Gitweb:
https://git.exim.org/exim.git/commitdiff/b6054898ace169a0e5143117397a4f666a5e7283
Commit: b6054898ace169a0e5143117397a4f666a5e7283
Parent: 0ae2e68e24b938ac84bbea5740c53192d08bb7f1
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Wed Aug 26 23:43:54 2020 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Wed Aug 26 23:43:54 2020 +0100
DANE: Fix 2 messages from queue case
---
doc/doc-docbook/spec.xfpt | 12 ++++
src/src/deliver.c | 12 +++-
src/src/exim.c | 14 ++++-
src/src/globals.c | 2 +
src/src/globals.h | 2 +
src/src/spool_in.c | 24 ++++----
src/src/tls-gnu.c | 6 +-
src/src/transport.c | 32 +++++++----
src/src/transports/smtp.c | 100 ++++++++++++++++++++++++++++----
test/confs/5801 | 28 +++++----
test/dnszones-src/db.test.ex | 1 +
test/log/5801 | 134 ++++++++++++++++++++++++++++++++++++++++---
test/scripts/5800-DANE/5801 | 68 +++++++++++++++++++++-
test/stderr/0143 | 3 +-
test/stderr/0476 | 1 +
test/stderr/2013 | 4 ++
test/stderr/2035 | 1 +
test/stderr/2113 | 4 ++
test/stderr/2135 | 1 +
test/stderr/4052 | 3 +-
20 files changed, 391 insertions(+), 61 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 9a4e0a1..4d40bcf 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -3922,6 +3922,18 @@ This option is not intended for use by external callers. It is used internally
by Exim in conjunction with the &%-MC%& option, and passes on the fact that the
host to which Exim is connected supports TLS encryption.
+.new
+.vitem &%-MCr%&&~<&'SNI'&> &&&
+ &%-MCs%&&~<&'SNI'&>
+.oindex "&%-MCs%&"
+.oindex "&%-MCr%&"
+These options are not intended for use by external callers. It is used internally
+by Exim in conjunction with the &%-MCt%& option, and passes on the fact that
+a TLS Server Name Indication was sent as part of the channel establishment.
+The argument gives the SNI string.
+The "r" variant indicates a DANE-verified connection.
+.wen
+
.vitem &%-MCt%&&~<&'IP&~address'&>&~<&'port'&>&~<&'cipher'&>
.oindex "&%-MCt%&"
This option is not intended for use by external callers. It is used internally
diff --git a/src/src/deliver.c b/src/src/deliver.c
index a474406..9c4c1a7 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -1195,7 +1195,7 @@ else
if (addr->host_used)
{
g = d_hostlog(g, addr);
- if (continue_sequence > 1)
+ if (continue_sequence > 1) /*XXX this is wrong for a dropped proxyconn. Would have to pass back from transport */
g = string_catn(g, US"*", 1);
#ifndef DISABLE_EVENT
@@ -4273,6 +4273,10 @@ for (int delivery_count = 0; addr_remote; delivery_count++)
}
}
+/*XXX need to defeat this when DANE is used - but we don't know that yet.
+So look out for the place it gets used.
+*/
+
/* Get the flag which specifies whether the transport can handle different
domains that nevertheless resolve to the same set of hosts. If it needs
expanding, get variables set: $address_data, $domain_data, $localpart_data,
@@ -4351,6 +4355,11 @@ for (int delivery_count = 0; addr_remote; delivery_count++)
/************************************************************************/
+/*XXX don't know yet if DANE will be used. So tpt will have to
+check at the point if gets next addr from list, and skip/defer any
+nonmatch domains
+*/
+
/* Pick off all addresses which have the same transport, errors address,
destination, and extra headers. In some cases they point to the same host
list, but we also need to check for identical host lists generated from
@@ -4497,6 +4506,7 @@ for (int delivery_count = 0; addr_remote; delivery_count++)
if (continue_transport)
{
BOOL ok = Ustrcmp(continue_transport, tp->name) == 0;
+/*XXX do we need to check for a DANEd conn vs. a change of domain? */
/* If the transport is about to override the host list do not check
it here but take the cost of running the transport process to discover
diff --git a/src/src/exim.c b/src/src/exim.c
index 25464f7..60a44bb 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -2813,10 +2813,22 @@ on the second character (the one after '-'), to save some effort. */
case 'S': smtp_peer_options |= OPTION_SIZE; break;
#ifndef DISABLE_TLS
+ /* -MCs: used with -MCt; SNI was sent */
+ /* -MCr: ditto, DANE */
+
+ case 'r':
+ case 's': if (++i < argc)
+ {
+ continue_proxy_sni = string_copy_taint(argv[i], TRUE);
+ if (argrest[1] == 'r') continue_proxy_dane = TRUE;
+ }
+ else badarg = TRUE;
+ break;
+
/* -MCt: similar to -MCT below but the connection is still open
via a proxy process which handles the TLS context and coding.
