Commit | Line | Data |
---|---|---|
495ae4b0 PH |
1 | Change log file for Exim from version 3.951 to 4.20 |
2 | --------------------------------------------------- | |
3 | ||
4 | ||
5 | Exim version 4.20 | |
6 | ----------------- | |
7 | ||
8 | 1. If data for an authentication interaction was just the string "=", | |
9 | indicating an empty string, Exim was not setting up the numerical variable | |
10 | correctly. In some situations, this could cause a crash - in others, it | |
11 | might have passed unnoticed. | |
12 | ||
13 | 2. Changed signal(SIGTERM, command_sigterm_handler) in smtp_in.c to use | |
14 | os_non_restarting_signal() for tidiness; in practice this doesn't actually | |
15 | matter because the handler terminates the process. | |
16 | ||
17 | 3. Refactoring: | |
18 | ||
19 | (a) In some (but not all) places where Exim applies timers using alarm(), | |
20 | it was resetting the SIGALRM handler afterwards, but sometimes to | |
21 | SIG_IGN and sometimes to SIG_DFL. In other words, it was a mess. In | |
22 | fact, this reset is not necessary, because after alarm(0) there is no | |
23 | possibility of receiving a SIGLARM signal. So I've just removed them | |
24 | all. | |
25 | ||
26 | (b) The daemon.c module had its own SIGALRM handler, which was unnecessary. | |
27 | I changed it to use the handler that is used (almost) everywhere else. | |
28 | ||
29 | (c) Almost all uses of SIGALRM use the same handler, but it was being set | |
30 | by signal() all over the place. Now it is set at the start, and it | |
31 | resets itself every time it is called, so it remains enabled | |
32 | throughout. The few places that use a different handler reset to the | |
33 | "standard" one afterwards. | |
34 | ||
35 | (d) The setting of the SIGTERM handler while reading SMTP commands was done | |
36 | somwhat untidily. I have re-arranged the code. | |
37 | ||
38 | 4. If the building process was interrupted during the MakeLinks script, a | |
39 | subsequent run of 'make' gave misleading errors. I've made it a bit more | |
40 | robust against this case. If there appears to be a half-made set of links, | |
41 | an error message suggests that the user should remove the build directory | |
42 | and start again. | |
43 | ||
44 | 5. For compatibility with other MTAs, -f "" is now accepted as synonymous with | |
45 | -f "<>". | |
46 | ||
47 | 6. Upgraded to PCRE 4.1. | |
48 | ||
49 | 7. If a domain list contained @mx_any, or @mx_secondary, and the DNS contained | |
50 | secondary MX records for a domain, but all the other MX (higher priority) | |
51 | records pointed to non-existent hosts, Exim was behaving as if the domain | |
52 | did not match the list item. This has been fixed. | |
53 | ||
54 | 8. Upgraded eximstats to 1.27. | |
55 | ||
56 | 9. It was reported that change 4.14/46(b) caused problems on some systems with | |
57 | older libraries. There is now an option that can be set in Local/Makefile | |
58 | (or in a operating system Makefile): | |
59 | ||
60 | IPV6_USE_INET_PTON=yes | |
61 | ||
62 | If this is done, Exim reverts to using inet_pton() to convert a textual | |
63 | IPv6 address for actual use, instead of getaddrinfo(), as it did in | |
64 | versions before 4.14. Of course, this means that the additional | |
65 | functionality of getaddrinfo() - recognizing scoped addresses - is lost. | |
66 | ||
67 | 10. Update for PostgreSQL to match 4.14/14: after an insert, delete, or update | |
68 | command, the result is the number of rows affected. | |
69 | ||
70 | 11. If smtp_banner expanded to an empty string, no greeting line was sent, thus | |
71 | causing the client to time out. An empty 220 response is now sent. | |
72 | ||
73 | 12. An empty argument was logged as a null string by the "arguments" log | |
74 | selector. Now empty strings and arguments that contain whitespace are | |
75 | surrounded by quotes. | |
76 | ||
77 | 13. The "arguments" log selector now also logs the current working directory | |
78 | when Exim is called. | |
79 | ||
80 | 14. Added a couple more debugging calls to tls-openssl. | |
81 | ||
82 | 15. Changed the name of the global variable ldap_version because some LDAP | |
83 | library uses the same name, which causes a clash. It's now called | |
84 | eldap_version. While I was at it, I changed the other two global variables, | |
85 | ldap_default_servers and ldap_dn. | |
86 | ||
87 | 16. If an address that is verified in an ACL is redirected to a single address, | |
88 | Exim verifies the child (this is not new). However, the value of $address_ | |
89 | data that was being returned was the value from the parent. It is now the | |
90 | value from the child. | |
91 | ||
92 | 17. Re-arranged the code for rda_is_filter() to make it easier to add other | |
93 | filter types in future. | |
94 | ||
95 | 18. Removed the filter test function from filter.c and put it into its own | |
96 | source file, again to make things easier for multiple filter types. | |
97 | ||
98 | 19. To help those people who are maintaining a patch for dynamically loaded | |
99 | local_scan() functions, I have added | |
100 | ||
101 | #define LOCAL_SCAN_ABI_VERSION_MAJOR 1 | |
102 | #define LOCAL_SCAN_ABI_VERSION_MINOR 0 | |
103 | ||
104 | to the local_scan.h file. | |
105 | ||
106 | 20. The variables $tls_certificate_verified, $tls_cipher, and $tls_peerdn now | |
107 | exist even when Exim is not compiled with TLS support. | |
108 | ||
109 | 21. If an empty user name was sent by a client for a LOGIN authentication, it | |
110 | was not put into $1; instead, the password ended up in $1 (instead of in | |
111 | $2). | |
112 | ||
113 | 22. When creating a temporary file in the appendfile transport for a per-file | |
114 | delivery not in maildir or mailstore format (that is, in the old Smail | |
115 | format - I wonder if anyone uses this?), Exim was opening the file without | |
116 | O_EXCL, which is a bit unsafe. | |
117 | ||
118 | 23. The output from the ${stat: expansion operator was being formatted using %d | |
119 | which expects an integer; in many (most) systems size_t is off_t, which | |
120 | is actually a long or even a longlong, and in some cases this caused | |
121 | incorrect data to be output. The formatting is now done using %ld, with the | |
122 | values all explicitly cast to (long). | |
123 | ||
124 | 24. Callout caching was failing to cache a negative response to a "random" | |
125 | address check. | |
126 | ||
127 | 25. If a daemon was started with -qsomething and not -bd, and deliver_drop_ | |
128 | privilege was set, and a pid file was specified with -oP, and the pid file | |
129 | did not previously exist, it was created with owner exim instead of owner | |
130 | root. | |
131 | ||
132 | 26. verify=sender was not being allowed in a non-SMTP ACL. | |
133 | ||
134 | 27. Under some error conditions, the socket used for ident calls could be left | |
135 | open. | |
136 | ||
137 | 28. Added acl_smtp_helo, because some people seem to want it. | |
138 | ||
139 | 29. For hosts that match helo_verify_hosts, the error given when a MAIL command | |
140 | is received without HELO or EHLO has been changed from 550 to 503 (which | |
141 | means "bad sequence of commands"). | |
142 | ||
143 | 30. Installed PCRE 4.2. | |
144 | ||
145 | 31. The quota_size_regex option for the appendfile transport was broken in that | |
146 | a terminating zero was omitted from the string that was extracted for the | |
147 | size. If it happened that digits followed in the memory to which it was | |
148 | copied, an incorrect (too large) size was then used. | |
149 | ||
150 | 32. Change 4.14/32 (iv) introduced a bug in the case when the "phrase" part of | |
151 | a rewritten address did *not* contain any special characters. The | |
152 | generated address was mangled. | |
153 | ||
154 | 33. Several items of refactoring from Michael Haardt: | |
155 | ||
156 | . Introduction of "const" in a number of places | |
157 | . Use memcpy() instead of strncpy() in string_cat() | |
158 | . Add HAVE_ICONV to Linux file, for external users (Exim doesn't use it) | |
159 | [Later: From 4.21, Exim *does* use it.] | |
160 | . Preparation for adding additional types of filter file | |
161 | ||
162 | 34. Changed (incompatibly, but hopefully not so it affects anyone) the | |
163 | appendfile transport in the case when it is called directly as a result of | |
164 | a .forward or a filter file requesting a delivery to a file. Previously, | |
165 | any settings of "file" or "directory" were ignored in this case. Now they | |
166 | are used. The path received from the router is in $address_file (as | |
167 | before) and can therefore be included in the expansion. | |
168 | ||
169 | 35. If a "save" command in a filter specifies a non-absolute path, the value of | |
170 | $home/ is pre-pended. This no longer happens if $home is unset or is an | |
171 | empty string. It is expected that the transport will complete the path (see | |
172 | 34 above). If there is an error before the path is complete, the local part | |
173 | is logged as "save xxxx". | |
174 | ||
175 | 36. If multiple "to file" deliveries are routed to the same transport, no | |
176 | batching ever takes place, whatever the value of batch_max. | |
177 | ||
178 | 37. If an address was redirected to an unqualified local part preceded by a | |
179 | backslash, Exim was qualifying it with the qualify_domain, instead of with | |
180 | the incoming domain. | |
181 | ||
182 | 38. Minor rewording: header lines can be added by MAIL as well as RCPT: the | |
183 | debug line mentioned only RCPT. | |
184 | ||
185 | 39. DESTDIR is the more common variable that ROOT for use when installing | |
186 | software under a different root filing system. The Exim install script now | |
187 | recognizes DESTDIR first; if it is not set, ROOT is used. | |
188 | ||
189 | 40. If DESTDIR is set when installing Exim, it no longer prepends its value to | |
190 | the path of the system aliases file that appears in the default | |
191 | configuration (when a default configuration is installed). If an aliases | |
192 | file is actually created, its name *does* use the prefix. | |
193 | ||
194 | 41. If an item in log_file_path was an empty string, Exim wrote the log to the | |
195 | log directory in the spool directory. Now it takes notice of the | |
196 | setting of LOG_FILE_PATH in Local/Makefile, and uses the first non-empty, | |
197 | non-"syslog" item from that list. If there are none, it uses the ultimate | |
198 | default of the spool directory. | |
199 | ||
200 | 42. If there is a Reply-to: header line, but it is empty, $reply_address now | |
201 | contains the From: address instead of being empty. | |
202 | ||
203 | 43. Added -no-cpp-precomp to CFLAGS in OS/Makefile-Darwin. Without this, the | |
204 | compiler provides a string for __DATE__ that does not conform to the | |
205 | specification in the C standard. The option disables precompiled headers, | |
206 | which should not have any bad effects, as pre-compiled headers are | |
207 | supposedly just a performance enhancement at compile time. | |
208 | ||
209 | 44. Refactoring: as there is now a flag that specifies whether or not a home | |
210 | directory that is passed with an address is already expanded, we no longer | |
211 | need the \N...\N fudge for home directories extracted from the password | |
212 | data. | |
213 | ||
214 | 45. Fixed an infelicity introduced by 4.14/71: The defaulting of the prefix, | |
215 | suffix, and check string stuff in appendfile was happening when no | |
216 | directory was supplied. Now it happens if no directory is supplied AND | |
217 | maildir has not been specified. | |
218 | ||
219 | 46. If expansion of the serverpassword in a spa authenticator or expansion of | |
220 | server_condition in a plaintext authenticator is forced to fail, | |
221 | authentication now fails (previously it gave a temporary error, which is | |
222 | what happens for other expansion failures). This brings these | |
223 | authenticators into line with cram_md5, where expansion of server_secret | |
224 | has always behaved like this. | |
225 | ||
226 | 46. Added new syslog facilities (courtesy Oliver Gorwits): | |
227 | ||
228 | (i) SYSLOG_LOGS_PID and LONG_SYSLOG_LINES in src/EDITME. | |
229 | (ii) syslog_facility and syslog_processname main options. | |
230 | ||
231 | 47. Callout was using only the hosts from the router, ignoring the transport. | |
232 | This has been changed. If (a) the router does not set up hosts (e.g. it's | |
233 | an accept router) or (b) the smtp transport that is routed to has | |
234 | hosts_override set, then the transport's hosts are used for callout | |
235 | checking. | |
236 | ||
237 | 48. When named lists were nested, and an inner list was resolved by a lookup | |
238 | that saved data for, e.g. $domain_data, the data was associated with just | |
239 | the outer list, though both were cached, so if a subsequent test was done | |
240 | for the inner list, there was no domain data. Example: | |
241 | domainlist A = lsearch;/a/b | |
242 | domainlist B = lsearch;/c/d | |
243 | domainlist C = +A : +B | |
244 | A test on +C that matched, followed by a test on +A or +B would provoke | |
245 | this bug. Now the data is saved with both the inner and the outer lists. | |
246 | ||
247 | 49. When the log selector +address_rewrite is turned on, the log lines now | |
248 | show where the rewritten address came from (which header line, envelope | |
249 | field, or an SMTP command). | |
250 | ||
251 | 50. If an integer or fixed point configuration value is too big to fit in | |
252 | a 32-bit int, Exim now writes an error to the panic log and dies. | |
253 | ||
254 | 51. Unknown SMTP commands are now assumed to be ones that need synchronization; | |
255 | this means that a packet that contains more than one of them will cause the | |
256 | connection to be dropped as soon as the first one is encountered. | |
257 | ||
258 | 52. The "control" feature of ACLs was not permitted for the MAIL ACL (an | |
259 | oversight). It now is allowed. | |
260 | ||
261 | 53. Added the "discard" verb to ACLs. | |
262 | ||
263 | 54. Fixed a theoretical bug observed by reading the code: if local_scan() | |
264 | changed the number of recipients, output from the received_recipients log | |
265 | selector would be incorrect. | |
266 | ||
267 | 55. Added HAVE_ICONV to the os.h files for Linux, Solaris, HP-UX. This is for | |
268 | use in the forthcoming Sieve addition to Exim. | |
269 | ||
270 | 56. The behaviour of -t in the presence of Resent- headers has been changed, | |
271 | for compability with Sendmail and other MTAs. Previously, Exim gave an | |
272 | error, because it is not clear from RFC 2822 how this might be handled. It | |
273 | turns out that MUAs don't seem to follow what RFC 2822 says, and any MUA | |
274 | that uses -t with Resent- ensures that there is only one set of Resent- | |
275 | header lines (usually by renaming others to X-Resent-xxx). So now Exim will | |
276 | take recipients from all the Resent- header lines instead of the usual | |
277 | ones. | |
278 | ||
279 | ||
280 | Exim version 4.14 | |
281 | ----------------- | |
282 | ||
283 | 1. Found another case where SIGCHLD is being ignored (a child process for | |
284 | handling a filter file) and so the wait() doesn't find the subprocess. This | |
285 | came to light as a result of extra logging introduced as part of the | |
286 | 4.12/14 fix. Now Exim is careful to set SIGCHLD handling to its default | |
287 | (i.e. to be noticed) for this particular subprocess. (It already has this | |
288 | code for other cases where it uses subprocesses.) | |
289 | ||
290 | 2. If ${run appeared in part of a conditional item that was being skipped, the | |
291 | actual running of the command was not being skipped. | |
292 | ||
293 | 3. A bit of code tidying (refactoring): there were two functions that built | |
294 | strings containing a host name and ident value for logging. There is now | |
295 | only one. It is called in some additional places where previously just the | |
296 | host name and address were given, so the wording of some log lines has | |
297 | changed slightly. | |
298 | ||
299 | 4. Added support for Unix domain socket connection to PostgreSQL. | |
300 | ||
301 | 5. The number of unknown SMTP commands that Exim will accept before dropping | |
302 | a connection can now be changed by smtp_max_unknown_commands. The default | |
303 | value is 3. Previously, a fixed value of 5 was used. The final command is | |
304 | now included in the log line. | |
305 | ||
306 | 6. The standard place for chown and chgrp in Linux is /bin, not /usr/bin, as | |
307 | assumed by the exicyclog script. I've implemented a "look for it" feature | |
308 | that makes exicyclog look in /bin, /usr/bin, /usr/sbin, and /usr/etc for | |
309 | the commands chown, chgrp, mv, and rm if configured, and turned on this | |
310 | feature for Linux. This should cope with old Linuxes that use /usr/bin. | |
311 | ||
312 | 7. Implemented .ifdef etc. | |
313 | ||
314 | 8. Installed signal handlers for SIGSEGV, SIGILL, SIGFPE, and SIGBUS while | |
315 | running local_scan(), so that crashes therein get caught. A temporary error | |
316 | response is sent for an SMTP message, and the spool is cleaned up. | |
317 | Previously, a -D file was left lying around if there was a crash in | |
318 | local_scan(). | |
319 | ||
320 | 9. The ${quote: operator has been changed so that it turns newline and | |
321 | carriage return characters into \n and \r, respectively. | |
322 | ||
323 | 10. Added support for crypt16(). | |
324 | ||
325 | 11. Some restrictions on the use of "verify" in ACLs were too restrictive, and | |
326 | have been relaxed. In particular, "verify = sender" is now permitted in the | |
327 | ACL for the MAIL command, as well as those for RCPT and DATA. | |
328 | ||
329 | 12. If local_scan() sets up recipient or errors_to addresses that are | |
330 | unqualified (local parts without a domain) Exim now qualifies them using | |
331 | the qualify_recipient domain. | |
332 | ||
333 | 13. White space at the start of continuation lines in -be input was not being | |
334 | ignored. | |
335 | ||
336 | 14. Previously, if a MySQL query was issued that did not request any data (an | |
337 | insert, update, or delete command), Exim gave a lookup error and deferred. | |
338 | This case is now recognized, and the result of the lookup is now the number | |
339 | of rows affected. | |
340 | ||
341 | 15. A configuration error is given if tls_try_verify_hosts is set and | |
342 | tls_verify_certificates is not set. (Exim already did this for | |
343 | tls_verify_hosts.) | |
344 | ||
345 | 16. Exim was trying to create a non-existent hints database even when it was | |
346 | just opening it for reading. It called the creating function with the | |
347 | O_RDONLY and O_CREAT flags. This works with many DB libraries, but it | |
348 | not with DB 1.85, where a subsequent attempt to use the database gave the | |
349 | error "Inappropriate file type or format". Exim now creates hints databases | |
350 | only when it wants to open them for writing. | |
351 | ||
352 | 17. If an ACL condition test set a default "message" value without a | |
353 | "log_message" value, and there were no overriding messages in the ACL | |
354 | itself, no message was logged. The user message is now logged. | |
355 | ||
356 | 18. If callout made a connection, but it was dropped before the initial | |
357 | welcome response was received, Exim logged "response to initial connection | |
358 | was" with no further text. It now logs that the connection was dropped. | |
359 | The wording of the logging for callout defers has been slightly changed so | |
360 | as to reduce duplication. | |
361 | ||
362 | 19. When multiple messages were sent using TLS over one connection, the | |
363 | additional required EHLO that follows STARTTLS was being counted as a | |
364 | nonmail command, and thus causing a problem if there were a lot of | |
365 | messages. Similarly, a new AUTH that followed STARTTLS was being counted. | |
366 | It is now possible to run with smtp_accept_max_nonmail set to zero in these | |
367 | and other "normal" circumstances. | |
368 | ||
369 | 20. During verify=sender, global rewriting rules are applied to the sender | |
370 | address, and if it changes, $sender_address becomes the rewritten version. | |
371 | Unfortunately, it was not getting updated until after the routers had been | |
372 | run, so that if a router referred to $sender_address while verifying a | |
373 | sender, the unrewritten value was used. | |
374 | ||
375 | 21. The "random address" callout test was being done after the other tests. | |
376 | This is silly, because if the host accepts all local parts, there isn't any | |
