Move DSN support to mainline
[exim.git] / doc / doc-txt / ChangeLog.0
... / ...
CommitLineData
1Change log file for Exim from version 3.951 to 4.20
2---------------------------------------------------
3
4
5Exim version 4.20
6-----------------
7
8 1. If data for an authentication interaction was just the string "=",
9 indicating an empty string, Exim was not setting up the numerical variable
10 correctly. In some situations, this could cause a crash - in others, it
11 might have passed unnoticed.
12
13 2. Changed signal(SIGTERM, command_sigterm_handler) in smtp_in.c to use
14 os_non_restarting_signal() for tidiness; in practice this doesn't actually
15 matter because the handler terminates the process.
16
17 3. Refactoring:
18
19 (a) In some (but not all) places where Exim applies timers using alarm(),
20 it was resetting the SIGALRM handler afterwards, but sometimes to
21 SIG_IGN and sometimes to SIG_DFL. In other words, it was a mess. In
22 fact, this reset is not necessary, because after alarm(0) there is no
23 possibility of receiving a SIGLARM signal. So I've just removed them
24 all.
25
26 (b) The daemon.c module had its own SIGALRM handler, which was unnecessary.
27 I changed it to use the handler that is used (almost) everywhere else.
28
29 (c) Almost all uses of SIGALRM use the same handler, but it was being set
30 by signal() all over the place. Now it is set at the start, and it
31 resets itself every time it is called, so it remains enabled
32 throughout. The few places that use a different handler reset to the
33 "standard" one afterwards.
34
35 (d) The setting of the SIGTERM handler while reading SMTP commands was done
36 somwhat untidily. I have re-arranged the code.
37
38 4. If the building process was interrupted during the MakeLinks script, a
39 subsequent run of 'make' gave misleading errors. I've made it a bit more
40 robust against this case. If there appears to be a half-made set of links,
41 an error message suggests that the user should remove the build directory
42 and start again.
43
44 5. For compatibility with other MTAs, -f "" is now accepted as synonymous with
45 -f "<>".
46
47 6. Upgraded to PCRE 4.1.
48
49 7. If a domain list contained @mx_any, or @mx_secondary, and the DNS contained
50 secondary MX records for a domain, but all the other MX (higher priority)
51 records pointed to non-existent hosts, Exim was behaving as if the domain
52 did not match the list item. This has been fixed.
53
54 8. Upgraded eximstats to 1.27.
55
56 9. It was reported that change 4.14/46(b) caused problems on some systems with
57 older libraries. There is now an option that can be set in Local/Makefile
58 (or in a operating system Makefile):
59
60 IPV6_USE_INET_PTON=yes
61
62 If this is done, Exim reverts to using inet_pton() to convert a textual
63 IPv6 address for actual use, instead of getaddrinfo(), as it did in
64 versions before 4.14. Of course, this means that the additional
65 functionality of getaddrinfo() - recognizing scoped addresses - is lost.
66
6710. Update for PostgreSQL to match 4.14/14: after an insert, delete, or update
68 command, the result is the number of rows affected.
69
7011. If smtp_banner expanded to an empty string, no greeting line was sent, thus
71 causing the client to time out. An empty 220 response is now sent.
72
7312. An empty argument was logged as a null string by the "arguments" log
74 selector. Now empty strings and arguments that contain whitespace are
75 surrounded by quotes.
76
7713. The "arguments" log selector now also logs the current working directory
78 when Exim is called.
79
8014. Added a couple more debugging calls to tls-openssl.
81
8215. Changed the name of the global variable ldap_version because some LDAP
83 library uses the same name, which causes a clash. It's now called
84 eldap_version. While I was at it, I changed the other two global variables,
85 ldap_default_servers and ldap_dn.
86
8716. If an address that is verified in an ACL is redirected to a single address,
88 Exim verifies the child (this is not new). However, the value of $address_
89 data that was being returned was the value from the parent. It is now the
90 value from the child.
91
9217. Re-arranged the code for rda_is_filter() to make it easier to add other
93 filter types in future.
94
9518. Removed the filter test function from filter.c and put it into its own
96 source file, again to make things easier for multiple filter types.
97
9819. To help those people who are maintaining a patch for dynamically loaded
99 local_scan() functions, I have added
100
101 #define LOCAL_SCAN_ABI_VERSION_MAJOR 1
102 #define LOCAL_SCAN_ABI_VERSION_MINOR 0
103
104 to the local_scan.h file.
105
10620. The variables $tls_certificate_verified, $tls_cipher, and $tls_peerdn now
107 exist even when Exim is not compiled with TLS support.
108
10921. If an empty user name was sent by a client for a LOGIN authentication, it
110 was not put into $1; instead, the password ended up in $1 (instead of in
111 $2).
112
11322. When creating a temporary file in the appendfile transport for a per-file
114 delivery not in maildir or mailstore format (that is, in the old Smail
115 format - I wonder if anyone uses this?), Exim was opening the file without
116 O_EXCL, which is a bit unsafe.
117
11823. The output from the ${stat: expansion operator was being formatted using %d
119 which expects an integer; in many (most) systems size_t is off_t, which
120 is actually a long or even a longlong, and in some cases this caused
121 incorrect data to be output. The formatting is now done using %ld, with the
122 values all explicitly cast to (long).
123
12424. Callout caching was failing to cache a negative response to a "random"
125 address check.
126
12725. If a daemon was started with -qsomething and not -bd, and deliver_drop_
128 privilege was set, and a pid file was specified with -oP, and the pid file
129 did not previously exist, it was created with owner exim instead of owner
130 root.
131
13226. verify=sender was not being allowed in a non-SMTP ACL.
133
13427. Under some error conditions, the socket used for ident calls could be left
135 open.
136
13728. Added acl_smtp_helo, because some people seem to want it.
138
13929. For hosts that match helo_verify_hosts, the error given when a MAIL command
140 is received without HELO or EHLO has been changed from 550 to 503 (which
141 means "bad sequence of commands").
142
14330. Installed PCRE 4.2.
144
14531. The quota_size_regex option for the appendfile transport was broken in that
146 a terminating zero was omitted from the string that was extracted for the
147 size. If it happened that digits followed in the memory to which it was
148 copied, an incorrect (too large) size was then used.
149
15032. Change 4.14/32 (iv) introduced a bug in the case when the "phrase" part of
151 a rewritten address did *not* contain any special characters. The
152 generated address was mangled.
153
15433. Several items of refactoring from Michael Haardt:
155
156 . Introduction of "const" in a number of places
157 . Use memcpy() instead of strncpy() in string_cat()
158 . Add HAVE_ICONV to Linux file, for external users (Exim doesn't use it)
159 [Later: From 4.21, Exim *does* use it.]
160 . Preparation for adding additional types of filter file
161
16234. Changed (incompatibly, but hopefully not so it affects anyone) the
163 appendfile transport in the case when it is called directly as a result of
164 a .forward or a filter file requesting a delivery to a file. Previously,
165 any settings of "file" or "directory" were ignored in this case. Now they
166 are used. The path received from the router is in $address_file (as
167 before) and can therefore be included in the expansion.
168
16935. If a "save" command in a filter specifies a non-absolute path, the value of
170 $home/ is pre-pended. This no longer happens if $home is unset or is an
171 empty string. It is expected that the transport will complete the path (see
172 34 above). If there is an error before the path is complete, the local part
173 is logged as "save xxxx".
174
17536. If multiple "to file" deliveries are routed to the same transport, no
176 batching ever takes place, whatever the value of batch_max.
177
17837. If an address was redirected to an unqualified local part preceded by a
179 backslash, Exim was qualifying it with the qualify_domain, instead of with
180 the incoming domain.
181
18238. Minor rewording: header lines can be added by MAIL as well as RCPT: the
183 debug line mentioned only RCPT.
184
18539. DESTDIR is the more common variable that ROOT for use when installing
186 software under a different root filing system. The Exim install script now
187 recognizes DESTDIR first; if it is not set, ROOT is used.
188
18940. If DESTDIR is set when installing Exim, it no longer prepends its value to
190 the path of the system aliases file that appears in the default
191 configuration (when a default configuration is installed). If an aliases
192 file is actually created, its name *does* use the prefix.
193
19441. If an item in log_file_path was an empty string, Exim wrote the log to the
195 log directory in the spool directory. Now it takes notice of the
196 setting of LOG_FILE_PATH in Local/Makefile, and uses the first non-empty,
197 non-"syslog" item from that list. If there are none, it uses the ultimate
198 default of the spool directory.
199
20042. If there is a Reply-to: header line, but it is empty, $reply_address now
201 contains the From: address instead of being empty.
202
20343. Added -no-cpp-precomp to CFLAGS in OS/Makefile-Darwin. Without this, the
204 compiler provides a string for __DATE__ that does not conform to the
205 specification in the C standard. The option disables precompiled headers,
206 which should not have any bad effects, as pre-compiled headers are
207 supposedly just a performance enhancement at compile time.
208
20944. Refactoring: as there is now a flag that specifies whether or not a home
210 directory that is passed with an address is already expanded, we no longer
211 need the \N...\N fudge for home directories extracted from the password
212 data.
213
21445. Fixed an infelicity introduced by 4.14/71: The defaulting of the prefix,
215 suffix, and check string stuff in appendfile was happening when no
216 directory was supplied. Now it happens if no directory is supplied AND
217 maildir has not been specified.
218
21946. If expansion of the serverpassword in a spa authenticator or expansion of
220 server_condition in a plaintext authenticator is forced to fail,
221 authentication now fails (previously it gave a temporary error, which is
222 what happens for other expansion failures). This brings these
223 authenticators into line with cram_md5, where expansion of server_secret
224 has always behaved like this.
225
22646. Added new syslog facilities (courtesy Oliver Gorwits):
227
228 (i) SYSLOG_LOGS_PID and LONG_SYSLOG_LINES in src/EDITME.
229 (ii) syslog_facility and syslog_processname main options.
230
23147. Callout was using only the hosts from the router, ignoring the transport.
232 This has been changed. If (a) the router does not set up hosts (e.g. it's
233 an accept router) or (b) the smtp transport that is routed to has
234 hosts_override set, then the transport's hosts are used for callout
235 checking.
236
23748. When named lists were nested, and an inner list was resolved by a lookup
238 that saved data for, e.g. $domain_data, the data was associated with just
239 the outer list, though both were cached, so if a subsequent test was done
240 for the inner list, there was no domain data. Example:
241 domainlist A = lsearch;/a/b
242 domainlist B = lsearch;/c/d
243 domainlist C = +A : +B
244 A test on +C that matched, followed by a test on +A or +B would provoke
245 this bug. Now the data is saved with both the inner and the outer lists.
246
24749. When the log selector +address_rewrite is turned on, the log lines now
248 show where the rewritten address came from (which header line, envelope
249 field, or an SMTP command).
250
25150. If an integer or fixed point configuration value is too big to fit in
252 a 32-bit int, Exim now writes an error to the panic log and dies.
253
25451. Unknown SMTP commands are now assumed to be ones that need synchronization;
255 this means that a packet that contains more than one of them will cause the
256 connection to be dropped as soon as the first one is encountered.
257
25852. The "control" feature of ACLs was not permitted for the MAIL ACL (an
259 oversight). It now is allowed.
260
26153. Added the "discard" verb to ACLs.
262
26354. Fixed a theoretical bug observed by reading the code: if local_scan()
264 changed the number of recipients, output from the received_recipients log
265 selector would be incorrect.
266
26755. Added HAVE_ICONV to the os.h files for Linux, Solaris, HP-UX. This is for
268 use in the forthcoming Sieve addition to Exim.
269
27056. The behaviour of -t in the presence of Resent- headers has been changed,
271 for compability with Sendmail and other MTAs. Previously, Exim gave an
272 error, because it is not clear from RFC 2822 how this might be handled. It
273 turns out that MUAs don't seem to follow what RFC 2822 says, and any MUA
274 that uses -t with Resent- ensures that there is only one set of Resent-
275 header lines (usually by renaming others to X-Resent-xxx). So now Exim will
276 take recipients from all the Resent- header lines instead of the usual
277 ones.
278
279
280Exim version 4.14
281-----------------
282
283 1. Found another case where SIGCHLD is being ignored (a child process for
284 handling a filter file) and so the wait() doesn't find the subprocess. This
285 came to light as a result of extra logging introduced as part of the
286 4.12/14 fix. Now Exim is careful to set SIGCHLD handling to its default
287 (i.e. to be noticed) for this particular subprocess. (It already has this
288 code for other cases where it uses subprocesses.)
289
290 2. If ${run appeared in part of a conditional item that was being skipped, the
291 actual running of the command was not being skipped.
292
293 3. A bit of code tidying (refactoring): there were two functions that built
294 strings containing a host name and ident value for logging. There is now
295 only one. It is called in some additional places where previously just the
296 host name and address were given, so the wording of some log lines has
297 changed slightly.
298
299 4. Added support for Unix domain socket connection to PostgreSQL.
300
301 5. The number of unknown SMTP commands that Exim will accept before dropping
302 a connection can now be changed by smtp_max_unknown_commands. The default
303 value is 3. Previously, a fixed value of 5 was used. The final command is
304 now included in the log line.
305
306 6. The standard place for chown and chgrp in Linux is /bin, not /usr/bin, as
307 assumed by the exicyclog script. I've implemented a "look for it" feature
308 that makes exicyclog look in /bin, /usr/bin, /usr/sbin, and /usr/etc for
309 the commands chown, chgrp, mv, and rm if configured, and turned on this
310 feature for Linux. This should cope with old Linuxes that use /usr/bin.
311
312 7. Implemented .ifdef etc.
313
314 8. Installed signal handlers for SIGSEGV, SIGILL, SIGFPE, and SIGBUS while
315 running local_scan(), so that crashes therein get caught. A temporary error
316 response is sent for an SMTP message, and the spool is cleaned up.
317 Previously, a -D file was left lying around if there was a crash in
318 local_scan().
319
320 9. The ${quote: operator has been changed so that it turns newline and
321 carriage return characters into \n and \r, respectively.
322
32310. Added support for crypt16().
324
32511. Some restrictions on the use of "verify" in ACLs were too restrictive, and
326 have been relaxed. In particular, "verify = sender" is now permitted in the
327 ACL for the MAIL command, as well as those for RCPT and DATA.
328
32912. If local_scan() sets up recipient or errors_to addresses that are
330 unqualified (local parts without a domain) Exim now qualifies them using
331 the qualify_recipient domain.
332
33313. White space at the start of continuation lines in -be input was not being
334 ignored.
335
33614. Previously, if a MySQL query was issued that did not request any data (an
337 insert, update, or delete command), Exim gave a lookup error and deferred.
338 This case is now recognized, and the result of the lookup is now the number
339 of rows affected.
340
34115. A configuration error is given if tls_try_verify_hosts is set and
342 tls_verify_certificates is not set. (Exim already did this for
343 tls_verify_hosts.)
344
34516. Exim was trying to create a non-existent hints database even when it was
346 just opening it for reading. It called the creating function with the
347 O_RDONLY and O_CREAT flags. This works with many DB libraries, but it
348 not with DB 1.85, where a subsequent attempt to use the database gave the
349 error "Inappropriate file type or format". Exim now creates hints databases
350 only when it wants to open them for writing.
351
35217. If an ACL condition test set a default "message" value without a
353 "log_message" value, and there were no overriding messages in the ACL
354 itself, no message was logged. The user message is now logged.
355
35618. If callout made a connection, but it was dropped before the initial
357 welcome response was received, Exim logged "response to initial connection
358 was" with no further text. It now logs that the connection was dropped.
359 The wording of the logging for callout defers has been slightly changed so
360 as to reduce duplication.
361
36219. When multiple messages were sent using TLS over one connection, the
363 additional required EHLO that follows STARTTLS was being counted as a
364 nonmail command, and thus causing a problem if there were a lot of
365 messages. Similarly, a new AUTH that followed STARTTLS was being counted.
366 It is now possible to run with smtp_accept_max_nonmail set to zero in these
367 and other "normal" circumstances.
368
36920. During verify=sender, global rewriting rules are applied to the sender
370 address, and if it changes, $sender_address becomes the rewritten version.
371 Unfortunately, it was not getting updated until after the routers had been
372 run, so that if a router referred to $sender_address while verifying a
373 sender, the unrewritten value was used.
