Commit | Line | Data |
---|---|---|
495ae4b0 | 1 | Change log file for Exim from version 4.21 |
f988ce57 | 2 | ------------------------------------------ |
446415f5 HSHR |
3 | This document describes *changes* to previous versions, that might |
4 | affect Exim's operation, with an unchanged configuration file. For new | |
5 | options, and new features, see the NewStuff file next to this ChangeLog. | |
495ae4b0 | 6 | |
4c57a40e | 7 | |
d99f54e4 JH |
8 | Exim version 4.92 |
9 | ----------------- | |
10 | ||
9723f966 JH |
11 | JH/01 Remove code calling the customisable local_scan function, unless a new |
12 | definition "HAVE_LOCAL_SCAN=yes" is present in the Local/Makefile. | |
13 | ||
14 | JH/02 Bug 1007: Avoid doing logging from signal-handlers, as that can result in | |
64b67b65 JH |
15 | non-signal-safe functions being used. |
16 | ||
17 | JH/03 Bug 2269: When presented with a received message having a stupidly large | |
18 | number of DKIM-Signature headers, disable DKIM verification to avoid | |
19 | a resource-consumption attack. The limit is set at twenty. | |
9723f966 | 20 | |
ea7b1f16 JH |
21 | JH/04 Add variables $arc_domains, $arc_oldest_pass for ARC verify. Fix the |
22 | report of oldest_pass in ${authres } in consequence, and separate out | |
23 | some descriptions of reasons for verification fail. | |
24 | ||
cfbb0d24 JH |
25 | JH/05 Bug 2273: Cutthrough delivery left a window where the received messsage |
26 | files in the spool were present and unlocked. A queue-runner could spot | |
27 | them, resulting in a duplicate delivery. Fix that by doing the unlock | |
0488984d JH |
28 | after the unlink. Investigation by Tim Stewart. Take the opportunity to |
29 | add more error-checking on spoolfile handling while that code is being | |
cfbb0d24 JH |
30 | messed with. |
31 | ||
85defcf0 PP |
32 | PP/01 Refuse to open a spool data file (*-D) if it's a symlink. |
33 | No known attacks, no CVE, this is defensive hardening. | |
34 | ||
1bd642c2 JH |
35 | JH/06 Bug 2275: The MIME ACL unlocked the received message files early, and |
36 | a queue-runner could start a delivery while other operations were ongoing. | |
37 | Cutthrough delivery was a common victim, resulting in duplicate delivery. | |
38 | Found and investigated by Tim Stewart. Fix by using the open message data | |
39 | file handle rather than opening another, and not locally closing it (which | |
40 | releases a lock) for that case, while creating the temporary .eml format | |
41 | file for the MIME ACL. Also applies to "regex" and "spam" ACL conditions. | |
42 | ||
2ddb4094 JH |
43 | JH/07 Bug 177: Make a random-recipient callout success visible in ACL, by setting |
44 | $sender_verify_failure/$recipient_verify_failure to "random". | |
45 | ||
1613fd68 JH |
46 | JH/08 When generating a selfsigned cert, use serial number 1 since zero is not |
47 | legitimate. | |
48 | ||
e6057245 JH |
49 | JH/09 Bug 2274: Fix logging of cmdline args when starting in an unlinked cwd. |
50 | Previously this would segfault. | |
51 | ||
7b9822bf JH |
52 | JH/10 Fix ARC signing for case when DKIM signing failed. Previously this would |
53 | segfault. | |
54 | ||
d8d9f930 JH |
55 | JH/11 Bug 2264: Exim now only follows CNAME chains one step by default. We'd |
56 | like zero, since the resolver should be doing this for us, But we need one | |
57 | as a CNAME but no MX presence gets the CNAME returned; we need to check | |
58 | that doesn't point to an MX to declare it "no MX returned" rather than | |
59 | "error, loop". A new main option is added so the older capability of | |
60 | following some limited number of chain links is maintained. | |
61 | ||
61e3f250 JH |
62 | JH/12 Add client-ip info to non-pass iprev ${authres } lines. |
63 | ||
7a8b9519 JH |
64 | JH/13 For receent Openssl versions (1.1 onward) use modern generic protocol |
65 | methods. These should support TLS 1.3; they arrived with TLS 1.3 and the | |
66 | now-deprecated earlier definitions used only specified the range up to TLS | |
67 | 1.2 (in the older-version library docs). | |
68 | ||
49e56fb3 JH |
69 | JH/14 Bug 2284: Fix DKIM signing for body lines starting with a pair of dots. |
70 | ||
74f1a423 JH |
71 | JH/15 Rework TLS client-side context management. Stop using a global, and |
72 | explicitly pass a context around. This enables future use of TLS for | |
73 | connections to service-daemons (eg. malware scanning) while a client smtp | |
74 | connection is using TLS; with cutthrough connections this is quite likely. | |
dd998666 JH |
75 | JH/15 Support for Rspamd, as a variant of the "spam" ACL condition used for |
76 | connecting to a SpamAssassain "spamd" daemon for content scanning, is | |
77 | removed. Following changes to the protocol used for communication with | |
78 | Rspamd it was apparently inoperable. | |
74f1a423 | 79 | |
5054c4fd | 80 | JH/16 Fix ARC verification to do AS checks in reverse order. |
afdb5e9c | 81 | JH/16 Support a "tls" option on the ${readsocket } expansion item. |
5054c4fd | 82 | |
9723f966 | 83 | |
bb264f6b JH |
84 | Exim version 4.91 |
85 | ----------------- | |
459fca58 | 86 | |
c39c8870 | 87 | GF/01 DEFER rather than ERROR on redis cluster MOVED response. |
bb264f6b JH |
88 | When redis_servers is set to a list of > 1 element, and the Redis servers |
89 | in that list are in cluster configuration, convert the REDIS_REPLY_ERROR | |
90 | case of MOVED into a DEFER case instead, thus moving the query onto the | |
91 | next server in the list. For a cluster of N elements, all N servers must | |
92 | be defined in redis_servers. | |
c39c8870 | 93 | |
0800ef83 GF |
94 | GF/02 Catch and remove uninitialized value warning in exiqsumm |
95 | Check for existence of @ARGV before looking at $ARGV[0] | |
96 | ||
459fca58 JH |
97 | JH/01 Replace the store_release() internal interface with store_newblock(), |
98 | which internalises the check required to safely use the old one, plus | |
99 | the allocate and data copy operations duplicated in both (!) of the | |
100 | extant use locations. | |
101 | ||
944e8b37 JH |
102 | JH/02 Disallow '/' characters in queue names specified for the "queue=" ACL |
103 | modifier. This matches the restriction on the commandline. | |
104 | ||
bbfb5dcd JH |
105 | JH/03 Fix pgsql lookup for multiple result-tuples with a single column. |
106 | Previously only the last row was returned. | |
107 | ||
a05d3e34 JH |
108 | JH/04 Bug 2217: Tighten up the parsing of DKIM signature headers. Previously |
109 | we assumed that tags in the header were well-formed, and parsed the | |
110 | element content after inspecting only the first char of the tag. | |
111 | Assumptions at that stage could crash the receive process on malformed | |
112 | input. | |
113 | ||
ce93c6d8 JH |
114 | JH/05 Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL. |
115 | While running the DKIM ACL we operate on the Permanent memory pool so that | |
116 | variables created with "set" persist to the DATA ACL. Also (at any time) | |
117 | DNS lookups that fail create cache records using the Permanent pool. But | |
118 | expansions release any allocations made on the current pool - so a dnsdb | |
119 | lookup expansion done in the DKIM ACL releases the memory used for the | |
120 | DNS negative-cache, and bad things result. Solution is to switch to the | |
121 | Main pool for expansions. | |
122 | While we're in that code, add checks on the DNS cache during store_reset, | |
123 | active in the testsuite. | |
124 | Problem spotted, and debugging aided, by Wolfgang Breyha. | |
125 | ||
2577f55f JH |
126 | JH/06 Fix issue with continued-connections when the DNS shifts unreliably. |
127 | When none of the hosts presented to a transport match an already-open | |
128 | connection, close it and proceed with the list. Previously we would | |
129 | queue the message. Spotted by Lena with Yahoo, probably involving | |
130 | round-robin DNS. | |
131 | ||
5b6f7658 JH |
132 | JH/07 Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL. |
133 | Previously a spurious "250 OK id=" response was appended to the proper | |
134 | failure response. | |
135 | ||
c11d665d JH |
136 | JH/08 The "support for" informational output now, which built with Content |
137 | Scanning support, has a line for the malware scanner interfaces compiled | |
138 | in. Interface can be individually included or not at build time. | |
e5ba8aa7 JH |
139 | |
140 | JH/09 The "aveserver", "kavdaemon" and "mksd" interfaces are now not included | |
141 | by the template makefile "src/EDITME". The "STREAM" support for an older | |
142 | ClamAV interface method is removed. | |
c11d665d | 143 | |
ba0e37b1 JH |
144 | JH/10 Bug 2223: Fix mysql lookup returns for the no-data case (when the number of |
145 | rows affected is given instead). | |
146 | ||
96508de1 JH |
147 | JH/11 The runtime Berkeley DB library version is now additionally output by |
148 | "exim -d -bV". Previously only the compile-time version was shown. | |
149 | ||
06fdb9f7 JH |
150 | JH/12 Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating |
151 | SMTP connection. Previously, when one had more receipients than the | |
152 | first, an abortive onward connection was made. Move to full support for | |
153 | multiple onward connections in sequence, handling cutthrough connection | |
154 | for all multi-message initiating connections. | |
155 | ||
f83a760f JH |
156 | JH/13 Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by |
157 | routers. Previously, a multi-recipient message would fail to match the | |
158 | onward-connection opened for the first recipient, and cause its closure. | |
159 | ||
f1fed05b JH |
160 | JH/14 Bug 2174: A timeout on connect for a callout was also erroneously seen as |
161 | a timeout on read on a GnuTLS initiating connection, resulting in the | |
162 | initiating connection being dropped. This mattered most when the callout | |
163 | was marked defer_ok. Fix to keep the two timeout-detection methods | |
164 | separate. | |
165 | ||
051d5efa JH |
166 | JH/15 Relax results from ACL control request to enable cutthrough, in |
167 | unsupported situations, from error to silently (except under debug) | |
168 | ignoring. This covers use with PRDR, frozen messages, queue-only and | |
169 | fake-reject. | |
170 | ||
cf3cd306 HSHR |
171 | HS/01 Fix Buffer overflow in base64d() (CVE-2018-6789) |
172 | ||
744976d4 JH |
173 | JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc |
174 | metadata, resulting in a crash in free(). | |
175 | ||
aab9a843 | 176 | PP/01 Fix broken Heimdal GSSAPI authenticator integration. |
7be14582 | 177 | Broken in f2ed27cf5, missing an equals sign for specified-initialisers. |
aab9a843 | 178 | Broken also in d185889f4, with init system revamp. |
7be14582 | 179 | |
83d2a861 JH |
180 | JH/17 Bug 2113: Fix conversation closedown with the Avast malware scanner. |
181 | Previously we abruptly closed the connection after reading a malware- | |
182 | found indication; now we go on to read the "scan ok" response line, | |
183 | and send a quit. | |
184 | ||
6741531c JH |
185 | JH/18 Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail |
186 | ACL. Previously, a crash would result. | |
187 | ||
85e03244 JH |
188 | JH/19 Speed up macro lookups during configuration file read, by skipping non- |
189 | macro text after a replacement (previously it was only once per line) and | |
190 | by skipping builtin macros when searching for an uppercase lead character. | |
191 | ||
c0635b6d JH |
192 | JH/20 DANE support moved from Experimental to mainline. The Makefile control |
193 | for the build is renamed. | |
194 | ||
b808677c JH |
195 | JH/21 Fix memory leak during multi-message connections using STARTTLS. A buffer |
196 | was allocated for every new TLS startup, meaning one per message. Fix | |
197 | by only allocating once (OpenSSL) or freeing on TLS-close (GnuTLS). | |
198 | ||
6678c382 JH |
199 | JH/22 Bug 2236: When a DKIM verification result is overridden by ACL, DMARC |
200 | reported the original. Fix to report (as far as possible) the ACL | |
201 | result replacing the original. | |
202 | ||
dec766a1 WB |
203 | JH/23 Fix memory leak during multi-message connections using STARTTLS under |
204 | OpenSSL. Certificate information is loaded for every new TLS startup, | |
205 | and the resources needed to be freed. | |
206 | ||
15ae19f9 JH |
207 | JH/24 Bug 2242: Fix exim_dbmbuild to permit directoryless filenames. |
208 | ||
e6532c4a JH |
209 | JH/25 Fix utf8_downconvert propagation through a redirect router. Previously it |
210 | was not propagated. | |
211 | ||
2556b3c6 SA |
212 | JH/26 Bug 2253: For logging delivery lines under PRDR, append the overall |
213 | DATA response info to the (existing) per-recipient response info for | |
214 | the "C=" log element. It can have useful tracking info from the | |
215 | destination system. Patch from Simon Arlott. | |
216 | ||
fc8cd529 JH |
217 | JH/27 Bug 2251: Fix ldap lookups that return a single attribute having zero- |
218 | length value. Previously this would segfault. | |
219 | ||
71bb51e0 HSHR |
220 | HS/02 Support Avast multiline protoocol, this allows passing flags to |
221 | newer versions of the scanner. | |
222 | ||
e04bfa34 JH |
223 | JH/28 Ensure that variables possibly set during message acceptance are marked |
224 | dead before release of memory in the daemon loop. This stops complaints | |
225 | about them when the debug_store option is enabled. Discovered specifically | |
226 | for sender_rate_period, but applies to a whole set of variables. | |
c232fc99 JH |
227 | Do the same for the queue-runner and queue-list loops, for variables set |
228 | from spool message files. Do the same for the SMTP per-message loop, for | |
229 | certain variables indirectly set in ACL operations. | |
e04bfa34 | 230 | |
ecce6d9a JH |
231 | JH/29 Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such |
232 | as a multi-recipient message from a mailinglist manager). The coding had | |
233 | an arbitrary cutoff number of characters while checking for more input; | |
234 | enforced by writing a NUL into the buffer. This corrupted long / fast | |
235 | input. The problem was exposed more widely when more pipelineing of SMTP | |
236 | responses was introduced, and one Exim system was feeding another. | |
237 | The symptom is log complaints of SMTP syntax error (NUL chars) on the | |
238 | receiving system, and refused recipients seen by the sending system | |
239 | (propating to people being dropped from mailing lists). | |
240 | Discovered and pinpointed by David Carter. | |
241 | ||
c9cf9ac4 JH |
242 | JH/30 The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being |
243 | replaced by the ${authresults } expansion. | |
244 | ||
b3b37076 JH |
245 | JH/31 Bug 2257: Fix pipe transport to not use a socket-only syscall. |
246 | ||
830832c9 HSHR |
247 | HS/03 Set a handler for SIGTERM and call exit(3) if running as PID 1. This |
248 | allows proper process termination in container environments. | |
249 | ||
f64e8b5f JH |
250 | JH/32 Bug 2258: Fix spool_wireformat in combination with LMTP transport. |
251 | Previously the "final dot" had a newline after it; ensure it is CR,LF. | |
252 | ||
8f0776b5 JH |
253 | JH/33 SPF: remove support for the "spf" ACL condition outcome values "err_temp" |
254 | and "err_perm", deprecated since 4.83 when the RFC-defined words | |
255 | "temperror" and "permerror" were introduced. | |
256 | ||
857eaf37 JH |
257 | JH/34 Re-introduce enforcement of no cutthrough delivery on transports having |
258 | transport-filters or DKIM-signing. The restriction was lost in the | |
259 | consolidation of verify-callout and delivery SMTP handling. | |
5add7dc4 | 260 | Extend the restriction to also cover ARC-signing. |
857eaf37 | 261 | |
c85476e9 JH |
262 | JH/35 Cutthrough: for a final-dot response timeout (and nonunderstood responses) |
263 | in defer=pass mode supply a 450 to the initiator. Previously the message | |
264 | would be spooled. | |
265 | ||
405074ad PP |
266 | PP/02 DANE: add dane_require_tls_ciphers SMTP Transport option; if unset, |
267 | tls_require_ciphers is used as before. | |
268 | ||
eb445b04 HSHR |
269 | HS/03 Malware Avast: Better match the Avast multiline protocol. Add |
270 | "pass_unscanned". Only tmpfails from the scanner are written to | |
271 | the paniclog, as they may require admin intervention (permission | |
272 | denied, license issues). Other scanner errors (like decompression | |
273 | bombs) do not cause a paniclog entry. | |
ad93c40f | 274 | |
d342446f JH |
275 | JH/36 Fix reinitialisation of DKIM logging variable between messages. |
276 | Previously it was possible to log spurious information in receive log | |
277 | lines. | |
278 | ||
a28050f8 JH |
279 | JH/37 Bug 2255: Revert the disable of the OpenSSL session caching. This |
280 | triggered odd behaviour from Outlook Express clients. | |
281 | ||
ddd16464 PP |
282 | PP/03 Add util/renew-opendmarc-tlds.sh script for safe renewal of public |
283 | suffix list. | |
284 | ||
321ef002 JH |
285 | JH/38 DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form, |
286 | since the IETF WG has not yet settled on that versus the original | |
287 | "bare" representation. | |
288 | ||
3203e7ba JH |
289 | JH/39 Fix syslog logging for syslog_timestamp=no and log_selector +millisec. |
290 | Previously the millisecond value corrupted the output. | |
291 | Fix also for syslog_pid=no and log_selector +pid, for which the pid | |
292 | corrupted the output. | |
293 | ||
bbfb5dcd | 294 | |
acfc18c3 PP |
295 | Exim version 4.90 |
296 | ----------------- | |
297 | ||
298 | JH/01 Rework error string handling in TLS interface so that the caller in | |
299 | more cases is responsible for logging. This permits library-sourced | |
300 | string to be attached to addresses during delivery, and collapses | |
301 | pairs of long lines into single ones. | |
302 | ||
856d1e16 PP |
303 | PP/01 Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly |
304 | during configuration. Wildcards are allowed and expanded. | |
305 | ||
b9df1829 JH |
306 | JH/02 Rework error string handling in DKIM to pass more info back to callers. |
307 | This permits better logging. | |
308 | ||
875512a3 JH |
309 | JH/03 Rework the transport continued-connection mechanism: when TLS is active, |
310 | do not close it down and have the child transport start it up again on | |
311 | the passed-on TCP connection. Instead, proxy the child (and any | |
312 | subsequent ones) for TLS via a unix-domain socket channel. Logging is | |
313 | affected: the continued delivery log lines do not have any DNSSEC, TLS | |
5013d912 | 314 | Certificate or OCSP information. TLS cipher information is still logged. |
875512a3 | 315 | |
fc3f96af JH |
316 | JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of |
317 | identical IP addresses on different listening ports. Will also affect | |
318 | "exiwhat" output. | |
319 | ||
98913c8e BK |
320 | PP/02 Bug 2070: uClibc defines __GLIBC__ without providing glibc headers; |
321 | add noisy ifdef guards to special-case this sillyness. | |
322 | Patch from Bernd Kuhls. | |
323 | ||
8d909960 JH |
324 | JH/05 Tighten up the checking in isip4 (et al): dotted-quad components larger |
325 | than 255 are no longer allowed. | |
326 | ||
7006ee24 JH |
327 | JH/06 Default openssl_options to include +no_ticket, to reduce load on peers. |
328 | Disable the session-cache too, which might reduce our load. Since we | |
329 | currrectly use a new context for every connection, both as server and | |
330 | client, there is no benefit for these. | |
331 | GnuTLS appears to not support tickets server-side by default (we don't | |
332 | call gnutls_session_ticket_enable_server()) but client side is enabled | |
333 | by default on recent versions (3.1.3 +) unless the PFS priority string | |
334 | is used (3.2.4 +). | |
335 | ||
6e411084 PP |
336 | PP/03 Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at |
337 | <https://reproducible-builds.org/specs/source-date-epoch/>. | |
338 | ||
4c2471ca JH |
339 | JH/07 Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously |
340 | the check for any unsuccessful recipients did not notice the limit, and | |
341 | erroneously found still-pending ones. | |
342 | ||
4e910c01 JH |
343 | JH/08 Pipeline CHUNKING command and data together, on kernels that support |
344 | MSG_MORE. Only in-clear (not on TLS connections). | |
345 | ||
42055a33 JH |
346 | JH/09 Avoid using a temporary file during transport using dkim. Unless a |
347 | transport-filter is involved we can buffer the headers in memory for | |
348 | creating the signature, and read the spool data file once for the | |
349 | signature and again for transmission. | |
350 | ||
eeb35890 JH |
351 | JH/10 Enable use of sendfile in Linux builds as default. It was disabled in |
352 | 4.77 as the kernel support then wasn't solid, having issues in 64bit | |
7d758a6a | 353 | mode. Now, it's been long enough. Add support for FreeBSD also. |
eeb35890 | 354 | |
b7d3afcf JH |
355 | JH/11 Bug 2104: Fix continued use of a transport connection with TLS. In the |
356 | case where the routing stage had gathered several addresses to send to | |
357 | a host before calling the transport for the first, we previously failed | |
358 | to close down TLS in the old transport process before passing the TCP | |
359 | connection to the new process. The new one sent a STARTTLS command | |
360 | which naturally failed, giving a failed delivery and bloating the retry | |
361 | database. Investigation and fix prototype from Wolfgang Breyha. | |
362 | ||
40525d07 JH |
363 | JH/12 Fix check on SMTP command input synchronisation. Previously there were |
364 | false-negatives in the check that the sender had not preempted a response | |
365 | or prompt from Exim (running as a server), due to that code's lack of | |
a5ffa9b4 | 366 | awareness of the SMTP input buffering. |
40525d07 | 367 | |
f33875c3 PP |
368 | PP/04 Add commandline_checks_require_admin option. |
369 | Exim drops privileges sanely, various checks such as -be aren't a | |
370 | security problem, as long as you trust local users with access to their | |
371 | own account. When invoked by services which pass untrusted data to | |
372 | Exim, this might be an issue. Set this option in main configuration | |
373 | AND make fixes to the calling application, such as using `--` to stop | |
374 | processing options. | |
375 | ||
a5ffa9b4 JH |
376 | JH/13 Do pipelining under TLS. Previously, although safe, no advantage was |
377 | taken. Now take care to pack both (client) MAIL,RCPT,DATA, and (server) | |
378 | responses to those, into a single TLS record each way (this usually means | |
379 | a single packet). As a side issue, smtp_enforce_sync now works on TLS | |
380 | connections. | |
925ac8e4 | 381 | |
6600985a PP |
382 | PP/05 OpenSSL/1.1: use DH_bits() for more accurate DH param sizes. This |
383 | affects you only if you're dancing at the edge of the param size limits. | |
384 | If you are, and this message makes sense to you, then: raise the | |
385 | configured limit or use OpenSSL 1.1. Nothing we can do for older | |
386 | versions. | |
387 | ||
ac4d558b JH |
388 | JH/14 For the "sock" variant of the malware scanner interface, accept an empty |
389 | cmdline element to get the documented default one. Previously it was | |
390 | inaccessible. | |
391 | ||
e69636bc JH |
392 | JH/15 Fix a crash in the smtp transport caused when two hosts in succession |
393 | are unsuable for non-message-specific reasons - eg. connection timeout, | |
394 | banner-time rejection. | |
395 | ||
a843a57e JH |
396 | JH/16 Fix logging of delivery remote port, when specified by router, under |
397 | callout/hold. | |
398 | ||
8e041ae0 PP |
399 | PP/06 Repair manualroute's ability to take options in any order, even if one |
400 | is the name of a transport. | |
833c70bc PP |
401 | Fixes bug 2140. |
402 | ||
35a04365 HSHR |
403 | HS/01 Cleanup, prevent repeated use of -p/-oMr (CVE-2017-1000369) |
404 | ||
4226691b JH |
405 | JH/17 Change the list-building routines interface to use the expanding-string |
406 | triplet model, for better allocation and copying behaviour. | |
407 | ||
d185889f JH |
408 | JH/18 Prebuild the data-structure for "builtin" macros, for faster startup. |
409 | Previously it was constructed the first time a possibly-matching string | |
410 | was met in the configuration file input during startup; now it is done | |
411 | during compilation. | |
412 | ||
0a6c178c JH |
413 | JH/19 Bug 2141: Use the full-complex API for Berkeley DB rather than the legacy- |
414 | compatible one, to avoid the (poorly documented) possibility of a config | |
415 | file in the working directory redirecting the DB files, possibly correpting | |
02745400 | 416 | some existing file. CVE-2017-10140 assigned for BDB. |
0a6c178c | 417 | |
fae8970d JH |
418 | JH/20 Bug 2147: Do not defer for a verify-with-callout-and-random which is not |
419 | cache-hot. Previously, although the result was properly cached, the | |
420 | initial verify call returned a defer. | |
421 | ||
ad1a76fe | 422 | JH/21 Bug 2151: Avoid using SIZE on the MAIL for a callout verify, on any but |
14de8063 JH |
423 | the main verify for receipient in uncached-mode. |
424 | ||
ad1a76fe JH |
425 | JH/22 Retire historical build files to an "unsupported" subdir. These are |
426 | defined as "ones for which we have no current evidence of testing". | |
427 | ||
135e9496 JH |
428 | JH/23 DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field, |
429 | if present. Previously it was ignored. | |
430 | ||
f2ed27cf JH |
431 | JH/24 Start using specified-initialisers in C structure init coding. This is |
432 | a C99 feature (it's 2017, so now considered safe). | |
433 | ||
7eb0e5d2 JH |
434 | JH/25 Use one-bit bitfields for flags in the "addr" data structure. Previously |
435 | if was a fixed-sized field and bitmask ops via macros; it is now more | |
436 | extensible. | |
437 | ||
4f9f4be4 JÅ |
438 | PP/07 GitHub PR 56: Apply MariaDB build fix. |
439 | Patch provided by Jaroslav Å karvada. | |
440 | ||
dc4de9cc PP |
441 | PP/08 Bug 2161: Fix regression in sieve quoted-printable handling introduced |
442 | during Coverity cleanups [4.87 JH/47] | |
443 | Diagnosis and fix provided by Michael Fischer v. Mollard. | |
444 | ||
ea18931d JH |
445 | JH/26 Fix DKIM bug: when the pseudoheader generated for signing was exactly |
446 | the right size to place the terminating semicolon on its own folded | |
447 | line, the header hash was calculated to an incorrect value thanks to | |
448 | the (relaxed) space the fold became. | |
449 | ||
2cee425a HSHR |
450 | HS/02 Fix Bug 2130: large writes from the transport subprocess where chunked |
451 | and confused the parent. | |
452 | ||
848214f7 JH |
453 | JH/27 Fix SOCKS bug: an unitialized pointer was deref'd by the transport process |
454 | which could crash as a result. This could lead to undeliverable messages. | |
455 | ||
9e0ed81f JH |
456 | JH/28 Logging: "next input sent too soon" now shows where input was truncated |
457 | for log purposes. | |
458 | ||
2540f2f8 JH |
459 | JH/29 Fix queue_run_in_order to ignore the PID portion of the message ID. This |
460 | matters on fast-turnover and PID-randomising systems, which were getting | |
461 | out-of-order delivery. | |
462 | ||
e5ab0ba9 JH |
463 | JH/30 Fix a logging bug on aarch64: an unsafe routine was previously used for |
464 | a possibly-overlapping copy. The symptom was that "Remote host closed | |
465 | connection in response to HELO" was logged instead of the actual 4xx | |
466 | error for the HELO. | |
467 | ||
e99a3a6c JH |
468 | JH/31 Fix CHUNKING code to properly flush the unwanted chunk after an error. |
469 | Previously only that bufferd was discarded, resulting in SYMTP command | |
470 | desynchronisation. | |
471 | ||
18067c75 JH |
472 | JH/32 DKIM: when a message has multiple signatures matching an identity given |
473 | in dkim_verify_signers, run the dkim acl once for each. Previously only | |
474 | one run was done. Bug 2189. | |
475 | ||
72934ba7 JH |
476 | JH/33 Downgrade an unfound-list name (usually a typo in the config file) from |
477 | "panic the current process" to "deliberately defer". The panic log is | |
478 | still written with the problem list name; the mail and reject logs now | |
479 | get a temp-reject line for the message that was being handled, saying | |
480 | something like "domains check lookup or other defer". The SMTP 451 | |
481 | message is still "Temporary local problem". | |
482 | ||
625667b6 JH |
483 | JH/34 Bug 2199: Fix a use-after-free while reading smtp input for header lines. |
484 | A crafted sequence of BDAT commands could result in in-use memory beeing | |
b488395f JH |
485 | freed. CVE-2017-16943. |
486 | ||
487 | HS/03 Bug 2201: Fix checking for leading-dot on a line during headers reading | |
488 | from SMTP input. Previously it was always done; now only done for DATA | |
489 | and not BDAT commands. CVE-2017-16944. | |
625667b6 | 490 | |
d21bf202 JH |
491 | JH/35 Bug 2201: Flush received data in BDAT mode after detecting an error fatal |
492 | to the message (such as an overlong header line). Previously this was | |
493 | not done and we did not exit BDAT mode. Followon from the previous item | |
494 | though a different problem. | |
495 | ||
acfc18c3 | 496 | |
fd047340 | 497 | Exim version 4.89 |
acfc18c3 | 498 | ----------------- |
4c57a40e | 499 | |
9427e879 | 500 | JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules |
4c04137d | 501 | than -2003 did; needs libidn2 in addition to libidn. |
fd047340 | 502 | |
7b283890 JH |
503 | JH/02 The path option on a pipe transport is now expanded before use. |
504 | ||
4c57a40e PP |
505 | PP/01 GitHub PR 50: Do not call ldap_start_tls_s on ldapi:// connections. |
506 | Patch provided by "Björn", documentation fix added too. | |
507 | ||
5d036699 JH |
508 | JH/03 Bug 2003: fix Proxy Protocol v2 handling: the address size field was |
509 | missing a wire-to-host endian conversion. | |
510 | ||
f4630439 JH |
511 | JH/04 Bug 2004: fix CHUNKING in non-PIPELINEING mode. Chunk data following |
512 | close after a BDAT command line could be taken as a following command, | |
513 | giving a synch failure. Fix by only checking for synch immediately | |
514 | before acknowledging the chunk. | |
515 | ||
f988ce57 JS |
516 | PP/02 GitHub PR 52: many spelling fixes, which include fixing parsing of |
517 | no_require_dnssec option and creation of _HAVE_TRANSPORT_APPEND_MAILDIR | |
518 | macro. Patches provided by Josh Soref. | |
519 | ||
bd8fbe36 JH |
520 | JH/05 Have the EHLO response advertise VRFY, if there is a vrfy ACL defined. |
521 | Previously we did not; the RFC seems ambiguous and VRFY is not listed | |
522 | by IANA as a service extension. However, John Klensin suggests that we | |
523 | should. | |
524 | ||
525 | JH/06 Bug 2017: Fix DKIM verification in -bh test mode. The data feed into | |
b895f4b2 JH |
526 | the dkim code may be unix-mode line endings rather than smtp wire-format |
527 | CRLF, so prepend a CR to any bare LF. | |
fd047340 | 528 | |
bd8fbe36 | 529 | JH/07 Rationalise the coding for callout smtp conversations and transport ones. |
902fbd69 JH |
530 | As a side-benfit, callouts can now use PIPELINING hence fewer round-trips. |
531 | ||
bd8fbe36 JH |
532 | JH/08 Bug 2016: Fix DKIM verification vs. CHUNKING. Any BDAT commands after |
533 | the first were themselves being wrongly included in the feed into dkim | |
534 | processing; with most chunk sizes in use this resulted in an incorrect | |
535 | body hash calculated value. | |
536 | ||
eea19017 JH |
537 | JH/09 Bug 2014: permit inclusion of a DKIM-Signature header in a received |
538 | DKIM signature block, for verification. Although advised against by | |
539 | standards it is specifically not ruled illegal. | |
540 | ||
44e6651b JH |
541 | JH/10 Bug 2025: Fix reception of (quoted) local-parts with embedded spaces. |
542 | ||
543 | JH/11 Bug 2029: Fix crash in DKIM verification when a message signature block is | |
544 | missing a body hash (the bh= tag). | |
545 | ||
546 | JH/12 Bug 2018: Re-order Proxy Protocol startup versus TLS-on-connect startup. | |
547 | It seems that HAProxy sends the Proxy Protocol information in clear and | |
548 | only then does a TLS startup, so do the same. | |
549 | ||
550 | JH/13 Bug 2027: Avoid attempting to use TCP Fast Open for non-transport client | |
551 | TCP connections (such as for Spamd) unless the daemon successfully set | |
552 | Fast Open mode on its listening sockets. This fixes breakage seen on | |
553 | too-old kernels or those not configured for Fast Open, at the cost of | |
554 | requiring both directions being enabled for TFO, and TFO never being used | |
555 | by non-daemon-related Exim processes. | |
556 | ||
557 | JH/14 Bug 2000: Reject messages recieved with CHUNKING but with malformed line | |
558 | endings, at least on the first header line. Try to canonify any that get | |
559 | past that check, despite the cost. | |
560 | ||
b6040544 JH |
561 | JH/15 Angle-bracket nesting (an error inserted by broken sendmails) levels are |
562 | now limited to an arbitrary five deep, while parsing addresses with the | |
563 | strip_excess_angle_brackets option enabled. | |
564 | ||
f700ea4d PP |
565 | PP/03 Bug 2018: For Proxy Protocol and TLS-on-connect, do not over-read and |
566 | instead leave the unprompted TLS handshake in socket buffer for the | |
567 | TLS library to consume. | |
568 | ||
da88acae PP |
569 | PP/04 Bug 2018: Also handle Proxy Protocol v2 safely. |
570 | ||
f6ef9370 PP |
571 | PP/05 FreeBSD compat: handle that Ports no longer create /usr/bin/perl |
572 | ||
90341c71 JH |
573 | JH/16 Drop variables when they go out of scope. Memory management drops a whole |
574 | region in one operation, for speed, and this leaves assigned pointers | |
575 | dangling. Add checks run only under the testsuite which checks all | |
576 | variables at a store-reset and panics on a dangling pointer; add code | |
577 | explicitly nulling out all the variables discovered. Fixes one known | |
578 | bug: a transport crash, where a dangling pointer for $sending_ip_address | |
579 | originally assigned in a verify callout, is re-used. | |
580 | ||
1ec2ab36 PP |
581 | PP/06 Drop '.' from @INC in various Perl scripts. |
582 | ||
583 | PP/07 Switch FreeBSD iconv to always use the base-system libc functions. | |
584 | ||
585 | PP/08 Reduce a number of compilation warnings under clang; building with | |
586 | CC=clang CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses | |
587 | should be warning-free. | |
588 | ||
8b2b9480 PP |
589 | JH/17 Fix inbound CHUNKING when DKIM disabled at runtime. |
590 | ||
591 | HS/01 Fix portability problems introduced by PP/08 for platforms where | |
592 | realloc(NULL) is not equivalent to malloc() [SunOS et al]. | |
593 | ||
d953610f HSHR |
594 | HS/02 Bug 1974: Fix missing line terminator on the last received BDAT |
595 | chunk. This allows us to accept broken chunked messages. We need a more | |
596 | general solution here. | |
597 | ||
7dc5f827 PP |
598 | PP/09 Wrote util/chunking_fixqueue_finalnewlines.pl to help recover |
599 | already-broken messages in the queue. | |
600 | ||
4bb432cb PP |
601 | JH/18 Bug 2061: Fix ${extract } corrupting an enclosing ${reduce } $value. |
602 | ||
3b1a84c8 PP |
603 | JH/19 Fix reference counting bug in routing-generated-address tracking. |
604 | ||
902fbd69 | 605 | |
8d042305 JH |
606 | Exim version 4.88 |
607 | ----------------- | |
4c57a40e | 608 | |
9094b84b JH |
609 | JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination |
610 | supports it and a size is available (ie. the sending peer gave us one). | |
8d042305 | 611 | |
03d5892b JH |
612 | JH/02 The obsolete acl condition "demime" is removed (finally, after ten |
613 | years of being deprecated). The replacements are the ACLs | |
614 | acl_smtp_mime and acl_not_smtp_mime. | |
615 | ||
4b0fe319 JH |
616 | JH/03 Upgrade security requirements imposed for hosts_try_dane: previously |
617 | a downgraded non-dane trust-anchor for the TLS connection (CA-style) | |
618 | or even an in-clear connection were permitted. Now, if the host lookup | |
619 | was dnssec and dane was requested then the host is only used if the | |
620 | TLSA lookup succeeds and is dnssec. Further hosts (eg. lower priority | |
621 | MXs) will be tried (for hosts_try_dane though not for hosts_require_dane) | |
622 | if one fails this test. | |
623 | This means that a poorly-configured remote DNS will make it incommunicado; | |
624 | but it protects against a DNS-interception attack on it. | |
625 | ||
789f8a4f JH |
626 | JH/04 Bug 1810: make continued-use of an open smtp transport connection |
627 | non-noisy when a race steals the message being considered. | |
628 | ||
23bb6982 | 629 | JH/05 If main configuration option tls_certificate is unset, generate a |
f59aaaaa | 630 | self-signed certificate for inbound TLS connections. |
23bb6982 | 631 | |
0bd1b1ed | 632 | JH/06 Bug 165: hide more cases of password exposure - this time in expansions |
f42deca9 | 633 | in rewrites and routers. |
0bd1b1ed | 634 | |
20b9a2dc JH |
635 | JH/07 Retire gnutls_require_mac et.al. These were nonfunctional since 4.80 |
636 | and logged a warning sing 4.83; now they are a configuration file error. | |
637 | ||
05392bbc JH |
638 | JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name |
639 | (lacking @domain). Apply the same qualification processing as RCPT. | |
640 | ||
1a6230a3 JH |
641 | JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode. |
642 | ||
cfab9d68 JH |
643 | JH/10 Support ${sha256:} applied to a string (as well as the previous |
644 | certificate). | |
645 | ||
98c82a3d JH |
646 | JH/11 Cutthrough: avoid using the callout hints db on a verify callout when |
647 | a cutthrough deliver is pending, as we always want to make a connection. | |
648 | This also avoids re-routing the message when later placing the cutthrough | |
649 | connection after a verify cache hit. | |
650 | Do not update it with the verify result either. | |
651 | ||
652 | JH/12 Cutthrough: disable when verify option success_on_redirect is used, and | |
653 | when routing results in more than one destination address. | |
654 | ||
ae8386f0 JH |
655 | JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim |
656 | signing (which inhibits the cutthrough capability). Previously only | |
657 | the presence of an option was tested; now an expansion evaluating as | |
658 | empty is permissible (obviously it should depend only on data available | |
659 | when the cutthrough connection is made). | |
660 | ||
0d9fa8c0 JH |
661 | JH/14 Fix logging of errors under PIPELINING. Previously the log line giving |
662 | the relevant preceding SMTP command did not note the pipelining mode. | |
663 | ||
3581f321 JH |
664 | JH/15 Fix counting of empty lines in $body_linecount and $message_linecount. |
665 | Previously they were not counted. | |
666 | ||
ef3a1a30 JH |
667 | JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same |
668 | as one having no matching records. Previously we deferred the message | |
669 | that needed the lookup. | |
670 | ||
4c04137d | 671 | JH/17 Fakereject: previously logged as a normal message arrival "<="; now |
27b9e5f4 JH |
672 | distinguished as "(=". |
673 | ||
1435d4b2 JH |
674 | JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work |
675 | for missing MX records. Previously it only worked for missing A records. | |
676 | ||
eea0defe JB |
677 | JH/19 Bug 1850: support Radius libraries that return REJECT_RC. |
678 | ||
679 | JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops | |
680 | after the data-go-ahead and data-ack. Patch from Jason Betts. | |
860cdda2 | 681 | |
4c04137d | 682 | JH/21 Bug 1846: Send DMARC forensic reports for reject and quarantine results, |
72a201e2 TM |
683 | even for a "none" policy. Patch from Tony Meyer. |
684 | ||
1c788856 JH |
685 | JH/22 Fix continued use of a connection for further deliveries. If a port was |
686 | specified by a router, it must also match for the delivery to be | |
687 | compatible. | |
688 | ||
e3b1f624 JH |
689 | JH/23 Bug 1874: fix continued use of a connection for further deliveries. |
690 | When one of the recipients of a message was unsuitable for the connection | |
691 | (has no matching addresses), we lost track of needing to mark it | |
692 | deferred. As a result mail would be lost. | |
693 | ||
a57ce043 JH |
694 | JH/24 Bug 1832: Log EHLO response on getting conn-close response for HELO. |
695 | ||
f59aaaaa | 696 | JH/25 Decoding ACL controls is now done using a binary search; the source code |
2d009132 JH |
697 | takes up less space and should be simpler to maintain. Merge the ACL |
698 | condition decode tables also, with similar effect. | |
d7bed771 | 699 | |
d1f9fb42 JH |
700 | JH/26 Fix problem with one_time used on a redirect router which returned the |
701 | parent address unchanged. A retry would see the parent address marked as | |
702 | delivered, so not attempt the (identical) child. As a result mail would | |
703 | be lost. | |
704 | ||
92b0827a JH |
705 | JH/27 Fix a possible security hole, wherein a process operating with the Exim |
706 | UID can gain a root shell. Credit to http://www.halfdog.net/ for | |
707 | discovery and writeup. Ubuntu bug 1580454; no bug raised against Exim | |
708 | itself :( | |
709 | ||
ddf1b11a JH |
710 | JH/28 Enable {spool,log} filesystem space and inode checks as default. |
711 | Main config options check_{log,spool}_{inodes,space} are now | |
712 | 100 inodes, 10MB unless set otherwise in the configuration. | |
713 | ||
3cc3f762 JH |
714 | JH/29 Fix the connection_reject log selector to apply to the connect ACL. |
715 | Previously it only applied to the main-section connection policy | |
716 | options. | |
717 | ||
ae5afa61 JH |
718 | JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext. |
719 | ||
317e40ac PP |
720 | PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created |
721 | by me. Added RFC7919 DH primes as an alternative. | |
722 | ||
8b0fb68e PP |
723 | PP/02 Unbreak build via pkg-config with new hash support when crypto headers |
724 | are not in the system include path. | |
725 | ||
ad7fc6eb | 726 | JH/31 Fix longstanding bug with aborted TLS server connection handling. Under |
f59aaaaa | 727 | GnuTLS, when a session startup failed (eg because the client disconnected) |
ad7fc6eb JH |
728 | Exim did stdio operations after fclose. This was exposed by a recent |
729 | change which nulled out the file handle after the fclose. | |
ad7fc6eb | 730 | |
ee5b1e28 JH |
731 | JH/32 Bug 1909: Fix OCSP proof verification for cases where the proof is |
732 | signed directly by the cert-signing cert, rather than an intermediate | |
733 | OCSP-signing cert. This is the model used by LetsEncrypt. | |
734 | ||
5ddc9771 JH |
735 | JH/33 Bug 1914: Ensure socket is nonblocking before draining after SMTP QUIT. |
736 | ||
8d73599f JH |
737 | HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on |
738 | an incoming connection. | |
739 | ||
446415f5 HSHR |
740 | HS/02 Bug 1802: Do not half-close the connection after sending a request |
741 | to rspamd. | |
742 | ||
8e53a4fc HSHR |
743 | HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2 |
744 | fallback to "prime256v1". | |
8d042305 | 745 | |
87cb4a16 | 746 | JH/34 SECURITY: Use proper copy of DATA command in error message. |
4c57a40e | 747 | Could leak key material. Remotely exploitable. CVE-2016-9963. |
87cb4a16 JH |
748 | |
749 | ||
0d9b78be JH |
750 | Exim version 4.87 |
751 | ----------------- | |
4c57a40e | 752 | |
82d14d6a JH |
753 | JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16 |
754 | and 3.4.4 - once the server is enabled to respond to an OCSP request | |
755 | it does even when not requested, resulting in a stapling non-aware | |
756 | client dropping the TLS connection. | |
0d9b78be | 757 | |
6c6d6e48 TF |
758 | TF/01 Code cleanup: Overhaul the debug_selector and log_selector machinery to |
759 | support variable-length bit vectors. No functional change. | |
760 | ||
ac881e27 TF |
761 | TF/02 Improve the consistency of logging incoming and outgoing interfaces. |
762 | The I= interface field on outgoing lines is now after the H= remote | |
763 | host field, same as incoming lines. There is a separate | |
764 | outgoing_interface log selector which allows you to disable the | |
765 | outgoing I= field. | |
766 | ||
c8899c20 JH |
767 | JH/02 Bug 728: Close logfiles after a daemon-process "exceptional" log write. |
768 | If not running log_selector +smtp_connection the mainlog would be held | |
769 | open indefinitely after a "too many connections" event, including to a | |
770 | deleted file after a log rotate. Leave the per net connection logging | |
771 | leaving it open for efficiency as that will be quickly detected by the | |
772 | check on the next write. | |
773 | ||
f1b81d81 HSHR |
774 | HS/01 Bug 1671: Fix post transport crash. |
775 | Processing the wait-<transport> messages could crash the delivery | |
776 | process if the message IDs didn't exist for some reason. When | |
777 | using 'split_spool_directory=yes' the construction of the spool | |
778 | file name failed already, exposing the same netto behaviour. | |
779 | ||
f38917cc JH |
780 | JH/03 Bug 425: Capture substrings in $regex1, $regex2 etc from regex & |
781 | mime_regex ACL conditions. | |
782 | ||
895fbaf2 JH |
783 | JH/04 Bug 1686: When compiled with EXPERIMENTAL_DSN_INFO: Add extra information |
784 | to DSN fail messages (bounces): remote IP, remote greeting, remote response | |
785 | to HELO, local diagnostic string. | |
786 | ||
805bb5c3 JH |
787 | JH/05 Downgrade message for a TLS-certificate-based authentication fail from |
788 | log line to debug. Even when configured with a tls authenticator many | |
789 | client connections are expected to not authenticate in this way, so | |
790 | an authenticate fail is not an error. | |
791 | ||
56c2a7be HSHR |
792 | HS/02 Add the Exim version string to the process info. This way exiwhat |
793 | gives some more detail about the running daemon. | |
794 | ||
4c04137d | 795 | JH/06 Bug 1395: time-limit caching of DNS lookups, to the TTL value. This may |
14b3c5bc JH |
796 | matter for fast-change records such as DNSBLs. |
797 | ||
6f6dedcc JH |
798 | JH/07 Bug 1678: Always record an interface option value, if set, as part of a |
799 | retry record, even if constant. There may be multiple transports with | |
800 | different interface settings and the retry behaviour needs to be kept | |
801 | distinct. | |
802 | ||
0f557e90 JH |
803 | JH/08 Bug 1586: exiqgrep now refuses to run if there are unexpected arguments. |
804 | ||
805 | JH/09 Bug 1700: ignore space & tab embedded in base64 during decode. | |
806 | ||
ec0eb1a3 JH |
807 | JH/10 Bug 840: fix log_defer_output option of pipe transport |
808 | ||
41e93589 JH |
809 | JH/11 Bug 830: use same host for all RCPTS of a message, even under |
810 | hosts_randomize. This matters a lot when combined with mua_wrapper. | |
811 | ||
98b98887 | 812 | JH/12 Bug 1706: percent and underbar characters are no longer escaped by the |
376d2ec0 JH |
813 | ${quote_pgsql:<string>} operator. |
814 | ||
98b98887 JH |
815 | JH/13 Bug 1708: avoid misaligned access in cached lookup. |
816 | ||
858e91c2 JH |
817 | JH/14 Change header file name for freeradius-client. Relevant if compiling |
818 | with Radius support; from the Gentoo tree and checked under Fedora. | |
819 | ||
820 | JH/15 Bug 1712: Introduce $prdr_requested flag variable | |
821 | ||
6ff55e50 JH |
822 | JH/16 Bug 1714: Permit an empty string as expansion result for transport |
823 | option transport_filter, meaning no filtering. | |
824 | ||
3b957582 JB |
825 | JH/17 Bug 1713: Fix non-PDKIM_DEBUG build. Patch from Jasen Betts. |
826 | ||
23f3dc67 JH |
827 | JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now |
828 | defaults to "*" (all hosts). The variable is now available when not built | |
4c04137d | 829 | with TLS, default unset, mainly to enable keeping the testsuite sane. |
23f3dc67 JH |
830 | If a server certificate is not supplied (via tls_certificate) an error is |
831 | logged, and clients will find TLS connections fail on startup. Presumably | |
832 | they will retry in-clear. | |
833 | Packagers of Exim are strongly encouraged to create a server certificate | |
834 | at installation time. | |
835 | ||
240c288f JH |
836 | HS/03 Add -bP config_file as a synonym for -bP configure_file, for consistency |
837 | with the $config_file variable. | |
838 | ||
5ef5dd52 JB |
839 | JH/19 Two additional event types: msg:rcpt:defer and msg:rcpt:host:defer. Both |
840 | in transport context, after the attempt, and per-recipient. The latter type | |
841 | is per host attempted. The event data is the error message, and the errno | |
842 | information encodes the lookup type (A vs. MX) used for the (first) host, | |
4c04137d | 843 | and the trailing two digits of the smtp 4xx response. |
5ef5dd52 | 844 | |
e161710d GF |
845 | GF/01 Bug 1715: Fix for race condition in exicyclog, where exim could attempt |
846 | to write to mainlog (or rejectlog, paniclog) in the window between file | |
847 | creation and permissions/ownership being changed. Particularly affects | |
848 | installations where exicyclog is run as root, rather than exim user; | |
849 | result is that the running daemon panics and dies. | |
850 | ||
a159f203 JH |
851 | JH/20 Bug 1701: For MySQL lookups, support MySQL config file option group names. |
852 | ||
7f06582c JH |
853 | JH/21 Bug 1720: Add support for priority groups and weighted-random proxy |
854 | selection for the EXPERIMENTAL_SOCKS feature, via new per-proxy options | |
855 | "pri" and "weight". Note that the previous implicit priority given by the | |
856 | list order is no longer honoured. | |
857 | ||
4c04137d | 858 | JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalization |
abe1010c JH |
859 | for DKIM processing. |
860 | ||
f0989ec0 JH |
861 | JH/23 Move SOCKS5 support from Experimental to mainline, enabled for a build |
862 | by defining SUPPORT_SOCKS. | |
74f150bf | 863 | |
cee5f132 JH |
864 | JH/26 Move PROXY support from Experimental to mainline, enabled for a build |
865 | by defining SUPPORT_PROXY. Note that the proxy_required_hosts option | |
e6d2a989 JH |
866 | is renamed to hosts_proxy, and the proxy_{host,target}_{address,port}. |
867 | variables are renamed to proxy_{local,external}_{address,port}. | |
cee5f132 | 868 | |
8c5d388a JH |
869 | JH/27 Move Internationalisation support from Experimental to mainline, enabled |
870 | for a build by defining SUPPORT_I18N | |
871 | ||
2d8d625b JH |
872 | JH/28 Bug 1745: Fix redis lookups to handle (quoted) spaces embedded in parts |
873 | of the query string, and make ${quote_redis:} do that quoting. | |
874 | ||
0cbf2b82 JH |
875 | JH/29 Move Events support from Experimental to mainline, enabled by default |
876 | and removable for a build by defining DISABLE_EVENT. | |
877 | ||
f2f2c91b JH |
878 | JH/30 Updated DANE implementation code to current from Viktor Dukhovni. |
879 | ||
ce325893 JH |
880 | JH/31 Fix bug with hosts_connection_nolog and named-lists which were wrongly |
881 | cached by the daemon. | |
882 | ||
de78e2d5 JH |
883 | JH/32 Move Redis support from Experimental to mainline, enabled for a build |
