Commit | Line | Data |
---|---|---|
48a53b7f | 1 | $Cambridge: exim/doc/doc-txt/ChangeLog,v 1.213 2005/08/30 10:07:58 ph10 Exp $ |
495ae4b0 PH |
2 | |
3 | Change log file for Exim from version 4.21 | |
4 | ------------------------------------------- | |
5 | ||
e3a311ba TK |
6 | Exim version 4.53 |
7 | ----------------- | |
8 | ||
9 | TK/01 Added the "success_on_redirect" address verification option. See | |
10 | NewStuff for rationale and an example. | |
11 | ||
13b685f9 PH |
12 | PH/01 Added support for SQLite, basic code supplied by David Woodhouse. |
13 | ||
395ff96d PH |
14 | PH/02 Patch to exigrep to allow it to work on syslog lines. |
15 | ||
5b68f6e4 PH |
16 | PH/03 When creating an mbox file for a virus/spam scan, use fseek() instead of |
17 | fread() to skip over the body file's header line, because in Cygwin the | |
18 | header line is locked and is inaccessible. | |
19 | ||
1ab52c69 PH |
20 | PH/04 Added $message_exim_id, ultimately to replace $message_id (they will both |
21 | co-exist for some time) to make it clear that it is the Exim ID that is | |
22 | referenced, not the Message-ID: header line. | |
23 | ||
b07e6aa3 PH |
24 | PH/05 Replaced all Tom's calls to snprintf() with calls to the internal |
25 | string_format() function, because snprintf() does not exist on all | |
26 | operating systems. | |
27 | ||
254e032f PH |
28 | PH/06 The use of forbid_filter_existstest now also locks out the use of the |
29 | ${stat: expansion item. | |
30 | ||
3af76a81 PH |
31 | PH/07 Changed "SMTP protocol violation: synchronization error" into "SMTP |
32 | protocol synchronization error", to keep the pedants happy. | |
33 | ||
2548ba04 PH |
34 | PH/08 Arrange for USE_INET_NTOA_FIX to be set in config.h for AIX systems as |
35 | well as for IRIX systems, when gcc is being used. See the host.c source | |
36 | file for comments. | |
37 | ||
b6c6011d PH |
38 | PH/09 Installed latest Cygwin configuration files from the Cygwin maintainer. |
39 | ||
cf39cf57 PH |
40 | PH/10 Named domain lists were not working if used in a queue_smtp_domains |
41 | setting. | |
42 | ||
f1513293 PH |
43 | PH/11 Added support for the IGNOREQUOTA extension to LMTP, both to the lmtp |
44 | transport and to the smtp transport in LMTP mode. | |
45 | ||
727549a4 PH |
46 | TK/02 Remove one case of BASE64 error detection FTTB (undocumented anyway). |
47 | ||
af46795e PH |
48 | PH/12 There was a missing call to search_tidyup() before the fork() in rda.c to |
49 | run a filter in a subprocess. This could lead to confusion in subsequent | |
50 | lookups in the parent process. There should also be a search_tidyup() at | |
51 | the end of the subprocess. | |
52 | ||
d7b47fd0 PH |
53 | PH/13 Previously, if "verify = helo" was set in an ACL, the condition was true |
54 | only if the host matched helo_try_verify_hosts, which caused the | |
55 | verification to occur when the EHLO/HELO command was issued. The ACL just | |
56 | tested the remembered result. Now, if a previous verification attempt has | |
57 | not happened, "verify = helo" does it there and then. | |
58 | ||
ee744174 JJ |
59 | JJ/01 exipick: added $message_exim_id variable (see 4.53-PH/04) |
60 | ||
b582ab87 PH |
61 | TK/03 Fix log output including CR from clamd. |
62 | ||
41a13e0a PH |
63 | PH/14 A reference to $reply_address when Reply-to: was empty and From: did not |
64 | exist provoked a memory error which could cause a segfault. | |
65 | ||
f625cc5a PH |
66 | PH/15 Installed PCRE 6.2 |
67 | ||
68 | PH/17 Defined BIND_8_COMPAT in the Darwin os.h file. | |
69 | ||
21f7af35 PH |
70 | PH/18 Reversed 4.52/PH/17 because the HP-UX user found it wasn't the cause |
71 | of the problem. Specifically, suggested +O2 rather than +O1 for the | |
72 | HP-UX compiler. | |
73 | ||
31480e42 PH |
74 | PH/19 Added sqlite_lock_timeout option (David Woodhouse's patch). |
75 | ||
2d280592 PH |
76 | PH/20 If a delivery was routed to a non-standard port by means of an SRV |
77 | record, the port was not correctly logged when the outgoing_port log | |
78 | selector was set (it logged the transort's default port). | |
79 | ||
7cd1141b PH |
80 | PH/21 Added support for host-specific ports to manualroute, queryprogram, |
81 | fallback_hosts, and "hosts" in the smtp transport. | |
82 | ||
83 | PH/22 If the log selector "outgoing_port" is set, the port is now also given on | |
84 | host errors such as "Connection refused". | |
85 | ||
750af86e PH |
86 | PH/23 Applied a patch to fix problems with exim-4.52 while doing radius |
87 | authentication with radiusclient 0.4.9: | |
88 | ||
89 | - Error returned from rc_read_config was caught wrongly | |
90 | - Username/password not passed on to radius server due to wrong length. | |
91 | ||
92 | The presumption is that some radiusclient API changes for 4.51/PH/17 | |
93 | were not taken care of correctly. The code is still untested by me (my | |
94 | Linux distribution still has 0.3.2 of radiusclient), but it was | |
95 | contributed by a Radius user. | |
96 | ||
97 | PH/24 When doing a callout, the value of $domain wasn't set correctly when | |
98 | expanding the "port" option of the smtp transport. | |
99 | ||
4304270b TK |
100 | TK/04 MIME ACL: Fix buffer underrun that occurs when EOF condition is met |
101 | while reading a MIME header. Thanks to Tom Hughes for a patch. | |
102 | ||
750af86e PH |
103 | PH/24 Include config.h inside local_scan.h so that configuration settings are |
104 | available. | |
105 | ||
64ffc24f PH |
106 | PH/25 Make $smtp_command_argument available after all SMTP commands. This means |
107 | that in an ACL for RCPT (for example), you can examine exactly what was | |
108 | received. | |
109 | ||
5dd9625b PH |
110 | PH/26 Exim was recognizing IPv6 addresses of the form [IPv6:....] in EHLO |
111 | commands, but it was not correctly comparing the address with the actual | |
112 | client host address. Thus, it would show the EHLO address in Received: | |
113 | header lines when this was not necessary. | |
114 | ||
5591031b PH |
115 | PH/27 Added the % operator to ${eval:}. |
116 | ||
ba18e66a PH |
117 | PH/28 Exim tries to create and chdir to its spool directory when it starts; |
118 | it should be ignoring failures (because with -C, for example, it has lost | |
119 | privilege). It wasn't ignoring creation failures other than "already | |
120 | exists". | |
121 | ||
9cec981f PH |
122 | PH/29 Added "crypteq" to the list of supported features that Exim outputs when |
123 | -bV or -d is used. | |
124 | ||
aa2b5c79 PH |
125 | PH/30 Fixed (presumably very longstanding) bug in exim_dbmbuild: if it failed |
126 | because an input line was too long, either on its own, or by virtue of | |
127 | too many continuations, the temporary file was not being removed. | |
128 | ||
48a53b7f PH |
129 | PH/31 Missing "BOOL" in function definition in filtertest.c. |
130 | ||
bbe902f0 | 131 | |
e5a9dba6 PH |
132 | Exim version 4.52 |
133 | ----------------- | |
134 | ||
135 | TF/01 Added support for Client SMTP Authorization. See NewStuff for details. | |
136 | ||
22c3b60b PH |
137 | PH/01 When a transport filter timed out in a pipe delivery, and the pipe |
138 | command itself ended in error, the underlying message about the transport | |
139 | filter timeout was being overwritten with the pipe command error. Now the | |
140 | underlying error message should be appended to the second error message. | |
141 | ||
06a9b4b5 PH |
142 | TK/01 Fix poll() being unavailable on Mac OSX 10.2. |
143 | ||
c1ac6996 PH |
144 | PH/02 Reduce the amount of output that "make" produces by default. Full output |
145 | can still be requested. | |
146 | ||
9c7a242c PH |
147 | PH/03 The warning log line about a condition test deferring for a "warn" verb |
148 | was being output only once per connection, rather than after each | |
149 | occurrence (because it was using the same function as for successful | |
150 | "warn" verbs). This seems wrong, so I have changed it. | |
151 | ||
87ba3f5f PH |
152 | TF/02 Two buglets in acl.c which caused Exim to read a few bytes of memory that |
153 | it should not have, which might have caused a crash in the right | |
154 | circumstances, but probably never did. | |
155 | ||
156 | PH/04 Installed a modified version of Tony Finch's patch to make submission | |
157 | mode fix the return path as well as the Sender: header line, and to | |
158 | add a /name= option so that you can make the user's friendly name appear | |
159 | in the header line. | |
160 | ||
29aba418 TF |
161 | TF/03 Added the control = fakedefer ACL modifier. |
162 | ||
fe0dab11 TF |
163 | TF/04 Added the ratelimit ACL condition. See NewStuff for details. Thanks to |
164 | Mark Lowes for thorough testing. | |
870f6ba8 | 165 | |
11d337a4 TK |
166 | TK/02 Rewrote SPF support to work with libspf2 versions >1.2.0. |
167 | ||
168 | TK/03 Merged latest SRS patch from Miles Wilton. | |
169 | ||
415c8f3b PH |
170 | PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts |
171 | with the definition in sysexits.h (which is #included earlier). | |
172 | Fortunately, Exim does not actually use EX_OK. The code used to try to | |
173 | preserve the sysexits.h value, by assumimg that macro definitions were | |
174 | scanned for macro replacements. I have been disabused of this notion, | |
175 | so now the code just undefines EX_OK before #including unistd.h. | |
11d337a4 | 176 | |
958541e9 PH |
177 | PH/06 There is a timeout for writing blocks of data, set by, e.g. data_timeout |
178 | in the smtp transport. When a block could not be written in a single | |
179 | write() function, the timeout was being re-applied to each part-write. | |
180 | This seems wrong - if the receiver was accepting one byte at a time it | |
181 | would take for ever. The timeout is now adjusted when this happens. It | |
182 | doesn't have to be particularly precise. | |
183 | ||
c206415f TK |
184 | TK/04 Added simple SPF lookup method in EXPERIMENTAL_SPF. See NewStuff for |
185 | details. Thanks to Chris Webb <chris@arachsys.com> for the patch! | |
186 | ||
2a4be8f9 PH |
187 | PH/07 Added "fullpostmaster" verify option, which does a check to <postmaster> |
188 | without a domain if the check to <postmaster@domain> fails. | |
189 | ||
1cba11c5 SC |
190 | SC/01 Eximstats: added -xls and the ability to specify output files |
191 | (patch written by Frank Heydlauf). | |
192 | ||
193 | SC/02 Eximstats: use FileHandles for outputing results. | |
194 | ||
195 | SC/03 Eximstats: allow any combination of xls, txt, and html output. | |
196 | ||
197 | SC/04 Eximstats: fixed display of large numbers with -nvr option | |
198 | ||
199 | SC/05 Eximstats: fixed merging of reports with empty tables. | |
200 | ||
201 | SC/06 Eximstats: added the -include_original_destination flag | |
202 | ||
203 | SC/07 Eximstats: removed tabs and trailing whitespace. | |
204 | ||
1005d00e TK |
205 | TK/05 Malware: Improve on aveserver error handling. Patch from Alex Miller. |
206 | ||
207 | TK/06 MBOX spool code: Add real "From " MBOX separator line | |
208 | so the .eml file is really in mbox format (even though | |
209 | most programs do not really care). Patch from Alex Miller. | |
210 | ||
211 | TK/07 MBOX spool code: Add X-Envelope-From: and X-Envelope-To: headers. | |
212 | The latter is generated from $received_to and is only set if the | |
213 | message has one envelope recipient. SA can use these headers, | |
214 | obviously out-of-the-box. Patch from Alex Miller. | |
215 | ||
9b4768fa PH |
216 | PH/08 The ${def test on a variable was returning false if the variable's |
217 | value was "0", contrary to what the specification has always said! | |
218 | The result should be true unless the variable is empty. | |
219 | ||
220 | PH/09 The syntax error of a character other than { following "${if | |
221 | def:variable_name" (after optional whitespace) was not being diagnosed. | |
222 | An expansion such as ${if def:sender_ident:{xxx}{yyy}} in which an | |
223 | accidental colon was present, for example, could give incorrect results. | |
224 | ||
0d7eb84a PH |
225 | PH/10 Tidied the code in a number of places where the st_size field of a stat() |
226 | result is used (not including appendfile, where other changes are about | |
227 | to be made). | |
228 | ||
229 | PH/11 Upgraded appendfile so that quotas larger than 2G are now supported. | |
230 | This involved changing a lot of size variables from int to off_t. It | |
231 | should work with maildirs and everything. | |
232 | ||
40727bee TK |
233 | TK/08 Apply fix provided by Michael Haardt to prevent deadlock in case of |
234 | spamd dying while we are connected to it. | |
235 | ||
554d2369 TF |
236 | TF/05 Fixed a ${extract error message typo reported by Jeremy Harris |
237 | <jgh@wizmail.org> | |
238 | ||
1f922db1 PH |
239 | PH/12 Applied Alex Kiernan's patch for the API change for the error callback |
240 | function for BDB 4.3. | |
241 | ||
ef213c3b PH |
242 | PH/13 Changed auto_thaw such that it does not apply to bounce messages. |
243 | ||
8ac170f3 PH |
244 | PH/14 Imported PCRE 6.0; this was more than just a trivial operation because |
245 | the sources for PCRE have been re-arranged and more files are now | |
246 | involved. | |
247 | ||
b1c749bb PH |
248 | PH/15 The code I had for printing potentially long long variables in PH/11 |
249 | above was not the best (it lost precision). The length of off_t variables | |
250 | is now inspected at build time, and an appropriate printing format (%ld | |
c6c2dc1d PH |
251 | or %lld) is chosen and #defined by OFF_T_FMT. We also define LONGLONG_T |
252 | to be "long long int" or "long int". This is needed for the internal | |
253 | formatting function string_vformat(). | |
b1c749bb | 254 | |
4aac9b49 PH |
255 | PH/16 Applied Matthew Newton's patch to exicyclog: "If log_file_path is set in |
256 | the configuration file to be ":syslog", then the script "guesses" where | |
257 | the logs files are, rather than using the compiled in default. In our | |
258 | case the guess is not the same as the compiled default, so the script | |
259 | suddenly stopped working when I started to use syslog. The patch checks | |
260 | to see if log_file_path is "". If so, it attempts to read it from exim | |
261 | with no configuration file to get the compiled in version, before it | |
262 | falls back to the previous guessing code." | |
263 | ||
294520c8 TK |
264 | TK/09 Added "prvs" and "prvscheck" expansion items. These help a lot with |
265 | implementing BATV in an Exim configuration. See NewStuff for the gory | |
266 | details. | |
267 | ||
5bd022fe PH |
268 | PH/17 Applied Michael Haardt's patch for HP-UX, affecting only the os.h and |
269 | Makefile that are specific to HP-UX. | |
270 | ||
90e9ce59 PH |
271 | PH/18 If the "use_postmaster" option was set for a recipient callout together |
272 | with the "random" option, the postmaster address was used as the MAIL | |
273 | FROM address for the random test, but not for the subsequent recipient | |
274 | test. It is now used for both. | |
275 | ||
5ea81592 PH |
276 | PH/19 Applied Michael Haardt's patch to update Sieve to RFC3028bis. "The |
277 | patch removes a few documentation additions to RFC 3028, because the | |
278 | latest draft now contains them. It adds the new en;ascii-case comparator | |
279 | and a new error check for 8bit text in MIME parts. Comparator and | |
280 | require names are now matched exactly. I enabled the subaddress | |
281 | extension, but it is not well tested yet (read: it works for me)." | |
282 | ||
c6c2dc1d PH |
283 | PH/20 Added macros for time_t as for off_t (see PH/15 above) and used them to |
284 | rework some of the code of TK/09 above to avoid the hardwired use of | |
285 | "%lld" and "long long". Replaced the call to snprintf() with a call to | |
286 | string_vformat(). | |
287 | ||
fffffe4c PH |
288 | PH/21 Added some other messages to those in 4.51/PH/42, namely "All relevant MX |
289 | records point to non-existent hosts", "retry timeout exceeded", and | |
290 | "retry time not reached for any host after a long failure period". | |
ca02eafb | 291 | |
9a26b6b2 PH |
292 | PH/22 Fixed some oversights/typos causing bugs when Exim is compiled with |
293 | experimental DomainKeys support: | |
294 | ||
295 | (1) The filter variables $n0-$n9 and $sn0-$sn9 were broken. | |
296 | (2) On an error such as an illegally used "control", the wrong name for | |
297 | the control was given. | |
298 | ||
299 | These problems did NOT occur unless DomainKeys support was compiled. | |
300 | ||
4aee0225 PH |
301 | PH/23 Added daemon_startup_retries and daemon_startup_sleep. |
302 | ||
32d668a5 PH |
303 | PH/24 Added ${if match_ip condition. |
304 | ||
8187c3f3 PH |
305 | PH/25 Put debug statements on either side of calls to EXIM_DBOPEN() for hints |
306 | databases so that it will be absolutely obvious if a crash occurs in the | |
307 | DB library. This is a regular occurrence (often caused by mis-matched | |
308 | db.h files). | |
309 | ||
ff790e47 | 310 | PH/26 Insert a lot of missing (void) casts for functions such as chown(), |
f1e894f3 PH |
311 | chmod(), fcntl(), sscanf(), and other functions from stdio.h. These were |
312 | picked up on a user's system that detects such things. There doesn't seem | |
313 | to be a gcc warning option for this - only an attribute that has to be | |
314 | put on the function's prototype. It seems that in Fedora Core 4 they have | |
315 | set this on a number of new functions. No doubt there will be more in due | |
316 | course. | |
ff790e47 | 317 | |
5417f6d1 PH |
318 | PH/27 If a dnslookup or manualroute router is set with verify=only, it need not |
319 | specify a transport. However, if an address that was verified by such a | |
320 | router was the subject of a callout, Exim crashed because it tried to | |
321 | read the rcpt_include_affixes from the non-existent transport. Now it | |
322 | just assumes that the setting of that option is false. This bug was | |
323 | introduced by 4.51/PH/31. | |
324 | ||
59cf8544 PH |
325 | PH/28 Changed -d+all to exclude +memory, because that information is very |
326 | rarely of interest, but it makes the output a lot bigger. People tend to | |
327 | do -d+all out of habit. | |
328 | ||
e7ad8a65 PH |
329 | PH/29 Removed support for the Linux-libc5 build, as it is obsolete and the |
330 | code in os-type was giving problems when libc.so lives in lib64, like on | |
331 | x86_64 Fedora Core. | |
332 | ||
ade42478 PH |
333 | PH/30 Exim's DNS code uses the original T_xxx names for DNS record times. These |
334 | aren't the modern standard, and it seems that some systems' include files | |
335 | don't always have them. Exim was already checking for some of the newer | |
336 | ones like T_AAAA, and defining it itself. I've added checks for all the | |
337 | record types that Exim uses. | |
338 | ||
182ad5cf PH |
339 | PH/31 When using GnuTLS, if the parameters cache file did not exist, Exim was |
340 | not automatically generating a new one, as it is supposed to. This | |
341 | prevented TLS from working. If the file did exist, but contained invalid | |
342 | data, a new version was generated, as expected. It was only the case of a | |
343 | non-existent file that was broken. | |
344 | ||
b0d9fc80 TK |
345 | TK/10 Domainkeys: Fix a bug in verification that caused a crash in conjunction |
346 | with a change in libdomainkeys > 0.64. | |
347 | ||
348 | TK/11 Domainkeys: Change the logic how the "testing" policy flag is retrieved | |
349 | from DNS. If the selector record carries the flag, it now has | |
350 | precedence over the domain-wide flag. | |
351 | ||
352 | TK/12 Cleared some compiler warnings related to SPF, SRS and DK code. | |
353 | ||
47c7a64a PH |
354 | PH/32 In mua_wrapper mode, if an smtp transport configuration error (such as |
355 | the use of a port name that isn't defined in /etc/services) occurred, the | |
356 | message was deferred as in a normal delivery, and thus remained on the | |
357 | spool, instead of being failed because of the mua_wrapper setting. This | |
358 | is now fixed, and I tidied up some of the mua_wrapper messages at the | |
359 | same time. | |
360 | ||
a388bce4 SC |
361 | SC/08 Eximstats: whilst parsing the mainlog(s), store information about |
362 | the messages in a hash of arrays rather than using individual hashes. | |
363 | This is a bit cleaner and results in dramatic memory savings, albeit | |
364 | at a slight CPU cost. | |
365 | ||
366 | SC/09 Eximstats: added the -show_rt<list> and the -show_dt<list> flags | |
367 | as requested by Marc Sherman. | |
368 | ||
369 | SC/10 Eximstats: added histograms for user specified patterns as requested | |
370 | by Marc Sherman. | |
371 | ||
0793e4ed SC |
372 | SC/11 Eximstats: v1.43 - bugfix for pattern histograms with -h0 specified. |
373 | ||
c58b88df PH |
374 | PH/33 Patch from the Cygwin maintainer to add "b" to all occurences of |
375 | fopen() in the content-scanning modules that did not already have it. | |
376 | ||
e7ad8a65 | 377 | |
7982096b PH |
378 | Exim version 4.51 |
379 | ----------------- | |
380 | ||
1a46a8c5 PH |
381 | TK/01 Added Yahoo DomainKeys support via libdomainkeys. See |
382 | doc/experimental-spec.txt for details. (http://domainkeys.sf.net) | |
383 | ||
2f079f46 | 384 | TK/02 Fix ACL "control" statement not being available in MIME ACL. |
1a46a8c5 PH |
385 | |
386 | TK/03 Fix ACL "regex" condition not being available in MIME ACL. | |
387 | ||
388 | PH/01 Installed a patch from the Sieve maintainer that allows -bf to be used | |
389 | to test Sieve filters that use "vacation". | |
390 | ||
391 | PH/02 Installed a slightly modified version of Nikos Mavrogiannopoulos' patch | |
392 | that changes the way the GnuTLS parameters are stored in the cache file. | |
393 | The new format can be generated externally. For backward compatibility, | |
394 | if the data in the cache doesn't make sense, Exim assumes it has read an | |
395 | old-format file, and it generates new data and writes a new file. This | |
396 | means that you can't go back to an older release without removing the | |
397 | file. | |
398 | ||
399 | PH/03 A redirect router that has both "unseen" and "one_time" set does not | |
400 | work if there are any delivery delays because "one_time" forces the | |
401 | parent to be marked "delivered", so its unseen clone is never tried | |
402 | again. For this reason, Exim now forbids the simultaneous setting of | |
403 | these two options. | |
404 | ||
405 | PH/04 Change 4.11/85 fixed an obscure bug concerned with addresses that are | |
406 | redirected to themselves ("homonym" addresses). Read the long ChangeLog | |
407 | entry if you want to know the details. The fix, however, neglected to | |
408 | consider the case when local delivery batching is involved. The test for | |
409 | "previously delivered" was not happening when checking to see if an | |
410 | address could be batched with a previous (undelivered) one; under | |
411 | certain circumstances this could lead to multiple deliveries to the same | |
c2c19e9d | 412 | address. |
1a46a8c5 PH |
413 | |
414 | PH/05 Renamed the macro SOCKLEN_T as EXIM_SOCKLEN_T because AIX uses SOCKLEN_T | |
415 | in its include files, and this causes problems building Exim. | |
416 | ||
417 | PH/06 A number of "verify =" ACL conditions have no options (e.g. verify = | |
418 | header_syntax) but Exim was just ignoring anything given after a slash. | |
419 | In particular, this caused confusion with an attempt to use "verify = | |
420 | reverse_host_lookup/defer_ok". An error is now given when options are | |
421 | supplied for verify items that do not have them. (Maybe reverse_host_ | |
422 | lookup should have a defer_ok option, but that's a different point.) | |
423 | ||
424 | PH/07 Increase the size of the buffer for incoming SMTP commands from 512 (as | |