377 | point in doing the other, more specific, tests. I changed things around so | |
378 | that the "random" test (if configured) is done first. | |
379 | ||
380 | 22. Expanded the wording for callout failures when MAIL FROM:<> or RCPT TO the | |
381 | a postmaster address are rejected. Also include these words when a | |
382 | rejection happens because of caching (when there isn't an actual SMTP | |
383 | command/result to reflect). | |
384 | ||
385 | 23. A new router condition called "address_test" (default true) can be used to | |
386 | skip routers when testing addresses using -bt (compare no_verify). This can | |
387 | be a convenience when your first router sends stuff to an external scanner. | |
388 | ||
389 | 24. Testing for deliver_queue_load_max was happening inside the delivery | |
390 | sub-process, when it could have happened outside, in the queue runner (thus | |
391 | saving one process). This was a hangover from Exim 3, where there were | |
392 | other load tests to be done. The code has been tidied. | |
393 | ||
394 | 25. Code tidy: the driver_info generic structure contained a field that | |
395 | might, on 64-bit systems, not have been compatible with the fields in the | |
396 | structures of which it is supposed to be a subset. It turns out that this | |
397 | field and another are not actually used generically, so removing them from | |
398 | the structure solves the problem. | |
399 | ||
400 | 26. Added server_advertise_condition to authenticators. | |
401 | ||
402 | 27. The exim_checkaccess utility wasn't sending a HELO command; this matters | |
403 | now that it's possible to have an ACL that checks HELO/EHLO. | |
404 | ||
405 | 27. Added the ldap_version option to force a specific LDAP version. | |
406 | ||
407 | 28. Renamed the variable verify_address in exim.c as verify_address_mode, | |
408 | because it had the same name as the verify_address() function, which was | |
409 | confusing. | |
410 | ||
411 | 29. Added authenticated_sender to the smtp transport. | |
412 | ||
413 | 30. When the skip_syntax_errors option is applied to a filter file, it covers | |
414 | all filtering errors, some of which may not be strictly "syntax" (for | |
415 | example, failure to open a log file). The wording of the message has been | |
416 | changed to use "error" instead of "syntax error", to reduce confusion. Also | |
417 | the subject of the message sent by syntax_errors_to is now "error(s) in | |
418 | forwarding or filtering" instead of "syntax error(s) in address expansion". | |
419 | ||
420 | 31. Added -restore-times to the exim_lock utility. | |
421 | ||
422 | 32. Changes to the handling of the "phrase" parts of email addresses: | |
423 | ||
424 | (i) Re-organized the code to use a supplied instead of an implied buffer, | |
425 | and a length instead of expecting a terminated string. | |
426 | ||
427 | (ii) Changed from using the macro mac_isprint() to an explicit test for | |
428 | ASCII non-printing characters, because the macro pays attention to | |
429 | print_topbitchars, which is not correct here. | |
430 | ||
431 | (iii) If a rewritten address contained a "phrase" (whether or not the "w" | |
432 | flag was present on the rewrite rule), but the actual address was | |
433 | unqualified (had no domain) and was expected to be qualified by the | |
434 | "Q" flag, Exim screwed up and created an illegal address. | |
435 | ||
436 | (iv) When a header address is rewritten by a rule that includes the "w" | |
437 | flag, the parts of the address outside <> are now encoded according | |
438 | to RFC 2047 if necessary (assuming ISO-8859-1 encoding). | |
439 | ||
440 | 33. Added the ${rfc2047 and ${from_utf8 expansion operators. | |
441 | ||
442 | 34. The file names used for maildir deliveries have been changed, to accomodate | |
443 | operating systems that may re-use a PID within one second. The file name | |
444 | now include the microsecond time fraction, and the delivery process does | |
445 | not exit until the clock is at least one microsecond after the time used in | |
446 | the file name. The code copes with the clock going backwards (it waits | |
447 | till time catches up). | |
448 | ||
449 | 35. The rules for creating message ids have been changed to allow for the fact | |
450 | that a PID may be re-used within one second. As part of this change, the | |
451 | range of localhost_number has been reduced to 0-16 for most systems, and | |
452 | 0-10 for those with case-insensitive file systems (Cygwin, Darwin). | |
453 | ||
454 | 36. Code tidy: there was a local count of non-TCP/IP messages that duplicated | |
455 | the global receive_messagecount (used for accept_queue_per_connection). | |
456 | ||
457 | 37. verify = header_syntax was allowing unqualified addresses in all cases. Now | |
458 | it allows them only for locally generated messages and from hosts that | |
459 | match sender_unqualified_hosts or recipient_unqualified_hosts, | |
460 | respectively. | |
461 | ||
462 | 38. If PAM was called with an empty first string, it called the data function | |
463 | to get the user name, thereby getting the second string by mistake. If this | |
464 | was also null (empty passwords are permitted), there was an infinite loop. | |
465 | An empty user name is not now passed to PAM; authentication is forcibly | |
466 | failed instead. Also, if the end of the list of strings is reached, an | |
467 | empty string is passed back just once; a subequent call for data provokes | |
468 | an error response. | |
469 | ||
470 | 39. If a reverse DNS lookup yields an empty string, treat it as if the lookup | |
471 | failed. (Apparently such records have been seen. Sigh.) | |
472 | ||
473 | 40. Added the -bnq command line option to suppress automatic qualification of | |
474 | addresses in locally submitted messages. | |
475 | ||
476 | 41. Header texts supplied by options to the autoreply transport may now contain | |
477 | newlines that are followed by whitespace. (This was allowed from a filter, | |
478 | but not from the transport.) | |
479 | ||
480 | 42. Patch for < > problems in eximstats 1.23. | |
481 | ||
482 | 43. Re-arranged the code to make it easier in future to add additional filter | |
483 | types. | |
484 | ||
485 | 44. Added support for changing the connection timeout in LDAP; this is | |
486 | something that's available in Netscape SDK 4.1. Exim uses the given value | |
487 | if LDAP_X_OPT_CONNECT_TIMEOUT is defined. | |
488 | ||
489 | 45. When Exim was setting a daemon listener on multiple interfaces, including | |
490 | listening on "all IPv6" and "all IPv4" interfaces, it was binding all the | |
491 | sockets, and then calling listen() for each of them. On some IP stacks, a | |
492 | listen for "all IPv4" fails after listening for "all IPv6" because a single | |
493 | socket catches both kinds of call. Exim coped with this, but it turns out | |
494 | that on a USAGI-patched Linux, this logic doesn't work unless the "listen", | |
495 | as well as the "bind" has been done for the IPv6 socket first. The order of | |
496 | the functions has now been changed. Instead of "bind, bind ... listen, | |
497 | listen..." it now does "bind, listen, bind, listen, ...". Also, the failure | |
498 | happens in the bind() rather than in the listen(), so there are now two | |
499 | checks, which hopefully will handle all kinds of IP stack. | |
500 | ||
501 | 46. IPv6 addresses have "scopes", and a host with multiple interfaces can, in | |
502 | principle, have the same link-local addresses on different interfaces. | |
503 | Thus, they need to be distinguished, and a convention of using a percent | |
504 | sign followed by something (often the interface name) is being used, for | |
505 | example: 3ffe:2101:12:1:a00:20ff:fe86:a061%eth0. Two changes have been made | |
506 | to accommodate this: | |
507 | ||
508 | (a) A percent sign followed by an arbitrary string is allowed at the end of | |
509 | an IPv6 address. | |
510 | ||
511 | (b) Exim calls getaddrinfo() instead of inet_pton() to convert a textual | |
512 | IPv6 address for actual use. This function recognizes the percent | |
513 | convention in some operating systems. | |
514 | ||
515 | 47. Additional debugging inserted for the case of forced failure when expanding | |
516 | an item in a list. | |
517 | ||
518 | 48. A new debugging selector +expand has been added. This is not included in | |
519 | the default set of selectors. It requests detailed debugging information | |
520 | for string expansions. | |
521 | ||
522 | 49. Failure to open the main log results in a panic-die, but the original line | |
523 | that was being logged could be lost. It is now output to stderr if there is | |
524 | a stderr file. | |
525 | ||
526 | 50. When Exim starts, it checks for the existence of its spool directory, and | |
527 | creates it if necessary. Unfortunately, it was doing this after the code | |
528 | for logging arguments. Thus, if the spool did not exist, trouble ensued. | |
529 | ||
530 | 51. The log line for an ACL warning after a sender verify callout failure was | |
531 | not showing the details, unlike the log line for a deny. They are now shown | |
532 | in a similar way. | |
533 | ||
534 | 52. For reasons lost in the mists of time, when a pipe transport was run, the | |
535 | environment variable MESSAGE_ID was set to the message ID preceded by 'E' | |
536 | (the form used in Message-ID: header lines). The 'E' has been removed. | |
537 | ||
538 | 53. Updated the QNX configuration files for QNX 6.2.0. | |
539 | ||
540 | 54. The "*@" type partial matching for single-key lookups was broken in | |
541 | releases after 4.10. Exim looked for *@xxx but, if that failed, it wasn't | |
542 | going on to look for "*". | |
543 | ||
544 | 55. Included eximstats 1.25 in the source tree. | |
545 | ||
546 | 56. Changed log wording from "Authentication failed" to "<name> authenticator | |
547 | failed", where <name> is the name of the authenticator. | |
548 | ||
549 | 57. gcc 3.2.2 warned about a selection of places where string casts were | |
550 | needed. | |
551 | ||
552 | 58. Exim monitor: the use of one_time redirection could cause addresses to be | |
553 | displayed with incorrect "parent" addresses after the one_time | |
554 | re-arrangement had taken place. They should be shown with no parents, | |
555 | because the parentage has been removed. | |
556 | ||
557 | 59. Arranged to keep independent timestamps for postmaster and random checks in | |
558 | callouts, and not to do unnecessary tests for postmaster when testing | |
559 | individual addresses. | |
560 | ||
561 | 60. Incorporated PCRE release 4.0. | |
562 | ||
563 | 61. Added ${hex2b64: operator. | |
564 | ||
565 | 62. Added $tod_zulu. | |
566 | ||
567 | 63. Added ${strlen: operator. | |
568 | ||
569 | 64. Added ${stat: operator. | |
570 | ||
571 | 65. When Exim is receiving multiple messages on a single connection, and | |
572 | spinning off delivery processess, it sets the SIGCHLD signal handling to | |
573 | SIG_IGN, because it doesn't want to wait for these processes. However, | |
574 | because on some OS this didn't work, it also has a paranoid call to | |
575 | waitpid() in the loop to reap any children that have finished. Some | |
576 | versions of Linux now complain (to the system log) about this "illogical" | |
577 | call to waitpid(). I have therefore put it inside a conditional | |
578 | compilation, and arranged for it to be omitted for Linux. | |
579 | ||
580 | 66. Added settable variables $acl_c0 - $acl_c9 and $acl_m0 - $acl_m9 for use | |
581 | during ACL processing. | |
582 | ||
583 | 67. Added "defer" command to system filter. | |
584 | ||
585 | 68. X options such as -bg or -geometry that were added to an eximon command | |
586 | were being lost as a result of a bug introduced by 4.12/6. | |
587 | ||
588 | 69. The "more" and "unseen" generic router options can now be expanded strings. | |
589 | ||
590 | 70. The "once_repeat" option in the autoreply tranport is now an expanded | |
591 | string. | |
592 | ||
593 | 71. If maildir_format is set on an appendfile transport that is referenced from | |
594 | an file_transport setting in a redirect router, it forces maildir delivery, | |
595 | even if the path given in the filter does not end with '/'. | |
596 | ||
597 | 72. Fixed three bugs in ${readsocket: | |
598 | (i) If the operation failed, and a failure string was given, "}}" was | |
599 | erroroneously added to it. | |
600 | (ii) If the operation succeeded, but a failure string was present, "}" was | |
601 | added to the expanded data. | |
602 | (iii) The alarm for the timeout was set with signal() instead of with | |
603 | os_non_restarting_signal(), which meant that it only worked on those | |
604 | OS whose default is not to restart an interrupted system call. | |
605 | ||
606 | 73. A complete host name (no wildcards) in a host list causes a forward lookup | |
607 | for the IP address. If this failed, Exim was behaving as if the host didn't | |
608 | match the list, instead of giving an error (as it does when a reverse | |
609 | lookup fails). | |
610 | ||
611 | 74. If router_home_directory was passed on as a home directory for a local | |
612 | transport, it was being re-expanded in the transport. This has been changed | |
613 | so that the expanded value is passed from the router to the transport, and | |
614 | no re-expansion takes place. | |
615 | ||
616 | 75. When a redirect router generated a pipe, file, or autoreply, the values of | |
617 | $domain_data and $localpart_data were not being propagated to the | |
618 | transport. | |
619 | ||
620 | 76. The macros MESSAGE_ID_LENGTH and SPOOL_DATA_START_OFFSET are now defined in | |
621 | local_scan.h so that they are available to local_scan() functions. | |
622 | ||
623 | 77. Changes to the SMTP PIPELINING support: | |
624 | ||
625 | (1) Exim used always to accept pipelined commands, even when it hadn't | |
626 | advertised PIPELINING (i.e. when EHLO had not been received). Now it | |
627 | objects unless PIPELINING has been advertised. | |
628 | ||
629 | (2) Advertising PIPELINING to specific hosts can be disabled via the new | |
630 | option pipelining_advertise_hosts. | |
631 | ||
632 | 78. The acl_smtp_connect ACL was not being run for -bs input when no IP address | |
633 | was supplied via -oMa. | |
634 | ||
635 | 79. A "mail" command in a filter could cause a crash if the list of recipients | |
636 | for the "to:" line was excessively long - this showed up in a reply to | |
637 | a message with a ridiculously long Reply_to: header line. | |
638 | ||
639 | 80. Added allow_utf8_domains. | |
640 | ||
641 | 81. Added $rh_ and $rheader for "raw" header expansion. | |
642 | ||
643 | 82. Added smtp_accept_max_nonmail_hosts. | |
644 | ||
645 | 83. Extended ${stat (see 64 above) to add smode=symbolic mode. | |
646 | ||
647 | 84. Added default logging for host and IP lookup failures, with a log selector | |
648 | called host_lookup_failed to turn it off. | |
649 | ||
650 | 85. Added header_maxsize and header_line_maxsize. | |
651 | ||
652 | 86. If a RCPT ACL made use of "verify = sender" without callout, followed by | |
653 | another use with callout, and the callout failed, the caching was broken | |
654 | such that for a subsequent RCPT command, the first callout failed | |
655 | incorrectly. The caching of sender verification has been fixed so that it | |
656 | now remembers that the routing succeeded even when the callout fails. | |
657 | ||
658 | 87. Added errno and strerror(errno) to the log line for a failure to lock the | |
659 | -D file when receiving a message. | |
660 | ||
661 | 88. If router with check_local_user set up a local delivery, and no user was | |
662 | specified on the transport, and errors_to on the router specified an | |
663 | address whose verification also invoked check_local_user, the wrong uid/gid | |
664 | was used for the transport. It used the uid/gid of the errors_to address | |
665 | instead of the uid/gid of the original local part. | |
666 | ||
667 | 89. If log_file_path=:syslog was set, to use the default log path and also | |
668 | syslog, and check_log_space was also set, Exim was confused, and refused to | |
669 | accept messages, giving the error "cannot find slash in ". | |
670 | ||
671 | 90. If a router stripped a prefix or a suffix from a local part, and then | |
672 | routed that address to an smtp or lmtp transport, the address that was | |
673 | sent in the RCPT command did not have the affixes stripped. | |
674 | ||
675 | 91. For BSMTP delivery by appendfile or pipe, the address given in the RCPT | |
676 | command did not preserve the case of the envelope address, as it is | |
677 | supposed to. | |
678 | ||
679 | ||
680 | Exim version 4.13 | |
681 | ----------------- | |
682 | ||
683 | There was no 4.13. I accidentally put out a fixed version of 4.12 (a typo was | |
684 | discovered very soon after release) that verified itself as 4.13. This too was | |
685 | hastily fixed, but it seems best not to use the number, to avoid confusion. | |
686 | ||
687 | ||
688 | Exim version 4.12 | |
689 | ----------------- | |
690 | ||
691 | 1. Update to change 4.11/82: for the max number of processes, set | |
692 | RLIM_INFINITY if it is defined. | |
693 | ||
694 | 2. An expansion ${run{xxx}} where xxx was a successful command that produced | |
695 | no output caused Exim to crash. | |
696 | ||
697 | 3. Some artificial delays of 1 second existed when running in the test | |
698 | harness, to ensure repeatability of debugging output. Now that we have | |
699 | the millisleep() function, these can be shorter. | |
700 | ||
701 | 4. Change 4.11/30 below overlooked the case when an address gets a 4xx | |
702 | response from a server. Because this isn't a host problem, the host does | |
703 | not get delayed, and it gets tried every time the address is OK'd for | |
704 | routing, with the same reponse. However, if hosts_max_try is set, because | |
705 | not all the hosts were tried, the address does not time out. I've changed | |
706 | things so that if there is a 4xx response to a RCPT command, the host in | |
707 | question does not count towards hosts_max_try if the message is older than | |
708 | the host's maximum retry time. This means that other hosts are always tried | |
709 | in this circumstance; if the address gets 4xx errors from all of them, it | |
710 | will eventually time out. | |
711 | ||
712 | 5. If a retry rule for a host had no actual retry times specified, it could | |
713 | cause a crash when checking the ultimate address timeout. (Very old bug, | |
714 | spotted in passing, so probably never bothered anybody.) | |
715 | ||
716 | 6. Change 135 below broke the following scripts when a list of configuration | |
717 | files was given: exicyclog, exim_checkaccess, eximon, exinext, and exiwhat. | |
718 | In practice, if exim_path was not specified in the configuration file (a | |
719 | common case), things would probably work OK. However, the use of | |
720 | CONFIGURE_FILE_USE_NODE definitely did not work. These scripts have now | |
721 | been updated to fix this problem. They now search for the configuration | |
722 | file in the same way Exim itself does: for each name in the list, the | |
723 | "noded" file is tried first, then the unsuffixed file. | |
724 | ||
725 | 7. If a WARN verb in an ACL did not specify an explicit "message" modifier, | |
726 | and was triggered by a failing sender or recipient verification, the | |
727 | response that would have been sent as an SMTP message for a DENY verb was | |
728 | incorrectly being added to the message's headers. | |
729 | ||
730 | 8. I screwed up change 4.11/155. For lookup types whose names were prefixes of | |
731 | other lookup types (e.g. nis and nisplus, dbm and dbmnz), the new search | |
732 | function didn't do the correct comparison, meaning that the wrong lookup | |
733 | type could be found. | |
734 | ||
735 | 9. Solaris seems to be one of the LDAPs that doesn't have the lud_scheme | |
736 | member of the LDAPURLDesc structure. Since the check that is made on it | |
737 | is only to double check that a path is given for ldapi, I've just removed | |
738 | the test in the Solaris case. | |
739 | ||
740 | 10. The modified TextPop.c source in the Exim monitor had declarations of errno | |
741 | and sys_nerr which never were actually referenced. The second of these | |
742 | caused trouble on Darwin, so I've removed both of them. Why were they | |
743 | there? Who knows? This is ancient X code... | |
744 | ||
745 | 11. The DEFER ACL verb crashed if no "message" modifier was set. | |
746 | ||
747 | 12. The check on incoming messages that gives the error "too many non-mail | |
748 | commands" was too strict. In the case of Exim sending to Exim, when the | |
