Commit | Line | Data |
---|---|---|
495ae4b0 PH |
1 | $Cambridge: exim/doc/doc-txt/ChangeLog.0,v 1.1 2004/10/07 15:04:35 ph10 Exp $ |
2 | ||
3 | Change log file for Exim from version 3.951 to 4.20 | |
4 | --------------------------------------------------- | |
5 | ||
6 | ||
7 | Exim version 4.20 | |
8 | ----------------- | |
9 | ||
10 | 1. If data for an authentication interaction was just the string "=", | |
11 | indicating an empty string, Exim was not setting up the numerical variable | |
12 | correctly. In some situations, this could cause a crash - in others, it | |
13 | might have passed unnoticed. | |
14 | ||
15 | 2. Changed signal(SIGTERM, command_sigterm_handler) in smtp_in.c to use | |
16 | os_non_restarting_signal() for tidiness; in practice this doesn't actually | |
17 | matter because the handler terminates the process. | |
18 | ||
19 | 3. Refactoring: | |
20 | ||
21 | (a) In some (but not all) places where Exim applies timers using alarm(), | |
22 | it was resetting the SIGALRM handler afterwards, but sometimes to | |
23 | SIG_IGN and sometimes to SIG_DFL. In other words, it was a mess. In | |
24 | fact, this reset is not necessary, because after alarm(0) there is no | |
25 | possibility of receiving a SIGLARM signal. So I've just removed them | |
26 | all. | |
27 | ||
28 | (b) The daemon.c module had its own SIGALRM handler, which was unnecessary. | |
29 | I changed it to use the handler that is used (almost) everywhere else. | |
30 | ||
31 | (c) Almost all uses of SIGALRM use the same handler, but it was being set | |
32 | by signal() all over the place. Now it is set at the start, and it | |
33 | resets itself every time it is called, so it remains enabled | |
34 | throughout. The few places that use a different handler reset to the | |
35 | "standard" one afterwards. | |
36 | ||
37 | (d) The setting of the SIGTERM handler while reading SMTP commands was done | |
38 | somwhat untidily. I have re-arranged the code. | |
39 | ||
40 | 4. If the building process was interrupted during the MakeLinks script, a | |
41 | subsequent run of 'make' gave misleading errors. I've made it a bit more | |
42 | robust against this case. If there appears to be a half-made set of links, | |
43 | an error message suggests that the user should remove the build directory | |
44 | and start again. | |
45 | ||
46 | 5. For compatibility with other MTAs, -f "" is now accepted as synonymous with | |
47 | -f "<>". | |
48 | ||
49 | 6. Upgraded to PCRE 4.1. | |
50 | ||
51 | 7. If a domain list contained @mx_any, or @mx_secondary, and the DNS contained | |
52 | secondary MX records for a domain, but all the other MX (higher priority) | |
53 | records pointed to non-existent hosts, Exim was behaving as if the domain | |
54 | did not match the list item. This has been fixed. | |
55 | ||
56 | 8. Upgraded eximstats to 1.27. | |
57 | ||
58 | 9. It was reported that change 4.14/46(b) caused problems on some systems with | |
59 | older libraries. There is now an option that can be set in Local/Makefile | |
60 | (or in a operating system Makefile): | |
61 | ||
62 | IPV6_USE_INET_PTON=yes | |
63 | ||
64 | If this is done, Exim reverts to using inet_pton() to convert a textual | |
65 | IPv6 address for actual use, instead of getaddrinfo(), as it did in | |
66 | versions before 4.14. Of course, this means that the additional | |
67 | functionality of getaddrinfo() - recognizing scoped addresses - is lost. | |
68 | ||
69 | 10. Update for PostgreSQL to match 4.14/14: after an insert, delete, or update | |
70 | command, the result is the number of rows affected. | |
71 | ||
72 | 11. If smtp_banner expanded to an empty string, no greeting line was sent, thus | |
73 | causing the client to time out. An empty 220 response is now sent. | |
74 | ||
75 | 12. An empty argument was logged as a null string by the "arguments" log | |
76 | selector. Now empty strings and arguments that contain whitespace are | |
77 | surrounded by quotes. | |
78 | ||
79 | 13. The "arguments" log selector now also logs the current working directory | |
80 | when Exim is called. | |
81 | ||
82 | 14. Added a couple more debugging calls to tls-openssl. | |
83 | ||
84 | 15. Changed the name of the global variable ldap_version because some LDAP | |
85 | library uses the same name, which causes a clash. It's now called | |
86 | eldap_version. While I was at it, I changed the other two global variables, | |
87 | ldap_default_servers and ldap_dn. | |
88 | ||
89 | 16. If an address that is verified in an ACL is redirected to a single address, | |
90 | Exim verifies the child (this is not new). However, the value of $address_ | |
91 | data that was being returned was the value from the parent. It is now the | |
92 | value from the child. | |
93 | ||
94 | 17. Re-arranged the code for rda_is_filter() to make it easier to add other | |
95 | filter types in future. | |
96 | ||
97 | 18. Removed the filter test function from filter.c and put it into its own | |
98 | source file, again to make things easier for multiple filter types. | |
99 | ||
100 | 19. To help those people who are maintaining a patch for dynamically loaded | |
101 | local_scan() functions, I have added | |
102 | ||
103 | #define LOCAL_SCAN_ABI_VERSION_MAJOR 1 | |
104 | #define LOCAL_SCAN_ABI_VERSION_MINOR 0 | |
105 | ||
106 | to the local_scan.h file. | |
107 | ||
108 | 20. The variables $tls_certificate_verified, $tls_cipher, and $tls_peerdn now | |
109 | exist even when Exim is not compiled with TLS support. | |
110 | ||
111 | 21. If an empty user name was sent by a client for a LOGIN authentication, it | |
112 | was not put into $1; instead, the password ended up in $1 (instead of in | |
113 | $2). | |
114 | ||
115 | 22. When creating a temporary file in the appendfile transport for a per-file | |
116 | delivery not in maildir or mailstore format (that is, in the old Smail | |
117 | format - I wonder if anyone uses this?), Exim was opening the file without | |
118 | O_EXCL, which is a bit unsafe. | |
119 | ||
120 | 23. The output from the ${stat: expansion operator was being formatted using %d | |
121 | which expects an integer; in many (most) systems size_t is off_t, which | |
122 | is actually a long or even a longlong, and in some cases this caused | |
123 | incorrect data to be output. The formatting is now done using %ld, with the | |
124 | values all explicitly cast to (long). | |
125 | ||
126 | 24. Callout caching was failing to cache a negative response to a "random" | |
127 | address check. | |
128 | ||
129 | 25. If a daemon was started with -qsomething and not -bd, and deliver_drop_ | |
130 | privilege was set, and a pid file was specified with -oP, and the pid file | |
131 | did not previously exist, it was created with owner exim instead of owner | |
132 | root. | |
133 | ||
134 | 26. verify=sender was not being allowed in a non-SMTP ACL. | |
135 | ||
136 | 27. Under some error conditions, the socket used for ident calls could be left | |
137 | open. | |
138 | ||
139 | 28. Added acl_smtp_helo, because some people seem to want it. | |
140 | ||
141 | 29. For hosts that match helo_verify_hosts, the error given when a MAIL command | |
142 | is received without HELO or EHLO has been changed from 550 to 503 (which | |
143 | means "bad sequence of commands"). | |
144 | ||
145 | 30. Installed PCRE 4.2. | |
146 | ||
147 | 31. The quota_size_regex option for the appendfile transport was broken in that | |
148 | a terminating zero was omitted from the string that was extracted for the | |
149 | size. If it happened that digits followed in the memory to which it was | |
150 | copied, an incorrect (too large) size was then used. | |
151 | ||
152 | 32. Change 4.14/32 (iv) introduced a bug in the case when the "phrase" part of | |
153 | a rewritten address did *not* contain any special characters. The | |
154 | generated address was mangled. | |
155 | ||
156 | 33. Several items of refactoring from Michael Haardt: | |
157 | ||
158 | . Introduction of "const" in a number of places | |
159 | . Use memcpy() instead of strncpy() in string_cat() | |
160 | . Add HAVE_ICONV to Linux file, for external users (Exim doesn't use it) | |
161 | [Later: From 4.21, Exim *does* use it.] | |
162 | . Preparation for adding additional types of filter file | |
163 | ||
164 | 34. Changed (incompatibly, but hopefully not so it affects anyone) the | |
165 | appendfile transport in the case when it is called directly as a result of | |
166 | a .forward or a filter file requesting a delivery to a file. Previously, | |
167 | any settings of "file" or "directory" were ignored in this case. Now they | |
168 | are used. The path received from the router is in $address_file (as | |
169 | before) and can therefore be included in the expansion. | |
170 | ||
171 | 35. If a "save" command in a filter specifies a non-absolute path, the value of | |
172 | $home/ is pre-pended. This no longer happens if $home is unset or is an | |
173 | empty string. It is expected that the transport will complete the path (see | |
174 | 34 above). If there is an error before the path is complete, the local part | |
175 | is logged as "save xxxx". | |
176 | ||
177 | 36. If multiple "to file" deliveries are routed to the same transport, no | |
178 | batching ever takes place, whatever the value of batch_max. | |
179 | ||
180 | 37. If an address was redirected to an unqualified local part preceded by a | |
181 | backslash, Exim was qualifying it with the qualify_domain, instead of with | |
182 | the incoming domain. | |
183 | ||
184 | 38. Minor rewording: header lines can be added by MAIL as well as RCPT: the | |
185 | debug line mentioned only RCPT. | |
186 | ||
187 | 39. DESTDIR is the more common variable that ROOT for use when installing | |
188 | software under a different root filing system. The Exim install script now | |
189 | recognizes DESTDIR first; if it is not set, ROOT is used. | |
190 | ||
191 | 40. If DESTDIR is set when installing Exim, it no longer prepends its value to | |
192 | the path of the system aliases file that appears in the default | |
193 | configuration (when a default configuration is installed). If an aliases | |
194 | file is actually created, its name *does* use the prefix. | |
195 | ||
196 | 41. If an item in log_file_path was an empty string, Exim wrote the log to the | |
197 | log directory in the spool directory. Now it takes notice of the | |
198 | setting of LOG_FILE_PATH in Local/Makefile, and uses the first non-empty, | |
199 | non-"syslog" item from that list. If there are none, it uses the ultimate | |
200 | default of the spool directory. | |
201 | ||
202 | 42. If there is a Reply-to: header line, but it is empty, $reply_address now | |
203 | contains the From: address instead of being empty. | |
204 | ||
205 | 43. Added -no-cpp-precomp to CFLAGS in OS/Makefile-Darwin. Without this, the | |
206 | compiler provides a string for __DATE__ that does not conform to the | |
207 | specification in the C standard. The option disables precompiled headers, | |
208 | which should not have any bad effects, as pre-compiled headers are | |
209 | supposedly just a performance enhancement at compile time. | |
210 | ||
211 | 44. Refactoring: as there is now a flag that specifies whether or not a home | |
212 | directory that is passed with an address is already expanded, we no longer | |
213 | need the \N...\N fudge for home directories extracted from the password | |
214 | data. | |
215 | ||
216 | 45. Fixed an infelicity introduced by 4.14/71: The defaulting of the prefix, | |
217 | suffix, and check string stuff in appendfile was happening when no | |
218 | directory was supplied. Now it happens if no directory is supplied AND | |
219 | maildir has not been specified. | |
220 | ||
221 | 46. If expansion of the serverpassword in a spa authenticator or expansion of | |
222 | server_condition in a plaintext authenticator is forced to fail, | |
223 | authentication now fails (previously it gave a temporary error, which is | |
224 | what happens for other expansion failures). This brings these | |
225 | authenticators into line with cram_md5, where expansion of server_secret | |
226 | has always behaved like this. | |
227 | ||
228 | 46. Added new syslog facilities (courtesy Oliver Gorwits): | |
229 | ||
230 | (i) SYSLOG_LOGS_PID and LONG_SYSLOG_LINES in src/EDITME. | |
231 | (ii) syslog_facility and syslog_processname main options. | |
232 | ||
233 | 47. Callout was using only the hosts from the router, ignoring the transport. | |
234 | This has been changed. If (a) the router does not set up hosts (e.g. it's | |
235 | an accept router) or (b) the smtp transport that is routed to has | |
236 | hosts_override set, then the transport's hosts are used for callout | |
237 | checking. | |
238 | ||
239 | 48. When named lists were nested, and an inner list was resolved by a lookup | |
240 | that saved data for, e.g. $domain_data, the data was associated with just | |
241 | the outer list, though both were cached, so if a subsequent test was done | |
242 | for the inner list, there was no domain data. Example: | |
243 | domainlist A = lsearch;/a/b | |
244 | domainlist B = lsearch;/c/d | |
245 | domainlist C = +A : +B | |
246 | A test on +C that matched, followed by a test on +A or +B would provoke | |
247 | this bug. Now the data is saved with both the inner and the outer lists. | |
248 | ||
249 | 49. When the log selector +address_rewrite is turned on, the log lines now | |
250 | show where the rewritten address came from (which header line, envelope | |
251 | field, or an SMTP command). | |
252 | ||
253 | 50. If an integer or fixed point configuration value is too big to fit in | |
254 | a 32-bit int, Exim now writes an error to the panic log and dies. | |
255 | ||
256 | 51. Unknown SMTP commands are now assumed to be ones that need synchronization; | |
257 | this means that a packet that contains more than one of them will cause the | |
258 | connection to be dropped as soon as the first one is encountered. | |
259 | ||
260 | 52. The "control" feature of ACLs was not permitted for the MAIL ACL (an | |
261 | oversight). It now is allowed. | |
262 | ||
263 | 53. Added the "discard" verb to ACLs. | |
264 | ||
265 | 54. Fixed a theoretical bug observed by reading the code: if local_scan() | |
266 | changed the number of recipients, output from the received_recipients log | |
267 | selector would be incorrect. | |
268 | ||
269 | 55. Added HAVE_ICONV to the os.h files for Linux, Solaris, HP-UX. This is for | |
270 | use in the forthcoming Sieve addition to Exim. | |
271 | ||
272 | 56. The behaviour of -t in the presence of Resent- headers has been changed, | |
273 | for compability with Sendmail and other MTAs. Previously, Exim gave an | |
274 | error, because it is not clear from RFC 2822 how this might be handled. It | |
275 | turns out that MUAs don't seem to follow what RFC 2822 says, and any MUA | |
276 | that uses -t with Resent- ensures that there is only one set of Resent- | |
277 | header lines (usually by renaming others to X-Resent-xxx). So now Exim will | |
278 | take recipients from all the Resent- header lines instead of the usual | |
279 | ones. | |
280 | ||
281 | ||
282 | Exim version 4.14 | |
283 | ----------------- | |
284 | ||
285 | 1. Found another case where SIGCHLD is being ignored (a child process for | |
286 | handling a filter file) and so the wait() doesn't find the subprocess. This | |
287 | came to light as a result of extra logging introduced as part of the | |
288 | 4.12/14 fix. Now Exim is careful to set SIGCHLD handling to its default | |
289 | (i.e. to be noticed) for this particular subprocess. (It already has this | |
290 | code for other cases where it uses subprocesses.) | |
291 | ||
292 | 2. If ${run appeared in part of a conditional item that was being skipped, the | |
293 | actual running of the command was not being skipped. | |
294 | ||
295 | 3. A bit of code tidying (refactoring): there were two functions that built | |
296 | strings containing a host name and ident value for logging. There is now | |
297 | only one. It is called in some additional places where previously just the | |
298 | host name and address were given, so the wording of some log lines has | |
299 | changed slightly. | |
300 | ||
301 | 4. Added support for Unix domain socket connection to PostgreSQL. | |
302 | ||
303 | 5. The number of unknown SMTP commands that Exim will accept before dropping | |
304 | a connection can now be changed by smtp_max_unknown_commands. The default | |
305 | value is 3. Previously, a fixed value of 5 was used. The final command is | |
306 | now included in the log line. | |
307 | ||
308 | 6. The standard place for chown and chgrp in Linux is /bin, not /usr/bin, as | |
309 | assumed by the exicyclog script. I've implemented a "look for it" feature | |
310 | that makes exicyclog look in /bin, /usr/bin, /usr/sbin, and /usr/etc for | |
311 | the commands chown, chgrp, mv, and rm if configured, and turned on this | |
312 | feature for Linux. This should cope with old Linuxes that use /usr/bin. | |
313 | ||
314 | 7. Implemented .ifdef etc. | |
315 | ||
316 | 8. Installed signal handlers for SIGSEGV, SIGILL, SIGFPE, and SIGBUS while | |
317 | running local_scan(), so that crashes therein get caught. A temporary error | |
318 | response is sent for an SMTP message, and the spool is cleaned up. | |
319 | Previously, a -D file was left lying around if there was a crash in | |
320 | local_scan(). | |
321 | ||
322 | 9. The ${quote: operator has been changed so that it turns newline and | |
323 | carriage return characters into \n and \r, respectively. | |
324 | ||
325 | 10. Added support for crypt16(). | |
326 | ||
327 | 11. Some restrictions on the use of "verify" in ACLs were too restrictive, and | |
328 | have been relaxed. In particular, "verify = sender" is now permitted in the | |
329 | ACL for the MAIL command, as well as those for RCPT and DATA. | |
330 | ||
331 | 12. If local_scan() sets up recipient or errors_to addresses that are | |
332 | unqualified (local parts without a domain) Exim now qualifies them using | |
333 | the qualify_recipient domain. | |
334 | ||
335 | 13. White space at the start of continuation lines in -be input was not being | |
336 | ignored. | |
337 | ||
338 | 14. Previously, if a MySQL query was issued that did not request any data (an | |
339 | insert, update, or delete command), Exim gave a lookup error and deferred. | |
340 | This case is now recognized, and the result of the lookup is now the number | |
341 | of rows affected. | |
342 | ||
343 | 15. A configuration error is given if tls_try_verify_hosts is set and | |
344 | tls_verify_certificates is not set. (Exim already did this for | |
345 | tls_verify_hosts.) | |
346 | ||
347 | 16. Exim was trying to create a non-existent hints database even when it was | |
348 | just opening it for reading. It called the creating function with the | |
349 | O_RDONLY and O_CREAT flags. This works with many DB libraries, but it | |
350 | not with DB 1.85, where a subsequent attempt to use the database gave the | |
351 | error "Inappropriate file type or format". Exim now creates hints databases | |
352 | only when it wants to open them for writing. | |
353 | ||
354 | 17. If an ACL condition test set a default "message" value without a | |
355 | "log_message" value, and there were no overriding messages in the ACL | |
356 | itself, no message was logged. The user message is now logged. | |
357 | ||
358 | 18. If callout made a connection, but it was dropped before the initial | |
359 | welcome response was received, Exim logged "response to initial connection | |
360 | was" with no further text. It now logs that the connection was dropped. | |
361 | The wording of the logging for callout defers has been slightly changed so | |
362 | as to reduce duplication. | |
363 | ||
364 | 19. When multiple messages were sent using TLS over one connection, the | |
365 | additional required EHLO that follows STARTTLS was being counted as a | |
366 | nonmail command, and thus causing a problem if there were a lot of | |
367 | messages. Similarly, a new AUTH that followed STARTTLS was being counted. | |
368 | It is now possible to run with smtp_accept_max_nonmail set to zero in these | |
369 | and other "normal" circumstances. | |
370 | ||
371 | 20. During verify=sender, global rewriting rules are applied to the sender | |
372 | address, and if it changes, $sender_address becomes the rewritten version. | |
373 | Unfortunately, it was not getting updated until after the routers had been | |
374 | run, so that if a router referred to $sender_address while verifying a | |
375 | sender, the unrewritten value was used. | |
376 | ||
377 | 21. The "random address" callout test was being done after the other tests. | |
