Sortie d'Exim 4.0 (et de la 3.35)

Posté par  (site web personnel) . Modéré par Fabien Penso.
Étiquettes :
0
26
fév.
2002
Communauté
Exim, le célèbre MTA (agent de transport de courriers), vient de sortir en version 4.0. Le ChangeLog de cette première version de la branche 4.x précise juste qu'il y a eu pleins de modifs par rapport à la 3.0 (il faut regarder dans les sources pour avoir plus d'infos).

A noter aussi la sortie de la 3.35, une version de maintenance qui corrige notamment les derniers trous de sécurité trouvés dans la branche des 3.x.

Exim est par exemple le MTA par défaut sur les Debian GNU/Linux.

Aller plus loin

  • # ChangeLog

    Posté par  (site web personnel) . Évalué à -10.

    Change log file for Exim from version 3.951
    -------------------------------------------


    Exim version 4.00
    -----------------

    1. Changed the name of debug_print for authenticators (3.953/38) to
    server_debug_print because it applies only when the authenticator is
    running as a server.

    2. Forgot to change DB_ to EXIMDB_ in the Cygwin Makefile.

    3. There were still a couple of uses of vfork() when passing a socket to a
    new delivery process. The use of vfork() is not recommended these days,
    so I changed them to fork().

    4. Added the spa authentication mechanism, using the code contributed by Marc
    Prud'hommeaux (and mostly taken from the Samba project). This supports
    Microsoft's "Secure Password Authentication", but only as a client.

    5. queryprogram had current_directory unset, but used "/" when it was unset.
    It is tidier just to make the default "/" and have done with it.

    6. When a delivery is run with -v, the -v flag is no longer passed on to new
    processes that are started in order to send other messages on existing
    SMTP connections. This prevents non-admin users from seeing these other
    deliveries. Admin users can specify a higher level of debugging, and when
    this is done, the debugging selection is passed on.

    7. Increased the increment for dynamic strings from 50 to 100.

    8. When Exim was building a dynamic string for $header_xxx from a number of
    headers of the same name, or for $message_headers, it was using the dynamic
    string function which is designed for use with relatively short strings. If
    a pathological message had an enormous header, it chewed up memory at a
    ridiculous rate. The code has been rewritten so that it does not do this.
    With a 64K header string (there's a limit set at 64K) it now just gets one
    64K buffer. Previously it used a large number of megabytes to build such a
    string, and some system filter processing ran machines into the ground on
    messages with huge headers.

    9. The work for 8 involved a small amount of other "refactoring" in the
    expansion functions.

    10. If "headers add" or "headers remove" were used in a system filter, the
    headers didn't actually get changed when testing with -bF. This could
    affect later commands in the filter that referred to the headers.

    11. Two system filter bugs: (a) The system filter was always being run as root,
    even if system_filter_user was set. (b) When the system filter was not run
    as root, changes to the header lines by "headers add" or "headers remove"
    were being lost. Because of (a), (b) would never have bitten.

    12. Some "refactoring" in the daemon:
    (a) Removed redundant statement smtp_in=NULL.
    (b) The test for fork failure for a delivery process was not quite in the
    right place.
    (c) Added main and panic logging for receive and delivery fork failures.
    (d) Check for fdopen() failure, and don't try to continue, but ensure
    the sockets get closed.
    (e) Log fclose() failures.

    13. Added the "/data" facility to ACL dnslists so as to make it easy to use,
    for example, the domain lookup of rfc-ignorant.org.

    14. Refactored the code in the daemon to use a vector of structures instead of
    two separate vectors for storing the pid of a spawned accepting process and
    the corresponding IP address of the client. (This is to make it easier to
    add other things.)

    15. If EXIM_USER or EXIM_GROUP were set to the empty string in Local/Makefile,
    the uid or gid were set to zero, which is unsafe. These settings now cause
    an error message at build time.

    16. check_ancestor was doing its check case-sensitively, which meant that it
    did not work with some configurations when redirecting changed the case of
    the local part. Now check_ancestor respects the setting of
    caseful_local_part on the router which routed the ancestor address.

    17. The check for router looping (whether the current router had previously
    routed the same address) was always being done case-insensitively. It
    should do the local part check case-sensitively when caseful_local_part is
    set for that router.

    18. Added helo_try_verify_hosts, which is like helo_verify_hosts except that
    it doesn't reject failing HELO/EHLO. Instead the verification state can be
    testing in an ACL by verify=helo.