749 | client has queued messages for the server and is using TLS, it will close | |
750 | and re-initialize TLS between messages (because the client has to hand the | |
751 | SMTP connection to a new process). STARTTLS was being counted as a non-mail | |
752 | command, and therefore could cause the limit to be hit. The revised code | |
753 | now allows for one RSET, one HELO or EHLO, and one STARTTLS between each | |
754 | message without counting them as non-mail commands. (One RSET was | |
755 | previously allowed - I *had* spotted that case.) | |
756 | ||
757 | 13. Some log lines for rejections by ACL were putting ident values in | |
758 | parentheses instead of using U= after H=. (There are some other lines that | |
759 | do use parens, typically when the host name appears without H= within a | |
760 | message. This whole area could perhaps do with tidying up.) | |
761 | ||
762 | 14. When processing a redirection file happens in a subprocess (typically so | |
763 | that a .forward file is processed as the user), Exim was assuming that a | |
764 | call to wait() would always reap the subprocess, and it was failing to | |
765 | check the result. In theory, a signal of some sort occurring at the wrong | |
766 | time could break this assumption - the process was then left unreaped, and | |
767 | could possibly be picked up later during deliveries, thus confusing that | |
768 | code ("processes got out of step"). This is conjecture - I haven't got a | |
769 | definite test of this. However, I have fixed the code to repeat the wait | |
770 | after a signal. | |
771 | ||
772 | 15. When Exim was waiting for a remote delivery subprocess, and the waitpid() | |
773 | call found a process that was not in the list of remote delivery processes, | |
774 | Exim gave up waiting for remote processes. It is probably better just to | |
775 | ignore the unexpected process (though, of course, write to the main and | |
776 | panic logs) and to wait for another process, and so that is what now | |
777 | happens. If the error situation is caused by failed waiting logic for | |
778 | routing or local delivery processes, this approach will minimize bad | |
779 | behaviour, I hope. | |
780 | ||
781 | ||
782 | Exim version 4.11 | |
783 | ----------------- | |
784 | ||
785 | 1. Ignore trailing spaces after numbers in expansion comparisons such as | |
786 | ${if > { 5 } { 4 } ... (leading spaces were already ignored). | |
787 | ||
788 | 2. Two variables, $warnmsg_delay, and $warnmsg_recipients, had got left with | |
789 | their old Exim 3 names, when I meant to change to "warn_message", along | |
790 | with the warn_message_file option. They have now been changed. The old | |
791 | names remain as synonyms, but will be undocumented in due course. | |
792 | ||
793 | 3. The message "This message was created automatically by mail delivery | |
794 | software (Exim)." still confuses people. If they are sufficiently Internet- | |
795 | ignorant, they think the message has come from exim.org. At first, I | |
796 | changed thw wording to "This message was created automatically by mail | |
797 | delivery software (Exim) running on a mail server handling mail for <the | |
798 | qualify domain>." in the hope that that might be better. However, in | |
799 | testing that still proved confusing on servers handling multiple domains. | |
800 | The message has now reverted to the original, simple wording: "This message | |
801 | was created automatically by mail delivery software." | |
802 | ||
803 | 4. It has been discovered that, under Linux, when a process and its children | |
804 | are being traced by "strace -f", the children are stolen from the parent | |
805 | while they are being traced. A call to waitpid(-1,&x,NOHANG), which Exim | |
806 | uses to test for the completion of "any of my children" in a non-blocking | |
807 | manner, returns as if there are no children in existence. Exim used treat | |
808 | this as a serious unexpected error state. What it does now is to use | |
809 | kill(pid,0) to check explicitly for the continued existence of any of its | |
810 | children. If it finds any, it assumes it is being traced, and proceeds as | |
811 | if the return from waitpid() had been "none of your children have finished | |
812 | yet". If it can't find any children, it gives the error as before. | |
813 | ||
814 | 5. When Exim creates hints databases and their lock files as root, it needs to | |
815 | change their ownership to exim. In Exim 3, the function to open a hints | |
816 | database wasn't called as root very often, and the check "are we running as | |
817 | root?" would usually fail. However, because Exim 4 eschews the use of | |
818 | seteuid(), it runs all its routing as root, and this always calls the hints | |
819 | database opening function. It wasn't noticing when it was actually creating | |
820 | the database, and so it was running chmod() on all the files in the db | |
821 | directory every time. This does no harm, of course, but wastes resources. | |
822 | Exim now detects when the database was already in existence by opening | |
823 | without O_CREAT at first. If this succeeds, it doesn't do the root test. | |
824 | ||
825 | 6. The line in MakeLinks that creates a link for direct.c had been | |
826 | accidentally left in (cf 4.03/6). | |
827 | ||
828 | 7. The value of $0 in the replacement in a rewriting rule was being corrupted, | |
829 | leading to incorrect results or error diagnostics. | |
830 | ||
831 | 8. Added support for ldapi:// URLs to the LDAP lookups (OpenLDAP only). Also, | |
832 | re-organized the code to use ldap_initialize() with OpenLDAP in all cases | |
833 | (it seems to be preferred). | |
834 | ||
835 | 9. With OpenLDAP 2.0.25, ldaps:// doesn't seem to work unless the LDAP | |
836 | protocol level is set to 3. This is now standard in the Exim code, as v3 | |
837 | has been around for 5 years now. Testing ldaps:// is now included in the | |
838 | Exim test suite. Although earlier versions claimed to support it, I rather | |
839 | suspect that it never worked. | |
840 | ||
841 | 10. Inserted some checking of the syntax of the IP address given as the first | |
842 | argument to the exim_checkaccess utility. This gives a better error | |
843 | message, especially in the case when somebody gets the arguments in the | |
844 | wrong order. | |
845 | ||
846 | 11. Improved the panic log entry if an unsupported format type is passed to | |
847 | string_vformat() (now gives the whole format string, not just the little | |
848 | bit that's wrong). | |
849 | ||
850 | 12. Ever since its early days, Exim has checked the syntax of non-SMTP | |
851 | addresses according to RFC [2]822 rules, rather than the stricter RFC | |
852 | [2]821 rules that it uses for SMTP. This allows for a wider set of | |
853 | characters in domains. This has now caused a problem, because I forgot | |
854 | about it when making some changes to the format of spool files (see | |
855 | 3.953/44, 4.03/10, and 4.04/1). I can't believe that anybody actually makes | |
856 | use of this feature (which isn't documented), so I have removed it. All | |
857 | domains must now conform to RFC [2]821 rules. A non-SMTP message with a | |
858 | domain that would previously have been accepted will now be bounced. | |
859 | ||
860 | 13. If widening a domain in a dnslookup router made it syntactically invalid, | |
861 | the error message quoted the original domains instead of the widened | |
862 | domain. | |
863 | ||
864 | 14. During a queue run initiated by -R or -S (or by -i when the use of message | |
865 | logs is disabled), if Exim encountered a message with certain | |
866 | characteristics (including text for $local_scan_data, and the setting of | |
867 | the "manually thawed" flag), this data was not correctly reset for | |
868 | subsequent messages. So if they didn't have those settings themselves, | |
869 | strange things could occur. | |
870 | ||
871 | 15. With the "percent hack" enabled for percenthack.domain, if a message had | |
872 | two addresses such as X%some.domain@percenthack.domain and X@some.domain, | |
873 | Exim was not recognizing the duplication, and was making two deliveries | |
874 | instead of one. | |
875 | ||
876 | 16. The output from verification (for -bv and VRFY) used to list a child | |
877 | address when verification was applied to children (this happens, for | |
878 | example, for aliases that generate just a single child). Now it lists only | |
879 | the original address. | |
880 | ||
881 | 17. Changes 34 and 35 of 4.10 did not wholly solve problems with widened | |
882 | domains. The following bug still existed: | |
883 | ||
884 | . A recipient address was abbreviated (e.g. one component). | |
885 | . A dnslookup router caused it to be widened. | |
886 | . The new domain was a local domain. | |
887 | . The address was redirected to itself. | |
888 | ||
889 | At this point, Exim thought it was a duplicate, and discarded it. | |
890 | ||
891 | This whole thing turned out to be a large can of worms, so I have reworked | |
892 | the address widening code. This should get rid of all these problems. | |
893 | Widening now appears similar to redirection, with the unwidened address | |
894 | becoming a proper parent address. As part of this, there has been some | |
895 | general re-organization of the way addresses are handled. | |
896 | ||
897 | 18. When a filter generated only "unseen" deliveries, the normal delivery that | |
898 | happened subsequently lost any value of address_data that was previously | |
899 | set. The handling of values like that that are propagated from parents to | |
900 | children has been reworked. | |
901 | ||
902 | 19. Added smtp_return_error_details and the check_postmaster option for address | |
903 | verification callouts. | |
904 | ||
905 | 20. Long SMTP responses (from ACL messages or wherever) are now automatically | |
906 | split up into multi-line responses if possible. The split happens at an | |
907 | occurrence of ": " if present after 40 characters. Otherwise it happens at | |
908 | the last space before 75 characters. Existing newlines in the message are | |
909 | taken into account. | |
910 | ||
911 | 21. When verify = header_sender is set, a different error message is now given | |
912 | if a syntax is detected, as opposed to failure to verify. | |
913 | ||
914 | 22. Extended the general mechanism for ${quote_lookuptype:...} expansions by | |
915 | allowing for an option to be given after the lookup name, for example | |
916 | ${quote_ldap_dn:...}. Unrecognized options cause errors. | |
917 | ||
918 | 23. Re-worked the quote_ldap expansion items to provide two different kinds of | |
919 | quoting, since the requirements of filter strings and DNs are different. | |
920 | Sigh. Arranged for the DN given in the USER= setting to be de-URL-quoted | |
921 | because not all libraries do it themselves. | |
922 | ||
923 | 24. The handling of responses from LDAP searches wasn't right. It was detecting | |
924 | situations of the form "ldap_result failed internally or couldn't provide | |
925 | you with a message" but not "the server has reported a problem with your | |
926 | search". This has now been tidied up (thanks, Brian). Problems of the | |
927 | latter kind are now handled as follows: | |
928 | ||
929 | (1) For LDAP_SIZELIMIT_EXCEEDED, the truncated list of results is | |
930 | returned. This is what happened before. | |
931 | ||
932 | (2) For a small set of errors that, in effect, mean "that object does | |
933 | not, or cannot, exist in the database", the lookup fails. This is | |
934 | also as before. | |
935 | ||
936 | (3) For other problems, the lookup defers, giving the LDAP error. | |
937 | ||
938 | 25. Added $ldap_dn to hold the DN of the last entry retrieved in the most | |
939 | recent LDAP lookup. | |
940 | ||
941 | 26. Exim was not checking for the LDAP_INVALID_CREDENTIALS error when | |
942 | ldap_bind() failed during an ldapauth call. With (at least) OpenLDAP2, the | |
943 | connection to the server doesn't happen until ldap_bind(), so failures to | |
944 | connect were being treated as authentication failures, and given hard | |
945 | errors. Now, all errors other than LDAP_INVALID_CREDENTIALS are treated the | |
946 | same way for all calls to ldap_bind(), whether ldaputh or otherwise. They | |
947 | lead to temporary errors - if there are more servers, they will be tried. | |
948 | ||
949 | 27. If there was a reference to a non-existent named list, for example, a | |
950 | setting such as "senders = +something", but no lists of that type were | |
951 | actually defined, Exim misbehaved. For an address list, it treated the name | |
952 | as a domain list. For a domain list, it just didn't match. Now it gives a | |
953 | panic error about a non-existent named list (as it always did if there were | |
954 | named lists of the appropriate type). The error now tells you what type of | |
955 | list it thought it was looking for. | |
956 | ||
957 | 28. When -bt or -bv is used by a non-admin user, and there is some kind of | |
958 | DEFER (e.g. database unreachable), details of the failure are no longer | |
959 | given, because they may include private data such as the password for an | |
960 | LDAP lookup. | |
961 | ||
962 | 29. The logic for using a remote host name as a key for looking up retry rules | |
963 | in preference to the domain of the email address was broken. It wouldn't | |
964 | find such retry rules. | |
965 | ||
966 | 30. There were some problems with the action of hosts_max_try in the smtp | |
967 | transport where there were indeed more hosts available than the limit. | |
968 | ||
969 | (a) Exim used to time out an address out if all the hosts that were tried | |
970 | were past their retry limits, ignoring the state of any hosts that were | |
971 | not tried because the hosts_max_try limit was reached. Now it won't | |
972 | time out an address unless all its hosts are actually considered and | |
973 | are past their retry limits. | |
974 | ||
975 | (b) Hosts that are past their retry limits are no longer counted for | |
976 | hosts_max_try. This means that when some hosts are in this state, a | |
977 | greater number of hosts are tried than before, but this is the only way | |
978 | to ensure that all hosts are considered before timing out an address. | |
979 | ||
980 | (c) When the hosts_max_try limit is reached, Exim now looks down the host | |
981 | list to see if there is a subsequent host with a different MX. If there | |
982 | is, that host is used next, and the current host is not counted. More | |
983 | details in NewStuff. | |
984 | ||
985 | 31. The source for spa authentication (taken from the Samba project) used the | |
986 | type "int16". This has caused compilation problems in some systems that | |
987 | happen to have a different definition of it. (Naughty, naughty, non- | |
988 | standard.) I've renamed all the defined types by adding "x" on the end. | |
989 | ||
990 | 32. When a delivery that used authentication was run with -v (which an | |
991 | unprivileged user can use) it included the authentication data when it | |
992 | showed the SMTP transaction. Such data is now replaced by asterisks in any | |
993 | reflection of the SMTP commands. This also applies if the command is logged | |
994 | as a result of an error response. | |
995 | ||
996 | 33. Some little problems in queue runs: | |
997 | ||
998 | (a) The reading end of the synchronising pipe was being left open in the | |
999 | delivery subprocess. This caused no harm, but used up a file | |
1000 | descriptor till that series of deliveries was done. | |
1001 | ||
1002 | (b) If the load level got high enough to abandon a queue run, the | |
1003 | synchronizing pipe was accidentally not closed. Normally, this wouldn't | |
1004 | matter, because the queue runner process would finish any way, but... | |
1005 | ||
1006 | (c) If split_spool_directory was set without queue_run_in_order, the code | |
1007 | for abandoning a queue run because of too high load didn't stop | |
1008 | cleanly. Instead, it went on to look at the remaining subdirectories. | |
1009 | Each one would then notice the high load, and abort. Not only was this | |
1010 | a waste of time, but because of (b) above, it used up one file | |
1011 | descriptor per subdirectory. With up to 62 subdirectories, this could | |
1012 | hit the limit of file descriptors if it was as low as 64 (which it | |
1013 | sometimes is). | |
1014 | ||
1015 | 34. Added SYSTEM_ALIASES_FILE to the build-time configuration, and the ability | |
1016 | to set ROOT= when installing. Removed installation instructions for the | |
1017 | info version of the overview document, because that document no longer | |
1018 | exists for Exim 4. | |
1019 | ||
1020 | 35. Added a total line to exiqsumm. | |
1021 | ||
1022 | 36. convert4r4 can now handle "optional" for single-key lookups in aliasfile | |
1023 | directors. | |
1024 | ||
1025 | 37. Change 4.03/25 (making convert4r4 double colons in require_files lists) was | |
1026 | incomplete. It worked for routers, but not for directors. | |
1027 | ||
1028 | 38. After verify=recipient in an ACL, the value of $address_data is the last | |
1029 | value that was set while routing the address. | |
1030 | ||
1031 | 39. Included eximstats 1.22. | |
1032 | ||
1033 | 40. If a delivery of another message over an existing SMTP connection yields | |
1034 | DEFER, we do NOT set up retry data for the host. This covers the case when | |
1035 | there are delays in routing the addresses in the second message that are so | |
1036 | long that the server times out. This is alleviated by not routing addresses | |
1037 | that previously had routing defers when handling an existing connection, | |
1038 | but even so, this case may occur (e.g. if a previously happily routed | |
1039 | address starts giving routing defers). If the host is genuinely down, | |
1040 | another non-continued message delivery will notice it soon enough. | |
1041 | ||
1042 | 41. Added quota_directory to appendfile. | |
1043 | ||
1044 | 42. Changed the order of processing configuration input lines. Previously, it | |
1045 | was comment, .include, continuation, macro expansion, comment again (in | |
1046 | case a macro turned a logical line into a comment). This meant that macros | |
1047 | could not be used in .include lines. The order is now macro, comment, | |
1048 | .include, continuation. That is, macro expansion is done on physical lines, | |
1049 | not on logical lines. | |
1050 | ||
1051 | 43. Improved the error message if an option-setting line in the configuration | |
1052 | does not start with a letter. (It used to say 'option "" unknown'.) | |
1053 | ||
1054 | 44. Allow -D to set a macro to the empty string. Previously it would have | |
1055 | moved on to the next commandline item. This seems pointless. Either -DXX or | |
1056 | -DXX= sets an empty string. | |
1057 | ||
1058 | 45. Changed OS/Makefile-FreeBSD thus: | |
1059 | ||
1060 | EXIWHAT_MULTIKILL_CMD='killall -m' | |
1061 | EXIWHAT_MULTIKILL_ARG='^exim($$|-[0-9.]+-[0-9]+$$)' | |
1062 | ||
1063 | This is because, with the Exim standard installation using a symbolic link, | |
1064 | the name of the running program is not "exim" but (e.g.) "exim-4.10-1". | |
1065 | ||
1066 | 46. An Exim server now accepts AUTH or STARTTLS commands only if their | |
1067 | availability has been advertised in response to EHLO. | |
1068 | ||
1069 | 47. A few source changes to avoid warnings from very picky compilers that don't | |
1070 | complain about unset variables when the only setting is by passing the | |
1071 | address to another function. | |
1072 | ||
1073 | 48. Added -d+pid to force the adding of the pid to all debug lines. Default it | |
1074 | on when the daemon is run with any debugging turned on. (Pids are still | |
1075 | automatically added when multiple deliveries are run in parallel.) | |
1076 | ||
1077 | 49. Included Matt Hubbard's exiqgrep utility. | |
1078 | ||
1079 | 50. Give error for two routers, transports, or authenticators with the same | |
1080 | name. (It already caught duplicate ACLs.) | |
1081 | ||
1082 | 51. If a host has more than MAX_INTERFACES interfaces (common for hosts with a | |
1083 | slew of virtual interfaces), and Exim had to find the list of local | |
1084 | interfaces, it ran off the end of the list that the ioctl returned. I had | |
1085 | assumed the length would be set to correspond to the amount of data | |
1086 | returned - but in at least one OS it is set to the actual number of | |
1087 | interfaces, even if they don't all fit in the buffer. | |
1088 | ||
1089 | 52. Nit-picking changes to store.c. It was assuming the length of the | |
1090 | storeblock structure would be a multiple of the alignment, which is almost | |
