Provide readn() as a wrapper around read()
[exim.git] / doc / doc-txt / ChangeLog
CommitLineData
495ae4b0 1Change log file for Exim from version 4.21
f988ce57 2------------------------------------------
446415f5
HSHR
3This document describes *changes* to previous versions, that might
4affect Exim's operation, with an unchanged configuration file. For new
5options, and new features, see the NewStuff file next to this ChangeLog.
495ae4b0 6
4c57a40e 7
acfc18c3
PP
8Exim version 4.90
9-----------------
10
11JH/01 Rework error string handling in TLS interface so that the caller in
12 more cases is responsible for logging. This permits library-sourced
13 string to be attached to addresses during delivery, and collapses
14 pairs of long lines into single ones.
15
856d1e16
PP
16PP/01 Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
17 during configuration. Wildcards are allowed and expanded.
18
b9df1829
JH
19JH/02 Rework error string handling in DKIM to pass more info back to callers.
20 This permits better logging.
21
875512a3
JH
22JH/03 Rework the transport continued-connection mechanism: when TLS is active,
23 do not close it down and have the child transport start it up again on
24 the passed-on TCP connection. Instead, proxy the child (and any
25 subsequent ones) for TLS via a unix-domain socket channel. Logging is
26 affected: the continued delivery log lines do not have any DNSSEC, TLS
5013d912 27 Certificate or OCSP information. TLS cipher information is still logged.
875512a3 28
fc3f96af
JH
29JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of
30 identical IP addresses on different listening ports. Will also affect
31 "exiwhat" output.
32
98913c8e
BK
33PP/02 Bug 2070: uClibc defines __GLIBC__ without providing glibc headers;
34 add noisy ifdef guards to special-case this sillyness.
35 Patch from Bernd Kuhls.
36
8d909960
JH
37JH/05 Tighten up the checking in isip4 (et al): dotted-quad components larger
38 than 255 are no longer allowed.
39
7006ee24
JH
40JH/06 Default openssl_options to include +no_ticket, to reduce load on peers.
41 Disable the session-cache too, which might reduce our load. Since we
42 currrectly use a new context for every connection, both as server and
43 client, there is no benefit for these.
44 GnuTLS appears to not support tickets server-side by default (we don't
45 call gnutls_session_ticket_enable_server()) but client side is enabled
46 by default on recent versions (3.1.3 +) unless the PFS priority string
47 is used (3.2.4 +).
48
6e411084
PP
49PP/03 Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
50 <https://reproducible-builds.org/specs/source-date-epoch/>.
51
4c2471ca
JH
52JH/07 Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously
53 the check for any unsuccessful recipients did not notice the limit, and
54 erroneously found still-pending ones.
55
4e910c01
JH
56JH/08 Pipeline CHUNKING command and data together, on kernels that support
57 MSG_MORE. Only in-clear (not on TLS connections).
58
42055a33
JH
59JH/09 Avoid using a temporary file during transport using dkim. Unless a
60 transport-filter is involved we can buffer the headers in memory for
61 creating the signature, and read the spool data file once for the
62 signature and again for transmission.
63
eeb35890
JH
64JH/10 Enable use of sendfile in Linux builds as default. It was disabled in
65 4.77 as the kernel support then wasn't solid, having issues in 64bit
7d758a6a 66 mode. Now, it's been long enough. Add support for FreeBSD also.
eeb35890 67
b7d3afcf
JH
68JH/11 Bug 2104: Fix continued use of a transport connection with TLS. In the
69 case where the routing stage had gathered several addresses to send to
70 a host before calling the transport for the first, we previously failed
71 to close down TLS in the old transport process before passing the TCP
72 connection to the new process. The new one sent a STARTTLS command
73 which naturally failed, giving a failed delivery and bloating the retry
74 database. Investigation and fix prototype from Wolfgang Breyha.
75
40525d07
JH
76JH/12 Fix check on SMTP command input synchronisation. Previously there were
77 false-negatives in the check that the sender had not preempted a response
78 or prompt from Exim (running as a server), due to that code's lack of
a5ffa9b4 79 awareness of the SMTP input buffering.
40525d07 80
f33875c3
PP
81PP/04 Add commandline_checks_require_admin option.
82 Exim drops privileges sanely, various checks such as -be aren't a
83 security problem, as long as you trust local users with access to their
84 own account. When invoked by services which pass untrusted data to
85 Exim, this might be an issue. Set this option in main configuration
86 AND make fixes to the calling application, such as using `--` to stop
87 processing options.
88
a5ffa9b4
JH
89JH/13 Do pipelining under TLS. Previously, although safe, no advantage was
90 taken. Now take care to pack both (client) MAIL,RCPT,DATA, and (server)
91 responses to those, into a single TLS record each way (this usually means
92 a single packet). As a side issue, smtp_enforce_sync now works on TLS
93 connections.
925ac8e4 94
6600985a
PP
95PP/05 OpenSSL/1.1: use DH_bits() for more accurate DH param sizes. This
96 affects you only if you're dancing at the edge of the param size limits.
97 If you are, and this message makes sense to you, then: raise the
98 configured limit or use OpenSSL 1.1. Nothing we can do for older
99 versions.
100
ac4d558b
JH
101JH/14 For the "sock" variant of the malware scanner interface, accept an empty
102 cmdline element to get the documented default one. Previously it was
103 inaccessible.
104
e69636bc
JH
105JH/15 Fix a crash in the smtp transport caused when two hosts in succession
106 are unsuable for non-message-specific reasons - eg. connection timeout,
107 banner-time rejection.
108
a843a57e
JH
109JH/16 Fix logging of delivery remote port, when specified by router, under
110 callout/hold.
111
8e041ae0
PP
112PP/06 Repair manualroute's ability to take options in any order, even if one
113 is the name of a transport.
833c70bc
PP
114 Fixes bug 2140.
115
35a04365
HSHR
116HS/01 Cleanup, prevent repeated use of -p/-oMr (CVE-2017-1000369)
117
4226691b
JH
118JH/17 Change the list-building routines interface to use the expanding-string
119 triplet model, for better allocation and copying behaviour.
120
d185889f
JH
121JH/18 Prebuild the data-structure for "builtin" macros, for faster startup.
122 Previously it was constructed the first time a possibly-matching string
123 was met in the configuration file input during startup; now it is done
124 during compilation.
125
0a6c178c
JH
126JH/19 Bug 2141: Use the full-complex API for Berkeley DB rather than the legacy-
127 compatible one, to avoid the (poorly documented) possibility of a config
128 file in the working directory redirecting the DB files, possibly correpting
02745400 129 some existing file. CVE-2017-10140 assigned for BDB.
0a6c178c 130
fae8970d
JH
131JH/20 Bug 2147: Do not defer for a verify-with-callout-and-random which is not
132 cache-hot. Previously, although the result was properly cached, the
133 initial verify call returned a defer.
134
ad1a76fe 135JH/21 Bug 2151: Avoid using SIZE on the MAIL for a callout verify, on any but
14de8063
JH
136 the main verify for receipient in uncached-mode.
137
ad1a76fe
JH
138JH/22 Retire historical build files to an "unsupported" subdir. These are
139 defined as "ones for which we have no current evidence of testing".
140
135e9496
JH
141JH/23 DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field,
142 if present. Previously it was ignored.
143
f2ed27cf
JH
144JH/24 Start using specified-initialisers in C structure init coding. This is
145 a C99 feature (it's 2017, so now considered safe).
146
7eb0e5d2
JH
147JH/25 Use one-bit bitfields for flags in the "addr" data structure. Previously
148 if was a fixed-sized field and bitmask ops via macros; it is now more
149 extensible.
150
4f9f4be4
151PP/07 GitHub PR 56: Apply MariaDB build fix.
152 Patch provided by Jaroslav Škarvada.
153
dc4de9cc
PP
154PP/08 Bug 2161: Fix regression in sieve quoted-printable handling introduced
155 during Coverity cleanups [4.87 JH/47]
156 Diagnosis and fix provided by Michael Fischer v. Mollard.
157
ea18931d
JH
158JH/26 Fix DKIM bug: when the pseudoheader generated for signing was exactly
159 the right size to place the terminating semicolon on its own folded
160 line, the header hash was calculated to an incorrect value thanks to
161 the (relaxed) space the fold became.
162
2cee425a
HSHR
163HS/02 Fix Bug 2130: large writes from the transport subprocess where chunked
164 and confused the parent.
165
acfc18c3 166
fd047340 167Exim version 4.89
acfc18c3 168-----------------
4c57a40e 169
9427e879 170JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules
4c04137d 171 than -2003 did; needs libidn2 in addition to libidn.
fd047340 172
7b283890
JH
173JH/02 The path option on a pipe transport is now expanded before use.
174
4c57a40e
PP
175PP/01 GitHub PR 50: Do not call ldap_start_tls_s on ldapi:// connections.
176 Patch provided by "Björn", documentation fix added too.
177
5d036699
JH
178JH/03 Bug 2003: fix Proxy Protocol v2 handling: the address size field was
179 missing a wire-to-host endian conversion.
180
f4630439
JH
181JH/04 Bug 2004: fix CHUNKING in non-PIPELINEING mode. Chunk data following
182 close after a BDAT command line could be taken as a following command,
183 giving a synch failure. Fix by only checking for synch immediately
184 before acknowledging the chunk.