425 | defined by RFC 821) to 2048, because there were problems with some AUTH | |
426 | commands, and RFC 1869 says the size should be increased for extended | |
427 | SMTP commands that take arguments. | |
428 | ||
429 | PH/08 Added ${dlfunc dynamically loaded function for expansion (code from Tony | |
430 | Finch). | |
431 | ||
432 | PH/09 Previously, an attempt to use ${perl when it wasn't compiled gave an | |
433 | "unknown" error; now it says that the functionality isn't in the binary. | |
8d67ada3 | 434 | |
49c2d5ea PH |
435 | PH/10 Added a nasty fudge to try to recognize and flatten LDAP passwords in |
436 | an address' error message when a string expansion fails (syntax or | |
f331f3b6 PH |
437 | whatever). Otherwise the password may appear in the log. Following change |
438 | PH/42 below, there is no longer a chance of it appearing in a bounce | |
439 | message. | |
49c2d5ea | 440 | |
bf759a8b PH |
441 | PH/11 Installed exipick version 20050225.0 from John Jetmore. |
442 | ||
83364d30 PH |
443 | PH/12 If the last host in a fallback_hosts list was multihomed, only the first |
444 | of its addresses was ever tried. (Bugzilla bug #2.) | |
445 | ||
7999bbd7 PH |
446 | PH/13 If "headers_add" in a transport didn't end in a newline, Exim printed |
447 | the result incorrectly in the debug output. (It correctly added a newline | |
448 | to what was transported.) | |
449 | ||
7dbf77c9 PH |
450 | TF/01 Added $received_time. |
451 | ||
74e0617f PH |
452 | PH/14 Modified the default configuration to add an acl_smtp_data ACL, with |
453 | commented out examples of how to interface to a virus scanner and to | |
454 | SpamAssassin. Also added commented examples of av_scanner and | |
455 | spamd_address settings. | |
456 | ||
2f079f46 PH |
457 | PH/15 Further to TK/02 and TK/03 above, tidied up the tables of what conditions |
458 | and controls are allowed in which ACLs. There were a couple of minor | |
459 | errors. Some of the entries in the conditions table (which is a table of | |
460 | where they are NOT allowed) were getting very unwieldy; rewrote them as a | |
461 | negation of where the condition IS allowed. | |
462 | ||
8c841523 PH |
463 | PH/16 Installed updated OS/os.c-cygwin from the Cygwin maintainer. |
464 | ||
7766a4f0 PH |
465 | PH/17 The API for radiusclient changed at release 0.4.0. Unfortunately, the |
466 | header file does not have a version number, so I've had to invent a new | |
467 | value for RADIUS_LIB_TYPE, namely "RADIUSCLIENTNEW" to request the new | |
468 | API. The code is untested by me (my Linux distribution still has 0.3.2 of | |
469 | radiusclient), but it was contributed by a Radius user. | |
470 | ||
8b417f2c PH |
471 | PH/18 Installed Lars Mainka's patch for the support of CRL collections in |
472 | files or directories, for OpenSSL. | |
473 | ||
901f42cb PH |
474 | PH/19 When an Exim process that is running as root has to create an Exim log |
475 | file, it does so in a subprocess that runs as exim:exim so as to get the | |
476 | ownership right at creation (otherwise, other Exim processes might see | |
477 | the file with the wrong ownership). There was no test for failure of this | |
478 | fork() call, which would lead to the process getting stuck as it waited | |
479 | for a non-existent subprocess. Forks do occasionally fail when resources | |
480 | run out. I reviewed all the other calls to fork(); they all seem to check | |
481 | for failure. | |
482 | ||
f9b9210e PH |
483 | PH/20 When checking for unexpected SMTP input at connect time (before writing |
484 | the banner), Exim was not dealing correctly with a non-positive return | |
485 | from the read() function. If the client had disconnected by this time, | |
486 | the result was a log entry for a synchronization error with an empty | |
487 | string after "input=" when read() returned zero. If read() returned -1 | |
488 | (an event I could not check), uninitialized data bytes were printed. | |
489 | There were reports of junk text (parts of files, etc) appearing after | |
490 | "input=". | |
491 | ||
54cdb463 PH |
492 | PH/21 Added acl_not_smtp_mime to allow for MIME scanning for non-SMTP messages. |
493 | ||
cf00dad6 PH |
494 | PH/22 Added support for macro redefinition, and (re)definition in between |
495 | driver and ACL definitions. | |
496 | ||
acb1b346 PH |
497 | PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then |
498 | forgetting to use the resulting value; it was using the unexpanded value. | |
499 | ||
c5ddb310 PH |
500 | PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it |
501 | hadn't been configured. The fix is from Juergen Kreileder, who | |
502 | understands it better than I do: | |
503 | ||
504 | "Here's what I see happening with three configured cyrus_sasl | |
505 | authenticators configured (plain, login, cram-md5): | |
506 | ||
507 | On startup auth_cyrus_sasl_init() gets called for each of these. | |
508 | This means three calls to sasl_listmech() without a specified mech_list. | |
509 | => SASL tests which mechs of all available mechs actually work | |
510 | => three warnings about OTP not working | |
511 | => the returned list contains: plain, login, cram-md5, digest-md5, ... | |
512 | ||
513 | With the patch, sasl_listmech() also gets called three times. But now | |
514 | SASL's mech_list option is set to the server_mech specified in the the | |
515 | authenticator. Or in other words, the answer from sasl_listmech() | |
516 | gets limited to just the mech you're testing for (which is different | |
517 | for each call.) | |
518 | => the return list contains just 'plain' or 'login', 'cram-md5' or | |
519 | nothing depending on the value of ob->server_mech. | |
520 | ||
521 | I've just tested the patch: Authentication still works fine, | |
522 | unavailable mechs specified in the exim configuration are still | |
523 | caught, and the auth.log warnings about OTP are gone." | |
524 | ||
31619da6 PH |
525 | PH/25 When debugging is enabled, the contents of the command line are added |
526 | to the debugging output, even when log_selector=+arguments is not | |
527 | specified. | |
528 | ||
bebaf0fc PH |
529 | PH/26 Change scripts/os-type so that when "uname -s" returns just "GNU", the |
530 | answer is "GNU", and only if the return is "GNU/something" is the answer | |
531 | "Linux". | |
532 | ||
475fe28a PH |
533 | PH/27 $acl_verify_message is now set immediately after the failure of a |
534 | verification in an ACL, and so is available in subsequent modifiers. In | |
535 | particular, the message can be preserved by coding like this: | |
536 | ||
537 | warn !verify = sender | |
538 | set acl_m0 = $acl_verify_message | |
539 | ||
540 | Previously, $acl_verify_message was set only while expanding "message" | |
541 | and "log_message" when a very denied access. | |
542 | ||
7e8bec7a PH |
543 | PH/28 Modified OS/os.c-Linux with |
544 | ||
545 | -#ifndef OS_LOAD_AVERAGE | |
546 | +#if !defined(OS_LOAD_AVERAGE) && defined(__linux__) | |
547 | ||
548 | to make Exim compile on kfreebsd-gnu. (I'm totally confused about the | |
549 | nomenclature these days.) | |
550 | ||
e4a89c47 PH |
551 | PH/29 Installed patch from the Sieve maintainer that adds the options |
552 | sieve_useraddress and sieve_subaddress to the redirect router. | |
553 | ||
5ca2a9a1 PH |
554 | PH/30 In these circumstances: |
555 | . Two addresses routed to the same list of hosts; | |
556 | . First host does not offer TLS; | |
557 | . First host accepts first address; | |
558 | . First host gives temporary error to second address; | |
559 | . Second host offers TLS and a TLS session is established; | |
560 | . Second host accepts second address. | |
561 | Exim incorrectly logged both deliveries with the TLS parameters (cipher | |
562 | and peerdn, if requested) that were in fact used only for the second | |
563 | address. | |
7e8bec7a | 564 | |
c688b954 PH |
565 | PH/31 When doing a callout as part of verifying an address, Exim was not paying |
566 | attention to any local part prefix or suffix that was matched by the | |
567 | router that accepted the address. It now behaves in the same way as it | |
568 | does for delivery: the affixes are removed from the local part unless | |
569 | rcpt_include_affixes is set on the transport. | |
570 | ||
fed77020 PH |
571 | PH/32 Add the sender address, as F=<...>, to the log line when logging a |
572 | timeout during the DATA phase of an incoming message. | |
573 | ||
7fe1560f PH |
574 | PH/33 Sieve envelope tests were broken for match types other than :is. I have |
575 | applied a patch sanctioned by the Sieve maintainer. | |
c688b954 | 576 | |
ebb6e6d5 PH |
577 | PH/34 Change 4.50/80 broke Exim in that it could no longer handle cases where |
578 | the uid or gid is negative. A case of a negative gid caused this to be | |
579 | noticed. The fix allows for either to be negative. | |
580 | ||
9c4e8f60 PH |
581 | PH/35 ACL_WHERE_MIME is now declared unconditionally, to avoid too much code |
582 | clutter, but the tables that are indexed by ACL_WHERE_xxx values had been | |
583 | overlooked. | |
584 | ||
585 | PH/36 The change PH/12 above was broken. Fixed it. | |
586 | ||
d7174846 PH |
587 | PH/37 Exim used to check for duplicate addresses in the middle of routing, on |
588 | the grounds that routing the same address twice would always produce the | |
589 | same answer. This might have been true once, but it is certainly no | |
590 | longer true now. Routing a child address may depend on the previous | |
591 | routing that produced that child. Some complicated redirection strategies | |
592 | went wrong when messages had multiple recipients, and made Exim's | |
593 | behaviour dependent on the order in which the addresses were given. | |
594 | ||
595 | I have moved the duplicate checking until after the routing is complete. | |
596 | Exim scans the addresses that are assigned to local and remote | |
597 | transports, and removes any duplicates. This means that more work will be | |
598 | done, as duplicates will always all be routed, but duplicates are | |
599 | presumably rare, so I don't expect this is of any significance. | |
600 | ||
601 | For deliveries to pipes, files, and autoreplies, the duplicate checking | |
602 | still happens during the routing process, since they are not going to be | |
603 | routed further. | |
604 | ||
cfe75fc3 PH |
605 | PH/38 Installed a patch from Ian Freislich, with the agreement of Tom Kistner. |
606 | It corrects a timeout issue with spamd. This is Ian's comment: "The | |
607 | background is that sometimes spamd either never reads data from a | |
608 | connection it has accepted, or it never writes response data. The exiscan | |
609 | spam.[ch] uses a 3600 second timeout on spamd socket reads, further, it | |
610 | blindly assumes that writes won't block so it may never time out." | |
611 | ||
be22d70e PH |
612 | PH/39 Allow G after quota size as well as K and M. |
613 | ||
0612b098 PH |
614 | PH/40 The value set for $authenticated_id in an authenticator may not contain |
615 | binary zeroes or newlines because the value is written to log lines and | |
616 | to spool files. There was no check on this. Now the value is run through | |
617 | the string_printing() function so that such characters are converted to | |
618 | printable escape sequences. | |
619 | ||
2e0c1448 PH |
620 | PH/41 $message_linecount is a new variable that contains the total number of |
621 | lines in the message. Compare $body_linecount, which is the count for the | |
622 | body only. | |
623 | ||
447d236c PH |
624 | PH/42 Exim no longer gives details of delivery errors for specific addresses in |
625 | bounce and delay warning messages, except in certain special cases, which | |
626 | are as follows: | |
627 | ||
628 | (a) An SMTP error message from a remote host; | |
629 | (b) A message specified in a :fail: redirection; | |
630 | (c) A message specified in a "fail" command in a system filter; | |
631 | (d) A message specified in a FAIL return from the queryprogram router; | |
632 | (e) A message specified by the cannot_route_message router option. | |
633 | ||
634 | In these cases only, Exim does include the error details in bounce and | |
635 | warning messages. There are also a few cases where bland messages such | |
636 | as "unrouteable address" or "local delivery error" are given. | |
637 | ||
d20976dc PH |
638 | PH/43 $value is now also set for the "else" part of a ${run expansion. |
639 | ||
f656d135 PH |
640 | PH/44 Applied patch from the Sieve maintainer: "The vacation draft is still |
641 | being worked on, but at least Exim now implements the latest version to | |
642 | play with." | |
643 | ||
2e2a30b4 PH |
644 | PH/45 In a pipe transport, although a timeout while waiting for the pipe |
645 | process to complete was treated as a delivery failure, a timeout while | |
646 | writing the message to the pipe was logged, but erroneously treated as a | |
647 | successful delivery. Such timeouts include transport filter timeouts. For | |
648 | consistency with the overall process timeout, these timeouts are now | |
649 | treated as errors, giving rise to delivery failures by default. However, | |
650 | there is now a new Boolean option for the pipe transport called | |
651 | timeout_defer, which, if set TRUE, converts the failures into defers for | |
652 | both kinds of timeout. A transport filter timeout is now identified in | |
653 | the log output. | |
654 | ||
9176e9f0 PH |
655 | PH/46 The "scripts/Configure-config.h" script calls "make" at one point. On |
656 | systems where "make" and "gmake" are different, calling "gmake" at top | |
657 | level broke things. I've arranged for the value of $(MAKE) to be passed | |
658 | from the Makefile to this script so that it can call the same version of | |
659 | "make". | |
660 | ||
7982096b | 661 | |
bbe902f0 PH |
662 | A note about Exim versions 4.44 and 4.50 |
663 | ---------------------------------------- | |
664 | ||
665 | Exim 4.50 was meant to be the next release after 4.43. It contains a lot of | |
666 | changes of various kinds. As a consequence, a big documentation update was | |
667 | needed. This delayed the release for rather longer than seemed good, especially | |
668 | in the light of a couple of (minor) security issues. Therefore, the changes | |
669 | that fixed bugs were backported into 4.43, to create a 4.44 maintenance | |
670 | release. So 4.44 and 4.50 are in effect two different branches that both start | |
671 | from 4.43. | |
672 | ||
673 | I have left the 4.50 change log unchanged; it contains all the changes since | |
674 | 4.43. The change log for 4.44 is below; many of its items are identical to | |
675 | those for 4.50. This seems to be the most sensible way to preserve the | |
676 | historical information. | |
677 | ||
678 | ||
f7b63901 | 679 | Exim version 4.50 |
495ae4b0 PH |
680 | ----------------- |
681 | ||
5fe762f6 PH |
682 | 1. Minor wording change to the doc/README.SIEVE file. |
683 | ||
139059f6 | 684 | 2. Change 4.43/35 introduced a bug: if quota_filecount was set, the |
5fe762f6 | 685 | computation of the current number of files was incorrect. |
495ae4b0 | 686 | |
7086e875 PH |
687 | 3. Closing a stable door: arrange to panic-die if setitimer() ever fails. The |
688 | bug fixed in 4.43/37 would have been diagnosed quickly if this had been in | |
689 | place. | |
690 | ||
35af9f61 PH |
691 | 4. Give more explanation in the error message when the command for a transport |
692 | filter fails to execute. | |
693 | ||
b668c215 PH |
694 | 5. There are several places where Exim runs a non-Exim command in a |
695 | subprocess. The SIGUSR1 signal should be disabled for these processes. This | |
696 | was being done only for the command run by the queryprogram router. It is | |
697 | now done for all such subprocesses. The other cases are: ${run, transport | |
698 | filters, and the commands run by the lmtp and pipe transports. | |
699 | ||
a494b1e1 PH |
700 | 6. Added CONFIGURE_GROUP build-time option. |
701 | ||
702 | 7. Some older OS have a limit of 256 on the maximum number of file | |
703 | descriptors. Exim was using setrlimit() to set 1000 as a large value | |
704 | unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these | |
705 | systems. I've change it so that if it can't get 1000, it tries for 256. | |
35edf2ff | 706 | |
c5fcb476 PH |
707 | 8. "control=submission" was allowed, but had no effect, in a DATA ACL. This |
708 | was an oversight, and furthermore, ever since the addition of extra | |
709 | controls (e.g. 4.43/32), the checks on when to allow different forms of | |
710 | "control" were broken. There should now be diagnostics for all cases when a | |
711 | control that does not make sense is encountered. | |
712 | ||
69358f02 PH |
713 | 9. Added the /retain_sender option to "control=submission". |
714 | ||
5be20824 PH |
715 | 10. $recipients is now available in the predata ACL (oversight). |
716 | ||
eb2c0248 PH |
717 | 11. Tidy the search cache before the fork to do a delivery from a message |
718 | received from the command line. Otherwise the child will trigger a lookup | |
719 | failure and thereby defer the delivery if it tries to use (for example) a | |
720 | cached ldap connection that the parent has called unbind on. | |
721 | ||
2a3eea10 PH |
722 | 12. If verify=recipient was followed by verify=sender in a RCPT ACL, the value |
723 | of $address_data from the recipient verification was clobbered by the | |
724 | sender verification. | |
725 | ||
726 | 13. The value of address_data from a sender verification is now available in | |
727 | $sender_address_data in subsequent conditions in the ACL statement. | |
728 | ||
23c7ff99 PH |
729 | 14. Added forbid_sieve_filter and forbid_exim_filter to the redirect router. |
730 | ||
4deaf07d PH |
731 | 15. Added a new option "connect=<time>" to callout options, to set a different |
732 | connection timeout. | |
733 | ||
926e1192 PH |
734 | 16. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0 |
735 | was its contents. (It was OK if the option was not defined at all.) | |
736 | ||
650edc6f PH |
737 | 17. A "Completed" log line is now written for messages that are removed from |
738 | the spool by the -Mrm option. | |
739 | ||
2c7db3f5 PH |
740 | 18. New variables $sender_verify_failure and $recipient_verify_failure contain |
741 | information about exactly what failed. | |
742 | ||
3d235903 PH |
743 | 19. Added -dd to debug only the daemon process. |
744 | ||
7c7ad977 PH |
745 | 20. Incorporated Michael Haardt's patch to ldap.c for improving the way it |
746 | handles timeouts, both on the server side and network timeouts. Renamed the | |
747 | CONNECT parameter as NETTIMEOUT (but kept the old name for compatibility). | |
748 | ||
981756db PH |
749 | 21. The rare case of EHLO->STARTTLS->HELO was setting the protocol to "smtp". |
750 | It is now set to "smtps". | |
751 | ||
d4eb88df PH |
752 | 22. $host_address is now set to the target address during the checking of |
753 | ignore_target_hosts. | |
754 | ||
755 | 23. When checking ignore_target_hosts for an ipliteral router, no host name was | |
756 | being passed; this would have caused $sender_host_name to have been used if | |
757 | matching the list had actually called for a host name (not very likely, | |
758 | since this list is usually IP addresses). A host name is now passed as | |
759 | "[x.x.x.x]". | |
760 | ||
7d468ab8 PH |
761 | 24. Changed the calls that set up the SIGCHLD handler in the daemon to use the |
762 | code that specifies a non-restarting handler (typically sigaction() in | |
763 | modern systems) in an attempt to fix a rare and obscure crash bug. | |
764 | ||
765 | 25. Narrowed the window for a race in the daemon that could cause it to ignore | |
766 | SIGCHLD signals. This is not a major problem, because they are used only to | |
767 | wake it up if nothing else does. | |
768 | ||
62c0818f PH |
769 | 26. A malformed maildirsize file could cause Exim to calculate negative values |
770 | for the mailbox size or file count. Odd effects could occur as a result. | |
771 | The maildirsize information is now recalculated if the size or filecount | |
772 | end up negative. | |
773 | ||
26034054 PH |
774 | 27. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this |
775 | support for a long time. Removed HAVE_SYS_VFS_H. | |
776 | ||
af66f652 PH |
777 | 28. Installed the latest version of exipick from John Jetmore. |
778 | ||
90af77f4 PH |
779 | 29. In an address list, if the pattern was not a regular expression, an empty |
780 | subject address (from a bounce message) matched only if the pattern was an | |
781 | empty string. Non-empty patterns were not even tested. This was the wrong | |
782 | because it is perfectly reasonable to use an empty address as part of a | |
783 | database query. An empty address is now tested by patterns that are | |
784 | lookups. However, all the other forms of pattern expect the subject to | |
785 | contain a local part and a domain, and therefore, for them, an empty | |
786 | address still always fails if the pattern is not itself empty. | |
787 | ||
d8ef3577 PH |
788 | 30. Exim went into a mad DNS loop when attempting to do a callout where the |
789 | host was specified on an smtp transport, and looking it up yielded more | |
790 | than one IP address. | |
791 | ||
5cb8cbc6 PH |
792 | 31. Re-factored the code for checking spool and log partition space into a |
793 | function that finds that data and another that does the check. The former | |
794 | is then used to implement four new variables: $spool_space, $log_space, | |
795 | $spool_inodes, and $log_inodes. | |
796 | ||
14702f5b PH |
797 | 32. The RFC2047 encoding function was originally intended for short strings |
798 | such as real names; it was not keeping to the 75-character limit for | |
799 | encoded words that the RFC imposes. It now respects the limit, and | |
800 | generates multiple encoded words if necessary. To be on the safe side, I | |
801 | have increased the buffer size for the ${rfc2047: expansion operator from | |
802 | 1024 to 2048 bytes. | |
803 | ||
063b1e99 PH |
804 | 33. It is now permitted to omit both strings after an "if" condition; if the |
805 | condition is true, the result is "true". As before, when the second string | |
806 | is omitted, a false condition yields an empty string. This makes it less | |
807 | cumbersome to write custom ACL and router conditions. | |
808 | ||
652e1b65 PH |
809 | 34. Failure to deliver a bounce message always caused it to be frozen, even if |
810 | there was an errors_to setting on the router. The errors_to setting is now | |
811 | respected. | |
812 | ||
6f0c9a4f PH |
813 | 35. If an IPv6 address is given for -bh or -bhc, it is now converted to the |
814 | canonical form (fully expanded) before being placed in | |
815 | $sender_host_address. | |
816 | ||
33397d19 PH |
817 | 36. The table in the code that translates DNS record types into text (T_A to |
818 | "A" for instance) was missing entries for NS and CNAME. It is just possible | |
819 | that this could have caused confusion if both these types were looked up | |
820 | for the same domain, because the text type is used as part of Exim's | |
821 | per-process caching. But the chance of anyone hitting this buglet seems | |
822 | very small. | |
823 | ||
7bb56e1f PH |
824 | 37. The dnsdb lookup has been extended in a number of ways. |
825 | ||
826 | (1) There is a new type, "zns", which walks up the domain tree until it | |
827 | finds some nameserver records. It should be used with care. | |
828 | ||
ea3bc19b PH |
829 | (2) There is a new type, "mxh", which is like "mx" except that it returns |
830 | just the host names, not the priorities. | |
831 | ||