1091 | certainly "always" true. However, just in case it might not be it is now | |
1092 | rounded up. For some long-forgotten reason, Exim was getting blocks of | |
1093 | store of the size (8192 - alignment), which seems strange. I've changed it | |
1094 | to plain 8192. | |
1095 | ||
1096 | 53. Added functions to compute SHA-1 digests, added the ${sha1: expansion | |
1097 | operator, added support for {sha1} to crypteq. | |
1098 | ||
1099 | 54. When local_scan() times out, include the message size in the log line. | |
1100 | ||
1101 | 55. If a pipe transport had no command specified, and the address also had | |
1102 | no command associated with it, the transport process crashed. Now it defers | |
1103 | with a suitable message. | |
1104 | ||
1105 | 56. An Exim server output mangled junk if it received a HELP command on an | |
1106 | TLS-encrypted session. | |
1107 | ||
1108 | 57. The output from -bV (and at the start of debugging) now lists the optional | |
1109 | items included in the binary (which routers, etc). The debugging output now | |
1110 | includes the name of the configuration file at its start. | |
1111 | ||
1112 | 58. Added support for GnuTLS as an alternative to OpenSSL. | |
1113 | ||
1114 | 59. Give a configuration error if tls_verify_hosts is set, but tls_verify_ | |
1115 | certificates is not set. It doesn't make sense to require some hosts to | |
1116 | verify if there's nothing to verify against. | |
1117 | ||
1118 | 60. A pipe transport may now have temp_errors = * to specify that all errors | |
1119 | are to be treated as temporary. | |
1120 | ||
1121 | 61. The lmtp transport can now handle delivery to Unix domain sockets. | |
1122 | ||
1123 | 62. Added support for flock() to appendfile, for those operating situations | |
1124 | that need it. Not all OS support flock(). | |
1125 | ||
1126 | 63. It seems that host lists obtained from MX records often turn out to have | |
1127 | duplicate IP addresses, especially for large sites with many MXs and many | |
1128 | hosts. Exim now removes duplicate IP addresses. (Previously, it removed | |
1129 | only duplicate names.) | |
1130 | ||
1131 | 64. If ${readfile was inside a substring that was not part of the final | |
1132 | expansion value (because its condition wasn't met), Exim still tried to | |
1133 | read the file. This made an "exists" test for the file useless. | |
1134 | ||
1135 | 65. Added ${readsocket to the expansion facilities. | |
1136 | ||
1137 | 66. It is now possible to set errors_to to the empty string in routers. | |
1138 | ||
1139 | 67. Added disable_logging as a generic transport and a generic router option. | |
1140 | ||
1141 | 68. Applied Stefan Traby's patch to support threaded Perl. As I don't have a | |
1142 | threaded Perl, I can't test that this fixed the problem, but it doesn't | |
1143 | appear to break the non-threaded case. | |
1144 | ||
1145 | 69. For SPA (NTLM) client authentication, the options are now expanded. | |
1146 | ||
1147 | 70. Added support for SPA server authentication, courtesy of Tom Kistner. | |
1148 | ||
1149 | 71. Latest versions of TCPwrappers use the macro HAVE_IPV6 inside the tcpd.h | |
1150 | header, it appears, and this clashes with Exim's use of that macro. | |
1151 | Renaming it for Exim is an incompatible change, so instead I've just | |
1152 | arranged that HAVE_IPV6 is undefined while including the tcpd.h header. | |
1153 | ||
1154 | 72. Mac OS 10.2 (Darwin) has IP option support that looks like the later | |
1155 | versions of glibc, but without the __GLIBC__ macro setting. I've added a | |
1156 | new macro called DARWIN_IP_OPTIONS, and tidied up the code in smtp_in.c to | |
1157 | simplify the handling of the three different ways of doing this. | |
1158 | ||
1159 | 73. If no "subject" keyword is given for a "vacation" command in a filter, the | |
1160 | subject now defaults to "On vacation". | |
1161 | ||
1162 | 74. Exim now counts the number of "non-mail" commands in an SMTP session, and | |
1163 | drops the connection if there are too many. The new option | |
1164 | smtp_accept_max_nonmail option defines "too many". This catches some DoS | |
1165 | attempts and things like repeated failing AUTHs. | |
1166 | ||
1167 | 75. Installed configuration files for OpenUNIX. | |
1168 | ||
1169 | 76. When a TLS session was started over a TCP/IP connection for LMTP, Exim was | |
1170 | sending EHLO instead of LHLO after the encrypted channel was established. | |
1171 | ||
1172 | 77. When an address that was being verified routed to an smtp transport whose | |
1173 | protocol was set to LMTP, the SMTP callout used EHLO instead of LHLO. | |
1174 | ||
1175 | 78. Installed eximstats 1.23 in the distribution. | |
1176 | ||
1177 | 79. Installed a new set of Cygwin-specific files from Pierre Humblet. | |
1178 | ||
1179 | 80. Added caching for callout verification. | |
1180 | ||
1181 | 81. Added datestamped logs and $tod_logfile. | |
1182 | ||
1183 | 82. When Exim starts up with root privilege, set a high limit (1000) for the | |
1184 | number of files that can be open and the number of processes that can be | |
1185 | created (on systems where this is possible), in case Exim is called from a | |
1186 | restricted environment. | |
1187 | ||
1188 | 83. Minor bugfix in appendfile: when renaming failed for a file whose name was | |
1189 | extended with a tag, the untagged name was shown in the error message. | |
1190 | ||
1191 | 84. If Exim's retry configuration was changed so as to bounce a certain | |
1192 | delivery failure immediately, for example to bounce quota errors: | |
1193 | ||
1194 | * quota | |
1195 | ||
1196 | and there were messages on the queue that had previously been deferred | |
1197 | because of this error, Exim crashed when trying to deliver them in a queue | |
1198 | run. Now it will make one more delivery attempt and bounce on failure. | |
1199 | ||
1200 | 85. Fixed an obscure problem that arose when (a) an address was redirected | |
1201 | to itself, AND (b) the message was not delivered at the first attempt, AND | |
1202 | (c) the pattern of redirection was changed at the next delivery attempt. | |
1203 | When an address is redirected to the same address, Exim labels the new | |
1204 | address as "2nd generation", and so on, in order to distinguish these | |
1205 | homonym addresses from each other. Previously, it recorded the delivery of | |
1206 | a homonym address as a delivery of the appropriate generation. This does | |
1207 | not work if the generation numbers change at the next delivery attempt. The | |
1208 | symptoms can be either duplicated deliveries, or missing deliveries, | |
1209 | depending on the configuration. | |
1210 | ||
1211 | A real-life example is a configuration that takes "unseen" copies of | |
1212 | messages at certain times only, because an "unseen" router in effect does a | |
1213 | redirection to a modified address (the unseen delivery) and to the original | |
1214 | address (for normal delivery). Thus the normal delivery can be either the | |
1215 | 1st or 2nd generation, depending on whether or not the unseen router is | |
1216 | triggered at the time of delivery. | |
1217 | ||
1218 | The fix is not to record a delivery to a homonym address as such, but | |
1219 | instead to record a delivery to the original address by the final | |
1220 | transport. If the same address is subsequently routed to the same transport | |
1221 | (whichever generation it now is), the delivery is discarded because it has | |
1222 | already happened. Homonym addresses that are themselves redirected are now | |
1223 | never recorded as "done", but non-homonym addresses are unaffected, so they | |
1224 | are marked when all their children are complete (as before), thus saving | |
1225 | an unnecessary subsequent expansion. | |
1226 | ||
1227 | The fix causes more routing processing to be done when homonyms are in use | |
1228 | and a message is not delivered at the first attempt, but this is not | |
1229 | expected to be very common, and the extra processing isn't all that much. | |
1230 | ||
1231 | 86. Make sure Exim doesn't overrun the buffer if an oversize packet is received | |
1232 | from a nameserver. | |
1233 | ||
1234 | 87. Added argument-expanding versions of hash, length, nhash, and substr | |
1235 | expansions. | |
1236 | ||
1237 | 88. The API for Berkeley DB changed at release 4.1. Exim now supports this | |
1238 | release. | |
1239 | ||
1240 | 89. When a host was looked up using gethostbyname() (or the more recent | |
1241 | getipnodebyname() on IPv6 systems), Exim was not inspecting the error code | |
1242 | on failure. Thus, any failure was treated as "host not found". Exim now | |
1243 | checks for temporary errors, so the behaviour of "byname" and "bydns" | |
1244 | lookups in this respect should be the same. However, on some OS it has been | |
1245 | observed that getipnodebyname() gives HOST_NOT_FOUND for names for which a | |
1246 | DNS lookup gives TRY_AGAIN. See also change 125 below. | |
1247 | ||
1248 | 90. Minor rewording of ACL error for attemted header check after RCPT. | |
1249 | ||
1250 | 91. When USE_GDBM was set, exim_dbmbuild wasn't working properly (still assumed | |
1251 | NDBM compatibilify interface); similarly in dbmdb lookups when ownership | |
1252 | was being tested. | |
1253 | ||
1254 | 92. If a Reply-To: header contained newlines and was used to generate | |
1255 | recipients for an autoreply, the log line for the autoreply "delivery" had | |
1256 | unwanted newlines. Such newlines are now turned into spaces. | |
1257 | ||
1258 | 93. When a redirect router that has the "file" option set discovers that the | |
1259 | file does not exist (the ENOENT error), it tries to stat() the parent | |
1260 | directory, as a check against unmounted NFS directories. If the parent | |
1261 | can't be statted, delivery is deferred. However, it seems wrong to do this | |
1262 | check if ignore_enotdir is set, because that option tells Exim to ignore | |
1263 | the error "something on the path is not a directory" (the ENOTDIR error). | |
1264 | In fact, it seems that some operating systems give ENOENT where others give | |
1265 | ENOTDIR, so this is a confusing area. | |
1266 | ||
1267 | 94. When the rejectlog was cycled, an existing Exim process was not noticing, | |
1268 | and was therefore not opening a new file. | |
1269 | ||
1270 | 95. If expansion of an address_data setting was forced to fail, and debugging | |
1271 | was enabled, a debugging statement tried to print an undefined value | |
1272 | instead of the string that was being expanded. This could cause a crash. | |
1273 | ||
1274 | 96. When Berkeley DB version 3 or higher is in use, a callback function is now | |
1275 | set up to log DB error messages that are passed back. | |
1276 | ||
1277 | 97. The conditions in the Makefile for rebuilding the exim_dbmbuild utility | |
1278 | were wrong, leading to failures to rebuild when it should have done. | |
1279 | ||
1280 | 98. Added -no_chown and -no_symlink options to the exim_install script. Also | |
1281 | arranged for the environment variable INSTALL_ARG to be passed over | |
1282 | from "make install". | |
1283 | ||
1284 | 99. Exim sets the IPV6_V6ONLY option on IPv6 listening sockets on operating | |
1285 | systems that support it. The call to setsockopt() to do this had SOL_SOCKET | |
1286 | instead of IPPROTO_IPV6 as its second argument (and so wouldn't work). | |
1287 | ||
1288 | 100. When a frozen message was timed out by timeout_frozen_after, the system | |
1289 | filter was incorrectly being run for the message before it was thrown | |
1290 | away. | |
1291 | ||
1292 | 101. If a filter used $thisaddress in an argument to a pipe command, its value | |
1293 | was not inserted where expected, because the expansion of a pipe command | |
1294 | does not happen till transport time, and $thisaddress was not being saved. | |
1295 | It is now saved (along with $1, $2, etc, which were already being saved), | |
1296 | and reinstated at transport time. | |
1297 | ||
1298 | 102. Added host grouping for randomizing to manualroute and smtp. A host list | |
1299 | that is randomized by manualroute is never re-randomized by smtp. Two | |
1300 | host lists that are randomized by manualroute are now treated as "the | |
1301 | same" when checking for possible multiple deliveries in one SMTP | |
1302 | transaction (this was always true for MX'd host lists). | |
1303 | ||
1304 | 103. Added "randomize" and "no_randomize" options to manualroute. | |
1305 | ||
1306 | 104. Added ${hmac expansion item. | |
1307 | ||
1308 | 105. When compiling with gcc, make use of its facility for checking printf-like | |
1309 | function calls (debug_printf and smtp_printf). This would have found the | |
1310 | problem in 95 above. It actually found a number of missing casts to (int) | |
1311 | in debug lines, and one spurious additional argument. | |
1312 | ||
1313 | 106. Created an ACKNOWLEDGEMENTS file, which I will endeavour to update in | |
1314 | future. | |
1315 | ||
1316 | 107. Minor modification to Makefile: when a command that starts off "cd xxx;" | |
1317 | is followed by another command (on the next line), put the first one in | |
1318 | parentheses so that if a "clever" make program amalgamates them, the | |
1319 | change of directory is turned off when it should be. | |
1320 | ||
1321 | 108. If log_timezone is set true, the timestamps in log files now include the | |
1322 | timezone offset. A new variable $tod_zone contains the offset. The exigrep | |
1323 | utility has been updated to handle timestamps with offsets. The eximstats | |
1324 | version included with this release (1.23) has been patched to handle | |
1325 | timestamps with offsets. There is also a new -utc option that specifies | |
1326 | the timestamps are in UTC. The Exim monitor has been modified so that it | |
1327 | omits the zone offset from its display. | |
1328 | ||
1329 | 109. If the expansion of an errors_to option is forced to fail, the option is | |
1330 | ignored. | |
1331 | ||
1332 | 110. Added $load_average. | |
1333 | ||
1334 | 111. Added router_home_directory generic router option. | |
1335 | ||
1336 | 112. Exim crashed on an attempt to check senders or sender domains in an ACL | |
1337 | other than after RCPT or DATA. It's now a temporary error. | |
1338 | ||
1339 | 113. \r was omitted before \n in the SMTP failure response for EHLO/HELO | |
1340 | argument checking. | |
1341 | ||
1342 | 114. On receiving EHLO or HELO, Exim was resetting its state before checking | |
1343 | the validity of the command. However, RFC 2821 says that the state should | |
1344 | not be changed if an invalid EHLO/HELO is received, so Exim has been | |
1345 | changed to conform. This applies mainly when there is more than one | |
1346 | EHLO/HELO command in a session. | |
1347 | ||
1348 | 115. When an Exim root process wrote to a log file, and the log file did not | |
1349 | already exist, Exim used to create it as root, and then change its | |
1350 | ownership to exim:exim. This could lead to a race condition if several | |
1351 | processes were trying to log things at the same time; this happens | |
1352 | especially when the exiwhat utility is used. I've changed things so that, | |
1353 | if an Exim root process needs to create a log file, it does so in a | |
1354 | subprocess that is running as exim:exim. | |
1355 | ||
1356 | 116. When running filter tests (-bf and -bF) Exim now changes the current | |
1357 | directory to "/" so that any assumptions about a particular current | |
1358 | directory are false. | |
1359 | ||
1360 | 117. The appendfile transport was doing the quota_threshold check before | |
1361 | actually writing the message. However, the act of writing the message | |
1362 | could make it longer by the addition of prefix, suffix, or additional | |
1363 | headers. This meant that quota warning could be missed if the basic length | |
1364 | of a message kept the mailbox below the threshold, but the transport | |
1365 | additions took it over. The warning threshold check is now done after | |
1366 | writing the message, when an accurate size is known. | |
1367 | ||
1368 | 118. If all verifications for verify = header_sender deferred, the log was | |
1369 | "temporarily rejected after DATA", without saying why. Now it adds "all | |
1370 | attempts to verify a sender in a header line deferred". | |
1371 | ||
1372 | 119. Added message_id_header_domain option. | |
1373 | ||
1374 | 120. Ignore message_id_header_text forced expansion failure. | |
1375 | ||
1376 | 121. Typos: "uknown" in acl.c; missing NULL initialized in drtables.c. | |
1377 | ||
1378 | 122. When return_size_limit was set greater than zero but smaller than an Exim | |
1379 | transport buffer size (so that only one buffer would be written), a | |
1380 | message that was longer than the limit could be omitted from the bounce | |
1381 | entirely under some circumstances. In other cases, the final buffer full | |
1382 | before truncation could be omitted. | |
1383 | ||
1384 | 123. The inode variables in log.c were of type int with -1 for unset; they | |
1385 | have been changed to ino_t with 0 for unset. | |
1386 | ||
1387 | 124. There are two Makefiles for NetBSD (for different object formats). They | |
1388 | were originally supplied in a format where one .included the other. The | |
1389 | problem with this has finally surfaced: when processing the Makefile to | |
1390 | build config.h, the inclusion isn't seen. The easy way out has been taken: | |
1391 | there are now two fully independent files. At the same time, HAVE_IPV6 has | |
1392 | been added to both of them. | |
1393 | ||
1394 | 125. Changed the default way of finding an IP address in both the manualroute | |
1395 | and queryprogram routers. Exim now does a DNS lookup; if that yields | |
1396 | HOST_NOT_FOUND, it tries calling getipnodebyname() (or gethostbyname()). | |
1397 | See also change 89 above. | |
1398 | ||
1399 | 126. Fixed a race bug in the loop that waits for a delivery subprocess to | |
1400 | complete. After reading all the data from, and then closing, the pipe, it | |
1401 | assumed that a call to waitpid() for the known pid would always return | |
1402 | status for that process. An unfortunately timed signal (e.g. SIGUSR1 from | |
1403 | exiwhat) could cause waitpid() to return -1/EINTR instead. The effect of | |
1404 | this was to remain in the loop and call FD_SET() with an argument of -1. | |
1405 | On Solaris it caused a crash; on other systems it might have looped. | |
1406 | ||
1407 | 127. If an ACL that was read from a file was used in more than one message in a | |
1408 | single SMTP transaction, Exim could crash or misbehave in arbitrary ways. | |
1409 | The problem was that the ACL was remembered in memory that was thrown away | |
1410 | at the end of the first message. In fixing this, I've done a bit of | |
1411 | refactoring of the way memory allocation works, to provide a non-malloc | |
1412 | allocator for small blocks of data that must be kept for the life of the | |
1413 | process. There's a new function store_get_perm() and I've reintroduced a | |
1414 | second storage pool (previously dropped on the 3->4 conversion). A number | |
1415 | of instances of malloc calls for small amounts of memory have been changed | |
1416 | to use this instead. It might be a tad more efficient. Then again, it | |
1417 | might not... | |
1418 | ||
1419 | 128. A similar problem to 127: memory corruption could occur for multiple | |
1420 | messages in one SMTP connection if the data from DNS black list lookups | |
1421 | was being used in log or user messages, e.g. references to $dnslists_text. | |
1422 | ||
1423 | 129. Blanks lines and comments are now ignored in ACLs that are read from | |
1424 | files. | |
1425 | ||
1426 | 130. Two instances of missing \n in debug output. | |
1427 | ||
1428 | 131. The new debugging tag +timestamp causes a timestamp to be added to each | |
1429 | debug output line. | |
1430 | ||
1431 | 132. Some debug information is written in multiple calls to debug_printf(), | |
1432 | with a newline only on the last one. When debugging multiple simultaneous | |
1433 | processes, the pid was added to each debug text, and for this reason, a | |
1434 | newline was always forced. Now Exim buffers up debug output until the | |
1435 | newline is reached, which makes things look much tidier. Also, if there | |
1436 | are internal newlines and prefix data such as a pid or timestamp are being | |
1437 | added, the prefix is inserted at the internal newlines. | |
1438 | ||
1439 | 133. When running in the test harness, arrange to overwrite all memory that | |
1440 | is released or freed, so that bugs are more easily found. This picked up | |
1441 | the following bug: | |
1442 | ||