378 | This is silly, because if the host accepts all local parts, there isn't any | |
379 | point in doing the other, more specific, tests. I changed things around so | |
380 | that the "random" test (if configured) is done first. | |
381 | ||
382 | 22. Expanded the wording for callout failures when MAIL FROM:<> or RCPT TO the | |
383 | a postmaster address are rejected. Also include these words when a | |
384 | rejection happens because of caching (when there isn't an actual SMTP | |
385 | command/result to reflect). | |
386 | ||
387 | 23. A new router condition called "address_test" (default true) can be used to | |
388 | skip routers when testing addresses using -bt (compare no_verify). This can | |
389 | be a convenience when your first router sends stuff to an external scanner. | |
390 | ||
391 | 24. Testing for deliver_queue_load_max was happening inside the delivery | |
392 | sub-process, when it could have happened outside, in the queue runner (thus | |
393 | saving one process). This was a hangover from Exim 3, where there were | |
394 | other load tests to be done. The code has been tidied. | |
395 | ||
396 | 25. Code tidy: the driver_info generic structure contained a field that | |
397 | might, on 64-bit systems, not have been compatible with the fields in the | |
398 | structures of which it is supposed to be a subset. It turns out that this | |
399 | field and another are not actually used generically, so removing them from | |
400 | the structure solves the problem. | |
401 | ||
402 | 26. Added server_advertise_condition to authenticators. | |
403 | ||
404 | 27. The exim_checkaccess utility wasn't sending a HELO command; this matters | |
405 | now that it's possible to have an ACL that checks HELO/EHLO. | |
406 | ||
407 | 27. Added the ldap_version option to force a specific LDAP version. | |
408 | ||
409 | 28. Renamed the variable verify_address in exim.c as verify_address_mode, | |
410 | because it had the same name as the verify_address() function, which was | |
411 | confusing. | |
412 | ||
413 | 29. Added authenticated_sender to the smtp transport. | |
414 | ||
415 | 30. When the skip_syntax_errors option is applied to a filter file, it covers | |
416 | all filtering errors, some of which may not be strictly "syntax" (for | |
417 | example, failure to open a log file). The wording of the message has been | |
418 | changed to use "error" instead of "syntax error", to reduce confusion. Also | |
419 | the subject of the message sent by syntax_errors_to is now "error(s) in | |
420 | forwarding or filtering" instead of "syntax error(s) in address expansion". | |
421 | ||
422 | 31. Added -restore-times to the exim_lock utility. | |
423 | ||
424 | 32. Changes to the handling of the "phrase" parts of email addresses: | |
425 | ||
426 | (i) Re-organized the code to use a supplied instead of an implied buffer, | |
427 | and a length instead of expecting a terminated string. | |
428 | ||
429 | (ii) Changed from using the macro mac_isprint() to an explicit test for | |
430 | ASCII non-printing characters, because the macro pays attention to | |
431 | print_topbitchars, which is not correct here. | |
432 | ||
433 | (iii) If a rewritten address contained a "phrase" (whether or not the "w" | |
434 | flag was present on the rewrite rule), but the actual address was | |
435 | unqualified (had no domain) and was expected to be qualified by the | |
436 | "Q" flag, Exim screwed up and created an illegal address. | |
437 | ||
438 | (iv) When a header address is rewritten by a rule that includes the "w" | |
439 | flag, the parts of the address outside <> are now encoded according | |
440 | to RFC 2047 if necessary (assuming ISO-8859-1 encoding). | |
441 | ||
442 | 33. Added the ${rfc2047 and ${from_utf8 expansion operators. | |
443 | ||
444 | 34. The file names used for maildir deliveries have been changed, to accomodate | |
445 | operating systems that may re-use a PID within one second. The file name | |
446 | now include the microsecond time fraction, and the delivery process does | |
447 | not exit until the clock is at least one microsecond after the time used in | |
448 | the file name. The code copes with the clock going backwards (it waits | |
449 | till time catches up). | |
450 | ||
451 | 35. The rules for creating message ids have been changed to allow for the fact | |
452 | that a PID may be re-used within one second. As part of this change, the | |
453 | range of localhost_number has been reduced to 0-16 for most systems, and | |
454 | 0-10 for those with case-insensitive file systems (Cygwin, Darwin). | |
455 | ||
456 | 36. Code tidy: there was a local count of non-TCP/IP messages that duplicated | |
457 | the global receive_messagecount (used for accept_queue_per_connection). | |
458 | ||
459 | 37. verify = header_syntax was allowing unqualified addresses in all cases. Now | |
460 | it allows them only for locally generated messages and from hosts that | |
461 | match sender_unqualified_hosts or recipient_unqualified_hosts, | |
462 | respectively. | |
463 | ||
464 | 38. If PAM was called with an empty first string, it called the data function | |
465 | to get the user name, thereby getting the second string by mistake. If this | |
466 | was also null (empty passwords are permitted), there was an infinite loop. | |
467 | An empty user name is not now passed to PAM; authentication is forcibly | |
468 | failed instead. Also, if the end of the list of strings is reached, an | |
469 | empty string is passed back just once; a subequent call for data provokes | |
470 | an error response. | |
471 | ||
472 | 39. If a reverse DNS lookup yields an empty string, treat it as if the lookup | |
473 | failed. (Apparently such records have been seen. Sigh.) | |
474 | ||
475 | 40. Added the -bnq command line option to suppress automatic qualification of | |
476 | addresses in locally submitted messages. | |
477 | ||
478 | 41. Header texts supplied by options to the autoreply transport may now contain | |
479 | newlines that are followed by whitespace. (This was allowed from a filter, | |
480 | but not from the transport.) | |
481 | ||
482 | 42. Patch for < > problems in eximstats 1.23. | |
483 | ||
484 | 43. Re-arranged the code to make it easier in future to add additional filter | |
485 | types. | |
486 | ||
487 | 44. Added support for changing the connection timeout in LDAP; this is | |
488 | something that's available in Netscape SDK 4.1. Exim uses the given value | |
489 | if LDAP_X_OPT_CONNECT_TIMEOUT is defined. | |
490 | ||
491 | 45. When Exim was setting a daemon listener on multiple interfaces, including | |
492 | listening on "all IPv6" and "all IPv4" interfaces, it was binding all the | |
493 | sockets, and then calling listen() for each of them. On some IP stacks, a | |
494 | listen for "all IPv4" fails after listening for "all IPv6" because a single | |
495 | socket catches both kinds of call. Exim coped with this, but it turns out | |
496 | that on a USAGI-patched Linux, this logic doesn't work unless the "listen", | |
497 | as well as the "bind" has been done for the IPv6 socket first. The order of | |
498 | the functions has now been changed. Instead of "bind, bind ... listen, | |
499 | listen..." it now does "bind, listen, bind, listen, ...". Also, the failure | |
500 | happens in the bind() rather than in the listen(), so there are now two | |
501 | checks, which hopefully will handle all kinds of IP stack. | |
502 | ||
503 | 46. IPv6 addresses have "scopes", and a host with multiple interfaces can, in | |
504 | principle, have the same link-local addresses on different interfaces. | |
505 | Thus, they need to be distinguished, and a convention of using a percent | |
506 | sign followed by something (often the interface name) is being used, for | |
507 | example: 3ffe:2101:12:1:a00:20ff:fe86:a061%eth0. Two changes have been made | |
508 | to accommodate this: | |
509 | ||
510 | (a) A percent sign followed by an arbitrary string is allowed at the end of | |
511 | an IPv6 address. | |
512 | ||
513 | (b) Exim calls getaddrinfo() instead of inet_pton() to convert a textual | |
514 | IPv6 address for actual use. This function recognizes the percent | |
515 | convention in some operating systems. | |
516 | ||
517 | 47. Additional debugging inserted for the case of forced failure when expanding | |
518 | an item in a list. | |
519 | ||
520 | 48. A new debugging selector +expand has been added. This is not included in | |
521 | the default set of selectors. It requests detailed debugging information | |
522 | for string expansions. | |
523 | ||
524 | 49. Failure to open the main log results in a panic-die, but the original line | |
525 | that was being logged could be lost. It is now output to stderr if there is | |
526 | a stderr file. | |
527 | ||
528 | 50. When Exim starts, it checks for the existence of its spool directory, and | |
529 | creates it if necessary. Unfortunately, it was doing this after the code | |
530 | for logging arguments. Thus, if the spool did not exist, trouble ensued. | |
531 | ||
532 | 51. The log line for an ACL warning after a sender verify callout failure was | |
533 | not showing the details, unlike the log line for a deny. They are now shown | |
534 | in a similar way. | |
535 | ||
536 | 52. For reasons lost in the mists of time, when a pipe transport was run, the | |
537 | environment variable MESSAGE_ID was set to the message ID preceded by 'E' | |
538 | (the form used in Message-ID: header lines). The 'E' has been removed. | |
539 | ||
540 | 53. Updated the QNX configuration files for QNX 6.2.0. | |
541 | ||
542 | 54. The "*@" type partial matching for single-key lookups was broken in | |
543 | releases after 4.10. Exim looked for *@xxx but, if that failed, it wasn't | |
544 | going on to look for "*". | |
545 | ||
546 | 55. Included eximstats 1.25 in the source tree. | |
547 | ||
548 | 56. Changed log wording from "Authentication failed" to "<name> authenticator | |
549 | failed", where <name> is the name of the authenticator. | |
550 | ||
551 | 57. gcc 3.2.2 warned about a selection of places where string casts were | |
552 | needed. | |
553 | ||
554 | 58. Exim monitor: the use of one_time redirection could cause addresses to be | |
555 | displayed with incorrect "parent" addresses after the one_time | |
556 | re-arrangement had taken place. They should be shown with no parents, | |
557 | because the parentage has been removed. | |
558 | ||
559 | 59. Arranged to keep independent timestamps for postmaster and random checks in | |
560 | callouts, and not to do unnecessary tests for postmaster when testing | |
561 | individual addresses. | |
562 | ||
563 | 60. Incorporated PCRE release 4.0. | |
564 | ||
565 | 61. Added ${hex2b64: operator. | |
566 | ||
567 | 62. Added $tod_zulu. | |
568 | ||
569 | 63. Added ${strlen: operator. | |
570 | ||
571 | 64. Added ${stat: operator. | |
572 | ||
573 | 65. When Exim is receiving multiple messages on a single connection, and | |
574 | spinning off delivery processess, it sets the SIGCHLD signal handling to | |
575 | SIG_IGN, because it doesn't want to wait for these processes. However, | |
576 | because on some OS this didn't work, it also has a paranoid call to | |
577 | waitpid() in the loop to reap any children that have finished. Some | |
578 | versions of Linux now complain (to the system log) about this "illogical" | |
579 | call to waitpid(). I have therefore put it inside a conditional | |
580 | compilation, and arranged for it to be omitted for Linux. | |
581 | ||
582 | 66. Added settable variables $acl_c0 - $acl_c9 and $acl_m0 - $acl_m9 for use | |
583 | during ACL processing. | |
584 | ||
585 | 67. Added "defer" command to system filter. | |
586 | ||
587 | 68. X options such as -bg or -geometry that were added to an eximon command | |
588 | were being lost as a result of a bug introduced by 4.12/6. | |
589 | ||
590 | 69. The "more" and "unseen" generic router options can now be expanded strings. | |
591 | ||
592 | 70. The "once_repeat" option in the autoreply tranport is now an expanded | |
593 | string. | |
594 | ||
595 | 71. If maildir_format is set on an appendfile transport that is referenced from | |
596 | an file_transport setting in a redirect router, it forces maildir delivery, | |
597 | even if the path given in the filter does not end with '/'. | |
598 | ||
599 | 72. Fixed three bugs in ${readsocket: | |
600 | (i) If the operation failed, and a failure string was given, "}}" was | |
601 | erroroneously added to it. | |
602 | (ii) If the operation succeeded, but a failure string was present, "}" was | |
603 | added to the expanded data. | |
604 | (iii) The alarm for the timeout was set with signal() instead of with | |
605 | os_non_restarting_signal(), which meant that it only worked on those | |
606 | OS whose default is not to restart an interrupted system call. | |
607 | ||
608 | 73. A complete host name (no wildcards) in a host list causes a forward lookup | |
609 | for the IP address. If this failed, Exim was behaving as if the host didn't | |
610 | match the list, instead of giving an error (as it does when a reverse | |
611 | lookup fails). | |
612 | ||
613 | 74. If router_home_directory was passed on as a home directory for a local | |
614 | transport, it was being re-expanded in the transport. This has been changed | |
615 | so that the expanded value is passed from the router to the transport, and | |
616 | no re-expansion takes place. | |
617 | ||
618 | 75. When a redirect router generated a pipe, file, or autoreply, the values of | |
619 | $domain_data and $localpart_data were not being propagated to the | |
620 | transport. | |
621 | ||
622 | 76. The macros MESSAGE_ID_LENGTH and SPOOL_DATA_START_OFFSET are now defined in | |
623 | local_scan.h so that they are available to local_scan() functions. | |
624 | ||
625 | 77. Changes to the SMTP PIPELINING support: | |
626 | ||
627 | (1) Exim used always to accept pipelined commands, even when it hadn't | |
628 | advertised PIPELINING (i.e. when EHLO had not been received). Now it | |
629 | objects unless PIPELINING has been advertised. | |
630 | ||
631 | (2) Advertising PIPELINING to specific hosts can be disabled via the new | |
632 | option pipelining_advertise_hosts. | |
633 | ||
634 | 78. The acl_smtp_connect ACL was not being run for -bs input when no IP address | |
635 | was supplied via -oMa. | |
636 | ||
637 | 79. A "mail" command in a filter could cause a crash if the list of recipients | |
638 | for the "to:" line was excessively long - this showed up in a reply to | |
639 | a message with a ridiculously long Reply_to: header line. | |
640 | ||
641 | 80. Added allow_utf8_domains. | |
642 | ||
643 | 81. Added $rh_ and $rheader for "raw" header expansion. | |
644 | ||
645 | 82. Added smtp_accept_max_nonmail_hosts. | |
646 | ||
647 | 83. Extended ${stat (see 64 above) to add smode=symbolic mode. | |
648 | ||
649 | 84. Added default logging for host and IP lookup failures, with a log selector | |
650 | called host_lookup_failed to turn it off. | |
651 | ||
652 | 85. Added header_maxsize and header_line_maxsize. | |
653 | ||
654 | 86. If a RCPT ACL made use of "verify = sender" without callout, followed by | |
655 | another use with callout, and the callout failed, the caching was broken | |
656 | such that for a subsequent RCPT command, the first callout failed | |
657 | incorrectly. The caching of sender verification has been fixed so that it | |
658 | now remembers that the routing succeeded even when the callout fails. | |
659 | ||
660 | 87. Added errno and strerror(errno) to the log line for a failure to lock the | |
661 | -D file when receiving a message. | |
662 | ||
663 | 88. If router with check_local_user set up a local delivery, and no user was | |
664 | specified on the transport, and errors_to on the router specified an | |
665 | address whose verification also invoked check_local_user, the wrong uid/gid | |
666 | was used for the transport. It used the uid/gid of the errors_to address | |
667 | instead of the uid/gid of the original local part. | |
668 | ||
669 | 89. If log_file_path=:syslog was set, to use the default log path and also | |
670 | syslog, and check_log_space was also set, Exim was confused, and refused to | |
671 | accept messages, giving the error "cannot find slash in ". | |
672 | ||
673 | 90. If a router stripped a prefix or a suffix from a local part, and then | |
674 | routed that address to an smtp or lmtp transport, the address that was | |
675 | sent in the RCPT command did not have the affixes stripped. | |
676 | ||
677 | 91. For BSMTP delivery by appendfile or pipe, the address given in the RCPT | |
678 | command did not preserve the case of the envelope address, as it is | |
679 | supposed to. | |
680 | ||
681 | ||
682 | Exim version 4.13 | |
683 | ----------------- | |
684 | ||
685 | There was no 4.13. I accidentally put out a fixed version of 4.12 (a typo was | |
686 | discovered very soon after release) that verified itself as 4.13. This too was | |
687 | hastily fixed, but it seems best not to use the number, to avoid confusion. | |
688 | ||
689 | ||
690 | Exim version 4.12 | |
691 | ----------------- | |
692 | ||
693 | 1. Update to change 4.11/82: for the max number of processes, set | |
694 | RLIM_INFINITY if it is defined. | |
695 | ||
696 | 2. An expansion ${run{xxx}} where xxx was a successful command that produced | |
697 | no output caused Exim to crash. | |
698 | ||
699 | 3. Some artificial delays of 1 second existed when running in the test | |
700 | harness, to ensure repeatability of debugging output. Now that we have | |
701 | the millisleep() function, these can be shorter. | |
702 | ||
703 | 4. Change 4.11/30 below overlooked the case when an address gets a 4xx | |
704 | response from a server. Because this isn't a host problem, the host does | |
705 | not get delayed, and it gets tried every time the address is OK'd for | |
706 | routing, with the same reponse. However, if hosts_max_try is set, because | |
707 | not all the hosts were tried, the address does not time out. I've changed | |
708 | things so that if there is a 4xx response to a RCPT command, the host in | |
709 | question does not count towards hosts_max_try if the message is older than | |
710 | the host's maximum retry time. This means that other hosts are always tried | |
711 | in this circumstance; if the address gets 4xx errors from all of them, it | |
712 | will eventually time out. | |
713 | ||
714 | 5. If a retry rule for a host had no actual retry times specified, it could | |
715 | cause a crash when checking the ultimate address timeout. (Very old bug, | |
716 | spotted in passing, so probably never bothered anybody.) | |
717 | ||
718 | 6. Change 135 below broke the following scripts when a list of configuration | |
719 | files was given: exicyclog, exim_checkaccess, eximon, exinext, and exiwhat. | |
720 | In practice, if exim_path was not specified in the configuration file (a | |
721 | common case), things would probably work OK. However, the use of | |
722 | CONFIGURE_FILE_USE_NODE definitely did not work. These scripts have now | |
723 | been updated to fix this problem. They now search for the configuration | |
724 | file in the same way Exim itself does: for each name in the list, the | |
725 | "noded" file is tried first, then the unsuffixed file. | |
726 | ||
727 | 7. If a WARN verb in an ACL did not specify an explicit "message" modifier, | |
728 | and was triggered by a failing sender or recipient verification, the | |
729 | response that would have been sent as an SMTP message for a DENY verb was | |
730 | incorrectly being added to the message's headers. | |
731 | ||
732 | 8. I screwed up change 4.11/155. For lookup types whose names were prefixes of | |
733 | other lookup types (e.g. nis and nisplus, dbm and dbmnz), the new search | |
734 | function didn't do the correct comparison, meaning that the wrong lookup | |
735 | type could be found. | |
736 | ||
737 | 9. Solaris seems to be one of the LDAPs that doesn't have the lud_scheme | |
738 | member of the LDAPURLDesc structure. Since the check that is made on it | |
739 | is only to double check that a path is given for ldapi, I've just removed | |
740 | the test in the Solaris case. | |
741 | ||
742 | 10. The modified TextPop.c source in the Exim monitor had declarations of errno | |
743 | and sys_nerr which never were actually referenced. The second of these | |
744 | caused trouble on Darwin, so I've removed both of them. Why were they | |
745 | there? Who knows? This is ancient X code... | |
746 | ||
747 | 11. The DEFER ACL verb crashed if no "message" modifier was set. | |
748 | ||
749 | 12. The check on incoming messages that gives the error "too many non-mail | |
750 | commands" was too strict. In the case of Exim sending to Exim, when the | |