832 | (3) It is now possible to give a list of domains (or IP addresses) to be | |
ff4dbb19 PH |
833 | looked up. The behaviour when one of the lookups defers can be |
834 | controlled by a keyword. | |
7bb56e1f | 835 | |
ea3bc19b | 836 | (4) It is now possible to specify the separator character for use when |
7bb56e1f | 837 | multiple records are returned. |
33397d19 | 838 | |
0bcb2a0e PH |
839 | 38. The dnslists ACL condition has been extended: it is now possible to supply |
840 | a list of IP addresses and/or domains to be looked up in a particular DNS | |
841 | domain. | |
842 | ||
2ac0e484 PH |
843 | 39. Added log_selector=+queue_time_overall. |
844 | ||
4e1fde53 PH |
845 | 40. When running the queue in the test harness, wait just a tad after forking a |
846 | delivery process, to get repeatability of debugging output. | |
847 | ||
de365ded PH |
848 | 41. Include certificate and key file names in error message when GnuTLS fails |
849 | to set them up, because the GnuTLS error message doesn't include the name | |
850 | of the failing file when there is a problem reading it. | |
851 | ||
f05da2e8 PH |
852 | 42. Allow both -bf and -bF in the same test run. |
853 | ||
d6453af2 PH |
854 | 43. Did the same fix as 41 above for OpenSSL, which had the same infelicity. |
855 | ||
f7b63901 PH |
856 | 44. The "Exiscan patch" is now merged into the mainline Exim source. |
857 | ||
858 | 45. Sometimes the final signoff response after QUIT could fail to get | |
859 | transmitted in the non-TLS case. Testing !tls_active instead of tls_active | |
860 | < 0 before doing a fflush(). This bug looks as though it goes back to the | |
861 | introduction of TLS in release 3.20, but "sometimes" must have been rare | |
862 | because the tests only now provoked it. | |
863 | ||
a444213a PH |
864 | 46. Reset the locale to "C" after calling embedded Perl, in case it was changed |
865 | (this can affect the format of dates). | |
866 | ||
0ec020ea PH |
867 | 47. exim_tidydb, when checking for the continued existence of a message for |
868 | which it has found a message-specific retry record, was not finding | |
869 | messages that were in split spool directories. Consequently, it was | |
870 | deleting retry records that should have stayed in existence. | |
871 | ||
b1206957 PH |
872 | 48. Steve fixed some bugs in eximstats. |
873 | ||
874 | 49. The SPA authentication driver was not abandoning authentication and moving | |
875 | on to the next authenticator when an expansion was forced to fail, | |
876 | contradicting the general specification for all authenticators. Instead it | |
877 | was generating a temporary error. It now behaves as specified. | |
878 | ||
26dd5a95 PH |
879 | 50. The default ordering of permitted cipher suites for GnuTLS was pessimal |
880 | (the order specifies the preference for clients). The order is now AES256, | |
881 | AES128, 3DES, ARCFOUR128. | |
882 | ||
343b2385 PH |
883 | 51. Small patch to Sieve code - explicitly set From: when generating an |
884 | autoreply. | |
885 | ||
1c5466b9 PH |
886 | 52. Exim crashed if a remote delivery caused a very long error message to be |
887 | recorded - for instance if somebody sent an entire SpamAssassin report back | |
888 | as a large number of 550 error lines. This bug was coincidentally fixed by | |
889 | increasing the size of one of Exim's internal buffers (big_buffer) that | |
890 | happened as part of the Exiscan merge. However, to be on the safe side, I | |
891 | have made the code more robust (and fixed the comments that describe what | |
892 | is going on). | |
893 | ||
55ee9ee3 PH |
894 | 53. Now that there can be additional text after "Completed" in log lines (if |
895 | the queue_time_overall log selector is set), a one-byte patch to exigrep | |
896 | was needed to allow it to recognize "Completed" as not the last thing in | |
897 | the line. | |
898 | ||
d38f8232 PH |
899 | 54. The LDAP lookup was not handling a return of LDAP_RES_SEARCH_REFERENCE. A |
900 | patch that reportedly fixes this has been added. I am not expert enough to | |
901 | create a test for it. This is what the patch creator wrote: | |
902 | ||
903 | "I found a little strange behaviour of ldap code when working with | |
904 | Windows 2003 AD Domain, where users was placed in more than one | |
905 | Organization Units. When I tried to give exim partial DN, the exit code | |
906 | of ldap_search was unknown to exim because of LDAP_RES_SEARCH_REFERENCE. | |
907 | But simultaneously result of request was absolutely normal ldap result, | |
908 | so I produce this patch..." | |
909 | ||
3295e65b PH |
910 | Later: it seems that not all versions of LDAP support LDAP_RES_SEARCH_ |
911 | REFERENCE, so I have modified the code to exclude the patch when that macro | |
912 | is not defined. | |
913 | ||
7102e136 PH |
914 | 55. Some experimental protocols are using DNS PTR records for new purposes. The |
915 | keys for these records are domain names, not reversed IP addresses. The | |
b975ba52 PH |
916 | dnsdb PTR lookup now tests whether its key is an IP address. If not, it |
917 | leaves it alone. Component reversal etc. now happens only for IP addresses. | |
ea3a6f44 | 918 | CAN-2005-0021 |
7102e136 | 919 | |
3ca0ba97 PH |
920 | 56. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP. |
921 | ||
c2bcbe20 PH |
922 | 57. Double the size of the debug message buffer (to 2048) so that more of very |
923 | long debug lines gets shown. | |
924 | ||
18ce445d PH |
925 | 58. The exicyclog utility now does better if the number of log files to keep |
926 | exceeds 99. In this case, it numbers them 001, 002 ... instead of 01, 02... | |
927 | ||
1f5b4c3d PH |
928 | 59. Two changes related to the smtp_active_hostname option: |
929 | ||
930 | (1) $smtp_active_hostname is now available as a variable. | |
931 | (2) The default for smtp_banner uses $smtp_active_hostname instead | |
932 | of $primary_hostname. | |
933 | ||
b975ba52 PH |
934 | 60. The host_aton() function is supposed to be passed a string that is known |
935 | to be a valid IP address. However, in the case of IPv6 addresses, it was | |
936 | not checking this. This is a hostage to fortune. Exim now panics and dies | |
937 | if the condition is not met. A case was found where this could be provoked | |
85b87bc2 PH |
938 | from a dnsdb PTR lookup with an IPv6 address that had more than 8 |
939 | components; fortuitously, this particular loophole had already been fixed | |
940 | by change 4.50/55 above. | |
941 | ||
942 | If there are any other similar loopholes, the new check in host_aton() | |
943 | itself should stop them being exploited. The report I received stated that | |
944 | data on the command line could provoke the exploit when Exim was running as | |
945 | exim, but did not say which command line option was involved. All I could | |
946 | find was the use of -be with a bad dnsdb PTR lookup, and in that case it is | |
947 | running as the user. | |
ea3a6f44 | 948 | CAN-2005-0021 |
85b87bc2 PH |
949 | |
950 | 61. There was a buffer overflow vulnerability in the SPA authentication code | |
951 | (which came originally from the Samba project). I have added a test to the | |
952 | spa_base64_to_bits() function which I hope fixes it. | |
ea3a6f44 | 953 | CAN-2005-0022 |
b975ba52 | 954 | |
17ffcae7 PH |
955 | 62. Configuration update for GNU/Hurd and variations. Updated Makefile-GNU and |
956 | os.h-GNU, and added configuration files for GNUkFreeBSD and GNUkNetBSD. | |
957 | ||
d95f9fdb PH |
958 | 63. The daemon start-up calls getloadavg() while still root for those OS that |
959 | need the first call to be done as root, but it missed one case: when | |
960 | deliver_queue_load_max is set with deliver_drop_privilege. This is | |
961 | necessary for the benefit of the queue runner, because there is no re-exec | |
962 | when deliver_drop_privilege is set. | |
963 | ||
86b8287f PH |
964 | 64. A call to exiwhat cut short delays set up by "delay" modifiers in ACLs. |
965 | This has been fixed. | |
966 | ||
60dc5e56 PH |
967 | 65. Caching of lookup data for "hosts =" ACL conditions, when a named host list |
968 | was in use, was not putting the data itself into the right store pool; | |
969 | consequently, it could be overwritten for a subsequent message in the same | |
970 | SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked | |
971 | the caching.) | |
972 | ||
533244af PH |
973 | 66. Added hosts_max_try_hardlimit to the smtp transport, default 50. |
974 | ||
a5a28604 PH |
975 | 67. The string_is_ip_address() function returns 0, 4, or 6, for "no an IP |
976 | address", "IPv4 address", and "IPv6 address", respectively. Some calls of | |
977 | the function were treating the return as a boolean value, which happened to | |
978 | work because 0=false and not-0=true, but is not correct code. | |
979 | ||
7e634d24 PH |
980 | 68. The host_aton() function was not handling scoped IPv6 addresses (those |
981 | with, for example, "%eth0" on the end) correctly. | |
982 | ||
3e11c26b PH |
983 | 69. Fixed some compiler warnings in acl.c for the bitmaps specified with |
984 | negated items (that is, ~something) in unsigned ints. Some compilers | |
985 | apparently mutter when there is no cast. | |
986 | ||
6729cf78 PH |
987 | 70. If an address verification called from an ACL failed, and did not produce a |
988 | user-specific message (i.e. there was only a "system" message), nothing was | |
989 | put in $acl_verify_message. In this situation, it now puts the system | |
990 | message there. | |
991 | ||
00f00ca5 PH |
992 | 71. Change 4.23/11 added synchronization checking at the start of an SMTP |
993 | session; change 4.31/43 added the unwanted input to the log line - except | |
994 | that it did not do this in the start of session case. It now does. | |
995 | ||
c9bdd01c PH |
996 | 72. After a timeout in a callout SMTP session, Exim still sent a QUIT command. |
997 | This is wrong and can cause the other end to generate a synchronization | |
998 | error if it is another Exim or anything else that does the synchronization | |
999 | check. A QUIT command is no longer sent after a timeout. | |
1000 | ||
d43194df PH |
1001 | 73. $host_lookup_deferred has been added, to make it easier to detect DEFERs |
1002 | during host lookups. | |
1003 | ||
fe5b5d0b PH |
1004 | 74. The defer_ok option of callout verification was not working if it was used |
1005 | when verifying addresses in header lines, that is, for this case: | |
1006 | ||
1007 | verify = header_sender/callout=defer_ok | |
1008 | ||
76a2d7ba PH |
1009 | 75. A backgrounded daemon closed stdin/stdout/stderr on entry; this meant that |
1010 | those file descriptors could be used for SMTP connections. If anything | |
1011 | wrote to stderr (the example that came up was "warn" in embedded Perl), it | |
1012 | could be sent to the SMTP client, causing chaos. The daemon now opens | |
1013 | stdin, stdout, and stderr to /dev/null when it puts itself into the | |
1014 | background. | |
1015 | ||
1016 | 76. Arrange for output from Perl's "warn" command to be written to Exim's main | |
1017 | log by default. The user can override this with suitable Perl magic. | |
1018 | ||
04f7d5b9 PH |
1019 | 77. The use of log_message on a "discard" ACL verb, which is supposed to add to |
1020 | the log message when discard triggers, was not working for the DATA ACL or | |
1021 | for the non-SMTP ACL. | |
1022 | ||
bc60667e PH |
1023 | 78. Error message wording change in sieve.c. |
1024 | ||
bb6e88ff PH |
1025 | 79. If smtp_accept_max_per_host was set, the number of connections could be |
1026 | restricted to fewer than expected, because the daemon was trying to set up | |
1027 | a new connection before checking whether the processes handling previous | |
1028 | connections had finished. The check for completed processes is now done | |
1029 | earlier. On busy systems, this bug wouldn't be noticed because something | |
1030 | else would have woken the daemon, and it would have reaped the completed | |
1031 | process earlier. | |
1032 | ||
1e70f85b PH |
1033 | 80. If a message was submitted locally by a user whose login name contained one |
1034 | or more spaces (ugh!), the spool file that Exim wrote was not re-readable. | |
1035 | It caused a spool format error. I have fixed the spool reading code. A | |
1036 | related problem was that the "from" clause in the Received: line became | |
1037 | illegal because of the space(s). It is now covered by ${quote_local_part. | |
1038 | ||
1039 | 81. Included the latest eximstats from Steve (adds average sizes to HTML Top | |
1040 | tables). | |
1041 | ||
4e01f9d6 PH |
1042 | 82. Updated OS/Makefile-AIX as per message from Mike Meredith. |
1043 | ||
1ee1cef2 PH |
1044 | 83. Patch from Sieve maintainer to fix unterminated string problem in |
1045 | "vacation" handling. | |
1046 | ||
6e2b4ccc PH |
1047 | 84. Some minor changes to the Linux configuration files to help with other |
1048 | OS variants using glibc. | |
1049 | ||
8e669ac1 PH |
1050 | 85. One more patch for Sieve to update vacation handling to latest spec. |
1051 | ||
495ae4b0 | 1052 | |
bbe902f0 PH |
1053 | ---------------------------------------------------- |
1054 | See the note above about the 4.44 and 4.50 releases. | |
1055 | ---------------------------------------------------- | |
1056 | ||
1057 | ||
1058 | Exim version 4.44 | |
1059 | ----------------- | |
1060 | ||
1061 | 1. Change 4.43/35 introduced a bug that caused file counts to be | |
1062 | incorrectly computed when quota_filecount was set in an appendfile | |
1063 | transport | |
1064 | ||
1065 | 2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The | |
1066 | bug fixed in 4.43/37 would have been diagnosed quickly if this had been in | |
1067 | place. | |
1068 | ||
1069 | 3. Give more explanation in the error message when the command for a transport | |
1070 | filter fails to execute. | |
1071 | ||
1072 | 4. There are several places where Exim runs a non-Exim command in a | |
1073 | subprocess. The SIGUSR1 signal should be disabled for these processes. This | |
1074 | was being done only for the command run by the queryprogram router. It is | |
1075 | now done for all such subprocesses. The other cases are: ${run, transport | |
1076 | filters, and the commands run by the lmtp and pipe transports. | |
1077 | ||
1078 | 5. Some older OS have a limit of 256 on the maximum number of file | |
1079 | descriptors. Exim was using setrlimit() to set 1000 as a large value | |
1080 | unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these | |
1081 | systems. I've change it so that if it can't get 1000, it tries for 256. | |
1082 | ||
1083 | 6. "control=submission" was allowed, but had no effect, in a DATA ACL. This | |
1084 | was an oversight, and furthermore, ever since the addition of extra | |
1085 | controls (e.g. 4.43/32), the checks on when to allow different forms of | |
1086 | "control" were broken. There should now be diagnostics for all cases when a | |
1087 | control that does not make sense is encountered. | |
1088 | ||
1089 | 7. $recipients is now available in the predata ACL (oversight). | |
1090 | ||
1091 | 8. Tidy the search cache before the fork to do a delivery from a message | |
1092 | received from the command line. Otherwise the child will trigger a lookup | |
1093 | failure and thereby defer the delivery if it tries to use (for example) a | |
1094 | cached ldap connection that the parent has called unbind on. | |
1095 | ||
1096 | 9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value | |
1097 | of $address_data from the recipient verification was clobbered by the | |
1098 | sender verification. | |
1099 | ||
1100 | 10. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0 | |
1101 | was its contents. (It was OK if the option was not defined at all.) | |
1102 | ||
1103 | 11. A "Completed" log line is now written for messages that are removed from | |
1104 | the spool by the -Mrm option. | |
1105 | ||
1106 | 12. $host_address is now set to the target address during the checking of | |
1107 | ignore_target_hosts. | |
1108 | ||
1109 | 13. When checking ignore_target_hosts for an ipliteral router, no host name was | |
1110 | being passed; this would have caused $sender_host_name to have been used if | |
1111 | matching the list had actually called for a host name (not very likely, | |
1112 | since this list is usually IP addresses). A host name is now passed as | |
1113 | "[x.x.x.x]". | |
1114 | ||
1115 | 14. Changed the calls that set up the SIGCHLD handler in the daemon to use the | |
1116 | code that specifies a non-restarting handler (typically sigaction() in | |
1117 | modern systems) in an attempt to fix a rare and obscure crash bug. | |
1118 | ||
1119 | 15. Narrowed the window for a race in the daemon that could cause it to ignore | |
1120 | SIGCHLD signals. This is not a major problem, because they are used only to | |
1121 | wake it up if nothing else does. | |
1122 | ||
1123 | 16. A malformed maildirsize file could cause Exim to calculate negative values | |
1124 | for the mailbox size or file count. Odd effects could occur as a result. | |
1125 | The maildirsize information is now recalculated if the size or filecount | |
1126 | end up negative. | |
1127 | ||
1128 | 17. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this | |
1129 | support for a long time. Removed HAVE_SYS_VFS_H. | |
1130 | ||
ea3a6f44 | 1131 | 18. Updated exipick to current release from John Jetmore. |
bbe902f0 PH |
1132 | |
1133 | 19. Allow an empty sender to be matched against a lookup in an address list. | |
1134 | Previously the only cases considered were a regular expression, or an | |
1135 | empty pattern. | |
1136 | ||
1137 | 20. Exim went into a mad DNS lookup loop when doing a callout where the | |
1138 | host was specified on the transport, if the DNS lookup yielded more than | |
1139 | one IP address. | |
1140 | ||
ea3a6f44 NM |
1141 | 21. The RFC2047 encoding function was originally intended for short strings |
1142 | such as real names; it was not keeping to the 75-character limit for | |
1143 | encoded words that the RFC imposes. It now respects the limit, and | |
1144 | generates multiple encoded words if necessary. To be on the safe side, I | |
1145 | have increased the buffer size for the ${rfc2047: expansion operator from | |
1146 | 1024 to 2048 bytes. | |
bbe902f0 | 1147 | |
ea3a6f44 NM |
1148 | 22. Failure to deliver a bounce message always caused it to be frozen, even if |
1149 | there was an errors_to setting on the router. The errors_to setting is now | |
1150 | respected. | |
bbe902f0 PH |
1151 | |
1152 | 23. If an IPv6 address is given for -bh or -bhc, it is now converted to the | |
1153 | canonical form (fully expanded) before being placed in | |
1154 | $sender_host_address. | |
1155 | ||
1156 | 24. Updated eximstats to version 1.33 | |
1157 | ||
ea3a6f44 NM |
1158 | 25. Include certificate and key file names in error message when GnuTLS fails |
1159 | to set them up, because the GnuTLS error message doesn't include the name | |
1160 | of the failing file when there is a problem reading it. | |
bbe902f0 PH |
1161 | |
1162 | 26. Expand error message when OpenSSL has problems setting up cert/key files. | |
ea3a6f44 | 1163 | As per change 25. |
bbe902f0 | 1164 | |
ea3a6f44 NM |
1165 | 27. Reset the locale to "C" after calling embedded Perl, in case it was changed |
1166 | (this can affect the format of dates). | |
bbe902f0 | 1167 | |
ea3a6f44 NM |
1168 | 28. exim_tidydb, when checking for the continued existence of a message for |
1169 | which it has found a message-specific retry record, was not finding | |
1170 | messages that were in split spool directories. Consequently, it was | |
1171 | deleting retry records that should have stayed in existence. | |
bbe902f0 PH |
1172 | |
1173 | 29. eximstats updated to version 1.35 | |
1174 | 1.34 - allow eximstats to parse syslog lines as well as mainlog lines | |
1175 | 1.35 - bugfix such that pie charts by volume are generated correctly | |
1176 | ||
ea3a6f44 NM |
1177 | 30. The SPA authentication driver was not abandoning authentication and moving |
1178 | on to the next authenticator when an expansion was forced to fail, | |
1179 | contradicting the general specification for all authenticators. Instead it | |
1180 | was generating a temporary error. It now behaves as specified. | |
bbe902f0 | 1181 | |
ea3a6f44 NM |
1182 | 31. The default ordering of permitted cipher suites for GnuTLS was pessimal |
1183 | (the order specifies the preference for clients). The order is now AES256, | |
1184 | AES128, 3DES, ARCFOUR128. | |
bbe902f0 | 1185 | |
ea3a6f44 NM |
1186 | 31. Small patch to Sieve code - explicitly set From: when generating an |
1187 | autoreply. | |
bbe902f0 | 1188 | |
ea3a6f44 NM |
1189 | 32. Exim crashed if a remote delivery caused a very long error message to be |
1190 | recorded - for instance if somebody sent an entire SpamAssassin report back | |
1191 | as a large number of 550 error lines. This bug was coincidentally fixed by | |
1192 | increasing the size of one of Exim's internal buffers (big_buffer) that | |
1193 | happened as part of the Exiscan merge. However, to be on the safe side, I | |
1194 | have made the code more robust (and fixed the comments that describe what | |
1195 | is going on). | |
bbe902f0 | 1196 | |
ea3a6f44 NM |
1197 | 33. Some experimental protocols are using DNS PTR records for new purposes. The |
1198 | keys for these records are domain names, not reversed IP addresses. The | |
1199 | dnsdb PTR lookup now tests whether its key is an IP address. If not, it | |
1200 | leaves it alone. Component reversal etc. now happens only for IP addresses. | |
bbe902f0 PH |
1201 | CAN-2005-0021 |
1202 | ||
ea3a6f44 NM |
1203 | 34. The host_aton() function is supposed to be passed a string that is known |
1204 | to be a valid IP address. However, in the case of IPv6 addresses, it was | |
1205 | not checking this. This is a hostage to fortune. Exim now panics and dies | |
1206 | if the condition is not met. A case was found where this could be provoked | |
1207 | from a dnsdb PTR lookup with an IPv6 address that had more than 8 | |
1208 | components; fortuitously, this particular loophole had already been fixed | |
1209 | by change 4.50/55 or 4.44/33 above. | |
1210 | ||
1211 | If there are any other similar loopholes, the new check in host_aton() | |
1212 | itself should stop them being exploited. The report I received stated that | |
1213 | data on the command line could provoke the exploit when Exim was running as | |
1214 | exim, but did not say which command line option was involved. All I could | |
1215 | find was the use of -be with a bad dnsdb PTR lookup, and in that case it is | |
1216 | running as the user. | |
bbe902f0 PH |
1217 | CAN-2005-0021 |
1218 | ||
ea3a6f44 NM |
1219 | 35. There was a buffer overflow vulnerability in the SPA authentication code |
1220 | (which came originally from the Samba project). I have added a test to the | |
1221 | spa_base64_to_bits() function which I hope fixes it. | |
bbe902f0 PH |
1222 | CAN-2005-0022 |
1223 | ||
ea3a6f44 NM |
1224 | 36. The daemon start-up calls getloadavg() while still root for those OS that |
1225 | need the first call to be done as root, but it missed one case: when | |
1226 | deliver_queue_load_max is set with deliver_drop_privilege. This is | |
1227 | necessary for the benefit of the queue runner, because there is no re-exec | |
1228 | when deliver_drop_privilege is set. | |
bbe902f0 | 1229 | |
ea3a6f44 NM |
1230 | 37. Caching of lookup data for "hosts =" ACL conditions, when a named host list |
1231 | was in use, was not putting the data itself into the right store pool; | |
1232 | consequently, it could be overwritten for a subsequent message in the same | |
1233 | SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked | |
1234 | the caching.) | |
bbe902f0 | 1235 | |
ea3a6f44 NM |
1236 | 38. Sometimes the final signoff response after QUIT could fail to get |
1237 | transmitted in the non-TLS case. Testing !tls_active instead of tls_active | |
1238 | < 0 before doing a fflush(). This bug looks as though it goes back to the | |
1239 | introduction of TLS in release 3.20, but "sometimes" must have been rare | |
1240 | because the tests only now provoked it. | |
bbe902f0 PH |
1241 | |
1242 | ||
495ae4b0 PH |
1243 | Exim version 4.43 |
1244 | ----------------- | |
1245 | ||
1246 | 1. Fixed a longstanding but relatively impotent bug: a long time ago, before | |
1247 | PIPELINING, the function smtp_write_command() used to return TRUE or FALSE. | |
1248 | Now it returns an integer. A number of calls were still expecting a T/F | |
1249 | return. Fortuitously, in all cases, the tests worked in OK situations, | |
1250 | which is the norm. However, things would have gone wrong on any write | |
1251 | failures on the smtp file descriptor. This function is used when sending | |
1252 | messages over SMTP and also when doing verify callouts. | |
1253 | ||
1254 | 2. When Exim is called to do synchronous delivery of a locally submitted | |
1255 | message (the -odf or -odi options), it no longer closes stderr before doing | |
1256 | the delivery. | |
1257 | ||
1258 | 3. Implemented the mua_wrapper option. | |
1259 | ||
1260 | 4. Implemented mx_fail_domains and srv_fail_domains for the dnslookup router. | |
1261 | ||
1262 | 5. Implemented the functions header_remove(), header_testname(), | |
1263 | header_add_at_position(), and receive_remove_recipient(), and exported them | |
1264 | to local_scan(). | |
1265 | ||
1266 | 6. If an ACL "warn" statement specified the addition of headers, Exim already | |
1267 | inserted X-ACL-Warn: at the start if there was no header name. However, it | |
1268 | was not making this test for the second and subsequent header lines if | |
1269 | there were newlines in the string. This meant that an invalid header could | |
1270 | be inserted if Exim was badly configured. | |
1271 | ||
1272 | 7. Allow an ACL "warn" statement to add header lines at the start or after all | |
1273 | the Received: headers, as well as at the end. | |
1274 | ||
1275 | 8. Added the rcpt_4xx retry error code. | |
1276 | ||
1277 | 9. Added postmaster_mailfrom=xxx to callout verification option. | |
1278 | ||
1279 | 10. Added mailfrom=xxxx to the callout verification option, for verify= | |
1280 | header_sender only. | |
1281 | ||
1282 | 11. ${substr_1_:xxxx} and ${substr__3:xxxx} are now diagnosed as syntax errors | |
1283 | (they previously behaved as ${substr_1_0:xxxx} and ${substr:_0_3:xxxx}). | |
1284 | ||
1285 | 12. Inserted some casts to stop certain compilers warning when using pointer | |
1286 | differences as field lengths or precisions in printf-type calls (mostly | |
1287 | affecting debugging statements). | |
1288 | ||
1289 | 13. Added optional readline() support for -be (dynamically loaded). | |
1290 | ||
1291 | 14. Obscure bug fix: if a message error (e.g. 4xx to MAIL) happened within the | |
1292 | same clock tick as a message's arrival, so that its received time was the | |
1293 | same as the "first fail" time on the retry record, and that message | |
1294 | remained on the queue past the ultimate address timeout, every queue runner | |
1295 | would try a delivery (because it was past the ultimate address timeout) but | |
1296 | after another failure, the ultimate address timeout, which should have then | |
1297 | bounced the address, did not kick in. This was a "< instead of <=" error; | |
1298 | in most cases the first failure would have been in the next clock tick | |
1299 | after the received time, and all would be well. | |
1300 | ||
1301 | 15. The special items beginning with @ in domain lists (e.g. @mx_any) were not | |
1302 | being recognized when the domain list was tested by the match_domain | |
1303 | condition in an expansion string. | |
1304 | ||
1305 | 16. Added the ${str2b64: operator. | |
1306 | ||
1307 | 17. Exim was always calling setrlimit() to set a large limit for the number of | |
1308 | processes, without checking whether the existing limit was already | |
1309 | adequate. (It did check for the limit on file descriptors.) Furthermore, | |
1310 | errors from getrlimit() and setrlimit() were being ignored. Now they are | |
1311 | logged to the main and panic logs, but Exim does carry on, to try to do its | |
1312 | job under whatever limits there are. | |
1313 | ||
1314 | 18. Imported PCRE 5.0. | |
1315 | ||
1316 | 19. Trivial typo in log message " temporarily refused connection" (the leading | |
1317 | space). | |
1318 | ||
1319 | 20. If the log selector return_path_on_delivery was set and an address was | |
1320 | redirected to /dev/null, the delivery process crashed because it assumed | |
1321 | that a return path would always be set for a "successful" delivery. In this | |
1322 | case, the whole delivery is bypassed as an optimization, and therefore no | |
1323 | return path is set. | |
1324 | ||
1325 | 21. Internal re-arrangement: the function for sending a challenge and reading | |
1326 | a response while authentication was assuming a zero-terminated challenge | |
1327 | string. It's now changed to take a pointer and a length, to allow for | |
1328 | binary data in such strings. | |
1329 | ||
1330 | 22. Added the cyrus_sasl authenticator (code supplied by MBM). | |
1331 | ||
1332 | 23. Exim was not respecting finduser_retries when seeking the login of the | |
1333 | uid under which it was called; it was always trying 10 times. (The default | |
1334 | setting of finduser_retries is zero.) Also, it was sleeping after the final | |
1335 | failure, which is pointless. | |
1336 | ||
1337 | 24. Implemented tls_on_connect_ports. | |
1338 | ||
1339 | 25. Implemented acl_smtp_predata. | |
1340 | ||
1341 | 26. If the domain in control=submission is set empty, Exim assumes that the | |
1342 | authenticated id is a complete email address when it generates From: or | |
1343 | Sender: header lines. | |
1344 | ||
1345 | 27. Added "#define SOCKLEN_T int" to OS/os.h-SCO and OS/os.h-SCO_SV. Also added | |
1346 | definitions to OS/Makefile-SCO and OS/Makefile-SCO_SV that put basename, | |
1347 | chown and chgrp in /bin and hostname in /usr/bin. | |
1348 | ||
1349 | 28. Exim was keeping the "process log" file open after each use, just as it | |
1350 | does for the main log. This opens the possibility of it remaining open for | |
1351 | long periods when the USR1 signal hits a daemon. Occasional processlog | |
1352 | errors were reported, that could have been caused by this. Anyway, it seems | |
1353 | much more sensible not to leave this file open at all, so that is what now | |
1354 | happens. | |
1355 | ||
1356 | 29. The long-running daemon process does not normally write to the log once it | |
1357 | has entered its main loop, and it closes the log before doing so. This is | |
1358 | so that log files can straightforwardly be renamed and moved. However, | |
1359 | there are a couple of unusual error situations where the daemon does write | |
1360 | log entries, and I had neglected to close the log afterwards. | |
1361 | ||
1362 | 30. The text of an SMTP error response that was received during a remote | |
1363 | delivery was being truncated at 512 bytes. This is too short for some of | |
1364 | the long messages that one sometimes sees. I've increased the limit to | |
1365 | 1024. | |
1366 | ||
1367 | 31. It is now possible to make retry rules that apply only when a message has a | |
1368 | specific sender, in particular, an empty sender. | |
1369 | ||
1370 | 32. Added "control = enforce_sync" and "control = no_enforce_sync". This makes | |
1371 | it possible to be selective about when SMTP synchronization is enforced. | |
1372 | ||
1373 | 33. Added "control = caseful_local_part" and "control = "caselower_local_part". | |
1374 | ||
1375 | 32. Implemented hosts_connection_nolog. | |
1376 | ||
1377 | 33. Added an ACL for QUIT. | |
1378 | ||
1379 | 34. Setting "delay_warning=" to disable warnings was not working; it gave a | |
1380 | syntax error. | |
1381 | ||
1382 | 35. Added mailbox_size and mailbox_filecount to appendfile. | |
1383 | ||
1384 | 36. Added control = no_multiline_responses to ACLs. | |
1385 | ||
1386 | 37. There was a bug in the logic of the code that waits for the clock to tick | |
1387 | in the case where the clock went backwards by a substantial amount such | |
1388 | that the microsecond fraction of "now" was more than the microsecond | |
1389 | fraction of "then" (but the whole seconds number was less). | |
1390 | ||
1391 | 38. Added support for the libradius Radius client library this is found on | |
1392 | FreeBSD (previously only the radiusclient library was supported). | |
1393 | ||
1394 | ||
1395 | Exim version 4.42 | |
1396 | ----------------- | |
1397 | ||
1398 | 1. When certain lookups returned multiple values in the form name=value, the | |
1399 | quoting of the values was not always being done properly. Specifically: | |
1400 | (a) If the value started with a double quote, but contained no whitespace, | |
1401 | it was not quoted. | |
1402 | (b) If the value contained whitespace other than a space character (i.e. | |
1403 | tabs or newlines or carriage returns) it was not quoted. | |
1404 | This fix has been applied to the mysql and pgsql lookups by writing a | |
1405 | separate quoting function and calling it from the lookup code. The fix | |
1406 | should probably also be applied to nisplus, ibase and oracle lookups, but | |
1407 | since I cannot test any of those, I have not disturbed their existing code. | |
1408 | ||
1409 | 2. A hit in the callout cache for a specific address caused a log line with no | |
1410 | reason for rejecting RCPT. Now it says "Previous (cached) callout | |
1411 | verification failure". | |
1412 | ||
1413 | 3. There was an off-by-one bug in the queryprogram router. An over-long | |
1414 | return line was truncated at 256 instead of 255 characters, thereby | |
1415 | overflowing its buffer with the terminating zero. As well as fixing this, I | |
1416 | have increased the buffer size to 1024 (and made a note to document this). | |
1417 | ||
1418 | 4. If an interrupt, such as the USR1 signal that is send by exiwhat, arrives | |
1419 | when Exim is waiting for an SMTP response from a remote server, Exim | |
1420 | restarts its select() call on the socket, thereby resetting its timeout. | |
1421 | This is not a problem when such interrupts are rare. Somebody set up a cron | |
1422 | job to run exiwhat every 2 minutes, which is less than the normal select() | |
1423 | timeout (5 or 10 minutes). This meant that the select() timeout never | |
1424 | kicked in because it was always reset. I have fixed this by comparing the | |
1425 | time when an interrupt arrives with the time at the start of the first call | |
1426 | to select(). If more time than the timeout has elapsed, the interrupt is | |
1427 | treated as a timeout. | |
1428 | ||
1429 | 5. Some internal re-factoring in preparation for the addition of Sieve | |
1430 | extensions (by MH). In particular, the "personal" test is moved to a | |
1431 | separate function, and given an option for scanning Cc: and Bcc: (which is | |
1432 | not set for Exim filters). | |
1433 | ||
1434 | 6. When Exim created an email address using the login of the caller as the | |
1435 | local part (e.g. when creating a From: or Sender: header line), it was not | |
1436 | quoting the local part when it contained special characters such as @. | |
1437 | ||
1438 | 7. Installed new OpenBSD configuration files. | |
1439 | ||
1440 | 8. Reworded some messages for syntax errors in "and" and "or" conditions to | |
1441 | try to make them clearer. | |
1442 | ||
1443 | 9. Callout options, other than the timeout value, were being ignored when | |
1444 | verifying sender addresses in header lines. For example, when using | |
1445 | ||
1446 | verify = header_sender/callout=no_cache | |
1447 | ||
1448 | the cache was (incorrectly) being used. | |
1449 | ||
1450 | 10. Added a missing instance of ${EXE} to the exim_install script; this affects | |
1451 | only the Cygwin environment. | |
1452 | ||
1453 | 11. When return_path_on_delivery was set as a log selector, if different remote | |
1454 | addresses in the same message used different return paths and parallel | |
1455 | remote delivery occurred, the wrong values would sometimes be logged. | |
1456 | (Whenever a remote delivery process finished, the return path value from | |
1457 | the most recently started remote delivery process was logged.) | |
1458 | ||
1459 | 12. RFC 3848 specifies standard names for the "with" phrase in Received: header | |
1460 | lines when AUTH and/or TLS are in use. This is the "received protocol" | |
1461 | field. Exim used to use "asmtp" for authenticated SMTP, without any | |
1462 | indication (in the protocol name) for TLS use. Now it follows the RFC and | |
1463 | uses "esmtpa" if the connection is authenticated, "esmtps" if it is | |
1464 | encrypted, and "esmtpsa" if it is both encrypted and authenticated. These | |
1465 | names appear in log lines as well as in Received: header lines. | |
1466 | ||
1467 | 13. Installed MH's patches for Sieve to add the "copy" and "vacation" | |
1468 | extensions, and comparison tests, and to fix some bugs. | |
1469 | ||
1470 | 14. Changes to the "personal" filter test: | |
1471 | ||
1472 | (1) The test was buggy in that it was just doing the equivalent of | |
1473 | "contains" tests on header lines. For example, if a user's address was | |
1474 | anne@some.where, the "personal" test would incorrectly be true for | |
1475 | ||
1476 | To: susanne@some.where | |
1477 | ||
1478 | This test is now done by extracting each address from the header in turn, | |
1479 | and checking the entire address. Other tests that are part of "personal" | |
1480 | are now done using regular expressions (for example, to check local parts | |
1481 | of addresses in From: header lines). | |
1482 | ||
1483 | (2) The list of non-personal local parts in From: addresses has been | |
1484 | extended to include "listserv", "majordomo", "*-request", and "owner-*", | |
1485 | taken from the Sieve specification recommendations. | |
1486 | ||
1487 | (3) If the message contains any header line starting with "List-" it is | |
1488 | treated as non-personal. | |
1489 | ||
1490 | (4) The test for "circular" in the Subject: header line has been removed | |
1491 | because it now seems ill-conceived. | |
1492 | ||
1493 | 15. Minor typos in src/EDITME comments corrected. | |
1494 | ||
1495 | 16. Installed latest exipick from John Jetmore. | |
1496 | ||
1497 | 17. If headers_add on a router specified a text string that was too long for | |
1498 | string_sprintf() - that is, longer than 8192 bytes - Exim panicked. The use | |
1499 | of string_sprintf() is now avoided. | |
1500 | ||
1501 | 18. $message_body_size was not set (it was always zero) when running the DATA | |
1502 | ACL and the local_scan() function. | |
1503 | ||
1504 | 19. For the "mail" command in an Exim filter, no default was being set for | |
1505 | the once_repeat time, causing a random time value to be used if "once" was | |
1506 | specified. (If the value happened to be <= 0, no repeat happened.) The | |
1507 | default is now 0s, meaning "never repeat". The "vacation" command was OK | |
1508 | (its default is 7d). It's somewhat surprising nobody ever noticed this bug | |
1509 | (I found it when inspecting the code). | |
1510 | ||
1511 | 20. There is now an overall timeout for performing a callout verification. It | |
1512 | defaults to 4 times the callout timeout, which applies to individual SMTP | |
1513 | commands during the callout. The overall timeout applies when there is more | |
1514 | than one host that can be tried. The timeout is checked before trying the | |
1515 | next host. This prevents very long delays if there are a large number of | |
1516 | hosts and all are timing out (e.g. when the network connections are timing | |
1517 | out). The value of the overall timeout can be changed by specifying an | |
1518 | additional sub-option for "callout", called "maxwait". For example: | |
1519 | ||
1520 | verify = sender/callout=5s,maxwait=20s | |
1521 | ||
1522 | 21. Add O_APPEND to the open() call for maildirsize files (Exim already seeks | |
1523 | to the end before writing, but this should make it even safer). | |
1524 | ||
1525 | 22. Exim was forgetting that it had advertised PIPELINING for the second and | |
1526 | subsequent messages on an SMTP connection. It was also not resetting its | |
1527 | memory on STARTTLS and an internal HELO. | |
1528 | ||
1529 | 23. When Exim logs an SMTP synchronization error within a session, it now | |
1530 | records whether PIPELINING has been advertised or not. | |
1531 | ||
1532 | 24. Added 3 instances of "(long int)" casts to time_t variables that were being | |
1533 | formatted using %ld, because on OpenBSD (and perhaps others), time_t is int | |
1534 | rather than long int. | |
1535 | ||
1536 | 25. Installed the latest Cygwin configuration files from the Cygwin maintainer. | |
1537 | ||
1538 | 26. Added the never_mail option to autoreply. | |
1539 | ||
1540 | ||
1541 | Exim version 4.41 | |
1542 | ----------------- | |
1543 | ||
1544 | 1. A reorganization of the code in order to implement 4.40/8 caused a daemon | |
1545 | crash if the getsockname() call failed; this can happen if a connection is | |
1546 | closed very soon after it is established. The problem was simply in the | |
1547 | order in which certain operations were done, causing Exim to try to write | |
1548 | to the SMTP stream before it had set up the file descriptor. The bug has | |
1549 | been fixed by making things happen in the correct order. | |
1550 | ||
1551 | ||
1552 | Exim version 4.40 | |
1553 | ----------------- | |
1554 | ||
1555 | 1. If "drop" was used in a DATA ACL, the SMTP output buffer was not flushed | |
1556 | before the connection was closed, thus losing the rejection response. | |
1557 | ||
1558 | 2. Commented out the definition of SOCKLEN_T in os.h-SunOS5. It is needed for | |
1559 | some early Solaris releases, but causes trouble in current releases where | |
1560 | socklen_t is defined. | |
1561 | ||
1562 | 3. When std{in,out,err} are closed, re-open them to /dev/null so that they | |
1563 | always exist. | |
1564 | ||
1565 | 4. Minor refactoring of os.c-Linux to avoid compiler warning when IPv6 is not | |
1566 | configured. | |
1567 | ||
1568 | 5. Refactoring in expand.c to improve memory usage. Pre-allocate a block so | |
1569 | that releasing the top of it at the end releases what was used for sub- | |
1570 | expansions (unless the block got too big). However, discard this block if | |
1571 | the first thing is a variable or header, so that we can use its block when | |
1572 | it is dynamic (useful for very large $message_headers, for example). | |
1573 | ||
1574 | 6. Lookups now cache *every* query, not just the most recent. A new, separate | |
1575 | store pool is used for this. It can be recovered when all lookup caches are | |
1576 | flushed. Lookups now release memory at the end of their result strings. | |
1577 | This has involved some general refactoring of the lookup sources. | |
1578 | ||
1579 | 7. Some code has been added to the store_xxx() functions to reduce the amount | |
1580 | of flapping under certain conditions. | |
1581 | ||
1582 | 8. log_incoming_interface used to affect only the <= reception log lines. Now | |
1583 | it causes the local interface and port to be added to several more SMTP log | |
1584 | lines, for example "SMTP connection from", and rejection lines. | |
1585 | ||
1586 | 9. The Sieve author supplied some patches for the doc/README.SIEVE file. | |
1587 | ||
1588 | 10. Added a conditional definition of _BSD_SOCKLEN_T to os.h-Darwin. | |
1589 | ||
1590 | 11. If $host_data was set by virtue of a hosts lookup in an ACL, its value | |
1591 | could be overwritten at the end of the current message (or the start of a | |
1592 | new message if it was set in a HELO ACL). The value is now preserved for | |
1593 | the duration of the SMTP connection. | |
1594 | ||
1595 | 12. If a transport had a headers_rewrite setting, and a matching header line | |
1596 | contained an unqualified address, that address was qualified, even if it | |
1597 | did not match any rewriting rules. The underlying bug was that the values | |
1598 | of the flags that permit the existence of unqualified sender and recipient | |
1599 | addresses in header lines (set by {sender,recipient}_unqualified_hosts for | |
1600 | non-local messages, and by -bnq for local messages) were not being | |
1601 | preserved with the message after it was received. | |
1602 | ||
1603 | 13. When Exim was logging an SMTP synchronization error, it could sometimes log | |
1604 | "next input=" as part of the text comprising the host identity instead of | |
1605 | the correct text. The code was using the same buffer for two different | |
1606 | strings. However, depending on which order the printing function evaluated | |
1607 | its arguments, the bug did not always show up. Under Linux, for example, my | |
1608 | test suite worked just fine. | |
1609 | ||
1610 | 14. Exigrep contained a use of Perl's "our" scoping after change 4.31/70. This | |
1611 | doesn't work with some older versions of Perl. It has been changed to "my", | |
1612 | which in any case is probably the better facility to use. | |
1613 | ||
1614 | 15. A really picky compiler found some instances of statements for creating | |
1615 | error messages that either had too many or two few arguments for the format | |
1616 | string. | |
1617 | ||
1618 | 16. The size of the buffer for calls to the DNS resolver has been increased | |
1619 | from 1024 to 2048. A larger buffer is needed when performing PTR lookups | |
1620 | for addresses that have a lot of PTR records. This alleviates a problem; it | |
1621 | does not fully solve it. | |
1622 | ||
1623 | 17. A dnsdb lookup for PTR records that receives more data than will fit in the | |
1624 | buffer now truncates the list and logs the incident, which is the same | |
1625 | action as happens when Exim is looking up a host name and its aliases. | |
1626 | Previously in this situation something unpredictable would happen; | |
1627 | sometimes it was "internal error: store_reset failed". | |
1628 | ||
1629 | 18. If a server dropped the connection unexpectedly when an Exim client was | |
1630 | using GnuTLS and trying to read a response, the client delivery process | |
1631 | crashed while trying to generate an error log message. | |
1632 | ||
1633 | 19. If a "warn" verb in an ACL added multiple headers to a message in a single | |
1634 | string, for example: | |
1635 | ||
1636 | warn message = H1: something\nH2: something | |
1637 | ||
1638 | the text was added as a single header line from Exim's point of view | |
1639 | though it ended up OK in the delivered message. However, searching for the | |
1640 | second and subsequent header lines using $h_h2: did not work. This has been | |
1641 | fixed. Similarly, if a system filter added multiple headers in this way, | |
1642 | the routers could not see them. | |
1643 | ||
1644 | 20. Expanded the error message when iplsearch is called with an invalid key to | |
1645 | suggest using net-iplsearch in a host list. | |
1646 | ||
1647 | 21. When running tests using -bh, any delays imposed by "delay" modifiers in | |
1648 | ACLs are no longer actually imposed (and a message to that effect is | |
1649 | output). | |
1650 | ||
1651 | 22. If a "gecos" field in a passwd entry contained escaped characters, in | |