    19. When echoing log writes from a parallel remote delivery process to the
    debug output, the pid of the parallel process was being omitted.

    20. In an ACL run for a RCPT command, the values of $domain and $local_part
    were becoming unset after a sender or recipient verification.

    21. Exim crashed if called with -C followed by a ridiculously long string.

    22. Some other potential points of trouble caused by pathological input data
    have been defended.

    23. If hosts_randomize was set on an smtp transport, the randomizing code had
    a bug which could put the delivery process into a tight loop.



    Exim version 3.953
    ------------------

    1. Exim was not terminating the names of named lists in memory. It got away
    with this on systems where newly malloc()d store is zeroed (always a bad
    practice). When running in its test harness, Exim now ensures that all
    new memory from malloc is filled with a non-zero value. This will help
    pick up bugs like this in future. (I haven't made it do it always, for
    performance reasons.)

    2. When skip_syntax_errors was set on a redirect router, and a forward file
    (NOT a filter file) contained only invalid addresses, the message was
    discarded. The router now declines, as it does for invalid filter files.
    Thus, the address is passed on unless no_more is set.

    3. When an address containing upper case letters in the local part was
    deferred, eximon showed the lowercased version with the caseful version
    as a "parent", as well as the original caseful version in its queue list.

    4. When hide_child_in_errmsg was set on a redirect router, bounce messages
    still showed the failed addresses in the X-Failed-Recipients: header line.

    5. Change 6 for 3.952 should also have included SIGTERM.

    6. exim -bP +something was searching only the domain lists. It now searches
    all lists for a matching name.

    7. If Local/Makefile contains more than one of USE_DB, USE_GDBM, or USE_TDB,
    give a build-time error. When it does contain one of them, arrange for any
    OS default for any other one to be overridden. (The code expects at most
    one of these to be defined.)

    8. When a value for transport_home_directory is taken from the password
    information, wrap it in \N...\N so that it isn't expanded in the transport.
    This affects Cygwin, where home directories may contain $ characters.

    9. Fixed an occasional crash when autoreply was sending a message created by
    a user's filter file. It was referencing uninitialized memory. (The
    prophylactic mentioned in 1 above made it a hard error.)

    10. The "run" and "readfile" expansion items could sometimes return extra junk
    characters (yet another uninitialized memory bug).

    11. The lockout options forbid_filter_existstest etc. were not propagating to
    the expansion of files sent as part of "mail" messages from users' filter
    files.

    12. Another unterminated string bug: when an ACL was read from a file
    dynamically it wasn't properly terminated.

    13. Cached pgsql connections weren't being re-used, leading to a potential
    build-up of open connections.

    14. $message_headers is supposed to be limited to 64K in length, but it wasn't
    so limited if an individual header line was longer than 64K.

    15. An individual header line, or concatenation of multiple identically-
    named header lines, inserted by $h_xxxx is supposed to be limited to 64K in
    length, but it wasn't so limited if the only header line was longer than
    64K.

    16. A syntactically incorrect setting of -d... is now treated as a command line
    syntax error (message to stderr, return code 1), without any entry on the
    log.

    17. Modifications to the exim_install script:
    (a) Scan the combined Makefile in the build directory instead of messing
    around scanning its individual constituent files.
    (b) Use sed instead of a pipe of grep, tail and cuts. This allows better
    control, but has to be very simple sed in order to work on Solaris.
    (c) Allow for the setting of EXE to add a subscript to executables for
    the benefit of Cygwin.
    (d) Use -c instead of -b with "cut" because the "cut" in BSD/OS doesn't
    grok -b.

    18. Changes for Cygwin:
    (a) Update scripts/os-type to recognize CYGWIN.
    (b) Arrange (via the Uopen() macro) for all calls to open() to have
    the O_BINARY flag, to avoid CRLF problems.
    (c) If OS_INIT is defined, call it at the very start of Exim's execution.
    (d) When resolver debugging is enabled, set _res.options |= RES_DEBUG
    before calling res_init() as well as after, because that generates
    some debugging info during initialization.

    19. Make the initial call to os_getloadavg() in exim.c conditional on
    LOAD_AVG_NEEDS_ROOT because it is done just to initialize os_getloadavg()
    on systems that require the first call to be done as root. It should be
    called only when messages are being received; it was being called
    unnecessarily in some cases.