Require three arguments for the proxied local address and port,
- and the TLS cipher. */
+ and the TLS cipher. */
case 't': if (++i < argc)
sending_ip_address = string_copy_taint(argv[i], TRUE);
diff --git a/src/src/globals.c b/src/src/globals.c
index aa94a27..fb0abb8 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -730,6 +730,8 @@ uid_t config_uid = 0;
int connection_max_messages= -1;
uschar *continue_proxy_cipher = NULL;
+BOOL continue_proxy_dane = FALSE;
+uschar *continue_proxy_sni = NULL;
uschar *continue_hostname = NULL;
uschar *continue_host_address = NULL;
int continue_sequence = 1;
diff --git a/src/src/globals.h b/src/src/globals.h
index 47b4b52..954a0a3 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -426,6 +426,8 @@ extern uschar *config_main_filename; /* File name actually used */
extern uschar *config_main_directory; /* Directory where the main config file was found */
extern uid_t config_uid; /* Additional owner */
extern uschar *continue_proxy_cipher; /* TLS cipher for proxied continued delivery */
+extern BOOL continue_proxy_dane; /* proxied conn is DANE */
+extern uschar *continue_proxy_sni; /* proxied conn SNI */
extern uschar *continue_hostname; /* Host for continued delivery */
extern uschar *continue_host_address; /* IP address for ditto */
extern int continue_sequence; /* Sequence num for continued delivery */
diff --git a/src/src/spool_in.c b/src/src/spool_in.c
index a2d3b89..7d95fcc 100644
--- a/src/src/spool_in.c
+++ b/src/src/spool_in.c
@@ -55,7 +55,7 @@ for (int i = 0; i < 2; i++)
set_subdir_str(message_subdir, id, i);
fname = spool_fname(US"input", message_subdir, id, US"-D");
- DEBUG(D_deliver) debug_printf("Trying spool file %s\n", fname);
+ DEBUG(D_deliver) debug_printf_indent("Trying spool file %s\n", fname);
/* We protect against symlink attacks both in not propagating the
* file-descriptor to other processes as we exec, and also ensuring that we
@@ -367,7 +367,7 @@ for (int n = 0; n < 2; n++)
errno = 0;
#ifndef COMPILE_UTILITY
-DEBUG(D_deliver) debug_printf("reading spool file %s\n", name);
+DEBUG(D_deliver) debug_printf_indent("reading spool file %s\n", name);
#endif /* COMPILE_UTILITY */
/* The first line of a spool file contains the message id followed by -H (i.e.
@@ -430,7 +430,7 @@ if (f.running_in_test_harness)
#endif
#ifndef COMPILE_UTILITY
-DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n",
+DEBUG(D_deliver) debug_printf_indent("user=%s uid=%ld gid=%ld sender=%s\n",
originator_login, (long int)originator_uid, (long int)originator_gid,
sender_address);
#endif
@@ -715,7 +715,7 @@ host_build_sender_fullhost();
#ifndef COMPILE_UTILITY
DEBUG(D_deliver)
- debug_printf("sender_local=%d ident=%s\n", f.sender_local,
+ debug_printf_indent("sender_local=%d ident=%s\n", f.sender_local,
sender_ident ? sender_ident : US"unset");
#endif /* COMPILE_UTILITY */
@@ -739,7 +739,7 @@ if (sscanf(CS big_buffer, "%d", &rcount) != 1 || rcount > 16384)
goto SPOOL_FORMAT_ERROR;
#ifndef COMPILE_UTILITY
-DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount);
+DEBUG(D_deliver) debug_printf_indent("recipients_count=%d\n", rcount);
#endif /* COMPILE_UTILITY */
recipients_list_max = rcount;
@@ -810,7 +810,7 @@ for (recipients_count = 0; recipients_count < rcount; recipients_count++)
{
int dummy;
#if !defined (COMPILE_UTILITY)
- DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim 3 spool file\n");
+ DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - Exim 3 spool file\n");
#endif
while (isdigit(*(--p)) || *p == ',');
if (*p == ' ')
@@ -825,7 +825,7 @@ for (recipients_count = 0; recipients_count < rcount; recipients_count++)
else if (*p == ' ')
{
#if !defined (COMPILE_UTILITY)
- DEBUG(D_deliver) debug_printf("**** SPOOL_IN - early Exim 4 spool file\n");
+ DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - early Exim 4 spool file\n");
#endif
*p++ = 0;
(void)sscanf(CS p, "%d", &pno);
@@ -838,7 +838,7 @@ for (recipients_count = 0; recipients_count < rcount; recipients_count++)
int flags;
#if !defined (COMPILE_UTILITY)
- DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim standard format spoolfile\n");
+ DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - Exim standard format spoolfile\n");
#endif
(void)sscanf(CS p+1, "%d", &flags);
@@ -874,13 +874,13 @@ for (recipients_count = 0; recipients_count < rcount; recipients_count++)
}
#if !defined(COMPILE_UTILITY)
else