751 | client has queued messages for the server and is using TLS, it will close | |
752 | and re-initialize TLS between messages (because the client has to hand the | |
753 | SMTP connection to a new process). STARTTLS was being counted as a non-mail | |
754 | command, and therefore could cause the limit to be hit. The revised code | |
755 | now allows for one RSET, one HELO or EHLO, and one STARTTLS between each | |
756 | message without counting them as non-mail commands. (One RSET was | |
757 | previously allowed - I *had* spotted that case.) | |
758 | ||
759 | 13. Some log lines for rejections by ACL were putting ident values in | |
760 | parentheses instead of using U= after H=. (There are some other lines that | |
761 | do use parens, typically when the host name appears without H= within a | |
762 | message. This whole area could perhaps do with tidying up.) | |
763 | ||
764 | 14. When processing a redirection file happens in a subprocess (typically so | |
765 | that a .forward file is processed as the user), Exim was assuming that a | |
766 | call to wait() would always reap the subprocess, and it was failing to | |
767 | check the result. In theory, a signal of some sort occurring at the wrong | |
768 | time could break this assumption - the process was then left unreaped, and | |
769 | could possibly be picked up later during deliveries, thus confusing that | |
770 | code ("processes got out of step"). This is conjecture - I haven't got a | |
771 | definite test of this. However, I have fixed the code to repeat the wait | |
772 | after a signal. | |
773 | ||
774 | 15. When Exim was waiting for a remote delivery subprocess, and the waitpid() | |
775 | call found a process that was not in the list of remote delivery processes, | |
776 | Exim gave up waiting for remote processes. It is probably better just to | |
777 | ignore the unexpected process (though, of course, write to the main and | |
778 | panic logs) and to wait for another process, and so that is what now | |
779 | happens. If the error situation is caused by failed waiting logic for | |
780 | routing or local delivery processes, this approach will minimize bad | |
781 | behaviour, I hope. | |
782 | ||
783 | ||
784 | Exim version 4.11 | |
785 | ----------------- | |
786 | ||
787 | 1. Ignore trailing spaces after numbers in expansion comparisons such as | |
788 | ${if > { 5 } { 4 } ... (leading spaces were already ignored). | |
789 | ||
790 | 2. Two variables, $warnmsg_delay, and $warnmsg_recipients, had got left with | |
791 | their old Exim 3 names, when I meant to change to "warn_message", along | |
792 | with the warn_message_file option. They have now been changed. The old | |
793 | names remain as synonyms, but will be undocumented in due course. | |
794 | ||
795 | 3. The message "This message was created automatically by mail delivery | |
796 | software (Exim)." still confuses people. If they are sufficiently Internet- | |
797 | ignorant, they think the message has come from exim.org. At first, I | |
798 | changed thw wording to "This message was created automatically by mail | |
799 | delivery software (Exim) running on a mail server handling mail for <the | |
800 | qualify domain>." in the hope that that might be better. However, in | |
801 | testing that still proved confusing on servers handling multiple domains. | |
802 | The message has now reverted to the original, simple wording: "This message | |
803 | was created automatically by mail delivery software." | |
804 | ||
805 | 4. It has been discovered that, under Linux, when a process and its children | |
806 | are being traced by "strace -f", the children are stolen from the parent | |
807 | while they are being traced. A call to waitpid(-1,&x,NOHANG), which Exim | |
808 | uses to test for the completion of "any of my children" in a non-blocking | |
809 | manner, returns as if there are no children in existence. Exim used treat | |
810 | this as a serious unexpected error state. What it does now is to use | |
811 | kill(pid,0) to check explicitly for the continued existence of any of its | |
812 | children. If it finds any, it assumes it is being traced, and proceeds as | |
813 | if the return from waitpid() had been "none of your children have finished | |
814 | yet". If it can't find any children, it gives the error as before. | |
815 | ||
816 | 5. When Exim creates hints databases and their lock files as root, it needs to | |
817 | change their ownership to exim. In Exim 3, the function to open a hints | |
818 | database wasn't called as root very often, and the check "are we running as | |
819 | root?" would usually fail. However, because Exim 4 eschews the use of | |
820 | seteuid(), it runs all its routing as root, and this always calls the hints | |
821 | database opening function. It wasn't noticing when it was actually creating | |
822 | the database, and so it was running chmod() on all the files in the db | |
823 | directory every time. This does no harm, of course, but wastes resources. | |
824 | Exim now detects when the database was already in existence by opening | |
825 | without O_CREAT at first. If this succeeds, it doesn't do the root test. | |
826 | ||
827 | 6. The line in MakeLinks that creates a link for direct.c had been | |
828 | accidentally left in (cf 4.03/6). | |
829 | ||
830 | 7. The value of $0 in the replacement in a rewriting rule was being corrupted, | |
831 | leading to incorrect results or error diagnostics. | |
832 | ||
833 | 8. Added support for ldapi:// URLs to the LDAP lookups (OpenLDAP only). Also, | |
834 | re-organized the code to use ldap_initialize() with OpenLDAP in all cases | |
835 | (it seems to be preferred). | |
836 | ||
837 | 9. With OpenLDAP 2.0.25, ldaps:// doesn't seem to work unless the LDAP | |
838 | protocol level is set to 3. This is now standard in the Exim code, as v3 | |
839 | has been around for 5 years now. Testing ldaps:// is now included in the | |
840 | Exim test suite. Although earlier versions claimed to support it, I rather | |
841 | suspect that it never worked. | |
842 | ||
843 | 10. Inserted some checking of the syntax of the IP address given as the first | |
844 | argument to the exim_checkaccess utility. This gives a better error | |
845 | message, especially in the case when somebody gets the arguments in the | |
846 | wrong order. | |
847 | ||
848 | 11. Improved the panic log entry if an unsupported format type is passed to | |
849 | string_vformat() (now gives the whole format string, not just the little | |
850 | bit that's wrong). | |
851 | ||
852 | 12. Ever since its early days, Exim has checked the syntax of non-SMTP | |
853 | addresses according to RFC [2]822 rules, rather than the stricter RFC | |
854 | [2]821 rules that it uses for SMTP. This allows for a wider set of | |
855 | characters in domains. This has now caused a problem, because I forgot | |
856 | about it when making some changes to the format of spool files (see | |
857 | 3.953/44, 4.03/10, and 4.04/1). I can't believe that anybody actually makes | |
858 | use of this feature (which isn't documented), so I have removed it. All | |
859 | domains must now conform to RFC [2]821 rules. A non-SMTP message with a | |
860 | domain that would previously have been accepted will now be bounced. | |
861 | ||
862 | 13. If widening a domain in a dnslookup router made it syntactically invalid, | |
863 | the error message quoted the original domains instead of the widened | |
864 | domain. | |
865 | ||
866 | 14. During a queue run initiated by -R or -S (or by -i when the use of message | |
867 | logs is disabled), if Exim encountered a message with certain | |
868 | characteristics (including text for $local_scan_data, and the setting of | |
869 | the "manually thawed" flag), this data was not correctly reset for | |
870 | subsequent messages. So if they didn't have those settings themselves, | |
871 | strange things could occur. | |
872 | ||
873 | 15. With the "percent hack" enabled for percenthack.domain, if a message had | |
874 | two addresses such as X%some.domain@percenthack.domain and X@some.domain, | |
875 | Exim was not recognizing the duplication, and was making two deliveries | |
876 | instead of one. | |
877 | ||
878 | 16. The output from verification (for -bv and VRFY) used to list a child | |
879 | address when verification was applied to children (this happens, for | |
880 | example, for aliases that generate just a single child). Now it lists only | |
881 | the original address. | |
882 | ||
883 | 17. Changes 34 and 35 of 4.10 did not wholly solve problems with widened | |
884 | domains. The following bug still existed: | |
885 | ||
886 | . A recipient address was abbreviated (e.g. one component). | |
887 | . A dnslookup router caused it to be widened. | |
888 | . The new domain was a local domain. | |
889 | . The address was redirected to itself. | |
890 | ||
891 | At this point, Exim thought it was a duplicate, and discarded it. | |
892 | ||
893 | This whole thing turned out to be a large can of worms, so I have reworked | |
894 | the address widening code. This should get rid of all these problems. | |
895 | Widening now appears similar to redirection, with the unwidened address | |
896 | becoming a proper parent address. As part of this, there has been some | |
897 | general re-organization of the way addresses are handled. | |
898 | ||
899 | 18. When a filter generated only "unseen" deliveries, the normal delivery that | |
900 | happened subsequently lost any value of address_data that was previously | |
901 | set. The handling of values like that that are propagated from parents to | |
902 | children has been reworked. | |
903 | ||
904 | 19. Added smtp_return_error_details and the check_postmaster option for address | |
905 | verification callouts. | |
906 | ||
907 | 20. Long SMTP responses (from ACL messages or wherever) are now automatically | |
908 | split up into multi-line responses if possible. The split happens at an | |
909 | occurrence of ": " if present after 40 characters. Otherwise it happens at | |
910 | the last space before 75 characters. Existing newlines in the message are | |
911 | taken into account. | |
912 | ||
913 | 21. When verify = header_sender is set, a different error message is now given | |
914 | if a syntax is detected, as opposed to failure to verify. | |
915 | ||
916 | 22. Extended the general mechanism for ${quote_lookuptype:...} expansions by | |
917 | allowing for an option to be given after the lookup name, for example | |
918 | ${quote_ldap_dn:...}. Unrecognized options cause errors. | |
919 | ||
920 | 23. Re-worked the quote_ldap expansion items to provide two different kinds of | |
921 | quoting, since the requirements of filter strings and DNs are different. | |
922 | Sigh. Arranged for the DN given in the USER= setting to be de-URL-quoted | |
923 | because not all libraries do it themselves. | |
924 | ||
925 | 24. The handling of responses from LDAP searches wasn't right. It was detecting | |
926 | situations of the form "ldap_result failed internally or couldn't provide | |
927 | you with a message" but not "the server has reported a problem with your | |
928 | search". This has now been tidied up (thanks, Brian). Problems of the | |
929 | latter kind are now handled as follows: | |
930 | ||
931 | (1) For LDAP_SIZELIMIT_EXCEEDED, the truncated list of results is | |
932 | returned. This is what happened before. | |
933 | ||
934 | (2) For a small set of errors that, in effect, mean "that object does | |
935 | not, or cannot, exist in the database", the lookup fails. This is | |
936 | also as before. | |
937 | ||
938 | (3) For other problems, the lookup defers, giving the LDAP error. | |
939 | ||
940 | 25. Added $ldap_dn to hold the DN of the last entry retrieved in the most | |
941 | recent LDAP lookup. | |
942 | ||
943 | 26. Exim was not checking for the LDAP_INVALID_CREDENTIALS error when | |
944 | ldap_bind() failed during an ldapauth call. With (at least) OpenLDAP2, the | |
945 | connection to the server doesn't happen until ldap_bind(), so failures to | |
946 | connect were being treated as authentication failures, and given hard | |
947 | errors. Now, all errors other than LDAP_INVALID_CREDENTIALS are treated the | |
948 | same way for all calls to ldap_bind(), whether ldaputh or otherwise. They | |
949 | lead to temporary errors - if there are more servers, they will be tried. | |
950 | ||
951 | 27. If there was a reference to a non-existent named list, for example, a | |
952 | setting such as "senders = +something", but no lists of that type were | |
953 | actually defined, Exim misbehaved. For an address list, it treated the name | |
954 | as a domain list. For a domain list, it just didn't match. Now it gives a | |
955 | panic error about a non-existent named list (as it always did if there were | |
956 | named lists of the appropriate type). The error now tells you what type of | |
957 | list it thought it was looking for. | |
958 | ||
959 | 28. When -bt or -bv is used by a non-admin user, and there is some kind of | |
960 | DEFER (e.g. database unreachable), details of the failure are no longer | |
961 | given, because they may include private data such as the password for an | |
962 | LDAP lookup. | |
963 | ||
964 | 29. The logic for using a remote host name as a key for looking up retry rules | |
965 | in preference to the domain of the email address was broken. It wouldn't | |
966 | find such retry rules. | |
967 | ||
968 | 30. There were some problems with the action of hosts_max_try in the smtp | |
969 | transport where there were indeed more hosts available than the limit. | |
970 | ||
971 | (a) Exim used to time out an address out if all the hosts that were tried | |
972 | were past their retry limits, ignoring the state of any hosts that were | |
973 | not tried because the hosts_max_try limit was reached. Now it won't | |
974 | time out an address unless all its hosts are actually considered and | |
975 | are past their retry limits. | |
976 | ||
977 | (b) Hosts that are past their retry limits are no longer counted for | |
978 | hosts_max_try. This means that when some hosts are in this state, a | |
979 | greater number of hosts are tried than before, but this is the only way | |
980 | to ensure that all hosts are considered before timing out an address. | |
981 | ||
982 | (c) When the hosts_max_try limit is reached, Exim now looks down the host | |
983 | list to see if there is a subsequent host with a different MX. If there | |
984 | is, that host is used next, and the current host is not counted. More | |
985 | details in NewStuff. | |
986 | ||
987 | 31. The source for spa authentication (taken from the Samba project) used the | |
988 | type "int16". This has caused compilation problems in some systems that | |
989 | happen to have a different definition of it. (Naughty, naughty, non- | |
990 | standard.) I've renamed all the defined types by adding "x" on the end. | |
991 | ||
992 | 32. When a delivery that used authentication was run with -v (which an | |
993 | unprivileged user can use) it included the authentication data when it | |
994 | showed the SMTP transaction. Such data is now replaced by asterisks in any | |
995 | reflection of the SMTP commands. This also applies if the command is logged | |
996 | as a result of an error response. | |
997 | ||
998 | 33. Some little problems in queue runs: | |
999 | ||
1000 | (a) The reading end of the synchronising pipe was being left open in the | |
1001 | delivery subprocess. This caused no harm, but used up a file | |
1002 | descriptor till that series of deliveries was done. | |
1003 | ||
1004 | (b) If the load level got high enough to abandon a queue run, the | |
1005 | synchronizing pipe was accidentally not closed. Normally, this wouldn't | |
1006 | matter, because the queue runner process would finish any way, but... | |
1007 | ||
1008 | (c) If split_spool_directory was set without queue_run_in_order, the code | |
1009 | for abandoning a queue run because of too high load didn't stop | |
1010 | cleanly. Instead, it went on to look at the remaining subdirectories. | |
1011 | Each one would then notice the high load, and abort. Not only was this | |
1012 | a waste of time, but because of (b) above, it used up one file | |
1013 | descriptor per subdirectory. With up to 62 subdirectories, this could | |
1014 | hit the limit of file descriptors if it was as low as 64 (which it | |
1015 | sometimes is). | |
1016 | ||
1017 | 34. Added SYSTEM_ALIASES_FILE to the build-time configuration, and the ability | |
1018 | to set ROOT= when installing. Removed installation instructions for the | |
1019 | info version of the overview document, because that document no longer | |
1020 | exists for Exim 4. | |
1021 | ||
1022 | 35. Added a total line to exiqsumm. | |
1023 | ||
1024 | 36. convert4r4 can now handle "optional" for single-key lookups in aliasfile | |
1025 | directors. | |
1026 | ||
1027 | 37. Change 4.03/25 (making convert4r4 double colons in require_files lists) was | |
1028 | incomplete. It worked for routers, but not for directors. | |
1029 | ||
1030 | 38. After verify=recipient in an ACL, the value of $address_data is the last | |
1031 | value that was set while routing the address. | |
1032 | ||
1033 | 39. Included eximstats 1.22. | |
1034 | ||
1035 | 40. If a delivery of another message over an existing SMTP connection yields | |
1036 | DEFER, we do NOT set up retry data for the host. This covers the case when | |
1037 | there are delays in routing the addresses in the second message that are so | |
1038 | long that the server times out. This is alleviated by not routing addresses | |
1039 | that previously had routing defers when handling an existing connection, | |
1040 | but even so, this case may occur (e.g. if a previously happily routed | |
1041 | address starts giving routing defers). If the host is genuinely down, | |
1042 | another non-continued message delivery will notice it soon enough. | |
1043 | ||
1044 | 41. Added quota_directory to appendfile. | |
1045 | ||
1046 | 42. Changed the order of processing configuration input lines. Previously, it | |
1047 | was comment, .include, continuation, macro expansion, comment again (in | |
1048 | case a macro turned a logical line into a comment). This meant that macros | |
1049 | could not be used in .include lines. The order is now macro, comment, | |
1050 | .include, continuation. That is, macro expansion is done on physical lines, | |
1051 | not on logical lines. | |
1052 | ||
1053 | 43. Improved the error message if an option-setting line in the configuration | |
1054 | does not start with a letter. (It used to say 'option "" unknown'.) | |
1055 | ||
1056 | 44. Allow -D to set a macro to the empty string. Previously it would have | |
1057 | moved on to the next commandline item. This seems pointless. Either -DXX or | |
1058 | -DXX= sets an empty string. | |
1059 | ||
1060 | 45. Changed OS/Makefile-FreeBSD thus: | |
1061 | ||
1062 | EXIWHAT_MULTIKILL_CMD='killall -m' | |
1063 | EXIWHAT_MULTIKILL_ARG='^exim($$|-[0-9.]+-[0-9]+$$)' | |
1064 | ||
1065 | This is because, with the Exim standard installation using a symbolic link, | |
1066 | the name of the running program is not "exim" but (e.g.) "exim-4.10-1". | |
1067 | ||
1068 | 46. An Exim server now accepts AUTH or STARTTLS commands only if their | |
1069 | availability has been advertised in response to EHLO. | |
1070 | ||
1071 | 47. A few source changes to avoid warnings from very picky compilers that don't | |
1072 | complain about unset variables when the only setting is by passing the | |
1073 | address to another function. | |
1074 | ||
1075 | 48. Added -d+pid to force the adding of the pid to all debug lines. Default it | |
1076 | on when the daemon is run with any debugging turned on. (Pids are still | |
1077 | automatically added when multiple deliveries are run in parallel.) | |
1078 | ||
1079 | 49. Included Matt Hubbard's exiqgrep utility. | |
1080 | ||
1081 | 50. Give error for two routers, transports, or authenticators with the same | |
1082 | name. (It already caught duplicate ACLs.) | |
1083 | ||
1084 | 51. If a host has more than MAX_INTERFACES interfaces (common for hosts with a | |
1085 | slew of virtual interfaces), and Exim had to find the list of local | |
1086 | interfaces, it ran off the end of the list that the ioctl returned. I had | |
1087 | assumed the length would be set to correspond to the amount of data | |
1088 | returned - but in at least one OS it is set to the actual number of | |
1089 | interfaces, even if they don't all fit in the buffer. | |
1090 | ||
1091 | 52. Nit-picking changes to store.c. It was assuming the length of the | |
1092 | storeblock structure would be a multiple of the alignment, which is almost | |