374
37521. The "random address" callout test was being done after the other tests.
376 This is silly, because if the host accepts all local parts, there isn't any
377 point in doing the other, more specific, tests. I changed things around so
378 that the "random" test (if configured) is done first.
379
38022. Expanded the wording for callout failures when MAIL FROM:<> or RCPT TO the
381 a postmaster address are rejected. Also include these words when a
382 rejection happens because of caching (when there isn't an actual SMTP
383 command/result to reflect).
384
38523. A new router condition called "address_test" (default true) can be used to
386 skip routers when testing addresses using -bt (compare no_verify). This can
387 be a convenience when your first router sends stuff to an external scanner.
388
38924. Testing for deliver_queue_load_max was happening inside the delivery
390 sub-process, when it could have happened outside, in the queue runner (thus
391 saving one process). This was a hangover from Exim 3, where there were
392 other load tests to be done. The code has been tidied.
393
39425. Code tidy: the driver_info generic structure contained a field that
395 might, on 64-bit systems, not have been compatible with the fields in the
396 structures of which it is supposed to be a subset. It turns out that this
397 field and another are not actually used generically, so removing them from
398 the structure solves the problem.
399
40026. Added server_advertise_condition to authenticators.
401
40227. The exim_checkaccess utility wasn't sending a HELO command; this matters
403 now that it's possible to have an ACL that checks HELO/EHLO.
404
40527. Added the ldap_version option to force a specific LDAP version.
406
40728. Renamed the variable verify_address in exim.c as verify_address_mode,
408 because it had the same name as the verify_address() function, which was
409 confusing.
410
41129. Added authenticated_sender to the smtp transport.
412
41330. When the skip_syntax_errors option is applied to a filter file, it covers
414 all filtering errors, some of which may not be strictly "syntax" (for
415 example, failure to open a log file). The wording of the message has been
416 changed to use "error" instead of "syntax error", to reduce confusion. Also
417 the subject of the message sent by syntax_errors_to is now "error(s) in
418 forwarding or filtering" instead of "syntax error(s) in address expansion".
419
42031. Added -restore-times to the exim_lock utility.
421
42232. Changes to the handling of the "phrase" parts of email addresses:
423
424 (i) Re-organized the code to use a supplied instead of an implied buffer,
425 and a length instead of expecting a terminated string.
426
427 (ii) Changed from using the macro mac_isprint() to an explicit test for
428 ASCII non-printing characters, because the macro pays attention to
429 print_topbitchars, which is not correct here.
430
431 (iii) If a rewritten address contained a "phrase" (whether or not the "w"
432 flag was present on the rewrite rule), but the actual address was
433 unqualified (had no domain) and was expected to be qualified by the
434 "Q" flag, Exim screwed up and created an illegal address.
435
436 (iv) When a header address is rewritten by a rule that includes the "w"
437 flag, the parts of the address outside <> are now encoded according
438 to RFC 2047 if necessary (assuming ISO-8859-1 encoding).
439
44033. Added the ${rfc2047 and ${from_utf8 expansion operators.
441
44234. The file names used for maildir deliveries have been changed, to accomodate
443 operating systems that may re-use a PID within one second. The file name
444 now include the microsecond time fraction, and the delivery process does
445 not exit until the clock is at least one microsecond after the time used in
446 the file name. The code copes with the clock going backwards (it waits
447 till time catches up).
448
44935. The rules for creating message ids have been changed to allow for the fact
450 that a PID may be re-used within one second. As part of this change, the
451 range of localhost_number has been reduced to 0-16 for most systems, and
452 0-10 for those with case-insensitive file systems (Cygwin, Darwin).
453
45436. Code tidy: there was a local count of non-TCP/IP messages that duplicated
455 the global receive_messagecount (used for accept_queue_per_connection).
456
45737. verify = header_syntax was allowing unqualified addresses in all cases. Now
458 it allows them only for locally generated messages and from hosts that
459 match sender_unqualified_hosts or recipient_unqualified_hosts,
460 respectively.
461
46238. If PAM was called with an empty first string, it called the data function
463 to get the user name, thereby getting the second string by mistake. If this
464 was also null (empty passwords are permitted), there was an infinite loop.
465 An empty user name is not now passed to PAM; authentication is forcibly
466 failed instead. Also, if the end of the list of strings is reached, an
467 empty string is passed back just once; a subequent call for data provokes
468 an error response.
469
47039. If a reverse DNS lookup yields an empty string, treat it as if the lookup
471 failed. (Apparently such records have been seen. Sigh.)
472
47340. Added the -bnq command line option to suppress automatic qualification of
474 addresses in locally submitted messages.
475
47641. Header texts supplied by options to the autoreply transport may now contain
477 newlines that are followed by whitespace. (This was allowed from a filter,
478 but not from the transport.)
479
48042. Patch for < > problems in eximstats 1.23.
481
48243. Re-arranged the code to make it easier in future to add additional filter
483 types.
484
48544. Added support for changing the connection timeout in LDAP; this is
486 something that's available in Netscape SDK 4.1. Exim uses the given value
487 if LDAP_X_OPT_CONNECT_TIMEOUT is defined.
488
48945. When Exim was setting a daemon listener on multiple interfaces, including
490 listening on "all IPv6" and "all IPv4" interfaces, it was binding all the
491 sockets, and then calling listen() for each of them. On some IP stacks, a
492 listen for "all IPv4" fails after listening for "all IPv6" because a single
493 socket catches both kinds of call. Exim coped with this, but it turns out
494 that on a USAGI-patched Linux, this logic doesn't work unless the "listen",
495 as well as the "bind" has been done for the IPv6 socket first. The order of
496 the functions has now been changed. Instead of "bind, bind ... listen,
497 listen..." it now does "bind, listen, bind, listen, ...". Also, the failure
498 happens in the bind() rather than in the listen(), so there are now two
499 checks, which hopefully will handle all kinds of IP stack.
500
50146. IPv6 addresses have "scopes", and a host with multiple interfaces can, in
502 principle, have the same link-local addresses on different interfaces.
503 Thus, they need to be distinguished, and a convention of using a percent
504 sign followed by something (often the interface name) is being used, for
505 example: 3ffe:2101:12:1:a00:20ff:fe86:a061%eth0. Two changes have been made
506 to accommodate this:
507
508 (a) A percent sign followed by an arbitrary string is allowed at the end of
509 an IPv6 address.
510
511 (b) Exim calls getaddrinfo() instead of inet_pton() to convert a textual
512 IPv6 address for actual use. This function recognizes the percent
513 convention in some operating systems.
514
51547. Additional debugging inserted for the case of forced failure when expanding
516 an item in a list.
517
51848. A new debugging selector +expand has been added. This is not included in
519 the default set of selectors. It requests detailed debugging information
520 for string expansions.
521
52249. Failure to open the main log results in a panic-die, but the original line
523 that was being logged could be lost. It is now output to stderr if there is
524 a stderr file.
525
52650. When Exim starts, it checks for the existence of its spool directory, and
527 creates it if necessary. Unfortunately, it was doing this after the code
528 for logging arguments. Thus, if the spool did not exist, trouble ensued.
529
53051. The log line for an ACL warning after a sender verify callout failure was
531 not showing the details, unlike the log line for a deny. They are now shown
532 in a similar way.
533
53452. For reasons lost in the mists of time, when a pipe transport was run, the
535 environment variable MESSAGE_ID was set to the message ID preceded by 'E'
536 (the form used in Message-ID: header lines). The 'E' has been removed.
537
53853. Updated the QNX configuration files for QNX 6.2.0.
539
54054. The "*@" type partial matching for single-key lookups was broken in
541 releases after 4.10. Exim looked for *@xxx but, if that failed, it wasn't
542 going on to look for "*".
543
54455. Included eximstats 1.25 in the source tree.
545
54656. Changed log wording from "Authentication failed" to "<name> authenticator
547 failed", where <name> is the name of the authenticator.
548
54957. gcc 3.2.2 warned about a selection of places where string casts were
550 needed.
551
55258. Exim monitor: the use of one_time redirection could cause addresses to be
553 displayed with incorrect "parent" addresses after the one_time
554 re-arrangement had taken place. They should be shown with no parents,
555 because the parentage has been removed.
556
55759. Arranged to keep independent timestamps for postmaster and random checks in
558 callouts, and not to do unnecessary tests for postmaster when testing
559 individual addresses.
560
56160. Incorporated PCRE release 4.0.
562
56361. Added ${hex2b64: operator.
564
56562. Added $tod_zulu.
566
56763. Added ${strlen: operator.
568
56964. Added ${stat: operator.
570
57165. When Exim is receiving multiple messages on a single connection, and
572 spinning off delivery processess, it sets the SIGCHLD signal handling to
573 SIG_IGN, because it doesn't want to wait for these processes. However,
574 because on some OS this didn't work, it also has a paranoid call to
575 waitpid() in the loop to reap any children that have finished. Some
576 versions of Linux now complain (to the system log) about this "illogical"
577 call to waitpid(). I have therefore put it inside a conditional
578 compilation, and arranged for it to be omitted for Linux.
579
58066. Added settable variables $acl_c0 - $acl_c9 and $acl_m0 - $acl_m9 for use
581 during ACL processing.
582
58367. Added "defer" command to system filter.
584
58568. X options such as -bg or -geometry that were added to an eximon command
586 were being lost as a result of a bug introduced by 4.12/6.
587
58869. The "more" and "unseen" generic router options can now be expanded strings.
589
59070. The "once_repeat" option in the autoreply tranport is now an expanded
591 string.
592
59371. If maildir_format is set on an appendfile transport that is referenced from
594 an file_transport setting in a redirect router, it forces maildir delivery,
595 even if the path given in the filter does not end with '/'.
596
59772. Fixed three bugs in ${readsocket:
598 (i) If the operation failed, and a failure string was given, "}}" was
599 erroroneously added to it.
600 (ii) If the operation succeeded, but a failure string was present, "}" was
601 added to the expanded data.
602 (iii) The alarm for the timeout was set with signal() instead of with
603 os_non_restarting_signal(), which meant that it only worked on those
604 OS whose default is not to restart an interrupted system call.
605
60673. A complete host name (no wildcards) in a host list causes a forward lookup
607 for the IP address. If this failed, Exim was behaving as if the host didn't
608 match the list, instead of giving an error (as it does when a reverse
609 lookup fails).
610
61174. If router_home_directory was passed on as a home directory for a local
612 transport, it was being re-expanded in the transport. This has been changed
613 so that the expanded value is passed from the router to the transport, and
614 no re-expansion takes place.
615
61675. When a redirect router generated a pipe, file, or autoreply, the values of
617 $domain_data and $localpart_data were not being propagated to the
618 transport.
619
62076. The macros MESSAGE_ID_LENGTH and SPOOL_DATA_START_OFFSET are now defined in
621 local_scan.h so that they are available to local_scan() functions.
622
62377. Changes to the SMTP PIPELINING support:
624
625 (1) Exim used always to accept pipelined commands, even when it hadn't
626 advertised PIPELINING (i.e. when EHLO had not been received). Now it
627 objects unless PIPELINING has been advertised.
628
629 (2) Advertising PIPELINING to specific hosts can be disabled via the new
630 option pipelining_advertise_hosts.
631
63278. The acl_smtp_connect ACL was not being run for -bs input when no IP address
633 was supplied via -oMa.
634
63579. A "mail" command in a filter could cause a crash if the list of recipients
636 for the "to:" line was excessively long - this showed up in a reply to
637 a message with a ridiculously long Reply_to: header line.
638
63980. Added allow_utf8_domains.
640
64181. Added $rh_ and $rheader for "raw" header expansion.
642
64382. Added smtp_accept_max_nonmail_hosts.
644
64583. Extended ${stat (see 64 above) to add smode=symbolic mode.
646
64784. Added default logging for host and IP lookup failures, with a log selector
648 called host_lookup_failed to turn it off.
649
65085. Added header_maxsize and header_line_maxsize.
651
65286. If a RCPT ACL made use of "verify = sender" without callout, followed by
653 another use with callout, and the callout failed, the caching was broken
654 such that for a subsequent RCPT command, the first callout failed
655 incorrectly. The caching of sender verification has been fixed so that it
656 now remembers that the routing succeeded even when the callout fails.
657
65887. Added errno and strerror(errno) to the log line for a failure to lock the
659 -D file when receiving a message.
660
66188. If router with check_local_user set up a local delivery, and no user was
662 specified on the transport, and errors_to on the router specified an
663 address whose verification also invoked check_local_user, the wrong uid/gid
664 was used for the transport. It used the uid/gid of the errors_to address
665 instead of the uid/gid of the original local part.
666
66789. If log_file_path=:syslog was set, to use the default log path and also
668 syslog, and check_log_space was also set, Exim was confused, and refused to
669 accept messages, giving the error "cannot find slash in ".
670
67190. If a router stripped a prefix or a suffix from a local part, and then
672 routed that address to an smtp or lmtp transport, the address that was
673 sent in the RCPT command did not have the affixes stripped.
674
67591. For BSMTP delivery by appendfile or pipe, the address given in the RCPT
676 command did not preserve the case of the envelope address, as it is
677 supposed to.
678
679
680Exim version 4.13
681-----------------
682
683There was no 4.13. I accidentally put out a fixed version of 4.12 (a typo was
684discovered very soon after release) that verified itself as 4.13. This too was
685hastily fixed, but it seems best not to use the number, to avoid confusion.
686
687
688Exim version 4.12
689-----------------
690
691 1. Update to change 4.11/82: for the max number of processes, set
692 RLIM_INFINITY if it is defined.
693
694 2. An expansion ${run{xxx}} where xxx was a successful command that produced
695 no output caused Exim to crash.
696
697 3. Some artificial delays of 1 second existed when running in the test
698 harness, to ensure repeatability of debugging output. Now that we have
699 the millisleep() function, these can be shorter.
700
701 4. Change 4.11/30 below overlooked the case when an address gets a 4xx
702 response from a server. Because this isn't a host problem, the host does
703 not get delayed, and it gets tried every time the address is OK'd for
704 routing, with the same reponse. However, if hosts_max_try is set, because
705 not all the hosts were tried, the address does not time out. I've changed
706 things so that if there is a 4xx response to a RCPT command, the host in
707 question does not count towards hosts_max_try if the message is older than
708 the host's maximum retry time. This means that other hosts are always tried
709 in this circumstance; if the address gets 4xx errors from all of them, it
710 will eventually time out.
711
712 5. If a retry rule for a host had no actual retry times specified, it could
713 cause a crash when checking the ultimate address timeout. (Very old bug,
714 spotted in passing, so probably never bothered anybody.)
715
716 6. Change 135 below broke the following scripts when a list of configuration
717 files was given: exicyclog, exim_checkaccess, eximon, exinext, and exiwhat.
718 In practice, if exim_path was not specified in the configuration file (a
719 common case), things would probably work OK. However, the use of
720 CONFIGURE_FILE_USE_NODE definitely did not work. These scripts have now
721 been updated to fix this problem. They now search for the configuration
722 file in the same way Exim itself does: for each name in the list, the
723 "noded" file is tried first, then the unsuffixed file.
724
725 7. If a WARN verb in an ACL did not specify an explicit "message" modifier,
726 and was triggered by a failing sender or recipient verification, the
727 response that would have been sent as an SMTP message for a DENY verb was
728 incorrectly being added to the message's headers.
729
730 8. I screwed up change 4.11/155. For lookup types whose names were prefixes of
731 other lookup types (e.g. nis and nisplus, dbm and dbmnz), the new search
732 function didn't do the correct comparison, meaning that the wrong lookup
733 type could be found.
734
735 9. Solaris seems to be one of the LDAPs that doesn't have the lud_scheme
736 member of the LDAPURLDesc structure. Since the check that is made on it
737 is only to double check that a path is given for ldapi, I've just removed
738 the test in the Solaris case.
739
74010. The modified TextPop.c source in the Exim monitor had declarations of errno
741 and sys_nerr which never were actually referenced. The second of these
742 caused trouble on Darwin, so I've removed both of them. Why were they
743 there? Who knows? This is ancient X code...