    20. If Exim failed to open its retry hints database at routing time, it crashed
    during a subsequent local delivery.

    21. If Exim is neither setuid root nor called by root, there is no need to
    attempt to drop root privilege when it is not needed.

    22. I'd forgotten to remove the check for the presence of %s in pid_file_path
    when it was set at run time.

    23. If a transport filter crashed, or yielded a non-zero return code during an
    SMTP delivery, Exim was not aborting the delivery. This led to multiple
    partial deliveries of the message until the transport filter was fixed.

    24. Do not try alternate hosts if a transport filter crashes or yields a
    non-zero return during an SMTP delivery.

    25. When exim -be is reading input lines from stdin, backslash can now be used
    for continuations. This makes it easier to test expansions from a
    configuration file by cut and paste, and long expansions in general.

    26. The file src/auths/xtextdecode.c was incorrectly named xtestdecode.c, but
    because the MakeLinks script built a symbolic link that worked, this
    mistake didn't actually show up.

    27. When Exim is delivering another message down an existing connection,
    remote_max_parallel should be forced to 1; this wasn't happening, though
    it would have caused a problem only if a message had more than 100
    recipients routed to the host.

    28. When there was a problem while delivering down an existing connection, such
    that the transport process closed the connection, this fact wasn't getting
    communicated to the calling delivery process, which might have tried to do
    more deliveries on the same connection. This would only have caused a
    problem if there were more than 100 recipients to the same host.

    29. The ${extract} action, with a negative field number that selected the first
    field in a string, could return junk characters at the start of the
    extracted field.

    30. When Exim is acting as a client, if an attempt to start a TLS session fails
    during the TLS negotiation phase (i.e. STARTTLS is accepted, but there's a
    problem such as an unrecognized certificate during TLS session startup),
    Exim used always to defer delivery. Now, unless the host is in
    hosts_require_tls, Exim makes a new connection to the host and attempts to
    send the message unencrypted. This avoids stuck messages for servers that
    advertise STARTTLS but don't actually support it properly.

    31. Added ${address:xxx} to go with ${domain:xxx} and ${local_part:xxx} which
    extract from RFC 2822 addresses.

    32. The rules for recognizing when Exim is being called from inetd have
    changed. Previously Exim required SMTP input, stdin to be a TCP/IP socket,
    and the caller to be root or the Exim user. This left a gaping hole if the
    caller was not root or the Exim user, because then it wouldn't do the
    policy checking for a remote host, because it didn't realize it was being
    called from inetd. (This was seen on Debian configurations). Exim now
    behaves as follows: if the input is SMTP and stdin is a TCP/IP socket, a
    call from inetd is assumed. This is allowed to proceed either if the caller
    is root or the Exim user, or if the port used is privileged (less than
    1024). Otherwise (a different user passing an unprivileged port) Exim gives
    a "Permission denied" error.

    33. Removed $compile_number from the default SMTP banner line (after discussion
    on the mailing list). Also removed it from the default $Received: header.

    34. # is documented as a comment character in the run time configuration only
    when it appears at the start of a line. In the case of boolean values,
    extra characters after "= true" or "= false" were being ignored, leading to
    a false impression that comments could appear there. This is now diagnosed
    as an error.

    35. If a boolean option without a following "=" was followed by # (in the
    mistaken belief that this would be a comment), the error was "missing =",
    which was confusing. Exim now complains about extra characters.

    36. When Exim complains about extra characters following an option setting, it
    now adds a comment about comments if the first extra character is #.

    37. Output debug_print strings when testing a host using -bh.

    38. Added debug_print to authenticators (compare routers and transports). This
    outputs when an authenticator is called as a server. It can be helpful
    while testing with -bh.

    39. Added debugging output to the crypteq condition.

    40. If a named domain or local part list used in a "domains" or "local_parts"
    option on a router matched by means of a lookup, the $domain_data and
    $local_part_data variables were set for the first router that did this, but
    were not set for any subsequent routers that used the same named list. The
    same was true for multiple tests of named domain or local parts lists in an
    ACL.

    41. If the variable "build" is set when the top-level Makefile is run, the
    variable now propagates from the top-level Makefile to subsidiary ones.
    In addition, Local/Makefile-$(build) is added to the list of concatenated
    files that go at the start of the Makefile in the build directory.

    42. If NO_SYMLINK is defined in Local/Makefile, the exim_install script just
    copies the Exim binary in with its unique name, without moving the "exim"
    symbolic link to it.