- { DEBUG(D_deliver) debug_printf("**** SPOOL_IN - No additional fields\n"); }
+ { DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - No additional fields\n"); }
if (orcpt || dsn_flags)
- DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: <%s> orcpt: <%s> dsn_flags: 0x%x\n",
+ DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - address: <%s> orcpt: <%s> dsn_flags: 0x%x\n",
big_buffer, orcpt, dsn_flags);
if (errors_to)
- DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: <%s> errorsto: <%s>\n",
+ DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - address: <%s> errorsto: <%s>\n",
big_buffer, errors_to);
#endif
@@ -952,7 +952,7 @@ line count by adding the body linecount to the header linecount. Close the file
and give a positive response. */
#ifndef COMPILE_UTILITY
-DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n",
+DEBUG(D_deliver) debug_printf_indent("body_linecount=%d message_linecount=%d\n",
body_linecount, message_linecount);
#endif /* COMPILE_UTILITY */
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index cf38049..bfe40b2 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -550,7 +550,10 @@ else
/* peercert is set in peer_status() */
tlsp->peerdn = state->peerdn;
-tlsp->sni = state->received_sni;
+
+/* do not corrupt sni sent by client; record sni rxd by server */
+if (!state->host)
+ tlsp->sni = state->received_sni;
/* record our certificate */
{
@@ -2895,6 +2898,7 @@ if (!cipher_list)
cipher_list, &state, tlsp, errstr) != OK)
return FALSE;
+
#ifdef MEASURE_TIMING
report_time_since(&t0, US"client tls_init (delta)");
#endif
diff --git a/src/src/transport.c b/src/src/transport.c
index a046632..fd8da0f 100644
--- a/src/src/transport.c
+++ b/src/src/transport.c
@@ -1657,6 +1657,7 @@ DEBUG(D_transport)
debug_printf("transport_check_waiting entered\n");
debug_printf(" sequence=%d local_max=%d global_max=%d\n",
continue_sequence, local_message_max, connection_max_messages);
+ acl_level++;
}
/* Do nothing if we have hit the maximum number that can be send down one
@@ -1666,23 +1667,23 @@ if (connection_max_messages >= 0) local_message_max = connection_max_messages;
if (local_message_max > 0 && continue_sequence >= local_message_max)
{
DEBUG(D_transport)
- debug_printf("max messages for one connection reached: returning\n");
- return FALSE;
+ debug_printf_indent("max messages for one connection reached: returning\n");
+ goto retfalse;
}
/* Open the waiting information database. */
if (!(dbm_file = dbfn_open(string_sprintf("wait-%.200s", transport_name),
O_RDWR, &dbblock, TRUE, TRUE)))
- return FALSE;
+ goto retfalse;
/* See if there is a record for this host; if not, there's nothing to do. */
if (!(host_record = dbfn_read(dbm_file, hostname)))
{
dbfn_close(dbm_file);
- DEBUG(D_transport) debug_printf("no messages waiting for %s\n", hostname);
- return FALSE;
+ DEBUG(D_transport) debug_printf_indent("no messages waiting for %s\n", hostname);
+ goto retfalse;
}
/* If the data in the record looks corrupt, just log something and
@@ -1693,7 +1694,7 @@ if (host_record->count > WAIT_NAME_MAX)
dbfn_close(dbm_file);
log_write(0, LOG_MAIN|LOG_PANIC, "smtp-wait database entry for %s has bad "
"count=%d (max=%d)", hostname, host_record->count, WAIT_NAME_MAX);
- return FALSE;
+ goto retfalse;
}
/* Scan the message ids in the record from the end towards the beginning,
@@ -1831,8 +1832,8 @@ while (1)
if (host_length <= 0)
{
dbfn_close(dbm_file);
- DEBUG(D_transport) debug_printf("waiting messages already delivered\n");
- return FALSE;
+ DEBUG(D_transport) debug_printf_indent("waiting messages already delivered\n");
+ goto retfalse;
}
/* we were not able to find an acceptable message, nor was there a
@@ -1843,7 +1844,7 @@ while (1)
{
Ustrcpy(new_message_id, message_id);
dbfn_close(dbm_file);
- return FALSE;
+ goto retfalse;
}
} /* we need to process a continuation record */
@@ -1859,7 +1860,12 @@ if (host_length > 0)
}
dbfn_close(dbm_file);
+DEBUG(D_transport) {acl_level--; debug_printf("transport_check_waiting: TRUE\n"); }
return TRUE;
+
+retfalse:
+DEBUG(D_transport) {acl_level--; debug_printf("transport_check_waiting: FALSE\n"); }
+return FALSE;
}
/*************************************************
@@ -1871,7 +1877,7 @@ void
transport_do_pass_socket(const uschar *transport_name, const uschar *hostname,
const uschar *hostaddress, uschar *id, int socket_fd)
{
-int i = 20;
+int i = 22;
const uschar **argv;