1093 | certainly "always" true. However, just in case it might not be it is now | |
1094 | rounded up. For some long-forgotten reason, Exim was getting blocks of | |
1095 | store of the size (8192 - alignment), which seems strange. I've changed it | |
1096 | to plain 8192. | |
1097 | ||
1098 | 53. Added functions to compute SHA-1 digests, added the ${sha1: expansion | |
1099 | operator, added support for {sha1} to crypteq. | |
1100 | ||
1101 | 54. When local_scan() times out, include the message size in the log line. | |
1102 | ||
1103 | 55. If a pipe transport had no command specified, and the address also had | |
1104 | no command associated with it, the transport process crashed. Now it defers | |
1105 | with a suitable message. | |
1106 | ||
1107 | 56. An Exim server output mangled junk if it received a HELP command on an | |
1108 | TLS-encrypted session. | |
1109 | ||
1110 | 57. The output from -bV (and at the start of debugging) now lists the optional | |
1111 | items included in the binary (which routers, etc). The debugging output now | |
1112 | includes the name of the configuration file at its start. | |
1113 | ||
1114 | 58. Added support for GnuTLS as an alternative to OpenSSL. | |
1115 | ||
1116 | 59. Give a configuration error if tls_verify_hosts is set, but tls_verify_ | |
1117 | certificates is not set. It doesn't make sense to require some hosts to | |
1118 | verify if there's nothing to verify against. | |
1119 | ||
1120 | 60. A pipe transport may now have temp_errors = * to specify that all errors | |
1121 | are to be treated as temporary. | |
1122 | ||
1123 | 61. The lmtp transport can now handle delivery to Unix domain sockets. | |
1124 | ||
1125 | 62. Added support for flock() to appendfile, for those operating situations | |
1126 | that need it. Not all OS support flock(). | |
1127 | ||
1128 | 63. It seems that host lists obtained from MX records often turn out to have | |
1129 | duplicate IP addresses, especially for large sites with many MXs and many | |
1130 | hosts. Exim now removes duplicate IP addresses. (Previously, it removed | |
1131 | only duplicate names.) | |
1132 | ||
1133 | 64. If ${readfile was inside a substring that was not part of the final | |
1134 | expansion value (because its condition wasn't met), Exim still tried to | |
1135 | read the file. This made an "exists" test for the file useless. | |
1136 | ||
1137 | 65. Added ${readsocket to the expansion facilities. | |
1138 | ||
1139 | 66. It is now possible to set errors_to to the empty string in routers. | |
1140 | ||
1141 | 67. Added disable_logging as a generic transport and a generic router option. | |
1142 | ||
1143 | 68. Applied Stefan Traby's patch to support threaded Perl. As I don't have a | |
1144 | threaded Perl, I can't test that this fixed the problem, but it doesn't | |
1145 | appear to break the non-threaded case. | |
1146 | ||
1147 | 69. For SPA (NTLM) client authentication, the options are now expanded. | |
1148 | ||
1149 | 70. Added support for SPA server authentication, courtesy of Tom Kistner. | |
1150 | ||
1151 | 71. Latest versions of TCPwrappers use the macro HAVE_IPV6 inside the tcpd.h | |
1152 | header, it appears, and this clashes with Exim's use of that macro. | |
1153 | Renaming it for Exim is an incompatible change, so instead I've just | |
1154 | arranged that HAVE_IPV6 is undefined while including the tcpd.h header. | |
1155 | ||
1156 | 72. Mac OS 10.2 (Darwin) has IP option support that looks like the later | |
1157 | versions of glibc, but without the __GLIBC__ macro setting. I've added a | |
1158 | new macro called DARWIN_IP_OPTIONS, and tidied up the code in smtp_in.c to | |
1159 | simplify the handling of the three different ways of doing this. | |
1160 | ||
1161 | 73. If no "subject" keyword is given for a "vacation" command in a filter, the | |
1162 | subject now defaults to "On vacation". | |
1163 | ||
1164 | 74. Exim now counts the number of "non-mail" commands in an SMTP session, and | |
1165 | drops the connection if there are too many. The new option | |
1166 | smtp_accept_max_nonmail option defines "too many". This catches some DoS | |
1167 | attempts and things like repeated failing AUTHs. | |
1168 | ||
1169 | 75. Installed configuration files for OpenUNIX. | |
1170 | ||
1171 | 76. When a TLS session was started over a TCP/IP connection for LMTP, Exim was | |
1172 | sending EHLO instead of LHLO after the encrypted channel was established. | |
1173 | ||
1174 | 77. When an address that was being verified routed to an smtp transport whose | |
1175 | protocol was set to LMTP, the SMTP callout used EHLO instead of LHLO. | |
1176 | ||
1177 | 78. Installed eximstats 1.23 in the distribution. | |
1178 | ||
1179 | 79. Installed a new set of Cygwin-specific files from Pierre Humblet. | |
1180 | ||
1181 | 80. Added caching for callout verification. | |
1182 | ||
1183 | 81. Added datestamped logs and $tod_logfile. | |
1184 | ||
1185 | 82. When Exim starts up with root privilege, set a high limit (1000) for the | |
1186 | number of files that can be open and the number of processes that can be | |
1187 | created (on systems where this is possible), in case Exim is called from a | |
1188 | restricted environment. | |
1189 | ||
1190 | 83. Minor bugfix in appendfile: when renaming failed for a file whose name was | |
1191 | extended with a tag, the untagged name was shown in the error message. | |
1192 | ||
1193 | 84. If Exim's retry configuration was changed so as to bounce a certain | |
1194 | delivery failure immediately, for example to bounce quota errors: | |
1195 | ||
1196 | * quota | |
1197 | ||
1198 | and there were messages on the queue that had previously been deferred | |
1199 | because of this error, Exim crashed when trying to deliver them in a queue | |
1200 | run. Now it will make one more delivery attempt and bounce on failure. | |
1201 | ||
1202 | 85. Fixed an obscure problem that arose when (a) an address was redirected | |
1203 | to itself, AND (b) the message was not delivered at the first attempt, AND | |
1204 | (c) the pattern of redirection was changed at the next delivery attempt. | |
1205 | When an address is redirected to the same address, Exim labels the new | |
1206 | address as "2nd generation", and so on, in order to distinguish these | |
1207 | homonym addresses from each other. Previously, it recorded the delivery of | |
1208 | a homonym address as a delivery of the appropriate generation. This does | |
1209 | not work if the generation numbers change at the next delivery attempt. The | |
1210 | symptoms can be either duplicated deliveries, or missing deliveries, | |
1211 | depending on the configuration. | |
1212 | ||
1213 | A real-life example is a configuration that takes "unseen" copies of | |
1214 | messages at certain times only, because an "unseen" router in effect does a | |
1215 | redirection to a modified address (the unseen delivery) and to the original | |
1216 | address (for normal delivery). Thus the normal delivery can be either the | |
1217 | 1st or 2nd generation, depending on whether or not the unseen router is | |
1218 | triggered at the time of delivery. | |
1219 | ||
1220 | The fix is not to record a delivery to a homonym address as such, but | |
1221 | instead to record a delivery to the original address by the final | |
1222 | transport. If the same address is subsequently routed to the same transport | |
1223 | (whichever generation it now is), the delivery is discarded because it has | |
1224 | already happened. Homonym addresses that are themselves redirected are now | |
1225 | never recorded as "done", but non-homonym addresses are unaffected, so they | |
1226 | are marked when all their children are complete (as before), thus saving | |
1227 | an unnecessary subsequent expansion. | |
1228 | ||
1229 | The fix causes more routing processing to be done when homonyms are in use | |
1230 | and a message is not delivered at the first attempt, but this is not | |
1231 | expected to be very common, and the extra processing isn't all that much. | |
1232 | ||
1233 | 86. Make sure Exim doesn't overrun the buffer if an oversize packet is received | |
1234 | from a nameserver. | |
1235 | ||
1236 | 87. Added argument-expanding versions of hash, length, nhash, and substr | |
1237 | expansions. | |
1238 | ||
1239 | 88. The API for Berkeley DB changed at release 4.1. Exim now supports this | |
1240 | release. | |
1241 | ||
1242 | 89. When a host was looked up using gethostbyname() (or the more recent | |
1243 | getipnodebyname() on IPv6 systems), Exim was not inspecting the error code | |
1244 | on failure. Thus, any failure was treated as "host not found". Exim now | |
1245 | checks for temporary errors, so the behaviour of "byname" and "bydns" | |
1246 | lookups in this respect should be the same. However, on some OS it has been | |
1247 | observed that getipnodebyname() gives HOST_NOT_FOUND for names for which a | |
1248 | DNS lookup gives TRY_AGAIN. See also change 125 below. | |
1249 | ||
1250 | 90. Minor rewording of ACL error for attemted header check after RCPT. | |
1251 | ||
1252 | 91. When USE_GDBM was set, exim_dbmbuild wasn't working properly (still assumed | |
1253 | NDBM compatibilify interface); similarly in dbmdb lookups when ownership | |
1254 | was being tested. | |
1255 | ||
1256 | 92. If a Reply-To: header contained newlines and was used to generate | |
1257 | recipients for an autoreply, the log line for the autoreply "delivery" had | |
1258 | unwanted newlines. Such newlines are now turned into spaces. | |
1259 | ||
1260 | 93. When a redirect router that has the "file" option set discovers that the | |
1261 | file does not exist (the ENOENT error), it tries to stat() the parent | |
1262 | directory, as a check against unmounted NFS directories. If the parent | |
1263 | can't be statted, delivery is deferred. However, it seems wrong to do this | |
1264 | check if ignore_enotdir is set, because that option tells Exim to ignore | |
1265 | the error "something on the path is not a directory" (the ENOTDIR error). | |
1266 | In fact, it seems that some operating systems give ENOENT where others give | |
1267 | ENOTDIR, so this is a confusing area. | |
1268 | ||
1269 | 94. When the rejectlog was cycled, an existing Exim process was not noticing, | |
1270 | and was therefore not opening a new file. | |
1271 | ||
1272 | 95. If expansion of an address_data setting was forced to fail, and debugging | |
1273 | was enabled, a debugging statement tried to print an undefined value | |
1274 | instead of the string that was being expanded. This could cause a crash. | |
1275 | ||
1276 | 96. When Berkeley DB version 3 or higher is in use, a callback function is now | |
1277 | set up to log DB error messages that are passed back. | |
1278 | ||
1279 | 97. The conditions in the Makefile for rebuilding the exim_dbmbuild utility | |
1280 | were wrong, leading to failures to rebuild when it should have done. | |
1281 | ||
1282 | 98. Added -no_chown and -no_symlink options to the exim_install script. Also | |
1283 | arranged for the environment variable INSTALL_ARG to be passed over | |
1284 | from "make install". | |
1285 | ||
1286 | 99. Exim sets the IPV6_V6ONLY option on IPv6 listening sockets on operating | |
1287 | systems that support it. The call to setsockopt() to do this had SOL_SOCKET | |
1288 | instead of IPPROTO_IPV6 as its second argument (and so wouldn't work). | |
1289 | ||
1290 | 100. When a frozen message was timed out by timeout_frozen_after, the system | |
1291 | filter was incorrectly being run for the message before it was thrown | |
1292 | away. | |
1293 | ||
1294 | 101. If a filter used $thisaddress in an argument to a pipe command, its value | |
1295 | was not inserted where expected, because the expansion of a pipe command | |
1296 | does not happen till transport time, and $thisaddress was not being saved. | |
1297 | It is now saved (along with $1, $2, etc, which were already being saved), | |
1298 | and reinstated at transport time. | |
1299 | ||
1300 | 102. Added host grouping for randomizing to manualroute and smtp. A host list | |
1301 | that is randomized by manualroute is never re-randomized by smtp. Two | |
1302 | host lists that are randomized by manualroute are now treated as "the | |
1303 | same" when checking for possible multiple deliveries in one SMTP | |
1304 | transaction (this was always true for MX'd host lists). | |
1305 | ||
1306 | 103. Added "randomize" and "no_randomize" options to manualroute. | |
1307 | ||
1308 | 104. Added ${hmac expansion item. | |
1309 | ||
1310 | 105. When compiling with gcc, make use of its facility for checking printf-like | |
1311 | function calls (debug_printf and smtp_printf). This would have found the | |
1312 | problem in 95 above. It actually found a number of missing casts to (int) | |
1313 | in debug lines, and one spurious additional argument. | |
1314 | ||
1315 | 106. Created an ACKNOWLEDGEMENTS file, which I will endeavour to update in | |
1316 | future. | |
1317 | ||
1318 | 107. Minor modification to Makefile: when a command that starts off "cd xxx;" | |
1319 | is followed by another command (on the next line), put the first one in | |
1320 | parentheses so that if a "clever" make program amalgamates them, the | |
1321 | change of directory is turned off when it should be. | |
1322 | ||
1323 | 108. If log_timezone is set true, the timestamps in log files now include the | |
1324 | timezone offset. A new variable $tod_zone contains the offset. The exigrep | |
1325 | utility has been updated to handle timestamps with offsets. The eximstats | |
1326 | version included with this release (1.23) has been patched to handle | |
1327 | timestamps with offsets. There is also a new -utc option that specifies | |
1328 | the timestamps are in UTC. The Exim monitor has been modified so that it | |
1329 | omits the zone offset from its display. | |
1330 | ||
1331 | 109. If the expansion of an errors_to option is forced to fail, the option is | |
1332 | ignored. | |
1333 | ||
1334 | 110. Added $load_average. | |
1335 | ||
1336 | 111. Added router_home_directory generic router option. | |
1337 | ||
1338 | 112. Exim crashed on an attempt to check senders or sender domains in an ACL | |
1339 | other than after RCPT or DATA. It's now a temporary error. | |
1340 | ||
1341 | 113. \r was omitted before \n in the SMTP failure response for EHLO/HELO | |
1342 | argument checking. | |
1343 | ||
1344 | 114. On receiving EHLO or HELO, Exim was resetting its state before checking | |
1345 | the validity of the command. However, RFC 2821 says that the state should | |
1346 | not be changed if an invalid EHLO/HELO is received, so Exim has been | |
1347 | changed to conform. This applies mainly when there is more than one | |
1348 | EHLO/HELO command in a session. | |
1349 | ||
1350 | 115. When an Exim root process wrote to a log file, and the log file did not | |
1351 | already exist, Exim used to create it as root, and then change its | |
1352 | ownership to exim:exim. This could lead to a race condition if several | |
1353 | processes were trying to log things at the same time; this happens | |
1354 | especially when the exiwhat utility is used. I've changed things so that, | |
1355 | if an Exim root process needs to create a log file, it does so in a | |
1356 | subprocess that is running as exim:exim. | |
1357 | ||
1358 | 116. When running filter tests (-bf and -bF) Exim now changes the current | |
1359 | directory to "/" so that any assumptions about a particular current | |
1360 | directory are false. | |
1361 | ||
1362 | 117. The appendfile transport was doing the quota_threshold check before | |
1363 | actually writing the message. However, the act of writing the message | |
1364 | could make it longer by the addition of prefix, suffix, or additional | |
1365 | headers. This meant that quota warning could be missed if the basic length | |
1366 | of a message kept the mailbox below the threshold, but the transport | |
1367 | additions took it over. The warning threshold check is now done after | |
1368 | writing the message, when an accurate size is known. | |
1369 | ||
1370 | 118. If all verifications for verify = header_sender deferred, the log was | |
1371 | "temporarily rejected after DATA", without saying why. Now it adds "all | |
1372 | attempts to verify a sender in a header line deferred". | |
1373 | ||
1374 | 119. Added message_id_header_domain option. | |
1375 | ||
1376 | 120. Ignore message_id_header_text forced expansion failure. | |
1377 | ||
1378 | 121. Typos: "uknown" in acl.c; missing NULL initialized in drtables.c. | |
1379 | ||
1380 | 122. When return_size_limit was set greater than zero but smaller than an Exim | |
1381 | transport buffer size (so that only one buffer would be written), a | |
1382 | message that was longer than the limit could be omitted from the bounce | |
1383 | entirely under some circumstances. In other cases, the final buffer full | |
1384 | before truncation could be omitted. | |
1385 | ||
1386 | 123. The inode variables in log.c were of type int with -1 for unset; they | |
1387 | have been changed to ino_t with 0 for unset. | |
1388 | ||
1389 | 124. There are two Makefiles for NetBSD (for different object formats). They | |
1390 | were originally supplied in a format where one .included the other. The | |
1391 | problem with this has finally surfaced: when processing the Makefile to | |
1392 | build config.h, the inclusion isn't seen. The easy way out has been taken: | |
1393 | there are now two fully independent files. At the same time, HAVE_IPV6 has | |
1394 | been added to both of them. | |
1395 | ||
1396 | 125. Changed the default way of finding an IP address in both the manualroute | |
1397 | and queryprogram routers. Exim now does a DNS lookup; if that yields | |
1398 | HOST_NOT_FOUND, it tries calling getipnodebyname() (or gethostbyname()). | |
1399 | See also change 89 above. | |
1400 | ||
1401 | 126. Fixed a race bug in the loop that waits for a delivery subprocess to | |
1402 | complete. After reading all the data from, and then closing, the pipe, it | |
1403 | assumed that a call to waitpid() for the known pid would always return | |
1404 | status for that process. An unfortunately timed signal (e.g. SIGUSR1 from | |
1405 | exiwhat) could cause waitpid() to return -1/EINTR instead. The effect of | |
1406 | this was to remain in the loop and call FD_SET() with an argument of -1. | |
1407 | On Solaris it caused a crash; on other systems it might have looped. | |
1408 | ||
1409 | 127. If an ACL that was read from a file was used in more than one message in a | |
1410 | single SMTP transaction, Exim could crash or misbehave in arbitrary ways. | |
1411 | The problem was that the ACL was remembered in memory that was thrown away | |
1412 | at the end of the first message. In fixing this, I've done a bit of | |
1413 | refactoring of the way memory allocation works, to provide a non-malloc | |
1414 | allocator for small blocks of data that must be kept for the life of the | |
1415 | process. There's a new function store_get_perm() and I've reintroduced a | |
1416 | second storage pool (previously dropped on the 3->4 conversion). A number | |
1417 | of instances of malloc calls for small amounts of memory have been changed | |
1418 | to use this instead. It might be a tad more efficient. Then again, it | |
1419 | might not... | |
1420 | ||
1421 | 128. A similar problem to 127: memory corruption could occur for multiple | |
1422 | messages in one SMTP connection if the data from DNS black list lookups | |
1423 | was being used in log or user messages, e.g. references to $dnslists_text. | |
1424 | ||
1425 | 129. Blanks lines and comments are now ignored in ACLs that are read from | |
1426 | files. | |
1427 | ||
1428 | 130. Two instances of missing \n in debug output. | |
1429 | ||
1430 | 131. The new debugging tag +timestamp causes a timestamp to be added to each | |
1431 | debug output line. | |
1432 | ||
1433 | 132. Some debug information is written in multiple calls to debug_printf(), | |
1434 | with a newline only on the last one. When debugging multiple simultaneous | |
1435 | processes, the pid was added to each debug text, and for this reason, a | |
1436 | newline was always forced. Now Exim buffers up debug output until the | |
1437 | newline is reached, which makes things look much tidier. Also, if there | |
1438 | are internal newlines and prefix data such as a pid or timestamp are being | |
1439 | added, the prefix is inserted at the internal newlines. | |
1440 | ||
1441 | 133. When running in the test harness, arrange to overwrite all memory that | |
1442 | is released or freed, so that bugs are more easily found. This picked up | |
1443 | the following bug: | |