744
74511. The DEFER ACL verb crashed if no "message" modifier was set.
746
74712. The check on incoming messages that gives the error "too many non-mail
748 commands" was too strict. In the case of Exim sending to Exim, when the
749 client has queued messages for the server and is using TLS, it will close
750 and re-initialize TLS between messages (because the client has to hand the
751 SMTP connection to a new process). STARTTLS was being counted as a non-mail
752 command, and therefore could cause the limit to be hit. The revised code
753 now allows for one RSET, one HELO or EHLO, and one STARTTLS between each
754 message without counting them as non-mail commands. (One RSET was
755 previously allowed - I *had* spotted that case.)
756
75713. Some log lines for rejections by ACL were putting ident values in
758 parentheses instead of using U= after H=. (There are some other lines that
759 do use parens, typically when the host name appears without H= within a
760 message. This whole area could perhaps do with tidying up.)
761
76214. When processing a redirection file happens in a subprocess (typically so
763 that a .forward file is processed as the user), Exim was assuming that a
764 call to wait() would always reap the subprocess, and it was failing to
765 check the result. In theory, a signal of some sort occurring at the wrong
766 time could break this assumption - the process was then left unreaped, and
767 could possibly be picked up later during deliveries, thus confusing that
768 code ("processes got out of step"). This is conjecture - I haven't got a
769 definite test of this. However, I have fixed the code to repeat the wait
770 after a signal.
771
77215. When Exim was waiting for a remote delivery subprocess, and the waitpid()
773 call found a process that was not in the list of remote delivery processes,
774 Exim gave up waiting for remote processes. It is probably better just to
775 ignore the unexpected process (though, of course, write to the main and
776 panic logs) and to wait for another process, and so that is what now
777 happens. If the error situation is caused by failed waiting logic for
778 routing or local delivery processes, this approach will minimize bad
779 behaviour, I hope.
780
781
782Exim version 4.11
783-----------------
784
785 1. Ignore trailing spaces after numbers in expansion comparisons such as
786 ${if > { 5 } { 4 } ... (leading spaces were already ignored).
787
788 2. Two variables, $warnmsg_delay, and $warnmsg_recipients, had got left with
789 their old Exim 3 names, when I meant to change to "warn_message", along
790 with the warn_message_file option. They have now been changed. The old
791 names remain as synonyms, but will be undocumented in due course.
792
793 3. The message "This message was created automatically by mail delivery
794 software (Exim)." still confuses people. If they are sufficiently Internet-
795 ignorant, they think the message has come from exim.org. At first, I
796 changed thw wording to "This message was created automatically by mail
797 delivery software (Exim) running on a mail server handling mail for <the
798 qualify domain>." in the hope that that might be better. However, in
799 testing that still proved confusing on servers handling multiple domains.
800 The message has now reverted to the original, simple wording: "This message
801 was created automatically by mail delivery software."
802
803 4. It has been discovered that, under Linux, when a process and its children
804 are being traced by "strace -f", the children are stolen from the parent
805 while they are being traced. A call to waitpid(-1,&x,NOHANG), which Exim
806 uses to test for the completion of "any of my children" in a non-blocking
807 manner, returns as if there are no children in existence. Exim used treat
808 this as a serious unexpected error state. What it does now is to use
809 kill(pid,0) to check explicitly for the continued existence of any of its
810 children. If it finds any, it assumes it is being traced, and proceeds as
811 if the return from waitpid() had been "none of your children have finished
812 yet". If it can't find any children, it gives the error as before.
813
814 5. When Exim creates hints databases and their lock files as root, it needs to
815 change their ownership to exim. In Exim 3, the function to open a hints
816 database wasn't called as root very often, and the check "are we running as
817 root?" would usually fail. However, because Exim 4 eschews the use of
818 seteuid(), it runs all its routing as root, and this always calls the hints
819 database opening function. It wasn't noticing when it was actually creating
820 the database, and so it was running chmod() on all the files in the db
821 directory every time. This does no harm, of course, but wastes resources.
822 Exim now detects when the database was already in existence by opening
823 without O_CREAT at first. If this succeeds, it doesn't do the root test.
824
825 6. The line in MakeLinks that creates a link for direct.c had been
826 accidentally left in (cf 4.03/6).
827
828 7. The value of $0 in the replacement in a rewriting rule was being corrupted,
829 leading to incorrect results or error diagnostics.
830
831 8. Added support for ldapi:// URLs to the LDAP lookups (OpenLDAP only). Also,
832 re-organized the code to use ldap_initialize() with OpenLDAP in all cases
833 (it seems to be preferred).
834
835 9. With OpenLDAP 2.0.25, ldaps:// doesn't seem to work unless the LDAP
836 protocol level is set to 3. This is now standard in the Exim code, as v3
837 has been around for 5 years now. Testing ldaps:// is now included in the
838 Exim test suite. Although earlier versions claimed to support it, I rather
839 suspect that it never worked.
840
84110. Inserted some checking of the syntax of the IP address given as the first
842 argument to the exim_checkaccess utility. This gives a better error
843 message, especially in the case when somebody gets the arguments in the
844 wrong order.
845
84611. Improved the panic log entry if an unsupported format type is passed to
847 string_vformat() (now gives the whole format string, not just the little
848 bit that's wrong).
849
85012. Ever since its early days, Exim has checked the syntax of non-SMTP
851 addresses according to RFC [2]822 rules, rather than the stricter RFC
852 [2]821 rules that it uses for SMTP. This allows for a wider set of
853 characters in domains. This has now caused a problem, because I forgot
854 about it when making some changes to the format of spool files (see
855 3.953/44, 4.03/10, and 4.04/1). I can't believe that anybody actually makes
856 use of this feature (which isn't documented), so I have removed it. All
857 domains must now conform to RFC [2]821 rules. A non-SMTP message with a
858 domain that would previously have been accepted will now be bounced.
859
86013. If widening a domain in a dnslookup router made it syntactically invalid,
861 the error message quoted the original domains instead of the widened
862 domain.
863
86414. During a queue run initiated by -R or -S (or by -i when the use of message
865 logs is disabled), if Exim encountered a message with certain
866 characteristics (including text for $local_scan_data, and the setting of
867 the "manually thawed" flag), this data was not correctly reset for
868 subsequent messages. So if they didn't have those settings themselves,
869 strange things could occur.
870
87115. With the "percent hack" enabled for percenthack.domain, if a message had
872 two addresses such as X%some.domain@percenthack.domain and X@some.domain,
873 Exim was not recognizing the duplication, and was making two deliveries
874 instead of one.
875
87616. The output from verification (for -bv and VRFY) used to list a child
877 address when verification was applied to children (this happens, for
878 example, for aliases that generate just a single child). Now it lists only
879 the original address.
880
88117. Changes 34 and 35 of 4.10 did not wholly solve problems with widened
882 domains. The following bug still existed:
883
884 . A recipient address was abbreviated (e.g. one component).
885 . A dnslookup router caused it to be widened.
886 . The new domain was a local domain.
887 . The address was redirected to itself.
888
889 At this point, Exim thought it was a duplicate, and discarded it.
890
891 This whole thing turned out to be a large can of worms, so I have reworked
892 the address widening code. This should get rid of all these problems.
893 Widening now appears similar to redirection, with the unwidened address
894 becoming a proper parent address. As part of this, there has been some
895 general re-organization of the way addresses are handled.
896
89718. When a filter generated only "unseen" deliveries, the normal delivery that
898 happened subsequently lost any value of address_data that was previously
899 set. The handling of values like that that are propagated from parents to
900 children has been reworked.
901
90219. Added smtp_return_error_details and the check_postmaster option for address
903 verification callouts.
904
90520. Long SMTP responses (from ACL messages or wherever) are now automatically
906 split up into multi-line responses if possible. The split happens at an
907 occurrence of ": " if present after 40 characters. Otherwise it happens at
908 the last space before 75 characters. Existing newlines in the message are
909 taken into account.
910
91121. When verify = header_sender is set, a different error message is now given
912 if a syntax is detected, as opposed to failure to verify.
913
91422. Extended the general mechanism for ${quote_lookuptype:...} expansions by
915 allowing for an option to be given after the lookup name, for example
916 ${quote_ldap_dn:...}. Unrecognized options cause errors.
917
91823. Re-worked the quote_ldap expansion items to provide two different kinds of
919 quoting, since the requirements of filter strings and DNs are different.
920 Sigh. Arranged for the DN given in the USER= setting to be de-URL-quoted
921 because not all libraries do it themselves.
922
92324. The handling of responses from LDAP searches wasn't right. It was detecting
924 situations of the form "ldap_result failed internally or couldn't provide
925 you with a message" but not "the server has reported a problem with your
926 search". This has now been tidied up (thanks, Brian). Problems of the
927 latter kind are now handled as follows:
928
929 (1) For LDAP_SIZELIMIT_EXCEEDED, the truncated list of results is
930 returned. This is what happened before.
931
932 (2) For a small set of errors that, in effect, mean "that object does
933 not, or cannot, exist in the database", the lookup fails. This is
934 also as before.
935
936 (3) For other problems, the lookup defers, giving the LDAP error.
937
93825. Added $ldap_dn to hold the DN of the last entry retrieved in the most
939 recent LDAP lookup.
940
94126. Exim was not checking for the LDAP_INVALID_CREDENTIALS error when
942 ldap_bind() failed during an ldapauth call. With (at least) OpenLDAP2, the
943 connection to the server doesn't happen until ldap_bind(), so failures to
944 connect were being treated as authentication failures, and given hard
945 errors. Now, all errors other than LDAP_INVALID_CREDENTIALS are treated the
946 same way for all calls to ldap_bind(), whether ldaputh or otherwise. They
947 lead to temporary errors - if there are more servers, they will be tried.
948
94927. If there was a reference to a non-existent named list, for example, a
950 setting such as "senders = +something", but no lists of that type were
951 actually defined, Exim misbehaved. For an address list, it treated the name
952 as a domain list. For a domain list, it just didn't match. Now it gives a
953 panic error about a non-existent named list (as it always did if there were
954 named lists of the appropriate type). The error now tells you what type of
955 list it thought it was looking for.
956
95728. When -bt or -bv is used by a non-admin user, and there is some kind of
958 DEFER (e.g. database unreachable), details of the failure are no longer
959 given, because they may include private data such as the password for an
960 LDAP lookup.
961
96229. The logic for using a remote host name as a key for looking up retry rules
963 in preference to the domain of the email address was broken. It wouldn't
964 find such retry rules.
965
96630. There were some problems with the action of hosts_max_try in the smtp
967 transport where there were indeed more hosts available than the limit.
968
969 (a) Exim used to time out an address out if all the hosts that were tried
970 were past their retry limits, ignoring the state of any hosts that were
971 not tried because the hosts_max_try limit was reached. Now it won't
972 time out an address unless all its hosts are actually considered and
973 are past their retry limits.
974
975 (b) Hosts that are past their retry limits are no longer counted for
976 hosts_max_try. This means that when some hosts are in this state, a
977 greater number of hosts are tried than before, but this is the only way
978 to ensure that all hosts are considered before timing out an address.
979
980 (c) When the hosts_max_try limit is reached, Exim now looks down the host
981 list to see if there is a subsequent host with a different MX. If there
982 is, that host is used next, and the current host is not counted. More
983 details in NewStuff.
984
98531. The source for spa authentication (taken from the Samba project) used the
986 type "int16". This has caused compilation problems in some systems that
987 happen to have a different definition of it. (Naughty, naughty, non-
988 standard.) I've renamed all the defined types by adding "x" on the end.
989
99032. When a delivery that used authentication was run with -v (which an
991 unprivileged user can use) it included the authentication data when it
992 showed the SMTP transaction. Such data is now replaced by asterisks in any
993 reflection of the SMTP commands. This also applies if the command is logged
994 as a result of an error response.
995
99633. Some little problems in queue runs:
997
998 (a) The reading end of the synchronising pipe was being left open in the
999 delivery subprocess. This caused no harm, but used up a file
1000 descriptor till that series of deliveries was done.
1001
1002 (b) If the load level got high enough to abandon a queue run, the
1003 synchronizing pipe was accidentally not closed. Normally, this wouldn't
1004 matter, because the queue runner process would finish any way, but...
1005
1006 (c) If split_spool_directory was set without queue_run_in_order, the code
1007 for abandoning a queue run because of too high load didn't stop
1008 cleanly. Instead, it went on to look at the remaining subdirectories.
1009 Each one would then notice the high load, and abort. Not only was this
1010 a waste of time, but because of (b) above, it used up one file
1011 descriptor per subdirectory. With up to 62 subdirectories, this could
1012 hit the limit of file descriptors if it was as low as 64 (which it
1013 sometimes is).
1014
101534. Added SYSTEM_ALIASES_FILE to the build-time configuration, and the ability
1016 to set ROOT= when installing. Removed installation instructions for the
1017 info version of the overview document, because that document no longer
1018 exists for Exim 4.
1019
102035. Added a total line to exiqsumm.
1021
102236. convert4r4 can now handle "optional" for single-key lookups in aliasfile
1023 directors.
1024
102537. Change 4.03/25 (making convert4r4 double colons in require_files lists) was
1026 incomplete. It worked for routers, but not for directors.
1027
102838. After verify=recipient in an ACL, the value of $address_data is the last
1029 value that was set while routing the address.
1030
103139. Included eximstats 1.22.
1032
103340. If a delivery of another message over an existing SMTP connection yields
1034 DEFER, we do NOT set up retry data for the host. This covers the case when
1035 there are delays in routing the addresses in the second message that are so
1036 long that the server times out. This is alleviated by not routing addresses
1037 that previously had routing defers when handling an existing connection,
1038 but even so, this case may occur (e.g. if a previously happily routed
1039 address starts giving routing defers). If the host is genuinely down,
1040 another non-continued message delivery will notice it soon enough.
1041
104241. Added quota_directory to appendfile.
1043
104442. Changed the order of processing configuration input lines. Previously, it
1045 was comment, .include, continuation, macro expansion, comment again (in
1046 case a macro turned a logical line into a comment). This meant that macros
1047 could not be used in .include lines. The order is now macro, comment,
1048 .include, continuation. That is, macro expansion is done on physical lines,
1049 not on logical lines.
1050
105143. Improved the error message if an option-setting line in the configuration
1052 does not start with a letter. (It used to say 'option "" unknown'.)
1053
105444. Allow -D to set a macro to the empty string. Previously it would have
1055 moved on to the next commandline item. This seems pointless. Either -DXX or
1056 -DXX= sets an empty string.
1057
105845. Changed OS/Makefile-FreeBSD thus:
1059
1060 EXIWHAT_MULTIKILL_CMD='killall -m'
1061 EXIWHAT_MULTIKILL_ARG='^exim($$|-[0-9.]+-[0-9]+$$)'
1062
1063 This is because, with the Exim standard installation using a symbolic link,
1064 the name of the running program is not "exim" but (e.g.) "exim-4.10-1".
1065
106646. An Exim server now accepts AUTH or STARTTLS commands only if their
1067 availability has been advertised in response to EHLO.
1068
106947. A few source changes to avoid warnings from very picky compilers that don't
1070 complain about unset variables when the only setting is by passing the
1071 address to another function.
1072
107348. Added -d+pid to force the adding of the pid to all debug lines. Default it
1074 on when the daemon is run with any debugging turned on. (Pids are still
1075 automatically added when multiple deliveries are run in parallel.)
1076
107749. Included Matt Hubbard's exiqgrep utility.
1078
107950. Give error for two routers, transports, or authenticators with the same
1080 name. (It already caught duplicate ACLs.)
1081
108251. If a host has more than MAX_INTERFACES interfaces (common for hosts with a
1083 slew of virtual interfaces), and Exim had to find the list of local
1084 interfaces, it ran off the end of the list that the ioctl returned. I had
1085 assumed the length would be set to correspond to the amount of data
1086 returned - but in at least one OS it is set to the actual number of
1087 interfaces, even if they don't all fit in the buffer.
1088
108952. Nit-picking changes to store.c. It was assuming the length of the
1090 storeblock structure would be a multiple of the alignment, which is almost
1091 certainly "always" true. However, just in case it might not be it is now
1092 rounded up. For some long-forgotten reason, Exim was getting blocks of
1093 store of the size (8192 - alignment), which seems strange. I've changed it
1094 to plain 8192.
1095
109653. Added functions to compute SHA-1 digests, added the ${sha1: expansion
1097 operator, added support for {sha1} to crypteq.
1098
109954. When local_scan() times out, include the message size in the log line.
1100
110155. If a pipe transport had no command specified, and the address also had
1102 no command associated with it, the transport process crashed. Now it defers
1103 with a suitable message.