/* Set up the calling arguments; use the standard function for the basics,
@@ -1892,6 +1898,12 @@ if (smtp_peer_options & OPTION_TLS)
argv[i++] = sending_ip_address;
argv[i++] = string_sprintf("%d", sending_port);
argv[i++] = tls_out.active.sock >= 0 ? tls_out.cipher : continue_proxy_cipher;
+
+ if (tls_out.sni)
+ {
+ argv[i++] = tls_out.dane_verified ? US"-MCr" : US"-MCs";
+ argv[i++] = tls_out.sni;
+ }
}
else
argv[i++] = US"-MCT";
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 16da67f..dfc1c76 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1618,8 +1618,8 @@ return FALSE;
typedef struct smtp_compare_s
{
- uschar *current_sender_address;
- struct transport_instance *tblock;
+ uschar * current_sender_address;
+ struct transport_instance * tblock;
} smtp_compare_t;
@@ -1989,6 +1989,75 @@ if (sx->smtps)
}
#endif
+#ifdef SUPPORT_DANE
+/*XXX new */
+/* If we have a proxied TLS connection, check usability for this message */
+
+if (continue_hostname && continue_proxy_cipher)
+ {
+ int rc;
+ const uschar * sni = US"";
+
+ /* Check if the message will be DANE-verified; if so force its SNI */
+
+ smtp_port_for_connect(sx->conn_args.host, sx->port);
+ if ( sx->conn_args.host->dnssec == DS_YES
+ && ( sx->dane_required
+ || verify_check_given_host(CUSS &ob->hosts_try_dane, sx->conn_args.host) == OK
+ ) )
+ switch (rc = tlsa_lookup(sx->conn_args.host, &sx->conn_args.tlsa_dnsa, sx->dane_required))
+ {
+ case OK: sx->conn_args.dane = TRUE;
+ ob->tls_tempfail_tryclear = FALSE; /* force TLS */
+ ob->tls_sni = sx->first_addr->domain; /* force SNI */
+ break;
+ case FAIL_FORCED: break;
+ default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
+ string_sprintf("DANE error: tlsa lookup %s",
+ rc_to_string(rc)),
+ rc, FALSE, &sx->delivery_start);
+# ifndef DISABLE_EVENT
+ (void) event_raise(sx->conn_args.tblock->event_action,
+ US"dane:fail", sx->dane_required
+ ? US"dane-required" : US"dnssec-invalid");
+# endif
+ return rc;
+ }
+
+ /* If the SNI required for the new message differs from the existing conn
+ drop the connection to force a new one. */
+
+ if (ob->tls_sni && !(sni = expand_cstring(ob->tls_sni)))
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "<%s>: failed to expand transport's tls_sni value: %s",
+ sx->addrlist->address, expand_string_message);
+
+ if ( (continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni)
+ && continue_proxy_dane == sx->conn_args.dane)
+ {
+ tls_out.sni = US sni;
+ if ((tls_out.dane_verified = continue_proxy_dane))
+ sx->conn_args.host->dnssec = DS_YES;
+ }
+ else
+ {
+ DEBUG(D_transport)
+ debug_printf("Closing proxied-TLS connection due to SNI mismatch\n");
+
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> QUIT\n");
+ write(0, "QUIT\r\n", 6);
+ close(0);
+ tls_out.dane_verified = FALSE;
+ continue_hostname = continue_proxy_cipher = NULL;
+ f.continue_more = FALSE;
+ continue_sequence = 1; /* Unfortunately, this process cannot affect success log
+ which is done by delivery proc. Would have to pass this
+ back through reporting pipe. */
+ }
+ }
+#endif
+
+
/* Make a connection to the host if this isn't a continued delivery, and handle
the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
specially so they can be identified for retries. */
@@ -3442,7 +3511,7 @@ BOOL pass_message = FALSE;
uschar *message = NULL;
uschar new_message_id[MESSAGE_ID_LENGTH + 1];
smtp_context * sx = store_get(sizeof(*sx), TRUE); /* tainted, for the data buffers */
-#if !defined(DISABLE_TLS) && defined(SUPPORT_DANE)
+#ifdef SUPPORT_DANE
BOOL dane_held;
#endif
@@ -3460,7 +3529,7 @@ sx->conn_args.tblock = tblock;
gettimeofday(&sx->delivery_start, NULL);
sx->sync_addr = sx->first_addr = addrlist;
-#if !defined(DISABLE_TLS) && defined(SUPPORT_DANE)
+#ifdef SUPPORT_DANE
DANE_DOMAINS:
dane_held = FALSE;
#endif
@@ -3475,7 +3544,7 @@ if ((rc = smtp_setup_conn(sx, suppress_tls)) != OK)
goto TIDYUP;
}
-#if !defined(DISABLE_TLS) && defined(SUPPORT_DANE)
+#ifdef SUPPORT_DANE
/* If the connection used DANE, ignore for now any addresses with incompatible
domains. The SNI has to be the domain. Arrange a whole new TCP conn later,
just in case only TLS isn't enough. */
@@ -4182,6 +4251,16 @@ connection to a new process. However, not all servers can handle this (Exim
can), so we do not pass such a connection on if the host matches
hosts_nopass_tls. */
+/*XXX do we have to veto all passing of DANE'd connections?
+Can we be any more intelligent?
