microsoft.com/en-us/download/details.aspx?id=21138) on # Windows. # # The HTML Help Workshop contains a compiler that can convert all HTML output @@ -1380,7 +1403,7 @@ QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help # Project output. For more information please see Qt Help Project / Namespace -# (see: http://doc.qt.io/qt-4.8/qthelpproject.html#namespace). +# (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#namespace). # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_QHP is set to YES. @@ -1388,7 +1411,8 @@ QHP_NAMESPACE = org.doxygen.Project # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt # Help Project output. For more information please see Qt Help Project / Virtual -# Folders (see: http://doc.qt.io/qt-4.8/qthelpproject.html#virtual-folders). +# Folders (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#virtual- +# folders). # The default value is: doc. # This tag requires that the tag GENERATE_QHP is set to YES. @@ -1396,21 +1420,23 @@ QHP_VIRTUAL_FOLDER = doc # If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom # filter to add. For more information please see Qt Help Project / Custom -# Filters (see: http://doc.qt.io/qt-4.8/qthelpproject.html#custom-filters). +# Filters (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom- +# filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_NAME = # The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see Qt Help Project / Custom -# Filters (see: http://doc.qt.io/qt-4.8/qthelpproject.html#custom-filters). +# Filters (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom- +# filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's filter section matches. Qt Help Project / Filter Attributes (see: -# http://doc.qt.io/qt-4.8/qthelpproject.html#filter-attributes). +# http://doc.qt.io/archives/qt-4.8/qthelpproject.html#filter-attributes). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_SECT_FILTER_ATTRS = @@ -1543,10 +1569,10 @@ MATHJAX_FORMAT = HTML-CSS # Content Delivery Network so you can quickly see the result without installing # MathJax. However, it is strongly recommended to install a local copy of # MathJax from https://www.mathjax.org before deployment. -# The default value is: https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.2/. +# The default value is: https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/. # This tag requires that the tag USE_MATHJAX is set to YES. -MATHJAX_RELPATH = https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.2/ +MATHJAX_RELPATH = https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/ # The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax # extension names that should be enabled during MathJax rendering. For example @@ -1669,21 +1695,34 @@ LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. # -# Note that when enabling USE_PDFLATEX this option is only used for generating -# bitmaps for formulas in the HTML output, but not in the Makefile that is -# written to the output directory. -# The default file is: latex. +# Note that when not enabling USE_PDFLATEX the default is latex when enabling +# USE_PDFLATEX the default is pdflatex and when in the later case latex is +# chosen this is overwritten by pdflatex. For specific output languages the +# default can have been set differently, this depends on the implementation of +# the output language. # This tag requires that the tag GENERATE_LATEX is set to YES. -LATEX_CMD_NAME = latex +LATEX_CMD_NAME = # The MAKEINDEX_CMD_NAME tag can be used to specify the command name to generate # index for LaTeX. +# Note: This tag is used in the Makefile / make.bat. +# See also: LATEX_MAKEINDEX_CMD for the part in the generated output file +# (.tex). # The default file is: makeindex. # This tag requires that the tag GENERATE_LATEX is set to YES. MAKEINDEX_CMD_NAME = makeindex +# The LATEX_MAKEINDEX_CMD tag can be used to specify the command name to +# generate index for LaTeX. +# Note: This tag is used in the generated output file (.tex). +# See also: MAKEINDEX_CMD_NAME for the part in the Makefile / make.bat. +# The default value is: \makeindex. +# This tag requires that the tag GENERATE_LATEX is set to YES. + +LATEX_MAKEINDEX_CMD = \makeindex + # If the COMPACT_LATEX tag is set to YES, doxygen generates more compact LaTeX # documents. This may be useful for small projects and may help to save some # trees in general. @@ -1818,6 +1857,14 @@ LATEX_BIB_STYLE = plain LATEX_TIMESTAMP = NO +# The LATEX_EMOJI_DIRECTORY tag is used to specify the (relative or absolute) +# path from which the emoji images will be read. If a relative path is entered, +# it will be relative to the LATEX_OUTPUT directory. If left blank the +# LATEX_OUTPUT directory will be used. +# This tag requires that the tag GENERATE_LATEX is set to YES. + +LATEX_EMOJI_DIRECTORY = + #--------------------------------------------------------------------------- # Configuration options related to the RTF output #--------------------------------------------------------------------------- @@ -1857,9 +1904,9 @@ COMPACT_RTF = NO RTF_HYPERLINKS = NO -# Load stylesheet definitions from file. Syntax is similar to doxygen's config -# file, i.e. a series of assignments. You only have to provide replacements, -# missing definitions are set to their default value. +# Load stylesheet definitions from file. Syntax is similar to doxygen's +# configuration file, i.e. a series of assignments. You only have to provide +# replacements, missing definitions are set to their default value. # # See also section "Doxygen usage" for information on how to generate the # default style sheet that doxygen normally uses. @@ -1868,8 +1915,8 @@ RTF_HYPERLINKS = NO RTF_STYLESHEET_FILE = # Set optional variables used in the generation of an RTF document. Syntax is -# similar to doxygen's config file. A template extensions file can be generated -# using doxygen -e rtf extensionFile. +# similar to doxygen's configuration file. A template extensions file can be +# generated using doxygen -e rtf extensionFile. # This tag requires that the tag GENERATE_RTF is set to YES. RTF_EXTENSIONS_FILE = @@ -1955,6 +2002,13 @@ XML_OUTPUT = xml XML_PROGRAMLISTING = YES +# If the XML_NS_MEMB_FILE_SCOPE tag is set to YES, doxygen will include +# namespace members in file scope as well, matching the HTML output. +# The default value is: NO. +# This tag requires that the tag GENERATE_XML is set to YES. + +XML_NS_MEMB_FILE_SCOPE = NO + #--------------------------------------------------------------------------- # Configuration options related to the DOCBOOK output #--------------------------------------------------------------------------- @@ -2089,7 +2143,7 @@ INCLUDE_FILE_PATTERNS = # recursively expanded use the := operator instead of the = operator. # This tag requires that the tag ENABLE_PREPROCESSING is set to YES. -PREDEFINED = G_EXCEPTION()= GCONFIG_HAVE_LIBPNG=1 __cplusplus=201400 G_UNIX=1 GCONFIG_ENABLE_STD_THREAD=1 GCONFIG_HAVE_CXX_TYPE_TRAITS_MAKE_UNSIGNED=1 GCONFIG_HAVE_CXX_SHARED_PTR=1 +PREDEFINED = G_DOXYGEN=1 G_UNIX=1 __cplusplus=201400 G_EXCEPTION()= G_EXCEPTION_CLASS()= G_CONSTANT()= g__enum(x)="enum x" g__enum_end=";" __declspec__(x)= __attribute__(x)= # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then this # tag can be used to specify a list of macro names that should be expanded. The diff --git a/doc/emailrelay-doxygen.css b/doc/emailrelay-doxygen.css index 1690ab5..2a0136e 100644 --- a/doc/emailrelay-doxygen.css +++ b/doc/emailrelay-doxygen.css @@ -1,5 +1,5 @@ /* - Copyright (C) 2001-2018 Graeme Walker + Copyright (C) 2001-2019 Graeme Walker */ /* diff --git a/doc/emailrelay-filter-copy.1 b/doc/emailrelay-filter-copy.1 index 6b60adc..01f02db 100644 --- a/doc/emailrelay-filter-copy.1 +++ b/doc/emailrelay-filter-copy.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2001-2018 Graeme Walker +.\" Copyright (C) 2001-2019 Graeme Walker .\" .\" This program is free software: you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by @@ -20,6 +20,10 @@ emailrelay-filter-copy \- an emailrelay filter program for pop-by-name .I .LP .B emailrelay-filter-copy +-d +.I +.LP +.B emailrelay-filter-copy [--help] .SH DESCRIPTION The @@ -39,6 +43,11 @@ the main directory. If the envelope is successfully copied to one or more sub-directories then it is removed from the main spool directory and it will therefore not be available for SMTP forwarding. +.LP +When using +.I "-d" +all envelope files in the spool directory are copied to all +sub-directories. .SH SEE ALSO .BR emailrelay (1), .SH AUTHOR diff --git a/doc/emailrelay-man.html b/doc/emailrelay-man.html index b39d46a..0c49d17 100644 --- a/doc/emailrelay-man.html +++ b/doc/emailrelay-man.html @@ -1,6 +1,5 @@ - -Man page of EMAILRELAY +Manpage of EMAILRELAY