1652 | particular, if it contained a \" sequence, Exim got it wrong when building | |
1653 | a From: or a Sender: header from that name. A second bug also caused | |
1654 | incorrect handling when an unquoted " was present following a character | |
1655 | that needed quoting. | |
1656 | ||
1657 | 23. "{crypt}" as a password encryption mechanism for a "crypteq" expansion item | |
1658 | was not being matched caselessly. | |
1659 | ||
1660 | 24. Arranged for all hyphens in the exim.8 source to be escaped with | |
1661 | backslashes. | |
1662 | ||
1663 | 25. Change 16 of 4.32, which reversed 71 or 4.31 didn't quite do the job | |
1664 | properly. Recipient callout cache records were still being keyed to include | |
1665 | the sender, even when use_sender was set false. This led to far more | |
1666 | callouts that were necessary. The sender is no longer included in the key | |
1667 | when use_sender is false. | |
1668 | ||
1669 | 26. Added "control = submission" modifier to ACLs. | |
1670 | ||
1671 | 27. Added the ${base62d: operator to decode base 62 numbers. | |
1672 | ||
1673 | 28. dnsdb lookups can now access SRV records. | |
1674 | ||
1675 | 29. CONFIGURE_OWNER can be set at build time to define an alternative owner for | |
1676 | the configuration file. | |
1677 | ||
1678 | 30. The debug message "delivering xxxxxx-xxxxxx-xx" is now output in verbose | |
1679 | (-v) mode. This makes the output for a verbose queue run more intelligible. | |
1680 | ||
1681 | 31. Added a use_postmaster feature to recipient callouts. | |
1682 | ||
1683 | 32. Added the $body_zerocount variable, containing the number of binary zero | |
1684 | bytes in the message body. | |
1685 | ||
1686 | 33. The time of last modification of the "new" subdirectory is now used as the | |
1687 | "mailbox time last read" when there is a quota error for a maildir | |
1688 | delivery. | |
1689 | ||
1690 | 34. Added string comparison operators lt, lti, le, lei, gt, gti, ge, gei. | |
1691 | ||
1692 | 35. Added +ignore_unknown as a special item in host lists. | |
1693 | ||
1694 | 36. Code for decoding IPv6 addresses in host lists is now included, even if | |
1695 | IPv6 support is not being compiled. This fixes a bug in which an IPv6 | |
1696 | address was recognized as an IP address, but was then not correctly decoded | |
1697 | into binary, causing unexpected and incorrect effects when compared with | |
1698 | another IP address. | |
1699 | ||
1700 | ||
1701 | Exim version 4.34 | |
1702 | ----------------- | |
1703 | ||
1704 | 1. Very minor rewording of debugging text in manualroute to say "list of | |
1705 | hosts" instead of "hostlist". | |
1706 | ||
1707 | 2. If verify=header_syntax was set, and a header line with an unqualified | |
1708 | address (no domain) and a large number of spaces between the end of the | |
1709 | name and the colon was received, the reception process suffered a buffer | |
1710 | overflow, and (when I tested it) crashed. This was caused by some obsolete | |
1711 | code that should have been removed. The fix is to remove it! | |
1712 | ||
1713 | 3. When running in the test harness, delay a bit after writing a bounce | |
1714 | message to get a bit more predictability in the log output. | |
1715 | ||
1716 | 4. Added a call to search_tidyup() just before forking a reception process. In | |
1717 | theory, someone could use a lookup in the expansion of smtp_accept_max_ | |
1718 | per_host which, without the tidyup, could leave open a database connection. | |
1719 | ||
1720 | 5. Added the variables $recipient_data and $sender_data which get set from a | |
1721 | lookup success in an ACL "recipients" or "senders" condition, or a router | |
1722 | "senders" option, similar to $domain_data and $local_part_data. | |
1723 | ||
1724 | 6. Moved the writing of debug_print from before to after the "senders" test | |
1725 | for routers. | |
1726 | ||
1727 | 7. Change 4.31/66 (moving the time when the Received: is generated) caused | |
1728 | problems for message scanning, either using a data ACL, or using | |
1729 | local_scan() because the Received: header was not generated till after they | |
1730 | were called (in order to set the time as the time of reception completion). | |
1731 | I have revised the way this works. The header is now generated after the | |
1732 | body is received, but before the ACL or local_scan() are called. After they | |
1733 | are run, the timestamp in the header is updated. | |
1734 | ||
1735 | ||
1736 | Exim version 4.33 | |
1737 | ----------------- | |
1738 | ||
1739 | 1. Change 4.24/6 introduced a bug because the SIGALRM handler was disabled | |
1740 | before starting a queue runner without re-exec. This happened only when | |
1741 | deliver_drop_privilege was set or when the Exim user was set to root. The | |
1742 | effect of the bug was that timeouts during subsequent deliveries caused | |
1743 | crashes instead of being properly handled. The handler is now left at its | |
1744 | default (and expected) setting. | |
1745 | ||
1746 | 2. The other case in which a daemon avoids a re-exec is to deliver an incoming | |
1747 | message, again when deliver_drop_privilege is set or Exim is run as root. | |
1748 | The bug described in (1) was not present in this case, but the tidying up | |
1749 | of the other signals was missing. I have made the two cases consistent. | |
1750 | ||
1751 | 3. The ignore_target_hosts setting on a manualroute router was being ignored | |
1752 | for hosts that were looked up using the /MX notation. | |
1753 | ||
1754 | 4. Added /ignore=<ip list> feature to @mx_any, @mx_primary, and @mx_secondary | |
1755 | in domain lists. | |
1756 | ||
1757 | 5. Change 4.31/55 was buggy, and broke when there was a rewriting rule that | |
1758 | operated on the sender address. After changing the $sender_address to <> | |
1759 | for the sender address verify, Exim was re-instated it as the original | |
1760 | (before rewriting) address, but remembering that it had rewritten it, so it | |
1761 | wasn't rewriting it again. This bug also had the effect of breaking the | |
1762 | sender address verification caching when the sender address was rewritten. | |
1763 | ||
1764 | 6. The ignore_target_hosts option was being ignored by the ipliteral router. | |
1765 | This has been changed so that if the ip literal address matches | |
1766 | ignore_target_hosts, the router declines. | |
1767 | ||
1768 | 7. Added expansion conditions match_domain, match_address, and match_local_ | |
1769 | part (NOT match_host). | |
1770 | ||
1771 | 8. The placeholder for the Received: header didn't have a length field set. | |
1772 | ||
1773 | 9. Added code to Exim itself and to exim_lock to test for a specific race | |
1774 | condition that could lead to file corruption when using MBX delivery. The | |
1775 | issue is with the lockfile that is created in /tmp. If this file is removed | |
1776 | after a process has opened it but before that process has acquired a lock, | |
1777 | there is the potential for a second process to recreate the file and also | |
1778 | acquire a lock. This could lead to two Exim processes writing to the file | |
1779 | at the same time. The added code performs the same test as UW imapd; it | |
1780 | checks after acquiring the lock that its file descriptor still refers to | |
1781 | the same named file. | |
1782 | ||
1783 | 10. The buffer for building added header lines was of fixed size, 8192 bytes. | |
1784 | It is now parameterized by HEADER_ADD_BUFFER_SIZE and this can be adjusted | |
1785 | when Exim is built. | |
1786 | ||
1787 | 11. Added the smtp_active_hostname option. If used, this will typically be made | |
1788 | to depend on the incoming interface address. Because $interface_address is | |
1789 | not set up until the daemon has forked a reception process, error responses | |
1790 | that can happen earlier (such as "too many connections") no longer contain | |
1791 | a host name. | |
1792 | ||
1793 | 12. If an expansion in a condition on a "warn" statement fails because a lookup | |
1794 | defers, the "warn" statement is abandoned, and the next ACL statement is | |
1795 | processed. Previously this caused the whole ACL to be aborted. | |
1796 | ||
1797 | 13. Added the iplsearch lookup type. | |
1798 | ||
1799 | 14. Added ident_timeout as a log selector. | |
1800 | ||
1801 | 15. Added tls_certificate_verified as a log selector. | |
1802 | ||
1803 | 16. Added a global option tls_require_ciphers (compare the smtp transport | |
1804 | option of the same name). This controls incoming TLS connections. | |
1805 | ||
1806 | 17. I finally figured out how to make tls_require_ciphers do a similar thing | |
1807 | in GNUtls to what it does in OpenSSL, that is, set up an appropriate list | |
1808 | before starting the TLS session. | |
1809 | ||
1810 | 18. Tabs are now shown as \t in -bP output. | |
1811 | ||
1812 | 19. If the log selector return_path_on_delivery was set, Exim crashed when | |
1813 | bouncing a message because it had too many Received: header lines. | |
1814 | ||
1815 | 20. If two routers both had headers_remove settings, and the first one included | |
1816 | a superfluous trailing colon, the final name in the first list and the | |
1817 | first name in the second list were incorrectly joined into one item (with a | |
1818 | colon in the middle). | |
1819 | ||
1820 | ||
1821 | Exim version 4.32 | |
1822 | ----------------- | |
1823 | ||
1824 | 1. Added -C and -D options to the exinext utility, mainly to make it easier | |
1825 | to include in the automated testing, but these could be helpful when | |
1826 | multiple configurations are in use. | |
1827 | ||
1828 | 2. The exinext utility was not formatting the output nicely when there was | |
1829 | an alternate port involved in the retry record key, nor when there was a | |
1830 | message id as well (for retries that were specific to a specific message | |
1831 | and a specific host). It was also confused by IPv6 addresses, because of | |
1832 | the additional colons they contain. I have fixed the IPv4 problem, and | |
1833 | patched it up to do a reasonable job for IPv6. | |
1834 | ||
1835 | 3. When there is an error after a MAIL, RCPT, or DATA SMTP command during | |
1836 | delivery, the log line now contains "pipelined" if PIPELINING was used. | |
1837 | ||
1838 | 4. An SMTP transport process used to panic and die if the bind() call to set | |
1839 | an explicit outgoing interface failed. This has been changed; it is now | |
1840 | treated in the same way as a connect() failure. | |
1841 | ||
1842 | 5. A reference to $sender_host_name in the part of a conditional expansion | |
1843 | that was being skipped was still causing a DNS lookup. This no longer | |
1844 | occurs. | |
1845 | ||
1846 | 6. The def: expansion condition was not recognizing references to header lines | |
1847 | that used bh_ and bheader_. | |
1848 | ||
1849 | 7. Added the _cache feature to named lists. | |
1850 | ||
1851 | 8. The code for checking quota_filecount in the appendfile transport was | |
1852 | allowing one more file than it should have been. | |
1853 | ||
1854 | 9. For compatibility with Sendmail, the command line option | |
1855 | ||
1856 | -prval:sval | |
1857 | ||
1858 | is equivalent to | |
1859 | ||
1860 | -oMr rval -oMs sval | |
1861 | ||
1862 | and sets the incoming protocol and host name (for trusted callers). The | |
1863 | host name and its colon can be omitted when only the protocol is to be set. | |
1864 | Note the Exim already has two private options, -pd and -ps, that refer to | |
1865 | embedded Perl. It is therefore impossible to set a protocol value of "d" or | |
1866 | "s", but I don't think that's a major issue. | |
1867 | ||
1868 | 10. A number of refactoring changes to the code, none of which should affect | |
1869 | Exim's behaviour: | |
1870 | ||
1871 | (a) The number of logging options was getting close to filling up the | |
1872 | 32-bit word that was used as a bit map. I have split them into two classes: | |
1873 | those that are passed in the argument to log_write(), and those that are | |
1874 | only ever tested independently outside of that function. These are now in | |
1875 | separate 32-bit words, so there is plenty of room for expansion again. | |
1876 | There is no change in the user interface or the logging behaviour. | |
1877 | ||
1878 | (b) When building, for example, log lines, the code previously used a | |
1879 | macro that called string_cat() twice, in order to add two strings. This is | |
1880 | not really sufficiently general. Furthermore, there was one instance where | |
1881 | it was actually wrong because one of the argument was used twice, and in | |
1882 | one call a function was used. (As it happened, calling the function twice | |
1883 | did not affect the overall behaviour.) The macro has been replaced by a | |
1884 | function that can join an arbitrary number of extra strings onto a growing | |
1885 | string. | |
1886 | ||
1887 | (c) The code for expansion conditions now uses a table and a binary chop | |
1888 | instead of a serial search (which was left over from when there were very | |
1889 | few conditions). Also, it now recognizes conditions like "pam" even when | |
1890 | the relevant support is not compiled in: a suitably worded error message is | |
1891 | given if an attempt is made to use such a condition. | |
1892 | ||
1893 | 11. Added ${time_interval:xxxxx}. | |
1894 | ||
1895 | 12. A bug was causing one of the ddress fields not to be passed back correctly | |
1896 | from remote delivery subprocesses. The field in question was not being | |
1897 | subsequently used, so this caused to problems in practice. | |
1898 | ||
1899 | 13. Added new log selectors queue_time and deliver_time. | |
1900 | ||
1901 | 14. Might have fixed a bug in maildirsizefile handling that threw up | |
1902 | "unexpected character" debug warnings, and recalculated the data | |
1903 | unnecessarily. In any case, I expanded the warning message to give more | |
1904 | information. | |
1905 | ||
1906 | 15. Added the message "Restricted characters in address" to the statements in | |
1907 | the default ACL that block characters like @ and % in local parts. | |
1908 | ||
1909 | 16. Change 71 for release 4.31 proved to be much less benign that I imagined. | |
1910 | Three changes have been made: | |
1911 | ||
1912 | (a) There was a serious bug; a negative response to MAIL caused the whole | |
1913 | recipient domain to be cached as invalid, thereby blocking all messages | |
1914 | to all local parts at the same domain, from all senders. This bug has | |
1915 | been fixed. The domain is no longer cached after a negative response to | |
1916 | MAIL if the sender used is not empty. | |
1917 | ||
1918 | (b) The default behaviour of using MAIL FROM:<> for recipient callouts has | |
1919 | been restored. | |
1920 | ||
1921 | (c) A new callout option, "use_sender" has been added for people who want | |
1922 | the modified behaviour. | |
1923 | ||
1924 | ||
1925 | Exim version 4.31 | |
1926 | ----------------- | |
1927 | ||
1928 | 1. Removed "EXTRALIBS=-lwrap" from OS/Makefile-Unixware7 on the advice of | |
1929 | Larry Rosenman. | |
1930 | ||
1931 | 2. Removed "LIBS = -lresolv" from OS/Makefile-Darwin as it is not needed, and | |
1932 | indeed breaks things for older releases. | |
1933 | ||
1934 | 3. Added additional logging to the case where there is a problem reading data | |
1935 | from a filter that is running in a subprocess using a pipe, in order to | |
1936 | try to track down a specific problem. | |
1937 | ||
1938 | 4. Testing facility fudge: when running in the test harness and attempting | |
1939 | to connect to 10.x.x.x (expecting a connection timeout) I'm now sometimes | |
1940 | getting "No route to host". Convert this to a timeout. | |
1941 | ||
1942 | 5. Define ICONV_ARG2_TYPE as "char **" for Unixware7 to avoid compiler | |
1943 | warning. | |
1944 | ||
1945 | 6. Some OS don't have socklen_t but use size_t instead. This affects the | |
1946 | fifth argument of getsockopt() amongst other things. This is now | |
1947 | configurable by a macro called SOCKLEN_T which defaults to socklen_t, but | |
1948 | can be set for individual OS. I have set it for SunOS5, OSF1, and | |
1949 | Unixware7. Current versions of SunOS5 (aka Solaris) do have socklen_t, but | |
1950 | some earlier ones do not. | |
1951 | ||
1952 | 7. Change 4.30/15 was not doing the test caselessly. | |
1953 | ||
1954 | 8. The standard form for an IPv6 address literal was being rejected by address | |
1955 | parsing in, for example, MAIL and RCPT commands. An example of this kind of | |
1956 | address is [IPv6:2002:c1ed:8229:10:202:2dff:fe07:a42a]. Exim now accepts | |
1957 | this, as well as the form without the "IPv6" on the front (but only when | |
1958 | address literals are enabled, of course). | |
1959 | ||
1960 | 9. Added some casts to avoid compiler warnings in OS/os.c-Linux. | |
1961 | ||
1962 | 10. Exim crashed if a message with an empty sender address specified by -f | |
1963 | encountered a router with an errors_to setting. This could be provoked only | |
1964 | by a command such as | |
1965 | ||
1966 | exim -f "" ... | |
1967 | ||
1968 | where an empty string was supplied; "<>" did not hit this bug. | |
1969 | ||
1970 | 11. Installed PCRE release 4.5. | |
1971 | ||
1972 | 12. If EHLO/HELO was rejected by an ACL, the value of $sender_helo_name | |
1973 | remained set. It is now erased. | |
1974 | ||
1975 | 13. exiqgrep wasn't working on MacOS X because it didn't correctly compute | |
1976 | times from message ids (which are base 36 rather than the normal 62). | |
1977 | ||
1978 | 14. "Expected" SMTP protocol errors that can arise when PIPELINING is in use | |
1979 | were being counted as actual protocol errors, and logged if the log | |
1980 | selector +smtp_protocol_error was set. One cannot be perfect in this test, | |
1981 | but now, if PIPELINING has been advertised, RCPT following a rejected MAIL, | |
1982 | and DATA following a set of rejected RCPTs do not count as protocol errors. | |
1983 | In other words, Exim assumes they were pipelined, though this may not | |
1984 | actually be the case. Of course, in all cases the client gets an | |
1985 | appropriate error code. | |
1986 | ||
1987 | 15. If a lookup fails in an ACL condition, a message about the failure may | |
1988 | be available; it is used if testing the ACL cannot continue, because most | |
1989 | such messages specify what the cause of the deferral is. However, some | |
1990 | messages (e.g. "MYSQL: no data found") do not cause a defer. There was bug | |
1991 | that caused an old message to be retained and used if a later statement | |
1992 | caused a defer, replacing the real cause of the deferral. | |
1993 | ||
1994 | 16. If an IP address had so many PTR records that the DNS lookup buffer | |
1995 | was not large enough to hold them, Exim could crash while trying to process | |
1996 | the truncated data. It now detects and logs this case. | |
1997 | ||
1998 | 17. Further to 4.21/58, another change has been made: if (and only if) the | |
1999 | first line of a message (the first header line) ends with CRLF, a bare LF | |
2000 | in a subsequent header line has a space inserted after it, so as not to | |
2001 | terminate the header. | |
2002 | ||
2003 | 18. Refactoring: tidied an ugly bit of code in appendfile that copied data | |
2004 | unnecessarily, used atoi() instead of strtol(), and didn't check the | |
2005 | termination when getting file sizes from file names by regex. | |
2006 | ||
2007 | 19. Completely re-implemented the support for maildirsize files, in the light | |
2008 | of a number of problems with the previous contributed implementation | |
2009 | (4.30/29). In particular: | |
2010 | ||
2011 | . If the quota is zero, the maildirsize file is maintained, but no quota is | |
2012 | imposed. | |
2013 | ||
2014 | . If the maildir directory does not exist, it is created before any attempt | |
2015 | to write a maildirsize file. | |
2016 | ||
2017 | . The quota value in the file is just a cache; if the quota is changed in | |
2018 | the transport, the new value overrides. | |
2019 | ||
2020 | . A regular expression is available for excluding directories from the | |
2021 | count. | |
2022 | ||
2023 | 20. The autoreply transport checks the characters in options that define the | |
2024 | message's headers; it allows continued headers, but it was checking with | |
2025 | isspace() after an embedded newline instead of explicitly looking for a | |
2026 | space or a tab. | |
2027 | ||
2028 | 21. If all the "regular" hosts to which an address was routed had passed their | |
2029 | expiry times, and had not reached their retry times, the address was | |
2030 | bounced, even if fallback hosts were defined. Now Exim should go on to try | |
2031 | the fallback hosts. | |
2032 | ||
2033 | 22. Increased buffer sizes in the callout code from 1024 to 4096 to match the | |
2034 | equivalent code in the SMTP transport. Some hosts send humungous responses | |
2035 | to HELO/EHLO, more than 1024 it seems. | |
2036 | ||
2037 | 23. Refactoring: code in filter.c used (void *) for "any old type" but this | |
2038 | gives compiler warnings in some environments. I've now done it "properly", | |
2039 | using a union. | |
2040 | ||
2041 | 24. The replacement for inet_ntoa() that is used with gcc on IRIX systems | |
2042 | (because of problems with the built-in one) was declared to return uschar * | |
2043 | instead of char *, causing compiler failure. | |
2044 | ||
2045 | 25. Fixed a file descriptor leak when processing alias/forward files. | |
2046 | ||
2047 | 26. Fixed a minor format string issue in dbfn.c. | |
2048 | ||
2049 | 27. Typo in exim.c: ("dmbnz" for "dbmnz"). | |
2050 | ||
2051 | 28. If a filter file refered to $h_xxx or $message_headers, and the headers | |
2052 | contained RFC 2047 "words", Exim's memory could, under certain conditions, | |
2053 | become corrupted. | |
2054 | ||
2055 | 29. When a sender address is verified, it is cached, to save repeating the test | |
2056 | when there is more than one recipient in a message. However, when the | |
2057 | verification involves a callout, it is possible for different callout | |
2058 | options to be set for different recipients. It is too complicated to keep | |
2059 | track of this in the cache, so now Exim always runs a verification when a | |
2060 | callout is required, relying on the callout cache for the optimization. | |
2061 | The overhead is duplication of the address routing, but this should not be | |
2062 | too great. | |
2063 | ||
2064 | 30. Fixed a bug in callout caching. If a RCPT command caused the sender address | |
2065 | to be verified with callout=postmaster, and the main callout worked but the | |
2066 | postmaster check failed, the verification correctly failed. However, if a | |
2067 | subsequent RCPT command asked for sender verification *without* the | |
2068 | postmaster check, incorrect caching caused this verification also to fail, | |
2069 | incorrectly. | |
2070 | ||
2071 | 31. Exim caches DNS lookup failures so as to avoid multiple timeouts; however, | |
2072 | it was not caching the DNS options (qualify_single, search_parents) that | |
2073 | were used when the lookup failed. A subsequent lookup with different | |
2074 | options therefore always gave the same answer, though there were cases | |
2075 | where it should not have. (Example: a "domains = !$mx_any" option on a | |
2076 | dnslookup router: the "domains" option is always processed without any | |
2077 | widening, but the router might have qualify_single set.) Now Exim uses the | |
2078 | cached value only when the same options are set. | |
2079 | ||