185
f988ce57
JS
186PP/02 GitHub PR 52: many spelling fixes, which include fixing parsing of
187 no_require_dnssec option and creation of _HAVE_TRANSPORT_APPEND_MAILDIR
188 macro. Patches provided by Josh Soref.
189
bd8fbe36
JH
190JH/05 Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
191 Previously we did not; the RFC seems ambiguous and VRFY is not listed
192 by IANA as a service extension. However, John Klensin suggests that we
193 should.
194
195JH/06 Bug 2017: Fix DKIM verification in -bh test mode. The data feed into
b895f4b2
JH
196 the dkim code may be unix-mode line endings rather than smtp wire-format
197 CRLF, so prepend a CR to any bare LF.
fd047340 198
bd8fbe36 199JH/07 Rationalise the coding for callout smtp conversations and transport ones.
902fbd69
JH
200 As a side-benfit, callouts can now use PIPELINING hence fewer round-trips.
201
bd8fbe36
JH
202JH/08 Bug 2016: Fix DKIM verification vs. CHUNKING. Any BDAT commands after
203 the first were themselves being wrongly included in the feed into dkim
204 processing; with most chunk sizes in use this resulted in an incorrect
205 body hash calculated value.
206
eea19017
JH
207JH/09 Bug 2014: permit inclusion of a DKIM-Signature header in a received
208 DKIM signature block, for verification. Although advised against by
209 standards it is specifically not ruled illegal.
210
44e6651b
JH
211JH/10 Bug 2025: Fix reception of (quoted) local-parts with embedded spaces.
212
213JH/11 Bug 2029: Fix crash in DKIM verification when a message signature block is
214 missing a body hash (the bh= tag).
215
216JH/12 Bug 2018: Re-order Proxy Protocol startup versus TLS-on-connect startup.
217 It seems that HAProxy sends the Proxy Protocol information in clear and
218 only then does a TLS startup, so do the same.
219
220JH/13 Bug 2027: Avoid attempting to use TCP Fast Open for non-transport client
221 TCP connections (such as for Spamd) unless the daemon successfully set
222 Fast Open mode on its listening sockets. This fixes breakage seen on
223 too-old kernels or those not configured for Fast Open, at the cost of
224 requiring both directions being enabled for TFO, and TFO never being used
225 by non-daemon-related Exim processes.
226
227JH/14 Bug 2000: Reject messages recieved with CHUNKING but with malformed line
228 endings, at least on the first header line. Try to canonify any that get
229 past that check, despite the cost.
230
b6040544
JH
231JH/15 Angle-bracket nesting (an error inserted by broken sendmails) levels are
232 now limited to an arbitrary five deep, while parsing addresses with the
233 strip_excess_angle_brackets option enabled.
234
f700ea4d
PP
235PP/03 Bug 2018: For Proxy Protocol and TLS-on-connect, do not over-read and
236 instead leave the unprompted TLS handshake in socket buffer for the
237 TLS library to consume.
238
da88acae
PP
239PP/04 Bug 2018: Also handle Proxy Protocol v2 safely.
240
f6ef9370
PP
241PP/05 FreeBSD compat: handle that Ports no longer create /usr/bin/perl
242
90341c71
JH
243JH/16 Drop variables when they go out of scope. Memory management drops a whole
244 region in one operation, for speed, and this leaves assigned pointers
245 dangling. Add checks run only under the testsuite which checks all
246 variables at a store-reset and panics on a dangling pointer; add code
247 explicitly nulling out all the variables discovered. Fixes one known
248 bug: a transport crash, where a dangling pointer for $sending_ip_address
249 originally assigned in a verify callout, is re-used.
250
1ec2ab36
PP
251PP/06 Drop '.' from @INC in various Perl scripts.
252
253PP/07 Switch FreeBSD iconv to always use the base-system libc functions.
254
255PP/08 Reduce a number of compilation warnings under clang; building with
256 CC=clang CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses
257 should be warning-free.
258
8b2b9480
PP
259JH/17 Fix inbound CHUNKING when DKIM disabled at runtime.
260
261HS/01 Fix portability problems introduced by PP/08 for platforms where
262 realloc(NULL) is not equivalent to malloc() [SunOS et al].
263
d953610f
HSHR
264HS/02 Bug 1974: Fix missing line terminator on the last received BDAT
265 chunk. This allows us to accept broken chunked messages. We need a more
266 general solution here.
267
7dc5f827
PP
268PP/09 Wrote util/chunking_fixqueue_finalnewlines.pl to help recover
269 already-broken messages in the queue.
270
4bb432cb
PP
271JH/18 Bug 2061: Fix ${extract } corrupting an enclosing ${reduce } $value.
272
3b1a84c8
PP
273JH/19 Fix reference counting bug in routing-generated-address tracking.
274
902fbd69 275
8d042305
JH
276Exim version 4.88
277-----------------
4c57a40e 278
9094b84b
JH
279JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
280 supports it and a size is available (ie. the sending peer gave us one).
8d042305 281
03d5892b
JH
282JH/02 The obsolete acl condition "demime" is removed (finally, after ten
283 years of being deprecated). The replacements are the ACLs
284 acl_smtp_mime and acl_not_smtp_mime.
285
4b0fe319
JH
286JH/03 Upgrade security requirements imposed for hosts_try_dane: previously
287 a downgraded non-dane trust-anchor for the TLS connection (CA-style)
288 or even an in-clear connection were permitted. Now, if the host lookup
289 was dnssec and dane was requested then the host is only used if the
290 TLSA lookup succeeds and is dnssec. Further hosts (eg. lower priority
291 MXs) will be tried (for hosts_try_dane though not for hosts_require_dane)
292 if one fails this test.
293 This means that a poorly-configured remote DNS will make it incommunicado;
294 but it protects against a DNS-interception attack on it.
295
789f8a4f
JH
296JH/04 Bug 1810: make continued-use of an open smtp transport connection
297 non-noisy when a race steals the message being considered.
298
23bb6982 299JH/05 If main configuration option tls_certificate is unset, generate a
f59aaaaa 300 self-signed certificate for inbound TLS connections.
23bb6982 301
0bd1b1ed 302JH/06 Bug 165: hide more cases of password exposure - this time in expansions
f42deca9 303 in rewrites and routers.
0bd1b1ed 304
20b9a2dc
JH
305JH/07 Retire gnutls_require_mac et.al. These were nonfunctional since 4.80
306 and logged a warning sing 4.83; now they are a configuration file error.
307
05392bbc
JH
308JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name
309 (lacking @domain). Apply the same qualification processing as RCPT.
310
1a6230a3
JH
311JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode.
312
cfab9d68
JH
313JH/10 Support ${sha256:} applied to a string (as well as the previous
314 certificate).
315
98c82a3d
JH
316JH/11 Cutthrough: avoid using the callout hints db on a verify callout when
317 a cutthrough deliver is pending, as we always want to make a connection.
318 This also avoids re-routing the message when later placing the cutthrough
319 connection after a verify cache hit.
320 Do not update it with the verify result either.
321
322JH/12 Cutthrough: disable when verify option success_on_redirect is used, and
323 when routing results in more than one destination address.
324
ae8386f0
JH
325JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim
326 signing (which inhibits the cutthrough capability). Previously only
327 the presence of an option was tested; now an expansion evaluating as
328 empty is permissible (obviously it should depend only on data available
329 when the cutthrough connection is made).
330
0d9fa8c0
JH
331JH/14 Fix logging of errors under PIPELINING. Previously the log line giving
332 the relevant preceding SMTP command did not note the pipelining mode.
333
3581f321
JH
334JH/15 Fix counting of empty lines in $body_linecount and $message_linecount.
335 Previously they were not counted.
336
ef3a1a30
JH
337JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same
338 as one having no matching records. Previously we deferred the message
339 that needed the lookup.
340
4c04137d 341JH/17 Fakereject: previously logged as a normal message arrival "<="; now
27b9e5f4
JH
342 distinguished as "(=".
343
1435d4b2
JH
344JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work
345 for missing MX records. Previously it only worked for missing A records.
346
eea0defe
JB
347JH/19 Bug 1850: support Radius libraries that return REJECT_RC.
348
349JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops
350 after the data-go-ahead and data-ack. Patch from Jason Betts.
860cdda2 351
4c04137d 352JH/21 Bug 1846: Send DMARC forensic reports for reject and quarantine results,
72a201e2
TM
353 even for a "none" policy. Patch from Tony Meyer.
354
1c788856
JH
355JH/22 Fix continued use of a connection for further deliveries. If a port was
356 specified by a router, it must also match for the delivery to be
357 compatible.
358
e3b1f624
JH
359JH/23 Bug 1874: fix continued use of a connection for further deliveries.
360 When one of the recipients of a message was unsuitable for the connection
361 (has no matching addresses), we lost track of needing to mark it
362 deferred. As a result mail would be lost.
363
a57ce043
JH
364JH/24 Bug 1832: Log EHLO response on getting conn-close response for HELO.