884 | by defining LOOKUP_REDIS. The libhiredis library is required. | |
885 | ||
379ba7d0 JH |
886 | JH/33 Bug 1748: Permit ACL dnslists= condition in non-smtp ACLs if explicit |
887 | keys are given for lookup. | |
888 | ||
f444c2c7 JH |
889 | JH/34 Bug 1192: replace the embedded copy of PolarSSL RSA routines in the DKIM |
890 | support, by using OpenSSL or GnuTLS library ones. This means DKIM is | |
07c73177 JH |
891 | only supported when built with TLS support. The PolarSSL SHA routines |
892 | are still used when the TLS library is too old for convenient support. | |
f444c2c7 | 893 | |
a57b6200 JH |
894 | JH/35 Require SINGLE_DH_USE by default in OpenSSL (main config option |
895 | openssl_options), for security. OpenSSL forces this from version 1.1.0 | |
896 | server-side so match that on older versions. | |
897 | ||
07c73177 | 898 | JH/36 Bug 1778: longstanding bug in memory use by the ${run } expansion: A fresh |
fa01e4f8 | 899 | allocation for $value could be released as the expansion processing |
07c73177 | 900 | concluded, but leaving the global pointer active for it. |
fa01e4f8 | 901 | |
4f6ae5c3 JH |
902 | JH/37 Bug 1769: Permit a VRFY ACL to override the default 252 response, |
903 | and to use the domains and local_parts ACL conditions. | |
904 | ||
1bc460a6 JH |
905 | JH/38 Fix cutthrough bug with body lines having a single dot. The dot was |
906 | incorrectly not doubled on cutthrough transmission, hence seen as a | |
907 | body-termination at the receiving system - resulting in truncated mails. | |
62ac2eb7 | 908 | Commonly the sender saw a TCP-level error, and retransmitted the message |
1bc460a6 JH |
909 | via the normal store-and-forward channel. This could result in duplicates |
910 | received - but deduplicating mailstores were liable to retain only the | |
911 | initial truncated version. | |
912 | ||
ab9152ff | 913 | JH/39 Bug 1781: Fix use of DKIM private-keys having trailing '=' in the base-64. |
df3def24 | 914 | |
67e87fcf JH |
915 | JH/40 Fix crash in queryprogram router when compiled with EXPERIMENTAL_SRS. |
916 | ||
ab9152ff JH |
917 | JH/41 Bug 1792: Fix selection of headers to sign for DKIM: bottom-up. While |
918 | we're in there, support oversigning also; bug 1309. | |
919 | ||
af483912 JH |
920 | JH/42 Bug 1796: Fix error logged on a malware scanner connection failure. |
921 | ||
bc3c7bb7 | 922 | HS/04 Add support for keep_environment and add_environment options. |
df3def24 | 923 | |
13559da6 JH |
924 | JH/43 Tidy coding issues detected by gcc --fsanitize=undefined. Some remain; |
925 | either intentional arithmetic overflow during PRNG, or testing config- | |
926 | induced overflows. | |
927 | ||
59eaad2b JH |
928 | JH/44 Bug 1800: The combination of a -bhc commandline option and cutthrough |
929 | delivery resulted in actual delivery. Cancel cutthrough before DATA | |
930 | stage. | |
931 | ||
f9334a28 JH |
932 | JH/45 Fix cutthrough, when connection not opened by verify and target hard- |
933 | rejects a recipient: pass the reject to the originator. | |
934 | ||
dc8091e7 JH |
935 | JH/46 Multiple issues raised by Coverity. Some were obvious or plausible bugs. |
936 | Many were false-positives and ignorable, but it's worth fixing the | |
937 | former class. | |
938 | ||
dfe7d917 JH |
939 | JH/47 Fix build on HP-UX and older Solaris, which need (un)setenv now also |
940 | for the new environment-manipulation done at startup. Move the routines | |
941 | from being local to tls.c to being global via the os.c file. | |
942 | ||
93cc2d6e JH |
943 | JH/48 Bug 1807: Fix ${extract } for the numeric/3-string case. While preparsing |
944 | an extract embedded as result-arg for a map, the first arg for extract | |
945 | is unavailable so we cannot tell if this is a numbered or keyed | |
946 | extraction. Accept either. | |
947 | ||
13559da6 | 948 | |
9c695f6d JH |
949 | Exim version 4.86 |
950 | ----------------- | |
4c57a40e | 951 | |
9c695f6d JH |
952 | JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now |
953 | expanded. | |
954 | ||
506900af JH |
955 | JH/02 The smtp transport option "multi_domain" is now expanded. |
956 | ||
ad07e9ad JH |
957 | JH/03 The smtp transport now requests PRDR by default, if the server offers |
958 | it. | |
959 | ||
01a4a5c5 | 960 | JH/04 Certificate name checking on server certificates, when exim is a client, |
b3ef41c9 | 961 | is now done by default. The transport option tls_verify_cert_hostnames |
01a4a5c5 JH |
962 | can be used to disable this per-host. The build option |
963 | EXPERIMENTAL_CERTNAMES is withdrawn. | |
964 | ||
cb1d7830 | 965 | JH/05 The value of the tls_verify_certificates smtp transport and main options |
0e0f3f56 | 966 | default to the word "system" to access the system default CA bundle. |
cb1d7830 JH |
967 | For GnuTLS, only version 3.0.20 or later. |
968 | ||
610ff438 | 969 | JH/06 Verification of the server certificate for a TLS connection is now tried |
6d580f19 JH |
970 | (but not required) by default. The verification status is now logged by |
971 | default, for both outbound TLS and client-certificate supplying inbound | |
972 | TLS connections | |
610ff438 | 973 | |
f926e272 JH |
974 | JH/07 Changed the default rfc1413 lookup settings to disable calls. Few |
975 | sites use this now. | |
976 | ||
50dc7409 JH |
977 | JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery |
978 | Status Notification (bounce) messages are now MIME format per RFC 3464. | |
979 | Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised | |
980 | under the control of the dsn_advertise_hosts option, and routers may | |
981 | have a dsn_lasthop option. | |
982 | ||
0f0c8159 JH |
983 | JH/09 A timeout of 2 minutes is now applied to all malware scanner types by |
984 | default, modifiable by a malware= option. The list separator for | |
23763898 | 985 | the options can now be changed in the usual way. Bug 68. |
4e71661f | 986 | |
1ad6489e JH |
987 | JH/10 The smtp_receive_timeout main option is now expanded before use. |
988 | ||
aeaf5db3 JH |
989 | JH/11 The incoming_interface log option now also enables logging of the |
990 | local interface on delivery outgoing connections. | |
991 | ||
5032d1cf JH |
992 | JH/12 The cutthrough-routing facility now supports multi-recipient mails, |
993 | if the interface and destination host and port all match. | |
994 | ||
7e8360e6 JH |
995 | JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a |
996 | /defer_ok option. | |
997 | ||
c5f280e2 AL |
998 | JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd. |
999 | Patch from Andrew Lewis. | |
1000 | ||
fd4d8871 | 1001 | JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition) |
dc7b3d36 | 1002 | now supports optional time-restrictions, weighting, and priority |
fd4d8871 R |
1003 | modifiers per server. Patch originally by <rommer@active.by>. |
1004 | ||
1005 | JH/16 The spamd_address main option now supports a mixed list of local | |
2aad5761 JH |
1006 | and remote servers. Remote servers can be IPv6 addresses, and |
1007 | specify a port-range. | |
fd4d8871 | 1008 | |
23763898 JH |
1009 | JH/17 Bug 68: The spamd_address main option now supports an optional |
1010 | timeout value per server. | |
1011 | ||
2ad78978 JH |
1012 | JH/18 Bug 1581: Router and transport options headers_add/remove can |
1013 | now have the list separator specified. | |
1014 | ||
8a512ed5 | 1015 | JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry |
cfab9d68 | 1016 | option values. |
8a512ed5 | 1017 | |
82c0c8ea | 1018 | JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails |
f69979cf JH |
1019 | under OpenSSL. |
1020 | ||
cc00f4af JH |
1021 | JH/21 Support for the A6 type of dns record is withdrawn. |
1022 | ||
82c0c8ea JH |
1023 | JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters |
1024 | rather than the verbs used. | |
1025 | ||
b980ed83 JH |
1026 | JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size |
1027 | from 255 to 1024 chars. | |
1028 | ||
6c9ed72e JH |
1029 | JH/24 Verification callouts now attempt to use TLS by default. |
1030 | ||
cfab9d68 | 1031 | HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains) |
99c1bb4e | 1032 | are generic router options now. The defaults didn't change. |
50dc7409 | 1033 | |
f846c8f5 JH |
1034 | JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames. |
1035 | Original patch from Alexander Shikoff, worked over by JH. | |
1036 | ||
fd4c285c HSHR |
1037 | HS/02 Bug 1575: exigrep falls back to autodetection of compressed |
1038 | files if ZCAT_COMMAND is not executable. | |
1039 | ||
4c04137d | 1040 | JH/26 Bug 1539: Add timeout/retry options on dnsdb lookups. |
fd7f7910 | 1041 | |
d2a2c69b JH |
1042 | JH/27 Bug 286: Support SOA lookup in dnsdb lookups. |
1043 | ||
8241d8dd JH |
1044 | JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN. |
1045 | Normally benign, it bites when the pair was led to by a CNAME; | |
4c04137d | 1046 | modern usage is to not canonicalize the domain to a CNAME target |
8241d8dd JH |
1047 | (and we were inconsistent anyway for A-only vs AAAA+A). |
1048 | ||
1f12df4d JH |
1049 | JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards. |
1050 | ||
1f155f8e JH |
1051 | JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse, |
1052 | when evaluating $sender_host_dnssec. | |
1053 | ||
1705dd20 JH |
1054 | JH/31 Check the HELO verification lookup for DNSSEC, adding new |
1055 | $sender_helo_dnssec variable. | |
1056 | ||
038597d2 PP |
1057 | JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve. |
1058 | ||
474f71bf JH |
1059 | JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log. |
1060 | ||
7137ca4b JH |
1061 | JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues. |
1062 | ||
dcb1095c JH |
1063 | JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was |
1064 | documented as working, but never had. Support all but $spam_report. | |
1065 | ||
2f460950 JH |
1066 | JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command |
1067 | added for tls authenticator. | |
1068 | ||
2f680c0c HSHR |
1069 | HS/03 Add perl_taintmode main config option |
1070 | ||
9c695f6d | 1071 | |
e449c3b0 TL |
1072 | Exim version 4.85 |
1073 | ----------------- | |
4c57a40e | 1074 | |
e449c3b0 TL |
1075 | TL/01 When running the test suite, the README says that variables such as |
1076 | no_msglog_check are global and can be placed anywhere in a specific | |
1077 | test's script, however it was observed that placement needed to be near | |
1078 | the beginning for it to behave that way. Changed the runtest perl | |
1079 | script to read through the entire script once to detect and set these | |
1080 | variables, reset to the beginning of the script, and then run through | |
1081 | the script parsing/test process like normal. | |
1082 | ||
ac20058f TL |
1083 | TL/02 The BSD's have an arc4random API. One of the functions to induce |
1084 | adding randomness was arc4random_stir(), but it has been removed in | |
1085 | OpenBSD 5.5. Detect this OpenBSD version and skip calling this | |
1086 | function when detected. | |
1087 | ||
a9b8ec8b JH |
1088 | JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now |
1089 | cause callback expansion. | |
1090 | ||
6286d7c4 TL |
1091 | TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that |
1092 | syntax errors in an expansion can be treated as a string instead of | |
1093 | logging or causing an error, due to the internal use of bool_lax | |
1094 | instead of bool when processing it. | |
1095 | ||
0f06b4f2 | 1096 | JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for |
d567a64d JH |
1097 | server certificates when making smtp deliveries. |
1098 | ||
be36e572 JH |
1099 | JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups. |
1100 | ||
ac4ef9bd JH |
1101 | JH/04 Add ${sort {list}{condition}{extractor}} expansion item. |
1102 | ||
0eb51736 TL |
1103 | TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep. |
1104 | ||
c713ca4b TL |
1105 | TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups. |
1106 | Merged patch from Sebastian Wiedenroth. | |
e449c3b0 | 1107 | |
bd21a787 WB |
1108 | JH/05 Fix results-pipe from transport process. Several recipients, combined |
1109 | with certificate use, exposed issues where response data items split | |
1110 | over buffer boundaries were not parsed properly. This eventually | |
1111 | resulted in duplicates being sent. This issue only became common enough | |
4c04137d | 1112 | to notice due to the introduction of connection certificate information, |
bd21a787 WB |
1113 | the item size being so much larger. Found and fixed by Wolfgang Breyha. |
1114 | ||
8bc732e8 JH |
1115 | JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed |
1116 | size buffer was used, resulting in syntax errors when an expansion | |
1117 | exceeded it. | |
1118 | ||
a7fec7a7 JH |
1119 | JH/07 Add support for directories of certificates when compiled with a GnuTLS |
1120 | version 3.3.6 or later. | |
1121 | ||
4c04137d | 1122 | JH/08 Rename the TPDA experimental facility to Event Actions. The #ifdef |
774ef2d7 JH |
1123 | is EXPERIMENTAL_EVENT, the main-configuration and transport options |
1124 | both become "event_action", the variables become $event_name, $event_data | |
aec45841 | 1125 | and $event_defer_errno. There is a new variable $verify_mode, usable in |
723fe533 JH |
1126 | routers, transports and related events. The tls:cert event is now also |
1127 | raised for inbound connections, if the main configuration event_action | |
1128 | option is defined. | |
774ef2d7 | 1129 | |
eca4debb TL |
1130 | TL/06 In test suite, disable OCSP for old versions of openssl which contained |
1131 | early OCSP support, but no stapling (appears to be less than 1.0.0). | |
1132 | ||
8d692470 JH |
1133 | JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on |
1134 | server certificate names available under the smtp transport option | |
1135 | "tls_verify_cert_hostname" now do not permit multi-component wildcard | |
1136 | matches. | |
1137 | ||
e9477a08 JH |
1138 | JH/10 Time-related extraction expansions from certificates now use the main |
1139 | option "timezone" setting for output formatting, and are consistent | |
1140 | between OpenSSL and GnuTLS compilations. Bug 1541. | |
1141 | ||
ad4c5ff9 JH |
1142 | JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047- |
1143 | encoded parameter in the incoming message. Bug 1558. | |
8dea5edf JH |
1144 | |
1145 | JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now | |
1146 | include certificate info, eximon was claiming there were spoolfile | |
1147 | syntax errors. | |
1148 | ||
3394b36a | 1149 | JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return. |
8dea5edf JH |
1150 | |
1151 | JH/14 Log delivery-related information more consistently, using the sequence | |
1152 | "H=<name> [<ip>]" wherever possible. | |
1153 | ||
3394b36a TL |
1154 | TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which |
1155 | are problematic for Debian distribution, omit them from the release | |
1156 | tarball. | |
1157 | ||
ad4c5ff9 JH |
1158 | JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature. |
1159 | ||
4c04137d | 1160 | JH/16 Fix string representation of time values on 64bit time_t architectures. |
ad4c5ff9 JH |
1161 | Bug 1561. |
1162 | ||
1163 | JH/17 Fix a null-indirection in certextract expansions when a nondefault | |
1164 | output list separator was used. | |
1165 | ||
8bc732e8 | 1166 | |
1f0ebb98 TL |
1167 | Exim version 4.84 |
1168 | ----------------- | |
09728d20 TL |
1169 | TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static |
1170 | checkers that were complaining about end of non-void function with no | |
1171 | return. | |
1f0ebb98 | 1172 | |
a612424f | 1173 | JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers. |
4c04137d | 1174 | This was a regression introduced in 4.83 by another bugfix. |
a612424f JH |
1175 | |
1176 | JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled. | |
1177 | ||
1178 | TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when | |
a9b8ec8b | 1179 | EXPERIMENTAL_DSN is enabled. Fix from Wolfgang Breyha. |
a612424f | 1180 | |
1f0ebb98 | 1181 | |
c0e56233 TF |
1182 | Exim version 4.83 |
1183 | ----------------- | |
1184 | ||
1185 | TF/01 Correctly close the server side of TLS when forking for delivery. | |
1186 | ||
1187 | When a message was received over SMTP with TLS, Exim failed to clear up | |
1188 | the incoming connection properly after forking off the child process to | |
1189 | deliver the message. In some situations the subsequent outgoing | |
1190 | delivery connection happened to have the same fd number as the incoming | |
1191 | connection previously had. Exim would try to use TLS and fail, logging | |
1192 | a "Bad file descriptor" error. | |
1193 | ||
7245734e TF |
1194 | TF/02 Portability fix for building lookup modules on Solaris when the xpg4 |
1195 | utilities have not been installed. | |
1196 | ||
fd5dad68 JH |
1197 | JH/01 Fix memory-handling in use of acl as a conditional; avoid free of |
1198 | temporary space as the ACL may create new global variables. | |
1199 | ||
5428a946 TL |
1200 | TL/01 LDAP support uses per connection or global context settings, depending |
1201 | upon the detected version of the libraries at build time. | |
1202 | ||
a3c86431 TL |
1203 | TL/02 Experimental Proxy Protocol support: allows a proxied SMTP connection |
1204 | to extract and use the src ip:port in logging and expansions as if it | |
8ded8589 TL |
1205 | were a direct connection from the outside internet. PPv2 support was |
1206 | updated based on HAProxy spec change in May 2014. | |
a3c86431 | 1207 | |
aa26e137 JH |
1208 | JH/02 Add ${listextract {number}{list}{success}{fail}}. |
1209 | ||
5a1b8443 WB |
1210 | TL/03 Bugzilla 1433: Fix DMARC SEGV with specific From header contents. |
1211 | Properly escape header and check for NULL return. | |
1212 | ||
72c9e342 PP |
1213 | PP/01 Continue incomplete 4.82 PP/19 by fixing docs too: use dns_dnssec_ok |
1214 | not dns_use_dnssec. | |
1215 | ||
76f44207 WB |
1216 | JH/03 Bugzilla 1157: support log_selector smtp_confirmation for lmtp. |
1217 | ||
770747fd MFM |
1218 | TL/04 Add verify = header_names_ascii check to reject email with non-ASCII |
1219 | characters in header names, implemented as a verify condition. | |
1220 | Contributed by Michael Fischer v. Mollard. | |
1221 | ||
8ddef691 | 1222 | TL/05 Rename SPF condition results err_perm and err_temp to standardized |
982650ec TL |
1223 | results permerror and temperror. Previous values are deprecated but |
1224 | still accepted. In a future release, err_perm and err_temp will be | |
1225 | completely removed, which will be a backward incompatibility if the | |
1226 | ACL tests for either of these two old results. Patch contributed by | |
8ddef691 | 1227 | user bes-internal on the mailing list. |
c0e56233 | 1228 | |
b9c2e32f AR |
1229 | JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau. |
1230 | ||
e45a1c37 JH |
1231 | JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log |
1232 | selectors, in both main and reject logs. | |
1233 | ||
67d81c10 JH |
1234 | JH/06 Log outbound-TLS and port details, subject to log selectors, for a |
1235 | failed delivery. | |
1236 | ||
b1f8e4f8 JH |
1237 | JH/07 Add malware type "sock" for talking to simple daemon. |
1238 | ||
511a6c14 | 1239 | JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport. |
511a6c14 JH |
1240 | |
1241 | JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in | |
1242 | routers/transports under cutthrough routing. | |
214042d2 | 1243 | |
51c7471d JH |
1244 | JH/10 Bugzilla 1005: ACL "condition =" should accept values which are negative |
1245 | numbers. Touch up "bool" conditional to keep the same definition. | |
1246 | ||
3695be34 TL |
1247 | TL/06 Remove duplicated language in spec file from 4.82 TL/16. |
1248 | ||
1e06383a TL |
1249 | JH/11 Add dnsdb tlsa lookup. From Todd Lyons. |
1250 | ||
76146973 JH |
1251 | JH/12 Expand items in router/transport headers_add or headers_remove lists |
1252 | individually rather than the list as a whole. Bug 1452. | |
1253 | ||
1254 | Required for reasonable handling of multiple headers_ options when | |
1255 | they may be empty; requires that headers_remove items with embedded | |
1256 | colons must have them doubled (or the list-separator changed). | |
1257 | ||
8c8b8274 TL |
1258 | TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly |
1259 | view the policy declared in the DMARC record. Currently, $dmarc_status | |
1260 | is a combined value of both the record presence and the result of the | |
1261 | analysis. | |
b1f8e4f8 | 1262 | |
35aba663 JH |
1263 | JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455. |
1264 | ||
8c51eead | 1265 | JH/14 New options dnssec_request_domains, dnssec_require_domains on the |
578897ea JH |
1266 | dnslookup router and the smtp transport (applying to the forward |
1267 | lookup). | |
8c51eead | 1268 | |
deae092e HS |
1269 | TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list |
1270 | of ldap servers used for a specific lookup. Patch provided by Heiko | |
1271 | Schlichting. | |
35aba663 | 1272 | |
fd3b6a4a | 1273 | JH/18 New options dnssec_lax, dnssec_strict on dnsdb lookups. |
4e0983dc | 1274 | New variable $lookup_dnssec_authenticated for observability. |
fd3b6a4a | 1275 | |
8d91c6dc LT |
1276 | TL/09 Bugzilla 609: Add -C option to exiqgrep, specify which exim.conf to use. |
1277 | Patch submitted by Lars Timman. | |
1278 | ||
2b4a568d JH |
1279 | JH/19 EXPERIMENTAL_OCSP support under GnuTLS. Bug 1459. |
1280 | ||
d2af03f4 HS |
1281 | TL/10 Bugzilla 1454: New -oMm option to pass message reference to Exim. |
1282 | Requires trusted mode and valid format message id, aborts otherwise. | |
1283 | Patch contributed by Heiko Schlichting. | |
1284 | ||
9d1c15ef JH |
1285 | JH/20 New expansion variables tls_(in,out)_(our,peer)cert, and expansion item |
1286 | certextract with support for various fields. Bug 1358. | |
1287 | ||
44662487 JH |
1288 | JH/21 Observability of OCSP via variables tls_(in,out)_ocsp. Stapling |
1289 | is requested by default, modifiable by smtp transport option | |
6a8a60e0 JH |
1290 | hosts_request_ocsp. |
1291 | ||
ed3bba5f | 1292 | JH/22 Expansion operators ${md5:string} and ${sha1:string} can now |
6a8a60e0 | 1293 | operate on certificate variables to give certificate fingerprints |
9ef9101c | 1294 | Also new ${sha256:cert_variable}. |
44662487 | 1295 | |
8ccd00b1 JH |
1296 | JH/23 The PRDR feature is moved from being Experimental into the mainline. |
1297 | ||
8ded8589 TL |
1298 | TL/11 Bug 1119: fix memory allocation in string_printing2(). Patch from |
1299 | Christian Aistleitner. | |
1300 | ||
f2de3a33 JH |
1301 | JH/24 The OCSP stapling feature is moved from Experimental into the mainline. |
1302 | ||
6eb02f88 TL |
1303 | TL/12 Bug 1444: Fix improper \r\n sequence handling when writing spool |
1304 | file. Patch from Wolfgang Breyha. | |
1305 | ||
00bff6f6 JH |
1306 | JH/25 Expand the coverage of the delivery $host and $host_address to |
1307 | client authenticators run in verify callout. Bug 1476. | |
1308 | ||
071c51f7 JH |
1309 | JH/26 Port service names are now accepted for tls_on_connect_ports, to |
1310 | align with daemon_smtp_ports. Bug 72. | |
1311 | ||
a6d4c44e TF |
1312 | TF/03 Fix udpsend. The ip_connectedsocket() function's socket type |
1313 | support and error reporting did not work properly. | |
1314 | ||
3ae173e7 ACK |
1315 | TL/13 Bug 1495: Exiqgrep check if -C config file specified on cli exists |
1316 | and is readable. Patch from Andrew Colin Kissa. | |
1317 | ||
c13d09b8 TL |
1318 | TL/14 Enhance documentation of ${run expansion and how it parses the |
1319 | commandline after expansion, particularly in the case when an | |
1320 | unquoted variable expansion results in an empty value. | |
1321 | ||
0df4ab80 JH |
1322 | JH/27 The TLS SNI feature was broken in 4.82. Fix it. |
1323 | ||
66be95e0 PP |
1324 | PP/02 Fix internal collision of T_APL on systems which support RFC3123 |
1325 | by renaming away from it. Addresses GH issue 15, reported by | |
1326 | Jasper Wallace. | |
1327 | ||
1bd0d12b JH |
1328 | JH/28 Fix parsing of MIME headers for parameters with quoted semicolons. |
1329 | ||
0de7239e TL |
1330 | TL/15 SECURITY: prevent double expansion in math comparison functions |
1331 | (can expand unsanitized data). Not remotely exploitable. | |
1332 | CVE-2014-2972 | |
1333 | ||
fd3b6a4a | 1334 | |
2c422e6f | 1335 | Exim version 4.82 |
98a90c36 PP |
1336 | ----------------- |
1337 | ||
1338 | PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities. | |
1339 | ||
12f69989 PP |
1340 | PP/02 Make -n do something, by making it not do something. |
1341 | When combined with -bP, the name of an option is not output. | |
1342 | ||
54c90be1 PP |
1343 | PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured |
1344 | by GnuTLS. | |
1345 | ||
1f4a55da PP |
1346 | PP/04 First step towards DNSSEC, provide $sender_host_dnssec for |
1347 | $sender_host_name and config options to manage this, and basic check | |
1348 | routines. | |
1349 | ||
13363eba | 1350 | PP/05 DSCP support for outbound connections and control modifier for inbound. |
36a3ae5f | 1351 | |
66645890 | 1352 | PP/06 Cyrus SASL: set local and remote IP;port properties for driver. |
e402235f PP |
1353 | (Only plugin which currently uses this is kerberos4, which nobody should |
1354 | be using, but we should make it available and other future plugins might | |
1355 | conceivably use it, even though it would break NAT; stuff *should* be | |
1356 | using channel bindings instead). | |
66645890 | 1357 | |
a3fb9793 | 1358 | PP/07 Handle "exim -L <tag>" to indicate to use syslog with tag as the process |
f4ee74ac PP |
1359 | name; added for Sendmail compatibility; requires admin caller. |
1360 | Handle -G as equivalent to "control = suppress_local_fixups" (we used to | |
1361 | just ignore it); requires trusted caller. | |
a3fb9793 | 1362 | Also parse but ignore: -Ac -Am -X<logfile> |
f4ee74ac | 1363 | Bugzilla 1117. |
a3fb9793 | 1364 | |
d27f98fe | 1365 | TL/01 Bugzilla 1258 - Refactor MAIL FROM optional args processing. |
98a90c36 | 1366 | |
6822b909 TL |
1367 | TL/02 Add +smtp_confirmation as a default logging option. |
1368 | ||
e7568d51 TL |
1369 | TL/03 Bugzilla 198 - Implement remove_header ACL modifier. |
1370 | Patch by Magnus Holmgren from 2007-02-20. | |
1371 | ||
ae0e32ee | 1372 | TL/04 Bugzilla 1281 - Spec typo. |
ca0ff207 | 1373 | Bugzilla 1283 - Spec typo. |
97f42f10 | 1374 | Bugzilla 1290 - Spec grammar fixes. |
ca0ff207 TL |
1375 | |
1376 | TL/05 Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation. | |
ae0e32ee | 1377 | |
e2658fff TL |
1378 | TL/06 Add Experimental DMARC support using libopendmarc libraries. |
1379 | ||
83712b39 TL |
1380 | TL/07 Fix an out of order global option causing a segfault. Reported to dev |
1381 | mailing list by by Dmitry Isaikin. | |
1382 | ||
976b7e9f JH |
1383 | JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support. |
1384 | ||
be4a1376 JH |
1385 | JH/02 Support "G" suffix to numbers in ${if comparisons. |
1386 | ||
ec4b68e5 PP |
1387 | PP/08 Handle smtp transport tls_sni option forced-fail for OpenSSL. |
1388 | ||
d7148a07 NM |
1389 | NM/01 Bugzilla 1197 - Spec typo |
1390 | Bugzilla 1196 - Spec examples corrections | |
ec4b68e5 | 1391 | |
585121e2 | 1392 | JH/03 Add expansion operators ${listnamed:name} and ${listcount:string} |
ec4b68e5 | 1393 | |
2519e60d TL |
1394 | PP/09 Add gnutls_allow_auto_pkcs11 option (was originally called |
1395 | gnutls_enable_pkcs11, but renamed to more accurately indicate its | |
1396 | function. | |
a5f239e4 | 1397 | |
13d08c90 PP |
1398 | PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC. |
1399 | Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler. | |
1400 | ||
bef3ea7f JH |
1401 | JH/04 Add expansion item ${acl {name}{arg}...}, expansion condition |
1402 | "acl {{name}{arg}...}", and optional args on acl condition | |
1403 | "acl = name arg..." | |
a5f239e4 | 1404 | |
846726c5 JH |
1405 | JH/05 Permit multiple router/transport headers_add/remove lines. |
1406 | ||
3a796370 JH |
1407 | JH/06 Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination. |
1408 | ||
ea722490 | 1409 | JH/07 Avoid using a waiting database for a single-message-only transport. |
8b260705 PP |
1410 | Performance patch from Paul Fisher. Bugzilla 1262. |
1411 | ||
b1b05573 JH |
1412 | JH/08 Strip leading/trailing newlines from add_header ACL modifier data. |
1413 | Bugzilla 884. | |
1414 | ||
362145b5 JH |
1415 | JH/09 Add $headers_added variable, with content from use of ACL modifier |
1416 | add_header (but not yet added to the message). Bugzilla 199. | |
1417 | ||
3c0a92dc JH |
1418 | JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line. |
1419 | Pulled from Bugzilla 817 by Wolfgang Breyha. | |
1420 | ||
6d7c6175 PP |
1421 | PP/11 SECURITY: protect DKIM DNS decoding from remote exploit. |
1422 | CVE-2012-5671 | |
e78e6ecf | 1423 | (nb: this is the same fix as in Exim 4.80.1) |
6d7c6175 | 1424 | |
6f123593 JH |
1425 | JH/11 Add A= logging on delivery lines, and a client_set_id option on |
1426 | authenticators. | |
1427 | ||
c8e2fc1e JH |
1428 | JH/12 Add optional authenticated_sender logging to A= and a log_selector |
1429 | for control. | |
1430 | ||
005ac57f PP |
1431 | PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29. |
1432 | ||
3f1df0e3 PP |
1433 | PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not |
1434 | advertise SMTP AUTH mechanism to us, instead of a generic | |
1435 | protocol violation error. Also, make Exim more robust to bad | |
1436 | data from the Dovecot auth socket. | |
1437 | ||
67bd1ab3 TF |
1438 | TF/01 Fix ultimate retry timeouts for intermittently deliverable recipients. |
1439 | ||
1440 | When a queue runner is handling a message, Exim first routes the | |
1441 | recipient addresses, during which it prunes them based on the retry | |
1442 | hints database. After that it attempts to deliver the message to | |
1443 | any remaining recipients. It then updates the hints database using | |
1444 | the retry rules. | |
1445 | ||
1446 | So if a recipient address works intermittently, it can get repeatedly | |
1447 | deferred at routing time. The retry hints record remains fresh so the | |
1448 | address never reaches the final cutoff time. | |
1449 | ||
1450 | This is a fairly common occurrence when a user is bumping up against | |
1451 | their storage quota. Exim had some logic in its local delivery code | |
1452 | to deal with this. However it did not apply to per-recipient defers | |
1453 | in remote deliveries, e.g. over LMTP to a separate IMAP message store. | |
1454 | ||
1ddeb334 TF |
1455 | This change adds a proper retry rule check during routing so that the |
1456 | final cutoff time is checked against the message's age. We only do | |
1457 | this check if there is an address retry record and there is not a | |
1458 | domain retry record; this implies that previous attempts to handle | |
1459 | the address had the retry_use_local_parts option turned on. We use | |
1460 | this as an approximation for the destination being like a local | |
1461 | delivery, as in LMTP. | |
67bd1ab3 TF |
1462 | |
1463 | I suspect this new check makes the old local delivery cutoff check | |
1464 | redundant, but I have not verified this so I left the code in place. | |
1465 | ||
326cdc37 TF |
1466 | TF/02 Correct gecos expansion when From: is a prefix of the username. |
1467 | ||
1468 | Test 0254 submits a message to Exim with the header | |
1469 | ||
1470 | Resent-From: f | |
1471 | ||
1472 | When I ran the test suite under the user fanf2, Exim expanded | |
1473 | the header to contain my full name, whereas it should have added | |
1474 | a Resent-Sender: header. It erroneously treats any prefix of the | |
1475 | username as equal to the username. | |
1476 | ||
1477 | This change corrects that bug. | |
1478 | ||
f62514b3 GF |
1479 | GF/01 DCC debug and logging tidyup |
1480 | Error conditions log to paniclog rather than rejectlog. | |
1481 | Debug lines prefixed by "DCC: " to remove any ambiguity. | |
1482 | ||
eb505532 TF |
1483 | TF/03 Avoid unnecessary rebuilds of lookup-related code. |
1484 | ||
14c7b357 PP |
1485 | PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server. |
1486 | Bug spotted by Jeremy Harris; was flawed since initial commit. | |
1487 | Would have resulted in OCSP responses post-SNI triggering an Exim | |
1488 | NULL dereference and crash. | |
1489 | ||
94eaf700 PP |
1490 | JH/13 Add $router_name and $transport_name variables. Bugzilla 308. |
1491 | ||
6f5a440a PP |
1492 | PP/15 Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd. |
1493 | Bug detection, analysis and fix by Samuel Thibault. | |
1494 | Bugzilla 1331, Debian bug #698092. | |
1495 | ||
514ee161 SC |
1496 | SC/01 Update eximstats to watch out for senders sending 'HELO [IpAddr]' |
1497 | ||
fd98a5c6 JH |
1498 | JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt). |
1499 | Server implementation by Todd Lyons, client by JH. | |
1500 | Only enabled when compiled with EXPERIMENTAL_PRDR. A new | |
1501 | config variable "prdr_enable" controls whether the server | |
1502 | advertises the facility. If the client requests PRDR a new | |
1503 | acl_data_smtp_prdr ACL is called once for each recipient, after | |
1504 | the body content is received and before the acl_smtp_data ACL. | |
4c04137d | 1505 | The client is controlled by both of: a hosts_try_prdr option |
fd98a5c6 JH |
1506 | on the smtp transport, and the server advertisement. |
1507 | Default client logging of deliveries and rejections involving | |
1508 | PRDR are flagged with the string "PRDR". | |
1509 | ||
035c7f1e PP |
1510 | PP/16 Fix problems caused by timeouts during quit ACLs trying to double |
1511 | fclose(). Diagnosis by Todd Lyons. | |
1512 | ||
ff284120 PP |
1513 | PP/17 Update configure.default to handle IPv6 localhost better. |
1514 | Patch by Alain Williams (plus minor tweaks). | |
1515 | Bugzilla 880. | |
1516 | ||
26e72755 PP |
1517 | PP/18 OpenSSL made graceful with empty tls_verify_certificates setting. |
1518 | This is now consistent with GnuTLS, and is now documented: the | |
1519 | previous undocumented portable approach to treating the option as | |
1520 | unset was to force an expansion failure. That still works, and | |
1521 | an empty string is now equivalent. | |
1522 | ||
0fbd9bff PP |
1523 | PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it |
1524 | clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag, | |
1525 | not performing validation itself. | |
1526 | ||
700d22f3 PP |
1527 | PP/20 Added force_command boolean option to pipe transport. |
1528 | Patch from Nick Koston, of cPanel Inc. | |
1529 | ||
fcc8e047 JH |
1530 | JH/15 AUTH support on callouts (and hence cutthrough-deliveries). |
1531 | Bugzilla 321, 823. | |
1532 | ||
4c04137d | 1533 | TF/04 Added udpsend ACL modifier and hexquote expansion operator |
7142daca | 1534 | |
8c020188 PP |
1535 | PP/21 Fix eximon continuous updating with timestamped log-files. |
1536 | Broken in a format-string cleanup in 4.80, missed when I repaired the | |
1537 | other false fix of the same issue. | |
1538 | Report and fix from Heiko Schlichting. | |
1539 | Bugzilla 1363. | |
1540 | ||
d13cdd30 PP |
1541 | PP/22 Guard LDAP TLS usage against Solaris LDAP variant. |
1542 | Report from Prashanth Katuri. | |
1543 | ||
e2fbf4a2 PP |
1544 | PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options. |
1545 | It's SecureTransport, so affects any MacOS clients which use the | |
1546 | system-integrated TLS libraries, including email clients. | |
1547 | ||
f4c1088b PP |
1548 | PP/24 Fix segfault from trying to fprintf() to a NULL stdio FILE* if |
1549 | using a MIME ACL for non-SMTP local injection. | |
1550 | Report and assistance in diagnosis by Warren Baker. | |
1551 | ||
c5c2182f PP |
1552 | TL/08 Adjust exiqgrep to be case-insensitive for sender/receiver. |
1553 | ||
73431ca9 JH |
1554 | JH/16 Fix comparisons for 64b. Bugzilla 1385. |
1555 | ||
2d07a215 TL |
1556 | TL/09 Add expansion variable $authenticated_fail_id to keep track of |
1557 | last id that failed so it may be referenced in subsequent ACL's. | |
1558 | ||
a30a8861 TL |
1559 | TL/10 Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by |
1560 | Alexander Miroch. | |
1561 | ||
33382dd9 TL |
1562 | TL/11 Bugzilla 1382 - Option ldap_require_cert overrides start_tls |
1563 | ldap library initialization, allowing self-signed CA's to be | |
1564 | used. Also properly sets require_cert option later in code by | |
1565 | using NULL (global ldap config) instead of ldap handle (per | |
1566 | session). Bug diagnosis and testing by alxgomz. | |
6d7c6175 | 1567 | |
046172e6 TL |
1568 | TL/12 Enhanced documentation in the ratelimit.pl script provided in |
1569 | the src/util/ subdirectory. | |
1570 | ||
581d7bee | 1571 | TL/13 Bug 1031 - Imported transport SQL logging patch from Axel Rau |
1a7b746d | 1572 | renamed to Transport Post Delivery Action by Jeremy Harris, as |
9bdd29ad TL |
1573 | EXPERIMENTAL_TPDA. |
1574 | ||
1575 | TL/14 Bugzilla 1217 - Redis lookup support has been added. It is only enabled | |
1576 | when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable | |
1577 | redis_servers = needs to be configured which will be used by the redis | |
1578 | lookup. Patch from Warren Baker, of The Packet Hub. | |
1579 | ||
237b2cf2 TL |
1580 | TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard Hall. |
1581 | ||
9fc5a352 TL |
1582 | TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors looking up a |
1583 | hostname or reverse DNS when processing a host list. Used suggestions | |
1584 | from multiple comments on this bug. | |
1a7b746d | 1585 | |
b10e4ec2 TL |
1586 | TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey. |
1587 | ||
e2cebd74 TL |
1588 | TL/18 Had previously added a -CONTINUE option to runtest in the test suite. |
1589 | Missed a few lines, added it to make the runtest require no keyboard | |
1590 | interaction. | |
1591 | ||
1592 | TL/19 Bugzilla 1402 - Test 533 fails if any part of the path to the test suite | |
1593 | contains upper case chars. Make router use caseful_local_part. | |
1594 | ||
2519e60d TL |
1595 | TL/20 Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS |
1596 | support when GnuTLS has been built with p11-kit. | |
1597 | ||
e78e6ecf | 1598 | |
4263f395 PP |
1599 | Exim version 4.80.1 |
1600 | ------------------- | |
1601 | ||
1602 | PP/01 SECURITY: protect DKIM DNS decoding from remote exploit. | |
1603 | CVE-2012-5671 | |
2c422e6f | 1604 | This, or similar/improved, will also be change PP/11 of 4.82. |
3c0a92dc | 1605 | |
ea722490 | 1606 | |
b1770b6e | 1607 | Exim version 4.80 |
0599f9cf PP |
1608 | ----------------- |
1609 | ||
1610 | PP/01 Handle short writes when writing local log-files. | |
1611 | In practice, only affects FreeBSD (8 onwards). | |
1612 | Bugzilla 1053, with thanks to Dmitry Isaikin. | |
1613 | ||
23c7e742 NM |
1614 | NM/01 Bugzilla 949 - Documentation tweak |
1615 | ||
b322aac8 NM |
1616 | NM/02 Bugzilla 1093 - eximstats DATA reject detection regexps |
1617 | improved. | |
1618 | ||
4a891427 NM |
1619 | NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs. |
1620 | ||
c1e794ba | 1621 | PP/02 Implemented gsasl authenticator. |
b322aac8 | 1622 | |
97753960 PP |
1623 | PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option. |
1624 | ||
1625 | PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use | |
1626 | `pkg-config foo` for cflags/libs. | |
1627 | ||
df6303fa PP |
1628 | PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent |
1629 | with rest of GSASL and with heimdal_gssapi. | |
1630 | ||
7e6a8985 PP |
1631 | PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use |
1632 | `pkg-config foo` for cflags/libs for the TLS implementation. | |
1633 | ||
f1e05cc7 | 1634 | PP/07 New expansion variable $tls_bits; Cyrus SASL server connection |
20aa9dbd PP |
1635 | properties get this fed in as external SSF. A number of robustness |
1636 | and debugging improvements to the cyrus_sasl authenticator. | |
b322aac8 | 1637 | |
4c287009 PP |
1638 | PP/08 cyrus_sasl server now expands the server_realm option. |
1639 | ||
b98bb9ac PP |
1640 | PP/09 Bugzilla 1214 - Log authentication information in reject log. |
1641 | Patch by Jeremy Harris. | |
1642 | ||
4a6a987a PP |
1643 | PP/10 Added dbmjz lookup type. |
1644 | ||
c45dd180 | 1645 | PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid. |
c7955b11 | 1646 | |
7db8d074 PP |
1647 | PP/12 MAIL args handles TAB as well as SP, for better interop with |
1648 | non-compliant senders. | |
1649 | Analysis and variant patch by Todd Lyons. | |
1650 | ||
eae0036b | 1651 | NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated |
cfab9d68 | 1652 | Bug report from Lars Müller <lars@samba.org> (via SUSE), |
e0df1c83 DM |
1653 | Patch from Dirk Mueller <dmueller@suse.com> |
1654 | ||
dec5017e PP |
1655 | PP/13 tls_peerdn now print-escaped for spool files. |
1656 | Observed some $tls_peerdn in wild which contained \n, which resulted | |
1657 | in spool file corruption. | |
1658 | ||
c80c5570 PP |
1659 | PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options" |
1660 | values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read | |
1661 | or write after TLS renegotiation, which otherwise led to messages | |
1662 | "Got SSL error 2". | |
1663 | ||
076b11e2 PP |
1664 | TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted |
1665 | as a tracking header (ie: a signed header comes before the signature). | |
1666 | Patch from Wolfgang Breyha. | |
1667 | ||
5407bfff JH |
1668 | JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a |
1669 | comma-sep list; embedded commas doubled. | |
1670 | ||
9e45c72b PP |
1671 | JH/02 Refactored ACL "verify =" logic to table-driven dispatch. |
1672 | ||
e74376d8 PP |
1673 | PP/15 LDAP: Check for errors of TLS initialisation, to give correct |
1674 | diagnostics. | |
1675 | Report and patch from Dmitry Banschikov. | |
1676 | ||
4c04137d | 1677 | PP/16 Removed "dont_insert_empty_fragments" from "openssl_options". |
da3ad30d PP |
1678 | Removed SSL_clear() after SSL_new() which led to protocol negotiation |
1679 | failures. We appear to now support TLS1.1+ with Exim. | |
1680 | ||
7be682ca PP |
1681 | PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate |
1682 | lets Exim select keys and certificates based upon TLS SNI from client. | |
3f0945ff PP |
1683 | Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly |
1684 | before an outbound SMTP session. New log_selector, +tls_sni. | |
7be682ca | 1685 | |
ef840681 PP |
1686 | PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid |
1687 | NULL dereference. Report and patch from Alun Jones. | |
1688 | ||
5bfb4cdf PP |
1689 | PP/19 DNS resolver init changes for NetBSD compatibility. (Risk of breakage |
1690 | on less well tested platforms). Obviates NetBSD pkgsrc patch-ac. | |
1691 | Not seeing resolver debug output on NetBSD, but suspect this is a | |
1692 | resolver implementation change. | |
1693 | ||
c6e95d22 PP |
1694 | PP/20 Revert part of NM/04, it broke log_path containing %D expansions. |
1695 | Left warnings. Added "eximon gdb" invocation mode. | |
1696 | ||
9cbad13b PP |
1697 | PP/21 Defaulting "accept_8bitmime" to true, not false. |
1698 | ||
9ee44efb PP |
1699 | PP/22 Added -bw for inetd wait mode support. |
1700 | ||
6a6084f8 PP |
1701 | PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to |
1702 | locate the relevant includes and libraries. Made this the default. | |
1703 | ||
12dd53c7 PP |
1704 | PP/24 Fixed headers_only on smtp transports (was not sending trailing dot). |
1705 | Bugzilla 1246, report and most of solution from Tomasz Kusy. | |
1706 | ||
9e45c72b | 1707 | JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m"). |
97d17305 JH |
1708 | This may cause build issues on older platforms. |
1709 | ||
17c76198 PP |
1710 | PP/25 Revamped GnuTLS support, passing tls_require_ciphers to |
1711 | gnutls_priority_init, ignoring Exim options gnutls_require_kx, | |
1712 | gnutls_require_mac & gnutls_require_protocols (no longer supported). | |
1713 | Added SNI support via GnuTLS too. | |
af3498d6 | 1714 | Made ${randint:..} supplier available, if using not-too-old GnuTLS. |
17c76198 | 1715 | |
53947857 | 1716 | PP/26 Added EXPERIMENTAL_OCSP for OpenSSL. |
3f7eeb86 | 1717 | |
eae0036b | 1718 | PP/27 Applied dnsdb SPF support patch from Janne Snabb. |
8ee4b30e PP |
1719 | Applied second patch from Janne, implementing suggestion to default |
1720 | multiple-strings-in-record handling to match SPF spec. | |
eae0036b | 1721 | |
9e45c72b | 1722 | JH/04 Added expansion variable $tod_epoch_l for a higher-precision time. |
2605c55b | 1723 | |
7390e768 PP |
1724 | PP/28 Fix DCC dcc_header content corruption (stack memory referenced, |
1725 | read-only, out of scope). | |
1726 | Patch from Wolfgang Breyha, report from Stuart Northfield. | |
1727 | ||
08488c86 PP |
1728 | PP/29 Fix three issues highlighted by clang analyser static analysis. |
1729 | Only crash-plausible issue would require the Cambridge-specific | |
1730 | iplookup router and a misconfiguration. | |
1731 | Report from Marcin Mirosław. | |
1732 | ||
6475bd82 PP |
1733 | PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy. |
1734 | ||
81f91683 PP |
1735 | PP/31 %D in printf continues to cause issues (-Wformat=security), so for |
1736 | now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS. | |
1737 | As part of this, removing so much warning spew let me fix some minor | |
1738 | real issues in debug logging. | |
1739 | ||
5779e6aa PP |
1740 | PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing |
1741 | assignment on my part. Fixed. | |
1742 | ||
3375e053 PP |
1743 | PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit |
1744 | of NSS, for GnuTLS/NSS interop. Problem root cause diagnosis by | |
1745 | Janne Snabb (who went above and beyond: thank you). | |
1746 | ||
1747 | PP/34 Validate tls_require_ciphers on startup, since debugging an invalid | |
1748 | string otherwise requires a connection and a bunch more work and it's | |
78e0c7a3 PP |
1749 | relatively easy to get wrong. Should also expose TLS library linkage |
1750 | problems. | |
3375e053 | 1751 | |
9d26b8c0 PP |
1752 | PP/35 Pull in <features.h> on Linux, for some portability edge-cases of |
1753 | 64-bit ${eval} (JH/03). | |
1754 | ||
57eb9e91 | 1755 | PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of |
b87a6e0e PP |
1756 | GNU libc to support some of the 64-bit stuff, should not lead to |
1757 | conflicts. Defined before os.h is pulled in, so if a given platform | |
1758 | needs to override this, it can. | |
1759 | ||
16880d1a PP |
1760 | PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought |
1761 | protection layer was required, which is not implemented. | |
1762 | Bugzilla 1254, patch from Wolfgang Breyha. | |
1763 | ||
a799883d PP |
1764 | PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built |
1765 | into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make | |
1766 | tls_dhparam take prime identifiers. Also unbreak combination of | |
1767 | OpenSSL+DH_params+TLSSNI. | |
1768 | ||
3ecab157 | 1769 | PP/39 Disable SSLv2 by default in OpenSSL support. |
f0f5a555 | 1770 | |
0599f9cf | 1771 | |
867fcbf5 PP |
1772 | Exim version 4.77 |
1773 | ----------------- | |
1774 | ||
1775 | PP/01 Solaris build fix for Oracle's LDAP libraries. | |
1776 | Bugzilla 1109, patch from Stephen Usher. | |
1777 | ||
f1a29782 TF |
1778 | TF/01 HP/UX build fix: avoid arithmetic on a void pointer. |
1779 | ||
ab42bd23 TK |
1780 | TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o |
1781 | whitespace trailer | |
867fcbf5 | 1782 | |
0ca0cf52 TF |
1783 | TF/02 Fix a couple more cases where we did not log the error message |
1784 | when unlink() failed. See also change 4.74-TF/03. | |
1785 | ||
921b12ca TF |
1786 | TF/03 Make the exiwhat support code safe for signals. Previously Exim might |
1787 | lock up or crash if it happened to be inside a call to libc when it | |
1788 | got a SIGUSR1 from exiwhat. | |
1789 | ||
1790 | The SIGUSR1 handler appends the current process status to the process | |
1791 | log which is later printed by exiwhat. It used to use the general | |
1792 | purpose logging code to do this, but several functions it calls are | |
1793 | not safe for signals. | |
1794 | ||
1795 | The new output code in the SIGUSR1 handler is specific to the process | |
1796 | log, and simple enough that it's easy to inspect for signal safety. | |
1797 | Removing some special cases also simplifies the general logging code. | |
1798 | Removing the spurious timestamps from the process log simplifies | |
1799 | exiwhat. | |
1800 | ||
c99ce5c9 TF |
1801 | TF/04 Improved ratelimit ACL condition. |
1802 | ||
1803 | The /noupdate option has been deprecated in favour of /readonly which | |
1804 | has clearer semantics. The /leaky, /strict, and /readonly update modes | |
1805 | are mutually exclusive. The update mode is no longer included in the | |
1806 | database key; it just determines when the database is updated. (This | |
4c04137d | 1807 | means that when you upgrade Exim will forget old rate measurements.) |
c99ce5c9 TF |
1808 | |
1809 | Exim now checks that the per_* options are used with an update mode that | |
1810 | makes sense for the current ACL. For example, when Exim is processing a | |
1811 | message (e.g. acl_smtp_rcpt or acl_smtp_data, etc.) you can specify | |
1812 | per_mail/leaky or per_mail/strict; otherwise (e.g. in acl_smtp_helo) you | |
1813 | must specify per_mail/readonly. If you omit the update mode it defaults to | |
1814 | /leaky where that makes sense (as before) or /readonly where required. | |
1815 | ||
1816 | The /noupdate option is now undocumented but still supported for | |
1817 | backwards compatibility. It is equivalent to /readonly except that in | |
1818 | ACLs where /readonly is required you may specify /leaky/noupdate or | |
1819 | /strict/noupdate which are treated the same as /readonly. | |
1820 | ||
1821 | A useful new feature is the /count= option. This is a generalization | |
1822 | of the per_byte option, so that you can measure the throughput of other | |
1823 | aggregate values. For example, the per_byte option is now equivalent | |
1824 | to per_mail/count=${if >{0}{$message_size} {0} {$message_size} }. | |
1825 | ||
1826 | The per_rcpt option has been generalized using the /count= mechanism | |
1827 | (though it's more complicated than the per_byte equivalence). When it is | |
1828 | used in acl_smtp_rcpt, the per_rcpt option adds recipients to the | |
1829 | measured rate one at a time; if it is used later (e.g. in acl_smtp_data) | |
1830 | or in a non-SMTP ACL it adds all the recipients in one go. (The latter | |
1831 | /count=$recipients_count behaviour used to work only in non-SMTP ACLs.) | |
1832 | Note that using per_rcpt with a non-readonly update mode in more than | |
1833 | one ACL will cause the recipients to be double-counted. (The per_mail | |
1834 | and per_byte options don't have this problem.) | |
1835 | ||
1836 | The handling of very low rates has changed slightly. If the computed rate | |
1837 | is less than the event's count (usually one) then this event is the first | |
1838 | after a long gap. In this case the rate is set to the same as this event's | |