    EMAILRELAY

    Section: User Commands (1)
    Updated: local
    Index @@ -100,10 +99,14 @@ This is equivalent to --log and --close-stderr. It is a convenient
    Enables SMTP client authentication with the remote server, using the client account details taken from the specified secrets file. The secrets file should normally contain one line that starts with client and that line should have between four and five space-separated fields; the second field is the password encoding (plain or md5), the third is the user-id and the fourth is the password. The user-id is RFC-1891 xtext encoded, and the password is either xtext encoded or generated by emailrelay-passwd. If the remote server does not support SMTP authentication then the SMTP connection will fail. +
    --client-auth-config <config> + +
    +Configures the SMTP client authentication module using a semicolon-separated list of configuration items. Each item is a single-character key, followed by a colon and then a comma-separated list. A 'm' character introduces an ordered list of authentication mechanisms, and an 'x' is used for blocklisted mechanisms.
    -Y, --client-filter <program>
    -Runs the specified external filter program whenever a mail message is forwarded. The filter is passed the name of the message file in the spool directory so that it can edit it as required. A network filter can be specified as net:<transport-address> and prefixes of spam: and exit: are also allowed. The --filter option is normally more useful than --client-filter. +Runs the specified external filter program whenever a mail message is forwarded. The filter is passed the name of the message file in the spool directory so that it can edit it as required. A network filter can be specified as net:<transport-address> and prefixes of spam:, spam-edit: and exit: are also allowed. The --filter option is normally more useful than --client-filter.
    -6, --client-interface <ip-address>
    @@ -148,10 +151,14 @@ Specifies a timeout (in seconds) for establishing a TCP connection to remote SMT
    Enables debug level logging, if built in. Debug messages are usually only useful when cross-referenced with the source code and they may expose plaintext passwords and mail message content. +
    --dnsbl <config> + +
    +Specifies a list of DNSBL servers that are used to reject SMTP connections from blocked addresses. The configuration string is made up of comma-separated fields: the DNS server's transport address, a timeout in milliseconds, a rejection threshold, and then the list of DNSBL servers.
    -D, --domain <fqdn>
    -Specifies the network name that is used in SMTP EHLO commands, Received lines, and for generating authentication challenges. The default network name it derived from a DNS lookup of the local hostname. +Specifies the network name that is used in SMTP EHLO commands, Received lines, and for generating authentication challenges. The default is derived from a DNS lookup of the local hostname.
    -x, --dont-serve
    @@ -159,7 +166,7 @@ Disables all network serving, including SMTP, POP and administration interfaces.
    -z, --filter <program>
    -Runs the specified external filter program whenever a mail message is stored. The filter is passed the name of the message file in the spool directory so that it can edit it as required. The mail message is rejected if the filter program terminates with an exit code between 1 and 99. Use net:<transport-address> to communicate with a filter daemon over the network, or spam:<transport-address> to talk to a spamassassin spamd daemon, or exit:<number> to emulate a filter program that just exits. +Runs the specified external filter program whenever a mail message is stored. The filter is passed the name of the message file in the spool directory so that it can edit it as required. The mail message is rejected if the filter program terminates with an exit code between 1 and 99. Use net:<transport-address> to communicate with a filter daemon over the network, or spam:<transport-address> for a spamassassin spamd daemon to accept or reject mail messages, or spam-edit:<transport-address> to have spamassassin edit the message content without rejecting it, or exit:<number> to emulate a filter program that just exits.
    -W, --filter-timeout <time>
    @@ -184,10 +191,14 @@ Displays help text and then exits. Use with --verbose for more complete o
    Windows only. Hides the application window and disables all message boxes. This is useful when running as a windows service. +
    --idle-timeout <time> + +
    +Specifies a timeout (in seconds) for receiving network traffic from remote SMTP and POP clients. The default is 1800 seconds.
    -m, --immediate
    -Causes mail messages to be forwarded as soon as they are submitted, even before they are accepted. This can be used to do proxying without store-and-forward, but in practice clients tend to to time out while waiting for their mail message to be accepted. +Causes mail messages to be forwarded as they are received, even before they have been accepted. This can be used to do proxying without store-and-forward, but in practice clients tend to to time out while waiting for their mail message to be accepted.
    -I, --interface <ip-address-list>
    @@ -227,7 +238,7 @@ Causes forwarding of spooled mail messages to happen at regular intervals (with
    -B, --pop
    -Enables the POP server listening, by default on port 110, providing access to spooled mail messages. Negotiated TLS using the POP3 STLS command will be enabled if the --server-tls option is also given. +Enables the POP server listening, by default on port 110, providing access to spooled mail messages. Negotiated TLS using the POP STLS command will be enabled if the --server-tls option is also given.
    -F, --pop-auth <file>
    @@ -235,7 +246,7 @@ Specifies a file containing valid POP account details. The file format is the sa
    -J, --pop-by-name
    -Modifies the spool directory used by the POP server to be a sub-directory with the same name as the POP authentication user-id. This allows multiple POP clients to read the spooled messages without interfering with each other. Content files can stay in the main spool directory with the envelope files copied into user-specific sub-directories. The emailrelay-filter-copy program is a convenient way of doing this when run via --filter. +Modifies the spool directory used by the POP server to be a sub-directory with the same name as the POP authentication user-id. This allows multiple POP clients to read the spooled messages without interfering with each other, particularly when also using --pop-no-delete. Content files can stay in the main spool directory with only the envelope files copied into user-specific sub-directories. The emailrelay-filter-copy program is a convenient way of doing this when run via --filter.
    -G, --pop-no-delete
    @@ -264,6 +275,10 @@ Specifies a timeout (in seconds) for getting responses from remote SMTP servers.
    Enables SMTP server authentication of remote SMTP clients. Account names and passwords are taken from the specified secrets file. The secrets file should contain lines that have four space-separated fields, starting with server in the first field; the second field is the password encoding (plain or md5), the third is the client user-id and the fourth is the password. The user-id is RFC-1891 xtext encoded, and the password is either xtext encoded or generated by emailrelay-passwd. A special value of /pam can be used for authentication using linux PAM. +
    --server-auth-config <config> + +
    +Configures the SMTP server authentication module using a semicolon-separated list of configuration items. Each item is a single-character key, followed by a colon and then a comma-separated list. A 'm' character introduces a preferred sub-set of the built-in authentication mechanisms, and an 'x' is used for blocklisted mechanisms.
    -K, --server-tls
    @@ -299,7 +314,7 @@ Selects and configures the low-level TLS library, using a comma-separated list o
    -u, --user <username>
    -When started as root the program switches to an non-privileged effective user-id when idle. This option can be used to define which user-id is used. Ignored on Windows. +When started as root the program switches to an non-privileged effective user-id when idle. This option can be used to define which user-id is used. Specify root to disable all user-id switching. Ignored on Windows.
    -v, --verbose
    @@ -338,4 +353,4 @@ This document was created by using the manual pages.
    - + diff --git a/doc/emailrelay-passwd.1 b/doc/emailrelay-passwd.1 index 367d33a..ef47f0f 100644 --- a/doc/emailrelay-passwd.1 +++ b/doc/emailrelay-passwd.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2001-2018 Graeme Walker +.\" Copyright (C) 2001-2019 Graeme Walker .\" .\" This program is free software: you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by @@ -21,7 +21,7 @@ emailrelay-passwd \- a password encoding utility for emailrelay .I emailrelay-passwd is a utility which reads a single plaintext password from the standard input, and writes out an encoded form onto the standard -output. The encoded form is suitable for pasting into a CRAM-MD5 +output. The encoded form is suitable for pasting into a "md5" line in an .B emailrelay secrets file. @@ -38,11 +38,25 @@ this: server md5 alice Oqng9/H7wAyKgbuqw5VzG1bNO6feqtblyiNEi6QuN5dH .br server md5 bob Ot6SDdGj23eWjdEuKICgN8Nj9z/Vx9IV3ISz9VvmnaUB -.br +.SH OPTIONS +.TP +.B \-b, --base64 +Interpret the input password as base64 encoded. +.TP +.B \-d, --dotted +Generate a dotted decimal format, for backwards compatibility. +.TP +.B \-H, --hash \fI\fR +Specifies the hash function, such as MD5 or SHA1. MD5 is the default, and a hash function of NONE does simple xtext encoding. Other hash function may or may not be available, depending on the build. +.TP +.B \-h, --help +Shows help and exits. +.TP +.B \-p, --password \fI\fR +Specifies the password to be hashed. Beware of leaking sensitive passwords via command-line history or the process-table when using this option. .SH SEE ALSO .BR emailrelay (1), .BR emailrelay-submit (1), -.BR emailrelay-poke (1) .br .B RFC-2104 .br diff --git a/doc/emailrelay-submit.1 b/doc/emailrelay-submit.1 index 7cf1f7d..427500c 100644 --- a/doc/emailrelay-submit.1 +++ b/doc/emailrelay-submit.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2001-2018 Graeme Walker +.\" Copyright (C) 2001-2019 Graeme Walker .\" .\" This program is free software: you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by diff --git a/doc/emailrelay.1 b/doc/emailrelay.1 index 104fa55..8007dca 100644 --- a/doc/emailrelay.1 +++ b/doc/emailrelay.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2001-2018 Graeme Walker +.\" Copyright (C) 2001-2019 Graeme Walker .\" .\" This program is free software: you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by @@ -76,8 +76,11 @@ This is equivalent to \fI--log\fR and \fI--close-stderr\fR. It is a convenient w .B \-C, --client-auth \fI\fR Enables SMTP client authentication with the remote server, using the client account details taken from the specified secrets file. The secrets file should normally contain one line that starts with \fIclient\fR and that line should have between four and five space-separated fields; the second field is the password encoding (\fIplain\fR or \fImd5\fR), the third is the user-id and the fourth is the password. The user-id is RFC-1891 xtext encoded, and the password is either xtext encoded or generated by \fIemailrelay-passwd\fR. If the remote server does not support SMTP authentication then the SMTP connection will fail. .TP +.B --client-auth-config \fI\fR +Configures the SMTP client authentication module using a semicolon-separated list of configuration items. Each item is a single-character key, followed by a colon and then a comma-separated list. A 'm' character introduces an ordered list of authentication mechanisms, and an 'x' is used for blocklisted mechanisms. +.TP .B \-Y, --client-filter \fI\fR -Runs the specified external filter program whenever a mail message is forwarded. The filter is passed the name of the message file in the spool directory so that it can edit it as required. A network filter can be specified as \fInet:\fR and prefixes of \fIspam:\fR and \fIexit:\fR are also allowed. The \fI--filter\fR option is normally more useful than \fI--client-filter\fR. +Runs the specified external filter program whenever a mail message is forwarded. The filter is passed the name of the message file in the spool directory so that it can edit it as required. A network filter can be specified as \fInet:\fR and prefixes of \fIspam:\fR, \fIspam-edit:\fR and \fIexit:\fR are also allowed. The \fI--filter\fR option is normally more useful than \fI--client-filter\fR. .TP .B \-6, --client-interface \fI\fR Specifies the IP network address to be used to bind the local end of outgoing SMTP connections. By default the address will depend on the routing tables in the normal way. Use \fI0.0.0.0\fR to use only IPv4 addresses returned from DNS lookups of the \fI--forward-to\fR address, or \fI::\fR for IPv6. @@ -112,14 +115,17 @@ Specifies a timeout (in seconds) for establishing a TCP connection to remote SMT .B \-g, --debug Enables debug level logging, if built in. Debug messages are usually only useful when cross-referenced with the source code and they may expose plaintext passwords and mail message content. .TP +.B --dnsbl \fI\fR +Specifies a list of DNSBL servers that are used to reject SMTP connections from blocked addresses. The configuration string is made up of comma-separated fields: the DNS server's transport address, a timeout in milliseconds, a rejection threshold, and then the list of DNSBL servers. +.TP .B \-D, --domain \fI\fR -Specifies the network name that is used in SMTP EHLO commands, \fIReceived\fR lines, and for generating authentication challenges. The default network name it derived from a DNS lookup of the local hostname. +Specifies the network name that is used in SMTP EHLO commands, \fIReceived\fR lines, and for generating authentication challenges. The default is derived from a DNS lookup of the local hostname. .TP .B \-x, --dont-serve Disables all network serving, including SMTP, POP and administration interfaces. The program will terminate as soon as any initial forwarding is complete. .TP .B \-z, --filter \fI\fR -Runs the specified external filter program whenever a mail message is stored. The filter is passed the name of the message file in the spool directory so that it can edit it as required. The mail message is rejected if the filter program terminates with an exit code between 1 and 99. Use \fInet:\fR to communicate with a filter daemon over the network, or \fIspam:\fR to talk to a spamassassin spamd daemon, or \fIexit:\fR to emulate a filter program that just exits. +Runs the specified external filter program whenever a mail message is stored. The filter is passed the name of the message file in the spool directory so that it can edit it as required. The mail message is rejected if the filter program terminates with an exit code between 1 and 99. Use \fInet:\fR to communicate with a filter daemon over the network, or \fIspam:\fR for a spamassassin spamd daemon to accept or reject mail messages, or \fIspam-edit:\fR to have spamassassin edit the message content without rejecting it, or \fIexit:\fR to emulate a filter program that just exits. .TP .B \-W, --filter-timeout \fI
    --help (-h)
    - Displays help text and then exits. Use with --verbose for more complete + Displays help text and then exits. Use with --verbose for more complete output.
    --hidden (-H)
    @@ -202,10 +219,15 @@ Windows only. Hides the application window and disables all message boxes. This is useful when running as a windows service. +
    --idle-timeout <time>
    +
    + Specifies a timeout (in seconds) for receiving network traffic from remote + SMTP and POP clients. The default is 1800 seconds. +
    --immediate (-m)
    - Causes mail messages to be forwarded as soon as they are submitted, even - before they are accepted. This can be used to do proxying without + Causes mail messages to be forwarded as they are received, even before they + have been accepted. This can be used to do proxying without store-and-forward, but in practice clients tend to to time out while waiting for their mail message to be accepted.
    @@ -213,27 +235,27 @@
    Specifies the IP network addresses used to bind listening ports. By default listening ports for incoming SMTP, POP and administration connections will - bind the 'any' address for IPv4 and for IPv6, ie. 0.0.0.0 and ::. Use + bind the 'any' address for IPv4 and for IPv6, ie. 0.0.0.0 and ::. Use this option to limit listening to particular addresses (and by implication to particular network interfaces). Multiple addresses can be specified by using the option more than once or by using a comma-separated list. Use a - prefix of smtp=, pop= or admin= on addresses that should apply only + prefix of smtp=, pop= or admin= on addresses that should apply only to those types of listening port.
    --log (-l)
    Enables logging to the standard error stream and to the syslog. The - --close-stderr and --no-syslog options can be used to disable output to - standard error stream and the syslog separately. Note that --as-server, - --as-client and --as-proxy imply --log, and --as-server and - --as-proxy also imply --close-stderr. + --close-stderr and --no-syslog options can be used to disable output to + standard error stream and the syslog separately. Note that --as-server, + --as-client and --as-proxy imply --log, and --as-server and + --as-proxy also imply --close-stderr.
    --log-file <file> (-N)
    Redirects standard-error logging to the specified file. Logging to the log - file is not affected by --close-stderr. The filename can include %d to - get daily log files; the %d is replaced by the current date in the local - timezone using a YYYYMMDD format. + file is not affected by --close-stderr. The filename can include %d to + get daily log files; the %d is replaced by the current date in the local + timezone using a YYYYMMDD format.
    --log-time (-L)
    @@ -252,8 +274,8 @@
    --no-syslog (-n)
    - Disables logging to the syslog. Note that --as-client implies - --no-syslog. + Disables logging to the syslog. Note that --as-client implies + --no-syslog.
    --pid-file <pid-file> (-i)
    @@ -268,25 +290,25 @@
    --pop (-B)
    Enables the POP server listening, by default on port 110, providing access to - spooled mail messages. Negotiated TLS using the POP3 STLS command will be - enabled if the --server-tls option is also given. + spooled mail messages. Negotiated TLS using the POP STLS command will be + enabled if the --server-tls option is also given.
    --pop-auth <file> (-F)
    Specifies a file containing valid POP account details. The file format is the - same as for the SMTP server secrets file, ie. lines starting with server, + same as for the SMTP server secrets file, ie. lines starting with server, with user-id and password in the third and fourth fields. A special value - of /pam can be used for authentication using linux PAM. + of /pam can be used for authentication using linux PAM.
    --pop-by-name (-J)
    Modifies the spool directory used by the POP server to be a sub-directory with the same name as the POP authentication user-id. This allows multiple POP clients to read the spooled messages without interfering with each - other. Content files can stay in the main spool directory with the envelope - files copied into user-specific sub-directories. The - emailrelay-filter-copy program is a convenient way of doing this when run - via --filter. + other, particularly when also using --pop-no-delete. Content files can + stay in the main spool directory with only the envelope files copied into + user-specific sub-directories. The emailrelay-filter-copy program is a + convenient way of doing this when run via --filter.
    --pop-no-delete (-G)
    @@ -324,17 +346,25 @@ Enables SMTP server authentication of remote SMTP clients. Account names and passwords are taken from the specified secrets file. The secrets file should contain lines that have four space-separated fields, starting with - server in the first field; the second field is the password encoding - (plain or md5), the third is the client user-id and the fourth is the + server in the first field; the second field is the password encoding + (plain or md5), the third is the client user-id and the fourth is the password. The user-id is RFC-1891 xtext encoded, and the password is either - xtext encoded or generated by emailrelay-passwd. A special value of - /pam can be used for authentication using linux PAM. + xtext encoded or generated by emailrelay-passwd. A special value of + /pam can be used for authentication using linux PAM. +
    +
    --server-auth-config <config>
    +
    + Configures the SMTP server authentication module using a semicolon-separated + list of configuration items. Each item is a single-character key, followed + by a colon and then a comma-separated list. A 'm' character introduces a + preferred sub-set of the built-in authentication mechanisms, and an 'x' is + used for blocklisted mechanisms.
    --server-tls (-K)
    Enables TLS for incoming SMTP and POP connections. SMTP clients can then request TLS encryption by issuing the STARTTLS command. The - --server-tls-certificate option must be used to define the server + --server-tls-certificate option must be used to define the server certificate.
    --server-tls-certificate <pem-file>
    @@ -368,28 +398,28 @@
    --syslog (-k)
    - When used with --log this option enables logging to the syslog even if the - --no-syslog option is also used. This is typically used as a convenient - override when using --as-client. + When used with --log this option enables logging to the syslog even if the + --no-syslog option is also used. This is typically used as a convenient + override when using --as-client.
    --tls-config <options> (-9)
    Selects and configures the low-level TLS library, using a comma-separated list of keywords. If OpenSSL and mbedTLS are both built in then keywords of - openssl and mbedtls will select one or the other. Keywords like - tlsv1.0 can be used to set a minimum TLS protocol version, or -tlsv1.2 + openssl and mbedtls will select one or the other. Keywords like + tlsv1.0 can be used to set a minimum TLS protocol version, or -tlsv1.2 to set a maximum version.
    --user <username> (-u)
    When started as root the program switches to an non-privileged effective user-id when idle. This option can be used to define which user-id is used. - Ignored on Windows. + Specify root to disable all user-id switching. Ignored on Windows.
    --verbose (-v)
    - Enables more verbose logging when used with --log, and more verbose help - when used with --help. + Enables more verbose logging when used with --log, and more verbose help + when used with --help.
    --version (-V)
    @@ -398,27 +428,27 @@

    A configuration file can be used to provide additional options; put each - options on a separate line, use the long option names but without the double + option on a separate line, use the long option names but without the double dash, and separate the option name from the option value with spaces.