+
+I could see that unpleasantly impacting high-vol mailinglist.
+Where many messages are queued for a single dest MX.
+
+But the wait-DB used by transport_check_waiting only records hosts, not domains.
+So we cannot look for a domain mismatch.
+*/
+
DEBUG(D_transport)
debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
"yield=%d first_address is %sNULL\n", sx->ok, sx->send_quit,
@@ -4194,8 +4273,8 @@ if (sx->completed_addr && sx->ok && sx->send_quit)
t_compare.tblock = tblock;
t_compare.current_sender_address = sender_address;
- if ( sx->first_addr != NULL
- || f.continue_more
+ if ( sx->first_addr != NULL /* more addrs for this message */
+ || f.continue_more /* more addrs for coninued-host */
|| (
#ifndef DISABLE_TLS
( tls_out.active.sock < 0 && !continue_proxy_cipher
@@ -4242,7 +4321,7 @@ if (sx->completed_addr && sx->ok && sx->send_quit)
if (sx->first_addr != NULL) /* More addresses still to be sent */
- { /* on this connection */
+ { /* for this message */
continue_sequence++; /* Causes * in logging */
pipelining_active = sx->pipelining_used; /* was cleared at DATA */
goto SEND_MESSAGE;
@@ -4266,6 +4345,7 @@ if (sx->completed_addr && sx->ok && sx->send_quit)
tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT);
sx->cctx.tls_ctx = NULL;
+ tls_out.active.sock = -1;
smtp_peer_options = smtp_peer_options_wrap;
sx->ok = !sx->smtps
&& smtp_write_command(sx, SCMD_FLUSH, "EHLO %s\r\n", sx->helo_data)
@@ -4409,7 +4489,7 @@ if (sx->send_quit)
(void) event_raise(tblock->event_action, US"tcp:close", NULL);
#endif
-#if !defined(DISABLE_TLS) && defined(SUPPORT_DANE)
+#ifdef SUPPORT_DANE
if (dane_held)
{
sx->first_addr = NULL;
@@ -4435,7 +4515,7 @@ continue_hostname = NULL;
return yield;
TIDYUP:
-#if !defined(DISABLE_TLS) && defined(SUPPORT_DANE)
+#ifdef SUPPORT_DANE
if (dane_held) for (address_item * a = sx->addrlist->next; a; a = a->next)
if (a->transport_return == DANE)
a->transport_return = PENDING_DEFER;
diff --git a/test/confs/5801 b/test/confs/5801
index f0f21e2..1f13ccb 100644
--- a/test/confs/5801
+++ b/test/confs/5801
@@ -2,7 +2,7 @@
# DANE common
SERVER=
-CONTROL= *
+OPT=
.include DIR/aux-var/tls_conf_prefix
@@ -48,16 +48,16 @@ tls_privatekey = ${if eq {SERVER}{server} \
begin routers
client:
- driver = dnslookup
- condition = ${if eq {SERVER}{}}
+ driver = dnslookup
+ condition = ${if eq {SERVER}{}}
dnssec_request_domains = *
- self = send
- transport = send_to_server
- errors_to = ""
+ self = send
+ transport = send_to_server
+ errors_to = ""
server:
- driver = redirect
- data = :blackhole:
+ driver = redirect
+ data = :blackhole:
# ----- Transports -----
@@ -65,16 +65,14 @@ server:
begin transports
send_to_server:
- driver = smtp
+ driver = smtp
allow_localhost
- port = PORT_D
+ port = PORT_D
hosts_try_fastopen = :
- hosts_try_dane = CONTROL
- hosts_require_dane = HOSTIPV4
- tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}}
- tls_try_verify_hosts = thishost.test.ex
- tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}}
+ hosts_try_dane = *
+ tls_sni = OPT
+ tls_verify_certificates =
diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex
index f15bf7a..52972a9 100644
--- a/test/dnszones-src/db.test.ex
+++ b/test/dnszones-src/db.test.ex
@@ -442,6 +442,7 @@ AA a-aa A V4NET.0.0.100
;
DNSSEC mxdane512ee MX 1 dane512ee
DNSSEC mxdane512ee1 MX 1 dane512ee
+mxnondane512ee MX 1 dane512ee
DNSSEC dane512ee A HOSTIPV4
DNSSEC _1225._tcp.dane512ee TLSA 3 1 2 c0c2fc12e9fe1abf0ae7b1f2ad2798a4689668db8cf7f7b771a43bf8a4f1d9741ef103bad470b1201157150fbd6182054b0170e90ce66b944a82a0a9c81281af
diff --git a/test/log/5801 b/test/log/5801
index 3cf1369..f243142 100644
--- a/test/log/5801
+++ b/test/log/5801
@@ -1,13 +1,131 @@
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t00@??? t01@???
-1999-03-02 09:44:33 10HmaX-0005vi-00 => t00@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 => t01@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t@???
+1999-03-02 09:44:33 10HmaX-0005vi-00 => t@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t00@??? t01@???
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => t00@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => t01@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t10@???
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t11@???