    43. Added BSDI 4.2 as a BSDI variant in scripts/os-type.

    44. The spool file format for remembering a "one_time" redirection has changed;
    I had forgotten to make Exim 4 capable of reading Exim 3 spool files.

    45. Address lists are now permitted to include items of the form *@+name where
    "name" is a named domain list. (Note that an item of the form +name is
    taken as a named _address_ list.)

    46. When Exim gives up privilege and reverts to the calling user because it was
    called with the -C, -D, -be, or -bi options, it now reinstates the
    supplementary group list as well as the uid and gid.

    47. The crypteq condition has been extended. When the encrypted string begins
    with "{md5}" Exim used to assume that the digest was encoded as a base64
    string. Now it assumes this only if its length is 24 bytes. If the length
    is 32 bytes, Exim assumes a digest expressed in hex characters. If the
    length is neither 24 nor 32, the comparison always fails.

    48. Updated the convert4r4 script:

    (a) Some typos in the comments.
    (b) Remove kill_ip_options, log_ip_options, and refuse_ip_options, which
    no longer exist.
    (c) Move all macro definitions to the top of the output, to ensure that
    they precede any references to them.
    (d) If tls_verify_ciphers was set without tls_verify_hosts, the generated
    new configuration insisted on encryption ("these ciphers must be
    used for all connections") instead of just checking the cipher when
    encryption happened ("if encrypted, these ciphers must be used").
    (e) Address lists are now checked to see if they contain any bare lookup
    items and if they do, these are converted to two items, the first
    preceded by "*@" and the second with "partial-" removed. This makes
    Exim 4 behave in the way that Exim 3 used to. An explanatory comment
    is output.
    (f) Put more explanation in above the "hosts = :" test.

    49. Write a main and panic log entry when "partial-" is ignored in a lookup
    that is part of an address list. (Applies when the item is a lookup for
    which the whole address is the key.)

    50. Two changes to the way $original_local_part and $parent_local_part work:

    (a) When an address that had a prefix or suffix was redirected to another
    address, the value of $original_local_part and $parent_local_part
    had the prefix or suffix stripped when referred to during the
    processing of the child address. This doesn't seem right, so it has
    been changed.
    (b) When an address that had a prefix or suffix was being processed,
    $local_part had the affix stripped, and if it was a top-level
    address, $original_local_part also has the affix stripped. This has
    been changed. Now $original_local_part contains the same value at all
    levels. ($parent_local_part remains empty at top level.)

    51. A number of macros in the Exim source began with "DB_". When compiling
    with Berkeley DB version 4, DB_LOCK_TIMEOUT clashed with a macro set by
    that package. The Exim macros now all start with "EXIMDB_", and Exim
    therefore now supports DB version 4.

    52. Newlines in a "freeze" text from a system filter were being sent as \n
    in messages created by the "freeze_tell" option. They are now converted
    back to newlines (in the log line they continue to appear as \n).

    53. Added a new ACL condition "verify = reverse_host_lookup". This does a
    reverse lookup of the client host's IP address, then does a forward lookup
    for all the names it receives, and checks that at least one of the IP
    addresses obtained from the forward lookup matches the incoming IP address.
    The lookups are done with gethostbyaddr() and gethostbyname(),
    respectively.

    54. A small fix to eximstats reduces its store usage substantially when it is
    processing very large log files: when a message's "completed" line is
    reached, discard the memory of the message's size.

    55. If an address was redirected to itself more than once (e.g. by two
    different "redirect" routers, or because of the use of "unseen", it was
    incorrectly discarded as a duplicate address.

    56. For a rewrite pattern of the form *@something, if an actual address
    contained @ in the local part (e.g. "a@b"@x.y), the value of $1 was set
    incorrectly during expansion of the replacement address (it stopped at the
    first @ instead of at the last one).

    57. Added hosts_nopass_tls to the smtp transport. For any host that matches
    this list, a connection on which a TLS session has been started will not be
    passed to a new delivery process for sending another message on the same
    connection.

    58. The -dropcr command line option now turns CRLF into LF, while leaving
    isolated CR characters alone. (Previously it removed _all_ CR characters.)
    There is now also a drop_cr main option which has the effect of -dropcr for
    all incoming non-SMTP messages.

    59. If a configuration file macro expanded into a boolean option which was not
    followed by = and a value, Exim gave a spurious error for an "unknown"
    value for the option (typically a string from the previous line).


