| 1 | Change log file for Exim from version 4.21 |
| 2 | ------------------------------------------- |
| 3 | |
| 4 | Exim version 4.77 |
| 5 | ----------------- |
| 6 | |
| 7 | PP/01 Solaris build fix for Oracle's LDAP libraries. |
| 8 | Bugzilla 1109, patch from Stephen Usher. |
| 9 | |
| 10 | TF/01 HP/UX build fix: avoid arithmetic on a void pointer. |
| 11 | |
| 12 | TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o |
| 13 | whitespace trailer |
| 14 | |
| 15 | TF/02 Fix a couple more cases where we did not log the error message |
| 16 | when unlink() failed. See also change 4.74-TF/03. |
| 17 | |
| 18 | TF/03 Make the exiwhat support code safe for signals. Previously Exim might |
| 19 | lock up or crash if it happened to be inside a call to libc when it |
| 20 | got a SIGUSR1 from exiwhat. |
| 21 | |
| 22 | The SIGUSR1 handler appends the current process status to the process |
| 23 | log which is later printed by exiwhat. It used to use the general |
| 24 | purpose logging code to do this, but several functions it calls are |
| 25 | not safe for signals. |
| 26 | |
| 27 | The new output code in the SIGUSR1 handler is specific to the process |
| 28 | log, and simple enough that it's easy to inspect for signal safety. |
| 29 | Removing some special cases also simplifies the general logging code. |
| 30 | Removing the spurious timestamps from the process log simplifies |
| 31 | exiwhat. |
| 32 | |
| 33 | TF/04 Improved ratelimit ACL condition. |
| 34 | |
| 35 | The /noupdate option has been deprecated in favour of /readonly which |
| 36 | has clearer semantics. The /leaky, /strict, and /readonly update modes |
| 37 | are mutually exclusive. The update mode is no longer included in the |
| 38 | database key; it just determines when the database is updated. (This |
| 39 | means that when you upgrde Exim will forget old rate measurements.) |
| 40 | |
| 41 | Exim now checks that the per_* options are used with an update mode that |
| 42 | makes sense for the current ACL. For example, when Exim is processing a |
| 43 | message (e.g. acl_smtp_rcpt or acl_smtp_data, etc.) you can specify |
| 44 | per_mail/leaky or per_mail/strict; otherwise (e.g. in acl_smtp_helo) you |
| 45 | must specify per_mail/readonly. If you omit the update mode it defaults to |
| 46 | /leaky where that makes sense (as before) or /readonly where required. |
| 47 | |
| 48 | The /noupdate option is now undocumented but still supported for |
| 49 | backwards compatibility. It is equivalent to /readonly except that in |
| 50 | ACLs where /readonly is required you may specify /leaky/noupdate or |
| 51 | /strict/noupdate which are treated the same as /readonly. |
| 52 | |
| 53 | A useful new feature is the /count= option. This is a generalization |
| 54 | of the per_byte option, so that you can measure the throughput of other |
| 55 | aggregate values. For example, the per_byte option is now equivalent |
| 56 | to per_mail/count=${if >{0}{$message_size} {0} {$message_size} }. |
| 57 | |
| 58 | The per_rcpt option has been generalized using the /count= mechanism |
| 59 | (though it's more complicated than the per_byte equivalence). When it is |
| 60 | used in acl_smtp_rcpt, the per_rcpt option adds recipients to the |
| 61 | measured rate one at a time; if it is used later (e.g. in acl_smtp_data) |
| 62 | or in a non-SMTP ACL it adds all the recipients in one go. (The latter |
| 63 | /count=$recipients_count behaviour used to work only in non-SMTP ACLs.) |
| 64 | Note that using per_rcpt with a non-readonly update mode in more than |
| 65 | one ACL will cause the recipients to be double-counted. (The per_mail |
| 66 | and per_byte options don't have this problem.) |
| 67 | |
| 68 | The handling of very low rates has changed slightly. If the computed rate |
| 69 | is less than the event's count (usually one) then this event is the first |
| 70 | after a long gap. In this case the rate is set to the same as this event's |
| 71 | count, so that the first message of a spam run is counted properly. |
| 72 | |
| 73 | The major new feature is a mechanism for counting the rate of unique |
| 74 | events. The new per_addr option counts the number of different |
| 75 | recipients that someone has sent messages to in the last time period. It |
| 76 | behaves like per_rcpt if all the recipient addresses are different, but |
| 77 | duplicate recipient addresses do not increase the measured rate. Like |
| 78 | the /count= option this is a general mechanism, so the per_addr option |
| 79 | is equivalent to per_rcpt/unique=$local_part@$domain. You can, for |
| 80 | example, measure the rate that a client uses different sender addresses |
| 81 | with the options per_mail/unique=$sender_address. There are further |
| 82 | details in the main documentation. |
| 83 | |
| 84 | TF/05 Removed obsolete $Cambridge$ CVS revision strings. |
| 85 | |
| 86 | |
| 87 | Exim version 4.76 |
| 88 | ----------------- |
| 89 | |
| 90 | PP/01 The new ldap_require_cert option would segfault if used. Fixed. |
| 91 | |
| 92 | PP/02 Harmonised TLS library version reporting; only show if debugging. |
| 93 | Layout now matches that introduced for other libraries in 4.74 PP/03. |
| 94 | |
| 95 | PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1 |
| 96 | |
| 97 | PP/04 New "dns_use_edns0" global option. |
| 98 | |
| 99 | PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid. |
| 100 | Bugzilla 1098. |
| 101 | |
| 102 | PP/06 Extra paranoia around buffer usage at the STARTTLS transition. |
| 103 | nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316 |
| 104 | |
| 105 | TK/01 Updated PolarSSL code to 0.14.2. |
| 106 | Bugzilla 1097. Patch from Andreas Metzler. |
| 107 | |
| 108 | PP/07 Catch divide-by-zero in ${eval:...}. |
| 109 | Fixes bugzilla 1102. |
| 110 | |
| 111 | PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed. |
| 112 | Bugzilla 1104. |
| 113 | |
| 114 | TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a |
| 115 | format-string attack -- SECURITY: remote arbitrary code execution. |
| 116 | |
| 117 | TK/03 SECURITY - DKIM signature header parsing was double-expanded, second |
| 118 | time unintentionally subject to list matching rules, letting the header |
| 119 | cause arbitrary Exim lookups (of items which can occur in lists, *not* |
| 120 | arbitrary string expansion). This allowed for information disclosure. |
| 121 | |
| 122 | PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to |
| 123 | INT_MIN/-1 -- value coerced to INT_MAX. |
| 124 | |
| 125 | |
| 126 | Exim version 4.75 |
| 127 | ----------------- |
| 128 | |
| 129 | NM/01 Workround for PCRE version dependency in version reporting |
| 130 | Bugzilla 1073 |
| 131 | |
| 132 | TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0. |
| 133 | This fixes portability to compilers other than gcc, notably |
| 134 | Solaris CC and HP-UX CC. Fixes Bugzilla 1050. |
| 135 | |
| 136 | TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup |
| 137 | makefiles for portability to HP-UX and POSIX correctness. |
| 138 | |
| 139 | PP/01 Permit LOOKUP_foo enabling on the make command-line. |
| 140 | Also via indented variable definition in the Makefile. |
| 141 | (Debugging by Oliver Heesakkers). |
| 142 | |
| 143 | PP/02 Restore caching of spamd results with expanded spamd_address. |
| 144 | Patch from author of expandable spamd_address patch, Wolfgang Breyha. |
| 145 | |
| 146 | PP/03 Build issue: lookups-Makefile now exports LC_ALL=C |
| 147 | Improves build reliability. Fix from: Frank Elsner |
| 148 | |
| 149 | NM/02 Fix wide character breakage in the rfc2047 coding |
| 150 | Fixes bug 1064. Patch from Andrey N. Oktyabrski |
| 151 | |
| 152 | NM/03 Allow underscore in dnslist lookups |
| 153 | Fixes bug 1026. Patch from Graeme Fowler |
| 154 | |
| 155 | PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps). |
| 156 | Code patches from Adam Ciarcinski of NetBSD. |
| 157 | |
| 158 | NM/04 Fixed exiqgrep to cope with mailq missing size issue |
| 159 | Fixes bug 943. |
| 160 | |
| 161 | PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which |
| 162 | is logged, to avoid truncation. Patch from John Horne. |
| 163 | |
| 164 | PP/06 Bugzilla 1042: implement freeze_signal on pipe transports. |
| 165 | Patch from Jakob Hirsch. |
| 166 | |
| 167 | PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal |
| 168 | SQL string expansion failure details. |
| 169 | Patch from Andrey Oktyabrski. |
| 170 | |
| 171 | PP/08 Bugzilla 486: implement %M datestamping in log filenames. |
| 172 | Patch from Simon Arlott. |
| 173 | |
| 174 | PP/09 New lookups functionality failed to compile on old gcc which rejects |
| 175 | extern declarations in function scope. |
| 176 | Patch from Oliver Fleischmann |
| 177 | |
| 178 | PP/10 Use sig_atomic_t for flags set from signal handlers. |
| 179 | Check getgroups() return and improve debugging. |
| 180 | Fixed developed for diagnosis in bug 927 (which turned out to be |
| 181 | a kernel bug). |
| 182 | |
| 183 | PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag. |
| 184 | Patch from Mark Zealey. |
| 185 | |
| 186 | PP/12 Bugzilla 1056: Improved spamd server selection. |
| 187 | Patch from Mark Zealey. |
| 188 | |
| 189 | PP/13 Bugzilla 1086: Deal with maildir quota file races. |
| 190 | Based on patch from Heiko Schlittermann. |
| 191 | |
| 192 | PP/14 Bugzilla 1019: DKIM multiple signature generation fix. |
| 193 | Patch from Uwe Doering, sign-off by Michael Haardt. |
| 194 | |
| 195 | NM/05 Fix to spam.c to accommodate older gcc versions which dislike |
| 196 | variable declaration deep within a block. Bug and patch from |
| 197 | Dennis Davis. |
| 198 | |
| 199 | PP/15 lookups-Makefile IRIX compatibilty coercion. |
| 200 | |
| 201 | PP/16 Make DISABLE_DKIM build knob functional. |
| 202 | |
| 203 | NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler |
| 204 | Patch by Simon Arlott |
| 205 | |
| 206 | TF/03 Fix valgrind.h portability to C89 compilers that do not support |
| 207 | variable argument macros. Our copy now differs from upstream. |
| 208 | |
| 209 | |
| 210 | Exim version 4.74 |
| 211 | ----------------- |
| 212 | |
| 213 | TF/01 Failure to get a lock on a hints database can have serious |
| 214 | consequences so log it to the panic log. |
| 215 | |
| 216 | TF/02 Log LMTP confirmation messages in the same way as SMTP, |
| 217 | controlled using the smtp_confirmation log selector. |
| 218 | |
| 219 | TF/03 Include the error message when we fail to unlink a spool file. |
| 220 | |
| 221 | DW/01 Bugzilla 139: Support dynamically loaded lookups as modules. |
| 222 | With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux |
| 223 | for maintaining out-of-tree patches for some time. |
| 224 | |
| 225 | PP/01 Bugzilla 139: Documentation and portability issues. |
| 226 | Avoid GNU Makefile-isms, let Exim continue to build on BSD. |
| 227 | Handle per-OS dynamic-module compilation flags. |
| 228 | |
| 229 | PP/02 Let /dev/null have normal permissions. |
| 230 | The 4.73 fixes were a little too stringent and complained about the |
| 231 | permissions on /dev/null. Exempt it from some checks. |
| 232 | Reported by Andreas M. Kirchwitz. |
| 233 | |
| 234 | PP/03 Report version information for many libraries, including |
| 235 | Exim version information for dynamically loaded libraries. Created |
| 236 | version.h, now support a version extension string for distributors |
| 237 | who patch heavily. Dynamic module ABI change. |
| 238 | |
| 239 | PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a |
| 240 | privilege escalation vulnerability whereby the Exim run-time user |
| 241 | can cause root to append content of the attacker's choosing to |
| 242 | arbitrary files. |
| 243 | |
| 244 | PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code. |
| 245 | (Wolfgang Breyha) |
| 246 | |
| 247 | PP/06 Bugzilla 1071: fix delivery logging with untrusted macros. |
| 248 | If dropping privileges for untrusted macros, we disabled normal logging |
| 249 | on the basis that it would fail; for the Exim run-time user, this is not |
| 250 | the case, and it resulted in successful deliveries going unlogged. |
| 251 | Fixed. Reported by Andreas Metzler. |
| 252 | |
| 253 | |
| 254 | Exim version 4.73 |
| 255 | ----------------- |
| 256 | |
| 257 | PP/01 Date: & Message-Id: revert to normally being appended to a message, |
| 258 | only prepend for the Resent-* case. Fixes regression introduced in |
| 259 | Exim 4.70 by NM/22 for Bugzilla 607. |
| 260 | |
| 261 | PP/02 Include check_rfc2047_length in configure.default because we're seeing |
| 262 | increasing numbers of administrators be bitten by this. |
| 263 | |
| 264 | JJ/01 Added DISABLE_DKIM and comment to src/EDITME |
| 265 | |
| 266 | PP/03 Bugzilla 994: added openssl_options main configuration option. |
| 267 | |
| 268 | PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads. |
| 269 | |
| 270 | PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports. |
| 271 | |
| 272 | PP/06 Adjust NTLM authentication to handle SASL Initial Response. |
| 273 | |
| 274 | PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but |
| 275 | without a peer certificate, leading to a segfault because of an |
| 276 | assumption that peers always have certificates. Be a little more |
| 277 | paranoid. Problem reported by Martin Tscholak. |
| 278 | |
| 279 | PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content |
| 280 | filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes |
| 281 | NB: ClamAV planning to remove STREAM in "middle of 2010". |
| 282 | CL also introduces -bmalware, various -d+acl logging additions and |
| 283 | more caution in buffer sizes. |
| 284 | |
| 285 | PP/09 Implemented reverse_ip expansion operator. |
| 286 | |
| 287 | PP/10 Bugzilla 937: provide a "debug" ACL control. |
| 288 | |
| 289 | PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne. |
| 290 | |
| 291 | PP/12 Bugzilla 973: Implement --version. |
| 292 | |
| 293 | PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0. |
| 294 | |
| 295 | PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler. |
| 296 | |
| 297 | PP/15 Bugzilla 816: support multiple condition rules on Routers. |
| 298 | |
| 299 | PP/16 Add bool_lax{} expansion operator and use that for combining multiple |
| 300 | condition rules, instead of bool{}. Make both bool{} and bool_lax{} |
| 301 | ignore trailing whitespace. |
| 302 | |
| 303 | JJ/02 prevent non-panic DKIM error from being sent to paniclog |
| 304 | |
| 305 | JJ/03 added tcp_wrappers_daemon_name to allow host entries other than |
| 306 | "exim" to be used |
| 307 | |
| 308 | PP/17 Fix malware regression for cmdline scanner introduced in PP/08. |
| 309 | Notification from Dr Andrew Aitchison. |
| 310 | |
| 311 | PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's |
| 312 | ExtendedDetectionInfo response format. |
| 313 | Notification from John Horne. |
| 314 | |
| 315 | PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards |
| 316 | compatible. |
| 317 | |
| 318 | PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http: |
| 319 | XSL and documented dependency on system catalogs, with examples of how |
| 320 | it normally works. |
| 321 | |
| 322 | DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store |
| 323 | access. |
| 324 | |
| 325 | DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour |
| 326 | of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a |
| 327 | configuration file which is writeable by the Exim user or group. |
| 328 | |
| 329 | DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability |
| 330 | of configuration files to cover files specified with the -C option if |
| 331 | they are going to be used with root privileges, not just the default |
| 332 | configuration file. |
| 333 | |
| 334 | DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY |
| 335 | option (effectively making it always true). |
| 336 | |
| 337 | DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration |
| 338 | files to be used while preserving root privileges. |
| 339 | |
| 340 | DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure |
| 341 | that rogue child processes cannot use them. |
| 342 | |
| 343 | PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim |
| 344 | run-time user, instead of root. |
| 345 | |
| 346 | PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the |
| 347 | Exim run-time user without dropping privileges. |
| 348 | |
| 349 | DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the |
| 350 | result string, instead of calling string_vformat() twice with the same |
| 351 | arguments. |
| 352 | |
| 353 | DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not |
| 354 | for other users. Others should always drop root privileges if they use |
| 355 | -C on the command line, even for a whitelisted configure file. |
| 356 | |
| 357 | DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes. |
| 358 | |
| 359 | NM/01 Fixed bug #1002 - Message loss when using multiple deliveries |
| 360 | |
| 361 | |
| 362 | Exim version 4.72 |
| 363 | ----------------- |
| 364 | |
| 365 | JJ/01 installed exipick 20100104.1, adding $max_received_linelength, |
| 366 | $data_path, and $header_path variables; fixed documentation bugs and |
| 367 | typos |
| 368 | |
| 369 | JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow |
| 370 | exipick to access non-standard spools, including the "frozen" queue |
| 371 | (Finput) |
| 372 | |
| 373 | NM/01 Bugzilla 965: Support mysql stored procedures. |
| 374 | Patch from Alain Williams |
| 375 | |
| 376 | NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD |
| 377 | |
| 378 | NM/03 Bugzilla 955: Documentation fix for max_rcpts. |
| 379 | Patch from Andreas Metzler |
| 380 | |
| 381 | NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator. |
| 382 | Patch from Kirill Miazine |
| 383 | |
| 384 | NM/05 Bugzilla 671: Added umask to procmail example. |
| 385 | |
| 386 | JJ/03 installed exipick 20100323.0, fixing doc bug |
| 387 | |
| 388 | NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail |
| 389 | directory. Notification and patch from Dan Rosenberg. |
| 390 | |
| 391 | TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1. |
| 392 | |
| 393 | TK/02 Improve log output when DKIM signing operation fails. |
| 394 | |
| 395 | MH/01 Treat the transport option dkim_domain as a colon separated |
| 396 | list, not as a single string, and sign the message with each element, |
| 397 | omitting multiple occurences of the same signer. |
| 398 | |
| 399 | NM/07 Null terminate DKIM strings, Null initialise DKIM variable |
| 400 | Bugzilla 985, 986. Patch by Simon Arlott |
| 401 | |
| 402 | NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related) |
| 403 | Patch by Simon Arlott |
| 404 | |
| 405 | PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on |
| 406 | MBX locking. Notification from Dan Rosenberg. |
| 407 | |
| 408 | |
| 409 | Exim version 4.71 |
| 410 | ----------------- |
| 411 | |
| 412 | TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body. |
| 413 | |
| 414 | NM/01 Bugzilla 913: Documentation fix for gnutls_* options. |
| 415 | |
| 416 | NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults. |
| 417 | |
| 418 | NM/03 Bugzilla 847: Enable DNSDB lookup by default. |
| 419 | |
| 420 | NM/04 Bugzilla 915: Flag broken perl installation during build. |
| 421 | |
| 422 | |
| 423 | Exim version 4.70 |
| 424 | ----------------- |
| 425 | |
| 426 | TK/01 Added patch by Johannes Berg that expands the main option |
| 427 | "spamd_address" if it starts with a dollar sign. |
| 428 | |
| 429 | TK/02 Write list of recipients to X-Envelope-Sender header when building |
| 430 | the mbox-format spool file for content scanning (suggested by Jakob |
| 431 | Hirsch). |
| 432 | |
| 433 | TK/03 Added patch by Wolfgang Breyha that adds experimental DCC |
| 434 | (http://www.dcc-servers.net/) support via dccifd. Activated by |
| 435 | setting EXPERIMENTAL_DCC=yes in Local/Makefile. |
| 436 | |
| 437 | TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted |
| 438 | by Mark Daniel Reidel <mr@df.eu>. |
| 439 | |
| 440 | NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree. |
| 441 | When building exim an external PCRE library is now needed - |
| 442 | PCRE is a system library on the majority of modern systems. |
| 443 | See entry on PCRE_LIBS in EDITME file. |
| 444 | |
| 445 | NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator |
| 446 | conversation. Added nologin parameter to request. |
| 447 | Patch contributed by Kirill Miazine. |
| 448 | |
| 449 | TF/01 Do not log submission mode rewrites if they do not change the address. |
| 450 | |
| 451 | TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c. |
| 452 | |
| 453 | NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty |
| 454 | log files in place. Contributed by Roberto Lima. |
| 455 | |
| 456 | NM/04 Bugzilla 667: Close socket used by dovecot authenticator. |
| 457 | |
| 458 | TF/03 Bugzilla 615: When checking the local_parts router precondition |
| 459 | after a local_part_suffix or local_part_prefix option, Exim now |
| 460 | does not use the address's named list lookup cache, since this |
| 461 | contains cached lookups for the whole local part. |
| 462 | |
| 463 | NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by |
| 464 | Robert Millan. Documentation is in experimental-spec.txt. |
| 465 | |
| 466 | TF/04 Bugzilla 668: Fix parallel build (make -j). |
| 467 | |
| 468 | NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000. |
| 469 | |
| 470 | NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling. |
| 471 | Patch provided by Jan Srzednicki. |
| 472 | |
| 473 | TF/05 Leading white space used to be stripped from $spam_report which |
| 474 | wrecked the formatting. Now it is preserved. |
| 475 | |
| 476 | TF/06 Save $spam_score, $spam_bar, and $spam_report in spool files, so |
| 477 | that they are available at delivery time. |
| 478 | |
| 479 | TF/07 Fix the way ${extract is skipped in the untaken branch of a conditional. |
| 480 | |
| 481 | TF/08 TLS error reporting now respects the incoming_interface and |
| 482 | incoming_port log selectors. |
| 483 | |
| 484 | TF/09 Produce a more useful error message if an SMTP transport's hosts |
| 485 | setting expands to an empty string. |
| 486 | |
| 487 | NM/06 Bugzilla 744: EXPN did not work under TLS. |
| 488 | Patch provided by Phil Pennock. |
| 489 | |
| 490 | NM/07 Bugzilla 769: Extraneous comma in usage fprintf |
| 491 | Patch provided by Richard Godbee. |
| 492 | |
| 493 | NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be |
| 494 | acl_smtp_notquit, added index entry. |
| 495 | |
| 496 | NM/09 Bugzilla 787: Potential buffer overflow in string_format. |
| 497 | Patch provided by Eugene Bujak. |
| 498 | |
| 499 | NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to |
| 500 | accept(). Patch provided by Maxim Dounin. |
| 501 | |
| 502 | NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero. |
| 503 | Patch provided by Phil Pennock. |
| 504 | |
| 505 | NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists. |
| 506 | |
| 507 | NM/13 Bugzilla 590: Correct handling of Resent-Date headers. |
| 508 | Patch provided by Brad "anomie" Jorsch. |
| 509 | |
| 510 | NM/14 Bugzilla 622: Added timeout setting to transport filter. |
| 511 | Patch provided by Dean Brooks. |
| 512 | |
| 513 | TK/05 Add native DKIM support (does not depend on external libraries). |
| 514 | |
| 515 | NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful. |
| 516 | Patch provided by Graeme Fowler. |
| 517 | |
| 518 | NM/16 Bugzilla 851: Documentation example syntax fix. |
| 519 | |
| 520 | NM/17 Changed NOTICE file to remove references to embedded PCRE. |
| 521 | |
| 522 | NM/18 Bugzilla 894: Fix issue with very long lines including comments in |
| 523 | lsearch. |
| 524 | |
| 525 | NM/19 Bugzilla 745: TLS version reporting. |
| 526 | Patch provided by Phil Pennock. |
| 527 | |
| 528 | NM/20 Bugzilla 167: bool: condition support. |
| 529 | Patch provided by Phil Pennock. |
| 530 | |
| 531 | NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken |
| 532 | clients. Patch provided by Phil Pennock. |
| 533 | |
| 534 | NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date. |
| 535 | Patch provided by Brad "anomie" Jorsch. |
| 536 | |
| 537 | NM/23 Bugzilla 687: Fix misparses in eximstats. |
| 538 | Patch provided by Heiko Schlittermann. |
| 539 | |
| 540 | NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid. |
| 541 | Patch provided by Heiko Schlittermann. |
| 542 | |
| 543 | NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file. |
| 544 | plus update to original patch. |
| 545 | |
| 546 | NM/26 Bugzilla 799: Documentation correction for ratelimit. |
| 547 | |
| 548 | NM/27 Bugzilla 802: Improvements to local interface IP addr detection. |
| 549 | Patch provided by David Brownlee. |
| 550 | |
| 551 | NM/28 Bugzilla 807: Improvements to LMTP delivery logging. |
| 552 | |
| 553 | NM/29 Bugzilla 862, 866, 875: Documentation bugfixes. |
| 554 | |
| 555 | NM/30 Bugzilla 888: TLS documentation bugfixes. |
| 556 | |
| 557 | NM/31 Bugzilla 896: Dovecot buffer overrun fix. |
| 558 | |
| 559 | NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --" |
| 560 | Unlike the original bugzilla I have changed all shell scripts in src tree. |
| 561 | |
| 562 | NM/33 Bugzilla 898: Transport filter timeout fix. |
| 563 | Patch by Todd Rinaldo. |
| 564 | |
| 565 | NM/34 Bugzilla 901: Fix sign/unsigned and UTF mistmatches. |
| 566 | Patch by Serge Demonchaux. |
| 567 | |
| 568 | NM/35 Bugzilla 39: Base64 decode bug fixes. |
| 569 | Patch by Jakob Hirsch. |
| 570 | |
| 571 | NM/36 Bugzilla 909: Correct connect() call in dcc code. |
| 572 | |
| 573 | NM/37 Bugzilla 910: Correct issue with relaxed/simple handling. |
| 574 | |
| 575 | NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed. |
| 576 | |
| 577 | NM/39 Bugzilla 911: Fixed MakeLinks build script. |
| 578 | |
| 579 | |
| 580 | Exim version 4.69 |
| 581 | ----------------- |
| 582 | |
| 583 | TK/01 Add preliminary DKIM support. Currently requires a forked version of |
| 584 | ALT-N's libdkim that I have put here: |
| 585 | http://duncanthrax.net/exim-experimental/ |
| 586 | |
| 587 | Note to Michael Haardt: I had to rename some vars in sieve.c. They |
| 588 | were called 'true' and it seems that C99 defines that as a reserved |
| 589 | keyword to be used with 'bool' variable types. That means you could |
| 590 | not include C99-style headers which use bools without triggering |
| 591 | build errors in sieve.c. |
| 592 | |
| 593 | NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked |
| 594 | as mailq or other aliases. Changed the --help handling significantly |
| 595 | to do whats expected. exim_usage() emits usage/help information. |
| 596 | |
| 597 | SC/01 Added the -bylocaldomain option to eximstats. |
| 598 | |
| 599 | NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr. |
| 600 | |
| 601 | NM/03 Bugzilla 613: Documentation fix for acl_not_smtp. |
| 602 | |
| 603 | NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall). |
| 604 | |
| 605 | |
| 606 | Exim version 4.68 |
| 607 | ----------------- |
| 608 | |
| 609 | PH/01 Another patch from the Sieve maintainer. |
| 610 | |
| 611 | PH/02 When an IPv6 address is converted to a string for single-key lookup |
| 612 | in an address list (e.g. for an item such as "net24-dbm;/net/works"), |
| 613 | dots are used instead of colons so that keys in lsearch files need not |
| 614 | contain colons. This was done some time before quoting was made available |
| 615 | in lsearch files. However, iplsearch files do require colons in IPv6 keys |
| 616 | (notated using the quote facility) so as to distinguish them from IPv4 |
| 617 | keys. This meant that lookups for IP addresses in host lists did not work |
| 618 | for iplsearch lookups. |
| 619 | |
| 620 | This has been fixed by arranging for IPv6 addresses to be expressed with |
| 621 | colons if the lookup type is iplsearch. This is not incompatible, because |
| 622 | previously such lookups could never work. |
| 623 | |
| 624 | The situation is now rather anomolous, since one *can* have colons in |
| 625 | ordinary lsearch keys. However, making the change in all cases is |
| 626 | incompatible and would probably break a number of configurations. |
| 627 | |
| 628 | TK/01 Change PRVS address formatting scheme to reflect latests BATV draft |
| 629 | version. |
| 630 | |
| 631 | MH/01 The "spam" ACL condition code contained a sscanf() call with a %s |
| 632 | conversion specification without a maximum field width, thereby enabling |
| 633 | a rogue spamd server to cause a buffer overflow. While nobody in their |
| 634 | right mind would setup Exim to query an untrusted spamd server, an |
| 635 | attacker that gains access to a server running spamd could potentially |
| 636 | exploit this vulnerability to run arbitrary code as the Exim user. |
| 637 | |
| 638 | TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use |
| 639 | $primary_hostname instead of what libspf2 thinks the hosts name is. |
| 640 | |
| 641 | MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for |
| 642 | a directory entry by the name of the lookup key. Previously, if a |
| 643 | symlink pointed to a non-existing file or a file in a directory that |
| 644 | Exim lacked permissions to read, a lookup for a key matching that |
| 645 | symlink would fail. Now it is enough that a matching directory entry |
| 646 | exists, symlink or not. (Bugzilla 503.) |
| 647 | |
| 648 | PH/03 The body_linecount and body_zerocount variables are now exported in the |
| 649 | local_scan API. |
| 650 | |
| 651 | PH/04 Added the $dnslist_matched variable. |
| 652 | |
| 653 | PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client. |
| 654 | This means they are set thereafter only if the connection becomes |
| 655 | encrypted. |
| 656 | |
| 657 | PH/06 Added the client_condition to authenticators so that some can be skipped |
| 658 | by clients under certain conditions. |
| 659 | |
| 660 | PH/07 The error message for a badly-placed control=no_multiline_responses left |
| 661 | "_responses" off the end of the name. |
| 662 | |
| 663 | PH/08 Added -Mvc to output a copy of a message in RFC 2822 format. |
| 664 | |
| 665 | PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly |
| 666 | (without spaces) instead of just copying the configuration text. |
| 667 | |
| 668 | PH/10 Added the /noupdate option to the ratelimit ACL condition. |
| 669 | |
| 670 | PH/11 Added $max_received_linelength. |
| 671 | |
| 672 | PH/12 Added +ignore_defer and +include_defer to host lists. |
| 673 | |
| 674 | PH/13 Installed PCRE version 7.2. This needed some changes because of the new |
| 675 | way in which PCRE > 7.0 is built. |
| 676 | |
| 677 | PH/14 Implemented queue_only_load_latch. |
| 678 | |
| 679 | PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a |
| 680 | MAIL command. The effect was to mangle the value on 64-bit systems. |
| 681 | |
| 682 | PH/16 Another patch from the Sieve maintainer. |
| 683 | |
| 684 | PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper. |
| 685 | |
| 686 | PH/18 If a system quota error occurred while trying to create the file for |
| 687 | a maildir delivery, the message "Mailbox is full" was not appended to the |
| 688 | bounce if the delivery eventually timed out. Change 4.67/27 below applied |
| 689 | only to a quota excession during the actual writing of the file. |
| 690 | |
| 691 | PH/19 It seems that peer DN values may contain newlines (and other non-printing |
| 692 | characters?) which causes problems in log lines. The DN values are now |
| 693 | passed through string_printing() before being added to log lines. |
| 694 | |
| 695 | PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle |
| 696 | and InterBase are left for another time.) |
| 697 | |
| 698 | PH/21 Added message_body_newlines option. |
| 699 | |
| 700 | PH/22 Guard against possible overflow in moan_check_errorcopy(). |
| 701 | |
| 702 | PH/23 POSIX allows open() to be a macro; guard against that. |
| 703 | |
| 704 | PH/24 If the recipient of an error message contained an @ in the local part |
| 705 | (suitably quoted, of course), incorrect values were put in $domain and |
| 706 | $local_part during the evaluation of errors_copy. |
| 707 | |
| 708 | |
| 709 | Exim version 4.67 |
| 710 | ----------------- |
| 711 | |
| 712 | MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address |
| 713 | is unset (happens when testing with -bh and -oMi isn't used). Thanks to |
| 714 | Jan Srzednicki. |
| 715 | |
| 716 | PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not |
| 717 | issue a MAIL command. |
| 718 | |
| 719 | PH/02 In an ACL statement such as |
| 720 | |
| 721 | deny dnslists = X!=127.0.0.2 : X=127.0.0.2 |
| 722 | |
| 723 | if a client was not listed at all, or was listed with a value other than |
| 724 | 127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list, |
| 725 | the condition was not true (as it should be), so access was not denied. |
| 726 | The bug was that the ! inversion was incorrectly passed on to the second |
| 727 | item. This has been fixed. |
| 728 | |
| 729 | PH/03 Added additional dnslists conditions == and =& which are different from |
| 730 | = and & when the dns lookup returns more than one IP address. |
| 731 | |
| 732 | PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the |
| 733 | cipher suites used by GnuTLS. These options are ignored by OpenSSL. |
| 734 | |
| 735 | PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_ |
| 736 | FSYNC, which compiles an option called disable_fsync that allows for |
| 737 | bypassing fsync(). The documentation is heavily laced with warnings. |
| 738 | |
| 739 | SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket. |
| 740 | |
| 741 | PH/06 Some tidies to the infrastructure of the Test Suite that is concerned |
| 742 | with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT |
| 743 | to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile, |
| 744 | including adding "make clean"; (3) Added -fPIC when compiling the test |
| 745 | dynamically loaded module, to get rid of a warning. |
| 746 | |
| 747 | MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce |
| 748 | message fails, move_frozen_messages = true and ignore_bounce_errors_after |
| 749 | = 0s. The bug is otherwise harmless. |
| 750 | |
| 751 | PH/07 There was a bug in the dovecot authenticator such that the value of |
| 752 | $auth1 could be overwritten, and so not correctly preserved, after a |
| 753 | successful authentication. This usually meant that the value preserved by |
| 754 | the server_setid option was incorrect. |
| 755 | |
| 756 | PH/08 Added $smtp_count_at_connection_start, deliberately with a long name. |
| 757 | |
| 758 | PH/09 Installed PCRE release 7.0. |
| 759 | |
| 760 | PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being |
| 761 | run for batched SMTP input. It is now run at the start of every message |
| 762 | in the batch. While fixing this I discovered that the process information |
| 763 | (output by running exiwhat) was not always getting set for -bs and -bS |
| 764 | input. This is fixed, and it now also says "batched" for BSMTP. |
| 765 | |
| 766 | PH/11 Added control=no_pipelining. |
| 767 | |
| 768 | PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's |
| 769 | patch, slightly modified), and move the expansion of helo_data till after |
| 770 | the connection is made in the smtp transport (so it can use these |
| 771 | values). |
| 772 | |
| 773 | PH/13 Added ${rfc2047d: to decoded RFC 2047 strings. |
| 774 | |
| 775 | PH/14 Added log_selector = +pid. |
| 776 | |
| 777 | PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set. |
| 778 | |
| 779 | PH/16 Add ${if forany and ${if forall. |
| 780 | |
| 781 | PH/17 Added dsn_from option to vary the From: line in DSNs. |
| 782 | |
| 783 | PH/18 Flush SMTP output before performing a callout, unless control = |
| 784 | no_callout_flush is set. |
| 785 | |
| 786 | PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender |
| 787 | was true (the default) a successful delivery failed to delete the retry |
| 788 | item, thus causing premature timeout of the address. The bug is now |
| 789 | fixed. |
| 790 | |
| 791 | PH/20 Added hosts_avoid_pipelining to the smtp transport. |
| 792 | |
| 793 | PH/21 Long custom messages for fakedefer and fakereject are now split up |
| 794 | into multiline reponses in the same way that messages for "deny" and |
| 795 | other ACL rejections are. |
| 796 | |
| 797 | PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep, |
| 798 | with slight modification. |
| 799 | |
| 800 | PH/23 Applied sieve patches from the maintainer "tracking the latest notify |
| 801 | draft, changing the syntax and factoring some duplicate code". |
| 802 | |
| 803 | PH/24 When the log selector "outgoing_port" was set, the port was shown as -1 |
| 804 | for deliveries of the second and subsequent messages over the same SMTP |
| 805 | connection. |
| 806 | |
| 807 | PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and |
| 808 | ${reduce, with only minor "tidies". |
| 809 | |
| 810 | SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match. |
| 811 | |
| 812 | PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its |
| 813 | expansion side effects. |
| 814 | |
| 815 | PH/27 When a message times out after an over-quota error from an Exim-imposed |