+1999-03-02 09:44:33 Start queue run: pid=pppp
+1999-03-02 09:44:33 10HmbC-0005vi-00 => t10@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbD-0005vi-00 => t11@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbF-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp
+1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t20@???
+1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t21@???
+1999-03-02 09:44:33 Start queue run: pid=pppp -qq
+1999-03-02 09:44:33 10HmbG-0005vi-00 => t20@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbI-0005vi-00"
+1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbH-0005vi-00 => t21@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbJ-0005vi-00"
+1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qq
+1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t30@???
+1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t31@???
+1999-03-02 09:44:33 Start queue run: pid=pppp
+1999-03-02 09:44:33 10HmbK-0005vi-00 => t30@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbM-0005vi-00"
+1999-03-02 09:44:33 10HmbK-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbL-0005vi-00 => t31@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbN-0005vi-00"
+1999-03-02 09:44:33 10HmbL-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp
+1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t40@???
+1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t41@???
+1999-03-02 09:44:33 Start queue run: pid=pppp -qq
+1999-03-02 09:44:33 10HmbO-0005vi-00 => t40@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbQ-0005vi-00"
+1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbP-0005vi-00 => t41@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbR-0005vi-00"
+1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qq
+1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t50@???
+1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t51@???
+1999-03-02 09:44:33 Start queue run: pid=pppp
+1999-03-02 09:44:33 10HmbS-0005vi-00 => t50@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbU-0005vi-00"
+1999-03-02 09:44:33 10HmbS-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbT-0005vi-00 => t51@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbV-0005vi-00"
+1999-03-02 09:44:33 10HmbT-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp
+1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t60@???
+1999-03-02 09:44:33 10HmbX-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t61@???
+1999-03-02 09:44:33 Start queue run: pid=pppp -qq
+1999-03-02 09:44:33 10HmbW-0005vi-00 => t60@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbY-0005vi-00"
+1999-03-02 09:44:33 10HmbW-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbX-0005vi-00 => t61@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbZ-0005vi-00"
+1999-03-02 09:44:33 10HmbX-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qq
+1999-03-02 09:44:33 10HmcA-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t70@???
+1999-03-02 09:44:33 10HmcB-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t71@???
+1999-03-02 09:44:33 Start queue run: pid=pppp -qq
+1999-03-02 09:44:33 10HmcA-0005vi-00 => t70@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmcC-0005vi-00"
+1999-03-02 09:44:33 10HmcA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcB-0005vi-00 => t71@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmcD-0005vi-00"
+1999-03-02 09:44:33 10HmcB-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qq
+1999-03-02 09:44:33 10HmcE-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t80@???
+1999-03-02 09:44:33 10HmcF-0005vi-00 <= CALLER@??? U=CALLER P=local S=sss for t91@???
+1999-03-02 09:44:33 Start queue run: pid=pppp -qq
+1999-03-02 09:44:33 10HmcE-0005vi-00 => t80@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmcG-0005vi-00"
+1999-03-02 09:44:33 10HmcE-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcF-0005vi-00 => t91@??? R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmcH-0005vi-00"
+1999-03-02 09:44:33 10HmcF-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qq
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmaX-0005vi-00@??? for t00@???
-1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <t00@???> R=server
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmaX-0005vi-00@??? for t@???
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <t@???> R=server
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee1.test.ex S=sss id=E10HmaX-0005vi-00@??? for t01@???
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => :blackhole: <t01@???> R=server
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmaZ-0005vi-00@??? for t00@???
+1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <t00@???> R=server
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee1.test.ex S=sss id=E10HmaZ-0005vi-00@??? for t01@???
+1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: <t01@???> R=server
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbC-0005vi-00@??? for t10@???
+1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <t10@???> R=server
+1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbF-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee1.test.ex S=sss id=E10HmbD-0005vi-00@??? for t11@???
+1999-03-02 09:44:33 10HmbF-0005vi-00 => :blackhole: <t11@???> R=server
+1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbI-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbG-0005vi-00@??? for t20@???
+1999-03-02 09:44:33 10HmbI-0005vi-00 => :blackhole: <t20@???> R=server
+1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbJ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee1.test.ex S=sss id=E10HmbH-0005vi-00@??? for t21@???
+1999-03-02 09:44:33 10HmbJ-0005vi-00 => :blackhole: <t21@???> R=server
+1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbM-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbK-0005vi-00@??? for t30@???
+1999-03-02 09:44:33 10HmbM-0005vi-00 => :blackhole: <t30@???> R=server
+1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbN-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbL-0005vi-00@??? for t31@???
+1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <t31@???> R=server
+1999-03-02 09:44:33 10HmbN-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbQ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbO-0005vi-00@??? for t40@???
+1999-03-02 09:44:33 10HmbQ-0005vi-00 => :blackhole: <t40@???> R=server
+1999-03-02 09:44:33 10HmbQ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbR-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbP-0005vi-00@??? for t41@???