    Exim version 3.952
    ------------------

    1. convert4r4 had an incorrect file name in its comment output.

    2. convert4r4 was looking up $local_part instead of $domain in its generated
    manualroute output.

    3. There was no check that getpeername() was giving a socket address when
    called on stdin passed from a previous delivery.

    4. Fixed an old bug whereby Exim could segfault if debugging was turned on and
    a DNS lookup found MX records for hosts whose A records had to be looked up
    separately, and some of them pointed to the local host (pretty rare).

    5. The debugging output for log writes now shows the names of any log selectors
    instead of the hex value of the selector word.

    6. If a delivery subprocess is terminated by SIGKILL or SIGQUIT, do not freeze
    the message. This can happen during system shutdown. Other kinds of process
    failure indicate problems.

    7. If a sender verification did not complete (e.g. DNS lookup timed out), the
    log line for the temporary RCPT rejection did not always say why (it lost
    the message if there had been a previous call to any lookup).

    8. The special message about MX records that point to IP addresses instead of
    host names was not getting returned in the SMTP response when a
    verification failed. This has been fixed, and the message that is logged in
    this circumstance has been made less verbose.

    9. When an SMTP callout is done, Exim tries to use the interface and port
    number from the transport that the address was routed to during the prior
    verification. If it wasn't routed to a remote transport, or if there's a
    problem expanding the relevant options, Exim does not use a specific
    interface, and it connects to port 25.

    10. If the string "syslog" happened to occur in the log file path, eximon was
    failing to extract the name of the main log file correctly.

    11. Unlike other operating systems, Linux does not sync a directory after a
    rename. However, we need this to happen to be sure an incoming message has
    been safely recorded after it has been received. I have therefore added a
    macro called NEED_SYNC_DIRECTORY (which is set in OS/os.h_Linux) to request
    Exim to do an explicit sync on the directory after the rename. If
    O_DIRECTORY is defined, it is used when opening the directory.

    12. When a system filter creates any new deliveries, they are given a fake
    "parent" address which appears on the logs, and is necessary for pipes,
    files, and autoreplies, which cannot be toplevel addresses. This fake was
    set up with the text "system filter". It's been changed to "system-filter"
    because the space in the previous text could cause trouble.

    13. The new option local_sender_retain suppresses the removal of Sender: header
    lines in locally-submited (non-TCP/IP) messages from untrusted users. It is
    required that no_local_from_check be set with local_sender_retain.

    14. In a file interpolated into an address list, if a local part contained a
    # character and there was also a following comment (introduced by a #
    preceded by white space), the comment was not recognized.

    15. Local part lists are now handled as address lists as far as recognition of
    comments in interpolated files and the processing of +caseful at the top
    level are concerned. In the local_parts option of a router, +caseful will
    restore case-sensitive matching, even when the router does not have
    caseful_local_part set (the default).

    16. The key used for a dsearch lookup may not contain '/'. If it does, the
    lookup defers.

    17. When starting a delivery process after receiving a message locally, discard
    the controlling terminal unless debugging is turned on.

    18. The exim group was automatically trusted; this was not correct because it
    meant that admin users who were in the exim group were automatically
    trusted. If you want the exim group to be trusted, it must now be
    explicitly configured.

    19. The default configuration mentioned "dns_lists" instead of "dnslists" in a
    comment.

    20. Minor corrections and changes to the Exim4.upgrade document and to the
    OptionLists.txt document.

    21. If a local part beginning with a pipe symbol was routed to a pipe
    transport, the transport got confused as to which command it should run.
    This could be a security exposure if unchecked local parts are routed to
    pipe transports.

    22. When logging SMTP connections to the daemon from other hosts, include the
    connection count in the log line. Tidied up the identification of SMTP
    sources in logging lines.

    23. Added "sender_domains" as a new ACL condition so that the Exim 3 setting
    of sender_verify_callback_domains can easily be replicated. Corrected
    convert4r4, which was incorrectly converting this to a "domains" setting.

    24. The code for reading ident values was not discarding leading spaces, which
    some hosts seem to send.

    25. The building process was still insisting that PID_FILE_PATH contained %s,
    but this is not required for Exim 4.

    26. The logging of ETRN commands had got lost. It has been restored, and the
    log selector "etrn" (on by default) added to control it.