| 816 | quota, the bounce message says "mailbox is full". This message was not |
| 817 | being given when it was a system quota that was exceeded. It now should |
| 818 | be the same. |
| 819 | |
| 820 | MH/03 Made $recipients available in local_scan(). local_scan() already has |
| 821 | better access to the recipient list through recipients_list[], but |
| 822 | $recipients can be useful in postmaster-provided expansion strings. |
| 823 | |
| 824 | PH/28 The $smtp_command and $smtp_command_argument variables were not correct |
| 825 | in the case of a MAIL command with additional options following the |
| 826 | address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings |
| 827 | were accidentally chopped off. |
| 828 | |
| 829 | PH/29 SMTP synchronization checks are implemented when a command is read - |
| 830 | there is a check that no more input is waiting when there shouldn't be |
| 831 | any. However, for some commands, a delay in an ACL can mean that it is |
| 832 | some time before the response is written. In this time, more input might |
| 833 | arrive, invalidly. So now there are extra checks after an ACL has run for |
| 834 | HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when |
| 835 | pipelining has not been advertised. |
| 836 | |
| 837 | PH/30 MH's patch to allow iscntrl() characters to be list separators. |
| 838 | |
| 839 | PH/31 Unlike :fail:, a custom message specified with :defer: was not being |
| 840 | returned in the SMTP response when smtp_return_error_details was false. |
| 841 | This has been fixed. |
| 842 | |
| 843 | PH/32 Change the Dovecot authenticator to use read() and write() on the socket |
| 844 | instead of the C I/O that was originally supplied, because problems were |
| 845 | reported on Solaris. |
| 846 | |
| 847 | PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in |
| 848 | Exim which did not show up earlier: it was assuming that a call to |
| 849 | SSL_CTX_set_info_callback() might give an error value. In fact, there is |
| 850 | no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback() |
| 851 | was a macro that became an assignment, so it seemed to work. This has |
| 852 | changed to a proper function call with a void return, hence the compile |
| 853 | error. Exim's code has been fixed. |
| 854 | |
| 855 | PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit |
| 856 | cpus. |
| 857 | |
| 858 | PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify". |
| 859 | |
| 860 | PH/36 Applied John Jetmore's patch to add -v functionality to exigrep. |
| 861 | |
| 862 | PH/37 If a message is not accepted after it has had an id assigned (e.g. |
| 863 | because it turns out to be too big or there is a timeout) there is no |
| 864 | "Completed" line in the log. When some messages of this type were |
| 865 | selected by exigrep, they were listed as "not completed". Others were |
| 866 | picked up by some special patterns. I have improved the selection |
| 867 | criteria to be more general. |
| 868 | |
| 869 | PH/38 The host_find_failed option in the manualroute router can now be set |
| 870 | to "ignore", to completely ignore a host whose IP address cannot be |
| 871 | found. If all hosts are ignored, the behaviour is controlled by the new |
| 872 | host_all_ignored option. |
| 873 | |
| 874 | PH/39 In a list of hosts for manualroute, if one item (either because of multi- |
| 875 | homing or because of multiple MX records with /mx) generated more than |
| 876 | one IP address, and the following item turned out to be the local host, |
| 877 | all the secondary addresses of the first item were incorrectly removed |
| 878 | from the list, along with the local host and any following hosts (which |
| 879 | is what is supposed to happen). |
| 880 | |
| 881 | PH/40 When Exim receives a message, it writes the login name, uid, and gid of |
| 882 | whoever called Exim into the -H file. In the case of the daemon it was |
| 883 | behaving confusingly. When first started, it used values for whoever |
| 884 | started the daemon, but after a SIGHUP it used the Exim user (because it |
| 885 | calls itself on a restart). I have changed the code so that it now always |
| 886 | uses the Exim user. |
| 887 | |
| 888 | PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a |
| 889 | message are rejected with the same error (e.g. no authentication or bad |
| 890 | sender address), and a DATA command is nevertheless sent (as can happen |
| 891 | with PIPELINING or a stupid MUA), the error message that was given to the |
| 892 | RCPT commands is included in the rejection of the DATA command. This is |
| 893 | intended to be helpful for MUAs that show only the final error to their |
| 894 | users. |
| 895 | |
| 896 | PH/42 Another patch from the Sieve maintainer. |
| 897 | |
| 898 | SC/02 Eximstats - Differentiate between permanent and temporary rejects. |
| 899 | Eximstats - Fixed some broken HTML links and added missing column headers |
| 900 | (Jez Hancock). |
| 901 | Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email |
| 902 | columns for Rejects, Temp Rejects, Ham, and Spam rows. |
| 903 | |
| 904 | SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables. |
| 905 | |
| 906 | PH/43 Yet another patch from the Sieve maintainer. |
| 907 | |
| 908 | PH/44 I found a way to check for a TCP/IP connection going away before sending |
| 909 | the response to the final '.' that terminates a message, but only in the |
| 910 | case where the client has not sent further data following the '.' |
| 911 | (unfortunately, this is allowed). However, in many cases there won't be |
| 912 | any further data because there won't be any more messages to send. A call |
| 913 | to select() can be used: if it shows that the input is "ready", there is |
| 914 | either input waiting, or the socket has been closed. An attempt to read |
| 915 | the next input character can distinguish the two cases. Previously, Exim |
| 916 | would have sent an OK response which the client would never have see. |
| 917 | This could lead to message repetition. This fix should cure that, at |
| 918 | least in a lot of common cases. |
| 919 | |
| 920 | PH/45 Do not advertise STARTTLS in response to HELP unless it would be |
| 921 | advertised in response to EHLO. |
| 922 | |
| 923 | |
| 924 | Exim version 4.66 |
| 925 | ----------------- |
| 926 | |
| 927 | PH/01 Two more bugs that were introduced by 4.64/PH/07, in addition to the one |
| 928 | fixed by 4.65/MH/01 (is this a record?) are fixed: |
| 929 | |
| 930 | (i) An empty string was always treated as zero by the numeric comparison |
| 931 | operators. This behaviour has been restored. |
| 932 | |
| 933 | (ii) It is documented that the numeric comparison operators always treat |
| 934 | their arguments as decimal numbers. This was broken in that numbers |
| 935 | starting with 0 were being interpreted as octal. |
| 936 | |
| 937 | While fixing these problems I realized that there was another issue that |
| 938 | hadn't been noticed. Values of message_size_limit (both the global option |
| 939 | and the transport option) were treated as octal if they started with 0. |
| 940 | The documentation was vague. These values are now always treated as |
| 941 | decimal, and I will make that clear in the documentation. |
| 942 | |
| 943 | |
| 944 | Exim version 4.65 |
| 945 | ----------------- |
| 946 | |
| 947 | TK/01 Disable default definition of HAVE_LINUX_SENDFILE. Clashes with |
| 948 | Linux large file support (_FILE_OFFSET_BITS=64) on older glibc |
| 949 | versions. (#438) |
| 950 | |
| 951 | MH/01 Don't check that the operands of numeric comparison operators are |
| 952 | integers when their expansion is in "skipping" mode (fixes bug |
| 953 | introduced by 4.64-PH/07). |
| 954 | |
| 955 | PH/01 If a system filter or a router generates more than SHRT_MAX (32767) |
| 956 | child addresses, Exim now panics and dies. Previously, because the count |
| 957 | is held in a short int, deliveries were likely to be lost. As such a |
| 958 | large number of recipients for a single message is ridiculous |
| 959 | (performance will be very, very poor), I have chosen to impose a limit |
| 960 | rather than extend the field. |
| 961 | |
| 962 | |
| 963 | Exim version 4.64 |
| 964 | ----------------- |
| 965 | |
| 966 | TK/01 Bugzilla #401. Fix DK spooling code so that it can overwrite a |
| 967 | leftover -K file (the existence of which was triggered by #402). |
| 968 | While we were at it, introduced process PID as part of the -K |
| 969 | filename. This should rule out race conditions when creating |
| 970 | these files. |
| 971 | |
| 972 | TK/02 Bugzilla #402. Apply patch from Simon Arlott, speeding up DK signing |
| 973 | processing considerably. Previous code took too long for large mails, |
| 974 | triggering a timeout which in turn triggers #401. |
| 975 | |
| 976 | TK/03 Introduced HAVE_LINUX_SENDFILE to os.h-Linux. Currently only used |
| 977 | in the DK code in transports.c. sendfile() is not really portable, |
| 978 | hence the _LINUX specificness. |
| 979 | |
| 980 | TF/01 In the add_headers option to the mail command in an Exim filter, |
| 981 | there was a bug that Exim would claim a syntax error in any |
| 982 | header after the first one which had an odd number of characters |
| 983 | in the field name. |
| 984 | |
| 985 | PH/01 If a server that rejects MAIL FROM:<> was the target of a sender |
| 986 | callout verification, Exim cached a "reject" for the entire domain. This |
| 987 | is correct for most verifications, but it is not correct for a recipient |
| 988 | verification with use_sender or use_postmaster set, because in that case |
| 989 | the callout does not use MAIL FROM:<>. Exim now distinguishes the special |
| 990 | case of MAIL FROM:<> rejection from other early rejections (e.g. |
| 991 | rejection of HELO). When verifying a recipient using a non-null MAIL |
| 992 | address, the cache is ignored if it shows MAIL FROM:<> rejection. |
| 993 | Whatever the result of the callout, the value of the domain cache is |
| 994 | left unchanged (for any other kind of callout, getting as far as trying |
| 995 | RCPT means that the domain itself is ok). |
| 996 | |
| 997 | PH/02 Tidied a number of unused variable and signed/unsigned warnings that |
| 998 | gcc 4.1.1 threw up. |
| 999 | |
| 1000 | PH/03 On Solaris, an unexpectedly close socket (dropped connection) can |
| 1001 | manifest itself as EPIPE rather than ECONNECT. When tidying away a |
| 1002 | session, the daemon ignores ECONNECT errors and logs others; it now |
| 1003 | ignores EPIPE as well. |
| 1004 | |
| 1005 | PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c |
| 1006 | (quoted-printable decoding). |
| 1007 | |
| 1008 | PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and |
| 1009 | later the small subsequent patch to fix an introduced bug. |
| 1010 | |
| 1011 | PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer. |
| 1012 | |
| 1013 | PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}. |
| 1014 | |
| 1015 | PH/08 An error is now given if message_size_limit is specified negative. |
| 1016 | |
| 1017 | PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables |
| 1018 | to be given (somewhat) arbitrary names. |
| 1019 | |
| 1020 | JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced |
| 1021 | in 4.64-PH/09. |
| 1022 | |
| 1023 | JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions, |
| 1024 | miscellaneous code fixes |
| 1025 | |
| 1026 | PH/10 Added the log_reject_target ACL modifier to specify where to log |
| 1027 | rejections. |
| 1028 | |
| 1029 | PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_ |
| 1030 | hostname. This is wrong, because it relates to the incoming message (and |
| 1031 | probably the interface on which it is arriving) and not to the outgoing |
| 1032 | callout (which could be using a different interface). This has been |
| 1033 | changed to use the value of the helo_data option from the smtp transport |
| 1034 | instead - this is what is used when a message is actually being sent. If |
| 1035 | there is no remote transport (possible with a router that sets up host |
| 1036 | addresses), $smtp_active_hostname is used. |
| 1037 | |
| 1038 | PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various |
| 1039 | tweaks were necessary in order to get it to work (see also 21 below): |
| 1040 | (a) The code assumed that strncpy() returns a negative number on buffer |
| 1041 | overflow, which isn't the case. Replaced with Exim's string_format() |
| 1042 | function. |
| 1043 | (b) There were several signed/unsigned issues. I just did the minimum |
| 1044 | hacking in of casts. There is scope for a larger refactoring. |
| 1045 | (c) The code used strcasecmp() which is not a standard C function. |
| 1046 | Replaced with Exim's strcmpic() function. |
| 1047 | (d) The code set only $1; it now sets $auth1 as well. |
| 1048 | (e) A simple test gave the error "authentication client didn't specify |
| 1049 | service in request". It would seem that Dovecot has changed its |
| 1050 | interface. Fortunately there's a specification; I followed it and |
| 1051 | changed what the client sends and it appears to be working now. |
| 1052 | |
| 1053 | PH/13 Added $message_headers_raw to provide the headers without RFC 2047 |
| 1054 | decoding. |
| 1055 | |
| 1056 | PH/14 Corrected misleading output from -bv when -v was also used. Suppose the |
| 1057 | address A is aliased to B and C, where B exists and C does not. Without |
| 1058 | -v the output is "A verified" because verification stops after a |
| 1059 | successful redirection if more than one address is generated. However, |
| 1060 | with -v the child addresses are also verified. Exim was outputting "A |
| 1061 | failed to verify" and then showing the successful verification for C, |
| 1062 | with its parentage. It now outputs "B failed to verify", showing B's |
| 1063 | parentage before showing the successful verification of C. |
| 1064 | |
| 1065 | PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to |
| 1066 | look up a TXT record in a specific list after matching in a combined |
| 1067 | list. |
| 1068 | |
| 1069 | PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and |
| 1070 | RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when |
| 1071 | they consult the DNS. I had assumed they would set it the way they |
| 1072 | wanted; and indeed my experiments on Linux seem to show that in some |
| 1073 | cases they do (I could influence IPv6 lookups but not IPv4 lookups). |
| 1074 | To be on the safe side, however, I have now made the interface to |
| 1075 | host_find_byname() similar to host_find_bydns(), with an argument |
| 1076 | containing the DNS resolver options. The host_find_byname() function now |
| 1077 | sets these options at its start, just as host_find_bydns() does. The smtp |
| 1078 | transport options dns_qualify_single and dns_search_parents are passed to |
| 1079 | host_find_byname() when gethostbyname=TRUE in this transport. Other uses |
| 1080 | of host_find_byname() use the default settings of RES_DEFNAMES |
| 1081 | (qualify_single) but not RES_DNSRCH (search_parents). |
| 1082 | |
| 1083 | PH/17 Applied (a modified version of) Nico Erfurth's patch to make |
| 1084 | spool_read_header() do less string testing, by means of a preliminary |
| 1085 | switch on the second character of optional "-foo" lines. (This is |
| 1086 | overdue, caused by the large number of possibilities that now exist. |
| 1087 | Originally there were few.) While I was there, I also converted the |
| 1088 | str(n)cmp tests so they don't re-test the leading "-" and the first |
| 1089 | character, in the hope this might squeeze out yet more improvement. |
| 1090 | |
| 1091 | PH/18 Two problems with "group" syntax in header lines when verifying: (1) The |
| 1092 | flag allowing group syntax was set by the header_syntax check but not |
| 1093 | turned off, possible causing trouble later; (2) The flag was not being |
| 1094 | set at all for the header_verify test, causing "group"-style headers to |
| 1095 | be rejected. I have now set it in this case, and also caused header_ |
| 1096 | verify to ignore an empty address taken from a group. While doing this, I |
| 1097 | came across some other cases where the code for allowing group syntax |
| 1098 | while scanning a header line wasn't quite right (mostly, not resetting |
| 1099 | the flag correctly in the right place). These bugs could have caused |
| 1100 | trouble for malformed header lines. I hope it is now all correct. |
| 1101 | |
| 1102 | PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called |
| 1103 | with the "reply" argument non-NULL. The code, however (which originally |
| 1104 | came from elsewhere) had *some* tests for NULL when it wrote to *reply, |
| 1105 | but it didn't always do it. This confused somebody who was copying the |
| 1106 | code for some other use. I have removed all the tests. |
| 1107 | |
| 1108 | PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a |
| 1109 | feature that was used to support insecure browsers during the U.S. crypto |
| 1110 | embargo. It requires special client support, and Exim is probably the |
| 1111 | only MTA that supported it -- and would never use it because real RSA is |
| 1112 | always available. This code has been removed, because it had the bad |
| 1113 | effect of slowing Exim down by computing (never used) parameters for the |
| 1114 | RSA_EXPORT functionality. |
| 1115 | |
| 1116 | PH/21 On the advice of Timo Sirainen, added a check to the dovecot |
| 1117 | authenticator to fail if there's a tab character in the incoming data |
| 1118 | (there should never be unless someone is messing about, as it's supposed |
| 1119 | to be base64-encoded). Also added, on Timo's advice, the "secured" option |
| 1120 | if the connection is using TLS or if the remote IP is the same as the |
| 1121 | local IP, and the "valid-client-cert option" if a client certificate has |
| 1122 | been verified. |
| 1123 | |
| 1124 | PH/22 As suggested by Dennis Davis, added a server_condition option to *all* |
| 1125 | authenticators. This can be used for authorization after authentication |
| 1126 | succeeds. (In the case of plaintext, it servers for both authentication |
| 1127 | and authorization.) |
| 1128 | |
| 1129 | PH/23 Testing for tls_required and lost_connection in a retry rule didn't work |
| 1130 | if any retry times were supplied. |
| 1131 | |
| 1132 | PH/24 Exim crashed if verify=helo was activated during an incoming -bs |
| 1133 | connection, where there is no client IP address to check. In this |
| 1134 | situation, the verify now always succeeds. |
| 1135 | |
| 1136 | PH/25 Applied John Jetmore's -Mset patch. |
| 1137 | |
| 1138 | PH/26 Added -bem to be like -Mset, but loading a message from a file. |
| 1139 | |
| 1140 | PH/27 In a string expansion for a processed (not raw) header when multiple |
| 1141 | headers of the same name were present, leading whitespace was being |
| 1142 | removed from all of them, but trailing whitespace was being removed only |
| 1143 | from the last one. Now trailing whitespace is removed from each header |
| 1144 | before concatenation. Completely empty headers in a concatenation (as |
| 1145 | before) are ignored. |
| 1146 | |
| 1147 | PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John |
| 1148 | Jetmore). It would have mis-read ACL variables from pre-4.61 spool files. |
| 1149 | |
| 1150 | PH/29 [Removed. This was a change that I later backed out, and forgot to |
| 1151 | correct the ChangeLog entry (that I had efficiently created) before |
| 1152 | committing the later change.] |
| 1153 | |
| 1154 | PH/30 Exim was sometimes attempting to deliver messages that had suffered |
| 1155 | address errors (4xx response to RCPT) over the same connection as other |
| 1156 | messages routed to the same hosts. Such deliveries are always "forced", |
| 1157 | so retry times are not inspected. This resulted in far too many retries |
| 1158 | for the affected addresses. The effect occurred only when there were more |
| 1159 | hosts than the hosts_max_try setting in the smtp transport when it had |
| 1160 | the 4xx errors. Those hosts that it had tried were not added to the list |
| 1161 | of hosts for which the message was waiting, so if all were tried, there |
| 1162 | was no problem. Two fixes have been applied: |
| 1163 | |
| 1164 | (i) If there are any address or message errors in an SMTP delivery, none |
| 1165 | of the hosts (tried or untried) are now added to the list of hosts |
| 1166 | for which the message is waiting, so the message should not be a |
| 1167 | candidate for sending over the same connection that was used for a |
| 1168 | successful delivery of some other message. This seems entirely |
| 1169 | reasonable: after all the message is NOT "waiting for some host". |
| 1170 | This is so "obvious" that I'm not sure why it wasn't done |
| 1171 | previously. Hope I haven't missed anything, but it can't do any |
| 1172 | harm, as the worst effect is to miss an optimization. |
| 1173 | |
| 1174 | (ii) If, despite (i), such a delivery is accidentally attempted, the |
| 1175 | routing retry time is respected, so at least it doesn't keep |
| 1176 | hammering the server. |
| 1177 | |
| 1178 | PH/31 Installed Andrew Findlay's patch to close the writing end of the socket |
| 1179 | in ${readsocket because some servers need this prod. |
| 1180 | |
| 1181 | PH/32 Added some extra debug output when updating a wait-xxx database. |
| 1182 | |
| 1183 | PH/33 The hint "could be header name not terminated by colon", which has been |
| 1184 | given for certain expansion errors for a long time, was not being given |
| 1185 | for the ${if def:h_colon_omitted{... case. |
| 1186 | |
| 1187 | PH/34 The spec says: "With one important exception, whenever a domain list is |
| 1188 | being scanned, $domain contains the subject domain." There was at least |
| 1189 | one case where this was not true. |
| 1190 | |
| 1191 | PH/35 The error "getsockname() failed: connection reset by peer" was being |
| 1192 | written to the panic log as well as the main log, but it isn't really |
| 1193 | panic-worthy as it just means the connection died rather early on. I have |
| 1194 | removed the panic log writing for the ECONNRESET error when getsockname() |
| 1195 | fails. |
| 1196 | |
| 1197 | PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue |
| 1198 | runs only) independently of the message's sender address. This meant |
| 1199 | that, if the 4xx error was in fact related to the sender, a different |
| 1200 | message to the same recipient with a different sender could confuse |
| 1201 | things. In particualar, this can happen when sending to a greylisting |
| 1202 | server, but other circumstances could also provoke similar problems. |
| 1203 | I have changed the default so that the retry time for these errors is now |
| 1204 | based a combination of the sender and recipient addresses. This change |
| 1205 | can be overridden by setting address_retry_include_sender=false in the |
| 1206 | smtp transport. |
| 1207 | |
| 1208 | PH/37 For LMTP over TCP/IP (the smtp transport), error responses from the |
| 1209 | remote server are returned as part of bounce messages. This was not |
| 1210 | happening for LMTP over a pipe (the lmtp transport), but now it is the |
| 1211 | same for both kinds of LMTP. |
| 1212 | |
| 1213 | PH/38 Despite being documented as not happening, Exim was rewriting addresses |
| 1214 | in header lines that were in fact CNAMEs. This is no longer the case. |
| 1215 | |
| 1216 | PH/39 If -R or -S was given with -q<time>, the effect of -R or -S was ignored, |
| 1217 | and queue runs started by the daemon processed all messages. This has |
| 1218 | been fixed so that -R and -S can now usefully be given with -q<time>. |
| 1219 | |
| 1220 | PH/40 Import PCRE release 6.7 (fixes some bugs). |
| 1221 | |
| 1222 | PH/41 Add bitwise logical operations to eval (courtesy Brad Jorsch). |
| 1223 | |
| 1224 | PH/42 Give an error if -q is specified more than once. |
| 1225 | |
| 1226 | PH/43 Renamed the variables $interface_address and $interface_port as |
| 1227 | $received_ip_address and $received_port, to make it clear that these |
| 1228 | values apply to message reception, and not to the outgoing interface when |
| 1229 | a message is delivered. (The old names remain recognized, of course.) |
| 1230 | |
| 1231 | PH/44 There was no timeout on the connect() call when using a Unix domain |
| 1232 | socket in the ${readsocket expansion. There now is. |
| 1233 | |
| 1234 | PH/45 Applied a modified version of Brad Jorsch's patch to allow "message" to |
| 1235 | be meaningful with "accept". |
| 1236 | |
| 1237 | SC/01 Eximstats V1.43 |
| 1238 | Bug fix for V1.42 with -h0 specified. Spotted by Chris Lear. |
| 1239 | |
| 1240 | SC/02 Eximstats V1.44 |
| 1241 | Use a glob alias rather than an array ref in the generated |
| 1242 | parser. This improves both readability and performance. |
| 1243 | |
| 1244 | SC/03 Eximstats V1.45 (Marco Gaiarin / Steve Campbell) |
| 1245 | Collect SpamAssassin and rejection statistics. |
| 1246 | Don't display local sender or destination tables unless |
| 1247 | there is data to show. |
| 1248 | Added average volumes into the top table text output. |
| 1249 | |
| 1250 | SC/04 Eximstats V1.46 |
| 1251 | Collect data on the number of addresses (recipients) |
| 1252 | as well as the number of messages. |
| 1253 | |
| 1254 | SC/05 Eximstats V1.47 |
| 1255 | Added 'Message too big' to the list of mail rejection |
| 1256 | reasons (thanks to Marco Gaiarin). |
| 1257 | |
| 1258 | SC/06 Eximstats V1.48 |
| 1259 | Mainlog lines which have GMT offsets and are too short to |
| 1260 | have a flag are now skipped. |
| 1261 | |
| 1262 | SC/07 Eximstats V1.49 (Alain Williams) |
| 1263 | Added the -emptyok flag. |
| 1264 | |
| 1265 | SC/08 Eximstats V1.50 |
| 1266 | Fixes for obtaining the IP address from reject messages. |
| 1267 | |
| 1268 | JJ/03 exipick.20061117.2, made header handling as similar to exim as possible |
| 1269 | (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed |
| 1270 | whitesspace changes from 4.64-PH/27 |
| 1271 | |
| 1272 | JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to |
| 1273 | match 4.64-PH/13 |
| 1274 | |
| 1275 | JJ/05 exipick.20061117.2, bug fixes (error out sooner when invalid criteria |
| 1276 | are found, allow negative numbers in numeric criteria) |
| 1277 | |
| 1278 | JJ/06 exipick.20061117.2, added new $message_body_missing variable |
| 1279 | |
| 1280 | JJ/07 exipick.20061117.2, added $received_ip_address and $received_port |
| 1281 | to match changes made in 4.64-PH/43 |
| 1282 | |
| 1283 | PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm. |
| 1284 | |
| 1285 | PH/47 Put in an explicit test for a DNS lookup of an address record where the |
| 1286 | "domain" is actually an IP address, and force a failure. This locks out |
| 1287 | those revolvers/nameservers that support "A-for-A" lookups, in |
| 1288 | contravention of the specifications. |
| 1289 | |
| 1290 | PH/48 When a host name was looked up from an IP address, and the subsequent |
| 1291 | forward lookup of the name timed out, the host name was left in |
| 1292 | $sender_host_name, contrary to the specification. |
| 1293 | |
| 1294 | PH/49 Although default lookup types such as lsearch* or cdb*@ have always been |
| 1295 | restricted to single-key lookups, Exim was not diagnosing an error if |
| 1296 | * or *@ was used with a query-style lookup. |
| 1297 | |
| 1298 | PH/50 Increased the value of DH_BITS in tls-gnu.c from 768 to 1024. |
| 1299 | |
| 1300 | MH/01 local_scan ABI version incremented to 1.1. It should have been updated |
| 1301 | long ago, but noone interested enough thought of it. Let's just say that |
| 1302 | the "1.1" means that there are some new functions that weren't there at |
| 1303 | some point in the past. |
| 1304 | |
| 1305 | PH/51 Error processing for expansion failure of helo_data from an smtp |
| 1306 | transport during callout processing was broken. |
| 1307 | |
| 1308 | PH/52 Applied John Jetmore's patch to allow tls-on-connect and STARTTLS to be |
| 1309 | tested/used via the -bh/-bhc/-bs options. |
| 1310 | |
| 1311 | PH/53 Added missing "#include <time.h>" to pcre/pcretest.c (this was a PCRE |
| 1312 | bug, fixed in subsequent PCRE releases). |
| 1313 | |
| 1314 | PH/54 Applied Robert Bannocks' patch to avoid a problem with references that |
| 1315 | arises when using the Solaris LDAP libraries (but not with OpenLDAP). |
| 1316 | |
| 1317 | PH/55 Check for a ridiculously long file name in exim_dbmbuild. |
| 1318 | |
| 1319 | |
| 1320 | Exim version 4.63 |
| 1321 | ----------------- |
| 1322 | |
| 1323 | SC/01 Use a glob alias rather than an array ref in eximstats generated |
| 1324 | parser. This improves both readability and performance. |
| 1325 | |
| 1326 | SC/02 Collect SpamAssassin and rejection statistics in eximstats. |
| 1327 | Don't display local sender or destination tables in eximstats unless |
| 1328 | there is data to show. |
| 1329 | Added average volumes into the eximstats top table text output. |
| 1330 | |
| 1331 | SC/03 Collect data on the number of addresses (recipients) as well |
| 1332 | as the number of messages in eximstats. |
| 1333 | |
| 1334 | TF/01 Correct an error in the documentation for the redirect router. Exim |
| 1335 | does (usually) call initgroups() when daemonizing. |
| 1336 | |
| 1337 | TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs |
| 1338 | with consistent privilege compared to when running as a daemon. |
| 1339 | |
| 1340 | TF/03 Note in the spec that $authenticated_id is not set for local |
| 1341 | submissions from trusted users. |
| 1342 | |
| 1343 | TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp. |
| 1344 | Thanks to Dean Brooks <dean@iglou.com> for the patch. |
| 1345 | |
| 1346 | TF/05 Make it easier to get SMTP authentication and TLS/SSL support working |
| 1347 | by adding some example configuration directives to the default |
| 1348 | configuration file. A little bit of work is required to uncomment the |
| 1349 | directives and define how usernames and passwords are checked, but |
| 1350 | there is now a framework to start from. |
| 1351 | |
| 1352 | PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old" |
| 1353 | functions that Exim currently uses aren't defined in ldap.h for OpenLDAP |
| 1354 | without this. I don't know how relevant this is to other LDAP libraries. |
| 1355 | |
| 1356 | PH/02 Add the verb name to the "unknown ACL verb" error. |
| 1357 | |
| 1358 | PH/03 Magnus Holmgren's patch for filter_prepend_home. |
| 1359 | |
| 1360 | PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work. |
| 1361 | |
| 1362 | PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home |
| 1363 | directory not expanded when it should be if an expanded home directory |
| 1364 | was set for the address (which is overridden by the transport). |
| 1365 | |
| 1366 | PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with |
| 1367 | libradius. |
| 1368 | |
| 1369 | PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the |
| 1370 | bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL, |
| 1371 | because it is too late at that time, and has no effect. |
| 1372 | |
| 1373 | PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a |
| 1374 | security issue with \' (bugzilla #107). I could not use the |
| 1375 | PQescapeStringConn() function, because it needs a PGconn value as one of |
| 1376 | its arguments. |
| 1377 | |
| 1378 | PH/08 When testing addresses using -bt, indicate those final addresses that |
| 1379 | are duplicates that would not cause an additional delivery. At least one |
| 1380 | person was confused, thinking that -bt output corresponded to deliveries. |
| 1381 | (Suppressing duplicates isn't a good idea as you lose the information |
| 1382 | about possibly different redirections that led to the duplicates.) |
| 1383 | |
| 1384 | PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on |
| 1385 | systems where poll() doesn't work, in particular OS X. |
| 1386 | |
| 1387 | PH/10 Added more information to debugging output for retry time not reached. |
| 1388 | |
| 1389 | PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read |
| 1390 | operations in malware.c. |
| 1391 | |
| 1392 | PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys |
| 1393 | signatures. |
| 1394 | |
| 1395 | PH/13 If write_rejectlog was set false when logging was sent to syslog with |
| 1396 | syslog_duplication set false, log lines that would normally be written |
| 1397 | both the the main log and to the reject log were not written to syslog at |
| 1398 | all. |
| 1399 | |
| 1400 | PH/14 In the default configuration, change the use of "message" in ACL warn |
| 1401 | statements to "add_header". |
| 1402 | |
| 1403 | PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not |
| 1404 | not followed by a command (e.g. "seen endif"). |
| 1405 | |
| 1406 | PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail: |
| 1407 | and :defer: in a redirect router. Add forbid_smtp_code to suppress the |
| 1408 | latter. |
| 1409 | |
| 1410 | PH/17 Added extra conditions to the default value of delay_warning_condition |
| 1411 | so that it is now: |
| 1412 | |
| 1413 | ${if or { \ |
| 1414 | { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \ |
| 1415 | { match{$h_precedence:}{(?i)bulk|list|junk} } \ |
| 1416 | { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \ |
| 1417 | }{no}{yes}} |
| 1418 | |
| 1419 | The Auto-Submitted: and various List- headers are standardised, whereas I |
| 1420 | don't think Precedence: ever was. |
| 1421 | |
| 1422 | PH/18 Refactored debugging code in route_finduser() to show more information, |
| 1423 | in particular, the error code if getpwnam() issues one. |
| 1424 | |
| 1425 | PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module. |
| 1426 | This is apparently needed in addition to the PH/07 change above to avoid |
| 1427 | any possible encoding problems. |
| 1428 | |
| 1429 | PH/20 Perl can change the locale. Exim was resetting it after a ${perl call, |
| 1430 | but not after initializing Perl. |
| 1431 | |
| 1432 | PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and |
| 1433 | output them only if debugging. By default they are written stderr, |
| 1434 | apparently, which is not desirable. |
| 1435 | |
| 1436 | PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on |
| 1437 | queries. |
| 1438 | |
| 1439 | JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and |
| 1440 | --not options |
| 1441 | |
| 1442 | JJ/02 exipick: rewrote --help documentation to hopefully make more clear. |
| 1443 | |
| 1444 | PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is |
| 1445 | authenticated or an ident call has been made. Suppress the default |
| 1446 | values for $authenticated_id and $authenticated_sender (but permit -oMai |
| 1447 | and -oMas) when testing with -bh. |
| 1448 | |
| 1449 | PH/24 Re-jigged the order of the tests in the default configuration so that the |
| 1450 | tests for valid domains and recipients precede the DNS black list and CSA |
| 1451 | tests, on the grounds that those ones are more expensive. |
| 1452 | |
| 1453 | PH/25 Exim was not testing for a space following SMTP commands such as EHLO |
| 1454 | that require one. Thus, EHLORHUBARB was interpreted as a valid command. |
| 1455 | This bug exists in every version of Exim that I still have, right back to |
| 1456 | 0.12. |
| 1457 | |
| 1458 | PH/26 (n)wildlsearch lookups are documented as being done case-insensitively. |
| 1459 | However, an attempt to turn on case-sensitivity in a regex key by |
| 1460 | including (?-i) didn't work because the subject string was already |
| 1461 | lowercased, and the effects were non-intuitive. It turns out that a |
| 1462 | one-line patch can be used to allow (?-i) to work as expected. |
| 1463 | |
| 1464 | |
| 1465 | Exim version 4.62 |
| 1466 | ----------------- |
| 1467 | |
| 1468 | TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst |
| 1469 | other effects) broke the use of negated acl sub-conditions. |
| 1470 | |
| 1471 | PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore |
| 1472 | patch). |
| 1473 | |
| 1474 | PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow". |
| 1475 | "Deny" causes Exim to reject the incoming connection with a 554 error. |
| 1476 | Unfortunately, if there is a major crisis, such as a disk failure, |
| 1477 | tcp-wrappers gives "deny", whereas what one would like would be some |
| 1478 | kind of temporary error. A kludge has been added to help with this. |
| 1479 | Before calling hosts_ctl(), errno is set zero. If the result is "deny", a |
| 1480 | 554 error is used if errno is still zero or contains ENOENT (which occurs |
| 1481 | if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a |
| 1482 | 451 error is used. |
| 1483 | |
| 1484 | PH/03 Add -lutil to the default FreeBSD LIBS setting. |
| 1485 | |
| 1486 | PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host |
| 1487 | errors. Otherwise a message that provokes a temporary error (when other |
| 1488 | messages do not) can cause a whole host to time out. |
| 1489 | |
| 1490 | PH/05 Batch deliveries by appendfile and pipe transports did not work when the |
| 1491 | addresses were routed directly to files or pipes from a redirect router. |
| 1492 | File deliveries just didn't batch; pipe deliveries might have suffered |