365
f59aaaaa 366JH/25 Decoding ACL controls is now done using a binary search; the source code
2d009132
JH
367 takes up less space and should be simpler to maintain. Merge the ACL
368 condition decode tables also, with similar effect.
d7bed771 369
d1f9fb42
JH
370JH/26 Fix problem with one_time used on a redirect router which returned the
371 parent address unchanged. A retry would see the parent address marked as
372 delivered, so not attempt the (identical) child. As a result mail would
373 be lost.
374
92b0827a
JH
375JH/27 Fix a possible security hole, wherein a process operating with the Exim
376 UID can gain a root shell. Credit to http://www.halfdog.net/ for
377 discovery and writeup. Ubuntu bug 1580454; no bug raised against Exim
378 itself :(
379
ddf1b11a
JH
380JH/28 Enable {spool,log} filesystem space and inode checks as default.
381 Main config options check_{log,spool}_{inodes,space} are now
382 100 inodes, 10MB unless set otherwise in the configuration.
383
3cc3f762
JH
384JH/29 Fix the connection_reject log selector to apply to the connect ACL.
385 Previously it only applied to the main-section connection policy
386 options.
387
ae5afa61
JH
388JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext.
389
317e40ac
PP
390PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
391 by me. Added RFC7919 DH primes as an alternative.
392
8b0fb68e
PP
393PP/02 Unbreak build via pkg-config with new hash support when crypto headers
394 are not in the system include path.
395
ad7fc6eb 396JH/31 Fix longstanding bug with aborted TLS server connection handling. Under
f59aaaaa 397 GnuTLS, when a session startup failed (eg because the client disconnected)
ad7fc6eb
JH
398 Exim did stdio operations after fclose. This was exposed by a recent
399 change which nulled out the file handle after the fclose.
ad7fc6eb 400
ee5b1e28
JH
401JH/32 Bug 1909: Fix OCSP proof verification for cases where the proof is
402 signed directly by the cert-signing cert, rather than an intermediate
403 OCSP-signing cert. This is the model used by LetsEncrypt.
404
5ddc9771
JH
405JH/33 Bug 1914: Ensure socket is nonblocking before draining after SMTP QUIT.
406
8d73599f
JH
407HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on
408 an incoming connection.
409
446415f5
HSHR
410HS/02 Bug 1802: Do not half-close the connection after sending a request
411 to rspamd.
412
8e53a4fc
HSHR
413HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2
414 fallback to "prime256v1".
8d042305 415
87cb4a16 416JH/34 SECURITY: Use proper copy of DATA command in error message.
4c57a40e 417 Could leak key material. Remotely exploitable. CVE-2016-9963.
87cb4a16
JH
418
419
0d9b78be
JH
420Exim version 4.87
421-----------------
4c57a40e 422
82d14d6a
JH
423JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16
424 and 3.4.4 - once the server is enabled to respond to an OCSP request
425 it does even when not requested, resulting in a stapling non-aware
426 client dropping the TLS connection.
0d9b78be 427
6c6d6e48
TF
428TF/01 Code cleanup: Overhaul the debug_selector and log_selector machinery to
429 support variable-length bit vectors. No functional change.
430
ac881e27
TF
431TF/02 Improve the consistency of logging incoming and outgoing interfaces.
432 The I= interface field on outgoing lines is now after the H= remote
433 host field, same as incoming lines. There is a separate
434 outgoing_interface log selector which allows you to disable the
435 outgoing I= field.
436
c8899c20
JH
437JH/02 Bug 728: Close logfiles after a daemon-process "exceptional" log write.
438 If not running log_selector +smtp_connection the mainlog would be held
439 open indefinitely after a "too many connections" event, including to a
440 deleted file after a log rotate. Leave the per net connection logging
441 leaving it open for efficiency as that will be quickly detected by the
442 check on the next write.
443
f1b81d81
HSHR
444HS/01 Bug 1671: Fix post transport crash.
445 Processing the wait-<transport> messages could crash the delivery
446 process if the message IDs didn't exist for some reason. When
447 using 'split_spool_directory=yes' the construction of the spool
448 file name failed already, exposing the same netto behaviour.
449
f38917cc
JH
450JH/03 Bug 425: Capture substrings in $regex1, $regex2 etc from regex &
451 mime_regex ACL conditions.
452
895fbaf2
JH
453JH/04 Bug 1686: When compiled with EXPERIMENTAL_DSN_INFO: Add extra information
454 to DSN fail messages (bounces): remote IP, remote greeting, remote response
455 to HELO, local diagnostic string.
456
805bb5c3
JH
457JH/05 Downgrade message for a TLS-certificate-based authentication fail from
458 log line to debug. Even when configured with a tls authenticator many
459 client connections are expected to not authenticate in this way, so
460 an authenticate fail is not an error.
461
56c2a7be
HSHR
462HS/02 Add the Exim version string to the process info. This way exiwhat
463 gives some more detail about the running daemon.
464
4c04137d 465JH/06 Bug 1395: time-limit caching of DNS lookups, to the TTL value. This may
14b3c5bc
JH
466 matter for fast-change records such as DNSBLs.
467
6f6dedcc
JH
468JH/07 Bug 1678: Always record an interface option value, if set, as part of a
469 retry record, even if constant. There may be multiple transports with
470 different interface settings and the retry behaviour needs to be kept
471 distinct.
472
0f557e90
JH
473JH/08 Bug 1586: exiqgrep now refuses to run if there are unexpected arguments.
474
475JH/09 Bug 1700: ignore space & tab embedded in base64 during decode.
476
ec0eb1a3
JH
477JH/10 Bug 840: fix log_defer_output option of pipe transport
478
41e93589
JH
479JH/11 Bug 830: use same host for all RCPTS of a message, even under
480 hosts_randomize. This matters a lot when combined with mua_wrapper.
481
98b98887 482JH/12 Bug 1706: percent and underbar characters are no longer escaped by the
376d2ec0
JH
483 ${quote_pgsql:<string>} operator.
484
98b98887
JH
485JH/13 Bug 1708: avoid misaligned access in cached lookup.
486
858e91c2
JH
487JH/14 Change header file name for freeradius-client. Relevant if compiling
488 with Radius support; from the Gentoo tree and checked under Fedora.
489
490JH/15 Bug 1712: Introduce $prdr_requested flag variable
491
6ff55e50
JH
492JH/16 Bug 1714: Permit an empty string as expansion result for transport
493 option transport_filter, meaning no filtering.
494
3b957582
JB
495JH/17 Bug 1713: Fix non-PDKIM_DEBUG build. Patch from Jasen Betts.
496
23f3dc67
JH
497JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now
498 defaults to "*" (all hosts). The variable is now available when not built
4c04137d 499 with TLS, default unset, mainly to enable keeping the testsuite sane.
23f3dc67
JH
500 If a server certificate is not supplied (via tls_certificate) an error is
501 logged, and clients will find TLS connections fail on startup. Presumably
502 they will retry in-clear.
503 Packagers of Exim are strongly encouraged to create a server certificate
504 at installation time.
505
240c288f
JH
506HS/03 Add -bP config_file as a synonym for -bP configure_file, for consistency
507 with the $config_file variable.
508
5ef5dd52
JB
509JH/19 Two additional event types: msg:rcpt:defer and msg:rcpt:host:defer. Both
510 in transport context, after the attempt, and per-recipient. The latter type
511 is per host attempted. The event data is the error message, and the errno
512 information encodes the lookup type (A vs. MX) used for the (first) host,
4c04137d 513 and the trailing two digits of the smtp 4xx response.
5ef5dd52 514
e161710d
GF
515GF/01 Bug 1715: Fix for race condition in exicyclog, where exim could attempt
516 to write to mainlog (or rejectlog, paniclog) in the window between file
517 creation and permissions/ownership being changed. Particularly affects
518 installations where exicyclog is run as root, rather than exim user;
519 result is that the running daemon panics and dies.
520
a159f203
JH
521JH/20 Bug 1701: For MySQL lookups, support MySQL config file option group names.
522
7f06582c
JH
523JH/21 Bug 1720: Add support for priority groups and weighted-random proxy
524 selection for the EXPERIMENTAL_SOCKS feature, via new per-proxy options
525 "pri" and "weight". Note that the previous implicit priority given by the
526 list order is no longer honoured.
527
4c04137d 528JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalization
abe1010c
JH
529 for DKIM processing.
530
f0989ec0
JH
531JH/23 Move SOCKS5 support from Experimental to mainline, enabled for a build
532 by defining SUPPORT_SOCKS.
74f150bf 533
cee5f132
JH
534JH/26 Move PROXY support from Experimental to mainline, enabled for a build
535 by defining SUPPORT_PROXY. Note that the proxy_required_hosts option
e6d2a989
JH
536 is renamed to hosts_proxy, and the proxy_{host,target}_{address,port}.
537 variables are renamed to proxy_{local,external}_{address,port}.
cee5f132 538
8c5d388a
JH
539JH/27 Move Internationalisation support from Experimental to mainline, enabled
540 for a build by defining SUPPORT_I18N
541
2d8d625b
JH
542JH/28 Bug 1745: Fix redis lookups to handle (quoted) spaces embedded in parts
543 of the query string, and make ${quote_redis:} do that quoting.
544
0cbf2b82
JH
545JH/29 Move Events support from Experimental to mainline, enabled by default
546 and removable for a build by defining DISABLE_EVENT.
547
f2f2c91b
JH
548JH/30 Updated DANE implementation code to current from Viktor Dukhovni.