1104
110556. An Exim server output mangled junk if it received a HELP command on an
1106 TLS-encrypted session.
1107
110857. The output from -bV (and at the start of debugging) now lists the optional
1109 items included in the binary (which routers, etc). The debugging output now
1110 includes the name of the configuration file at its start.
1111
111258. Added support for GnuTLS as an alternative to OpenSSL.
1113
111459. Give a configuration error if tls_verify_hosts is set, but tls_verify_
1115 certificates is not set. It doesn't make sense to require some hosts to
1116 verify if there's nothing to verify against.
1117
111860. A pipe transport may now have temp_errors = * to specify that all errors
1119 are to be treated as temporary.
1120
112161. The lmtp transport can now handle delivery to Unix domain sockets.
1122
112362. Added support for flock() to appendfile, for those operating situations
1124 that need it. Not all OS support flock().
1125
112663. It seems that host lists obtained from MX records often turn out to have
1127 duplicate IP addresses, especially for large sites with many MXs and many
1128 hosts. Exim now removes duplicate IP addresses. (Previously, it removed
1129 only duplicate names.)
1130
113164. If ${readfile was inside a substring that was not part of the final
1132 expansion value (because its condition wasn't met), Exim still tried to
1133 read the file. This made an "exists" test for the file useless.
1134
113565. Added ${readsocket to the expansion facilities.
1136
113766. It is now possible to set errors_to to the empty string in routers.
1138
113967. Added disable_logging as a generic transport and a generic router option.
1140
114168. Applied Stefan Traby's patch to support threaded Perl. As I don't have a
1142 threaded Perl, I can't test that this fixed the problem, but it doesn't
1143 appear to break the non-threaded case.
1144
114569. For SPA (NTLM) client authentication, the options are now expanded.
1146
114770. Added support for SPA server authentication, courtesy of Tom Kistner.
1148
114971. Latest versions of TCPwrappers use the macro HAVE_IPV6 inside the tcpd.h
1150 header, it appears, and this clashes with Exim's use of that macro.
1151 Renaming it for Exim is an incompatible change, so instead I've just
1152 arranged that HAVE_IPV6 is undefined while including the tcpd.h header.
1153
115472. Mac OS 10.2 (Darwin) has IP option support that looks like the later
1155 versions of glibc, but without the __GLIBC__ macro setting. I've added a
1156 new macro called DARWIN_IP_OPTIONS, and tidied up the code in smtp_in.c to
1157 simplify the handling of the three different ways of doing this.
1158
115973. If no "subject" keyword is given for a "vacation" command in a filter, the
1160 subject now defaults to "On vacation".
1161
116274. Exim now counts the number of "non-mail" commands in an SMTP session, and
1163 drops the connection if there are too many. The new option
1164 smtp_accept_max_nonmail option defines "too many". This catches some DoS
1165 attempts and things like repeated failing AUTHs.
1166
116775. Installed configuration files for OpenUNIX.
1168
116976. When a TLS session was started over a TCP/IP connection for LMTP, Exim was
1170 sending EHLO instead of LHLO after the encrypted channel was established.
1171
117277. When an address that was being verified routed to an smtp transport whose
1173 protocol was set to LMTP, the SMTP callout used EHLO instead of LHLO.
1174
117578. Installed eximstats 1.23 in the distribution.
1176
117779. Installed a new set of Cygwin-specific files from Pierre Humblet.
1178
117980. Added caching for callout verification.
1180
118181. Added datestamped logs and $tod_logfile.
1182
118382. When Exim starts up with root privilege, set a high limit (1000) for the
1184 number of files that can be open and the number of processes that can be
1185 created (on systems where this is possible), in case Exim is called from a
1186 restricted environment.
1187
118883. Minor bugfix in appendfile: when renaming failed for a file whose name was
1189 extended with a tag, the untagged name was shown in the error message.
1190
119184. If Exim's retry configuration was changed so as to bounce a certain
1192 delivery failure immediately, for example to bounce quota errors:
1193
1194 * quota
1195
1196 and there were messages on the queue that had previously been deferred
1197 because of this error, Exim crashed when trying to deliver them in a queue
1198 run. Now it will make one more delivery attempt and bounce on failure.
1199
120085. Fixed an obscure problem that arose when (a) an address was redirected
1201 to itself, AND (b) the message was not delivered at the first attempt, AND
1202 (c) the pattern of redirection was changed at the next delivery attempt.
1203 When an address is redirected to the same address, Exim labels the new
1204 address as "2nd generation", and so on, in order to distinguish these
1205 homonym addresses from each other. Previously, it recorded the delivery of
1206 a homonym address as a delivery of the appropriate generation. This does
1207 not work if the generation numbers change at the next delivery attempt. The
1208 symptoms can be either duplicated deliveries, or missing deliveries,
1209 depending on the configuration.
1210
1211 A real-life example is a configuration that takes "unseen" copies of
1212 messages at certain times only, because an "unseen" router in effect does a
1213 redirection to a modified address (the unseen delivery) and to the original
1214 address (for normal delivery). Thus the normal delivery can be either the
1215 1st or 2nd generation, depending on whether or not the unseen router is
1216 triggered at the time of delivery.
1217
1218 The fix is not to record a delivery to a homonym address as such, but
1219 instead to record a delivery to the original address by the final
1220 transport. If the same address is subsequently routed to the same transport
1221 (whichever generation it now is), the delivery is discarded because it has
1222 already happened. Homonym addresses that are themselves redirected are now
1223 never recorded as "done", but non-homonym addresses are unaffected, so they
1224 are marked when all their children are complete (as before), thus saving
1225 an unnecessary subsequent expansion.
1226
1227 The fix causes more routing processing to be done when homonyms are in use
1228 and a message is not delivered at the first attempt, but this is not
1229 expected to be very common, and the extra processing isn't all that much.
1230
123186. Make sure Exim doesn't overrun the buffer if an oversize packet is received
1232 from a nameserver.
1233
123487. Added argument-expanding versions of hash, length, nhash, and substr
1235 expansions.
1236
123788. The API for Berkeley DB changed at release 4.1. Exim now supports this
1238 release.
1239
124089. When a host was looked up using gethostbyname() (or the more recent
1241 getipnodebyname() on IPv6 systems), Exim was not inspecting the error code
1242 on failure. Thus, any failure was treated as "host not found". Exim now
1243 checks for temporary errors, so the behaviour of "byname" and "bydns"
1244 lookups in this respect should be the same. However, on some OS it has been
1245 observed that getipnodebyname() gives HOST_NOT_FOUND for names for which a
1246 DNS lookup gives TRY_AGAIN. See also change 125 below.
1247
124890. Minor rewording of ACL error for attemted header check after RCPT.
1249
125091. When USE_GDBM was set, exim_dbmbuild wasn't working properly (still assumed
1251 NDBM compatibilify interface); similarly in dbmdb lookups when ownership
1252 was being tested.
1253
125492. If a Reply-To: header contained newlines and was used to generate
1255 recipients for an autoreply, the log line for the autoreply "delivery" had
1256 unwanted newlines. Such newlines are now turned into spaces.
1257
125893. When a redirect router that has the "file" option set discovers that the
1259 file does not exist (the ENOENT error), it tries to stat() the parent
1260 directory, as a check against unmounted NFS directories. If the parent
1261 can't be statted, delivery is deferred. However, it seems wrong to do this
1262 check if ignore_enotdir is set, because that option tells Exim to ignore
1263 the error "something on the path is not a directory" (the ENOTDIR error).
1264 In fact, it seems that some operating systems give ENOENT where others give
1265 ENOTDIR, so this is a confusing area.
1266
126794. When the rejectlog was cycled, an existing Exim process was not noticing,
1268 and was therefore not opening a new file.
1269
127095. If expansion of an address_data setting was forced to fail, and debugging
1271 was enabled, a debugging statement tried to print an undefined value
1272 instead of the string that was being expanded. This could cause a crash.
1273
127496. When Berkeley DB version 3 or higher is in use, a callback function is now
1275 set up to log DB error messages that are passed back.
1276
127797. The conditions in the Makefile for rebuilding the exim_dbmbuild utility
1278 were wrong, leading to failures to rebuild when it should have done.
1279
128098. Added -no_chown and -no_symlink options to the exim_install script. Also
1281 arranged for the environment variable INSTALL_ARG to be passed over
1282 from "make install".
1283
128499. Exim sets the IPV6_V6ONLY option on IPv6 listening sockets on operating
1285 systems that support it. The call to setsockopt() to do this had SOL_SOCKET
1286 instead of IPPROTO_IPV6 as its second argument (and so wouldn't work).
1287
1288100. When a frozen message was timed out by timeout_frozen_after, the system
1289 filter was incorrectly being run for the message before it was thrown
1290 away.
1291
1292101. If a filter used $thisaddress in an argument to a pipe command, its value
1293 was not inserted where expected, because the expansion of a pipe command
1294 does not happen till transport time, and $thisaddress was not being saved.
1295 It is now saved (along with $1, $2, etc, which were already being saved),
1296 and reinstated at transport time.
1297
1298102. Added host grouping for randomizing to manualroute and smtp. A host list
1299 that is randomized by manualroute is never re-randomized by smtp. Two
1300 host lists that are randomized by manualroute are now treated as "the
1301 same" when checking for possible multiple deliveries in one SMTP
1302 transaction (this was always true for MX'd host lists).
1303
1304103. Added "randomize" and "no_randomize" options to manualroute.
1305
1306104. Added ${hmac expansion item.
1307
1308105. When compiling with gcc, make use of its facility for checking printf-like
1309 function calls (debug_printf and smtp_printf). This would have found the
1310 problem in 95 above. It actually found a number of missing casts to (int)
1311 in debug lines, and one spurious additional argument.
1312
1313106. Created an ACKNOWLEDGEMENTS file, which I will endeavour to update in
1314 future.
1315
1316107. Minor modification to Makefile: when a command that starts off "cd xxx;"
1317 is followed by another command (on the next line), put the first one in
1318 parentheses so that if a "clever" make program amalgamates them, the
1319 change of directory is turned off when it should be.
1320
1321108. If log_timezone is set true, the timestamps in log files now include the
1322 timezone offset. A new variable $tod_zone contains the offset. The exigrep
1323 utility has been updated to handle timestamps with offsets. The eximstats
1324 version included with this release (1.23) has been patched to handle
1325 timestamps with offsets. There is also a new -utc option that specifies
1326 the timestamps are in UTC. The Exim monitor has been modified so that it
1327 omits the zone offset from its display.
1328
1329109. If the expansion of an errors_to option is forced to fail, the option is
1330 ignored.
1331
1332110. Added $load_average.
1333
1334111. Added router_home_directory generic router option.
1335
1336112. Exim crashed on an attempt to check senders or sender domains in an ACL
1337 other than after RCPT or DATA. It's now a temporary error.
1338
1339113. \r was omitted before \n in the SMTP failure response for EHLO/HELO
1340 argument checking.
1341
1342114. On receiving EHLO or HELO, Exim was resetting its state before checking
1343 the validity of the command. However, RFC 2821 says that the state should
1344 not be changed if an invalid EHLO/HELO is received, so Exim has been
1345 changed to conform. This applies mainly when there is more than one
1346 EHLO/HELO command in a session.
1347
1348115. When an Exim root process wrote to a log file, and the log file did not
1349 already exist, Exim used to create it as root, and then change its
1350 ownership to exim:exim. This could lead to a race condition if several
1351 processes were trying to log things at the same time; this happens
1352 especially when the exiwhat utility is used. I've changed things so that,
1353 if an Exim root process needs to create a log file, it does so in a
1354 subprocess that is running as exim:exim.
1355
1356116. When running filter tests (-bf and -bF) Exim now changes the current
1357 directory to "/" so that any assumptions about a particular current
1358 directory are false.
1359
1360117. The appendfile transport was doing the quota_threshold check before
1361 actually writing the message. However, the act of writing the message
1362 could make it longer by the addition of prefix, suffix, or additional
1363 headers. This meant that quota warning could be missed if the basic length
1364 of a message kept the mailbox below the threshold, but the transport
1365 additions took it over. The warning threshold check is now done after
1366 writing the message, when an accurate size is known.
1367
1368118. If all verifications for verify = header_sender deferred, the log was
1369 "temporarily rejected after DATA", without saying why. Now it adds "all
1370 attempts to verify a sender in a header line deferred".
1371
1372119. Added message_id_header_domain option.
1373
1374120. Ignore message_id_header_text forced expansion failure.
1375
1376121. Typos: "uknown" in acl.c; missing NULL initialized in drtables.c.
1377
1378122. When return_size_limit was set greater than zero but smaller than an Exim
1379 transport buffer size (so that only one buffer would be written), a
1380 message that was longer than the limit could be omitted from the bounce
1381 entirely under some circumstances. In other cases, the final buffer full
1382 before truncation could be omitted.
1383
1384123. The inode variables in log.c were of type int with -1 for unset; they
1385 have been changed to ino_t with 0 for unset.
1386
1387124. There are two Makefiles for NetBSD (for different object formats). They
1388 were originally supplied in a format where one .included the other. The
1389 problem with this has finally surfaced: when processing the Makefile to
1390 build config.h, the inclusion isn't seen. The easy way out has been taken:
1391 there are now two fully independent files. At the same time, HAVE_IPV6 has
1392 been added to both of them.
1393
1394125. Changed the default way of finding an IP address in both the manualroute
1395 and queryprogram routers. Exim now does a DNS lookup; if that yields
1396 HOST_NOT_FOUND, it tries calling getipnodebyname() (or gethostbyname()).
1397 See also change 89 above.
1398
1399126. Fixed a race bug in the loop that waits for a delivery subprocess to
1400 complete. After reading all the data from, and then closing, the pipe, it
1401 assumed that a call to waitpid() for the known pid would always return
1402 status for that process. An unfortunately timed signal (e.g. SIGUSR1 from
1403 exiwhat) could cause waitpid() to return -1/EINTR instead. The effect of
1404 this was to remain in the loop and call FD_SET() with an argument of -1.
1405 On Solaris it caused a crash; on other systems it might have looped.
1406
1407127. If an ACL that was read from a file was used in more than one message in a
1408 single SMTP transaction, Exim could crash or misbehave in arbitrary ways.
1409 The problem was that the ACL was remembered in memory that was thrown away
1410 at the end of the first message. In fixing this, I've done a bit of
1411 refactoring of the way memory allocation works, to provide a non-malloc
1412 allocator for small blocks of data that must be kept for the life of the
1413 process. There's a new function store_get_perm() and I've reintroduced a
1414 second storage pool (previously dropped on the 3->4 conversion). A number
1415 of instances of malloc calls for small amounts of memory have been changed
1416 to use this instead. It might be a tad more efficient. Then again, it
1417 might not...
1418
1419128. A similar problem to 127: memory corruption could occur for multiple
1420 messages in one SMTP connection if the data from DNS black list lookups
1421 was being used in log or user messages, e.g. references to $dnslists_text.
1422
1423129. Blanks lines and comments are now ignored in ACLs that are read from
1424 files.
1425
1426130. Two instances of missing \n in debug output.
1427
1428131. The new debugging tag +timestamp causes a timestamp to be added to each
1429 debug output line.
1430
1431132. Some debug information is written in multiple calls to debug_printf(),
1432 with a newline only on the last one. When debugging multiple simultaneous
1433 processes, the pid was added to each debug text, and for this reason, a
1434 newline was always forced. Now Exim buffers up debug output until the
1435 newline is reached, which makes things look much tidier. Also, if there
1436 are internal newlines and prefix data such as a pid or timestamp are being
1437 added, the prefix is inserted at the internal newlines.
1438
1439133. When running in the test harness, arrange to overwrite all memory that
1440 is released or freed, so that bugs are more easily found. This picked up
1441 the following bug:
1442
1443134. Expansion error messages were left in released store, so could have been
1444 overwritten - but in fact most are used immediately, before this happened.
1445
1446135. A list of configuration files can be given; the first one that exists is
1447 used.
1448
1449136. Moved the code that ensures that newly-created hints databases and their
1450 lockfiles are owned by exim:exim so that it runs before the test for
1451 successful opening, because a case was reported where the file itself was
1452 created, but the DBM library returned an opening error.