    - All command-line options that specify a filename can use a special @app + All command-line options that specify a filename can use a special @app substitution variable that is interpreted as the directory that contains - the emailrelay executable or MacOS application bundle. + the emailrelay executable or MacOS application bundle.

    Message store

    Mail messages are stored as text files in the configured spool directory. Each - e-mail message is represented as an envelope file and a content file. The envelope - file contains parameters relevant to the SMTP dialogue, and the content file - contains the RFC-822 headers and body text. + e-mail message is represented as an envelope file and a content file. The + envelope file contains parameters relevant to the SMTP dialogue, and the + content file contains the RFC-822 headers and body text.

    - The filenames used in the message store have a prefix of emailrelay, followed - by a process-id, timestamp and sequence number, and then envelope or - content. The envelope files then have an additional suffix to implement a + The filenames used in the message store have a prefix of emailrelay, followed + by a process-id, timestamp and sequence number, and then envelope or + content. The envelope files then have an additional suffix to implement a simple locking scheme.

    @@ -427,14 +457,14 @@

      -
    • .new -- while the envelope is first being written
      • -
    • .busy -- while the message is being forwarded
      • -
    • .bad -- if the message cannot be forwarded
      • -
    • .local -- for copies of the envelope file for delivery to local recipients
      • +
    • .new -- while the envelope is first being written
      • +
    • .busy -- while the message is being forwarded
      • +
    • .bad -- if the message cannot be forwarded
      • +
    • .local -- for copies of the envelope file for delivery to local recipients

    - If an e-mail message cannot be forwarded the envelope file is given a .bad + If an e-mail message cannot be forwarded the envelope file is given a .bad suffix, and the failure reason is written into the file.

    Forwarding

    @@ -444,12 +474,12 @@

      -
    • when E-MailRelay first starts up (--as-client or --forward)
      • -
    • as each message is submitted, just before receipt is acknowledged (--immediate)
      • -
    • as soon as the submitting client connection disconnects (--forward-on-disconnect)
      • -
    • periodically (--poll=<seconds>)
      • -
    • on demand using the administration interface's flush command (--admin=<port>)
      • -
    • when a --filter script exits with an exit code of 103
      • +
    • when E-MailRelay first starts up (--as-client or --forward)
      • +
    • as each message is submitted, just before receipt is acknowledged (--immediate)
      • +
    • as soon as the submitting client connection disconnects (--forward-on-disconnect)
      • +
    • periodically (--poll=)
      • +
    • on demand using the administration interface's flush command (--admin=)
      • +
    • when a --filter script exits with an exit code of 103

    @@ -457,7 +487,7 @@

    - When using --as-client, or --dont-serve and --forward, the spooled + When using --as-client, or --dont-serve and --forward, the spooled messages begin to be forwarded as soon as the program starts up, and the program terminates once they have all been sent.

    @@ -465,16 +495,16 @@

    All recipient e-mail addresses must be accepted by the remote server when E-MailRelay forwards an e-mail message. If any one recipient is rejected then - the message will be left in the spool directory with a .bad suffix on the + the message will be left in the spool directory with a .bad suffix on the envelope file.

    Mail processing

    - The --filter command-line option allows you to specify a mail processing + The --filter command-line option allows you to specify a mail processing program which operates on e-mail messages as they pass through the E-MailRelay system. The filter program is run as soon as the e-mail message has been stored - in the spool directory, with the full path of the content file added onto the - end of the given command-line. + in the spool directory, with the full path of the content file and envelope + file put on the command-line.

    @@ -501,7 +531,7 @@

    If the filter program terminates with a non-zero exit code then the first few thousand characters of the standard output stream are searched for a line - starting with <<error text>> or [[error text]]. The text inside is taken + starting with <> or [[error text]]. The text inside is taken as a failure reason, and passed back to the SMTP client. A second error-text line can be used for additional diagnostics that will not be visible to the remote client. @@ -518,28 +548,29 @@

    If the filter program creates completely new e-mail messages in the spool directory then they may not be processed immediately, or they may be completely - ignored. To get E-MailRelay to pick up any new messages you create in the spool - directory use the special 103 exit code, or rely on the --poll mechanism, or - perhaps run emailrelay --as-client from within the filter program. + ignored. To get E-MailRelay to pick up any new messages you create in the + spool directory use the special 103 exit code, or rely on the --poll + mechanism, or perhaps run emailrelay --as-client from within the filter + program.

    As an example of a simple filter program processor this shell script examines the sending client's IP address and conditionally passes the message into - sendmail (using the sendmail command-line interface rather than SMTP): + sendmail (using the sendmail command-line interface rather than SMTP): 

    #!/bin/sh
 # filter.sh
 content="${1}"
-envelope="`echo \"${content}\" | sed 's/content/envelope.new/'`"
+envelope="${2}"
 ip="`awk '/MailRelay-Client:/ {print $2;exit}' \"${envelope}\"`"
 if test "${ip}" = "192.168.0.2"
 then
-    /usr/sbin/sendmail -t < "${content}"
+    /usr/sbin/sendmail -t < "${content}"
     rm -f "${envelope}" "${content}"
-    exit 100 # <= cancel further processing by emailrelay
+    exit 100 # <= cancel further processing by emailrelay
 fi
 exit 0
    @@ -547,7 +578,7 @@ exit 0

    The first thing this script does is convert the path of the content file which it is given, into the corresponding envelope file. It then extracts the - client's IP address out of the envelope file using awk. If this matches the + client's IP address out of the envelope file using awk. If this matches the fixed address then it pipes the message content into sendmail, deletes the e-mail message and exits with a value of 100. The exit value of 100 tells E-MailRelay to forget the message, and not to complain about the files @@ -561,7 +592,7 @@ exit 0 

    // filter.js
 var content = WScript.Arguments(0) ;
-var envelope = content.substr(0,content.length-7) + "envelope.new" ;
+var envelope = WScript.Arguments(1) ;
 var fs = WScript.CreateObject( "Scripting.FileSystemObject" ) ;
 var ts = fs.OpenTextFile( envelope , 1 , false ) ;
 var e = ts.ReadAll() ;
@@ -581,7 +612,7 @@ WScript.Quit( 0 ) ;

    Windows filter programs written in JavaScript can be run with an E-MailRelay - --filter option something like this: + --filter option something like this:

    @@ -594,50 +625,53 @@ WScript.Quit( 0 ) ;

    - E-MailRelay also has a --client-filter option that enables processing of + E-MailRelay also has a --client-filter option that enables processing of e-mail messages just before they are forwarded, rather than after they are - stored. The disadvantage is that by then it is too late to notify the submitting - SMTP client of any processing failures, so in many store-and-forward - applications using --filter is more useful. The special exit code of 100 can - be used to ignore the current message, and 102 to stop scanning for more spooled - messages after processing the current one (eg. for simple rate-limiting). + stored. The disadvantage is that by then it is too late to notify the + submitting SMTP client of any processing failures, so in many store-and-forward + applications using --filter is more useful. The special exit code of 100 can + be used to ignore the current message, and 102 to stop scanning for more + spooled messages after processing the current one (eg. for simple + rate-limiting).

    - Bear in mind the following points when writing --filter programs: + Bear in mind the following points when writing --filter programs:

      -
    • The standard input and output are not used; the content filename is passed on the command-line.
      • +
    • The standard input and output are not used; the message filename is passed on the command-line.
    • Programs are run with a reduced set of environment variables.
    • E-MailRelay files use CR-LF line terminators, as required by the RFCs.
      • -
    • Envelope files will have a file extension of .new or .busy when the program runs.
      • -
    • Windows scripts may need to be run via cscript or a batch file wrapper.
      • +
    • Envelope files will have a file extension of .new or .busy when the program runs.
      • +
    • Windows scripts may need to be run via cscript or a batch file wrapper.

    It is also possible to do message filtering in a separate process by using - net:<transport-address> as the --filter or --client-filter option parameter. - E-MailRelay connects to this address and then uses a simple line-based dialog as - each e-mail message is processed where it sends the full path of the message - content file in one line and expects the remote process to respond with an ok - line if the message is to be accepted or an error message. + net: as the --filter or --client-filter option parameter. + E-MailRelay connects to this address and then uses a simple line-based dialog + as each e-mail message is processed: it sends the full path of the message + content file in one line and expects the remote process to respond with an ok + line if the message is to be accepted or an error message. If the error message + contains a tab character then anything after the tab character is logged but + otherwise ignored.

    - Alternatively, use spam:<transport-address> for connecting to a SpamAssassim - spamd server, or use exit:<exit-code> for simulating a filter program - that just does an exit with the specified exit code. + Alternatively, use spam: or spam-edit: to connect + to a SpamAssassim spamd server, or use exit: for simulating a + filter program that just does an exit with the specified exit code.

    Authentication

    - E-MailRelay can perform client-side authentication when connecting to remote - SMTP servers, and server-side authentication when remote clients connect to + E-MailRelay can perform client-side authentication when connecting to remote + SMTP servers, and server-side authentication when remote clients connect to the E-MailRelay server.

    - SMTP authentication is enabled with the --client-auth and --server-auth + SMTP authentication is enabled with the --client-auth and --server-auth command-line options, followed by the name of a 'secrets' file containing usernames and passwords:

    @@ -648,23 +682,23 @@ emailrelay --as-client=example.com:smtp --client-auth=/etc/emailrelay-server.aut

    - The client-side secrets file specified with --client-auth is used when - E-MailRelay acts as a client to talk to a remote server. The file should contain - at least one client entry. + The client-side secrets file specified with --client-auth is used when + E-MailRelay acts as a client to talk to a remote server. The file should + contain at least one client entry.

    - The server-side secrets file specified with --server-auth is used when a - remote client tries to authenticate with the E-MailRelay server. The file should - normally contain several server entries, one for each remote client. + The server-side secrets file specified with --server-auth is used when a + remote client tries to authenticate with the E-MailRelay server. The file + should normally contain several server entries, one for each remote client.

    image

    - The same secrets file may be specified for both --client-auth and - --server-auth options. + The same secrets file may be specified for both --client-auth and + --server-auth options.

    @@ -677,26 +711,28 @@ emailrelay --as-client=example.com:smtp --client-auth=/etc/emailrelay-server.aut

      -
    • client-or-server
      • -
    • password-type
      • -
    • userid
      • -
    • password
      • +
    • client-or-server
      • +
    • password-type
      • +
    • userid
      • +
    • password

    - The client-or-server field must be client or server; the password-type - field must be plain or md5; the userid field is xtext-encoded - user identifier; and the password field is the xtext-encoded plain password - or a base64-encoded HMAC-MD5 state. For client lines the password-type can - also be oauth. + The client-or-server field must be client or server; the password-type + field should be plain or md5; the userid field is xtext-encoded + user identifier; and the password field is the xtext-encoded plain password + or a base64-encoded HMAC-MD5 state. For client lines the password-type can + also be oauth.

    - The first two fields are case-insensitive. The xtext encoding scheme is - defined properly in RFC-1891, but basically it says that non-alphanumeric - characters (including space, +, # and =) should be represented in - uppercase hexadecimal ascii as +XX. So a space should be written as +20; - + as +2B; # as +23; and = as +3D. + The first two fields are case-insensitive. The xtext encoding scheme is + defined properly in RFC-3461, but basically it says that non-alphanumeric + characters (including space, +, # and =) should be represented in + uppercase hexadecimal ascii as +XX. So a space should be written as +20; + + as +2B; # as +23; and = as +3D. Also note that modern email + services will expect userids and passwords containing non-ASCII characters to + use UTF-8 encoding with RFC-4013 normalisation applied.

    @@ -711,22 +747,22 @@ emailrelay --as-client=example.com:smtp --client-auth=/etc/emailrelay-server.aut

    The PLAIN, LOGIN and CRAM-MD5 mechanisms can use plaintext passwords, stored - in the secrets file using a password-type of plain. In addition, the + in the secrets file using a password-type of plain. In addition, the CRAM-MD5 mechanism can also use hashed passwords generated by the - emailrelay-passwd program and these are stored in the secrets file with a - password-type of md5. (Hashed passwords are marginally more secure because + emailrelay-passwd program and these are stored in the secrets file with a + password-type of md5. (Hashed passwords are marginally more secure because the plaintext password which might be used on other accounts, is not easily recovered. However, hashed passwords can only be used for HMAC authentication mechanisms that are based on the same hash function.) The XOAUTH2 mechanism can be used for client-side authentication using tokens that have been recently obtained from a third-party authentication server and added to the - secrets file with a password-type of oauth. + secrets file with a password-type of oauth.