549
ce325893
JH
550JH/31 Fix bug with hosts_connection_nolog and named-lists which were wrongly
551 cached by the daemon.
552
de78e2d5
JH
553JH/32 Move Redis support from Experimental to mainline, enabled for a build
554 by defining LOOKUP_REDIS. The libhiredis library is required.
555
379ba7d0
JH
556JH/33 Bug 1748: Permit ACL dnslists= condition in non-smtp ACLs if explicit
557 keys are given for lookup.
558
f444c2c7
JH
559JH/34 Bug 1192: replace the embedded copy of PolarSSL RSA routines in the DKIM
560 support, by using OpenSSL or GnuTLS library ones. This means DKIM is
07c73177
JH
561 only supported when built with TLS support. The PolarSSL SHA routines
562 are still used when the TLS library is too old for convenient support.
f444c2c7 563
a57b6200
JH
564JH/35 Require SINGLE_DH_USE by default in OpenSSL (main config option
565 openssl_options), for security. OpenSSL forces this from version 1.1.0
566 server-side so match that on older versions.
567
07c73177 568JH/36 Bug 1778: longstanding bug in memory use by the ${run } expansion: A fresh
fa01e4f8 569 allocation for $value could be released as the expansion processing
07c73177 570 concluded, but leaving the global pointer active for it.
fa01e4f8 571
4f6ae5c3
JH
572JH/37 Bug 1769: Permit a VRFY ACL to override the default 252 response,
573 and to use the domains and local_parts ACL conditions.
574
1bc460a6
JH
575JH/38 Fix cutthrough bug with body lines having a single dot. The dot was
576 incorrectly not doubled on cutthrough transmission, hence seen as a
577 body-termination at the receiving system - resulting in truncated mails.
62ac2eb7 578 Commonly the sender saw a TCP-level error, and retransmitted the message
1bc460a6
JH
579 via the normal store-and-forward channel. This could result in duplicates
580 received - but deduplicating mailstores were liable to retain only the
581 initial truncated version.
582
ab9152ff 583JH/39 Bug 1781: Fix use of DKIM private-keys having trailing '=' in the base-64.
df3def24 584
67e87fcf
JH
585JH/40 Fix crash in queryprogram router when compiled with EXPERIMENTAL_SRS.
586
ab9152ff
JH
587JH/41 Bug 1792: Fix selection of headers to sign for DKIM: bottom-up. While
588 we're in there, support oversigning also; bug 1309.
589
af483912
JH
590JH/42 Bug 1796: Fix error logged on a malware scanner connection failure.
591
bc3c7bb7 592HS/04 Add support for keep_environment and add_environment options.
df3def24 593
13559da6
JH
594JH/43 Tidy coding issues detected by gcc --fsanitize=undefined. Some remain;
595 either intentional arithmetic overflow during PRNG, or testing config-
596 induced overflows.
597
59eaad2b
JH
598JH/44 Bug 1800: The combination of a -bhc commandline option and cutthrough
599 delivery resulted in actual delivery. Cancel cutthrough before DATA
600 stage.
601
f9334a28
JH
602JH/45 Fix cutthrough, when connection not opened by verify and target hard-
603 rejects a recipient: pass the reject to the originator.
604
dc8091e7
JH
605JH/46 Multiple issues raised by Coverity. Some were obvious or plausible bugs.
606 Many were false-positives and ignorable, but it's worth fixing the
607 former class.
608
dfe7d917
JH
609JH/47 Fix build on HP-UX and older Solaris, which need (un)setenv now also
610 for the new environment-manipulation done at startup. Move the routines
611 from being local to tls.c to being global via the os.c file.
612
93cc2d6e
JH
613JH/48 Bug 1807: Fix ${extract } for the numeric/3-string case. While preparsing
614 an extract embedded as result-arg for a map, the first arg for extract
615 is unavailable so we cannot tell if this is a numbered or keyed
616 extraction. Accept either.
617
13559da6 618
9c695f6d
JH
619Exim version 4.86
620-----------------
4c57a40e 621
9c695f6d
JH
622JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
623 expanded.
624
506900af
JH
625JH/02 The smtp transport option "multi_domain" is now expanded.
626
ad07e9ad
JH
627JH/03 The smtp transport now requests PRDR by default, if the server offers
628 it.
629
01a4a5c5 630JH/04 Certificate name checking on server certificates, when exim is a client,
b3ef41c9 631 is now done by default. The transport option tls_verify_cert_hostnames
01a4a5c5
JH
632 can be used to disable this per-host. The build option
633 EXPERIMENTAL_CERTNAMES is withdrawn.
634
cb1d7830 635JH/05 The value of the tls_verify_certificates smtp transport and main options
0e0f3f56 636 default to the word "system" to access the system default CA bundle.
cb1d7830
JH
637 For GnuTLS, only version 3.0.20 or later.
638
610ff438 639JH/06 Verification of the server certificate for a TLS connection is now tried
6d580f19
JH
640 (but not required) by default. The verification status is now logged by
641 default, for both outbound TLS and client-certificate supplying inbound
642 TLS connections
610ff438 643
f926e272
JH
644JH/07 Changed the default rfc1413 lookup settings to disable calls. Few
645 sites use this now.
646
50dc7409
JH
647JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery
648 Status Notification (bounce) messages are now MIME format per RFC 3464.
649 Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised
650 under the control of the dsn_advertise_hosts option, and routers may
651 have a dsn_lasthop option.
652
0f0c8159
JH
653JH/09 A timeout of 2 minutes is now applied to all malware scanner types by
654 default, modifiable by a malware= option. The list separator for
23763898 655 the options can now be changed in the usual way. Bug 68.
4e71661f 656
1ad6489e
JH
657JH/10 The smtp_receive_timeout main option is now expanded before use.
658
aeaf5db3
JH
659JH/11 The incoming_interface log option now also enables logging of the
660 local interface on delivery outgoing connections.
661
5032d1cf
JH
662JH/12 The cutthrough-routing facility now supports multi-recipient mails,
663 if the interface and destination host and port all match.
664
7e8360e6
JH
665JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
666 /defer_ok option.
667
c5f280e2
AL
668JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd.
669 Patch from Andrew Lewis.
670
fd4d8871 671JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition)
dc7b3d36 672 now supports optional time-restrictions, weighting, and priority
fd4d8871
R
673 modifiers per server. Patch originally by <rommer@active.by>.
674
675JH/16 The spamd_address main option now supports a mixed list of local
2aad5761
JH
676 and remote servers. Remote servers can be IPv6 addresses, and
677 specify a port-range.
fd4d8871 678
23763898
JH
679JH/17 Bug 68: The spamd_address main option now supports an optional
680 timeout value per server.
681
2ad78978
JH
682JH/18 Bug 1581: Router and transport options headers_add/remove can
683 now have the list separator specified.
684
8a512ed5 685JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry
cfab9d68 686 option values.
8a512ed5 687
82c0c8ea 688JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails
f69979cf
JH
689 under OpenSSL.
690
cc00f4af
JH
691JH/21 Support for the A6 type of dns record is withdrawn.
692
82c0c8ea
JH
693JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
694 rather than the verbs used.
695
b980ed83
JH
696JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
697 from 255 to 1024 chars.
698
6c9ed72e
JH
699JH/24 Verification callouts now attempt to use TLS by default.
700
cfab9d68 701HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains)
99c1bb4e 702 are generic router options now. The defaults didn't change.
50dc7409 703
f846c8f5
JH
704JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames.
705 Original patch from Alexander Shikoff, worked over by JH.
706
fd4c285c
HSHR
707HS/02 Bug 1575: exigrep falls back to autodetection of compressed
708 files if ZCAT_COMMAND is not executable.
709
4c04137d 710JH/26 Bug 1539: Add timeout/retry options on dnsdb lookups.
fd7f7910 711
d2a2c69b
JH
712JH/27 Bug 286: Support SOA lookup in dnsdb lookups.
713
8241d8dd
JH
714JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
715 Normally benign, it bites when the pair was led to by a CNAME;
4c04137d 716 modern usage is to not canonicalize the domain to a CNAME target
8241d8dd
JH
717 (and we were inconsistent anyway for A-only vs AAAA+A).
718
1f12df4d
JH
719JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
720
1f155f8e
JH
721JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
722 when evaluating $sender_host_dnssec.
723
1705dd20
JH
724JH/31 Check the HELO verification lookup for DNSSEC, adding new
725 $sender_helo_dnssec variable.
726
038597d2
PP
727JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve.
728
474f71bf
JH
729JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log.
730
7137ca4b
JH
731JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.
732
dcb1095c
JH
733JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was
734 documented as working, but never had. Support all but $spam_report.
735
2f460950
JH
736JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
737 added for tls authenticator.
738
2f680c0c
HSHR
739HS/03 Add perl_taintmode main config option
740
9c695f6d 741
e449c3b0
TL
742Exim version 4.85
743-----------------
4c57a40e 744
e449c3b0
TL
745TL/01 When running the test suite, the README says that variables such as
746 no_msglog_check are global and can be placed anywhere in a specific
747 test's script, however it was observed that placement needed to be near
748 the beginning for it to behave that way. Changed the runtest perl
749 script to read through the entire script once to detect and set these
750 variables, reset to the beginning of the script, and then run through
751 the script parsing/test process like normal.