1444 | ||
1445 | 134. Expansion error messages were left in released store, so could have been | |
1446 | overwritten - but in fact most are used immediately, before this happened. | |
1447 | ||
1448 | 135. A list of configuration files can be given; the first one that exists is | |
1449 | used. | |
1450 | ||
1451 | 136. Moved the code that ensures that newly-created hints databases and their | |
1452 | lockfiles are owned by exim:exim so that it runs before the test for | |
1453 | successful opening, because a case was reported where the file itself was | |
1454 | created, but the DBM library returned an opening error. | |
1455 | ||
1456 | 137. If an address is redirected to just one child address, verification | |
1457 | continues with the child address. However, if verification of the child | |
1458 | failed because of (for example) a :fail: redirection, the error message | |
1459 | did not get passed back as it would have been had the original address | |
1460 | failed. The error information is now passed back for both fail and defer | |
1461 | responses. | |
1462 | ||
1463 | 138. Added $rcpt_defer_count and $rcpt_fail_count. | |
1464 | ||
1465 | 139. Added "rejected_header" log selector. | |
1466 | ||
1467 | 140. Added the cannot_route_message generic router option. | |
1468 | ||
1469 | 141. Change 87 above introduced a bug in the expansion of substrings when the | |
1470 | offset was greater than the length of the string, for example | |
1471 | ${substr_1:}. Exim crashed instead of returning an empty string. | |
1472 | ||
1473 | 142. Added extra features to ACLs: the "drop" and "defer" verbs, and the | |
1474 | "delay" and "control" modifiers (the latter with "freeze" and | |
1475 | "queue_only"). | |
1476 | ||
1477 | 143. If Exim failed to create a log file, it used to try to create the superior | |
1478 | directories only if the logs were being written in the spool directory. | |
1479 | Now it tries in all cases, but always from a process running as the exim | |
1480 | user. | |
1481 | ||
1482 | 144. Added $authentication_failed. | |
1483 | ||
1484 | 145. Added $host_data for use in ACLs. | |
1485 | ||
1486 | 146. Added new ACLs for non-SMTP messages, SMTP connection, MAIL, and STARTTLS. | |
1487 | ||
1488 | 147. Added a number of new features to the local_scan() API: | |
1489 | Access to debug_printf() and the local_scan debug selector | |
1490 | Direct access to the message_id variable | |
1491 | LOCAL_SCAN_REJECT_NOLOGHDR and LOCAL_SCAN_TEMPREJECT_NOLOGHDR | |
1492 | Access to store_get_perm() and store_pool (see 127 above) | |
1493 | Access to expand_string_message | |
1494 | Option settings in the main configuration file | |
1495 | LOCAL_SCAN_ACCEPT_FREEZE and LOCAL_SCAN_ACCEPT_QUEUE | |
1496 | LOG_PANIC to write to the panic log | |
1497 | Access to host_checking | |
1498 | Supporting functions lss_match_xxx() for matching lists | |
1499 | ||
1500 | 148. Minor security problem involving pid_file_path (admin user could get root) | |
1501 | has been fixed. | |
1502 | ||
1503 | 149. When an ACL contained a sender_domains condition with a reference to a | |
1504 | named domain list, the result of the check was not being cached (an | |
1505 | oversight). | |
1506 | ||
1507 | 150. Allowed for quoted keys in lsearch lookups; this makes it possible to have | |
1508 | whitespace and colons in keys. | |
1509 | ||
1510 | 151. Added wildlsearch lookup. | |
1511 | ||
1512 | 152. Yet another new set of configuration files for Cygwin from Pierre Humblet. | |
1513 | ||
1514 | 153. Ensure that log_file_path contains at most one instance of %s and one | |
1515 | instance of %D and no other % characters. | |
1516 | ||
1517 | 154. Added $tls_certificate_verified. | |
1518 | ||
1519 | 155. Now that the list of lookup types has got so long (and more are in | |
1520 | prospect) arrange to search it by binary chop instead of linear search. | |
1521 | ||
1522 | 156. Added passwd lookup. | |
1523 | ||
1524 | 157. Added simple arithmetic in expansion strings. | |
1525 | ||
1526 | 158. Added the ability to vary what is appended for partial lookups. | |
1527 | ||
1528 | 159. Made base 64 encode/decode functions available to local_scan. | |
1529 | ||
1530 | ||
1531 | Exim version 4.10 | |
1532 | ----------------- | |
1533 | ||
1534 | 1. Added HAVE_SA_LEN=YES to the OS/Makefile-Darwin file, because it needs it | |
1535 | (unsurprising, as it's based on FreeBSD). | |
1536 | ||
1537 | 2. Removed the HTML versions of the PCRE and pcretest documentation from the | |
1538 | distribution tarbundle, and instead included them in the HTML tarbundle, | |
1539 | linked to the overall index file. | |
1540 | ||
1541 | 3. The code for computing load averages was broken in 64-bit Solaris. | |
1542 | ||
1543 | 4. Make the default ACL refuse local parts that start with a dot. | |
1544 | ||
1545 | 5. LDAP binds with an empty password are considered anonymous regardless of | |
1546 | the username and will succeed in most configurations. Exim has been changed | |
1547 | so that the LDAP authentication (the ${if ldapauth... condition) always | |
1548 | fails when an empty password is used. | |
1549 | ||
1550 | 6. Remove quoting from rbl_domains when used in an ACL by the convert4r4 | |
1551 | script. | |
1552 | ||
1553 | 7. A lookup entry in a list that had spaces after the lookup type, e.g. | |
1554 | "lsearch; /etc/relaydomains" was including the space as part of the file | |
1555 | name. | |
1556 | ||
1557 | 8. Give an error if EXIM_USER or EXIM_GROUP contains control characters (it | |
1558 | happened when somebody had CRLF terminations in Local/Makefile, which | |
1559 | messed up the "unknown user" error message). | |
1560 | ||
1561 | 9. Ensure recipient address appears in log line for internal pipe problems | |
1562 | during redirection. | |
1563 | ||
1564 | 10. Tidies to code for calls to fork(): (a) 3 typos of "<=" that should have | |
1565 | been "<" (but would have no actual effect). (b) 2 cases of fork() failures | |
1566 | not being logged: during -M for multiple messages, and for auto-delivery | |
1567 | of incoming messages. | |
1568 | ||
1569 | 11. A reference to any header line that contains addresses (e.g. $h_to:) caused | |
1570 | a crash if the header was empty. Change 46 for 4.05 introduced this bug. | |
1571 | ||
1572 | 12. If a system filter file was defined as a non-absolute path, but system_ | |
1573 | filter_user was undefined, Exim's behaviour was undefined. It could, for | |
1574 | example, discard all deliveries, thinking the system filter had overridden | |
1575 | them all. Delivery is now deferred, with a message written to the panic | |
1576 | log. | |
1577 | ||
1578 | 13. If a redirection file (or system filter file when system_filter_user was | |
1579 | set) was defined as a non-absolute path containing no slash characters, | |
1580 | Exim crashed. | |
1581 | ||
1582 | 14. Added $rcpt_count, containing the number of RCPT commands received during | |
1583 | an SMTP transaction. This differs from $recipients_count when some of the | |
1584 | RCPTs are rejected. | |
1585 | ||
1586 | 15. Added $pid, containing the pid of the current process. | |
1587 | ||
1588 | 16. Fixed uninitialized variable warning in eximstats for relayed messages when | |
1589 | there was no sending host name (logged as H=[n.n.n.n]). There's no change | |
1590 | of output. | |
1591 | ||
1592 | 17. The exiqusumm script failed horribly if it encountered a message that had | |
1593 | been on the queue for 100 days or more. | |
1594 | ||
1595 | 18. Added the message_logs option for suppressing the writing of message logs. | |
1596 | ||
1597 | 19. Allow local_scan() to change the errors_to setting on recipient addresses. | |
1598 | (This was made trivially possible because of change 10 in 4.03.) | |
1599 | ||
1600 | 20. Convert4r4 changed: if forbid_pipe is set on a forwardfile director, also | |
1601 | set forbid_filter_run on the generated redirect router. | |
1602 | ||
1603 | 21. In the Makefile, $(INCLUDE) was preceding the -I. item that refers to | |
1604 | Exim's own include files. This caused a conflict with an external library | |
1605 | that also happened to have a config.h file. Exim saw the wrong file, and | |
1606 | chaos ensued. I've moved the -I. item in the relevant lines so that it | |
1607 | comes before $(INCLUDE). | |
1608 | ||
1609 | 22. Added $acl_verify_message to contain any existing user message when | |
1610 | expanding the "message" modifier in an ACL. | |
1611 | ||
1612 | 23. Changed the default argument for egrep when called in exiwhat to find | |
1613 | Exim processes. It is now ' exim( |$$|-)' instead of ' exim( |$$)' so that | |
1614 | it works on OS where the true file name appears. | |
1615 | ||
1616 | 24. In the plaintext authenticator, server_prompts was not being expanded, as | |
1617 | documented. It now is. | |
1618 | ||
1619 | 25. The exinext script was outputting in an incorrect format for routing | |
1620 | delays. It said "deliver" when it should have said "route", and the layout | |
1621 | of the text was screwed up. In fact, "deliver" is not the right word | |
1622 | anyway. I've changed it to "transport". Also removed redundant code for | |
1623 | "directing" delays, because these can't occur in Exim 4. | |
1624 | ||
1625 | 26. Fixed some problems concerned with retrying address errors in remote | |
1626 | deliveries: | |
1627 | ||
1628 | (a) I'd overlooked temporary address errors, and assumed that all the | |
1629 | retry items would be for host errors, and therefore on the first | |
1630 | address when multiple RCPTs were involved. Consequently, no retry | |
1631 | record was written for second and subsequent addresses if they | |
1632 | received a 4xx error. Thus, these addresses wouldn't be delayed | |
1633 | after such a delivery failure. | |
1634 | ||
1635 | (b) A temporary address error causes a routing delay; when the address | |
1636 | is eventually tried again, and routing succeeds, the retry record is | |
1637 | flagged for deletion. If the address gets another temporary error, | |
1638 | the retry record got updated, and then deleted. Thus, temporary | |
1639 | address errors were not being delayed and would be tried on every | |
1640 | queue run. | |
1641 | ||
1642 | 27. A minor code tidy for the CRAM-MD5 authenticator. | |
1643 | ||
1644 | 28. Some OS have a command to select processes by the name of the command they | |
1645 | are running, and send a signal to them. Linux and FreeBSD have "killall"; | |
1646 | Solaris has "pkill" (it also has "killall", but that does something | |
1647 | disastrously different). Using such a command makes "exiwhat" more | |
1648 | efficient, and reduces the chances of it trying to signal a non-existent | |
1649 | process. There are now two build-time parameters, EXIWHAT_MULTIKILL_CMD and | |
1650 | EXIWHAT_MULTIKILL_ARG, which can be set to enable this feature to be used. | |
1651 | They are defined in the OS-specific files for Linux, FreeBSD, and Solaris. | |
1652 | See OS/Makefile-Default for more details. | |
1653 | ||
1654 | 29. As part of tidying up for 28, changed the name of the build-time parameter | |
1655 | EXIWHAT_KILL_ARG to EXIWHAT_KILL_SIGNAL so that its name makes more sense | |
1656 | when used in both kinds of exiwhat processing. | |
1657 | ||
1658 | 30. By default, the daemon doesn't write a pid file if -bd is not used (i.e. if | |
1659 | only -q is used). The -oP didn't override this - it was ignored. It now | |
1660 | overrides the default and causes a pid file to be written. | |
1661 | ||
1662 | 31. The values of $local_part, $domain, etc. were not being set during the | |
1663 | expansion of shadow_condition in a local transport. | |
1664 | ||
1665 | 32. The convert4r4 script failed when macros that had continuation lines were | |
1666 | present in the Exim 3 configuration file. It inserted junk lines into the | |
1667 | output and gave uninitialized variable errors. | |
1668 | ||
1669 | 33. The convert4r4 script discards (with a comment) a setting of "rewrite" on | |
1670 | a smartuser director that has no setting of new_address when it turns it | |
1671 | into an "accept" router. | |
1672 | ||
1673 | 34. When an alias generated an address with a single-component domain, and | |
1674 | routing that domain caused it to be widened, Exim remembered only that it | |
1675 | had delivered to the widened domain. If any other addresses were deferred, | |
1676 | so that another delivery attempt happened later, Exim re-delivered to the | |
1677 | widened address, because it checked only the original address. When this | |
1678 | kind of widening happens, Exim now checks for previous delivery. | |
1679 | ||
1680 | 35. A delivery was silently discarded under the following specific | |
1681 | circumstances: | |
1682 | . The original address is x@a.b.c, where a.b.c is the local host; | |
1683 | . a.b.c is recognized as a local domain, and the address is redirected | |
1684 | to x@a; | |
1685 | . a is not recognized as a local domain, causing the address to be | |
1686 | processed by a dnslookup router; | |
1687 | . the router widens the address to a.b.c, routes it, and discovers it | |
1688 | is the local host. | |
1689 | Exim realized that because the domain had been widened, it might have | |
1690 | become a local domain, so it arranged to re-route from scratch, using the | |
1691 | new domain. However, because the original address was the same address, | |
1692 | it thought it had already dealt with it. | |
1693 | ||
1694 | 36. A space at the start of an LDAP query in an expansion (after the opening | |
1695 | curly) was provoking a syntax error. | |
1696 | ||
1697 | 37. A syntax error in the data of an ldapauth expansion caused the condition to | |
1698 | be false without an LDAP query even being tried. Now it causes the | |
1699 | expansion to fail. | |
1700 | ||
1701 | 38. Ensure that an incomplete config.h is removed when the buildconfig program | |
1702 | gives an error. Otherwise, if the error is a non-existent Exim user, and | |
1703 | the admin fixes this by creating the user (and not modifying any files), | |
1704 | Exim will try to use the broken config.h next time. | |
1705 | ||
1706 | 39. A call with an argument of the form "-D=xxxx" (i.e. omitting the macro | |
1707 | name) caused Exim to loop. It now reports an error. | |
1708 | ||
1709 | 40. If an ACL tested an address for being in a named domain list (e.g. | |
1710 | +relay_domains) and then called for recipient verification, and the | |
1711 | recipient was rewritten, the cache for remembering matching domain lists | |
1712 | was not being cleared after the rewrite, leading to potential routing (and | |
1713 | therefore verification) errors. Furthermore, the rewritten address would | |
1714 | (incorrectly) have been used for any subsequent address checking within | |
1715 | the ACL. | |
1716 | ||
1717 | 41. If an address such as a%b@c was processed using the "percent hack" and then | |
1718 | transmitted over SMTP, Exim was sending "RCPT TO:<a%b@c>" instead of | |
1719 | "RCPT TO:<a@b>". | |
1720 | ||
1721 | 42. A revised Makefile-CYGWIN file from Pierre Humblet. | |
1722 | ||
1723 | 43. If local_scan() rejected a -bS message, it wasn't handling the error in the | |
1724 | way -bS errors should be handled. | |
1725 | ||
1726 | ||
1727 | Exim version 4.05 | |
1728 | ----------------- | |
1729 | ||
1730 | 1. In the log display in Eximon, put the insert point (caret) at the start of | |
1731 | the last line instead of at the end, because this stops unwanted horizontal | |
1732 | scrolling when certain X libraries are used. | |
1733 | ||
1734 | 2. A malformed spool file with an incorrect number of recipients (which | |
1735 | should never occur, of course) could cause eximon (and probably exim) to | |
1736 | crash. | |
1737 | ||
1738 | 3. Updated Cygwin Makefile and os.h (minor tweaks). | |
1739 | ||
1740 | 4. Setting allow_domain_literals=true was not allowing domain literal | |
1741 | addresses in the -f command line option. | |
1742 | ||
1743 | 5. Added debugging output for removing and adding header lines at transport | |
1744 | time. | |
1745 | ||
1746 | 6. On systems where SA_NOCLDWAIT is defined, changed from using signal( | |
1747 | SIGCHLD, SIG_DFL) to using sigaction(), with flags explicitly set zero, to | |
1748 | ensure that SA_NOCLDWAIT is definitely off. This fixes a bug in AIX where | |
1749 | subprocesses were disappearing without being turned into zombies for Exim | |
1750 | to reap. There was a previous report of the error "remote delivery process | |
1751 | count got out of step" on a Linux box that was never resolved. It is | |
1752 | possible that this change fixes that too. | |
1753 | ||
1754 | 7. Other applications that support IPv6 have been coded to choose IPv6 | |
1755 | addresses in preference to IPv4 addresses where possible. This is | |
1756 | encouraged, in order to speed up the use of IPv6. Exim has now been changed | |
1757 | to do likewise when it looks up IP addresses from host names. This applies | |
1758 | both to hosts that have more than one IP address, and to MX records with | |
1759 | equal preference values when the hosts they point to have both IPv4 and | |
1760 | IPv6 addresses. Within one preference value, Exim will try all the IPv6 | |
1761 | addresses before any IPv4 addresses, even when some of the IPv4 addresses | |
1762 | belong to hosts that also have IPv6 addresses. | |
1763 | ||
1764 | 8. When Exim sent HELO after EHLO was rejected, or when it sent a second EHLO | |
1765 | after starting a TLS session, it used the primary host name as the | |
1766 | argument, instead of the expansion of the helo_data option. | |
1767 | ||
1768 | 9. Exim was failing to batch addresses for local delivery when errors_to was | |
1769 | set on the router to the same string for each address, in the case when the | |
1770 | string involved some kind of expansion (that ended up with the same value | |
1771 | each time). If the string was fixed (i.e. no expansion) the batching was | |
1772 | not blocked. In other words, I was testing the addresses of the strings but | |
1773 | forgetting to compare the content. The same problem was not present for | |
1774 | remote deliveries, but the code was written out instead of using a | |
1775 | subroutine that now exists for this purpose, so I tidied that code. | |
1776 | ||
1777 | 10. When Exim passes a connected TCP/IP socket to a new Exim process in order | |
1778 | to deliver another message on the same connection, it closes down TLS, | |
1779 | because it can't pass on the state information that is required by the | |
1780 | OpenSSL package. The new process then tries to start up TLS again. | |
1781 | Unfortunately, not all servers handle this - and, it has to be said, it is | |
1782 | a bit of a dubious interpretation of the RFC. (Exim as a server copes OK, | |
1783 | needless to say.) The problem is that the server may just die or give an | |
1784 | invalid response, causing a retry delay to occur. The option | |
1785 | hosts_nopass_tls was invented to help with this, but an automatic way of | |
1786 | testing has been invented. What now happens is that Exim sends a new EHLO | |
1787 | after shutting down TLS, before passing the socket on. This in itself | |
1788 | reduces the dubiousness of the procedure. If there isn't an OK response, | |
1789 | Exim doesn't try to pass the socket on. | |
1790 | ||
1791 | 11. There was inconsistency in the way failures to set up TLS sessions in the | |
1792 | smtp transport were handled when the host was not in hosts_require_tls. | |
1793 | It deferred for 4xx responses to STARTTLS, but tried in clear if the actual | |
1794 | TLS negotiation failed. It now does the same thing in both cases, and what | |
1795 | this is can be controlled by the new option tls_tempfail_tryclear. This | |
1796 | defaults true, causing a retry in clear to occur. If it is set false, these | |
1797 | kinds of temporary failure cause a defer (for that host; if there are | |
1798 | other hosts, they are tried). | |
1799 | ||
1800 | 12. Tidying. When starting up a new delivery process to deliver another message | |
1801 | over an existing SMTP connection, pass over the IP address as well as the | |
1802 | host name. This saves having to get the IP address from the socket. | |
1803 | ||
1804 | 13. Added "#define base_62 36" to OS/os.h-Darwin because the MacOS X operating | |
1805 | system has case-insensitive file names. | |
1806 | ||
1807 | 14. Tidies to rewriting code: (1) It was getting an unnecessarily large block | |
1808 | of memory for a rewritten header. (2) Removed some unnecessary debugging | |
1809 | code that just duplicated log output. | |
1810 | ||
1811 | 15. In an expansion like "${if <condition> {${mask:xxxx}}{yyyy}}" Exim still | |