1839 | count, so that the first message of a spam run is counted properly. | |
1840 | ||
1841 | The major new feature is a mechanism for counting the rate of unique | |
1842 | events. The new per_addr option counts the number of different | |
1843 | recipients that someone has sent messages to in the last time period. It | |
1844 | behaves like per_rcpt if all the recipient addresses are different, but | |
1845 | duplicate recipient addresses do not increase the measured rate. Like | |
1846 | the /count= option this is a general mechanism, so the per_addr option | |
1847 | is equivalent to per_rcpt/unique=$local_part@$domain. You can, for | |
1848 | example, measure the rate that a client uses different sender addresses | |
1849 | with the options per_mail/unique=$sender_address. There are further | |
1850 | details in the main documentation. | |
1851 | ||
3634fc25 TF |
1852 | TF/05 Removed obsolete $Cambridge$ CVS revision strings. |
1853 | ||
792e8a19 TF |
1854 | TF/06 Removed a few PCRE remnants. |
1855 | ||
5901f0ab TF |
1856 | TF/07 Automatically extract Exim's version number from tags in the git |
1857 | repository when doing development or release builds. | |
1858 | ||
7f2a2a43 PP |
1859 | PP/02 Raise smtp_cmd_buffer_size to 16kB. |
1860 | Bugzilla 879. Patch from Paul Fisher. | |
e2ca7082 | 1861 | |
061b7ebd PP |
1862 | PP/03 Implement SSL-on-connect outbound with protocol=smtps on smtp transport. |
1863 | Heavily based on revision 40f9a89a from Simon Arlott's tree. | |
1864 | Bugzilla 97. | |
1865 | ||
e12f8c32 PP |
1866 | PP/04 Use .dylib instead of .so for dynamic library loading on MacOS. |
1867 | ||
9e949f00 | 1868 | PP/05 Variable $av_failed, true if the AV scanner deferred. |
7f2a2a43 PP |
1869 | Bugzilla 1078. Patch from John Horne. |
1870 | ||
1871 | PP/06 Stop make process more reliably on build failure. | |
1872 | Bugzilla 1087. Patch from Heiko Schlittermann. | |
9e949f00 | 1873 | |
555ae6af | 1874 | PP/07 Make maildir_use_size_file an _expandable_ boolean. |
ac53fcda PP |
1875 | Bugzilla 1089. Patch from Heiko Schlittermann. |
1876 | ||
1877 | PP/08 Handle ${run} returning more data than OS pipe buffer size. | |
1878 | Bugzilla 1131. Patch from Holger Weiß. | |
555ae6af | 1879 | |
6f7fe114 PP |
1880 | PP/09 Handle IPv6 addresses with SPF. |
1881 | Bugzilla 860. Patch from Wolfgang Breyha. | |
1882 | ||
c566dd90 PP |
1883 | PP/10 GnuTLS: support TLS 1.2 & 1.1. |
1884 | Bugzilla 1156. | |
89f897c3 PP |
1885 | Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler]. |
1886 | Bugzilla 1095. | |
c566dd90 | 1887 | |
d6cc7c78 | 1888 | PP/11 match_* no longer expand right-hand-side by default. |
39257585 PP |
1889 | New compile-time build option, EXPAND_LISTMATCH_RHS. |
1890 | New expansion conditions, "inlist", "inlisti". | |
1891 | ||
0d0e4455 PP |
1892 | PP/12 fix uninitialised greeting string from PP/03 (smtps client support). |
1893 | ||
3399bb60 | 1894 | PP/13 shell and compiler warnings fixes for RC1-RC4 changes. |
d690cbdc PP |
1895 | |
1896 | PP/14 fix log_write() format string regression from TF/03. | |
1897 | Bugzilla 1152. Patch from Dmitry Isaikin. | |
1898 | ||
0ca0cf52 | 1899 | |
10906672 PP |
1900 | Exim version 4.76 |
1901 | ----------------- | |
1902 | ||
1903 | PP/01 The new ldap_require_cert option would segfault if used. Fixed. | |
1904 | ||
754a0503 PP |
1905 | PP/02 Harmonised TLS library version reporting; only show if debugging. |
1906 | Layout now matches that introduced for other libraries in 4.74 PP/03. | |
1907 | ||
c0c7b2da PP |
1908 | PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1 |
1909 | ||
e97d1f08 PP |
1910 | PP/04 New "dns_use_edns0" global option. |
1911 | ||
084c1d8c PP |
1912 | PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid. |
1913 | Bugzilla 1098. | |
1914 | ||
4e7ee012 PP |
1915 | PP/06 Extra paranoia around buffer usage at the STARTTLS transition. |
1916 | nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316 | |
da80c2a8 | 1917 | |
c8d52a00 PP |
1918 | TK/01 Updated PolarSSL code to 0.14.2. |
1919 | Bugzilla 1097. Patch from Andreas Metzler. | |
1920 | ||
54e7ce4a PP |
1921 | PP/07 Catch divide-by-zero in ${eval:...}. |
1922 | Fixes bugzilla 1102. | |
1923 | ||
5ee6f336 PP |
1924 | PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed. |
1925 | Bugzilla 1104. | |
1926 | ||
c8d52a00 | 1927 | TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a |
6ea4a851 PP |
1928 | format-string attack -- SECURITY: remote arbitrary code execution. |
1929 | ||
1930 | TK/03 SECURITY - DKIM signature header parsing was double-expanded, second | |
1931 | time unintentionally subject to list matching rules, letting the header | |
1932 | cause arbitrary Exim lookups (of items which can occur in lists, *not* | |
1933 | arbitrary string expansion). This allowed for information disclosure. | |
1934 | ||
1935 | PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to | |
1936 | INT_MIN/-1 -- value coerced to INT_MAX. | |
c8d52a00 | 1937 | |
10906672 | 1938 | |
aa097c4c NM |
1939 | Exim version 4.75 |
1940 | ----------------- | |
1941 | ||
4c04137d | 1942 | NM/01 Workaround for PCRE version dependency in version reporting |
aa097c4c NM |
1943 | Bugzilla 1073 |
1944 | ||
7f3d9eff TF |
1945 | TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0. |
1946 | This fixes portability to compilers other than gcc, notably | |
1947 | Solaris CC and HP-UX CC. Fixes Bugzilla 1050. | |
1948 | ||
159f52d2 TF |
1949 | TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup |
1950 | makefiles for portability to HP-UX and POSIX correctness. | |
1951 | ||
0cc9542a PP |
1952 | PP/01 Permit LOOKUP_foo enabling on the make command-line. |
1953 | Also via indented variable definition in the Makefile. | |
1954 | (Debugging by Oliver Heesakkers). | |
1955 | ||
f7274286 PP |
1956 | PP/02 Restore caching of spamd results with expanded spamd_address. |
1957 | Patch from author of expandable spamd_address patch, Wolfgang Breyha. | |
1958 | ||
7b797365 PP |
1959 | PP/03 Build issue: lookups-Makefile now exports LC_ALL=C |
1960 | Improves build reliability. Fix from: Frank Elsner | |
1961 | ||
caacae52 NM |
1962 | NM/02 Fix wide character breakage in the rfc2047 coding |
1963 | Fixes bug 1064. Patch from Andrey N. Oktyabrski | |
1964 | ||
09dcaba9 NM |
1965 | NM/03 Allow underscore in dnslist lookups |
1966 | Fixes bug 1026. Patch from Graeme Fowler | |
1967 | ||
bc19a55b PP |
1968 | PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps). |
1969 | Code patches from Adam Ciarcinski of NetBSD. | |
caacae52 | 1970 | |
bd4c9759 NM |
1971 | NM/04 Fixed exiqgrep to cope with mailq missing size issue |
1972 | Fixes bug 943. | |
1973 | ||
b72aab72 PP |
1974 | PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which |
1975 | is logged, to avoid truncation. Patch from John Horne. | |
1976 | ||
2fe76745 PP |
1977 | PP/06 Bugzilla 1042: implement freeze_signal on pipe transports. |
1978 | Patch from Jakob Hirsch. | |
1979 | ||
76aa570c PP |
1980 | PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal |
1981 | SQL string expansion failure details. | |
1982 | Patch from Andrey Oktyabrski. | |
1983 | ||
f1e5fef5 PP |
1984 | PP/08 Bugzilla 486: implement %M datestamping in log filenames. |
1985 | Patch from Simon Arlott. | |
1986 | ||
4d805ee9 PP |
1987 | PP/09 New lookups functionality failed to compile on old gcc which rejects |
1988 | extern declarations in function scope. | |
1989 | Patch from Oliver Fleischmann | |
1990 | ||
cd59ab18 PP |
1991 | PP/10 Use sig_atomic_t for flags set from signal handlers. |
1992 | Check getgroups() return and improve debugging. | |
1993 | Fixed developed for diagnosis in bug 927 (which turned out to be | |
1994 | a kernel bug). | |
1995 | ||
332f5cf3 PP |
1996 | PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag. |
1997 | Patch from Mark Zealey. | |
1998 | ||
29cfeb94 PP |
1999 | PP/12 Bugzilla 1056: Improved spamd server selection. |
2000 | Patch from Mark Zealey. | |
2001 | ||
660242ad PP |
2002 | PP/13 Bugzilla 1086: Deal with maildir quota file races. |
2003 | Based on patch from Heiko Schlittermann. | |
2004 | ||
bc4bc4c5 PP |
2005 | PP/14 Bugzilla 1019: DKIM multiple signature generation fix. |
2006 | Patch from Uwe Doering, sign-off by Michael Haardt. | |
2007 | ||
2e64baa9 NM |
2008 | NM/05 Fix to spam.c to accommodate older gcc versions which dislike |
2009 | variable declaration deep within a block. Bug and patch from | |
2010 | Dennis Davis. | |
2011 | ||
4c04137d | 2012 | PP/15 lookups-Makefile IRIX compatibility coercion. |
bddd7526 | 2013 | |
6bac1a9a PP |
2014 | PP/16 Make DISABLE_DKIM build knob functional. |
2015 | ||
552193f0 NM |
2016 | NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler |
2017 | Patch by Simon Arlott | |
baeee2c1 | 2018 | |
1b587e48 TF |
2019 | TF/03 Fix valgrind.h portability to C89 compilers that do not support |
2020 | variable argument macros. Our copy now differs from upstream. | |
2021 | ||
aa097c4c | 2022 | |
8c07b69f TF |
2023 | Exim version 4.74 |
2024 | ----------------- | |
2025 | ||
2026 | TF/01 Failure to get a lock on a hints database can have serious | |
2027 | consequences so log it to the panic log. | |
2028 | ||
c0ea85ab TF |
2029 | TF/02 Log LMTP confirmation messages in the same way as SMTP, |
2030 | controlled using the smtp_confirmation log selector. | |
2031 | ||
0761d44e TF |
2032 | TF/03 Include the error message when we fail to unlink a spool file. |
2033 | ||
0a349494 PP |
2034 | DW/01 Bugzilla 139: Support dynamically loaded lookups as modules. |
2035 | With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux | |
2036 | for maintaining out-of-tree patches for some time. | |
2037 | ||
2038 | PP/01 Bugzilla 139: Documentation and portability issues. | |
2039 | Avoid GNU Makefile-isms, let Exim continue to build on BSD. | |
2040 | Handle per-OS dynamic-module compilation flags. | |
2041 | ||
fea24b2e PP |
2042 | PP/02 Let /dev/null have normal permissions. |
2043 | The 4.73 fixes were a little too stringent and complained about the | |
2044 | permissions on /dev/null. Exempt it from some checks. | |
2045 | Reported by Andreas M. Kirchwitz. | |
2046 | ||
6545de78 PP |
2047 | PP/03 Report version information for many libraries, including |
2048 | Exim version information for dynamically loaded libraries. Created | |
2049 | version.h, now support a version extension string for distributors | |
2050 | who patch heavily. Dynamic module ABI change. | |
2051 | ||
1670ef10 PP |
2052 | PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a |
2053 | privilege escalation vulnerability whereby the Exim run-time user | |
2054 | can cause root to append content of the attacker's choosing to | |
2055 | arbitrary files. | |
2056 | ||
c0886197 PP |
2057 | PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code. |
2058 | (Wolfgang Breyha) | |
2059 | ||
b7487bce PP |
2060 | PP/06 Bugzilla 1071: fix delivery logging with untrusted macros. |
2061 | If dropping privileges for untrusted macros, we disabled normal logging | |
2062 | on the basis that it would fail; for the Exim run-time user, this is not | |
2063 | the case, and it resulted in successful deliveries going unlogged. | |
2064 | Fixed. Reported by Andreas Metzler. | |
2065 | ||
8c07b69f | 2066 | |
97fd1e48 | 2067 | Exim version 4.73 |
ed7f7860 | 2068 | ----------------- |
97fd1e48 PP |
2069 | |
2070 | PP/01 Date: & Message-Id: revert to normally being appended to a message, | |
2071 | only prepend for the Resent-* case. Fixes regression introduced in | |
2072 | Exim 4.70 by NM/22 for Bugzilla 607. | |
2073 | ||
6901c596 PP |
2074 | PP/02 Include check_rfc2047_length in configure.default because we're seeing |
2075 | increasing numbers of administrators be bitten by this. | |
2076 | ||
a8c8d6b5 JJ |
2077 | JJ/01 Added DISABLE_DKIM and comment to src/EDITME |
2078 | ||
77bb000f PP |
2079 | PP/03 Bugzilla 994: added openssl_options main configuration option. |
2080 | ||
a29e5231 PP |
2081 | PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads. |
2082 | ||
ec5a0394 | 2083 | PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports. |
a29e5231 | 2084 | |
55c75993 PP |
2085 | PP/06 Adjust NTLM authentication to handle SASL Initial Response. |
2086 | ||
453a6645 | 2087 | PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but |
ec5a0394 PP |
2088 | without a peer certificate, leading to a segfault because of an |
2089 | assumption that peers always have certificates. Be a little more | |
453a6645 PP |
2090 | paranoid. Problem reported by Martin Tscholak. |
2091 | ||
8544e77a PP |
2092 | PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content |
2093 | filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes | |
2094 | NB: ClamAV planning to remove STREAM in "middle of 2010". | |
3346ab01 PP |
2095 | CL also introduces -bmalware, various -d+acl logging additions and |
2096 | more caution in buffer sizes. | |
8544e77a | 2097 | |
83e029d5 PP |
2098 | PP/09 Implemented reverse_ip expansion operator. |
2099 | ||
ed7f7860 PP |
2100 | PP/10 Bugzilla 937: provide a "debug" ACL control. |
2101 | ||
7d9f747b PP |
2102 | PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne. |
2103 | ||
4b2241d2 PP |
2104 | PP/12 Bugzilla 973: Implement --version. |
2105 | ||
10385c15 PP |
2106 | PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0. |
2107 | ||
dbc4b90d PP |
2108 | PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler. |
2109 | ||
532be449 PP |
2110 | PP/15 Bugzilla 816: support multiple condition rules on Routers. |
2111 | ||
6a8de854 | 2112 | PP/16 Add bool_lax{} expansion operator and use that for combining multiple |
71265ae9 PP |
2113 | condition rules, instead of bool{}. Make both bool{} and bool_lax{} |
2114 | ignore trailing whitespace. | |
6a8de854 | 2115 | |
5dc43717 JJ |
2116 | JJ/02 prevent non-panic DKIM error from being sent to paniclog |
2117 | ||
2118 | JJ/03 added tcp_wrappers_daemon_name to allow host entries other than | |
2119 | "exim" to be used | |
55c75993 | 2120 | |
3346ab01 PP |
2121 | PP/17 Fix malware regression for cmdline scanner introduced in PP/08. |
2122 | Notification from Dr Andrew Aitchison. | |
2123 | ||
491fab4c PP |
2124 | PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's |
2125 | ExtendedDetectionInfo response format. | |
2126 | Notification from John Horne. | |
2127 | ||
13eb9497 PP |
2128 | PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards |
2129 | compatible. | |
2130 | ||
2131 | PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http: | |
2132 | XSL and documented dependency on system catalogs, with examples of how | |
2133 | it normally works. | |
2134 | ||
7f36d675 DW |
2135 | DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store |
2136 | access. | |
2137 | ||
c1d94452 DW |
2138 | DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour |
2139 | of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a | |
2140 | configuration file which is writeable by the Exim user or group. | |
2141 | ||
e2f5dc15 DW |
2142 | DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability |
2143 | of configuration files to cover files specified with the -C option if | |
2144 | they are going to be used with root privileges, not just the default | |
2145 | configuration file. | |
2146 | ||
cd25e41d DW |
2147 | DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY |
2148 | option (effectively making it always true). | |
2149 | ||
261dc43e DW |
2150 | DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration |
2151 | files to be used while preserving root privileges. | |
2152 | ||
fa32850b DW |
2153 | DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure |
2154 | that rogue child processes cannot use them. | |
2155 | ||
79d4bc3d PP |
2156 | PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim |
2157 | run-time user, instead of root. | |
2158 | ||
43236f35 | 2159 | PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the |
2cfd3221 PP |
2160 | Exim run-time user without dropping privileges. |
2161 | ||
fb08281f DW |
2162 | DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the |
2163 | result string, instead of calling string_vformat() twice with the same | |
2164 | arguments. | |
3346ab01 | 2165 | |
74935b98 DW |
2166 | DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not |
2167 | for other users. Others should always drop root privileges if they use | |
2168 | -C on the command line, even for a whitelisted configure file. | |
2169 | ||
90b6341f DW |
2170 | DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes. |
2171 | ||
57730b52 ML |
2172 | NM/01 Fixed bug #1002 - Message loss when using multiple deliveries |
2173 | ||
66581d1e | 2174 | |
465e92cf JJ |
2175 | Exim version 4.72 |
2176 | ----------------- | |
2177 | ||
453a6645 PP |
2178 | JJ/01 installed exipick 20100104.1, adding $max_received_linelength, |
2179 | $data_path, and $header_path variables; fixed documentation bugs and | |
2180 | typos | |
465e92cf | 2181 | |
453a6645 PP |
2182 | JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow |
2183 | exipick to access non-standard spools, including the "frozen" queue | |
2184 | (Finput) | |
edae0343 | 2185 | |
9bd3e22c NM |
2186 | NM/01 Bugzilla 965: Support mysql stored procedures. |
2187 | Patch from Alain Williams | |
2188 | ||
bb576ff7 NM |
2189 | NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD |
2190 | ||
5a1a5845 NM |
2191 | NM/03 Bugzilla 955: Documentation fix for max_rcpts. |
2192 | Patch from Andreas Metzler | |
2193 | ||
981a9fad NM |
2194 | NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator. |
2195 | Patch from Kirill Miazine | |
2196 | ||
7fc497ee NM |
2197 | NM/05 Bugzilla 671: Added umask to procmail example. |
2198 | ||
1a41defa JJ |
2199 | JJ/03 installed exipick 20100323.0, fixing doc bug |
2200 | ||
a466095c | 2201 | NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail |
b26eacf1 | 2202 | directory. Notification and patch from Dan Rosenberg. |
a466095c | 2203 | |
94a6bd0b NM |
2204 | TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1. |
2205 | ||
2206 | TK/02 Improve log output when DKIM signing operation fails. | |
2207 | ||
2208 | MH/01 Treat the transport option dkim_domain as a colon separated | |
2209 | list, not as a single string, and sign the message with each element, | |
2210 | omitting multiple occurences of the same signer. | |
2211 | ||
c1b141a8 NM |
2212 | NM/07 Null terminate DKIM strings, Null initialise DKIM variable |
2213 | Bugzilla 985, 986. Patch by Simon Arlott | |
94a6bd0b | 2214 | |
b26eacf1 | 2215 | NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related) |
0d0c6357 NM |
2216 | Patch by Simon Arlott |
2217 | ||
179c5980 | 2218 | PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on |
b26eacf1 | 2219 | MBX locking. Notification from Dan Rosenberg. |
179c5980 | 2220 | |
9bd3e22c | 2221 | |
7c6d71af NM |
2222 | Exim version 4.71 |
2223 | ----------------- | |
2224 | ||
7d9f747b | 2225 | TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body. |
7c6d71af | 2226 | |
f013fb92 NM |
2227 | NM/01 Bugzilla 913: Documentation fix for gnutls_* options. |
2228 | ||
0eb8eedd NM |
2229 | NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults. |
2230 | ||
663ee6d9 NM |
2231 | NM/03 Bugzilla 847: Enable DNSDB lookup by default. |
2232 | ||
177ebd9b NM |
2233 | NM/04 Bugzilla 915: Flag broken perl installation during build. |
2234 | ||
7c6d71af | 2235 | |
210f147e NM |
2236 | Exim version 4.70 |
2237 | ----------------- | |
2238 | ||
cdd3bb85 | 2239 | TK/01 Added patch by Johannes Berg that expands the main option |
e739e3d9 | 2240 | "spamd_address" if it starts with a dollar sign. |
cdd3bb85 TK |
2241 | |
2242 | TK/02 Write list of recipients to X-Envelope-Sender header when building | |
2243 | the mbox-format spool file for content scanning (suggested by Jakob | |
7d9f747b | 2244 | Hirsch). |
cdd3bb85 TK |
2245 | |
2246 | TK/03 Added patch by Wolfgang Breyha that adds experimental DCC | |
2247 | (http://www.dcc-servers.net/) support via dccifd. Activated by | |
e739e3d9 | 2248 | setting EXPERIMENTAL_DCC=yes in Local/Makefile. |
cdd3bb85 TK |
2249 | |
2250 | TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted | |
2251 | by Mark Daniel Reidel <mr@df.eu>. | |
2252 | ||
210f147e NM |
2253 | NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree. |
2254 | When building exim an external PCRE library is now needed - | |
2255 | PCRE is a system library on the majority of modern systems. | |
2256 | See entry on PCRE_LIBS in EDITME file. | |
2257 | ||
deafd5b3 NM |
2258 | NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator |
2259 | conversation. Added nologin parameter to request. | |
7d9f747b | 2260 | Patch contributed by Kirill Miazine. |
deafd5b3 | 2261 | |
089793a4 TF |
2262 | TF/01 Do not log submission mode rewrites if they do not change the address. |
2263 | ||
5f16ca82 TF |
2264 | TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c. |
2265 | ||
dae9d94e | 2266 | NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty |
7d9f747b | 2267 | log files in place. Contributed by Roberto Lima. |
dae9d94e | 2268 | |
7d9f747b | 2269 | NM/04 Bugzilla 667: Close socket used by dovecot authenticator. |
3f0da4d0 | 2270 | |
06864c44 TF |
2271 | TF/03 Bugzilla 615: When checking the local_parts router precondition |
2272 | after a local_part_suffix or local_part_prefix option, Exim now | |
2273 | does not use the address's named list lookup cache, since this | |
2274 | contains cached lookups for the whole local part. | |
2275 | ||
65a7d8c3 | 2276 | NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by |
7d9f747b | 2277 | Robert Millan. Documentation is in experimental-spec.txt. |
65a7d8c3 | 2278 | |
23510047 | 2279 | TF/04 Bugzilla 668: Fix parallel build (make -j). |
65a7d8c3 | 2280 | |
7d9f747b | 2281 | NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000. |
5f28a6e8 | 2282 | |
7d8eec3a | 2283 | NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling. |
7d9f747b | 2284 | Patch provided by Jan Srzednicki. |
6c588e74 | 2285 | |
89dec7b6 TF |
2286 | TF/05 Leading white space used to be stripped from $spam_report which |
2287 | wrecked the formatting. Now it is preserved. | |
5f28a6e8 | 2288 | |
a99de90c TF |
2289 | TF/06 Save $spam_score, $spam_bar, and $spam_report in spool files, so |
2290 | that they are available at delivery time. | |
2291 | ||
e2803e40 TF |
2292 | TF/07 Fix the way ${extract is skipped in the untaken branch of a conditional. |
2293 | ||
7199e1ee TF |
2294 | TF/08 TLS error reporting now respects the incoming_interface and |
2295 | incoming_port log selectors. | |
2296 | ||
e276e04b TF |
2297 | TF/09 Produce a more useful error message if an SMTP transport's hosts |
2298 | setting expands to an empty string. | |
2299 | ||
ce552449 | 2300 | NM/06 Bugzilla 744: EXPN did not work under TLS. |
7d9f747b | 2301 | Patch provided by Phil Pennock. |
ce552449 | 2302 | |
e765a0f1 | 2303 | NM/07 Bugzilla 769: Extraneous comma in usage fprintf |
7d9f747b | 2304 | Patch provided by Richard Godbee. |
e765a0f1 | 2305 | |
4f054c63 | 2306 | NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be |
447de4b0 | 2307 | acl_smtp_notquit, added index entry. |
4f054c63 | 2308 | |
7d9f747b PP |
2309 | NM/09 Bugzilla 787: Potential buffer overflow in string_format. |
2310 | Patch provided by Eugene Bujak. | |
24c929a2 | 2311 | |
7d9f747b PP |
2312 | NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to |
2313 | accept(). Patch provided by Maxim Dounin. | |
cf73943b | 2314 | |
b52bc06e | 2315 | NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero. |
7d9f747b | 2316 | Patch provided by Phil Pennock. |
b52bc06e | 2317 | |
447de4b0 NM |
2318 | NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists. |
2319 | ||
4c69d561 | 2320 | NM/13 Bugzilla 590: Correct handling of Resent-Date headers. |
7d9f747b | 2321 | Patch provided by Brad "anomie" Jorsch. |
4c69d561 | 2322 | |
d5c39246 | 2323 | NM/14 Bugzilla 622: Added timeout setting to transport filter. |
7d9f747b | 2324 | Patch provided by Dean Brooks. |
9b989985 | 2325 | |
0b23848a TK |
2326 | TK/05 Add native DKIM support (does not depend on external libraries). |
2327 | ||
8f3414a1 | 2328 | NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful. |
7d9f747b | 2329 | Patch provided by Graeme Fowler. |
e2aacdfd | 2330 | |
fb6f955d NM |
2331 | NM/16 Bugzilla 851: Documentation example syntax fix. |
2332 | ||
2333 | NM/17 Changed NOTICE file to remove references to embedded PCRE. | |
8f3414a1 | 2334 | |
7d9f747b PP |
2335 | NM/18 Bugzilla 894: Fix issue with very long lines including comments in |
2336 | lsearch. | |
dbb0bf41 | 2337 | |
7d9f747b PP |
2338 | NM/19 Bugzilla 745: TLS version reporting. |
2339 | Patch provided by Phil Pennock. | |
f3766eb5 | 2340 | |
7d9f747b PP |
2341 | NM/20 Bugzilla 167: bool: condition support. |
2342 | Patch provided by Phil Pennock. | |
36f12725 | 2343 | |
7d9f747b PP |
2344 | NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken |
2345 | clients. Patch provided by Phil Pennock. | |
e6060e2c | 2346 | |
7d9f747b PP |
2347 | NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date. |
2348 | Patch provided by Brad "anomie" Jorsch. | |
5eb690a1 | 2349 | |
7d9f747b PP |
2350 | NM/23 Bugzilla 687: Fix misparses in eximstats. |
2351 | Patch provided by Heiko Schlittermann. | |
d5c13d66 | 2352 | |
7d9f747b PP |
2353 | NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid. |
2354 | Patch provided by Heiko Schlittermann. | |
b2335c0b | 2355 | |
7d9f747b | 2356 | NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file. |
1da77999 | 2357 | plus update to original patch. |
f4cd9433 | 2358 | |
7d9f747b | 2359 | NM/26 Bugzilla 799: Documentation correction for ratelimit. |
dc988b7e | 2360 | |
7d9f747b PP |
2361 | NM/27 Bugzilla 802: Improvements to local interface IP addr detection. |
2362 | Patch provided by David Brownlee. | |
8dc71ab3 | 2363 | |
7d9f747b | 2364 | NM/28 Bugzilla 807: Improvements to LMTP delivery logging. |
400eda43 | 2365 | |
7d9f747b | 2366 | NM/29 Bugzilla 862, 866, 875: Documentation bugfixes. |
ec5a421b | 2367 | |
7d9f747b | 2368 | NM/30 Bugzilla 888: TLS documentation bugfixes. |
07af267e | 2369 | |
7d9f747b | 2370 | NM/31 Bugzilla 896: Dovecot buffer overrun fix. |
51473862 | 2371 | |
17792b53 | 2372 | NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --" |
7d9f747b | 2373 | Unlike the original bugzilla I have changed all shell scripts in src tree. |
17792b53 | 2374 | |
7d9f747b PP |
2375 | NM/33 Bugzilla 898: Transport filter timeout fix. |
2376 | Patch by Todd Rinaldo. | |
52383f8f | 2377 | |
91576cec | 2378 | NM/34 Bugzilla 901: Fix sign/unsigned and UTF mismatches. |
7d9f747b | 2379 | Patch by Serge Demonchaux. |
5ca6d115 | 2380 | |
7d9f747b PP |
2381 | NM/35 Bugzilla 39: Base64 decode bug fixes. |
2382 | Patch by Jakob Hirsch. | |
baee9eee | 2383 | |
7d9f747b | 2384 | NM/36 Bugzilla 909: Correct connect() call in dcc code. |
e93a964c | 2385 | |
7d9f747b | 2386 | NM/37 Bugzilla 910: Correct issue with relaxed/simple handling. |
9bf3d68f | 2387 | |
7d9f747b | 2388 | NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed. |
96535b98 | 2389 | |
7d9f747b | 2390 | NM/39 Bugzilla 911: Fixed MakeLinks build script. |
30339e0f | 2391 | |
deafd5b3 | 2392 | |
47db1125 NM |
2393 | Exim version 4.69 |
2394 | ----------------- | |
2395 | ||
4b3504d0 TK |
2396 | TK/01 Add preliminary DKIM support. Currently requires a forked version of |
2397 | ALT-N's libdkim that I have put here: | |
2398 | http://duncanthrax.net/exim-experimental/ | |
2399 | ||
2400 | Note to Michael Haardt: I had to rename some vars in sieve.c. They | |
2401 | were called 'true' and it seems that C99 defines that as a reserved | |
2402 | keyword to be used with 'bool' variable types. That means you could | |
2403 | not include C99-style headers which use bools without triggering | |
2404 | build errors in sieve.c. | |
2405 | ||
81ea09ca NM |
2406 | NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked |
2407 | as mailq or other aliases. Changed the --help handling significantly | |
2408 | to do whats expected. exim_usage() emits usage/help information. | |
2409 | ||
f13cddcb SC |
2410 | SC/01 Added the -bylocaldomain option to eximstats. |
2411 | ||
7d9f747b | 2412 | NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr. |
8ad076b2 | 2413 | |
7d9f747b | 2414 | NM/03 Bugzilla 613: Documentation fix for acl_not_smtp. |
a843aaa6 | 2415 | |
7d9f747b | 2416 | NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall). |
47db1125 NM |
2417 | |
2418 | ||
eb4c0de6 PH |
2419 | Exim version 4.68 |
2420 | ----------------- | |
2421 | ||
2422 | PH/01 Another patch from the Sieve maintainer. | |
2423 | ||
6a3bceb1 PH |
2424 | PH/02 When an IPv6 address is converted to a string for single-key lookup |
2425 | in an address list (e.g. for an item such as "net24-dbm;/net/works"), | |
2426 | dots are used instead of colons so that keys in lsearch files need not | |
2427 | contain colons. This was done some time before quoting was made available | |
2428 | in lsearch files. However, iplsearch files do require colons in IPv6 keys | |
2429 | (notated using the quote facility) so as to distinguish them from IPv4 | |
2430 | keys. This meant that lookups for IP addresses in host lists did not work | |
2431 | for iplsearch lookups. | |
2432 | ||
2433 | This has been fixed by arranging for IPv6 addresses to be expressed with | |
2434 | colons if the lookup type is iplsearch. This is not incompatible, because | |
2435 | previously such lookups could never work. | |
2436 | ||
4c04137d | 2437 | The situation is now rather anomalous, since one *can* have colons in |
6a3bceb1 PH |
2438 | ordinary lsearch keys. However, making the change in all cases is |
2439 | incompatible and would probably break a number of configurations. | |
2440 | ||
2e30fa9d TK |
2441 | TK/01 Change PRVS address formatting scheme to reflect latests BATV draft |
2442 | version. | |
2443 | ||
0806a9c5 MH |
2444 | MH/01 The "spam" ACL condition code contained a sscanf() call with a %s |
2445 | conversion specification without a maximum field width, thereby enabling | |
2446 | a rogue spamd server to cause a buffer overflow. While nobody in their | |
2447 | right mind would setup Exim to query an untrusted spamd server, an | |
2448 | attacker that gains access to a server running spamd could potentially | |
2449 | exploit this vulnerability to run arbitrary code as the Exim user. | |
2450 | ||
ae276964 TK |
2451 | TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use |
2452 | $primary_hostname instead of what libspf2 thinks the hosts name is. | |
2453 | ||
0f2cbd1b MH |
2454 | MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for |
2455 | a directory entry by the name of the lookup key. Previously, if a | |
2456 | symlink pointed to a non-existing file or a file in a directory that | |
2457 | Exim lacked permissions to read, a lookup for a key matching that | |
2458 | symlink would fail. Now it is enough that a matching directory entry | |
2459 | exists, symlink or not. (Bugzilla 503.) | |
2460 | ||
2b85bce7 PH |
2461 | PH/03 The body_linecount and body_zerocount variables are now exported in the |
2462 | local_scan API. | |
2463 | ||
93655c46 PH |
2464 | PH/04 Added the $dnslist_matched variable. |
2465 | ||
6c512171 PH |
2466 | PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client. |
2467 | This means they are set thereafter only if the connection becomes | |
2468 | encrypted. | |
2469 | ||
2470 | PH/06 Added the client_condition to authenticators so that some can be skipped | |
2471 | by clients under certain conditions. | |
2472 | ||
aa6dc513 PH |
2473 | PH/07 The error message for a badly-placed control=no_multiline_responses left |
2474 | "_responses" off the end of the name. | |
2475 | ||
a96603a0 PH |
2476 | PH/08 Added -Mvc to output a copy of a message in RFC 2822 format. |
2477 | ||
8f240103 PH |
2478 | PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly |
2479 | (without spaces) instead of just copying the configuration text. | |
2480 | ||
2481 | PH/10 Added the /noupdate option to the ratelimit ACL condition. | |
2482 | ||
d677b2f2 PH |
2483 | PH/11 Added $max_received_linelength. |
2484 | ||
d52120f2 PH |
2485 | PH/12 Added +ignore_defer and +include_defer to host lists. |
2486 | ||
64f2600a PH |
2487 | PH/13 Installed PCRE version 7.2. This needed some changes because of the new |
2488 | way in which PCRE > 7.0 is built. | |
2489 | ||
8669f003 PH |
2490 | PH/14 Implemented queue_only_load_latch. |
2491 | ||
a4dc33a8 PH |
2492 | PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a |
2493 | MAIL command. The effect was to mangle the value on 64-bit systems. | |
2494 | ||
d6a60c0f PH |
2495 | PH/16 Another patch from the Sieve maintainer. |
2496 | ||
8f128379 PH |
2497 | PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper. |
2498 | ||
8932dffe PH |
2499 | PH/18 If a system quota error occurred while trying to create the file for |
2500 | a maildir delivery, the message "Mailbox is full" was not appended to the | |
2501 | bounce if the delivery eventually timed out. Change 4.67/27 below applied | |
2502 | only to a quota excession during the actual writing of the file. | |
d6a60c0f | 2503 | |
ddea74fa | 2504 | PH/19 It seems that peer DN values may contain newlines (and other non-printing |
48ed62d9 PH |
2505 | characters?) which causes problems in log lines. The DN values are now |
2506 | passed through string_printing() before being added to log lines. | |
2507 | ||
ddea74fa | 2508 | PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle |
b7670459 PH |
2509 | and InterBase are left for another time.) |
2510 | ||
ddea74fa PH |
2511 | PH/21 Added message_body_newlines option. |
2512 | ||
ce9f225c PH |
2513 | PH/22 Guard against possible overflow in moan_check_errorcopy(). |
2514 | ||
19897d52 PH |
2515 | PH/23 POSIX allows open() to be a macro; guard against that. |
2516 | ||
bc64a74d PH |
2517 | PH/24 If the recipient of an error message contained an @ in the local part |
2518 | (suitably quoted, of course), incorrect values were put in $domain and | |
2519 | $local_part during the evaluation of errors_copy. | |
2520 | ||
eb4c0de6 | 2521 | |
b4ed4da0 PH |
2522 | Exim version 4.67 |
2523 | ----------------- | |
2524 | ||
22ad45c9 MH |
2525 | MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address |
2526 | is unset (happens when testing with -bh and -oMi isn't used). Thanks to | |
2527 | Jan Srzednicki. | |
2528 | ||
b4ed4da0 PH |
2529 | PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not |
2530 | issue a MAIL command. | |
2531 | ||
431b7361 PH |
2532 | PH/02 In an ACL statement such as |
2533 | ||
2534 | deny dnslists = X!=127.0.0.2 : X=127.0.0.2 | |
2535 | ||
2536 | if a client was not listed at all, or was listed with a value other than | |
2537 | 127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list, | |
2538 | the condition was not true (as it should be), so access was not denied. | |
2539 | The bug was that the ! inversion was incorrectly passed on to the second | |
2540 | item. This has been fixed. | |
2541 | ||
2542 | PH/03 Added additional dnslists conditions == and =& which are different from | |
2543 | = and & when the dns lookup returns more than one IP address. | |
2544 | ||
83da1223 PH |
2545 | PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the |
2546 | cipher suites used by GnuTLS. These options are ignored by OpenSSL. | |
2547 | ||
54fc8428 PH |
2548 | PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_ |
2549 | FSYNC, which compiles an option called disable_fsync that allows for | |
2550 | bypassing fsync(). The documentation is heavily laced with warnings. | |
2551 | ||
34c5e8dd SC |
2552 | SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket. |
2553 | ||
bbe15da8 PH |
2554 | PH/06 Some tidies to the infrastructure of the Test Suite that is concerned |
2555 | with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT | |
2556 | to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile, | |
2557 | including adding "make clean"; (3) Added -fPIC when compiling the test | |
2558 | dynamically loaded module, to get rid of a warning. | |
2559 | ||
0e8a9471 MH |
2560 | MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce |
2561 | message fails, move_frozen_messages = true and ignore_bounce_errors_after | |
2562 | = 0s. The bug is otherwise harmless. | |
2563 | ||
f0872424 PH |
2564 | PH/07 There was a bug in the dovecot authenticator such that the value of |
2565 | $auth1 could be overwritten, and so not correctly preserved, after a | |
2566 | successful authentication. This usually meant that the value preserved by | |
2567 | the server_setid option was incorrect. | |
2568 | ||
b01dd148 PH |
2569 | PH/08 Added $smtp_count_at_connection_start, deliberately with a long name. |
2570 | ||
6bf342e1 PH |
2571 | PH/09 Installed PCRE release 7.0. |
2572 | ||
273f34d0 PH |
2573 | PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being |
2574 | run for batched SMTP input. It is now run at the start of every message | |
2575 | in the batch. While fixing this I discovered that the process information | |
2576 | (output by running exiwhat) was not always getting set for -bs and -bS | |
2577 | input. This is fixed, and it now also says "batched" for BSMTP. | |
2578 | ||
cf8b11a5 PH |
2579 | PH/11 Added control=no_pipelining. |
2580 | ||
41c7c167 PH |
2581 | PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's |
2582 | patch, slightly modified), and move the expansion of helo_data till after | |
2583 | the connection is made in the smtp transport (so it can use these | |
2584 | values). | |
2585 | ||
9c57cbc0 PH |
2586 | PH/13 Added ${rfc2047d: to decoded RFC 2047 strings. |
2587 | ||
f3f065bb PH |
2588 | PH/14 Added log_selector = +pid. |
2589 | ||
047bdd8c PH |
2590 | PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set. |
2591 | ||
0ce9abe6 PH |
2592 | PH/16 Add ${if forany and ${if forall. |
2593 | ||
0e22dfd1 PH |
2594 | PH/17 Added dsn_from option to vary the From: line in DSNs. |
2595 | ||
4c590bd1 PH |
2596 | PH/18 Flush SMTP output before performing a callout, unless control = |
2597 | no_callout_flush is set. | |
2598 | ||
09945f1e PH |
2599 | PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender |
2600 | was true (the default) a successful delivery failed to delete the retry | |
2601 | item, thus causing premature timeout of the address. The bug is now | |
2602 | fixed. | |
2603 | ||
c51b8e75 PH |
2604 | PH/20 Added hosts_avoid_pipelining to the smtp transport. |
2605 | ||
e28326d8 | 2606 | PH/21 Long custom messages for fakedefer and fakereject are now split up |
4c04137d | 2607 | into multiline responses in the same way that messages for "deny" and |
e28326d8 PH |
2608 | other ACL rejections are. |
2609 | ||
75b1493f PH |
2610 | PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep, |
2611 | with slight modification. | |
2612 | ||
7c5214ec PH |
2613 | PH/23 Applied sieve patches from the maintainer "tracking the latest notify |
2614 | draft, changing the syntax and factoring some duplicate code". | |
2615 | ||
4311097e PH |
2616 | PH/24 When the log selector "outgoing_port" was set, the port was shown as -1 |
2617 | for deliveries of the second and subsequent messages over the same SMTP | |
2618 | connection. | |
2619 | ||
29f89cad PH |
2620 | PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and |
2621 | ${reduce, with only minor "tidies". | |
2622 | ||
5e687460 SC |
2623 | SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match. |
2624 | ||
c3611384 PH |
2625 | PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its |
2626 | expansion side effects. | |
2627 | ||
5a11a7b4 PH |
2628 | PH/27 When a message times out after an over-quota error from an Exim-imposed |
2629 | quota, the bounce message says "mailbox is full". This message was not | |
2630 | being given when it was a system quota that was exceeded. It now should | |
2631 | be the same. | |
2632 | ||
0e20aff9 MH |
2633 | MH/03 Made $recipients available in local_scan(). local_scan() already has |
2634 | better access to the recipient list through recipients_list[], but | |
2635 | $recipients can be useful in postmaster-provided expansion strings. | |
2636 | ||
ca86f471 PH |
2637 | PH/28 The $smtp_command and $smtp_command_argument variables were not correct |
2638 | in the case of a MAIL command with additional options following the | |
2639 | address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings | |
2640 | were accidentally chopped off. | |
2641 | ||
a14e5636 PH |
2642 | PH/29 SMTP synchronization checks are implemented when a command is read - |
2643 | there is a check that no more input is waiting when there shouldn't be | |
2644 | any. However, for some commands, a delay in an ACL can mean that it is | |
2645 | some time before the response is written. In this time, more input might | |
2646 | arrive, invalidly. So now there are extra checks after an ACL has run for | |
2647 | HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when | |
2648 | pipelining has not been advertised. | |
2649 | ||
ec95d1a6 PH |
2650 | PH/30 MH's patch to allow iscntrl() characters to be list separators. |
2651 | ||
42855d71 PH |
2652 | PH/31 Unlike :fail:, a custom message specified with :defer: was not being |
2653 | returned in the SMTP response when smtp_return_error_details was false. | |
2654 | This has been fixed. | |
2655 | ||
57c2c631 PH |
2656 | PH/32 Change the Dovecot authenticator to use read() and write() on the socket |
2657 | instead of the C I/O that was originally supplied, because problems were | |
2658 | reported on Solaris. | |
2659 | ||
58c01c94 PH |
2660 | PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in |
2661 | Exim which did not show up earlier: it was assuming that a call to | |
2662 | SSL_CTX_set_info_callback() might give an error value. In fact, there is | |
2663 | no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback() | |
2664 | was a macro that became an assignment, so it seemed to work. This has | |
2665 | changed to a proper function call with a void return, hence the compile | |
2666 | error. Exim's code has been fixed. | |
2667 | ||
dee5a20a PH |
2668 | PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit |
2669 | cpus. | |
2670 | ||
d2ee6114 PH |
2671 | PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify". |
2672 | ||
b2d5182b PH |
2673 | PH/36 Applied John Jetmore's patch to add -v functionality to exigrep. |
2674 | ||
79749a79 PH |
2675 | PH/37 If a message is not accepted after it has had an id assigned (e.g. |
2676 | because it turns out to be too big or there is a timeout) there is no | |
3ce62588 PH |
2677 | "Completed" line in the log. When some messages of this type were |
2678 | selected by exigrep, they were listed as "not completed". Others were | |
2679 | picked up by some special patterns. I have improved the selection | |
2680 | criteria to be more general. | |
79749a79 | 2681 | |
c456d9bb PH |
2682 | PH/38 The host_find_failed option in the manualroute router can now be set |
2683 | to "ignore", to completely ignore a host whose IP address cannot be | |
2684 | found. If all hosts are ignored, the behaviour is controlled by the new | |
2685 | host_all_ignored option. | |
2686 | ||
cd9868ec PH |
2687 | PH/39 In a list of hosts for manualroute, if one item (either because of multi- |
2688 | homing or because of multiple MX records with /mx) generated more than | |
2689 | one IP address, and the following item turned out to be the local host, | |
2690 | all the secondary addresses of the first item were incorrectly removed | |
2691 | from the list, along with the local host and any following hosts (which | |
2692 | is what is supposed to happen). | |
2693 | ||
ebeaf996 PH |
2694 | PH/40 When Exim receives a message, it writes the login name, uid, and gid of |
2695 | whoever called Exim into the -H file. In the case of the daemon it was | |
2696 | behaving confusingly. When first started, it used values for whoever | |
2697 | started the daemon, but after a SIGHUP it used the Exim user (because it | |
2698 | calls itself on a restart). I have changed the code so that it now always | |
2699 | uses the Exim user. | |
2700 | ||
2679d413 PH |
2701 | PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a |
2702 | message are rejected with the same error (e.g. no authentication or bad | |
2703 | sender address), and a DATA command is nevertheless sent (as can happen | |
2704 | with PIPELINING or a stupid MUA), the error message that was given to the | |
2705 | RCPT commands is included in the rejection of the DATA command. This is | |
2706 | intended to be helpful for MUAs that show only the final error to their | |
2707 | users. | |
2708 | ||
84024b72 PH |
2709 | PH/42 Another patch from the Sieve maintainer. |
2710 | ||
8005d38e SC |
2711 | SC/02 Eximstats - Differentiate between permanent and temporary rejects. |
2712 | Eximstats - Fixed some broken HTML links and added missing column headers | |
2713 | (Jez Hancock). | |
2714 | Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email | |
2715 | columns for Rejects, Temp Rejects, Ham, and Spam rows. | |
2716 | ||
3298c6c6 SC |
2717 | SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables. |
2718 | ||
a43a27c5 PH |
2719 | PH/43 Yet another patch from the Sieve maintainer. |
2720 | ||
58eb016e | 2721 | PH/44 I found a way to check for a TCP/IP connection going away before sending |
563b63fa PH |
2722 | the response to the final '.' that terminates a message, but only in the |
2723 | case where the client has not sent further data following the '.' | |
2724 | (unfortunately, this is allowed). However, in many cases there won't be | |
2725 | any further data because there won't be any more messages to send. A call | |
2726 | to select() can be used: if it shows that the input is "ready", there is | |
2727 | either input waiting, or the socket has been closed. An attempt to read | |
2728 | the next input character can distinguish the two cases. Previously, Exim | |
58eb016e | 2729 | would have sent an OK response which the client would never have see. |
563b63fa PH |
2730 | This could lead to message repetition. This fix should cure that, at |
2731 | least in a lot of common cases. | |
58eb016e | 2732 | |
b43a74ea PH |
2733 | PH/45 Do not advertise STARTTLS in response to HELP unless it would be |
2734 | advertised in response to EHLO. | |
2735 | ||
b4ed4da0 | 2736 | |
5dd1517f PH |
2737 | Exim version 4.66 |
2738 | ----------------- | |
2739 | ||
2740 | PH/01 Two more bugs that were introduced by 4.64/PH/07, in addition to the one | |
2741 | fixed by 4.65/MH/01 (is this a record?) are fixed: | |
2742 | ||
2743 | (i) An empty string was always treated as zero by the numeric comparison | |
2744 | operators. This behaviour has been restored. | |
2745 | ||
2746 | (ii) It is documented that the numeric comparison operators always treat | |
2747 | their arguments as decimal numbers. This was broken in that numbers | |
2748 | starting with 0 were being interpreted as octal. | |
2749 | ||
2750 | While fixing these problems I realized that there was another issue that | |
2751 | hadn't been noticed. Values of message_size_limit (both the global option | |
2752 | and the transport option) were treated as octal if they started with 0. | |
2753 | The documentation was vague. These values are now always treated as | |
2754 | decimal, and I will make that clear in the documentation. | |
2755 | ||
2756 | ||
93cfa765 TK |
2757 | Exim version 4.65 |
2758 | ----------------- | |
2759 | ||
2760 | TK/01 Disable default definition of HAVE_LINUX_SENDFILE. Clashes with | |
2761 | Linux large file support (_FILE_OFFSET_BITS=64) on older glibc | |
2762 | versions. (#438) | |
2763 | ||
d6066548 MH |
2764 | MH/01 Don't check that the operands of numeric comparison operators are |
2765 | integers when their expansion is in "skipping" mode (fixes bug | |
2766 | introduced by 4.64-PH/07). | |
2767 | ||
4362ff0d PH |
2768 | PH/01 If a system filter or a router generates more than SHRT_MAX (32767) |
2769 | child addresses, Exim now panics and dies. Previously, because the count | |
2770 | is held in a short int, deliveries were likely to be lost. As such a | |
2771 | large number of recipients for a single message is ridiculous | |
2772 | (performance will be very, very poor), I have chosen to impose a limit | |
2773 | rather than extend the field. | |
2774 | ||
93cfa765 | 2775 | |
944e9e9c TF |
2776 | Exim version 4.64 |
2777 | ----------------- | |
aa41d2de | 2778 | |
21d74bd9 TK |
2779 | TK/01 Bugzilla #401. Fix DK spooling code so that it can overwrite a |
2780 | leftover -K file (the existence of which was triggered by #402). | |
2781 | While we were at it, introduced process PID as part of the -K | |
2782 | filename. This should rule out race conditions when creating | |
2783 | these files. | |
2784 | ||
2785 | TK/02 Bugzilla #402. Apply patch from Simon Arlott, speeding up DK signing | |
2786 | processing considerably. Previous code took too long for large mails, | |
2787 | triggering a timeout which in turn triggers #401. | |
2788 | ||
2789 | TK/03 Introduced HAVE_LINUX_SENDFILE to os.h-Linux. Currently only used | |
2790 | in the DK code in transports.c. sendfile() is not really portable, | |
2791 | hence the _LINUX specificness. | |
944e9e9c TF |
2792 | |
2793 | TF/01 In the add_headers option to the mail command in an Exim filter, | |
2794 | there was a bug that Exim would claim a syntax error in any | |
2795 | header after the first one which had an odd number of characters | |
2796 | in the field name. | |
2797 | ||
2b1c6e3a PH |
2798 | PH/01 If a server that rejects MAIL FROM:<> was the target of a sender |
2799 | callout verification, Exim cached a "reject" for the entire domain. This | |
2800 | is correct for most verifications, but it is not correct for a recipient | |
2801 | verification with use_sender or use_postmaster set, because in that case | |
2802 | the callout does not use MAIL FROM:<>. Exim now distinguishes the special | |
2803 | case of MAIL FROM:<> rejection from other early rejections (e.g. | |
2804 | rejection of HELO). When verifying a recipient using a non-null MAIL | |
2805 | address, the cache is ignored if it shows MAIL FROM:<> rejection. | |
2806 | Whatever the result of the callout, the value of the domain cache is | |
2807 | left unchanged (for any other kind of callout, getting as far as trying | |
2808 | RCPT means that the domain itself is ok). | |
2809 | ||
1f872c80 PH |
2810 | PH/02 Tidied a number of unused variable and signed/unsigned warnings that |
2811 | gcc 4.1.1 threw up. | |
2812 | ||
2813 | PH/03 On Solaris, an unexpectedly close socket (dropped connection) can | |
2814 | manifest itself as EPIPE rather than ECONNECT. When tidying away a | |
2815 | session, the daemon ignores ECONNECT errors and logs others; it now | |
2816 | ignores EPIPE as well. | |
2817 | ||
d203e649 PH |
2818 | PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c |
2819 | (quoted-printable decoding). | |
2820 | ||
cc2ed8f7 | 2821 | PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and |
21a04aa3 | 2822 | later the small subsequent patch to fix an introduced bug. |
f951fd57 | 2823 | |
ddfcd446 PH |
2824 | PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer. |
2825 | ||
d45b1de8 PH |