    - In the following example bob is the username that E-MailRelay uses when - it authenticates with a remote SMTP server, and two usernames (alice and - carol) can be used by remote clients when they authenticate with the + In the following example bob is the username that E-MailRelay uses when + it authenticates with a remote SMTP server, and two usernames (alice and + carol) can be used by remote clients when they authenticate with the E-MailRelay server:

    @@ -740,7 +776,7 @@ server plain carol my+20password

    - Using MD5 hashes the same users would look like this: + Using MD5 hashes the same users would look like this:

    @@ -753,18 +789,19 @@ server md5 carol x6UJKQF9f7HfhS1M+PW4s8rXIoT+L+WoqLz+rBwSKbw=

    - When the --server-auth option is used clients must authenticate with the + When the --server-auth option is used clients must authenticate with the E-MailRelay server but it is possible to configure some client IP addresses as 'trusted' so that connections from these addresses do not have to authenticate.

    - Trusted IP addresses are configured with lines in the secrets file having server - in the first field, none in the second field, a wildcarded IP address in - the third field, and an arbitrary keyword in the fourth field. The keyword field - is passed to any external address verifier program specified by the - --address-verifier command-line option; it is not used for any other purpose. - Wildcarded IPv4 addresses can use a format like 192.168.0.0/24 or 192.168.0.*. + Trusted IP addresses are configured with lines in the secrets file having + server in the first field, none in the second field, a wildcarded IP + address in the third field, and an arbitrary keyword in the fourth field. The + keyword field is passed to any external address verifier program specified by + the --address-verifier command-line option; it is not used for any other + purpose. Wildcarded IPv4 addresses can use a format like 192.168.0.0/24 or + 192.168.0.*.

    @@ -785,19 +822,20 @@ server plain carol my+20password

    On the client side, authentication is performed when E-MailRelay connects to a - server which implements the SMTP AUTH extension with one of the supported - mechanisms. If the remote server does not support the AUTH extension, or does not - support mechanisms for which E-MailRelay has secrets, then an error will be - logged and no messages will be forward. + server that implements the SMTP AUTH extension with one of the supported + mechanisms. If client-side authentication is required but the remote server + does not support the AUTH extension, or does not support mechanisms for which + E-MailRelay has secrets, then an error will be logged and no messages will be + forwarded.

    - When E-MailRelay successfully authenticates with the remote server the session + When E-MailRelay successfully authenticates with the remote server the authentication name is passed as the AUTH parameter of the SMTP MAIL FROM command, ignoring any AUTH name from the original submission. This default - policy can be modified by editing the MailFromAuthOut field in the message - envelope file, perhaps by using a --filter or --client-filter program. The - value in this envelope field should be empty for the default policy, <> for + policy can be modified by editing the MailFromAuthOut field in the message + envelope file, perhaps by using a --filter or --client-filter program. The + value in this envelope field should be empty for the default policy, <> for no AUTH name, or an xtext-encoded authentication name.

    @@ -809,16 +847,17 @@ server plain carol my+20password

    E-MailRelay can use negotiated TLS to encrypt SMTP and POP sessions: to enable client-side TLS encryption when E-MailRelay is acting as an SMTP client use the - --client-tls command-line option, and to enable server-side TLS when - E-MailRelay is acting as an SMTP or POP server use --server-tls. The - connections start off as unencrypted and the SMTP command STARTTLS (or the - POP STLS command) can be used to negotiate TLS encryption before any + --client-tls command-line option, and to enable server-side TLS when + E-MailRelay is acting as an SMTP or POP server use --server-tls. The + connections start off as unencrypted and the SMTP command STARTTLS (or the + POP STLS command) can be used to negotiate TLS encryption before any passwords are exchanged.

    - The --server-tls option requires that the --server-tls-certificate option is - used to specify a PEM-format file containing a X.509 certificate and private key. + The --server-tls option requires that the --server-tls-certificate option + is used to specify a PEM-format file containing a X.509 certificate and private + key.

    @@ -835,20 +874,20 @@ server plain carol my+20password do authentication to prevent man-in-the-middle attacks. For full TLS authentication you must use private keys and X.509 certificates symmetrically on both ends, with TLS verification enabled in both directions. Refer to the - documentation of all the --server-tls... and --client-tls... command-line + documentation of all the --server-tls... and --client-tls... command-line options for more details.

    E-MailRelay can also make outgoing SMTP connections using TLS encryption where - the whole SMTP dialog is encrypted from the start (--client-tls-connection). - This is sometimes called SMTP-over-TLS or secure SMTP (smtps) and it is normally - used with port number 465. + the whole SMTP dialog is encrypted from the start (--client-tls-connection). + This is sometimes called SMTP-over-TLS or secure SMTP (smtps) or implicit TLS + and it is normally used with port number 465.

    PAM Authentication

    E-MailRelay on Linux supports the use of PAM (Pluggable Authentication Modules) - for authentication if it has been built with the --with-pam configure option. + for authentication if it has been built with the --with-pam configure option.

    @@ -858,15 +897,15 @@ server plain carol my+20password

    - Use --server-auth=/pam and/or --pop-auth=/pam on the command-line to use + Use --server-auth=/pam and/or --pop-auth=/pam on the command-line to use PAM authentication for SMTP and POP respectively. The E-MailRelay server will then advertise an SMTP authentication mechanism of PLAIN and do the actual authentication via PAM.

    - The PAM system itself must be configured with a service of emailrelay. This - normally involves creating a file /etc/pam.d/emailrelay containing something + The PAM system itself must be configured with a service of emailrelay. This + normally involves creating a file /etc/pam.d/emailrelay containing something like the following:

    @@ -885,8 +924,8 @@ password required pam_deny.so

    - When using PAM authentication E-MailRelay requires that remote clients establish - an encrypted session using TLS before authentication can proceed. + When using PAM authentication E-MailRelay requires that remote clients + establish an encrypted session using TLS before authentication can proceed.

    IP addresses

    @@ -896,7 +935,7 @@ password required pam_deny.so

    - If a single network address is specified with the --interface command-line + If a single network address is specified with the --interface command-line option then that address is used for listening.

    @@ -908,8 +947,8 @@ password required pam_deny.so

    - If the --client-interface option is used then that address is used to bind the - local end of outgoing SMTP client connections. + If the --client-interface option is used then that address is used to bind + the local end of outgoing SMTP client connections.

    @@ -920,8 +959,8 @@ password required pam_deny.so

    - More than one address can be given in the --interface option separated by - commas, or multiple --interface options can be used. All of those addresses + More than one address can be given in the --interface option separated by + commas, or multiple --interface options can be used. All of those addresses will be used for listening.

    @@ -934,8 +973,8 @@ password required pam_deny.so

    - A listening address can also be qualified by one of the prefixes smtp=, - pop= or admin= so that it is only used in that context. + A listening address can also be qualified by one of the prefixes smtp=, + pop= or admin= so that it is only used in that context.

    @@ -946,14 +985,14 @@ password required pam_deny.so

    - The IPv4 and IPv6 wildcard addresses (0.0.0.0 and ::) can be used with - --interface and --client-interface to enable the use of IPv4 only or IPv6 + The IPv4 and IPv6 wildcard addresses (0.0.0.0 and ::) can be used with + --interface and --client-interface to enable the use of IPv4 only or IPv6 only.

    - To use IPv4 only for incoming connections use --interface 0.0.0.0; for IPv6 only - on incoming connections use --interface ::. + To use IPv4 only for incoming connections use --interface 0.0.0.0; for IPv6 + only on incoming connections use --interface ::.

    @@ -962,8 +1001,8 @@ password required pam_deny.so

    - To use IPv4 only on outgoing SMTP connection use --client-interface 0.0.0.0; - for IPv6 only on outgoing SMTP connections use --client-interface ::. + To use IPv4 only on outgoing SMTP connection use --client-interface 0.0.0.0; + for IPv6 only on outgoing SMTP connections use --client-interface ::.

    @@ -972,9 +1011,9 @@ password required pam_deny.so

    - Hostnames given in the --forward-to, --as-proxy and --as-client options - are resolved to IPv4 addresses and/or IPv6 addresses using DNS. If both IPv4 and - IPv6 records are returned from the DNS query then the --client-interface + Hostnames given in the --forward-to, --as-proxy and --as-client options + are resolved to IPv4 addresses and/or IPv6 addresses using DNS. If both IPv4 + and IPv6 records are returned from the DNS query then the --client-interface option can be used to select either the IPv4 or IPv6 results. Otherwise the first address is used, whether that is IPv4 or IPv6.

    @@ -988,9 +1027,9 @@ password required pam_deny.so

    SOCKS

    - E-MailRelay can use a SOCKS 4a proxy for establishing outgoing SMTP connections; - just append the SOCKS proxy address to the SMTP server's address, separated by - @. + E-MailRelay can use a SOCKS 4a proxy for establishing outgoing SMTP + connections; just append the SOCKS proxy address to the SMTP server's address, + separated by @.

    @@ -1003,7 +1042,7 @@ password required pam_deny.so

    - The Tor system will then be used to resolve the example.com domain name and + The Tor system will then be used to resolve the example.com domain name and establish the connection. The target SMTP server will see a connection coming from the Tor exit node rather than from the E-MailRelay server.

    @@ -1011,25 +1050,25 @@ password required pam_deny.so

    By default the E-MailRelay server will accept all recipient addresses for incoming e-mails as valid. This default behaviour can be modified by using an - external verifier program, specified with the --address-verifier command-line + external verifier program, specified with the --address-verifier command-line option, so that you get to choose which recipient addresses are accepted as valid and which are rejected.

    Your verifier program is passed a command-line containing: (1) the recipient - e-mail address as supplied by the remote client, (2) the from e-mail address - as supplied by the client, or the empty string in the case of the VRFY + e-mail address as supplied by the remote client, (2) the from e-mail address + as supplied by the client, or the empty string in the case of the VRFY command, (3) the IP address and port of the far end of the client connection, (4) the local fully qualified domain name, (5) the authentication - mechanism used by the client (if any, and none if trusted), and (6) either + mechanism used by the client (if any, and none if trusted), and (6) either the authentication name or the fourth field from authentication secrets file if a trusted IP address.

    - So, for example, a verifier program called myverifier might be run with the - following command-line: + So, for example, a verifier program called myverifier might be run as if with + the following command-line:

    @@ -1037,13 +1076,13 @@ password required pam_deny.so

    - The verifier program is expected to generate two lines of output on the standard - output stream and then terminate with a specific exit code. + The verifier program is expected to generate two lines of output on the + standard output stream and then terminate with a specific exit code.

    - For future-proofing a verifier must report a version number of 2.0 if called - with a command-line starting with --emailrelay-version. + For future-proofing a verifier must report a version number of 2.0 if called + with a command-line starting with --emailrelay-version.

    @@ -1070,15 +1109,17 @@ exit 1 

    #!/bin/sh
 # address verifier -- accept as local (250)
-echo Local Postmaster '<postmaster@localhost>'
+echo Local Postmaster ''
 echo postmaster
 exit 0

    - For E-MailRelay local delivery just means that the message file in the spool - directory is given a .local filename suffix. This can be used to create a - separate channel for administrative messages such as delivery reports. + For E-MailRelay local delivery just means that the message files in the spool + directory are copied to files with a .local filename suffix. If all the + envelope recipients are local-mailboxes then no normal message files are + created. This mechanism can be used to create a separate channel for + administrative messages such as delivery reports.

    @@ -1116,15 +1157,15 @@ exit 100

    - In this more complete example the verifier script accepts all addresses as valid - as long as they contain an at character: + In this more complete example the verifier script accepts all addresses as + valid as long as they contain an at character: 

    #!/bin/sh
 # address verifier -- accept only if containing an at sign
 address="$1"
-expr "$address" : ".*@" > /dev/null || exit 2
+expr "$address" : ".*@" > /dev/null || exit 2
 echo ""
 echo "$address"
 exit 1 # accept
@@ -1171,7 +1212,7 @@ try
     var local_domain = WScript.Arguments(3) ;
     var auth_mechanism = WScript.Arguments(4) ;
     var host = address.split(/@/)[1] || "" ;
-    if( ( auth_mechanism === "none" || !auth_mechanism ) && host !== local_domain )
+    if( ( auth_mechanism === "none" || !auth_mechanism ) && host !== local_domain )
     {
         WScript.Stdout.WriteLine( "cannot relay without authentication" ) ;
         WScript.Quit( 2 ) ;
@@ -1189,20 +1230,60 @@ catch( e )

    - If this verifier script is used with a suitable --server-auth file then it can - be used to prevent open relay without restricting authenticated clients. + If this verifier script is used with a suitable --server-auth file then it + can be used to prevent open relay without restricting authenticated clients.

    It is also possible to verify addresses in a separate daemon process by using a - --address-verifier option of the form net:<transport-address>. In this case + --address-verifier option of the form net:. In this case E-MailRelay will connect to the specified verifier daemon over the network and send address verification requests as lines with pipe-delimited fields. The - expected response is another pipe-delimited line containing the same information - as returned by verifier scripts but in reverse, such as 3|address unavailable - or 0|postmaster|Local Postmaster <postmaster@localhost>. + expected response is another pipe-delimited line containing the same + information as returned by verifier scripts but in reverse, such as + 3|address unavailable or 0|postmaster|Local Postmaster .