752
ac20058f
TL
753TL/02 The BSD's have an arc4random API. One of the functions to induce
754 adding randomness was arc4random_stir(), but it has been removed in
755 OpenBSD 5.5. Detect this OpenBSD version and skip calling this
756 function when detected.
757
a9b8ec8b
JH
758JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now
759 cause callback expansion.
760
6286d7c4
TL
761TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that
762 syntax errors in an expansion can be treated as a string instead of
763 logging or causing an error, due to the internal use of bool_lax
764 instead of bool when processing it.
765
0f06b4f2 766JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
d567a64d
JH
767 server certificates when making smtp deliveries.
768
be36e572
JH
769JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups.
770
ac4ef9bd
JH
771JH/04 Add ${sort {list}{condition}{extractor}} expansion item.
772
0eb51736
TL
773TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep.
774
c713ca4b
TL
775TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
776 Merged patch from Sebastian Wiedenroth.
e449c3b0 777
bd21a787
WB
778JH/05 Fix results-pipe from transport process. Several recipients, combined
779 with certificate use, exposed issues where response data items split
780 over buffer boundaries were not parsed properly. This eventually
781 resulted in duplicates being sent. This issue only became common enough
4c04137d 782 to notice due to the introduction of connection certificate information,
bd21a787
WB
783 the item size being so much larger. Found and fixed by Wolfgang Breyha.
784
8bc732e8
JH
785JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed
786 size buffer was used, resulting in syntax errors when an expansion
787 exceeded it.
788
a7fec7a7
JH
789JH/07 Add support for directories of certificates when compiled with a GnuTLS
790 version 3.3.6 or later.
791
4c04137d 792JH/08 Rename the TPDA experimental facility to Event Actions. The #ifdef
774ef2d7
JH
793 is EXPERIMENTAL_EVENT, the main-configuration and transport options
794 both become "event_action", the variables become $event_name, $event_data
aec45841 795 and $event_defer_errno. There is a new variable $verify_mode, usable in
723fe533
JH
796 routers, transports and related events. The tls:cert event is now also
797 raised for inbound connections, if the main configuration event_action
798 option is defined.
774ef2d7 799
eca4debb
TL
800TL/06 In test suite, disable OCSP for old versions of openssl which contained
801 early OCSP support, but no stapling (appears to be less than 1.0.0).
802
8d692470
JH
803JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
804 server certificate names available under the smtp transport option
805 "tls_verify_cert_hostname" now do not permit multi-component wildcard
806 matches.
807
e9477a08
JH
808JH/10 Time-related extraction expansions from certificates now use the main
809 option "timezone" setting for output formatting, and are consistent
810 between OpenSSL and GnuTLS compilations. Bug 1541.
811
ad4c5ff9
JH
812JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047-
813 encoded parameter in the incoming message. Bug 1558.
8dea5edf
JH
814
815JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now
816 include certificate info, eximon was claiming there were spoolfile
817 syntax errors.
818
3394b36a 819JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return.
8dea5edf
JH
820
821JH/14 Log delivery-related information more consistently, using the sequence
822 "H=<name> [<ip>]" wherever possible.
823
3394b36a
TL
824TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which
825 are problematic for Debian distribution, omit them from the release
826 tarball.
827
ad4c5ff9
JH
828JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature.
829
4c04137d 830JH/16 Fix string representation of time values on 64bit time_t architectures.
ad4c5ff9
JH
831 Bug 1561.
832
833JH/17 Fix a null-indirection in certextract expansions when a nondefault
834 output list separator was used.
835
8bc732e8 836
1f0ebb98
TL
837Exim version 4.84
838-----------------
09728d20
TL
839TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static
840 checkers that were complaining about end of non-void function with no
841 return.
1f0ebb98 842
a612424f 843JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers.
4c04137d 844 This was a regression introduced in 4.83 by another bugfix.
a612424f
JH
845
846JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled.
847
848TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when
a9b8ec8b 849 EXPERIMENTAL_DSN is enabled. Fix from Wolfgang Breyha.
a612424f 850
1f0ebb98 851
c0e56233
TF
852Exim version 4.83
853-----------------
854
855TF/01 Correctly close the server side of TLS when forking for delivery.
856
857 When a message was received over SMTP with TLS, Exim failed to clear up
858 the incoming connection properly after forking off the child process to
859 deliver the message. In some situations the subsequent outgoing
860 delivery connection happened to have the same fd number as the incoming
861 connection previously had. Exim would try to use TLS and fail, logging
862 a "Bad file descriptor" error.
863
7245734e
TF
864TF/02 Portability fix for building lookup modules on Solaris when the xpg4
865 utilities have not been installed.
866
fd5dad68
JH
867JH/01 Fix memory-handling in use of acl as a conditional; avoid free of
868 temporary space as the ACL may create new global variables.
869
5428a946
TL
870TL/01 LDAP support uses per connection or global context settings, depending
871 upon the detected version of the libraries at build time.
872
a3c86431
TL
873TL/02 Experimental Proxy Protocol support: allows a proxied SMTP connection
874 to extract and use the src ip:port in logging and expansions as if it
8ded8589
TL
875 were a direct connection from the outside internet. PPv2 support was
876 updated based on HAProxy spec change in May 2014.
a3c86431 877
aa26e137
JH
878JH/02 Add ${listextract {number}{list}{success}{fail}}.
879
5a1b8443
WB
880TL/03 Bugzilla 1433: Fix DMARC SEGV with specific From header contents.
881 Properly escape header and check for NULL return.
882
72c9e342
PP
883PP/01 Continue incomplete 4.82 PP/19 by fixing docs too: use dns_dnssec_ok
884 not dns_use_dnssec.
885
76f44207
WB
886JH/03 Bugzilla 1157: support log_selector smtp_confirmation for lmtp.
887
770747fd
MFM
888TL/04 Add verify = header_names_ascii check to reject email with non-ASCII
889 characters in header names, implemented as a verify condition.
890 Contributed by Michael Fischer v. Mollard.
891
8ddef691 892TL/05 Rename SPF condition results err_perm and err_temp to standardized
982650ec
TL
893 results permerror and temperror. Previous values are deprecated but
894 still accepted. In a future release, err_perm and err_temp will be
895 completely removed, which will be a backward incompatibility if the
896 ACL tests for either of these two old results. Patch contributed by
8ddef691 897 user bes-internal on the mailing list.
c0e56233 898
b9c2e32f
AR
899JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
900
e45a1c37
JH
901JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
902 selectors, in both main and reject logs.
903
67d81c10
JH
904JH/06 Log outbound-TLS and port details, subject to log selectors, for a
905 failed delivery.
906
b1f8e4f8
JH
907JH/07 Add malware type "sock" for talking to simple daemon.
908
511a6c14 909JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport.
511a6c14
JH
910
911JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in
912 routers/transports under cutthrough routing.
214042d2 913
51c7471d
JH
914JH/10 Bugzilla 1005: ACL "condition =" should accept values which are negative
915 numbers. Touch up "bool" conditional to keep the same definition.
916
3695be34
TL
917TL/06 Remove duplicated language in spec file from 4.82 TL/16.
918
1e06383a
TL
919JH/11 Add dnsdb tlsa lookup. From Todd Lyons.
920
76146973
JH
921JH/12 Expand items in router/transport headers_add or headers_remove lists
922 individually rather than the list as a whole. Bug 1452.
923
924 Required for reasonable handling of multiple headers_ options when
925 they may be empty; requires that headers_remove items with embedded
926 colons must have them doubled (or the list-separator changed).
927
8c8b8274
TL
928TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly
929 view the policy declared in the DMARC record. Currently, $dmarc_status
930 is a combined value of both the record presence and the result of the
931 analysis.
b1f8e4f8 932
35aba663
JH
933JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455.
934
8c51eead 935JH/14 New options dnssec_request_domains, dnssec_require_domains on the
578897ea
JH
936 dnslookup router and the smtp transport (applying to the forward
937 lookup).
8c51eead 938
deae092e
HS
939TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list
940 of ldap servers used for a specific lookup. Patch provided by Heiko
941 Schlichting.
35aba663 942
fd3b6a4a 943JH/18 New options dnssec_lax, dnssec_strict on dnsdb lookups.
4e0983dc 944 New variable $lookup_dnssec_authenticated for observability.
fd3b6a4a 945
8d91c6dc
LT
946TL/09 Bugzilla 609: Add -C option to exiqgrep, specify which exim.conf to use.
947 Patch submitted by Lars Timman.
948
2b4a568d
JH
949JH/19 EXPERIMENTAL_OCSP support under GnuTLS. Bug 1459.
950
d2af03f4
HS
951TL/10 Bugzilla 1454: New -oMm option to pass message reference to Exim.
952 Requires trusted mode and valid format message id, aborts otherwise.
953 Patch contributed by Heiko Schlichting.
954
9d1c15ef
JH
955JH/20 New expansion variables tls_(in,out)_(our,peer)cert, and expansion item
956 certextract with support for various fields. Bug 1358.
957
44662487
JH
958JH/21 Observability of OCSP via variables tls_(in,out)_ocsp. Stapling
959 is requested by default, modifiable by smtp transport option
6a8a60e0
JH
960 hosts_request_ocsp.