    27. IPv6 reverse DNS lookups were originally specified as happening in the
    ip6.int domain, but this is being changed to ip6.arpa (and they've changed
    the meaning of "arpa" to "Address and Routing Parameters Area"). The only
    time Exim does reverse lookups directly (as opposed to calling
    gethostbyaddress()) is in the code for the dnsdb lookup type. This has been
    changed to use ip6.arpa.

    28. Made the test programs (test_dbfn for testing DBM files, and some others)
    compile! Updated the help output from test_dbfn.

    29. Changed all occurrences of "r" and "w" in fopen() fdopen() calls to "rb"
    and "wb". This makes no difference in Unix systems, but is apparently
    necessary for running Exim under Cygwin.

    30. Three changes that make virtually no difference when Exim is run on a real
    Unix system, but which were asked for to make life easier when porting it
    to run under Cygwin:

    (a) Changed the logic for locking a message when an Exim process is
    handling it. Previously, the entire -D file was locked to indicate
    this. Now Exim locks only the first line, which contains the name of
    the file. Apparently, in the Cygwin environment, a subprocess cannot
    read locked parts of a file, even when it is passed an open file
    descriptor to that file from the process that did the locking. By
    locking only the first line, which the subprocess does not want to read
    (it just needs to read the data that follows), we can get round this
    restriction with minimal effort.

    (b) Added support for native gdbm function calls. GDBM is apparently the
    only DBM library that is currently available Cygwin, and only with its
    native API.

    (c) The default modes for files, directories, and lock files in the
    appendfile transport can now be set in Local/Makefile at build time.

    31. When transmitting a message using SMTP with PIPELINING, if the server gave
    a malformed SMTP response, the message logged by Exim didn't associate it
    with the pipelined SMTP command to which it referred. For example it logged
    "after DATA" if all the recipients had been sent. Also, if the response
    was an empty line (illegal), it didn't show up very clearly. The error
    messages are now more accurate, and point out empty lines.

    32. Minor corrections and changes to src/configure.default.

    33. When a host list in a route_list item that was enclosed in double quotes
    contained single quotes within it, the quoting was incorrectly terminated.
    Both the pattern and the host list in route_list items are now handled by
    the standard quote-processing function.

    34. Corrected the EDITME file for eximon so that the default stripchart
    patterns work with the default runtime configuration for local deliveries.
    (Previously it matched a delivery via a director - not possible in Exim 4.)


    Exim version 3.951
    ------------------

    Exim 3.951 is the first alpha testing release for Exim 4. A list the many
    individual changes to the code made between Exim 3.33 and Exim 3.951 was not
    kept. The functional changes are listed in the Exim4.upgrade file.

    ****
    • [^] # En lien SVP

      Posté par  . Évalué à 10.

      Un changelog comme ça, ça aurait été mieux en lien non ?
    • [^] # Re: ChangeLog

      Posté par  (site web personnel) . Évalué à 3.

      Génial, ton message !
      J'ai tout lu, c'est passionnant. Et pour répondre, très pratique, de descendre tout en bas de la page.
      Nan, vraiment, des messages comme ça, je te jure, ça mérite l'abonnement à Linux Mag !
    • [^] # Re: ChangeLog

      Posté par  (Mastodon) . Évalué à -3.

      Oh my god ! Mais c'est ENOOOOORRMMME !!!!
  • # Ça donne envie de l'essayer !

    Posté par  (site web personnel) . Évalué à 10.

    Vu la superbe présentation que nous a fait Philip Hazel au FOSDEM, ça donne envie de l'essayer.

    L'architecture à été totalement modifié. Le routage des mails entrant est beaucoup mieux fait, et il y maintenant des règles access/deny à la manière de apache ou proftpd pour accepter refuser les mails.

    Bref à installer de suite sur sa machine perso, ou attendre un petit peu sur une machine de prod (il y aura bien quels petits trous de sécurité au début, c'est inévitable vu les changements apportés)
  • # Exim est par exemple le MTA par défaut sur les Debian GNU/Linux.

    Posté par  . Évalué à 10.

    C'est sur qu'Exim est le seul MTA sous licence GPL.

    Sendmail, fournit par RedHat, est sous une licence dite « Open Source ».
    Postfix, fournit par Mandrake, est sous la IBM public license, une licence incompatible avec la GPL.
    • [^] # Re: Exim est par exemple le MTA par défaut sur les Debian GNU/Linux.

      Posté par  (site web personnel) . Évalué à 5.