2080 | 32. Added John Jetmore's "exipick" utility to the distribution. | |
2081 | ||
2082 | 33. GnuTLS: When an attempt to start a TLS session fails for any reason other | |
2083 | than a timeout (e.g. a certificate is required, and is not provided), an | |
2084 | Exim server now closes the connection immediately. Previously it waited for | |
2085 | the client to close - but if the client is SSL, it seems that they each | |
2086 | wait for each other, leading to a delay before one of them times out. | |
2087 | ||
2088 | 34: GnuTLS: Updated the code to use the new GnuTLS 1.0.0 API. I have not | |
2089 | maintained 0.8.x compatibility because I don't think many are using it, and | |
2090 | it is clearly obsolete. | |
2091 | ||
2092 | 35. Added TLS support for CRLs: a tls_crl global option and one for the smtp | |
2093 | transport. | |
2094 | ||
2095 | 36. OpenSSL: $tls_certificate_verified was being set to 1 even if the | |
2096 | client certificate was expired. A simple patch fixes this, though I don't | |
2097 | understand the full logic of why the verify callback is called multiple | |
2098 | times. | |
2099 | ||
2100 | 37. OpenSSL: a patch from Robert Roselius: "Enable client-bug workaround. | |
2101 | Versions of OpenSSL as of 0.9.6d include a 'CBC countermeasure' feature, | |
2102 | which causes problems with some clients (such as the Certicom SSL Plus | |
2103 | library used by Eudora). This option, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, | |
2104 | disables the coutermeasure allowing Eudora to connect." | |
2105 | ||
2106 | 38. Exim was not checking that a write() to a log file succeeded. This could | |
2107 | lead to Bad Things if a log got too big, in particular if it hit a file | |
2108 | size limit. Exim now panics and dies if it cannot write to a log file, just | |
2109 | as it does if it cannot open a log file. | |
2110 | ||
2111 | 39. Modified OS/Makefile-Linux so that it now contains | |
2112 | ||
2113 | CFLAGS=-O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE | |
2114 | ||
2115 | The two -D definitions ensure that Exim is compiled with large file | |
2116 | support, which makes it possible to handle log files that are bigger than | |
2117 | 2^31. | |
2118 | ||
2119 | 40. Fixed a subtle caching bug: if (in an ACL or a set of routers, for | |
2120 | instance) a domain was checked against a named list that involved a lookup, | |
2121 | causing $domain_data to be set, then another domain was checked against the | |
2122 | same list, then the first domain was re-checked, the value of $domain_data | |
2123 | after the final check could be wrong. In particular, if the second check | |
2124 | failed, it could be set empty. This bug probably also applied to | |
2125 | $localpart_data. | |
2126 | ||
2127 | 41. The strip_trailing_dot option was not being applied to the address given | |
2128 | with the -f command-line option. | |
2129 | ||
2130 | 42. The code for reading a message's header from the spool was incrementing | |
2131 | $received_count, but never initializing it. This meant that the value was | |
2132 | incorrect (doubled) while delivering a message in the same process in which | |
2133 | it was received. In the most common configuration of Exim, this never | |
2134 | happens - a fresh exec is done - but it can happen when | |
2135 | deliver_drop_privilege is set. | |
2136 | ||
2137 | 43. When Exim logs an SMTP synchronization error - client data sent too soon - | |
2138 | it now includes up to 150 characters of the unexpected data in the log | |
2139 | line. | |
2140 | ||
2141 | 44. The exim_dbmbuild utility uses fixed size buffers for reading input lines | |
2142 | and building data strings. The size of both of these buffers was 10 000 | |
2143 | bytes - far larger than anybody would *ever* want, thought I. Needless to | |
2144 | say, somebody hit the limit. I have increased the maximum line length to | |
2145 | 20 000 and the maximum data length of concatenated lines to 100 000. I have | |
2146 | also fixed two bugs, because there was no checking on these buffers. Tsk, | |
2147 | tsk. Now exim_dbmbuild gives a message and exits with an error code if a | |
2148 | buffer is too small. | |
2149 | ||
2150 | 45. The exim_dbmbuild utility did not support quoted keys, as Exim does in | |
2151 | lsearch lookups. Now it does. | |
2152 | ||
2153 | 46. When parsing a route_list item in a manualroute router, a fixed-length | |
2154 | buffer was used for the list of hosts. I made this 1024 bytes long, | |
2155 | thinking that nobody would ever have a list of hosts that long. Wrong. | |
2156 | Somebody had a whole pile of complicated expansion conditions, and the | |
2157 | string was silently truncated, leading to an expansion error. It turns out | |
2158 | that it is easier to change to an unlimited length (owing to other changes | |
2159 | that have happened since this code was originally written) than to build | |
2160 | structure for giving a limitation error. The length of the item that | |
2161 | expands into the list of hosts is now unlimited. | |
2162 | ||
2163 | 47. The lsearch lookup could not handle data where the length of text line was | |
2164 | more than 4095 characters. Such lines were truncated, leading to shortened | |
2165 | data being returned. It should now handle lines of any length. | |
2166 | ||
2167 | 48. Minor wording revision: "cannot test xxx in yyy ACL" becomes "cannot test | |
2168 | xxx condition in yyy ACL" (e.g. "cannot test domains condition in DATA | |
2169 | ACL"). | |
2170 | ||
2171 | 49. Cosmetic tidy to scripts like exicyclog that are generated by globally | |
2172 | replacing strings such as BIN_DIRECTORY in a source file: the replacement | |
2173 | no longer happens in comment lines. A list of replacements is now placed | |
2174 | at the head of all of the source files, except those whose only change is | |
2175 | to replace PERL_COMMAND in the very first #! line. | |
2176 | ||
2177 | 50. Replaced the slow insertion sort in queue.c, for sorting the list of | |
2178 | messages on the queue, with a bottom-up merge sort, using code contributed | |
2179 | by Michael Haardt. This should make operations like -bp somewhat faster on | |
2180 | large queues. It won't affect queue runners, except when queue_run_in_order | |
2181 | is set. | |
2182 | ||
2183 | 51. Installed eximstats 1.31 in the distribution. | |
2184 | ||
2185 | 52. Added support for SRV lookups to the dnslookup router. | |
2186 | ||
2187 | 53. If an ACL referred to $message_body or $message_body_end, the value was not | |
2188 | reset for any messages that followed in the same SMTP session. | |
2189 | ||
2190 | 54. The store-handling optimization for building very long strings was not | |
2191 | differentiating between the different store pools. I don't think this | |
2192 | actually made any difference in practice, but I've tidied it. | |
2193 | ||
2194 | 55. While running the routers to verify a sender address, $sender_address | |
2195 | was still set to the sender address. This is wrong, because when routing to | |
2196 | send a bounce to the sender, it would be empty. Therefore, I have changed | |
2197 | it so that, while verifying a sender address, $sender_address is set to <>. | |
2198 | (There is no change to what happens when verifying a recipient address.) | |
2199 | ||
2200 | 56. After finding MX (or SRV) records, Exim was doing a DNS lookup for the | |
2201 | target A or AAAA records (if not already returned) without resetting the | |
2202 | qualify_single or search_parents options of the DNS resolver. These are | |
2203 | inappropriate in this case because the targets of MX and SRV records must | |
2204 | be FQDNs. A broken DNS record could cause trouble if it happened to have a | |
2205 | target that, when qualified, matched something in the local domain. These | |
2206 | two options are now turned off when doing these lookups. | |
2207 | ||
2208 | 57. It seems that at least some releases of Reiserfs (which does not have the | |
2209 | concept of a fixed number of inodes) returns zero and not -1 for the | |
2210 | number of available inodes. This interacted badly with check_spool_inodes, | |
2211 | which assumed that -1 was the "no such thing" setting. What I have done is | |
2212 | to check that the total number of inodes is greater than zero before doing | |
2213 | the test of how many are available. | |
2214 | ||
2215 | 58. When a "warn" ACL statement has a log_message modifier, the message is | |
2216 | remembered, and not repeated. This is to avoid a lot of repetition when a | |
2217 | message has many recipients that cause the same warning to be written. | |
2218 | Howewer, Exim was preserving the list of already written lines for an | |
2219 | entire SMTP session, which doesn't seem right. The memory is now reset if a | |
2220 | new message is started. | |
2221 | ||
2222 | 59. The "rewrite" debugging flag was not showing the result of rewriting in the | |
2223 | debugging output unless log_rewrite was also set. | |
2224 | ||
2225 | 60. Avoid a compiler warning on 64-bit systems in dsearch.c by avoiding the use | |
2226 | of (int)(handle) when we know that handle contains (void *)(-1). | |
2227 | ||
2228 | 61. The Exim daemon panic-logs an error return when it closes the incoming | |
2229 | connection. However "connection reset by peer" seems to be common, and | |
2230 | isn't really an error worthy of noting specially, so that particular error | |
2231 | is no long logged. | |
2232 | ||
2233 | 62. When Exim is trying to find all the local interfaces, it used to panic and | |
2234 | die if the ioctl to get the interface flags failed. However, it seems that | |
2235 | on at least one OS (Solaris 9) it is possible to have an interface that is | |
2236 | included in the list of interfaces, but for which you get a failure error | |
2237 | for this call. This happens when the interface is not "plumbed" into a | |
2238 | protocol (i.e. neither IPv4 nor IPv6). I've changed the code so that a | |
2239 | failure of the "get flags" call assumes that the interface is down. | |
2240 | ||
2241 | 63. Added a ${eval10: operator, which assumes all numbers are decimal. This | |
2242 | makes life easier for people who are doing arithmetic on fields extracted | |
2243 | from dates, where you often get leading zeros that should not be | |
2244 | interpreted as octal. | |
2245 | ||
2246 | 64. Added qualify_domain to the redirect router, to override the global | |
2247 | setting. | |
2248 | ||
2249 | 65. If a pathologically long header line contained very many addresses (the | |
2250 | report of this problem mentioned 10 000) and each of them was rewritten, | |
2251 | Exim could use up a very large amount of memory. (It kept on making new | |
2252 | copies of the header line as it rewrote, and never released the old ones.) | |
2253 | At the expense of a bit more processing, the header rewriting function has | |
2254 | been changed so that it no longer eats memory in this way. | |
2255 | ||
2256 | 66. The generation of the Received: header has been moved from the time that a | |
2257 | message starts to be received, to the time that it finishes. The timestamp | |
2258 | in the Received: header should now be very close to that of the <= log | |
2259 | line. There are two side-effects of this change: | |
2260 | ||
2261 | (a) If a message is rejected by a DATA or non-SMTP ACL or local_scan(), the | |
2262 | logged header lines no longer include the local Received: line, because | |
2263 | it has not yet been created. The same applies to a copy of the message | |
2264 | that is returned to a non-SMTP sender when a message is rejected. | |
2265 | ||
2266 | (b) When a filter file is tested using -bf, no additional Received: header | |
2267 | is added to the test message. After some thought, I decided that this | |
2268 | is a bug fix. | |
2269 | ||
2270 | This change does not affect the value of $received_for. It is still set | |
2271 | after address rewriting, but before local_scan() is called. | |
2272 | ||
2273 | 67. Installed the latest Cygwin-specific files from the Cygwin maintainer. | |
2274 | ||
2275 | 68. GnuTLS: If an empty file is specified for tls_verify_certificates, GnuTLS | |
2276 | gave an unhelpful panic error message, and a defer error. I have managed to | |
2277 | change this behaviour so that it now rejects any supplied certificate, | |
2278 | which seems right, as the list of acceptable certificates is empty. | |
2279 | ||
2280 | 69. OpenSSL: If an empty file is specified for tls_verify_certificates, OpenSSL | |
2281 | gave an unhelpful defer error. I have not managed to make this reject any | |
2282 | supplied certificates, but the error message it gives is "no certificate | |
2283 | supplied", which is not helpful. | |
2284 | ||
2285 | 70. exigrep's output now also includes lines that are not associated with any | |
2286 | message, but which match the given pattern. Implemented by a patch from | |
2287 | Martin Sluka, which also tidied up the Perl a bit. | |
2288 | ||
2289 | 71. Recipient callout verification, like sender verification, was using <> in | |
2290 | the MAIL FROM command. This isn't really the right thing, since the actual | |
2291 | sender may affect whether the remote host accepts the recipient or not. I | |
2292 | have changed it to use the actual sender in the callout; this means that | |
2293 | the cache record is now keyed on a recipient/sender pair, not just the | |
2294 | recipient address. There doesn't seem to be a real danger of callout loops, | |
2295 | since a callout by the remote host to check the sender would use <>. | |
2296 | [SEE ABOVE: changed after hitting problems.] | |
2297 | ||
2298 | 72. Exim treats illegal SMTP error codes that do not begin with 4 or 5 as | |
2299 | temporary errors. However, in the case of such a code being given after | |
2300 | the end of a data transmission (i.e. after ".") Exim was failing to write | |
2301 | a retry record for the message. (Yes, there was some broken host that was | |
2302 | actually sending 8xx at this point.) | |
2303 | ||
2304 | 73. An unknown lookup type in a host list could cause Exim to panic-die when | |
2305 | the list was checked. (An example that provoked this was putting <; in the | |
2306 | middle of a list instead of at the start.) If this happened during a DATA | |
2307 | ACL check, a -D file could be left lying around. This kind of configuration | |
2308 | error no longer causes Exim to die; instead it causes a defer errror. The | |
2309 | incident is still logged to the main and panic logs. | |
2310 | ||
2311 | 74. Buglet left over from Exim 3 conversion. The message "too many messages | |
2312 | in one connection" was written to the rejectlog but not the mainlog, except | |
2313 | when address rewriting (yes!) was being logged. | |
2314 | ||
2315 | 75. Added write_rejectlog option. | |
2316 | ||
2317 | 76. When a system filter was run not as root (that is, when system_filter_user | |
2318 | was set), the values of the $n variables were not being returned to the | |
2319 | main process; thus, they were not subsequently available in the $sn | |
2320 | variables. | |
2321 | ||
2322 | 77. Added +return_path_on_delivery log selector. | |
2323 | ||
2324 | 78. A connection timeout was being treated differently from recipients deferred | |
2325 | when testing hosts_max_try with a message that was older than the host's | |
2326 | retry timeout. (The host should not be counted, thus allowing all hosts to | |
2327 | be tried at least once before bouncing.) This may have been the cause of an | |
2328 | occasionally reported bug whereby a message would remain on the queue | |
2329 | longer than the retry timeout, but would be bounced if a delivery was | |
2330 | forced. I say "may" because I never totally pinned down the problem; | |
2331 | setting up timeout/retry tests is difficult. See also the next item. | |
2332 | ||
2333 | 79. The ultimate address timeout was not being applied to errors that involved | |
2334 | a combination of host plus message (for example, a timeout on a MAIL | |
2335 | command). When an address resolved to a number of possible hosts, and they | |
2336 | were not all tried for each delivery (e.g. because of hosts_max_try), a | |
2337 | message could remain on the queue longer than the retry timeout. | |
2338 | ||
2339 | 80. Sieve bug: "stop" inside "elsif" was broken. Applied a patch from Michael | |
2340 | Haardt. | |
2341 | ||
2342 | 81. Fixed an obscure SMTP outgoing bug which required at least the following | |
2343 | conditions: (a) there was another message waiting for the same server; | |
2344 | (b) the server returned 5xx to all RCPT commands in the first message so | |
2345 | that the message was not completed; (c) the server dropped the connection | |
2346 | or gave a negative response to the RSET that Exim sends to abort the | |
2347 | transaction. The observed case was a dropped connection after DATA that had | |
2348 | been sent in pipelining mode. That is, the server had advertised PIPELINING | |
2349 | but was not implementing it correctly. The effect of the bug was incorrect | |
2350 | behaviour, such as trying another host, and this could lead to a crash. | |
2351 | ||
2352 | ||
2353 | Exim version 4.30 | |
2354 | ----------------- | |
2355 | ||
2356 | 1. The 3rd arguments to getsockname(), getpeername(), and accept() in exim.c | |
2357 | and daemon.c were passed as pointers to ints; they should have been | |
2358 | pointers to socklen_t variables (which are typically unsigned ints). | |
2359 | ||
2360 | 2. Some signed/unsigned type warnings in the os.c file for Linux have been | |
2361 | fixed. | |
2362 | ||
2363 | 3. Fixed a really odd bug that affected only the testing scheme; patching a | |
2364 | certain fixed string in the binary changed the value of another string that | |
2365 | happened to be identical to the end of the original first string. | |
2366 | ||
2367 | 4. When gethostbyname() (or equivalent) is passed an IP address as a "host | |
2368 | name", it returns that address as the IP address. On some operating | |
2369 | systems (e.g. Solaris), it also passes back the IP address string as the | |
2370 | "host name". However, on others (e.g. Linux), it passes back an empty | |
2371 | string. Exim wasn't checking for this, and was changing the host name to an | |
2372 | empty string, assuming it had been canonicized. | |
2373 | ||
2374 | 5. Although rare, it is permitted to have more than one PTR record for a given | |
2375 | IP address. I thought that gethostbyaddr() or getipnodebyaddr() always gave | |
2376 | all the names associated with an address, because they do in Solaris. | |
2377 | However, it seems that they do not in Linux for data that comes from the | |
2378 | DNS. If an address in /etc/hosts has multiple names, they _are_ all given. | |
2379 | I found this out when I moved to a new Linux workstation and tried to run | |
2380 | the Exim test suite. | |
2381 | ||
2382 | To get round this problem I have changed the code so that it now does its | |
2383 | own call to the DNS to look up PTR records when searching for a host name. | |
2384 | If nothing can be found in the DNS, it tries gethostbyaddr(), so that | |
2385 | addresses that are only in /etc/hosts are still found. | |
2386 | ||
2387 | This behaviour is, however, controlled by an option called host_lookup_ | |
2388 | order, which defaults to "bydns:byaddr". If people want to use the other | |
2389 | order, or indeed, just use one or the other means of lookup, they can | |
2390 | specify it in this variable. | |
2391 | ||
2392 | 6. If a PTR record yields an empty name, Exim treats it as non-existent. In | |
2393 | some operating systems, this comes back from gethostbyaddr() as an empty | |
2394 | string, and this is what Exim used to test for. However, it seems that in | |
2395 | other systems, "." is yielded. Exim now tests for this case too. | |
2396 | ||
2397 | 7. The values of check_spool_space and check_log_space are now held internally | |
2398 | as a number of kilobytes instead of an absolute number of bytes. If a | |
2399 | numbers is specified without 'K' or 'M', it is rounded up to the nearest | |
2400 | kilobyte. This means that much larger values can be stored. | |
2401 | ||
2402 | 8. Exim monitor: an attempt to get the action menu when not actually pointing | |
2403 | at a message produces an empty menu entitled "No message selected". This | |
2404 | works on Solaris (OpenWindows). However, XFree86 does not like a menu with | |
2405 | no entries in it ("Shell widget menu has zero width and/or height"). So I | |
2406 | have added a single, blank menu entry in this case. | |
2407 | ||
2408 | 9. Added ${quote_local_part. | |
2409 | ||
2410 | 10. MIME decoding is now applied to the contents of Subject: header lines when | |
2411 | they are logged. | |
2412 | ||
2413 | 11. Now that a reference to $sender_host_address automatically causes a reverse | |
2414 | lookup to occur if necessary (4.13/18), there is no need to arrange for a | |
2415 | host lookup before query-style lookups in lists that might use this | |
2416 | variable. This has therefore been abolished, and the "net-" prefix is no | |
2417 | longer necessary for query-style lookups. | |
2418 | ||
2419 | 12. The Makefile for SCO_SV contained a setting of LDFLAGS. This appears to | |
2420 | have been a typo for LFLAGS, so it has been changed. | |
2421 | ||
2422 | 13. The install script calls Exim with "-C /dev/null" in order to find the | |
2423 | version number. If ALT_CONFIG_PREFIX was set, this caused an error message | |
2424 | to be output. Howeve, since Exim outputs its version number before the | |
2425 | error, it didn't break the script. It just looked ugly. I fixed this by | |
2426 | always allowing "-C /dev/null" if the caller is root. | |
2427 | ||
2428 | 14. Ignore overlarge ACL variable number when reading spool file - insurance | |
2429 | against a later release with more variables having written the file. | |
2430 | ||
2431 | 15. The standard form for an IPv6 address literal was being rejected by EHLO. | |
2432 | Example: [IPv6:2002:c1ed:8229:10:202:2dff:fe07:a42a]. Exim now accepts | |
2433 | this, as well as the form without the "IPv6" on the front. | |
2434 | ||
2435 | 16. Added CHOWN_COMMAND=/usr/sbin/chown and LIBS=-lresolv to the | |
2436 | OS/Makefile-Darwin file. | |
2437 | ||
2438 | 17. Fixed typo in lookups/ldap.c: D_LOOKUP should be D_lookup. This applied | |
2439 | only to LDAP libraries that do not have LDAP_OPT_DEREF. | |
2440 | ||
2441 | 18. After change 4.21/52, "%ld" was used to format the contents of the $inode | |
2442 | variable. However, some OS use ints for inodes. I've added cast to long int | |
2443 | to get rid of the compiler warning. | |
2444 | ||
2445 | 19. I had forgotten to lock out "/../" in configuration file names when | |
2446 | ALT_CONFIG_PREFIX was set. | |
2447 | ||
2448 | 20. Routers used for verification do not need to specify transports. However, | |
2449 | if such a router generated a host list, and callout was configured, Exim | |
2450 | crashed, because it could not find a port number from the (non-existent) | |
2451 | transport. It now assumes port 25 in this circumstance. | |
2452 | ||
2453 | 21. Added the -t option to exigrep. | |
2454 | ||
2455 | 22. If LOOKUP_LSEARCH is defined, all three linear search methods (lsearch, | |
2456 | wildlsearch, nwildlsearch) are compiled. LOOKUP_WILDLSEARCH and LOOKUP_ | |
2457 | NWILDLSEARCH are now obsolete, but retained for compatibility. If either of | |
2458 | them is set, LOOKUP_LSEARCH is forced. | |
2459 | ||
2460 | 23. "exim -bV" now outputs a list of lookups that are included in the binary. | |
2461 | ||
2462 | 24. Added sender and host information to the "rejected by local_scan()" log | |