961
ed3bba5f 962JH/22 Expansion operators ${md5:string} and ${sha1:string} can now
6a8a60e0 963 operate on certificate variables to give certificate fingerprints
9ef9101c 964 Also new ${sha256:cert_variable}.
44662487 965
8ccd00b1
JH
966JH/23 The PRDR feature is moved from being Experimental into the mainline.
967
8ded8589
TL
968TL/11 Bug 1119: fix memory allocation in string_printing2(). Patch from
969 Christian Aistleitner.
970
f2de3a33
JH
971JH/24 The OCSP stapling feature is moved from Experimental into the mainline.
972
6eb02f88
TL
973TL/12 Bug 1444: Fix improper \r\n sequence handling when writing spool
974 file. Patch from Wolfgang Breyha.
975
00bff6f6
JH
976JH/25 Expand the coverage of the delivery $host and $host_address to
977 client authenticators run in verify callout. Bug 1476.
978
071c51f7
JH
979JH/26 Port service names are now accepted for tls_on_connect_ports, to
980 align with daemon_smtp_ports. Bug 72.
981
a6d4c44e
TF
982TF/03 Fix udpsend. The ip_connectedsocket() function's socket type
983 support and error reporting did not work properly.
984
3ae173e7
ACK
985TL/13 Bug 1495: Exiqgrep check if -C config file specified on cli exists
986 and is readable. Patch from Andrew Colin Kissa.
987
c13d09b8
TL
988TL/14 Enhance documentation of ${run expansion and how it parses the
989 commandline after expansion, particularly in the case when an
990 unquoted variable expansion results in an empty value.
991
0df4ab80
JH
992JH/27 The TLS SNI feature was broken in 4.82. Fix it.
993
66be95e0
PP
994PP/02 Fix internal collision of T_APL on systems which support RFC3123
995 by renaming away from it. Addresses GH issue 15, reported by
996 Jasper Wallace.
997
1bd0d12b
JH
998JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
999
0de7239e
TL
1000TL/15 SECURITY: prevent double expansion in math comparison functions
1001 (can expand unsanitized data). Not remotely exploitable.
1002 CVE-2014-2972
1003
fd3b6a4a 1004
2c422e6f 1005Exim version 4.82
98a90c36
PP
1006-----------------
1007
1008PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities.
1009
12f69989
PP
1010PP/02 Make -n do something, by making it not do something.
1011 When combined with -bP, the name of an option is not output.
1012
54c90be1
PP
1013PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured
1014 by GnuTLS.
1015
1f4a55da
PP
1016PP/04 First step towards DNSSEC, provide $sender_host_dnssec for
1017 $sender_host_name and config options to manage this, and basic check
1018 routines.
1019
13363eba 1020PP/05 DSCP support for outbound connections and control modifier for inbound.
36a3ae5f 1021
66645890 1022PP/06 Cyrus SASL: set local and remote IP;port properties for driver.
e402235f
PP
1023 (Only plugin which currently uses this is kerberos4, which nobody should
1024 be using, but we should make it available and other future plugins might
1025 conceivably use it, even though it would break NAT; stuff *should* be
1026 using channel bindings instead).
66645890 1027
a3fb9793 1028PP/07 Handle "exim -L <tag>" to indicate to use syslog with tag as the process
f4ee74ac
PP
1029 name; added for Sendmail compatibility; requires admin caller.
1030 Handle -G as equivalent to "control = suppress_local_fixups" (we used to
1031 just ignore it); requires trusted caller.
a3fb9793 1032 Also parse but ignore: -Ac -Am -X<logfile>
f4ee74ac 1033 Bugzilla 1117.
a3fb9793 1034
d27f98fe 1035TL/01 Bugzilla 1258 - Refactor MAIL FROM optional args processing.
98a90c36 1036
6822b909
TL
1037TL/02 Add +smtp_confirmation as a default logging option.
1038
e7568d51
TL
1039TL/03 Bugzilla 198 - Implement remove_header ACL modifier.
1040 Patch by Magnus Holmgren from 2007-02-20.
1041
ae0e32ee 1042TL/04 Bugzilla 1281 - Spec typo.
ca0ff207 1043 Bugzilla 1283 - Spec typo.
97f42f10 1044 Bugzilla 1290 - Spec grammar fixes.
ca0ff207
TL
1045
1046TL/05 Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
ae0e32ee 1047
e2658fff
TL
1048TL/06 Add Experimental DMARC support using libopendmarc libraries.
1049
83712b39
TL
1050TL/07 Fix an out of order global option causing a segfault. Reported to dev
1051 mailing list by by Dmitry Isaikin.
1052
976b7e9f
JH
1053JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
1054
be4a1376
JH
1055JH/02 Support "G" suffix to numbers in ${if comparisons.
1056
ec4b68e5
PP
1057PP/08 Handle smtp transport tls_sni option forced-fail for OpenSSL.
1058
d7148a07
NM
1059NM/01 Bugzilla 1197 - Spec typo
1060 Bugzilla 1196 - Spec examples corrections
ec4b68e5 1061
585121e2 1062JH/03 Add expansion operators ${listnamed:name} and ${listcount:string}
ec4b68e5 1063
2519e60d
TL
1064PP/09 Add gnutls_allow_auto_pkcs11 option (was originally called
1065 gnutls_enable_pkcs11, but renamed to more accurately indicate its
1066 function.
a5f239e4 1067
13d08c90
PP
1068PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
1069 Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
1070
bef3ea7f
JH
1071JH/04 Add expansion item ${acl {name}{arg}...}, expansion condition
1072 "acl {{name}{arg}...}", and optional args on acl condition
1073 "acl = name arg..."
a5f239e4 1074
846726c5
JH
1075JH/05 Permit multiple router/transport headers_add/remove lines.
1076
3a796370
JH
1077JH/06 Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination.
1078
ea722490 1079JH/07 Avoid using a waiting database for a single-message-only transport.
8b260705
PP
1080 Performance patch from Paul Fisher. Bugzilla 1262.
1081
b1b05573
JH
1082JH/08 Strip leading/trailing newlines from add_header ACL modifier data.
1083 Bugzilla 884.
1084
362145b5
JH
1085JH/09 Add $headers_added variable, with content from use of ACL modifier
1086 add_header (but not yet added to the message). Bugzilla 199.
1087
3c0a92dc
JH
1088JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line.
1089 Pulled from Bugzilla 817 by Wolfgang Breyha.
1090
6d7c6175
PP
1091PP/11 SECURITY: protect DKIM DNS decoding from remote exploit.
1092 CVE-2012-5671
e78e6ecf 1093 (nb: this is the same fix as in Exim 4.80.1)
6d7c6175 1094
6f123593
JH
1095JH/11 Add A= logging on delivery lines, and a client_set_id option on
1096 authenticators.
1097
c8e2fc1e
JH
1098JH/12 Add optional authenticated_sender logging to A= and a log_selector
1099 for control.
1100
005ac57f
PP
1101PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29.
1102
3f1df0e3
PP
1103PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not
1104 advertise SMTP AUTH mechanism to us, instead of a generic
1105 protocol violation error. Also, make Exim more robust to bad
1106 data from the Dovecot auth socket.
1107
67bd1ab3
TF
1108TF/01 Fix ultimate retry timeouts for intermittently deliverable recipients.
1109
1110 When a queue runner is handling a message, Exim first routes the
1111 recipient addresses, during which it prunes them based on the retry
1112 hints database. After that it attempts to deliver the message to
1113 any remaining recipients. It then updates the hints database using
1114 the retry rules.
1115
1116 So if a recipient address works intermittently, it can get repeatedly
1117 deferred at routing time. The retry hints record remains fresh so the
1118 address never reaches the final cutoff time.
1119
1120 This is a fairly common occurrence when a user is bumping up against
1121 their storage quota. Exim had some logic in its local delivery code
1122 to deal with this. However it did not apply to per-recipient defers
1123 in remote deliveries, e.g. over LMTP to a separate IMAP message store.
1124
1ddeb334
TF
1125 This change adds a proper retry rule check during routing so that the
1126 final cutoff time is checked against the message's age. We only do
1127 this check if there is an address retry record and there is not a
1128 domain retry record; this implies that previous attempts to handle
1129 the address had the retry_use_local_parts option turned on. We use
1130 this as an approximation for the destination being like a local
1131 delivery, as in LMTP.
67bd1ab3
TF
1132
1133 I suspect this new check makes the old local delivery cutoff check
1134 redundant, but I have not verified this so I left the code in place.
1135
326cdc37
TF
1136TF/02 Correct gecos expansion when From: is a prefix of the username.
1137
1138 Test 0254 submits a message to Exim with the header
1139
1140 Resent-From: f
1141
1142 When I ran the test suite under the user fanf2, Exim expanded
1143 the header to contain my full name, whereas it should have added
1144 a Resent-Sender: header. It erroneously treats any prefix of the
1145 username as equal to the username.
1146
1147 This change corrects that bug.
1148
f62514b3
GF
1149GF/01 DCC debug and logging tidyup
1150 Error conditions log to paniclog rather than rejectlog.
1151 Debug lines prefixed by "DCC: " to remove any ambiguity.
1152
eb505532
TF
1153TF/03 Avoid unnecessary rebuilds of lookup-related code.