1443 | 134. Expansion error messages were left in released store, so could have been | |
1444 | overwritten - but in fact most are used immediately, before this happened. | |
1445 | ||
1446 | 135. A list of configuration files can be given; the first one that exists is | |
1447 | used. | |
1448 | ||
1449 | 136. Moved the code that ensures that newly-created hints databases and their | |
1450 | lockfiles are owned by exim:exim so that it runs before the test for | |
1451 | successful opening, because a case was reported where the file itself was | |
1452 | created, but the DBM library returned an opening error. | |
1453 | ||
1454 | 137. If an address is redirected to just one child address, verification | |
1455 | continues with the child address. However, if verification of the child | |
1456 | failed because of (for example) a :fail: redirection, the error message | |
1457 | did not get passed back as it would have been had the original address | |
1458 | failed. The error information is now passed back for both fail and defer | |
1459 | responses. | |
1460 | ||
1461 | 138. Added $rcpt_defer_count and $rcpt_fail_count. | |
1462 | ||
1463 | 139. Added "rejected_header" log selector. | |
1464 | ||
1465 | 140. Added the cannot_route_message generic router option. | |
1466 | ||
1467 | 141. Change 87 above introduced a bug in the expansion of substrings when the | |
1468 | offset was greater than the length of the string, for example | |
1469 | ${substr_1:}. Exim crashed instead of returning an empty string. | |
1470 | ||
1471 | 142. Added extra features to ACLs: the "drop" and "defer" verbs, and the | |
1472 | "delay" and "control" modifiers (the latter with "freeze" and | |
1473 | "queue_only"). | |
1474 | ||
1475 | 143. If Exim failed to create a log file, it used to try to create the superior | |
1476 | directories only if the logs were being written in the spool directory. | |
1477 | Now it tries in all cases, but always from a process running as the exim | |
1478 | user. | |
1479 | ||
1480 | 144. Added $authentication_failed. | |
1481 | ||
1482 | 145. Added $host_data for use in ACLs. | |
1483 | ||
1484 | 146. Added new ACLs for non-SMTP messages, SMTP connection, MAIL, and STARTTLS. | |
1485 | ||
1486 | 147. Added a number of new features to the local_scan() API: | |
1487 | Access to debug_printf() and the local_scan debug selector | |
1488 | Direct access to the message_id variable | |
1489 | LOCAL_SCAN_REJECT_NOLOGHDR and LOCAL_SCAN_TEMPREJECT_NOLOGHDR | |
1490 | Access to store_get_perm() and store_pool (see 127 above) | |
1491 | Access to expand_string_message | |
1492 | Option settings in the main configuration file | |
1493 | LOCAL_SCAN_ACCEPT_FREEZE and LOCAL_SCAN_ACCEPT_QUEUE | |
1494 | LOG_PANIC to write to the panic log | |
1495 | Access to host_checking | |
1496 | Supporting functions lss_match_xxx() for matching lists | |
1497 | ||
1498 | 148. Minor security problem involving pid_file_path (admin user could get root) | |
1499 | has been fixed. | |
1500 | ||
1501 | 149. When an ACL contained a sender_domains condition with a reference to a | |
1502 | named domain list, the result of the check was not being cached (an | |
1503 | oversight). | |
1504 | ||
1505 | 150. Allowed for quoted keys in lsearch lookups; this makes it possible to have | |
1506 | whitespace and colons in keys. | |
1507 | ||
1508 | 151. Added wildlsearch lookup. | |
1509 | ||
1510 | 152. Yet another new set of configuration files for Cygwin from Pierre Humblet. | |
1511 | ||
1512 | 153. Ensure that log_file_path contains at most one instance of %s and one | |
1513 | instance of %D and no other % characters. | |
1514 | ||
1515 | 154. Added $tls_certificate_verified. | |
1516 | ||
1517 | 155. Now that the list of lookup types has got so long (and more are in | |
1518 | prospect) arrange to search it by binary chop instead of linear search. | |
1519 | ||
1520 | 156. Added passwd lookup. | |
1521 | ||
1522 | 157. Added simple arithmetic in expansion strings. | |
1523 | ||
1524 | 158. Added the ability to vary what is appended for partial lookups. | |
1525 | ||
1526 | 159. Made base 64 encode/decode functions available to local_scan. | |
1527 | ||
1528 | ||
1529 | Exim version 4.10 | |
1530 | ----------------- | |
1531 | ||
1532 | 1. Added HAVE_SA_LEN=YES to the OS/Makefile-Darwin file, because it needs it | |
1533 | (unsurprising, as it's based on FreeBSD). | |
1534 | ||
1535 | 2. Removed the HTML versions of the PCRE and pcretest documentation from the | |
1536 | distribution tarbundle, and instead included them in the HTML tarbundle, | |
1537 | linked to the overall index file. | |
1538 | ||
1539 | 3. The code for computing load averages was broken in 64-bit Solaris. | |
1540 | ||
1541 | 4. Make the default ACL refuse local parts that start with a dot. | |
1542 | ||
1543 | 5. LDAP binds with an empty password are considered anonymous regardless of | |
1544 | the username and will succeed in most configurations. Exim has been changed | |
1545 | so that the LDAP authentication (the ${if ldapauth... condition) always | |
1546 | fails when an empty password is used. | |
1547 | ||
1548 | 6. Remove quoting from rbl_domains when used in an ACL by the convert4r4 | |
1549 | script. | |
1550 | ||
1551 | 7. A lookup entry in a list that had spaces after the lookup type, e.g. | |
1552 | "lsearch; /etc/relaydomains" was including the space as part of the file | |
1553 | name. | |
1554 | ||
1555 | 8. Give an error if EXIM_USER or EXIM_GROUP contains control characters (it | |
1556 | happened when somebody had CRLF terminations in Local/Makefile, which | |
1557 | messed up the "unknown user" error message). | |
1558 | ||
1559 | 9. Ensure recipient address appears in log line for internal pipe problems | |
1560 | during redirection. | |
1561 | ||
1562 | 10. Tidies to code for calls to fork(): (a) 3 typos of "<=" that should have | |
1563 | been "<" (but would have no actual effect). (b) 2 cases of fork() failures | |
1564 | not being logged: during -M for multiple messages, and for auto-delivery | |
1565 | of incoming messages. | |
1566 | ||
1567 | 11. A reference to any header line that contains addresses (e.g. $h_to:) caused | |
1568 | a crash if the header was empty. Change 46 for 4.05 introduced this bug. | |
1569 | ||
1570 | 12. If a system filter file was defined as a non-absolute path, but system_ | |
1571 | filter_user was undefined, Exim's behaviour was undefined. It could, for | |
1572 | example, discard all deliveries, thinking the system filter had overridden | |
1573 | them all. Delivery is now deferred, with a message written to the panic | |
1574 | log. | |
1575 | ||
1576 | 13. If a redirection file (or system filter file when system_filter_user was | |
1577 | set) was defined as a non-absolute path containing no slash characters, | |
1578 | Exim crashed. | |
1579 | ||
1580 | 14. Added $rcpt_count, containing the number of RCPT commands received during | |
1581 | an SMTP transaction. This differs from $recipients_count when some of the | |
1582 | RCPTs are rejected. | |
1583 | ||
1584 | 15. Added $pid, containing the pid of the current process. | |
1585 | ||
1586 | 16. Fixed uninitialized variable warning in eximstats for relayed messages when | |
1587 | there was no sending host name (logged as H=[n.n.n.n]). There's no change | |
1588 | of output. | |
1589 | ||
1590 | 17. The exiqusumm script failed horribly if it encountered a message that had | |
1591 | been on the queue for 100 days or more. | |
1592 | ||
1593 | 18. Added the message_logs option for suppressing the writing of message logs. | |
1594 | ||
1595 | 19. Allow local_scan() to change the errors_to setting on recipient addresses. | |
1596 | (This was made trivially possible because of change 10 in 4.03.) | |
1597 | ||
1598 | 20. Convert4r4 changed: if forbid_pipe is set on a forwardfile director, also | |
1599 | set forbid_filter_run on the generated redirect router. | |
1600 | ||
1601 | 21. In the Makefile, $(INCLUDE) was preceding the -I. item that refers to | |
1602 | Exim's own include files. This caused a conflict with an external library | |
1603 | that also happened to have a config.h file. Exim saw the wrong file, and | |
1604 | chaos ensued. I've moved the -I. item in the relevant lines so that it | |
1605 | comes before $(INCLUDE). | |
1606 | ||
1607 | 22. Added $acl_verify_message to contain any existing user message when | |
1608 | expanding the "message" modifier in an ACL. | |
1609 | ||
1610 | 23. Changed the default argument for egrep when called in exiwhat to find | |
1611 | Exim processes. It is now ' exim( |$$|-)' instead of ' exim( |$$)' so that | |
1612 | it works on OS where the true file name appears. | |
1613 | ||
1614 | 24. In the plaintext authenticator, server_prompts was not being expanded, as | |
1615 | documented. It now is. | |
1616 | ||
1617 | 25. The exinext script was outputting in an incorrect format for routing | |
1618 | delays. It said "deliver" when it should have said "route", and the layout | |
1619 | of the text was screwed up. In fact, "deliver" is not the right word | |
1620 | anyway. I've changed it to "transport". Also removed redundant code for | |
1621 | "directing" delays, because these can't occur in Exim 4. | |
1622 | ||
1623 | 26. Fixed some problems concerned with retrying address errors in remote | |
1624 | deliveries: | |
1625 | ||
1626 | (a) I'd overlooked temporary address errors, and assumed that all the | |
1627 | retry items would be for host errors, and therefore on the first | |
1628 | address when multiple RCPTs were involved. Consequently, no retry | |
1629 | record was written for second and subsequent addresses if they | |
1630 | received a 4xx error. Thus, these addresses wouldn't be delayed | |
1631 | after such a delivery failure. | |
1632 | ||
1633 | (b) A temporary address error causes a routing delay; when the address | |
1634 | is eventually tried again, and routing succeeds, the retry record is | |
1635 | flagged for deletion. If the address gets another temporary error, | |
1636 | the retry record got updated, and then deleted. Thus, temporary | |
1637 | address errors were not being delayed and would be tried on every | |
1638 | queue run. | |
1639 | ||
1640 | 27. A minor code tidy for the CRAM-MD5 authenticator. | |
1641 | ||
1642 | 28. Some OS have a command to select processes by the name of the command they | |
1643 | are running, and send a signal to them. Linux and FreeBSD have "killall"; | |
1644 | Solaris has "pkill" (it also has "killall", but that does something | |
1645 | disastrously different). Using such a command makes "exiwhat" more | |
1646 | efficient, and reduces the chances of it trying to signal a non-existent | |
1647 | process. There are now two build-time parameters, EXIWHAT_MULTIKILL_CMD and | |
1648 | EXIWHAT_MULTIKILL_ARG, which can be set to enable this feature to be used. | |
1649 | They are defined in the OS-specific files for Linux, FreeBSD, and Solaris. | |
1650 | See OS/Makefile-Default for more details. | |
1651 | ||
1652 | 29. As part of tidying up for 28, changed the name of the build-time parameter | |
1653 | EXIWHAT_KILL_ARG to EXIWHAT_KILL_SIGNAL so that its name makes more sense | |
1654 | when used in both kinds of exiwhat processing. | |
1655 | ||
1656 | 30. By default, the daemon doesn't write a pid file if -bd is not used (i.e. if | |
1657 | only -q is used). The -oP didn't override this - it was ignored. It now | |
1658 | overrides the default and causes a pid file to be written. | |
1659 | ||
1660 | 31. The values of $local_part, $domain, etc. were not being set during the | |
1661 | expansion of shadow_condition in a local transport. | |
1662 | ||
1663 | 32. The convert4r4 script failed when macros that had continuation lines were | |
1664 | present in the Exim 3 configuration file. It inserted junk lines into the | |
1665 | output and gave uninitialized variable errors. | |
1666 | ||
1667 | 33. The convert4r4 script discards (with a comment) a setting of "rewrite" on | |
1668 | a smartuser director that has no setting of new_address when it turns it | |
1669 | into an "accept" router. | |
1670 | ||
1671 | 34. When an alias generated an address with a single-component domain, and | |
1672 | routing that domain caused it to be widened, Exim remembered only that it | |
1673 | had delivered to the widened domain. If any other addresses were deferred, | |
1674 | so that another delivery attempt happened later, Exim re-delivered to the | |
1675 | widened address, because it checked only the original address. When this | |
1676 | kind of widening happens, Exim now checks for previous delivery. | |
1677 | ||
1678 | 35. A delivery was silently discarded under the following specific | |
1679 | circumstances: | |
1680 | . The original address is x@a.b.c, where a.b.c is the local host; | |
1681 | . a.b.c is recognized as a local domain, and the address is redirected | |
1682 | to x@a; | |
1683 | . a is not recognized as a local domain, causing the address to be | |
1684 | processed by a dnslookup router; | |
1685 | . the router widens the address to a.b.c, routes it, and discovers it | |
1686 | is the local host. | |
1687 | Exim realized that because the domain had been widened, it might have | |
1688 | become a local domain, so it arranged to re-route from scratch, using the | |
1689 | new domain. However, because the original address was the same address, | |
1690 | it thought it had already dealt with it. | |
1691 | ||
1692 | 36. A space at the start of an LDAP query in an expansion (after the opening | |
1693 | curly) was provoking a syntax error. | |
1694 | ||
1695 | 37. A syntax error in the data of an ldapauth expansion caused the condition to | |
1696 | be false without an LDAP query even being tried. Now it causes the | |
1697 | expansion to fail. | |
1698 | ||
1699 | 38. Ensure that an incomplete config.h is removed when the buildconfig program | |
1700 | gives an error. Otherwise, if the error is a non-existent Exim user, and | |
1701 | the admin fixes this by creating the user (and not modifying any files), | |
1702 | Exim will try to use the broken config.h next time. | |
1703 | ||
1704 | 39. A call with an argument of the form "-D=xxxx" (i.e. omitting the macro | |
1705 | name) caused Exim to loop. It now reports an error. | |
1706 | ||
1707 | 40. If an ACL tested an address for being in a named domain list (e.g. | |
1708 | +relay_domains) and then called for recipient verification, and the | |
1709 | recipient was rewritten, the cache for remembering matching domain lists | |
1710 | was not being cleared after the rewrite, leading to potential routing (and | |
1711 | therefore verification) errors. Furthermore, the rewritten address would | |
1712 | (incorrectly) have been used for any subsequent address checking within | |
1713 | the ACL. | |
1714 | ||
1715 | 41. If an address such as a%b@c was processed using the "percent hack" and then | |
1716 | transmitted over SMTP, Exim was sending "RCPT TO:<a%b@c>" instead of | |
1717 | "RCPT TO:<a@b>". | |
1718 | ||
1719 | 42. A revised Makefile-CYGWIN file from Pierre Humblet. | |
1720 | ||
1721 | 43. If local_scan() rejected a -bS message, it wasn't handling the error in the | |
1722 | way -bS errors should be handled. | |
1723 | ||
1724 | ||
1725 | Exim version 4.05 | |
1726 | ----------------- | |
1727 | ||
1728 | 1. In the log display in Eximon, put the insert point (caret) at the start of | |
1729 | the last line instead of at the end, because this stops unwanted horizontal | |
1730 | scrolling when certain X libraries are used. | |
1731 | ||
1732 | 2. A malformed spool file with an incorrect number of recipients (which | |
1733 | should never occur, of course) could cause eximon (and probably exim) to | |
1734 | crash. | |
1735 | ||
1736 | 3. Updated Cygwin Makefile and os.h (minor tweaks). | |
1737 | ||
1738 | 4. Setting allow_domain_literals=true was not allowing domain literal | |
1739 | addresses in the -f command line option. | |
1740 | ||
1741 | 5. Added debugging output for removing and adding header lines at transport | |
1742 | time. | |
1743 | ||
1744 | 6. On systems where SA_NOCLDWAIT is defined, changed from using signal( | |
1745 | SIGCHLD, SIG_DFL) to using sigaction(), with flags explicitly set zero, to | |
1746 | ensure that SA_NOCLDWAIT is definitely off. This fixes a bug in AIX where | |
1747 | subprocesses were disappearing without being turned into zombies for Exim | |
1748 | to reap. There was a previous report of the error "remote delivery process | |
1749 | count got out of step" on a Linux box that was never resolved. It is | |
1750 | possible that this change fixes that too. | |
1751 | ||
1752 | 7. Other applications that support IPv6 have been coded to choose IPv6 | |
1753 | addresses in preference to IPv4 addresses where possible. This is | |
1754 | encouraged, in order to speed up the use of IPv6. Exim has now been changed | |
1755 | to do likewise when it looks up IP addresses from host names. This applies | |
1756 | both to hosts that have more than one IP address, and to MX records with | |
1757 | equal preference values when the hosts they point to have both IPv4 and | |
1758 | IPv6 addresses. Within one preference value, Exim will try all the IPv6 | |
1759 | addresses before any IPv4 addresses, even when some of the IPv4 addresses | |
1760 | belong to hosts that also have IPv6 addresses. | |
1761 | ||
1762 | 8. When Exim sent HELO after EHLO was rejected, or when it sent a second EHLO | |
1763 | after starting a TLS session, it used the primary host name as the | |
1764 | argument, instead of the expansion of the helo_data option. | |
1765 | ||
1766 | 9. Exim was failing to batch addresses for local delivery when errors_to was | |
1767 | set on the router to the same string for each address, in the case when the | |
1768 | string involved some kind of expansion (that ended up with the same value | |
1769 | each time). If the string was fixed (i.e. no expansion) the batching was | |
1770 | not blocked. In other words, I was testing the addresses of the strings but | |
1771 | forgetting to compare the content. The same problem was not present for | |
1772 | remote deliveries, but the code was written out instead of using a | |
1773 | subroutine that now exists for this purpose, so I tidied that code. | |
1774 | ||
1775 | 10. When Exim passes a connected TCP/IP socket to a new Exim process in order | |
1776 | to deliver another message on the same connection, it closes down TLS, | |
1777 | because it can't pass on the state information that is required by the | |
1778 | OpenSSL package. The new process then tries to start up TLS again. | |
1779 | Unfortunately, not all servers handle this - and, it has to be said, it is | |
1780 | a bit of a dubious interpretation of the RFC. (Exim as a server copes OK, | |
1781 | needless to say.) The problem is that the server may just die or give an | |
1782 | invalid response, causing a retry delay to occur. The option | |
1783 | hosts_nopass_tls was invented to help with this, but an automatic way of | |
1784 | testing has been invented. What now happens is that Exim sends a new EHLO | |
1785 | after shutting down TLS, before passing the socket on. This in itself | |
1786 | reduces the dubiousness of the procedure. If there isn't an OK response, | |
1787 | Exim doesn't try to pass the socket on. | |
1788 | ||
1789 | 11. There was inconsistency in the way failures to set up TLS sessions in the | |
1790 | smtp transport were handled when the host was not in hosts_require_tls. | |
1791 | It deferred for 4xx responses to STARTTLS, but tried in clear if the actual | |
1792 | TLS negotiation failed. It now does the same thing in both cases, and what | |
1793 | this is can be controlled by the new option tls_tempfail_tryclear. This | |
1794 | defaults true, causing a retry in clear to occur. If it is set false, these | |
1795 | kinds of temporary failure cause a defer (for that host; if there are | |
1796 | other hosts, they are tried). | |
1797 | ||
1798 | 12. Tidying. When starting up a new delivery process to deliver another message | |
1799 | over an existing SMTP connection, pass over the IP address as well as the | |
1800 | host name. This saves having to get the IP address from the socket. | |
1801 | ||
1802 | 13. Added "#define base_62 36" to OS/os.h-Darwin because the MacOS X operating | |
1803 | system has case-insensitive file names. | |
1804 | ||
1805 | 14. Tidies to rewriting code: (1) It was getting an unnecessarily large block | |
1806 | of memory for a rewritten header. (2) Removed some unnecessary debugging | |
1807 | code that just duplicated log output. | |
1808 | ||
1809 | 15. In an expansion like "${if <condition> {${mask:xxxx}}{yyyy}}" Exim still | |
1810 | tried to perform the masking operation even when the condition was false | |