| 1493 | odd errors. |
| 1494 | |
| 1495 | PH/06 A failure to get a lock for a hints database would erroneously always say |
| 1496 | "Failed to get write lock", even when it was really a read lock. |
| 1497 | |
| 1498 | PH/07 The appendfile transport was creating MBX lock files with a fixed mode |
| 1499 | of 0600. This has been changed to use the value of the lockfile_mode |
| 1500 | option (which defaults to 0600). |
| 1501 | |
| 1502 | PH/08 Applied small patch from the Sieve maintainer. |
| 1503 | |
| 1504 | PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash |
| 1505 | folder from quota calculations, a direct delivery into this folder messed |
| 1506 | up the contents of the maildirsize file. This was because the regex was |
| 1507 | used only to exclude .Trash (or whatever) when the size of the mailbox |
| 1508 | was calculated. There was no check that a delivery was happening into an |
| 1509 | excluded directory. This bug has been fixed by ignoring all quota |
| 1510 | processing for deliveries into excluded directories. |
| 1511 | |
| 1512 | PH/10 Added the maildirfolder_create_regex option to appendfile. |
| 1513 | |
| 1514 | |
| 1515 | Exim version 4.61 |
| 1516 | ----------------- |
| 1517 | |
| 1518 | PH/01 The code for finding all the local interface addresses on a FreeBSD |
| 1519 | system running IPv6 was broken. This may well have applied to all BSD |
| 1520 | systems, as well as to others that have similar system calls. The broken |
| 1521 | code found IPv4 interfaces correctly, but gave incorrect values for the |
| 1522 | IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was |
| 1523 | that it would not match correctly against @[] and not recognize the IPv6 |
| 1524 | addresses as local. |
| 1525 | |
| 1526 | PH/02 The ipliteral router was not recognizing addresses of the form user@ |
| 1527 | [ipv6:....] because it didn't know about the "ipv6:" prefix. |
| 1528 | |
| 1529 | PH/03 Added disable_ipv6. |
| 1530 | |
| 1531 | PH/04 Changed $reply_address to use the raw form of the headers instead of the |
| 1532 | decoded form, because it is most often used to construct To: headers |
| 1533 | lines in autoreplies, and the decoded form may well be syntactically |
| 1534 | invalid. However, $reply_address has leading white space removed, and all |
| 1535 | newlines turned into spaces so that the autoreply transport does not |
| 1536 | grumble. |
| 1537 | |
| 1538 | PH/05 If group was specified without a user on a router, and no group or user |
| 1539 | was specified on a transport, the group from the router was ignored. |
| 1540 | |
| 1541 | PH/06 Increased the number of ACL variables to 20 of each type, and arranged |
| 1542 | for visible compile-time settings that can be used to change these |
| 1543 | numbers, for those that want even more. Backwards compatibility with old |
| 1544 | spool files has been maintained. However, going back to a previous Exim |
| 1545 | release will lost any variables that are in spool files. |
| 1546 | |
| 1547 | PH/07 Two small changes when running in the test harness: increase delay when |
| 1548 | passing a TCP/IP connection to a new process, in case the original |
| 1549 | process has to generate a bounce, and remove special handling of |
| 1550 | 127.0.0.2 (sic), which is no longer necessary. |
| 1551 | |
| 1552 | PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to |
| 1553 | be the same on different OS. |
| 1554 | |
| 1555 | PH/09 Moved a debug statement in filter processing to avoid a race problem when |
| 1556 | testing. |
| 1557 | |
| 1558 | JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:" |
| 1559 | whether --show-vars was specified or not |
| 1560 | |
| 1561 | JJ/02 exipick: Added support for new ACL variable spool format introduced |
| 1562 | in 4.61-PH/06 |
| 1563 | |
| 1564 | PH/10 Fixed another bug related to PH/04 above: if an incoming message had a |
| 1565 | syntactically invalid From: or Reply-to: line, and a filter used this to |
| 1566 | generate an autoreply, and therefore failed to obtain an address for the |
| 1567 | autoreply, Exim could try to deliver to a non-existent relative file |
| 1568 | name, causing unrelated and misleading errors. What now happens is that |
| 1569 | it logs this as a hard delivery error, but does not attempt to create a |
| 1570 | bounce message. |
| 1571 | |
| 1572 | PH/11 The exinext utility has a -C option for testing purposes, but although |
| 1573 | the given file was scanned by exinext itself; it wasn't being passed on |
| 1574 | when Exim was called. |
| 1575 | |
| 1576 | PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as |
| 1577 | an end-of-file indication when reading a command response. |
| 1578 | |
| 1579 | PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was |
| 1580 | compiled. In many other places in Exim, IPv6 addresses are always |
| 1581 | recognized, so I have changed this. It also means that IPv4 domain |
| 1582 | literals of the form [IPV4:n.n.n.n] are now always recognized. |
| 1583 | |
| 1584 | PH/14 When a uid/gid is specified for the queryprogram router, it cannot be |
| 1585 | used if the router is not running as root, for example, when verifying at |
| 1586 | ACL time, or when using -bh. The debugging output from this situation was |
| 1587 | non-existent - all you got was a failure to exec. I have made two |
| 1588 | changes: |
| 1589 | |
| 1590 | (a) Failures to set uid/gid, the current directory, or a process leader |
| 1591 | in a subprocess such as that created by queryprogram now generate |
| 1592 | suitable debugging ouput when -d is set. |
| 1593 | |
| 1594 | (b) The queryprogram router detects when it is not running as root, |
| 1595 | outputs suitable debugging information if -d is set, and then runs |
| 1596 | the subprocess without attempting to change uid/gid. |
| 1597 | |
| 1598 | PH/15 Minor change to Makefile for building test_host (undocumented testing |
| 1599 | feature). |
| 1600 | |
| 1601 | PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the |
| 1602 | additional section of a DNS packet that returns MX or SRV records. |
| 1603 | Instead, it always explicitly searches for A/AAAA records. This avoids |
| 1604 | major problems that occur when a DNS server includes only records of one |
| 1605 | type (A or AAAA) in an MX/SRV packet. A byproduct of this change has |
| 1606 | fixed another bug: if SRV records were looked up and the corresponding |
| 1607 | address records were *not* found in the additional section, the port |
| 1608 | values from the SRV records were lost. |
| 1609 | |
| 1610 | PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not |
| 1611 | using the correct key (the original address) when searching the retry |
| 1612 | rules in order to find which one to use for generating the retry hint. |
| 1613 | |
| 1614 | PH/18 If quota_warn_message contains a From: header, Exim now refrains from |
| 1615 | adding the default one. Similarly, if it contains a Reply-To: header, the |
| 1616 | errors_reply_to option, if set, is not used. |
| 1617 | |
| 1618 | PH/19 When calculating a retry time, Exim used to measure the "time since |
| 1619 | failure" by looking at the "first failed" field in the retry record. Now |
| 1620 | it does not use this if it is later than than the arrival time of the |
| 1621 | message. Instead it uses the arrival time. This makes for better |
| 1622 | behaviour in cases where some deliveries succeed, thus re-setting the |
| 1623 | "first failed" field. An example is a quota failure for a huge message |
| 1624 | when small messages continue to be delivered. Without this change, the |
| 1625 | "time since failure" will always be short, possible causing more frequent |
| 1626 | delivery attempts for the huge message than are intended. |
| 1627 | [Note: This change was subsequently modified - see PH/04 for 4.62.] |
| 1628 | |
| 1629 | PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as |
| 1630 | $1, $2, $3) because the numerical variables can be reset during some |
| 1631 | expansion items (e.g. "match"), thereby losing the authentication data. |
| 1632 | |
| 1633 | PH/21 Make -bV show the size of off_t variables so that the test suite can |
| 1634 | decide whether to run tests for quotas > 2G. |
| 1635 | |
| 1636 | PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold, |
| 1637 | mailbox_size, and mailbox_filecount in the appendfile transport. If a |
| 1638 | filecount value is greater than 2G or if a quota value is greater than 2G |
| 1639 | on a system where the size of off_t is not greater than 4, a panic error |
| 1640 | is given. |
| 1641 | |
| 1642 | PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can |
| 1643 | never match. The debug and -bh output now contains an explicit error |
| 1644 | message indicating a malformed IPv4 address or mask. |
| 1645 | |
| 1646 | PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address |
| 1647 | 1.2.3.4 without a mask. Now it is not recognized as an IP address, and |
| 1648 | PH/23 above applies. |
| 1649 | |
| 1650 | PH/25 Do not write to syslog when running in the test harness. The only |
| 1651 | occasion when this arises is a failure to open the main or panic logs |
| 1652 | (for which there is an explicit test). |
| 1653 | |
| 1654 | PH/26 Added the /no_tell option to "control=freeze". |
| 1655 | |
| 1656 | PH/27 If a host name lookup failed very early in a connection, for example, if |
| 1657 | the IP address matched host_lookup and the reverse lookup yielded a name |
| 1658 | that did not have a forward lookup, an error message of the form "no IP |
| 1659 | address found for host xxx.xxx.xxx (during SMTP connection from NULL)" |
| 1660 | could be logged. Now it outputs the IP address instead of "NULL". |
| 1661 | |
| 1662 | PH/28 An enabling patch from MH: add new function child_open_exim2() which |
| 1663 | allows the sender and the authenticated sender to be set when |
| 1664 | submitting a message from within Exim. Since child_open_exim() is |
| 1665 | documented for local_scan(), the new function should be too. |
| 1666 | |
| 1667 | PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being |
| 1668 | ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that |
| 1669 | results in an empty string is now treated as unset. |
| 1670 | |
| 1671 | PH/30 Fix eximon buffer overflow bug (Bugzilla #73). |
| 1672 | |
| 1673 | PH/31 Added sender_verify_fail logging option. |
| 1674 | |
| 1675 | PH/32 In November 2003, the code in Exim that added an empty Bcc: header when |
| 1676 | needed by RFC 822 but not by RFC 2822 was commented out. I have now |
| 1677 | tidied the source and removed it altogether. |
| 1678 | |
| 1679 | PH/33 When a queue run was abandoned because the load average was too high, a |
| 1680 | log line was always written; now it is written only if the queue_run log |
| 1681 | selector is set. In addition, the log line for abandonment now contains |
| 1682 | information about the queue run such as the pid. This is always present |
| 1683 | in "start" and "stop" lines but was omitted from the "abandon" line. |
| 1684 | |
| 1685 | PH/34 Omit spaces between a header name and the colon in the error message that |
| 1686 | is given when verify = headers_syntax fails (if there are lots of them, |
| 1687 | the message gets confusing). |
| 1688 | |
| 1689 | PH/35 Change the default for dns_check_names_pattern to allow slashes within |
| 1690 | names, as there are now some PTR records that contain slashes. This check |
| 1691 | is only to protect against broken name servers that fall over on strange |
| 1692 | characters, so the fact that it applies to all lookups doesn't matter. |
| 1693 | |
| 1694 | PH/36 Now that the new test suite is complete, we can remove some of the |
| 1695 | special code in Exim that was needed for the old test suite. For example, |
| 1696 | sorting DNS records because real resolvers return them in an arbitrary |
| 1697 | order. The new test suite's fake resolver always returns records in the |
| 1698 | same order. |
| 1699 | |
| 1700 | PH/37 When running in the test harness, use -odi for submitted messages (e.g. |
| 1701 | bounces) except when queue_only is set, to avoid logging races between |
| 1702 | the different processes. |
| 1703 | |
| 1704 | PH/38 Panic-die if .include specifies a non-absolute path. |
| 1705 | |
| 1706 | PH/39 A tweak to the "H" retry rule from its user. |
| 1707 | |
| 1708 | JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified |
| 1709 | a label. They prevented compilation on older perls. |
| 1710 | |
| 1711 | JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused |
| 1712 | a warning to be raised on newish perls. |
| 1713 | |
| 1714 | JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages |
| 1715 | on queue. Changes to match documented behaviour of showing count of |
| 1716 | messages matching specified criteria. |
| 1717 | |
| 1718 | PH/40 Changed the default ident timeout from 30s to 5s. |
| 1719 | |
| 1720 | PH/41 Added support for the use of login_cap features, on those BSD systems |
| 1721 | that have them, for controlling the resources used by pipe deliveries. |
| 1722 | |
| 1723 | PH/42 The content-scanning code uses fopen() to create files in which to put |
| 1724 | message data. Previously it was not paying any attention to the mode of |
| 1725 | the files. Exim runs with umask(0) because the rest of the code creates |
| 1726 | files with open(), and sets the required mode explicitly. Thus, these |
| 1727 | files were ending up world-writeable. This was not a big issue, because, |
| 1728 | being within the spool directory, they were not world-accessible. I have |
| 1729 | created a function called modefopen, which takes an additional mode |
| 1730 | argument. It sets umask(777), creates the file, chmods it to the required |
| 1731 | mode, then resets the umask. All the relevant calls to fopen() in the |
| 1732 | content scanning code have been changed to use this function. |
| 1733 | |
| 1734 | PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset |
| 1735 | to 24 hours. This avoids potential overflow problems when processing G |
| 1736 | and H retry rules. I suspect nobody ever tinkers with this value. |
| 1737 | |
| 1738 | PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile. |
| 1739 | |
| 1740 | PH/45 When the plaintext authenticator is running as a client, the server's |
| 1741 | challenges are checked to ensure they are valid base64 strings. By |
| 1742 | default, the authentication attempt is cancelled if an invalid string is |
| 1743 | received. Setting client_ignore_invalid_base64 true ignores these errors. |
| 1744 | The decoded challenge strings are now placed in $auth1, $auth2, etc. as |
| 1745 | they are received. Thus, the responses can be made to depend on the |
| 1746 | challenges. If an invalid string is ignored, an empty string is placed in |
| 1747 | the variable. |
| 1748 | |
| 1749 | PH/46 Messages that are created by the autoreply transport now contains a |
| 1750 | References: header, in accordance with RFCs 2822 and 3834. |
| 1751 | |
| 1752 | PH/47 Added authenticated_sender_force to the smtp transport. |
| 1753 | |
| 1754 | PH/48 The ${prvs expansion was broken on systems where time_t was long long. |
| 1755 | |
| 1756 | PH/49 Installed latest patch from the Sieve maintainer. |
| 1757 | |
| 1758 | PH/50 When an Exim quota was set without a file count quota, and mailbox_size |
| 1759 | was also set, the appendfile transport was unnecessarily scanning a |
| 1760 | directory of message files (e.g. for maildir delivery) to find the count |
| 1761 | of files (along with the size), even though it did not need this |
| 1762 | information. It now does the scan only if it needs to find either the |
| 1763 | size of the count of files. |
| 1764 | |
| 1765 | PH/51 Added ${time_eval: to convert Exim time strings into seconds. |
| 1766 | |
| 1767 | PH/52 Two bugs concerned with error handling when the smtp transport is |
| 1768 | used in LMTP mode: |
| 1769 | |
| 1770 | (i) Exim was not creating retry information for temporary errors given |
| 1771 | for individual recipients after the DATA command when the smtp transport |
| 1772 | was used in LMTP mode. This meant that they could be retried too |
| 1773 | frequently, and not timed out correctly. |
| 1774 | |
| 1775 | (ii) Exim was setting the flag that allows error details to be returned |
| 1776 | for LMTP errors on RCPT commands, but not for LMTP errors for individual |
| 1777 | recipients that were returned after the DATA command. |
| 1778 | |
| 1779 | PH/53 This is related to PH/52, but is more general: for any failing address, |
| 1780 | when detailed error information was permitted to be returned to the |
| 1781 | sender, but the error was temporary, then after the final timeout, only |
| 1782 | "retry timeout exceeded" was returned. Now it returns the full error as |
| 1783 | well as "retry timeout exceeded". |
| 1784 | |
| 1785 | PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that |
| 1786 | do this, and (what is worse) MTAs that accept it. |
| 1787 | |
| 1788 | PH/55 Added the add_header modified to ACLs. The use of "message" with "warn" |
| 1789 | will now be deprecated. |
| 1790 | |
| 1791 | PH/56 New os.c-cygwin from the Cygwin maintainer. |
| 1792 | |
| 1793 | JJ/06 exipick: added --unsorted option to allow unsorted output in all output |
| 1794 | formats (previously only available in exim formats via -bpr, -bpru, |
| 1795 | and -bpra. Now also available in native and exiqgrep formats) |
| 1796 | |
| 1797 | JJ/07 exipick: added --freeze and --thaw options to allow faster interaction |
| 1798 | with very large, slow to parse queues |
| 1799 | |
| 1800 | JJ/08 exipick: added ! as generic prefix to negate any criteria format |
| 1801 | |
| 1802 | JJ/09 exipick: miscellaneous performance enhancements (~24% improvements) |
| 1803 | |
| 1804 | PH/57 Tidies in SMTP dialogue display in debug output: (i) It was not showing |
| 1805 | responses to authentication challenges, though it was showing the |
| 1806 | challenges; (ii) I've removed the CR characters from the debug output for |
| 1807 | SMTP output lines. |
| 1808 | |
| 1809 | PH/58 Allow for the insertion of a newline as well as a space when a string |
| 1810 | is turned into more than one encoded-word during RFC 2047 encoding. The |
| 1811 | Sieve code now uses this. |
| 1812 | |
| 1813 | PH/59 Added the following errors that can be detected in retry rules: mail_4xx, |
| 1814 | data_4xx, lost_connection, tls_required. |
| 1815 | |
| 1816 | PH/60 When a VRFY deferred or FAILED, the log message rather than the user |
| 1817 | message was being sent as an SMTP response. |
| 1818 | |
| 1819 | PH/61 Add -l and -k options to exicyclog. |
| 1820 | |
| 1821 | PH/62 When verifying, if an address was redirected to one new address, so that |
| 1822 | verification continued, and the new address failed or deferred after |
| 1823 | having set something in $address_data, the value of $address_data was not |
| 1824 | passed back to the ACL. This was different to the case when no |
| 1825 | redirection occurred. The value is now passed back in both cases. |
| 1826 | |
| 1827 | PH/63 Changed the macro HAVE_LOGIN_CAP (see PH/41 for this release above) to |
| 1828 | HAVE_SETCLASSRESOURCES because there are different APIs in use that all |
| 1829 | use login_cap.h, so on its own it isn't the distinguishing feature. The |
| 1830 | new name refers directly to the setclassresources() function. |
| 1831 | |
| 1832 | PH/65 Added configuration files for NetBSD3. |
| 1833 | |
| 1834 | PH/66 Updated OS/Makefile-HP-UX for gcc 4.1.0 with HP-UX 11. |
| 1835 | |
| 1836 | PH/67 Fixed minor infelicity in the sorting of addresses to ensure that IPv6 |
| 1837 | is preferred over IPv4. |
| 1838 | |
| 1839 | PH/68 The bounce_return_message and bounce_return_body options were not being |
| 1840 | honoured for bounces generated during the reception of non-SMTP messages. |
| 1841 | In particular, this applied to messages rejected by the ACL. This bug has |
| 1842 | been fixed. However, if bounce_return_message is true and bounce_return_ |
| 1843 | body is false, the headers that are returned for a non-SMTP message |
| 1844 | include only those that have been read before the error was detected. |
| 1845 | (In the case of an ACL rejection, they have all been read.) |
| 1846 | |
| 1847 | PH/69 The HTML version of the specification is now built in a directory called |
| 1848 | spec_html instead of spec.html, because the latter looks like a path with |
| 1849 | a MIME-type, and this confuses some software. |
| 1850 | |
| 1851 | PH/70 Catch two compiler warnings in sieve.c. |
| 1852 | |
| 1853 | PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The |
| 1854 | function verify_get_ident() calls ip_connect() to connect a socket, but |
| 1855 | if the "connect()" function timed out, ip_connect() used to close the |
| 1856 | socket. However, verify_get_ident() also closes the socket later, and in |
| 1857 | between Exim writes to the log, which may get opened at this point. When |
| 1858 | the socket was closed in ip_connect(), the log could get the same file |
| 1859 | descriptor number as the socket. This naturally causes chaos. The fix is |
| 1860 | not to close the socket in ip_connect(); the socket should be closed by |
| 1861 | the function that creates it. There was only one place in the code where |
| 1862 | this was missing, in the iplookup router, which I don't think anybody now |
| 1863 | uses, but I've fixed it anyway. |
| 1864 | |
| 1865 | PH/72 Make dns_again_means_nonexist apply to lookups using gethostbyname() as |
| 1866 | well as to direct DNS lookups. Otherwise the handling of names in host |
| 1867 | lists is inconsistent and therefore confusing. |
| 1868 | |
| 1869 | |
| 1870 | Exim version 4.60 |
| 1871 | ----------------- |
| 1872 | |
| 1873 | PH/01 Two changes to the default runtime configuration: |
| 1874 | |
| 1875 | (1) Move the checks for relay_from_hosts and authenticated clients from |
| 1876 | after to before the (commented out) DNS black list checks. |
| 1877 | |
| 1878 | (2) Add control=submission to the relay_from_hosts and authenticated |
| 1879 | clients checks, on the grounds that messages accepted by these |
| 1880 | statements are most likely to be submissions. |
| 1881 | |
| 1882 | PH/02 Several tidies to the handling of ${prvs and ${prvscheck: |
| 1883 | |
| 1884 | (1) Generate an error if the third argument for the ${prvs expansion is |
| 1885 | not a single digit. |
| 1886 | |
| 1887 | (2) Treat a missing third argument of ${prvscheck as if it were an empty |
| 1888 | string. |
| 1889 | |
| 1890 | (3) Reset the variables that are obtained from the first argument of |
| 1891 | ${prvscheck and used in the second argument before leaving the code, |
| 1892 | because their memory is reclaimed, so using them afterwards may do |
| 1893 | silly things. |
| 1894 | |
| 1895 | (4) Tidy up the code for expanding the arguments of ${prvscheck one by |
| 1896 | one (it's much easier than Tom thought :-). |
| 1897 | |
| 1898 | (5) Because of (4), we can now allow for the use of $prvscheck_result |
| 1899 | inside the third argument. |
| 1900 | |
| 1901 | PH/03 For some reason, the default setting of PATH when running a command from |
| 1902 | a pipe transport was just "/usr/bin". I have changed it to |
| 1903 | "/bin:/usr/bin". |
| 1904 | |
| 1905 | PH/04 SUPPORT_TRANSLATE_IP_ADDRESS and MOVE_FROZEN_MESSAGES did not cause |
| 1906 | anything to be listed in the output from -bV. |
| 1907 | |
| 1908 | PH/05 When a filter generated an autoreply, the entire To: header line was |
| 1909 | quoted in the delivery log line, like this: |
| 1910 | |
| 1911 | => >A.N.Other <ano@some.domain> <original@ddress> ... |
| 1912 | |
| 1913 | This has been changed so that it extracts the operative address. There |
| 1914 | may be more than one such address. If so, they are comma-separated, like |
| 1915 | this: |
| 1916 | |
| 1917 | => >ano@some.domain,ona@other.domain <original@ddress> ... |
| 1918 | |
| 1919 | PH/06 When a client host used a correct literal IP address in a HELO or EHLO |
| 1920 | command, (for example, EHLO [1.2.3.4]) and the client's IP address was |
| 1921 | not being looked up in the rDNS to get a host name, Exim was showing the |
| 1922 | IP address twice in Received: lines, even though the IP addresses were |
| 1923 | identical. For example: |
| 1924 | |
| 1925 | Received: from [1.2.3.4] (helo=[1.2.3.4]) |
| 1926 | |
| 1927 | However, if the real host name was known, it was omitting the HELO data |
| 1928 | if it matched the actual IP address. This has been tidied up so that it |
| 1929 | doesn't show the same IP address twice. |
| 1930 | |
| 1931 | PH/07 When both +timestamp and +memory debugging was on, the value given by |
| 1932 | $tod_xxx expansions could be wrong, because the tod_stamp() function was |
| 1933 | called by the debug printing, thereby overwriting the timestamp buffer. |
| 1934 | Debugging no longer uses the tod_stamp() function when +timestamp is set. |
| 1935 | |
| 1936 | PH/08 When the original message was included in an autoreply transport, it |
| 1937 | always said "this is a copy of the message, including all the headers", |
| 1938 | even if body_only or headers_only was set. It now gives an appropriate |
| 1939 | message. |
| 1940 | |
| 1941 | PH/09 Applied a patch from the Sieve maintainer which: |
| 1942 | |
| 1943 | o fixes some comments |
| 1944 | o adds the (disabled) notify extension core |
| 1945 | o adds some debug output for the result of if/elsif tests |
| 1946 | o points to the current vacation draft in the documentation |
| 1947 | and documents the missing references header update |
| 1948 | |
| 1949 | and most important: |
| 1950 | |
| 1951 | o fixes a bug in processing the envelope test (when testing |
| 1952 | multiple envelope elements, the last element determinted the |
| 1953 | result) |
| 1954 | |
| 1955 | PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to |
| 1956 | Electronic Mail") by including: |
| 1957 | |
| 1958 | Auto-submitted: auto-generated |
| 1959 | |
| 1960 | in the messages that it generates (bounce messages and others, such as |
| 1961 | warnings). In the case of bounce messages for non-SMTP mesages, there was |
| 1962 | also a typo: it was using "Auto_submitted" (underscore instead of |
| 1963 | hyphen). Since every message generated by Exim is necessarily in response |
| 1964 | to another message, thes have all been changed to: |
| 1965 | |
| 1966 | Auto-Submitted: auto-replied |
| 1967 | |
| 1968 | in accordance with these statements in the RFC: |
| 1969 | |
| 1970 | The auto-replied keyword: |
| 1971 | |
| 1972 | - SHOULD be used on messages sent in direct response to another |
| 1973 | message by an automatic process, |
| 1974 | |
| 1975 | - MUST NOT be used on manually-generated messages, |
| 1976 | |
| 1977 | - MAY be used on Delivery Status Notifications (DSNs) and Message |
| 1978 | Disposition Notifications (MDNs), |
| 1979 | |
| 1980 | - MUST NOT be used on messages generated by automatic or periodic |
| 1981 | processes, except for messages which are automatic responses to |
| 1982 | other messages. |
| 1983 | |
| 1984 | PH/11 Added "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}" |
| 1985 | to the default Received: header definition. |
| 1986 | |
| 1987 | PH/12 Added log selector acl_warn_skipped (default on). |
| 1988 | |
| 1989 | PH/13 After a successful wildlsearch lookup, discard the values of numeric |
| 1990 | variables because (a) they are in the wrong storage pool and (b) even if |
| 1991 | they were copied, it wouldn't work properly because of the caching. |
| 1992 | |
| 1993 | PH/14 Add check_rfc2047_length to disable enforcement of RFC 2047 length |
| 1994 | checking when decoding. Apparently there are clients that generate |
| 1995 | overlong encoded strings. Why am I not surprised? |
| 1996 | |
| 1997 | PH/15 If the first argument of "${if match_address" was not empty, but did not |
| 1998 | contain an "@" character, Exim crashed. Now it writes a panic log message |
| 1999 | and treats the condition as false. |
| 2000 | |
| 2001 | PH/16 In autoreply, treat an empty string for "once" the same as unset. |
| 2002 | |
| 2003 | PH/17 A further patch from the Sieve maintainer: "Introduce the new Sieve |
| 2004 | extension "envelope-auth". The code is finished and in agreement with |
| 2005 | other implementations, but there is no documentation so far and in fact, |
| 2006 | nobody wrote the draft yet. This extension is currently #undef'ed, thus |
| 2007 | not changing the active code. |
| 2008 | |
| 2009 | Print executed "if" and "elsif" statements when debugging is used. This |
| 2010 | helps a great deal to understand what a filter does. |
| 2011 | |
| 2012 | Document more things not specified clearly in RFC3028. I had all this |
| 2013 | sorted out, when out of a sudden new issues came to my mind. Oops." |
| 2014 | |
| 2015 | PH/18 Exim was not recognizing the "net-" search type prefix in match_ip lists |
| 2016 | (Bugzilla #53). |
| 2017 | |
| 2018 | PH/19 Exim expands the IPv6 address given to -bh to its full non-abbreviated |
| 2019 | canonical form (as documented). However, after a host name lookup from |
| 2020 | the IP address, check_host() was doing a simple string comparison with |
| 2021 | addresses acquired from the DNS when checking that the found name did |
| 2022 | have the original IP as one of its addresses. Since any found IPv6 |
| 2023 | addresses are likely to be in abbreviated form, the comparison could |
| 2024 | fail. Luckily, there already exists a function for doing the comparison |
| 2025 | by converting both addresses to binary, so now that is used instead of |
| 2026 | the text comparison. |
| 2027 | |
| 2028 | PH/20 There was another similar case to PH/19, when a complete host name was |
| 2029 | given in a host list; looking up its IP address could give an abbreviated |
| 2030 | form, whereas the current host's name might or might not be abbreviated. |
| 2031 | The same fix has been applied. |
| 2032 | |
| 2033 | |
| 2034 | Exim version 4.54 |
| 2035 | ----------------- |
| 2036 | |
| 2037 | PH/01 The ${base62: operator adjusted itself to base 36 when BASE_62 was |
| 2038 | set to 36 (for Darwin and Cygwin), but the ${base62d: operator did not. |
| 2039 | It now does. |
| 2040 | |
| 2041 | PH/02 Two minor problems detected in Cygwin: the os.{c,h} files had lost */ on |
| 2042 | the CVS lines, and there was a missing #if HAVE_IPV6 in host.c. |
| 2043 | |
| 2044 | PH/03 Typo: missing ".o" in src/pcre/Makefile. |
| 2045 | |
| 2046 | PH/04 Tighten up "personal" tests: Instead of testing for any "List-" |
| 2047 | header line, restrict the check to what is listed in RFCs 2369 and 2929. |
| 2048 | Also, for "Auto-Submitted", treat anything other than "no" as |
| 2049 | non-personal, in accordance with RFC 3834. (Previously it treated |
| 2050 | anything starting "auto-" as non-personal.) |
| 2051 | |
| 2052 | TF/01 The control=submission/name=... option had a problem with syntax |
| 2053 | errors if the name included a slash character. The /name= option |
| 2054 | now slurps the rest of the string, so it can include any characters |
| 2055 | but it must come last in the list of options (after /sender_retain |
| 2056 | or /domain=). |
| 2057 | |
| 2058 | PH/05 Some modifications to the interface to the fake nameserver for the new |
| 2059 | testing suite. |
| 2060 | |
| 2061 | |
| 2062 | |
| 2063 | Exim version 4.53 |
| 2064 | ----------------- |
| 2065 | |
| 2066 | TK/01 Added the "success_on_redirect" address verification option. See |
| 2067 | NewStuff for rationale and an example. |
| 2068 | |
| 2069 | PH/01 Added support for SQLite, basic code supplied by David Woodhouse. |
| 2070 | |
| 2071 | PH/02 Patch to exigrep to allow it to work on syslog lines. |
| 2072 | |
| 2073 | PH/03 When creating an mbox file for a virus/spam scan, use fseek() instead of |
| 2074 | fread() to skip over the body file's header line, because in Cygwin the |
| 2075 | header line is locked and is inaccessible. |
| 2076 | |
| 2077 | PH/04 Added $message_exim_id, ultimately to replace $message_id (they will both |
| 2078 | co-exist for some time) to make it clear that it is the Exim ID that is |
| 2079 | referenced, not the Message-ID: header line. |
| 2080 | |
| 2081 | PH/05 Replaced all Tom's calls to snprintf() with calls to the internal |
| 2082 | string_format() function, because snprintf() does not exist on all |
| 2083 | operating systems. |
| 2084 | |
| 2085 | PH/06 The use of forbid_filter_existstest now also locks out the use of the |
| 2086 | ${stat: expansion item. |
| 2087 | |
| 2088 | PH/07 Changed "SMTP protocol violation: synchronization error" into "SMTP |
| 2089 | protocol synchronization error", to keep the pedants happy. |
| 2090 | |
| 2091 | PH/08 Arrange for USE_INET_NTOA_FIX to be set in config.h for AIX systems as |
| 2092 | well as for IRIX systems, when gcc is being used. See the host.c source |
| 2093 | file for comments. |
| 2094 | |
| 2095 | PH/09 Installed latest Cygwin configuration files from the Cygwin maintainer. |
| 2096 | |
| 2097 | PH/10 Named domain lists were not working if used in a queue_smtp_domains |
| 2098 | setting. |
| 2099 | |
| 2100 | PH/11 Added support for the IGNOREQUOTA extension to LMTP, both to the lmtp |
| 2101 | transport and to the smtp transport in LMTP mode. |
| 2102 | |
| 2103 | TK/02 Remove one case of BASE64 error detection FTTB (undocumented anyway). |
| 2104 | |
| 2105 | PH/12 There was a missing call to search_tidyup() before the fork() in rda.c to |
| 2106 | run a filter in a subprocess. This could lead to confusion in subsequent |
| 2107 | lookups in the parent process. There should also be a search_tidyup() at |
| 2108 | the end of the subprocess. |
| 2109 | |
| 2110 | PH/13 Previously, if "verify = helo" was set in an ACL, the condition was true |
| 2111 | only if the host matched helo_try_verify_hosts, which caused the |
| 2112 | verification to occur when the EHLO/HELO command was issued. The ACL just |
| 2113 | tested the remembered result. Now, if a previous verification attempt has |
| 2114 | not happened, "verify = helo" does it there and then. |
| 2115 | |
| 2116 | JJ/01 exipick: added $message_exim_id variable (see 4.53-PH/04) |
| 2117 | |
| 2118 | TK/03 Fix log output including CR from clamd. |
| 2119 | |
| 2120 | PH/14 A reference to $reply_address when Reply-to: was empty and From: did not |
| 2121 | exist provoked a memory error which could cause a segfault. |
| 2122 | |
| 2123 | PH/15 Installed PCRE 6.2 |
| 2124 | |
| 2125 | PH/17 Defined BIND_8_COMPAT in the Darwin os.h file. |
| 2126 | |
| 2127 | PH/18 Reversed 4.52/PH/17 because the HP-UX user found it wasn't the cause |
| 2128 | of the problem. Specifically, suggested +O2 rather than +O1 for the |
| 2129 | HP-UX compiler. |
| 2130 | |
| 2131 | PH/19 Added sqlite_lock_timeout option (David Woodhouse's patch). |
| 2132 | |
| 2133 | PH/20 If a delivery was routed to a non-standard port by means of an SRV |
| 2134 | record, the port was not correctly logged when the outgoing_port log |
| 2135 | selector was set (it logged the transort's default port). |
| 2136 | |
| 2137 | PH/21 Added support for host-specific ports to manualroute, queryprogram, |
| 2138 | fallback_hosts, and "hosts" in the smtp transport. |
| 2139 | |
| 2140 | PH/22 If the log selector "outgoing_port" is set, the port is now also given on |
| 2141 | host errors such as "Connection refused". |
| 2142 | |
| 2143 | PH/23 Applied a patch to fix problems with exim-4.52 while doing radius |
| 2144 | authentication with radiusclient 0.4.9: |
| 2145 | |
| 2146 | - Error returned from rc_read_config was caught wrongly |
| 2147 | - Username/password not passed on to radius server due to wrong length. |
| 2148 | |
| 2149 | The presumption is that some radiusclient API changes for 4.51/PH/17 |
| 2150 | were not taken care of correctly. The code is still untested by me (my |
| 2151 | Linux distribution still has 0.3.2 of radiusclient), but it was |
| 2152 | contributed by a Radius user. |
| 2153 | |
| 2154 | PH/24 When doing a callout, the value of $domain wasn't set correctly when |
| 2155 | expanding the "port" option of the smtp transport. |
| 2156 | |
| 2157 | TK/04 MIME ACL: Fix buffer underrun that occurs when EOF condition is met |
| 2158 | while reading a MIME header. Thanks to Tom Hughes for a patch. |
| 2159 | |
| 2160 | PH/24 Include config.h inside local_scan.h so that configuration settings are |
| 2161 | available. |
| 2162 | |
| 2163 | PH/25 Make $smtp_command_argument available after all SMTP commands. This means |
| 2164 | that in an ACL for RCPT (for example), you can examine exactly what was |
| 2165 | received. |
| 2166 | |
| 2167 | PH/26 Exim was recognizing IPv6 addresses of the form [IPv6:....] in EHLO |
| 2168 | commands, but it was not correctly comparing the address with the actual |
| 2169 | client host address. Thus, it would show the EHLO address in Received: |
| 2170 | header lines when this was not necessary. |
| 2171 | |
| 2172 | PH/27 Added the % operator to ${eval:}. |
| 2173 | |
| 2174 | PH/28 Exim tries to create and chdir to its spool directory when it starts; |
| 2175 | it should be ignoring failures (because with -C, for example, it has lost |
| 2176 | privilege). It wasn't ignoring creation failures other than "already |
| 2177 | exists". |
| 2178 | |