1154
14c7b357
PP
1155PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
1156 Bug spotted by Jeremy Harris; was flawed since initial commit.
1157 Would have resulted in OCSP responses post-SNI triggering an Exim
1158 NULL dereference and crash.
1159
94eaf700
PP
1160JH/13 Add $router_name and $transport_name variables. Bugzilla 308.
1161
6f5a440a
PP
1162PP/15 Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd.
1163 Bug detection, analysis and fix by Samuel Thibault.
1164 Bugzilla 1331, Debian bug #698092.
1165
514ee161
SC
1166SC/01 Update eximstats to watch out for senders sending 'HELO [IpAddr]'
1167
fd98a5c6
JH
1168JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt).
1169 Server implementation by Todd Lyons, client by JH.
1170 Only enabled when compiled with EXPERIMENTAL_PRDR. A new
1171 config variable "prdr_enable" controls whether the server
1172 advertises the facility. If the client requests PRDR a new
1173 acl_data_smtp_prdr ACL is called once for each recipient, after
1174 the body content is received and before the acl_smtp_data ACL.
4c04137d 1175 The client is controlled by both of: a hosts_try_prdr option
fd98a5c6
JH
1176 on the smtp transport, and the server advertisement.
1177 Default client logging of deliveries and rejections involving
1178 PRDR are flagged with the string "PRDR".
1179
035c7f1e
PP
1180PP/16 Fix problems caused by timeouts during quit ACLs trying to double
1181 fclose(). Diagnosis by Todd Lyons.
1182
ff284120
PP
1183PP/17 Update configure.default to handle IPv6 localhost better.
1184 Patch by Alain Williams (plus minor tweaks).
1185 Bugzilla 880.
1186
26e72755
PP
1187PP/18 OpenSSL made graceful with empty tls_verify_certificates setting.
1188 This is now consistent with GnuTLS, and is now documented: the
1189 previous undocumented portable approach to treating the option as
1190 unset was to force an expansion failure. That still works, and
1191 an empty string is now equivalent.
1192
0fbd9bff
PP
1193PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
1194 clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
1195 not performing validation itself.
1196
700d22f3
PP
1197PP/20 Added force_command boolean option to pipe transport.
1198 Patch from Nick Koston, of cPanel Inc.
1199
fcc8e047
JH
1200JH/15 AUTH support on callouts (and hence cutthrough-deliveries).
1201 Bugzilla 321, 823.
1202
4c04137d 1203TF/04 Added udpsend ACL modifier and hexquote expansion operator
7142daca 1204
8c020188
PP
1205PP/21 Fix eximon continuous updating with timestamped log-files.
1206 Broken in a format-string cleanup in 4.80, missed when I repaired the
1207 other false fix of the same issue.
1208 Report and fix from Heiko Schlichting.
1209 Bugzilla 1363.
1210
d13cdd30
PP
1211PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
1212 Report from Prashanth Katuri.
1213
e2fbf4a2
PP
1214PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options.
1215 It's SecureTransport, so affects any MacOS clients which use the
1216 system-integrated TLS libraries, including email clients.
1217
f4c1088b
PP
1218PP/24 Fix segfault from trying to fprintf() to a NULL stdio FILE* if
1219 using a MIME ACL for non-SMTP local injection.
1220 Report and assistance in diagnosis by Warren Baker.
1221
c5c2182f
PP
1222TL/08 Adjust exiqgrep to be case-insensitive for sender/receiver.
1223
73431ca9
JH
1224JH/16 Fix comparisons for 64b. Bugzilla 1385.
1225
2d07a215
TL
1226TL/09 Add expansion variable $authenticated_fail_id to keep track of
1227 last id that failed so it may be referenced in subsequent ACL's.
1228
a30a8861
TL
1229TL/10 Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by
1230 Alexander Miroch.
1231
33382dd9
TL
1232TL/11 Bugzilla 1382 - Option ldap_require_cert overrides start_tls
1233 ldap library initialization, allowing self-signed CA's to be
1234 used. Also properly sets require_cert option later in code by
1235 using NULL (global ldap config) instead of ldap handle (per
1236 session). Bug diagnosis and testing by alxgomz.
6d7c6175 1237
046172e6
TL
1238TL/12 Enhanced documentation in the ratelimit.pl script provided in
1239 the src/util/ subdirectory.
1240
581d7bee 1241TL/13 Bug 1031 - Imported transport SQL logging patch from Axel Rau
1a7b746d 1242 renamed to Transport Post Delivery Action by Jeremy Harris, as
9bdd29ad
TL
1243 EXPERIMENTAL_TPDA.
1244
1245TL/14 Bugzilla 1217 - Redis lookup support has been added. It is only enabled
1246 when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable
1247 redis_servers = needs to be configured which will be used by the redis
1248 lookup. Patch from Warren Baker, of The Packet Hub.
1249
237b2cf2
TL
1250TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard Hall.
1251
9fc5a352
TL
1252TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors looking up a
1253 hostname or reverse DNS when processing a host list. Used suggestions
1254 from multiple comments on this bug.
1a7b746d 1255
b10e4ec2
TL
1256TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
1257
e2cebd74
TL
1258TL/18 Had previously added a -CONTINUE option to runtest in the test suite.
1259 Missed a few lines, added it to make the runtest require no keyboard
1260 interaction.
1261
1262TL/19 Bugzilla 1402 - Test 533 fails if any part of the path to the test suite
1263 contains upper case chars. Make router use caseful_local_part.
1264
2519e60d
TL
1265TL/20 Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS
1266 support when GnuTLS has been built with p11-kit.
1267
e78e6ecf 1268
4263f395
PP
1269Exim version 4.80.1
1270-------------------
1271
1272PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
1273 CVE-2012-5671
2c422e6f 1274 This, or similar/improved, will also be change PP/11 of 4.82.
3c0a92dc 1275
ea722490 1276
b1770b6e 1277Exim version 4.80
0599f9cf
PP
1278-----------------
1279
1280PP/01 Handle short writes when writing local log-files.
1281 In practice, only affects FreeBSD (8 onwards).
1282 Bugzilla 1053, with thanks to Dmitry Isaikin.
1283
23c7e742
NM
1284NM/01 Bugzilla 949 - Documentation tweak
1285
b322aac8
NM
1286NM/02 Bugzilla 1093 - eximstats DATA reject detection regexps
1287 improved.
1288
4a891427
NM
1289NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs.
1290
c1e794ba 1291PP/02 Implemented gsasl authenticator.
b322aac8 1292
97753960
PP
1293PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option.
1294
1295PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
1296 `pkg-config foo` for cflags/libs.
1297
df6303fa
PP
1298PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
1299 with rest of GSASL and with heimdal_gssapi.
1300
7e6a8985
PP
1301PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
1302 `pkg-config foo` for cflags/libs for the TLS implementation.
1303
f1e05cc7 1304PP/07 New expansion variable $tls_bits; Cyrus SASL server connection
20aa9dbd
PP
1305 properties get this fed in as external SSF. A number of robustness
1306 and debugging improvements to the cyrus_sasl authenticator.
b322aac8 1307
4c287009
PP
1308PP/08 cyrus_sasl server now expands the server_realm option.
1309
b98bb9ac
PP
1310PP/09 Bugzilla 1214 - Log authentication information in reject log.
1311 Patch by Jeremy Harris.
1312
4a6a987a
PP
1313PP/10 Added dbmjz lookup type.
1314
c45dd180 1315PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid.
c7955b11 1316
7db8d074
PP
1317PP/12 MAIL args handles TAB as well as SP, for better interop with
1318 non-compliant senders.
1319 Analysis and variant patch by Todd Lyons.
1320
eae0036b 1321NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated
cfab9d68 1322 Bug report from Lars Müller <lars@samba.org> (via SUSE),
e0df1c83
DM
1323 Patch from Dirk Mueller <dmueller@suse.com>
1324
dec5017e
PP
1325PP/13 tls_peerdn now print-escaped for spool files.
1326 Observed some $tls_peerdn in wild which contained \n, which resulted
1327 in spool file corruption.
1328
c80c5570
PP
1329PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
1330 values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
1331 or write after TLS renegotiation, which otherwise led to messages
1332 "Got SSL error 2".
1333
076b11e2
PP
1334TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
1335 as a tracking header (ie: a signed header comes before the signature).
1336 Patch from Wolfgang Breyha.
1337
5407bfff
JH
1338JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
1339 comma-sep list; embedded commas doubled.
1340
9e45c72b
PP
1341JH/02 Refactored ACL "verify =" logic to table-driven dispatch.
1342
e74376d8
PP
1343PP/15 LDAP: Check for errors of TLS initialisation, to give correct
1344 diagnostics.
1345 Report and patch from Dmitry Banschikov.
1346
4c04137d 1347PP/16 Removed "dont_insert_empty_fragments" from "openssl_options".
da3ad30d
PP
1348 Removed SSL_clear() after SSL_new() which led to protocol negotiation
1349 failures. We appear to now support TLS1.1+ with Exim.
1350
7be682ca
PP
1351PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
1352 lets Exim select keys and certificates based upon TLS SNI from client.
3f0945ff
PP
1353 Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly
1354 before an outbound SMTP session. New log_selector, +tls_sni.