2826 | PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}. |
2827 | ||
2828 | PH/08 An error is now given if message_size_limit is specified negative. | |
2829 | ||
38a0a95f | 2830 | PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables |
641cb756 | 2831 | to be given (somewhat) arbitrary names. |
38a0a95f | 2832 | |
a2405d83 JJ |
2833 | JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced |
2834 | in 4.64-PH/09. | |
2835 | ||
2836 | JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions, | |
2837 | miscellaneous code fixes | |
2838 | ||
6ea85e9a PH |
2839 | PH/10 Added the log_reject_target ACL modifier to specify where to log |
2840 | rejections. | |
2841 | ||
26da7e20 PH |
2842 | PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_ |
2843 | hostname. This is wrong, because it relates to the incoming message (and | |
2844 | probably the interface on which it is arriving) and not to the outgoing | |
2845 | callout (which could be using a different interface). This has been | |
2846 | changed to use the value of the helo_data option from the smtp transport | |
2847 | instead - this is what is used when a message is actually being sent. If | |
2848 | there is no remote transport (possible with a router that sets up host | |
2849 | addresses), $smtp_active_hostname is used. | |
6ea85e9a | 2850 | |
14aa5a05 | 2851 | PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various |
7befa435 | 2852 | tweaks were necessary in order to get it to work (see also 21 below): |
14aa5a05 PH |
2853 | (a) The code assumed that strncpy() returns a negative number on buffer |
2854 | overflow, which isn't the case. Replaced with Exim's string_format() | |
2855 | function. | |
2856 | (b) There were several signed/unsigned issues. I just did the minimum | |
2857 | hacking in of casts. There is scope for a larger refactoring. | |
2858 | (c) The code used strcasecmp() which is not a standard C function. | |
2859 | Replaced with Exim's strcmpic() function. | |
2860 | (d) The code set only $1; it now sets $auth1 as well. | |
2861 | (e) A simple test gave the error "authentication client didn't specify | |
2862 | service in request". It would seem that Dovecot has changed its | |
2863 | interface. Fortunately there's a specification; I followed it and | |
2864 | changed what the client sends and it appears to be working now. | |
2865 | ||
ff75a1f7 PH |
2866 | PH/13 Added $message_headers_raw to provide the headers without RFC 2047 |
2867 | decoding. | |
2868 | ||
e6f6568e PH |
2869 | PH/14 Corrected misleading output from -bv when -v was also used. Suppose the |
2870 | address A is aliased to B and C, where B exists and C does not. Without | |
2871 | -v the output is "A verified" because verification stops after a | |
2872 | successful redirection if more than one address is generated. However, | |
2873 | with -v the child addresses are also verified. Exim was outputting "A | |
2874 | failed to verify" and then showing the successful verification for C, | |
2875 | with its parentage. It now outputs "B failed to verify", showing B's | |
2876 | parentage before showing the successful verification of C. | |
2877 | ||
d6f6e0dc PH |
2878 | PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to |
2879 | look up a TXT record in a specific list after matching in a combined | |
2880 | list. | |
2881 | ||
322050c2 PH |
2882 | PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and |
2883 | RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when | |
2884 | they consult the DNS. I had assumed they would set it the way they | |
2885 | wanted; and indeed my experiments on Linux seem to show that in some | |
2886 | cases they do (I could influence IPv6 lookups but not IPv4 lookups). | |
2887 | To be on the safe side, however, I have now made the interface to | |
2888 | host_find_byname() similar to host_find_bydns(), with an argument | |
2889 | containing the DNS resolver options. The host_find_byname() function now | |
2890 | sets these options at its start, just as host_find_bydns() does. The smtp | |
2891 | transport options dns_qualify_single and dns_search_parents are passed to | |
2892 | host_find_byname() when gethostbyname=TRUE in this transport. Other uses | |
2893 | of host_find_byname() use the default settings of RES_DEFNAMES | |
2894 | (qualify_single) but not RES_DNSRCH (search_parents). | |
2895 | ||
08955dd3 PH |
2896 | PH/17 Applied (a modified version of) Nico Erfurth's patch to make |
2897 | spool_read_header() do less string testing, by means of a preliminary | |
2898 | switch on the second character of optional "-foo" lines. (This is | |
2899 | overdue, caused by the large number of possibilities that now exist. | |
2900 | Originally there were few.) While I was there, I also converted the | |
2901 | str(n)cmp tests so they don't re-test the leading "-" and the first | |
2902 | character, in the hope this might squeeze out yet more improvement. | |
2903 | ||
1eccaa59 PH |
2904 | PH/18 Two problems with "group" syntax in header lines when verifying: (1) The |
2905 | flag allowing group syntax was set by the header_syntax check but not | |
2906 | turned off, possible causing trouble later; (2) The flag was not being | |
2907 | set at all for the header_verify test, causing "group"-style headers to | |
2908 | be rejected. I have now set it in this case, and also caused header_ | |
2909 | verify to ignore an empty address taken from a group. While doing this, I | |
2910 | came across some other cases where the code for allowing group syntax | |
2911 | while scanning a header line wasn't quite right (mostly, not resetting | |
2912 | the flag correctly in the right place). These bugs could have caused | |
2913 | trouble for malformed header lines. I hope it is now all correct. | |
2914 | ||
602e59e5 PH |
2915 | PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called |
2916 | with the "reply" argument non-NULL. The code, however (which originally | |
2917 | came from elsewhere) had *some* tests for NULL when it wrote to *reply, | |
2918 | but it didn't always do it. This confused somebody who was copying the | |
2919 | code for some other use. I have removed all the tests. | |
2920 | ||
411ef850 PH |
2921 | PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a |
2922 | feature that was used to support insecure browsers during the U.S. crypto | |
2923 | embargo. It requires special client support, and Exim is probably the | |
2924 | only MTA that supported it -- and would never use it because real RSA is | |
2925 | always available. This code has been removed, because it had the bad | |
2926 | effect of slowing Exim down by computing (never used) parameters for the | |
2927 | RSA_EXPORT functionality. | |
2928 | ||
7befa435 PH |
2929 | PH/21 On the advice of Timo Sirainen, added a check to the dovecot |
2930 | authenticator to fail if there's a tab character in the incoming data | |
2931 | (there should never be unless someone is messing about, as it's supposed | |
2932 | to be base64-encoded). Also added, on Timo's advice, the "secured" option | |
2933 | if the connection is using TLS or if the remote IP is the same as the | |
2934 | local IP, and the "valid-client-cert option" if a client certificate has | |
2935 | been verified. | |
2936 | ||
48da4259 | 2937 | PH/22 As suggested by Dennis Davis, added a server_condition option to *all* |
16ff981e PH |
2938 | authenticators. This can be used for authorization after authentication |
2939 | succeeds. (In the case of plaintext, it servers for both authentication | |
2940 | and authorization.) | |
2941 | ||
48da4259 PH |
2942 | PH/23 Testing for tls_required and lost_connection in a retry rule didn't work |
2943 | if any retry times were supplied. | |
2944 | ||
d1d5595c PH |
2945 | PH/24 Exim crashed if verify=helo was activated during an incoming -bs |
2946 | connection, where there is no client IP address to check. In this | |
2947 | situation, the verify now always succeeds. | |
2948 | ||
0ef732d9 PH |
2949 | PH/25 Applied John Jetmore's -Mset patch. |
2950 | ||
328895cc PH |
2951 | PH/26 Added -bem to be like -Mset, but loading a message from a file. |
2952 | ||
fd700877 PH |
2953 | PH/27 In a string expansion for a processed (not raw) header when multiple |
2954 | headers of the same name were present, leading whitespace was being | |
2955 | removed from all of them, but trailing whitespace was being removed only | |
2956 | from the last one. Now trailing whitespace is removed from each header | |
f6c332bd PH |
2957 | before concatenation. Completely empty headers in a concatenation (as |
2958 | before) are ignored. | |
fd700877 | 2959 | |
8dce1a6f PH |
2960 | PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John |
2961 | Jetmore). It would have mis-read ACL variables from pre-4.61 spool files. | |
2962 | ||
17af4a17 PH |
2963 | PH/29 [Removed. This was a change that I later backed out, and forgot to |
2964 | correct the ChangeLog entry (that I had efficiently created) before | |
2965 | committing the later change.] | |
f6c332bd PH |
2966 | |
2967 | PH/30 Exim was sometimes attempting to deliver messages that had suffered | |
2968 | address errors (4xx response to RCPT) over the same connection as other | |
2969 | messages routed to the same hosts. Such deliveries are always "forced", | |
2970 | so retry times are not inspected. This resulted in far too many retries | |
2971 | for the affected addresses. The effect occurred only when there were more | |
2972 | hosts than the hosts_max_try setting in the smtp transport when it had | |
2973 | the 4xx errors. Those hosts that it had tried were not added to the list | |
2974 | of hosts for which the message was waiting, so if all were tried, there | |
2975 | was no problem. Two fixes have been applied: | |
2976 | ||
2977 | (i) If there are any address or message errors in an SMTP delivery, none | |
2978 | of the hosts (tried or untried) are now added to the list of hosts | |
2979 | for which the message is waiting, so the message should not be a | |
2980 | candidate for sending over the same connection that was used for a | |
2981 | successful delivery of some other message. This seems entirely | |
2982 | reasonable: after all the message is NOT "waiting for some host". | |
2983 | This is so "obvious" that I'm not sure why it wasn't done | |
2984 | previously. Hope I haven't missed anything, but it can't do any | |
2985 | harm, as the worst effect is to miss an optimization. | |
2986 | ||
2987 | (ii) If, despite (i), such a delivery is accidentally attempted, the | |
2988 | routing retry time is respected, so at least it doesn't keep | |
2989 | hammering the server. | |
2990 | ||
c1114884 PH |
2991 | PH/31 Installed Andrew Findlay's patch to close the writing end of the socket |
2992 | in ${readsocket because some servers need this prod. | |
2993 | ||
7a0743eb PH |
2994 | PH/32 Added some extra debug output when updating a wait-xxx database. |
2995 | ||
0d85fa3f PH |
2996 | PH/33 The hint "could be header name not terminated by colon", which has been |
2997 | given for certain expansion errors for a long time, was not being given | |
2998 | for the ${if def:h_colon_omitted{... case. | |
2999 | ||
1bf43b78 PH |
3000 | PH/34 The spec says: "With one important exception, whenever a domain list is |
3001 | being scanned, $domain contains the subject domain." There was at least | |
3002 | one case where this was not true. | |
3003 | ||
520de300 PH |
3004 | PH/35 The error "getsockname() failed: connection reset by peer" was being |
3005 | written to the panic log as well as the main log, but it isn't really | |
3006 | panic-worthy as it just means the connection died rather early on. I have | |
3007 | removed the panic log writing for the ECONNRESET error when getsockname() | |
3008 | fails. | |
3009 | ||
48c7f9e2 PH |
3010 | PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue |
3011 | runs only) independently of the message's sender address. This meant | |
3012 | that, if the 4xx error was in fact related to the sender, a different | |
3013 | message to the same recipient with a different sender could confuse | |
4c04137d | 3014 | things. In particular, this can happen when sending to a greylisting |
48c7f9e2 PH |
3015 | server, but other circumstances could also provoke similar problems. |
3016 | I have changed the default so that the retry time for these errors is now | |
3017 | based a combination of the sender and recipient addresses. This change | |
3018 | can be overridden by setting address_retry_include_sender=false in the | |
3019 | smtp transport. | |
3020 | ||
99ea1c86 PH |
3021 | PH/37 For LMTP over TCP/IP (the smtp transport), error responses from the |
3022 | remote server are returned as part of bounce messages. This was not | |
3023 | happening for LMTP over a pipe (the lmtp transport), but now it is the | |
3024 | same for both kinds of LMTP. | |
3025 | ||
a2042e78 PH |
3026 | PH/38 Despite being documented as not happening, Exim was rewriting addresses |
3027 | in header lines that were in fact CNAMEs. This is no longer the case. | |
3028 | ||
4fbcfc2e PH |
3029 | PH/39 If -R or -S was given with -q<time>, the effect of -R or -S was ignored, |
3030 | and queue runs started by the daemon processed all messages. This has | |
3031 | been fixed so that -R and -S can now usefully be given with -q<time>. | |
3032 | ||
aa41d2de PH |
3033 | PH/40 Import PCRE release 6.7 (fixes some bugs). |
3034 | ||
af561417 PH |
3035 | PH/41 Add bitwise logical operations to eval (courtesy Brad Jorsch). |
3036 | ||
3cc66b45 PH |
3037 | PH/42 Give an error if -q is specified more than once. |
3038 | ||
194cc0e4 PH |
3039 | PH/43 Renamed the variables $interface_address and $interface_port as |
3040 | $received_ip_address and $received_port, to make it clear that these | |
3041 | values apply to message reception, and not to the outgoing interface when | |
3042 | a message is delivered. (The old names remain recognized, of course.) | |
3043 | ||
a401ddaa PH |
3044 | PH/44 There was no timeout on the connect() call when using a Unix domain |
3045 | socket in the ${readsocket expansion. There now is. | |
3046 | ||
4e88a19f PH |
3047 | PH/45 Applied a modified version of Brad Jorsch's patch to allow "message" to |
3048 | be meaningful with "accept". | |
3049 | ||
d7d7b289 SC |
3050 | SC/01 Eximstats V1.43 |
3051 | Bug fix for V1.42 with -h0 specified. Spotted by Chris Lear. | |
3052 | ||
3053 | SC/02 Eximstats V1.44 | |
3054 | Use a glob alias rather than an array ref in the generated | |
3055 | parser. This improves both readability and performance. | |
3056 | ||
3057 | SC/03 Eximstats V1.45 (Marco Gaiarin / Steve Campbell) | |
3058 | Collect SpamAssassin and rejection statistics. | |
3059 | Don't display local sender or destination tables unless | |
3060 | there is data to show. | |
3061 | Added average volumes into the top table text output. | |
3062 | ||
3063 | SC/04 Eximstats V1.46 | |
3064 | Collect data on the number of addresses (recipients) | |
3065 | as well as the number of messages. | |
3066 | ||
3067 | SC/05 Eximstats V1.47 | |
3068 | Added 'Message too big' to the list of mail rejection | |
3069 | reasons (thanks to Marco Gaiarin). | |
3070 | ||
3071 | SC/06 Eximstats V1.48 | |
3072 | Mainlog lines which have GMT offsets and are too short to | |
3073 | have a flag are now skipped. | |
3074 | ||
3075 | SC/07 Eximstats V1.49 (Alain Williams) | |
3076 | Added the -emptyok flag. | |
3077 | ||
3078 | SC/08 Eximstats V1.50 | |
3079 | Fixes for obtaining the IP address from reject messages. | |
3080 | ||
0ea2a468 JJ |
3081 | JJ/03 exipick.20061117.2, made header handling as similar to exim as possible |
3082 | (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed | |
4c04137d | 3083 | whitespace changes from 4.64-PH/27 |
0ea2a468 JJ |
3084 | |
3085 | JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to | |
3086 | match 4.64-PH/13 | |
3087 | ||
3088 | JJ/05 exipick.20061117.2, bug fixes (error out sooner when invalid criteria | |
3089 | are found, allow negative numbers in numeric criteria) | |
3090 | ||
3091 | JJ/06 exipick.20061117.2, added new $message_body_missing variable | |
3092 | ||
3093 | JJ/07 exipick.20061117.2, added $received_ip_address and $received_port | |
3094 | to match changes made in 4.64-PH/43 | |
3095 | ||
8a10f5a4 PH |
3096 | PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm. |
3097 | ||
30e18802 PH |
3098 | PH/47 Put in an explicit test for a DNS lookup of an address record where the |
3099 | "domain" is actually an IP address, and force a failure. This locks out | |
3100 | those revolvers/nameservers that support "A-for-A" lookups, in | |
3101 | contravention of the specifications. | |
3102 | ||
55728a4f PH |
3103 | PH/48 When a host name was looked up from an IP address, and the subsequent |
3104 | forward lookup of the name timed out, the host name was left in | |
3105 | $sender_host_name, contrary to the specification. | |
d7d7b289 | 3106 | |
d7837193 PH |
3107 | PH/49 Although default lookup types such as lsearch* or cdb*@ have always been |
3108 | restricted to single-key lookups, Exim was not diagnosing an error if | |
3109 | * or *@ was used with a query-style lookup. | |
3110 | ||
87054a31 PH |
3111 | PH/50 Increased the value of DH_BITS in tls-gnu.c from 768 to 1024. |
3112 | ||
ea2c01d2 MH |
3113 | MH/01 local_scan ABI version incremented to 1.1. It should have been updated |
3114 | long ago, but noone interested enough thought of it. Let's just say that | |
3115 | the "1.1" means that there are some new functions that weren't there at | |
3116 | some point in the past. | |
3117 | ||
e4fa6968 PH |
3118 | PH/51 Error processing for expansion failure of helo_data from an smtp |
3119 | transport during callout processing was broken. | |
3120 | ||
56f5d9bd PH |
3121 | PH/52 Applied John Jetmore's patch to allow tls-on-connect and STARTTLS to be |
3122 | tested/used via the -bh/-bhc/-bs options. | |
3123 | ||
922e1c28 PH |
3124 | PH/53 Added missing "#include <time.h>" to pcre/pcretest.c (this was a PCRE |
3125 | bug, fixed in subsequent PCRE releases). | |
3126 | ||
21eb6e72 PH |
3127 | PH/54 Applied Robert Bannocks' patch to avoid a problem with references that |
3128 | arises when using the Solaris LDAP libraries (but not with OpenLDAP). | |
3129 | ||
a0540757 PH |
3130 | PH/55 Check for a ridiculously long file name in exim_dbmbuild. |
3131 | ||
944e9e9c | 3132 | |
478be7b0 SC |
3133 | Exim version 4.63 |
3134 | ----------------- | |
3135 | ||
3136 | SC/01 Use a glob alias rather than an array ref in eximstats generated | |
3137 | parser. This improves both readability and performance. | |
3138 | ||
3139 | SC/02 Collect SpamAssassin and rejection statistics in eximstats. | |
3140 | Don't display local sender or destination tables in eximstats unless | |
3141 | there is data to show. | |
3142 | Added average volumes into the eximstats top table text output. | |
3143 | ||
3144 | SC/03 Collect data on the number of addresses (recipients) as well | |
3145 | as the number of messages in eximstats. | |
3146 | ||
2b965a65 TF |
3147 | TF/01 Correct an error in the documentation for the redirect router. Exim |
3148 | does (usually) call initgroups() when daemonizing. | |
478be7b0 | 3149 | |
45b91596 PH |
3150 | TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs |
3151 | with consistent privilege compared to when running as a daemon. | |
478be7b0 | 3152 | |
c59f5781 TF |
3153 | TF/03 Note in the spec that $authenticated_id is not set for local |
3154 | submissions from trusted users. | |
3155 | ||
90fc3069 TF |
3156 | TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp. |
3157 | Thanks to Dean Brooks <dean@iglou.com> for the patch. | |
3158 | ||
6083aca0 TF |
3159 | TF/05 Make it easier to get SMTP authentication and TLS/SSL support working |
3160 | by adding some example configuration directives to the default | |
3161 | configuration file. A little bit of work is required to uncomment the | |
3162 | directives and define how usernames and passwords are checked, but | |
3163 | there is now a framework to start from. | |
3164 | ||
765b530f PH |
3165 | PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old" |
3166 | functions that Exim currently uses aren't defined in ldap.h for OpenLDAP | |
3167 | without this. I don't know how relevant this is to other LDAP libraries. | |
3168 | ||
4e167a8c PH |
3169 | PH/02 Add the verb name to the "unknown ACL verb" error. |
3170 | ||
4608d683 PH |
3171 | PH/03 Magnus Holmgren's patch for filter_prepend_home. |
3172 | ||
b8dc3e4a PH |
3173 | PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work. |
3174 | ||
5418e93b PH |
3175 | PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home |
3176 | directory not expanded when it should be if an expanded home directory | |
3177 | was set for the address (which is overridden by the transport). | |
3178 | ||
b4a9bda2 PH |
3179 | PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with |
3180 | libradius. | |
3181 | ||
45b91596 PH |
3182 | PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the |
3183 | bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL, | |
3184 | because it is too late at that time, and has no effect. | |
3185 | ||
5547e2c5 PH |
3186 | PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a |
3187 | security issue with \' (bugzilla #107). I could not use the | |
3188 | PQescapeStringConn() function, because it needs a PGconn value as one of | |
3189 | its arguments. | |
3190 | ||
dbcef0ea PH |
3191 | PH/08 When testing addresses using -bt, indicate those final addresses that |
3192 | are duplicates that would not cause an additional delivery. At least one | |
3193 | person was confused, thinking that -bt output corresponded to deliveries. | |
3194 | (Suppressing duplicates isn't a good idea as you lose the information | |
3195 | about possibly different redirections that led to the duplicates.) | |
3196 | ||
25257489 PH |
3197 | PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on |
3198 | systems where poll() doesn't work, in particular OS X. | |
3199 | ||
c816d124 PH |
3200 | PH/10 Added more information to debugging output for retry time not reached. |
3201 | ||
a9ccd69a PH |
3202 | PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read |
3203 | operations in malware.c. | |
3204 | ||
75fa1910 PH |
3205 | PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys |
3206 | signatures. | |
3207 | ||
a7d7aa58 PH |
3208 | PH/13 If write_rejectlog was set false when logging was sent to syslog with |
3209 | syslog_duplication set false, log lines that would normally be written | |
3210 | both the the main log and to the reject log were not written to syslog at | |
3211 | all. | |
3212 | ||
42119b09 PH |
3213 | PH/14 In the default configuration, change the use of "message" in ACL warn |
3214 | statements to "add_header". | |
3215 | ||
41609df5 PH |
3216 | PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not |
3217 | not followed by a command (e.g. "seen endif"). | |
3218 | ||
a5bd321b PH |
3219 | PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail: |
3220 | and :defer: in a redirect router. Add forbid_smtp_code to suppress the | |
3221 | latter. | |
3222 | ||
e85a7ad5 | 3223 | PH/17 Added extra conditions to the default value of delay_warning_condition |
5dff5817 PH |
3224 | so that it is now: |
3225 | ||
e85a7ad5 PH |
3226 | ${if or { \ |
3227 | { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \ | |
3228 | { match{$h_precedence:}{(?i)bulk|list|junk} } \ | |
3229 | { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \ | |
5dff5817 PH |
3230 | }{no}{yes}} |
3231 | ||
e85a7ad5 PH |
3232 | The Auto-Submitted: and various List- headers are standardised, whereas I |
3233 | don't think Precedence: ever was. | |
5dff5817 | 3234 | |
d8fe1c03 PH |
3235 | PH/18 Refactored debugging code in route_finduser() to show more information, |
3236 | in particular, the error code if getpwnam() issues one. | |
3237 | ||
16282d2b PH |
3238 | PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module. |
3239 | This is apparently needed in addition to the PH/07 change above to avoid | |
3240 | any possible encoding problems. | |
3241 | ||
35d40a98 PH |
3242 | PH/20 Perl can change the locale. Exim was resetting it after a ${perl call, |
3243 | but not after initializing Perl. | |
3244 | ||
034d99ab PH |
3245 | PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and |
3246 | output them only if debugging. By default they are written stderr, | |
3247 | apparently, which is not desirable. | |
3248 | ||
6ec97b1b PH |
3249 | PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on |
3250 | queries. | |
3251 | ||
e22ca4ac JJ |
3252 | JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and |
3253 | --not options | |
3254 | ||
3255 | JJ/02 exipick: rewrote --help documentation to hopefully make more clear. | |
3256 | ||
33d73e3b PH |
3257 | PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is |
3258 | authenticated or an ident call has been made. Suppress the default | |
3259 | values for $authenticated_id and $authenticated_sender (but permit -oMai | |
3260 | and -oMas) when testing with -bh. | |
3261 | ||
9ecb03f3 PH |
3262 | PH/24 Re-jigged the order of the tests in the default configuration so that the |
3263 | tests for valid domains and recipients precede the DNS black list and CSA | |
3264 | tests, on the grounds that those ones are more expensive. | |
3265 | ||
084efe8d PH |
3266 | PH/25 Exim was not testing for a space following SMTP commands such as EHLO |
3267 | that require one. Thus, EHLORHUBARB was interpreted as a valid command. | |
3268 | This bug exists in every version of Exim that I still have, right back to | |
3269 | 0.12. | |
3270 | ||
366fc9f0 PH |
3271 | PH/26 (n)wildlsearch lookups are documented as being done case-insensitively. |
3272 | However, an attempt to turn on case-sensitivity in a regex key by | |
3273 | including (?-i) didn't work because the subject string was already | |
3274 | lowercased, and the effects were non-intuitive. It turns out that a | |
3275 | one-line patch can be used to allow (?-i) to work as expected. | |
3276 | ||
c59f5781 | 3277 | |
c887c79e TF |
3278 | Exim version 4.62 |
3279 | ----------------- | |
3280 | ||
3281 | TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst | |
3282 | other effects) broke the use of negated acl sub-conditions. | |
3283 | ||
1cce3af8 PH |
3284 | PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore |
3285 | patch). | |
3286 | ||
afb3eaaf PH |
3287 | PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow". |
3288 | "Deny" causes Exim to reject the incoming connection with a 554 error. | |
3289 | Unfortunately, if there is a major crisis, such as a disk failure, | |
3290 | tcp-wrappers gives "deny", whereas what one would like would be some | |
3291 | kind of temporary error. A kludge has been added to help with this. | |
3292 | Before calling hosts_ctl(), errno is set zero. If the result is "deny", a | |
3293 | 554 error is used if errno is still zero or contains ENOENT (which occurs | |
3294 | if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a | |
3295 | 451 error is used. | |
3296 | ||
e173618b PH |
3297 | PH/03 Add -lutil to the default FreeBSD LIBS setting. |
3298 | ||
dd16e114 PH |
3299 | PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host |
3300 | errors. Otherwise a message that provokes a temporary error (when other | |
3301 | messages do not) can cause a whole host to time out. | |
3302 | ||
f7fd3850 PH |
3303 | PH/05 Batch deliveries by appendfile and pipe transports did not work when the |
3304 | addresses were routed directly to files or pipes from a redirect router. | |
3305 | File deliveries just didn't batch; pipe deliveries might have suffered | |
3306 | odd errors. | |
3307 | ||
d87df92c PH |
3308 | PH/06 A failure to get a lock for a hints database would erroneously always say |
3309 | "Failed to get write lock", even when it was really a read lock. | |
3310 | ||
7e9f683d PH |
3311 | PH/07 The appendfile transport was creating MBX lock files with a fixed mode |
3312 | of 0600. This has been changed to use the value of the lockfile_mode | |
3313 | option (which defaults to 0600). | |
3314 | ||
bfad5236 PH |
3315 | PH/08 Applied small patch from the Sieve maintainer. |
3316 | ||
01c490df PH |
3317 | PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash |
3318 | folder from quota calculations, a direct delivery into this folder messed | |
3319 | up the contents of the maildirsize file. This was because the regex was | |
3320 | used only to exclude .Trash (or whatever) when the size of the mailbox | |
3321 | was calculated. There was no check that a delivery was happening into an | |
3322 | excluded directory. This bug has been fixed by ignoring all quota | |
3323 | processing for deliveries into excluded directories. | |
3324 | ||
d6629cdc PH |
3325 | PH/10 Added the maildirfolder_create_regex option to appendfile. |
3326 | ||
1cce3af8 | 3327 | |
214e2000 PH |
3328 | Exim version 4.61 |
3329 | ----------------- | |
3330 | ||
3331 | PH/01 The code for finding all the local interface addresses on a FreeBSD | |
3332 | system running IPv6 was broken. This may well have applied to all BSD | |
3333 | systems, as well as to others that have similar system calls. The broken | |
3334 | code found IPv4 interfaces correctly, but gave incorrect values for the | |
3335 | IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was | |
3336 | that it would not match correctly against @[] and not recognize the IPv6 | |
3337 | addresses as local. | |
3338 | ||
f9daeae0 PH |
3339 | PH/02 The ipliteral router was not recognizing addresses of the form user@ |
3340 | [ipv6:....] because it didn't know about the "ipv6:" prefix. | |
3341 | ||
7e66e54d PH |
3342 | PH/03 Added disable_ipv6. |
3343 | ||
c8ea1597 PH |
3344 | PH/04 Changed $reply_address to use the raw form of the headers instead of the |
3345 | decoded form, because it is most often used to construct To: headers | |
3346 | lines in autoreplies, and the decoded form may well be syntactically | |
3347 | invalid. However, $reply_address has leading white space removed, and all | |
3348 | newlines turned into spaces so that the autoreply transport does not | |
3349 | grumble. | |
3350 | ||
911f6fde PH |
3351 | PH/05 If group was specified without a user on a router, and no group or user |
3352 | was specified on a transport, the group from the router was ignored. | |
3353 | ||
47ca6d6c PH |
3354 | PH/06 Increased the number of ACL variables to 20 of each type, and arranged |
3355 | for visible compile-time settings that can be used to change these | |
3356 | numbers, for those that want even more. Backwards compatibility with old | |
3357 | spool files has been maintained. However, going back to a previous Exim | |
3358 | release will lost any variables that are in spool files. | |
3359 | ||
ed0e9820 PH |
3360 | PH/07 Two small changes when running in the test harness: increase delay when |
3361 | passing a TCP/IP connection to a new process, in case the original | |
3362 | process has to generate a bounce, and remove special handling of | |
3363 | 127.0.0.2 (sic), which is no longer necessary. | |
3364 | ||
eff37e47 PH |
3365 | PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to |
3366 | be the same on different OS. | |
3367 | ||
1921d2ea PH |
3368 | PH/09 Moved a debug statement in filter processing to avoid a race problem when |
3369 | testing. | |
3370 | ||
b3f69ca8 JJ |
3371 | JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:" |
3372 | whether --show-vars was specified or not | |
3373 | ||
3374 | JJ/02 exipick: Added support for new ACL variable spool format introduced | |
3375 | in 4.61-PH/06 | |
3376 | ||
424a1c63 PH |
3377 | PH/10 Fixed another bug related to PH/04 above: if an incoming message had a |
3378 | syntactically invalid From: or Reply-to: line, and a filter used this to | |
3379 | generate an autoreply, and therefore failed to obtain an address for the | |
3380 | autoreply, Exim could try to deliver to a non-existent relative file | |
3381 | name, causing unrelated and misleading errors. What now happens is that | |
3382 | it logs this as a hard delivery error, but does not attempt to create a | |
3383 | bounce message. | |
3384 | ||
7a100415 PH |
3385 | PH/11 The exinext utility has a -C option for testing purposes, but although |
3386 | the given file was scanned by exinext itself; it wasn't being passed on | |
3387 | when Exim was called. | |
3388 | ||
19b9dc85 PH |
3389 | PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as |
3390 | an end-of-file indication when reading a command response. | |
3391 | ||
309bd837 PH |
3392 | PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was |
3393 | compiled. In many other places in Exim, IPv6 addresses are always | |
3394 | recognized, so I have changed this. It also means that IPv4 domain | |
3395 | literals of the form [IPV4:n.n.n.n] are now always recognized. | |
3396 | ||
59e82a2a PH |
3397 | PH/14 When a uid/gid is specified for the queryprogram router, it cannot be |
3398 | used if the router is not running as root, for example, when verifying at | |
3399 | ACL time, or when using -bh. The debugging output from this situation was | |
3400 | non-existent - all you got was a failure to exec. I have made two | |
3401 | changes: | |
3402 | ||
3403 | (a) Failures to set uid/gid, the current directory, or a process leader | |
3404 | in a subprocess such as that created by queryprogram now generate | |
4c04137d | 3405 | suitable debugging output when -d is set. |
59e82a2a PH |
3406 | |
3407 | (b) The queryprogram router detects when it is not running as root, | |
3408 | outputs suitable debugging information if -d is set, and then runs | |
3409 | the subprocess without attempting to change uid/gid. | |
3410 | ||
9edc04ce PH |
3411 | PH/15 Minor change to Makefile for building test_host (undocumented testing |
3412 | feature). | |
3413 | ||
1349e1e5 PH |
3414 | PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the |
3415 | additional section of a DNS packet that returns MX or SRV records. | |
3416 | Instead, it always explicitly searches for A/AAAA records. This avoids | |
3417 | major problems that occur when a DNS server includes only records of one | |
3418 | type (A or AAAA) in an MX/SRV packet. A byproduct of this change has | |
3419 | fixed another bug: if SRV records were looked up and the corresponding | |
3420 | address records were *not* found in the additional section, the port | |
3421 | values from the SRV records were lost. | |
3422 | ||
ea49d0e1 PH |
3423 | PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not |
3424 | using the correct key (the original address) when searching the retry | |
3425 | rules in order to find which one to use for generating the retry hint. | |
3426 | ||
064a94c9 PH |
3427 | PH/18 If quota_warn_message contains a From: header, Exim now refrains from |
3428 | adding the default one. Similarly, if it contains a Reply-To: header, the | |
3429 | errors_reply_to option, if set, is not used. | |
3430 | ||
727071f8 PH |
3431 | PH/19 When calculating a retry time, Exim used to measure the "time since |
3432 | failure" by looking at the "first failed" field in the retry record. Now | |
3433 | it does not use this if it is later than than the arrival time of the | |
3434 | message. Instead it uses the arrival time. This makes for better | |
3435 | behaviour in cases where some deliveries succeed, thus re-setting the | |
3436 | "first failed" field. An example is a quota failure for a huge message | |
3437 | when small messages continue to be delivered. Without this change, the | |
3438 | "time since failure" will always be short, possible causing more frequent | |
3439 | delivery attempts for the huge message than are intended. | |
dd16e114 | 3440 | [Note: This change was subsequently modified - see PH/04 for 4.62.] |
727071f8 | 3441 | |
f78eb7c6 PH |
3442 | PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as |
3443 | $1, $2, $3) because the numerical variables can be reset during some | |
3444 | expansion items (e.g. "match"), thereby losing the authentication data. | |
3445 | ||
21c28500 PH |
3446 | PH/21 Make -bV show the size of off_t variables so that the test suite can |
3447 | decide whether to run tests for quotas > 2G. | |
3448 | ||
3449 | PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold, | |
3450 | mailbox_size, and mailbox_filecount in the appendfile transport. If a | |
3451 | filecount value is greater than 2G or if a quota value is greater than 2G | |
3452 | on a system where the size of off_t is not greater than 4, a panic error | |
3453 | is given. | |
3454 | ||
1688f43b PH |
3455 | PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can |
3456 | never match. The debug and -bh output now contains an explicit error | |
3457 | message indicating a malformed IPv4 address or mask. | |
3458 | ||
3459 | PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address | |
3460 | 1.2.3.4 without a mask. Now it is not recognized as an IP address, and | |
3461 | PH/23 above applies. | |
3462 | ||
9675b384 PH |
3463 | PH/25 Do not write to syslog when running in the test harness. The only |
3464 | occasion when this arises is a failure to open the main or panic logs | |
3465 | (for which there is an explicit test). | |
3466 | ||
6a3f1455 PH |
3467 | PH/26 Added the /no_tell option to "control=freeze". |
3468 | ||
dac79d3e PH |
3469 | PH/27 If a host name lookup failed very early in a connection, for example, if |
3470 | the IP address matched host_lookup and the reverse lookup yielded a name | |
3471 | that did not have a forward lookup, an error message of the form "no IP | |
3472 | address found for host xxx.xxx.xxx (during SMTP connection from NULL)" | |
3473 | could be logged. Now it outputs the IP address instead of "NULL". | |
1349e1e5 | 3474 | |
5977a0b3 PH |
3475 | PH/28 An enabling patch from MH: add new function child_open_exim2() which |
3476 | allows the sender and the authenticated sender to be set when | |
3477 | submitting a message from within Exim. Since child_open_exim() is | |
3478 | documented for local_scan(), the new function should be too. | |
3479 | ||
c91535f3 PH |
3480 | PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being |
3481 | ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that | |
3482 | results in an empty string is now treated as unset. | |
3483 | ||
0d46a8c8 PH |
3484 | PH/30 Fix eximon buffer overflow bug (Bugzilla #73). |
3485 | ||
278c6e6c PH |
3486 | PH/31 Added sender_verify_fail logging option. |
3487 | ||
2cbb4081 PH |
3488 | PH/32 In November 2003, the code in Exim that added an empty Bcc: header when |
3489 | needed by RFC 822 but not by RFC 2822 was commented out. I have now | |
3490 | tidied the source and removed it altogether. | |
3491 | ||
3eef829e PH |
3492 | PH/33 When a queue run was abandoned because the load average was too high, a |
3493 | log line was always written; now it is written only if the queue_run log | |
3494 | selector is set. In addition, the log line for abandonment now contains | |
3495 | information about the queue run such as the pid. This is always present | |
3496 | in "start" and "stop" lines but was omitted from the "abandon" line. | |
3497 | ||
1ab95fa6 PH |
3498 | PH/34 Omit spaces between a header name and the colon in the error message that |
3499 | is given when verify = headers_syntax fails (if there are lots of them, | |
3500 | the message gets confusing). | |
3501 | ||
230205fc PH |
3502 | PH/35 Change the default for dns_check_names_pattern to allow slashes within |
3503 | names, as there are now some PTR records that contain slashes. This check | |
3504 | is only to protect against broken name servers that fall over on strange | |
3505 | characters, so the fact that it applies to all lookups doesn't matter. | |
3506 | ||
75e0e026 PH |
3507 | PH/36 Now that the new test suite is complete, we can remove some of the |
3508 | special code in Exim that was needed for the old test suite. For example, | |
3509 | sorting DNS records because real resolvers return them in an arbitrary | |
3510 | order. The new test suite's fake resolver always returns records in the | |
3511 | same order. | |
3512 | ||
3513 | PH/37 When running in the test harness, use -odi for submitted messages (e.g. | |
3514 | bounces) except when queue_only is set, to avoid logging races between | |
3515 | the different processes. | |
3516 | ||
145396a6 PH |
3517 | PH/38 Panic-die if .include specifies a non-absolute path. |
3518 | ||
3cd34f13 PH |
3519 | PH/39 A tweak to the "H" retry rule from its user. |
3520 | ||
11121d3d JJ |
3521 | JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified |
3522 | a label. They prevented compilation on older perls. | |
3523 | ||
3524 | JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused | |
3525 | a warning to be raised on newish perls. | |
3526 | ||
3527 | JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages | |
3528 | on queue. Changes to match documented behaviour of showing count of | |
3529 | messages matching specified criteria. | |
3530 | ||
8def5aaf PH |
3531 | PH/40 Changed the default ident timeout from 30s to 5s. |
3532 | ||
929ba01c PH |
3533 | PH/41 Added support for the use of login_cap features, on those BSD systems |
3534 | that have them, for controlling the resources used by pipe deliveries. | |
3535 | ||
2632889e PH |
3536 | PH/42 The content-scanning code uses fopen() to create files in which to put |
3537 | message data. Previously it was not paying any attention to the mode of | |
3538 | the files. Exim runs with umask(0) because the rest of the code creates | |
3539 | files with open(), and sets the required mode explicitly. Thus, these | |
3540 | files were ending up world-writeable. This was not a big issue, because, | |
3541 | being within the spool directory, they were not world-accessible. I have | |
3542 | created a function called modefopen, which takes an additional mode | |
3543 | argument. It sets umask(777), creates the file, chmods it to the required | |
3544 | mode, then resets the umask. All the relevant calls to fopen() in the | |
3545 | content scanning code have been changed to use this function. | |
3546 | ||
944a9c55 PH |
3547 | PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset |
3548 | to 24 hours. This avoids potential overflow problems when processing G | |
3549 | and H retry rules. I suspect nobody ever tinkers with this value. | |
3550 | ||
4a23603b PH |
3551 | PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile. |
3552 | ||
4730f942 PH |
3553 | PH/45 When the plaintext authenticator is running as a client, the server's |
3554 | challenges are checked to ensure they are valid base64 strings. By | |
3555 | default, the authentication attempt is cancelled if an invalid string is | |
3556 | received. Setting client_ignore_invalid_base64 true ignores these errors. | |
3557 | The decoded challenge strings are now placed in $auth1, $auth2, etc. as | |
3558 | they are received. Thus, the responses can be made to depend on the | |
3559 | challenges. If an invalid string is ignored, an empty string is placed in | |
3560 | the variable. | |
3561 | ||
30dba1e6 PH |
3562 | PH/46 Messages that are created by the autoreply transport now contains a |
3563 | References: header, in accordance with RFCs 2822 and 3834. | |
3564 | ||
382afc6b PH |
3565 | PH/47 Added authenticated_sender_force to the smtp transport. |
3566 | ||
a86229cf PH |
3567 | PH/48 The ${prvs expansion was broken on systems where time_t was long long. |
3568 | ||
50c99ba6 PH |
3569 | PH/49 Installed latest patch from the Sieve maintainer. |
3570 | ||
d35e429d PH |
3571 | PH/50 When an Exim quota was set without a file count quota, and mailbox_size |
3572 | was also set, the appendfile transport was unnecessarily scanning a | |
3573 | directory of message files (e.g. for maildir delivery) to find the count | |
3574 | of files (along with the size), even though it did not need this | |
3575 | information. It now does the scan only if it needs to find either the | |
3576 | size of the count of files. | |
3577 | ||
f90d018c PH |
3578 | PH/51 Added ${time_eval: to convert Exim time strings into seconds. |
3579 | ||
75def545 PH |
3580 | PH/52 Two bugs concerned with error handling when the smtp transport is |
3581 | used in LMTP mode: | |
3582 | ||
3583 | (i) Exim was not creating retry information for temporary errors given | |
3584 | for individual recipients after the DATA command when the smtp transport | |
3585 | was used in LMTP mode. This meant that they could be retried too | |
3586 | frequently, and not timed out correctly. | |
3587 | ||
3588 | (ii) Exim was setting the flag that allows error details to be returned | |
3589 | for LMTP errors on RCPT commands, but not for LMTP errors for individual | |
3590 | recipients that were returned after the DATA command. | |
3591 | ||
3592 | PH/53 This is related to PH/52, but is more general: for any failing address, | |
3593 | when detailed error information was permitted to be returned to the | |
3594 | sender, but the error was temporary, then after the final timeout, only | |
3595 | "retry timeout exceeded" was returned. Now it returns the full error as | |
3596 | well as "retry timeout exceeded". | |
3597 | ||
c46782ef PH |
3598 | PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that |
3599 | do this, and (what is worse) MTAs that accept it. | |
3600 | ||
71fafd95 PH |
3601 | PH/55 Added the add_header modified to ACLs. The use of "message" with "warn" |
3602 | will now be deprecated. | |
3603 | ||
2c5db4fd PH |
3604 | PH/56 New os.c-cygwin from the Cygwin maintainer. |
3605 | ||
9cf6b11a JJ |
3606 | JJ/06 exipick: added --unsorted option to allow unsorted output in all output |
3607 | formats (previously only available in exim formats via -bpr, -bpru, | |
3608 | and -bpra. Now also available in native and exiqgrep formats) | |
3609 | ||
3610 | JJ/07 exipick: added --freeze and --thaw options to allow faster interaction | |
3611 | with very large, slow to parse queues | |
3612 | ||
3613 | JJ/08 exipick: added ! as generic prefix to negate any criteria format | |
3614 | ||
3615 | JJ/09 exipick: miscellaneous performance enhancements (~24% improvements) | |
3616 | ||
898d150f PH |
3617 | PH/57 Tidies in SMTP dialogue display in debug output: (i) It was not showing |
3618 | responses to authentication challenges, though it was showing the | |
3619 | challenges; (ii) I've removed the CR characters from the debug output for | |
3620 | SMTP output lines. | |
3621 | ||
46218253 PH |
3622 | PH/58 Allow for the insertion of a newline as well as a space when a string |
3623 | is turned into more than one encoded-word during RFC 2047 encoding. The | |
3624 | Sieve code now uses this. | |
3625 | ||
e97957bc PH |
3626 | PH/59 Added the following errors that can be detected in retry rules: mail_4xx, |
3627 | data_4xx, lost_connection, tls_required. | |
3628 | ||
81e509d7 PH |
3629 | PH/60 When a VRFY deferred or FAILED, the log message rather than the user |
3630 | message was being sent as an SMTP response. | |
3631 | ||
3d240ff7 PH |
3632 | PH/61 Add -l and -k options to exicyclog. |
3633 | ||
b37c4101 PH |
3634 | PH/62 When verifying, if an address was redirected to one new address, so that |
3635 | verification continued, and the new address failed or deferred after | |
3636 | having set something in $address_data, the value of $address_data was not | |
3637 | passed back to the ACL. This was different to the case when no | |
3638 | redirection occurred. The value is now passed back in both cases. | |
3639 | ||
79378e0f PH |
3640 | PH/63 Changed the macro HAVE_LOGIN_CAP (see PH/41 for this release above) to |
3641 | HAVE_SETCLASSRESOURCES because there are different APIs in use that all | |
3642 | use login_cap.h, so on its own it isn't the distinguishing feature. The | |
3643 | new name refers directly to the setclassresources() function. | |
3644 | ||
e49c7bb4 PH |
3645 | PH/65 Added configuration files for NetBSD3. |
3646 | ||
d114ec46 PH |
3647 | PH/66 Updated OS/Makefile-HP-UX for gcc 4.1.0 with HP-UX 11. |
3648 | ||
f3d7df6c PH |
3649 | PH/67 Fixed minor infelicity in the sorting of addresses to ensure that IPv6 |
3650 | is preferred over IPv4. | |
3651 | ||
715ab376 PH |
3652 | PH/68 The bounce_return_message and bounce_return_body options were not being |
3653 | honoured for bounces generated during the reception of non-SMTP messages. | |
3654 | In particular, this applied to messages rejected by the ACL. This bug has | |
3655 | been fixed. However, if bounce_return_message is true and bounce_return_ | |
3656 | body is false, the headers that are returned for a non-SMTP message | |
3657 | include only those that have been read before the error was detected. | |
3658 | (In the case of an ACL rejection, they have all been read.) | |
3659 | ||
6b31b150 PH |
3660 | PH/69 The HTML version of the specification is now built in a directory called |
3661 | spec_html instead of spec.html, because the latter looks like a path with | |
3662 | a MIME-type, and this confuses some software. | |
3663 | ||
3664 | PH/70 Catch two compiler warnings in sieve.c. | |
3665 | ||
d515a917 PH |
3666 | PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The |
3667 | function verify_get_ident() calls ip_connect() to connect a socket, but | |
3668 | if the "connect()" function timed out, ip_connect() used to close the | |
3669 | socket. However, verify_get_ident() also closes the socket later, and in | |
3670 | between Exim writes to the log, which may get opened at this point. When | |
3671 | the socket was closed in ip_connect(), the log could get the same file | |
3672 | descriptor number as the socket. This naturally causes chaos. The fix is | |
3673 | not to close the socket in ip_connect(); the socket should be closed by | |
3674 | the function that creates it. There was only one place in the code where | |
3675 | this was missing, in the iplookup router, which I don't think anybody now | |
3676 | uses, but I've fixed it anyway. | |
3677 | ||
9b8fadde PH |
3678 | PH/72 Make dns_again_means_nonexist apply to lookups using gethostbyname() as |
3679 | well as to direct DNS lookups. Otherwise the handling of names in host | |
3680 | lists is inconsistent and therefore confusing. | |
3681 | ||
214e2000 | 3682 | |
5de37277 PH |
3683 | Exim version 4.60 |
3684 | ----------------- | |
3685 | ||
cc38ddbf PH |
3686 | PH/01 Two changes to the default runtime configuration: |
3687 | ||
3688 | (1) Move the checks for relay_from_hosts and authenticated clients from | |
3689 | after to before the (commented out) DNS black list checks. | |
3690 | ||
3691 | (2) Add control=submission to the relay_from_hosts and authenticated | |
3692 | clients checks, on the grounds that messages accepted by these | |
3693 | statements are most likely to be submissions. | |
5de37277 | 3694 | |
72fdd6ae PH |
3695 | PH/02 Several tidies to the handling of ${prvs and ${prvscheck: |
3696 | ||
3697 | (1) Generate an error if the third argument for the ${prvs expansion is | |
3698 | not a single digit. | |
3699 | ||
3700 | (2) Treat a missing third argument of ${prvscheck as if it were an empty | |
3701 | string. | |
3702 | ||