+1999-03-02 09:44:33 10HmbR-0005vi-00 => :blackhole: <t41@???> R=server
+1999-03-02 09:44:33 10HmbR-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbU-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbS-0005vi-00@??? for t50@???
+1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <t50@???> R=server
+1999-03-02 09:44:33 10HmbU-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbV-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=MY-SNI S=sss id=E10HmbT-0005vi-00@??? for t51@???
+1999-03-02 09:44:33 10HmbV-0005vi-00 => :blackhole: <t51@???> R=server
+1999-03-02 09:44:33 10HmbV-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbY-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbW-0005vi-00@??? for t60@???
+1999-03-02 09:44:33 10HmbY-0005vi-00 => :blackhole: <t60@???> R=server
+1999-03-02 09:44:33 10HmbY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=MY-SNI S=sss id=E10HmbX-0005vi-00@??? for t61@???
+1999-03-02 09:44:33 10HmbZ-0005vi-00 => :blackhole: <t61@???> R=server
+1999-03-02 09:44:33 10HmbZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcC-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcA-0005vi-00@??? for t70@???
+1999-03-02 09:44:33 10HmcC-0005vi-00 => :blackhole: <t70@???> R=server
+1999-03-02 09:44:33 10HmcC-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcD-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmcB-0005vi-00@??? for t71@???
+1999-03-02 09:44:33 10HmcD-0005vi-00 => :blackhole: <t71@???> R=server
+1999-03-02 09:44:33 10HmcD-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcG-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=SNISNISNISNI S=sss id=E10HmcE-0005vi-00@??? for t80@???
+1999-03-02 09:44:33 10HmcG-0005vi-00 => :blackhole: <t80@???> R=server
+1999-03-02 09:44:33 10HmcG-0005vi-00 Completed
+1999-03-02 09:44:33 10HmcH-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmcF-0005vi-00@??? for t91@???
+1999-03-02 09:44:33 10HmcH-0005vi-00 => :blackhole: <t91@???> R=server
+1999-03-02 09:44:33 10HmcH-0005vi-00 Completed
diff --git a/test/scripts/5800-DANE/5801 b/test/scripts/5800-DANE/5801
index 98fa6b1..c486dfa 100644
--- a/test/scripts/5800-DANE/5801
+++ b/test/scripts/5800-DANE/5801
@@ -3,10 +3,76 @@
exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D
****
#
+# Baseline: simple message
+exim -odf t@???
+****
#
-# A single message with 2 receipients, different domains though same MX host
+# A single message with 2 recipients, different domains though same DANE MX host
exim -odf t00@??? t01@???
****
#
+# Two DANE messages from queue, one-pass queue-run
+exim -odq t10@???
+****
+exim -odq t11@???
+****
+exim -q
+****
+#
+# Two DANE messages from queue, two-pass queue-run
+exim -odq t20@???
+****
+exim -odq t21@???
+****
+exim -qq
+****
+#
+# DANE followed by non-DANE, 1-Pqr
+exim -odq t30@???
+****
+exim -odq t31@???
+****
+exim -q
+****
+# DANE followed by non-DANE, 2-Pqr
+exim -odq t40@???
+****
+exim -odq t41@???
+****
+exim -qq
+****
+#
+# DANE followed by non-DANE, SNI set, 1-Pqr
+exim -odq t50@???
+****
+exim -odq t51@???
+****
+exim -DOPT=MY-SNI -q
+****
+# DANE followed by non-DANE, SNI set, 2-Pqr
+exim -odq t60@???
+****
+exim -odq t61@???
+****
+exim -DOPT=MY-SNI -qq
+****
+#
+# non-DANE followed by DANE, 2-pqr
+exim -odq t70@???
+****
+exim -odq t71@???
+****
+exim -qq
+****
+# non-DANE (SNI set) followed by DANE, 2-pqr
+exim -odq t80@???
+****
+exim -odq t91@???