      Sauf erreur de ma part (ça fait un bail que je l'ai plus testé et j'ai la flemme d'aller choper l'archive sur leur serveur en Finlande) ZMailer [ http://zmailer.org/(...) ] est aussi sous GPL, mais il a l'air d'être un peu mort...

      Quoi qu'il en soit, j'utilise Exim (3.33) chez moi, et c'est vrai qu'il est très bien. Les quelques problèmes que j'ai vu concernaient l'absence de certaines commandes (EXPN, ETRN,...) et la syntaxe pas tip top des règles de config' mais rien de bien grave. En revanche, j'aimerais vraiment trouver un MTA qui permette d'avoir des « serveurs virtuels » (pour avoir par ex. <toto@bidule.tld> et <toto@truc.tld> dans des comptes différents mais gérés par la même machine). On m'a dit que Qmail faisait ça, mais la politique de licences de Dan Bernstein est assez bizarre, donc j'y touche pas... :-/

      Envoyé depuis mon PDP 11/70

      • [^] # Re: Exim est par exemple le MTA par défaut sur les Debian GNU/Linux.

        Posté par  (site web personnel) . Évalué à 2.

        Il me semble (à confirmer) que Philip Hazel en a parlé au FOSDEM et que c'est possible avec exim 4.
      • [^] # Re: Exim est par exemple le MTA par défaut sur les Debian GNU/Linux.

        Posté par  . Évalué à 3.

        "On m'a dit que Qmail faisait ça"

        Je te confirme qu'on peut le faire avec qmail mais ca me surprend qu'exim (ou d'autres) ne le permette pas. Ils font comment ceux qui font de l'hebergement pour mettre plusieurs domaines sur une meme machine (ils sont qd meme pas tous sous qmail?)?
      • [^] # Re: Exim est par exemple le MTA par défaut sur les Debian GNU/Linux.

        Posté par  . Évalué à 1.

        Postfix le fait avec les virtual_maps

        ex:
        toto@coincoin.fr bidule
        toto@pouetpouet.com machin

        et ca roule......
        • [^] # Re: Exim est par exemple le MTA par défaut sur les Debian GNU/Linux.

          Posté par  (site web personnel) . Évalué à 3.

          Je me suis peut-être mal exprimé. On peut bien sûr toujours bidouiller avec les virtusertables de Sendmail, etc. Mais en fait, j'aimerais un truc plus propre qu'un simple alias, avec des queues séparées pour chaque domaine, des règles d'acceptation/traitement des messages différenciées (par exemple, utiliser la RBL pour truc.tld mais non pour machin.tld), etc. En bref, quelque chose de vraiment modulaire, comme les virtualhosts d'Apache. Et ça, j'ai pas trouvé...

          Envoyé depuis mon PDP 11/70

      • [^] # Qmail et les "virtual domains"

        Posté par  (site web personnel) . Évalué à 2.

        "j'aimerais vraiment trouver un MTA qui permette d'avoir des « serveurs virtuels » (pour avoir par ex. <toto@bidule.tld> et <toto@truc.tld> dans des comptes différents mais gérés par la même machine). On m'a dit que Qmail faisait ça"

        Effectivement, Qmail avec l'appli Vpopmail (http://inter7.com/vpopmail/(...)) permet de gérer des domaines virtuels pour son MTA sur le même serveur. C'est très pratique et fournit plein d'outils pour gérer ça facilement. Entre autre, cela permet de gérer des utilisateurs par domaine complétement indépendamment des utilisateurs Unix définis sur la machine :-) ==> permet d'avoir "toto@truc.org" et "toto@bidule.org" sur le même serveur.
    • [^] # Courier est egalement en GPL

      Posté par  . Évalué à 4.

      Que dites vous de courier-mta (http://www.courier-mta.org/(...)) ?


      Ca a le gout du qmail, mais c'est de la bonne GPL. Le seul truc "chiant", c'est qu'il est assez strict sur les RFC. Du style pas de 8bits dans les headers. Sinon il est assez genial...

      • [^] # Re: Courier est egalement en GPL

        Posté par  . Évalué à -3.

        Je m'étais laissé dire que le code n'avait pas été écrit dès le départ dans l'optique d'une sécurité sans faille...
        -1 car aucun argument

Suivre le flux des commentaires

Note : les commentaires appartiennent à celles et ceux qui les ont postés. Nous n’en sommes pas responsables.