3703 | (3) Reset the variables that are obtained from the first argument of | |
3704 | ${prvscheck and used in the second argument before leaving the code, | |
3705 | because their memory is reclaimed, so using them afterwards may do | |
3706 | silly things. | |
3707 | ||
3708 | (4) Tidy up the code for expanding the arguments of ${prvscheck one by | |
3709 | one (it's much easier than Tom thought :-). | |
3710 | ||
3711 | (5) Because of (4), we can now allow for the use of $prvscheck_result | |
3712 | inside the third argument. | |
cb9328de | 3713 | |
cb741023 PH |
3714 | PH/03 For some reason, the default setting of PATH when running a command from |
3715 | a pipe transport was just "/usr/bin". I have changed it to | |
3716 | "/bin:/usr/bin". | |
3717 | ||
f174f16e PH |
3718 | PH/04 SUPPORT_TRANSLATE_IP_ADDRESS and MOVE_FROZEN_MESSAGES did not cause |
3719 | anything to be listed in the output from -bV. | |
b2f5a032 | 3720 | |
c25242d7 PH |
3721 | PH/05 When a filter generated an autoreply, the entire To: header line was |
3722 | quoted in the delivery log line, like this: | |
3723 | ||
3724 | => >A.N.Other <ano@some.domain> <original@ddress> ... | |
3725 | ||
3726 | This has been changed so that it extracts the operative address. There | |
3727 | may be more than one such address. If so, they are comma-separated, like | |
3728 | this: | |
3729 | ||
3730 | => >ano@some.domain,ona@other.domain <original@ddress> ... | |
3731 | ||
82c19f95 PH |
3732 | PH/06 When a client host used a correct literal IP address in a HELO or EHLO |
3733 | command, (for example, EHLO [1.2.3.4]) and the client's IP address was | |
3734 | not being looked up in the rDNS to get a host name, Exim was showing the | |
3735 | IP address twice in Received: lines, even though the IP addresses were | |
3736 | identical. For example: | |
3737 | ||
3738 | Received: from [1.2.3.4] (helo=[1.2.3.4]) | |
3739 | ||
3740 | However, if the real host name was known, it was omitting the HELO data | |
3741 | if it matched the actual IP address. This has been tidied up so that it | |
3742 | doesn't show the same IP address twice. | |
3743 | ||
d7ffbc12 PH |
3744 | PH/07 When both +timestamp and +memory debugging was on, the value given by |
3745 | $tod_xxx expansions could be wrong, because the tod_stamp() function was | |
3746 | called by the debug printing, thereby overwriting the timestamp buffer. | |
3747 | Debugging no longer uses the tod_stamp() function when +timestamp is set. | |
3748 | ||
9f526266 PH |
3749 | PH/08 When the original message was included in an autoreply transport, it |
3750 | always said "this is a copy of the message, including all the headers", | |
3751 | even if body_only or headers_only was set. It now gives an appropriate | |
3752 | message. | |
3753 | ||
87fcc8b9 PH |
3754 | PH/09 Applied a patch from the Sieve maintainer which: |
3755 | ||
3756 | o fixes some comments | |
3757 | o adds the (disabled) notify extension core | |
3758 | o adds some debug output for the result of if/elsif tests | |
3759 | o points to the current vacation draft in the documentation | |
3760 | and documents the missing references header update | |
3761 | ||
3762 | and most important: | |
3763 | ||
3764 | o fixes a bug in processing the envelope test (when testing | |
4c04137d | 3765 | multiple envelope elements, the last element determined the |
87fcc8b9 PH |
3766 | result) |
3767 | ||
456682f5 PH |
3768 | PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to |
3769 | Electronic Mail") by including: | |
3770 | ||
3771 | Auto-submitted: auto-generated | |
3772 | ||
3773 | in the messages that it generates (bounce messages and others, such as | |
4c04137d | 3774 | warnings). In the case of bounce messages for non-SMTP messages, there was |
456682f5 PH |
3775 | also a typo: it was using "Auto_submitted" (underscore instead of |
3776 | hyphen). Since every message generated by Exim is necessarily in response | |
3777 | to another message, thes have all been changed to: | |
3778 | ||
3779 | Auto-Submitted: auto-replied | |
3780 | ||
3781 | in accordance with these statements in the RFC: | |
3782 | ||
3783 | The auto-replied keyword: | |
3784 | ||
3785 | - SHOULD be used on messages sent in direct response to another | |
3786 | message by an automatic process, | |
3787 | ||
3788 | - MUST NOT be used on manually-generated messages, | |
3789 | ||
3790 | - MAY be used on Delivery Status Notifications (DSNs) and Message | |
3791 | Disposition Notifications (MDNs), | |
3792 | ||
3793 | - MUST NOT be used on messages generated by automatic or periodic | |
3794 | processes, except for messages which are automatic responses to | |
3795 | other messages. | |
3796 | ||
3e46c1aa PH |
3797 | PH/11 Added "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}" |
3798 | to the default Received: header definition. | |
456682f5 | 3799 | |
49826d12 PH |
3800 | PH/12 Added log selector acl_warn_skipped (default on). |
3801 | ||
eba0c039 PH |
3802 | PH/13 After a successful wildlsearch lookup, discard the values of numeric |
3803 | variables because (a) they are in the wrong storage pool and (b) even if | |
3804 | they were copied, it wouldn't work properly because of the caching. | |
3805 | ||
a0d6ba8a PH |
3806 | PH/14 Add check_rfc2047_length to disable enforcement of RFC 2047 length |
3807 | checking when decoding. Apparently there are clients that generate | |
3808 | overlong encoded strings. Why am I not surprised? | |
3809 | ||
f0917727 PH |
3810 | PH/15 If the first argument of "${if match_address" was not empty, but did not |
3811 | contain an "@" character, Exim crashed. Now it writes a panic log message | |
3812 | and treats the condition as false. | |
3813 | ||
096fee00 PH |
3814 | PH/16 In autoreply, treat an empty string for "once" the same as unset. |
3815 | ||
024bd3c2 PH |
3816 | PH/17 A further patch from the Sieve maintainer: "Introduce the new Sieve |
3817 | extension "envelope-auth". The code is finished and in agreement with | |
3818 | other implementations, but there is no documentation so far and in fact, | |
3819 | nobody wrote the draft yet. This extension is currently #undef'ed, thus | |
3820 | not changing the active code. | |
3821 | ||
3822 | Print executed "if" and "elsif" statements when debugging is used. This | |
3823 | helps a great deal to understand what a filter does. | |
3824 | ||
3825 | Document more things not specified clearly in RFC3028. I had all this | |
3826 | sorted out, when out of a sudden new issues came to my mind. Oops." | |
3827 | ||
df199fec PH |
3828 | PH/18 Exim was not recognizing the "net-" search type prefix in match_ip lists |
3829 | (Bugzilla #53). | |
3830 | ||
d27f1df3 PH |
3831 | PH/19 Exim expands the IPv6 address given to -bh to its full non-abbreviated |
3832 | canonical form (as documented). However, after a host name lookup from | |
3833 | the IP address, check_host() was doing a simple string comparison with | |
3834 | addresses acquired from the DNS when checking that the found name did | |
3835 | have the original IP as one of its addresses. Since any found IPv6 | |
3836 | addresses are likely to be in abbreviated form, the comparison could | |
3837 | fail. Luckily, there already exists a function for doing the comparison | |
3838 | by converting both addresses to binary, so now that is used instead of | |
3839 | the text comparison. | |
3840 | ||
96776534 PH |
3841 | PH/20 There was another similar case to PH/19, when a complete host name was |
3842 | given in a host list; looking up its IP address could give an abbreviated | |
3843 | form, whereas the current host's name might or might not be abbreviated. | |
3844 | The same fix has been applied. | |
3845 | ||
5de37277 | 3846 | |
9a799bc0 PH |
3847 | Exim version 4.54 |
3848 | ----------------- | |
3849 | ||
3850 | PH/01 The ${base62: operator adjusted itself to base 36 when BASE_62 was | |
3851 | set to 36 (for Darwin and Cygwin), but the ${base62d: operator did not. | |
3852 | It now does. | |
3853 | ||
99a4b039 PH |
3854 | PH/02 Two minor problems detected in Cygwin: the os.{c,h} files had lost */ on |
3855 | the CVS lines, and there was a missing #if HAVE_IPV6 in host.c. | |
3856 | ||
3857 | PH/03 Typo: missing ".o" in src/pcre/Makefile. | |
3858 | ||
4b233853 PH |
3859 | PH/04 Tighten up "personal" tests: Instead of testing for any "List-" |
3860 | header line, restrict the check to what is listed in RFCs 2369 and 2929. | |
3861 | Also, for "Auto-Submitted", treat anything other than "no" as | |
3862 | non-personal, in accordance with RFC 3834. (Previously it treated | |
3863 | anything starting "auto-" as non-personal.) | |
3864 | ||
8857ccfd PH |
3865 | TF/01 The control=submission/name=... option had a problem with syntax |
3866 | errors if the name included a slash character. The /name= option | |
3867 | now slurps the rest of the string, so it can include any characters | |
3868 | but it must come last in the list of options (after /sender_retain | |
3869 | or /domain=). | |
3870 | ||
433a2980 PH |
3871 | PH/05 Some modifications to the interface to the fake nameserver for the new |
3872 | testing suite. | |
3873 | ||
3e46c1aa | 3874 | |
9a799bc0 | 3875 | |
e3a311ba TK |
3876 | Exim version 4.53 |
3877 | ----------------- | |
3878 | ||
3879 | TK/01 Added the "success_on_redirect" address verification option. See | |
3880 | NewStuff for rationale and an example. | |
3881 | ||
13b685f9 PH |
3882 | PH/01 Added support for SQLite, basic code supplied by David Woodhouse. |
3883 | ||
395ff96d PH |
3884 | PH/02 Patch to exigrep to allow it to work on syslog lines. |
3885 | ||
5b68f6e4 PH |
3886 | PH/03 When creating an mbox file for a virus/spam scan, use fseek() instead of |
3887 | fread() to skip over the body file's header line, because in Cygwin the | |
3888 | header line is locked and is inaccessible. | |
3889 | ||
1ab52c69 PH |
3890 | PH/04 Added $message_exim_id, ultimately to replace $message_id (they will both |
3891 | co-exist for some time) to make it clear that it is the Exim ID that is | |
3892 | referenced, not the Message-ID: header line. | |
3893 | ||
b07e6aa3 PH |
3894 | PH/05 Replaced all Tom's calls to snprintf() with calls to the internal |
3895 | string_format() function, because snprintf() does not exist on all | |
3896 | operating systems. | |
3897 | ||
254e032f PH |
3898 | PH/06 The use of forbid_filter_existstest now also locks out the use of the |
3899 | ${stat: expansion item. | |
3900 | ||
3af76a81 PH |
3901 | PH/07 Changed "SMTP protocol violation: synchronization error" into "SMTP |
3902 | protocol synchronization error", to keep the pedants happy. | |
3903 | ||
2548ba04 PH |
3904 | PH/08 Arrange for USE_INET_NTOA_FIX to be set in config.h for AIX systems as |
3905 | well as for IRIX systems, when gcc is being used. See the host.c source | |
3906 | file for comments. | |
3907 | ||
b6c6011d PH |
3908 | PH/09 Installed latest Cygwin configuration files from the Cygwin maintainer. |
3909 | ||
cf39cf57 PH |
3910 | PH/10 Named domain lists were not working if used in a queue_smtp_domains |
3911 | setting. | |
3912 | ||
f1513293 PH |
3913 | PH/11 Added support for the IGNOREQUOTA extension to LMTP, both to the lmtp |
3914 | transport and to the smtp transport in LMTP mode. | |
3915 | ||
727549a4 PH |
3916 | TK/02 Remove one case of BASE64 error detection FTTB (undocumented anyway). |
3917 | ||
af46795e PH |
3918 | PH/12 There was a missing call to search_tidyup() before the fork() in rda.c to |
3919 | run a filter in a subprocess. This could lead to confusion in subsequent | |
3920 | lookups in the parent process. There should also be a search_tidyup() at | |
3921 | the end of the subprocess. | |
3922 | ||
d7b47fd0 PH |
3923 | PH/13 Previously, if "verify = helo" was set in an ACL, the condition was true |
3924 | only if the host matched helo_try_verify_hosts, which caused the | |
3925 | verification to occur when the EHLO/HELO command was issued. The ACL just | |
3926 | tested the remembered result. Now, if a previous verification attempt has | |
3927 | not happened, "verify = helo" does it there and then. | |
3928 | ||
ee744174 JJ |
3929 | JJ/01 exipick: added $message_exim_id variable (see 4.53-PH/04) |
3930 | ||
b582ab87 PH |
3931 | TK/03 Fix log output including CR from clamd. |
3932 | ||
41a13e0a PH |
3933 | PH/14 A reference to $reply_address when Reply-to: was empty and From: did not |
3934 | exist provoked a memory error which could cause a segfault. | |
3935 | ||
f625cc5a PH |
3936 | PH/15 Installed PCRE 6.2 |
3937 | ||
3938 | PH/17 Defined BIND_8_COMPAT in the Darwin os.h file. | |
3939 | ||
21f7af35 PH |
3940 | PH/18 Reversed 4.52/PH/17 because the HP-UX user found it wasn't the cause |
3941 | of the problem. Specifically, suggested +O2 rather than +O1 for the | |
3942 | HP-UX compiler. | |
3943 | ||
31480e42 PH |
3944 | PH/19 Added sqlite_lock_timeout option (David Woodhouse's patch). |
3945 | ||
2d280592 PH |
3946 | PH/20 If a delivery was routed to a non-standard port by means of an SRV |
3947 | record, the port was not correctly logged when the outgoing_port log | |
3948 | selector was set (it logged the transort's default port). | |
3949 | ||
7cd1141b PH |
3950 | PH/21 Added support for host-specific ports to manualroute, queryprogram, |
3951 | fallback_hosts, and "hosts" in the smtp transport. | |
3952 | ||
3953 | PH/22 If the log selector "outgoing_port" is set, the port is now also given on | |
3954 | host errors such as "Connection refused". | |
3955 | ||
750af86e PH |
3956 | PH/23 Applied a patch to fix problems with exim-4.52 while doing radius |
3957 | authentication with radiusclient 0.4.9: | |
3958 | ||
3959 | - Error returned from rc_read_config was caught wrongly | |
3960 | - Username/password not passed on to radius server due to wrong length. | |
3961 | ||
3962 | The presumption is that some radiusclient API changes for 4.51/PH/17 | |
3963 | were not taken care of correctly. The code is still untested by me (my | |
3964 | Linux distribution still has 0.3.2 of radiusclient), but it was | |
3965 | contributed by a Radius user. | |
3966 | ||
3967 | PH/24 When doing a callout, the value of $domain wasn't set correctly when | |
3968 | expanding the "port" option of the smtp transport. | |
3969 | ||
4304270b TK |
3970 | TK/04 MIME ACL: Fix buffer underrun that occurs when EOF condition is met |
3971 | while reading a MIME header. Thanks to Tom Hughes for a patch. | |
3972 | ||
750af86e PH |
3973 | PH/24 Include config.h inside local_scan.h so that configuration settings are |
3974 | available. | |
3975 | ||
64ffc24f PH |
3976 | PH/25 Make $smtp_command_argument available after all SMTP commands. This means |
3977 | that in an ACL for RCPT (for example), you can examine exactly what was | |
3978 | received. | |
3979 | ||
5dd9625b PH |
3980 | PH/26 Exim was recognizing IPv6 addresses of the form [IPv6:....] in EHLO |
3981 | commands, but it was not correctly comparing the address with the actual | |
3982 | client host address. Thus, it would show the EHLO address in Received: | |
3983 | header lines when this was not necessary. | |
3984 | ||
5591031b PH |
3985 | PH/27 Added the % operator to ${eval:}. |
3986 | ||
ba18e66a PH |
3987 | PH/28 Exim tries to create and chdir to its spool directory when it starts; |
3988 | it should be ignoring failures (because with -C, for example, it has lost | |
3989 | privilege). It wasn't ignoring creation failures other than "already | |
3990 | exists". | |
3991 | ||
9cec981f PH |
3992 | PH/29 Added "crypteq" to the list of supported features that Exim outputs when |
3993 | -bV or -d is used. | |
3994 | ||
aa2b5c79 PH |
3995 | PH/30 Fixed (presumably very longstanding) bug in exim_dbmbuild: if it failed |
3996 | because an input line was too long, either on its own, or by virtue of | |
1509d3a8 PH |
3997 | too many continuations, the temporary file was not being removed, and the |
3998 | return code was incorrect. | |
aa2b5c79 | 3999 | |
48a53b7f PH |
4000 | PH/31 Missing "BOOL" in function definition in filtertest.c. |
4001 | ||
1c59d63b PH |
4002 | PH/32 Applied Sieve patches from the maintainer. |
4003 | ||
671012da TK |
4004 | TK/05 Domainkeys: Accomodate for a minor API change in libdomainkeys 0.67. |
4005 | ||
1509d3a8 PH |
4006 | PH/33 Added "verify = not_blind". |
4007 | ||
4008 | PH/34 There are settings for CHOWN_COMMAND and MV_COMMAND that can be used in | |
4009 | Local/Makefile (with some defaults set). These are used in built scripts | |
4010 | such as exicyclog, but they have never been used in the exim_install | |
4011 | script (though there are many overriding facilities there). I have | |
4012 | arranged that the exim_install script now takes note of these two | |
4013 | settings. | |
4014 | ||
4015 | PH/35 Installed configuration files for Dragonfly. | |
4016 | ||
2fe1a124 PH |
4017 | PH/36 When a locally submitted message by a trusted user did not contain a |
4018 | From: header, and the sender address was obtained from -f or from an SMTP | |
4019 | MAIL command, and the trusted user did not use -F to supply a sender | |
4020 | name, $originator_name was incorrectly used when constructing a From: | |
4021 | header. Furthermore, $originator_name was used for submission mode | |
4022 | messages from external hosts without From: headers in a similar way, | |
4023 | which is clearly wrong. | |
4024 | ||
8800895a PH |
4025 | PH/37 Added control=suppress_local_fixups. |
4026 | ||
ccfdb010 PH |
4027 | PH/38 When log_selector = +received_sender was set, and the addition of the |
4028 | sender made the log line's construction buffer exactly full, or one byte | |
4029 | less than full, an overflow happened when the terminating "\n" was | |
4030 | subsequently added. | |
4031 | ||
1130bfb0 PH |
4032 | PH/39 Added a new log selector, "unknown_in_list", which provokes a log entry |
4033 | when the result of a list match is failure because a DNS lookup failed. | |
4034 | ||
ebcb507f PH |
4035 | PH/40 RM_COMMAND is now used in the building process. |
4036 | ||
c35e155c PH |
4037 | PH/41 Added a "distclean" target to the top-level Makefile; it deletes all |
4038 | the "build-* directories that it finds. | |
4039 | ||
95d1f782 PH |
4040 | PH/42 (But a TF fix): In a domain list, Exim incorrectly matched @[] if the IP |
4041 | address in a domain literal was a prefix of an interface address. | |
4042 | ||
fd6de02e PH |
4043 | PH/43 (Again a TF fix): In the dnslookup router, do not apply widen_domains |
4044 | when verifying a sender address, unless rewrite_headers is false. | |
4045 | ||
58de37c5 PH |
4046 | PH/44 Wrote a long comment about why errors_to addresses are verified as |
4047 | recipients, not senders. | |
4048 | ||
261cf466 TF |
4049 | TF/01 Add missing LIBS=-lm to OS/Makefile-OpenBSD which was overlooked when |
4050 | the ratelimit ACL was added. | |
4051 | ||
3ee512ff PH |
4052 | PH/45 Added $smtp_command for the full command (cf $smtp_command_argument). |
4053 | ||
e08c430f PH |
4054 | PH/46 Added extra information about PostgreSQL errors to the error string. |
4055 | ||
bef5a11f PH |
4056 | PH/47 Added an interface to a fake DNS resolver for use by the new test suite, |
4057 | avoiding the need to install special zones in a real server. This is | |
4058 | backwards compatible; if it can't find the fake resolver, it drops back. | |
4059 | Thus, both old and new test suites can be run. | |
4060 | ||
7546de58 TF |
4061 | TF/02 Added util/ratelimit.pl |
4062 | ||
e5d5a95f TF |
4063 | TF/03 Minor fix to the ratelimit code to improve its behaviour in case the |
4064 | clock is set back in time. | |
4065 | ||
2e88a017 TF |
4066 | TF/04 Fix the ratelimit support in exim_fixdb. Patch provided by Brian |
4067 | Candler <B.Candler@pobox.com>. | |
4068 | ||
a5f65aa4 TF |
4069 | TF/05 The fix for PH/43 was not completely correct; widen_domains is always |
4070 | OK for addresses that are the result of redirections. | |
4071 | ||
e7726cbf PH |
4072 | PH/48 A number of further additions for the benefit of the new test suite, |
4073 | including a fake gethostbyname() that interfaces to the fake DNS resolver | |
4074 | (see PH/47 above). | |
4075 | ||
a7fdad5b TF |
4076 | TF/06 The fix for widen_domains has also been applied to qualify_single and |
4077 | search_parents which are the other dnslookup options that can cause | |
4078 | header rewrites. | |
4079 | ||
6af56900 PH |
4080 | PH/49 Michael Haardt's randomized retrying, but as a separate retry parameter |
4081 | type ("H"). | |
4082 | ||
0925ede6 PH |
4083 | PH/50 Make never_users, trusted_users, admin_groups, trusted_groups expandable. |
4084 | ||
66afa403 TF |
4085 | TF/07 Exim produced the error message "an SRV record indicated no SMTP |
4086 | service" if it encountered an MX record with an empty target hostname. | |
4087 | The message is now "an MX or SRV record indicated no SMTP service". | |
4088 | ||
0154e85a TF |
4089 | TF/08 Change PH/13 introduced the possibility that verify=helo may defer, |
4090 | if the DNS of the sending site is misconfigured. This is quite a | |
4091 | common situation. This change restores the behaviour of treating a | |
4092 | helo verification defer as a failure. | |
4093 | ||
16f12c76 PH |
4094 | PH/51 If self=fail was set on a router, the bounce message did not include the |
4095 | actual error message. | |
4096 | ||
bbe902f0 | 4097 | |
e5a9dba6 PH |
4098 | Exim version 4.52 |
4099 | ----------------- | |
4100 | ||
4101 | TF/01 Added support for Client SMTP Authorization. See NewStuff for details. | |
4102 | ||
22c3b60b PH |
4103 | PH/01 When a transport filter timed out in a pipe delivery, and the pipe |
4104 | command itself ended in error, the underlying message about the transport | |
4105 | filter timeout was being overwritten with the pipe command error. Now the | |
4106 | underlying error message should be appended to the second error message. | |
4107 | ||
06a9b4b5 PH |
4108 | TK/01 Fix poll() being unavailable on Mac OSX 10.2. |
4109 | ||
c1ac6996 PH |
4110 | PH/02 Reduce the amount of output that "make" produces by default. Full output |
4111 | can still be requested. | |
4112 | ||
9c7a242c PH |
4113 | PH/03 The warning log line about a condition test deferring for a "warn" verb |
4114 | was being output only once per connection, rather than after each | |
4115 | occurrence (because it was using the same function as for successful | |
4116 | "warn" verbs). This seems wrong, so I have changed it. | |
4117 | ||
87ba3f5f PH |
4118 | TF/02 Two buglets in acl.c which caused Exim to read a few bytes of memory that |
4119 | it should not have, which might have caused a crash in the right | |
4120 | circumstances, but probably never did. | |
4121 | ||
4122 | PH/04 Installed a modified version of Tony Finch's patch to make submission | |
4123 | mode fix the return path as well as the Sender: header line, and to | |
4124 | add a /name= option so that you can make the user's friendly name appear | |
4125 | in the header line. | |
4126 | ||
29aba418 TF |
4127 | TF/03 Added the control = fakedefer ACL modifier. |
4128 | ||
fe0dab11 TF |
4129 | TF/04 Added the ratelimit ACL condition. See NewStuff for details. Thanks to |
4130 | Mark Lowes for thorough testing. | |
870f6ba8 | 4131 | |
11d337a4 TK |
4132 | TK/02 Rewrote SPF support to work with libspf2 versions >1.2.0. |
4133 | ||
4134 | TK/03 Merged latest SRS patch from Miles Wilton. | |
4135 | ||
415c8f3b PH |
4136 | PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts |
4137 | with the definition in sysexits.h (which is #included earlier). | |
4138 | Fortunately, Exim does not actually use EX_OK. The code used to try to | |
4c04137d | 4139 | preserve the sysexits.h value, by assuming that macro definitions were |
415c8f3b PH |
4140 | scanned for macro replacements. I have been disabused of this notion, |
4141 | so now the code just undefines EX_OK before #including unistd.h. | |
11d337a4 | 4142 | |
958541e9 PH |
4143 | PH/06 There is a timeout for writing blocks of data, set by, e.g. data_timeout |
4144 | in the smtp transport. When a block could not be written in a single | |
4145 | write() function, the timeout was being re-applied to each part-write. | |
4146 | This seems wrong - if the receiver was accepting one byte at a time it | |
4147 | would take for ever. The timeout is now adjusted when this happens. It | |
4148 | doesn't have to be particularly precise. | |
4149 | ||
c206415f TK |
4150 | TK/04 Added simple SPF lookup method in EXPERIMENTAL_SPF. See NewStuff for |
4151 | details. Thanks to Chris Webb <chris@arachsys.com> for the patch! | |
4152 | ||
2a4be8f9 PH |
4153 | PH/07 Added "fullpostmaster" verify option, which does a check to <postmaster> |
4154 | without a domain if the check to <postmaster@domain> fails. | |
4155 | ||
1cba11c5 SC |
4156 | SC/01 Eximstats: added -xls and the ability to specify output files |
4157 | (patch written by Frank Heydlauf). | |
4158 | ||
4c04137d | 4159 | SC/02 Eximstats: use FileHandles for outputting results. |
1cba11c5 SC |
4160 | |
4161 | SC/03 Eximstats: allow any combination of xls, txt, and html output. | |
4162 | ||
4163 | SC/04 Eximstats: fixed display of large numbers with -nvr option | |
4164 | ||
4165 | SC/05 Eximstats: fixed merging of reports with empty tables. | |
4166 | ||
4167 | SC/06 Eximstats: added the -include_original_destination flag | |
4168 | ||
4169 | SC/07 Eximstats: removed tabs and trailing whitespace. | |
4170 | ||
1005d00e TK |
4171 | TK/05 Malware: Improve on aveserver error handling. Patch from Alex Miller. |
4172 | ||
4173 | TK/06 MBOX spool code: Add real "From " MBOX separator line | |
4174 | so the .eml file is really in mbox format (even though | |
4175 | most programs do not really care). Patch from Alex Miller. | |
4176 | ||
4177 | TK/07 MBOX spool code: Add X-Envelope-From: and X-Envelope-To: headers. | |
4178 | The latter is generated from $received_to and is only set if the | |
4179 | message has one envelope recipient. SA can use these headers, | |
4180 | obviously out-of-the-box. Patch from Alex Miller. | |
4181 | ||
9b4768fa PH |
4182 | PH/08 The ${def test on a variable was returning false if the variable's |
4183 | value was "0", contrary to what the specification has always said! | |
4184 | The result should be true unless the variable is empty. | |
4185 | ||
4186 | PH/09 The syntax error of a character other than { following "${if | |
4187 | def:variable_name" (after optional whitespace) was not being diagnosed. | |
4188 | An expansion such as ${if def:sender_ident:{xxx}{yyy}} in which an | |
4189 | accidental colon was present, for example, could give incorrect results. | |
4190 | ||
0d7eb84a PH |
4191 | PH/10 Tidied the code in a number of places where the st_size field of a stat() |
4192 | result is used (not including appendfile, where other changes are about | |
4193 | to be made). | |
4194 | ||
4195 | PH/11 Upgraded appendfile so that quotas larger than 2G are now supported. | |
4196 | This involved changing a lot of size variables from int to off_t. It | |
4197 | should work with maildirs and everything. | |
4198 | ||
40727bee TK |
4199 | TK/08 Apply fix provided by Michael Haardt to prevent deadlock in case of |
4200 | spamd dying while we are connected to it. | |
4201 | ||
554d2369 TF |
4202 | TF/05 Fixed a ${extract error message typo reported by Jeremy Harris |
4203 | <jgh@wizmail.org> | |
4204 | ||
1f922db1 PH |
4205 | PH/12 Applied Alex Kiernan's patch for the API change for the error callback |
4206 | function for BDB 4.3. | |
4207 | ||
ef213c3b PH |
4208 | PH/13 Changed auto_thaw such that it does not apply to bounce messages. |
4209 | ||
8ac170f3 PH |
4210 | PH/14 Imported PCRE 6.0; this was more than just a trivial operation because |
4211 | the sources for PCRE have been re-arranged and more files are now | |
4212 | involved. | |
4213 | ||
b1c749bb PH |
4214 | PH/15 The code I had for printing potentially long long variables in PH/11 |
4215 | above was not the best (it lost precision). The length of off_t variables | |
4216 | is now inspected at build time, and an appropriate printing format (%ld | |
c6c2dc1d PH |
4217 | or %lld) is chosen and #defined by OFF_T_FMT. We also define LONGLONG_T |
4218 | to be "long long int" or "long int". This is needed for the internal | |
4219 | formatting function string_vformat(). | |
b1c749bb | 4220 | |
4aac9b49 PH |
4221 | PH/16 Applied Matthew Newton's patch to exicyclog: "If log_file_path is set in |
4222 | the configuration file to be ":syslog", then the script "guesses" where | |
4223 | the logs files are, rather than using the compiled in default. In our | |
4224 | case the guess is not the same as the compiled default, so the script | |
4225 | suddenly stopped working when I started to use syslog. The patch checks | |
4226 | to see if log_file_path is "". If so, it attempts to read it from exim | |
4227 | with no configuration file to get the compiled in version, before it | |
4228 | falls back to the previous guessing code." | |
4229 | ||
294520c8 TK |
4230 | TK/09 Added "prvs" and "prvscheck" expansion items. These help a lot with |
4231 | implementing BATV in an Exim configuration. See NewStuff for the gory | |
4232 | details. | |
4233 | ||
5bd022fe PH |
4234 | PH/17 Applied Michael Haardt's patch for HP-UX, affecting only the os.h and |
4235 | Makefile that are specific to HP-UX. | |
4236 | ||
90e9ce59 PH |
4237 | PH/18 If the "use_postmaster" option was set for a recipient callout together |
4238 | with the "random" option, the postmaster address was used as the MAIL | |
4239 | FROM address for the random test, but not for the subsequent recipient | |
4240 | test. It is now used for both. | |
4241 | ||
5ea81592 PH |
4242 | PH/19 Applied Michael Haardt's patch to update Sieve to RFC3028bis. "The |
4243 | patch removes a few documentation additions to RFC 3028, because the | |
4244 | latest draft now contains them. It adds the new en;ascii-case comparator | |
4245 | and a new error check for 8bit text in MIME parts. Comparator and | |
4246 | require names are now matched exactly. I enabled the subaddress | |
4247 | extension, but it is not well tested yet (read: it works for me)." | |
4248 | ||
c6c2dc1d PH |
4249 | PH/20 Added macros for time_t as for off_t (see PH/15 above) and used them to |
4250 | rework some of the code of TK/09 above to avoid the hardwired use of | |
4251 | "%lld" and "long long". Replaced the call to snprintf() with a call to | |
4252 | string_vformat(). | |
4253 | ||
fffffe4c PH |
4254 | PH/21 Added some other messages to those in 4.51/PH/42, namely "All relevant MX |
4255 | records point to non-existent hosts", "retry timeout exceeded", and | |
4256 | "retry time not reached for any host after a long failure period". | |
ca02eafb | 4257 | |
9a26b6b2 PH |
4258 | PH/22 Fixed some oversights/typos causing bugs when Exim is compiled with |
4259 | experimental DomainKeys support: | |
4260 | ||
4261 | (1) The filter variables $n0-$n9 and $sn0-$sn9 were broken. | |
4262 | (2) On an error such as an illegally used "control", the wrong name for | |
4263 | the control was given. | |
4264 | ||
4265 | These problems did NOT occur unless DomainKeys support was compiled. | |
4266 | ||
4aee0225 PH |
4267 | PH/23 Added daemon_startup_retries and daemon_startup_sleep. |
4268 | ||
32d668a5 PH |
4269 | PH/24 Added ${if match_ip condition. |
4270 | ||
8187c3f3 PH |
4271 | PH/25 Put debug statements on either side of calls to EXIM_DBOPEN() for hints |
4272 | databases so that it will be absolutely obvious if a crash occurs in the | |
4273 | DB library. This is a regular occurrence (often caused by mis-matched | |
4274 | db.h files). | |
4275 | ||
ff790e47 | 4276 | PH/26 Insert a lot of missing (void) casts for functions such as chown(), |
f1e894f3 PH |
4277 | chmod(), fcntl(), sscanf(), and other functions from stdio.h. These were |
4278 | picked up on a user's system that detects such things. There doesn't seem | |
4279 | to be a gcc warning option for this - only an attribute that has to be | |
4280 | put on the function's prototype. It seems that in Fedora Core 4 they have | |
4281 | set this on a number of new functions. No doubt there will be more in due | |
4282 | course. | |
ff790e47 | 4283 | |
5417f6d1 PH |
4284 | PH/27 If a dnslookup or manualroute router is set with verify=only, it need not |
4285 | specify a transport. However, if an address that was verified by such a | |
4286 | router was the subject of a callout, Exim crashed because it tried to | |
4287 | read the rcpt_include_affixes from the non-existent transport. Now it | |
4288 | just assumes that the setting of that option is false. This bug was | |
4289 | introduced by 4.51/PH/31. | |
4290 | ||
59cf8544 PH |
4291 | PH/28 Changed -d+all to exclude +memory, because that information is very |
4292 | rarely of interest, but it makes the output a lot bigger. People tend to | |
4293 | do -d+all out of habit. | |
4294 | ||
e7ad8a65 PH |
4295 | PH/29 Removed support for the Linux-libc5 build, as it is obsolete and the |
4296 | code in os-type was giving problems when libc.so lives in lib64, like on | |
4297 | x86_64 Fedora Core. | |
4298 | ||
ade42478 PH |
4299 | PH/30 Exim's DNS code uses the original T_xxx names for DNS record times. These |
4300 | aren't the modern standard, and it seems that some systems' include files | |
4301 | don't always have them. Exim was already checking for some of the newer | |
4302 | ones like T_AAAA, and defining it itself. I've added checks for all the | |
4303 | record types that Exim uses. | |
4304 | ||
182ad5cf PH |
4305 | PH/31 When using GnuTLS, if the parameters cache file did not exist, Exim was |
4306 | not automatically generating a new one, as it is supposed to. This | |
4307 | prevented TLS from working. If the file did exist, but contained invalid | |
4308 | data, a new version was generated, as expected. It was only the case of a | |
4309 | non-existent file that was broken. | |
4310 | ||
b0d9fc80 TK |
4311 | TK/10 Domainkeys: Fix a bug in verification that caused a crash in conjunction |
4312 | with a change in libdomainkeys > 0.64. | |
4313 | ||
4314 | TK/11 Domainkeys: Change the logic how the "testing" policy flag is retrieved | |
4315 | from DNS. If the selector record carries the flag, it now has | |
4316 | precedence over the domain-wide flag. | |
4317 | ||
4318 | TK/12 Cleared some compiler warnings related to SPF, SRS and DK code. | |
4319 | ||
47c7a64a PH |
4320 | PH/32 In mua_wrapper mode, if an smtp transport configuration error (such as |
4321 | the use of a port name that isn't defined in /etc/services) occurred, the | |
4322 | message was deferred as in a normal delivery, and thus remained on the | |
4323 | spool, instead of being failed because of the mua_wrapper setting. This | |
4324 | is now fixed, and I tidied up some of the mua_wrapper messages at the | |
4325 | same time. | |
4326 | ||
a388bce4 SC |
4327 | SC/08 Eximstats: whilst parsing the mainlog(s), store information about |
4328 | the messages in a hash of arrays rather than using individual hashes. | |
4329 | This is a bit cleaner and results in dramatic memory savings, albeit | |
4330 | at a slight CPU cost. | |
4331 | ||
4332 | SC/09 Eximstats: added the -show_rt<list> and the -show_dt<list> flags | |
4333 | as requested by Marc Sherman. | |
4334 | ||
4335 | SC/10 Eximstats: added histograms for user specified patterns as requested | |
4336 | by Marc Sherman. | |
4337 | ||
0793e4ed SC |
4338 | SC/11 Eximstats: v1.43 - bugfix for pattern histograms with -h0 specified. |
4339 | ||
c58b88df PH |
4340 | PH/33 Patch from the Cygwin maintainer to add "b" to all occurences of |
4341 | fopen() in the content-scanning modules that did not already have it. | |
4342 | ||
e7ad8a65 | 4343 | |
7982096b PH |
4344 | Exim version 4.51 |
4345 | ----------------- | |
4346 | ||
1a46a8c5 PH |
4347 | TK/01 Added Yahoo DomainKeys support via libdomainkeys. See |
4348 | doc/experimental-spec.txt for details. (http://domainkeys.sf.net) | |
4349 | ||
2f079f46 | 4350 | TK/02 Fix ACL "control" statement not being available in MIME ACL. |
1a46a8c5 PH |
4351 | |
4352 | TK/03 Fix ACL "regex" condition not being available in MIME ACL. | |
4353 | ||
4354 | PH/01 Installed a patch from the Sieve maintainer that allows -bf to be used | |
4355 | to test Sieve filters that use "vacation". | |
4356 | ||
4357 | PH/02 Installed a slightly modified version of Nikos Mavrogiannopoulos' patch | |
4358 | that changes the way the GnuTLS parameters are stored in the cache file. | |
4359 | The new format can be generated externally. For backward compatibility, | |
4360 | if the data in the cache doesn't make sense, Exim assumes it has read an | |
4361 | old-format file, and it generates new data and writes a new file. This | |
4362 | means that you can't go back to an older release without removing the | |
4363 | file. | |
4364 | ||
4365 | PH/03 A redirect router that has both "unseen" and "one_time" set does not | |
4366 | work if there are any delivery delays because "one_time" forces the | |
4367 | parent to be marked "delivered", so its unseen clone is never tried | |
4368 | again. For this reason, Exim now forbids the simultaneous setting of | |
4369 | these two options. | |
4370 | ||
4371 | PH/04 Change 4.11/85 fixed an obscure bug concerned with addresses that are | |
4372 | redirected to themselves ("homonym" addresses). Read the long ChangeLog | |
4373 | entry if you want to know the details. The fix, however, neglected to | |
4374 | consider the case when local delivery batching is involved. The test for | |
4375 | "previously delivered" was not happening when checking to see if an | |
4376 | address could be batched with a previous (undelivered) one; under | |
4377 | certain circumstances this could lead to multiple deliveries to the same | |
c2c19e9d | 4378 | address. |
1a46a8c5 PH |
4379 | |
4380 | PH/05 Renamed the macro SOCKLEN_T as EXIM_SOCKLEN_T because AIX uses SOCKLEN_T | |
4381 | in its include files, and this causes problems building Exim. | |
4382 | ||
4383 | PH/06 A number of "verify =" ACL conditions have no options (e.g. verify = | |
4384 | header_syntax) but Exim was just ignoring anything given after a slash. | |
4385 | In particular, this caused confusion with an attempt to use "verify = | |
4386 | reverse_host_lookup/defer_ok". An error is now given when options are | |
4387 | supplied for verify items that do not have them. (Maybe reverse_host_ | |
4388 | lookup should have a defer_ok option, but that's a different point.) | |
4389 | ||
4390 | PH/07 Increase the size of the buffer for incoming SMTP commands from 512 (as | |
4391 | defined by RFC 821) to 2048, because there were problems with some AUTH | |
4392 | commands, and RFC 1869 says the size should be increased for extended | |
4393 | SMTP commands that take arguments. | |
4394 | ||
4395 | PH/08 Added ${dlfunc dynamically loaded function for expansion (code from Tony | |
4396 | Finch). | |
4397 | ||
4398 | PH/09 Previously, an attempt to use ${perl when it wasn't compiled gave an | |
4399 | "unknown" error; now it says that the functionality isn't in the binary. | |
8d67ada3 | 4400 | |
49c2d5ea PH |
4401 | PH/10 Added a nasty fudge to try to recognize and flatten LDAP passwords in |
4402 | an address' error message when a string expansion fails (syntax or | |
f331f3b6 PH |
4403 | whatever). Otherwise the password may appear in the log. Following change |
4404 | PH/42 below, there is no longer a chance of it appearing in a bounce | |
4405 | message. | |
49c2d5ea | 4406 | |
bf759a8b PH |
4407 | PH/11 Installed exipick version 20050225.0 from John Jetmore. |
4408 | ||
83364d30 PH |
4409 | PH/12 If the last host in a fallback_hosts list was multihomed, only the first |
4410 | of its addresses was ever tried. (Bugzilla bug #2.) | |
4411 | ||
7999bbd7 PH |
4412 | PH/13 If "headers_add" in a transport didn't end in a newline, Exim printed |
4413 | the result incorrectly in the debug output. (It correctly added a newline | |
4414 | to what was transported.) | |
4415 | ||
7dbf77c9 PH |
4416 | TF/01 Added $received_time. |
4417 | ||
74e0617f PH |
4418 | PH/14 Modified the default configuration to add an acl_smtp_data ACL, with |
4419 | commented out examples of how to interface to a virus scanner and to | |
4420 | SpamAssassin. Also added commented examples of av_scanner and | |
4421 | spamd_address settings. | |
4422 | ||
2f079f46 PH |
4423 | PH/15 Further to TK/02 and TK/03 above, tidied up the tables of what conditions |
4424 | and controls are allowed in which ACLs. There were a couple of minor | |
4425 | errors. Some of the entries in the conditions table (which is a table of | |
4426 | where they are NOT allowed) were getting very unwieldy; rewrote them as a | |
4427 | negation of where the condition IS allowed. | |
4428 | ||
8c841523 PH |
4429 | PH/16 Installed updated OS/os.c-cygwin from the Cygwin maintainer. |
4430 | ||
7766a4f0 PH |
4431 | PH/17 The API for radiusclient changed at release 0.4.0. Unfortunately, the |
4432 | header file does not have a version number, so I've had to invent a new | |
4433 | value for RADIUS_LIB_TYPE, namely "RADIUSCLIENTNEW" to request the new | |
4434 | API. The code is untested by me (my Linux distribution still has 0.3.2 of | |
4435 | radiusclient), but it was contributed by a Radius user. | |
4436 | ||
8b417f2c PH |
4437 | PH/18 Installed Lars Mainka's patch for the support of CRL collections in |
4438 | files or directories, for OpenSSL. | |
4439 | ||
901f42cb PH |
4440 | PH/19 When an Exim process that is running as root has to create an Exim log |
4441 | file, it does so in a subprocess that runs as exim:exim so as to get the | |
4442 | ownership right at creation (otherwise, other Exim processes might see | |
4443 | the file with the wrong ownership). There was no test for failure of this | |
4444 | fork() call, which would lead to the process getting stuck as it waited | |
4445 | for a non-existent subprocess. Forks do occasionally fail when resources | |
4446 | run out. I reviewed all the other calls to fork(); they all seem to check | |
4447 | for failure. | |
4448 | ||
f9b9210e PH |
4449 | PH/20 When checking for unexpected SMTP input at connect time (before writing |
4450 | the banner), Exim was not dealing correctly with a non-positive return | |
4451 | from the read() function. If the client had disconnected by this time, | |
4452 | the result was a log entry for a synchronization error with an empty | |
4453 | string after "input=" when read() returned zero. If read() returned -1 | |
4454 | (an event I could not check), uninitialized data bytes were printed. | |
4455 | There were reports of junk text (parts of files, etc) appearing after | |
4456 | "input=". | |
4457 | ||
54cdb463 PH |
4458 | PH/21 Added acl_not_smtp_mime to allow for MIME scanning for non-SMTP messages. |
4459 | ||
cf00dad6 PH |
4460 | PH/22 Added support for macro redefinition, and (re)definition in between |
4461 | driver and ACL definitions. | |
4462 | ||
acb1b346 PH |
4463 | PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then |
4464 | forgetting to use the resulting value; it was using the unexpanded value. | |
4465 | ||
c5ddb310 PH |
4466 | PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it |
4467 | hadn't been configured. The fix is from Juergen Kreileder, who | |
4468 | understands it better than I do: | |
4469 | ||
4470 | "Here's what I see happening with three configured cyrus_sasl | |
4471 | authenticators configured (plain, login, cram-md5): | |
4472 | ||
4473 | On startup auth_cyrus_sasl_init() gets called for each of these. | |
4474 | This means three calls to sasl_listmech() without a specified mech_list. | |
4475 | => SASL tests which mechs of all available mechs actually work | |
4476 | => three warnings about OTP not working | |
4477 | => the returned list contains: plain, login, cram-md5, digest-md5, ... | |
4478 | ||
4479 | With the patch, sasl_listmech() also gets called three times. But now | |
4480 | SASL's mech_list option is set to the server_mech specified in the the | |
4481 | authenticator. Or in other words, the answer from sasl_listmech() | |
4482 | gets limited to just the mech you're testing for (which is different | |
4483 | for each call.) | |
4484 | => the return list contains just 'plain' or 'login', 'cram-md5' or | |
4485 | nothing depending on the value of ob->server_mech. | |
4486 | ||
4487 | I've just tested the patch: Authentication still works fine, | |
4488 | unavailable mechs specified in the exim configuration are still | |
4489 | caught, and the auth.log warnings about OTP are gone." | |
4490 | ||
31619da6 PH |
4491 | PH/25 When debugging is enabled, the contents of the command line are added |
4492 | to the debugging output, even when log_selector=+arguments is not | |
4493 | specified. | |
4494 | ||
bebaf0fc PH |
4495 | PH/26 Change scripts/os-type so that when "uname -s" returns just "GNU", the |
4496 | answer is "GNU", and only if the return is "GNU/something" is the answer | |
4497 | "Linux". | |
4498 | ||
475fe28a PH |
4499 | PH/27 $acl_verify_message is now set immediately after the failure of a |
4500 | verification in an ACL, and so is available in subsequent modifiers. In | |
4501 | particular, the message can be preserved by coding like this: | |
4502 | ||
4503 | warn !verify = sender | |
4504 | set acl_m0 = $acl_verify_message | |
4505 | ||
4506 | Previously, $acl_verify_message was set only while expanding "message" | |
4507 | and "log_message" when a very denied access. | |
4508 | ||
7e8bec7a PH |
4509 | PH/28 Modified OS/os.c-Linux with |
4510 | ||
4511 | -#ifndef OS_LOAD_AVERAGE | |
4512 | +#if !defined(OS_LOAD_AVERAGE) && defined(__linux__) | |
4513 | ||
4514 | to make Exim compile on kfreebsd-gnu. (I'm totally confused about the | |
4515 | nomenclature these days.) | |
4516 | ||
e4a89c47 PH |
4517 | PH/29 Installed patch from the Sieve maintainer that adds the options |
4518 | sieve_useraddress and sieve_subaddress to the redirect router. | |
4519 | ||
5ca2a9a1 PH |
4520 | PH/30 In these circumstances: |
4521 | . Two addresses routed to the same list of hosts; | |
4522 | . First host does not offer TLS; | |
4523 | . First host accepts first address; | |
4524 | . First host gives temporary error to second address; | |
4525 | . Second host offers TLS and a TLS session is established; | |
4526 | . Second host accepts second address. | |
4527 | Exim incorrectly logged both deliveries with the TLS parameters (cipher | |
4528 | and peerdn, if requested) that were in fact used only for the second | |
4529 | address. | |
7e8bec7a | 4530 | |
c688b954 PH |
4531 | PH/31 When doing a callout as part of verifying an address, Exim was not paying |
4532 | attention to any local part prefix or suffix that was matched by the | |
4533 | router that accepted the address. It now behaves in the same way as it | |
4534 | does for delivery: the affixes are removed from the local part unless | |
4535 | rcpt_include_affixes is set on the transport. | |
4536 | ||
fed77020 PH |
4537 | PH/32 Add the sender address, as F=<...>, to the log line when logging a |
4538 | timeout during the DATA phase of an incoming message. | |
4539 | ||
7fe1560f PH |
4540 | PH/33 Sieve envelope tests were broken for match types other than :is. I have |
4541 | applied a patch sanctioned by the Sieve maintainer. | |
c688b954 | 4542 | |
ebb6e6d5 PH |
4543 | PH/34 Change 4.50/80 broke Exim in that it could no longer handle cases where |
4544 | the uid or gid is negative. A case of a negative gid caused this to be | |
4545 | noticed. The fix allows for either to be negative. | |
4546 | ||
9c4e8f60 PH |
4547 | PH/35 ACL_WHERE_MIME is now declared unconditionally, to avoid too much code |
4548 | clutter, but the tables that are indexed by ACL_WHERE_xxx values had been | |
4549 | overlooked. | |
4550 | ||
4551 | PH/36 The change PH/12 above was broken. Fixed it. | |
4552 | ||
d7174846 PH |
4553 | PH/37 Exim used to check for duplicate addresses in the middle of routing, on |
4554 | the grounds that routing the same address twice would always produce the | |
4555 | same answer. This might have been true once, but it is certainly no | |
4556 | longer true now. Routing a child address may depend on the previous | |
4557 | routing that produced that child. Some complicated redirection strategies | |
4558 | went wrong when messages had multiple recipients, and made Exim's | |
4559 | behaviour dependent on the order in which the addresses were given. | |
4560 | ||
4561 | I have moved the duplicate checking until after the routing is complete. | |
4562 | Exim scans the addresses that are assigned to local and remote | |
4563 | transports, and removes any duplicates. This means that more work will be | |
4564 | done, as duplicates will always all be routed, but duplicates are | |
4565 | presumably rare, so I don't expect this is of any significance. | |
4566 | ||
4567 | For deliveries to pipes, files, and autoreplies, the duplicate checking | |
4568 | still happens during the routing process, since they are not going to be | |
4569 | routed further. | |
4570 | ||
cfe75fc3 PH |
4571 | PH/38 Installed a patch from Ian Freislich, with the agreement of Tom Kistner. |
4572 | It corrects a timeout issue with spamd. This is Ian's comment: "The | |
4573 | background is that sometimes spamd either never reads data from a | |
4574 | connection it has accepted, or it never writes response data. The exiscan | |
4575 | spam.[ch] uses a 3600 second timeout on spamd socket reads, further, it | |
4576 | blindly assumes that writes won't block so it may never time out." | |
4577 | ||
be22d70e PH |
4578 | PH/39 Allow G after quota size as well as K and M. |
4579 | ||
0612b098 PH |
4580 | PH/40 The value set for $authenticated_id in an authenticator may not contain |
4581 | binary zeroes or newlines because the value is written to log lines and | |
4582 | to spool files. There was no check on this. Now the value is run through | |
4583 | the string_printing() function so that such characters are converted to | |
4584 | printable escape sequences. | |
4585 | ||
2e0c1448 PH |
4586 | PH/41 $message_linecount is a new variable that contains the total number of |
4587 | lines in the message. Compare $body_linecount, which is the count for the | |
4588 | body only. | |
4589 | ||
447d236c PH |
4590 | PH/42 Exim no longer gives details of delivery errors for specific addresses in |
4591 | bounce and delay warning messages, except in certain special cases, which | |
4592 | are as follows: | |
4593 | ||
4594 | (a) An SMTP error message from a remote host; | |
4595 | (b) A message specified in a :fail: redirection; | |
4596 | (c) A message specified in a "fail" command in a system filter; | |
4597 | (d) A message specified in a FAIL return from the queryprogram router; | |
4598 | (e) A message specified by the cannot_route_message router option. | |
4599 | ||
4600 | In these cases only, Exim does include the error details in bounce and | |
4601 | warning messages. There are also a few cases where bland messages such | |
4602 | as "unrouteable address" or "local delivery error" are given. | |
4603 | ||
d20976dc PH |
4604 | PH/43 $value is now also set for the "else" part of a ${run expansion. |
4605 | ||
f656d135 PH |
4606 | PH/44 Applied patch from the Sieve maintainer: "The vacation draft is still |
4607 | being worked on, but at least Exim now implements the latest version to | |
4608 | play with." | |