1812 | tried to perform the masking operation even when the condition was false | |
1813 | and the yield was "yyyy". This could fail when "xxxx" wasn't a valid string | |
1814 | for the masking operation. Some other operators (e.g. base62) could fail in | |
1815 | a similar way. All string operations are now skipped when processing the | |
1816 | unused substring of a condition. | |
1817 | ||
1818 | 16. If a verification of a sender address in a header (caused by verify = | |
1819 | header_sender in an ACL) caused the address in the header to be rewritten | |
1820 | (typically because a DNS lookup had widened the domain), the newline at the | |
1821 | end of the header got lost, thereby causing two headers to be run together. | |
1822 | Sometimes, but not always, this caused a "spool format error". | |
1823 | ||
1824 | 17. A user wanted to use "save" in a filter file with a non-absolute path, and | |
1825 | to set file_transport to a non-appendfile transport that made use of | |
1826 | $address_file for its own purposes. This didn't work because Exim was | |
1827 | distinguishing between file and autoreplies by the leading '/' of the | |
1828 | former. It now checks for the leading '>' of the latter instead. | |
1829 | ||
1830 | 18. The "accept" router was forcing log_as_local instead of just defaulting it. | |
1831 | ||
1832 | 19. Exim crashed while verifying a recipient in an ACL if the address was | |
1833 | verified by a dnslookup router that widened the domain. | |
1834 | ||
1835 | 20. When checking the parameters returned from an ident call, Exim was assuming | |
1836 | that the format would be textually identical to the values it sent, | |
1837 | including the white space. This is not always the case, causing Exim to | |
1838 | discard returned ident data that it should have been accepting. | |
1839 | ||
1840 | 21. Typo (space missing) in "failed to expand condition" error message. | |
1841 | ||
1842 | 22. The option of specifying an individual transport in a route_data or | |
1843 | route_list option of the manualroute router wasn't working. Such settings | |
1844 | were being completely ignored. | |
1845 | ||
1846 | 23. The memory management was poor when building up a string from a lookup that | |
1847 | retrieved a large number of data items that had to be concatenated, for | |
1848 | example, an alias lookup in a database that returned thousands of | |
1849 | addresses. In extreme cases, this could grind the host to a halt. (Compare | |
1850 | change 8 for 4.00, which was a similar effect.) Two changes have been made | |
1851 | to improve matters: (a) For longer strings, it extends them in bigger | |
1852 | chunks, thus requiring fewer extensions. (b) It is now able to release some | |
1853 | unwanted memory when a string is copied out of it into a larger block. | |
1854 | ||
1855 | 24. There was a small error in the memory sizes quoted when -d+memory was used | |
1856 | and emptied memory blocks were released. | |
1857 | ||
1858 | 25. When helo[_try]_verify was set, Exim crashed if the reverse DNS lookup gave | |
1859 | a temporary error when trying to look up the host name. It now tries to | |
1860 | check with a forward DNS lookup (as it does when the reverse lookup can't | |
1861 | find a name). For helo_verify, a temporary error is now given if | |
1862 | verification failed, but the host name lookup gave a temporary error. (As | |
1863 | before, a permanent error is given if there is no host name available.) | |
1864 | ||
1865 | 26. When checking quotes for maildir++ format, if the directory name was given | |
1866 | with a trailing slash in the "directory" option of the appendfile | |
1867 | transport, Exim got the quota calculation wrong because it scanned the | |
1868 | final directory instead of the parent directory. | |
1869 | ||
1870 | 27. The "quota_xxx" error facility for retry rules was broken in Exim 4 if | |
1871 | the mailbox had not been read for more than approximately 10 hours. | |
1872 | ||
1873 | 28. If a router with "unseen" had a setting of address_data, the value was not | |
1874 | passed on to subsequent routers for the continuing processing of the | |
1875 | address. It now is. | |
1876 | ||
1877 | 29. If a daemon was started with (e.g.) -qff15m, it omitted the second 'f' when | |
1878 | starting queue runners. Likewise, if the flags included 'i', this was | |
1879 | omitted. | |
1880 | ||
1881 | 30. Some operating systems log warnings if exec() happens without the standard | |
1882 | input, output, and error file descriptors existing. The worry is that the | |
1883 | called program will open some file which will be allocated one of these | |
1884 | fds. Another bit of code might assume it can write an error message to | |
1885 | stderr, or whatever. Exim was calling itself to regain privilege for | |
1886 | delivery without these fds set, thus provoking the warning. Of course, it | |
1887 | didn't make use of them itself, but the exposure was there for libraries it | |
1888 | might be using. The code has been changed to ensure that, if any of the | |
1889 | file descriptors 0, 1, or 2 does not exist at the time of a call to exec(), | |
1890 | they are opened to /dev/null. | |
1891 | ||
1892 | 31. A delivery process could loop under the unusual combination of the | |
1893 | following circumstances: | |
1894 | (1) A delivery process had envelope_to_add set for its transport. | |
1895 | (2) The delivery was for a child address of an envelope address that | |
1896 | also had another child. | |
1897 | (3) This other child had been discarded because it was a duplicate of a | |
1898 | second envelope address. | |
1899 | (4) The second envelope address had generated a child that was discarded | |
1900 | because it was a duplicate of the first envelope address. | |
1901 | ||
1902 | 32. The -bp option was failing to notice delivered addresses that were in the | |
1903 | -J file but had not yet made it into the -H file. (This got broken between | |
1904 | Exim 3 and Exim 4.) | |
1905 | ||
1906 | 33. If "query" or "queries" in aliasfile director, or "route_query" or | |
1907 | "route_queries" in a domainlist router were enclosed in quotes, the | |
1908 | convert4r4 script was not removing the quotes before inserting the query | |
1909 | into an expansion string, leading to invalid queries within the string. | |
1910 | ||
1911 | 34. If more than two addresses were being delivered in a batch (either local or | |
1912 | remote deliveries), and they all had the same, non-empty value for | |
1913 | $self_hostname, but had different domains, Exim crashed. (This is rare, | |
1914 | because the use of "self=pass", which is the only way $self_hostname gets | |
1915 | set, is rare.) | |
1916 | ||
1917 | 35. If $message_headers was used in a context where there were no headers (e.g. | |
1918 | while verifying an address before receiving a message), it caused an | |
1919 | "unknown variable" error. Now it just returns an empty string. | |
1920 | ||
1921 | 36. Exim was not diagnosing missing time units letters in times on retry | |
1922 | rules. It was treating such malformed times as "-1", which caused the rules | |
1923 | to misbehave. | |
1924 | ||
1925 | 37. Added some debugging output to the CRAM-MD5 server code. | |
1926 | ||
1927 | 38. In the appendfile transport, check for a file name supplied by redirection | |
1928 | by checking for "not pipe and not autoreply" instead of looking for a | |
1929 | leading '/' in the "address". | |
1930 | ||
1931 | 39. The os.h file for Darwin defined CRYPT_H, which apparently is wrong. | |
1932 | ||
1933 | 40. The "condition" condition in ACLs has been tightened up. Formerly, anything | |
1934 | other than an empty string, "0", "no" or "false" was treated as "true". Now | |
1935 | it insists on "yes", "true", or a non-zero number. | |
1936 | ||
1937 | 41. Change 22 of 4.02 has been improved; somebody mailed me the correct code | |
1938 | to get an error message when ldap_result() doesn't set a result. | |
1939 | ||
1940 | 42. Update convert4r4 to recognize "ldap:" in require_files, and double the | |
1941 | colon. | |
1942 | ||
1943 | 43. Added "protocol violation" to the "SMTP synchronization" error message, to | |
1944 | make it clearer what it is complaining about. | |
1945 | ||
1946 | 44. Change 26 of 4.03 was incomplete. The same problem could arise if a lookup | |
1947 | failed while checking the pre-conditions of a router that was subsequently | |
1948 | run. This can happen for negated conditions such as "domains = !<lookup>". | |
1949 | ||
1950 | 45. Somebody managed to set up a configuration that crashed buildconfig such | |
1951 | that it left a half-built config.h but did not stop the build process. I | |
1952 | can't reproduce it, but I have added a check after building config.h to | |
1953 | test for the presence of its last line ("/* End of config.h */"). | |
1954 | ||
1955 | 46. Added a .PHONY target to the Makefile to be tidy for GNU make. (It should | |
1956 | be ignored by other versions). | |
1957 | ||
1958 | 45. When Exim uses Berkeley DB version 3 or 4 to create a DBM file, it creates | |
1959 | it in hashed format. Previously, it opened these files for reading in the | |
1960 | same format. Now it opens them as "unknown", which means that other formats | |
1961 | can be accommodated when using DB files for auxiliary data. | |
1962 | ||
1963 | 46. When concatenating header lines that may contain lists of addresses (From:, | |
1964 | To:, etc.) as a result of references to $h_from: etc., a comma is now | |
1965 | inserted at the concatenation point. Without it, the use of "if | |
1966 | foranyaddress" fails on such headers, which is dangerous. | |
1967 | ||
1968 | 47. The code for ratelimiting MAIL commands was triggering on the count of | |
1969 | messages received, instead of the number of MAIL commands (which is not the | |
1970 | same thing if no message is accepted in a transaction). The smtp_accept_ | |
1971 | max_per_connection limit has also been changed to use the count of MAIL | |
1972 | commands instead of the count of messages accepted. | |
1973 | ||
1974 | 48. There was a typo in the exiwhat script which broke it if the esoteric | |
1975 | CONFIGURE_FILE_USE_NODE option was in use. | |
1976 | ||
1977 | ||
1978 | Exim version 4.04 | |
1979 | ----------------- | |
1980 | ||
1981 | 1. Fix 10 for 4.03 had a bug in it, which could cause problems when converting | |
1982 | from an earlier 4.xx release with delayed "one_time" messages on the spool. | |
1983 | 4.03 incorrectly complains about spool format errors (and refuses to | |
1984 | process these messages). | |
1985 | ||
1986 | 2. Changed the status of the text widgets in the monitor from Append to Edit, | |
1987 | because this matters on some versions of X. | |
1988 | ||
1989 | 3. Change 22 for 4.03 turns out to be misguided. Luckily it is controlled by | |
1990 | a compile-time macro. I have removed the settings from OS/os.h-Linux that | |
1991 | made it try to use these functions. | |
1992 | ||
1993 | ||
1994 | Exim version 4.03 | |
1995 | ----------------- | |
1996 | ||
1997 | 1. Change 12 for 4.02 overlooked one case where 256 should have been replaced | |
1998 | by MAX_LOCALHOST_NUMBER. | |
1999 | ||
2000 | 2. Timeouts (etc) in dnslist lookups were not behaving as documented; they | |
2001 | were deferring (causing 4xx errors) instead of behaving as if the host was | |
2002 | not in the list. This has been fixed. In addition, some new special items | |
2003 | may appear in dns lists, to control what happens in this case. The items | |
2004 | are +include_unknown, +exclude_unknown, and +defer_unknown. | |
2005 | ||
2006 | 3. Added #include <unix.h> to OS/os.h-QNX because it was reported that this | |
2007 | was needed, in order to get O_NDELAY. | |
2008 | ||
2009 | 4. Added #define BASE_62 36 to OS/os.h-Cygwin. | |
2010 | ||
2011 | 5. Change 8 for 4.02 overlooked the fact that "directory" need not be set if | |
2012 | the directory name is coming from a filter or forwarding file. The check | |
2013 | has now been moved from initialization time to run time. Thus, it happens | |
2014 | later, but it still helps to diagnose the problem. | |
2015 | ||
2016 | 6. The file direct.c had been accidentally left in the distribution. | |
2017 | ||
2018 | 7. When a new process was forked to deliver another message down an existing | |
2019 | SMTP connection, a pipe file descriptor was accidentally left open. This | |
2020 | meant that if there was a long chain of such processes, the number of open | |
2021 | file descriptors increased by one for each process, and if there were | |
2022 | sufficent, the limit of open descriptors could be reached, causing various | |
2023 | problems. | |
2024 | ||
2025 | 8. When an address was being checked with -bt and the routing involved an | |
2026 | errors_to setting whose address verification also involved an errors_to | |
2027 | setting, Exim got into a verifying loop. It shouldn't verify an errors_to | |
2028 | setting when already verifying, but got this wrong if it started from -bt. | |
2029 | ||
2030 | 9. Tidied up some compiler warnings when compiling with TCP wrappers. | |
2031 | ||
2032 | 10. When a child address was promoted to a toplevel address by "one_time" after | |
2033 | a deferred delivery, it was not remembering any "errors_to" address that | |
2034 | was set by the routers that processed the original address. Consequently, | |
2035 | the subsequent delivery had (incorrectly) the original sender address in | |
2036 | the envelope. Exim now remembers the "errors_to" address with the new | |
2037 | toplevel address and reinstates it for the next delivery. | |
2038 | ||
2039 | 11. When Exim received a message other than from the daemon, there were two | |
2040 | situations in which it did not re-exec itself for delivery: when it was | |
2041 | running as root, or when it was running in an unprivileged mode. This was | |
2042 | an attempt to save some resources (very early Exims ran as root more often) | |
2043 | but has turned out to be pretty rare. A bug has been discovered in this | |
2044 | case: if the incoming message was on a TLS session (from inetd, for | |
2045 | example), but the outgoing delivery was on an unencrypted SMTP connection, | |
2046 | Exim got confused. The effect was minimal: it sent two EHLO commands, but | |
2047 | otherwise worked. Multiple EHLOs are not an error, according to the RFCs, | |
2048 | but there was at least one broken MTA that objected. This error would have | |
2049 | occurred only when synchronous delivery (-odi or -odf) was specified. | |
2050 | ||
2051 | While sorting this out, I have abandoned the logic that did a delivery | |
2052 | without forking in the interests of simplicity. This was an even rarer | |
2053 | case: it only happened when Exim was running as root or in an unprivileged | |
2054 | mode AND synchronous delivery was specified. | |
2055 | ||
2056 | 12. Change references to /bin/rm in the Makefile to plain rm. | |
2057 | ||
2058 | 13. If EXIM_PERL was set in Local/Makefile, but PERL_COMMAND was set to a | |
2059 | command that was not a file, or if it was set to a non-existent file, | |
2060 | the build process carried on trying to build Perl support, but without the | |
2061 | relevant variables for the Perl libraries, etc., which is disastrous. In | |
2062 | fact, the build process shouldn't have been using PERL_COMMAND; that is a | |
2063 | value for screwing into utility scripts. The build process assumes a | |
2064 | suitable PATH for things like rm, mv, etc., which have xxx_COMMAND | |
2065 | variables for scripts. So I've changed it to use just "perl". It now bombs | |
2066 | out if "perl --version" doesn't produce some output. | |
2067 | ||
2068 | 14. Changed the #includes in perl.c for the Perl headers to use <> instead of | |
2069 | "" because this is apparently better usage. | |
2070 | ||
2071 | 15. Added local_scan_timeout to apply a timeout to local_scan(). | |
2072 | ||
2073 | 16. Recognize IPv6 addresses as IP addresses, even when Exim is not compiled | |
2074 | with IPv6 support. | |
2075 | ||
2076 | 17. When verifying a HELO/EHLO name, Exim was not checking the alias host names | |
2077 | it obtained from calling gethostbyaddr(). In many cases, this didn't cause | |
2078 | any unwanted rejections because as a last resort Exim does a forward lookup | |
2079 | on the HELO name to see if any of its IP addresses matches. But it fixing | |
2080 | the bug saves the unnecessary additional lookup. | |
2081 | ||
2082 | 18. Added "domains = ! +local_domains" to the commented-out ipliteral router in | |
2083 | the default configuration. | |
2084 | ||
2085 | 19. Default sender_host_aliases to an empty alias list, instead of NULL. This | |
2086 | is just for tidiness; the way it was coded, it didn't cause any problems. | |
2087 | ||
2088 | 20. Added -tls-on-connect, which starts a TLS session without waiting for | |
2089 | STARTTLS. This supports older clients that used a different port. | |
2090 | ||
2091 | 21. Added support for the Cyrus pwcheck daemon. | |
2092 | ||
2093 | 22. Arranged to use getipnodebyaddr() instead of gethostbyaddr() in systems | |
2094 | with IPv6 support that have this function, because gethostbyaddr() doesn't | |
2095 | work for IPv6 addresses on all systems (it does on some). | |
2096 | ||
2097 | 23. Header lines added by "warn" statements in the ACL for RCPT are saved up to | |
2098 | be added after the message's header has been received. Previously, Exim was | |
2099 | saving up all added headers, from both RCPT and DATA, until the very end. | |
2100 | Now it adds those from RCPT before the DATA ACL is obeyed, so that they can | |
2101 | be accessed from within the DATA ACL. | |
2102 | ||
2103 | 24. Changed TLS initialization to use SSL_CTX_use_certificate_chain_file() | |
2104 | instead of SSL_CTX_use_certificate_file(). This means that the file can | |
2105 | contain the whole chain of certificates that authenticate the server. | |
2106 | ||
2107 | 25. Updated convert4r4 to check for colons that look as if they are part of | |
2108 | expansion items in require_files lists (e.g. ${lc:xxxx}). In Exim 3, the | |
2109 | whole list was expanded before splitting up, but in Exim 4, the splitting | |
2110 | happens first, so such colons must be doubled. The conversion script now | |
2111 | doubles such colons, and outputs a warning message. The test for one of | |
2112 | these colons is a match against "\$\{\w+:". | |
2113 | ||
2114 | 26. If, while verifying a recipient address, a router was skipped because a | |
2115 | lookup did not succeed, and the following router suffered a temporary | |
2116 | failure (e.g. a timeout), the log line for the temporary rejection showed | |
2117 | the error from the first router instead of from the second. | |
2118 | ||
2119 | 27. Exim crashed if a dnslists test was obeyed in an ACL for an SMTP message | |
2120 | from the local host. Now it just fails to match the list. | |
2121 | ||
2122 | ||
2123 | Exim version 4.02 | |
2124 | ----------------- | |
2125 | ||
2126 | 1. Bug in string expansion: if a "fail" substring of a conditional contained | |
2127 | another conditional that used the "fail" facility, Exim didn't swallow the | |
2128 | right number of closing parentheses in the case when the original condition | |
2129 | succeeded (i.e. when the condition containing the "fail" should be | |
2130 | skipped). | |
2131 | ||
2132 | 2. helo_verify_hosts wasn't working when comparing host names. | |
2133 | ||
2134 | 3. When delivering down an existing SMTP connection, the error "Unexpectedly | |
2135 | no free subprocess slot" was sometimes given for other addresses in the | |
2136 | message. | |
2137 | ||
2138 | 4. Binary zeroes in the message body are now turned into spaces in the | |
2139 | contents of $message_body and $message_body_end. | |
2140 | ||
2141 | 5. If the value of a field in a MySQL result was SQL NULL, and more than one | |
2142 | field was selected, Exim crashed. | |
2143 | ||
2144 | 6. It seems that many OS treat 0.0.0.0 as meaning the local host, typically | |
2145 | making it behave like 127.0.0.1. Since there have been incidents where this | |
2146 | was found in the DNS, two changes have been made: | |
2147 | (a) Added 0.0.0.0 to the ignore_target_hosts setting in the default | |
2148 | configuration. | |
2149 | (b) Unconditionally recognize 0.0.0.0 as the local host while routing. | |
2150 | ||
2151 | 7. Added helo_allow_chars so people can let in underscores if they really | |
2152 | have to. Sigh. | |
2153 | ||
2154 | 8. Give configuration error if "maildir_format" or "mailstore_format" is | |
2155 | specified for appendfile without specifying "directory". | |
2156 | ||
2157 | 9. When return_path was expanded in an smtp transport, the values of | |