1453
1454137. If an address is redirected to just one child address, verification
1455 continues with the child address. However, if verification of the child
1456 failed because of (for example) a :fail: redirection, the error message
1457 did not get passed back as it would have been had the original address
1458 failed. The error information is now passed back for both fail and defer
1459 responses.
1460
1461138. Added $rcpt_defer_count and $rcpt_fail_count.
1462
1463139. Added "rejected_header" log selector.
1464
1465140. Added the cannot_route_message generic router option.
1466
1467141. Change 87 above introduced a bug in the expansion of substrings when the
1468 offset was greater than the length of the string, for example
1469 ${substr_1:}. Exim crashed instead of returning an empty string.
1470
1471142. Added extra features to ACLs: the "drop" and "defer" verbs, and the
1472 "delay" and "control" modifiers (the latter with "freeze" and
1473 "queue_only").
1474
1475143. If Exim failed to create a log file, it used to try to create the superior
1476 directories only if the logs were being written in the spool directory.
1477 Now it tries in all cases, but always from a process running as the exim
1478 user.
1479
1480144. Added $authentication_failed.
1481
1482145. Added $host_data for use in ACLs.
1483
1484146. Added new ACLs for non-SMTP messages, SMTP connection, MAIL, and STARTTLS.
1485
1486147. Added a number of new features to the local_scan() API:
1487 Access to debug_printf() and the local_scan debug selector
1488 Direct access to the message_id variable
1489 LOCAL_SCAN_REJECT_NOLOGHDR and LOCAL_SCAN_TEMPREJECT_NOLOGHDR
1490 Access to store_get_perm() and store_pool (see 127 above)
1491 Access to expand_string_message
1492 Option settings in the main configuration file
1493 LOCAL_SCAN_ACCEPT_FREEZE and LOCAL_SCAN_ACCEPT_QUEUE
1494 LOG_PANIC to write to the panic log
1495 Access to host_checking
1496 Supporting functions lss_match_xxx() for matching lists
1497
1498148. Minor security problem involving pid_file_path (admin user could get root)
1499 has been fixed.
1500
1501149. When an ACL contained a sender_domains condition with a reference to a
1502 named domain list, the result of the check was not being cached (an
1503 oversight).
1504
1505150. Allowed for quoted keys in lsearch lookups; this makes it possible to have
1506 whitespace and colons in keys.
1507
1508151. Added wildlsearch lookup.
1509
1510152. Yet another new set of configuration files for Cygwin from Pierre Humblet.
1511
1512153. Ensure that log_file_path contains at most one instance of %s and one
1513 instance of %D and no other % characters.
1514
1515154. Added $tls_certificate_verified.
1516
1517155. Now that the list of lookup types has got so long (and more are in
1518 prospect) arrange to search it by binary chop instead of linear search.
1519
1520156. Added passwd lookup.
1521
1522157. Added simple arithmetic in expansion strings.
1523
1524158. Added the ability to vary what is appended for partial lookups.
1525
1526159. Made base 64 encode/decode functions available to local_scan.
1527
1528
1529Exim version 4.10
1530-----------------
1531
1532 1. Added HAVE_SA_LEN=YES to the OS/Makefile-Darwin file, because it needs it
1533 (unsurprising, as it's based on FreeBSD).
1534
1535 2. Removed the HTML versions of the PCRE and pcretest documentation from the
1536 distribution tarbundle, and instead included them in the HTML tarbundle,
1537 linked to the overall index file.
1538
1539 3. The code for computing load averages was broken in 64-bit Solaris.
1540
1541 4. Make the default ACL refuse local parts that start with a dot.
1542
1543 5. LDAP binds with an empty password are considered anonymous regardless of
1544 the username and will succeed in most configurations. Exim has been changed
1545 so that the LDAP authentication (the ${if ldapauth... condition) always
1546 fails when an empty password is used.
1547
1548 6. Remove quoting from rbl_domains when used in an ACL by the convert4r4
1549 script.
1550
1551 7. A lookup entry in a list that had spaces after the lookup type, e.g.
1552 "lsearch; /etc/relaydomains" was including the space as part of the file
1553 name.
1554
1555 8. Give an error if EXIM_USER or EXIM_GROUP contains control characters (it
1556 happened when somebody had CRLF terminations in Local/Makefile, which
1557 messed up the "unknown user" error message).
1558
1559 9. Ensure recipient address appears in log line for internal pipe problems
1560 during redirection.
1561
156210. Tidies to code for calls to fork(): (a) 3 typos of "<=" that should have
1563 been "<" (but would have no actual effect). (b) 2 cases of fork() failures
1564 not being logged: during -M for multiple messages, and for auto-delivery
1565 of incoming messages.
1566
156711. A reference to any header line that contains addresses (e.g. $h_to:) caused
1568 a crash if the header was empty. Change 46 for 4.05 introduced this bug.
1569
157012. If a system filter file was defined as a non-absolute path, but system_
1571 filter_user was undefined, Exim's behaviour was undefined. It could, for
1572 example, discard all deliveries, thinking the system filter had overridden
1573 them all. Delivery is now deferred, with a message written to the panic
1574 log.
1575
157613. If a redirection file (or system filter file when system_filter_user was
1577 set) was defined as a non-absolute path containing no slash characters,
1578 Exim crashed.
1579
158014. Added $rcpt_count, containing the number of RCPT commands received during
1581 an SMTP transaction. This differs from $recipients_count when some of the
1582 RCPTs are rejected.
1583
158415. Added $pid, containing the pid of the current process.
1585
158616. Fixed uninitialized variable warning in eximstats for relayed messages when
1587 there was no sending host name (logged as H=[n.n.n.n]). There's no change
1588 of output.
1589
159017. The exiqusumm script failed horribly if it encountered a message that had
1591 been on the queue for 100 days or more.
1592
159318. Added the message_logs option for suppressing the writing of message logs.
1594
159519. Allow local_scan() to change the errors_to setting on recipient addresses.
1596 (This was made trivially possible because of change 10 in 4.03.)
1597
159820. Convert4r4 changed: if forbid_pipe is set on a forwardfile director, also
1599 set forbid_filter_run on the generated redirect router.
1600
160121. In the Makefile, $(INCLUDE) was preceding the -I. item that refers to
1602 Exim's own include files. This caused a conflict with an external library
1603 that also happened to have a config.h file. Exim saw the wrong file, and
1604 chaos ensued. I've moved the -I. item in the relevant lines so that it
1605 comes before $(INCLUDE).
1606
160722. Added $acl_verify_message to contain any existing user message when
1608 expanding the "message" modifier in an ACL.
1609
161023. Changed the default argument for egrep when called in exiwhat to find
1611 Exim processes. It is now ' exim( |$$|-)' instead of ' exim( |$$)' so that
1612 it works on OS where the true file name appears.
1613
161424. In the plaintext authenticator, server_prompts was not being expanded, as
1615 documented. It now is.
1616
161725. The exinext script was outputting in an incorrect format for routing
1618 delays. It said "deliver" when it should have said "route", and the layout
1619 of the text was screwed up. In fact, "deliver" is not the right word
1620 anyway. I've changed it to "transport". Also removed redundant code for
1621 "directing" delays, because these can't occur in Exim 4.
1622
162326. Fixed some problems concerned with retrying address errors in remote
1624 deliveries:
1625
1626 (a) I'd overlooked temporary address errors, and assumed that all the
1627 retry items would be for host errors, and therefore on the first
1628 address when multiple RCPTs were involved. Consequently, no retry
1629 record was written for second and subsequent addresses if they
1630 received a 4xx error. Thus, these addresses wouldn't be delayed
1631 after such a delivery failure.
1632
1633 (b) A temporary address error causes a routing delay; when the address
1634 is eventually tried again, and routing succeeds, the retry record is
1635 flagged for deletion. If the address gets another temporary error,
1636 the retry record got updated, and then deleted. Thus, temporary
1637 address errors were not being delayed and would be tried on every
1638 queue run.
1639
164027. A minor code tidy for the CRAM-MD5 authenticator.
1641
164228. Some OS have a command to select processes by the name of the command they
1643 are running, and send a signal to them. Linux and FreeBSD have "killall";
1644 Solaris has "pkill" (it also has "killall", but that does something
1645 disastrously different). Using such a command makes "exiwhat" more
1646 efficient, and reduces the chances of it trying to signal a non-existent
1647 process. There are now two build-time parameters, EXIWHAT_MULTIKILL_CMD and
1648 EXIWHAT_MULTIKILL_ARG, which can be set to enable this feature to be used.
1649 They are defined in the OS-specific files for Linux, FreeBSD, and Solaris.
1650 See OS/Makefile-Default for more details.
1651
165229. As part of tidying up for 28, changed the name of the build-time parameter
1653 EXIWHAT_KILL_ARG to EXIWHAT_KILL_SIGNAL so that its name makes more sense
1654 when used in both kinds of exiwhat processing.
1655
165630. By default, the daemon doesn't write a pid file if -bd is not used (i.e. if
1657 only -q is used). The -oP didn't override this - it was ignored. It now
1658 overrides the default and causes a pid file to be written.
1659
166031. The values of $local_part, $domain, etc. were not being set during the
1661 expansion of shadow_condition in a local transport.
1662
166332. The convert4r4 script failed when macros that had continuation lines were
1664 present in the Exim 3 configuration file. It inserted junk lines into the
1665 output and gave uninitialized variable errors.
1666
166733. The convert4r4 script discards (with a comment) a setting of "rewrite" on
1668 a smartuser director that has no setting of new_address when it turns it
1669 into an "accept" router.
1670
167134. When an alias generated an address with a single-component domain, and
1672 routing that domain caused it to be widened, Exim remembered only that it
1673 had delivered to the widened domain. If any other addresses were deferred,
1674 so that another delivery attempt happened later, Exim re-delivered to the
1675 widened address, because it checked only the original address. When this
1676 kind of widening happens, Exim now checks for previous delivery.
1677
167835. A delivery was silently discarded under the following specific
1679 circumstances:
1680 . The original address is x@a.b.c, where a.b.c is the local host;
1681 . a.b.c is recognized as a local domain, and the address is redirected
1682 to x@a;
1683 . a is not recognized as a local domain, causing the address to be
1684 processed by a dnslookup router;
1685 . the router widens the address to a.b.c, routes it, and discovers it
1686 is the local host.
1687 Exim realized that because the domain had been widened, it might have
1688 become a local domain, so it arranged to re-route from scratch, using the
1689 new domain. However, because the original address was the same address,
1690 it thought it had already dealt with it.
1691
169236. A space at the start of an LDAP query in an expansion (after the opening
1693 curly) was provoking a syntax error.
1694
169537. A syntax error in the data of an ldapauth expansion caused the condition to
1696 be false without an LDAP query even being tried. Now it causes the
1697 expansion to fail.
1698
169938. Ensure that an incomplete config.h is removed when the buildconfig program
1700 gives an error. Otherwise, if the error is a non-existent Exim user, and
1701 the admin fixes this by creating the user (and not modifying any files),
1702 Exim will try to use the broken config.h next time.
1703
170439. A call with an argument of the form "-D=xxxx" (i.e. omitting the macro
1705 name) caused Exim to loop. It now reports an error.
1706
170740. If an ACL tested an address for being in a named domain list (e.g.
1708 +relay_domains) and then called for recipient verification, and the
1709 recipient was rewritten, the cache for remembering matching domain lists
1710 was not being cleared after the rewrite, leading to potential routing (and
1711 therefore verification) errors. Furthermore, the rewritten address would
1712 (incorrectly) have been used for any subsequent address checking within
1713 the ACL.
1714
171541. If an address such as a%b@c was processed using the "percent hack" and then
1716 transmitted over SMTP, Exim was sending "RCPT TO:<a%b@c>" instead of
1717 "RCPT TO:<a@b>".
1718
171942. A revised Makefile-CYGWIN file from Pierre Humblet.
1720
172143. If local_scan() rejected a -bS message, it wasn't handling the error in the
1722 way -bS errors should be handled.
1723
1724
1725Exim version 4.05
1726-----------------
1727
1728 1. In the log display in Eximon, put the insert point (caret) at the start of
1729 the last line instead of at the end, because this stops unwanted horizontal
1730 scrolling when certain X libraries are used.
1731
1732 2. A malformed spool file with an incorrect number of recipients (which
1733 should never occur, of course) could cause eximon (and probably exim) to
1734 crash.
1735
1736 3. Updated Cygwin Makefile and os.h (minor tweaks).
1737
1738 4. Setting allow_domain_literals=true was not allowing domain literal
1739 addresses in the -f command line option.
1740
1741 5. Added debugging output for removing and adding header lines at transport
1742 time.
1743
1744 6. On systems where SA_NOCLDWAIT is defined, changed from using signal(
1745 SIGCHLD, SIG_DFL) to using sigaction(), with flags explicitly set zero, to
1746 ensure that SA_NOCLDWAIT is definitely off. This fixes a bug in AIX where
1747 subprocesses were disappearing without being turned into zombies for Exim
1748 to reap. There was a previous report of the error "remote delivery process
1749 count got out of step" on a Linux box that was never resolved. It is
1750 possible that this change fixes that too.
1751
1752 7. Other applications that support IPv6 have been coded to choose IPv6
1753 addresses in preference to IPv4 addresses where possible. This is
1754 encouraged, in order to speed up the use of IPv6. Exim has now been changed
1755 to do likewise when it looks up IP addresses from host names. This applies
1756 both to hosts that have more than one IP address, and to MX records with
1757 equal preference values when the hosts they point to have both IPv4 and
1758 IPv6 addresses. Within one preference value, Exim will try all the IPv6
1759 addresses before any IPv4 addresses, even when some of the IPv4 addresses
1760 belong to hosts that also have IPv6 addresses.
1761
1762 8. When Exim sent HELO after EHLO was rejected, or when it sent a second EHLO
1763 after starting a TLS session, it used the primary host name as the
1764 argument, instead of the expansion of the helo_data option.
1765
1766 9. Exim was failing to batch addresses for local delivery when errors_to was
1767 set on the router to the same string for each address, in the case when the
1768 string involved some kind of expansion (that ended up with the same value
1769 each time). If the string was fixed (i.e. no expansion) the batching was
1770 not blocked. In other words, I was testing the addresses of the strings but
1771 forgetting to compare the content. The same problem was not present for
1772 remote deliveries, but the code was written out instead of using a
1773 subroutine that now exists for this purpose, so I tidied that code.
1774
177510. When Exim passes a connected TCP/IP socket to a new Exim process in order
1776 to deliver another message on the same connection, it closes down TLS,
1777 because it can't pass on the state information that is required by the
1778 OpenSSL package. The new process then tries to start up TLS again.
1779 Unfortunately, not all servers handle this - and, it has to be said, it is
1780 a bit of a dubious interpretation of the RFC. (Exim as a server copes OK,
1781 needless to say.) The problem is that the server may just die or give an
1782 invalid response, causing a retry delay to occur. The option
1783 hosts_nopass_tls was invented to help with this, but an automatic way of
1784 testing has been invented. What now happens is that Exim sends a new EHLO
1785 after shutting down TLS, before passing the socket on. This in itself
1786 reduces the dubiousness of the procedure. If there isn't an OK response,
1787 Exim doesn't try to pass the socket on.
1788
178911. There was inconsistency in the way failures to set up TLS sessions in the
1790 smtp transport were handled when the host was not in hosts_require_tls.
1791 It deferred for 4xx responses to STARTTLS, but tried in clear if the actual
1792 TLS negotiation failed. It now does the same thing in both cases, and what
1793 this is can be controlled by the new option tls_tempfail_tryclear. This
1794 defaults true, causing a retry in clear to occur. If it is set false, these
1795 kinds of temporary failure cause a defer (for that host; if there are
1796 other hosts, they are tried).
1797
179812. Tidying. When starting up a new delivery process to deliver another message
1799 over an existing SMTP connection, pass over the IP address as well as the
1800 host name. This saves having to get the IP address from the socket.
1801
180213. Added "#define base_62 36" to OS/os.h-Darwin because the MacOS X operating
1803 system has case-insensitive file names.
1804
180514. Tidies to rewriting code: (1) It was getting an unnecessarily large block
1806 of memory for a rewritten header. (2) Removed some unnecessary debugging
1807 code that just duplicated log output.