4609 | ||
2e2a30b4 PH |
4610 | PH/45 In a pipe transport, although a timeout while waiting for the pipe |
4611 | process to complete was treated as a delivery failure, a timeout while | |
4612 | writing the message to the pipe was logged, but erroneously treated as a | |
4613 | successful delivery. Such timeouts include transport filter timeouts. For | |
4614 | consistency with the overall process timeout, these timeouts are now | |
4615 | treated as errors, giving rise to delivery failures by default. However, | |
4616 | there is now a new Boolean option for the pipe transport called | |
4617 | timeout_defer, which, if set TRUE, converts the failures into defers for | |
4618 | both kinds of timeout. A transport filter timeout is now identified in | |
4619 | the log output. | |
4620 | ||
9176e9f0 PH |
4621 | PH/46 The "scripts/Configure-config.h" script calls "make" at one point. On |
4622 | systems where "make" and "gmake" are different, calling "gmake" at top | |
4623 | level broke things. I've arranged for the value of $(MAKE) to be passed | |
4624 | from the Makefile to this script so that it can call the same version of | |
4625 | "make". | |
4626 | ||
7982096b | 4627 | |
bbe902f0 PH |
4628 | A note about Exim versions 4.44 and 4.50 |
4629 | ---------------------------------------- | |
4630 | ||
4631 | Exim 4.50 was meant to be the next release after 4.43. It contains a lot of | |
4632 | changes of various kinds. As a consequence, a big documentation update was | |
4633 | needed. This delayed the release for rather longer than seemed good, especially | |
4634 | in the light of a couple of (minor) security issues. Therefore, the changes | |
4635 | that fixed bugs were backported into 4.43, to create a 4.44 maintenance | |
4636 | release. So 4.44 and 4.50 are in effect two different branches that both start | |
4637 | from 4.43. | |
4638 | ||
4639 | I have left the 4.50 change log unchanged; it contains all the changes since | |
4640 | 4.43. The change log for 4.44 is below; many of its items are identical to | |
4641 | those for 4.50. This seems to be the most sensible way to preserve the | |
4642 | historical information. | |
4643 | ||
4644 | ||
f7b63901 | 4645 | Exim version 4.50 |
495ae4b0 PH |
4646 | ----------------- |
4647 | ||
5fe762f6 PH |
4648 | 1. Minor wording change to the doc/README.SIEVE file. |
4649 | ||
139059f6 | 4650 | 2. Change 4.43/35 introduced a bug: if quota_filecount was set, the |
5fe762f6 | 4651 | computation of the current number of files was incorrect. |
495ae4b0 | 4652 | |
7086e875 PH |
4653 | 3. Closing a stable door: arrange to panic-die if setitimer() ever fails. The |
4654 | bug fixed in 4.43/37 would have been diagnosed quickly if this had been in | |
4655 | place. | |
4656 | ||
35af9f61 PH |
4657 | 4. Give more explanation in the error message when the command for a transport |
4658 | filter fails to execute. | |
4659 | ||
b668c215 PH |
4660 | 5. There are several places where Exim runs a non-Exim command in a |
4661 | subprocess. The SIGUSR1 signal should be disabled for these processes. This | |
4662 | was being done only for the command run by the queryprogram router. It is | |
4663 | now done for all such subprocesses. The other cases are: ${run, transport | |
4664 | filters, and the commands run by the lmtp and pipe transports. | |
4665 | ||
a494b1e1 PH |
4666 | 6. Added CONFIGURE_GROUP build-time option. |
4667 | ||
4668 | 7. Some older OS have a limit of 256 on the maximum number of file | |
4669 | descriptors. Exim was using setrlimit() to set 1000 as a large value | |
4670 | unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these | |
4671 | systems. I've change it so that if it can't get 1000, it tries for 256. | |
35edf2ff | 4672 | |
c5fcb476 PH |
4673 | 8. "control=submission" was allowed, but had no effect, in a DATA ACL. This |
4674 | was an oversight, and furthermore, ever since the addition of extra | |
4675 | controls (e.g. 4.43/32), the checks on when to allow different forms of | |
4676 | "control" were broken. There should now be diagnostics for all cases when a | |
4677 | control that does not make sense is encountered. | |
4678 | ||
69358f02 PH |
4679 | 9. Added the /retain_sender option to "control=submission". |
4680 | ||
5be20824 PH |
4681 | 10. $recipients is now available in the predata ACL (oversight). |
4682 | ||
eb2c0248 PH |
4683 | 11. Tidy the search cache before the fork to do a delivery from a message |
4684 | received from the command line. Otherwise the child will trigger a lookup | |
4685 | failure and thereby defer the delivery if it tries to use (for example) a | |
4686 | cached ldap connection that the parent has called unbind on. | |
4687 | ||
2a3eea10 PH |
4688 | 12. If verify=recipient was followed by verify=sender in a RCPT ACL, the value |
4689 | of $address_data from the recipient verification was clobbered by the | |
4690 | sender verification. | |
4691 | ||
4692 | 13. The value of address_data from a sender verification is now available in | |
4693 | $sender_address_data in subsequent conditions in the ACL statement. | |
4694 | ||
23c7ff99 PH |
4695 | 14. Added forbid_sieve_filter and forbid_exim_filter to the redirect router. |
4696 | ||
4deaf07d PH |
4697 | 15. Added a new option "connect=<time>" to callout options, to set a different |
4698 | connection timeout. | |
4699 | ||
926e1192 PH |
4700 | 16. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0 |
4701 | was its contents. (It was OK if the option was not defined at all.) | |
4702 | ||
650edc6f PH |
4703 | 17. A "Completed" log line is now written for messages that are removed from |
4704 | the spool by the -Mrm option. | |
4705 | ||
2c7db3f5 PH |
4706 | 18. New variables $sender_verify_failure and $recipient_verify_failure contain |
4707 | information about exactly what failed. | |
4708 | ||
3d235903 PH |
4709 | 19. Added -dd to debug only the daemon process. |
4710 | ||
7c7ad977 PH |
4711 | 20. Incorporated Michael Haardt's patch to ldap.c for improving the way it |
4712 | handles timeouts, both on the server side and network timeouts. Renamed the | |
4713 | CONNECT parameter as NETTIMEOUT (but kept the old name for compatibility). | |
4714 | ||
981756db PH |
4715 | 21. The rare case of EHLO->STARTTLS->HELO was setting the protocol to "smtp". |
4716 | It is now set to "smtps". | |
4717 | ||
d4eb88df PH |
4718 | 22. $host_address is now set to the target address during the checking of |
4719 | ignore_target_hosts. | |
4720 | ||
4721 | 23. When checking ignore_target_hosts for an ipliteral router, no host name was | |
4722 | being passed; this would have caused $sender_host_name to have been used if | |
4723 | matching the list had actually called for a host name (not very likely, | |
4724 | since this list is usually IP addresses). A host name is now passed as | |
4725 | "[x.x.x.x]". | |
4726 | ||
7d468ab8 PH |
4727 | 24. Changed the calls that set up the SIGCHLD handler in the daemon to use the |
4728 | code that specifies a non-restarting handler (typically sigaction() in | |
4729 | modern systems) in an attempt to fix a rare and obscure crash bug. | |
4730 | ||
4731 | 25. Narrowed the window for a race in the daemon that could cause it to ignore | |
4732 | SIGCHLD signals. This is not a major problem, because they are used only to | |
4733 | wake it up if nothing else does. | |
4734 | ||
62c0818f PH |
4735 | 26. A malformed maildirsize file could cause Exim to calculate negative values |
4736 | for the mailbox size or file count. Odd effects could occur as a result. | |
4737 | The maildirsize information is now recalculated if the size or filecount | |
4738 | end up negative. | |
4739 | ||
26034054 PH |
4740 | 27. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this |
4741 | support for a long time. Removed HAVE_SYS_VFS_H. | |
4742 | ||
af66f652 PH |
4743 | 28. Installed the latest version of exipick from John Jetmore. |
4744 | ||
90af77f4 PH |
4745 | 29. In an address list, if the pattern was not a regular expression, an empty |
4746 | subject address (from a bounce message) matched only if the pattern was an | |
4747 | empty string. Non-empty patterns were not even tested. This was the wrong | |
4748 | because it is perfectly reasonable to use an empty address as part of a | |
4749 | database query. An empty address is now tested by patterns that are | |
4750 | lookups. However, all the other forms of pattern expect the subject to | |
4751 | contain a local part and a domain, and therefore, for them, an empty | |
4752 | address still always fails if the pattern is not itself empty. | |
4753 | ||
d8ef3577 PH |
4754 | 30. Exim went into a mad DNS loop when attempting to do a callout where the |
4755 | host was specified on an smtp transport, and looking it up yielded more | |
4756 | than one IP address. | |
4757 | ||
5cb8cbc6 PH |
4758 | 31. Re-factored the code for checking spool and log partition space into a |
4759 | function that finds that data and another that does the check. The former | |
4760 | is then used to implement four new variables: $spool_space, $log_space, | |
4761 | $spool_inodes, and $log_inodes. | |
4762 | ||
14702f5b PH |
4763 | 32. The RFC2047 encoding function was originally intended for short strings |
4764 | such as real names; it was not keeping to the 75-character limit for | |
4765 | encoded words that the RFC imposes. It now respects the limit, and | |
4766 | generates multiple encoded words if necessary. To be on the safe side, I | |
4767 | have increased the buffer size for the ${rfc2047: expansion operator from | |
4768 | 1024 to 2048 bytes. | |
4769 | ||
063b1e99 PH |
4770 | 33. It is now permitted to omit both strings after an "if" condition; if the |
4771 | condition is true, the result is "true". As before, when the second string | |
4772 | is omitted, a false condition yields an empty string. This makes it less | |
4773 | cumbersome to write custom ACL and router conditions. | |
4774 | ||
652e1b65 PH |
4775 | 34. Failure to deliver a bounce message always caused it to be frozen, even if |
4776 | there was an errors_to setting on the router. The errors_to setting is now | |
4777 | respected. | |
4778 | ||
6f0c9a4f PH |
4779 | 35. If an IPv6 address is given for -bh or -bhc, it is now converted to the |
4780 | canonical form (fully expanded) before being placed in | |
4781 | $sender_host_address. | |
4782 | ||
33397d19 PH |
4783 | 36. The table in the code that translates DNS record types into text (T_A to |
4784 | "A" for instance) was missing entries for NS and CNAME. It is just possible | |
4785 | that this could have caused confusion if both these types were looked up | |
4786 | for the same domain, because the text type is used as part of Exim's | |
4787 | per-process caching. But the chance of anyone hitting this buglet seems | |
4788 | very small. | |
4789 | ||
7bb56e1f PH |
4790 | 37. The dnsdb lookup has been extended in a number of ways. |
4791 | ||
4792 | (1) There is a new type, "zns", which walks up the domain tree until it | |
4793 | finds some nameserver records. It should be used with care. | |
4794 | ||
ea3bc19b PH |
4795 | (2) There is a new type, "mxh", which is like "mx" except that it returns |
4796 | just the host names, not the priorities. | |
4797 | ||
4798 | (3) It is now possible to give a list of domains (or IP addresses) to be | |
ff4dbb19 PH |
4799 | looked up. The behaviour when one of the lookups defers can be |
4800 | controlled by a keyword. | |
7bb56e1f | 4801 | |
ea3bc19b | 4802 | (4) It is now possible to specify the separator character for use when |
7bb56e1f | 4803 | multiple records are returned. |
33397d19 | 4804 | |
0bcb2a0e PH |
4805 | 38. The dnslists ACL condition has been extended: it is now possible to supply |
4806 | a list of IP addresses and/or domains to be looked up in a particular DNS | |
4807 | domain. | |
4808 | ||
2ac0e484 PH |
4809 | 39. Added log_selector=+queue_time_overall. |
4810 | ||
4e1fde53 PH |
4811 | 40. When running the queue in the test harness, wait just a tad after forking a |
4812 | delivery process, to get repeatability of debugging output. | |
4813 | ||
de365ded PH |
4814 | 41. Include certificate and key file names in error message when GnuTLS fails |
4815 | to set them up, because the GnuTLS error message doesn't include the name | |
4816 | of the failing file when there is a problem reading it. | |
4817 | ||
f05da2e8 PH |
4818 | 42. Allow both -bf and -bF in the same test run. |
4819 | ||
d6453af2 PH |
4820 | 43. Did the same fix as 41 above for OpenSSL, which had the same infelicity. |
4821 | ||
f7b63901 PH |
4822 | 44. The "Exiscan patch" is now merged into the mainline Exim source. |
4823 | ||
4824 | 45. Sometimes the final signoff response after QUIT could fail to get | |
4825 | transmitted in the non-TLS case. Testing !tls_active instead of tls_active | |
4826 | < 0 before doing a fflush(). This bug looks as though it goes back to the | |
4827 | introduction of TLS in release 3.20, but "sometimes" must have been rare | |
4828 | because the tests only now provoked it. | |
4829 | ||
a444213a PH |
4830 | 46. Reset the locale to "C" after calling embedded Perl, in case it was changed |
4831 | (this can affect the format of dates). | |
4832 | ||
0ec020ea PH |
4833 | 47. exim_tidydb, when checking for the continued existence of a message for |
4834 | which it has found a message-specific retry record, was not finding | |
4835 | messages that were in split spool directories. Consequently, it was | |
4836 | deleting retry records that should have stayed in existence. | |
4837 | ||
b1206957 PH |
4838 | 48. Steve fixed some bugs in eximstats. |
4839 | ||
4840 | 49. The SPA authentication driver was not abandoning authentication and moving | |
4841 | on to the next authenticator when an expansion was forced to fail, | |
4842 | contradicting the general specification for all authenticators. Instead it | |
4843 | was generating a temporary error. It now behaves as specified. | |
4844 | ||
26dd5a95 PH |
4845 | 50. The default ordering of permitted cipher suites for GnuTLS was pessimal |
4846 | (the order specifies the preference for clients). The order is now AES256, | |
4847 | AES128, 3DES, ARCFOUR128. | |
4848 | ||
343b2385 PH |
4849 | 51. Small patch to Sieve code - explicitly set From: when generating an |
4850 | autoreply. | |
4851 | ||
1c5466b9 PH |
4852 | 52. Exim crashed if a remote delivery caused a very long error message to be |
4853 | recorded - for instance if somebody sent an entire SpamAssassin report back | |
4854 | as a large number of 550 error lines. This bug was coincidentally fixed by | |
4855 | increasing the size of one of Exim's internal buffers (big_buffer) that | |
4856 | happened as part of the Exiscan merge. However, to be on the safe side, I | |
4857 | have made the code more robust (and fixed the comments that describe what | |
4858 | is going on). | |
4859 | ||
55ee9ee3 PH |
4860 | 53. Now that there can be additional text after "Completed" in log lines (if |
4861 | the queue_time_overall log selector is set), a one-byte patch to exigrep | |
4862 | was needed to allow it to recognize "Completed" as not the last thing in | |
4863 | the line. | |
4864 | ||
d38f8232 PH |
4865 | 54. The LDAP lookup was not handling a return of LDAP_RES_SEARCH_REFERENCE. A |
4866 | patch that reportedly fixes this has been added. I am not expert enough to | |
4867 | create a test for it. This is what the patch creator wrote: | |
4868 | ||
4869 | "I found a little strange behaviour of ldap code when working with | |
4870 | Windows 2003 AD Domain, where users was placed in more than one | |
4871 | Organization Units. When I tried to give exim partial DN, the exit code | |
4872 | of ldap_search was unknown to exim because of LDAP_RES_SEARCH_REFERENCE. | |
4873 | But simultaneously result of request was absolutely normal ldap result, | |
4874 | so I produce this patch..." | |
4875 | ||
3295e65b PH |
4876 | Later: it seems that not all versions of LDAP support LDAP_RES_SEARCH_ |
4877 | REFERENCE, so I have modified the code to exclude the patch when that macro | |
4878 | is not defined. | |
4879 | ||
7102e136 PH |
4880 | 55. Some experimental protocols are using DNS PTR records for new purposes. The |
4881 | keys for these records are domain names, not reversed IP addresses. The | |
b975ba52 PH |
4882 | dnsdb PTR lookup now tests whether its key is an IP address. If not, it |
4883 | leaves it alone. Component reversal etc. now happens only for IP addresses. | |
ea3a6f44 | 4884 | CAN-2005-0021 |
7102e136 | 4885 | |
3ca0ba97 PH |
4886 | 56. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP. |
4887 | ||
c2bcbe20 PH |
4888 | 57. Double the size of the debug message buffer (to 2048) so that more of very |
4889 | long debug lines gets shown. | |
4890 | ||
18ce445d PH |
4891 | 58. The exicyclog utility now does better if the number of log files to keep |
4892 | exceeds 99. In this case, it numbers them 001, 002 ... instead of 01, 02... | |
4893 | ||
1f5b4c3d PH |
4894 | 59. Two changes related to the smtp_active_hostname option: |
4895 | ||
4896 | (1) $smtp_active_hostname is now available as a variable. | |
4897 | (2) The default for smtp_banner uses $smtp_active_hostname instead | |
4898 | of $primary_hostname. | |
4899 | ||
b975ba52 PH |
4900 | 60. The host_aton() function is supposed to be passed a string that is known |
4901 | to be a valid IP address. However, in the case of IPv6 addresses, it was | |
4902 | not checking this. This is a hostage to fortune. Exim now panics and dies | |
4903 | if the condition is not met. A case was found where this could be provoked | |
85b87bc2 PH |
4904 | from a dnsdb PTR lookup with an IPv6 address that had more than 8 |
4905 | components; fortuitously, this particular loophole had already been fixed | |
4906 | by change 4.50/55 above. | |
4907 | ||
4908 | If there are any other similar loopholes, the new check in host_aton() | |
4909 | itself should stop them being exploited. The report I received stated that | |
4910 | data on the command line could provoke the exploit when Exim was running as | |
4911 | exim, but did not say which command line option was involved. All I could | |
4912 | find was the use of -be with a bad dnsdb PTR lookup, and in that case it is | |
4913 | running as the user. | |
ea3a6f44 | 4914 | CAN-2005-0021 |
85b87bc2 PH |
4915 | |
4916 | 61. There was a buffer overflow vulnerability in the SPA authentication code | |
4917 | (which came originally from the Samba project). I have added a test to the | |
4918 | spa_base64_to_bits() function which I hope fixes it. | |
ea3a6f44 | 4919 | CAN-2005-0022 |
b975ba52 | 4920 | |
17ffcae7 PH |
4921 | 62. Configuration update for GNU/Hurd and variations. Updated Makefile-GNU and |
4922 | os.h-GNU, and added configuration files for GNUkFreeBSD and GNUkNetBSD. | |
4923 | ||
d95f9fdb PH |
4924 | 63. The daemon start-up calls getloadavg() while still root for those OS that |
4925 | need the first call to be done as root, but it missed one case: when | |
4926 | deliver_queue_load_max is set with deliver_drop_privilege. This is | |
4927 | necessary for the benefit of the queue runner, because there is no re-exec | |
4928 | when deliver_drop_privilege is set. | |
4929 | ||
86b8287f PH |
4930 | 64. A call to exiwhat cut short delays set up by "delay" modifiers in ACLs. |
4931 | This has been fixed. | |
4932 | ||
60dc5e56 PH |
4933 | 65. Caching of lookup data for "hosts =" ACL conditions, when a named host list |
4934 | was in use, was not putting the data itself into the right store pool; | |
4935 | consequently, it could be overwritten for a subsequent message in the same | |
4936 | SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked | |
4937 | the caching.) | |
4938 | ||
533244af PH |
4939 | 66. Added hosts_max_try_hardlimit to the smtp transport, default 50. |
4940 | ||
a5a28604 PH |
4941 | 67. The string_is_ip_address() function returns 0, 4, or 6, for "no an IP |
4942 | address", "IPv4 address", and "IPv6 address", respectively. Some calls of | |
4943 | the function were treating the return as a boolean value, which happened to | |
4944 | work because 0=false and not-0=true, but is not correct code. | |
4945 | ||
7e634d24 PH |
4946 | 68. The host_aton() function was not handling scoped IPv6 addresses (those |
4947 | with, for example, "%eth0" on the end) correctly. | |
4948 | ||
3e11c26b PH |
4949 | 69. Fixed some compiler warnings in acl.c for the bitmaps specified with |
4950 | negated items (that is, ~something) in unsigned ints. Some compilers | |
4951 | apparently mutter when there is no cast. | |
4952 | ||
6729cf78 PH |
4953 | 70. If an address verification called from an ACL failed, and did not produce a |
4954 | user-specific message (i.e. there was only a "system" message), nothing was | |
4955 | put in $acl_verify_message. In this situation, it now puts the system | |
4956 | message there. | |
4957 | ||
00f00ca5 PH |
4958 | 71. Change 4.23/11 added synchronization checking at the start of an SMTP |
4959 | session; change 4.31/43 added the unwanted input to the log line - except | |
4960 | that it did not do this in the start of session case. It now does. | |
4961 | ||
c9bdd01c PH |
4962 | 72. After a timeout in a callout SMTP session, Exim still sent a QUIT command. |
4963 | This is wrong and can cause the other end to generate a synchronization | |
4964 | error if it is another Exim or anything else that does the synchronization | |
4965 | check. A QUIT command is no longer sent after a timeout. | |
4966 | ||
d43194df PH |
4967 | 73. $host_lookup_deferred has been added, to make it easier to detect DEFERs |
4968 | during host lookups. | |
4969 | ||
fe5b5d0b PH |
4970 | 74. The defer_ok option of callout verification was not working if it was used |
4971 | when verifying addresses in header lines, that is, for this case: | |
4972 | ||
4973 | verify = header_sender/callout=defer_ok | |
4974 | ||
76a2d7ba PH |
4975 | 75. A backgrounded daemon closed stdin/stdout/stderr on entry; this meant that |
4976 | those file descriptors could be used for SMTP connections. If anything | |
4977 | wrote to stderr (the example that came up was "warn" in embedded Perl), it | |
4978 | could be sent to the SMTP client, causing chaos. The daemon now opens | |
4979 | stdin, stdout, and stderr to /dev/null when it puts itself into the | |
4980 | background. | |
4981 | ||
4982 | 76. Arrange for output from Perl's "warn" command to be written to Exim's main | |
4983 | log by default. The user can override this with suitable Perl magic. | |
4984 | ||
04f7d5b9 PH |
4985 | 77. The use of log_message on a "discard" ACL verb, which is supposed to add to |
4986 | the log message when discard triggers, was not working for the DATA ACL or | |
4987 | for the non-SMTP ACL. | |
4988 | ||
bc60667e PH |
4989 | 78. Error message wording change in sieve.c. |
4990 | ||
bb6e88ff PH |
4991 | 79. If smtp_accept_max_per_host was set, the number of connections could be |
4992 | restricted to fewer than expected, because the daemon was trying to set up | |
4993 | a new connection before checking whether the processes handling previous | |
4994 | connections had finished. The check for completed processes is now done | |
4995 | earlier. On busy systems, this bug wouldn't be noticed because something | |
4996 | else would have woken the daemon, and it would have reaped the completed | |
4997 | process earlier. | |
4998 | ||
1e70f85b PH |
4999 | 80. If a message was submitted locally by a user whose login name contained one |
5000 | or more spaces (ugh!), the spool file that Exim wrote was not re-readable. | |
5001 | It caused a spool format error. I have fixed the spool reading code. A | |
5002 | related problem was that the "from" clause in the Received: line became | |
5003 | illegal because of the space(s). It is now covered by ${quote_local_part. | |
5004 | ||
5005 | 81. Included the latest eximstats from Steve (adds average sizes to HTML Top | |
5006 | tables). | |
5007 | ||
4e01f9d6 PH |
5008 | 82. Updated OS/Makefile-AIX as per message from Mike Meredith. |
5009 | ||
1ee1cef2 PH |
5010 | 83. Patch from Sieve maintainer to fix unterminated string problem in |
5011 | "vacation" handling. | |
5012 | ||
6e2b4ccc PH |
5013 | 84. Some minor changes to the Linux configuration files to help with other |
5014 | OS variants using glibc. | |
5015 | ||
8e669ac1 PH |
5016 | 85. One more patch for Sieve to update vacation handling to latest spec. |
5017 | ||
495ae4b0 | 5018 | |
bbe902f0 PH |
5019 | ---------------------------------------------------- |
5020 | See the note above about the 4.44 and 4.50 releases. | |
5021 | ---------------------------------------------------- | |
5022 | ||
5023 | ||
5024 | Exim version 4.44 | |
5025 | ----------------- | |
5026 | ||
5027 | 1. Change 4.43/35 introduced a bug that caused file counts to be | |
5028 | incorrectly computed when quota_filecount was set in an appendfile | |
5029 | transport | |
5030 | ||
5031 | 2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The | |
5032 | bug fixed in 4.43/37 would have been diagnosed quickly if this had been in | |
5033 | place. | |
5034 | ||
5035 | 3. Give more explanation in the error message when the command for a transport | |
5036 | filter fails to execute. | |
5037 | ||
5038 | 4. There are several places where Exim runs a non-Exim command in a | |
5039 | subprocess. The SIGUSR1 signal should be disabled for these processes. This | |
5040 | was being done only for the command run by the queryprogram router. It is | |
5041 | now done for all such subprocesses. The other cases are: ${run, transport | |
5042 | filters, and the commands run by the lmtp and pipe transports. | |
5043 | ||
5044 | 5. Some older OS have a limit of 256 on the maximum number of file | |
5045 | descriptors. Exim was using setrlimit() to set 1000 as a large value | |
5046 | unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these | |
5047 | systems. I've change it so that if it can't get 1000, it tries for 256. | |
5048 | ||
5049 | 6. "control=submission" was allowed, but had no effect, in a DATA ACL. This | |
5050 | was an oversight, and furthermore, ever since the addition of extra | |
5051 | controls (e.g. 4.43/32), the checks on when to allow different forms of | |
5052 | "control" were broken. There should now be diagnostics for all cases when a | |
5053 | control that does not make sense is encountered. | |
5054 | ||
5055 | 7. $recipients is now available in the predata ACL (oversight). | |
5056 | ||
5057 | 8. Tidy the search cache before the fork to do a delivery from a message | |
5058 | received from the command line. Otherwise the child will trigger a lookup | |
5059 | failure and thereby defer the delivery if it tries to use (for example) a | |
5060 | cached ldap connection that the parent has called unbind on. | |
5061 | ||
5062 | 9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value | |
5063 | of $address_data from the recipient verification was clobbered by the | |
5064 | sender verification. | |
5065 | ||
5066 | 10. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0 | |
5067 | was its contents. (It was OK if the option was not defined at all.) | |
5068 | ||
5069 | 11. A "Completed" log line is now written for messages that are removed from | |
5070 | the spool by the -Mrm option. | |
5071 | ||
5072 | 12. $host_address is now set to the target address during the checking of | |
5073 | ignore_target_hosts. | |
5074 | ||
5075 | 13. When checking ignore_target_hosts for an ipliteral router, no host name was | |
5076 | being passed; this would have caused $sender_host_name to have been used if | |
5077 | matching the list had actually called for a host name (not very likely, | |
5078 | since this list is usually IP addresses). A host name is now passed as | |
5079 | "[x.x.x.x]". | |
5080 | ||
5081 | 14. Changed the calls that set up the SIGCHLD handler in the daemon to use the | |
5082 | code that specifies a non-restarting handler (typically sigaction() in | |
5083 | modern systems) in an attempt to fix a rare and obscure crash bug. | |
5084 | ||
5085 | 15. Narrowed the window for a race in the daemon that could cause it to ignore | |
5086 | SIGCHLD signals. This is not a major problem, because they are used only to | |
5087 | wake it up if nothing else does. | |
5088 | ||
5089 | 16. A malformed maildirsize file could cause Exim to calculate negative values | |
5090 | for the mailbox size or file count. Odd effects could occur as a result. | |
5091 | The maildirsize information is now recalculated if the size or filecount | |
5092 | end up negative. | |
5093 | ||
5094 | 17. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this | |
5095 | support for a long time. Removed HAVE_SYS_VFS_H. | |
5096 | ||
ea3a6f44 | 5097 | 18. Updated exipick to current release from John Jetmore. |
bbe902f0 PH |
5098 | |
5099 | 19. Allow an empty sender to be matched against a lookup in an address list. | |
5100 | Previously the only cases considered were a regular expression, or an | |
5101 | empty pattern. | |
5102 | ||
5103 | 20. Exim went into a mad DNS lookup loop when doing a callout where the | |
5104 | host was specified on the transport, if the DNS lookup yielded more than | |
5105 | one IP address. | |
5106 | ||
ea3a6f44 NM |
5107 | 21. The RFC2047 encoding function was originally intended for short strings |
5108 | such as real names; it was not keeping to the 75-character limit for | |
5109 | encoded words that the RFC imposes. It now respects the limit, and | |
5110 | generates multiple encoded words if necessary. To be on the safe side, I | |
5111 | have increased the buffer size for the ${rfc2047: expansion operator from | |
5112 | 1024 to 2048 bytes. | |
bbe902f0 | 5113 | |
ea3a6f44 NM |
5114 | 22. Failure to deliver a bounce message always caused it to be frozen, even if |
5115 | there was an errors_to setting on the router. The errors_to setting is now | |
5116 | respected. | |
bbe902f0 PH |
5117 | |
5118 | 23. If an IPv6 address is given for -bh or -bhc, it is now converted to the | |
5119 | canonical form (fully expanded) before being placed in | |
5120 | $sender_host_address. | |
5121 | ||
5122 | 24. Updated eximstats to version 1.33 | |
5123 | ||
ea3a6f44 NM |
5124 | 25. Include certificate and key file names in error message when GnuTLS fails |
5125 | to set them up, because the GnuTLS error message doesn't include the name | |
5126 | of the failing file when there is a problem reading it. | |
bbe902f0 PH |
5127 | |
5128 | 26. Expand error message when OpenSSL has problems setting up cert/key files. | |
ea3a6f44 | 5129 | As per change 25. |
bbe902f0 | 5130 | |
ea3a6f44 NM |
5131 | 27. Reset the locale to "C" after calling embedded Perl, in case it was changed |
5132 | (this can affect the format of dates). | |
bbe902f0 | 5133 | |
ea3a6f44 NM |
5134 | 28. exim_tidydb, when checking for the continued existence of a message for |
5135 | which it has found a message-specific retry record, was not finding | |
5136 | messages that were in split spool directories. Consequently, it was | |
5137 | deleting retry records that should have stayed in existence. | |
bbe902f0 PH |
5138 | |
5139 | 29. eximstats updated to version 1.35 | |
5140 | 1.34 - allow eximstats to parse syslog lines as well as mainlog lines | |
5141 | 1.35 - bugfix such that pie charts by volume are generated correctly | |
5142 | ||
ea3a6f44 NM |
5143 | 30. The SPA authentication driver was not abandoning authentication and moving |
5144 | on to the next authenticator when an expansion was forced to fail, | |
5145 | contradicting the general specification for all authenticators. Instead it | |
5146 | was generating a temporary error. It now behaves as specified. | |
bbe902f0 | 5147 | |
ea3a6f44 NM |
5148 | 31. The default ordering of permitted cipher suites for GnuTLS was pessimal |
5149 | (the order specifies the preference for clients). The order is now AES256, | |
5150 | AES128, 3DES, ARCFOUR128. | |
bbe902f0 | 5151 | |
ea3a6f44 NM |
5152 | 31. Small patch to Sieve code - explicitly set From: when generating an |
5153 | autoreply. | |
bbe902f0 | 5154 | |
ea3a6f44 NM |
5155 | 32. Exim crashed if a remote delivery caused a very long error message to be |
5156 | recorded - for instance if somebody sent an entire SpamAssassin report back | |
5157 | as a large number of 550 error lines. This bug was coincidentally fixed by | |
5158 | increasing the size of one of Exim's internal buffers (big_buffer) that | |
5159 | happened as part of the Exiscan merge. However, to be on the safe side, I | |
5160 | have made the code more robust (and fixed the comments that describe what | |
5161 | is going on). | |
bbe902f0 | 5162 | |
ea3a6f44 NM |
5163 | 33. Some experimental protocols are using DNS PTR records for new purposes. The |
5164 | keys for these records are domain names, not reversed IP addresses. The | |
5165 | dnsdb PTR lookup now tests whether its key is an IP address. If not, it | |
5166 | leaves it alone. Component reversal etc. now happens only for IP addresses. | |
bbe902f0 PH |
5167 | CAN-2005-0021 |
5168 | ||
ea3a6f44 NM |
5169 | 34. The host_aton() function is supposed to be passed a string that is known |
5170 | to be a valid IP address. However, in the case of IPv6 addresses, it was | |
5171 | not checking this. This is a hostage to fortune. Exim now panics and dies | |
5172 | if the condition is not met. A case was found where this could be provoked | |
5173 | from a dnsdb PTR lookup with an IPv6 address that had more than 8 | |
5174 | components; fortuitously, this particular loophole had already been fixed | |
5175 | by change 4.50/55 or 4.44/33 above. | |
5176 | ||
5177 | If there are any other similar loopholes, the new check in host_aton() | |
5178 | itself should stop them being exploited. The report I received stated that | |
5179 | data on the command line could provoke the exploit when Exim was running as | |
5180 | exim, but did not say which command line option was involved. All I could | |
5181 | find was the use of -be with a bad dnsdb PTR lookup, and in that case it is | |
5182 | running as the user. | |
bbe902f0 PH |
5183 | CAN-2005-0021 |
5184 | ||
ea3a6f44 NM |
5185 | 35. There was a buffer overflow vulnerability in the SPA authentication code |
5186 | (which came originally from the Samba project). I have added a test to the | |
5187 | spa_base64_to_bits() function which I hope fixes it. | |
bbe902f0 PH |
5188 | CAN-2005-0022 |
5189 | ||
ea3a6f44 NM |
5190 | 36. The daemon start-up calls getloadavg() while still root for those OS that |
5191 | need the first call to be done as root, but it missed one case: when | |
5192 | deliver_queue_load_max is set with deliver_drop_privilege. This is | |
5193 | necessary for the benefit of the queue runner, because there is no re-exec | |
5194 | when deliver_drop_privilege is set. | |
bbe902f0 | 5195 | |
ea3a6f44 NM |
5196 | 37. Caching of lookup data for "hosts =" ACL conditions, when a named host list |
5197 | was in use, was not putting the data itself into the right store pool; | |
5198 | consequently, it could be overwritten for a subsequent message in the same | |
5199 | SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked | |
5200 | the caching.) | |
bbe902f0 | 5201 | |
ea3a6f44 NM |
5202 | 38. Sometimes the final signoff response after QUIT could fail to get |
5203 | transmitted in the non-TLS case. Testing !tls_active instead of tls_active | |
5204 | < 0 before doing a fflush(). This bug looks as though it goes back to the | |
5205 | introduction of TLS in release 3.20, but "sometimes" must have been rare | |
5206 | because the tests only now provoked it. | |
bbe902f0 PH |
5207 | |
5208 | ||
495ae4b0 PH |
5209 | Exim version 4.43 |
5210 | ----------------- | |
5211 | ||
5212 | 1. Fixed a longstanding but relatively impotent bug: a long time ago, before | |
5213 | PIPELINING, the function smtp_write_command() used to return TRUE or FALSE. | |
5214 | Now it returns an integer. A number of calls were still expecting a T/F | |
5215 | return. Fortuitously, in all cases, the tests worked in OK situations, | |
5216 | which is the norm. However, things would have gone wrong on any write | |
5217 | failures on the smtp file descriptor. This function is used when sending | |
5218 | messages over SMTP and also when doing verify callouts. | |
5219 | ||
5220 | 2. When Exim is called to do synchronous delivery of a locally submitted | |
5221 | message (the -odf or -odi options), it no longer closes stderr before doing | |
5222 | the delivery. | |
5223 | ||
5224 | 3. Implemented the mua_wrapper option. | |
5225 | ||
5226 | 4. Implemented mx_fail_domains and srv_fail_domains for the dnslookup router. | |
5227 | ||
5228 | 5. Implemented the functions header_remove(), header_testname(), | |
5229 | header_add_at_position(), and receive_remove_recipient(), and exported them | |
5230 | to local_scan(). | |
5231 | ||
5232 | 6. If an ACL "warn" statement specified the addition of headers, Exim already | |
5233 | inserted X-ACL-Warn: at the start if there was no header name. However, it | |
5234 | was not making this test for the second and subsequent header lines if | |
5235 | there were newlines in the string. This meant that an invalid header could | |
5236 | be inserted if Exim was badly configured. | |
5237 | ||
5238 | 7. Allow an ACL "warn" statement to add header lines at the start or after all | |
5239 | the Received: headers, as well as at the end. | |
5240 | ||
5241 | 8. Added the rcpt_4xx retry error code. | |
5242 | ||
5243 | 9. Added postmaster_mailfrom=xxx to callout verification option. | |
5244 | ||
5245 | 10. Added mailfrom=xxxx to the callout verification option, for verify= | |
5246 | header_sender only. | |
5247 | ||
5248 | 11. ${substr_1_:xxxx} and ${substr__3:xxxx} are now diagnosed as syntax errors | |
5249 | (they previously behaved as ${substr_1_0:xxxx} and ${substr:_0_3:xxxx}). | |
5250 | ||
5251 | 12. Inserted some casts to stop certain compilers warning when using pointer | |
5252 | differences as field lengths or precisions in printf-type calls (mostly | |
5253 | affecting debugging statements). | |
5254 | ||
5255 | 13. Added optional readline() support for -be (dynamically loaded). | |
5256 | ||
5257 | 14. Obscure bug fix: if a message error (e.g. 4xx to MAIL) happened within the | |
5258 | same clock tick as a message's arrival, so that its received time was the | |
5259 | same as the "first fail" time on the retry record, and that message | |
5260 | remained on the queue past the ultimate address timeout, every queue runner | |
5261 | would try a delivery (because it was past the ultimate address timeout) but | |
5262 | after another failure, the ultimate address timeout, which should have then | |
5263 | bounced the address, did not kick in. This was a "< instead of <=" error; | |
5264 | in most cases the first failure would have been in the next clock tick | |
5265 | after the received time, and all would be well. | |
5266 | ||
5267 | 15. The special items beginning with @ in domain lists (e.g. @mx_any) were not | |
5268 | being recognized when the domain list was tested by the match_domain | |
5269 | condition in an expansion string. | |
5270 | ||
5271 | 16. Added the ${str2b64: operator. | |
5272 | ||
5273 | 17. Exim was always calling setrlimit() to set a large limit for the number of | |
5274 | processes, without checking whether the existing limit was already | |
5275 | adequate. (It did check for the limit on file descriptors.) Furthermore, | |
5276 | errors from getrlimit() and setrlimit() were being ignored. Now they are | |
5277 | logged to the main and panic logs, but Exim does carry on, to try to do its | |
5278 | job under whatever limits there are. | |
5279 | ||
5280 | 18. Imported PCRE 5.0. | |
5281 | ||
5282 | 19. Trivial typo in log message " temporarily refused connection" (the leading | |
5283 | space). | |
5284 | ||
5285 | 20. If the log selector return_path_on_delivery was set and an address was | |
5286 | redirected to /dev/null, the delivery process crashed because it assumed | |
5287 | that a return path would always be set for a "successful" delivery. In this | |
5288 | case, the whole delivery is bypassed as an optimization, and therefore no | |
5289 | return path is set. | |
5290 | ||
5291 | 21. Internal re-arrangement: the function for sending a challenge and reading | |
5292 | a response while authentication was assuming a zero-terminated challenge | |
5293 | string. It's now changed to take a pointer and a length, to allow for | |
5294 | binary data in such strings. | |
5295 | ||
5296 | 22. Added the cyrus_sasl authenticator (code supplied by MBM). | |
5297 | ||
5298 | 23. Exim was not respecting finduser_retries when seeking the login of the | |
5299 | uid under which it was called; it was always trying 10 times. (The default | |
5300 | setting of finduser_retries is zero.) Also, it was sleeping after the final | |
5301 | failure, which is pointless. | |
5302 | ||
5303 | 24. Implemented tls_on_connect_ports. | |
5304 | ||
5305 | 25. Implemented acl_smtp_predata. | |
5306 | ||
5307 | 26. If the domain in control=submission is set empty, Exim assumes that the | |
5308 | authenticated id is a complete email address when it generates From: or | |
5309 | Sender: header lines. | |
5310 | ||
5311 | 27. Added "#define SOCKLEN_T int" to OS/os.h-SCO and OS/os.h-SCO_SV. Also added | |
5312 | definitions to OS/Makefile-SCO and OS/Makefile-SCO_SV that put basename, | |
5313 | chown and chgrp in /bin and hostname in /usr/bin. | |
5314 | ||
5315 | 28. Exim was keeping the "process log" file open after each use, just as it | |
5316 | does for the main log. This opens the possibility of it remaining open for | |
5317 | long periods when the USR1 signal hits a daemon. Occasional processlog | |
5318 | errors were reported, that could have been caused by this. Anyway, it seems | |
5319 | much more sensible not to leave this file open at all, so that is what now | |
5320 | happens. | |
5321 | ||
5322 | 29. The long-running daemon process does not normally write to the log once it | |
5323 | has entered its main loop, and it closes the log before doing so. This is | |
5324 | so that log files can straightforwardly be renamed and moved. However, | |
5325 | there are a couple of unusual error situations where the daemon does write | |
5326 | log entries, and I had neglected to close the log afterwards. | |
5327 | ||
5328 | 30. The text of an SMTP error response that was received during a remote | |
5329 | delivery was being truncated at 512 bytes. This is too short for some of | |
5330 | the long messages that one sometimes sees. I've increased the limit to | |
5331 | 1024. | |
5332 | ||
5333 | 31. It is now possible to make retry rules that apply only when a message has a | |
5334 | specific sender, in particular, an empty sender. | |
5335 | ||
5336 | 32. Added "control = enforce_sync" and "control = no_enforce_sync". This makes | |
5337 | it possible to be selective about when SMTP synchronization is enforced. | |
5338 | ||
5339 | 33. Added "control = caseful_local_part" and "control = "caselower_local_part". | |
5340 | ||
5341 | 32. Implemented hosts_connection_nolog. | |
5342 | ||
5343 | 33. Added an ACL for QUIT. | |
5344 | ||
5345 | 34. Setting "delay_warning=" to disable warnings was not working; it gave a | |
5346 | syntax error. | |
5347 | ||
5348 | 35. Added mailbox_size and mailbox_filecount to appendfile. | |
5349 | ||
5350 | 36. Added control = no_multiline_responses to ACLs. | |
5351 | ||
5352 | 37. There was a bug in the logic of the code that waits for the clock to tick | |
5353 | in the case where the clock went backwards by a substantial amount such | |
5354 | that the microsecond fraction of "now" was more than the microsecond | |
5355 | fraction of "then" (but the whole seconds number was less). | |
5356 | ||
5357 | 38. Added support for the libradius Radius client library this is found on | |
5358 | FreeBSD (previously only the radiusclient library was supported). | |
5359 | ||
5360 | ||
5361 | Exim version 4.42 | |
5362 | ----------------- | |
5363 | ||
5364 | 1. When certain lookups returned multiple values in the form name=value, the | |
5365 | quoting of the values was not always being done properly. Specifically: | |
5366 | (a) If the value started with a double quote, but contained no whitespace, | |
5367 | it was not quoted. | |
5368 | (b) If the value contained whitespace other than a space character (i.e. | |
5369 | tabs or newlines or carriage returns) it was not quoted. | |
5370 | This fix has been applied to the mysql and pgsql lookups by writing a | |
5371 | separate quoting function and calling it from the lookup code. The fix | |
5372 | should probably also be applied to nisplus, ibase and oracle lookups, but | |
5373 | since I cannot test any of those, I have not disturbed their existing code. | |
5374 | ||
5375 | 2. A hit in the callout cache for a specific address caused a log line with no | |
5376 | reason for rejecting RCPT. Now it says "Previous (cached) callout | |
5377 | verification failure". | |
5378 | ||
5379 | 3. There was an off-by-one bug in the queryprogram router. An over-long | |
5380 | return line was truncated at 256 instead of 255 characters, thereby | |
5381 | overflowing its buffer with the terminating zero. As well as fixing this, I | |
5382 | have increased the buffer size to 1024 (and made a note to document this). | |
5383 | ||
5384 | 4. If an interrupt, such as the USR1 signal that is send by exiwhat, arrives | |
5385 | when Exim is waiting for an SMTP response from a remote server, Exim | |
5386 | restarts its select() call on the socket, thereby resetting its timeout. | |
5387 | This is not a problem when such interrupts are rare. Somebody set up a cron | |
5388 | job to run exiwhat every 2 minutes, which is less than the normal select() | |
5389 | timeout (5 or 10 minutes). This meant that the select() timeout never | |
5390 | kicked in because it was always reset. I have fixed this by comparing the | |
5391 | time when an interrupt arrives with the time at the start of the first call | |
5392 | to select(). If more time than the timeout has elapsed, the interrupt is | |
5393 | treated as a timeout. | |
5394 | ||
5395 | 5. Some internal re-factoring in preparation for the addition of Sieve | |
5396 | extensions (by MH). In particular, the "personal" test is moved to a | |
5397 | separate function, and given an option for scanning Cc: and Bcc: (which is | |
5398 | not set for Exim filters). | |
5399 | ||
5400 | 6. When Exim created an email address using the login of the caller as the | |
5401 | local part (e.g. when creating a From: or Sender: header line), it was not | |
5402 | quoting the local part when it contained special characters such as @. | |
5403 | ||
5404 | 7. Installed new OpenBSD configuration files. | |
5405 | ||
5406 | 8. Reworded some messages for syntax errors in "and" and "or" conditions to | |
5407 | try to make them clearer. | |
5408 | ||
5409 | 9. Callout options, other than the timeout value, were being ignored when | |
5410 | verifying sender addresses in header lines. For example, when using | |
5411 | ||
5412 | verify = header_sender/callout=no_cache | |
5413 | ||
5414 | the cache was (incorrectly) being used. | |
5415 | ||
5416 | 10. Added a missing instance of ${EXE} to the exim_install script; this affects | |
5417 | only the Cygwin environment. | |
5418 | ||
5419 | 11. When return_path_on_delivery was set as a log selector, if different remote | |
5420 | addresses in the same message used different return paths and parallel | |
5421 | remote delivery occurred, the wrong values would sometimes be logged. | |
5422 | (Whenever a remote delivery process finished, the return path value from | |
5423 | the most recently started remote delivery process was logged.) | |
5424 | ||
5425 | 12. RFC 3848 specifies standard names for the "with" phrase in Received: header | |
5426 | lines when AUTH and/or TLS are in use. This is the "received protocol" | |
5427 | field. Exim used to use "asmtp" for authenticated SMTP, without any | |
5428 | indication (in the protocol name) for TLS use. Now it follows the RFC and | |
5429 | uses "esmtpa" if the connection is authenticated, "esmtps" if it is | |
5430 | encrypted, and "esmtpsa" if it is both encrypted and authenticated. These | |
5431 | names appear in log lines as well as in Received: header lines. | |
5432 | ||
5433 | 13. Installed MH's patches for Sieve to add the "copy" and "vacation" | |
5434 | extensions, and comparison tests, and to fix some bugs. | |
5435 | ||
5436 | 14. Changes to the "personal" filter test: | |
5437 | ||
5438 | (1) The test was buggy in that it was just doing the equivalent of | |
5439 | "contains" tests on header lines. For example, if a user's address was | |
5440 | anne@some.where, the "personal" test would incorrectly be true for | |
5441 | ||
5442 | To: susanne@some.where | |
5443 | ||
5444 | This test is now done by extracting each address from the header in turn, | |
5445 | and checking the entire address. Other tests that are part of "personal" | |
5446 | are now done using regular expressions (for example, to check local parts | |
5447 | of addresses in From: header lines). | |
5448 | ||
5449 | (2) The list of non-personal local parts in From: addresses has been | |
5450 | extended to include "listserv", "majordomo", "*-request", and "owner-*", | |
5451 | taken from the Sieve specification recommendations. | |
5452 | ||
5453 | (3) If the message contains any header line starting with "List-" it is | |
5454 | treated as non-personal. | |
5455 | ||
5456 | (4) The test for "circular" in the Subject: header line has been removed | |
5457 | because it now seems ill-conceived. | |
5458 | ||
5459 | 15. Minor typos in src/EDITME comments corrected. | |
5460 | ||
5461 | 16. Installed latest exipick from John Jetmore. | |
5462 | ||
5463 | 17. If headers_add on a router specified a text string that was too long for | |
5464 | string_sprintf() - that is, longer than 8192 bytes - Exim panicked. The use | |
5465 | of string_sprintf() is now avoided. | |
5466 | ||
5467 | 18. $message_body_size was not set (it was always zero) when running the DATA | |
5468 | ACL and the local_scan() function. | |
5469 | ||
5470 | 19. For the "mail" command in an Exim filter, no default was being set for | |
5471 | the once_repeat time, causing a random time value to be used if "once" was | |
5472 | specified. (If the value happened to be <= 0, no repeat happened.) The | |
5473 | default is now 0s, meaning "never repeat". The "vacation" command was OK | |
5474 | (its default is 7d). It's somewhat surprising nobody ever noticed this bug | |
5475 | (I found it when inspecting the code). | |
5476 | ||
5477 | 20. There is now an overall timeout for performing a callout verification. It | |
5478 | defaults to 4 times the callout timeout, which applies to individual SMTP | |
5479 | commands during the callout. The overall timeout applies when there is more | |
5480 | than one host that can be tried. The timeout is checked before trying the | |
5481 | next host. This prevents very long delays if there are a large number of | |
5482 | hosts and all are timing out (e.g. when the network connections are timing | |