+****
+exim -DOPT=SNISNISNISNI -qq
+****
+#
+#
+#
killdaemon
no_msglog_check
diff --git a/test/stderr/0143 b/test/stderr/0143
index c1b6deb..e91e97a 100644
--- a/test/stderr/0143
+++ b/test/stderr/0143
@@ -47,7 +47,8 @@ writing data block fd=dddd size=sss timeout=300
ok=1 send_quit=1 send_rset=0 continue_more=0 yield=0 first_address is NULL
transport_check_waiting entered
sequence=1 local_max=500 global_max=-1
-no messages waiting for 127.0.0.1
+ no messages waiting for 127.0.0.1
+transport_check_waiting: FALSE
SMTP>> QUIT
cmd buf flush ddd bytes
SMTP(close)>>
diff --git a/test/stderr/0476 b/test/stderr/0476
index 69ab06b..d5c571d 100644
--- a/test/stderr/0476
+++ b/test/stderr/0476
@@ -42,6 +42,7 @@ error for DATA ignored: pipelining is in use and there were no good recipients
ok=1 send_quit=1 send_rset=1 continue_more=0 yield=0 first_address is NULL
transport_check_waiting entered
sequence=1 local_max=500 global_max=-1
+transport_check_waiting: TRUE
SMTP>> RSET
cmd buf flush ddd bytes
SMTP(closed)<<
diff --git a/test/stderr/2013 b/test/stderr/2013
index f3c5421..682b53e 100644
--- a/test/stderr/2013
+++ b/test/stderr/2013
@@ -45,6 +45,7 @@ configuration file is TESTSUITE/test-config
trusted user
admin user
dropping to exim gid; retaining priv uid
+Transport port=1225 replaced by host-specific port=1225
SMTP>> MAIL FROM:<CALLER@???> SIZE=ssss
SMTP>> RCPT TO:<userz@???>
SMTP>> DATA
@@ -64,6 +65,7 @@ configuration file is TESTSUITE/test-config
trusted user
admin user
dropping to exim gid; retaining priv uid
+Transport port=1225 replaced by host-specific port=1225
SMTP>> MAIL FROM:<CALLER@???> SIZE=ssss
SMTP>> RCPT TO:<usery@???>
SMTP>> DATA
@@ -131,6 +133,7 @@ configuration file is TESTSUITE/test-config
trusted user
admin user
dropping to exim gid; retaining priv uid
+Transport port=1225 replaced by host-specific port=1225
SMTP>> MAIL FROM:<CALLER@???> SIZE=ssss
SMTP>> RCPT TO:<userc@???>
SMTP>> DATA
@@ -150,6 +153,7 @@ configuration file is TESTSUITE/test-config
trusted user
admin user
dropping to exim gid; retaining priv uid
+Transport port=1225 replaced by host-specific port=1225
SMTP>> MAIL FROM:<CALLER@???> SIZE=ssss
SMTP>> RCPT TO:<userb@???>
SMTP>> DATA
diff --git a/test/stderr/2035 b/test/stderr/2035
index 7075906..7187d0d 100644
--- a/test/stderr/2035
+++ b/test/stderr/2035
@@ -54,6 +54,7 @@ checking status of 127.0.0.1
127.0.0.1 [127.0.0.1]:1111 retry-status = usable
delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userb@???)
Transport port=25 replaced by host-specific port=1225
+Transport port=25 replaced by host-specific port=1225
continued connection, proxied TLS
SMTP>> DATA
cmd buf flush ddd bytes
diff --git a/test/stderr/2113 b/test/stderr/2113
index 9541b65..6ccdea8 100644
--- a/test/stderr/2113
+++ b/test/stderr/2113
@@ -45,6 +45,7 @@ configuration file is TESTSUITE/test-config
trusted user
admin user
dropping to exim gid; retaining priv uid
+Transport port=1225 replaced by host-specific port=1225
SMTP>> MAIL FROM:<CALLER@???> SIZE=ssss
SMTP>> RCPT TO:<userz@???>
SMTP>> DATA
@@ -64,6 +65,7 @@ configuration file is TESTSUITE/test-config
trusted user
admin user
dropping to exim gid; retaining priv uid
+Transport port=1225 replaced by host-specific port=1225
SMTP>> MAIL FROM:<CALLER@???> SIZE=ssss
SMTP>> RCPT TO:<usery@???>
SMTP>> DATA
@@ -131,6 +133,7 @@ configuration file is TESTSUITE/test-config
trusted user
admin user
dropping to exim gid; retaining priv uid
+Transport port=1225 replaced by host-specific port=1225
SMTP>> MAIL FROM:<CALLER@???> SIZE=ssss
SMTP>> RCPT TO:<userc@???>
SMTP>> DATA
@@ -150,6 +153,7 @@ configuration file is TESTSUITE/test-config
trusted user
admin user
dropping to exim gid; retaining priv uid
+Transport port=1225 replaced by host-specific port=1225
SMTP>> MAIL FROM:<CALLER@???> SIZE=ssss
SMTP>> RCPT TO:<userb@???>
SMTP>> DATA
diff --git a/test/stderr/2135 b/test/stderr/2135
index 7075906..7187d0d 100644
--- a/test/stderr/2135
+++ b/test/stderr/2135
@@ -54,6 +54,7 @@ checking status of 127.0.0.1
127.0.0.1 [127.0.0.1]:1111 retry-status = usable
delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userb@???)
Transport port=25 replaced by host-specific port=1225
+Transport port=25 replaced by host-specific port=1225
continued connection, proxied TLS
SMTP>> DATA
cmd buf flush ddd bytes
diff --git a/test/stderr/4052 b/test/stderr/4052
index cf06d96..53b9e0a 100644
--- a/test/stderr/4052
+++ b/test/stderr/4052
@@ -54,7 +54,8 @@ writing data block fd=dddd size=sss timeout=300
ok=1 send_quit=1 send_rset=0 continue_more=0 yield=0 first_address is NULL
transport_check_waiting entered
sequence=1 local_max=500 global_max=-1
-no messages waiting for 127.0.0.1
+ no messages waiting for 127.0.0.1
+transport_check_waiting: FALSE
SMTP>> QUIT
cmd buf flush ddd bytes
SMTP(close)>>