| 2179 | PH/29 Added "crypteq" to the list of supported features that Exim outputs when |
| 2180 | -bV or -d is used. |
| 2181 | |
| 2182 | PH/30 Fixed (presumably very longstanding) bug in exim_dbmbuild: if it failed |
| 2183 | because an input line was too long, either on its own, or by virtue of |
| 2184 | too many continuations, the temporary file was not being removed, and the |
| 2185 | return code was incorrect. |
| 2186 | |
| 2187 | PH/31 Missing "BOOL" in function definition in filtertest.c. |
| 2188 | |
| 2189 | PH/32 Applied Sieve patches from the maintainer. |
| 2190 | |
| 2191 | TK/05 Domainkeys: Accomodate for a minor API change in libdomainkeys 0.67. |
| 2192 | |
| 2193 | PH/33 Added "verify = not_blind". |
| 2194 | |
| 2195 | PH/34 There are settings for CHOWN_COMMAND and MV_COMMAND that can be used in |
| 2196 | Local/Makefile (with some defaults set). These are used in built scripts |
| 2197 | such as exicyclog, but they have never been used in the exim_install |
| 2198 | script (though there are many overriding facilities there). I have |
| 2199 | arranged that the exim_install script now takes note of these two |
| 2200 | settings. |
| 2201 | |
| 2202 | PH/35 Installed configuration files for Dragonfly. |
| 2203 | |
| 2204 | PH/36 When a locally submitted message by a trusted user did not contain a |
| 2205 | From: header, and the sender address was obtained from -f or from an SMTP |
| 2206 | MAIL command, and the trusted user did not use -F to supply a sender |
| 2207 | name, $originator_name was incorrectly used when constructing a From: |
| 2208 | header. Furthermore, $originator_name was used for submission mode |
| 2209 | messages from external hosts without From: headers in a similar way, |
| 2210 | which is clearly wrong. |
| 2211 | |
| 2212 | PH/37 Added control=suppress_local_fixups. |
| 2213 | |
| 2214 | PH/38 When log_selector = +received_sender was set, and the addition of the |
| 2215 | sender made the log line's construction buffer exactly full, or one byte |
| 2216 | less than full, an overflow happened when the terminating "\n" was |
| 2217 | subsequently added. |
| 2218 | |
| 2219 | PH/39 Added a new log selector, "unknown_in_list", which provokes a log entry |
| 2220 | when the result of a list match is failure because a DNS lookup failed. |
| 2221 | |
| 2222 | PH/40 RM_COMMAND is now used in the building process. |
| 2223 | |
| 2224 | PH/41 Added a "distclean" target to the top-level Makefile; it deletes all |
| 2225 | the "build-* directories that it finds. |
| 2226 | |
| 2227 | PH/42 (But a TF fix): In a domain list, Exim incorrectly matched @[] if the IP |
| 2228 | address in a domain literal was a prefix of an interface address. |
| 2229 | |
| 2230 | PH/43 (Again a TF fix): In the dnslookup router, do not apply widen_domains |
| 2231 | when verifying a sender address, unless rewrite_headers is false. |
| 2232 | |
| 2233 | PH/44 Wrote a long comment about why errors_to addresses are verified as |
| 2234 | recipients, not senders. |
| 2235 | |
| 2236 | TF/01 Add missing LIBS=-lm to OS/Makefile-OpenBSD which was overlooked when |
| 2237 | the ratelimit ACL was added. |
| 2238 | |
| 2239 | PH/45 Added $smtp_command for the full command (cf $smtp_command_argument). |
| 2240 | |
| 2241 | PH/46 Added extra information about PostgreSQL errors to the error string. |
| 2242 | |
| 2243 | PH/47 Added an interface to a fake DNS resolver for use by the new test suite, |
| 2244 | avoiding the need to install special zones in a real server. This is |
| 2245 | backwards compatible; if it can't find the fake resolver, it drops back. |
| 2246 | Thus, both old and new test suites can be run. |
| 2247 | |
| 2248 | TF/02 Added util/ratelimit.pl |
| 2249 | |
| 2250 | TF/03 Minor fix to the ratelimit code to improve its behaviour in case the |
| 2251 | clock is set back in time. |
| 2252 | |
| 2253 | TF/04 Fix the ratelimit support in exim_fixdb. Patch provided by Brian |
| 2254 | Candler <B.Candler@pobox.com>. |
| 2255 | |
| 2256 | TF/05 The fix for PH/43 was not completely correct; widen_domains is always |
| 2257 | OK for addresses that are the result of redirections. |
| 2258 | |
| 2259 | PH/48 A number of further additions for the benefit of the new test suite, |
| 2260 | including a fake gethostbyname() that interfaces to the fake DNS resolver |
| 2261 | (see PH/47 above). |
| 2262 | |
| 2263 | TF/06 The fix for widen_domains has also been applied to qualify_single and |
| 2264 | search_parents which are the other dnslookup options that can cause |
| 2265 | header rewrites. |
| 2266 | |
| 2267 | PH/49 Michael Haardt's randomized retrying, but as a separate retry parameter |
| 2268 | type ("H"). |
| 2269 | |
| 2270 | PH/50 Make never_users, trusted_users, admin_groups, trusted_groups expandable. |
| 2271 | |
| 2272 | TF/07 Exim produced the error message "an SRV record indicated no SMTP |
| 2273 | service" if it encountered an MX record with an empty target hostname. |
| 2274 | The message is now "an MX or SRV record indicated no SMTP service". |
| 2275 | |
| 2276 | TF/08 Change PH/13 introduced the possibility that verify=helo may defer, |
| 2277 | if the DNS of the sending site is misconfigured. This is quite a |
| 2278 | common situation. This change restores the behaviour of treating a |
| 2279 | helo verification defer as a failure. |
| 2280 | |
| 2281 | PH/51 If self=fail was set on a router, the bounce message did not include the |
| 2282 | actual error message. |
| 2283 | |
| 2284 | |
| 2285 | Exim version 4.52 |
| 2286 | ----------------- |
| 2287 | |
| 2288 | TF/01 Added support for Client SMTP Authorization. See NewStuff for details. |
| 2289 | |
| 2290 | PH/01 When a transport filter timed out in a pipe delivery, and the pipe |
| 2291 | command itself ended in error, the underlying message about the transport |
| 2292 | filter timeout was being overwritten with the pipe command error. Now the |
| 2293 | underlying error message should be appended to the second error message. |
| 2294 | |
| 2295 | TK/01 Fix poll() being unavailable on Mac OSX 10.2. |
| 2296 | |
| 2297 | PH/02 Reduce the amount of output that "make" produces by default. Full output |
| 2298 | can still be requested. |
| 2299 | |
| 2300 | PH/03 The warning log line about a condition test deferring for a "warn" verb |
| 2301 | was being output only once per connection, rather than after each |
| 2302 | occurrence (because it was using the same function as for successful |
| 2303 | "warn" verbs). This seems wrong, so I have changed it. |
| 2304 | |
| 2305 | TF/02 Two buglets in acl.c which caused Exim to read a few bytes of memory that |
| 2306 | it should not have, which might have caused a crash in the right |
| 2307 | circumstances, but probably never did. |
| 2308 | |
| 2309 | PH/04 Installed a modified version of Tony Finch's patch to make submission |
| 2310 | mode fix the return path as well as the Sender: header line, and to |
| 2311 | add a /name= option so that you can make the user's friendly name appear |
| 2312 | in the header line. |
| 2313 | |
| 2314 | TF/03 Added the control = fakedefer ACL modifier. |
| 2315 | |
| 2316 | TF/04 Added the ratelimit ACL condition. See NewStuff for details. Thanks to |
| 2317 | Mark Lowes for thorough testing. |
| 2318 | |
| 2319 | TK/02 Rewrote SPF support to work with libspf2 versions >1.2.0. |
| 2320 | |
| 2321 | TK/03 Merged latest SRS patch from Miles Wilton. |
| 2322 | |
| 2323 | PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts |
| 2324 | with the definition in sysexits.h (which is #included earlier). |
| 2325 | Fortunately, Exim does not actually use EX_OK. The code used to try to |
| 2326 | preserve the sysexits.h value, by assumimg that macro definitions were |
| 2327 | scanned for macro replacements. I have been disabused of this notion, |
| 2328 | so now the code just undefines EX_OK before #including unistd.h. |
| 2329 | |
| 2330 | PH/06 There is a timeout for writing blocks of data, set by, e.g. data_timeout |
| 2331 | in the smtp transport. When a block could not be written in a single |
| 2332 | write() function, the timeout was being re-applied to each part-write. |
| 2333 | This seems wrong - if the receiver was accepting one byte at a time it |
| 2334 | would take for ever. The timeout is now adjusted when this happens. It |
| 2335 | doesn't have to be particularly precise. |
| 2336 | |
| 2337 | TK/04 Added simple SPF lookup method in EXPERIMENTAL_SPF. See NewStuff for |
| 2338 | details. Thanks to Chris Webb <chris@arachsys.com> for the patch! |
| 2339 | |
| 2340 | PH/07 Added "fullpostmaster" verify option, which does a check to <postmaster> |
| 2341 | without a domain if the check to <postmaster@domain> fails. |
| 2342 | |
| 2343 | SC/01 Eximstats: added -xls and the ability to specify output files |
| 2344 | (patch written by Frank Heydlauf). |
| 2345 | |
| 2346 | SC/02 Eximstats: use FileHandles for outputing results. |
| 2347 | |
| 2348 | SC/03 Eximstats: allow any combination of xls, txt, and html output. |
| 2349 | |
| 2350 | SC/04 Eximstats: fixed display of large numbers with -nvr option |
| 2351 | |
| 2352 | SC/05 Eximstats: fixed merging of reports with empty tables. |
| 2353 | |
| 2354 | SC/06 Eximstats: added the -include_original_destination flag |
| 2355 | |
| 2356 | SC/07 Eximstats: removed tabs and trailing whitespace. |
| 2357 | |
| 2358 | TK/05 Malware: Improve on aveserver error handling. Patch from Alex Miller. |
| 2359 | |
| 2360 | TK/06 MBOX spool code: Add real "From " MBOX separator line |
| 2361 | so the .eml file is really in mbox format (even though |
| 2362 | most programs do not really care). Patch from Alex Miller. |
| 2363 | |
| 2364 | TK/07 MBOX spool code: Add X-Envelope-From: and X-Envelope-To: headers. |
| 2365 | The latter is generated from $received_to and is only set if the |
| 2366 | message has one envelope recipient. SA can use these headers, |
| 2367 | obviously out-of-the-box. Patch from Alex Miller. |
| 2368 | |
| 2369 | PH/08 The ${def test on a variable was returning false if the variable's |
| 2370 | value was "0", contrary to what the specification has always said! |
| 2371 | The result should be true unless the variable is empty. |
| 2372 | |
| 2373 | PH/09 The syntax error of a character other than { following "${if |
| 2374 | def:variable_name" (after optional whitespace) was not being diagnosed. |
| 2375 | An expansion such as ${if def:sender_ident:{xxx}{yyy}} in which an |
| 2376 | accidental colon was present, for example, could give incorrect results. |
| 2377 | |
| 2378 | PH/10 Tidied the code in a number of places where the st_size field of a stat() |
| 2379 | result is used (not including appendfile, where other changes are about |
| 2380 | to be made). |
| 2381 | |
| 2382 | PH/11 Upgraded appendfile so that quotas larger than 2G are now supported. |
| 2383 | This involved changing a lot of size variables from int to off_t. It |
| 2384 | should work with maildirs and everything. |
| 2385 | |
| 2386 | TK/08 Apply fix provided by Michael Haardt to prevent deadlock in case of |
| 2387 | spamd dying while we are connected to it. |
| 2388 | |
| 2389 | TF/05 Fixed a ${extract error message typo reported by Jeremy Harris |
| 2390 | <jgh@wizmail.org> |
| 2391 | |
| 2392 | PH/12 Applied Alex Kiernan's patch for the API change for the error callback |
| 2393 | function for BDB 4.3. |
| 2394 | |
| 2395 | PH/13 Changed auto_thaw such that it does not apply to bounce messages. |
| 2396 | |
| 2397 | PH/14 Imported PCRE 6.0; this was more than just a trivial operation because |
| 2398 | the sources for PCRE have been re-arranged and more files are now |
| 2399 | involved. |
| 2400 | |
| 2401 | PH/15 The code I had for printing potentially long long variables in PH/11 |
| 2402 | above was not the best (it lost precision). The length of off_t variables |
| 2403 | is now inspected at build time, and an appropriate printing format (%ld |
| 2404 | or %lld) is chosen and #defined by OFF_T_FMT. We also define LONGLONG_T |
| 2405 | to be "long long int" or "long int". This is needed for the internal |
| 2406 | formatting function string_vformat(). |
| 2407 | |
| 2408 | PH/16 Applied Matthew Newton's patch to exicyclog: "If log_file_path is set in |
| 2409 | the configuration file to be ":syslog", then the script "guesses" where |
| 2410 | the logs files are, rather than using the compiled in default. In our |
| 2411 | case the guess is not the same as the compiled default, so the script |
| 2412 | suddenly stopped working when I started to use syslog. The patch checks |
| 2413 | to see if log_file_path is "". If so, it attempts to read it from exim |
| 2414 | with no configuration file to get the compiled in version, before it |
| 2415 | falls back to the previous guessing code." |
| 2416 | |
| 2417 | TK/09 Added "prvs" and "prvscheck" expansion items. These help a lot with |
| 2418 | implementing BATV in an Exim configuration. See NewStuff for the gory |
| 2419 | details. |
| 2420 | |
| 2421 | PH/17 Applied Michael Haardt's patch for HP-UX, affecting only the os.h and |
| 2422 | Makefile that are specific to HP-UX. |
| 2423 | |
| 2424 | PH/18 If the "use_postmaster" option was set for a recipient callout together |
| 2425 | with the "random" option, the postmaster address was used as the MAIL |
| 2426 | FROM address for the random test, but not for the subsequent recipient |
| 2427 | test. It is now used for both. |
| 2428 | |
| 2429 | PH/19 Applied Michael Haardt's patch to update Sieve to RFC3028bis. "The |
| 2430 | patch removes a few documentation additions to RFC 3028, because the |
| 2431 | latest draft now contains them. It adds the new en;ascii-case comparator |
| 2432 | and a new error check for 8bit text in MIME parts. Comparator and |
| 2433 | require names are now matched exactly. I enabled the subaddress |
| 2434 | extension, but it is not well tested yet (read: it works for me)." |
| 2435 | |
| 2436 | PH/20 Added macros for time_t as for off_t (see PH/15 above) and used them to |
| 2437 | rework some of the code of TK/09 above to avoid the hardwired use of |
| 2438 | "%lld" and "long long". Replaced the call to snprintf() with a call to |
| 2439 | string_vformat(). |
| 2440 | |
| 2441 | PH/21 Added some other messages to those in 4.51/PH/42, namely "All relevant MX |
| 2442 | records point to non-existent hosts", "retry timeout exceeded", and |
| 2443 | "retry time not reached for any host after a long failure period". |
| 2444 | |
| 2445 | PH/22 Fixed some oversights/typos causing bugs when Exim is compiled with |
| 2446 | experimental DomainKeys support: |
| 2447 | |
| 2448 | (1) The filter variables $n0-$n9 and $sn0-$sn9 were broken. |
| 2449 | (2) On an error such as an illegally used "control", the wrong name for |
| 2450 | the control was given. |
| 2451 | |
| 2452 | These problems did NOT occur unless DomainKeys support was compiled. |
| 2453 | |
| 2454 | PH/23 Added daemon_startup_retries and daemon_startup_sleep. |
| 2455 | |
| 2456 | PH/24 Added ${if match_ip condition. |
| 2457 | |
| 2458 | PH/25 Put debug statements on either side of calls to EXIM_DBOPEN() for hints |
| 2459 | databases so that it will be absolutely obvious if a crash occurs in the |
| 2460 | DB library. This is a regular occurrence (often caused by mis-matched |
| 2461 | db.h files). |
| 2462 | |
| 2463 | PH/26 Insert a lot of missing (void) casts for functions such as chown(), |
| 2464 | chmod(), fcntl(), sscanf(), and other functions from stdio.h. These were |
| 2465 | picked up on a user's system that detects such things. There doesn't seem |
| 2466 | to be a gcc warning option for this - only an attribute that has to be |
| 2467 | put on the function's prototype. It seems that in Fedora Core 4 they have |
| 2468 | set this on a number of new functions. No doubt there will be more in due |
| 2469 | course. |
| 2470 | |
| 2471 | PH/27 If a dnslookup or manualroute router is set with verify=only, it need not |
| 2472 | specify a transport. However, if an address that was verified by such a |
| 2473 | router was the subject of a callout, Exim crashed because it tried to |
| 2474 | read the rcpt_include_affixes from the non-existent transport. Now it |
| 2475 | just assumes that the setting of that option is false. This bug was |
| 2476 | introduced by 4.51/PH/31. |
| 2477 | |
| 2478 | PH/28 Changed -d+all to exclude +memory, because that information is very |
| 2479 | rarely of interest, but it makes the output a lot bigger. People tend to |
| 2480 | do -d+all out of habit. |
| 2481 | |
| 2482 | PH/29 Removed support for the Linux-libc5 build, as it is obsolete and the |
| 2483 | code in os-type was giving problems when libc.so lives in lib64, like on |
| 2484 | x86_64 Fedora Core. |
| 2485 | |
| 2486 | PH/30 Exim's DNS code uses the original T_xxx names for DNS record times. These |
| 2487 | aren't the modern standard, and it seems that some systems' include files |
| 2488 | don't always have them. Exim was already checking for some of the newer |
| 2489 | ones like T_AAAA, and defining it itself. I've added checks for all the |
| 2490 | record types that Exim uses. |
| 2491 | |
| 2492 | PH/31 When using GnuTLS, if the parameters cache file did not exist, Exim was |
| 2493 | not automatically generating a new one, as it is supposed to. This |
| 2494 | prevented TLS from working. If the file did exist, but contained invalid |
| 2495 | data, a new version was generated, as expected. It was only the case of a |
| 2496 | non-existent file that was broken. |
| 2497 | |
| 2498 | TK/10 Domainkeys: Fix a bug in verification that caused a crash in conjunction |
| 2499 | with a change in libdomainkeys > 0.64. |
| 2500 | |
| 2501 | TK/11 Domainkeys: Change the logic how the "testing" policy flag is retrieved |
| 2502 | from DNS. If the selector record carries the flag, it now has |
| 2503 | precedence over the domain-wide flag. |
| 2504 | |
| 2505 | TK/12 Cleared some compiler warnings related to SPF, SRS and DK code. |
| 2506 | |
| 2507 | PH/32 In mua_wrapper mode, if an smtp transport configuration error (such as |
| 2508 | the use of a port name that isn't defined in /etc/services) occurred, the |
| 2509 | message was deferred as in a normal delivery, and thus remained on the |
| 2510 | spool, instead of being failed because of the mua_wrapper setting. This |
| 2511 | is now fixed, and I tidied up some of the mua_wrapper messages at the |
| 2512 | same time. |
| 2513 | |
| 2514 | SC/08 Eximstats: whilst parsing the mainlog(s), store information about |
| 2515 | the messages in a hash of arrays rather than using individual hashes. |
| 2516 | This is a bit cleaner and results in dramatic memory savings, albeit |
| 2517 | at a slight CPU cost. |
| 2518 | |
| 2519 | SC/09 Eximstats: added the -show_rt<list> and the -show_dt<list> flags |
| 2520 | as requested by Marc Sherman. |
| 2521 | |
| 2522 | SC/10 Eximstats: added histograms for user specified patterns as requested |
| 2523 | by Marc Sherman. |
| 2524 | |
| 2525 | SC/11 Eximstats: v1.43 - bugfix for pattern histograms with -h0 specified. |
| 2526 | |
| 2527 | PH/33 Patch from the Cygwin maintainer to add "b" to all occurences of |
| 2528 | fopen() in the content-scanning modules that did not already have it. |
| 2529 | |
| 2530 | |
| 2531 | Exim version 4.51 |
| 2532 | ----------------- |
| 2533 | |
| 2534 | TK/01 Added Yahoo DomainKeys support via libdomainkeys. See |
| 2535 | doc/experimental-spec.txt for details. (http://domainkeys.sf.net) |
| 2536 | |
| 2537 | TK/02 Fix ACL "control" statement not being available in MIME ACL. |
| 2538 | |
| 2539 | TK/03 Fix ACL "regex" condition not being available in MIME ACL. |
| 2540 | |
| 2541 | PH/01 Installed a patch from the Sieve maintainer that allows -bf to be used |
| 2542 | to test Sieve filters that use "vacation". |
| 2543 | |
| 2544 | PH/02 Installed a slightly modified version of Nikos Mavrogiannopoulos' patch |
| 2545 | that changes the way the GnuTLS parameters are stored in the cache file. |
| 2546 | The new format can be generated externally. For backward compatibility, |
| 2547 | if the data in the cache doesn't make sense, Exim assumes it has read an |
| 2548 | old-format file, and it generates new data and writes a new file. This |
| 2549 | means that you can't go back to an older release without removing the |
| 2550 | file. |
| 2551 | |
| 2552 | PH/03 A redirect router that has both "unseen" and "one_time" set does not |
| 2553 | work if there are any delivery delays because "one_time" forces the |
| 2554 | parent to be marked "delivered", so its unseen clone is never tried |
| 2555 | again. For this reason, Exim now forbids the simultaneous setting of |
| 2556 | these two options. |
| 2557 | |
| 2558 | PH/04 Change 4.11/85 fixed an obscure bug concerned with addresses that are |
| 2559 | redirected to themselves ("homonym" addresses). Read the long ChangeLog |
| 2560 | entry if you want to know the details. The fix, however, neglected to |
| 2561 | consider the case when local delivery batching is involved. The test for |
| 2562 | "previously delivered" was not happening when checking to see if an |
| 2563 | address could be batched with a previous (undelivered) one; under |
| 2564 | certain circumstances this could lead to multiple deliveries to the same |
| 2565 | address. |
| 2566 | |
| 2567 | PH/05 Renamed the macro SOCKLEN_T as EXIM_SOCKLEN_T because AIX uses SOCKLEN_T |
| 2568 | in its include files, and this causes problems building Exim. |
| 2569 | |
| 2570 | PH/06 A number of "verify =" ACL conditions have no options (e.g. verify = |
| 2571 | header_syntax) but Exim was just ignoring anything given after a slash. |
| 2572 | In particular, this caused confusion with an attempt to use "verify = |
| 2573 | reverse_host_lookup/defer_ok". An error is now given when options are |
| 2574 | supplied for verify items that do not have them. (Maybe reverse_host_ |
| 2575 | lookup should have a defer_ok option, but that's a different point.) |
| 2576 | |
| 2577 | PH/07 Increase the size of the buffer for incoming SMTP commands from 512 (as |
| 2578 | defined by RFC 821) to 2048, because there were problems with some AUTH |
| 2579 | commands, and RFC 1869 says the size should be increased for extended |
| 2580 | SMTP commands that take arguments. |
| 2581 | |
| 2582 | PH/08 Added ${dlfunc dynamically loaded function for expansion (code from Tony |
| 2583 | Finch). |
| 2584 | |
| 2585 | PH/09 Previously, an attempt to use ${perl when it wasn't compiled gave an |
| 2586 | "unknown" error; now it says that the functionality isn't in the binary. |
| 2587 | |
| 2588 | PH/10 Added a nasty fudge to try to recognize and flatten LDAP passwords in |
| 2589 | an address' error message when a string expansion fails (syntax or |
| 2590 | whatever). Otherwise the password may appear in the log. Following change |
| 2591 | PH/42 below, there is no longer a chance of it appearing in a bounce |
| 2592 | message. |
| 2593 | |
| 2594 | PH/11 Installed exipick version 20050225.0 from John Jetmore. |
| 2595 | |
| 2596 | PH/12 If the last host in a fallback_hosts list was multihomed, only the first |
| 2597 | of its addresses was ever tried. (Bugzilla bug #2.) |
| 2598 | |
| 2599 | PH/13 If "headers_add" in a transport didn't end in a newline, Exim printed |
| 2600 | the result incorrectly in the debug output. (It correctly added a newline |
| 2601 | to what was transported.) |
| 2602 | |
| 2603 | TF/01 Added $received_time. |
| 2604 | |
| 2605 | PH/14 Modified the default configuration to add an acl_smtp_data ACL, with |
| 2606 | commented out examples of how to interface to a virus scanner and to |
| 2607 | SpamAssassin. Also added commented examples of av_scanner and |
| 2608 | spamd_address settings. |
| 2609 | |
| 2610 | PH/15 Further to TK/02 and TK/03 above, tidied up the tables of what conditions |
| 2611 | and controls are allowed in which ACLs. There were a couple of minor |
| 2612 | errors. Some of the entries in the conditions table (which is a table of |
| 2613 | where they are NOT allowed) were getting very unwieldy; rewrote them as a |
| 2614 | negation of where the condition IS allowed. |
| 2615 | |
| 2616 | PH/16 Installed updated OS/os.c-cygwin from the Cygwin maintainer. |
| 2617 | |
| 2618 | PH/17 The API for radiusclient changed at release 0.4.0. Unfortunately, the |
| 2619 | header file does not have a version number, so I've had to invent a new |
| 2620 | value for RADIUS_LIB_TYPE, namely "RADIUSCLIENTNEW" to request the new |
| 2621 | API. The code is untested by me (my Linux distribution still has 0.3.2 of |
| 2622 | radiusclient), but it was contributed by a Radius user. |
| 2623 | |
| 2624 | PH/18 Installed Lars Mainka's patch for the support of CRL collections in |
| 2625 | files or directories, for OpenSSL. |
| 2626 | |
| 2627 | PH/19 When an Exim process that is running as root has to create an Exim log |
| 2628 | file, it does so in a subprocess that runs as exim:exim so as to get the |
| 2629 | ownership right at creation (otherwise, other Exim processes might see |
| 2630 | the file with the wrong ownership). There was no test for failure of this |
| 2631 | fork() call, which would lead to the process getting stuck as it waited |
| 2632 | for a non-existent subprocess. Forks do occasionally fail when resources |
| 2633 | run out. I reviewed all the other calls to fork(); they all seem to check |
| 2634 | for failure. |
| 2635 | |
| 2636 | PH/20 When checking for unexpected SMTP input at connect time (before writing |
| 2637 | the banner), Exim was not dealing correctly with a non-positive return |
| 2638 | from the read() function. If the client had disconnected by this time, |
| 2639 | the result was a log entry for a synchronization error with an empty |
| 2640 | string after "input=" when read() returned zero. If read() returned -1 |
| 2641 | (an event I could not check), uninitialized data bytes were printed. |
| 2642 | There were reports of junk text (parts of files, etc) appearing after |
| 2643 | "input=". |
| 2644 | |
| 2645 | PH/21 Added acl_not_smtp_mime to allow for MIME scanning for non-SMTP messages. |
| 2646 | |
| 2647 | PH/22 Added support for macro redefinition, and (re)definition in between |
| 2648 | driver and ACL definitions. |
| 2649 | |
| 2650 | PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then |
| 2651 | forgetting to use the resulting value; it was using the unexpanded value. |
| 2652 | |
| 2653 | PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it |
| 2654 | hadn't been configured. The fix is from Juergen Kreileder, who |
| 2655 | understands it better than I do: |
| 2656 | |
| 2657 | "Here's what I see happening with three configured cyrus_sasl |
| 2658 | authenticators configured (plain, login, cram-md5): |
| 2659 | |
| 2660 | On startup auth_cyrus_sasl_init() gets called for each of these. |
| 2661 | This means three calls to sasl_listmech() without a specified mech_list. |
| 2662 | => SASL tests which mechs of all available mechs actually work |
| 2663 | => three warnings about OTP not working |
| 2664 | => the returned list contains: plain, login, cram-md5, digest-md5, ... |
| 2665 | |
| 2666 | With the patch, sasl_listmech() also gets called three times. But now |
| 2667 | SASL's mech_list option is set to the server_mech specified in the the |
| 2668 | authenticator. Or in other words, the answer from sasl_listmech() |
| 2669 | gets limited to just the mech you're testing for (which is different |
| 2670 | for each call.) |
| 2671 | => the return list contains just 'plain' or 'login', 'cram-md5' or |
| 2672 | nothing depending on the value of ob->server_mech. |
| 2673 | |
| 2674 | I've just tested the patch: Authentication still works fine, |
| 2675 | unavailable mechs specified in the exim configuration are still |
| 2676 | caught, and the auth.log warnings about OTP are gone." |
| 2677 | |
| 2678 | PH/25 When debugging is enabled, the contents of the command line are added |
| 2679 | to the debugging output, even when log_selector=+arguments is not |
| 2680 | specified. |
| 2681 | |
| 2682 | PH/26 Change scripts/os-type so that when "uname -s" returns just "GNU", the |
| 2683 | answer is "GNU", and only if the return is "GNU/something" is the answer |
| 2684 | "Linux". |
| 2685 | |
| 2686 | PH/27 $acl_verify_message is now set immediately after the failure of a |
| 2687 | verification in an ACL, and so is available in subsequent modifiers. In |
| 2688 | particular, the message can be preserved by coding like this: |
| 2689 | |
| 2690 | warn !verify = sender |
| 2691 | set acl_m0 = $acl_verify_message |
| 2692 | |
| 2693 | Previously, $acl_verify_message was set only while expanding "message" |
| 2694 | and "log_message" when a very denied access. |
| 2695 | |
| 2696 | PH/28 Modified OS/os.c-Linux with |
| 2697 | |
| 2698 | -#ifndef OS_LOAD_AVERAGE |
| 2699 | +#if !defined(OS_LOAD_AVERAGE) && defined(__linux__) |
| 2700 | |
| 2701 | to make Exim compile on kfreebsd-gnu. (I'm totally confused about the |
| 2702 | nomenclature these days.) |
| 2703 | |
| 2704 | PH/29 Installed patch from the Sieve maintainer that adds the options |
| 2705 | sieve_useraddress and sieve_subaddress to the redirect router. |
| 2706 | |
| 2707 | PH/30 In these circumstances: |
| 2708 | . Two addresses routed to the same list of hosts; |
| 2709 | . First host does not offer TLS; |
| 2710 | . First host accepts first address; |
| 2711 | . First host gives temporary error to second address; |
| 2712 | . Second host offers TLS and a TLS session is established; |
| 2713 | . Second host accepts second address. |
| 2714 | Exim incorrectly logged both deliveries with the TLS parameters (cipher |
| 2715 | and peerdn, if requested) that were in fact used only for the second |
| 2716 | address. |
| 2717 | |
| 2718 | PH/31 When doing a callout as part of verifying an address, Exim was not paying |
| 2719 | attention to any local part prefix or suffix that was matched by the |
| 2720 | router that accepted the address. It now behaves in the same way as it |
| 2721 | does for delivery: the affixes are removed from the local part unless |
| 2722 | rcpt_include_affixes is set on the transport. |
| 2723 | |
| 2724 | PH/32 Add the sender address, as F=<...>, to the log line when logging a |
| 2725 | timeout during the DATA phase of an incoming message. |
| 2726 | |
| 2727 | PH/33 Sieve envelope tests were broken for match types other than :is. I have |
| 2728 | applied a patch sanctioned by the Sieve maintainer. |
| 2729 | |
| 2730 | PH/34 Change 4.50/80 broke Exim in that it could no longer handle cases where |
| 2731 | the uid or gid is negative. A case of a negative gid caused this to be |
| 2732 | noticed. The fix allows for either to be negative. |
| 2733 | |
| 2734 | PH/35 ACL_WHERE_MIME is now declared unconditionally, to avoid too much code |
| 2735 | clutter, but the tables that are indexed by ACL_WHERE_xxx values had been |
| 2736 | overlooked. |
| 2737 | |
| 2738 | PH/36 The change PH/12 above was broken. Fixed it. |
| 2739 | |
| 2740 | PH/37 Exim used to check for duplicate addresses in the middle of routing, on |
| 2741 | the grounds that routing the same address twice would always produce the |
| 2742 | same answer. This might have been true once, but it is certainly no |
| 2743 | longer true now. Routing a child address may depend on the previous |
| 2744 | routing that produced that child. Some complicated redirection strategies |
| 2745 | went wrong when messages had multiple recipients, and made Exim's |
| 2746 | behaviour dependent on the order in which the addresses were given. |
| 2747 | |
| 2748 | I have moved the duplicate checking until after the routing is complete. |
| 2749 | Exim scans the addresses that are assigned to local and remote |
| 2750 | transports, and removes any duplicates. This means that more work will be |
| 2751 | done, as duplicates will always all be routed, but duplicates are |
| 2752 | presumably rare, so I don't expect this is of any significance. |
| 2753 | |
| 2754 | For deliveries to pipes, files, and autoreplies, the duplicate checking |
| 2755 | still happens during the routing process, since they are not going to be |
| 2756 | routed further. |
| 2757 | |
| 2758 | PH/38 Installed a patch from Ian Freislich, with the agreement of Tom Kistner. |
| 2759 | It corrects a timeout issue with spamd. This is Ian's comment: "The |
| 2760 | background is that sometimes spamd either never reads data from a |
| 2761 | connection it has accepted, or it never writes response data. The exiscan |
| 2762 | spam.[ch] uses a 3600 second timeout on spamd socket reads, further, it |
| 2763 | blindly assumes that writes won't block so it may never time out." |
| 2764 | |
| 2765 | PH/39 Allow G after quota size as well as K and M. |
| 2766 | |
| 2767 | PH/40 The value set for $authenticated_id in an authenticator may not contain |
| 2768 | binary zeroes or newlines because the value is written to log lines and |
| 2769 | to spool files. There was no check on this. Now the value is run through |
| 2770 | the string_printing() function so that such characters are converted to |
| 2771 | printable escape sequences. |
| 2772 | |
| 2773 | PH/41 $message_linecount is a new variable that contains the total number of |
| 2774 | lines in the message. Compare $body_linecount, which is the count for the |
| 2775 | body only. |
| 2776 | |
| 2777 | PH/42 Exim no longer gives details of delivery errors for specific addresses in |
| 2778 | bounce and delay warning messages, except in certain special cases, which |
| 2779 | are as follows: |
| 2780 | |
| 2781 | (a) An SMTP error message from a remote host; |
| 2782 | (b) A message specified in a :fail: redirection; |
| 2783 | (c) A message specified in a "fail" command in a system filter; |
| 2784 | (d) A message specified in a FAIL return from the queryprogram router; |
| 2785 | (e) A message specified by the cannot_route_message router option. |
| 2786 | |
| 2787 | In these cases only, Exim does include the error details in bounce and |
| 2788 | warning messages. There are also a few cases where bland messages such |
| 2789 | as "unrouteable address" or "local delivery error" are given. |
| 2790 | |
| 2791 | PH/43 $value is now also set for the "else" part of a ${run expansion. |
| 2792 | |
| 2793 | PH/44 Applied patch from the Sieve maintainer: "The vacation draft is still |
| 2794 | being worked on, but at least Exim now implements the latest version to |
| 2795 | play with." |
| 2796 | |
| 2797 | PH/45 In a pipe transport, although a timeout while waiting for the pipe |
| 2798 | process to complete was treated as a delivery failure, a timeout while |
| 2799 | writing the message to the pipe was logged, but erroneously treated as a |
| 2800 | successful delivery. Such timeouts include transport filter timeouts. For |
| 2801 | consistency with the overall process timeout, these timeouts are now |
| 2802 | treated as errors, giving rise to delivery failures by default. However, |
| 2803 | there is now a new Boolean option for the pipe transport called |
| 2804 | timeout_defer, which, if set TRUE, converts the failures into defers for |
| 2805 | both kinds of timeout. A transport filter timeout is now identified in |
| 2806 | the log output. |
| 2807 | |
| 2808 | PH/46 The "scripts/Configure-config.h" script calls "make" at one point. On |
| 2809 | systems where "make" and "gmake" are different, calling "gmake" at top |
| 2810 | level broke things. I've arranged for the value of $(MAKE) to be passed |
| 2811 | from the Makefile to this script so that it can call the same version of |
| 2812 | "make". |
| 2813 | |
| 2814 | |
| 2815 | A note about Exim versions 4.44 and 4.50 |
| 2816 | ---------------------------------------- |
| 2817 | |
| 2818 | Exim 4.50 was meant to be the next release after 4.43. It contains a lot of |
| 2819 | changes of various kinds. As a consequence, a big documentation update was |
| 2820 | needed. This delayed the release for rather longer than seemed good, especially |
| 2821 | in the light of a couple of (minor) security issues. Therefore, the changes |
| 2822 | that fixed bugs were backported into 4.43, to create a 4.44 maintenance |
| 2823 | release. So 4.44 and 4.50 are in effect two different branches that both start |
| 2824 | from 4.43. |
| 2825 | |
| 2826 | I have left the 4.50 change log unchanged; it contains all the changes since |
| 2827 | 4.43. The change log for 4.44 is below; many of its items are identical to |
| 2828 | those for 4.50. This seems to be the most sensible way to preserve the |
| 2829 | historical information. |
| 2830 | |
| 2831 | |
| 2832 | Exim version 4.50 |
| 2833 | ----------------- |
| 2834 | |
| 2835 | 1. Minor wording change to the doc/README.SIEVE file. |
| 2836 | |
| 2837 | 2. Change 4.43/35 introduced a bug: if quota_filecount was set, the |
| 2838 | computation of the current number of files was incorrect. |
| 2839 | |
| 2840 | 3. Closing a stable door: arrange to panic-die if setitimer() ever fails. The |
| 2841 | bug fixed in 4.43/37 would have been diagnosed quickly if this had been in |
| 2842 | place. |
| 2843 | |
| 2844 | 4. Give more explanation in the error message when the command for a transport |
| 2845 | filter fails to execute. |
| 2846 | |
| 2847 | 5. There are several places where Exim runs a non-Exim command in a |
| 2848 | subprocess. The SIGUSR1 signal should be disabled for these processes. This |