1808
180915. In an expansion like "${if <condition> {${mask:xxxx}}{yyyy}}" Exim still
1810 tried to perform the masking operation even when the condition was false
1811 and the yield was "yyyy". This could fail when "xxxx" wasn't a valid string
1812 for the masking operation. Some other operators (e.g. base62) could fail in
1813 a similar way. All string operations are now skipped when processing the
1814 unused substring of a condition.
1815
181616. If a verification of a sender address in a header (caused by verify =
1817 header_sender in an ACL) caused the address in the header to be rewritten
1818 (typically because a DNS lookup had widened the domain), the newline at the
1819 end of the header got lost, thereby causing two headers to be run together.
1820 Sometimes, but not always, this caused a "spool format error".
1821
182217. A user wanted to use "save" in a filter file with a non-absolute path, and
1823 to set file_transport to a non-appendfile transport that made use of
1824 $address_file for its own purposes. This didn't work because Exim was
1825 distinguishing between file and autoreplies by the leading '/' of the
1826 former. It now checks for the leading '>' of the latter instead.
1827
182818. The "accept" router was forcing log_as_local instead of just defaulting it.
1829
183019. Exim crashed while verifying a recipient in an ACL if the address was
1831 verified by a dnslookup router that widened the domain.
1832
183320. When checking the parameters returned from an ident call, Exim was assuming
1834 that the format would be textually identical to the values it sent,
1835 including the white space. This is not always the case, causing Exim to
1836 discard returned ident data that it should have been accepting.
1837
183821. Typo (space missing) in "failed to expand condition" error message.
1839
184022. The option of specifying an individual transport in a route_data or
1841 route_list option of the manualroute router wasn't working. Such settings
1842 were being completely ignored.
1843
184423. The memory management was poor when building up a string from a lookup that
1845 retrieved a large number of data items that had to be concatenated, for
1846 example, an alias lookup in a database that returned thousands of
1847 addresses. In extreme cases, this could grind the host to a halt. (Compare
1848 change 8 for 4.00, which was a similar effect.) Two changes have been made
1849 to improve matters: (a) For longer strings, it extends them in bigger
1850 chunks, thus requiring fewer extensions. (b) It is now able to release some
1851 unwanted memory when a string is copied out of it into a larger block.
1852
185324. There was a small error in the memory sizes quoted when -d+memory was used
1854 and emptied memory blocks were released.
1855
185625. When helo[_try]_verify was set, Exim crashed if the reverse DNS lookup gave
1857 a temporary error when trying to look up the host name. It now tries to
1858 check with a forward DNS lookup (as it does when the reverse lookup can't
1859 find a name). For helo_verify, a temporary error is now given if
1860 verification failed, but the host name lookup gave a temporary error. (As
1861 before, a permanent error is given if there is no host name available.)
1862
186326. When checking quotes for maildir++ format, if the directory name was given
1864 with a trailing slash in the "directory" option of the appendfile
1865 transport, Exim got the quota calculation wrong because it scanned the
1866 final directory instead of the parent directory.
1867
186827. The "quota_xxx" error facility for retry rules was broken in Exim 4 if
1869 the mailbox had not been read for more than approximately 10 hours.
1870
187128. If a router with "unseen" had a setting of address_data, the value was not
1872 passed on to subsequent routers for the continuing processing of the
1873 address. It now is.
1874
187529. If a daemon was started with (e.g.) -qff15m, it omitted the second 'f' when
1876 starting queue runners. Likewise, if the flags included 'i', this was
1877 omitted.
1878
187930. Some operating systems log warnings if exec() happens without the standard
1880 input, output, and error file descriptors existing. The worry is that the
1881 called program will open some file which will be allocated one of these
1882 fds. Another bit of code might assume it can write an error message to
1883 stderr, or whatever. Exim was calling itself to regain privilege for
1884 delivery without these fds set, thus provoking the warning. Of course, it
1885 didn't make use of them itself, but the exposure was there for libraries it
1886 might be using. The code has been changed to ensure that, if any of the
1887 file descriptors 0, 1, or 2 does not exist at the time of a call to exec(),
1888 they are opened to /dev/null.
1889
189031. A delivery process could loop under the unusual combination of the
1891 following circumstances:
1892 (1) A delivery process had envelope_to_add set for its transport.
1893 (2) The delivery was for a child address of an envelope address that
1894 also had another child.
1895 (3) This other child had been discarded because it was a duplicate of a
1896 second envelope address.
1897 (4) The second envelope address had generated a child that was discarded
1898 because it was a duplicate of the first envelope address.
1899
190032. The -bp option was failing to notice delivered addresses that were in the
1901 -J file but had not yet made it into the -H file. (This got broken between
1902 Exim 3 and Exim 4.)
1903
190433. If "query" or "queries" in aliasfile director, or "route_query" or
1905 "route_queries" in a domainlist router were enclosed in quotes, the
1906 convert4r4 script was not removing the quotes before inserting the query
1907 into an expansion string, leading to invalid queries within the string.
1908
190934. If more than two addresses were being delivered in a batch (either local or
1910 remote deliveries), and they all had the same, non-empty value for
1911 $self_hostname, but had different domains, Exim crashed. (This is rare,
1912 because the use of "self=pass", which is the only way $self_hostname gets
1913 set, is rare.)
1914
191535. If $message_headers was used in a context where there were no headers (e.g.
1916 while verifying an address before receiving a message), it caused an
1917 "unknown variable" error. Now it just returns an empty string.
1918
191936. Exim was not diagnosing missing time units letters in times on retry
1920 rules. It was treating such malformed times as "-1", which caused the rules
1921 to misbehave.
1922
192337. Added some debugging output to the CRAM-MD5 server code.
1924
192538. In the appendfile transport, check for a file name supplied by redirection
1926 by checking for "not pipe and not autoreply" instead of looking for a
1927 leading '/' in the "address".
1928
192939. The os.h file for Darwin defined CRYPT_H, which apparently is wrong.
1930
193140. The "condition" condition in ACLs has been tightened up. Formerly, anything
1932 other than an empty string, "0", "no" or "false" was treated as "true". Now
1933 it insists on "yes", "true", or a non-zero number.
1934
193541. Change 22 of 4.02 has been improved; somebody mailed me the correct code
1936 to get an error message when ldap_result() doesn't set a result.
1937
193842. Update convert4r4 to recognize "ldap:" in require_files, and double the
1939 colon.
1940
194143. Added "protocol violation" to the "SMTP synchronization" error message, to
1942 make it clearer what it is complaining about.
1943
194444. Change 26 of 4.03 was incomplete. The same problem could arise if a lookup
1945 failed while checking the pre-conditions of a router that was subsequently
1946 run. This can happen for negated conditions such as "domains = !<lookup>".
1947
194845. Somebody managed to set up a configuration that crashed buildconfig such
1949 that it left a half-built config.h but did not stop the build process. I
1950 can't reproduce it, but I have added a check after building config.h to
1951 test for the presence of its last line ("/* End of config.h */").
1952
195346. Added a .PHONY target to the Makefile to be tidy for GNU make. (It should
1954 be ignored by other versions).
1955
195645. When Exim uses Berkeley DB version 3 or 4 to create a DBM file, it creates
1957 it in hashed format. Previously, it opened these files for reading in the
1958 same format. Now it opens them as "unknown", which means that other formats
1959 can be accommodated when using DB files for auxiliary data.
1960
196146. When concatenating header lines that may contain lists of addresses (From:,
1962 To:, etc.) as a result of references to $h_from: etc., a comma is now
1963 inserted at the concatenation point. Without it, the use of "if
1964 foranyaddress" fails on such headers, which is dangerous.
1965
196647. The code for ratelimiting MAIL commands was triggering on the count of
1967 messages received, instead of the number of MAIL commands (which is not the
1968 same thing if no message is accepted in a transaction). The smtp_accept_
1969 max_per_connection limit has also been changed to use the count of MAIL
1970 commands instead of the count of messages accepted.
1971
197248. There was a typo in the exiwhat script which broke it if the esoteric
1973 CONFIGURE_FILE_USE_NODE option was in use.
1974
1975
1976Exim version 4.04
1977-----------------
1978
1979 1. Fix 10 for 4.03 had a bug in it, which could cause problems when converting
1980 from an earlier 4.xx release with delayed "one_time" messages on the spool.
1981 4.03 incorrectly complains about spool format errors (and refuses to
1982 process these messages).
1983
1984 2. Changed the status of the text widgets in the monitor from Append to Edit,
1985 because this matters on some versions of X.
1986
1987 3. Change 22 for 4.03 turns out to be misguided. Luckily it is controlled by
1988 a compile-time macro. I have removed the settings from OS/os.h-Linux that
1989 made it try to use these functions.
1990
1991
1992Exim version 4.03
1993-----------------
1994
1995 1. Change 12 for 4.02 overlooked one case where 256 should have been replaced
1996 by MAX_LOCALHOST_NUMBER.
1997
1998 2. Timeouts (etc) in dnslist lookups were not behaving as documented; they
1999 were deferring (causing 4xx errors) instead of behaving as if the host was
2000 not in the list. This has been fixed. In addition, some new special items
2001 may appear in dns lists, to control what happens in this case. The items
2002 are +include_unknown, +exclude_unknown, and +defer_unknown.
2003
2004 3. Added #include <unix.h> to OS/os.h-QNX because it was reported that this
2005 was needed, in order to get O_NDELAY.
2006
2007 4. Added #define BASE_62 36 to OS/os.h-Cygwin.
2008
2009 5. Change 8 for 4.02 overlooked the fact that "directory" need not be set if
2010 the directory name is coming from a filter or forwarding file. The check
2011 has now been moved from initialization time to run time. Thus, it happens
2012 later, but it still helps to diagnose the problem.
2013
2014 6. The file direct.c had been accidentally left in the distribution.
2015
2016 7. When a new process was forked to deliver another message down an existing
2017 SMTP connection, a pipe file descriptor was accidentally left open. This
2018 meant that if there was a long chain of such processes, the number of open
2019 file descriptors increased by one for each process, and if there were
2020 sufficent, the limit of open descriptors could be reached, causing various
2021 problems.
2022
2023 8. When an address was being checked with -bt and the routing involved an
2024 errors_to setting whose address verification also involved an errors_to
2025 setting, Exim got into a verifying loop. It shouldn't verify an errors_to
2026 setting when already verifying, but got this wrong if it started from -bt.
2027
2028 9. Tidied up some compiler warnings when compiling with TCP wrappers.
2029
203010. When a child address was promoted to a toplevel address by "one_time" after
2031 a deferred delivery, it was not remembering any "errors_to" address that
2032 was set by the routers that processed the original address. Consequently,
2033 the subsequent delivery had (incorrectly) the original sender address in
2034 the envelope. Exim now remembers the "errors_to" address with the new
2035 toplevel address and reinstates it for the next delivery.
2036
203711. When Exim received a message other than from the daemon, there were two
2038 situations in which it did not re-exec itself for delivery: when it was
2039 running as root, or when it was running in an unprivileged mode. This was
2040 an attempt to save some resources (very early Exims ran as root more often)
2041 but has turned out to be pretty rare. A bug has been discovered in this
2042 case: if the incoming message was on a TLS session (from inetd, for
2043 example), but the outgoing delivery was on an unencrypted SMTP connection,
2044 Exim got confused. The effect was minimal: it sent two EHLO commands, but
2045 otherwise worked. Multiple EHLOs are not an error, according to the RFCs,
2046 but there was at least one broken MTA that objected. This error would have
2047 occurred only when synchronous delivery (-odi or -odf) was specified.
2048
2049 While sorting this out, I have abandoned the logic that did a delivery
2050 without forking in the interests of simplicity. This was an even rarer
2051 case: it only happened when Exim was running as root or in an unprivileged
2052 mode AND synchronous delivery was specified.
2053
205412. Change references to /bin/rm in the Makefile to plain rm.
2055
205613. If EXIM_PERL was set in Local/Makefile, but PERL_COMMAND was set to a
2057 command that was not a file, or if it was set to a non-existent file,
2058 the build process carried on trying to build Perl support, but without the
2059 relevant variables for the Perl libraries, etc., which is disastrous. In
2060 fact, the build process shouldn't have been using PERL_COMMAND; that is a
2061 value for screwing into utility scripts. The build process assumes a
2062 suitable PATH for things like rm, mv, etc., which have xxx_COMMAND
2063 variables for scripts. So I've changed it to use just "perl". It now bombs
2064 out if "perl --version" doesn't produce some output.
2065
206614. Changed the #includes in perl.c for the Perl headers to use <> instead of
2067 "" because this is apparently better usage.
2068
206915. Added local_scan_timeout to apply a timeout to local_scan().
2070
207116. Recognize IPv6 addresses as IP addresses, even when Exim is not compiled
2072 with IPv6 support.
2073
207417. When verifying a HELO/EHLO name, Exim was not checking the alias host names
2075 it obtained from calling gethostbyaddr(). In many cases, this didn't cause
2076 any unwanted rejections because as a last resort Exim does a forward lookup
2077 on the HELO name to see if any of its IP addresses matches. But it fixing
2078 the bug saves the unnecessary additional lookup.
2079
208018. Added "domains = ! +local_domains" to the commented-out ipliteral router in
2081 the default configuration.
2082
208319. Default sender_host_aliases to an empty alias list, instead of NULL. This
2084 is just for tidiness; the way it was coded, it didn't cause any problems.
2085
208620. Added -tls-on-connect, which starts a TLS session without waiting for
2087 STARTTLS. This supports older clients that used a different port.
2088
208921. Added support for the Cyrus pwcheck daemon.
2090
209122. Arranged to use getipnodebyaddr() instead of gethostbyaddr() in systems
2092 with IPv6 support that have this function, because gethostbyaddr() doesn't
2093 work for IPv6 addresses on all systems (it does on some).
2094
209523. Header lines added by "warn" statements in the ACL for RCPT are saved up to
2096 be added after the message's header has been received. Previously, Exim was
2097 saving up all added headers, from both RCPT and DATA, until the very end.
2098 Now it adds those from RCPT before the DATA ACL is obeyed, so that they can
2099 be accessed from within the DATA ACL.
2100
210124. Changed TLS initialization to use SSL_CTX_use_certificate_chain_file()
2102 instead of SSL_CTX_use_certificate_file(). This means that the file can
2103 contain the whole chain of certificates that authenticate the server.
2104
210525. Updated convert4r4 to check for colons that look as if they are part of
2106 expansion items in require_files lists (e.g. ${lc:xxxx}). In Exim 3, the
2107 whole list was expanded before splitting up, but in Exim 4, the splitting
2108 happens first, so such colons must be doubled. The conversion script now
2109 doubles such colons, and outputs a warning message. The test for one of
2110 these colons is a match against "\$\{\w+:".
2111
211226. If, while verifying a recipient address, a router was skipped because a
2113 lookup did not succeed, and the following router suffered a temporary
2114 failure (e.g. a timeout), the log line for the temporary rejection showed
2115 the error from the first router instead of from the second.
2116
211727. Exim crashed if a dnslists test was obeyed in an ACL for an SMTP message
2118 from the local host. Now it just fails to match the list.
2119
2120
2121Exim version 4.02
2122-----------------
2123
2124 1. Bug in string expansion: if a "fail" substring of a conditional contained
2125 another conditional that used the "fail" facility, Exim didn't swallow the
2126 right number of closing parentheses in the case when the original condition
2127 succeeded (i.e. when the condition containing the "fail" should be
2128 skipped).
2129
2130 2. helo_verify_hosts wasn't working when comparing host names.
2131
2132 3. When delivering down an existing SMTP connection, the error "Unexpectedly
2133 no free subprocess slot" was sometimes given for other addresses in the
2134 message.
2135
2136 4. Binary zeroes in the message body are now turned into spaces in the
2137 contents of $message_body and $message_body_end.
2138
2139 5. If the value of a field in a MySQL result was SQL NULL, and more than one
2140 field was selected, Exim crashed.
2141
2142 6. It seems that many OS treat 0.0.0.0 as meaning the local host, typically
2143 making it behave like 127.0.0.1. Since there have been incidents where this
2144 was found in the DNS, two changes have been made:
2145 (a) Added 0.0.0.0 to the ignore_target_hosts setting in the default
2146 configuration.
2147 (b) Unconditionally recognize 0.0.0.0 as the local host while routing.
2148
2149 7. Added helo_allow_chars so people can let in underscores if they really
2150 have to. Sigh.
2151
2152 8. Give configuration error if "maildir_format" or "mailstore_format" is
2153 specified for appendfile without specifying "directory".