2463 | line; previously there was no indication of these. | |
2464 | ||
2465 | 25. Added .include_if_exists. | |
2466 | ||
2467 | 26. Change 3.952/11 added an explicit directory sync on top of a file sync for | |
2468 | Linux. It turns out that not all file systems support this. Apparently some | |
2469 | versions of NFS do not. (It's rare to put Exim's spool on NFS, but people | |
2470 | do it.) To cope with this, the error EINVAL, which means that sync-ing is | |
2471 | not supported on the file descriptor, is now ignored when Exim is trying to | |
2472 | sync a directory. This applies only to Linux. | |
2473 | ||
2474 | 27. Added -DBIND_8_COMPAT to the CLFAGS setting for Darwin. | |
2475 | ||
2476 | 28. In Darwin (MacOS X), the PAM headers are in /usr/include/pam and not in | |
2477 | /usr/include/security. There's now a flag in OS/os.h-Darwin to cope with | |
2478 | this. | |
2479 | ||
2480 | 29. Added support for maildirsize files from supplied patch (modified a bit). | |
2481 | ||
2482 | 30. The use of :fail: followed by an empty string could lead Exim to respond to | |
2483 | sender verification failures with (e.g.): | |
2484 | ||
2485 | 550 Verification failed for <xxx> | |
2486 | 550 Sender verify failed | |
2487 | ||
2488 | where the first response line was missing the '-' that indicates it is not | |
2489 | the final line of the response. | |
2490 | ||
2491 | 31. The loop for finding the name of the user that called Exim had a hardwired | |
2492 | limit of 10; it now uses the value of finduser_retries, which is used for | |
2493 | all other user lookups. | |
2494 | ||
2495 | 32. Added $received_count variable, available in data and not_smtp ACLs, and at | |
2496 | delivery time. | |
2497 | ||
2498 | 33. Exim was neglecting to zero errno before one call of strtol() when | |
2499 | expanding a string and expecting an integer value. On some systems this | |
2500 | resulted in spurious "integer overflow" errors. Also, it was casting the | |
2501 | result into an int without checking. | |
2502 | ||
2503 | 34. Testing for a connection timeout using "timeout_connect" in the retry rules | |
2504 | did not work. The code looks as if it has *never* worked, though it appears | |
2505 | to have been documented since at least releast 1.62. I have made it work. | |
2506 | ||
2507 | 35. The "timeout_DNS" error in retry rules, also documented since at least | |
2508 | 1.62, also never worked. As it isn't clear exactly what this means, and | |
2509 | clearly it isn't a major issue, I have abolished the feature by treating it | |
2510 | as "timeout", and writing a warning to the main and panic logs. | |
2511 | ||
2512 | 36. The display of retry rules for -brt wasn't always showing the error code | |
2513 | correctly. | |
2514 | ||
2515 | 37. Added new error conditions to retry rules: timeout_A, timeout_MX, | |
2516 | timeout_connect_A, timeout_connect_MX. | |
2517 | ||
2518 | 38. Rewriting the envelope sender at SMTP time did not allow it to be rewritten | |
2519 | to the empty sender. | |
2520 | ||
2521 | 39. The daemon was not analysing the content of -oX till after it had closed | |
2522 | stderr and disconnected from the controlling terminal. This meant that any | |
2523 | syntax errors were only noted on the panic log, and the return code from | |
2524 | the command was 0. By re-arranging the code a little, I've made the | |
2525 | decoding happen first, so such errors now appear on stderr, and the return | |
2526 | code is 1. However, the actual setting up of the sockets still happens in | |
2527 | the disconnected process, so errors there are still only recorded on the | |
2528 | panic log. | |
2529 | ||
2530 | 40. A daemon listener on a wildcard IPv6 socket that also accepts IPv4 | |
2531 | connections (as happens on some IP stacks) was logged at start up time as | |
2532 | just listening for IPv6. It now logs "IPv6 with IPv4". This differentiates | |
2533 | it from "IPv6 and IPv4", which means that two separate sockets are being | |
2534 | used. | |
2535 | ||
2536 | 41. The debug output for gethostbyname2() or getipnodebyname() failures now | |
2537 | says whether AF_INET or AF_INET6 was passed as an argument. | |
2538 | ||
2539 | 42. Exiwhat output was messed up when time zones were included in log | |
2540 | timestamps. | |
2541 | ||
2542 | 43. Exiwhat now gives more information about the daemon's listening ports, | |
2543 | and whether -tls-on-connect was used. | |
2544 | ||
2545 | 44. The "port" option of the smtp transport is now expanded. | |
2546 | ||
2547 | 45. A "message" modifier in a "warn" statement in a non-message ACL was being | |
2548 | silently ignored. Now an error message is written to the main and panic | |
2549 | logs. | |
2550 | ||
2551 | 46. There's a new ACL modifier called "logwrite" which writes to a log file | |
2552 | as soon as it is encountered. | |
2553 | ||
2554 | 47. Added $local_user_uid and $local_user_gid at routing time. | |
2555 | ||
2556 | 48. Exim crashed when trying to verify a sender address that was being | |
2557 | rewritten to "<>". | |
2558 | ||
2559 | 49. Exim was recognizing only a space character after ".include". It now also | |
2560 | recognizes a tab character. | |
2561 | ||
2562 | 50. Fixed several bugs in the Perl script that creates the exim.8 man page by | |
2563 | extracting the relevant information from the specification. The man page no | |
2564 | longer contains scrambled data for the -d option, and I've added a section | |
2565 | at the front about calling Exim under different names. | |
2566 | ||
2567 | 51. Added "extra_headers" argument to the "mail" command in filter files. | |
2568 | ||
2569 | 52. Redirecting mail to an unqualified address in a Sieve filter caused Exim to | |
2570 | crash. | |
2571 | ||
2572 | 53. Installed eximstats 1.29. | |
2573 | ||
2574 | 54. Added transport_filter_timeout as a generic transport option. | |
2575 | ||
2576 | 55. Exim no longer adds an empty Bcc: header to messages that have no To: or | |
2577 | Cc: header lines. This was required by RFC 822, but it not required by RFC | |
2578 | 2822. | |
2579 | ||
2580 | 56. Exim used to add From:, Date:, and Message-Id: header lines to any | |
2581 | incoming messages that did not have them. Now it does so only if the | |
2582 | message originates locally, that is, if there is no associated remote host | |
2583 | address. When Resent- header lines are present, this applies to the Resent- | |
2584 | lines rather than the non-Resent- lines. | |
2585 | ||
2586 | 57. Drop incoming SMTP connection after too many syntax or protocol errors. The | |
2587 | limit is controlled by smtp_max_synprot_errors, defaulting to 3. | |
2588 | ||
2589 | 58. Messages for configuration errors now include the name of the main | |
2590 | configuration file - useful now that there may be more than one file in a | |
2591 | list (.included file names were always shown). | |
2592 | ||
2593 | 59. Change 4.21/82 (run initgroups() when starting the daemon) causes problems | |
2594 | for those rare installations that do not start the daemon as root or run it | |
2595 | setuid root. I've cut out the call to initgroups() if the daemon is not | |
2596 | root at that time. | |
2597 | ||
2598 | 60. The Exim user and group can now be bound into the binary as text strings | |
2599 | that are looked up at the start of Exim's processing. | |
2600 | ||
2601 | 61. Applied a small patch for the Interbase code, supplied by Ard Biesheuvel. | |
2602 | ||
2603 | 62. Added $mailstore_basename variable. | |
2604 | ||
2605 | 63. Installed patch to sieve.c from Michael Haardt. | |
2606 | ||
2607 | 64. When Exim failed to open the panic log after failing to open the main log, | |
2608 | the original message it was trying to log was written to stderr and debug | |
2609 | output, but if they were not available (the usual case in production), it | |
2610 | was lost. Now it is written to syslog before the two lines that record the | |
2611 | failures to open the logs. | |
2612 | ||
2613 | 65. Users' Exim filters run in subprocesses under the user's uid. It is | |
2614 | possible for a "deliver" command or an alias in a "personal" command to | |
2615 | provoke an address rewrite. If logging of address rewriting is configured, | |
2616 | this fails because the process is not running as root or exim. There may be | |
2617 | a better way of dealing with this, but for the moment (because 4.30 needs | |
2618 | to be released), I have disabled address rewrite logging when running a | |
2619 | filter in a non-root, non-exim process. | |
2620 | ||
2621 | ||
2622 | Exim version 4.24 | |
2623 | ----------------- | |
2624 | ||
2625 | 1. The buildconfig auxiliary program wasn't quoting the value set for | |
2626 | HEADERS_CHARSET. This caused a compilation error complaining that 'ISO' was | |
2627 | not defined. This bug was masked in 4.22 by the effect that was fixed in | |
2628 | change 4.23/1. | |
2629 | ||
2630 | 2. Some messages that were rejected after a message id was allocated were | |
2631 | shown as "incomplete" by exigrep. It no longer does this for messages that | |
2632 | are rejected by local_scan() or the DATA or non-SMTP ACLs. | |
2633 | ||
2634 | 3. If a Message-ID: header used a domain literal in the ID, and Exim did not | |
2635 | have allow_domain_literals set, the ID did not get logged in the <= line. | |
2636 | Domain literals are now always recognized in Message-ID: header lines. | |
2637 | ||
2638 | 4. The first argument for a ${extract expansion item is the key name or field | |
2639 | number. Leading and trailing spaces in this item were not being ignored, | |
2640 | causing some misleading effects. | |
2641 | ||
2642 | 5. When deliver_drop_privilege was set, single queue runner processes started | |
2643 | manually (i.e. by the command "exim -q") or by the daemon (which uses the | |
2644 | same command in the process it spins off) were not dropping privilege. | |
2645 | ||
2646 | 6. When the daemon running as "exim" started a queue runner, it always | |
2647 | re-executed Exim in the spun-off process. This is a waste of effort when | |
2648 | deliver_drop_privilege is set. The new process now just calls the | |
2649 | queue-runner function directly. | |
2650 | ||
2651 | ||
2652 | Exim version 4.23 | |
2653 | ----------------- | |
2654 | ||
2655 | 1. Typo in the src/EDITME file: it referred to HEADERS_DECODE_TO instead of | |
2656 | HEADERS_CHARSET. | |
2657 | ||
2658 | 2. Change 4.21/73 introduced a bug. The pid file path set by -oP was being | |
2659 | ignored. Though the use of -oP was forcing the writing of a pid file, it | |
2660 | was always written to the default place. | |
2661 | ||
2662 | 3. If the message "no IP address found for host xxxx" is generated during | |
2663 | incoming verification, it is now followed by identification of the incoming | |
2664 | connection (so you can more easily find what provoked it). | |
2665 | ||
2666 | 4. Bug fix for Sieve filters: "stop" inside a block was not working properly. | |
2667 | ||
2668 | 5. Added some features to "harden" Exim a bit more against certain attacks: | |
2669 | ||
2670 | (a) There is now a build-time option called FIXED_NEVER_USERS that can | |
2671 | be put in Local/Makefile. This is like the never_users runtime option, | |
2672 | but it cannot be overridden. The default setting is "root". | |
2673 | ||
2674 | (b) If ALT_CONFIG_PREFIX is defined in Local/Makefile, it specifies a | |
2675 | prefix string with which any file named in a -C command line option | |
2676 | must start. | |
2677 | ||
2678 | (c) If ALT_CONFIG_ROOT_ONLY is defined in Local/Makefile, root privilege | |
2679 | is retained for -C and -D only if the caller of Exim is root. Without | |
2680 | it, the exim user may also use -C and -D and retain privilege. | |
2681 | ||
2682 | (d) If DISABLE_D_OPTION is defined in Local/Makefile, the use of the -D | |
2683 | command line option is disabled. | |
2684 | ||
2685 | 6. Macro names set by the -D option must start with an upper case letter, just | |
2686 | like macro names defined in the configuration file. | |
2687 | ||
2688 | 7. Added "dereference=" facility to LDAP. | |
2689 | ||
2690 | 8. Two instances of the typo "uknown" in the source files are fixed. | |
2691 | ||
2692 | 9. If a PERL_COMMAND setting in Local/Makefile was not at the start of a line, | |
2693 | the Configure-Makefile script screwed up while processing it. | |
2694 | ||
2695 | 10. Incorporated PCRE 4.4. | |
2696 | ||
2697 | 11. The SMTP synchronization check was not operating right at the start of an | |
2698 | SMTP session. For example, it could not catch a HELO sent before the client | |
2699 | waited for the greeting. There is now a check for outstanding input at the | |
2700 | point when the greeting is written. Because of the duplex, asynchronous | |
2701 | nature of TCP/IP, it cannot be perfect - the incorrect input may be on its | |
2702 | way, but not yet received, when the check is performed. | |
2703 | ||
2704 | 12. Added tcp_nodelay to make it possible to turn of the setting of TCP_NODELAY | |
2705 | on TCP/IP sockets, because this apparently causes some broken clients to | |
2706 | timeout. | |
2707 | ||
2708 | 13. Installed revised OS/Makefile-CYGWIN and OS/os.c-cygwin (the .h file was | |
2709 | unchanged) from the Cygwin maintainer. | |
2710 | ||
2711 | 14. The code for -bV that shows what is in the binary showed "mbx" when maildir | |
2712 | was supported instead of testing for mbx. Effectively a typo. | |
2713 | ||
2714 | 15. The spa authenticator server code was not checking that the input it | |
2715 | received was valid base64. | |
2716 | ||
2717 | 16. The debug output line for the "set" modifier in ACLs was not showing the | |
2718 | name of the variable that was being set. | |
2719 | ||
2720 | 17. Code tidy: the variable type "vtype_string" was never used. Removed it. | |
2721 | ||
2722 | 18. Previously, a reference to $sender_host_name did not cause a DNS reverse | |
2723 | lookup on its own. Something else was needed to trigger the lookup. For | |
2724 | example, a match in host_lookup or the need for a host name in a host list. | |
2725 | Now, if $sender_host_name is referenced and the host name has not yet been | |
2726 | looked up, a lookup is performed. If the lookup fails, the variable remains | |
2727 | empty, and $host_lookup_failed is set to "1". | |
2728 | ||
2729 | 19. Added "eqi" as a case-independent comparison operator. | |
2730 | ||
2731 | 20. The saslauthd authentication condition could segfault if neither service | |
2732 | nor realm was specified. | |
2733 | ||
2734 | 21. If an overflowing value such as "2048M" was set for message_size_limit, the | |
2735 | error message that was logged was misleading, and incoming SMTP | |
2736 | connections were dropped. The message is now more accurate, and temporary | |
2737 | errors are given to SMTP connections. | |
2738 | ||
2739 | 22. In some error situations (such as 21 above) Exim rejects all SMTP commands | |
2740 | (except RSET) with a 421 error, until QUIT is received. However, it was | |
2741 | failing to send a response to QUIT. | |
2742 | ||
2743 | 23. The HELO ACL was being run before the code for helo_try_verify_hosts, | |
2744 | which made it impossible to use "verify = helo" in the HELO ACL. The HELO | |
2745 | ACL is now run after the helo_try_verify_hosts code. | |
2746 | ||
2747 | 24. "{MD5}" and "{SHA1}" are now recognized as equivalent to "{md5"} and | |
2748 | "{sha1}" in the "crypteq" expansion condition (in fact the comparison is | |
2749 | case-independent, so other case variants are also recognized). Apparently | |
2750 | some systems use these upper case variants. | |
2751 | ||
2752 | 25. If more than two messages were waiting for the same host, and a transport | |
2753 | filter was specified for the transport, Exim sent two messages over the | |
2754 | same TCP/IP connection, and then failed with "socket operation on non- | |
2755 | socket" when it tried to send the third. | |
2756 | ||
2757 | 26. Added Exim::debug_write and Exim::log_write for embedded Perl use. | |
2758 | ||
2759 | 27. The extern definition of crypt16() in expand.c was not being excluded when | |
2760 | the OS had its own crypt16() function. | |
2761 | ||
2762 | 28. Added bounce_return_body as a new option, and bounce_return_size_limit | |
2763 | as a preferred synonym for return_size_limit, both as an option and as an | |
2764 | expansion variable. | |
2765 | ||
2766 | 29. Added LIBS=-liconv to OS/Makefile-OSF1. | |
2767 | ||
2768 | 30. Changed the default configuration ACL to relax the local part checking rule | |
2769 | for addresses that are not in any local domains. For these addresses, | |
2770 | slashes and pipe symbols are allowed within local parts, but the sequence | |
2771 | /../ is explicitly forbidden. | |
2772 | ||
2773 | 31. SPA server authentication was not clearing the challenge buffer before | |
2774 | using it. | |
2775 | ||
2776 | 32. log_message in a "warn" ACL statement was writing to the reject log as | |
2777 | well as to the main log, which contradicts the documentation and doesn't | |
2778 | seem right (because no rejection is happening). So I have stopped it. | |
2779 | ||
2780 | 33. Added Ard Biesheuvel's lookup code for accessing an Interbase database. | |
2781 | However, I am unable to do any testing of this. | |
2782 | ||
2783 | 34. Fixed an infelicity in the appendfile transport. When checking directories | |
2784 | for a mailbox, to see if any needed to be created, it was accidentally | |
2785 | using path names with one or more superfluous leading slashes; tracing | |
2786 | would show up entries such as stat("///home/ph10", 0xFFBEEA48). | |
2787 | ||
2788 | 35. If log_message is set on a "discard" verb in a MAIL or RCPT ACL, its | |
2789 | contents are added to the log line that is written for every discarded | |
2790 | recipient. (Previously a log_message setting was ignored.) | |
2791 | ||
2792 | 36. The ${quote: operator now quotes the string if it is empty. | |
2793 | ||
2794 | 37. The install script runs exim in order to find its version number. If for | |
2795 | some reason other than non-existence or emptiness, which it checks, it | |
2796 | could not run './exim', it was installing it with an empty version number, | |
2797 | i.e. as "exim-". This error state is now caught, and the installation is | |
2798 | aborted. | |
2799 | ||
2800 | 38. An argument was missing from the function that creates an error message | |
2801 | when Exim fails to connect to the socket for saslauthd authentication. | |
2802 | This could cause Exim to crash, or give a corrupted message. | |
2803 | ||
2804 | 39. Added isip, isip4, and isip6 to ${if conditions. | |
2805 | ||
2806 | 40. The ACL variables $acl_xx are now saved with the message, and can be | |
2807 | accessed later in routers, transports, and filters. | |
2808 | ||
2809 | 41. The new lookup type nwildlsearch is like wildlsearch, except that the key | |
2810 | strings in the file are not string-expanded. | |
2811 | ||
2812 | 42. If a MAIL command specified a SIZE value that was too large to fit into an | |
2813 | int variable, the check against message_size_limit failed. Such values are | |
2814 | now forced to INT_MAX, which is around 2Gb for a 32-bit variable. Maybe one | |
2815 | day this will have to be increased, but I don't think I want to be around | |
2816 | when emails are that large. | |
2817 | ||
2818 | ||
2819 | ||
2820 | Exim version 4.22 | |
2821 | ----------------- | |
2822 | ||
2823 | 1. Removed HAVE_ICONV=yes from OS/Makefile-FreeBSD, since it seems that | |
2824 | iconv() is not standard in FreeBSD. | |
2825 | ||
2826 | 2. Change 4.21/17 was buggy and could cause stack overwriting on a system with | |
2827 | IPv6 enabled. The observed symptom was a segmentation fault on return from | |
2828 | the function os_common_find_running_interfaces() in src/os.c. | |
2829 | ||
2830 | 3. In the check_special_case() function in daemon.c I had used "errno" as an | |
2831 | argument name, which causes warnings on some systems. This was basically a | |
2832 | typo, since it was named "eno" in the comments! | |
2833 | ||
2834 | 4. The code that waits for the clock to tick (at a resolution of some fraction | |
2835 | of a second) so as to ensure message-id uniqueness was always waiting for | |
2836 | at least one whole tick, when it could have waited for less. [This is | |
2837 | almost certainly not relevant at current processor speeds, where it is | |
2838 | unlikely to ever wait at all. But we try to future-proof.] | |
2839 | ||
2840 | 5. The function that sleeps for a time interval that includes fractions of a | |
2841 | second contained a race. It did not block SIGALRM between setting the | |
2842 | timer, and suspending (a couple of lines later). If the interval was short | |
2843 | and the sigsuspend() was delayed until after it had expired, the suspension | |
2844 | never ended. On busy systems this could lead to processes getting stuck for | |
2845 | ever. | |
2846 | ||
2847 | 6. Some uncommon configurations may cause a lookup to happen in a queue runner | |
2848 | process, before it forks any delivery processes. The open lookup caching | |
2849 | mechanism meant that the open file or database connection was passed into | |
2850 | the delivery process. The problem was that delivery processes always tidy | |
2851 | up cached lookup data. This could cause a problem for the next delivery | |
2852 | process started by the queue runner, because the external queue runner | |
2853 | process does not know about the closure. So the next delivery process | |
2854 | still has data in the lookup cache. In the case of a file lookup, there was | |
2855 | no problem because closing a file descriptor in a subprocess doesn't affect | |
2856 | the parent. However, if the lookup was caching a connection to a database, | |
2857 | the connection was closed, and the second delivery process was likely to | |
2858 | see errors such as "PGSQL: query failed: server closed the connection | |
2859 | unexpectedly". The problem has been fixed by closing all cached lookups | |
2860 | in a queue runner before running a delivery process. | |
2861 | ||
2862 | 7. Compiler warning on Linux for the second argument of iconv(), which doesn't | |
2863 | seem to have the "const" qualifier which it has on other OS. I've | |
2864 | parameterised it. | |
2865 | ||
2866 | 8. Change 4.21/2 was too strict. It is only if there are two authenticators | |
2867 | *of the same type* (client or server) with the same public name that an | |
2868 | error should be diagnosed. | |
2869 | ||
2870 | 9. When Exim looked up a host name for an IP address, but failed to find the | |
2871 | original IP address when looking up the host name (a safety check), it | |
2872 | output the message "<ip address> does not match any IP for NULL", which was | |
2873 | confusing, to say the least. The bug was that the host name should have | |
2874 | appeared instead of "NULL". | |
2875 | ||
2876 | 10. Since release 3.03, if Exim is called by a uid other than root or the Exim | |
2877 | user that is built into the binary, and the -C or -D options is used, root | |
2878 | privilege is dropped before the configuration file is read. In addition, | |
2879 | logging is switched to stderr instead of the normal log files. If the | |
2880 | configuration then re-defines the Exim user, the unprivileged environment | |
2881 | is probably not what is expected, so Exim logs a panic warning message (but | |
2882 | proceeds). | |
2883 | ||
2884 | However, if deliver_drop_privilege is set, the unprivileged state may well | |
2885 | be exactly what is intended, so the warning has been cut out in that case, | |
2886 | and Exim is allowed to try to write to its normal log files. | |