| 2849 | was being done only for the command run by the queryprogram router. It is |
| 2850 | now done for all such subprocesses. The other cases are: ${run, transport |
| 2851 | filters, and the commands run by the lmtp and pipe transports. |
| 2852 | |
| 2853 | 6. Added CONFIGURE_GROUP build-time option. |
| 2854 | |
| 2855 | 7. Some older OS have a limit of 256 on the maximum number of file |
| 2856 | descriptors. Exim was using setrlimit() to set 1000 as a large value |
| 2857 | unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these |
| 2858 | systems. I've change it so that if it can't get 1000, it tries for 256. |
| 2859 | |
| 2860 | 8. "control=submission" was allowed, but had no effect, in a DATA ACL. This |
| 2861 | was an oversight, and furthermore, ever since the addition of extra |
| 2862 | controls (e.g. 4.43/32), the checks on when to allow different forms of |
| 2863 | "control" were broken. There should now be diagnostics for all cases when a |
| 2864 | control that does not make sense is encountered. |
| 2865 | |
| 2866 | 9. Added the /retain_sender option to "control=submission". |
| 2867 | |
| 2868 | 10. $recipients is now available in the predata ACL (oversight). |
| 2869 | |
| 2870 | 11. Tidy the search cache before the fork to do a delivery from a message |
| 2871 | received from the command line. Otherwise the child will trigger a lookup |
| 2872 | failure and thereby defer the delivery if it tries to use (for example) a |
| 2873 | cached ldap connection that the parent has called unbind on. |
| 2874 | |
| 2875 | 12. If verify=recipient was followed by verify=sender in a RCPT ACL, the value |
| 2876 | of $address_data from the recipient verification was clobbered by the |
| 2877 | sender verification. |
| 2878 | |
| 2879 | 13. The value of address_data from a sender verification is now available in |
| 2880 | $sender_address_data in subsequent conditions in the ACL statement. |
| 2881 | |
| 2882 | 14. Added forbid_sieve_filter and forbid_exim_filter to the redirect router. |
| 2883 | |
| 2884 | 15. Added a new option "connect=<time>" to callout options, to set a different |
| 2885 | connection timeout. |
| 2886 | |
| 2887 | 16. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0 |
| 2888 | was its contents. (It was OK if the option was not defined at all.) |
| 2889 | |
| 2890 | 17. A "Completed" log line is now written for messages that are removed from |
| 2891 | the spool by the -Mrm option. |
| 2892 | |
| 2893 | 18. New variables $sender_verify_failure and $recipient_verify_failure contain |
| 2894 | information about exactly what failed. |
| 2895 | |
| 2896 | 19. Added -dd to debug only the daemon process. |
| 2897 | |
| 2898 | 20. Incorporated Michael Haardt's patch to ldap.c for improving the way it |
| 2899 | handles timeouts, both on the server side and network timeouts. Renamed the |
| 2900 | CONNECT parameter as NETTIMEOUT (but kept the old name for compatibility). |
| 2901 | |
| 2902 | 21. The rare case of EHLO->STARTTLS->HELO was setting the protocol to "smtp". |
| 2903 | It is now set to "smtps". |
| 2904 | |
| 2905 | 22. $host_address is now set to the target address during the checking of |
| 2906 | ignore_target_hosts. |
| 2907 | |
| 2908 | 23. When checking ignore_target_hosts for an ipliteral router, no host name was |
| 2909 | being passed; this would have caused $sender_host_name to have been used if |
| 2910 | matching the list had actually called for a host name (not very likely, |
| 2911 | since this list is usually IP addresses). A host name is now passed as |
| 2912 | "[x.x.x.x]". |
| 2913 | |
| 2914 | 24. Changed the calls that set up the SIGCHLD handler in the daemon to use the |
| 2915 | code that specifies a non-restarting handler (typically sigaction() in |
| 2916 | modern systems) in an attempt to fix a rare and obscure crash bug. |
| 2917 | |
| 2918 | 25. Narrowed the window for a race in the daemon that could cause it to ignore |
| 2919 | SIGCHLD signals. This is not a major problem, because they are used only to |
| 2920 | wake it up if nothing else does. |
| 2921 | |
| 2922 | 26. A malformed maildirsize file could cause Exim to calculate negative values |
| 2923 | for the mailbox size or file count. Odd effects could occur as a result. |
| 2924 | The maildirsize information is now recalculated if the size or filecount |
| 2925 | end up negative. |
| 2926 | |
| 2927 | 27. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this |
| 2928 | support for a long time. Removed HAVE_SYS_VFS_H. |
| 2929 | |
| 2930 | 28. Installed the latest version of exipick from John Jetmore. |
| 2931 | |
| 2932 | 29. In an address list, if the pattern was not a regular expression, an empty |
| 2933 | subject address (from a bounce message) matched only if the pattern was an |
| 2934 | empty string. Non-empty patterns were not even tested. This was the wrong |
| 2935 | because it is perfectly reasonable to use an empty address as part of a |
| 2936 | database query. An empty address is now tested by patterns that are |
| 2937 | lookups. However, all the other forms of pattern expect the subject to |
| 2938 | contain a local part and a domain, and therefore, for them, an empty |
| 2939 | address still always fails if the pattern is not itself empty. |
| 2940 | |
| 2941 | 30. Exim went into a mad DNS loop when attempting to do a callout where the |
| 2942 | host was specified on an smtp transport, and looking it up yielded more |
| 2943 | than one IP address. |
| 2944 | |
| 2945 | 31. Re-factored the code for checking spool and log partition space into a |
| 2946 | function that finds that data and another that does the check. The former |
| 2947 | is then used to implement four new variables: $spool_space, $log_space, |
| 2948 | $spool_inodes, and $log_inodes. |
| 2949 | |
| 2950 | 32. The RFC2047 encoding function was originally intended for short strings |
| 2951 | such as real names; it was not keeping to the 75-character limit for |
| 2952 | encoded words that the RFC imposes. It now respects the limit, and |
| 2953 | generates multiple encoded words if necessary. To be on the safe side, I |
| 2954 | have increased the buffer size for the ${rfc2047: expansion operator from |
| 2955 | 1024 to 2048 bytes. |
| 2956 | |
| 2957 | 33. It is now permitted to omit both strings after an "if" condition; if the |
| 2958 | condition is true, the result is "true". As before, when the second string |
| 2959 | is omitted, a false condition yields an empty string. This makes it less |
| 2960 | cumbersome to write custom ACL and router conditions. |
| 2961 | |
| 2962 | 34. Failure to deliver a bounce message always caused it to be frozen, even if |
| 2963 | there was an errors_to setting on the router. The errors_to setting is now |
| 2964 | respected. |
| 2965 | |
| 2966 | 35. If an IPv6 address is given for -bh or -bhc, it is now converted to the |
| 2967 | canonical form (fully expanded) before being placed in |
| 2968 | $sender_host_address. |
| 2969 | |
| 2970 | 36. The table in the code that translates DNS record types into text (T_A to |
| 2971 | "A" for instance) was missing entries for NS and CNAME. It is just possible |
| 2972 | that this could have caused confusion if both these types were looked up |
| 2973 | for the same domain, because the text type is used as part of Exim's |
| 2974 | per-process caching. But the chance of anyone hitting this buglet seems |
| 2975 | very small. |
| 2976 | |
| 2977 | 37. The dnsdb lookup has been extended in a number of ways. |
| 2978 | |
| 2979 | (1) There is a new type, "zns", which walks up the domain tree until it |
| 2980 | finds some nameserver records. It should be used with care. |
| 2981 | |
| 2982 | (2) There is a new type, "mxh", which is like "mx" except that it returns |
| 2983 | just the host names, not the priorities. |
| 2984 | |
| 2985 | (3) It is now possible to give a list of domains (or IP addresses) to be |
| 2986 | looked up. The behaviour when one of the lookups defers can be |
| 2987 | controlled by a keyword. |
| 2988 | |
| 2989 | (4) It is now possible to specify the separator character for use when |
| 2990 | multiple records are returned. |
| 2991 | |
| 2992 | 38. The dnslists ACL condition has been extended: it is now possible to supply |
| 2993 | a list of IP addresses and/or domains to be looked up in a particular DNS |
| 2994 | domain. |
| 2995 | |
| 2996 | 39. Added log_selector=+queue_time_overall. |
| 2997 | |
| 2998 | 40. When running the queue in the test harness, wait just a tad after forking a |
| 2999 | delivery process, to get repeatability of debugging output. |
| 3000 | |
| 3001 | 41. Include certificate and key file names in error message when GnuTLS fails |
| 3002 | to set them up, because the GnuTLS error message doesn't include the name |
| 3003 | of the failing file when there is a problem reading it. |
| 3004 | |
| 3005 | 42. Allow both -bf and -bF in the same test run. |
| 3006 | |
| 3007 | 43. Did the same fix as 41 above for OpenSSL, which had the same infelicity. |
| 3008 | |
| 3009 | 44. The "Exiscan patch" is now merged into the mainline Exim source. |
| 3010 | |
| 3011 | 45. Sometimes the final signoff response after QUIT could fail to get |
| 3012 | transmitted in the non-TLS case. Testing !tls_active instead of tls_active |
| 3013 | < 0 before doing a fflush(). This bug looks as though it goes back to the |
| 3014 | introduction of TLS in release 3.20, but "sometimes" must have been rare |
| 3015 | because the tests only now provoked it. |
| 3016 | |
| 3017 | 46. Reset the locale to "C" after calling embedded Perl, in case it was changed |
| 3018 | (this can affect the format of dates). |
| 3019 | |
| 3020 | 47. exim_tidydb, when checking for the continued existence of a message for |
| 3021 | which it has found a message-specific retry record, was not finding |
| 3022 | messages that were in split spool directories. Consequently, it was |
| 3023 | deleting retry records that should have stayed in existence. |
| 3024 | |
| 3025 | 48. Steve fixed some bugs in eximstats. |
| 3026 | |
| 3027 | 49. The SPA authentication driver was not abandoning authentication and moving |
| 3028 | on to the next authenticator when an expansion was forced to fail, |
| 3029 | contradicting the general specification for all authenticators. Instead it |
| 3030 | was generating a temporary error. It now behaves as specified. |
| 3031 | |
| 3032 | 50. The default ordering of permitted cipher suites for GnuTLS was pessimal |
| 3033 | (the order specifies the preference for clients). The order is now AES256, |
| 3034 | AES128, 3DES, ARCFOUR128. |
| 3035 | |
| 3036 | 51. Small patch to Sieve code - explicitly set From: when generating an |
| 3037 | autoreply. |
| 3038 | |
| 3039 | 52. Exim crashed if a remote delivery caused a very long error message to be |
| 3040 | recorded - for instance if somebody sent an entire SpamAssassin report back |
| 3041 | as a large number of 550 error lines. This bug was coincidentally fixed by |
| 3042 | increasing the size of one of Exim's internal buffers (big_buffer) that |
| 3043 | happened as part of the Exiscan merge. However, to be on the safe side, I |
| 3044 | have made the code more robust (and fixed the comments that describe what |
| 3045 | is going on). |
| 3046 | |
| 3047 | 53. Now that there can be additional text after "Completed" in log lines (if |
| 3048 | the queue_time_overall log selector is set), a one-byte patch to exigrep |
| 3049 | was needed to allow it to recognize "Completed" as not the last thing in |
| 3050 | the line. |
| 3051 | |
| 3052 | 54. The LDAP lookup was not handling a return of LDAP_RES_SEARCH_REFERENCE. A |
| 3053 | patch that reportedly fixes this has been added. I am not expert enough to |
| 3054 | create a test for it. This is what the patch creator wrote: |
| 3055 | |
| 3056 | "I found a little strange behaviour of ldap code when working with |
| 3057 | Windows 2003 AD Domain, where users was placed in more than one |
| 3058 | Organization Units. When I tried to give exim partial DN, the exit code |
| 3059 | of ldap_search was unknown to exim because of LDAP_RES_SEARCH_REFERENCE. |
| 3060 | But simultaneously result of request was absolutely normal ldap result, |
| 3061 | so I produce this patch..." |
| 3062 | |
| 3063 | Later: it seems that not all versions of LDAP support LDAP_RES_SEARCH_ |
| 3064 | REFERENCE, so I have modified the code to exclude the patch when that macro |
| 3065 | is not defined. |
| 3066 | |
| 3067 | 55. Some experimental protocols are using DNS PTR records for new purposes. The |
| 3068 | keys for these records are domain names, not reversed IP addresses. The |
| 3069 | dnsdb PTR lookup now tests whether its key is an IP address. If not, it |
| 3070 | leaves it alone. Component reversal etc. now happens only for IP addresses. |
| 3071 | CAN-2005-0021 |
| 3072 | |
| 3073 | 56. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP. |
| 3074 | |
| 3075 | 57. Double the size of the debug message buffer (to 2048) so that more of very |
| 3076 | long debug lines gets shown. |
| 3077 | |
| 3078 | 58. The exicyclog utility now does better if the number of log files to keep |
| 3079 | exceeds 99. In this case, it numbers them 001, 002 ... instead of 01, 02... |
| 3080 | |
| 3081 | 59. Two changes related to the smtp_active_hostname option: |
| 3082 | |
| 3083 | (1) $smtp_active_hostname is now available as a variable. |
| 3084 | (2) The default for smtp_banner uses $smtp_active_hostname instead |
| 3085 | of $primary_hostname. |
| 3086 | |
| 3087 | 60. The host_aton() function is supposed to be passed a string that is known |
| 3088 | to be a valid IP address. However, in the case of IPv6 addresses, it was |
| 3089 | not checking this. This is a hostage to fortune. Exim now panics and dies |
| 3090 | if the condition is not met. A case was found where this could be provoked |
| 3091 | from a dnsdb PTR lookup with an IPv6 address that had more than 8 |
| 3092 | components; fortuitously, this particular loophole had already been fixed |
| 3093 | by change 4.50/55 above. |
| 3094 | |
| 3095 | If there are any other similar loopholes, the new check in host_aton() |
| 3096 | itself should stop them being exploited. The report I received stated that |
| 3097 | data on the command line could provoke the exploit when Exim was running as |
| 3098 | exim, but did not say which command line option was involved. All I could |
| 3099 | find was the use of -be with a bad dnsdb PTR lookup, and in that case it is |
| 3100 | running as the user. |
| 3101 | CAN-2005-0021 |
| 3102 | |
| 3103 | 61. There was a buffer overflow vulnerability in the SPA authentication code |
| 3104 | (which came originally from the Samba project). I have added a test to the |
| 3105 | spa_base64_to_bits() function which I hope fixes it. |
| 3106 | CAN-2005-0022 |
| 3107 | |
| 3108 | 62. Configuration update for GNU/Hurd and variations. Updated Makefile-GNU and |
| 3109 | os.h-GNU, and added configuration files for GNUkFreeBSD and GNUkNetBSD. |
| 3110 | |
| 3111 | 63. The daemon start-up calls getloadavg() while still root for those OS that |
| 3112 | need the first call to be done as root, but it missed one case: when |
| 3113 | deliver_queue_load_max is set with deliver_drop_privilege. This is |
| 3114 | necessary for the benefit of the queue runner, because there is no re-exec |
| 3115 | when deliver_drop_privilege is set. |
| 3116 | |
| 3117 | 64. A call to exiwhat cut short delays set up by "delay" modifiers in ACLs. |
| 3118 | This has been fixed. |
| 3119 | |
| 3120 | 65. Caching of lookup data for "hosts =" ACL conditions, when a named host list |
| 3121 | was in use, was not putting the data itself into the right store pool; |
| 3122 | consequently, it could be overwritten for a subsequent message in the same |
| 3123 | SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked |
| 3124 | the caching.) |
| 3125 | |
| 3126 | 66. Added hosts_max_try_hardlimit to the smtp transport, default 50. |
| 3127 | |
| 3128 | 67. The string_is_ip_address() function returns 0, 4, or 6, for "no an IP |
| 3129 | address", "IPv4 address", and "IPv6 address", respectively. Some calls of |
| 3130 | the function were treating the return as a boolean value, which happened to |
| 3131 | work because 0=false and not-0=true, but is not correct code. |
| 3132 | |
| 3133 | 68. The host_aton() function was not handling scoped IPv6 addresses (those |
| 3134 | with, for example, "%eth0" on the end) correctly. |
| 3135 | |
| 3136 | 69. Fixed some compiler warnings in acl.c for the bitmaps specified with |
| 3137 | negated items (that is, ~something) in unsigned ints. Some compilers |
| 3138 | apparently mutter when there is no cast. |
| 3139 | |
| 3140 | 70. If an address verification called from an ACL failed, and did not produce a |
| 3141 | user-specific message (i.e. there was only a "system" message), nothing was |
| 3142 | put in $acl_verify_message. In this situation, it now puts the system |
| 3143 | message there. |
| 3144 | |
| 3145 | 71. Change 4.23/11 added synchronization checking at the start of an SMTP |
| 3146 | session; change 4.31/43 added the unwanted input to the log line - except |
| 3147 | that it did not do this in the start of session case. It now does. |
| 3148 | |
| 3149 | 72. After a timeout in a callout SMTP session, Exim still sent a QUIT command. |
| 3150 | This is wrong and can cause the other end to generate a synchronization |
| 3151 | error if it is another Exim or anything else that does the synchronization |
| 3152 | check. A QUIT command is no longer sent after a timeout. |
| 3153 | |
| 3154 | 73. $host_lookup_deferred has been added, to make it easier to detect DEFERs |
| 3155 | during host lookups. |
| 3156 | |
| 3157 | 74. The defer_ok option of callout verification was not working if it was used |
| 3158 | when verifying addresses in header lines, that is, for this case: |
| 3159 | |
| 3160 | verify = header_sender/callout=defer_ok |
| 3161 | |
| 3162 | 75. A backgrounded daemon closed stdin/stdout/stderr on entry; this meant that |
| 3163 | those file descriptors could be used for SMTP connections. If anything |
| 3164 | wrote to stderr (the example that came up was "warn" in embedded Perl), it |
| 3165 | could be sent to the SMTP client, causing chaos. The daemon now opens |
| 3166 | stdin, stdout, and stderr to /dev/null when it puts itself into the |
| 3167 | background. |
| 3168 | |
| 3169 | 76. Arrange for output from Perl's "warn" command to be written to Exim's main |
| 3170 | log by default. The user can override this with suitable Perl magic. |
| 3171 | |
| 3172 | 77. The use of log_message on a "discard" ACL verb, which is supposed to add to |
| 3173 | the log message when discard triggers, was not working for the DATA ACL or |
| 3174 | for the non-SMTP ACL. |
| 3175 | |
| 3176 | 78. Error message wording change in sieve.c. |
| 3177 | |
| 3178 | 79. If smtp_accept_max_per_host was set, the number of connections could be |
| 3179 | restricted to fewer than expected, because the daemon was trying to set up |
| 3180 | a new connection before checking whether the processes handling previous |
| 3181 | connections had finished. The check for completed processes is now done |
| 3182 | earlier. On busy systems, this bug wouldn't be noticed because something |
| 3183 | else would have woken the daemon, and it would have reaped the completed |
| 3184 | process earlier. |
| 3185 | |
| 3186 | 80. If a message was submitted locally by a user whose login name contained one |
| 3187 | or more spaces (ugh!), the spool file that Exim wrote was not re-readable. |
| 3188 | It caused a spool format error. I have fixed the spool reading code. A |
| 3189 | related problem was that the "from" clause in the Received: line became |
| 3190 | illegal because of the space(s). It is now covered by ${quote_local_part. |
| 3191 | |
| 3192 | 81. Included the latest eximstats from Steve (adds average sizes to HTML Top |
| 3193 | tables). |
| 3194 | |
| 3195 | 82. Updated OS/Makefile-AIX as per message from Mike Meredith. |
| 3196 | |
| 3197 | 83. Patch from Sieve maintainer to fix unterminated string problem in |
| 3198 | "vacation" handling. |
| 3199 | |
| 3200 | 84. Some minor changes to the Linux configuration files to help with other |
| 3201 | OS variants using glibc. |
| 3202 | |
| 3203 | 85. One more patch for Sieve to update vacation handling to latest spec. |
| 3204 | |
| 3205 | |
| 3206 | ---------------------------------------------------- |
| 3207 | See the note above about the 4.44 and 4.50 releases. |
| 3208 | ---------------------------------------------------- |
| 3209 | |
| 3210 | |
| 3211 | Exim version 4.44 |
| 3212 | ----------------- |
| 3213 | |
| 3214 | 1. Change 4.43/35 introduced a bug that caused file counts to be |
| 3215 | incorrectly computed when quota_filecount was set in an appendfile |
| 3216 | transport |
| 3217 | |
| 3218 | 2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The |
| 3219 | bug fixed in 4.43/37 would have been diagnosed quickly if this had been in |
| 3220 | place. |
| 3221 | |
| 3222 | 3. Give more explanation in the error message when the command for a transport |
| 3223 | filter fails to execute. |
| 3224 | |
| 3225 | 4. There are several places where Exim runs a non-Exim command in a |
| 3226 | subprocess. The SIGUSR1 signal should be disabled for these processes. This |
| 3227 | was being done only for the command run by the queryprogram router. It is |
| 3228 | now done for all such subprocesses. The other cases are: ${run, transport |
| 3229 | filters, and the commands run by the lmtp and pipe transports. |
| 3230 | |
| 3231 | 5. Some older OS have a limit of 256 on the maximum number of file |
| 3232 | descriptors. Exim was using setrlimit() to set 1000 as a large value |
| 3233 | unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these |
| 3234 | systems. I've change it so that if it can't get 1000, it tries for 256. |
| 3235 | |
| 3236 | 6. "control=submission" was allowed, but had no effect, in a DATA ACL. This |
| 3237 | was an oversight, and furthermore, ever since the addition of extra |
| 3238 | controls (e.g. 4.43/32), the checks on when to allow different forms of |
| 3239 | "control" were broken. There should now be diagnostics for all cases when a |
| 3240 | control that does not make sense is encountered. |
| 3241 | |
| 3242 | 7. $recipients is now available in the predata ACL (oversight). |
| 3243 | |
| 3244 | 8. Tidy the search cache before the fork to do a delivery from a message |
| 3245 | received from the command line. Otherwise the child will trigger a lookup |
| 3246 | failure and thereby defer the delivery if it tries to use (for example) a |
| 3247 | cached ldap connection that the parent has called unbind on. |
| 3248 | |
| 3249 | 9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value |
| 3250 | of $address_data from the recipient verification was clobbered by the |
| 3251 | sender verification. |
| 3252 | |
| 3253 | 10. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0 |
| 3254 | was its contents. (It was OK if the option was not defined at all.) |
| 3255 | |
| 3256 | 11. A "Completed" log line is now written for messages that are removed from |
| 3257 | the spool by the -Mrm option. |
| 3258 | |
| 3259 | 12. $host_address is now set to the target address during the checking of |
| 3260 | ignore_target_hosts. |
| 3261 | |
| 3262 | 13. When checking ignore_target_hosts for an ipliteral router, no host name was |
| 3263 | being passed; this would have caused $sender_host_name to have been used if |
| 3264 | matching the list had actually called for a host name (not very likely, |
| 3265 | since this list is usually IP addresses). A host name is now passed as |
| 3266 | "[x.x.x.x]". |
| 3267 | |
| 3268 | 14. Changed the calls that set up the SIGCHLD handler in the daemon to use the |
| 3269 | code that specifies a non-restarting handler (typically sigaction() in |
| 3270 | modern systems) in an attempt to fix a rare and obscure crash bug. |
| 3271 | |
| 3272 | 15. Narrowed the window for a race in the daemon that could cause it to ignore |
| 3273 | SIGCHLD signals. This is not a major problem, because they are used only to |
| 3274 | wake it up if nothing else does. |
| 3275 | |
| 3276 | 16. A malformed maildirsize file could cause Exim to calculate negative values |
| 3277 | for the mailbox size or file count. Odd effects could occur as a result. |
| 3278 | The maildirsize information is now recalculated if the size or filecount |
| 3279 | end up negative. |
| 3280 | |
| 3281 | 17. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this |
| 3282 | support for a long time. Removed HAVE_SYS_VFS_H. |
| 3283 | |
| 3284 | 18. Updated exipick to current release from John Jetmore. |
| 3285 | |
| 3286 | 19. Allow an empty sender to be matched against a lookup in an address list. |
| 3287 | Previously the only cases considered were a regular expression, or an |
| 3288 | empty pattern. |
| 3289 | |
| 3290 | 20. Exim went into a mad DNS lookup loop when doing a callout where the |
| 3291 | host was specified on the transport, if the DNS lookup yielded more than |
| 3292 | one IP address. |
| 3293 | |
| 3294 | 21. The RFC2047 encoding function was originally intended for short strings |
| 3295 | such as real names; it was not keeping to the 75-character limit for |
| 3296 | encoded words that the RFC imposes. It now respects the limit, and |
| 3297 | generates multiple encoded words if necessary. To be on the safe side, I |
| 3298 | have increased the buffer size for the ${rfc2047: expansion operator from |
| 3299 | 1024 to 2048 bytes. |
| 3300 | |
| 3301 | 22. Failure to deliver a bounce message always caused it to be frozen, even if |
| 3302 | there was an errors_to setting on the router. The errors_to setting is now |
| 3303 | respected. |
| 3304 | |
| 3305 | 23. If an IPv6 address is given for -bh or -bhc, it is now converted to the |
| 3306 | canonical form (fully expanded) before being placed in |
| 3307 | $sender_host_address. |
| 3308 | |
| 3309 | 24. Updated eximstats to version 1.33 |
| 3310 | |
| 3311 | 25. Include certificate and key file names in error message when GnuTLS fails |
| 3312 | to set them up, because the GnuTLS error message doesn't include the name |
| 3313 | of the failing file when there is a problem reading it. |
| 3314 | |
| 3315 | 26. Expand error message when OpenSSL has problems setting up cert/key files. |
| 3316 | As per change 25. |
| 3317 | |
| 3318 | 27. Reset the locale to "C" after calling embedded Perl, in case it was changed |
| 3319 | (this can affect the format of dates). |
| 3320 | |
| 3321 | 28. exim_tidydb, when checking for the continued existence of a message for |
| 3322 | which it has found a message-specific retry record, was not finding |
| 3323 | messages that were in split spool directories. Consequently, it was |
| 3324 | deleting retry records that should have stayed in existence. |
| 3325 | |
| 3326 | 29. eximstats updated to version 1.35 |
| 3327 | 1.34 - allow eximstats to parse syslog lines as well as mainlog lines |
| 3328 | 1.35 - bugfix such that pie charts by volume are generated correctly |
| 3329 | |
| 3330 | 30. The SPA authentication driver was not abandoning authentication and moving |
| 3331 | on to the next authenticator when an expansion was forced to fail, |
| 3332 | contradicting the general specification for all authenticators. Instead it |
| 3333 | was generating a temporary error. It now behaves as specified. |
| 3334 | |
| 3335 | 31. The default ordering of permitted cipher suites for GnuTLS was pessimal |
| 3336 | (the order specifies the preference for clients). The order is now AES256, |
| 3337 | AES128, 3DES, ARCFOUR128. |
| 3338 | |
| 3339 | 31. Small patch to Sieve code - explicitly set From: when generating an |
| 3340 | autoreply. |
| 3341 | |
| 3342 | 32. Exim crashed if a remote delivery caused a very long error message to be |
| 3343 | recorded - for instance if somebody sent an entire SpamAssassin report back |
| 3344 | as a large number of 550 error lines. This bug was coincidentally fixed by |
| 3345 | increasing the size of one of Exim's internal buffers (big_buffer) that |
| 3346 | happened as part of the Exiscan merge. However, to be on the safe side, I |
| 3347 | have made the code more robust (and fixed the comments that describe what |
| 3348 | is going on). |
| 3349 | |
| 3350 | 33. Some experimental protocols are using DNS PTR records for new purposes. The |
| 3351 | keys for these records are domain names, not reversed IP addresses. The |
| 3352 | dnsdb PTR lookup now tests whether its key is an IP address. If not, it |
| 3353 | leaves it alone. Component reversal etc. now happens only for IP addresses. |
| 3354 | CAN-2005-0021 |
| 3355 | |
| 3356 | 34. The host_aton() function is supposed to be passed a string that is known |
| 3357 | to be a valid IP address. However, in the case of IPv6 addresses, it was |
| 3358 | not checking this. This is a hostage to fortune. Exim now panics and dies |
| 3359 | if the condition is not met. A case was found where this could be provoked |
| 3360 | from a dnsdb PTR lookup with an IPv6 address that had more than 8 |
| 3361 | components; fortuitously, this particular loophole had already been fixed |
| 3362 | by change 4.50/55 or 4.44/33 above. |
| 3363 | |
| 3364 | If there are any other similar loopholes, the new check in host_aton() |
| 3365 | itself should stop them being exploited. The report I received stated that |
| 3366 | data on the command line could provoke the exploit when Exim was running as |
| 3367 | exim, but did not say which command line option was involved. All I could |
| 3368 | find was the use of -be with a bad dnsdb PTR lookup, and in that case it is |
| 3369 | running as the user. |
| 3370 | CAN-2005-0021 |
| 3371 | |
| 3372 | 35. There was a buffer overflow vulnerability in the SPA authentication code |
| 3373 | (which came originally from the Samba project). I have added a test to the |
| 3374 | spa_base64_to_bits() function which I hope fixes it. |
| 3375 | CAN-2005-0022 |
| 3376 | |
| 3377 | 36. The daemon start-up calls getloadavg() while still root for those OS that |
| 3378 | need the first call to be done as root, but it missed one case: when |
| 3379 | deliver_queue_load_max is set with deliver_drop_privilege. This is |
| 3380 | necessary for the benefit of the queue runner, because there is no re-exec |
| 3381 | when deliver_drop_privilege is set. |
| 3382 | |
| 3383 | 37. Caching of lookup data for "hosts =" ACL conditions, when a named host list |
| 3384 | was in use, was not putting the data itself into the right store pool; |
| 3385 | consequently, it could be overwritten for a subsequent message in the same |
| 3386 | SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked |
| 3387 | the caching.) |
| 3388 | |
| 3389 | 38. Sometimes the final signoff response after QUIT could fail to get |
| 3390 | transmitted in the non-TLS case. Testing !tls_active instead of tls_active |
| 3391 | < 0 before doing a fflush(). This bug looks as though it goes back to the |
| 3392 | introduction of TLS in release 3.20, but "sometimes" must have been rare |
| 3393 | because the tests only now provoked it. |
| 3394 | |
| 3395 | |
| 3396 | Exim version 4.43 |
| 3397 | ----------------- |
| 3398 | |
| 3399 | 1. Fixed a longstanding but relatively impotent bug: a long time ago, before |
| 3400 | PIPELINING, the function smtp_write_command() used to return TRUE or FALSE. |
| 3401 | Now it returns an integer. A number of calls were still expecting a T/F |
| 3402 | return. Fortuitously, in all cases, the tests worked in OK situations, |
| 3403 | which is the norm. However, things would have gone wrong on any write |
| 3404 | failures on the smtp file descriptor. This function is used when sending |
| 3405 | messages over SMTP and also when doing verify callouts. |
| 3406 | |
| 3407 | 2. When Exim is called to do synchronous delivery of a locally submitted |
| 3408 | message (the -odf or -odi options), it no longer closes stderr before doing |
| 3409 | the delivery. |
| 3410 | |
| 3411 | 3. Implemented the mua_wrapper option. |
| 3412 | |
| 3413 | 4. Implemented mx_fail_domains and srv_fail_domains for the dnslookup router. |
| 3414 | |
| 3415 | 5. Implemented the functions header_remove(), header_testname(), |
| 3416 | header_add_at_position(), and receive_remove_recipient(), and exported them |
| 3417 | to local_scan(). |
| 3418 | |
| 3419 | 6. If an ACL "warn" statement specified the addition of headers, Exim already |
| 3420 | inserted X-ACL-Warn: at the start if there was no header name. However, it |
| 3421 | was not making this test for the second and subsequent header lines if |
| 3422 | there were newlines in the string. This meant that an invalid header could |
| 3423 | be inserted if Exim was badly configured. |
| 3424 | |
| 3425 | 7. Allow an ACL "warn" statement to add header lines at the start or after all |
| 3426 | the Received: headers, as well as at the end. |
| 3427 | |
| 3428 | 8. Added the rcpt_4xx retry error code. |
| 3429 | |
| 3430 | 9. Added postmaster_mailfrom=xxx to callout verification option. |
| 3431 | |
| 3432 | 10. Added mailfrom=xxxx to the callout verification option, for verify= |
| 3433 | header_sender only. |
| 3434 | |
| 3435 | 11. ${substr_1_:xxxx} and ${substr__3:xxxx} are now diagnosed as syntax errors |
| 3436 | (they previously behaved as ${substr_1_0:xxxx} and ${substr:_0_3:xxxx}). |
| 3437 | |
| 3438 | 12. Inserted some casts to stop certain compilers warning when using pointer |
| 3439 | differences as field lengths or precisions in printf-type calls (mostly |
| 3440 | affecting debugging statements). |
| 3441 | |
| 3442 | 13. Added optional readline() support for -be (dynamically loaded). |
| 3443 | |
| 3444 | 14. Obscure bug fix: if a message error (e.g. 4xx to MAIL) happened within the |
| 3445 | same clock tick as a message's arrival, so that its received time was the |
| 3446 | same as the "first fail" time on the retry record, and that message |
| 3447 | remained on the queue past the ultimate address timeout, every queue runner |
| 3448 | would try a delivery (because it was past the ultimate address timeout) but |
| 3449 | after another failure, the ultimate address timeout, which should have then |
| 3450 | bounced the address, did not kick in. This was a "< instead of <=" error; |
| 3451 | in most cases the first failure would have been in the next clock tick |
| 3452 | after the received time, and all would be well. |
| 3453 | |
| 3454 | 15. The special items beginning with @ in domain lists (e.g. @mx_any) were not |
| 3455 | being recognized when the domain list was tested by the match_domain |
| 3456 | condition in an expansion string. |
| 3457 | |
| 3458 | 16. Added the ${str2b64: operator. |
| 3459 | |
| 3460 | 17. Exim was always calling setrlimit() to set a large limit for the number of |
| 3461 | processes, without checking whether the existing limit was already |
| 3462 | adequate. (It did check for the limit on file descriptors.) Furthermore, |
| 3463 | errors from getrlimit() and setrlimit() were being ignored. Now they are |
| 3464 | logged to the main and panic logs, but Exim does carry on, to try to do its |
| 3465 | job under whatever limits there are. |
| 3466 | |
| 3467 | 18. Imported PCRE 5.0. |
| 3468 | |
| 3469 | 19. Trivial typo in log message " temporarily refused connection" (the leading |
| 3470 | space). |
| 3471 | |
| 3472 | 20. If the log selector return_path_on_delivery was set and an address was |
| 3473 | redirected to /dev/null, the delivery process crashed because it assumed |
| 3474 | that a return path would always be set for a "successful" delivery. In this |
| 3475 | case, the whole delivery is bypassed as an optimization, and therefore no |
| 3476 | return path is set. |
| 3477 | |
| 3478 | 21. Internal re-arrangement: the function for sending a challenge and reading |
| 3479 | a response while authentication was assuming a zero-terminated challenge |
| 3480 | string. It's now changed to take a pointer and a length, to allow for |
| 3481 | binary data in such strings. |
| 3482 | |
| 3483 | 22. Added the cyrus_sasl authenticator (code supplied by MBM). |
| 3484 | |
| 3485 | 23. Exim was not respecting finduser_retries when seeking the login of the |
| 3486 | uid under which it was called; it was always trying 10 times. (The default |
| 3487 | setting of finduser_retries is zero.) Also, it was sleeping after the final |
| 3488 | failure, which is pointless. |
| 3489 | |
| 3490 | 24. Implemented tls_on_connect_ports. |
| 3491 | |
| 3492 | 25. Implemented acl_smtp_predata. |
| 3493 | |
| 3494 | 26. If the domain in control=submission is set empty, Exim assumes that the |
| 3495 | authenticated id is a complete email address when it generates From: or |
| 3496 | Sender: header lines. |
| 3497 | |
| 3498 | 27. Added "#define SOCKLEN_T int" to OS/os.h-SCO and OS/os.h-SCO_SV. Also added |
| 3499 | definitions to OS/Makefile-SCO and OS/Makefile-SCO_SV that put basename, |
| 3500 | chown and chgrp in /bin and hostname in /usr/bin. |
| 3501 | |
| 3502 | 28. Exim was keeping the "process log" file open after each use, just as it |
| 3503 | does for the main log. This opens the possibility of it remaining open for |
| 3504 | long periods when the USR1 signal hits a daemon. Occasional processlog |
| 3505 | errors were reported, that could have been caused by this. Anyway, it seems |