    -

    Security issues

    +

    Connection blocking

    +

    + All incoming connections from remote network addresses are blocked by default, + but can be allowed by using the --remote-clients/-r option. This is to + guard against accidental exposure to the internet. +

    + +

    + Incoming SMTP connections can also be checked against DNSBL blocklists in order + to block connections from known spammers. Use the --dnsbl option to define a + list of DNSBL servers, together with a rejection threshold. If the threshold + number of servers 'deny' the incoming connection's network address then + E-MailRelay will drop the connection immediately. +

    + +

    + The --dnsbl configuration starts with the DNS server network address and a + millisond timeout, followed by the threshold and list of servers: +

    + +
    + 
    emailrelay -r --dnsbl 1.1.1.1:53,500,1,spam.example.com,block.example.com ...
+
    +
    +

    + A threshold of zero means that the DNSBL servers are consulted but connections + are always allowed. This can be combined with verbose logging (--log -v) + for initial testing. +

    + +

    + If the timeout period expires before a collective decision is reached then the + connection is allowed. This default behaviour can be changed by using a negative + timeout, but for finer control use a DNSBL proxy. +

    + +

    + Connections from loopback and private (RFC-1918) network addresses are never + checked. +

    +

    Security issues

    The following are some security issues that have been taken into consideration:

    @@ -1211,24 +1292,24 @@ catch( e )
    Effective userid
    Suid privileges are revoked at start-up, switching the effective - userid/groupid to be the real userid/groupid values. If started as root + userid/groupid to be the real userid/groupid values. If started as root then the effective userid/groupid are switched at start-up to those of user - daemon. Special privileges are only reclaimed when needed to bind sockets + daemon. Special privileges are only reclaimed when needed to bind sockets and do file i/o. Normally this means temporarily switching the userid and groupid back to what they were at start-up. However, when writing spool files - after being started as root only the effective userid is changed, not the + after being started as root only the effective userid is changed, not the groupid, so that new files have group ownership corresponding to the - daemon user. + daemon user.
    Execution environment
    The external filter programs are run with an almost empty set of environment - variables (PATH and IFS), and with no open file descriptors other than - stdin and stderr open onto /dev/null, and stdout open onto a pipe. + variables (PATH and IFS), and with no open file descriptors other than + stdin and stderr open onto /dev/null, and stdout open onto a pipe.
    Umask
    - The program runs for most of the time with a umask of 177, switching to 117 + The program runs for most of the time with a umask of 177, switching to 117 when creating spool files.
    Remote clients
    @@ -1248,26 +1329,26 @@ catch( e )
    File permissions
    After a normal installation the spool directory is has ownership of - root.daemon with permissions of -rwxrwxr-x and messages files are created - with permissions of -rw-rw----. This allows normal users to list messages + root.daemon with permissions of -rwxrwxr-x and messages files are created + with permissions of -rw-rw----. This allows normal users to list messages files but not read them.

    - The emailrelay-submit program is given group ownership of daemon with its + The emailrelay-submit program is given group ownership of daemon with its group set-user-id flag set. This allows it to create message files in the spool directory, and the files created end up owned by the submitter but with - group ownership of daemon. + group ownership of daemon.
    Logging
    Logging output is conditioned so that ANSI escape sequences cannot appear in the log.

    - Passwords and message content are not logged (except if using the --debug + Passwords and message content are not logged (except if using the --debug option at run time with debug logging enabled at build time).
    Information leakage
    - The --anonymous option can be used to reduce the amount of information + The --anonymous option can be used to reduce the amount of information leaked to remote clients.
    Mandatory encryption
    @@ -1277,8 +1358,8 @@ catch( e )

    - Security issues which relate to the SMTP protocol itself are beyond the scope of - this document, but RFC-2821 makes the following observation: "SMTP mail is + Security issues which relate to the SMTP protocol itself are beyond the scope + of this document, but RFC-2821 makes the following observation: "SMTP mail is inherently insecure in that it is feasible for even [..] casual users to [..] create messages that will trick a [..] recipient into believing that they came from somewhere else. [..] Real [..] security lies [..] in end-to-end methods @@ -1286,63 +1367,63 @@ catch( e )

    - The Authentication, PAM Authentication and TLS encryption sections + The Authentication, PAM Authentication and TLS encryption sections above also relate to security.

    -

    Administration interface

    +

    Administration interface

    - If enabled with the --admin command-line option, the E-MailRelay server will + If enabled with the --admin command-line option, the E-MailRelay server will provide a network interface for performing administration tasks. This is a - simple command-line interface which is compatible with netcat and telnet: + simple command-line interface which is compatible with netcat and telnet: 

    $ emailrelay --as-server --port=125 --forward-to=localhost:25 --admin=10026
 $ telnet localhost 10026
-E-MailRelay> help
-E-MailRelay> quit
+E-MailRelay> help
+E-MailRelay> quit

    - The flush command is used to get the E-MailRelay server to forward spooled + The flush command is used to get the E-MailRelay server to forward spooled mail to the next SMTP server.

    - The list command lists the messages in the spool directory, status provides - network status information and activity statistics, and notify enables + The list command lists the messages in the spool directory, status provides + network status information and activity statistics, and notify enables asynchronous event notification.

    -

    Bcc handling

    +

    Bcc handling

    E-MailRelay transfers e-mail messages without changing their content in any - way, other than by adding a Received header. In particular, if a message - contains a Bcc: header when it is submitted to the E-MailRelay server it - will have the same Bcc: header when forwarded. + way, other than by adding a Received header. In particular, if a message + contains a Bcc: header when it is submitted to the E-MailRelay server it + will have the same Bcc: header when forwarded.

    It is normally the responsibility of the program that submits an e-mail - message to submit it separately for each Bcc recipient, removing the Bcc: + message to submit it separately for each Bcc recipient, removing the Bcc: header from the message content or changing it to contain only the 'current' recipient. If this is not done, perhaps through mis-configuration of the - e-mail user agent program, then Bcc recipients may be visible to the To - and Cc message recipients. + e-mail user agent program, then Bcc recipients may be visible to the To + and Cc message recipients.

    - An E-MailRelay --filter script can be used to reject messages with incorrect - Bcc: headers, and an example script is included. + An E-MailRelay --filter script can be used to reject messages with incorrect + Bcc: headers, and an example script is included.

    -

    Files and directories

    +

    Files and directories

    - On Unix-like systems E-MailRelay installs by default under /usr/local, but + On Unix-like systems E-MailRelay installs by default under /usr/local, but binary distributions will probably have been built to install elsewhere.

    Installation directories can be defined at build-time by the following - configure script command-line options: + configure script command-line options:

    • --mandir=<dir>
      • @@ -1356,11 +1437,12 @@ E-MailRelay> quit
    • e_pamdir=<dir>
    • e_spooldir=<dir>
    • e_sysconfdir=<dir>
      • +
    • e_rundir=<dir>

    - These are all defaulted to paths that are ultimately based on --prefix, so - ./configure --prefix=$HOME will work as expected. + These are all defaulted to paths that are ultimately based on --prefix, so + ./configure --prefix=$HOME will work as expected.

    @@ -1369,31 +1451,31 @@ E-MailRelay> quit

    - 
    ./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib --sysconfdir=/etc e_initdir=/etc/init.d
+       
    ./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib --sysconfdir=/etc e_initdir=/etc/init.d e_rundir=/run/emailrelay

    It is possible to change the installation root directory after building by - using make DESTDIR=<root> install or DESTDIR=<root> make -e install. + using make DESTDIR= install or DESTDIR= make -e install. However, this will not affect the default spool directory path built into the scripts and executables so the correct spool directory will have to be - specified at run-time with the --spool-dir command-line option. + specified at run-time with the --spool-dir command-line option.

    On Windows the installation GUI prompts for two installation directories, - and these default to %ProgramFiles%/E-MailRelay for programs and - %ProgramData%/E-MailRelay for data. + and these default to %ProgramFiles%/E-MailRelay for programs and + %ProgramData%/E-MailRelay for data.