1811 | and the yield was "yyyy". This could fail when "xxxx" wasn't a valid string | |
1812 | for the masking operation. Some other operators (e.g. base62) could fail in | |
1813 | a similar way. All string operations are now skipped when processing the | |
1814 | unused substring of a condition. | |
1815 | ||
1816 | 16. If a verification of a sender address in a header (caused by verify = | |
1817 | header_sender in an ACL) caused the address in the header to be rewritten | |
1818 | (typically because a DNS lookup had widened the domain), the newline at the | |
1819 | end of the header got lost, thereby causing two headers to be run together. | |
1820 | Sometimes, but not always, this caused a "spool format error". | |
1821 | ||
1822 | 17. A user wanted to use "save" in a filter file with a non-absolute path, and | |
1823 | to set file_transport to a non-appendfile transport that made use of | |
1824 | $address_file for its own purposes. This didn't work because Exim was | |
1825 | distinguishing between file and autoreplies by the leading '/' of the | |
1826 | former. It now checks for the leading '>' of the latter instead. | |
1827 | ||
1828 | 18. The "accept" router was forcing log_as_local instead of just defaulting it. | |
1829 | ||
1830 | 19. Exim crashed while verifying a recipient in an ACL if the address was | |
1831 | verified by a dnslookup router that widened the domain. | |
1832 | ||
1833 | 20. When checking the parameters returned from an ident call, Exim was assuming | |
1834 | that the format would be textually identical to the values it sent, | |
1835 | including the white space. This is not always the case, causing Exim to | |
1836 | discard returned ident data that it should have been accepting. | |
1837 | ||
1838 | 21. Typo (space missing) in "failed to expand condition" error message. | |
1839 | ||
1840 | 22. The option of specifying an individual transport in a route_data or | |
1841 | route_list option of the manualroute router wasn't working. Such settings | |
1842 | were being completely ignored. | |
1843 | ||
1844 | 23. The memory management was poor when building up a string from a lookup that | |
1845 | retrieved a large number of data items that had to be concatenated, for | |
1846 | example, an alias lookup in a database that returned thousands of | |
1847 | addresses. In extreme cases, this could grind the host to a halt. (Compare | |
1848 | change 8 for 4.00, which was a similar effect.) Two changes have been made | |
1849 | to improve matters: (a) For longer strings, it extends them in bigger | |
1850 | chunks, thus requiring fewer extensions. (b) It is now able to release some | |
1851 | unwanted memory when a string is copied out of it into a larger block. | |
1852 | ||
1853 | 24. There was a small error in the memory sizes quoted when -d+memory was used | |
1854 | and emptied memory blocks were released. | |
1855 | ||
1856 | 25. When helo[_try]_verify was set, Exim crashed if the reverse DNS lookup gave | |
1857 | a temporary error when trying to look up the host name. It now tries to | |
1858 | check with a forward DNS lookup (as it does when the reverse lookup can't | |
1859 | find a name). For helo_verify, a temporary error is now given if | |
1860 | verification failed, but the host name lookup gave a temporary error. (As | |
1861 | before, a permanent error is given if there is no host name available.) | |
1862 | ||
1863 | 26. When checking quotes for maildir++ format, if the directory name was given | |
1864 | with a trailing slash in the "directory" option of the appendfile | |
1865 | transport, Exim got the quota calculation wrong because it scanned the | |
1866 | final directory instead of the parent directory. | |
1867 | ||
1868 | 27. The "quota_xxx" error facility for retry rules was broken in Exim 4 if | |
1869 | the mailbox had not been read for more than approximately 10 hours. | |
1870 | ||
1871 | 28. If a router with "unseen" had a setting of address_data, the value was not | |
1872 | passed on to subsequent routers for the continuing processing of the | |
1873 | address. It now is. | |
1874 | ||
1875 | 29. If a daemon was started with (e.g.) -qff15m, it omitted the second 'f' when | |
1876 | starting queue runners. Likewise, if the flags included 'i', this was | |
1877 | omitted. | |
1878 | ||
1879 | 30. Some operating systems log warnings if exec() happens without the standard | |
1880 | input, output, and error file descriptors existing. The worry is that the | |
1881 | called program will open some file which will be allocated one of these | |
1882 | fds. Another bit of code might assume it can write an error message to | |
1883 | stderr, or whatever. Exim was calling itself to regain privilege for | |
1884 | delivery without these fds set, thus provoking the warning. Of course, it | |
1885 | didn't make use of them itself, but the exposure was there for libraries it | |
1886 | might be using. The code has been changed to ensure that, if any of the | |
1887 | file descriptors 0, 1, or 2 does not exist at the time of a call to exec(), | |
1888 | they are opened to /dev/null. | |
1889 | ||
1890 | 31. A delivery process could loop under the unusual combination of the | |
1891 | following circumstances: | |
1892 | (1) A delivery process had envelope_to_add set for its transport. | |
1893 | (2) The delivery was for a child address of an envelope address that | |
1894 | also had another child. | |
1895 | (3) This other child had been discarded because it was a duplicate of a | |
1896 | second envelope address. | |
1897 | (4) The second envelope address had generated a child that was discarded | |
1898 | because it was a duplicate of the first envelope address. | |
1899 | ||
1900 | 32. The -bp option was failing to notice delivered addresses that were in the | |
1901 | -J file but had not yet made it into the -H file. (This got broken between | |
1902 | Exim 3 and Exim 4.) | |
1903 | ||
1904 | 33. If "query" or "queries" in aliasfile director, or "route_query" or | |
1905 | "route_queries" in a domainlist router were enclosed in quotes, the | |
1906 | convert4r4 script was not removing the quotes before inserting the query | |
1907 | into an expansion string, leading to invalid queries within the string. | |
1908 | ||
1909 | 34. If more than two addresses were being delivered in a batch (either local or | |
1910 | remote deliveries), and they all had the same, non-empty value for | |
1911 | $self_hostname, but had different domains, Exim crashed. (This is rare, | |
1912 | because the use of "self=pass", which is the only way $self_hostname gets | |
1913 | set, is rare.) | |
1914 | ||
1915 | 35. If $message_headers was used in a context where there were no headers (e.g. | |
1916 | while verifying an address before receiving a message), it caused an | |
1917 | "unknown variable" error. Now it just returns an empty string. | |
1918 | ||
1919 | 36. Exim was not diagnosing missing time units letters in times on retry | |
1920 | rules. It was treating such malformed times as "-1", which caused the rules | |
1921 | to misbehave. | |
1922 | ||
1923 | 37. Added some debugging output to the CRAM-MD5 server code. | |
1924 | ||
1925 | 38. In the appendfile transport, check for a file name supplied by redirection | |
1926 | by checking for "not pipe and not autoreply" instead of looking for a | |
1927 | leading '/' in the "address". | |
1928 | ||
1929 | 39. The os.h file for Darwin defined CRYPT_H, which apparently is wrong. | |
1930 | ||
1931 | 40. The "condition" condition in ACLs has been tightened up. Formerly, anything | |
1932 | other than an empty string, "0", "no" or "false" was treated as "true". Now | |
1933 | it insists on "yes", "true", or a non-zero number. | |
1934 | ||
1935 | 41. Change 22 of 4.02 has been improved; somebody mailed me the correct code | |
1936 | to get an error message when ldap_result() doesn't set a result. | |
1937 | ||
1938 | 42. Update convert4r4 to recognize "ldap:" in require_files, and double the | |
1939 | colon. | |
1940 | ||
1941 | 43. Added "protocol violation" to the "SMTP synchronization" error message, to | |
1942 | make it clearer what it is complaining about. | |
1943 | ||
1944 | 44. Change 26 of 4.03 was incomplete. The same problem could arise if a lookup | |
1945 | failed while checking the pre-conditions of a router that was subsequently | |
1946 | run. This can happen for negated conditions such as "domains = !<lookup>". | |
1947 | ||
1948 | 45. Somebody managed to set up a configuration that crashed buildconfig such | |
1949 | that it left a half-built config.h but did not stop the build process. I | |
1950 | can't reproduce it, but I have added a check after building config.h to | |
1951 | test for the presence of its last line ("/* End of config.h */"). | |
1952 | ||
1953 | 46. Added a .PHONY target to the Makefile to be tidy for GNU make. (It should | |
1954 | be ignored by other versions). | |
1955 | ||
1956 | 45. When Exim uses Berkeley DB version 3 or 4 to create a DBM file, it creates | |
1957 | it in hashed format. Previously, it opened these files for reading in the | |
1958 | same format. Now it opens them as "unknown", which means that other formats | |
1959 | can be accommodated when using DB files for auxiliary data. | |
1960 | ||
1961 | 46. When concatenating header lines that may contain lists of addresses (From:, | |
1962 | To:, etc.) as a result of references to $h_from: etc., a comma is now | |
1963 | inserted at the concatenation point. Without it, the use of "if | |
1964 | foranyaddress" fails on such headers, which is dangerous. | |
1965 | ||
1966 | 47. The code for ratelimiting MAIL commands was triggering on the count of | |
1967 | messages received, instead of the number of MAIL commands (which is not the | |
1968 | same thing if no message is accepted in a transaction). The smtp_accept_ | |
1969 | max_per_connection limit has also been changed to use the count of MAIL | |
1970 | commands instead of the count of messages accepted. | |
1971 | ||
1972 | 48. There was a typo in the exiwhat script which broke it if the esoteric | |
1973 | CONFIGURE_FILE_USE_NODE option was in use. | |
1974 | ||
1975 | ||
1976 | Exim version 4.04 | |
1977 | ----------------- | |
1978 | ||
1979 | 1. Fix 10 for 4.03 had a bug in it, which could cause problems when converting | |
1980 | from an earlier 4.xx release with delayed "one_time" messages on the spool. | |
1981 | 4.03 incorrectly complains about spool format errors (and refuses to | |
1982 | process these messages). | |
1983 | ||
1984 | 2. Changed the status of the text widgets in the monitor from Append to Edit, | |
1985 | because this matters on some versions of X. | |
1986 | ||
1987 | 3. Change 22 for 4.03 turns out to be misguided. Luckily it is controlled by | |
1988 | a compile-time macro. I have removed the settings from OS/os.h-Linux that | |
1989 | made it try to use these functions. | |
1990 | ||
1991 | ||
1992 | Exim version 4.03 | |
1993 | ----------------- | |
1994 | ||
1995 | 1. Change 12 for 4.02 overlooked one case where 256 should have been replaced | |
1996 | by MAX_LOCALHOST_NUMBER. | |
1997 | ||
1998 | 2. Timeouts (etc) in dnslist lookups were not behaving as documented; they | |
1999 | were deferring (causing 4xx errors) instead of behaving as if the host was | |
2000 | not in the list. This has been fixed. In addition, some new special items | |
2001 | may appear in dns lists, to control what happens in this case. The items | |
2002 | are +include_unknown, +exclude_unknown, and +defer_unknown. | |
2003 | ||
2004 | 3. Added #include <unix.h> to OS/os.h-QNX because it was reported that this | |
2005 | was needed, in order to get O_NDELAY. | |
2006 | ||
2007 | 4. Added #define BASE_62 36 to OS/os.h-Cygwin. | |
2008 | ||
2009 | 5. Change 8 for 4.02 overlooked the fact that "directory" need not be set if | |
2010 | the directory name is coming from a filter or forwarding file. The check | |
2011 | has now been moved from initialization time to run time. Thus, it happens | |
2012 | later, but it still helps to diagnose the problem. | |
2013 | ||
2014 | 6. The file direct.c had been accidentally left in the distribution. | |
2015 | ||
2016 | 7. When a new process was forked to deliver another message down an existing | |
2017 | SMTP connection, a pipe file descriptor was accidentally left open. This | |
2018 | meant that if there was a long chain of such processes, the number of open | |
2019 | file descriptors increased by one for each process, and if there were | |
2020 | sufficent, the limit of open descriptors could be reached, causing various | |
2021 | problems. | |
2022 | ||
2023 | 8. When an address was being checked with -bt and the routing involved an | |
2024 | errors_to setting whose address verification also involved an errors_to | |
2025 | setting, Exim got into a verifying loop. It shouldn't verify an errors_to | |
2026 | setting when already verifying, but got this wrong if it started from -bt. | |
2027 | ||
2028 | 9. Tidied up some compiler warnings when compiling with TCP wrappers. | |
2029 | ||
2030 | 10. When a child address was promoted to a toplevel address by "one_time" after | |
2031 | a deferred delivery, it was not remembering any "errors_to" address that | |
2032 | was set by the routers that processed the original address. Consequently, | |
2033 | the subsequent delivery had (incorrectly) the original sender address in | |
2034 | the envelope. Exim now remembers the "errors_to" address with the new | |
2035 | toplevel address and reinstates it for the next delivery. | |
2036 | ||
2037 | 11. When Exim received a message other than from the daemon, there were two | |
2038 | situations in which it did not re-exec itself for delivery: when it was | |
2039 | running as root, or when it was running in an unprivileged mode. This was | |
2040 | an attempt to save some resources (very early Exims ran as root more often) | |
2041 | but has turned out to be pretty rare. A bug has been discovered in this | |
2042 | case: if the incoming message was on a TLS session (from inetd, for | |
2043 | example), but the outgoing delivery was on an unencrypted SMTP connection, | |
2044 | Exim got confused. The effect was minimal: it sent two EHLO commands, but | |
2045 | otherwise worked. Multiple EHLOs are not an error, according to the RFCs, | |
2046 | but there was at least one broken MTA that objected. This error would have | |
2047 | occurred only when synchronous delivery (-odi or -odf) was specified. | |
2048 | ||
2049 | While sorting this out, I have abandoned the logic that did a delivery | |
2050 | without forking in the interests of simplicity. This was an even rarer | |
2051 | case: it only happened when Exim was running as root or in an unprivileged | |
2052 | mode AND synchronous delivery was specified. | |
2053 | ||
2054 | 12. Change references to /bin/rm in the Makefile to plain rm. | |
2055 | ||
2056 | 13. If EXIM_PERL was set in Local/Makefile, but PERL_COMMAND was set to a | |
2057 | command that was not a file, or if it was set to a non-existent file, | |
2058 | the build process carried on trying to build Perl support, but without the | |
2059 | relevant variables for the Perl libraries, etc., which is disastrous. In | |
2060 | fact, the build process shouldn't have been using PERL_COMMAND; that is a | |
2061 | value for screwing into utility scripts. The build process assumes a | |
2062 | suitable PATH for things like rm, mv, etc., which have xxx_COMMAND | |
2063 | variables for scripts. So I've changed it to use just "perl". It now bombs | |
2064 | out if "perl --version" doesn't produce some output. | |
2065 | ||
2066 | 14. Changed the #includes in perl.c for the Perl headers to use <> instead of | |
2067 | "" because this is apparently better usage. | |
2068 | ||
2069 | 15. Added local_scan_timeout to apply a timeout to local_scan(). | |
2070 | ||
2071 | 16. Recognize IPv6 addresses as IP addresses, even when Exim is not compiled | |
2072 | with IPv6 support. | |
2073 | ||
2074 | 17. When verifying a HELO/EHLO name, Exim was not checking the alias host names | |
2075 | it obtained from calling gethostbyaddr(). In many cases, this didn't cause | |
2076 | any unwanted rejections because as a last resort Exim does a forward lookup | |
2077 | on the HELO name to see if any of its IP addresses matches. But it fixing | |
2078 | the bug saves the unnecessary additional lookup. | |
2079 | ||
2080 | 18. Added "domains = ! +local_domains" to the commented-out ipliteral router in | |
2081 | the default configuration. | |
2082 | ||
2083 | 19. Default sender_host_aliases to an empty alias list, instead of NULL. This | |
2084 | is just for tidiness; the way it was coded, it didn't cause any problems. | |
2085 | ||
2086 | 20. Added -tls-on-connect, which starts a TLS session without waiting for | |
2087 | STARTTLS. This supports older clients that used a different port. | |
2088 | ||
2089 | 21. Added support for the Cyrus pwcheck daemon. | |
2090 | ||
2091 | 22. Arranged to use getipnodebyaddr() instead of gethostbyaddr() in systems | |
2092 | with IPv6 support that have this function, because gethostbyaddr() doesn't | |
2093 | work for IPv6 addresses on all systems (it does on some). | |
2094 | ||
2095 | 23. Header lines added by "warn" statements in the ACL for RCPT are saved up to | |
2096 | be added after the message's header has been received. Previously, Exim was | |
2097 | saving up all added headers, from both RCPT and DATA, until the very end. | |
2098 | Now it adds those from RCPT before the DATA ACL is obeyed, so that they can | |
2099 | be accessed from within the DATA ACL. | |
2100 | ||
2101 | 24. Changed TLS initialization to use SSL_CTX_use_certificate_chain_file() | |
2102 | instead of SSL_CTX_use_certificate_file(). This means that the file can | |
2103 | contain the whole chain of certificates that authenticate the server. | |
2104 | ||
2105 | 25. Updated convert4r4 to check for colons that look as if they are part of | |
2106 | expansion items in require_files lists (e.g. ${lc:xxxx}). In Exim 3, the | |
2107 | whole list was expanded before splitting up, but in Exim 4, the splitting | |
2108 | happens first, so such colons must be doubled. The conversion script now | |
2109 | doubles such colons, and outputs a warning message. The test for one of | |
2110 | these colons is a match against "\$\{\w+:". | |
2111 | ||
2112 | 26. If, while verifying a recipient address, a router was skipped because a | |
2113 | lookup did not succeed, and the following router suffered a temporary | |
2114 | failure (e.g. a timeout), the log line for the temporary rejection showed | |
2115 | the error from the first router instead of from the second. | |
2116 | ||
2117 | 27. Exim crashed if a dnslists test was obeyed in an ACL for an SMTP message | |
2118 | from the local host. Now it just fails to match the list. | |
2119 | ||
2120 | ||
2121 | Exim version 4.02 | |
2122 | ----------------- | |
2123 | ||
2124 | 1. Bug in string expansion: if a "fail" substring of a conditional contained | |
2125 | another conditional that used the "fail" facility, Exim didn't swallow the | |
2126 | right number of closing parentheses in the case when the original condition | |
2127 | succeeded (i.e. when the condition containing the "fail" should be | |
2128 | skipped). | |
2129 | ||
2130 | 2. helo_verify_hosts wasn't working when comparing host names. | |
2131 | ||
2132 | 3. When delivering down an existing SMTP connection, the error "Unexpectedly | |
2133 | no free subprocess slot" was sometimes given for other addresses in the | |
2134 | message. | |
2135 | ||
2136 | 4. Binary zeroes in the message body are now turned into spaces in the | |
2137 | contents of $message_body and $message_body_end. | |
2138 | ||
2139 | 5. If the value of a field in a MySQL result was SQL NULL, and more than one | |
2140 | field was selected, Exim crashed. | |
2141 | ||
2142 | 6. It seems that many OS treat 0.0.0.0 as meaning the local host, typically | |
2143 | making it behave like 127.0.0.1. Since there have been incidents where this | |
2144 | was found in the DNS, two changes have been made: | |
2145 | (a) Added 0.0.0.0 to the ignore_target_hosts setting in the default | |
2146 | configuration. | |
2147 | (b) Unconditionally recognize 0.0.0.0 as the local host while routing. | |
2148 | ||
2149 | 7. Added helo_allow_chars so people can let in underscores if they really | |
2150 | have to. Sigh. | |
2151 | ||
2152 | 8. Give configuration error if "maildir_format" or "mailstore_format" is | |
2153 | specified for appendfile without specifying "directory". | |
2154 | ||
2155 | 9. When return_path was expanded in an smtp transport, the values of | |