5483 | out). The value of the overall timeout can be changed by specifying an | |
5484 | additional sub-option for "callout", called "maxwait". For example: | |
5485 | ||
5486 | verify = sender/callout=5s,maxwait=20s | |
5487 | ||
5488 | 21. Add O_APPEND to the open() call for maildirsize files (Exim already seeks | |
5489 | to the end before writing, but this should make it even safer). | |
5490 | ||
5491 | 22. Exim was forgetting that it had advertised PIPELINING for the second and | |
5492 | subsequent messages on an SMTP connection. It was also not resetting its | |
5493 | memory on STARTTLS and an internal HELO. | |
5494 | ||
5495 | 23. When Exim logs an SMTP synchronization error within a session, it now | |
5496 | records whether PIPELINING has been advertised or not. | |
5497 | ||
5498 | 24. Added 3 instances of "(long int)" casts to time_t variables that were being | |
5499 | formatted using %ld, because on OpenBSD (and perhaps others), time_t is int | |
5500 | rather than long int. | |
5501 | ||
5502 | 25. Installed the latest Cygwin configuration files from the Cygwin maintainer. | |
5503 | ||
5504 | 26. Added the never_mail option to autoreply. | |
5505 | ||
5506 | ||
5507 | Exim version 4.41 | |
5508 | ----------------- | |
5509 | ||
5510 | 1. A reorganization of the code in order to implement 4.40/8 caused a daemon | |
5511 | crash if the getsockname() call failed; this can happen if a connection is | |
5512 | closed very soon after it is established. The problem was simply in the | |
5513 | order in which certain operations were done, causing Exim to try to write | |
5514 | to the SMTP stream before it had set up the file descriptor. The bug has | |
5515 | been fixed by making things happen in the correct order. | |
5516 | ||
5517 | ||
5518 | Exim version 4.40 | |
5519 | ----------------- | |
5520 | ||
5521 | 1. If "drop" was used in a DATA ACL, the SMTP output buffer was not flushed | |
5522 | before the connection was closed, thus losing the rejection response. | |
5523 | ||
5524 | 2. Commented out the definition of SOCKLEN_T in os.h-SunOS5. It is needed for | |
5525 | some early Solaris releases, but causes trouble in current releases where | |
5526 | socklen_t is defined. | |
5527 | ||
5528 | 3. When std{in,out,err} are closed, re-open them to /dev/null so that they | |
5529 | always exist. | |
5530 | ||
5531 | 4. Minor refactoring of os.c-Linux to avoid compiler warning when IPv6 is not | |
5532 | configured. | |
5533 | ||
5534 | 5. Refactoring in expand.c to improve memory usage. Pre-allocate a block so | |
5535 | that releasing the top of it at the end releases what was used for sub- | |
5536 | expansions (unless the block got too big). However, discard this block if | |
5537 | the first thing is a variable or header, so that we can use its block when | |
5538 | it is dynamic (useful for very large $message_headers, for example). | |
5539 | ||
5540 | 6. Lookups now cache *every* query, not just the most recent. A new, separate | |
5541 | store pool is used for this. It can be recovered when all lookup caches are | |
5542 | flushed. Lookups now release memory at the end of their result strings. | |
5543 | This has involved some general refactoring of the lookup sources. | |
5544 | ||
5545 | 7. Some code has been added to the store_xxx() functions to reduce the amount | |
5546 | of flapping under certain conditions. | |
5547 | ||
5548 | 8. log_incoming_interface used to affect only the <= reception log lines. Now | |
5549 | it causes the local interface and port to be added to several more SMTP log | |
5550 | lines, for example "SMTP connection from", and rejection lines. | |
5551 | ||
5552 | 9. The Sieve author supplied some patches for the doc/README.SIEVE file. | |
5553 | ||
5554 | 10. Added a conditional definition of _BSD_SOCKLEN_T to os.h-Darwin. | |
5555 | ||
5556 | 11. If $host_data was set by virtue of a hosts lookup in an ACL, its value | |
5557 | could be overwritten at the end of the current message (or the start of a | |
5558 | new message if it was set in a HELO ACL). The value is now preserved for | |
5559 | the duration of the SMTP connection. | |
5560 | ||
5561 | 12. If a transport had a headers_rewrite setting, and a matching header line | |
5562 | contained an unqualified address, that address was qualified, even if it | |
5563 | did not match any rewriting rules. The underlying bug was that the values | |
5564 | of the flags that permit the existence of unqualified sender and recipient | |
5565 | addresses in header lines (set by {sender,recipient}_unqualified_hosts for | |
5566 | non-local messages, and by -bnq for local messages) were not being | |
5567 | preserved with the message after it was received. | |
5568 | ||
5569 | 13. When Exim was logging an SMTP synchronization error, it could sometimes log | |
5570 | "next input=" as part of the text comprising the host identity instead of | |
5571 | the correct text. The code was using the same buffer for two different | |
5572 | strings. However, depending on which order the printing function evaluated | |
5573 | its arguments, the bug did not always show up. Under Linux, for example, my | |
5574 | test suite worked just fine. | |
5575 | ||
5576 | 14. Exigrep contained a use of Perl's "our" scoping after change 4.31/70. This | |
5577 | doesn't work with some older versions of Perl. It has been changed to "my", | |
5578 | which in any case is probably the better facility to use. | |
5579 | ||
5580 | 15. A really picky compiler found some instances of statements for creating | |
5581 | error messages that either had too many or two few arguments for the format | |
5582 | string. | |
5583 | ||
5584 | 16. The size of the buffer for calls to the DNS resolver has been increased | |
5585 | from 1024 to 2048. A larger buffer is needed when performing PTR lookups | |
5586 | for addresses that have a lot of PTR records. This alleviates a problem; it | |
5587 | does not fully solve it. | |
5588 | ||
5589 | 17. A dnsdb lookup for PTR records that receives more data than will fit in the | |
5590 | buffer now truncates the list and logs the incident, which is the same | |
5591 | action as happens when Exim is looking up a host name and its aliases. | |
5592 | Previously in this situation something unpredictable would happen; | |
5593 | sometimes it was "internal error: store_reset failed". | |
5594 | ||
5595 | 18. If a server dropped the connection unexpectedly when an Exim client was | |
5596 | using GnuTLS and trying to read a response, the client delivery process | |
5597 | crashed while trying to generate an error log message. | |
5598 | ||
5599 | 19. If a "warn" verb in an ACL added multiple headers to a message in a single | |
5600 | string, for example: | |
5601 | ||
5602 | warn message = H1: something\nH2: something | |
5603 | ||
5604 | the text was added as a single header line from Exim's point of view | |
5605 | though it ended up OK in the delivered message. However, searching for the | |
5606 | second and subsequent header lines using $h_h2: did not work. This has been | |
5607 | fixed. Similarly, if a system filter added multiple headers in this way, | |
5608 | the routers could not see them. | |
5609 | ||
5610 | 20. Expanded the error message when iplsearch is called with an invalid key to | |
5611 | suggest using net-iplsearch in a host list. | |
5612 | ||
5613 | 21. When running tests using -bh, any delays imposed by "delay" modifiers in | |
5614 | ACLs are no longer actually imposed (and a message to that effect is | |
5615 | output). | |
5616 | ||
5617 | 22. If a "gecos" field in a passwd entry contained escaped characters, in | |
5618 | particular, if it contained a \" sequence, Exim got it wrong when building | |
5619 | a From: or a Sender: header from that name. A second bug also caused | |
5620 | incorrect handling when an unquoted " was present following a character | |
5621 | that needed quoting. | |
5622 | ||
5623 | 23. "{crypt}" as a password encryption mechanism for a "crypteq" expansion item | |
5624 | was not being matched caselessly. | |
5625 | ||
5626 | 24. Arranged for all hyphens in the exim.8 source to be escaped with | |
5627 | backslashes. | |
5628 | ||
5629 | 25. Change 16 of 4.32, which reversed 71 or 4.31 didn't quite do the job | |
5630 | properly. Recipient callout cache records were still being keyed to include | |
5631 | the sender, even when use_sender was set false. This led to far more | |
5632 | callouts that were necessary. The sender is no longer included in the key | |
5633 | when use_sender is false. | |
5634 | ||
5635 | 26. Added "control = submission" modifier to ACLs. | |
5636 | ||
5637 | 27. Added the ${base62d: operator to decode base 62 numbers. | |
5638 | ||
5639 | 28. dnsdb lookups can now access SRV records. | |
5640 | ||
5641 | 29. CONFIGURE_OWNER can be set at build time to define an alternative owner for | |
5642 | the configuration file. | |
5643 | ||
5644 | 30. The debug message "delivering xxxxxx-xxxxxx-xx" is now output in verbose | |
5645 | (-v) mode. This makes the output for a verbose queue run more intelligible. | |
5646 | ||
5647 | 31. Added a use_postmaster feature to recipient callouts. | |
5648 | ||
5649 | 32. Added the $body_zerocount variable, containing the number of binary zero | |
5650 | bytes in the message body. | |
5651 | ||
5652 | 33. The time of last modification of the "new" subdirectory is now used as the | |
5653 | "mailbox time last read" when there is a quota error for a maildir | |
5654 | delivery. | |
5655 | ||
5656 | 34. Added string comparison operators lt, lti, le, lei, gt, gti, ge, gei. | |
5657 | ||
5658 | 35. Added +ignore_unknown as a special item in host lists. | |
5659 | ||
5660 | 36. Code for decoding IPv6 addresses in host lists is now included, even if | |
5661 | IPv6 support is not being compiled. This fixes a bug in which an IPv6 | |
5662 | address was recognized as an IP address, but was then not correctly decoded | |
5663 | into binary, causing unexpected and incorrect effects when compared with | |
5664 | another IP address. | |
5665 | ||
5666 | ||
5667 | Exim version 4.34 | |
5668 | ----------------- | |
5669 | ||
5670 | 1. Very minor rewording of debugging text in manualroute to say "list of | |
5671 | hosts" instead of "hostlist". | |
5672 | ||
5673 | 2. If verify=header_syntax was set, and a header line with an unqualified | |
5674 | address (no domain) and a large number of spaces between the end of the | |
5675 | name and the colon was received, the reception process suffered a buffer | |
5676 | overflow, and (when I tested it) crashed. This was caused by some obsolete | |
5677 | code that should have been removed. The fix is to remove it! | |
5678 | ||
5679 | 3. When running in the test harness, delay a bit after writing a bounce | |
5680 | message to get a bit more predictability in the log output. | |
5681 | ||
5682 | 4. Added a call to search_tidyup() just before forking a reception process. In | |
5683 | theory, someone could use a lookup in the expansion of smtp_accept_max_ | |
5684 | per_host which, without the tidyup, could leave open a database connection. | |
5685 | ||
5686 | 5. Added the variables $recipient_data and $sender_data which get set from a | |
5687 | lookup success in an ACL "recipients" or "senders" condition, or a router | |
5688 | "senders" option, similar to $domain_data and $local_part_data. | |
5689 | ||
5690 | 6. Moved the writing of debug_print from before to after the "senders" test | |
5691 | for routers. | |
5692 | ||
5693 | 7. Change 4.31/66 (moving the time when the Received: is generated) caused | |
5694 | problems for message scanning, either using a data ACL, or using | |
5695 | local_scan() because the Received: header was not generated till after they | |
5696 | were called (in order to set the time as the time of reception completion). | |
5697 | I have revised the way this works. The header is now generated after the | |
5698 | body is received, but before the ACL or local_scan() are called. After they | |
5699 | are run, the timestamp in the header is updated. | |
5700 | ||
5701 | ||
5702 | Exim version 4.33 | |
5703 | ----------------- | |
5704 | ||
5705 | 1. Change 4.24/6 introduced a bug because the SIGALRM handler was disabled | |
5706 | before starting a queue runner without re-exec. This happened only when | |
5707 | deliver_drop_privilege was set or when the Exim user was set to root. The | |
5708 | effect of the bug was that timeouts during subsequent deliveries caused | |
5709 | crashes instead of being properly handled. The handler is now left at its | |
5710 | default (and expected) setting. | |
5711 | ||
5712 | 2. The other case in which a daemon avoids a re-exec is to deliver an incoming | |
5713 | message, again when deliver_drop_privilege is set or Exim is run as root. | |
5714 | The bug described in (1) was not present in this case, but the tidying up | |
5715 | of the other signals was missing. I have made the two cases consistent. | |
5716 | ||
5717 | 3. The ignore_target_hosts setting on a manualroute router was being ignored | |
5718 | for hosts that were looked up using the /MX notation. | |
5719 | ||
5720 | 4. Added /ignore=<ip list> feature to @mx_any, @mx_primary, and @mx_secondary | |
5721 | in domain lists. | |
5722 | ||
5723 | 5. Change 4.31/55 was buggy, and broke when there was a rewriting rule that | |
5724 | operated on the sender address. After changing the $sender_address to <> | |
5725 | for the sender address verify, Exim was re-instated it as the original | |
5726 | (before rewriting) address, but remembering that it had rewritten it, so it | |
5727 | wasn't rewriting it again. This bug also had the effect of breaking the | |
5728 | sender address verification caching when the sender address was rewritten. | |
5729 | ||
5730 | 6. The ignore_target_hosts option was being ignored by the ipliteral router. | |
5731 | This has been changed so that if the ip literal address matches | |
5732 | ignore_target_hosts, the router declines. | |
5733 | ||
5734 | 7. Added expansion conditions match_domain, match_address, and match_local_ | |
5735 | part (NOT match_host). | |
5736 | ||
5737 | 8. The placeholder for the Received: header didn't have a length field set. | |
5738 | ||
5739 | 9. Added code to Exim itself and to exim_lock to test for a specific race | |
5740 | condition that could lead to file corruption when using MBX delivery. The | |
5741 | issue is with the lockfile that is created in /tmp. If this file is removed | |
5742 | after a process has opened it but before that process has acquired a lock, | |
5743 | there is the potential for a second process to recreate the file and also | |
5744 | acquire a lock. This could lead to two Exim processes writing to the file | |
5745 | at the same time. The added code performs the same test as UW imapd; it | |
5746 | checks after acquiring the lock that its file descriptor still refers to | |
5747 | the same named file. | |
5748 | ||
5749 | 10. The buffer for building added header lines was of fixed size, 8192 bytes. | |
5750 | It is now parameterized by HEADER_ADD_BUFFER_SIZE and this can be adjusted | |
5751 | when Exim is built. | |
5752 | ||
5753 | 11. Added the smtp_active_hostname option. If used, this will typically be made | |
5754 | to depend on the incoming interface address. Because $interface_address is | |
5755 | not set up until the daemon has forked a reception process, error responses | |
5756 | that can happen earlier (such as "too many connections") no longer contain | |
5757 | a host name. | |
5758 | ||
5759 | 12. If an expansion in a condition on a "warn" statement fails because a lookup | |
5760 | defers, the "warn" statement is abandoned, and the next ACL statement is | |
5761 | processed. Previously this caused the whole ACL to be aborted. | |
5762 | ||
5763 | 13. Added the iplsearch lookup type. | |
5764 | ||
5765 | 14. Added ident_timeout as a log selector. | |
5766 | ||
5767 | 15. Added tls_certificate_verified as a log selector. | |
5768 | ||
5769 | 16. Added a global option tls_require_ciphers (compare the smtp transport | |
5770 | option of the same name). This controls incoming TLS connections. | |
5771 | ||
5772 | 17. I finally figured out how to make tls_require_ciphers do a similar thing | |
5773 | in GNUtls to what it does in OpenSSL, that is, set up an appropriate list | |
5774 | before starting the TLS session. | |
5775 | ||
5776 | 18. Tabs are now shown as \t in -bP output. | |
5777 | ||
5778 | 19. If the log selector return_path_on_delivery was set, Exim crashed when | |
5779 | bouncing a message because it had too many Received: header lines. | |
5780 | ||
5781 | 20. If two routers both had headers_remove settings, and the first one included | |
5782 | a superfluous trailing colon, the final name in the first list and the | |
5783 | first name in the second list were incorrectly joined into one item (with a | |
5784 | colon in the middle). | |
5785 | ||
5786 | ||
5787 | Exim version 4.32 | |
5788 | ----------------- | |
5789 | ||
5790 | 1. Added -C and -D options to the exinext utility, mainly to make it easier | |
5791 | to include in the automated testing, but these could be helpful when | |
5792 | multiple configurations are in use. | |
5793 | ||
5794 | 2. The exinext utility was not formatting the output nicely when there was | |
5795 | an alternate port involved in the retry record key, nor when there was a | |
5796 | message id as well (for retries that were specific to a specific message | |
5797 | and a specific host). It was also confused by IPv6 addresses, because of | |
5798 | the additional colons they contain. I have fixed the IPv4 problem, and | |
5799 | patched it up to do a reasonable job for IPv6. | |
5800 | ||
5801 | 3. When there is an error after a MAIL, RCPT, or DATA SMTP command during | |
5802 | delivery, the log line now contains "pipelined" if PIPELINING was used. | |
5803 | ||
5804 | 4. An SMTP transport process used to panic and die if the bind() call to set | |
5805 | an explicit outgoing interface failed. This has been changed; it is now | |
5806 | treated in the same way as a connect() failure. | |
5807 | ||
5808 | 5. A reference to $sender_host_name in the part of a conditional expansion | |
5809 | that was being skipped was still causing a DNS lookup. This no longer | |
5810 | occurs. | |
5811 | ||
5812 | 6. The def: expansion condition was not recognizing references to header lines | |
5813 | that used bh_ and bheader_. | |
5814 | ||
5815 | 7. Added the _cache feature to named lists. | |
5816 | ||
5817 | 8. The code for checking quota_filecount in the appendfile transport was | |
5818 | allowing one more file than it should have been. | |
5819 | ||
5820 | 9. For compatibility with Sendmail, the command line option | |
5821 | ||
5822 | -prval:sval | |
5823 | ||
5824 | is equivalent to | |
5825 | ||
5826 | -oMr rval -oMs sval | |
5827 | ||
5828 | and sets the incoming protocol and host name (for trusted callers). The | |
5829 | host name and its colon can be omitted when only the protocol is to be set. | |
5830 | Note the Exim already has two private options, -pd and -ps, that refer to | |
5831 | embedded Perl. It is therefore impossible to set a protocol value of "d" or | |
5832 | "s", but I don't think that's a major issue. | |
5833 | ||
5834 | 10. A number of refactoring changes to the code, none of which should affect | |
5835 | Exim's behaviour: | |
5836 | ||
5837 | (a) The number of logging options was getting close to filling up the | |
5838 | 32-bit word that was used as a bit map. I have split them into two classes: | |
5839 | those that are passed in the argument to log_write(), and those that are | |
5840 | only ever tested independently outside of that function. These are now in | |
5841 | separate 32-bit words, so there is plenty of room for expansion again. | |
5842 | There is no change in the user interface or the logging behaviour. | |
5843 | ||
5844 | (b) When building, for example, log lines, the code previously used a | |
5845 | macro that called string_cat() twice, in order to add two strings. This is | |
5846 | not really sufficiently general. Furthermore, there was one instance where | |
5847 | it was actually wrong because one of the argument was used twice, and in | |
5848 | one call a function was used. (As it happened, calling the function twice | |
5849 | did not affect the overall behaviour.) The macro has been replaced by a | |
5850 | function that can join an arbitrary number of extra strings onto a growing | |
5851 | string. | |
5852 | ||
5853 | (c) The code for expansion conditions now uses a table and a binary chop | |
5854 | instead of a serial search (which was left over from when there were very | |
5855 | few conditions). Also, it now recognizes conditions like "pam" even when | |
5856 | the relevant support is not compiled in: a suitably worded error message is | |
5857 | given if an attempt is made to use such a condition. | |
5858 | ||
5859 | 11. Added ${time_interval:xxxxx}. | |
5860 | ||
5861 | 12. A bug was causing one of the ddress fields not to be passed back correctly | |
5862 | from remote delivery subprocesses. The field in question was not being | |
5863 | subsequently used, so this caused to problems in practice. | |
5864 | ||
5865 | 13. Added new log selectors queue_time and deliver_time. | |
5866 | ||
5867 | 14. Might have fixed a bug in maildirsizefile handling that threw up | |
5868 | "unexpected character" debug warnings, and recalculated the data | |
5869 | unnecessarily. In any case, I expanded the warning message to give more | |
5870 | information. | |
5871 | ||
5872 | 15. Added the message "Restricted characters in address" to the statements in | |
5873 | the default ACL that block characters like @ and % in local parts. | |
5874 | ||
5875 | 16. Change 71 for release 4.31 proved to be much less benign that I imagined. | |
5876 | Three changes have been made: | |
5877 | ||
5878 | (a) There was a serious bug; a negative response to MAIL caused the whole | |
5879 | recipient domain to be cached as invalid, thereby blocking all messages | |
5880 | to all local parts at the same domain, from all senders. This bug has | |
5881 | been fixed. The domain is no longer cached after a negative response to | |
5882 | MAIL if the sender used is not empty. | |
5883 | ||
5884 | (b) The default behaviour of using MAIL FROM:<> for recipient callouts has | |
5885 | been restored. | |
5886 | ||
5887 | (c) A new callout option, "use_sender" has been added for people who want | |
5888 | the modified behaviour. | |
5889 | ||
5890 | ||
5891 | Exim version 4.31 | |
5892 | ----------------- | |
5893 | ||
5894 | 1. Removed "EXTRALIBS=-lwrap" from OS/Makefile-Unixware7 on the advice of | |
5895 | Larry Rosenman. | |
5896 | ||
5897 | 2. Removed "LIBS = -lresolv" from OS/Makefile-Darwin as it is not needed, and | |
5898 | indeed breaks things for older releases. | |
5899 | ||
5900 | 3. Added additional logging to the case where there is a problem reading data | |
5901 | from a filter that is running in a subprocess using a pipe, in order to | |
5902 | try to track down a specific problem. | |
5903 | ||
5904 | 4. Testing facility fudge: when running in the test harness and attempting | |
5905 | to connect to 10.x.x.x (expecting a connection timeout) I'm now sometimes | |
5906 | getting "No route to host". Convert this to a timeout. | |
5907 | ||
5908 | 5. Define ICONV_ARG2_TYPE as "char **" for Unixware7 to avoid compiler | |
5909 | warning. | |
5910 | ||
5911 | 6. Some OS don't have socklen_t but use size_t instead. This affects the | |
5912 | fifth argument of getsockopt() amongst other things. This is now | |
5913 | configurable by a macro called SOCKLEN_T which defaults to socklen_t, but | |
5914 | can be set for individual OS. I have set it for SunOS5, OSF1, and | |
5915 | Unixware7. Current versions of SunOS5 (aka Solaris) do have socklen_t, but | |
5916 | some earlier ones do not. | |
5917 | ||
5918 | 7. Change 4.30/15 was not doing the test caselessly. | |
5919 | ||
5920 | 8. The standard form for an IPv6 address literal was being rejected by address | |
5921 | parsing in, for example, MAIL and RCPT commands. An example of this kind of | |
5922 | address is [IPv6:2002:c1ed:8229:10:202:2dff:fe07:a42a]. Exim now accepts | |
5923 | this, as well as the form without the "IPv6" on the front (but only when | |
5924 | address literals are enabled, of course). | |
5925 | ||
5926 | 9. Added some casts to avoid compiler warnings in OS/os.c-Linux. | |
5927 | ||
5928 | 10. Exim crashed if a message with an empty sender address specified by -f | |
5929 | encountered a router with an errors_to setting. This could be provoked only | |
5930 | by a command such as | |
5931 | ||
5932 | exim -f "" ... | |
5933 | ||
5934 | where an empty string was supplied; "<>" did not hit this bug. | |
5935 | ||
5936 | 11. Installed PCRE release 4.5. | |
5937 | ||
5938 | 12. If EHLO/HELO was rejected by an ACL, the value of $sender_helo_name | |
5939 | remained set. It is now erased. | |
5940 | ||
5941 | 13. exiqgrep wasn't working on MacOS X because it didn't correctly compute | |
5942 | times from message ids (which are base 36 rather than the normal 62). | |
5943 | ||
5944 | 14. "Expected" SMTP protocol errors that can arise when PIPELINING is in use | |
5945 | were being counted as actual protocol errors, and logged if the log | |
5946 | selector +smtp_protocol_error was set. One cannot be perfect in this test, | |
5947 | but now, if PIPELINING has been advertised, RCPT following a rejected MAIL, | |
5948 | and DATA following a set of rejected RCPTs do not count as protocol errors. | |
5949 | In other words, Exim assumes they were pipelined, though this may not | |
5950 | actually be the case. Of course, in all cases the client gets an | |
5951 | appropriate error code. | |
5952 | ||
5953 | 15. If a lookup fails in an ACL condition, a message about the failure may | |
5954 | be available; it is used if testing the ACL cannot continue, because most | |
5955 | such messages specify what the cause of the deferral is. However, some | |
5956 | messages (e.g. "MYSQL: no data found") do not cause a defer. There was bug | |
5957 | that caused an old message to be retained and used if a later statement | |
5958 | caused a defer, replacing the real cause of the deferral. | |
5959 | ||
5960 | 16. If an IP address had so many PTR records that the DNS lookup buffer | |
5961 | was not large enough to hold them, Exim could crash while trying to process | |
5962 | the truncated data. It now detects and logs this case. | |
5963 | ||
5964 | 17. Further to 4.21/58, another change has been made: if (and only if) the | |
5965 | first line of a message (the first header line) ends with CRLF, a bare LF | |
5966 | in a subsequent header line has a space inserted after it, so as not to | |
5967 | terminate the header. | |
5968 | ||
5969 | 18. Refactoring: tidied an ugly bit of code in appendfile that copied data | |
5970 | unnecessarily, used atoi() instead of strtol(), and didn't check the | |
5971 | termination when getting file sizes from file names by regex. | |
5972 | ||
5973 | 19. Completely re-implemented the support for maildirsize files, in the light | |
5974 | of a number of problems with the previous contributed implementation | |
5975 | (4.30/29). In particular: | |
5976 | ||
5977 | . If the quota is zero, the maildirsize file is maintained, but no quota is | |
5978 | imposed. | |
5979 | ||
5980 | . If the maildir directory does not exist, it is created before any attempt | |
5981 | to write a maildirsize file. | |
5982 | ||
5983 | . The quota value in the file is just a cache; if the quota is changed in | |
5984 | the transport, the new value overrides. | |
5985 | ||
5986 | . A regular expression is available for excluding directories from the | |
5987 | count. | |
5988 | ||
5989 | 20. The autoreply transport checks the characters in options that define the | |
5990 | message's headers; it allows continued headers, but it was checking with | |
5991 | isspace() after an embedded newline instead of explicitly looking for a | |
5992 | space or a tab. | |
5993 | ||
5994 | 21. If all the "regular" hosts to which an address was routed had passed their | |
5995 | expiry times, and had not reached their retry times, the address was | |
5996 | bounced, even if fallback hosts were defined. Now Exim should go on to try | |
5997 | the fallback hosts. | |
5998 | ||
5999 | 22. Increased buffer sizes in the callout code from 1024 to 4096 to match the | |
6000 | equivalent code in the SMTP transport. Some hosts send humungous responses | |
6001 | to HELO/EHLO, more than 1024 it seems. | |
6002 | ||
6003 | 23. Refactoring: code in filter.c used (void *) for "any old type" but this | |
6004 | gives compiler warnings in some environments. I've now done it "properly", | |
6005 | using a union. | |
6006 | ||
6007 | 24. The replacement for inet_ntoa() that is used with gcc on IRIX systems | |
6008 | (because of problems with the built-in one) was declared to return uschar * | |
6009 | instead of char *, causing compiler failure. | |
6010 | ||
6011 | 25. Fixed a file descriptor leak when processing alias/forward files. | |
6012 | ||
6013 | 26. Fixed a minor format string issue in dbfn.c. | |
6014 | ||
6015 | 27. Typo in exim.c: ("dmbnz" for "dbmnz"). | |
6016 | ||
6017 | 28. If a filter file refered to $h_xxx or $message_headers, and the headers | |
6018 | contained RFC 2047 "words", Exim's memory could, under certain conditions, | |
6019 | become corrupted. | |
6020 | ||
6021 | 29. When a sender address is verified, it is cached, to save repeating the test | |
6022 | when there is more than one recipient in a message. However, when the | |
6023 | verification involves a callout, it is possible for different callout | |
6024 | options to be set for different recipients. It is too complicated to keep | |
6025 | track of this in the cache, so now Exim always runs a verification when a | |
6026 | callout is required, relying on the callout cache for the optimization. | |
6027 | The overhead is duplication of the address routing, but this should not be | |
6028 | too great. | |
6029 | ||
6030 | 30. Fixed a bug in callout caching. If a RCPT command caused the sender address | |
6031 | to be verified with callout=postmaster, and the main callout worked but the | |
6032 | postmaster check failed, the verification correctly failed. However, if a | |
6033 | subsequent RCPT command asked for sender verification *without* the | |
6034 | postmaster check, incorrect caching caused this verification also to fail, | |
6035 | incorrectly. | |
6036 | ||
6037 | 31. Exim caches DNS lookup failures so as to avoid multiple timeouts; however, | |
6038 | it was not caching the DNS options (qualify_single, search_parents) that | |
6039 | were used when the lookup failed. A subsequent lookup with different | |
6040 | options therefore always gave the same answer, though there were cases | |
6041 | where it should not have. (Example: a "domains = !$mx_any" option on a | |
6042 | dnslookup router: the "domains" option is always processed without any | |
6043 | widening, but the router might have qualify_single set.) Now Exim uses the | |
6044 | cached value only when the same options are set. | |
6045 | ||
6046 | 32. Added John Jetmore's "exipick" utility to the distribution. | |
6047 | ||
6048 | 33. GnuTLS: When an attempt to start a TLS session fails for any reason other | |
6049 | than a timeout (e.g. a certificate is required, and is not provided), an | |
6050 | Exim server now closes the connection immediately. Previously it waited for | |
6051 | the client to close - but if the client is SSL, it seems that they each | |
6052 | wait for each other, leading to a delay before one of them times out. | |
6053 | ||
6054 | 34: GnuTLS: Updated the code to use the new GnuTLS 1.0.0 API. I have not | |
6055 | maintained 0.8.x compatibility because I don't think many are using it, and | |
6056 | it is clearly obsolete. | |
6057 | ||
6058 | 35. Added TLS support for CRLs: a tls_crl global option and one for the smtp | |
6059 | transport. | |
6060 | ||
6061 | 36. OpenSSL: $tls_certificate_verified was being set to 1 even if the | |
6062 | client certificate was expired. A simple patch fixes this, though I don't | |
6063 | understand the full logic of why the verify callback is called multiple | |
6064 | times. | |
6065 | ||
6066 | 37. OpenSSL: a patch from Robert Roselius: "Enable client-bug workaround. | |
6067 | Versions of OpenSSL as of 0.9.6d include a 'CBC countermeasure' feature, | |
6068 | which causes problems with some clients (such as the Certicom SSL Plus | |
6069 | library used by Eudora). This option, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, | |
6070 | disables the coutermeasure allowing Eudora to connect." | |
6071 | ||
6072 | 38. Exim was not checking that a write() to a log file succeeded. This could | |
6073 | lead to Bad Things if a log got too big, in particular if it hit a file | |
6074 | size limit. Exim now panics and dies if it cannot write to a log file, just | |
6075 | as it does if it cannot open a log file. | |
6076 | ||
6077 | 39. Modified OS/Makefile-Linux so that it now contains | |
6078 | ||
6079 | CFLAGS=-O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE | |
6080 | ||
6081 | The two -D definitions ensure that Exim is compiled with large file | |
6082 | support, which makes it possible to handle log files that are bigger than | |
6083 | 2^31. | |
6084 | ||
6085 | 40. Fixed a subtle caching bug: if (in an ACL or a set of routers, for | |
6086 | instance) a domain was checked against a named list that involved a lookup, | |
6087 | causing $domain_data to be set, then another domain was checked against the | |
6088 | same list, then the first domain was re-checked, the value of $domain_data | |
6089 | after the final check could be wrong. In particular, if the second check | |
6090 | failed, it could be set empty. This bug probably also applied to | |
6091 | $localpart_data. | |
6092 | ||
6093 | 41. The strip_trailing_dot option was not being applied to the address given | |
6094 | with the -f command-line option. | |
6095 | ||
6096 | 42. The code for reading a message's header from the spool was incrementing | |
6097 | $received_count, but never initializing it. This meant that the value was | |
6098 | incorrect (doubled) while delivering a message in the same process in which | |
6099 | it was received. In the most common configuration of Exim, this never | |
6100 | happens - a fresh exec is done - but it can happen when | |
6101 | deliver_drop_privilege is set. | |
6102 | ||
6103 | 43. When Exim logs an SMTP synchronization error - client data sent too soon - | |
6104 | it now includes up to 150 characters of the unexpected data in the log | |
6105 | line. | |
6106 | ||
6107 | 44. The exim_dbmbuild utility uses fixed size buffers for reading input lines | |
6108 | and building data strings. The size of both of these buffers was 10 000 | |
6109 | bytes - far larger than anybody would *ever* want, thought I. Needless to | |
6110 | say, somebody hit the limit. I have increased the maximum line length to | |
6111 | 20 000 and the maximum data length of concatenated lines to 100 000. I have | |
6112 | also fixed two bugs, because there was no checking on these buffers. Tsk, | |
6113 | tsk. Now exim_dbmbuild gives a message and exits with an error code if a | |
6114 | buffer is too small. | |
6115 | ||
6116 | 45. The exim_dbmbuild utility did not support quoted keys, as Exim does in | |
6117 | lsearch lookups. Now it does. | |
6118 | ||
6119 | 46. When parsing a route_list item in a manualroute router, a fixed-length | |
6120 | buffer was used for the list of hosts. I made this 1024 bytes long, | |
6121 | thinking that nobody would ever have a list of hosts that long. Wrong. | |
6122 | Somebody had a whole pile of complicated expansion conditions, and the | |
6123 | string was silently truncated, leading to an expansion error. It turns out | |
6124 | that it is easier to change to an unlimited length (owing to other changes | |
6125 | that have happened since this code was originally written) than to build | |
6126 | structure for giving a limitation error. The length of the item that | |
6127 | expands into the list of hosts is now unlimited. | |
6128 | ||
6129 | 47. The lsearch lookup could not handle data where the length of text line was | |
6130 | more than 4095 characters. Such lines were truncated, leading to shortened | |
6131 | data being returned. It should now handle lines of any length. | |
6132 | ||
6133 | 48. Minor wording revision: "cannot test xxx in yyy ACL" becomes "cannot test | |
6134 | xxx condition in yyy ACL" (e.g. "cannot test domains condition in DATA | |
6135 | ACL"). | |
6136 | ||
6137 | 49. Cosmetic tidy to scripts like exicyclog that are generated by globally | |
6138 | replacing strings such as BIN_DIRECTORY in a source file: the replacement | |
6139 | no longer happens in comment lines. A list of replacements is now placed | |
6140 | at the head of all of the source files, except those whose only change is | |
6141 | to replace PERL_COMMAND in the very first #! line. | |
6142 | ||
6143 | 50. Replaced the slow insertion sort in queue.c, for sorting the list of | |
6144 | messages on the queue, with a bottom-up merge sort, using code contributed | |
6145 | by Michael Haardt. This should make operations like -bp somewhat faster on | |
6146 | large queues. It won't affect queue runners, except when queue_run_in_order | |
6147 | is set. | |
6148 | ||
6149 | 51. Installed eximstats 1.31 in the distribution. | |
6150 | ||
6151 | 52. Added support for SRV lookups to the dnslookup router. | |
6152 | ||
6153 | 53. If an ACL referred to $message_body or $message_body_end, the value was not | |
6154 | reset for any messages that followed in the same SMTP session. | |
6155 | ||
6156 | 54. The store-handling optimization for building very long strings was not | |
6157 | differentiating between the different store pools. I don't think this | |
6158 | actually made any difference in practice, but I've tidied it. | |
6159 | ||
6160 | 55. While running the routers to verify a sender address, $sender_address | |
6161 | was still set to the sender address. This is wrong, because when routing to | |
6162 | send a bounce to the sender, it would be empty. Therefore, I have changed | |
6163 | it so that, while verifying a sender address, $sender_address is set to <>. | |
6164 | (There is no change to what happens when verifying a recipient address.) | |
6165 | ||
6166 | 56. After finding MX (or SRV) records, Exim was doing a DNS lookup for the | |
6167 | target A or AAAA records (if not already returned) without resetting the | |
6168 | qualify_single or search_parents options of the DNS resolver. These are | |
6169 | inappropriate in this case because the targets of MX and SRV records must | |
6170 | be FQDNs. A broken DNS record could cause trouble if it happened to have a | |
6171 | target that, when qualified, matched something in the local domain. These | |
6172 | two options are now turned off when doing these lookups. | |
6173 | ||
6174 | 57. It seems that at least some releases of Reiserfs (which does not have the | |
6175 | concept of a fixed number of inodes) returns zero and not -1 for the | |
6176 | number of available inodes. This interacted badly with check_spool_inodes, | |
6177 | which assumed that -1 was the "no such thing" setting. What I have done is | |
6178 | to check that the total number of inodes is greater than zero before doing | |
6179 | the test of how many are available. | |
6180 | ||
6181 | 58. When a "warn" ACL statement has a log_message modifier, the message is | |
6182 | remembered, and not repeated. This is to avoid a lot of repetition when a | |
6183 | message has many recipients that cause the same warning to be written. | |
4c04137d | 6184 | However, Exim was preserving the list of already written lines for an |
495ae4b0 PH |
6185 | entire SMTP session, which doesn't seem right. The memory is now reset if a |
6186 | new message is started. | |
6187 | ||
6188 | 59. The "rewrite" debugging flag was not showing the result of rewriting in the | |
6189 | debugging output unless log_rewrite was also set. | |
6190 | ||
6191 | 60. Avoid a compiler warning on 64-bit systems in dsearch.c by avoiding the use | |
6192 | of (int)(handle) when we know that handle contains (void *)(-1). | |
6193 | ||
6194 | 61. The Exim daemon panic-logs an error return when it closes the incoming | |
6195 | connection. However "connection reset by peer" seems to be common, and | |
6196 | isn't really an error worthy of noting specially, so that particular error | |
6197 | is no long logged. | |
6198 | ||
6199 | 62. When Exim is trying to find all the local interfaces, it used to panic and | |
6200 | die if the ioctl to get the interface flags failed. However, it seems that | |
6201 | on at least one OS (Solaris 9) it is possible to have an interface that is | |
6202 | included in the list of interfaces, but for which you get a failure error | |
6203 | for this call. This happens when the interface is not "plumbed" into a | |
6204 | protocol (i.e. neither IPv4 nor IPv6). I've changed the code so that a | |
6205 | failure of the "get flags" call assumes that the interface is down. | |
6206 | ||
6207 | 63. Added a ${eval10: operator, which assumes all numbers are decimal. This | |
6208 | makes life easier for people who are doing arithmetic on fields extracted | |
6209 | from dates, where you often get leading zeros that should not be | |
6210 | interpreted as octal. | |
6211 | ||
6212 | 64. Added qualify_domain to the redirect router, to override the global | |
6213 | setting. | |
6214 | ||
6215 | 65. If a pathologically long header line contained very many addresses (the | |
6216 | report of this problem mentioned 10 000) and each of them was rewritten, | |
6217 | Exim could use up a very large amount of memory. (It kept on making new | |
6218 | copies of the header line as it rewrote, and never released the old ones.) | |
6219 | At the expense of a bit more processing, the header rewriting function has | |
6220 | been changed so that it no longer eats memory in this way. | |
6221 | ||
6222 | 66. The generation of the Received: header has been moved from the time that a | |
6223 | message starts to be received, to the time that it finishes. The timestamp | |
6224 | in the Received: header should now be very close to that of the <= log | |
6225 | line. There are two side-effects of this change: | |
6226 | ||
6227 | (a) If a message is rejected by a DATA or non-SMTP ACL or local_scan(), the | |
6228 | logged header lines no longer include the local Received: line, because | |
6229 | it has not yet been created. The same applies to a copy of the message | |
6230 | that is returned to a non-SMTP sender when a message is rejected. | |
6231 | ||
6232 | (b) When a filter file is tested using -bf, no additional Received: header | |
6233 | is added to the test message. After some thought, I decided that this | |
6234 | is a bug fix. | |
6235 | ||
6236 | This change does not affect the value of $received_for. It is still set | |
6237 | after address rewriting, but before local_scan() is called. | |
6238 | ||
6239 | 67. Installed the latest Cygwin-specific files from the Cygwin maintainer. | |
6240 | ||
6241 | 68. GnuTLS: If an empty file is specified for tls_verify_certificates, GnuTLS | |
6242 | gave an unhelpful panic error message, and a defer error. I have managed to | |
6243 | change this behaviour so that it now rejects any supplied certificate, | |
6244 | which seems right, as the list of acceptable certificates is empty. | |
6245 | ||
6246 | 69. OpenSSL: If an empty file is specified for tls_verify_certificates, OpenSSL | |
6247 | gave an unhelpful defer error. I have not managed to make this reject any | |
6248 | supplied certificates, but the error message it gives is "no certificate | |
6249 | supplied", which is not helpful. | |
6250 | ||
6251 | 70. exigrep's output now also includes lines that are not associated with any | |
6252 | message, but which match the given pattern. Implemented by a patch from | |
6253 | Martin Sluka, which also tidied up the Perl a bit. | |
6254 | ||
6255 | 71. Recipient callout verification, like sender verification, was using <> in | |
6256 | the MAIL FROM command. This isn't really the right thing, since the actual | |
6257 | sender may affect whether the remote host accepts the recipient or not. I | |
6258 | have changed it to use the actual sender in the callout; this means that | |
6259 | the cache record is now keyed on a recipient/sender pair, not just the | |
6260 | recipient address. There doesn't seem to be a real danger of callout loops, | |
6261 | since a callout by the remote host to check the sender would use <>. | |
6262 | [SEE ABOVE: changed after hitting problems.] | |
6263 | ||
6264 | 72. Exim treats illegal SMTP error codes that do not begin with 4 or 5 as | |
6265 | temporary errors. However, in the case of such a code being given after | |
6266 | the end of a data transmission (i.e. after ".") Exim was failing to write | |
6267 | a retry record for the message. (Yes, there was some broken host that was | |
6268 | actually sending 8xx at this point.) | |
6269 | ||
6270 | 73. An unknown lookup type in a host list could cause Exim to panic-die when | |
6271 | the list was checked. (An example that provoked this was putting <; in the | |
6272 | middle of a list instead of at the start.) If this happened during a DATA | |
6273 | ACL check, a -D file could be left lying around. This kind of configuration | |
4c04137d | 6274 | error no longer causes Exim to die; instead it causes a defer error. The |
495ae4b0 PH |
6275 | incident is still logged to the main and panic logs. |
6276 | ||
6277 | 74. Buglet left over from Exim 3 conversion. The message "too many messages | |
6278 | in one connection" was written to the rejectlog but not the mainlog, except | |
6279 | when address rewriting (yes!) was being logged. | |
6280 | ||
6281 | 75. Added write_rejectlog option. | |
6282 | ||
6283 | 76. When a system filter was run not as root (that is, when system_filter_user | |
6284 | was set), the values of the $n variables were not being returned to the | |
6285 | main process; thus, they were not subsequently available in the $sn | |
6286 | variables. | |
6287 | ||
6288 | 77. Added +return_path_on_delivery log selector. | |
6289 | ||
6290 | 78. A connection timeout was being treated differently from recipients deferred | |
6291 | when testing hosts_max_try with a message that was older than the host's | |
6292 | retry timeout. (The host should not be counted, thus allowing all hosts to | |
6293 | be tried at least once before bouncing.) This may have been the cause of an | |
6294 | occasionally reported bug whereby a message would remain on the queue | |
6295 | longer than the retry timeout, but would be bounced if a delivery was | |
6296 | forced. I say "may" because I never totally pinned down the problem; | |
6297 | setting up timeout/retry tests is difficult. See also the next item. | |
6298 | ||
6299 | 79. The ultimate address timeout was not being applied to errors that involved | |
6300 | a combination of host plus message (for example, a timeout on a MAIL | |
6301 | command). When an address resolved to a number of possible hosts, and they | |
6302 | were not all tried for each delivery (e.g. because of hosts_max_try), a | |
6303 | message could remain on the queue longer than the retry timeout. | |
6304 | ||
6305 | 80. Sieve bug: "stop" inside "elsif" was broken. Applied a patch from Michael | |
6306 | Haardt. | |
6307 | ||
6308 | 81. Fixed an obscure SMTP outgoing bug which required at least the following | |
6309 | conditions: (a) there was another message waiting for the same server; | |
6310 | (b) the server returned 5xx to all RCPT commands in the first message so | |
6311 | that the message was not completed; (c) the server dropped the connection | |
6312 | or gave a negative response to the RSET that Exim sends to abort the | |
6313 | transaction. The observed case was a dropped connection after DATA that had | |
6314 | been sent in pipelining mode. That is, the server had advertised PIPELINING | |
6315 | but was not implementing it correctly. The effect of the bug was incorrect | |
6316 | behaviour, such as trying another host, and this could lead to a crash. | |
6317 | ||
6318 | ||
6319 | Exim version 4.30 | |
6320 | ----------------- | |
6321 | ||
6322 | 1. The 3rd arguments to getsockname(), getpeername(), and accept() in exim.c | |
6323 | and daemon.c were passed as pointers to ints; they should have been | |
6324 | pointers to socklen_t variables (which are typically unsigned ints). | |
6325 | ||
6326 | 2. Some signed/unsigned type warnings in the os.c file for Linux have been | |
6327 | fixed. | |
6328 | ||
6329 | 3. Fixed a really odd bug that affected only the testing scheme; patching a | |
6330 | certain fixed string in the binary changed the value of another string that | |
6331 | happened to be identical to the end of the original first string. | |
6332 | ||
6333 | 4. When gethostbyname() (or equivalent) is passed an IP address as a "host | |
6334 | name", it returns that address as the IP address. On some operating | |
6335 | systems (e.g. Solaris), it also passes back the IP address string as the | |
6336 | "host name". However, on others (e.g. Linux), it passes back an empty | |
6337 | string. Exim wasn't checking for this, and was changing the host name to an | |
4c04137d | 6338 | empty string, assuming it had been canonicalized. |
495ae4b0 PH |
6339 | |
6340 | 5. Although rare, it is permitted to have more than one PTR record for a given | |
6341 | IP address. I thought that gethostbyaddr() or getipnodebyaddr() always gave | |
6342 | all the names associated with an address, because they do in Solaris. | |
6343 | However, it seems that they do not in Linux for data that comes from the | |
6344 | DNS. If an address in /etc/hosts has multiple names, they _are_ all given. | |
6345 | I found this out when I moved to a new Linux workstation and tried to run | |
6346 | the Exim test suite. | |
6347 | ||
6348 | To get round this problem I have changed the code so that it now does its | |
6349 | own call to the DNS to look up PTR records when searching for a host name. | |
6350 | If nothing can be found in the DNS, it tries gethostbyaddr(), so that | |
6351 | addresses that are only in /etc/hosts are still found. | |
6352 | ||
6353 | This behaviour is, however, controlled by an option called host_lookup_ | |
6354 | order, which defaults to "bydns:byaddr". If people want to use the other | |
6355 | order, or indeed, just use one or the other means of lookup, they can | |
6356 | specify it in this variable. | |
6357 | ||
6358 | 6. If a PTR record yields an empty name, Exim treats it as non-existent. In | |
6359 | some operating systems, this comes back from gethostbyaddr() as an empty | |
6360 | string, and this is what Exim used to test for. However, it seems that in | |
6361 | other systems, "." is yielded. Exim now tests for this case too. | |
6362 | ||
6363 | 7. The values of check_spool_space and check_log_space are now held internally | |