2154
2155 9. When return_path was expanded in an smtp transport, the values of
2156 $local_part and $domain were not set up.
2157
215810. The optimization for sending multiple copies of a single message over one
2159 SMTP connection when there are lots of recipients (but too many for one
2160 copy of the message) was messing up in the case when max_rcpt was set to 1
2161 (for VERP). It would send lots of copies with one RCPT each, correctly, but
2162 because the transport was passed more than one address, $local_part and
2163 $domain weren't set. Since setting max_rcpt to 1 is almost always
2164 associated with VERP (or at least, you do it because you want to use
2165 $domain or $local_part), I've made that a special case where the
2166 optimization is disabled.
2167
216811. Cygwin has case-insensitive file names. Therefore, we can't use base 62
2169 numbers for Exim's identifiers. We have to use base 36 instead. Luckily 6
2170 base 36 digits are still plenty enough to hold the time for some years to
2171 come. There's now a macro that is set either to 62 or 36, but the names and
2172 documentation still talk about "base 62".
2173
217412. Added build-time variable MAX_LOCALHOST_NUMBER (default 256) to allow the
2175 localhost number to be traded off against the maximum number of messages
2176 one process can receive in one second. This is relevant only when
2177 localhost_number is set. It may be useful for Cygwin, where the maximum
2178 sequence number is much less when up to 256 hosts are allowed.
2179
218013. Extended MySQL server data to allow for the specification of an alternate
2181 Unix domain socket.
2182
218314. Give error if too many slashes in mysql_servers or pgsql_servers item.
2184
218515. Changed the wording "debug string overflowed buffer" to "debug string too
2186 long - truncated" to make it clearer that it's not a big disaster.
2187
218816. Now that I finally understand the difference between the resolver's returns
2189 HOST_NOT_FOUND and NO_DATA, I've optimized Exim's DNS lookup so that if an
2190 MX lookup gets HOST_NOT_FOUND, it doesn't bother to try to look up an
2191 address record. Only if it gets NO_DATA does it do that.
2192
219317. The contents of Envelope-To: were not correct in cases when more than one
2194 envelope address was redirected to a single delivery address via an
2195 intermediate address, because the duplication was detected at the
2196 intermediate stage, but the checking for Envelope-To: only looked at
2197 duplicates of the final address.
2198
219918. If a message with the -N flag was on the spool, and was selected during a
2200 queue run by -R or -S, the -N flag was incorrectly passed on to all
2201 subsequent messages, leading to their being thrown away.
2202
220319. Remove unnecessary check for the local host when looking up host names in
2204 host lists.
2205
220620. If tls_certificate is supplied, but tls_privatekey is not, assume that both
2207 are in the tls_certificate file.
2208
220921. If a router set transport_current_directory or transport_home_directory
2210 to something that involved an LDAP lookup, and there was more than one
2211 local delivery to be done for a single message, all but the first got
2212 deferred because the LDAP connection for those variables got opened in the
2213 superior process, but closed in the first subprocess. The second subprocess
2214 then assumed it was still open. We now ensure that each subprocess starts
2215 with a clean slate (everything closed down) so that it can open and close
2216 its own connections as needed.
2217
221822. After a failure of ldap_result(), Exim was calling ldap_result2error() in
2219 order to get an error message. However, it appears that it shouldn't do
2220 this if the value of result variable is NULL. As I can't find any way of
2221 getting an error message out of LDAP in this circumstance, Exim now just
2222 gives says "ldap_result failed and result is NULL".
2223
222423. If a message arrives over a TLS connection via inetd, close down the SSL
2225 library in the subprocess for message delivery (but don't molest the
2226 parent's SSL connection).
2227
2228
2229Exim version 4.01
2230-----------------
2231
2232 1. When setting TCP_NODELAY, the call to setsockopt() was using SOL_SOCKET
2233 instead of IPPROTO_TCP, which caused excessive logging on some systems.
2234
2235 2. Changed the Makefile for Cygwin to set EXIM_USER and EXIM_GROUP to 0.
2236
2237 3. The SMTP rewriting facility was broken.
2238
2239 4. There was some malformatting in the spec.txt file (the other formats were
2240 OK).
2241
2242 5. Made convert4r4 change "bydns_a" into "bydns" in route_list options, and
2243 to do the same for "bydns_mx", but in this case to comment that it won't
2244 work the same (and to suggest a workaround).
2245
2246 6. Removed redundant code in deliver.c for indicating when a reused SMTP
2247 connection had been closed in a subprocess - this was being done twice.
2248
2249 7. Change 2 of 3.164 removed Exim's explicit checking that a reverse DNS
2250 lookup yielded a name whose forwarded lookup gave the original IP address,
2251 because I thought that gethostbyaddr() did this automatically (it seems to
2252 on some systems). There is hard evidence that I was wrong, so this test has
2253 been put back, and in a better form, because it now checks alias names.
2254 This means that the verify=reverse_host_lookup condition in an ACL reduces
2255 to requiring that the host name has been looked up, since the checks it
2256 previously did are not always applied.
2257
2258 8. When sender verification fails, the error associated with it is given by
2259 default before the 550 error for the first RCPT command. Not everybody
2260 wants to see this. There is now an option (no_details) that suppresses it.
2261
2262 9. The patterns in rewriting rules with the 'S' flag were not being expanded.
2263 For consistency with other patterns (and the documentation), this has been
2264 changed.
2265
226610. "domainlist", "hostlist", and "addresslist" weren't recognized if the
2267 immediately following character was a tab rather than a space.
2268
226911. The rules for writing daemon pid files have changed. A new option -oP has
2270 been added to provide a way of specifying a pid file path on the command
2271 line. Exim now writes a pid file when -bd is used, unless -oX is specified
2272 without -oP.
2273
227412. The version number of OpenSSL was included in the response to the STARTTLS
2275 command - a legacy from the original contributed code that doesn't seem
2276 sensible. It no longer appears, and I took it out of the debug output as
2277 well because that was the only place left, and the code to compute it was
2278 "mysterious magic" that didn't seem worth keeping.
2279
228013. When another message was processed in order to send it down an existing
2281 SMTP connection, Exim was doing the routing for all the addresses. Even if
2282 called from a delivery from a queue runner, this doesn't count as "in a
2283 queue run", so retry times were not being inspected. If the message had a
2284 large number of recipients, and several of them timed out while routing,
2285 the delay could be so large that the server at the other end of the SMTP
2286 connection would time out. To avoid this happening, Exim now skips routing
2287 for any addresses that have a domain retry time set for routing, whether or
2288 not that retry time has arrived, when dealing with a pre-existing SMTP
2289 connection. This will be "right" pretty well all of the time, and even
2290 when it is "wrong", the only consequence will be some delay. (This doesn't
2291 apply to "address" retry times, because those are usually the result of 4xx
2292 errors, not timeouts.)
2293
229414. Added words to the initial output from -bh pointing out that no ident
2295 callback is done.
2296
229715. The convert4r4 script wasn't getting it quite right with an aliasfile
2298 director that had a "transport" setting. It was missing the "yes/no" in the
2299 "condition" setting.
2300
2301
2302Exim version 4.00
2303-----------------
2304
2305 1. Changed the name of debug_print for authenticators (3.953/38) to
2306 server_debug_print because it applies only when the authenticator is
2307 running as a server.
2308
2309 2. Forgot to change DB_ to EXIMDB_ in the Cygwin Makefile.
2310
2311 3. There were still a couple of uses of vfork() when passing a socket to a
2312 new delivery process. The use of vfork() is not recommended these days,
2313 so I changed them to fork().
2314
2315 4. Added the spa authentication mechanism, using the code contributed by Marc
2316 Prud'hommeaux (and mostly taken from the Samba project). This supports
2317 Microsoft's "Secure Password Authentication", but only as a client.
2318
2319 5. queryprogram had current_directory unset, but used "/" when it was unset.
2320 It is tidier just to make the default "/" and have done with it.
2321
2322 6. When a delivery is run with -v, the -v flag is no longer passed on to new
2323 processes that are started in order to send other messages on existing
2324 SMTP connections. This prevents non-admin users from seeing these other
2325 deliveries. Admin users can specify a higher level of debugging, and when
2326 this is done, the debugging selection is passed on.
2327
2328 7. Increased the increment for dynamic strings from 50 to 100.
2329
2330 8. When Exim was building a dynamic string for $header_xxx from a number of
2331 headers of the same name, or for $message_headers, it was using the dynamic
2332 string function which is designed for use with relatively short strings. If
2333 a pathological message had an enormous header, it chewed up memory at a
2334 ridiculous rate. The code has been rewritten so that it does not do this.
2335 With a 64K header string (there's a limit set at 64K) it now just gets one
2336 64K buffer. Previously it used a large number of megabytes to build such a
2337 string, and some system filter processing ran machines into the ground on
2338 messages with huge headers.
2339
2340 9. The work for 8 involved a small amount of other "refactoring" in the
2341 expansion functions.
2342
234310. If "headers add" or "headers remove" were used in a system filter, the
2344 headers didn't actually get changed when testing with -bF. This could
2345 affect later commands in the filter that referred to the headers.
2346
234711. Two system filter bugs: (a) The system filter was always being run as root,
2348 even if system_filter_user was set. (b) When the system filter was not run
2349 as root, changes to the header lines by "headers add" or "headers remove"
2350 were being lost. Because of (a), (b) would never have bitten.
2351
235212. Some "refactoring" in the daemon:
2353 (a) Removed redundant statement smtp_in=NULL.
2354 (b) The test for fork failure for a delivery process was not quite in the
2355 right place.
2356 (c) Added main and panic logging for receive and delivery fork failures.
2357 (d) Check for fdopen() failure, and don't try to continue, but ensure
2358 the sockets get closed.
2359 (e) Log fclose() failures.
2360
236113. Added the "/data" facility to ACL dnslists so as to make it easy to use,
2362 for example, the domain lookup of rfc-ignorant.org.
2363
236414. Refactored the code in the daemon to use a vector of structures instead of
2365 two separate vectors for storing the pid of a spawned accepting process and
2366 the corresponding IP address of the client. (This is to make it easier to
2367 add other things.)
2368
236915. If EXIM_USER or EXIM_GROUP were set to the empty string in Local/Makefile,
2370 the uid or gid were set to zero, which is unsafe. These settings now cause
2371 an error message at build time.
2372
237316. check_ancestor was doing its check case-sensitively, which meant that it
2374 did not work with some configurations when redirecting changed the case of
2375 the local part. Now check_ancestor respects the setting of
2376 caseful_local_part on the router which routed the ancestor address.
2377
237817. The check for router looping (whether the current router had previously
2379 routed the same address) was always being done case-insensitively. It
2380 should do the local part check case-sensitively when caseful_local_part is
2381 set for that router.
2382
238318. Added helo_try_verify_hosts, which is like helo_verify_hosts except that
2384 it doesn't reject failing HELO/EHLO. Instead the verification state can be
2385 testing in an ACL by verify=helo.
2386
238719. When echoing log writes from a parallel remote delivery process to the
2388 debug output, the pid of the parallel process was being omitted.
2389
239020. In an ACL run for a RCPT command, the values of $domain and $local_part
2391 were becoming unset after a sender or recipient verification.
2392
239321. Exim crashed if called with -C followed by a ridiculously long string.
2394
239522. Some other potential points of trouble caused by pathological input data
2396 have been defended.
2397
239823. If hosts_randomize was set on an smtp transport, the randomizing code had
2399 a bug which could put the delivery process into a tight loop.
2400
2401
2402
2403Exim version 3.953
2404------------------
2405
2406 1. Exim was not terminating the names of named lists in memory. It got away
2407 with this on systems where newly malloc()d store is zeroed (always a bad
2408 practice). When running in its test harness, Exim now ensures that all
2409 new memory from malloc is filled with a non-zero value. This will help
2410 pick up bugs like this in future. (I haven't made it do it always, for
2411 performance reasons.)
2412
2413 2. When skip_syntax_errors was set on a redirect router, and a forward file
2414 (NOT a filter file) contained only invalid addresses, the message was
2415 discarded. The router now declines, as it does for invalid filter files.
2416 Thus, the address is passed on unless no_more is set.
2417
2418 3. When an address containing upper case letters in the local part was
2419 deferred, eximon showed the lowercased version with the caseful version
2420 as a "parent", as well as the original caseful version in its queue list.
2421
2422 4. When hide_child_in_errmsg was set on a redirect router, bounce messages
2423 still showed the failed addresses in the X-Failed-Recipients: header line.
2424
2425 5. Change 6 for 3.952 should also have included SIGTERM.
2426
2427 6. exim -bP +something was searching only the domain lists. It now searches
2428 all lists for a matching name.
2429
2430 7. If Local/Makefile contains more than one of USE_DB, USE_GDBM, or USE_TDB,
2431 give a build-time error. When it does contain one of them, arrange for any
2432 OS default for any other one to be overridden. (The code expects at most
2433 one of these to be defined.)
2434
2435 8. When a value for transport_home_directory is taken from the password
2436 information, wrap it in \N...\N so that it isn't expanded in the transport.
2437 This affects Cygwin, where home directories may contain $ characters.
2438
2439 9. Fixed an occasional crash when autoreply was sending a message created by
2440 a user's filter file. It was referencing uninitialized memory. (The
2441 prophylactic mentioned in 1 above made it a hard error.)
2442
244310. The "run" and "readfile" expansion items could sometimes return extra junk
2444 characters (yet another uninitialized memory bug).
2445
244611. The lockout options forbid_filter_existstest etc. were not propagating to
2447 the expansion of files sent as part of "mail" messages from users' filter
2448 files.
2449
245012. Another unterminated string bug: when an ACL was read from a file
2451 dynamically it wasn't properly terminated.
2452
245313. Cached pgsql connections weren't being re-used, leading to a potential
2454 build-up of open connections.
2455
245614. $message_headers is supposed to be limited to 64K in length, but it wasn't
2457 so limited if an individual header line was longer than 64K.
2458
245915. An individual header line, or concatenation of multiple identically-
2460 named header lines, inserted by $h_xxxx is supposed to be limited to 64K in
2461 length, but it wasn't so limited if the only header line was longer than
2462 64K.
2463
246416. A syntactically incorrect setting of -d... is now treated as a command line
2465 syntax error (message to stderr, return code 1), without any entry on the
2466 log.
2467
246817. Modifications to the exim_install script:
2469 (a) Scan the combined Makefile in the build directory instead of messing
2470 around scanning its individual constituent files.
2471 (b) Use sed instead of a pipe of grep, tail and cuts. This allows better
2472 control, but has to be very simple sed in order to work on Solaris.
2473 (c) Allow for the setting of EXE to add a subscript to executables for
2474 the benefit of Cygwin.
2475 (d) Use -c instead of -b with "cut" because the "cut" in BSD/OS doesn't
2476 grok -b.
2477
247818. Changes for Cygwin:
2479 (a) Update scripts/os-type to recognize CYGWIN.
2480 (b) Arrange (via the Uopen() macro) for all calls to open() to have
2481 the O_BINARY flag, to avoid CRLF problems.
2482 (c) If OS_INIT is defined, call it at the very start of Exim's execution.
2483 (d) When resolver debugging is enabled, set _res.options |= RES_DEBUG
2484 before calling res_init() as well as after, because that generates
2485 some debugging info during initialization.
2486
248719. Make the initial call to os_getloadavg() in exim.c conditional on
2488 LOAD_AVG_NEEDS_ROOT because it is done just to initialize os_getloadavg()
2489 on systems that require the first call to be done as root. It should be
2490 called only when messages are being received; it was being called
2491 unnecessarily in some cases.
2492
249320. If Exim failed to open its retry hints database at routing time, it crashed
2494 during a subsequent local delivery.
2495
249621. If Exim is neither setuid root nor called by root, there is no need to
2497 attempt to drop root privilege when it is not needed.
2498
249922. I'd forgotten to remove the check for the presence of %s in pid_file_path
2500 when it was set at run time.
2501
250223. If a transport filter crashed, or yielded a non-zero return code during an
2503 SMTP delivery, Exim was not aborting the delivery. This led to multiple
2504 partial deliveries of the message until the transport filter was fixed.
2505
250624. Do not try alternate hosts if a transport filter crashes or yields a
2507 non-zero return during an SMTP delivery.