| 3506 | much more sensible not to leave this file open at all, so that is what now |
| 3507 | happens. |
| 3508 | |
| 3509 | 29. The long-running daemon process does not normally write to the log once it |
| 3510 | has entered its main loop, and it closes the log before doing so. This is |
| 3511 | so that log files can straightforwardly be renamed and moved. However, |
| 3512 | there are a couple of unusual error situations where the daemon does write |
| 3513 | log entries, and I had neglected to close the log afterwards. |
| 3514 | |
| 3515 | 30. The text of an SMTP error response that was received during a remote |
| 3516 | delivery was being truncated at 512 bytes. This is too short for some of |
| 3517 | the long messages that one sometimes sees. I've increased the limit to |
| 3518 | 1024. |
| 3519 | |
| 3520 | 31. It is now possible to make retry rules that apply only when a message has a |
| 3521 | specific sender, in particular, an empty sender. |
| 3522 | |
| 3523 | 32. Added "control = enforce_sync" and "control = no_enforce_sync". This makes |
| 3524 | it possible to be selective about when SMTP synchronization is enforced. |
| 3525 | |
| 3526 | 33. Added "control = caseful_local_part" and "control = "caselower_local_part". |
| 3527 | |
| 3528 | 32. Implemented hosts_connection_nolog. |
| 3529 | |
| 3530 | 33. Added an ACL for QUIT. |
| 3531 | |
| 3532 | 34. Setting "delay_warning=" to disable warnings was not working; it gave a |
| 3533 | syntax error. |
| 3534 | |
| 3535 | 35. Added mailbox_size and mailbox_filecount to appendfile. |
| 3536 | |
| 3537 | 36. Added control = no_multiline_responses to ACLs. |
| 3538 | |
| 3539 | 37. There was a bug in the logic of the code that waits for the clock to tick |
| 3540 | in the case where the clock went backwards by a substantial amount such |
| 3541 | that the microsecond fraction of "now" was more than the microsecond |
| 3542 | fraction of "then" (but the whole seconds number was less). |
| 3543 | |
| 3544 | 38. Added support for the libradius Radius client library this is found on |
| 3545 | FreeBSD (previously only the radiusclient library was supported). |
| 3546 | |
| 3547 | |
| 3548 | Exim version 4.42 |
| 3549 | ----------------- |
| 3550 | |
| 3551 | 1. When certain lookups returned multiple values in the form name=value, the |
| 3552 | quoting of the values was not always being done properly. Specifically: |
| 3553 | (a) If the value started with a double quote, but contained no whitespace, |
| 3554 | it was not quoted. |
| 3555 | (b) If the value contained whitespace other than a space character (i.e. |
| 3556 | tabs or newlines or carriage returns) it was not quoted. |
| 3557 | This fix has been applied to the mysql and pgsql lookups by writing a |
| 3558 | separate quoting function and calling it from the lookup code. The fix |
| 3559 | should probably also be applied to nisplus, ibase and oracle lookups, but |
| 3560 | since I cannot test any of those, I have not disturbed their existing code. |
| 3561 | |
| 3562 | 2. A hit in the callout cache for a specific address caused a log line with no |
| 3563 | reason for rejecting RCPT. Now it says "Previous (cached) callout |
| 3564 | verification failure". |
| 3565 | |
| 3566 | 3. There was an off-by-one bug in the queryprogram router. An over-long |
| 3567 | return line was truncated at 256 instead of 255 characters, thereby |
| 3568 | overflowing its buffer with the terminating zero. As well as fixing this, I |
| 3569 | have increased the buffer size to 1024 (and made a note to document this). |
| 3570 | |
| 3571 | 4. If an interrupt, such as the USR1 signal that is send by exiwhat, arrives |
| 3572 | when Exim is waiting for an SMTP response from a remote server, Exim |
| 3573 | restarts its select() call on the socket, thereby resetting its timeout. |
| 3574 | This is not a problem when such interrupts are rare. Somebody set up a cron |
| 3575 | job to run exiwhat every 2 minutes, which is less than the normal select() |
| 3576 | timeout (5 or 10 minutes). This meant that the select() timeout never |
| 3577 | kicked in because it was always reset. I have fixed this by comparing the |
| 3578 | time when an interrupt arrives with the time at the start of the first call |
| 3579 | to select(). If more time than the timeout has elapsed, the interrupt is |
| 3580 | treated as a timeout. |
| 3581 | |
| 3582 | 5. Some internal re-factoring in preparation for the addition of Sieve |
| 3583 | extensions (by MH). In particular, the "personal" test is moved to a |
| 3584 | separate function, and given an option for scanning Cc: and Bcc: (which is |
| 3585 | not set for Exim filters). |
| 3586 | |
| 3587 | 6. When Exim created an email address using the login of the caller as the |
| 3588 | local part (e.g. when creating a From: or Sender: header line), it was not |
| 3589 | quoting the local part when it contained special characters such as @. |
| 3590 | |
| 3591 | 7. Installed new OpenBSD configuration files. |
| 3592 | |
| 3593 | 8. Reworded some messages for syntax errors in "and" and "or" conditions to |
| 3594 | try to make them clearer. |
| 3595 | |
| 3596 | 9. Callout options, other than the timeout value, were being ignored when |
| 3597 | verifying sender addresses in header lines. For example, when using |
| 3598 | |
| 3599 | verify = header_sender/callout=no_cache |
| 3600 | |
| 3601 | the cache was (incorrectly) being used. |
| 3602 | |
| 3603 | 10. Added a missing instance of ${EXE} to the exim_install script; this affects |
| 3604 | only the Cygwin environment. |
| 3605 | |
| 3606 | 11. When return_path_on_delivery was set as a log selector, if different remote |
| 3607 | addresses in the same message used different return paths and parallel |
| 3608 | remote delivery occurred, the wrong values would sometimes be logged. |
| 3609 | (Whenever a remote delivery process finished, the return path value from |
| 3610 | the most recently started remote delivery process was logged.) |
| 3611 | |
| 3612 | 12. RFC 3848 specifies standard names for the "with" phrase in Received: header |
| 3613 | lines when AUTH and/or TLS are in use. This is the "received protocol" |
| 3614 | field. Exim used to use "asmtp" for authenticated SMTP, without any |
| 3615 | indication (in the protocol name) for TLS use. Now it follows the RFC and |
| 3616 | uses "esmtpa" if the connection is authenticated, "esmtps" if it is |
| 3617 | encrypted, and "esmtpsa" if it is both encrypted and authenticated. These |
| 3618 | names appear in log lines as well as in Received: header lines. |
| 3619 | |
| 3620 | 13. Installed MH's patches for Sieve to add the "copy" and "vacation" |
| 3621 | extensions, and comparison tests, and to fix some bugs. |
| 3622 | |
| 3623 | 14. Changes to the "personal" filter test: |
| 3624 | |
| 3625 | (1) The test was buggy in that it was just doing the equivalent of |
| 3626 | "contains" tests on header lines. For example, if a user's address was |
| 3627 | anne@some.where, the "personal" test would incorrectly be true for |
| 3628 | |
| 3629 | To: susanne@some.where |
| 3630 | |
| 3631 | This test is now done by extracting each address from the header in turn, |
| 3632 | and checking the entire address. Other tests that are part of "personal" |
| 3633 | are now done using regular expressions (for example, to check local parts |
| 3634 | of addresses in From: header lines). |
| 3635 | |
| 3636 | (2) The list of non-personal local parts in From: addresses has been |
| 3637 | extended to include "listserv", "majordomo", "*-request", and "owner-*", |
| 3638 | taken from the Sieve specification recommendations. |
| 3639 | |
| 3640 | (3) If the message contains any header line starting with "List-" it is |
| 3641 | treated as non-personal. |
| 3642 | |
| 3643 | (4) The test for "circular" in the Subject: header line has been removed |
| 3644 | because it now seems ill-conceived. |
| 3645 | |
| 3646 | 15. Minor typos in src/EDITME comments corrected. |
| 3647 | |
| 3648 | 16. Installed latest exipick from John Jetmore. |
| 3649 | |
| 3650 | 17. If headers_add on a router specified a text string that was too long for |
| 3651 | string_sprintf() - that is, longer than 8192 bytes - Exim panicked. The use |
| 3652 | of string_sprintf() is now avoided. |
| 3653 | |
| 3654 | 18. $message_body_size was not set (it was always zero) when running the DATA |
| 3655 | ACL and the local_scan() function. |
| 3656 | |
| 3657 | 19. For the "mail" command in an Exim filter, no default was being set for |
| 3658 | the once_repeat time, causing a random time value to be used if "once" was |
| 3659 | specified. (If the value happened to be <= 0, no repeat happened.) The |
| 3660 | default is now 0s, meaning "never repeat". The "vacation" command was OK |
| 3661 | (its default is 7d). It's somewhat surprising nobody ever noticed this bug |
| 3662 | (I found it when inspecting the code). |
| 3663 | |
| 3664 | 20. There is now an overall timeout for performing a callout verification. It |
| 3665 | defaults to 4 times the callout timeout, which applies to individual SMTP |
| 3666 | commands during the callout. The overall timeout applies when there is more |
| 3667 | than one host that can be tried. The timeout is checked before trying the |
| 3668 | next host. This prevents very long delays if there are a large number of |
| 3669 | hosts and all are timing out (e.g. when the network connections are timing |
| 3670 | out). The value of the overall timeout can be changed by specifying an |
| 3671 | additional sub-option for "callout", called "maxwait". For example: |
| 3672 | |
| 3673 | verify = sender/callout=5s,maxwait=20s |
| 3674 | |
| 3675 | 21. Add O_APPEND to the open() call for maildirsize files (Exim already seeks |
| 3676 | to the end before writing, but this should make it even safer). |
| 3677 | |
| 3678 | 22. Exim was forgetting that it had advertised PIPELINING for the second and |
| 3679 | subsequent messages on an SMTP connection. It was also not resetting its |
| 3680 | memory on STARTTLS and an internal HELO. |
| 3681 | |
| 3682 | 23. When Exim logs an SMTP synchronization error within a session, it now |
| 3683 | records whether PIPELINING has been advertised or not. |
| 3684 | |
| 3685 | 24. Added 3 instances of "(long int)" casts to time_t variables that were being |
| 3686 | formatted using %ld, because on OpenBSD (and perhaps others), time_t is int |
| 3687 | rather than long int. |
| 3688 | |
| 3689 | 25. Installed the latest Cygwin configuration files from the Cygwin maintainer. |
| 3690 | |
| 3691 | 26. Added the never_mail option to autoreply. |
| 3692 | |
| 3693 | |
| 3694 | Exim version 4.41 |
| 3695 | ----------------- |
| 3696 | |
| 3697 | 1. A reorganization of the code in order to implement 4.40/8 caused a daemon |
| 3698 | crash if the getsockname() call failed; this can happen if a connection is |
| 3699 | closed very soon after it is established. The problem was simply in the |
| 3700 | order in which certain operations were done, causing Exim to try to write |
| 3701 | to the SMTP stream before it had set up the file descriptor. The bug has |
| 3702 | been fixed by making things happen in the correct order. |
| 3703 | |
| 3704 | |
| 3705 | Exim version 4.40 |
| 3706 | ----------------- |
| 3707 | |
| 3708 | 1. If "drop" was used in a DATA ACL, the SMTP output buffer was not flushed |
| 3709 | before the connection was closed, thus losing the rejection response. |
| 3710 | |
| 3711 | 2. Commented out the definition of SOCKLEN_T in os.h-SunOS5. It is needed for |
| 3712 | some early Solaris releases, but causes trouble in current releases where |
| 3713 | socklen_t is defined. |
| 3714 | |
| 3715 | 3. When std{in,out,err} are closed, re-open them to /dev/null so that they |
| 3716 | always exist. |
| 3717 | |
| 3718 | 4. Minor refactoring of os.c-Linux to avoid compiler warning when IPv6 is not |
| 3719 | configured. |
| 3720 | |
| 3721 | 5. Refactoring in expand.c to improve memory usage. Pre-allocate a block so |
| 3722 | that releasing the top of it at the end releases what was used for sub- |
| 3723 | expansions (unless the block got too big). However, discard this block if |
| 3724 | the first thing is a variable or header, so that we can use its block when |
| 3725 | it is dynamic (useful for very large $message_headers, for example). |
| 3726 | |
| 3727 | 6. Lookups now cache *every* query, not just the most recent. A new, separate |
| 3728 | store pool is used for this. It can be recovered when all lookup caches are |
| 3729 | flushed. Lookups now release memory at the end of their result strings. |
| 3730 | This has involved some general refactoring of the lookup sources. |
| 3731 | |
| 3732 | 7. Some code has been added to the store_xxx() functions to reduce the amount |
| 3733 | of flapping under certain conditions. |
| 3734 | |
| 3735 | 8. log_incoming_interface used to affect only the <= reception log lines. Now |
| 3736 | it causes the local interface and port to be added to several more SMTP log |
| 3737 | lines, for example "SMTP connection from", and rejection lines. |
| 3738 | |
| 3739 | 9. The Sieve author supplied some patches for the doc/README.SIEVE file. |
| 3740 | |
| 3741 | 10. Added a conditional definition of _BSD_SOCKLEN_T to os.h-Darwin. |
| 3742 | |
| 3743 | 11. If $host_data was set by virtue of a hosts lookup in an ACL, its value |
| 3744 | could be overwritten at the end of the current message (or the start of a |
| 3745 | new message if it was set in a HELO ACL). The value is now preserved for |
| 3746 | the duration of the SMTP connection. |
| 3747 | |
| 3748 | 12. If a transport had a headers_rewrite setting, and a matching header line |
| 3749 | contained an unqualified address, that address was qualified, even if it |
| 3750 | did not match any rewriting rules. The underlying bug was that the values |
| 3751 | of the flags that permit the existence of unqualified sender and recipient |
| 3752 | addresses in header lines (set by {sender,recipient}_unqualified_hosts for |
| 3753 | non-local messages, and by -bnq for local messages) were not being |
| 3754 | preserved with the message after it was received. |
| 3755 | |
| 3756 | 13. When Exim was logging an SMTP synchronization error, it could sometimes log |
| 3757 | "next input=" as part of the text comprising the host identity instead of |
| 3758 | the correct text. The code was using the same buffer for two different |
| 3759 | strings. However, depending on which order the printing function evaluated |
| 3760 | its arguments, the bug did not always show up. Under Linux, for example, my |
| 3761 | test suite worked just fine. |
| 3762 | |
| 3763 | 14. Exigrep contained a use of Perl's "our" scoping after change 4.31/70. This |
| 3764 | doesn't work with some older versions of Perl. It has been changed to "my", |
| 3765 | which in any case is probably the better facility to use. |
| 3766 | |
| 3767 | 15. A really picky compiler found some instances of statements for creating |
| 3768 | error messages that either had too many or two few arguments for the format |
| 3769 | string. |
| 3770 | |
| 3771 | 16. The size of the buffer for calls to the DNS resolver has been increased |
| 3772 | from 1024 to 2048. A larger buffer is needed when performing PTR lookups |
| 3773 | for addresses that have a lot of PTR records. This alleviates a problem; it |
| 3774 | does not fully solve it. |
| 3775 | |
| 3776 | 17. A dnsdb lookup for PTR records that receives more data than will fit in the |
| 3777 | buffer now truncates the list and logs the incident, which is the same |
| 3778 | action as happens when Exim is looking up a host name and its aliases. |
| 3779 | Previously in this situation something unpredictable would happen; |
| 3780 | sometimes it was "internal error: store_reset failed". |
| 3781 | |
| 3782 | 18. If a server dropped the connection unexpectedly when an Exim client was |
| 3783 | using GnuTLS and trying to read a response, the client delivery process |
| 3784 | crashed while trying to generate an error log message. |
| 3785 | |
| 3786 | 19. If a "warn" verb in an ACL added multiple headers to a message in a single |
| 3787 | string, for example: |
| 3788 | |
| 3789 | warn message = H1: something\nH2: something |
| 3790 | |
| 3791 | the text was added as a single header line from Exim's point of view |
| 3792 | though it ended up OK in the delivered message. However, searching for the |
| 3793 | second and subsequent header lines using $h_h2: did not work. This has been |
| 3794 | fixed. Similarly, if a system filter added multiple headers in this way, |
| 3795 | the routers could not see them. |
| 3796 | |
| 3797 | 20. Expanded the error message when iplsearch is called with an invalid key to |
| 3798 | suggest using net-iplsearch in a host list. |
| 3799 | |
| 3800 | 21. When running tests using -bh, any delays imposed by "delay" modifiers in |
| 3801 | ACLs are no longer actually imposed (and a message to that effect is |
| 3802 | output). |
| 3803 | |
| 3804 | 22. If a "gecos" field in a passwd entry contained escaped characters, in |
| 3805 | particular, if it contained a \" sequence, Exim got it wrong when building |
| 3806 | a From: or a Sender: header from that name. A second bug also caused |
| 3807 | incorrect handling when an unquoted " was present following a character |
| 3808 | that needed quoting. |
| 3809 | |
| 3810 | 23. "{crypt}" as a password encryption mechanism for a "crypteq" expansion item |
| 3811 | was not being matched caselessly. |
| 3812 | |
| 3813 | 24. Arranged for all hyphens in the exim.8 source to be escaped with |
| 3814 | backslashes. |
| 3815 | |
| 3816 | 25. Change 16 of 4.32, which reversed 71 or 4.31 didn't quite do the job |
| 3817 | properly. Recipient callout cache records were still being keyed to include |
| 3818 | the sender, even when use_sender was set false. This led to far more |
| 3819 | callouts that were necessary. The sender is no longer included in the key |
| 3820 | when use_sender is false. |
| 3821 | |
| 3822 | 26. Added "control = submission" modifier to ACLs. |
| 3823 | |
| 3824 | 27. Added the ${base62d: operator to decode base 62 numbers. |
| 3825 | |
| 3826 | 28. dnsdb lookups can now access SRV records. |
| 3827 | |
| 3828 | 29. CONFIGURE_OWNER can be set at build time to define an alternative owner for |
| 3829 | the configuration file. |
| 3830 | |
| 3831 | 30. The debug message "delivering xxxxxx-xxxxxx-xx" is now output in verbose |
| 3832 | (-v) mode. This makes the output for a verbose queue run more intelligible. |
| 3833 | |
| 3834 | 31. Added a use_postmaster feature to recipient callouts. |
| 3835 | |
| 3836 | 32. Added the $body_zerocount variable, containing the number of binary zero |
| 3837 | bytes in the message body. |
| 3838 | |
| 3839 | 33. The time of last modification of the "new" subdirectory is now used as the |
| 3840 | "mailbox time last read" when there is a quota error for a maildir |
| 3841 | delivery. |
| 3842 | |
| 3843 | 34. Added string comparison operators lt, lti, le, lei, gt, gti, ge, gei. |
| 3844 | |
| 3845 | 35. Added +ignore_unknown as a special item in host lists. |
| 3846 | |
| 3847 | 36. Code for decoding IPv6 addresses in host lists is now included, even if |
| 3848 | IPv6 support is not being compiled. This fixes a bug in which an IPv6 |
| 3849 | address was recognized as an IP address, but was then not correctly decoded |
| 3850 | into binary, causing unexpected and incorrect effects when compared with |
| 3851 | another IP address. |
| 3852 | |
| 3853 | |
| 3854 | Exim version 4.34 |
| 3855 | ----------------- |
| 3856 | |
| 3857 | 1. Very minor rewording of debugging text in manualroute to say "list of |
| 3858 | hosts" instead of "hostlist". |
| 3859 | |
| 3860 | 2. If verify=header_syntax was set, and a header line with an unqualified |
| 3861 | address (no domain) and a large number of spaces between the end of the |
| 3862 | name and the colon was received, the reception process suffered a buffer |
| 3863 | overflow, and (when I tested it) crashed. This was caused by some obsolete |
| 3864 | code that should have been removed. The fix is to remove it! |
| 3865 | |
| 3866 | 3. When running in the test harness, delay a bit after writing a bounce |
| 3867 | message to get a bit more predictability in the log output. |
| 3868 | |
| 3869 | 4. Added a call to search_tidyup() just before forking a reception process. In |
| 3870 | theory, someone could use a lookup in the expansion of smtp_accept_max_ |
| 3871 | per_host which, without the tidyup, could leave open a database connection. |
| 3872 | |
| 3873 | 5. Added the variables $recipient_data and $sender_data which get set from a |
| 3874 | lookup success in an ACL "recipients" or "senders" condition, or a router |
| 3875 | "senders" option, similar to $domain_data and $local_part_data. |
| 3876 | |
| 3877 | 6. Moved the writing of debug_print from before to after the "senders" test |
| 3878 | for routers. |
| 3879 | |
| 3880 | 7. Change 4.31/66 (moving the time when the Received: is generated) caused |
| 3881 | problems for message scanning, either using a data ACL, or using |
| 3882 | local_scan() because the Received: header was not generated till after they |
| 3883 | were called (in order to set the time as the time of reception completion). |
| 3884 | I have revised the way this works. The header is now generated after the |
| 3885 | body is received, but before the ACL or local_scan() are called. After they |
| 3886 | are run, the timestamp in the header is updated. |
| 3887 | |
| 3888 | |
| 3889 | Exim version 4.33 |
| 3890 | ----------------- |
| 3891 | |
| 3892 | 1. Change 4.24/6 introduced a bug because the SIGALRM handler was disabled |
| 3893 | before starting a queue runner without re-exec. This happened only when |
| 3894 | deliver_drop_privilege was set or when the Exim user was set to root. The |
| 3895 | effect of the bug was that timeouts during subsequent deliveries caused |
| 3896 | crashes instead of being properly handled. The handler is now left at its |
| 3897 | default (and expected) setting. |
| 3898 | |
| 3899 | 2. The other case in which a daemon avoids a re-exec is to deliver an incoming |
| 3900 | message, again when deliver_drop_privilege is set or Exim is run as root. |
| 3901 | The bug described in (1) was not present in this case, but the tidying up |
| 3902 | of the other signals was missing. I have made the two cases consistent. |
| 3903 | |
| 3904 | 3. The ignore_target_hosts setting on a manualroute router was being ignored |
| 3905 | for hosts that were looked up using the /MX notation. |
| 3906 | |
| 3907 | 4. Added /ignore=<ip list> feature to @mx_any, @mx_primary, and @mx_secondary |
| 3908 | in domain lists. |
| 3909 | |
| 3910 | 5. Change 4.31/55 was buggy, and broke when there was a rewriting rule that |
| 3911 | operated on the sender address. After changing the $sender_address to <> |
| 3912 | for the sender address verify, Exim was re-instated it as the original |
| 3913 | (before rewriting) address, but remembering that it had rewritten it, so it |
| 3914 | wasn't rewriting it again. This bug also had the effect of breaking the |
| 3915 | sender address verification caching when the sender address was rewritten. |
| 3916 | |
| 3917 | 6. The ignore_target_hosts option was being ignored by the ipliteral router. |
| 3918 | This has been changed so that if the ip literal address matches |
| 3919 | ignore_target_hosts, the router declines. |
| 3920 | |
| 3921 | 7. Added expansion conditions match_domain, match_address, and match_local_ |
| 3922 | part (NOT match_host). |
| 3923 | |
| 3924 | 8. The placeholder for the Received: header didn't have a length field set. |
| 3925 | |
| 3926 | 9. Added code to Exim itself and to exim_lock to test for a specific race |
| 3927 | condition that could lead to file corruption when using MBX delivery. The |
| 3928 | issue is with the lockfile that is created in /tmp. If this file is removed |
| 3929 | after a process has opened it but before that process has acquired a lock, |
| 3930 | there is the potential for a second process to recreate the file and also |
| 3931 | acquire a lock. This could lead to two Exim processes writing to the file |
| 3932 | at the same time. The added code performs the same test as UW imapd; it |
| 3933 | checks after acquiring the lock that its file descriptor still refers to |
| 3934 | the same named file. |
| 3935 | |
| 3936 | 10. The buffer for building added header lines was of fixed size, 8192 bytes. |
| 3937 | It is now parameterized by HEADER_ADD_BUFFER_SIZE and this can be adjusted |
| 3938 | when Exim is built. |
| 3939 | |
| 3940 | 11. Added the smtp_active_hostname option. If used, this will typically be made |
| 3941 | to depend on the incoming interface address. Because $interface_address is |
| 3942 | not set up until the daemon has forked a reception process, error responses |
| 3943 | that can happen earlier (such as "too many connections") no longer contain |
| 3944 | a host name. |
| 3945 | |
| 3946 | 12. If an expansion in a condition on a "warn" statement fails because a lookup |
| 3947 | defers, the "warn" statement is abandoned, and the next ACL statement is |
| 3948 | processed. Previously this caused the whole ACL to be aborted. |
| 3949 | |
| 3950 | 13. Added the iplsearch lookup type. |
| 3951 | |
| 3952 | 14. Added ident_timeout as a log selector. |
| 3953 | |
| 3954 | 15. Added tls_certificate_verified as a log selector. |
| 3955 | |
| 3956 | 16. Added a global option tls_require_ciphers (compare the smtp transport |
| 3957 | option of the same name). This controls incoming TLS connections. |
| 3958 | |
| 3959 | 17. I finally figured out how to make tls_require_ciphers do a similar thing |
| 3960 | in GNUtls to what it does in OpenSSL, that is, set up an appropriate list |
| 3961 | before starting the TLS session. |
| 3962 | |
| 3963 | 18. Tabs are now shown as \t in -bP output. |
| 3964 | |
| 3965 | 19. If the log selector return_path_on_delivery was set, Exim crashed when |
| 3966 | bouncing a message because it had too many Received: header lines. |
| 3967 | |
| 3968 | 20. If two routers both had headers_remove settings, and the first one included |
| 3969 | a superfluous trailing colon, the final name in the first list and the |
| 3970 | first name in the second list were incorrectly joined into one item (with a |
| 3971 | colon in the middle). |
| 3972 | |
| 3973 | |
| 3974 | Exim version 4.32 |
| 3975 | ----------------- |
| 3976 | |
| 3977 | 1. Added -C and -D options to the exinext utility, mainly to make it easier |
| 3978 | to include in the automated testing, but these could be helpful when |
| 3979 | multiple configurations are in use. |
| 3980 | |
| 3981 | 2. The exinext utility was not formatting the output nicely when there was |
| 3982 | an alternate port involved in the retry record key, nor when there was a |
| 3983 | message id as well (for retries that were specific to a specific message |
| 3984 | and a specific host). It was also confused by IPv6 addresses, because of |
| 3985 | the additional colons they contain. I have fixed the IPv4 problem, and |
| 3986 | patched it up to do a reasonable job for IPv6. |
| 3987 | |
| 3988 | 3. When there is an error after a MAIL, RCPT, or DATA SMTP command during |
| 3989 | delivery, the log line now contains "pipelined" if PIPELINING was used. |
| 3990 | |
| 3991 | 4. An SMTP transport process used to panic and die if the bind() call to set |
| 3992 | an explicit outgoing interface failed. This has been changed; it is now |
| 3993 | treated in the same way as a connect() failure. |
| 3994 | |
| 3995 | 5. A reference to $sender_host_name in the part of a conditional expansion |
| 3996 | that was being skipped was still causing a DNS lookup. This no longer |
| 3997 | occurs. |
| 3998 | |
| 3999 | 6. The def: expansion condition was not recognizing references to header lines |
| 4000 | that used bh_ and bheader_. |
| 4001 | |
| 4002 | 7. Added the _cache feature to named lists. |
| 4003 | |
| 4004 | 8. The code for checking quota_filecount in the appendfile transport was |
| 4005 | allowing one more file than it should have been. |
| 4006 | |
| 4007 | 9. For compatibility with Sendmail, the command line option |
| 4008 | |
| 4009 | -prval:sval |
| 4010 | |
| 4011 | is equivalent to |
| 4012 | |
| 4013 | -oMr rval -oMs sval |
| 4014 | |
| 4015 | and sets the incoming protocol and host name (for trusted callers). The |
| 4016 | host name and its colon can be omitted when only the protocol is to be set. |
| 4017 | Note the Exim already has two private options, -pd and -ps, that refer to |
| 4018 | embedded Perl. It is therefore impossible to set a protocol value of "d" or |
| 4019 | "s", but I don't think that's a major issue. |
| 4020 | |
| 4021 | 10. A number of refactoring changes to the code, none of which should affect |
| 4022 | Exim's behaviour: |
| 4023 | |
| 4024 | (a) The number of logging options was getting close to filling up the |
| 4025 | 32-bit word that was used as a bit map. I have split them into two classes: |
| 4026 | those that are passed in the argument to log_write(), and those that are |
| 4027 | only ever tested independently outside of that function. These are now in |
| 4028 | separate 32-bit words, so there is plenty of room for expansion again. |
| 4029 | There is no change in the user interface or the logging behaviour. |
| 4030 | |
| 4031 | (b) When building, for example, log lines, the code previously used a |
| 4032 | macro that called string_cat() twice, in order to add two strings. This is |
| 4033 | not really sufficiently general. Furthermore, there was one instance where |
| 4034 | it was actually wrong because one of the argument was used twice, and in |
| 4035 | one call a function was used. (As it happened, calling the function twice |
| 4036 | did not affect the overall behaviour.) The macro has been replaced by a |
| 4037 | function that can join an arbitrary number of extra strings onto a growing |
| 4038 | string. |
| 4039 | |
| 4040 | (c) The code for expansion conditions now uses a table and a binary chop |
| 4041 | instead of a serial search (which was left over from when there were very |
| 4042 | few conditions). Also, it now recognizes conditions like "pam" even when |
| 4043 | the relevant support is not compiled in: a suitably worded error message is |
| 4044 | given if an attempt is made to use such a condition. |
| 4045 | |
| 4046 | 11. Added ${time_interval:xxxxx}. |
| 4047 | |
| 4048 | 12. A bug was causing one of the ddress fields not to be passed back correctly |
| 4049 | from remote delivery subprocesses. The field in question was not being |
| 4050 | subsequently used, so this caused to problems in practice. |
| 4051 | |
| 4052 | 13. Added new log selectors queue_time and deliver_time. |
| 4053 | |
| 4054 | 14. Might have fixed a bug in maildirsizefile handling that threw up |
| 4055 | "unexpected character" debug warnings, and recalculated the data |
| 4056 | unnecessarily. In any case, I expanded the warning message to give more |
| 4057 | information. |
| 4058 | |
| 4059 | 15. Added the message "Restricted characters in address" to the statements in |
| 4060 | the default ACL that block characters like @ and % in local parts. |
| 4061 | |
| 4062 | 16. Change 71 for release 4.31 proved to be much less benign that I imagined. |
| 4063 | Three changes have been made: |
| 4064 | |
| 4065 | (a) There was a serious bug; a negative response to MAIL caused the whole |
| 4066 | recipient domain to be cached as invalid, thereby blocking all messages |
| 4067 | to all local parts at the same domain, from all senders. This bug has |
| 4068 | been fixed. The domain is no longer cached after a negative response to |
| 4069 | MAIL if the sender used is not empty. |
| 4070 | |
| 4071 | (b) The default behaviour of using MAIL FROM:<> for recipient callouts has |
| 4072 | been restored. |
| 4073 | |
| 4074 | (c) A new callout option, "use_sender" has been added for people who want |
| 4075 | the modified behaviour. |
| 4076 | |
| 4077 | |
| 4078 | Exim version 4.31 |
| 4079 | ----------------- |
| 4080 | |
| 4081 | 1. Removed "EXTRALIBS=-lwrap" from OS/Makefile-Unixware7 on the advice of |
| 4082 | Larry Rosenman. |
| 4083 | |
| 4084 | 2. Removed "LIBS = -lresolv" from OS/Makefile-Darwin as it is not needed, and |
| 4085 | indeed breaks things for older releases. |
| 4086 | |
| 4087 | 3. Added additional logging to the case where there is a problem reading data |
| 4088 | from a filter that is running in a subprocess using a pipe, in order to |
| 4089 | try to track down a specific problem. |
| 4090 | |
| 4091 | 4. Testing facility fudge: when running in the test harness and attempting |
| 4092 | to connect to 10.x.x.x (expecting a connection timeout) I'm now sometimes |
| 4093 | getting "No route to host". Convert this to a timeout. |
| 4094 | |
| 4095 | 5. Define ICONV_ARG2_TYPE as "char **" for Unixware7 to avoid compiler |
| 4096 | warning. |
| 4097 | |
| 4098 | 6. Some OS don't have socklen_t but use size_t instead. This affects the |
| 4099 | fifth argument of getsockopt() amongst other things. This is now |
| 4100 | configurable by a macro called SOCKLEN_T which defaults to socklen_t, but |
| 4101 | can be set for individual OS. I have set it for SunOS5, OSF1, and |
| 4102 | Unixware7. Current versions of SunOS5 (aka Solaris) do have socklen_t, but |
| 4103 | some earlier ones do not. |
| 4104 | |
| 4105 | 7. Change 4.30/15 was not doing the test caselessly. |
| 4106 | |
| 4107 | 8. The standard form for an IPv6 address literal was being rejected by address |
| 4108 | parsing in, for example, MAIL and RCPT commands. An example of this kind of |
| 4109 | address is [IPv6:2002:c1ed:8229:10:202:2dff:fe07:a42a]. Exim now accepts |
| 4110 | this, as well as the form without the "IPv6" on the front (but only when |
| 4111 | address literals are enabled, of course). |
| 4112 | |
| 4113 | 9. Added some casts to avoid compiler warnings in OS/os.c-Linux. |
| 4114 | |
| 4115 | 10. Exim crashed if a message with an empty sender address specified by -f |
| 4116 | encountered a router with an errors_to setting. This could be provoked only |
| 4117 | by a command such as |
| 4118 | |
| 4119 | exim -f "" ... |
| 4120 | |
| 4121 | where an empty string was supplied; "<>" did not hit this bug. |
| 4122 | |
| 4123 | 11. Installed PCRE release 4.5. |
| 4124 | |
| 4125 | 12. If EHLO/HELO was rejected by an ACL, the value of $sender_helo_name |
| 4126 | remained set. It is now erased. |
| 4127 | |
| 4128 | 13. exiqgrep wasn't working on MacOS X because it didn't correctly compute |
| 4129 | times from message ids (which are base 36 rather than the normal 62). |
| 4130 | |
| 4131 | 14. "Expected" SMTP protocol errors that can arise when PIPELINING is in use |
| 4132 | were being counted as actual protocol errors, and logged if the log |
| 4133 | selector +smtp_protocol_error was set. One cannot be perfect in this test, |
| 4134 | but now, if PIPELINING has been advertised, RCPT following a rejected MAIL, |
| 4135 | and DATA following a set of rejected RCPTs do not count as protocol errors. |
| 4136 | In other words, Exim assumes they were pipelined, though this may not |
| 4137 | actually be the case. Of course, in all cases the client gets an |
| 4138 | appropriate error code. |
| 4139 | |
| 4140 | 15. If a lookup fails in an ACL condition, a message about the failure may |
| 4141 | be available; it is used if testing the ACL cannot continue, because most |
| 4142 | such messages specify what the cause of the deferral is. However, some |
| 4143 | messages (e.g. "MYSQL: no data found") do not cause a defer. There was bug |
| 4144 | that caused an old message to be retained and used if a later statement |
| 4145 | caused a defer, replacing the real cause of the deferral. |
| 4146 | |
| 4147 | 16. If an IP address had so many PTR records that the DNS lookup buffer |
| 4148 | was not large enough to hold them, Exim could crash while trying to process |
| 4149 | the truncated data. It now detects and logs this case. |
| 4150 | |
| 4151 | 17. Further to 4.21/58, another change has been made: if (and only if) the |
| 4152 | first line of a message (the first header line) ends with CRLF, a bare LF |
| 4153 | in a subsequent header line has a space inserted after it, so as not to |
| 4154 | terminate the header. |
| 4155 | |
| 4156 | 18. Refactoring: tidied an ugly bit of code in appendfile that copied data |
| 4157 | unnecessarily, used atoi() instead of strtol(), and didn't check the |
| 4158 | termination when getting file sizes from file names by regex. |
| 4159 | |
| 4160 | 19. Completely re-implemented the support for maildirsize files, in the light |
| 4161 | of a number of problems with the previous contributed implementation |
| 4162 | (4.30/29). In particular: |
| 4163 | |
| 4164 | . If the quota is zero, the maildirsize file is maintained, but no quota is |
| 4165 | imposed. |
| 4166 | |
| 4167 | . If the maildir directory does not exist, it is created before any attempt |
| 4168 | to write a maildirsize file. |
| 4169 | |
| 4170 | . The quota value in the file is just a cache; if the quota is changed in |
| 4171 | the transport, the new value overrides. |
| 4172 | |
| 4173 | . A regular expression is available for excluding directories from the |
| 4174 | count. |
| 4175 | |