2158 | $local_part and $domain were not set up. | |
2159 | ||
2160 | 10. The optimization for sending multiple copies of a single message over one | |
2161 | SMTP connection when there are lots of recipients (but too many for one | |
2162 | copy of the message) was messing up in the case when max_rcpt was set to 1 | |
2163 | (for VERP). It would send lots of copies with one RCPT each, correctly, but | |
2164 | because the transport was passed more than one address, $local_part and | |
2165 | $domain weren't set. Since setting max_rcpt to 1 is almost always | |
2166 | associated with VERP (or at least, you do it because you want to use | |
2167 | $domain or $local_part), I've made that a special case where the | |
2168 | optimization is disabled. | |
2169 | ||
2170 | 11. Cygwin has case-insensitive file names. Therefore, we can't use base 62 | |
2171 | numbers for Exim's identifiers. We have to use base 36 instead. Luckily 6 | |
2172 | base 36 digits are still plenty enough to hold the time for some years to | |
2173 | come. There's now a macro that is set either to 62 or 36, but the names and | |
2174 | documentation still talk about "base 62". | |
2175 | ||
2176 | 12. Added build-time variable MAX_LOCALHOST_NUMBER (default 256) to allow the | |
2177 | localhost number to be traded off against the maximum number of messages | |
2178 | one process can receive in one second. This is relevant only when | |
2179 | localhost_number is set. It may be useful for Cygwin, where the maximum | |
2180 | sequence number is much less when up to 256 hosts are allowed. | |
2181 | ||
2182 | 13. Extended MySQL server data to allow for the specification of an alternate | |
2183 | Unix domain socket. | |
2184 | ||
2185 | 14. Give error if too many slashes in mysql_servers or pgsql_servers item. | |
2186 | ||
2187 | 15. Changed the wording "debug string overflowed buffer" to "debug string too | |
2188 | long - truncated" to make it clearer that it's not a big disaster. | |
2189 | ||
2190 | 16. Now that I finally understand the difference between the resolver's returns | |
2191 | HOST_NOT_FOUND and NO_DATA, I've optimized Exim's DNS lookup so that if an | |
2192 | MX lookup gets HOST_NOT_FOUND, it doesn't bother to try to look up an | |
2193 | address record. Only if it gets NO_DATA does it do that. | |
2194 | ||
2195 | 17. The contents of Envelope-To: were not correct in cases when more than one | |
2196 | envelope address was redirected to a single delivery address via an | |
2197 | intermediate address, because the duplication was detected at the | |
2198 | intermediate stage, but the checking for Envelope-To: only looked at | |
2199 | duplicates of the final address. | |
2200 | ||
2201 | 18. If a message with the -N flag was on the spool, and was selected during a | |
2202 | queue run by -R or -S, the -N flag was incorrectly passed on to all | |
2203 | subsequent messages, leading to their being thrown away. | |
2204 | ||
2205 | 19. Remove unnecessary check for the local host when looking up host names in | |
2206 | host lists. | |
2207 | ||
2208 | 20. If tls_certificate is supplied, but tls_privatekey is not, assume that both | |
2209 | are in the tls_certificate file. | |
2210 | ||
2211 | 21. If a router set transport_current_directory or transport_home_directory | |
2212 | to something that involved an LDAP lookup, and there was more than one | |
2213 | local delivery to be done for a single message, all but the first got | |
2214 | deferred because the LDAP connection for those variables got opened in the | |
2215 | superior process, but closed in the first subprocess. The second subprocess | |
2216 | then assumed it was still open. We now ensure that each subprocess starts | |
2217 | with a clean slate (everything closed down) so that it can open and close | |
2218 | its own connections as needed. | |
2219 | ||
2220 | 22. After a failure of ldap_result(), Exim was calling ldap_result2error() in | |
2221 | order to get an error message. However, it appears that it shouldn't do | |
2222 | this if the value of result variable is NULL. As I can't find any way of | |
2223 | getting an error message out of LDAP in this circumstance, Exim now just | |
2224 | gives says "ldap_result failed and result is NULL". | |
2225 | ||
2226 | 23. If a message arrives over a TLS connection via inetd, close down the SSL | |
2227 | library in the subprocess for message delivery (but don't molest the | |
2228 | parent's SSL connection). | |
2229 | ||
2230 | ||
2231 | Exim version 4.01 | |
2232 | ----------------- | |
2233 | ||
2234 | 1. When setting TCP_NODELAY, the call to setsockopt() was using SOL_SOCKET | |
2235 | instead of IPPROTO_TCP, which caused excessive logging on some systems. | |
2236 | ||
2237 | 2. Changed the Makefile for Cygwin to set EXIM_USER and EXIM_GROUP to 0. | |
2238 | ||
2239 | 3. The SMTP rewriting facility was broken. | |
2240 | ||
2241 | 4. There was some malformatting in the spec.txt file (the other formats were | |
2242 | OK). | |
2243 | ||
2244 | 5. Made convert4r4 change "bydns_a" into "bydns" in route_list options, and | |
2245 | to do the same for "bydns_mx", but in this case to comment that it won't | |
2246 | work the same (and to suggest a workaround). | |
2247 | ||
2248 | 6. Removed redundant code in deliver.c for indicating when a reused SMTP | |
2249 | connection had been closed in a subprocess - this was being done twice. | |
2250 | ||
2251 | 7. Change 2 of 3.164 removed Exim's explicit checking that a reverse DNS | |
2252 | lookup yielded a name whose forwarded lookup gave the original IP address, | |
2253 | because I thought that gethostbyaddr() did this automatically (it seems to | |
2254 | on some systems). There is hard evidence that I was wrong, so this test has | |
2255 | been put back, and in a better form, because it now checks alias names. | |
2256 | This means that the verify=reverse_host_lookup condition in an ACL reduces | |
2257 | to requiring that the host name has been looked up, since the checks it | |
2258 | previously did are not always applied. | |
2259 | ||
2260 | 8. When sender verification fails, the error associated with it is given by | |
2261 | default before the 550 error for the first RCPT command. Not everybody | |
2262 | wants to see this. There is now an option (no_details) that suppresses it. | |
2263 | ||
2264 | 9. The patterns in rewriting rules with the 'S' flag were not being expanded. | |
2265 | For consistency with other patterns (and the documentation), this has been | |
2266 | changed. | |
2267 | ||
2268 | 10. "domainlist", "hostlist", and "addresslist" weren't recognized if the | |
2269 | immediately following character was a tab rather than a space. | |
2270 | ||
2271 | 11. The rules for writing daemon pid files have changed. A new option -oP has | |
2272 | been added to provide a way of specifying a pid file path on the command | |
2273 | line. Exim now writes a pid file when -bd is used, unless -oX is specified | |
2274 | without -oP. | |
2275 | ||
2276 | 12. The version number of OpenSSL was included in the response to the STARTTLS | |
2277 | command - a legacy from the original contributed code that doesn't seem | |
2278 | sensible. It no longer appears, and I took it out of the debug output as | |
2279 | well because that was the only place left, and the code to compute it was | |
2280 | "mysterious magic" that didn't seem worth keeping. | |
2281 | ||
2282 | 13. When another message was processed in order to send it down an existing | |
2283 | SMTP connection, Exim was doing the routing for all the addresses. Even if | |
2284 | called from a delivery from a queue runner, this doesn't count as "in a | |
2285 | queue run", so retry times were not being inspected. If the message had a | |
2286 | large number of recipients, and several of them timed out while routing, | |
2287 | the delay could be so large that the server at the other end of the SMTP | |
2288 | connection would time out. To avoid this happening, Exim now skips routing | |
2289 | for any addresses that have a domain retry time set for routing, whether or | |
2290 | not that retry time has arrived, when dealing with a pre-existing SMTP | |
2291 | connection. This will be "right" pretty well all of the time, and even | |
2292 | when it is "wrong", the only consequence will be some delay. (This doesn't | |
2293 | apply to "address" retry times, because those are usually the result of 4xx | |
2294 | errors, not timeouts.) | |
2295 | ||
2296 | 14. Added words to the initial output from -bh pointing out that no ident | |
2297 | callback is done. | |
2298 | ||
2299 | 15. The convert4r4 script wasn't getting it quite right with an aliasfile | |
2300 | director that had a "transport" setting. It was missing the "yes/no" in the | |
2301 | "condition" setting. | |
2302 | ||
2303 | ||
2304 | Exim version 4.00 | |
2305 | ----------------- | |
2306 | ||
2307 | 1. Changed the name of debug_print for authenticators (3.953/38) to | |
2308 | server_debug_print because it applies only when the authenticator is | |
2309 | running as a server. | |
2310 | ||
2311 | 2. Forgot to change DB_ to EXIMDB_ in the Cygwin Makefile. | |
2312 | ||
2313 | 3. There were still a couple of uses of vfork() when passing a socket to a | |
2314 | new delivery process. The use of vfork() is not recommended these days, | |
2315 | so I changed them to fork(). | |
2316 | ||
2317 | 4. Added the spa authentication mechanism, using the code contributed by Marc | |
2318 | Prud'hommeaux (and mostly taken from the Samba project). This supports | |
2319 | Microsoft's "Secure Password Authentication", but only as a client. | |
2320 | ||
2321 | 5. queryprogram had current_directory unset, but used "/" when it was unset. | |
2322 | It is tidier just to make the default "/" and have done with it. | |
2323 | ||
2324 | 6. When a delivery is run with -v, the -v flag is no longer passed on to new | |
2325 | processes that are started in order to send other messages on existing | |
2326 | SMTP connections. This prevents non-admin users from seeing these other | |
2327 | deliveries. Admin users can specify a higher level of debugging, and when | |
2328 | this is done, the debugging selection is passed on. | |
2329 | ||
2330 | 7. Increased the increment for dynamic strings from 50 to 100. | |
2331 | ||
2332 | 8. When Exim was building a dynamic string for $header_xxx from a number of | |
2333 | headers of the same name, or for $message_headers, it was using the dynamic | |
2334 | string function which is designed for use with relatively short strings. If | |
2335 | a pathological message had an enormous header, it chewed up memory at a | |
2336 | ridiculous rate. The code has been rewritten so that it does not do this. | |
2337 | With a 64K header string (there's a limit set at 64K) it now just gets one | |
2338 | 64K buffer. Previously it used a large number of megabytes to build such a | |
2339 | string, and some system filter processing ran machines into the ground on | |
2340 | messages with huge headers. | |
2341 | ||
2342 | 9. The work for 8 involved a small amount of other "refactoring" in the | |
2343 | expansion functions. | |
2344 | ||
2345 | 10. If "headers add" or "headers remove" were used in a system filter, the | |
2346 | headers didn't actually get changed when testing with -bF. This could | |
2347 | affect later commands in the filter that referred to the headers. | |
2348 | ||
2349 | 11. Two system filter bugs: (a) The system filter was always being run as root, | |
2350 | even if system_filter_user was set. (b) When the system filter was not run | |
2351 | as root, changes to the header lines by "headers add" or "headers remove" | |
2352 | were being lost. Because of (a), (b) would never have bitten. | |
2353 | ||
2354 | 12. Some "refactoring" in the daemon: | |
2355 | (a) Removed redundant statement smtp_in=NULL. | |
2356 | (b) The test for fork failure for a delivery process was not quite in the | |
2357 | right place. | |
2358 | (c) Added main and panic logging for receive and delivery fork failures. | |
2359 | (d) Check for fdopen() failure, and don't try to continue, but ensure | |
2360 | the sockets get closed. | |
2361 | (e) Log fclose() failures. | |
2362 | ||
2363 | 13. Added the "/data" facility to ACL dnslists so as to make it easy to use, | |
2364 | for example, the domain lookup of rfc-ignorant.org. | |
2365 | ||
2366 | 14. Refactored the code in the daemon to use a vector of structures instead of | |
2367 | two separate vectors for storing the pid of a spawned accepting process and | |
2368 | the corresponding IP address of the client. (This is to make it easier to | |
2369 | add other things.) | |
2370 | ||
2371 | 15. If EXIM_USER or EXIM_GROUP were set to the empty string in Local/Makefile, | |
2372 | the uid or gid were set to zero, which is unsafe. These settings now cause | |
2373 | an error message at build time. | |
2374 | ||
2375 | 16. check_ancestor was doing its check case-sensitively, which meant that it | |
2376 | did not work with some configurations when redirecting changed the case of | |
2377 | the local part. Now check_ancestor respects the setting of | |
2378 | caseful_local_part on the router which routed the ancestor address. | |
2379 | ||
2380 | 17. The check for router looping (whether the current router had previously | |
2381 | routed the same address) was always being done case-insensitively. It | |
2382 | should do the local part check case-sensitively when caseful_local_part is | |
2383 | set for that router. | |
2384 | ||
2385 | 18. Added helo_try_verify_hosts, which is like helo_verify_hosts except that | |
2386 | it doesn't reject failing HELO/EHLO. Instead the verification state can be | |
2387 | testing in an ACL by verify=helo. | |
2388 | ||
2389 | 19. When echoing log writes from a parallel remote delivery process to the | |
2390 | debug output, the pid of the parallel process was being omitted. | |
2391 | ||
2392 | 20. In an ACL run for a RCPT command, the values of $domain and $local_part | |
2393 | were becoming unset after a sender or recipient verification. | |
2394 | ||
2395 | 21. Exim crashed if called with -C followed by a ridiculously long string. | |
2396 | ||
2397 | 22. Some other potential points of trouble caused by pathological input data | |
2398 | have been defended. | |
2399 | ||
2400 | 23. If hosts_randomize was set on an smtp transport, the randomizing code had | |
2401 | a bug which could put the delivery process into a tight loop. | |
2402 | ||
2403 | ||
2404 | ||
2405 | Exim version 3.953 | |
2406 | ------------------ | |
2407 | ||
2408 | 1. Exim was not terminating the names of named lists in memory. It got away | |
2409 | with this on systems where newly malloc()d store is zeroed (always a bad | |
2410 | practice). When running in its test harness, Exim now ensures that all | |
2411 | new memory from malloc is filled with a non-zero value. This will help | |
2412 | pick up bugs like this in future. (I haven't made it do it always, for | |
2413 | performance reasons.) | |
2414 | ||
2415 | 2. When skip_syntax_errors was set on a redirect router, and a forward file | |
2416 | (NOT a filter file) contained only invalid addresses, the message was | |
2417 | discarded. The router now declines, as it does for invalid filter files. | |
2418 | Thus, the address is passed on unless no_more is set. | |
2419 | ||
2420 | 3. When an address containing upper case letters in the local part was | |
2421 | deferred, eximon showed the lowercased version with the caseful version | |
2422 | as a "parent", as well as the original caseful version in its queue list. | |
2423 | ||
2424 | 4. When hide_child_in_errmsg was set on a redirect router, bounce messages | |
2425 | still showed the failed addresses in the X-Failed-Recipients: header line. | |
2426 | ||
2427 | 5. Change 6 for 3.952 should also have included SIGTERM. | |
2428 | ||
2429 | 6. exim -bP +something was searching only the domain lists. It now searches | |
2430 | all lists for a matching name. | |
2431 | ||
2432 | 7. If Local/Makefile contains more than one of USE_DB, USE_GDBM, or USE_TDB, | |
2433 | give a build-time error. When it does contain one of them, arrange for any | |
2434 | OS default for any other one to be overridden. (The code expects at most | |
2435 | one of these to be defined.) | |
2436 | ||
2437 | 8. When a value for transport_home_directory is taken from the password | |
2438 | information, wrap it in \N...\N so that it isn't expanded in the transport. | |
2439 | This affects Cygwin, where home directories may contain $ characters. | |
2440 | ||
2441 | 9. Fixed an occasional crash when autoreply was sending a message created by | |
2442 | a user's filter file. It was referencing uninitialized memory. (The | |
2443 | prophylactic mentioned in 1 above made it a hard error.) | |
2444 | ||
2445 | 10. The "run" and "readfile" expansion items could sometimes return extra junk | |
2446 | characters (yet another uninitialized memory bug). | |
2447 | ||
2448 | 11. The lockout options forbid_filter_existstest etc. were not propagating to | |
2449 | the expansion of files sent as part of "mail" messages from users' filter | |
2450 | files. | |
2451 | ||
2452 | 12. Another unterminated string bug: when an ACL was read from a file | |
2453 | dynamically it wasn't properly terminated. | |
2454 | ||
2455 | 13. Cached pgsql connections weren't being re-used, leading to a potential | |
2456 | build-up of open connections. | |
2457 | ||
2458 | 14. $message_headers is supposed to be limited to 64K in length, but it wasn't | |
2459 | so limited if an individual header line was longer than 64K. | |
2460 | ||
2461 | 15. An individual header line, or concatenation of multiple identically- | |
2462 | named header lines, inserted by $h_xxxx is supposed to be limited to 64K in | |
2463 | length, but it wasn't so limited if the only header line was longer than | |
2464 | 64K. | |
2465 | ||
2466 | 16. A syntactically incorrect setting of -d... is now treated as a command line | |
2467 | syntax error (message to stderr, return code 1), without any entry on the | |
2468 | log. | |
2469 | ||
2470 | 17. Modifications to the exim_install script: | |
2471 | (a) Scan the combined Makefile in the build directory instead of messing | |
2472 | around scanning its individual constituent files. | |
2473 | (b) Use sed instead of a pipe of grep, tail and cuts. This allows better | |
2474 | control, but has to be very simple sed in order to work on Solaris. | |
2475 | (c) Allow for the setting of EXE to add a subscript to executables for | |
2476 | the benefit of Cygwin. | |
2477 | (d) Use -c instead of -b with "cut" because the "cut" in BSD/OS doesn't | |
2478 | grok -b. | |
2479 | ||
2480 | 18. Changes for Cygwin: | |
2481 | (a) Update scripts/os-type to recognize CYGWIN. | |
2482 | (b) Arrange (via the Uopen() macro) for all calls to open() to have | |
2483 | the O_BINARY flag, to avoid CRLF problems. | |
2484 | (c) If OS_INIT is defined, call it at the very start of Exim's execution. | |
2485 | (d) When resolver debugging is enabled, set _res.options |= RES_DEBUG | |
2486 | before calling res_init() as well as after, because that generates | |
2487 | some debugging info during initialization. | |
2488 | ||
2489 | 19. Make the initial call to os_getloadavg() in exim.c conditional on | |
2490 | LOAD_AVG_NEEDS_ROOT because it is done just to initialize os_getloadavg() | |
2491 | on systems that require the first call to be done as root. It should be | |
2492 | called only when messages are being received; it was being called | |
2493 | unnecessarily in some cases. | |
2494 | ||
2495 | 20. If Exim failed to open its retry hints database at routing time, it crashed | |
2496 | during a subsequent local delivery. | |
2497 | ||
2498 | 21. If Exim is neither setuid root nor called by root, there is no need to | |
2499 | attempt to drop root privilege when it is not needed. | |
2500 | ||
2501 | 22. I'd forgotten to remove the check for the presence of %s in pid_file_path | |
2502 | when it was set at run time. | |
2503 | ||
2504 | 23. If a transport filter crashed, or yielded a non-zero return code during an | |
2505 | SMTP delivery, Exim was not aborting the delivery. This led to multiple | |
2506 | partial deliveries of the message until the transport filter was fixed. | |
2507 | ||
2508 | 24. Do not try alternate hosts if a transport filter crashes or yields a | |
2509 | non-zero return during an SMTP delivery. | |
2510 | ||
2511 | 25. When exim -be is reading input lines from stdin, backslash can now be used | |
2512 | for continuations. This makes it easier to test expansions from a | |
2513 | configuration file by cut and paste, and long expansions in general. | |
2514 | ||