2156 | $local_part and $domain were not set up. | |
2157 | ||
2158 | 10. The optimization for sending multiple copies of a single message over one | |
2159 | SMTP connection when there are lots of recipients (but too many for one | |
2160 | copy of the message) was messing up in the case when max_rcpt was set to 1 | |
2161 | (for VERP). It would send lots of copies with one RCPT each, correctly, but | |
2162 | because the transport was passed more than one address, $local_part and | |
2163 | $domain weren't set. Since setting max_rcpt to 1 is almost always | |
2164 | associated with VERP (or at least, you do it because you want to use | |
2165 | $domain or $local_part), I've made that a special case where the | |
2166 | optimization is disabled. | |
2167 | ||
2168 | 11. Cygwin has case-insensitive file names. Therefore, we can't use base 62 | |
2169 | numbers for Exim's identifiers. We have to use base 36 instead. Luckily 6 | |
2170 | base 36 digits are still plenty enough to hold the time for some years to | |
2171 | come. There's now a macro that is set either to 62 or 36, but the names and | |
2172 | documentation still talk about "base 62". | |
2173 | ||
2174 | 12. Added build-time variable MAX_LOCALHOST_NUMBER (default 256) to allow the | |
2175 | localhost number to be traded off against the maximum number of messages | |
2176 | one process can receive in one second. This is relevant only when | |
2177 | localhost_number is set. It may be useful for Cygwin, where the maximum | |
2178 | sequence number is much less when up to 256 hosts are allowed. | |
2179 | ||
2180 | 13. Extended MySQL server data to allow for the specification of an alternate | |
2181 | Unix domain socket. | |
2182 | ||
2183 | 14. Give error if too many slashes in mysql_servers or pgsql_servers item. | |
2184 | ||
2185 | 15. Changed the wording "debug string overflowed buffer" to "debug string too | |
2186 | long - truncated" to make it clearer that it's not a big disaster. | |
2187 | ||
2188 | 16. Now that I finally understand the difference between the resolver's returns | |
2189 | HOST_NOT_FOUND and NO_DATA, I've optimized Exim's DNS lookup so that if an | |
2190 | MX lookup gets HOST_NOT_FOUND, it doesn't bother to try to look up an | |
2191 | address record. Only if it gets NO_DATA does it do that. | |
2192 | ||
2193 | 17. The contents of Envelope-To: were not correct in cases when more than one | |
2194 | envelope address was redirected to a single delivery address via an | |
2195 | intermediate address, because the duplication was detected at the | |
2196 | intermediate stage, but the checking for Envelope-To: only looked at | |
2197 | duplicates of the final address. | |
2198 | ||
2199 | 18. If a message with the -N flag was on the spool, and was selected during a | |
2200 | queue run by -R or -S, the -N flag was incorrectly passed on to all | |
2201 | subsequent messages, leading to their being thrown away. | |
2202 | ||
2203 | 19. Remove unnecessary check for the local host when looking up host names in | |
2204 | host lists. | |
2205 | ||
2206 | 20. If tls_certificate is supplied, but tls_privatekey is not, assume that both | |
2207 | are in the tls_certificate file. | |
2208 | ||
2209 | 21. If a router set transport_current_directory or transport_home_directory | |
2210 | to something that involved an LDAP lookup, and there was more than one | |
2211 | local delivery to be done for a single message, all but the first got | |
2212 | deferred because the LDAP connection for those variables got opened in the | |
2213 | superior process, but closed in the first subprocess. The second subprocess | |
2214 | then assumed it was still open. We now ensure that each subprocess starts | |
2215 | with a clean slate (everything closed down) so that it can open and close | |
2216 | its own connections as needed. | |
2217 | ||
2218 | 22. After a failure of ldap_result(), Exim was calling ldap_result2error() in | |
2219 | order to get an error message. However, it appears that it shouldn't do | |
2220 | this if the value of result variable is NULL. As I can't find any way of | |
2221 | getting an error message out of LDAP in this circumstance, Exim now just | |
2222 | gives says "ldap_result failed and result is NULL". | |
2223 | ||
2224 | 23. If a message arrives over a TLS connection via inetd, close down the SSL | |
2225 | library in the subprocess for message delivery (but don't molest the | |
2226 | parent's SSL connection). | |
2227 | ||
2228 | ||
2229 | Exim version 4.01 | |
2230 | ----------------- | |
2231 | ||
2232 | 1. When setting TCP_NODELAY, the call to setsockopt() was using SOL_SOCKET | |
2233 | instead of IPPROTO_TCP, which caused excessive logging on some systems. | |
2234 | ||
2235 | 2. Changed the Makefile for Cygwin to set EXIM_USER and EXIM_GROUP to 0. | |
2236 | ||
2237 | 3. The SMTP rewriting facility was broken. | |
2238 | ||
2239 | 4. There was some malformatting in the spec.txt file (the other formats were | |
2240 | OK). | |
2241 | ||
2242 | 5. Made convert4r4 change "bydns_a" into "bydns" in route_list options, and | |
2243 | to do the same for "bydns_mx", but in this case to comment that it won't | |
2244 | work the same (and to suggest a workaround). | |
2245 | ||
2246 | 6. Removed redundant code in deliver.c for indicating when a reused SMTP | |
2247 | connection had been closed in a subprocess - this was being done twice. | |
2248 | ||
2249 | 7. Change 2 of 3.164 removed Exim's explicit checking that a reverse DNS | |
2250 | lookup yielded a name whose forwarded lookup gave the original IP address, | |
2251 | because I thought that gethostbyaddr() did this automatically (it seems to | |
2252 | on some systems). There is hard evidence that I was wrong, so this test has | |
2253 | been put back, and in a better form, because it now checks alias names. | |
2254 | This means that the verify=reverse_host_lookup condition in an ACL reduces | |
2255 | to requiring that the host name has been looked up, since the checks it | |
2256 | previously did are not always applied. | |
2257 | ||
2258 | 8. When sender verification fails, the error associated with it is given by | |
2259 | default before the 550 error for the first RCPT command. Not everybody | |
2260 | wants to see this. There is now an option (no_details) that suppresses it. | |
2261 | ||
2262 | 9. The patterns in rewriting rules with the 'S' flag were not being expanded. | |
2263 | For consistency with other patterns (and the documentation), this has been | |
2264 | changed. | |
2265 | ||
2266 | 10. "domainlist", "hostlist", and "addresslist" weren't recognized if the | |
2267 | immediately following character was a tab rather than a space. | |
2268 | ||
2269 | 11. The rules for writing daemon pid files have changed. A new option -oP has | |
2270 | been added to provide a way of specifying a pid file path on the command | |
2271 | line. Exim now writes a pid file when -bd is used, unless -oX is specified | |
2272 | without -oP. | |
2273 | ||
2274 | 12. The version number of OpenSSL was included in the response to the STARTTLS | |
2275 | command - a legacy from the original contributed code that doesn't seem | |
2276 | sensible. It no longer appears, and I took it out of the debug output as | |
2277 | well because that was the only place left, and the code to compute it was | |
2278 | "mysterious magic" that didn't seem worth keeping. | |
2279 | ||
2280 | 13. When another message was processed in order to send it down an existing | |
2281 | SMTP connection, Exim was doing the routing for all the addresses. Even if | |
2282 | called from a delivery from a queue runner, this doesn't count as "in a | |
2283 | queue run", so retry times were not being inspected. If the message had a | |
2284 | large number of recipients, and several of them timed out while routing, | |
2285 | the delay could be so large that the server at the other end of the SMTP | |
2286 | connection would time out. To avoid this happening, Exim now skips routing | |
2287 | for any addresses that have a domain retry time set for routing, whether or | |
2288 | not that retry time has arrived, when dealing with a pre-existing SMTP | |
2289 | connection. This will be "right" pretty well all of the time, and even | |
2290 | when it is "wrong", the only consequence will be some delay. (This doesn't | |
2291 | apply to "address" retry times, because those are usually the result of 4xx | |
2292 | errors, not timeouts.) | |
2293 | ||
2294 | 14. Added words to the initial output from -bh pointing out that no ident | |
2295 | callback is done. | |
2296 | ||
2297 | 15. The convert4r4 script wasn't getting it quite right with an aliasfile | |
2298 | director that had a "transport" setting. It was missing the "yes/no" in the | |
2299 | "condition" setting. | |
2300 | ||
2301 | ||
2302 | Exim version 4.00 | |
2303 | ----------------- | |
2304 | ||
2305 | 1. Changed the name of debug_print for authenticators (3.953/38) to | |
2306 | server_debug_print because it applies only when the authenticator is | |
2307 | running as a server. | |
2308 | ||
2309 | 2. Forgot to change DB_ to EXIMDB_ in the Cygwin Makefile. | |
2310 | ||
2311 | 3. There were still a couple of uses of vfork() when passing a socket to a | |
2312 | new delivery process. The use of vfork() is not recommended these days, | |
2313 | so I changed them to fork(). | |
2314 | ||
2315 | 4. Added the spa authentication mechanism, using the code contributed by Marc | |
2316 | Prud'hommeaux (and mostly taken from the Samba project). This supports | |
2317 | Microsoft's "Secure Password Authentication", but only as a client. | |
2318 | ||
2319 | 5. queryprogram had current_directory unset, but used "/" when it was unset. | |
2320 | It is tidier just to make the default "/" and have done with it. | |
2321 | ||
2322 | 6. When a delivery is run with -v, the -v flag is no longer passed on to new | |
2323 | processes that are started in order to send other messages on existing | |
2324 | SMTP connections. This prevents non-admin users from seeing these other | |
2325 | deliveries. Admin users can specify a higher level of debugging, and when | |
2326 | this is done, the debugging selection is passed on. | |
2327 | ||
2328 | 7. Increased the increment for dynamic strings from 50 to 100. | |
2329 | ||
2330 | 8. When Exim was building a dynamic string for $header_xxx from a number of | |
2331 | headers of the same name, or for $message_headers, it was using the dynamic | |
2332 | string function which is designed for use with relatively short strings. If | |
2333 | a pathological message had an enormous header, it chewed up memory at a | |
2334 | ridiculous rate. The code has been rewritten so that it does not do this. | |
2335 | With a 64K header string (there's a limit set at 64K) it now just gets one | |
2336 | 64K buffer. Previously it used a large number of megabytes to build such a | |
2337 | string, and some system filter processing ran machines into the ground on | |
2338 | messages with huge headers. | |
2339 | ||
2340 | 9. The work for 8 involved a small amount of other "refactoring" in the | |
2341 | expansion functions. | |
2342 | ||
2343 | 10. If "headers add" or "headers remove" were used in a system filter, the | |
2344 | headers didn't actually get changed when testing with -bF. This could | |
2345 | affect later commands in the filter that referred to the headers. | |
2346 | ||
2347 | 11. Two system filter bugs: (a) The system filter was always being run as root, | |
2348 | even if system_filter_user was set. (b) When the system filter was not run | |
2349 | as root, changes to the header lines by "headers add" or "headers remove" | |
2350 | were being lost. Because of (a), (b) would never have bitten. | |
2351 | ||
2352 | 12. Some "refactoring" in the daemon: | |
2353 | (a) Removed redundant statement smtp_in=NULL. | |
2354 | (b) The test for fork failure for a delivery process was not quite in the | |
2355 | right place. | |
2356 | (c) Added main and panic logging for receive and delivery fork failures. | |
2357 | (d) Check for fdopen() failure, and don't try to continue, but ensure | |
2358 | the sockets get closed. | |
2359 | (e) Log fclose() failures. | |
2360 | ||
2361 | 13. Added the "/data" facility to ACL dnslists so as to make it easy to use, | |
2362 | for example, the domain lookup of rfc-ignorant.org. | |
2363 | ||
2364 | 14. Refactored the code in the daemon to use a vector of structures instead of | |
2365 | two separate vectors for storing the pid of a spawned accepting process and | |
2366 | the corresponding IP address of the client. (This is to make it easier to | |
2367 | add other things.) | |
2368 | ||
2369 | 15. If EXIM_USER or EXIM_GROUP were set to the empty string in Local/Makefile, | |
2370 | the uid or gid were set to zero, which is unsafe. These settings now cause | |
2371 | an error message at build time. | |
2372 | ||
2373 | 16. check_ancestor was doing its check case-sensitively, which meant that it | |
2374 | did not work with some configurations when redirecting changed the case of | |
2375 | the local part. Now check_ancestor respects the setting of | |
2376 | caseful_local_part on the router which routed the ancestor address. | |
2377 | ||
2378 | 17. The check for router looping (whether the current router had previously | |
2379 | routed the same address) was always being done case-insensitively. It | |
2380 | should do the local part check case-sensitively when caseful_local_part is | |
2381 | set for that router. | |
2382 | ||
2383 | 18. Added helo_try_verify_hosts, which is like helo_verify_hosts except that | |
2384 | it doesn't reject failing HELO/EHLO. Instead the verification state can be | |
2385 | testing in an ACL by verify=helo. | |
2386 | ||
2387 | 19. When echoing log writes from a parallel remote delivery process to the | |
2388 | debug output, the pid of the parallel process was being omitted. | |
2389 | ||
2390 | 20. In an ACL run for a RCPT command, the values of $domain and $local_part | |
2391 | were becoming unset after a sender or recipient verification. | |
2392 | ||
2393 | 21. Exim crashed if called with -C followed by a ridiculously long string. | |
2394 | ||
2395 | 22. Some other potential points of trouble caused by pathological input data | |
2396 | have been defended. | |
2397 | ||
2398 | 23. If hosts_randomize was set on an smtp transport, the randomizing code had | |
2399 | a bug which could put the delivery process into a tight loop. | |
2400 | ||
2401 | ||
2402 | ||
2403 | Exim version 3.953 | |
2404 | ------------------ | |
2405 | ||
2406 | 1. Exim was not terminating the names of named lists in memory. It got away | |
2407 | with this on systems where newly malloc()d store is zeroed (always a bad | |
2408 | practice). When running in its test harness, Exim now ensures that all | |
2409 | new memory from malloc is filled with a non-zero value. This will help | |
2410 | pick up bugs like this in future. (I haven't made it do it always, for | |
2411 | performance reasons.) | |
2412 | ||
2413 | 2. When skip_syntax_errors was set on a redirect router, and a forward file | |
2414 | (NOT a filter file) contained only invalid addresses, the message was | |
2415 | discarded. The router now declines, as it does for invalid filter files. | |
2416 | Thus, the address is passed on unless no_more is set. | |
2417 | ||
2418 | 3. When an address containing upper case letters in the local part was | |
2419 | deferred, eximon showed the lowercased version with the caseful version | |
2420 | as a "parent", as well as the original caseful version in its queue list. | |
2421 | ||
2422 | 4. When hide_child_in_errmsg was set on a redirect router, bounce messages | |
2423 | still showed the failed addresses in the X-Failed-Recipients: header line. | |
2424 | ||
2425 | 5. Change 6 for 3.952 should also have included SIGTERM. | |
2426 | ||
2427 | 6. exim -bP +something was searching only the domain lists. It now searches | |
2428 | all lists for a matching name. | |
2429 | ||
2430 | 7. If Local/Makefile contains more than one of USE_DB, USE_GDBM, or USE_TDB, | |
2431 | give a build-time error. When it does contain one of them, arrange for any | |
2432 | OS default for any other one to be overridden. (The code expects at most | |
2433 | one of these to be defined.) | |
2434 | ||
2435 | 8. When a value for transport_home_directory is taken from the password | |
2436 | information, wrap it in \N...\N so that it isn't expanded in the transport. | |
2437 | This affects Cygwin, where home directories may contain $ characters. | |
2438 | ||
2439 | 9. Fixed an occasional crash when autoreply was sending a message created by | |
2440 | a user's filter file. It was referencing uninitialized memory. (The | |
2441 | prophylactic mentioned in 1 above made it a hard error.) | |
2442 | ||
2443 | 10. The "run" and "readfile" expansion items could sometimes return extra junk | |
2444 | characters (yet another uninitialized memory bug). | |
2445 | ||
2446 | 11. The lockout options forbid_filter_existstest etc. were not propagating to | |
2447 | the expansion of files sent as part of "mail" messages from users' filter | |
2448 | files. | |
2449 | ||
2450 | 12. Another unterminated string bug: when an ACL was read from a file | |
2451 | dynamically it wasn't properly terminated. | |
2452 | ||
2453 | 13. Cached pgsql connections weren't being re-used, leading to a potential | |
2454 | build-up of open connections. | |
2455 | ||
2456 | 14. $message_headers is supposed to be limited to 64K in length, but it wasn't | |
2457 | so limited if an individual header line was longer than 64K. | |
2458 | ||
2459 | 15. An individual header line, or concatenation of multiple identically- | |
2460 | named header lines, inserted by $h_xxxx is supposed to be limited to 64K in | |
2461 | length, but it wasn't so limited if the only header line was longer than | |
2462 | 64K. | |
2463 | ||
2464 | 16. A syntactically incorrect setting of -d... is now treated as a command line | |
2465 | syntax error (message to stderr, return code 1), without any entry on the | |
2466 | log. | |
2467 | ||
2468 | 17. Modifications to the exim_install script: | |
2469 | (a) Scan the combined Makefile in the build directory instead of messing | |
2470 | around scanning its individual constituent files. | |
2471 | (b) Use sed instead of a pipe of grep, tail and cuts. This allows better | |
2472 | control, but has to be very simple sed in order to work on Solaris. | |
2473 | (c) Allow for the setting of EXE to add a subscript to executables for | |
2474 | the benefit of Cygwin. | |
2475 | (d) Use -c instead of -b with "cut" because the "cut" in BSD/OS doesn't | |
2476 | grok -b. | |
2477 | ||
2478 | 18. Changes for Cygwin: | |
2479 | (a) Update scripts/os-type to recognize CYGWIN. | |
2480 | (b) Arrange (via the Uopen() macro) for all calls to open() to have | |
2481 | the O_BINARY flag, to avoid CRLF problems. | |
2482 | (c) If OS_INIT is defined, call it at the very start of Exim's execution. | |
2483 | (d) When resolver debugging is enabled, set _res.options |= RES_DEBUG | |
2484 | before calling res_init() as well as after, because that generates | |
2485 | some debugging info during initialization. | |
2486 | ||
2487 | 19. Make the initial call to os_getloadavg() in exim.c conditional on | |
2488 | LOAD_AVG_NEEDS_ROOT because it is done just to initialize os_getloadavg() | |
2489 | on systems that require the first call to be done as root. It should be | |
2490 | called only when messages are being received; it was being called | |
2491 | unnecessarily in some cases. | |
2492 | ||
2493 | 20. If Exim failed to open its retry hints database at routing time, it crashed | |
2494 | during a subsequent local delivery. | |
2495 | ||
2496 | 21. If Exim is neither setuid root nor called by root, there is no need to | |
2497 | attempt to drop root privilege when it is not needed. | |
2498 | ||
2499 | 22. I'd forgotten to remove the check for the presence of %s in pid_file_path | |
2500 | when it was set at run time. | |
2501 | ||
2502 | 23. If a transport filter crashed, or yielded a non-zero return code during an | |
2503 | SMTP delivery, Exim was not aborting the delivery. This led to multiple | |
2504 | partial deliveries of the message until the transport filter was fixed. | |
2505 | ||
2506 | 24. Do not try alternate hosts if a transport filter crashes or yields a | |
2507 | non-zero return during an SMTP delivery. | |
2508 | ||
2509 | 25. When exim -be is reading input lines from stdin, backslash can now be used | |
2510 | for continuations. This makes it easier to test expansions from a | |
2511 | configuration file by cut and paste, and long expansions in general. | |
2512 | ||