6364 | as a number of kilobytes instead of an absolute number of bytes. If a | |
6365 | numbers is specified without 'K' or 'M', it is rounded up to the nearest | |
6366 | kilobyte. This means that much larger values can be stored. | |
6367 | ||
6368 | 8. Exim monitor: an attempt to get the action menu when not actually pointing | |
6369 | at a message produces an empty menu entitled "No message selected". This | |
6370 | works on Solaris (OpenWindows). However, XFree86 does not like a menu with | |
6371 | no entries in it ("Shell widget menu has zero width and/or height"). So I | |
6372 | have added a single, blank menu entry in this case. | |
6373 | ||
6374 | 9. Added ${quote_local_part. | |
6375 | ||
6376 | 10. MIME decoding is now applied to the contents of Subject: header lines when | |
6377 | they are logged. | |
6378 | ||
6379 | 11. Now that a reference to $sender_host_address automatically causes a reverse | |
6380 | lookup to occur if necessary (4.13/18), there is no need to arrange for a | |
6381 | host lookup before query-style lookups in lists that might use this | |
6382 | variable. This has therefore been abolished, and the "net-" prefix is no | |
6383 | longer necessary for query-style lookups. | |
6384 | ||
6385 | 12. The Makefile for SCO_SV contained a setting of LDFLAGS. This appears to | |
6386 | have been a typo for LFLAGS, so it has been changed. | |
6387 | ||
6388 | 13. The install script calls Exim with "-C /dev/null" in order to find the | |
6389 | version number. If ALT_CONFIG_PREFIX was set, this caused an error message | |
4c04137d | 6390 | to be output. However, since Exim outputs its version number before the |
495ae4b0 PH |
6391 | error, it didn't break the script. It just looked ugly. I fixed this by |
6392 | always allowing "-C /dev/null" if the caller is root. | |
6393 | ||
6394 | 14. Ignore overlarge ACL variable number when reading spool file - insurance | |
6395 | against a later release with more variables having written the file. | |
6396 | ||
6397 | 15. The standard form for an IPv6 address literal was being rejected by EHLO. | |
6398 | Example: [IPv6:2002:c1ed:8229:10:202:2dff:fe07:a42a]. Exim now accepts | |
6399 | this, as well as the form without the "IPv6" on the front. | |
6400 | ||
6401 | 16. Added CHOWN_COMMAND=/usr/sbin/chown and LIBS=-lresolv to the | |
6402 | OS/Makefile-Darwin file. | |
6403 | ||
6404 | 17. Fixed typo in lookups/ldap.c: D_LOOKUP should be D_lookup. This applied | |
6405 | only to LDAP libraries that do not have LDAP_OPT_DEREF. | |
6406 | ||
6407 | 18. After change 4.21/52, "%ld" was used to format the contents of the $inode | |
6408 | variable. However, some OS use ints for inodes. I've added cast to long int | |
6409 | to get rid of the compiler warning. | |
6410 | ||
6411 | 19. I had forgotten to lock out "/../" in configuration file names when | |
6412 | ALT_CONFIG_PREFIX was set. | |
6413 | ||
6414 | 20. Routers used for verification do not need to specify transports. However, | |
6415 | if such a router generated a host list, and callout was configured, Exim | |
6416 | crashed, because it could not find a port number from the (non-existent) | |
6417 | transport. It now assumes port 25 in this circumstance. | |
6418 | ||
6419 | 21. Added the -t option to exigrep. | |
6420 | ||
6421 | 22. If LOOKUP_LSEARCH is defined, all three linear search methods (lsearch, | |
6422 | wildlsearch, nwildlsearch) are compiled. LOOKUP_WILDLSEARCH and LOOKUP_ | |
6423 | NWILDLSEARCH are now obsolete, but retained for compatibility. If either of | |
6424 | them is set, LOOKUP_LSEARCH is forced. | |
6425 | ||
6426 | 23. "exim -bV" now outputs a list of lookups that are included in the binary. | |
6427 | ||
6428 | 24. Added sender and host information to the "rejected by local_scan()" log | |
6429 | line; previously there was no indication of these. | |
6430 | ||
6431 | 25. Added .include_if_exists. | |
6432 | ||
6433 | 26. Change 3.952/11 added an explicit directory sync on top of a file sync for | |
6434 | Linux. It turns out that not all file systems support this. Apparently some | |
6435 | versions of NFS do not. (It's rare to put Exim's spool on NFS, but people | |
6436 | do it.) To cope with this, the error EINVAL, which means that sync-ing is | |
6437 | not supported on the file descriptor, is now ignored when Exim is trying to | |
6438 | sync a directory. This applies only to Linux. | |
6439 | ||
6440 | 27. Added -DBIND_8_COMPAT to the CLFAGS setting for Darwin. | |
6441 | ||
6442 | 28. In Darwin (MacOS X), the PAM headers are in /usr/include/pam and not in | |
6443 | /usr/include/security. There's now a flag in OS/os.h-Darwin to cope with | |
6444 | this. | |
6445 | ||
6446 | 29. Added support for maildirsize files from supplied patch (modified a bit). | |
6447 | ||
6448 | 30. The use of :fail: followed by an empty string could lead Exim to respond to | |
6449 | sender verification failures with (e.g.): | |
6450 | ||
6451 | 550 Verification failed for <xxx> | |
6452 | 550 Sender verify failed | |
6453 | ||
6454 | where the first response line was missing the '-' that indicates it is not | |
6455 | the final line of the response. | |
6456 | ||
6457 | 31. The loop for finding the name of the user that called Exim had a hardwired | |
6458 | limit of 10; it now uses the value of finduser_retries, which is used for | |
6459 | all other user lookups. | |
6460 | ||
6461 | 32. Added $received_count variable, available in data and not_smtp ACLs, and at | |
6462 | delivery time. | |
6463 | ||
6464 | 33. Exim was neglecting to zero errno before one call of strtol() when | |
6465 | expanding a string and expecting an integer value. On some systems this | |
6466 | resulted in spurious "integer overflow" errors. Also, it was casting the | |
6467 | result into an int without checking. | |
6468 | ||
6469 | 34. Testing for a connection timeout using "timeout_connect" in the retry rules | |
6470 | did not work. The code looks as if it has *never* worked, though it appears | |
4c04137d | 6471 | to have been documented since at least release 1.62. I have made it work. |
495ae4b0 PH |
6472 | |
6473 | 35. The "timeout_DNS" error in retry rules, also documented since at least | |
6474 | 1.62, also never worked. As it isn't clear exactly what this means, and | |
6475 | clearly it isn't a major issue, I have abolished the feature by treating it | |
6476 | as "timeout", and writing a warning to the main and panic logs. | |
6477 | ||
6478 | 36. The display of retry rules for -brt wasn't always showing the error code | |
6479 | correctly. | |
6480 | ||
6481 | 37. Added new error conditions to retry rules: timeout_A, timeout_MX, | |
6482 | timeout_connect_A, timeout_connect_MX. | |
6483 | ||
6484 | 38. Rewriting the envelope sender at SMTP time did not allow it to be rewritten | |
6485 | to the empty sender. | |
6486 | ||
6487 | 39. The daemon was not analysing the content of -oX till after it had closed | |
6488 | stderr and disconnected from the controlling terminal. This meant that any | |
6489 | syntax errors were only noted on the panic log, and the return code from | |
6490 | the command was 0. By re-arranging the code a little, I've made the | |
6491 | decoding happen first, so such errors now appear on stderr, and the return | |
6492 | code is 1. However, the actual setting up of the sockets still happens in | |
6493 | the disconnected process, so errors there are still only recorded on the | |
6494 | panic log. | |
6495 | ||
6496 | 40. A daemon listener on a wildcard IPv6 socket that also accepts IPv4 | |
6497 | connections (as happens on some IP stacks) was logged at start up time as | |
6498 | just listening for IPv6. It now logs "IPv6 with IPv4". This differentiates | |
6499 | it from "IPv6 and IPv4", which means that two separate sockets are being | |
6500 | used. | |
6501 | ||
6502 | 41. The debug output for gethostbyname2() or getipnodebyname() failures now | |
6503 | says whether AF_INET or AF_INET6 was passed as an argument. | |
6504 | ||
6505 | 42. Exiwhat output was messed up when time zones were included in log | |
6506 | timestamps. | |
6507 | ||
6508 | 43. Exiwhat now gives more information about the daemon's listening ports, | |
6509 | and whether -tls-on-connect was used. | |
6510 | ||
6511 | 44. The "port" option of the smtp transport is now expanded. | |
6512 | ||
6513 | 45. A "message" modifier in a "warn" statement in a non-message ACL was being | |
6514 | silently ignored. Now an error message is written to the main and panic | |
6515 | logs. | |
6516 | ||
6517 | 46. There's a new ACL modifier called "logwrite" which writes to a log file | |
6518 | as soon as it is encountered. | |
6519 | ||
6520 | 47. Added $local_user_uid and $local_user_gid at routing time. | |
6521 | ||
6522 | 48. Exim crashed when trying to verify a sender address that was being | |
6523 | rewritten to "<>". | |
6524 | ||
6525 | 49. Exim was recognizing only a space character after ".include". It now also | |
6526 | recognizes a tab character. | |
6527 | ||
6528 | 50. Fixed several bugs in the Perl script that creates the exim.8 man page by | |
6529 | extracting the relevant information from the specification. The man page no | |
6530 | longer contains scrambled data for the -d option, and I've added a section | |
6531 | at the front about calling Exim under different names. | |
6532 | ||
6533 | 51. Added "extra_headers" argument to the "mail" command in filter files. | |
6534 | ||
6535 | 52. Redirecting mail to an unqualified address in a Sieve filter caused Exim to | |
6536 | crash. | |
6537 | ||
6538 | 53. Installed eximstats 1.29. | |
6539 | ||
6540 | 54. Added transport_filter_timeout as a generic transport option. | |
6541 | ||
6542 | 55. Exim no longer adds an empty Bcc: header to messages that have no To: or | |
6543 | Cc: header lines. This was required by RFC 822, but it not required by RFC | |
6544 | 2822. | |
6545 | ||
6546 | 56. Exim used to add From:, Date:, and Message-Id: header lines to any | |
6547 | incoming messages that did not have them. Now it does so only if the | |
6548 | message originates locally, that is, if there is no associated remote host | |
6549 | address. When Resent- header lines are present, this applies to the Resent- | |
6550 | lines rather than the non-Resent- lines. | |
6551 | ||
6552 | 57. Drop incoming SMTP connection after too many syntax or protocol errors. The | |
6553 | limit is controlled by smtp_max_synprot_errors, defaulting to 3. | |
6554 | ||
6555 | 58. Messages for configuration errors now include the name of the main | |
6556 | configuration file - useful now that there may be more than one file in a | |
6557 | list (.included file names were always shown). | |
6558 | ||
6559 | 59. Change 4.21/82 (run initgroups() when starting the daemon) causes problems | |
6560 | for those rare installations that do not start the daemon as root or run it | |
6561 | setuid root. I've cut out the call to initgroups() if the daemon is not | |
6562 | root at that time. | |
6563 | ||
6564 | 60. The Exim user and group can now be bound into the binary as text strings | |
6565 | that are looked up at the start of Exim's processing. | |
6566 | ||
6567 | 61. Applied a small patch for the Interbase code, supplied by Ard Biesheuvel. | |
6568 | ||
6569 | 62. Added $mailstore_basename variable. | |
6570 | ||
6571 | 63. Installed patch to sieve.c from Michael Haardt. | |
6572 | ||
6573 | 64. When Exim failed to open the panic log after failing to open the main log, | |
6574 | the original message it was trying to log was written to stderr and debug | |
6575 | output, but if they were not available (the usual case in production), it | |
6576 | was lost. Now it is written to syslog before the two lines that record the | |
6577 | failures to open the logs. | |
6578 | ||
6579 | 65. Users' Exim filters run in subprocesses under the user's uid. It is | |
6580 | possible for a "deliver" command or an alias in a "personal" command to | |
6581 | provoke an address rewrite. If logging of address rewriting is configured, | |
6582 | this fails because the process is not running as root or exim. There may be | |
6583 | a better way of dealing with this, but for the moment (because 4.30 needs | |
6584 | to be released), I have disabled address rewrite logging when running a | |
6585 | filter in a non-root, non-exim process. | |
6586 | ||
6587 | ||
6588 | Exim version 4.24 | |
6589 | ----------------- | |
6590 | ||
6591 | 1. The buildconfig auxiliary program wasn't quoting the value set for | |
6592 | HEADERS_CHARSET. This caused a compilation error complaining that 'ISO' was | |
6593 | not defined. This bug was masked in 4.22 by the effect that was fixed in | |
6594 | change 4.23/1. | |
6595 | ||
6596 | 2. Some messages that were rejected after a message id was allocated were | |
6597 | shown as "incomplete" by exigrep. It no longer does this for messages that | |
6598 | are rejected by local_scan() or the DATA or non-SMTP ACLs. | |
6599 | ||
6600 | 3. If a Message-ID: header used a domain literal in the ID, and Exim did not | |
6601 | have allow_domain_literals set, the ID did not get logged in the <= line. | |
6602 | Domain literals are now always recognized in Message-ID: header lines. | |
6603 | ||
6604 | 4. The first argument for a ${extract expansion item is the key name or field | |
6605 | number. Leading and trailing spaces in this item were not being ignored, | |
6606 | causing some misleading effects. | |
6607 | ||
6608 | 5. When deliver_drop_privilege was set, single queue runner processes started | |
6609 | manually (i.e. by the command "exim -q") or by the daemon (which uses the | |
6610 | same command in the process it spins off) were not dropping privilege. | |
6611 | ||
6612 | 6. When the daemon running as "exim" started a queue runner, it always | |
6613 | re-executed Exim in the spun-off process. This is a waste of effort when | |
6614 | deliver_drop_privilege is set. The new process now just calls the | |
6615 | queue-runner function directly. | |
6616 | ||
6617 | ||
6618 | Exim version 4.23 | |
6619 | ----------------- | |
6620 | ||
6621 | 1. Typo in the src/EDITME file: it referred to HEADERS_DECODE_TO instead of | |
6622 | HEADERS_CHARSET. | |
6623 | ||
6624 | 2. Change 4.21/73 introduced a bug. The pid file path set by -oP was being | |
6625 | ignored. Though the use of -oP was forcing the writing of a pid file, it | |
6626 | was always written to the default place. | |
6627 | ||
6628 | 3. If the message "no IP address found for host xxxx" is generated during | |
6629 | incoming verification, it is now followed by identification of the incoming | |
6630 | connection (so you can more easily find what provoked it). | |
6631 | ||
6632 | 4. Bug fix for Sieve filters: "stop" inside a block was not working properly. | |
6633 | ||
6634 | 5. Added some features to "harden" Exim a bit more against certain attacks: | |
6635 | ||
6636 | (a) There is now a build-time option called FIXED_NEVER_USERS that can | |
6637 | be put in Local/Makefile. This is like the never_users runtime option, | |
6638 | but it cannot be overridden. The default setting is "root". | |
6639 | ||
6640 | (b) If ALT_CONFIG_PREFIX is defined in Local/Makefile, it specifies a | |
6641 | prefix string with which any file named in a -C command line option | |
6642 | must start. | |
6643 | ||
6644 | (c) If ALT_CONFIG_ROOT_ONLY is defined in Local/Makefile, root privilege | |
6645 | is retained for -C and -D only if the caller of Exim is root. Without | |
6646 | it, the exim user may also use -C and -D and retain privilege. | |
6647 | ||
6648 | (d) If DISABLE_D_OPTION is defined in Local/Makefile, the use of the -D | |
6649 | command line option is disabled. | |
6650 | ||
6651 | 6. Macro names set by the -D option must start with an upper case letter, just | |
6652 | like macro names defined in the configuration file. | |
6653 | ||
6654 | 7. Added "dereference=" facility to LDAP. | |
6655 | ||
6656 | 8. Two instances of the typo "uknown" in the source files are fixed. | |
6657 | ||
6658 | 9. If a PERL_COMMAND setting in Local/Makefile was not at the start of a line, | |
6659 | the Configure-Makefile script screwed up while processing it. | |
6660 | ||
6661 | 10. Incorporated PCRE 4.4. | |
6662 | ||
6663 | 11. The SMTP synchronization check was not operating right at the start of an | |
6664 | SMTP session. For example, it could not catch a HELO sent before the client | |
6665 | waited for the greeting. There is now a check for outstanding input at the | |
6666 | point when the greeting is written. Because of the duplex, asynchronous | |
6667 | nature of TCP/IP, it cannot be perfect - the incorrect input may be on its | |
6668 | way, but not yet received, when the check is performed. | |
6669 | ||
6670 | 12. Added tcp_nodelay to make it possible to turn of the setting of TCP_NODELAY | |
6671 | on TCP/IP sockets, because this apparently causes some broken clients to | |
6672 | timeout. | |
6673 | ||
6674 | 13. Installed revised OS/Makefile-CYGWIN and OS/os.c-cygwin (the .h file was | |
6675 | unchanged) from the Cygwin maintainer. | |
6676 | ||
6677 | 14. The code for -bV that shows what is in the binary showed "mbx" when maildir | |
6678 | was supported instead of testing for mbx. Effectively a typo. | |
6679 | ||
6680 | 15. The spa authenticator server code was not checking that the input it | |
6681 | received was valid base64. | |
6682 | ||
6683 | 16. The debug output line for the "set" modifier in ACLs was not showing the | |
6684 | name of the variable that was being set. | |
6685 | ||
6686 | 17. Code tidy: the variable type "vtype_string" was never used. Removed it. | |
6687 | ||
6688 | 18. Previously, a reference to $sender_host_name did not cause a DNS reverse | |
6689 | lookup on its own. Something else was needed to trigger the lookup. For | |
6690 | example, a match in host_lookup or the need for a host name in a host list. | |
6691 | Now, if $sender_host_name is referenced and the host name has not yet been | |
6692 | looked up, a lookup is performed. If the lookup fails, the variable remains | |
6693 | empty, and $host_lookup_failed is set to "1". | |
6694 | ||
6695 | 19. Added "eqi" as a case-independent comparison operator. | |
6696 | ||
6697 | 20. The saslauthd authentication condition could segfault if neither service | |
6698 | nor realm was specified. | |
6699 | ||
6700 | 21. If an overflowing value such as "2048M" was set for message_size_limit, the | |
6701 | error message that was logged was misleading, and incoming SMTP | |
6702 | connections were dropped. The message is now more accurate, and temporary | |
6703 | errors are given to SMTP connections. | |
6704 | ||
6705 | 22. In some error situations (such as 21 above) Exim rejects all SMTP commands | |
6706 | (except RSET) with a 421 error, until QUIT is received. However, it was | |
6707 | failing to send a response to QUIT. | |
6708 | ||
6709 | 23. The HELO ACL was being run before the code for helo_try_verify_hosts, | |
6710 | which made it impossible to use "verify = helo" in the HELO ACL. The HELO | |
6711 | ACL is now run after the helo_try_verify_hosts code. | |
6712 | ||
6713 | 24. "{MD5}" and "{SHA1}" are now recognized as equivalent to "{md5"} and | |
6714 | "{sha1}" in the "crypteq" expansion condition (in fact the comparison is | |
6715 | case-independent, so other case variants are also recognized). Apparently | |
6716 | some systems use these upper case variants. | |
6717 | ||
6718 | 25. If more than two messages were waiting for the same host, and a transport | |
6719 | filter was specified for the transport, Exim sent two messages over the | |
6720 | same TCP/IP connection, and then failed with "socket operation on non- | |
6721 | socket" when it tried to send the third. | |
6722 | ||
6723 | 26. Added Exim::debug_write and Exim::log_write for embedded Perl use. | |
6724 | ||
6725 | 27. The extern definition of crypt16() in expand.c was not being excluded when | |
6726 | the OS had its own crypt16() function. | |
6727 | ||
6728 | 28. Added bounce_return_body as a new option, and bounce_return_size_limit | |
6729 | as a preferred synonym for return_size_limit, both as an option and as an | |
6730 | expansion variable. | |
6731 | ||
6732 | 29. Added LIBS=-liconv to OS/Makefile-OSF1. | |
6733 | ||
6734 | 30. Changed the default configuration ACL to relax the local part checking rule | |
6735 | for addresses that are not in any local domains. For these addresses, | |
6736 | slashes and pipe symbols are allowed within local parts, but the sequence | |
6737 | /../ is explicitly forbidden. | |
6738 | ||
6739 | 31. SPA server authentication was not clearing the challenge buffer before | |
6740 | using it. | |
6741 | ||
6742 | 32. log_message in a "warn" ACL statement was writing to the reject log as | |
6743 | well as to the main log, which contradicts the documentation and doesn't | |
6744 | seem right (because no rejection is happening). So I have stopped it. | |
6745 | ||
6746 | 33. Added Ard Biesheuvel's lookup code for accessing an Interbase database. | |
6747 | However, I am unable to do any testing of this. | |
6748 | ||
6749 | 34. Fixed an infelicity in the appendfile transport. When checking directories | |
6750 | for a mailbox, to see if any needed to be created, it was accidentally | |
6751 | using path names with one or more superfluous leading slashes; tracing | |
6752 | would show up entries such as stat("///home/ph10", 0xFFBEEA48). | |
6753 | ||
6754 | 35. If log_message is set on a "discard" verb in a MAIL or RCPT ACL, its | |
6755 | contents are added to the log line that is written for every discarded | |
6756 | recipient. (Previously a log_message setting was ignored.) | |
6757 | ||
6758 | 36. The ${quote: operator now quotes the string if it is empty. | |
6759 | ||
6760 | 37. The install script runs exim in order to find its version number. If for | |
6761 | some reason other than non-existence or emptiness, which it checks, it | |
6762 | could not run './exim', it was installing it with an empty version number, | |
6763 | i.e. as "exim-". This error state is now caught, and the installation is | |
6764 | aborted. | |
6765 | ||
6766 | 38. An argument was missing from the function that creates an error message | |
6767 | when Exim fails to connect to the socket for saslauthd authentication. | |
6768 | This could cause Exim to crash, or give a corrupted message. | |
6769 | ||
6770 | 39. Added isip, isip4, and isip6 to ${if conditions. | |
6771 | ||
6772 | 40. The ACL variables $acl_xx are now saved with the message, and can be | |
6773 | accessed later in routers, transports, and filters. | |
6774 | ||
6775 | 41. The new lookup type nwildlsearch is like wildlsearch, except that the key | |
6776 | strings in the file are not string-expanded. | |
6777 | ||
6778 | 42. If a MAIL command specified a SIZE value that was too large to fit into an | |
6779 | int variable, the check against message_size_limit failed. Such values are | |
6780 | now forced to INT_MAX, which is around 2Gb for a 32-bit variable. Maybe one | |
6781 | day this will have to be increased, but I don't think I want to be around | |
6782 | when emails are that large. | |
6783 | ||
6784 | ||
6785 | ||
6786 | Exim version 4.22 | |
6787 | ----------------- | |
6788 | ||
6789 | 1. Removed HAVE_ICONV=yes from OS/Makefile-FreeBSD, since it seems that | |
6790 | iconv() is not standard in FreeBSD. | |
6791 | ||
6792 | 2. Change 4.21/17 was buggy and could cause stack overwriting on a system with | |
6793 | IPv6 enabled. The observed symptom was a segmentation fault on return from | |
6794 | the function os_common_find_running_interfaces() in src/os.c. | |
6795 | ||
6796 | 3. In the check_special_case() function in daemon.c I had used "errno" as an | |
6797 | argument name, which causes warnings on some systems. This was basically a | |
6798 | typo, since it was named "eno" in the comments! | |
6799 | ||
6800 | 4. The code that waits for the clock to tick (at a resolution of some fraction | |
6801 | of a second) so as to ensure message-id uniqueness was always waiting for | |
6802 | at least one whole tick, when it could have waited for less. [This is | |
6803 | almost certainly not relevant at current processor speeds, where it is | |
6804 | unlikely to ever wait at all. But we try to future-proof.] | |
6805 | ||
6806 | 5. The function that sleeps for a time interval that includes fractions of a | |
6807 | second contained a race. It did not block SIGALRM between setting the | |
6808 | timer, and suspending (a couple of lines later). If the interval was short | |
6809 | and the sigsuspend() was delayed until after it had expired, the suspension | |
6810 | never ended. On busy systems this could lead to processes getting stuck for | |
6811 | ever. | |
6812 | ||
6813 | 6. Some uncommon configurations may cause a lookup to happen in a queue runner | |
6814 | process, before it forks any delivery processes. The open lookup caching | |
6815 | mechanism meant that the open file or database connection was passed into | |
6816 | the delivery process. The problem was that delivery processes always tidy | |
6817 | up cached lookup data. This could cause a problem for the next delivery | |
6818 | process started by the queue runner, because the external queue runner | |
6819 | process does not know about the closure. So the next delivery process | |
6820 | still has data in the lookup cache. In the case of a file lookup, there was | |
6821 | no problem because closing a file descriptor in a subprocess doesn't affect | |
6822 | the parent. However, if the lookup was caching a connection to a database, | |
6823 | the connection was closed, and the second delivery process was likely to | |
6824 | see errors such as "PGSQL: query failed: server closed the connection | |
6825 | unexpectedly". The problem has been fixed by closing all cached lookups | |
6826 | in a queue runner before running a delivery process. | |
6827 | ||
6828 | 7. Compiler warning on Linux for the second argument of iconv(), which doesn't | |
6829 | seem to have the "const" qualifier which it has on other OS. I've | |
6830 | parameterised it. | |
6831 | ||
6832 | 8. Change 4.21/2 was too strict. It is only if there are two authenticators | |
6833 | *of the same type* (client or server) with the same public name that an | |
6834 | error should be diagnosed. | |
6835 | ||
6836 | 9. When Exim looked up a host name for an IP address, but failed to find the | |
6837 | original IP address when looking up the host name (a safety check), it | |
6838 | output the message "<ip address> does not match any IP for NULL", which was | |
6839 | confusing, to say the least. The bug was that the host name should have | |
6840 | appeared instead of "NULL". | |
6841 | ||
6842 | 10. Since release 3.03, if Exim is called by a uid other than root or the Exim | |
6843 | user that is built into the binary, and the -C or -D options is used, root | |
6844 | privilege is dropped before the configuration file is read. In addition, | |
6845 | logging is switched to stderr instead of the normal log files. If the | |
6846 | configuration then re-defines the Exim user, the unprivileged environment | |
6847 | is probably not what is expected, so Exim logs a panic warning message (but | |
6848 | proceeds). | |
6849 | ||
6850 | However, if deliver_drop_privilege is set, the unprivileged state may well | |
6851 | be exactly what is intended, so the warning has been cut out in that case, | |
6852 | and Exim is allowed to try to write to its normal log files. | |
6853 | ||
6854 | ||
6855 | Exim version 4.21 | |
6856 | ----------------- | |
6857 | ||
6858 | 1. smtp_return_error_details was not giving details for temporary sender | |
6859 | or receiver verification errors. | |
6860 | ||
6861 | 2. Diagnose a configuration error if two authenticators have the same public | |
6862 | name. | |
6863 | ||
6864 | 3. Exim used not to create the message log file for a message until the first | |
6865 | delivery attempt. This could be confusing when incoming messages were held | |
6866 | for policy or load reasons. The message log file is now created at the time | |
6867 | the message is received, and an initial "Received" line is written to it. | |
6868 | ||
6869 | 4. The automatically generated man page for command line options had a minor | |
6870 | bug that caused no ill effects; however, a more serious problem was that | |
6871 | the procedure for building the man page automatically didn't always | |
6872 | operate. Consequently, release 4.20 contains an out-of-date version. This | |
6873 | shouldn't happen again. | |
6874 | ||
6875 | 5. When building Exim with embedded Perl support, the script that builds the | |
6876 | Makefile was calling 'perl' to find its compile-time parameters, ignoring | |
6877 | any setting of PERL_COMMAND in Local/Makefile. This is now fixed. | |
6878 | ||
6879 | 6. The freeze_tell option was not being used for messages that were frozen on | |
6880 | arrival, either by an ACL or by local_scan(). | |
6881 | ||
6882 | 7. Added the smtp_incomplete_transaction log selector. | |
6883 | ||
6884 | 8. After STARTTLS, Exim was not forgetting that it had advertised AUTH, so it | |
6885 | was accepting AUTH without a new EHLO. | |
6886 | ||
6887 | 9. Added tls_remember_esmtp to cope with YAEB. This allows AUTH and other | |
6888 | ESMTP extensions after STARTTLS without a new EHLO, in contravention of the | |
6889 | RFC. | |
6890 | ||
6891 | 10. Logging of TCP/IP connections (when configured) now happens in the main | |
6892 | daemon process instead of the child process, so that the TCP/IP connection | |
6893 | count is more accurate (but it can never be perfect). | |
6894 | ||
6895 | 11. The use of "drop" in a nested ACL was not being handled correctly in the | |
6896 | outer ACL. Now, if condition failure induced by the nested "drop" causes | |
6897 | the outer ACL verb to deny access ("accept" or "discard" after "endpass", | |
6898 | or "require"), the connection is dropped. | |
6899 | ||
6900 | 12. Similarly, "discard" in a nested ACL wasn't being handled. A nested ACL | |
6901 | that yield "discard" can now be used with an "accept" or a "discard" verb, | |
6902 | but an error is generated for any others (because I can't see a useful way | |
6903 | to define what should happen). | |
6904 | ||
6905 | 13. When an ACL is read dynamically from a file (or anywhere else), the lines | |
6906 | are now processed in the same way as lines in the Exim configuration file. | |
6907 | In particular, continuation lines are supported. | |
6908 | ||
6909 | 14. Added the "dnslists = a.b.c!=n.n.n.n" feature. | |
6910 | ||
6911 | 15. Added -ti meaning -t -i. | |
6912 | ||
6913 | 16. Check for letters, digits, hyphens, and dots in the names of dnslist | |
6914 | domains, and warn by logging if others are found. | |
6915 | ||
4c04137d | 6916 | 17. At least on BSD, alignment is not guaranteed for the array of ifreq's |
495ae4b0 PH |
6917 | returned from GIFCONF when Exim is trying to find the list of interfaces on |
6918 | a host. The code in os.c has been modified to copy each ifreq to an aligned | |
6919 | structure in all cases. | |
6920 | ||
6921 | Also, in some cases, the returned ifreq's were being copied to a 'struct | |
6922 | ifreq' on the stack, which was subsequently passed to host_ntoa(). That | |
6923 | means the last couple of bytes of an IPv6 address could be chopped if the | |
6924 | ifreq contained only a normal sockaddr (14 bytes storage). | |
6925 | ||
6926 | 18. Named domain lists were not supported in the hosts_treat_as_local option. | |
6927 | An entry such as +xxxx was not recognized, and was treated as a literal | |
6928 | domain name. | |
6929 | ||
6930 | 19. Ensure that header lines added by a DATA ACL are included in the reject log | |
6931 | if the ACL subsequently rejects the message. | |
6932 | ||
6933 | 20. Upgrade the cramtest.pl utility script to use Digest::MD5 instead of just | |
6934 | MD5 (which is deprecated). | |
6935 | ||
6936 | 21. When testing a filter file using -bf, Exim was writing a message when it | |
6937 | took the sender from a "From " line in the message, but it was not doing so | |
6938 | when it took $return_path from a Return-Path: header line. It now does. | |
6939 | ||
6940 | 22. If the contents of a "message" modifier for a "warn" ACL verb do not begin | |
6941 | with a valid header line field name (a series of printing characters | |
6942 | terminated by a colon, Exim now inserts X-ACL-Warn: at the beginning. | |
6943 | ||
6944 | 23. Changed "disc" in the source to "disk" to conform to the documentation and | |
6945 | the book and for uniformity. | |
6946 | ||
6947 | 24. Ignore Sendmail's -Ooption=value command line item. | |
6948 | ||
6949 | 25. When execve() failed while trying to run a command in a pipe transport, | |
4c04137d | 6950 | Exim was returning EX_UNAVAILABLE (69) from the subprocess. However, this |
495ae4b0 PH |
6951 | could be confused with a return value of 69 from the command itself. This |
6952 | has been changed to 127, the value the shell returns if it is asked to run | |
6953 | a non-existent command. The wording for the related log line suggests a | |
6954 | non-existent command as the problem. | |
6955 | ||
6956 | 26. If received_header_text expands to an empty string, do not add a Received: | |
6957 | header line to the message. (Well, it adds a token one on the spool, but | |
6958 | marks it "old" so that it doesn't get used or transmitted.) | |
6959 | ||
6960 | 27. Installed eximstats 1.28 (addition of -nt option). | |
6961 | ||
6962 | 28. There was no check for failure on the call to getsockname() in the daemon | |
6963 | code. This can fail if there is a shortage of resources on the system, with | |
6964 | ENOMEM, for example. A temporary error is now given on failure. | |
6965 | ||
6966 | 29. Contrary to the C standard, it seems that in some environments, the | |
6967 | equivalent of setlocale(LC_ALL, "C") is not obeyed at the start of a C | |
6968 | program. Exim now does this explicitly; it affects the formatting of | |
6969 | timestamps using strftime(). | |
6970 | ||
6971 | 30. If exiqsumm was given junk data, it threw up some uninitialized variable | |
6972 | complaints. I've now initialized all the variables, to avoid this. | |
6973 | ||
6974 | 32. Header lines added by a system filter were not being "seen" during | |
6975 | transport-time rewrites. | |
6976 | ||
6977 | 33. The info_callback() function passed to OpenSSL is set up with type void | |
6978 | (*)(SSL *, int, int), as described somewhere. However, when calling the | |
6979 | function (actually a macro) that sets it up, the type void(*)() is | |
6980 | expected. I've put in a cast to prevent warnings from picky compilers. | |
6981 | ||
6982 | 34. If a DNS black list lookup found a CNAME record, but there were no A | |
6983 | records associated with the domain it pointed at, Exim crashed. | |
6984 | ||
6985 | 35. If a DNS black list lookup returned more than one A record, Exim ignored | |
6986 | all but the first. It now scans all returned addresses if a particular IP | |
6987 | value is being sought. In this situation, the contents of the | |
6988 | $dnslist_value variable are a list of all the addresses, separated by a | |
6989 | comma and a space. | |
6990 | ||
6991 | 36. Tightened up the rules for host name lookups using reverse DNS. Exim used | |
6992 | to accept a host name and all its aliases if the forward lookup for any of | |
6993 | them yielded the IP address of the incoming connection. Now it accepts only | |
6994 | those names whose forward lookup yields the correct IP address. Any other | |
6995 | names are discarded. This closes a loophole whereby a rogue DNS | |
6996 | administrator could create reverse DNS records to break through a | |
6997 | wildcarded host restriction in an ACL. | |
6998 | ||
6999 | 37. If a user filter or a system filter that ran in a subprocess used any of | |
7000 | the numerical variables ($1, $2 etc), or $thisaddress, in a pipe command, | |
7001 | the wrong values were passed to the pipe command ($thisaddress had the | |
7002 | value of $0, $0 had the value of $1, etc). This bug was introduced by | |
7003 | change 4.11/101, and not discovered because I wrote an inadequate test. :-( | |
7004 | ||
7005 | 38. Improved the line breaking for long SMTP error messages from ACLs. | |
7006 | Previously, if there was no break point between 40 and 75 characters, Exim | |
7007 | left the rest of the message alone. Two changes have been made: (a) I've | |
7008 | reduced the minimum length to 35 characters; (b) if it can't find a break | |
7009 | point between 35 and 75 characters, it looks ahead and uses the first one | |
7010 | that it finds. This may give the occasional overlong line, but at least the | |
7011 | remaining text gets split now. | |
7012 | ||
7013 | 39. Change 82 of 4.11 was unimaginative. It assumed the limit on the number of | |
7014 | file descriptors might be low, and that setting 1000 would always raise it. | |
7015 | It turns out that in some environments, the limit is already over 1000 and | |
7016 | that lowering it causes trouble. So now Exim takes care not to decrease it. | |
7017 | ||
7018 | 40. When delivering a message, the value of $return_path is set to $sender_ | |
7019 | address at the start of routing (routers may change the value). By an | |
7020 | oversight, this default was not being set up when an address was tested by | |
7021 | -bt or -bv, which affected the outcome if any router or filter referred to | |
7022 | $return_path. | |
7023 | ||
7024 | 41. The idea of the "warn" ACL verb is that it adds a header or writes to the | |
7025 | log only when "message" or "log_message" are set. However, if one of the | |
7026 | conditions was an address verification, or a call to a nested ACL, the | |
7027 | messages generated by the underlying test were being passed through. This | |
7028 | no longer happens. The underlying message is available in $acl_verify_ | |
7029 | message for both "message" and "log_message" expansions, so it can be | |
7030 | passed through if needed. | |
7031 | ||
7032 | 42. Added RFC 2047 interpretation of header lines for $h_ expansions, with a | |
7033 | new expansion $bh_ to give the encoded byte string without charset | |
7034 | translation. Translation happens only if iconv() is available; HAVE_ICONV | |
7035 | indicates this at build time. HEADERS_CHARSET gives the charset to | |
7036 | translate to; headers_charset can change it in the configuration, and | |
7037 | "headers charset" can change it in an individual filter file. | |
7038 | ||
7039 | 43. Now that we have a default RFC 2047 charset (see above), the code in Exim | |
7040 | that creates RFC 2047 encoded "words" labels them as that charset instead | |
7041 | of always using iso-8859-1. The cases are (i) the explicit ${rfc2047: | |
7042 | expansion operator; (ii) when Exim creates a From: line for a local | |
7043 | message; (iii) when a header line is rewritten to include a "phrase" part. | |
7044 | ||
7045 | 44. Nasty bug in exiqsumm: the regex to skip already-delivered addresses was | |
7046 | buggy, causing it to skip the first lines of messages whose message ID | |
7047 | ended in 'D'. This would not have bitten before Exim release 4.14, because | |
7048 | message IDs were unlikely to end in 'D' before then. The effect was to have | |
7049 | incorrect size information for certain domains. | |
7050 | ||
7051 | 45. #include "config.h" was missing at the start of the crypt16.c module. This | |
7052 | caused trouble on Tru64 (aka OSF1) systems, because HAVE_CRYPT16 was not | |
7053 | noticed. | |
7054 | ||
7055 | 46. If there was a timeout during a "random" callout check, Exim treated it as | |
7056 | a failure of the random address, and carried on sending RSET and the real | |
7057 | address. If the delay was just some slowness somewhere, the response to the | |
7058 | original RCPT would be taken as a response to RSET and so on, causing | |
7059 | mayhem of various kinds. | |
7060 | ||
7061 | 47. Change 50 for 4.20 was a heap of junk. I don't know what I was thinking | |
7062 | when I implemented it. It didn't allow for the fact that some option values | |
4c04137d | 7063 | may legitimately be negative (e.g. size_addition), and it didn't even do |
495ae4b0 PH |
7064 | the right test for positive values. |
7065 | ||
7066 | 48. Domain names in DNS records are case-independent. Exim always looks them up | |
7067 | in lower case. Some resolvers return domain names in exactly the case they | |
7068 | appear in the zone file, that is, they may contain uppercase letters. Not | |
7069 | all resolvers do this - some return always lower case. Exim was treating a | |
7070 | change of case by a resolver as a change of domain, similar to a widening | |
7071 | of a domain abbreviation. This triggered its re-routing code and so it was | |
7072 | trying to route what was effectively the same domain again. This normally | |
7073 | caused routing to fail (because the router wouldn't handle the domain | |
7074 | twice). Now Exim checks for this case specially, and just changes the | |
7075 | casing of the domain that it ultimately uses when it transmits the message | |
7076 | envelope. | |
7077 | ||
7078 | 49. Added Sieve (RFC 3028) support, courtesy of Michael Haardt's contributed | |
7079 | module. | |
7080 | ||
7081 | 50. If a filter generated a file delivery with a non-absolute name (possible if | |
7082 | no home directory exists for the router), the forbid_file option was not | |
7083 | forbidding it. | |
7084 | ||
7085 | 51. Added '&' feature to dnslists, to provide bit mask matching in addition to | |
7086 | the existing equality matching. | |
7087 | ||
7088 | 52. Exim was using ints instead of ino_t variables in some places where it was | |
7089 | dealing with inode numbers. | |
7090 | ||
7091 | 53. If TMPDIR is defined in Local/Makefile (default in src/EDITME is | |
7092 | TMPDIR="/tmp"), Exim checks for the presence of an environment variable | |
7093 | called TMPDIR, and if it finds it is different, it changes its value. | |
7094 | ||
7095 | 54. The smtp_printf() function is now made available to local_scan() so | |
7096 | additional output lines can be written before returning. There is also an | |
7097 | smtp_fflush() function to enable the detection of a dropped connection. | |
7098 | The variables smtp_input and smtp_batched_input are exported to | |
7099 | local_scan(). | |
7100 | ||
7101 | 55. Changed the default runtime configuration: the message "Unknown user" | |
7102 | has been removed from the ACL, and instead placed on the localuser router, | |
7103 | using the cannot_route_message feature. This means that any verification | |
7104 | failures that generate their own messages won't get overridden. Similarly, | |
7105 | the "Unrouteable address" message that was in the ACL for unverifiable | |
7106 | relay addresses has also been removed. | |
7107 | ||
7108 | 56. Added hosts_avoid_esmtp to the smtp transport. | |
7109 | ||
7110 | 57. The exicyclog script was not checking for the esoteric option | |
7111 | CONFIGURE_FILE_USE_EUID in the Local/Makefile. It now does this, but it | |
7112 | will work only if exicyclog is run under the appropriate euid. | |
7113 | ||
7114 | 58. Following a discussion on the list, the rules by which Exim recognises line | |
7115 | endings on incoming messages have been changed. The -dropcr and drop_cr | |
7116 | options are now no-ops, retained only for backwards compatibility. The | |
7117 | following line terminators are recognized: LF CRLF CR. However, special | |
7118 | processing applies to CR: | |
7119 | ||
7120 | (i) The sequence CR . CR does *not* terminate an incoming SMTP message, | |
7121 | nor a local message in the state where . is a terminator. | |
7122 | ||
7123 | (ii) If a bare CR is encountered in a header line, an extra space is added | |
7124 | after the line terminator so as not to end the header. The reasoning | |
7125 | behind this is that bare CRs in header lines are most likely either | |
7126 | to be mistakes, or people trying to play silly games. | |
7127 | ||
7128 | 59. The size of a message, as listed by "-bp" or in the Exim monitor window, | |
7129 | was being incorrectly given as 18 bytes larger than it should have been. | |
7130 | This is a VOB (very old bug). | |
7131 | ||
7132 | 60. This may never have affected anything current, but just in case it has: | |
7133 | When the local host is found other than at the start of a list of hosts, | |
7134 | the local host, those with the same MX, and any that follow, are discarded. | |
7135 | When the list in question was part of a longer list of hosts, the following | |
7136 | hosts (not currently being processed) were also being discarded. This no | |
7137 | longer happens. I'm not sure if this situation could ever has previously | |
7138 | arisen. | |
7139 | ||
7140 | 61. Added the "/MX" feature to lists of hosts in the manualroute and query | |
7141 | program routers. | |
7142 | ||
7143 | 62. Whenever Exim generates a new message, it now adds an Auto-Submitted: | |
7144 | header. This is something that is recommended in a new Internet Draft, and | |
7145 | is something that is documented as being done by Sendmail. There are two | |
7146 | possible values. For messages generated by the autoreply transport, Exim | |
7147 | adds: | |
7148 | ||
7149 | Auto-Submitted: auto-replied | |
7150 | ||
7151 | whereas for all other generated messages (e.g. bounces) it adds | |
7152 | ||
7153 | Auto-Submitted: auto-generated | |
7154 | ||
7155 | 63. The "personal" condition in filters now includes a test for the | |
7156 | Auto-Submitted: header. If it contains the string "auto-" the message it | |
7157 | not considered personal. | |
7158 | ||
7159 | 64. Added rcpt_include_affixes as a generic transport option. | |
7160 | ||
7161 | 65. Added queue_only_override (default true). | |
7162 | ||
7163 | 66. Added the syslog_duplication option. | |
7164 | ||
7165 | 67. If what should have been the first header line of a message consisted of | |
7166 | a space followed by a colon, Exim was mis-interpreting it as a header line. | |
7167 | It isn't of course - it is syntactically invalid and should therefore be | |
7168 | treated as the start of the message body. The misbehaviour could have | |
7169 | caused a number of strange effects, including loss of data in subsequent | |
7170 | header lines, and spool format errors. | |
7171 | ||
7172 | 68. Formerly, the AUTH parameter on a MAIL command was trusted only if the | |
7173 | client host had authenticated. This control can now be exercised by an ACL | |
7174 | for more flexibility. | |
7175 | ||
7176 | 69. By default, callouts do not happen when testing with -bh. There is now a | |
7177 | variant, -bhc, which does actually run the callout code, including | |
7178 | consulting and updating the callout cache. | |
7179 | ||
7180 | 70. Added support for saslauthd authentication, courtesy of Alexander | |
7181 | Sabourenkov. | |
7182 | ||
7183 | 71. If statvfs() failed on the spool or log directories while checking their | |
7184 | size for availability, Exim confusingly gave the error "space shortage". | |
7185 | Furthermore, in debugging mode it crashed with a floating point exception. | |
7186 | These checks are done if check_{spool,log}_{space,inodes} are set, and when | |
7187 | an SMTP message arrives with SIZE= on the MAIL command. As this is a really | |
7188 | serious problem, Exim now writes to the main and panic logs when this | |
7189 | happens, with details of the failure. It then refuses to accept the | |
7190 | incoming message, giving the message "spool directory problem" or "log | |
7191 | directory problem" with a 421 code for SMTP messages. | |
7192 | ||
7193 | 72. When Exim is about to re-exec itself, it ensures that the file descriptors | |
7194 | 0, 1, and 2 exist, because some OS complain for execs without them (see | |
7195 | ChangeLog 4.05/30). If necessary, Exim opens /dev/null to use for these | |
7196 | descriptors. However, the code omitted to check that the open succeeded, | |
7197 | causing mysterious errors if for some reason the permissions on /dev/null | |
7198 | got screwed. Now Exim writes a message to the main and panic logs, and | |
7199 | bombs out if it can't open /dev/null. | |
7200 | ||
7201 | 73. Re-vamped the way daemon_smtp_port, local_interfaces, and -oX work and | |
7202 | interact so that it is all more flexible. It is supposed to remain | |
7203 | backwards compatible. Also added extra_local_interfaces. | |
7204 | ||
7205 | 74. Invalid data sent to a SPA (NTLM) server authenticator could cause the code | |
7206 | to bomb out with an assertion failure - to the client this appears as a | |
7207 | connection drop. This problem occurs in the part of the code that was taken | |
7208 | from the Samba project. Fortunately, the assertion is in a very simple | |
7209 | function, so I have fixed this by reproducing the function inline in the | |
7210 | one place where it is called, and arranging for authentication to fail | |
7211 | instead of killing the process with assert(). | |
7212 | ||
7213 | 75. The SPA client code was not working when the server requested OEM rather | |
7214 | than Unicode encoding. | |
7215 | ||
7216 | 76. Added code to make require_files with a specific uid setting more usable in | |
7217 | the case where statting the file as root fails - usually a non-root-mounted | |
7218 | NFS file system. When this happens and the failure is EACCES, Exim now | |
7219 | forks a subprocess and does the per-uid checking as the relevant uid. | |
7220 | ||
7221 | 77. Added process_log_path. | |
7222 | ||
7223 | 78. If log_file_path was not explicitly set, a setting of check_log_space or | |
7224 | check_log_inodes was ignored. | |
7225 | ||
7226 | 79. If a space check for the spool or log partitions fails, the incident is now | |
7227 | logged. Of course, in the latter case the data may get lost... | |
7228 | ||
7229 | 80. Added the %p formatting code to string_format() so that it can be used to | |
7230 | print addresses in debug_print(). Adjusted all the address printing in the | |
7231 | debugging in store.c to use %p rather than %d. | |
7232 | ||
7233 | 81. There was a concern that a line of code in smtp_in.c could overflow a | |
7234 | buffer if a HELO/EHLO command was given followed by 500 or so spaces. As | |
7235 | initially expressed, the concern was not well-founded, because trailing | |
7236 | spaces are removed early. However, if the trailing spaces were followed by | |
7237 | a NULL, they did not get removed, so the overflow was possible. Two fixes | |
7238 | were applied: | |
7239 | ||
7240 | (a) I re-wrote the offending code in a cleaner fashion. | |
7241 | (b) If an incoming SMTP command contains a NULL character, it is rejected | |
7242 | as invalid. | |
7243 | ||
7244 | 82. When Exim changes uid/gid to the Exim user at daemon start time, it now | |
7245 | runs initgroups(), so that if the Exim user is in any additional groups, | |
7246 | they will be used during message reception. | |
7247 | ||
7248 | ||
7249 | Exim version 4.20 | |
7250 | ----------------- | |
7251 | ||
7252 | The change log for 4.20 and earlier releases has been archived. | |
7253 | ||
7254 | **** |