2515 | 26. The file src/auths/xtextdecode.c was incorrectly named xtestdecode.c, but | |
2516 | because the MakeLinks script built a symbolic link that worked, this | |
2517 | mistake didn't actually show up. | |
2518 | ||
2519 | 27. When Exim is delivering another message down an existing connection, | |
2520 | remote_max_parallel should be forced to 1; this wasn't happening, though | |
2521 | it would have caused a problem only if a message had more than 100 | |
2522 | recipients routed to the host. | |
2523 | ||
2524 | 28. When there was a problem while delivering down an existing connection, such | |
2525 | that the transport process closed the connection, this fact wasn't getting | |
2526 | communicated to the calling delivery process, which might have tried to do | |
2527 | more deliveries on the same connection. This would only have caused a | |
2528 | problem if there were more than 100 recipients to the same host. | |
2529 | ||
2530 | 29. The ${extract} action, with a negative field number that selected the first | |
2531 | field in a string, could return junk characters at the start of the | |
2532 | extracted field. | |
2533 | ||
2534 | 30. When Exim is acting as a client, if an attempt to start a TLS session fails | |
2535 | during the TLS negotiation phase (i.e. STARTTLS is accepted, but there's a | |
2536 | problem such as an unrecognized certificate during TLS session startup), | |
2537 | Exim used always to defer delivery. Now, unless the host is in | |
2538 | hosts_require_tls, Exim makes a new connection to the host and attempts to | |
2539 | send the message unencrypted. This avoids stuck messages for servers that | |
2540 | advertise STARTTLS but don't actually support it properly. | |
2541 | ||
2542 | 31. Added ${address:xxx} to go with ${domain:xxx} and ${local_part:xxx} which | |
2543 | extract from RFC 2822 addresses. | |
2544 | ||
2545 | 32. The rules for recognizing when Exim is being called from inetd have | |
2546 | changed. Previously Exim required SMTP input, stdin to be a TCP/IP socket, | |
2547 | and the caller to be root or the Exim user. This left a gaping hole if the | |
2548 | caller was not root or the Exim user, because then it wouldn't do the | |
2549 | policy checking for a remote host, because it didn't realize it was being | |
2550 | called from inetd. (This was seen on Debian configurations). Exim now | |
2551 | behaves as follows: if the input is SMTP and stdin is a TCP/IP socket, a | |
2552 | call from inetd is assumed. This is allowed to proceed either if the caller | |
2553 | is root or the Exim user, or if the port used is privileged (less than | |
2554 | 1024). Otherwise (a different user passing an unprivileged port) Exim gives | |
2555 | a "Permission denied" error. | |
2556 | ||
2557 | 33. Removed $compile_number from the default SMTP banner line (after discussion | |
2558 | on the mailing list). Also removed it from the default $Received: header. | |
2559 | ||
2560 | 34. # is documented as a comment character in the run time configuration only | |
2561 | when it appears at the start of a line. In the case of boolean values, | |
2562 | extra characters after "= true" or "= false" were being ignored, leading to | |
2563 | a false impression that comments could appear there. This is now diagnosed | |
2564 | as an error. | |
2565 | ||
2566 | 35. If a boolean option without a following "=" was followed by # (in the | |
2567 | mistaken belief that this would be a comment), the error was "missing =", | |
2568 | which was confusing. Exim now complains about extra characters. | |
2569 | ||
2570 | 36. When Exim complains about extra characters following an option setting, it | |
2571 | now adds a comment about comments if the first extra character is #. | |
2572 | ||
2573 | 37. Output debug_print strings when testing a host using -bh. | |
2574 | ||
2575 | 38. Added server_debug_print to authenticators (compare routers and | |
2576 | transports). This outputs when an authenticator is called as a server. It | |
2577 | can be helpful while testing with -bh. | |
2578 | ||
2579 | 39. Added debugging output to the crypteq condition. | |
2580 | ||
2581 | 40. If a named domain or local part list used in a "domains" or "local_parts" | |
2582 | option on a router matched by means of a lookup, the $domain_data and | |
2583 | $local_part_data variables were set for the first router that did this, but | |
2584 | were not set for any subsequent routers that used the same named list. The | |
2585 | same was true for multiple tests of named domain or local parts lists in an | |
2586 | ACL. | |
2587 | ||
2588 | 41. If the variable "build" is set when the top-level Makefile is run, the | |
2589 | variable now propagates from the top-level Makefile to subsidiary ones. | |
2590 | In addition, Local/Makefile-$(build) is added to the list of concatenated | |
2591 | files that go at the start of the Makefile in the build directory. | |
2592 | ||
2593 | 42. If NO_SYMLINK is defined in Local/Makefile, the exim_install script just | |
2594 | copies the Exim binary in with its unique name, without moving the "exim" | |
2595 | symbolic link to it. | |
2596 | ||
2597 | 43. Added BSDI 4.2 as a BSDI variant in scripts/os-type. | |
2598 | ||
2599 | 44. The spool file format for remembering a "one_time" redirection has changed; | |
2600 | I had forgotten to make Exim 4 capable of reading Exim 3 spool files. | |
2601 | ||
2602 | 45. Address lists are now permitted to include items of the form *@+name where | |
2603 | "name" is a named domain list. (Note that an item of the form +name is | |
2604 | taken as a named _address_ list.) | |
2605 | ||
2606 | 46. When Exim gives up privilege and reverts to the calling user because it was | |
2607 | called with the -C, -D, -be, or -bi options, it now reinstates the | |
2608 | supplementary group list as well as the uid and gid. | |
2609 | ||
2610 | 47. The crypteq condition has been extended. When the encrypted string begins | |
2611 | with "{md5}" Exim used to assume that the digest was encoded as a base64 | |
2612 | string. Now it assumes this only if its length is 24 bytes. If the length | |
2613 | is 32 bytes, Exim assumes a digest expressed in hex characters. If the | |
2614 | length is neither 24 nor 32, the comparison always fails. | |
2615 | ||
2616 | 48. Updated the convert4r4 script: | |
2617 | ||
2618 | (a) Some typos in the comments. | |
2619 | (b) Remove kill_ip_options, log_ip_options, and refuse_ip_options, which | |
2620 | no longer exist. | |
2621 | (c) Move all macro definitions to the top of the output, to ensure that | |
2622 | they precede any references to them. | |
2623 | (d) If tls_verify_ciphers was set without tls_verify_hosts, the generated | |
2624 | new configuration insisted on encryption ("these ciphers must be | |
2625 | used for all connections") instead of just checking the cipher when | |
2626 | encryption happened ("if encrypted, these ciphers must be used"). | |
2627 | (e) Address lists are now checked to see if they contain any bare lookup | |
2628 | items and if they do, these are converted to two items, the first | |
2629 | preceded by "*@" and the second with "partial-" removed. This makes | |
2630 | Exim 4 behave in the way that Exim 3 used to. An explanatory comment | |
2631 | is output. | |
2632 | (f) Put more explanation in above the "hosts = :" test. | |
2633 | ||
2634 | 49. Write a main and panic log entry when "partial-" is ignored in a lookup | |
2635 | that is part of an address list. (Applies when the item is a lookup for | |
2636 | which the whole address is the key.) | |
2637 | ||
2638 | 50. Two changes to the way $original_local_part and $parent_local_part work: | |
2639 | ||
2640 | (a) When an address that had a prefix or suffix was redirected to another | |
2641 | address, the value of $original_local_part and $parent_local_part | |
2642 | had the prefix or suffix stripped when referred to during the | |
2643 | processing of the child address. This doesn't seem right, so it has | |
2644 | been changed. | |
2645 | (b) When an address that had a prefix or suffix was being processed, | |
2646 | $local_part had the affix stripped, and if it was a top-level | |
2647 | address, $original_local_part also has the affix stripped. This has | |
2648 | been changed. Now $original_local_part contains the same value at all | |
2649 | levels. ($parent_local_part remains empty at top level.) | |
2650 | ||
2651 | 51. A number of macros in the Exim source began with "DB_". When compiling | |
2652 | with Berkeley DB version 4, DB_LOCK_TIMEOUT clashed with a macro set by | |
2653 | that package. The Exim macros now all start with "EXIMDB_", and Exim | |
2654 | therefore now supports DB version 4. | |
2655 | ||
2656 | 52. Newlines in a "freeze" text from a system filter were being sent as \n | |
2657 | in messages created by the "freeze_tell" option. They are now converted | |
2658 | back to newlines (in the log line they continue to appear as \n). | |
2659 | ||
2660 | 53. Added a new ACL condition "verify = reverse_host_lookup". This does a | |
2661 | reverse lookup of the client host's IP address, then does a forward lookup | |
2662 | for all the names it receives, and checks that at least one of the IP | |
2663 | addresses obtained from the forward lookup matches the incoming IP address. | |
2664 | The lookups are done with gethostbyaddr() and gethostbyname(), | |
2665 | respectively. | |
2666 | ||
2667 | 54. A small fix to eximstats reduces its store usage substantially when it is | |
2668 | processing very large log files: when a message's "completed" line is | |
2669 | reached, discard the memory of the message's size. | |
2670 | ||
2671 | 55. If an address was redirected to itself more than once (e.g. by two | |
2672 | different "redirect" routers, or because of the use of "unseen", it was | |
2673 | incorrectly discarded as a duplicate address. | |
2674 | ||
2675 | 56. For a rewrite pattern of the form *@something, if an actual address | |
2676 | contained @ in the local part (e.g. "a@b"@x.y), the value of $1 was set | |
2677 | incorrectly during expansion of the replacement address (it stopped at the | |
2678 | first @ instead of at the last one). | |
2679 | ||
2680 | 57. Added hosts_nopass_tls to the smtp transport. For any host that matches | |
2681 | this list, a connection on which a TLS session has been started will not be | |
2682 | passed to a new delivery process for sending another message on the same | |
2683 | connection. | |
2684 | ||
2685 | 58. The -dropcr command line option now turns CRLF into LF, while leaving | |
2686 | isolated CR characters alone. (Previously it removed _all_ CR characters.) | |
2687 | There is now also a drop_cr main option which has the effect of -dropcr for | |
2688 | all incoming non-SMTP messages. | |
2689 | ||
2690 | 59. If a configuration file macro expanded into a boolean option which was not | |
2691 | followed by = and a value, Exim gave a spurious error for an "unknown" | |
2692 | value for the option (typically a string from the previous line). | |
2693 | ||
2694 | ||
2695 | Exim version 3.952 | |
2696 | ------------------ | |
2697 | ||
2698 | 1. convert4r4 had an incorrect file name in its comment output. | |
2699 | ||
2700 | 2. convert4r4 was looking up $local_part instead of $domain in its generated | |
2701 | manualroute output. | |
2702 | ||
2703 | 3. There was no check that getpeername() was giving a socket address when | |
2704 | called on stdin passed from a previous delivery. | |
2705 | ||
2706 | 4. Fixed an old bug whereby Exim could segfault if debugging was turned on and | |
2707 | a DNS lookup found MX records for hosts whose A records had to be looked up | |
2708 | separately, and some of them pointed to the local host (pretty rare). | |
2709 | ||
2710 | 5. The debugging output for log writes now shows the names of any log selectors | |
2711 | instead of the hex value of the selector word. | |
2712 | ||
2713 | 6. If a delivery subprocess is terminated by SIGKILL or SIGQUIT, do not freeze | |
2714 | the message. This can happen during system shutdown. Other kinds of process | |
2715 | failure indicate problems. | |
2716 | ||
2717 | 7. If a sender verification did not complete (e.g. DNS lookup timed out), the | |
2718 | log line for the temporary RCPT rejection did not always say why (it lost | |
2719 | the message if there had been a previous call to any lookup). | |
2720 | ||
2721 | 8. The special message about MX records that point to IP addresses instead of | |
2722 | host names was not getting returned in the SMTP response when a | |
2723 | verification failed. This has been fixed, and the message that is logged in | |
2724 | this circumstance has been made less verbose. | |
2725 | ||
2726 | 9. When an SMTP callout is done, Exim tries to use the interface and port | |
2727 | number from the transport that the address was routed to during the prior | |
2728 | verification. If it wasn't routed to a remote transport, or if there's a | |
2729 | problem expanding the relevant options, Exim does not use a specific | |
2730 | interface, and it connects to port 25. | |
2731 | ||
2732 | 10. If the string "syslog" happened to occur in the log file path, eximon was | |
2733 | failing to extract the name of the main log file correctly. | |
2734 | ||
2735 | 11. Unlike other operating systems, Linux does not sync a directory after a | |
2736 | rename. However, we need this to happen to be sure an incoming message has | |
2737 | been safely recorded after it has been received. I have therefore added a | |
2738 | macro called NEED_SYNC_DIRECTORY (which is set in OS/os.h_Linux) to request | |
2739 | Exim to do an explicit sync on the directory after the rename. If | |
2740 | O_DIRECTORY is defined, it is used when opening the directory. | |
2741 | ||
2742 | 12. When a system filter creates any new deliveries, they are given a fake | |
2743 | "parent" address which appears on the logs, and is necessary for pipes, | |
2744 | files, and autoreplies, which cannot be toplevel addresses. This fake was | |
2745 | set up with the text "system filter". It's been changed to "system-filter" | |
2746 | because the space in the previous text could cause trouble. | |
2747 | ||
2748 | 13. The new option local_sender_retain suppresses the removal of Sender: header | |
2749 | lines in locally-submited (non-TCP/IP) messages from untrusted users. It is | |
2750 | required that no_local_from_check be set with local_sender_retain. | |
2751 | ||
2752 | 14. In a file interpolated into an address list, if a local part contained a | |
2753 | # character and there was also a following comment (introduced by a # | |
2754 | preceded by white space), the comment was not recognized. | |
2755 | ||
2756 | 15. Local part lists are now handled as address lists as far as recognition of | |
2757 | comments in interpolated files and the processing of +caseful at the top | |
2758 | level are concerned. In the local_parts option of a router, +caseful will | |
2759 | restore case-sensitive matching, even when the router does not have | |
2760 | caseful_local_part set (the default). | |
2761 | ||
2762 | 16. The key used for a dsearch lookup may not contain '/'. If it does, the | |
2763 | lookup defers. | |
2764 | ||
2765 | 17. When starting a delivery process after receiving a message locally, discard | |
2766 | the controlling terminal unless debugging is turned on. | |
2767 | ||
2768 | 18. The exim group was automatically trusted; this was not correct because it | |
2769 | meant that admin users who were in the exim group were automatically | |
2770 | trusted. If you want the exim group to be trusted, it must now be | |
2771 | explicitly configured. | |
2772 | ||
2773 | 19. The default configuration mentioned "dns_lists" instead of "dnslists" in a | |
2774 | comment. | |
2775 | ||
2776 | 20. Minor corrections and changes to the Exim4.upgrade document and to the | |
2777 | OptionLists.txt document. | |
2778 | ||
2779 | 21. If a local part beginning with a pipe symbol was routed to a pipe | |
2780 | transport, the transport got confused as to which command it should run. | |
2781 | This could be a security exposure if unchecked local parts are routed to | |
2782 | pipe transports. | |
2783 | ||
2784 | 22. When logging SMTP connections to the daemon from other hosts, include the | |
2785 | connection count in the log line. Tidied up the identification of SMTP | |
2786 | sources in logging lines. | |
2787 | ||
2788 | 23. Added "sender_domains" as a new ACL condition so that the Exim 3 setting | |
2789 | of sender_verify_callback_domains can easily be replicated. Corrected | |
2790 | convert4r4, which was incorrectly converting this to a "domains" setting. | |
2791 | ||
2792 | 24. The code for reading ident values was not discarding leading spaces, which | |
2793 | some hosts seem to send. | |
2794 | ||
2795 | 25. The building process was still insisting that PID_FILE_PATH contained %s, | |
2796 | but this is not required for Exim 4. | |
2797 | ||
2798 | 26. The logging of ETRN commands had got lost. It has been restored, and the | |
2799 | log selector "etrn" (on by default) added to control it. | |
2800 | ||
2801 | 27. IPv6 reverse DNS lookups were originally specified as happening in the | |
2802 | ip6.int domain, but this is being changed to ip6.arpa (and they've changed | |
2803 | the meaning of "arpa" to "Address and Routing Parameters Area"). The only | |
2804 | time Exim does reverse lookups directly (as opposed to calling | |
2805 | gethostbyaddress()) is in the code for the dnsdb lookup type. This has been | |
2806 | changed to use ip6.arpa. | |
2807 | ||
2808 | 28. Made the test programs (test_dbfn for testing DBM files, and some others) | |
2809 | compile! Updated the help output from test_dbfn. | |
2810 | ||
2811 | 29. Changed all occurrences of "r" and "w" in fopen() fdopen() calls to "rb" | |
2812 | and "wb". This makes no difference in Unix systems, but is apparently | |
2813 | necessary for running Exim under Cygwin. | |
2814 | ||
2815 | 30. Three changes that make virtually no difference when Exim is run on a real | |
2816 | Unix system, but which were asked for to make life easier when porting it | |
2817 | to run under Cygwin: | |
2818 | ||
2819 | (a) Changed the logic for locking a message when an Exim process is | |
2820 | handling it. Previously, the entire -D file was locked to indicate | |
2821 | this. Now Exim locks only the first line, which contains the name of | |
2822 | the file. Apparently, in the Cygwin environment, a subprocess cannot | |
2823 | read locked parts of a file, even when it is passed an open file | |
2824 | descriptor to that file from the process that did the locking. By | |
2825 | locking only the first line, which the subprocess does not want to read | |
2826 | (it just needs to read the data that follows), we can get round this | |
2827 | restriction with minimal effort. | |
2828 | ||
2829 | (b) Added support for native gdbm function calls. GDBM is apparently the | |
2830 | only DBM library that is currently available Cygwin, and only with its | |
2831 | native API. | |
2832 | ||
2833 | (c) The default modes for files, directories, and lock files in the | |
2834 | appendfile transport can now be set in Local/Makefile at build time. | |
2835 | ||
2836 | 31. When transmitting a message using SMTP with PIPELINING, if the server gave | |
2837 | a malformed SMTP response, the message logged by Exim didn't associate it | |
2838 | with the pipelined SMTP command to which it referred. For example it logged | |
2839 | "after DATA" if all the recipients had been sent. Also, if the response | |
2840 | was an empty line (illegal), it didn't show up very clearly. The error | |
2841 | messages are now more accurate, and point out empty lines. | |
2842 | ||
2843 | 32. Minor corrections and changes to src/configure.default. | |
2844 | ||
2845 | 33. When a host list in a route_list item that was enclosed in double quotes | |
2846 | contained single quotes within it, the quoting was incorrectly terminated. | |
2847 | Both the pattern and the host list in route_list items are now handled by | |
2848 | the standard quote-processing function. | |
2849 | ||
2850 | 34. Corrected the EDITME file for eximon so that the default stripchart | |
2851 | patterns work with the default runtime configuration for local deliveries. | |
2852 | (Previously it matched a delivery via a director - not possible in Exim 4.) | |
2853 | ||
2854 | ||
2855 | Exim version 3.951 | |
2856 | ------------------ | |
2857 | ||
2858 | Exim 3.951 is the first alpha testing release for Exim 4. A list the many | |
2859 | individual changes to the code made between Exim 3.33 and Exim 3.951 was not | |
2860 | kept. The functional changes are listed in the Exim4.upgrade file. | |
2861 | ||
2862 | **** |