| 4176 | 20. The autoreply transport checks the characters in options that define the |
| 4177 | message's headers; it allows continued headers, but it was checking with |
| 4178 | isspace() after an embedded newline instead of explicitly looking for a |
| 4179 | space or a tab. |
| 4180 | |
| 4181 | 21. If all the "regular" hosts to which an address was routed had passed their |
| 4182 | expiry times, and had not reached their retry times, the address was |
| 4183 | bounced, even if fallback hosts were defined. Now Exim should go on to try |
| 4184 | the fallback hosts. |
| 4185 | |
| 4186 | 22. Increased buffer sizes in the callout code from 1024 to 4096 to match the |
| 4187 | equivalent code in the SMTP transport. Some hosts send humungous responses |
| 4188 | to HELO/EHLO, more than 1024 it seems. |
| 4189 | |
| 4190 | 23. Refactoring: code in filter.c used (void *) for "any old type" but this |
| 4191 | gives compiler warnings in some environments. I've now done it "properly", |
| 4192 | using a union. |
| 4193 | |
| 4194 | 24. The replacement for inet_ntoa() that is used with gcc on IRIX systems |
| 4195 | (because of problems with the built-in one) was declared to return uschar * |
| 4196 | instead of char *, causing compiler failure. |
| 4197 | |
| 4198 | 25. Fixed a file descriptor leak when processing alias/forward files. |
| 4199 | |
| 4200 | 26. Fixed a minor format string issue in dbfn.c. |
| 4201 | |
| 4202 | 27. Typo in exim.c: ("dmbnz" for "dbmnz"). |
| 4203 | |
| 4204 | 28. If a filter file refered to $h_xxx or $message_headers, and the headers |
| 4205 | contained RFC 2047 "words", Exim's memory could, under certain conditions, |
| 4206 | become corrupted. |
| 4207 | |
| 4208 | 29. When a sender address is verified, it is cached, to save repeating the test |
| 4209 | when there is more than one recipient in a message. However, when the |
| 4210 | verification involves a callout, it is possible for different callout |
| 4211 | options to be set for different recipients. It is too complicated to keep |
| 4212 | track of this in the cache, so now Exim always runs a verification when a |
| 4213 | callout is required, relying on the callout cache for the optimization. |
| 4214 | The overhead is duplication of the address routing, but this should not be |
| 4215 | too great. |
| 4216 | |
| 4217 | 30. Fixed a bug in callout caching. If a RCPT command caused the sender address |
| 4218 | to be verified with callout=postmaster, and the main callout worked but the |
| 4219 | postmaster check failed, the verification correctly failed. However, if a |
| 4220 | subsequent RCPT command asked for sender verification *without* the |
| 4221 | postmaster check, incorrect caching caused this verification also to fail, |
| 4222 | incorrectly. |
| 4223 | |
| 4224 | 31. Exim caches DNS lookup failures so as to avoid multiple timeouts; however, |
| 4225 | it was not caching the DNS options (qualify_single, search_parents) that |
| 4226 | were used when the lookup failed. A subsequent lookup with different |
| 4227 | options therefore always gave the same answer, though there were cases |
| 4228 | where it should not have. (Example: a "domains = !$mx_any" option on a |
| 4229 | dnslookup router: the "domains" option is always processed without any |
| 4230 | widening, but the router might have qualify_single set.) Now Exim uses the |
| 4231 | cached value only when the same options are set. |
| 4232 | |
| 4233 | 32. Added John Jetmore's "exipick" utility to the distribution. |
| 4234 | |
| 4235 | 33. GnuTLS: When an attempt to start a TLS session fails for any reason other |
| 4236 | than a timeout (e.g. a certificate is required, and is not provided), an |
| 4237 | Exim server now closes the connection immediately. Previously it waited for |
| 4238 | the client to close - but if the client is SSL, it seems that they each |
| 4239 | wait for each other, leading to a delay before one of them times out. |
| 4240 | |
| 4241 | 34: GnuTLS: Updated the code to use the new GnuTLS 1.0.0 API. I have not |
| 4242 | maintained 0.8.x compatibility because I don't think many are using it, and |
| 4243 | it is clearly obsolete. |
| 4244 | |
| 4245 | 35. Added TLS support for CRLs: a tls_crl global option and one for the smtp |
| 4246 | transport. |
| 4247 | |
| 4248 | 36. OpenSSL: $tls_certificate_verified was being set to 1 even if the |
| 4249 | client certificate was expired. A simple patch fixes this, though I don't |
| 4250 | understand the full logic of why the verify callback is called multiple |
| 4251 | times. |
| 4252 | |
| 4253 | 37. OpenSSL: a patch from Robert Roselius: "Enable client-bug workaround. |
| 4254 | Versions of OpenSSL as of 0.9.6d include a 'CBC countermeasure' feature, |
| 4255 | which causes problems with some clients (such as the Certicom SSL Plus |
| 4256 | library used by Eudora). This option, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, |
| 4257 | disables the coutermeasure allowing Eudora to connect." |
| 4258 | |
| 4259 | 38. Exim was not checking that a write() to a log file succeeded. This could |
| 4260 | lead to Bad Things if a log got too big, in particular if it hit a file |
| 4261 | size limit. Exim now panics and dies if it cannot write to a log file, just |
| 4262 | as it does if it cannot open a log file. |
| 4263 | |
| 4264 | 39. Modified OS/Makefile-Linux so that it now contains |
| 4265 | |
| 4266 | CFLAGS=-O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE |
| 4267 | |
| 4268 | The two -D definitions ensure that Exim is compiled with large file |
| 4269 | support, which makes it possible to handle log files that are bigger than |
| 4270 | 2^31. |
| 4271 | |
| 4272 | 40. Fixed a subtle caching bug: if (in an ACL or a set of routers, for |
| 4273 | instance) a domain was checked against a named list that involved a lookup, |
| 4274 | causing $domain_data to be set, then another domain was checked against the |
| 4275 | same list, then the first domain was re-checked, the value of $domain_data |
| 4276 | after the final check could be wrong. In particular, if the second check |
| 4277 | failed, it could be set empty. This bug probably also applied to |
| 4278 | $localpart_data. |
| 4279 | |
| 4280 | 41. The strip_trailing_dot option was not being applied to the address given |
| 4281 | with the -f command-line option. |
| 4282 | |
| 4283 | 42. The code for reading a message's header from the spool was incrementing |
| 4284 | $received_count, but never initializing it. This meant that the value was |
| 4285 | incorrect (doubled) while delivering a message in the same process in which |
| 4286 | it was received. In the most common configuration of Exim, this never |
| 4287 | happens - a fresh exec is done - but it can happen when |
| 4288 | deliver_drop_privilege is set. |
| 4289 | |
| 4290 | 43. When Exim logs an SMTP synchronization error - client data sent too soon - |
| 4291 | it now includes up to 150 characters of the unexpected data in the log |
| 4292 | line. |
| 4293 | |
| 4294 | 44. The exim_dbmbuild utility uses fixed size buffers for reading input lines |
| 4295 | and building data strings. The size of both of these buffers was 10 000 |
| 4296 | bytes - far larger than anybody would *ever* want, thought I. Needless to |
| 4297 | say, somebody hit the limit. I have increased the maximum line length to |
| 4298 | 20 000 and the maximum data length of concatenated lines to 100 000. I have |
| 4299 | also fixed two bugs, because there was no checking on these buffers. Tsk, |
| 4300 | tsk. Now exim_dbmbuild gives a message and exits with an error code if a |
| 4301 | buffer is too small. |
| 4302 | |
| 4303 | 45. The exim_dbmbuild utility did not support quoted keys, as Exim does in |
| 4304 | lsearch lookups. Now it does. |
| 4305 | |
| 4306 | 46. When parsing a route_list item in a manualroute router, a fixed-length |
| 4307 | buffer was used for the list of hosts. I made this 1024 bytes long, |
| 4308 | thinking that nobody would ever have a list of hosts that long. Wrong. |
| 4309 | Somebody had a whole pile of complicated expansion conditions, and the |
| 4310 | string was silently truncated, leading to an expansion error. It turns out |
| 4311 | that it is easier to change to an unlimited length (owing to other changes |
| 4312 | that have happened since this code was originally written) than to build |
| 4313 | structure for giving a limitation error. The length of the item that |
| 4314 | expands into the list of hosts is now unlimited. |
| 4315 | |
| 4316 | 47. The lsearch lookup could not handle data where the length of text line was |
| 4317 | more than 4095 characters. Such lines were truncated, leading to shortened |
| 4318 | data being returned. It should now handle lines of any length. |
| 4319 | |
| 4320 | 48. Minor wording revision: "cannot test xxx in yyy ACL" becomes "cannot test |
| 4321 | xxx condition in yyy ACL" (e.g. "cannot test domains condition in DATA |
| 4322 | ACL"). |
| 4323 | |
| 4324 | 49. Cosmetic tidy to scripts like exicyclog that are generated by globally |
| 4325 | replacing strings such as BIN_DIRECTORY in a source file: the replacement |
| 4326 | no longer happens in comment lines. A list of replacements is now placed |
| 4327 | at the head of all of the source files, except those whose only change is |
| 4328 | to replace PERL_COMMAND in the very first #! line. |
| 4329 | |
| 4330 | 50. Replaced the slow insertion sort in queue.c, for sorting the list of |
| 4331 | messages on the queue, with a bottom-up merge sort, using code contributed |
| 4332 | by Michael Haardt. This should make operations like -bp somewhat faster on |
| 4333 | large queues. It won't affect queue runners, except when queue_run_in_order |
| 4334 | is set. |
| 4335 | |
| 4336 | 51. Installed eximstats 1.31 in the distribution. |
| 4337 | |
| 4338 | 52. Added support for SRV lookups to the dnslookup router. |
| 4339 | |
| 4340 | 53. If an ACL referred to $message_body or $message_body_end, the value was not |
| 4341 | reset for any messages that followed in the same SMTP session. |
| 4342 | |
| 4343 | 54. The store-handling optimization for building very long strings was not |
| 4344 | differentiating between the different store pools. I don't think this |
| 4345 | actually made any difference in practice, but I've tidied it. |
| 4346 | |
| 4347 | 55. While running the routers to verify a sender address, $sender_address |
| 4348 | was still set to the sender address. This is wrong, because when routing to |
| 4349 | send a bounce to the sender, it would be empty. Therefore, I have changed |
| 4350 | it so that, while verifying a sender address, $sender_address is set to <>. |
| 4351 | (There is no change to what happens when verifying a recipient address.) |
| 4352 | |
| 4353 | 56. After finding MX (or SRV) records, Exim was doing a DNS lookup for the |
| 4354 | target A or AAAA records (if not already returned) without resetting the |
| 4355 | qualify_single or search_parents options of the DNS resolver. These are |
| 4356 | inappropriate in this case because the targets of MX and SRV records must |
| 4357 | be FQDNs. A broken DNS record could cause trouble if it happened to have a |
| 4358 | target that, when qualified, matched something in the local domain. These |
| 4359 | two options are now turned off when doing these lookups. |
| 4360 | |
| 4361 | 57. It seems that at least some releases of Reiserfs (which does not have the |
| 4362 | concept of a fixed number of inodes) returns zero and not -1 for the |
| 4363 | number of available inodes. This interacted badly with check_spool_inodes, |
| 4364 | which assumed that -1 was the "no such thing" setting. What I have done is |
| 4365 | to check that the total number of inodes is greater than zero before doing |
| 4366 | the test of how many are available. |
| 4367 | |
| 4368 | 58. When a "warn" ACL statement has a log_message modifier, the message is |
| 4369 | remembered, and not repeated. This is to avoid a lot of repetition when a |
| 4370 | message has many recipients that cause the same warning to be written. |
| 4371 | Howewer, Exim was preserving the list of already written lines for an |
| 4372 | entire SMTP session, which doesn't seem right. The memory is now reset if a |
| 4373 | new message is started. |
| 4374 | |
| 4375 | 59. The "rewrite" debugging flag was not showing the result of rewriting in the |
| 4376 | debugging output unless log_rewrite was also set. |
| 4377 | |
| 4378 | 60. Avoid a compiler warning on 64-bit systems in dsearch.c by avoiding the use |
| 4379 | of (int)(handle) when we know that handle contains (void *)(-1). |
| 4380 | |
| 4381 | 61. The Exim daemon panic-logs an error return when it closes the incoming |
| 4382 | connection. However "connection reset by peer" seems to be common, and |
| 4383 | isn't really an error worthy of noting specially, so that particular error |
| 4384 | is no long logged. |
| 4385 | |
| 4386 | 62. When Exim is trying to find all the local interfaces, it used to panic and |
| 4387 | die if the ioctl to get the interface flags failed. However, it seems that |
| 4388 | on at least one OS (Solaris 9) it is possible to have an interface that is |
| 4389 | included in the list of interfaces, but for which you get a failure error |
| 4390 | for this call. This happens when the interface is not "plumbed" into a |
| 4391 | protocol (i.e. neither IPv4 nor IPv6). I've changed the code so that a |
| 4392 | failure of the "get flags" call assumes that the interface is down. |
| 4393 | |
| 4394 | 63. Added a ${eval10: operator, which assumes all numbers are decimal. This |
| 4395 | makes life easier for people who are doing arithmetic on fields extracted |
| 4396 | from dates, where you often get leading zeros that should not be |
| 4397 | interpreted as octal. |
| 4398 | |
| 4399 | 64. Added qualify_domain to the redirect router, to override the global |
| 4400 | setting. |
| 4401 | |
| 4402 | 65. If a pathologically long header line contained very many addresses (the |
| 4403 | report of this problem mentioned 10 000) and each of them was rewritten, |
| 4404 | Exim could use up a very large amount of memory. (It kept on making new |
| 4405 | copies of the header line as it rewrote, and never released the old ones.) |
| 4406 | At the expense of a bit more processing, the header rewriting function has |
| 4407 | been changed so that it no longer eats memory in this way. |
| 4408 | |
| 4409 | 66. The generation of the Received: header has been moved from the time that a |
| 4410 | message starts to be received, to the time that it finishes. The timestamp |
| 4411 | in the Received: header should now be very close to that of the <= log |
| 4412 | line. There are two side-effects of this change: |
| 4413 | |
| 4414 | (a) If a message is rejected by a DATA or non-SMTP ACL or local_scan(), the |
| 4415 | logged header lines no longer include the local Received: line, because |
| 4416 | it has not yet been created. The same applies to a copy of the message |
| 4417 | that is returned to a non-SMTP sender when a message is rejected. |
| 4418 | |
| 4419 | (b) When a filter file is tested using -bf, no additional Received: header |
| 4420 | is added to the test message. After some thought, I decided that this |
| 4421 | is a bug fix. |
| 4422 | |
| 4423 | This change does not affect the value of $received_for. It is still set |
| 4424 | after address rewriting, but before local_scan() is called. |
| 4425 | |
| 4426 | 67. Installed the latest Cygwin-specific files from the Cygwin maintainer. |
| 4427 | |
| 4428 | 68. GnuTLS: If an empty file is specified for tls_verify_certificates, GnuTLS |
| 4429 | gave an unhelpful panic error message, and a defer error. I have managed to |
| 4430 | change this behaviour so that it now rejects any supplied certificate, |
| 4431 | which seems right, as the list of acceptable certificates is empty. |
| 4432 | |
| 4433 | 69. OpenSSL: If an empty file is specified for tls_verify_certificates, OpenSSL |
| 4434 | gave an unhelpful defer error. I have not managed to make this reject any |
| 4435 | supplied certificates, but the error message it gives is "no certificate |
| 4436 | supplied", which is not helpful. |
| 4437 | |
| 4438 | 70. exigrep's output now also includes lines that are not associated with any |
| 4439 | message, but which match the given pattern. Implemented by a patch from |
| 4440 | Martin Sluka, which also tidied up the Perl a bit. |
| 4441 | |
| 4442 | 71. Recipient callout verification, like sender verification, was using <> in |
| 4443 | the MAIL FROM command. This isn't really the right thing, since the actual |
| 4444 | sender may affect whether the remote host accepts the recipient or not. I |
| 4445 | have changed it to use the actual sender in the callout; this means that |
| 4446 | the cache record is now keyed on a recipient/sender pair, not just the |
| 4447 | recipient address. There doesn't seem to be a real danger of callout loops, |
| 4448 | since a callout by the remote host to check the sender would use <>. |
| 4449 | [SEE ABOVE: changed after hitting problems.] |
| 4450 | |
| 4451 | 72. Exim treats illegal SMTP error codes that do not begin with 4 or 5 as |
| 4452 | temporary errors. However, in the case of such a code being given after |
| 4453 | the end of a data transmission (i.e. after ".") Exim was failing to write |
| 4454 | a retry record for the message. (Yes, there was some broken host that was |
| 4455 | actually sending 8xx at this point.) |
| 4456 | |
| 4457 | 73. An unknown lookup type in a host list could cause Exim to panic-die when |
| 4458 | the list was checked. (An example that provoked this was putting <; in the |
| 4459 | middle of a list instead of at the start.) If this happened during a DATA |
| 4460 | ACL check, a -D file could be left lying around. This kind of configuration |
| 4461 | error no longer causes Exim to die; instead it causes a defer errror. The |
| 4462 | incident is still logged to the main and panic logs. |
| 4463 | |
| 4464 | 74. Buglet left over from Exim 3 conversion. The message "too many messages |
| 4465 | in one connection" was written to the rejectlog but not the mainlog, except |
| 4466 | when address rewriting (yes!) was being logged. |
| 4467 | |
| 4468 | 75. Added write_rejectlog option. |
| 4469 | |
| 4470 | 76. When a system filter was run not as root (that is, when system_filter_user |
| 4471 | was set), the values of the $n variables were not being returned to the |
| 4472 | main process; thus, they were not subsequently available in the $sn |
| 4473 | variables. |
| 4474 | |
| 4475 | 77. Added +return_path_on_delivery log selector. |
| 4476 | |
| 4477 | 78. A connection timeout was being treated differently from recipients deferred |
| 4478 | when testing hosts_max_try with a message that was older than the host's |
| 4479 | retry timeout. (The host should not be counted, thus allowing all hosts to |
| 4480 | be tried at least once before bouncing.) This may have been the cause of an |
| 4481 | occasionally reported bug whereby a message would remain on the queue |
| 4482 | longer than the retry timeout, but would be bounced if a delivery was |
| 4483 | forced. I say "may" because I never totally pinned down the problem; |
| 4484 | setting up timeout/retry tests is difficult. See also the next item. |
| 4485 | |
| 4486 | 79. The ultimate address timeout was not being applied to errors that involved |
| 4487 | a combination of host plus message (for example, a timeout on a MAIL |
| 4488 | command). When an address resolved to a number of possible hosts, and they |
| 4489 | were not all tried for each delivery (e.g. because of hosts_max_try), a |
| 4490 | message could remain on the queue longer than the retry timeout. |
| 4491 | |
| 4492 | 80. Sieve bug: "stop" inside "elsif" was broken. Applied a patch from Michael |
| 4493 | Haardt. |
| 4494 | |
| 4495 | 81. Fixed an obscure SMTP outgoing bug which required at least the following |
| 4496 | conditions: (a) there was another message waiting for the same server; |
| 4497 | (b) the server returned 5xx to all RCPT commands in the first message so |
| 4498 | that the message was not completed; (c) the server dropped the connection |
| 4499 | or gave a negative response to the RSET that Exim sends to abort the |
| 4500 | transaction. The observed case was a dropped connection after DATA that had |
| 4501 | been sent in pipelining mode. That is, the server had advertised PIPELINING |
| 4502 | but was not implementing it correctly. The effect of the bug was incorrect |
| 4503 | behaviour, such as trying another host, and this could lead to a crash. |
| 4504 | |
| 4505 | |
| 4506 | Exim version 4.30 |
| 4507 | ----------------- |
| 4508 | |
| 4509 | 1. The 3rd arguments to getsockname(), getpeername(), and accept() in exim.c |
| 4510 | and daemon.c were passed as pointers to ints; they should have been |
| 4511 | pointers to socklen_t variables (which are typically unsigned ints). |
| 4512 | |
| 4513 | 2. Some signed/unsigned type warnings in the os.c file for Linux have been |
| 4514 | fixed. |
| 4515 | |
| 4516 | 3. Fixed a really odd bug that affected only the testing scheme; patching a |
| 4517 | certain fixed string in the binary changed the value of another string that |
| 4518 | happened to be identical to the end of the original first string. |
| 4519 | |
| 4520 | 4. When gethostbyname() (or equivalent) is passed an IP address as a "host |
| 4521 | name", it returns that address as the IP address. On some operating |
| 4522 | systems (e.g. Solaris), it also passes back the IP address string as the |
| 4523 | "host name". However, on others (e.g. Linux), it passes back an empty |
| 4524 | string. Exim wasn't checking for this, and was changing the host name to an |
| 4525 | empty string, assuming it had been canonicized. |
| 4526 | |
| 4527 | 5. Although rare, it is permitted to have more than one PTR record for a given |
| 4528 | IP address. I thought that gethostbyaddr() or getipnodebyaddr() always gave |
| 4529 | all the names associated with an address, because they do in Solaris. |
| 4530 | However, it seems that they do not in Linux for data that comes from the |
| 4531 | DNS. If an address in /etc/hosts has multiple names, they _are_ all given. |
| 4532 | I found this out when I moved to a new Linux workstation and tried to run |
| 4533 | the Exim test suite. |
| 4534 | |
| 4535 | To get round this problem I have changed the code so that it now does its |
| 4536 | own call to the DNS to look up PTR records when searching for a host name. |
| 4537 | If nothing can be found in the DNS, it tries gethostbyaddr(), so that |
| 4538 | addresses that are only in /etc/hosts are still found. |
| 4539 | |
| 4540 | This behaviour is, however, controlled by an option called host_lookup_ |
| 4541 | order, which defaults to "bydns:byaddr". If people want to use the other |
| 4542 | order, or indeed, just use one or the other means of lookup, they can |
| 4543 | specify it in this variable. |
| 4544 | |
| 4545 | 6. If a PTR record yields an empty name, Exim treats it as non-existent. In |
| 4546 | some operating systems, this comes back from gethostbyaddr() as an empty |
| 4547 | string, and this is what Exim used to test for. However, it seems that in |
| 4548 | other systems, "." is yielded. Exim now tests for this case too. |
| 4549 | |
| 4550 | 7. The values of check_spool_space and check_log_space are now held internally |
| 4551 | as a number of kilobytes instead of an absolute number of bytes. If a |
| 4552 | numbers is specified without 'K' or 'M', it is rounded up to the nearest |
| 4553 | kilobyte. This means that much larger values can be stored. |
| 4554 | |
| 4555 | 8. Exim monitor: an attempt to get the action menu when not actually pointing |
| 4556 | at a message produces an empty menu entitled "No message selected". This |
| 4557 | works on Solaris (OpenWindows). However, XFree86 does not like a menu with |
| 4558 | no entries in it ("Shell widget menu has zero width and/or height"). So I |
| 4559 | have added a single, blank menu entry in this case. |
| 4560 | |
| 4561 | 9. Added ${quote_local_part. |
| 4562 | |
| 4563 | 10. MIME decoding is now applied to the contents of Subject: header lines when |
| 4564 | they are logged. |
| 4565 | |
| 4566 | 11. Now that a reference to $sender_host_address automatically causes a reverse |
| 4567 | lookup to occur if necessary (4.13/18), there is no need to arrange for a |
| 4568 | host lookup before query-style lookups in lists that might use this |
| 4569 | variable. This has therefore been abolished, and the "net-" prefix is no |
| 4570 | longer necessary for query-style lookups. |
| 4571 | |
| 4572 | 12. The Makefile for SCO_SV contained a setting of LDFLAGS. This appears to |
| 4573 | have been a typo for LFLAGS, so it has been changed. |
| 4574 | |
| 4575 | 13. The install script calls Exim with "-C /dev/null" in order to find the |
| 4576 | version number. If ALT_CONFIG_PREFIX was set, this caused an error message |
| 4577 | to be output. Howeve, since Exim outputs its version number before the |
| 4578 | error, it didn't break the script. It just looked ugly. I fixed this by |
| 4579 | always allowing "-C /dev/null" if the caller is root. |
| 4580 | |
| 4581 | 14. Ignore overlarge ACL variable number when reading spool file - insurance |
| 4582 | against a later release with more variables having written the file. |
| 4583 | |
| 4584 | 15. The standard form for an IPv6 address literal was being rejected by EHLO. |
| 4585 | Example: [IPv6:2002:c1ed:8229:10:202:2dff:fe07:a42a]. Exim now accepts |
| 4586 | this, as well as the form without the "IPv6" on the front. |
| 4587 | |
| 4588 | 16. Added CHOWN_COMMAND=/usr/sbin/chown and LIBS=-lresolv to the |
| 4589 | OS/Makefile-Darwin file. |
| 4590 | |
| 4591 | 17. Fixed typo in lookups/ldap.c: D_LOOKUP should be D_lookup. This applied |
| 4592 | only to LDAP libraries that do not have LDAP_OPT_DEREF. |
| 4593 | |
| 4594 | 18. After change 4.21/52, "%ld" was used to format the contents of the $inode |
| 4595 | variable. However, some OS use ints for inodes. I've added cast to long int |
| 4596 | to get rid of the compiler warning. |
| 4597 | |
| 4598 | 19. I had forgotten to lock out "/../" in configuration file names when |
| 4599 | ALT_CONFIG_PREFIX was set. |
| 4600 | |
| 4601 | 20. Routers used for verification do not need to specify transports. However, |
| 4602 | if such a router generated a host list, and callout was configured, Exim |
| 4603 | crashed, because it could not find a port number from the (non-existent) |
| 4604 | transport. It now assumes port 25 in this circumstance. |
| 4605 | |
| 4606 | 21. Added the -t option to exigrep. |
| 4607 | |
| 4608 | 22. If LOOKUP_LSEARCH is defined, all three linear search methods (lsearch, |
| 4609 | wildlsearch, nwildlsearch) are compiled. LOOKUP_WILDLSEARCH and LOOKUP_ |
| 4610 | NWILDLSEARCH are now obsolete, but retained for compatibility. If either of |
| 4611 | them is set, LOOKUP_LSEARCH is forced. |
| 4612 | |
| 4613 | 23. "exim -bV" now outputs a list of lookups that are included in the binary. |
| 4614 | |
| 4615 | 24. Added sender and host information to the "rejected by local_scan()" log |
| 4616 | line; previously there was no indication of these. |
| 4617 | |
| 4618 | 25. Added .include_if_exists. |
| 4619 | |
| 4620 | 26. Change 3.952/11 added an explicit directory sync on top of a file sync for |
| 4621 | Linux. It turns out that not all file systems support this. Apparently some |
| 4622 | versions of NFS do not. (It's rare to put Exim's spool on NFS, but people |
| 4623 | do it.) To cope with this, the error EINVAL, which means that sync-ing is |
| 4624 | not supported on the file descriptor, is now ignored when Exim is trying to |
| 4625 | sync a directory. This applies only to Linux. |
| 4626 | |
| 4627 | 27. Added -DBIND_8_COMPAT to the CLFAGS setting for Darwin. |
| 4628 | |
| 4629 | 28. In Darwin (MacOS X), the PAM headers are in /usr/include/pam and not in |
| 4630 | /usr/include/security. There's now a flag in OS/os.h-Darwin to cope with |
| 4631 | this. |
| 4632 | |
| 4633 | 29. Added support for maildirsize files from supplied patch (modified a bit). |
| 4634 | |
| 4635 | 30. The use of :fail: followed by an empty string could lead Exim to respond to |
| 4636 | sender verification failures with (e.g.): |
| 4637 | |
| 4638 | 550 Verification failed for <xxx> |
| 4639 | 550 Sender verify failed |
| 4640 | |
| 4641 | where the first response line was missing the '-' that indicates it is not |
| 4642 | the final line of the response. |
| 4643 | |
| 4644 | 31. The loop for finding the name of the user that called Exim had a hardwired |
| 4645 | limit of 10; it now uses the value of finduser_retries, which is used for |
| 4646 | all other user lookups. |
| 4647 | |
| 4648 | 32. Added $received_count variable, available in data and not_smtp ACLs, and at |
| 4649 | delivery time. |
| 4650 | |
| 4651 | 33. Exim was neglecting to zero errno before one call of strtol() when |
| 4652 | expanding a string and expecting an integer value. On some systems this |
| 4653 | resulted in spurious "integer overflow" errors. Also, it was casting the |
| 4654 | result into an int without checking. |
| 4655 | |
| 4656 | 34. Testing for a connection timeout using "timeout_connect" in the retry rules |
| 4657 | did not work. The code looks as if it has *never* worked, though it appears |
| 4658 | to have been documented since at least releast 1.62. I have made it work. |
| 4659 | |
| 4660 | 35. The "timeout_DNS" error in retry rules, also documented since at least |
| 4661 | 1.62, also never worked. As it isn't clear exactly what this means, and |
| 4662 | clearly it isn't a major issue, I have abolished the feature by treating it |
| 4663 | as "timeout", and writing a warning to the main and panic logs. |
| 4664 | |
| 4665 | 36. The display of retry rules for -brt wasn't always showing the error code |
| 4666 | correctly. |
| 4667 | |
| 4668 | 37. Added new error conditions to retry rules: timeout_A, timeout_MX, |
| 4669 | timeout_connect_A, timeout_connect_MX. |
| 4670 | |
| 4671 | 38. Rewriting the envelope sender at SMTP time did not allow it to be rewritten |
| 4672 | to the empty sender. |
| 4673 | |
| 4674 | 39. The daemon was not analysing the content of -oX till after it had closed |
| 4675 | stderr and disconnected from the controlling terminal. This meant that any |
| 4676 | syntax errors were only noted on the panic log, and the return code from |
| 4677 | the command was 0. By re-arranging the code a little, I've made the |
| 4678 | decoding happen first, so such errors now appear on stderr, and the return |
| 4679 | code is 1. However, the actual setting up of the sockets still happens in |
| 4680 | the disconnected process, so errors there are still only recorded on the |
| 4681 | panic log. |
| 4682 | |
| 4683 | 40. A daemon listener on a wildcard IPv6 socket that also accepts IPv4 |
| 4684 | connections (as happens on some IP stacks) was logged at start up time as |
| 4685 | just listening for IPv6. It now logs "IPv6 with IPv4". This differentiates |
| 4686 | it from "IPv6 and IPv4", which means that two separate sockets are being |
| 4687 | used. |
| 4688 | |
| 4689 | 41. The debug output for gethostbyname2() or getipnodebyname() failures now |
| 4690 | says whether AF_INET or AF_INET6 was passed as an argument. |
| 4691 | |
| 4692 | 42. Exiwhat output was messed up when time zones were included in log |
| 4693 | timestamps. |
| 4694 | |
| 4695 | 43. Exiwhat now gives more information about the daemon's listening ports, |
| 4696 | and whether -tls-on-connect was used. |
| 4697 | |
| 4698 | 44. The "port" option of the smtp transport is now expanded. |
| 4699 | |
| 4700 | 45. A "message" modifier in a "warn" statement in a non-message ACL was being |
| 4701 | silently ignored. Now an error message is written to the main and panic |
| 4702 | logs. |
| 4703 | |
| 4704 | 46. There's a new ACL modifier called "logwrite" which writes to a log file |
| 4705 | as soon as it is encountered. |
| 4706 | |
| 4707 | 47. Added $local_user_uid and $local_user_gid at routing time. |
| 4708 | |
| 4709 | 48. Exim crashed when trying to verify a sender address that was being |
| 4710 | rewritten to "<>". |
| 4711 | |
| 4712 | 49. Exim was recognizing only a space character after ".include". It now also |
| 4713 | recognizes a tab character. |
| 4714 | |
| 4715 | 50. Fixed several bugs in the Perl script that creates the exim.8 man page by |
| 4716 | extracting the relevant information from the specification. The man page no |
| 4717 | longer contains scrambled data for the -d option, and I've added a section |
| 4718 | at the front about calling Exim under different names. |
| 4719 | |
| 4720 | 51. Added "extra_headers" argument to the "mail" command in filter files. |
| 4721 | |
| 4722 | 52. Redirecting mail to an unqualified address in a Sieve filter caused Exim to |
| 4723 | crash. |
| 4724 | |
| 4725 | 53. Installed eximstats 1.29. |
| 4726 | |
| 4727 | 54. Added transport_filter_timeout as a generic transport option. |
| 4728 | |
| 4729 | 55. Exim no longer adds an empty Bcc: header to messages that have no To: or |
| 4730 | Cc: header lines. This was required by RFC 822, but it not required by RFC |
| 4731 | 2822. |
| 4732 | |
| 4733 | 56. Exim used to add From:, Date:, and Message-Id: header lines to any |
| 4734 | incoming messages that did not have them. Now it does so only if the |
| 4735 | message originates locally, that is, if there is no associated remote host |
| 4736 | address. When Resent- header lines are present, this applies to the Resent- |
| 4737 | lines rather than the non-Resent- lines. |
| 4738 | |
| 4739 | 57. Drop incoming SMTP connection after too many syntax or protocol errors. The |
| 4740 | limit is controlled by smtp_max_synprot_errors, defaulting to 3. |
| 4741 | |
| 4742 | 58. Messages for configuration errors now include the name of the main |
| 4743 | configuration file - useful now that there may be more than one file in a |
| 4744 | list (.included file names were always shown). |
| 4745 | |
| 4746 | 59. Change 4.21/82 (run initgroups() when starting the daemon) causes problems |
| 4747 | for those rare installations that do not start the daemon as root or run it |
| 4748 | setuid root. I've cut out the call to initgroups() if the daemon is not |
| 4749 | root at that time. |
| 4750 | |
| 4751 | 60. The Exim user and group can now be bound into the binary as text strings |
| 4752 | that are looked up at the start of Exim's processing. |
| 4753 | |
| 4754 | 61. Applied a small patch for the Interbase code, supplied by Ard Biesheuvel. |
| 4755 | |
| 4756 | 62. Added $mailstore_basename variable. |
| 4757 | |
| 4758 | 63. Installed patch to sieve.c from Michael Haardt. |
| 4759 | |
| 4760 | 64. When Exim failed to open the panic log after failing to open the main log, |
| 4761 | the original message it was trying to log was written to stderr and debug |
| 4762 | output, but if they were not available (the usual case in production), it |
| 4763 | was lost. Now it is written to syslog before the two lines that record the |
| 4764 | failures to open the logs. |
| 4765 | |
| 4766 | 65. Users' Exim filters run in subprocesses under the user's uid. It is |
| 4767 | possible for a "deliver" command or an alias in a "personal" command to |
| 4768 | provoke an address rewrite. If logging of address rewriting is configured, |
| 4769 | this fails because the process is not running as root or exim. There may be |
| 4770 | a better way of dealing with this, but for the moment (because 4.30 needs |
| 4771 | to be released), I have disabled address rewrite logging when running a |
| 4772 | filter in a non-root, non-exim process. |
| 4773 | |
| 4774 | |
| 4775 | Exim version 4.24 |
| 4776 | ----------------- |
| 4777 | |
| 4778 | 1. The buildconfig auxiliary program wasn't quoting the value set for |
| 4779 | HEADERS_CHARSET. This caused a compilation error complaining that 'ISO' was |
| 4780 | not defined. This bug was masked in 4.22 by the effect that was fixed in |
| 4781 | change 4.23/1. |
| 4782 | |
| 4783 | 2. Some messages that were rejected after a message id was allocated were |
| 4784 | shown as "incomplete" by exigrep. It no longer does this for messages that |
| 4785 | are rejected by local_scan() or the DATA or non-SMTP ACLs. |
| 4786 | |
| 4787 | 3. If a Message-ID: header used a domain literal in the ID, and Exim did not |
| 4788 | have allow_domain_literals set, the ID did not get logged in the <= line. |
| 4789 | Domain literals are now always recognized in Message-ID: header lines. |
| 4790 | |
| 4791 | 4. The first argument for a ${extract expansion item is the key name or field |
| 4792 | number. Leading and trailing spaces in this item were not being ignored, |
| 4793 | causing some misleading effects. |
| 4794 | |
| 4795 | 5. When deliver_drop_privilege was set, single queue runner processes started |
| 4796 | manually (i.e. by the command "exim -q") or by the daemon (which uses the |
| 4797 | same command in the process it spins off) were not dropping privilege. |
| 4798 | |
| 4799 | 6. When the daemon running as "exim" started a queue runner, it always |
| 4800 | re-executed Exim in the spun-off process. This is a waste of effort when |
| 4801 | deliver_drop_privilege is set. The new process now just calls the |