2513 | 26. The file src/auths/xtextdecode.c was incorrectly named xtestdecode.c, but | |
2514 | because the MakeLinks script built a symbolic link that worked, this | |
2515 | mistake didn't actually show up. | |
2516 | ||
2517 | 27. When Exim is delivering another message down an existing connection, | |
2518 | remote_max_parallel should be forced to 1; this wasn't happening, though | |
2519 | it would have caused a problem only if a message had more than 100 | |
2520 | recipients routed to the host. | |
2521 | ||
2522 | 28. When there was a problem while delivering down an existing connection, such | |
2523 | that the transport process closed the connection, this fact wasn't getting | |
2524 | communicated to the calling delivery process, which might have tried to do | |
2525 | more deliveries on the same connection. This would only have caused a | |
2526 | problem if there were more than 100 recipients to the same host. | |
2527 | ||
2528 | 29. The ${extract} action, with a negative field number that selected the first | |
2529 | field in a string, could return junk characters at the start of the | |
2530 | extracted field. | |
2531 | ||
2532 | 30. When Exim is acting as a client, if an attempt to start a TLS session fails | |
2533 | during the TLS negotiation phase (i.e. STARTTLS is accepted, but there's a | |
2534 | problem such as an unrecognized certificate during TLS session startup), | |
2535 | Exim used always to defer delivery. Now, unless the host is in | |
2536 | hosts_require_tls, Exim makes a new connection to the host and attempts to | |
2537 | send the message unencrypted. This avoids stuck messages for servers that | |
2538 | advertise STARTTLS but don't actually support it properly. | |
2539 | ||
2540 | 31. Added ${address:xxx} to go with ${domain:xxx} and ${local_part:xxx} which | |
2541 | extract from RFC 2822 addresses. | |
2542 | ||
2543 | 32. The rules for recognizing when Exim is being called from inetd have | |
2544 | changed. Previously Exim required SMTP input, stdin to be a TCP/IP socket, | |
2545 | and the caller to be root or the Exim user. This left a gaping hole if the | |
2546 | caller was not root or the Exim user, because then it wouldn't do the | |
2547 | policy checking for a remote host, because it didn't realize it was being | |
2548 | called from inetd. (This was seen on Debian configurations). Exim now | |
2549 | behaves as follows: if the input is SMTP and stdin is a TCP/IP socket, a | |
2550 | call from inetd is assumed. This is allowed to proceed either if the caller | |
2551 | is root or the Exim user, or if the port used is privileged (less than | |
2552 | 1024). Otherwise (a different user passing an unprivileged port) Exim gives | |
2553 | a "Permission denied" error. | |
2554 | ||
2555 | 33. Removed $compile_number from the default SMTP banner line (after discussion | |
2556 | on the mailing list). Also removed it from the default $Received: header. | |
2557 | ||
2558 | 34. # is documented as a comment character in the run time configuration only | |
2559 | when it appears at the start of a line. In the case of boolean values, | |
2560 | extra characters after "= true" or "= false" were being ignored, leading to | |
2561 | a false impression that comments could appear there. This is now diagnosed | |
2562 | as an error. | |
2563 | ||
2564 | 35. If a boolean option without a following "=" was followed by # (in the | |
2565 | mistaken belief that this would be a comment), the error was "missing =", | |
2566 | which was confusing. Exim now complains about extra characters. | |
2567 | ||
2568 | 36. When Exim complains about extra characters following an option setting, it | |
2569 | now adds a comment about comments if the first extra character is #. | |
2570 | ||
2571 | 37. Output debug_print strings when testing a host using -bh. | |
2572 | ||
2573 | 38. Added server_debug_print to authenticators (compare routers and | |
2574 | transports). This outputs when an authenticator is called as a server. It | |
2575 | can be helpful while testing with -bh. | |
2576 | ||
2577 | 39. Added debugging output to the crypteq condition. | |
2578 | ||
2579 | 40. If a named domain or local part list used in a "domains" or "local_parts" | |
2580 | option on a router matched by means of a lookup, the $domain_data and | |
2581 | $local_part_data variables were set for the first router that did this, but | |
2582 | were not set for any subsequent routers that used the same named list. The | |
2583 | same was true for multiple tests of named domain or local parts lists in an | |
2584 | ACL. | |
2585 | ||
2586 | 41. If the variable "build" is set when the top-level Makefile is run, the | |
2587 | variable now propagates from the top-level Makefile to subsidiary ones. | |
2588 | In addition, Local/Makefile-$(build) is added to the list of concatenated | |
2589 | files that go at the start of the Makefile in the build directory. | |
2590 | ||
2591 | 42. If NO_SYMLINK is defined in Local/Makefile, the exim_install script just | |
2592 | copies the Exim binary in with its unique name, without moving the "exim" | |
2593 | symbolic link to it. | |
2594 | ||
2595 | 43. Added BSDI 4.2 as a BSDI variant in scripts/os-type. | |
2596 | ||
2597 | 44. The spool file format for remembering a "one_time" redirection has changed; | |
2598 | I had forgotten to make Exim 4 capable of reading Exim 3 spool files. | |
2599 | ||
2600 | 45. Address lists are now permitted to include items of the form *@+name where | |
2601 | "name" is a named domain list. (Note that an item of the form +name is | |
2602 | taken as a named _address_ list.) | |
2603 | ||
2604 | 46. When Exim gives up privilege and reverts to the calling user because it was | |
2605 | called with the -C, -D, -be, or -bi options, it now reinstates the | |
2606 | supplementary group list as well as the uid and gid. | |
2607 | ||
2608 | 47. The crypteq condition has been extended. When the encrypted string begins | |
2609 | with "{md5}" Exim used to assume that the digest was encoded as a base64 | |
2610 | string. Now it assumes this only if its length is 24 bytes. If the length | |
2611 | is 32 bytes, Exim assumes a digest expressed in hex characters. If the | |
2612 | length is neither 24 nor 32, the comparison always fails. | |
2613 | ||
2614 | 48. Updated the convert4r4 script: | |
2615 | ||
2616 | (a) Some typos in the comments. | |
2617 | (b) Remove kill_ip_options, log_ip_options, and refuse_ip_options, which | |
2618 | no longer exist. | |
2619 | (c) Move all macro definitions to the top of the output, to ensure that | |
2620 | they precede any references to them. | |
2621 | (d) If tls_verify_ciphers was set without tls_verify_hosts, the generated | |
2622 | new configuration insisted on encryption ("these ciphers must be | |
2623 | used for all connections") instead of just checking the cipher when | |
2624 | encryption happened ("if encrypted, these ciphers must be used"). | |
2625 | (e) Address lists are now checked to see if they contain any bare lookup | |
2626 | items and if they do, these are converted to two items, the first | |
2627 | preceded by "*@" and the second with "partial-" removed. This makes | |
2628 | Exim 4 behave in the way that Exim 3 used to. An explanatory comment | |
2629 | is output. | |
2630 | (f) Put more explanation in above the "hosts = :" test. | |
2631 | ||
2632 | 49. Write a main and panic log entry when "partial-" is ignored in a lookup | |
2633 | that is part of an address list. (Applies when the item is a lookup for | |
2634 | which the whole address is the key.) | |
2635 | ||
2636 | 50. Two changes to the way $original_local_part and $parent_local_part work: | |
2637 | ||
2638 | (a) When an address that had a prefix or suffix was redirected to another | |
2639 | address, the value of $original_local_part and $parent_local_part | |
2640 | had the prefix or suffix stripped when referred to during the | |
2641 | processing of the child address. This doesn't seem right, so it has | |
2642 | been changed. | |
2643 | (b) When an address that had a prefix or suffix was being processed, | |
2644 | $local_part had the affix stripped, and if it was a top-level | |
2645 | address, $original_local_part also has the affix stripped. This has | |
2646 | been changed. Now $original_local_part contains the same value at all | |
2647 | levels. ($parent_local_part remains empty at top level.) | |
2648 | ||
2649 | 51. A number of macros in the Exim source began with "DB_". When compiling | |
2650 | with Berkeley DB version 4, DB_LOCK_TIMEOUT clashed with a macro set by | |
2651 | that package. The Exim macros now all start with "EXIMDB_", and Exim | |
2652 | therefore now supports DB version 4. | |
2653 | ||
2654 | 52. Newlines in a "freeze" text from a system filter were being sent as \n | |
2655 | in messages created by the "freeze_tell" option. They are now converted | |
2656 | back to newlines (in the log line they continue to appear as \n). | |
2657 | ||
2658 | 53. Added a new ACL condition "verify = reverse_host_lookup". This does a | |
2659 | reverse lookup of the client host's IP address, then does a forward lookup | |
2660 | for all the names it receives, and checks that at least one of the IP | |
2661 | addresses obtained from the forward lookup matches the incoming IP address. | |
2662 | The lookups are done with gethostbyaddr() and gethostbyname(), | |
2663 | respectively. | |
2664 | ||
2665 | 54. A small fix to eximstats reduces its store usage substantially when it is | |
2666 | processing very large log files: when a message's "completed" line is | |
2667 | reached, discard the memory of the message's size. | |
2668 | ||
2669 | 55. If an address was redirected to itself more than once (e.g. by two | |
2670 | different "redirect" routers, or because of the use of "unseen", it was | |
2671 | incorrectly discarded as a duplicate address. | |
2672 | ||
2673 | 56. For a rewrite pattern of the form *@something, if an actual address | |
2674 | contained @ in the local part (e.g. "a@b"@x.y), the value of $1 was set | |
2675 | incorrectly during expansion of the replacement address (it stopped at the | |
2676 | first @ instead of at the last one). | |
2677 | ||
2678 | 57. Added hosts_nopass_tls to the smtp transport. For any host that matches | |
2679 | this list, a connection on which a TLS session has been started will not be | |
2680 | passed to a new delivery process for sending another message on the same | |
2681 | connection. | |
2682 | ||
2683 | 58. The -dropcr command line option now turns CRLF into LF, while leaving | |
2684 | isolated CR characters alone. (Previously it removed _all_ CR characters.) | |
2685 | There is now also a drop_cr main option which has the effect of -dropcr for | |
2686 | all incoming non-SMTP messages. | |
2687 | ||
2688 | 59. If a configuration file macro expanded into a boolean option which was not | |
2689 | followed by = and a value, Exim gave a spurious error for an "unknown" | |
2690 | value for the option (typically a string from the previous line). | |
2691 | ||
2692 | ||
2693 | Exim version 3.952 | |
2694 | ------------------ | |
2695 | ||
2696 | 1. convert4r4 had an incorrect file name in its comment output. | |
2697 | ||
2698 | 2. convert4r4 was looking up $local_part instead of $domain in its generated | |
2699 | manualroute output. | |
2700 | ||
2701 | 3. There was no check that getpeername() was giving a socket address when | |
2702 | called on stdin passed from a previous delivery. | |
2703 | ||
2704 | 4. Fixed an old bug whereby Exim could segfault if debugging was turned on and | |
2705 | a DNS lookup found MX records for hosts whose A records had to be looked up | |
2706 | separately, and some of them pointed to the local host (pretty rare). | |
2707 | ||
2708 | 5. The debugging output for log writes now shows the names of any log selectors | |
2709 | instead of the hex value of the selector word. | |
2710 | ||
2711 | 6. If a delivery subprocess is terminated by SIGKILL or SIGQUIT, do not freeze | |
2712 | the message. This can happen during system shutdown. Other kinds of process | |
2713 | failure indicate problems. | |
2714 | ||
2715 | 7. If a sender verification did not complete (e.g. DNS lookup timed out), the | |
2716 | log line for the temporary RCPT rejection did not always say why (it lost | |
2717 | the message if there had been a previous call to any lookup). | |
2718 | ||
2719 | 8. The special message about MX records that point to IP addresses instead of | |
2720 | host names was not getting returned in the SMTP response when a | |
2721 | verification failed. This has been fixed, and the message that is logged in | |
2722 | this circumstance has been made less verbose. | |
2723 | ||
2724 | 9. When an SMTP callout is done, Exim tries to use the interface and port | |
2725 | number from the transport that the address was routed to during the prior | |
2726 | verification. If it wasn't routed to a remote transport, or if there's a | |
2727 | problem expanding the relevant options, Exim does not use a specific | |
2728 | interface, and it connects to port 25. | |
2729 | ||
2730 | 10. If the string "syslog" happened to occur in the log file path, eximon was | |
2731 | failing to extract the name of the main log file correctly. | |
2732 | ||
2733 | 11. Unlike other operating systems, Linux does not sync a directory after a | |
2734 | rename. However, we need this to happen to be sure an incoming message has | |
2735 | been safely recorded after it has been received. I have therefore added a | |
2736 | macro called NEED_SYNC_DIRECTORY (which is set in OS/os.h_Linux) to request | |
2737 | Exim to do an explicit sync on the directory after the rename. If | |
2738 | O_DIRECTORY is defined, it is used when opening the directory. | |
2739 | ||
2740 | 12. When a system filter creates any new deliveries, they are given a fake | |
2741 | "parent" address which appears on the logs, and is necessary for pipes, | |
2742 | files, and autoreplies, which cannot be toplevel addresses. This fake was | |
2743 | set up with the text "system filter". It's been changed to "system-filter" | |
2744 | because the space in the previous text could cause trouble. | |
2745 | ||
2746 | 13. The new option local_sender_retain suppresses the removal of Sender: header | |
2747 | lines in locally-submited (non-TCP/IP) messages from untrusted users. It is | |
2748 | required that no_local_from_check be set with local_sender_retain. | |
2749 | ||
2750 | 14. In a file interpolated into an address list, if a local part contained a | |
2751 | # character and there was also a following comment (introduced by a # | |
2752 | preceded by white space), the comment was not recognized. | |
2753 | ||
2754 | 15. Local part lists are now handled as address lists as far as recognition of | |
2755 | comments in interpolated files and the processing of +caseful at the top | |
2756 | level are concerned. In the local_parts option of a router, +caseful will | |
2757 | restore case-sensitive matching, even when the router does not have | |
2758 | caseful_local_part set (the default). | |
2759 | ||
2760 | 16. The key used for a dsearch lookup may not contain '/'. If it does, the | |
2761 | lookup defers. | |
2762 | ||
2763 | 17. When starting a delivery process after receiving a message locally, discard | |
2764 | the controlling terminal unless debugging is turned on. | |
2765 | ||
2766 | 18. The exim group was automatically trusted; this was not correct because it | |
2767 | meant that admin users who were in the exim group were automatically | |
2768 | trusted. If you want the exim group to be trusted, it must now be | |
2769 | explicitly configured. | |
2770 | ||
2771 | 19. The default configuration mentioned "dns_lists" instead of "dnslists" in a | |
2772 | comment. | |
2773 | ||
2774 | 20. Minor corrections and changes to the Exim4.upgrade document and to the | |
2775 | OptionLists.txt document. | |
2776 | ||
2777 | 21. If a local part beginning with a pipe symbol was routed to a pipe | |
2778 | transport, the transport got confused as to which command it should run. | |
2779 | This could be a security exposure if unchecked local parts are routed to | |
2780 | pipe transports. | |
2781 | ||
2782 | 22. When logging SMTP connections to the daemon from other hosts, include the | |
2783 | connection count in the log line. Tidied up the identification of SMTP | |
2784 | sources in logging lines. | |
2785 | ||
2786 | 23. Added "sender_domains" as a new ACL condition so that the Exim 3 setting | |
2787 | of sender_verify_callback_domains can easily be replicated. Corrected | |
2788 | convert4r4, which was incorrectly converting this to a "domains" setting. | |
2789 | ||
2790 | 24. The code for reading ident values was not discarding leading spaces, which | |
2791 | some hosts seem to send. | |
2792 | ||
2793 | 25. The building process was still insisting that PID_FILE_PATH contained %s, | |
2794 | but this is not required for Exim 4. | |
2795 | ||
2796 | 26. The logging of ETRN commands had got lost. It has been restored, and the | |
2797 | log selector "etrn" (on by default) added to control it. | |
2798 | ||
2799 | 27. IPv6 reverse DNS lookups were originally specified as happening in the | |
2800 | ip6.int domain, but this is being changed to ip6.arpa (and they've changed | |
2801 | the meaning of "arpa" to "Address and Routing Parameters Area"). The only | |
2802 | time Exim does reverse lookups directly (as opposed to calling | |
2803 | gethostbyaddress()) is in the code for the dnsdb lookup type. This has been | |
2804 | changed to use ip6.arpa. | |
2805 | ||
2806 | 28. Made the test programs (test_dbfn for testing DBM files, and some others) | |
2807 | compile! Updated the help output from test_dbfn. | |
2808 | ||
2809 | 29. Changed all occurrences of "r" and "w" in fopen() fdopen() calls to "rb" | |
2810 | and "wb". This makes no difference in Unix systems, but is apparently | |
2811 | necessary for running Exim under Cygwin. | |
2812 | ||
2813 | 30. Three changes that make virtually no difference when Exim is run on a real | |
2814 | Unix system, but which were asked for to make life easier when porting it | |
2815 | to run under Cygwin: | |
2816 | ||
2817 | (a) Changed the logic for locking a message when an Exim process is | |
2818 | handling it. Previously, the entire -D file was locked to indicate | |
2819 | this. Now Exim locks only the first line, which contains the name of | |
2820 | the file. Apparently, in the Cygwin environment, a subprocess cannot | |
2821 | read locked parts of a file, even when it is passed an open file | |
2822 | descriptor to that file from the process that did the locking. By | |
2823 | locking only the first line, which the subprocess does not want to read | |
2824 | (it just needs to read the data that follows), we can get round this | |
2825 | restriction with minimal effort. | |
2826 | ||
2827 | (b) Added support for native gdbm function calls. GDBM is apparently the | |
2828 | only DBM library that is currently available Cygwin, and only with its | |
2829 | native API. | |
2830 | ||
2831 | (c) The default modes for files, directories, and lock files in the | |
2832 | appendfile transport can now be set in Local/Makefile at build time. | |
2833 | ||
2834 | 31. When transmitting a message using SMTP with PIPELINING, if the server gave | |
2835 | a malformed SMTP response, the message logged by Exim didn't associate it | |
2836 | with the pipelined SMTP command to which it referred. For example it logged | |
2837 | "after DATA" if all the recipients had been sent. Also, if the response | |
2838 | was an empty line (illegal), it didn't show up very clearly. The error | |
2839 | messages are now more accurate, and point out empty lines. | |
2840 | ||
2841 | 32. Minor corrections and changes to src/configure.default. | |
2842 | ||
2843 | 33. When a host list in a route_list item that was enclosed in double quotes | |
2844 | contained single quotes within it, the quoting was incorrectly terminated. | |
2845 | Both the pattern and the host list in route_list items are now handled by | |
2846 | the standard quote-processing function. | |
2847 | ||
2848 | 34. Corrected the EDITME file for eximon so that the default stripchart | |
2849 | patterns work with the default runtime configuration for local deliveries. | |
2850 | (Previously it matched a delivery via a director - not possible in Exim 4.) | |
2851 | ||
2852 | ||
2853 | Exim version 3.951 | |
2854 | ------------------ | |
2855 | ||
2856 | Exim 3.951 is the first alpha testing release for Exim 4. A list the many | |
2857 | individual changes to the code made between Exim 3.33 and Exim 3.951 was not | |
2858 | kept. The functional changes are listed in the Exim4.upgrade file. | |
2859 | ||
2860 | **** |