2508
250925. When exim -be is reading input lines from stdin, backslash can now be used
2510 for continuations. This makes it easier to test expansions from a
2511 configuration file by cut and paste, and long expansions in general.
2512
251326. The file src/auths/xtextdecode.c was incorrectly named xtestdecode.c, but
2514 because the MakeLinks script built a symbolic link that worked, this
2515 mistake didn't actually show up.
2516
251727. When Exim is delivering another message down an existing connection,
2518 remote_max_parallel should be forced to 1; this wasn't happening, though
2519 it would have caused a problem only if a message had more than 100
2520 recipients routed to the host.
2521
252228. When there was a problem while delivering down an existing connection, such
2523 that the transport process closed the connection, this fact wasn't getting
2524 communicated to the calling delivery process, which might have tried to do
2525 more deliveries on the same connection. This would only have caused a
2526 problem if there were more than 100 recipients to the same host.
2527
252829. The ${extract} action, with a negative field number that selected the first
2529 field in a string, could return junk characters at the start of the
2530 extracted field.
2531
253230. When Exim is acting as a client, if an attempt to start a TLS session fails
2533 during the TLS negotiation phase (i.e. STARTTLS is accepted, but there's a
2534 problem such as an unrecognized certificate during TLS session startup),
2535 Exim used always to defer delivery. Now, unless the host is in
2536 hosts_require_tls, Exim makes a new connection to the host and attempts to
2537 send the message unencrypted. This avoids stuck messages for servers that
2538 advertise STARTTLS but don't actually support it properly.
2539
254031. Added ${address:xxx} to go with ${domain:xxx} and ${local_part:xxx} which
2541 extract from RFC 2822 addresses.
2542
254332. The rules for recognizing when Exim is being called from inetd have
2544 changed. Previously Exim required SMTP input, stdin to be a TCP/IP socket,
2545 and the caller to be root or the Exim user. This left a gaping hole if the
2546 caller was not root or the Exim user, because then it wouldn't do the
2547 policy checking for a remote host, because it didn't realize it was being
2548 called from inetd. (This was seen on Debian configurations). Exim now
2549 behaves as follows: if the input is SMTP and stdin is a TCP/IP socket, a
2550 call from inetd is assumed. This is allowed to proceed either if the caller
2551 is root or the Exim user, or if the port used is privileged (less than
2552 1024). Otherwise (a different user passing an unprivileged port) Exim gives
2553 a "Permission denied" error.
2554
255533. Removed $compile_number from the default SMTP banner line (after discussion
2556 on the mailing list). Also removed it from the default $Received: header.
2557
255834. # is documented as a comment character in the run time configuration only
2559 when it appears at the start of a line. In the case of boolean values,
2560 extra characters after "= true" or "= false" were being ignored, leading to
2561 a false impression that comments could appear there. This is now diagnosed
2562 as an error.
2563
256435. If a boolean option without a following "=" was followed by # (in the
2565 mistaken belief that this would be a comment), the error was "missing =",
2566 which was confusing. Exim now complains about extra characters.
2567
256836. When Exim complains about extra characters following an option setting, it
2569 now adds a comment about comments if the first extra character is #.
2570
257137. Output debug_print strings when testing a host using -bh.
2572
257338. Added server_debug_print to authenticators (compare routers and
2574 transports). This outputs when an authenticator is called as a server. It
2575 can be helpful while testing with -bh.
2576
257739. Added debugging output to the crypteq condition.
2578
257940. If a named domain or local part list used in a "domains" or "local_parts"
2580 option on a router matched by means of a lookup, the $domain_data and
2581 $local_part_data variables were set for the first router that did this, but
2582 were not set for any subsequent routers that used the same named list. The
2583 same was true for multiple tests of named domain or local parts lists in an
2584 ACL.
2585
258641. If the variable "build" is set when the top-level Makefile is run, the
2587 variable now propagates from the top-level Makefile to subsidiary ones.
2588 In addition, Local/Makefile-$(build) is added to the list of concatenated
2589 files that go at the start of the Makefile in the build directory.
2590
259142. If NO_SYMLINK is defined in Local/Makefile, the exim_install script just
2592 copies the Exim binary in with its unique name, without moving the "exim"
2593 symbolic link to it.
2594
259543. Added BSDI 4.2 as a BSDI variant in scripts/os-type.
2596
259744. The spool file format for remembering a "one_time" redirection has changed;
2598 I had forgotten to make Exim 4 capable of reading Exim 3 spool files.
2599
260045. Address lists are now permitted to include items of the form *@+name where
2601 "name" is a named domain list. (Note that an item of the form +name is
2602 taken as a named _address_ list.)
2603
260446. When Exim gives up privilege and reverts to the calling user because it was
2605 called with the -C, -D, -be, or -bi options, it now reinstates the
2606 supplementary group list as well as the uid and gid.
2607
260847. The crypteq condition has been extended. When the encrypted string begins
2609 with "{md5}" Exim used to assume that the digest was encoded as a base64
2610 string. Now it assumes this only if its length is 24 bytes. If the length
2611 is 32 bytes, Exim assumes a digest expressed in hex characters. If the
2612 length is neither 24 nor 32, the comparison always fails.
2613
261448. Updated the convert4r4 script:
2615
2616 (a) Some typos in the comments.
2617 (b) Remove kill_ip_options, log_ip_options, and refuse_ip_options, which
2618 no longer exist.
2619 (c) Move all macro definitions to the top of the output, to ensure that
2620 they precede any references to them.
2621 (d) If tls_verify_ciphers was set without tls_verify_hosts, the generated
2622 new configuration insisted on encryption ("these ciphers must be
2623 used for all connections") instead of just checking the cipher when
2624 encryption happened ("if encrypted, these ciphers must be used").
2625 (e) Address lists are now checked to see if they contain any bare lookup
2626 items and if they do, these are converted to two items, the first
2627 preceded by "*@" and the second with "partial-" removed. This makes
2628 Exim 4 behave in the way that Exim 3 used to. An explanatory comment
2629 is output.
2630 (f) Put more explanation in above the "hosts = :" test.
2631
263249. Write a main and panic log entry when "partial-" is ignored in a lookup
2633 that is part of an address list. (Applies when the item is a lookup for
2634 which the whole address is the key.)
2635
263650. Two changes to the way $original_local_part and $parent_local_part work:
2637
2638 (a) When an address that had a prefix or suffix was redirected to another
2639 address, the value of $original_local_part and $parent_local_part
2640 had the prefix or suffix stripped when referred to during the
2641 processing of the child address. This doesn't seem right, so it has
2642 been changed.
2643 (b) When an address that had a prefix or suffix was being processed,
2644 $local_part had the affix stripped, and if it was a top-level
2645 address, $original_local_part also has the affix stripped. This has
2646 been changed. Now $original_local_part contains the same value at all
2647 levels. ($parent_local_part remains empty at top level.)
2648
264951. A number of macros in the Exim source began with "DB_". When compiling
2650 with Berkeley DB version 4, DB_LOCK_TIMEOUT clashed with a macro set by
2651 that package. The Exim macros now all start with "EXIMDB_", and Exim
2652 therefore now supports DB version 4.
2653
265452. Newlines in a "freeze" text from a system filter were being sent as \n
2655 in messages created by the "freeze_tell" option. They are now converted
2656 back to newlines (in the log line they continue to appear as \n).
2657
265853. Added a new ACL condition "verify = reverse_host_lookup". This does a
2659 reverse lookup of the client host's IP address, then does a forward lookup
2660 for all the names it receives, and checks that at least one of the IP
2661 addresses obtained from the forward lookup matches the incoming IP address.
2662 The lookups are done with gethostbyaddr() and gethostbyname(),
2663 respectively.
2664
266554. A small fix to eximstats reduces its store usage substantially when it is
2666 processing very large log files: when a message's "completed" line is
2667 reached, discard the memory of the message's size.
2668
266955. If an address was redirected to itself more than once (e.g. by two
2670 different "redirect" routers, or because of the use of "unseen", it was
2671 incorrectly discarded as a duplicate address.
2672
267356. For a rewrite pattern of the form *@something, if an actual address
2674 contained @ in the local part (e.g. "a@b"@x.y), the value of $1 was set
2675 incorrectly during expansion of the replacement address (it stopped at the
2676 first @ instead of at the last one).
2677
267857. Added hosts_nopass_tls to the smtp transport. For any host that matches
2679 this list, a connection on which a TLS session has been started will not be
2680 passed to a new delivery process for sending another message on the same
2681 connection.
2682
268358. The -dropcr command line option now turns CRLF into LF, while leaving
2684 isolated CR characters alone. (Previously it removed _all_ CR characters.)
2685 There is now also a drop_cr main option which has the effect of -dropcr for
2686 all incoming non-SMTP messages.
2687
268859. If a configuration file macro expanded into a boolean option which was not
2689 followed by = and a value, Exim gave a spurious error for an "unknown"
2690 value for the option (typically a string from the previous line).
2691
2692
2693Exim version 3.952
2694------------------
2695
2696 1. convert4r4 had an incorrect file name in its comment output.
2697
2698 2. convert4r4 was looking up $local_part instead of $domain in its generated
2699 manualroute output.
2700
2701 3. There was no check that getpeername() was giving a socket address when
2702 called on stdin passed from a previous delivery.
2703
2704 4. Fixed an old bug whereby Exim could segfault if debugging was turned on and
2705 a DNS lookup found MX records for hosts whose A records had to be looked up
2706 separately, and some of them pointed to the local host (pretty rare).
2707
2708 5. The debugging output for log writes now shows the names of any log selectors
2709 instead of the hex value of the selector word.
2710
2711 6. If a delivery subprocess is terminated by SIGKILL or SIGQUIT, do not freeze
2712 the message. This can happen during system shutdown. Other kinds of process
2713 failure indicate problems.
2714
2715 7. If a sender verification did not complete (e.g. DNS lookup timed out), the
2716 log line for the temporary RCPT rejection did not always say why (it lost
2717 the message if there had been a previous call to any lookup).
2718
2719 8. The special message about MX records that point to IP addresses instead of
2720 host names was not getting returned in the SMTP response when a
2721 verification failed. This has been fixed, and the message that is logged in
2722 this circumstance has been made less verbose.
2723
2724 9. When an SMTP callout is done, Exim tries to use the interface and port
2725 number from the transport that the address was routed to during the prior
2726 verification. If it wasn't routed to a remote transport, or if there's a
2727 problem expanding the relevant options, Exim does not use a specific
2728 interface, and it connects to port 25.
2729
273010. If the string "syslog" happened to occur in the log file path, eximon was
2731 failing to extract the name of the main log file correctly.
2732
273311. Unlike other operating systems, Linux does not sync a directory after a
2734 rename. However, we need this to happen to be sure an incoming message has
2735 been safely recorded after it has been received. I have therefore added a
2736 macro called NEED_SYNC_DIRECTORY (which is set in OS/os.h_Linux) to request
2737 Exim to do an explicit sync on the directory after the rename. If
2738 O_DIRECTORY is defined, it is used when opening the directory.
2739
274012. When a system filter creates any new deliveries, they are given a fake
2741 "parent" address which appears on the logs, and is necessary for pipes,
2742 files, and autoreplies, which cannot be toplevel addresses. This fake was
2743 set up with the text "system filter". It's been changed to "system-filter"
2744 because the space in the previous text could cause trouble.
2745
274613. The new option local_sender_retain suppresses the removal of Sender: header
2747 lines in locally-submited (non-TCP/IP) messages from untrusted users. It is
2748 required that no_local_from_check be set with local_sender_retain.
2749
275014. In a file interpolated into an address list, if a local part contained a
2751 # character and there was also a following comment (introduced by a #
2752 preceded by white space), the comment was not recognized.
2753
275415. Local part lists are now handled as address lists as far as recognition of
2755 comments in interpolated files and the processing of +caseful at the top
2756 level are concerned. In the local_parts option of a router, +caseful will
2757 restore case-sensitive matching, even when the router does not have
2758 caseful_local_part set (the default).
2759
276016. The key used for a dsearch lookup may not contain '/'. If it does, the
2761 lookup defers.
2762
276317. When starting a delivery process after receiving a message locally, discard
2764 the controlling terminal unless debugging is turned on.
2765
276618. The exim group was automatically trusted; this was not correct because it
2767 meant that admin users who were in the exim group were automatically
2768 trusted. If you want the exim group to be trusted, it must now be
2769 explicitly configured.
2770
277119. The default configuration mentioned "dns_lists" instead of "dnslists" in a
2772 comment.
2773
277420. Minor corrections and changes to the Exim4.upgrade document and to the
2775 OptionLists.txt document.
2776
277721. If a local part beginning with a pipe symbol was routed to a pipe
2778 transport, the transport got confused as to which command it should run.
2779 This could be a security exposure if unchecked local parts are routed to
2780 pipe transports.
2781
278222. When logging SMTP connections to the daemon from other hosts, include the
2783 connection count in the log line. Tidied up the identification of SMTP
2784 sources in logging lines.
2785
278623. Added "sender_domains" as a new ACL condition so that the Exim 3 setting
2787 of sender_verify_callback_domains can easily be replicated. Corrected
2788 convert4r4, which was incorrectly converting this to a "domains" setting.
2789
279024. The code for reading ident values was not discarding leading spaces, which
2791 some hosts seem to send.
2792
279325. The building process was still insisting that PID_FILE_PATH contained %s,
2794 but this is not required for Exim 4.
2795
279626. The logging of ETRN commands had got lost. It has been restored, and the
2797 log selector "etrn" (on by default) added to control it.
2798
279927. IPv6 reverse DNS lookups were originally specified as happening in the
2800 ip6.int domain, but this is being changed to ip6.arpa (and they've changed
2801 the meaning of "arpa" to "Address and Routing Parameters Area"). The only
2802 time Exim does reverse lookups directly (as opposed to calling
2803 gethostbyaddress()) is in the code for the dnsdb lookup type. This has been
2804 changed to use ip6.arpa.
2805
280628. Made the test programs (test_dbfn for testing DBM files, and some others)
2807 compile! Updated the help output from test_dbfn.
2808
280929. Changed all occurrences of "r" and "w" in fopen() fdopen() calls to "rb"
2810 and "wb". This makes no difference in Unix systems, but is apparently
2811 necessary for running Exim under Cygwin.
2812
281330. Three changes that make virtually no difference when Exim is run on a real
2814 Unix system, but which were asked for to make life easier when porting it
2815 to run under Cygwin:
2816
2817 (a) Changed the logic for locking a message when an Exim process is
2818 handling it. Previously, the entire -D file was locked to indicate
2819 this. Now Exim locks only the first line, which contains the name of
2820 the file. Apparently, in the Cygwin environment, a subprocess cannot
2821 read locked parts of a file, even when it is passed an open file
2822 descriptor to that file from the process that did the locking. By
2823 locking only the first line, which the subprocess does not want to read
2824 (it just needs to read the data that follows), we can get round this
2825 restriction with minimal effort.
2826
2827 (b) Added support for native gdbm function calls. GDBM is apparently the
2828 only DBM library that is currently available Cygwin, and only with its
2829 native API.
2830
2831 (c) The default modes for files, directories, and lock files in the
2832 appendfile transport can now be set in Local/Makefile at build time.
2833
283431. When transmitting a message using SMTP with PIPELINING, if the server gave
2835 a malformed SMTP response, the message logged by Exim didn't associate it
2836 with the pipelined SMTP command to which it referred. For example it logged
2837 "after DATA" if all the recipients had been sent. Also, if the response
2838 was an empty line (illegal), it didn't show up very clearly. The error
2839 messages are now more accurate, and point out empty lines.
2840
284132. Minor corrections and changes to src/configure.default.
2842
284333. When a host list in a route_list item that was enclosed in double quotes
2844 contained single quotes within it, the quoting was incorrectly terminated.
2845 Both the pattern and the host list in route_list items are now handled by
2846 the standard quote-processing function.
2847
284834. Corrected the EDITME file for eximon so that the default stripchart
2849 patterns work with the default runtime configuration for local deliveries.
2850 (Previously it matched a delivery via a director - not possible in Exim 4.)
2851
2852
2853Exim version 3.951
2854------------------
2855
2856Exim 3.951 is the first alpha testing release for Exim 4. A list the many
2857individual changes to the code made between Exim 3.33 and Exim 3.951 was not
2858kept. The functional changes are listed in the Exim4.upgrade file.
2859
2860****