    - Copyright (C) 2001-2018 Graeme Walker + Copyright (C) 2001-2019 Graeme Walker

    - + diff --git a/doc/reference.md b/doc/reference.md index f2f5d33..d5761a6 100644 --- a/doc/reference.md +++ b/doc/reference.md @@ -58,19 +58,27 @@ where <option> is: should normally contain one line that starts with `client` and that line should have between four and five space-separated fields; the second field is the password encoding (`plain` or `md5`), the third is the user-id and - the fourth is the password. The user-id is RFC-1891 xtext encoded, and the + the fourth is the password. The user-id is [RFC-1891][] xtext encoded, and the password is either xtext encoded or generated by `emailrelay-passwd`. If the remote server does not support SMTP authentication then the SMTP connection will fail. +* \-\-client-auth-config <config> + + Configures the SMTP client authentication module using a semicolon-separated + list of configuration items. Each item is a single-character key, followed + by a colon and then a comma-separated list. A 'm' character introduces an + ordered list of authentication mechanisms, and an 'x' is used for + blocklisted mechanisms. + * \-\-client-filter <program> (-Y) Runs the specified external filter program whenever a mail message is forwarded. The filter is passed the name of the message file in the spool directory so that it can edit it as required. A network filter can be - specified as `net:` and prefixes of `spam:` and `exit:` - are also allowed. The `--filter` option is normally more useful than - `--client-filter`. + specified as `net:` and prefixes of `spam:`, + `spam-edit:` and `exit:` are also allowed. The `--filter` option is + normally more useful than `--client-filter`. * \-\-client-interface <ip-address> (-6) @@ -137,11 +145,18 @@ where <option> is: useful when cross-referenced with the source code and they may expose plaintext passwords and mail message content. +* \-\-dnsbl <config> + + Specifies a list of [DNSBL][] servers that are used to reject SMTP connections + from blocked addresses. The configuration string is made up of + comma-separated fields: the DNS server's transport address, a timeout in + milliseconds, a rejection threshold, and then the list of DNSBL servers. + * \-\-domain <fqdn> (-D) Specifies the network name that is used in SMTP EHLO commands, `Received` - lines, and for generating authentication challenges. The default network - name it derived from a DNS lookup of the local hostname. + lines, and for generating authentication challenges. The default is derived + from a DNS lookup of the local hostname. * \-\-dont-serve (-x) @@ -156,8 +171,10 @@ where <option> is: that it can edit it as required. The mail message is rejected if the filter program terminates with an exit code between 1 and 99. Use `net:` to communicate with a filter daemon over the - network, or `spam:` to talk to a spamassassin spamd - daemon, or `exit:` to emulate a filter program that just exits. + network, or `spam:` for a spamassassin spamd daemon to + accept or reject mail messages, or `spam-edit:` to have + spamassassin edit the message content without rejecting it, or + `exit:` to emulate a filter program that just exits. * \-\-filter-timeout <time> (-W) @@ -188,10 +205,15 @@ where <option> is: Windows only. Hides the application window and disables all message boxes. This is useful when running as a windows service. +* \-\-idle-timeout <time> + + Specifies a timeout (in seconds) for receiving network traffic from remote + SMTP and POP clients. The default is 1800 seconds. + * \-\-immediate (-m) - Causes mail messages to be forwarded as soon as they are submitted, even - before they are accepted. This can be used to do proxying without + Causes mail messages to be forwarded as they are received, even before they + have been accepted. This can be used to do proxying without store-and-forward, but in practice clients tend to to time out while waiting for their mail message to be accepted. @@ -254,7 +276,7 @@ where <option> is: * \-\-pop (-B) Enables the POP server listening, by default on port 110, providing access to - spooled mail messages. Negotiated TLS using the POP3 `STLS` command will be + spooled mail messages. Negotiated TLS using the POP `STLS` command will be enabled if the `--server-tls` option is also given. * \-\-pop-auth <file> (-F) @@ -269,10 +291,10 @@ where <option> is: Modifies the spool directory used by the POP server to be a sub-directory with the same name as the POP authentication user-id. This allows multiple POP clients to read the spooled messages without interfering with each - other. Content files can stay in the main spool directory with the envelope - files copied into user-specific sub-directories. The - `emailrelay-filter-copy` program is a convenient way of doing this when run - via `--filter`. + other, particularly when also using `--pop-no-delete`. Content files can + stay in the main spool directory with only the envelope files copied into + user-specific sub-directories. The `emailrelay-filter-copy` program is a + convenient way of doing this when run via `--filter`. * \-\-pop-no-delete (-G) @@ -312,10 +334,18 @@ where <option> is: should contain lines that have four space-separated fields, starting with `server` in the first field; the second field is the password encoding (`plain` or `md5`), the third is the client user-id and the fourth is the - password. The user-id is RFC-1891 xtext encoded, and the password is either + password. The user-id is [RFC-1891][] xtext encoded, and the password is either xtext encoded or generated by `emailrelay-passwd`. A special value of `/pam` can be used for authentication using linux PAM. +* \-\-server-auth-config <config> + + Configures the SMTP server authentication module using a semicolon-separated + list of configuration items. Each item is a single-character key, followed + by a colon and then a comma-separated list. A 'm' character introduces a + preferred sub-set of the built-in authentication mechanisms, and an 'x' is + used for blocklisted mechanisms. + * \-\-server-tls (-K) Enables TLS for incoming SMTP and POP connections. SMTP clients can then @@ -370,7 +400,7 @@ where <option> is: When started as root the program switches to an non-privileged effective user-id when idle. This option can be used to define which user-id is used. - Ignored on Windows. + Specify `root` to disable all user-id switching. Ignored on Windows. * \-\-verbose (-v) @@ -382,7 +412,7 @@ where <option> is: Displays version information and then exits. A configuration file can be used to provide additional options; put each -options on a separate line, use the long option names but without the double +option on a separate line, use the long option names but without the double dash, and separate the option name from the option value with spaces. All command-line options that specify a filename can use a special `@app` @@ -392,9 +422,9 @@ the `emailrelay` executable or MacOS application bundle. Message store ------------- Mail messages are stored as text files in the configured spool directory. Each -e-mail message is represented as an envelope file and a content file. The envelope -file contains parameters relevant to the SMTP dialogue, and the content file -contains the RFC-822 headers and body text. +e-mail message is represented as an envelope file and a content file. The +envelope file contains parameters relevant to the SMTP dialogue, and the +content file contains the [RFC-822][] headers and body text. The filenames used in the message store have a prefix of `emailrelay`, followed by a process-id, timestamp and sequence number, and then `envelope` or @@ -439,8 +469,8 @@ Mail processing The `--filter` command-line option allows you to specify a mail processing program which operates on e-mail messages as they pass through the E-MailRelay system. The filter program is run as soon as the e-mail message has been stored -in the spool directory, with the full path of the content file added onto the -end of the given command-line. +in the spool directory, with the full path of the content file and envelope +file put on the command-line. For example, the following command will start a proxy server on port 587 which processes mail using the specified filter program, and then forwards the @@ -472,9 +502,10 @@ message use an exit code of 100. If the filter program creates completely new e-mail messages in the spool directory then they may not be processed immediately, or they may be completely -ignored. To get E-MailRelay to pick up any new messages you create in the spool -directory use the special 103 exit code, or rely on the `--poll` mechanism, or -perhaps run `emailrelay --as-client` from within the filter program. +ignored. To get E-MailRelay to pick up any new messages you create in the +spool directory use the special 103 exit code, or rely on the `--poll` +mechanism, or perhaps run `emailrelay --as-client` from within the filter +program. As an example of a simple filter program processor this shell script examines the sending client's IP address and conditionally passes the message into @@ -483,7 +514,7 @@ the sending client's IP address and conditionally passes the message into #!/bin/sh # filter.sh content="${1}" - envelope="`echo \"${content}\" | sed 's/content/envelope.new/'`" + envelope="${2}" ip="`awk '/MailRelay-Client:/ {print $2;exit}' \"${envelope}\"`" if test "${ip}" = "192.168.0.2" then @@ -505,7 +536,7 @@ For Windows this example can be rewritten in JavaScript: // filter.js var content = WScript.Arguments(0) ; - var envelope = content.substr(0,content.length-7) + "envelope.new" ; + var envelope = WScript.Arguments(1) ; var fs = WScript.CreateObject( "Scripting.FileSystemObject" ) ; var ts = fs.OpenTextFile( envelope , 1 , false ) ; var e = ts.ReadAll() ; @@ -532,30 +563,33 @@ Either forward-slashes or back-slashes can be used. E-MailRelay also has a `--client-filter` option that enables processing of e-mail messages just before they are forwarded, rather than after they are -stored. The disadvantage is that by then it is too late to notify the submitting -SMTP client of any processing failures, so in many store-and-forward +stored. The disadvantage is that by then it is too late to notify the +submitting SMTP client of any processing failures, so in many store-and-forward applications using `--filter` is more useful. The special exit code of 100 can -be used to ignore the current message, and 102 to stop scanning for more spooled -messages after processing the current one (eg. for simple rate-limiting). +be used to ignore the current message, and 102 to stop scanning for more +spooled messages after processing the current one (eg. for simple +rate-limiting). Bear in mind the following points when writing `--filter` programs: -* The standard input and output are not used; the content filename is passed on the command-line. +* The standard input and output are not used; the message filename is passed on the command-line. * Programs are run with a reduced set of environment variables. * E-MailRelay files use CR-LF line terminators, as required by the RFCs. * Envelope files will have a file extension of `.new` or `.busy` when the program runs. * Windows scripts may need to be run via `cscript` or a batch file wrapper. It is also possible to do message filtering in a separate process by using -`net:` as the `--filter` or `--client-filter` option parameter. -E-MailRelay connects to this address and then uses a simple line-based dialog as -each e-mail message is processed where it sends the full path of the message +`net:` as the `--filter` or `--client-filter` option parameter. +E-MailRelay connects to this address and then uses a simple line-based dialog +as each e-mail message is processed: it sends the full path of the message content file in one line and expects the remote process to respond with an `ok` -line if the message is to be accepted or an error message. +line if the message is to be accepted or an error message. If the error message +contains a tab character then anything after the tab character is logged but +otherwise ignored. -Alternatively, use `spam:` for connecting to a SpamAssassim -`spamd` server, or use `exit:` for simulating a filter program -that just does an exit with the specified exit code. +Alternatively, use `spam:` or `spam-edit:` to connect +to a SpamAssassim `spamd` server, or use `exit:` for simulating a +filter program that just does an exit with the specified exit code. Authentication -------------- @@ -571,12 +605,12 @@ usernames and passwords: emailrelay --as-client=example.com:smtp --client-auth=/etc/emailrelay-server.auth The client-side secrets file specified with `--client-auth` is used when -E-MailRelay acts as a client to talk to a remote server. The file should contain -at least one `client` entry. +E-MailRelay acts as a client to talk to a remote server. The file should +contain at least one `client` entry. The server-side secrets file specified with `--server-auth` is used when a -remote client tries to authenticate with the E-MailRelay server. The file should -normally contain several `server` entries, one for each remote client. +remote client tries to authenticate with the E-MailRelay server. The file +should normally contain several `server` entries, one for each remote client. ![authentication.png](authentication.png) @@ -594,16 +628,18 @@ Lines have four white-space delimited fields: * `password` The `client-or-server` field must be `client` or `server`; the `password-type` -field must be `plain` or `md5`; the `userid` field is xtext-encoded +field should be `plain` or `md5`; the `userid` field is xtext-encoded user identifier; and the `password` field is the xtext-encoded plain password or a base64-encoded `HMAC-MD5` state. For `client` lines the password-type can also be `oauth`. The first two fields are case-insensitive. The `xtext` encoding scheme is -defined properly in RFC-1891, but basically it says that non-alphanumeric +defined properly in [RFC-3461][], but basically it says that non-alphanumeric characters (including space, `+`, `#` and `=`) should be represented in uppercase hexadecimal ascii as `+XX`. So a space should be written as `+20`; -`+` as `+2B`; `#` as `+23`; and `=` as `+3D`. +`+` as `+2B`; `#` as `+23`; and `=` as `+3D`. Also note that modern email +services will expect userids and passwords containing non-ASCII characters to +use UTF-8 encoding with [RFC-4013][] normalisation applied. Authentication proceeds according to an authentication 'mechanism' that is advertised by the server and selected by the client. Many authentication @@ -650,12 +686,13 @@ When the `--server-auth` option is used clients must authenticate with the E-MailRelay server but it is possible to configure some client IP addresses as 'trusted' so that connections from these addresses do not have to authenticate. -Trusted IP addresses are configured with lines in the secrets file having `server` -in the first field, `none` in the second field, a wildcarded IP address in -the third field, and an arbitrary keyword in the fourth field. The keyword field -is passed to any external address verifier program specified by the -`--address-verifier` command-line option; it is not used for any other purpose. -Wildcarded IPv4 addresses can use a format like 192.168.0.0/24 or 192.168.0.*. +Trusted IP addresses are configured with lines in the secrets file having +`server` in the first field, `none` in the second field, a wildcarded IP +address in the third field, and an arbitrary keyword in the fourth field. The +keyword field is passed to any external address verifier program specified by +the `--address-verifier` command-line option; it is not used for any other +purpose. Wildcarded IPv4 addresses can use a format like 192.168.0.0/24 or +192.168.0.