| 4802 | queue-runner function directly. |
| 4803 | |
| 4804 | |
| 4805 | Exim version 4.23 |
| 4806 | ----------------- |
| 4807 | |
| 4808 | 1. Typo in the src/EDITME file: it referred to HEADERS_DECODE_TO instead of |
| 4809 | HEADERS_CHARSET. |
| 4810 | |
| 4811 | 2. Change 4.21/73 introduced a bug. The pid file path set by -oP was being |
| 4812 | ignored. Though the use of -oP was forcing the writing of a pid file, it |
| 4813 | was always written to the default place. |
| 4814 | |
| 4815 | 3. If the message "no IP address found for host xxxx" is generated during |
| 4816 | incoming verification, it is now followed by identification of the incoming |
| 4817 | connection (so you can more easily find what provoked it). |
| 4818 | |
| 4819 | 4. Bug fix for Sieve filters: "stop" inside a block was not working properly. |
| 4820 | |
| 4821 | 5. Added some features to "harden" Exim a bit more against certain attacks: |
| 4822 | |
| 4823 | (a) There is now a build-time option called FIXED_NEVER_USERS that can |
| 4824 | be put in Local/Makefile. This is like the never_users runtime option, |
| 4825 | but it cannot be overridden. The default setting is "root". |
| 4826 | |
| 4827 | (b) If ALT_CONFIG_PREFIX is defined in Local/Makefile, it specifies a |
| 4828 | prefix string with which any file named in a -C command line option |
| 4829 | must start. |
| 4830 | |
| 4831 | (c) If ALT_CONFIG_ROOT_ONLY is defined in Local/Makefile, root privilege |
| 4832 | is retained for -C and -D only if the caller of Exim is root. Without |
| 4833 | it, the exim user may also use -C and -D and retain privilege. |
| 4834 | |
| 4835 | (d) If DISABLE_D_OPTION is defined in Local/Makefile, the use of the -D |
| 4836 | command line option is disabled. |
| 4837 | |
| 4838 | 6. Macro names set by the -D option must start with an upper case letter, just |
| 4839 | like macro names defined in the configuration file. |
| 4840 | |
| 4841 | 7. Added "dereference=" facility to LDAP. |
| 4842 | |
| 4843 | 8. Two instances of the typo "uknown" in the source files are fixed. |
| 4844 | |
| 4845 | 9. If a PERL_COMMAND setting in Local/Makefile was not at the start of a line, |
| 4846 | the Configure-Makefile script screwed up while processing it. |
| 4847 | |
| 4848 | 10. Incorporated PCRE 4.4. |
| 4849 | |
| 4850 | 11. The SMTP synchronization check was not operating right at the start of an |
| 4851 | SMTP session. For example, it could not catch a HELO sent before the client |
| 4852 | waited for the greeting. There is now a check for outstanding input at the |
| 4853 | point when the greeting is written. Because of the duplex, asynchronous |
| 4854 | nature of TCP/IP, it cannot be perfect - the incorrect input may be on its |
| 4855 | way, but not yet received, when the check is performed. |
| 4856 | |
| 4857 | 12. Added tcp_nodelay to make it possible to turn of the setting of TCP_NODELAY |
| 4858 | on TCP/IP sockets, because this apparently causes some broken clients to |
| 4859 | timeout. |
| 4860 | |
| 4861 | 13. Installed revised OS/Makefile-CYGWIN and OS/os.c-cygwin (the .h file was |
| 4862 | unchanged) from the Cygwin maintainer. |
| 4863 | |
| 4864 | 14. The code for -bV that shows what is in the binary showed "mbx" when maildir |
| 4865 | was supported instead of testing for mbx. Effectively a typo. |
| 4866 | |
| 4867 | 15. The spa authenticator server code was not checking that the input it |
| 4868 | received was valid base64. |
| 4869 | |
| 4870 | 16. The debug output line for the "set" modifier in ACLs was not showing the |
| 4871 | name of the variable that was being set. |
| 4872 | |
| 4873 | 17. Code tidy: the variable type "vtype_string" was never used. Removed it. |
| 4874 | |
| 4875 | 18. Previously, a reference to $sender_host_name did not cause a DNS reverse |
| 4876 | lookup on its own. Something else was needed to trigger the lookup. For |
| 4877 | example, a match in host_lookup or the need for a host name in a host list. |
| 4878 | Now, if $sender_host_name is referenced and the host name has not yet been |
| 4879 | looked up, a lookup is performed. If the lookup fails, the variable remains |
| 4880 | empty, and $host_lookup_failed is set to "1". |
| 4881 | |
| 4882 | 19. Added "eqi" as a case-independent comparison operator. |
| 4883 | |
| 4884 | 20. The saslauthd authentication condition could segfault if neither service |
| 4885 | nor realm was specified. |
| 4886 | |
| 4887 | 21. If an overflowing value such as "2048M" was set for message_size_limit, the |
| 4888 | error message that was logged was misleading, and incoming SMTP |
| 4889 | connections were dropped. The message is now more accurate, and temporary |
| 4890 | errors are given to SMTP connections. |
| 4891 | |
| 4892 | 22. In some error situations (such as 21 above) Exim rejects all SMTP commands |
| 4893 | (except RSET) with a 421 error, until QUIT is received. However, it was |
| 4894 | failing to send a response to QUIT. |
| 4895 | |
| 4896 | 23. The HELO ACL was being run before the code for helo_try_verify_hosts, |
| 4897 | which made it impossible to use "verify = helo" in the HELO ACL. The HELO |
| 4898 | ACL is now run after the helo_try_verify_hosts code. |
| 4899 | |
| 4900 | 24. "{MD5}" and "{SHA1}" are now recognized as equivalent to "{md5"} and |
| 4901 | "{sha1}" in the "crypteq" expansion condition (in fact the comparison is |
| 4902 | case-independent, so other case variants are also recognized). Apparently |
| 4903 | some systems use these upper case variants. |
| 4904 | |
| 4905 | 25. If more than two messages were waiting for the same host, and a transport |
| 4906 | filter was specified for the transport, Exim sent two messages over the |
| 4907 | same TCP/IP connection, and then failed with "socket operation on non- |
| 4908 | socket" when it tried to send the third. |
| 4909 | |
| 4910 | 26. Added Exim::debug_write and Exim::log_write for embedded Perl use. |
| 4911 | |
| 4912 | 27. The extern definition of crypt16() in expand.c was not being excluded when |
| 4913 | the OS had its own crypt16() function. |
| 4914 | |
| 4915 | 28. Added bounce_return_body as a new option, and bounce_return_size_limit |
| 4916 | as a preferred synonym for return_size_limit, both as an option and as an |
| 4917 | expansion variable. |
| 4918 | |
| 4919 | 29. Added LIBS=-liconv to OS/Makefile-OSF1. |
| 4920 | |
| 4921 | 30. Changed the default configuration ACL to relax the local part checking rule |
| 4922 | for addresses that are not in any local domains. For these addresses, |
| 4923 | slashes and pipe symbols are allowed within local parts, but the sequence |
| 4924 | /../ is explicitly forbidden. |
| 4925 | |
| 4926 | 31. SPA server authentication was not clearing the challenge buffer before |
| 4927 | using it. |
| 4928 | |
| 4929 | 32. log_message in a "warn" ACL statement was writing to the reject log as |
| 4930 | well as to the main log, which contradicts the documentation and doesn't |
| 4931 | seem right (because no rejection is happening). So I have stopped it. |
| 4932 | |
| 4933 | 33. Added Ard Biesheuvel's lookup code for accessing an Interbase database. |
| 4934 | However, I am unable to do any testing of this. |
| 4935 | |
| 4936 | 34. Fixed an infelicity in the appendfile transport. When checking directories |
| 4937 | for a mailbox, to see if any needed to be created, it was accidentally |
| 4938 | using path names with one or more superfluous leading slashes; tracing |
| 4939 | would show up entries such as stat("///home/ph10", 0xFFBEEA48). |
| 4940 | |
| 4941 | 35. If log_message is set on a "discard" verb in a MAIL or RCPT ACL, its |
| 4942 | contents are added to the log line that is written for every discarded |
| 4943 | recipient. (Previously a log_message setting was ignored.) |
| 4944 | |
| 4945 | 36. The ${quote: operator now quotes the string if it is empty. |
| 4946 | |
| 4947 | 37. The install script runs exim in order to find its version number. If for |
| 4948 | some reason other than non-existence or emptiness, which it checks, it |
| 4949 | could not run './exim', it was installing it with an empty version number, |
| 4950 | i.e. as "exim-". This error state is now caught, and the installation is |
| 4951 | aborted. |
| 4952 | |
| 4953 | 38. An argument was missing from the function that creates an error message |
| 4954 | when Exim fails to connect to the socket for saslauthd authentication. |
| 4955 | This could cause Exim to crash, or give a corrupted message. |
| 4956 | |
| 4957 | 39. Added isip, isip4, and isip6 to ${if conditions. |
| 4958 | |
| 4959 | 40. The ACL variables $acl_xx are now saved with the message, and can be |
| 4960 | accessed later in routers, transports, and filters. |
| 4961 | |
| 4962 | 41. The new lookup type nwildlsearch is like wildlsearch, except that the key |
| 4963 | strings in the file are not string-expanded. |
| 4964 | |
| 4965 | 42. If a MAIL command specified a SIZE value that was too large to fit into an |
| 4966 | int variable, the check against message_size_limit failed. Such values are |
| 4967 | now forced to INT_MAX, which is around 2Gb for a 32-bit variable. Maybe one |
| 4968 | day this will have to be increased, but I don't think I want to be around |
| 4969 | when emails are that large. |
| 4970 | |
| 4971 | |
| 4972 | |
| 4973 | Exim version 4.22 |
| 4974 | ----------------- |
| 4975 | |
| 4976 | 1. Removed HAVE_ICONV=yes from OS/Makefile-FreeBSD, since it seems that |
| 4977 | iconv() is not standard in FreeBSD. |
| 4978 | |
| 4979 | 2. Change 4.21/17 was buggy and could cause stack overwriting on a system with |
| 4980 | IPv6 enabled. The observed symptom was a segmentation fault on return from |
| 4981 | the function os_common_find_running_interfaces() in src/os.c. |
| 4982 | |
| 4983 | 3. In the check_special_case() function in daemon.c I had used "errno" as an |
| 4984 | argument name, which causes warnings on some systems. This was basically a |
| 4985 | typo, since it was named "eno" in the comments! |
| 4986 | |
| 4987 | 4. The code that waits for the clock to tick (at a resolution of some fraction |
| 4988 | of a second) so as to ensure message-id uniqueness was always waiting for |
| 4989 | at least one whole tick, when it could have waited for less. [This is |
| 4990 | almost certainly not relevant at current processor speeds, where it is |
| 4991 | unlikely to ever wait at all. But we try to future-proof.] |
| 4992 | |
| 4993 | 5. The function that sleeps for a time interval that includes fractions of a |
| 4994 | second contained a race. It did not block SIGALRM between setting the |
| 4995 | timer, and suspending (a couple of lines later). If the interval was short |
| 4996 | and the sigsuspend() was delayed until after it had expired, the suspension |
| 4997 | never ended. On busy systems this could lead to processes getting stuck for |
| 4998 | ever. |
| 4999 | |
| 5000 | 6. Some uncommon configurations may cause a lookup to happen in a queue runner |
| 5001 | process, before it forks any delivery processes. The open lookup caching |
| 5002 | mechanism meant that the open file or database connection was passed into |
| 5003 | the delivery process. The problem was that delivery processes always tidy |
| 5004 | up cached lookup data. This could cause a problem for the next delivery |
| 5005 | process started by the queue runner, because the external queue runner |
| 5006 | process does not know about the closure. So the next delivery process |
| 5007 | still has data in the lookup cache. In the case of a file lookup, there was |
| 5008 | no problem because closing a file descriptor in a subprocess doesn't affect |
| 5009 | the parent. However, if the lookup was caching a connection to a database, |
| 5010 | the connection was closed, and the second delivery process was likely to |
| 5011 | see errors such as "PGSQL: query failed: server closed the connection |
| 5012 | unexpectedly". The problem has been fixed by closing all cached lookups |
| 5013 | in a queue runner before running a delivery process. |
| 5014 | |
| 5015 | 7. Compiler warning on Linux for the second argument of iconv(), which doesn't |
| 5016 | seem to have the "const" qualifier which it has on other OS. I've |
| 5017 | parameterised it. |
| 5018 | |
| 5019 | 8. Change 4.21/2 was too strict. It is only if there are two authenticators |
| 5020 | *of the same type* (client or server) with the same public name that an |
| 5021 | error should be diagnosed. |
| 5022 | |
| 5023 | 9. When Exim looked up a host name for an IP address, but failed to find the |
| 5024 | original IP address when looking up the host name (a safety check), it |
| 5025 | output the message "<ip address> does not match any IP for NULL", which was |
| 5026 | confusing, to say the least. The bug was that the host name should have |
| 5027 | appeared instead of "NULL". |
| 5028 | |
| 5029 | 10. Since release 3.03, if Exim is called by a uid other than root or the Exim |
| 5030 | user that is built into the binary, and the -C or -D options is used, root |
| 5031 | privilege is dropped before the configuration file is read. In addition, |
| 5032 | logging is switched to stderr instead of the normal log files. If the |
| 5033 | configuration then re-defines the Exim user, the unprivileged environment |
| 5034 | is probably not what is expected, so Exim logs a panic warning message (but |
| 5035 | proceeds). |
| 5036 | |
| 5037 | However, if deliver_drop_privilege is set, the unprivileged state may well |
| 5038 | be exactly what is intended, so the warning has been cut out in that case, |
| 5039 | and Exim is allowed to try to write to its normal log files. |
| 5040 | |
| 5041 | |
| 5042 | Exim version 4.21 |
| 5043 | ----------------- |
| 5044 | |
| 5045 | 1. smtp_return_error_details was not giving details for temporary sender |
| 5046 | or receiver verification errors. |
| 5047 | |
| 5048 | 2. Diagnose a configuration error if two authenticators have the same public |
| 5049 | name. |
| 5050 | |
| 5051 | 3. Exim used not to create the message log file for a message until the first |
| 5052 | delivery attempt. This could be confusing when incoming messages were held |
| 5053 | for policy or load reasons. The message log file is now created at the time |
| 5054 | the message is received, and an initial "Received" line is written to it. |
| 5055 | |
| 5056 | 4. The automatically generated man page for command line options had a minor |
| 5057 | bug that caused no ill effects; however, a more serious problem was that |
| 5058 | the procedure for building the man page automatically didn't always |
| 5059 | operate. Consequently, release 4.20 contains an out-of-date version. This |
| 5060 | shouldn't happen again. |
| 5061 | |
| 5062 | 5. When building Exim with embedded Perl support, the script that builds the |
| 5063 | Makefile was calling 'perl' to find its compile-time parameters, ignoring |
| 5064 | any setting of PERL_COMMAND in Local/Makefile. This is now fixed. |
| 5065 | |
| 5066 | 6. The freeze_tell option was not being used for messages that were frozen on |
| 5067 | arrival, either by an ACL or by local_scan(). |
| 5068 | |
| 5069 | 7. Added the smtp_incomplete_transaction log selector. |
| 5070 | |
| 5071 | 8. After STARTTLS, Exim was not forgetting that it had advertised AUTH, so it |
| 5072 | was accepting AUTH without a new EHLO. |
| 5073 | |
| 5074 | 9. Added tls_remember_esmtp to cope with YAEB. This allows AUTH and other |
| 5075 | ESMTP extensions after STARTTLS without a new EHLO, in contravention of the |
| 5076 | RFC. |
| 5077 | |
| 5078 | 10. Logging of TCP/IP connections (when configured) now happens in the main |
| 5079 | daemon process instead of the child process, so that the TCP/IP connection |
| 5080 | count is more accurate (but it can never be perfect). |
| 5081 | |
| 5082 | 11. The use of "drop" in a nested ACL was not being handled correctly in the |
| 5083 | outer ACL. Now, if condition failure induced by the nested "drop" causes |
| 5084 | the outer ACL verb to deny access ("accept" or "discard" after "endpass", |
| 5085 | or "require"), the connection is dropped. |
| 5086 | |
| 5087 | 12. Similarly, "discard" in a nested ACL wasn't being handled. A nested ACL |
| 5088 | that yield "discard" can now be used with an "accept" or a "discard" verb, |
| 5089 | but an error is generated for any others (because I can't see a useful way |
| 5090 | to define what should happen). |
| 5091 | |
| 5092 | 13. When an ACL is read dynamically from a file (or anywhere else), the lines |
| 5093 | are now processed in the same way as lines in the Exim configuration file. |
| 5094 | In particular, continuation lines are supported. |
| 5095 | |
| 5096 | 14. Added the "dnslists = a.b.c!=n.n.n.n" feature. |
| 5097 | |
| 5098 | 15. Added -ti meaning -t -i. |
| 5099 | |
| 5100 | 16. Check for letters, digits, hyphens, and dots in the names of dnslist |
| 5101 | domains, and warn by logging if others are found. |
| 5102 | |
| 5103 | 17. At least on BSD, alignment is not guarenteed for the array of ifreq's |
| 5104 | returned from GIFCONF when Exim is trying to find the list of interfaces on |
| 5105 | a host. The code in os.c has been modified to copy each ifreq to an aligned |
| 5106 | structure in all cases. |
| 5107 | |
| 5108 | Also, in some cases, the returned ifreq's were being copied to a 'struct |
| 5109 | ifreq' on the stack, which was subsequently passed to host_ntoa(). That |
| 5110 | means the last couple of bytes of an IPv6 address could be chopped if the |
| 5111 | ifreq contained only a normal sockaddr (14 bytes storage). |
| 5112 | |
| 5113 | 18. Named domain lists were not supported in the hosts_treat_as_local option. |
| 5114 | An entry such as +xxxx was not recognized, and was treated as a literal |
| 5115 | domain name. |
| 5116 | |
| 5117 | 19. Ensure that header lines added by a DATA ACL are included in the reject log |
| 5118 | if the ACL subsequently rejects the message. |
| 5119 | |
| 5120 | 20. Upgrade the cramtest.pl utility script to use Digest::MD5 instead of just |
| 5121 | MD5 (which is deprecated). |
| 5122 | |
| 5123 | 21. When testing a filter file using -bf, Exim was writing a message when it |
| 5124 | took the sender from a "From " line in the message, but it was not doing so |
| 5125 | when it took $return_path from a Return-Path: header line. It now does. |
| 5126 | |
| 5127 | 22. If the contents of a "message" modifier for a "warn" ACL verb do not begin |
| 5128 | with a valid header line field name (a series of printing characters |
| 5129 | terminated by a colon, Exim now inserts X-ACL-Warn: at the beginning. |
| 5130 | |
| 5131 | 23. Changed "disc" in the source to "disk" to conform to the documentation and |
| 5132 | the book and for uniformity. |
| 5133 | |
| 5134 | 24. Ignore Sendmail's -Ooption=value command line item. |
| 5135 | |
| 5136 | 25. When execve() failed while trying to run a command in a pipe transport, |
| 5137 | Exim was returning EX_UNAVAILBLE (69) from the subprocess. However, this |
| 5138 | could be confused with a return value of 69 from the command itself. This |
| 5139 | has been changed to 127, the value the shell returns if it is asked to run |
| 5140 | a non-existent command. The wording for the related log line suggests a |
| 5141 | non-existent command as the problem. |
| 5142 | |
| 5143 | 26. If received_header_text expands to an empty string, do not add a Received: |
| 5144 | header line to the message. (Well, it adds a token one on the spool, but |
| 5145 | marks it "old" so that it doesn't get used or transmitted.) |
| 5146 | |
| 5147 | 27. Installed eximstats 1.28 (addition of -nt option). |
| 5148 | |
| 5149 | 28. There was no check for failure on the call to getsockname() in the daemon |
| 5150 | code. This can fail if there is a shortage of resources on the system, with |
| 5151 | ENOMEM, for example. A temporary error is now given on failure. |
| 5152 | |
| 5153 | 29. Contrary to the C standard, it seems that in some environments, the |
| 5154 | equivalent of setlocale(LC_ALL, "C") is not obeyed at the start of a C |
| 5155 | program. Exim now does this explicitly; it affects the formatting of |
| 5156 | timestamps using strftime(). |
| 5157 | |
| 5158 | 30. If exiqsumm was given junk data, it threw up some uninitialized variable |
| 5159 | complaints. I've now initialized all the variables, to avoid this. |
| 5160 | |
| 5161 | 32. Header lines added by a system filter were not being "seen" during |
| 5162 | transport-time rewrites. |
| 5163 | |
| 5164 | 33. The info_callback() function passed to OpenSSL is set up with type void |
| 5165 | (*)(SSL *, int, int), as described somewhere. However, when calling the |
| 5166 | function (actually a macro) that sets it up, the type void(*)() is |
| 5167 | expected. I've put in a cast to prevent warnings from picky compilers. |
| 5168 | |
| 5169 | 34. If a DNS black list lookup found a CNAME record, but there were no A |
| 5170 | records associated with the domain it pointed at, Exim crashed. |
| 5171 | |
| 5172 | 35. If a DNS black list lookup returned more than one A record, Exim ignored |
| 5173 | all but the first. It now scans all returned addresses if a particular IP |
| 5174 | value is being sought. In this situation, the contents of the |
| 5175 | $dnslist_value variable are a list of all the addresses, separated by a |
| 5176 | comma and a space. |
| 5177 | |
| 5178 | 36. Tightened up the rules for host name lookups using reverse DNS. Exim used |
| 5179 | to accept a host name and all its aliases if the forward lookup for any of |
| 5180 | them yielded the IP address of the incoming connection. Now it accepts only |
| 5181 | those names whose forward lookup yields the correct IP address. Any other |
| 5182 | names are discarded. This closes a loophole whereby a rogue DNS |
| 5183 | administrator could create reverse DNS records to break through a |
| 5184 | wildcarded host restriction in an ACL. |
| 5185 | |
| 5186 | 37. If a user filter or a system filter that ran in a subprocess used any of |
| 5187 | the numerical variables ($1, $2 etc), or $thisaddress, in a pipe command, |
| 5188 | the wrong values were passed to the pipe command ($thisaddress had the |
| 5189 | value of $0, $0 had the value of $1, etc). This bug was introduced by |
| 5190 | change 4.11/101, and not discovered because I wrote an inadequate test. :-( |
| 5191 | |
| 5192 | 38. Improved the line breaking for long SMTP error messages from ACLs. |
| 5193 | Previously, if there was no break point between 40 and 75 characters, Exim |
| 5194 | left the rest of the message alone. Two changes have been made: (a) I've |
| 5195 | reduced the minimum length to 35 characters; (b) if it can't find a break |
| 5196 | point between 35 and 75 characters, it looks ahead and uses the first one |
| 5197 | that it finds. This may give the occasional overlong line, but at least the |
| 5198 | remaining text gets split now. |
| 5199 | |
| 5200 | 39. Change 82 of 4.11 was unimaginative. It assumed the limit on the number of |
| 5201 | file descriptors might be low, and that setting 1000 would always raise it. |
| 5202 | It turns out that in some environments, the limit is already over 1000 and |
| 5203 | that lowering it causes trouble. So now Exim takes care not to decrease it. |
| 5204 | |
| 5205 | 40. When delivering a message, the value of $return_path is set to $sender_ |
| 5206 | address at the start of routing (routers may change the value). By an |
| 5207 | oversight, this default was not being set up when an address was tested by |
| 5208 | -bt or -bv, which affected the outcome if any router or filter referred to |
| 5209 | $return_path. |
| 5210 | |
| 5211 | 41. The idea of the "warn" ACL verb is that it adds a header or writes to the |
| 5212 | log only when "message" or "log_message" are set. However, if one of the |
| 5213 | conditions was an address verification, or a call to a nested ACL, the |
| 5214 | messages generated by the underlying test were being passed through. This |
| 5215 | no longer happens. The underlying message is available in $acl_verify_ |
| 5216 | message for both "message" and "log_message" expansions, so it can be |
| 5217 | passed through if needed. |
| 5218 | |
| 5219 | 42. Added RFC 2047 interpretation of header lines for $h_ expansions, with a |
| 5220 | new expansion $bh_ to give the encoded byte string without charset |
| 5221 | translation. Translation happens only if iconv() is available; HAVE_ICONV |
| 5222 | indicates this at build time. HEADERS_CHARSET gives the charset to |
| 5223 | translate to; headers_charset can change it in the configuration, and |
| 5224 | "headers charset" can change it in an individual filter file. |
| 5225 | |
| 5226 | 43. Now that we have a default RFC 2047 charset (see above), the code in Exim |
| 5227 | that creates RFC 2047 encoded "words" labels them as that charset instead |
| 5228 | of always using iso-8859-1. The cases are (i) the explicit ${rfc2047: |
| 5229 | expansion operator; (ii) when Exim creates a From: line for a local |
| 5230 | message; (iii) when a header line is rewritten to include a "phrase" part. |
| 5231 | |
| 5232 | 44. Nasty bug in exiqsumm: the regex to skip already-delivered addresses was |
| 5233 | buggy, causing it to skip the first lines of messages whose message ID |
| 5234 | ended in 'D'. This would not have bitten before Exim release 4.14, because |
| 5235 | message IDs were unlikely to end in 'D' before then. The effect was to have |
| 5236 | incorrect size information for certain domains. |
| 5237 | |
| 5238 | 45. #include "config.h" was missing at the start of the crypt16.c module. This |
| 5239 | caused trouble on Tru64 (aka OSF1) systems, because HAVE_CRYPT16 was not |
| 5240 | noticed. |
| 5241 | |
| 5242 | 46. If there was a timeout during a "random" callout check, Exim treated it as |
| 5243 | a failure of the random address, and carried on sending RSET and the real |
| 5244 | address. If the delay was just some slowness somewhere, the response to the |
| 5245 | original RCPT would be taken as a response to RSET and so on, causing |
| 5246 | mayhem of various kinds. |
| 5247 | |
| 5248 | 47. Change 50 for 4.20 was a heap of junk. I don't know what I was thinking |
| 5249 | when I implemented it. It didn't allow for the fact that some option values |
| 5250 | may legitimatetly be negative (e.g. size_addition), and it didn't even do |
| 5251 | the right test for positive values. |
| 5252 | |
| 5253 | 48. Domain names in DNS records are case-independent. Exim always looks them up |
| 5254 | in lower case. Some resolvers return domain names in exactly the case they |
| 5255 | appear in the zone file, that is, they may contain uppercase letters. Not |
| 5256 | all resolvers do this - some return always lower case. Exim was treating a |
| 5257 | change of case by a resolver as a change of domain, similar to a widening |
| 5258 | of a domain abbreviation. This triggered its re-routing code and so it was |
| 5259 | trying to route what was effectively the same domain again. This normally |
| 5260 | caused routing to fail (because the router wouldn't handle the domain |
| 5261 | twice). Now Exim checks for this case specially, and just changes the |
| 5262 | casing of the domain that it ultimately uses when it transmits the message |
| 5263 | envelope. |
| 5264 | |
| 5265 | 49. Added Sieve (RFC 3028) support, courtesy of Michael Haardt's contributed |
| 5266 | module. |
| 5267 | |
| 5268 | 50. If a filter generated a file delivery with a non-absolute name (possible if |
| 5269 | no home directory exists for the router), the forbid_file option was not |
| 5270 | forbidding it. |
| 5271 | |
| 5272 | 51. Added '&' feature to dnslists, to provide bit mask matching in addition to |
| 5273 | the existing equality matching. |
| 5274 | |
| 5275 | 52. Exim was using ints instead of ino_t variables in some places where it was |
| 5276 | dealing with inode numbers. |
| 5277 | |
| 5278 | 53. If TMPDIR is defined in Local/Makefile (default in src/EDITME is |
| 5279 | TMPDIR="/tmp"), Exim checks for the presence of an environment variable |
| 5280 | called TMPDIR, and if it finds it is different, it changes its value. |
| 5281 | |
| 5282 | 54. The smtp_printf() function is now made available to local_scan() so |
| 5283 | additional output lines can be written before returning. There is also an |
| 5284 | smtp_fflush() function to enable the detection of a dropped connection. |
| 5285 | The variables smtp_input and smtp_batched_input are exported to |
| 5286 | local_scan(). |
| 5287 | |
| 5288 | 55. Changed the default runtime configuration: the message "Unknown user" |
| 5289 | has been removed from the ACL, and instead placed on the localuser router, |
| 5290 | using the cannot_route_message feature. This means that any verification |
| 5291 | failures that generate their own messages won't get overridden. Similarly, |
| 5292 | the "Unrouteable address" message that was in the ACL for unverifiable |
| 5293 | relay addresses has also been removed. |
| 5294 | |
| 5295 | 56. Added hosts_avoid_esmtp to the smtp transport. |
| 5296 | |
| 5297 | 57. The exicyclog script was not checking for the esoteric option |
| 5298 | CONFIGURE_FILE_USE_EUID in the Local/Makefile. It now does this, but it |
| 5299 | will work only if exicyclog is run under the appropriate euid. |
| 5300 | |
| 5301 | 58. Following a discussion on the list, the rules by which Exim recognises line |
| 5302 | endings on incoming messages have been changed. The -dropcr and drop_cr |
| 5303 | options are now no-ops, retained only for backwards compatibility. The |
| 5304 | following line terminators are recognized: LF CRLF CR. However, special |
| 5305 | processing applies to CR: |
| 5306 | |
| 5307 | (i) The sequence CR . CR does *not* terminate an incoming SMTP message, |
| 5308 | nor a local message in the state where . is a terminator. |
| 5309 | |
| 5310 | (ii) If a bare CR is encountered in a header line, an extra space is added |
| 5311 | after the line terminator so as not to end the header. The reasoning |
| 5312 | behind this is that bare CRs in header lines are most likely either |
| 5313 | to be mistakes, or people trying to play silly games. |
| 5314 | |
| 5315 | 59. The size of a message, as listed by "-bp" or in the Exim monitor window, |
| 5316 | was being incorrectly given as 18 bytes larger than it should have been. |
| 5317 | This is a VOB (very old bug). |
| 5318 | |
| 5319 | 60. This may never have affected anything current, but just in case it has: |
| 5320 | When the local host is found other than at the start of a list of hosts, |
| 5321 | the local host, those with the same MX, and any that follow, are discarded. |
| 5322 | When the list in question was part of a longer list of hosts, the following |
| 5323 | hosts (not currently being processed) were also being discarded. This no |
| 5324 | longer happens. I'm not sure if this situation could ever has previously |
| 5325 | arisen. |
| 5326 | |
| 5327 | 61. Added the "/MX" feature to lists of hosts in the manualroute and query |
| 5328 | program routers. |
| 5329 | |
| 5330 | 62. Whenever Exim generates a new message, it now adds an Auto-Submitted: |
| 5331 | header. This is something that is recommended in a new Internet Draft, and |
| 5332 | is something that is documented as being done by Sendmail. There are two |
| 5333 | possible values. For messages generated by the autoreply transport, Exim |
| 5334 | adds: |
| 5335 | |
| 5336 | Auto-Submitted: auto-replied |
| 5337 | |
| 5338 | whereas for all other generated messages (e.g. bounces) it adds |
| 5339 | |
| 5340 | Auto-Submitted: auto-generated |
| 5341 | |
| 5342 | 63. The "personal" condition in filters now includes a test for the |
| 5343 | Auto-Submitted: header. If it contains the string "auto-" the message it |
| 5344 | not considered personal. |
| 5345 | |
| 5346 | 64. Added rcpt_include_affixes as a generic transport option. |
| 5347 | |
| 5348 | 65. Added queue_only_override (default true). |
| 5349 | |
| 5350 | 66. Added the syslog_duplication option. |
| 5351 | |
| 5352 | 67. If what should have been the first header line of a message consisted of |
| 5353 | a space followed by a colon, Exim was mis-interpreting it as a header line. |
| 5354 | It isn't of course - it is syntactically invalid and should therefore be |
| 5355 | treated as the start of the message body. The misbehaviour could have |
| 5356 | caused a number of strange effects, including loss of data in subsequent |
| 5357 | header lines, and spool format errors. |
| 5358 | |
| 5359 | 68. Formerly, the AUTH parameter on a MAIL command was trusted only if the |
| 5360 | client host had authenticated. This control can now be exercised by an ACL |
| 5361 | for more flexibility. |
| 5362 | |
| 5363 | 69. By default, callouts do not happen when testing with -bh. There is now a |
| 5364 | variant, -bhc, which does actually run the callout code, including |
| 5365 | consulting and updating the callout cache. |
| 5366 | |
| 5367 | 70. Added support for saslauthd authentication, courtesy of Alexander |
| 5368 | Sabourenkov. |
| 5369 | |
| 5370 | 71. If statvfs() failed on the spool or log directories while checking their |
| 5371 | size for availability, Exim confusingly gave the error "space shortage". |
| 5372 | Furthermore, in debugging mode it crashed with a floating point exception. |
| 5373 | These checks are done if check_{spool,log}_{space,inodes} are set, and when |
| 5374 | an SMTP message arrives with SIZE= on the MAIL command. As this is a really |
| 5375 | serious problem, Exim now writes to the main and panic logs when this |
| 5376 | happens, with details of the failure. It then refuses to accept the |
| 5377 | incoming message, giving the message "spool directory problem" or "log |
| 5378 | directory problem" with a 421 code for SMTP messages. |
| 5379 | |
| 5380 | 72. When Exim is about to re-exec itself, it ensures that the file descriptors |
| 5381 | 0, 1, and 2 exist, because some OS complain for execs without them (see |
| 5382 | ChangeLog 4.05/30). If necessary, Exim opens /dev/null to use for these |
| 5383 | descriptors. However, the code omitted to check that the open succeeded, |
| 5384 | causing mysterious errors if for some reason the permissions on /dev/null |
| 5385 | got screwed. Now Exim writes a message to the main and panic logs, and |
| 5386 | bombs out if it can't open /dev/null. |
| 5387 | |
| 5388 | 73. Re-vamped the way daemon_smtp_port, local_interfaces, and -oX work and |
| 5389 | interact so that it is all more flexible. It is supposed to remain |
| 5390 | backwards compatible. Also added extra_local_interfaces. |
| 5391 | |
| 5392 | 74. Invalid data sent to a SPA (NTLM) server authenticator could cause the code |
| 5393 | to bomb out with an assertion failure - to the client this appears as a |
| 5394 | connection drop. This problem occurs in the part of the code that was taken |
| 5395 | from the Samba project. Fortunately, the assertion is in a very simple |
| 5396 | function, so I have fixed this by reproducing the function inline in the |
| 5397 | one place where it is called, and arranging for authentication to fail |
| 5398 | instead of killing the process with assert(). |
| 5399 | |
| 5400 | 75. The SPA client code was not working when the server requested OEM rather |
| 5401 | than Unicode encoding. |
| 5402 | |
| 5403 | 76. Added code to make require_files with a specific uid setting more usable in |
| 5404 | the case where statting the file as root fails - usually a non-root-mounted |
| 5405 | NFS file system. When this happens and the failure is EACCES, Exim now |
| 5406 | forks a subprocess and does the per-uid checking as the relevant uid. |
| 5407 | |
| 5408 | 77. Added process_log_path. |
| 5409 | |
| 5410 | 78. If log_file_path was not explicitly set, a setting of check_log_space or |
| 5411 | check_log_inodes was ignored. |
| 5412 | |
| 5413 | 79. If a space check for the spool or log partitions fails, the incident is now |
| 5414 | logged. Of course, in the latter case the data may get lost... |
| 5415 | |
| 5416 | 80. Added the %p formatting code to string_format() so that it can be used to |
| 5417 | print addresses in debug_print(). Adjusted all the address printing in the |
| 5418 | debugging in store.c to use %p rather than %d. |
| 5419 | |
| 5420 | 81. There was a concern that a line of code in smtp_in.c could overflow a |
| 5421 | buffer if a HELO/EHLO command was given followed by 500 or so spaces. As |
| 5422 | initially expressed, the concern was not well-founded, because trailing |
| 5423 | spaces are removed early. However, if the trailing spaces were followed by |
| 5424 | a NULL, they did not get removed, so the overflow was possible. Two fixes |
| 5425 | were applied: |
| 5426 | |
| 5427 | (a) I re-wrote the offending code in a cleaner fashion. |
| 5428 | (b) If an incoming SMTP command contains a NULL character, it is rejected |
| 5429 | as invalid. |
| 5430 | |
| 5431 | 82. When Exim changes uid/gid to the Exim user at daemon start time, it now |
| 5432 | runs initgroups(), so that if the Exim user is in any additional groups, |
| 5433 | they will be used during message reception. |
| 5434 | |
| 5435 | |
| 5436 | Exim version 4.20 |
| 5437 | ----------------- |
| 5438 | |
| 5439 | The change log for 4.20 and earlier releases has been archived. |
| 5440 | |
| 5441 | **** |