2887 | ||
2888 | ||
2889 | Exim version 4.21 | |
2890 | ----------------- | |
2891 | ||
2892 | 1. smtp_return_error_details was not giving details for temporary sender | |
2893 | or receiver verification errors. | |
2894 | ||
2895 | 2. Diagnose a configuration error if two authenticators have the same public | |
2896 | name. | |
2897 | ||
2898 | 3. Exim used not to create the message log file for a message until the first | |
2899 | delivery attempt. This could be confusing when incoming messages were held | |
2900 | for policy or load reasons. The message log file is now created at the time | |
2901 | the message is received, and an initial "Received" line is written to it. | |
2902 | ||
2903 | 4. The automatically generated man page for command line options had a minor | |
2904 | bug that caused no ill effects; however, a more serious problem was that | |
2905 | the procedure for building the man page automatically didn't always | |
2906 | operate. Consequently, release 4.20 contains an out-of-date version. This | |
2907 | shouldn't happen again. | |
2908 | ||
2909 | 5. When building Exim with embedded Perl support, the script that builds the | |
2910 | Makefile was calling 'perl' to find its compile-time parameters, ignoring | |
2911 | any setting of PERL_COMMAND in Local/Makefile. This is now fixed. | |
2912 | ||
2913 | 6. The freeze_tell option was not being used for messages that were frozen on | |
2914 | arrival, either by an ACL or by local_scan(). | |
2915 | ||
2916 | 7. Added the smtp_incomplete_transaction log selector. | |
2917 | ||
2918 | 8. After STARTTLS, Exim was not forgetting that it had advertised AUTH, so it | |
2919 | was accepting AUTH without a new EHLO. | |
2920 | ||
2921 | 9. Added tls_remember_esmtp to cope with YAEB. This allows AUTH and other | |
2922 | ESMTP extensions after STARTTLS without a new EHLO, in contravention of the | |
2923 | RFC. | |
2924 | ||
2925 | 10. Logging of TCP/IP connections (when configured) now happens in the main | |
2926 | daemon process instead of the child process, so that the TCP/IP connection | |
2927 | count is more accurate (but it can never be perfect). | |
2928 | ||
2929 | 11. The use of "drop" in a nested ACL was not being handled correctly in the | |
2930 | outer ACL. Now, if condition failure induced by the nested "drop" causes | |
2931 | the outer ACL verb to deny access ("accept" or "discard" after "endpass", | |
2932 | or "require"), the connection is dropped. | |
2933 | ||
2934 | 12. Similarly, "discard" in a nested ACL wasn't being handled. A nested ACL | |
2935 | that yield "discard" can now be used with an "accept" or a "discard" verb, | |
2936 | but an error is generated for any others (because I can't see a useful way | |
2937 | to define what should happen). | |
2938 | ||
2939 | 13. When an ACL is read dynamically from a file (or anywhere else), the lines | |
2940 | are now processed in the same way as lines in the Exim configuration file. | |
2941 | In particular, continuation lines are supported. | |
2942 | ||
2943 | 14. Added the "dnslists = a.b.c!=n.n.n.n" feature. | |
2944 | ||
2945 | 15. Added -ti meaning -t -i. | |
2946 | ||
2947 | 16. Check for letters, digits, hyphens, and dots in the names of dnslist | |
2948 | domains, and warn by logging if others are found. | |
2949 | ||
2950 | 17. At least on BSD, alignment is not guarenteed for the array of ifreq's | |
2951 | returned from GIFCONF when Exim is trying to find the list of interfaces on | |
2952 | a host. The code in os.c has been modified to copy each ifreq to an aligned | |
2953 | structure in all cases. | |
2954 | ||
2955 | Also, in some cases, the returned ifreq's were being copied to a 'struct | |
2956 | ifreq' on the stack, which was subsequently passed to host_ntoa(). That | |
2957 | means the last couple of bytes of an IPv6 address could be chopped if the | |
2958 | ifreq contained only a normal sockaddr (14 bytes storage). | |
2959 | ||
2960 | 18. Named domain lists were not supported in the hosts_treat_as_local option. | |
2961 | An entry such as +xxxx was not recognized, and was treated as a literal | |
2962 | domain name. | |
2963 | ||
2964 | 19. Ensure that header lines added by a DATA ACL are included in the reject log | |
2965 | if the ACL subsequently rejects the message. | |
2966 | ||
2967 | 20. Upgrade the cramtest.pl utility script to use Digest::MD5 instead of just | |
2968 | MD5 (which is deprecated). | |
2969 | ||
2970 | 21. When testing a filter file using -bf, Exim was writing a message when it | |
2971 | took the sender from a "From " line in the message, but it was not doing so | |
2972 | when it took $return_path from a Return-Path: header line. It now does. | |
2973 | ||
2974 | 22. If the contents of a "message" modifier for a "warn" ACL verb do not begin | |
2975 | with a valid header line field name (a series of printing characters | |
2976 | terminated by a colon, Exim now inserts X-ACL-Warn: at the beginning. | |
2977 | ||
2978 | 23. Changed "disc" in the source to "disk" to conform to the documentation and | |
2979 | the book and for uniformity. | |
2980 | ||
2981 | 24. Ignore Sendmail's -Ooption=value command line item. | |
2982 | ||
2983 | 25. When execve() failed while trying to run a command in a pipe transport, | |
2984 | Exim was returning EX_UNAVAILBLE (69) from the subprocess. However, this | |
2985 | could be confused with a return value of 69 from the command itself. This | |
2986 | has been changed to 127, the value the shell returns if it is asked to run | |
2987 | a non-existent command. The wording for the related log line suggests a | |
2988 | non-existent command as the problem. | |
2989 | ||
2990 | 26. If received_header_text expands to an empty string, do not add a Received: | |
2991 | header line to the message. (Well, it adds a token one on the spool, but | |
2992 | marks it "old" so that it doesn't get used or transmitted.) | |
2993 | ||
2994 | 27. Installed eximstats 1.28 (addition of -nt option). | |
2995 | ||
2996 | 28. There was no check for failure on the call to getsockname() in the daemon | |
2997 | code. This can fail if there is a shortage of resources on the system, with | |
2998 | ENOMEM, for example. A temporary error is now given on failure. | |
2999 | ||
3000 | 29. Contrary to the C standard, it seems that in some environments, the | |
3001 | equivalent of setlocale(LC_ALL, "C") is not obeyed at the start of a C | |
3002 | program. Exim now does this explicitly; it affects the formatting of | |
3003 | timestamps using strftime(). | |
3004 | ||
3005 | 30. If exiqsumm was given junk data, it threw up some uninitialized variable | |
3006 | complaints. I've now initialized all the variables, to avoid this. | |
3007 | ||
3008 | 32. Header lines added by a system filter were not being "seen" during | |
3009 | transport-time rewrites. | |
3010 | ||
3011 | 33. The info_callback() function passed to OpenSSL is set up with type void | |
3012 | (*)(SSL *, int, int), as described somewhere. However, when calling the | |
3013 | function (actually a macro) that sets it up, the type void(*)() is | |
3014 | expected. I've put in a cast to prevent warnings from picky compilers. | |
3015 | ||
3016 | 34. If a DNS black list lookup found a CNAME record, but there were no A | |
3017 | records associated with the domain it pointed at, Exim crashed. | |
3018 | ||
3019 | 35. If a DNS black list lookup returned more than one A record, Exim ignored | |
3020 | all but the first. It now scans all returned addresses if a particular IP | |
3021 | value is being sought. In this situation, the contents of the | |
3022 | $dnslist_value variable are a list of all the addresses, separated by a | |
3023 | comma and a space. | |
3024 | ||
3025 | 36. Tightened up the rules for host name lookups using reverse DNS. Exim used | |
3026 | to accept a host name and all its aliases if the forward lookup for any of | |
3027 | them yielded the IP address of the incoming connection. Now it accepts only | |
3028 | those names whose forward lookup yields the correct IP address. Any other | |
3029 | names are discarded. This closes a loophole whereby a rogue DNS | |
3030 | administrator could create reverse DNS records to break through a | |
3031 | wildcarded host restriction in an ACL. | |
3032 | ||
3033 | 37. If a user filter or a system filter that ran in a subprocess used any of | |
3034 | the numerical variables ($1, $2 etc), or $thisaddress, in a pipe command, | |
3035 | the wrong values were passed to the pipe command ($thisaddress had the | |
3036 | value of $0, $0 had the value of $1, etc). This bug was introduced by | |
3037 | change 4.11/101, and not discovered because I wrote an inadequate test. :-( | |
3038 | ||
3039 | 38. Improved the line breaking for long SMTP error messages from ACLs. | |
3040 | Previously, if there was no break point between 40 and 75 characters, Exim | |
3041 | left the rest of the message alone. Two changes have been made: (a) I've | |
3042 | reduced the minimum length to 35 characters; (b) if it can't find a break | |
3043 | point between 35 and 75 characters, it looks ahead and uses the first one | |
3044 | that it finds. This may give the occasional overlong line, but at least the | |
3045 | remaining text gets split now. | |
3046 | ||
3047 | 39. Change 82 of 4.11 was unimaginative. It assumed the limit on the number of | |
3048 | file descriptors might be low, and that setting 1000 would always raise it. | |
3049 | It turns out that in some environments, the limit is already over 1000 and | |
3050 | that lowering it causes trouble. So now Exim takes care not to decrease it. | |
3051 | ||
3052 | 40. When delivering a message, the value of $return_path is set to $sender_ | |
3053 | address at the start of routing (routers may change the value). By an | |
3054 | oversight, this default was not being set up when an address was tested by | |
3055 | -bt or -bv, which affected the outcome if any router or filter referred to | |
3056 | $return_path. | |
3057 | ||
3058 | 41. The idea of the "warn" ACL verb is that it adds a header or writes to the | |
3059 | log only when "message" or "log_message" are set. However, if one of the | |
3060 | conditions was an address verification, or a call to a nested ACL, the | |
3061 | messages generated by the underlying test were being passed through. This | |
3062 | no longer happens. The underlying message is available in $acl_verify_ | |
3063 | message for both "message" and "log_message" expansions, so it can be | |
3064 | passed through if needed. | |
3065 | ||
3066 | 42. Added RFC 2047 interpretation of header lines for $h_ expansions, with a | |
3067 | new expansion $bh_ to give the encoded byte string without charset | |
3068 | translation. Translation happens only if iconv() is available; HAVE_ICONV | |
3069 | indicates this at build time. HEADERS_CHARSET gives the charset to | |
3070 | translate to; headers_charset can change it in the configuration, and | |
3071 | "headers charset" can change it in an individual filter file. | |
3072 | ||
3073 | 43. Now that we have a default RFC 2047 charset (see above), the code in Exim | |
3074 | that creates RFC 2047 encoded "words" labels them as that charset instead | |
3075 | of always using iso-8859-1. The cases are (i) the explicit ${rfc2047: | |
3076 | expansion operator; (ii) when Exim creates a From: line for a local | |
3077 | message; (iii) when a header line is rewritten to include a "phrase" part. | |
3078 | ||
3079 | 44. Nasty bug in exiqsumm: the regex to skip already-delivered addresses was | |
3080 | buggy, causing it to skip the first lines of messages whose message ID | |
3081 | ended in 'D'. This would not have bitten before Exim release 4.14, because | |
3082 | message IDs were unlikely to end in 'D' before then. The effect was to have | |
3083 | incorrect size information for certain domains. | |
3084 | ||
3085 | 45. #include "config.h" was missing at the start of the crypt16.c module. This | |
3086 | caused trouble on Tru64 (aka OSF1) systems, because HAVE_CRYPT16 was not | |
3087 | noticed. | |
3088 | ||
3089 | 46. If there was a timeout during a "random" callout check, Exim treated it as | |
3090 | a failure of the random address, and carried on sending RSET and the real | |
3091 | address. If the delay was just some slowness somewhere, the response to the | |
3092 | original RCPT would be taken as a response to RSET and so on, causing | |
3093 | mayhem of various kinds. | |
3094 | ||
3095 | 47. Change 50 for 4.20 was a heap of junk. I don't know what I was thinking | |
3096 | when I implemented it. It didn't allow for the fact that some option values | |
3097 | may legitimatetly be negative (e.g. size_addition), and it didn't even do | |
3098 | the right test for positive values. | |
3099 | ||
3100 | 48. Domain names in DNS records are case-independent. Exim always looks them up | |
3101 | in lower case. Some resolvers return domain names in exactly the case they | |
3102 | appear in the zone file, that is, they may contain uppercase letters. Not | |
3103 | all resolvers do this - some return always lower case. Exim was treating a | |
3104 | change of case by a resolver as a change of domain, similar to a widening | |
3105 | of a domain abbreviation. This triggered its re-routing code and so it was | |
3106 | trying to route what was effectively the same domain again. This normally | |
3107 | caused routing to fail (because the router wouldn't handle the domain | |
3108 | twice). Now Exim checks for this case specially, and just changes the | |
3109 | casing of the domain that it ultimately uses when it transmits the message | |
3110 | envelope. | |
3111 | ||
3112 | 49. Added Sieve (RFC 3028) support, courtesy of Michael Haardt's contributed | |
3113 | module. | |
3114 | ||
3115 | 50. If a filter generated a file delivery with a non-absolute name (possible if | |
3116 | no home directory exists for the router), the forbid_file option was not | |
3117 | forbidding it. | |
3118 | ||
3119 | 51. Added '&' feature to dnslists, to provide bit mask matching in addition to | |
3120 | the existing equality matching. | |
3121 | ||
3122 | 52. Exim was using ints instead of ino_t variables in some places where it was | |
3123 | dealing with inode numbers. | |
3124 | ||
3125 | 53. If TMPDIR is defined in Local/Makefile (default in src/EDITME is | |
3126 | TMPDIR="/tmp"), Exim checks for the presence of an environment variable | |
3127 | called TMPDIR, and if it finds it is different, it changes its value. | |
3128 | ||
3129 | 54. The smtp_printf() function is now made available to local_scan() so | |
3130 | additional output lines can be written before returning. There is also an | |
3131 | smtp_fflush() function to enable the detection of a dropped connection. | |
3132 | The variables smtp_input and smtp_batched_input are exported to | |
3133 | local_scan(). | |
3134 | ||
3135 | 55. Changed the default runtime configuration: the message "Unknown user" | |
3136 | has been removed from the ACL, and instead placed on the localuser router, | |
3137 | using the cannot_route_message feature. This means that any verification | |
3138 | failures that generate their own messages won't get overridden. Similarly, | |
3139 | the "Unrouteable address" message that was in the ACL for unverifiable | |
3140 | relay addresses has also been removed. | |
3141 | ||
3142 | 56. Added hosts_avoid_esmtp to the smtp transport. | |
3143 | ||
3144 | 57. The exicyclog script was not checking for the esoteric option | |
3145 | CONFIGURE_FILE_USE_EUID in the Local/Makefile. It now does this, but it | |
3146 | will work only if exicyclog is run under the appropriate euid. | |
3147 | ||
3148 | 58. Following a discussion on the list, the rules by which Exim recognises line | |
3149 | endings on incoming messages have been changed. The -dropcr and drop_cr | |
3150 | options are now no-ops, retained only for backwards compatibility. The | |
3151 | following line terminators are recognized: LF CRLF CR. However, special | |
3152 | processing applies to CR: | |
3153 | ||
3154 | (i) The sequence CR . CR does *not* terminate an incoming SMTP message, | |
3155 | nor a local message in the state where . is a terminator. | |
3156 | ||
3157 | (ii) If a bare CR is encountered in a header line, an extra space is added | |
3158 | after the line terminator so as not to end the header. The reasoning | |
3159 | behind this is that bare CRs in header lines are most likely either | |
3160 | to be mistakes, or people trying to play silly games. | |
3161 | ||
3162 | 59. The size of a message, as listed by "-bp" or in the Exim monitor window, | |
3163 | was being incorrectly given as 18 bytes larger than it should have been. | |
3164 | This is a VOB (very old bug). | |
3165 | ||
3166 | 60. This may never have affected anything current, but just in case it has: | |
3167 | When the local host is found other than at the start of a list of hosts, | |
3168 | the local host, those with the same MX, and any that follow, are discarded. | |
3169 | When the list in question was part of a longer list of hosts, the following | |
3170 | hosts (not currently being processed) were also being discarded. This no | |
3171 | longer happens. I'm not sure if this situation could ever has previously | |
3172 | arisen. | |
3173 | ||
3174 | 61. Added the "/MX" feature to lists of hosts in the manualroute and query | |
3175 | program routers. | |
3176 | ||
3177 | 62. Whenever Exim generates a new message, it now adds an Auto-Submitted: | |
3178 | header. This is something that is recommended in a new Internet Draft, and | |
3179 | is something that is documented as being done by Sendmail. There are two | |
3180 | possible values. For messages generated by the autoreply transport, Exim | |
3181 | adds: | |
3182 | ||
3183 | Auto-Submitted: auto-replied | |
3184 | ||
3185 | whereas for all other generated messages (e.g. bounces) it adds | |
3186 | ||
3187 | Auto-Submitted: auto-generated | |
3188 | ||
3189 | 63. The "personal" condition in filters now includes a test for the | |
3190 | Auto-Submitted: header. If it contains the string "auto-" the message it | |
3191 | not considered personal. | |
3192 | ||
3193 | 64. Added rcpt_include_affixes as a generic transport option. | |
3194 | ||
3195 | 65. Added queue_only_override (default true). | |
3196 | ||
3197 | 66. Added the syslog_duplication option. | |
3198 | ||
3199 | 67. If what should have been the first header line of a message consisted of | |
3200 | a space followed by a colon, Exim was mis-interpreting it as a header line. | |
3201 | It isn't of course - it is syntactically invalid and should therefore be | |
3202 | treated as the start of the message body. The misbehaviour could have | |
3203 | caused a number of strange effects, including loss of data in subsequent | |
3204 | header lines, and spool format errors. | |
3205 | ||
3206 | 68. Formerly, the AUTH parameter on a MAIL command was trusted only if the | |
3207 | client host had authenticated. This control can now be exercised by an ACL | |
3208 | for more flexibility. | |
3209 | ||
3210 | 69. By default, callouts do not happen when testing with -bh. There is now a | |
3211 | variant, -bhc, which does actually run the callout code, including | |
3212 | consulting and updating the callout cache. | |
3213 | ||
3214 | 70. Added support for saslauthd authentication, courtesy of Alexander | |
3215 | Sabourenkov. | |
3216 | ||
3217 | 71. If statvfs() failed on the spool or log directories while checking their | |
3218 | size for availability, Exim confusingly gave the error "space shortage". | |
3219 | Furthermore, in debugging mode it crashed with a floating point exception. | |
3220 | These checks are done if check_{spool,log}_{space,inodes} are set, and when | |
3221 | an SMTP message arrives with SIZE= on the MAIL command. As this is a really | |
3222 | serious problem, Exim now writes to the main and panic logs when this | |
3223 | happens, with details of the failure. It then refuses to accept the | |
3224 | incoming message, giving the message "spool directory problem" or "log | |
3225 | directory problem" with a 421 code for SMTP messages. | |
3226 | ||
3227 | 72. When Exim is about to re-exec itself, it ensures that the file descriptors | |
3228 | 0, 1, and 2 exist, because some OS complain for execs without them (see | |
3229 | ChangeLog 4.05/30). If necessary, Exim opens /dev/null to use for these | |
3230 | descriptors. However, the code omitted to check that the open succeeded, | |
3231 | causing mysterious errors if for some reason the permissions on /dev/null | |
3232 | got screwed. Now Exim writes a message to the main and panic logs, and | |
3233 | bombs out if it can't open /dev/null. | |
3234 | ||
3235 | 73. Re-vamped the way daemon_smtp_port, local_interfaces, and -oX work and | |
3236 | interact so that it is all more flexible. It is supposed to remain | |
3237 | backwards compatible. Also added extra_local_interfaces. | |
3238 | ||
3239 | 74. Invalid data sent to a SPA (NTLM) server authenticator could cause the code | |
3240 | to bomb out with an assertion failure - to the client this appears as a | |
3241 | connection drop. This problem occurs in the part of the code that was taken | |
3242 | from the Samba project. Fortunately, the assertion is in a very simple | |
3243 | function, so I have fixed this by reproducing the function inline in the | |
3244 | one place where it is called, and arranging for authentication to fail | |
3245 | instead of killing the process with assert(). | |
3246 | ||
3247 | 75. The SPA client code was not working when the server requested OEM rather | |
3248 | than Unicode encoding. | |
3249 | ||
3250 | 76. Added code to make require_files with a specific uid setting more usable in | |
3251 | the case where statting the file as root fails - usually a non-root-mounted | |
3252 | NFS file system. When this happens and the failure is EACCES, Exim now | |
3253 | forks a subprocess and does the per-uid checking as the relevant uid. | |
3254 | ||
3255 | 77. Added process_log_path. | |
3256 | ||
3257 | 78. If log_file_path was not explicitly set, a setting of check_log_space or | |
3258 | check_log_inodes was ignored. | |
3259 | ||
3260 | 79. If a space check for the spool or log partitions fails, the incident is now | |
3261 | logged. Of course, in the latter case the data may get lost... | |
3262 | ||
3263 | 80. Added the %p formatting code to string_format() so that it can be used to | |
3264 | print addresses in debug_print(). Adjusted all the address printing in the | |
3265 | debugging in store.c to use %p rather than %d. | |
3266 | ||
3267 | 81. There was a concern that a line of code in smtp_in.c could overflow a | |
3268 | buffer if a HELO/EHLO command was given followed by 500 or so spaces. As | |
3269 | initially expressed, the concern was not well-founded, because trailing | |
3270 | spaces are removed early. However, if the trailing spaces were followed by | |
3271 | a NULL, they did not get removed, so the overflow was possible. Two fixes | |
3272 | were applied: | |
3273 | ||
3274 | (a) I re-wrote the offending code in a cleaner fashion. | |
3275 | (b) If an incoming SMTP command contains a NULL character, it is rejected | |
3276 | as invalid. | |
3277 | ||
3278 | 82. When Exim changes uid/gid to the Exim user at daemon start time, it now | |
3279 | runs initgroups(), so that if the Exim user is in any additional groups, | |
3280 | they will be used during message reception. | |
3281 | ||
3282 | ||
3283 | Exim version 4.20 | |
3284 | ----------------- | |
3285 | ||
3286 | The change log for 4.20 and earlier releases has been archived. | |
3287 | ||
3288 | **** |