*. For example, this secrets file allows any client connecting over IPv4 from the 192.168.0.0/24 address range, or over IPv6 from the fe80::/64 or fc00::/7 @@ -670,12 +707,13 @@ ranges, to connect without authentication: server plain carol my+20password On the client side, authentication is performed when E-MailRelay connects to a -server which implements the SMTP AUTH extension with one of the supported -mechanisms. If the remote server does not support the AUTH extension, or does not -support mechanisms for which E-MailRelay has secrets, then an error will be -logged and no messages will be forward. +server that implements the SMTP AUTH extension with one of the supported +mechanisms. If client-side authentication is required but the remote server +does not support the AUTH extension, or does not support mechanisms for which +E-MailRelay has secrets, then an error will be logged and no messages will be +forwarded. -When E-MailRelay successfully authenticates with the remote server the session +When E-MailRelay successfully authenticates with the remote server the authentication name is passed as the AUTH parameter of the SMTP MAIL FROM command, ignoring any AUTH name from the original submission. This default policy can be modified by editing the `MailFromAuthOut` field in the message @@ -696,8 +734,9 @@ connections start off as unencrypted and the SMTP command `STARTTLS` (or the POP `STLS` command) can be used to negotiate TLS encryption before any passwords are exchanged. -The `--server-tls` option requires that the `--server-tls-certificate` option is -used to specify a PEM-format file containing a X.509 certificate and private key. +The `--server-tls` option requires that the `--server-tls-certificate` option +is used to specify a PEM-format file containing a X.509 certificate and private +key. This OpenSSL command can be used to create a self-signed certificate file suitable for testing: @@ -713,8 +752,8 @@ options for more details. E-MailRelay can also make outgoing SMTP connections using TLS encryption where the whole SMTP dialog is encrypted from the start (`--client-tls-connection`). -This is sometimes called SMTP-over-TLS or secure SMTP (smtps) and it is normally -used with port number 465. +This is sometimes called SMTP-over-TLS or secure SMTP (smtps) or implicit TLS +and it is normally used with port number 465. PAM Authentication ------------------ @@ -744,8 +783,8 @@ account names and passwords to authenticate remote clients. On some systems this will require special permissioning to allow the E-MailRelay server to read the shadow password database. -When using PAM authentication E-MailRelay requires that remote clients establish -an encrypted session using TLS before authentication can proceed. +When using PAM authentication E-MailRelay requires that remote clients +establish an encrypted session using TLS before authentication can proceed. IP addresses ------------ @@ -760,8 +799,8 @@ Eg: --interface 127.0.0.1 -If the `--client-interface` option is used then that address is used to bind the -local end of outgoing SMTP client connections. +If the `--client-interface` option is used then that address is used to bind +the local end of outgoing SMTP client connections. Eg: @@ -787,8 +826,8 @@ The IPv4 and IPv6 wildcard addresses (`0.0.0.0` and `::`) can be used with `--interface` and `--client-interface` to enable the use of IPv4 only or IPv6 only. -To use IPv4 only for incoming connections use `--interface 0.0.0.0`; for IPv6 only -on incoming connections use `--interface ::`. +To use IPv4 only for incoming connections use `--interface 0.0.0.0`; for IPv6 +only on incoming connections use `--interface ::`. --interface 0.0.0.0 # IPv4 only --interface :: # IPv6 only @@ -800,8 +839,8 @@ for IPv6 only on outgoing SMTP connections use `--client-interface ::`. --client-interface :: # IPv6 only Hostnames given in the `--forward-to`, `--as-proxy` and `--as-client` options -are resolved to IPv4 addresses and/or IPv6 addresses using DNS. If both IPv4 and -IPv6 records are returned from the DNS query then the `--client-interface` +are resolved to IPv4 addresses and/or IPv6 addresses using DNS. If both IPv4 +and IPv6 records are returned from the DNS query then the `--client-interface` option can be used to select either the IPv4 or IPv6 results. Otherwise the first address is used, whether that is IPv4 or IPv6. @@ -812,9 +851,9 @@ Eg: SOCKS ----- -E-MailRelay can use a [SOCKS][] 4a proxy for establishing outgoing SMTP connections; -just append the SOCKS proxy address to the SMTP server's address, separated by -`@`. +E-MailRelay can use a [SOCKS][] 4a proxy for establishing outgoing SMTP +connections; just append the SOCKS proxy address to the SMTP server's address, +separated by `@`. For example, this could be used to send e-mails via the Tor network, assuming there is a local Tor node running on port 9050: @@ -842,13 +881,13 @@ mechanism used by the client (if any, and `none` if trusted), and (6) either the authentication name or the fourth field from authentication secrets file if a trusted IP address. -So, for example, a verifier program called `myverifier` might be run with the -following command-line: +So, for example, a verifier program called `myverifier` might be run as if with +the following command-line: myverifier bob@local.net alice@example.com 192.168.0.1:123 local.net login alice -The verifier program is expected to generate two lines of output on the standard -output stream and then terminate with a specific exit code. +The verifier program is expected to generate two lines of output on the +standard output stream and then terminate with a specific exit code. For future-proofing a verifier must report a version number of `2.0` if called with a command-line starting with `--emailrelay-version`. @@ -874,9 +913,11 @@ name \-\- and then exit with a value of zero. echo postmaster exit 0 -For E-MailRelay local delivery just means that the message file in the spool -directory is given a `.local` filename suffix. This can be used to create a -separate channel for administrative messages such as delivery reports. +For E-MailRelay local delivery just means that the message files in the spool +directory are copied to files with a `.local` filename suffix. If all the +envelope recipients are local-mailboxes then no normal message files are +created. This mechanism can be used to create a separate channel for +administrative messages such as delivery reports. For invalid addresses the exit value should be non-zero and the first line of output is the error response. @@ -900,8 +941,8 @@ which may be useful in limiting the impact of denial of service attacks: # address verifier -- abort exit 100 -In this more complete example the verifier script accepts all addresses as valid -as long as they contain an `at` character: +In this more complete example the verifier script accepts all addresses as +valid as long as they contain an `at` character: #!/bin/sh # address verifier -- accept only if containing an at sign @@ -961,16 +1002,44 @@ or written in JavaScript for Windows: WScript.Quit( 3 ) ; } -If this verifier script is used with a suitable `--server-auth` file then it can -be used to prevent open relay without restricting authenticated clients. +If this verifier script is used with a suitable `--server-auth` file then it +can be used to prevent open relay without restricting authenticated clients. It is also possible to verify addresses in a separate daemon process by using a -`--address-verifier` option of the form `net:`. In this case +`--address-verifier` option of the form `net:`. In this case E-MailRelay will connect to the specified verifier daemon over the network and send address verification requests as lines with pipe-delimited fields. The -expected response is another pipe-delimited line containing the same information -as returned by verifier scripts but in reverse, such as `3|address unavailable` -or `0|postmaster|Local Postmaster `. +expected response is another pipe-delimited line containing the same +information as returned by verifier scripts but in reverse, such as +`3|address unavailable` or `0|postmaster|Local Postmaster `. + +Connection blocking +------------------- +All incoming connections from remote network addresses are blocked by default, +but can be allowed by using the `--remote-clients`/`-r` option. This is to +guard against accidental exposure to the internet. + +Incoming SMTP connections can also be checked against DNSBL blocklists in order +to block connections from known spammers. Use the `--dnsbl` option to define a +list of DNSBL servers, together with a rejection threshold. If the threshold +number of servers 'deny' the incoming connection's network address then +E-MailRelay will drop the connection immediately. + +The `--dnsbl` configuration starts with the DNS server network address and a +millisond timeout, followed by the threshold and list of servers: + + emailrelay -r --dnsbl 1.1.1.1:53,500,1,spam.example.com,block.example.com ... + +A threshold of zero means that the DNSBL servers are consulted but connections +are always allowed. This can be combined with verbose logging (`--log -v`) +for initial testing. + +If the timeout period expires before a collective decision is reached then the +connection is allowed. This default behaviour can be changed by using a negative +timeout, but for finer control use a DNSBL proxy. + +Connections from loopback and private ([RFC-1918][]) network addresses are never +checked. Security issues --------------- @@ -1043,8 +1112,8 @@ The following are some security issues that have been taken into consideration: When using PAM for authentication all clients are required to use TLS/SSL encryption. -Security issues which relate to the SMTP protocol itself are beyond the scope of -this document, but RFC-2821 makes the following observation: "SMTP mail is +Security issues which relate to the SMTP protocol itself are beyond the scope +of this document, but [RFC-2821][] makes the following observation: "SMTP mail is inherently insecure in that it is feasible for even [..] casual users to [..] create messages that will trick a [..] recipient into believing that they came from somewhere else. [..] Real [..] security lies [..] in end-to-end methods @@ -1107,6 +1176,7 @@ Installation directories can be defined at build-time by the following * e_pamdir=<dir> * e_spooldir=<dir> * e_sysconfdir=<dir> +* e_rundir=<dir> These are all defaulted to paths that are ultimately based on `--prefix`, so `./configure --prefix=$HOME` will work as expected. @@ -1114,7 +1184,7 @@ These are all defaulted to paths that are ultimately based on `--prefix`, so For a directory structure conforming more closely to the [FHS][] use this configure command: - ./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib --sysconfdir=/etc e_initdir=/etc/init.d + ./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib --sysconfdir=/etc e_initdir=/etc/init.d e_rundir=/run/emailrelay It is possible to change the installation root directory after building by using `make DESTDIR= install` or `DESTDIR= make -e install`. @@ -1129,13 +1199,20 @@ and these default to `%ProgramFiles%/E-MailRelay` for programs and +[DNSBL]: https://en.wikipedia.org/wiki/DNSBL [FHS]: https://wiki.linuxfoundation.org/lsb/fhs [MTA]: https://en.wikipedia.org/wiki/Message_transfer_agent [PAM]: https://en.wikipedia.org/wiki/Linux_PAM [POP]: https://en.wikipedia.org/wiki/Post_Office_Protocol +[RFC-1891]: https://tools.ietf.org/html/rfc1891 +[RFC-1918]: https://tools.ietf.org/html/rfc1918 +[RFC-2821]: https://tools.ietf.org/html/rfc2821 +[RFC-3461]: https://tools.ietf.org/html/rfc3461 +[RFC-4013]: https://tools.ietf.org/html/rfc4013 +[RFC-822]: https://tools.ietf.org/html/rfc822 [SMTP]: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol [SOCKS]: https://en.wikipedia.org/wiki/SOCKS [TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security _____________________________________ -Copyright (C) 2001-2018 Graeme Walker +Copyright (C) 2001-2019 Graeme Walker diff --git a/doc/reference.rst b/doc/reference.rst index 8bb7af4..d96de19 100644 --- a/doc/reference.rst +++ b/doc/reference.rst @@ -61,19 +61,27 @@ where \ is: should normally contain one line that starts with *client* and that line should have between four and five space-separated fields; the second field is the password encoding (*plain* or *md5*), the third is the user-id and - the fourth is the password. The user-id is RFC-1891 xtext encoded, and the + the fourth is the password. The user-id is RFC-1891_ xtext encoded, and the password is either xtext encoded or generated by *emailrelay-passwd*. If the remote server does not support SMTP authentication then the SMTP connection will fail. +* --client-auth-config \ + + Configures the SMTP client authentication module using a semicolon-separated + list of configuration items. Each item is a single-character key, followed + by a colon and then a comma-separated list. A 'm' character introduces an + ordered list of authentication mechanisms, and an 'x' is used for + blocklisted mechanisms. + * --client-filter \ (-Y) Runs the specified external filter program whenever a mail message is forwarded. The filter is passed the name of the message file in the spool directory so that it can edit it as required. A network filter can be - specified as *net:* and prefixes of *spam:* and *exit:* - are also allowed. The *--filter* option is normally more useful than - \ *--client-filter*\ . + specified as *net:* and prefixes of *spam:*, + *spam-edit:* and *exit:* are also allowed. The *--filter* option is + normally more useful than *--client-filter*. * --client-interface \ (-6) @@ -140,11 +148,18 @@ where \ is: useful when cross-referenced with the source code and they may expose plaintext passwords and mail message content. +* --dnsbl \ + + Specifies a list of DNSBL_ servers that are used to reject SMTP connections + from blocked addresses. The configuration string is made up of + comma-separated fields: the DNS server's transport address, a timeout in + milliseconds, a rejection threshold, and then the list of DNSBL servers. + * --domain \ (-D) Specifies the network name that is used in SMTP EHLO commands, *Received* - lines, and for generating authentication challenges. The default network - name it derived from a DNS lookup of the local hostname. + lines, and for generating authentication challenges. The default is derived + from a DNS lookup of the local hostname. * --dont-serve (-x) @@ -159,8 +174,10 @@ where \ is: that it can edit it as required. The mail message is rejected if the filter program terminates with an exit code between 1 and 99. Use *net:* to communicate with a filter daemon over the - network, or *spam:* to talk to a spamassassin spamd - daemon, or *exit:* to emulate a filter program that just exits. + network, or *spam:* for a spamassassin spamd daemon to + accept or reject mail messages, or *spam-edit:* to have + spamassassin edit the message content without rejecting it, or + *exit:* to emulate a filter program that just exits. * --filter-timeout \ (-W) @@ -191,10 +208,15 @@ where \ is: Windows only. Hides the application window and disables all message boxes. This is useful when running as a windows service. +* --idle-timeout \ + + Specifies a timeout (in seconds) for receiving network traffic from remote + SMTP and POP clients. The default is 1800 seconds. + * --immediate (-m) - Causes mail messages to be forwarded as soon as they are submitted, even - before they are accepted. This can be used to do proxying without + Causes mail messages to be forwarded as they are received, even before they + have been accepted. This can be used to do proxying without store-and-forward, but in practice clients tend to to time out while waiting for their mail message to be accepted. @@ -257,7 +279,7 @@ where \ is: * --pop (-B) Enables the POP server listening, by default on port 110, providing access to - spooled mail messages. Negotiated TLS using the POP3 *STLS* command will be + spooled mail messages. Negotiated TLS using the POP *STLS* command will be enabled if the *--server-tls* option is also given. * --pop-auth \ (-F) @@ -272,10 +294,10 @@ where \ is: Modifies the spool directory used by the POP server to be a sub-directory with the same name as the POP authentication user-id. This allows multiple POP clients to read the spooled messages without interfering with each - other. Content files can stay in the main spool directory with the envelope - files copied into user-specific sub-directories. The - *emailrelay-filter-copy* program is a convenient way of doing this when run - via *--filter*. + other, particularly when also using *--pop-no-delete*. Content files can + stay in the main spool directory with only the envelope files copied into + user-specific sub-directories. The *emailrelay-filter-copy* program is a + convenient way of doing this when run via *--filter*. * --pop-no-delete (-G) @@ -315,10 +337,18 @@ where \ is: should contain lines that have four space-separated fields, starting with *server* in the first field; the second field is the password encoding (*plain* or *md5*), the third is the client user-id and the fourth is the - password. The user-id is RFC-1891 xtext encoded, and the password is either + password. The user-id is RFC-1891_ xtext encoded, and the password is either xtext encoded or generated by *emailrelay-passwd*. A special value of */pam* can be used for authentication using linux PAM. +* --server-auth-config \ + + Configures the SMTP server authentication module using a semicolon-separated + list of configuration items. Each item is a single-character key, followed + by a colon and then a comma-separated list. A 'm' character introduces a + preferred sub-set of the built-in authentication mechanisms, and an 'x' is + used for blocklisted mechanisms. + * --server-tls (-K) Enables TLS for incoming SMTP and POP connections. SMTP clients can then @@ -373,7 +403,7 @@ where \ is: When started as root the program switches to an non-privileged effective user-id when idle. This option can be used to define which user-id is used. - Ignored on Windows. + Specify *root* to disable all user-id switching. Ignored on Windows. * --verbose (-v) @@ -385,7 +415,7 @@ where \ is: Displays version information and then exits. A configuration file can be used to provide additional options; put each -options on a separate line, use the long option names but without the double +option on a separate line, use the long option names but without the double dash, and separate the option name from the option value with spaces. All command-line options that specify a filename can use a special *@app* @@ -395,9 +425,9 @@ the *emailrelay* executable or MacOS application bundle. Message store ============= Mail messages are stored as text files in the configured spool directory. Each -e-mail message is represented as an envelope file and a content file. The envelope -file contains parameters relevant to the SMTP dialogue, and the content file -contains the RFC-822 headers and body text. +e-mail message is represented as an envelope file and a content file. The +envelope file contains parameters relevant to the SMTP dialogue, and the +content file contains the RFC-822_ headers and body text. The filenames used in the message store have a prefix of *emailrelay*, followed by a process-id, timestamp and sequence number, and then *envelope* or @@ -442,8 +472,8 @@ Mail processing The *--filter* command-line option allows you to specify a mail processing program which operates on e-mail messages as they pass through the E-MailRelay system. The filter program is run as soon as the e-mail message has been stored -in the spool directory, with the full path of the content file added onto the -end of the given command-line. +in the spool directory, with the full path of the content file and envelope +file put on the command-line. For example, the following command will start a proxy server on port 587 which processes mail using the specified filter program, and then forwards the @@ -477,9 +507,10 @@ message use an exit code of 100. If the filter program creates completely new e-mail messages in the spool directory then they may not be processed immediately, or they may be completely -ignored. To get E-MailRelay to pick up any new messages you create in the spool -directory use the special 103 exit code, or rely on the *--poll* mechanism, or -perhaps run *emailrelay --as-client* from within the filter program. +ignored. To get E-MailRelay to pick up any new messages you create in the +spool directory use the special 103 exit code, or rely on the *--poll* +mechanism, or perhaps run *emailrelay --as-client* from within the filter +program. As an example of a simple filter program processor this shell script examines the sending client's IP address and conditionally passes the message into @@ -490,7 +521,7 @@ the sending client's IP address and conditionally passes the message into #!/bin/sh # filter.sh content="${1}" - envelope="`echo \"${content}\" | sed 's/content/envelope.new/'`" + envelope="${2}" ip="`awk '/MailRelay-Client:/ {print $2;exit}' \"${envelope}\"`" if test "${ip}" = "192.168.0.2" then @@ -514,7 +545,7 @@ For Windows this example can be rewritten in JavaScript: // filter.js var content = WScript.Arguments(0) ; - var envelope = content.substr(0,content.length-7) + "envelope.new" ; + var envelope = WScript.Arguments(1) ; var fs = WScript.CreateObject( "Scripting.FileSystemObject" ) ; var ts = fs.OpenTextFile( envelope , 1 , false ) ; var e = ts.ReadAll() ; @@ -543,30 +574,33 @@ Either forward-slashes or back-slashes can be used. E-MailRelay also has a *--client-filter* option that enables processing of e-mail messages just before they are forwarded, rather than after they are -stored. The disadvantage is that by then it is too late to notify the submitting -SMTP client of any processing failures, so in many store-and-forward +stored. The disadvantage is that by then it is too late to notify the +submitting SMTP client of any processing failures, so in many store-and-forward applications using *--filter* is more useful. The special exit code of 100 can -be used to ignore the current message, and 102 to stop scanning for more spooled -messages after processing the current one (eg. for simple rate-limiting). +be used to ignore the current message, and 102 to stop scanning for more +spooled messages after processing the current one (eg. for simple +rate-limiting). Bear in mind the following points when writing *--filter* programs: -* The standard input and output are not used; the content filename is passed on the command-line. +* The standard input and output are not used; the message filename is passed on the command-line. * Programs are run with a reduced set of environment variables. * E-MailRelay files use CR-LF line terminators, as required by the RFCs. * Envelope files will have a file extension of *.new* or *.busy* when the program runs. * Windows scripts may need to be run via *cscript* or a batch file wrapper. It is also possible to do message filtering in a separate process by using -*net:* as the *--filter* or *--client-filter* option parameter. -E-MailRelay connects to this address and then uses a simple line-based dialog as -each e-mail message is processed where it sends the full path of the message +*net:* as the *--filter* or *--client-filter* option parameter. +E-MailRelay connects to this address and then uses a simple line-based dialog +as each e-mail message is processed: it sends the full path of the message content file in one line and expects the remote process to respond with an *ok* -line if the message is to be accepted or an error message. +line if the message is to be accepted or an error message. If the error message +contains a tab character then anything after the tab character is logged but +otherwise ignored. -Alternatively, use *spam:* for connecting to a SpamAssassim -*spamd* server, or use *exit:* for simulating a filter program -that just does an exit with the specified exit code. +Alternatively, use *spam:* or *spam-edit:* to connect +to a SpamAssassim *spamd* server, or use *exit:* for simulating a +filter program that just does an exit with the specified exit code. Authentication ============== @@ -584,12 +618,12 @@ usernames and passwords: emailrelay --as-client=example.com:smtp --client-auth=/etc/emailrelay-server.auth The client-side secrets file specified with *--client-auth* is used when -E-MailRelay acts as a client to talk to a remote server. The file should contain -at least one *client* entry. +E-MailRelay acts as a client to talk to a remote server. The file should +contain at least one *client* entry. The server-side secrets file specified with *--server-auth* is used when a -remote client tries to authenticate with the E-MailRelay server. The file should -normally contain several *server* entries, one for each remote client. +remote client tries to authenticate with the E-MailRelay server. The file +should normally contain several *server* entries, one for each remote client. .. image:: authentication.png :alt: authentication.png @@ -609,16 +643,18 @@ Lines have four white-space delimited fields: * \ *password*\ The *client-or-server* field must be *client* or *server*; the *password-type* -field must be *plain* or *md5*; the *userid* field is xtext-encoded +field should be *plain* or *md5*; the *userid* field is xtext-encoded user identifier; and the *password* field is the xtext-encoded plain password or a base64-encoded *HMAC-MD5* state. For *client* lines the password-type can also be *oauth*. The first two fields are case-insensitive. The *xtext* encoding scheme is -defined properly in RFC-1891, but basically it says that non-alphanumeric +defined properly in RFC-3461_, but basically it says that non-alphanumeric characters (including space, *+*, *#* and *=*) should be represented in uppercase hexadecimal ascii as *+XX*. So a space should be written as *+20*; -*+* as *+2B*; *#* as *+23*; and *=* as *+3D*. +*+* as *+2B*; *#* as *+23*; and *=* as *+3D*. Also note that modern email +services will expect userids and passwords containing non-ASCII characters to +use UTF-8 encoding with RFC-4013_ normalisation applied. Authentication proceeds according to an authentication 'mechanism' that is advertised by the server and selected by the client. Many authentication @@ -669,12 +705,13 @@ When the *--server-auth* option is used clients must authenticate with the E-MailRelay server but it is possible to configure some client IP addresses as 'trusted' so that connections from these addresses do not have to authenticate. -Trusted IP addresses are configured with lines in the secrets file having *server* -in the first field, *none* in the second field, a wildcarded IP address in -the third field, and an arbitrary keyword in the fourth field. The keyword field -is passed to any external address verifier program specified by the -*--address-verifier* command-line option; it is not used for any other purpose. -Wildcarded IPv4 addresses can use a format like 192.168.0.0/24 or 192.168.0.*. +Trusted IP addresses are configured with lines in the secrets file having +*server* in the first field, *none* in the second field, a wildcarded IP +address in the third field, and an arbitrary keyword in the fourth field. The +keyword field is passed to any external address verifier program specified by +the *--address-verifier* command-line option; it is not used for any other +purpose. Wildcarded IPv4 addresses can use a format like 192.168.0.0/24 or +192.168.0.*. For example, this secrets file allows any client connecting over IPv4 from the 192.168.0.0/24 address range, or over IPv6 from the fe80::/64 or fc00::/7 @@ -691,12 +728,13 @@ ranges, to connect without authentication: server plain carol my+20password On the client side, authentication is performed when E-MailRelay connects to a -server which implements the SMTP AUTH extension with one of the supported -mechanisms. If the remote server does not support the AUTH extension, or does not -support mechanisms for which E-MailRelay has secrets, then an error will be -logged and no messages will be forward. +server that implements the SMTP AUTH extension with one of the supported +mechanisms. If client-side authentication is required but the remote server +does not support the AUTH extension, or does not support mechanisms for which +E-MailRelay has secrets, then an error will be logged and no messages will be +forwarded. -When E-MailRelay successfully authenticates with the remote server the session +When E-MailRelay successfully authenticates with the remote server the authentication name is passed as the AUTH parameter of the SMTP MAIL FROM command, ignoring any AUTH name from the original submission. This default policy can be modified by editing the *MailFromAuthOut* field in the message @@ -717,8 +755,9 @@ connections start off as unencrypted and the SMTP command *STARTTLS* (or the POP *STLS* command) can be used to negotiate TLS encryption before any passwords are exchanged. -The *--server-tls* option requires that the *--server-tls-certificate* option is -used to specify a PEM-format file containing a X.509 certificate and private key. +The *--server-tls* option requires that the *--server-tls-certificate* option +is used to specify a PEM-format file containing a X.509 certificate and private +key. This OpenSSL command can be used to create a self-signed certificate file suitable for testing: @@ -736,8 +775,8 @@ options for more details. E-MailRelay can also make outgoing SMTP connections using TLS encryption where the whole SMTP dialog is encrypted from the start (\ *--client-tls-connection*\ ). -This is sometimes called SMTP-over-TLS or secure SMTP (smtps) and it is normally -used with port number 465. +This is sometimes called SMTP-over-TLS or secure SMTP (smtps) or implicit TLS +and it is normally used with port number 465. PAM Authentication ================== @@ -769,8 +808,8 @@ account names and passwords to authenticate remote clients. On some systems this will require special permissioning to allow the E-MailRelay server to read the shadow password database. -When using PAM authentication E-MailRelay requires that remote clients establish -an encrypted session using TLS before authentication can proceed. +When using PAM authentication E-MailRelay requires that remote clients +establish an encrypted session using TLS before authentication can proceed. IP addresses ============ @@ -787,8 +826,8 @@ Eg: --interface 127.0.0.1 -If the *--client-interface* option is used then that address is used to bind the -local end of outgoing SMTP client connections. +If the *--client-interface* option is used then that address is used to bind +the local end of outgoing SMTP client connections. Eg: @@ -820,8 +859,8 @@ The IPv4 and IPv6 wildcard addresses (*0.0.0.0* and *::*) can be used with *--interface* and *--client-interface* to enable the use of IPv4 only or IPv6 only. -To use IPv4 only for incoming connections use *--interface 0.0.0.0*; for IPv6 only -on incoming connections use *--interface ::*. +To use IPv4 only for incoming connections use *--interface 0.0.0.0*; for IPv6 +only on incoming connections use *--interface ::*. :: @@ -837,8 +876,8 @@ for IPv6 only on outgoing SMTP connections use *--client-interface ::*. --client-interface :: # IPv6 only Hostnames given in the *--forward-to*, *--as-proxy* and *--as-client* options -are resolved to IPv4 addresses and/or IPv6 addresses using DNS. If both IPv4 and -IPv6 records are returned from the DNS query then the *--client-interface* +are resolved to IPv4 addresses and/or IPv6 addresses using DNS. If both IPv4 +and IPv6 records are returned from the DNS query then the *--client-interface* option can be used to select either the IPv4 or IPv6 results. Otherwise the first address is used, whether that is IPv4 or IPv6. @@ -851,9 +890,9 @@ Eg: SOCKS ===== -E-MailRelay can use a SOCKS_ 4a proxy for establishing outgoing SMTP connections; -just append the SOCKS proxy address to the SMTP server's address, separated by -\ *@*\ . +E-MailRelay can use a SOCKS_ 4a proxy for establishing outgoing SMTP +connections; just append the SOCKS proxy address to the SMTP server's address, +separated by *@*. For example, this could be used to send e-mails via the Tor network, assuming there is a local Tor node running on port 9050: @@ -883,15 +922,15 @@ mechanism used by the client (if any, and *none* if trusted), and (6) either the authentication name or the fourth field from authentication secrets file if a trusted IP address. -So, for example, a verifier program called *myverifier* might be run with the -following command-line: +So, for example, a verifier program called *myverifier* might be run as if with +the following command-line: :: myverifier bob@local.net alice@example.com 192.168.0.1:123 local.net login alice -The verifier program is expected to generate two lines of output on the standard -output stream and then terminate with a specific exit code. +The verifier program is expected to generate two lines of output on the +standard output stream and then terminate with a specific exit code. For future-proofing a verifier must report a version number of *2.0* if called with a command-line starting with *--emailrelay-version*. @@ -921,9 +960,11 @@ name -- and then exit with a value of zero. echo postmaster exit 0 -For E-MailRelay local delivery just means that the message file in the spool -directory is given a *.local* filename suffix. This can be used to create a -separate channel for administrative messages such as delivery reports. +For E-MailRelay local delivery just means that the message files in the spool +directory are copied to files with a *.local* filename suffix. If all the +envelope recipients are local-mailboxes then no normal message files are +created. This mechanism can be used to create a separate channel for +administrative messages such as delivery reports. For invalid addresses the exit value should be non-zero and the first line of output is the error response. @@ -953,8 +994,8 @@ which may be useful in limiting the impact of denial of service attacks: # address verifier -- abort exit 100 -In this more complete example the verifier script accepts all addresses as valid -as long as they contain an *at* character: +In this more complete example the verifier script accepts all addresses as +valid as long as they contain an *at* character: :: @@ -1020,16 +1061,46 @@ or written in JavaScript for Windows: WScript.Quit( 3 ) ; } -If this verifier script is used with a suitable *--server-auth* file then it can -be used to prevent open relay without restricting authenticated clients. +If this verifier script is used with a suitable *--server-auth* file then it +can be used to prevent open relay without restricting authenticated clients. It is also possible to verify addresses in a separate daemon process by using a -*--address-verifier* option of the form *net:*. In this case +*--address-verifier* option of the form *net:*. In this case E-MailRelay will connect to the specified verifier daemon over the network and send address verification requests as lines with pipe-delimited fields. The -expected response is another pipe-delimited line containing the same information -as returned by verifier scripts but in reverse, such as *3|address unavailable* -or *0|postmaster|Local Postmaster *. +expected response is another pipe-delimited line containing the same +information as returned by verifier scripts but in reverse, such as +*3|address unavailable* or *0|postmaster|Local Postmaster *. + +Connection blocking +=================== +All incoming connections from remote network addresses are blocked by default, +but can be allowed by using the *--remote-clients*/*-r* option. This is to +guard against accidental exposure to the internet. + +Incoming SMTP connections can also be checked against DNSBL blocklists in order +to block connections from known spammers. Use the *--dnsbl* option to define a +list of DNSBL servers, together with a rejection threshold. If the threshold +number of servers 'deny' the incoming connection's network address then +E-MailRelay will drop the connection immediately. + +The *--dnsbl* configuration starts with the DNS server network address and a +millisond timeout, followed by the threshold and list of servers: + +:: + + emailrelay -r --dnsbl 1.1.1.1:53,500,1,spam.example.com,block.example.com ... + +A threshold of zero means that the DNSBL servers are consulted but connections +are always allowed. This can be combined with verbose logging (\ *--log -v*\ ) +for initial testing. + +If the timeout period expires before a collective decision is reached then the +connection is allowed. This default behaviour can be changed by using a negative +timeout, but for finer control use a DNSBL proxy. + +Connections from loopback and private (RFC-1918_) network addresses are never +checked. Security issues =============== @@ -1102,8 +1173,8 @@ The following are some security issues that have been taken into consideration: When using PAM for authentication all clients are required to use TLS/SSL encryption. -Security issues which relate to the SMTP protocol itself are beyond the scope of -this document, but RFC-2821 makes the following observation: "SMTP mail is +Security issues which relate to the SMTP protocol itself are beyond the scope +of this document, but RFC-2821_ makes the following observation: "SMTP mail is inherently insecure in that it is feasible for even [..] casual users to [..] create messages that will trick a [..] recipient into believing that they came from somewhere else. [..] Real [..] security lies [..] in end-to-end methods @@ -1168,6 +1239,7 @@ Installation directories can be defined at build-time by the following * e_pamdir=\ * e_spooldir=\ * e_sysconfdir=\ +* e_rundir=\ These are all defaulted to paths that are ultimately based on *--prefix*, so *./configure --prefix=$HOME* will work as expected. @@ -1177,7 +1249,7 @@ command: :: - ./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib --sysconfdir=/etc e_initdir=/etc/init.d + ./configure --prefix=/usr --localstatedir=/var --libexecdir=/usr/lib --sysconfdir=/etc e_initdir=/etc/init.d e_rundir=/run/emailrelay It is possible to change the installation root directory after building by using *make DESTDIR= install* or *DESTDIR= make -e install*. @@ -1193,12 +1265,19 @@ and these default to *%ProgramFiles%/E-MailRelay* for programs and +.. _DNSBL: https://en.wikipedia.org/wiki/DNSBL .. _FHS: https://wiki.linuxfoundation.org/lsb/fhs .. _MTA: https://en.wikipedia.org/wiki/Message_transfer_agent .. _PAM: https://en.wikipedia.org/wiki/Linux_PAM .. _POP: https://en.wikipedia.org/wiki/Post_Office_Protocol +.. _RFC-1891: https://tools.ietf.org/html/rfc1891 +.. _RFC-1918: https://tools.ietf.org/html/rfc1918 +.. _RFC-2821: https://tools.ietf.org/html/rfc2821 +.. _RFC-3461: https://tools.ietf.org/html/rfc3461 +.. _RFC-4013: https://tools.ietf.org/html/rfc4013 +.. _RFC-822: https://tools.ietf.org/html/rfc822 .. _SMTP: https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol .. _SOCKS: https://en.wikipedia.org/wiki/SOCKS .. _TLS: https://en.wikipedia.org/wiki/Transport_Layer_Security -.. footer:: Copyright (C) 2001-2018 Graeme Walker +.. footer:: Copyright (C) 2001-2019 Graeme Walker diff --git a/doc/reference.txt b/doc/reference.txt index bf3947c..a84c0a3 100644 --- a/doc/reference.txt +++ b/doc/reference.txt @@ -55,13 +55,20 @@ where