7be682ca 1355
ef840681
PP
1356PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
1357 NULL dereference. Report and patch from Alun Jones.
1358
5bfb4cdf
PP
1359PP/19 DNS resolver init changes for NetBSD compatibility. (Risk of breakage
1360 on less well tested platforms). Obviates NetBSD pkgsrc patch-ac.
1361 Not seeing resolver debug output on NetBSD, but suspect this is a
1362 resolver implementation change.
1363
c6e95d22
PP
1364PP/20 Revert part of NM/04, it broke log_path containing %D expansions.
1365 Left warnings. Added "eximon gdb" invocation mode.
1366
9cbad13b
PP
1367PP/21 Defaulting "accept_8bitmime" to true, not false.
1368
9ee44efb
PP
1369PP/22 Added -bw for inetd wait mode support.
1370
6a6084f8
PP
1371PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
1372 locate the relevant includes and libraries. Made this the default.
1373
12dd53c7
PP
1374PP/24 Fixed headers_only on smtp transports (was not sending trailing dot).
1375 Bugzilla 1246, report and most of solution from Tomasz Kusy.
1376
9e45c72b 1377JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
97d17305
JH
1378 This may cause build issues on older platforms.
1379
17c76198
PP
1380PP/25 Revamped GnuTLS support, passing tls_require_ciphers to
1381 gnutls_priority_init, ignoring Exim options gnutls_require_kx,
1382 gnutls_require_mac & gnutls_require_protocols (no longer supported).
1383 Added SNI support via GnuTLS too.
af3498d6 1384 Made ${randint:..} supplier available, if using not-too-old GnuTLS.
17c76198 1385
53947857 1386PP/26 Added EXPERIMENTAL_OCSP for OpenSSL.
3f7eeb86 1387
eae0036b 1388PP/27 Applied dnsdb SPF support patch from Janne Snabb.
8ee4b30e
PP
1389 Applied second patch from Janne, implementing suggestion to default
1390 multiple-strings-in-record handling to match SPF spec.
eae0036b 1391
9e45c72b 1392JH/04 Added expansion variable $tod_epoch_l for a higher-precision time.
2605c55b 1393
7390e768
PP
1394PP/28 Fix DCC dcc_header content corruption (stack memory referenced,
1395 read-only, out of scope).
1396 Patch from Wolfgang Breyha, report from Stuart Northfield.
1397
08488c86
PP
1398PP/29 Fix three issues highlighted by clang analyser static analysis.
1399 Only crash-plausible issue would require the Cambridge-specific
1400 iplookup router and a misconfiguration.
1401 Report from Marcin Mirosław.
1402
6475bd82
PP
1403PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
1404
81f91683
PP
1405PP/31 %D in printf continues to cause issues (-Wformat=security), so for
1406 now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
1407 As part of this, removing so much warning spew let me fix some minor
1408 real issues in debug logging.
1409
5779e6aa
PP
1410PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing
1411 assignment on my part. Fixed.
1412
3375e053
PP
1413PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit
1414 of NSS, for GnuTLS/NSS interop. Problem root cause diagnosis by
1415 Janne Snabb (who went above and beyond: thank you).
1416
1417PP/34 Validate tls_require_ciphers on startup, since debugging an invalid
1418 string otherwise requires a connection and a bunch more work and it's
78e0c7a3
PP
1419 relatively easy to get wrong. Should also expose TLS library linkage
1420 problems.
3375e053 1421
9d26b8c0
PP
1422PP/35 Pull in <features.h> on Linux, for some portability edge-cases of
1423 64-bit ${eval} (JH/03).
1424
57eb9e91 1425PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of
b87a6e0e
PP
1426 GNU libc to support some of the 64-bit stuff, should not lead to
1427 conflicts. Defined before os.h is pulled in, so if a given platform
1428 needs to override this, it can.
1429
16880d1a
PP
1430PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought
1431 protection layer was required, which is not implemented.
1432 Bugzilla 1254, patch from Wolfgang Breyha.
1433
a799883d
PP
1434PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
1435 into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make
1436 tls_dhparam take prime identifiers. Also unbreak combination of
1437 OpenSSL+DH_params+TLSSNI.
1438
3ecab157 1439PP/39 Disable SSLv2 by default in OpenSSL support.
f0f5a555 1440
0599f9cf 1441
867fcbf5
PP
1442Exim version 4.77
1443-----------------
1444
1445PP/01 Solaris build fix for Oracle's LDAP libraries.
1446 Bugzilla 1109, patch from Stephen Usher.
1447
f1a29782
TF
1448TF/01 HP/UX build fix: avoid arithmetic on a void pointer.
1449
ab42bd23
TK
1450TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o
1451 whitespace trailer
867fcbf5 1452
0ca0cf52
TF
1453TF/02 Fix a couple more cases where we did not log the error message
1454 when unlink() failed. See also change 4.74-TF/03.
1455
921b12ca
TF
1456TF/03 Make the exiwhat support code safe for signals. Previously Exim might
1457 lock up or crash if it happened to be inside a call to libc when it
1458 got a SIGUSR1 from exiwhat.
1459
1460 The SIGUSR1 handler appends the current process status to the process
1461 log which is later printed by exiwhat. It used to use the general
1462 purpose logging code to do this, but several functions it calls are
1463 not safe for signals.
1464
1465 The new output code in the SIGUSR1 handler is specific to the process
1466 log, and simple enough that it's easy to inspect for signal safety.
1467 Removing some special cases also simplifies the general logging code.
1468 Removing the spurious timestamps from the process log simplifies
1469 exiwhat.
1470
c99ce5c9
TF
1471TF/04 Improved ratelimit ACL condition.
1472
1473 The /noupdate option has been deprecated in favour of /readonly which
1474 has clearer semantics. The /leaky, /strict, and /readonly update modes
1475 are mutually exclusive. The update mode is no longer included in the
1476 database key; it just determines when the database is updated. (This
4c04137d 1477 means that when you upgrade Exim will forget old rate measurements.)
c99ce5c9
TF
1478
1479 Exim now checks that the per_* options are used with an update mode that
1480 makes sense for the current ACL. For example, when Exim is processing a
1481 message (e.g. acl_smtp_rcpt or acl_smtp_data, etc.) you can specify
1482 per_mail/leaky or per_mail/strict; otherwise (e.g. in acl_smtp_helo) you
1483 must specify per_mail/readonly. If you omit the update mode it defaults to
1484 /leaky where that makes sense (as before) or /readonly where required.
1485
1486 The /noupdate option is now undocumented but still supported for
1487 backwards compatibility. It is equivalent to /readonly except that in
1488 ACLs where /readonly is required you may specify /leaky/noupdate or
1489 /strict/noupdate which are treated the same as /readonly.
1490
1491 A useful new feature is the /count= option. This is a generalization
1492 of the per_byte option, so that you can measure the throughput of other
1493 aggregate values. For example, the per_byte option is now equivalent
1494 to per_mail/count=${if >{0}{$message_size} {0} {$message_size} }.
1495
1496 The per_rcpt option has been generalized using the /count= mechanism
1497 (though it's more complicated than the per_byte equivalence). When it is
1498 used in acl_smtp_rcpt, the per_rcpt option adds recipients to the
1499 measured rate one at a time; if it is used later (e.g. in acl_smtp_data)
1500 or in a non-SMTP ACL it adds all the recipients in one go. (The latter
1501 /count=$recipients_count behaviour used to work only in non-SMTP ACLs.)
1502 Note that using per_rcpt with a non-readonly update mode in more than
1503 one ACL will cause the recipients to be double-counted. (The per_mail
1504 and per_byte options don't have this problem.)
1505
1506 The handling of very low rates has changed slightly. If the computed rate
1507 is less than the event's count (usually one) then this event is the first
1508 after a long gap. In this case the rate is set to the same as this event's
1509 count, so that the first message of a spam run is counted properly.
1510
1511 The major new feature is a mechanism for counting the rate of unique
1512 events. The new per_addr option counts the number of different
1513 recipients that someone has sent messages to in the last time period. It
1514 behaves like per_rcpt if all the recipient addresses are different, but
1515 duplicate recipient addresses do not increase the measured rate. Like
1516 the /count= option this is a general mechanism, so the per_addr option
1517 is equivalent to per_rcpt/unique=$local_part@$domain. You can, for
1518 example, measure the rate that a client uses different sender addresses
1519 with the options per_mail/unique=$sender_address. There are further
1520 details in the main documentation.
1521
3634fc25
TF
1522TF/05 Removed obsolete $Cambridge$ CVS revision strings.
1523
792e8a19
TF
1524TF/06 Removed a few PCRE remnants.
1525
5901f0ab
TF
1526TF/07 Automatically extract Exim's version number from tags in the git
1527 repository when doing development or release builds.
1528
7f2a2a43
PP
1529PP/02 Raise smtp_cmd_buffer_size to 16kB.
1530 Bugzilla 879. Patch from Paul Fisher.
e2ca7082 1531
061b7ebd
PP
1532PP/03 Implement SSL-on-connect outbound with protocol=smtps on smtp transport.
1533 Heavily based on revision 40f9a89a from Simon Arlott's tree.
1534 Bugzilla 97.
1535
e12f8c32
PP
1536PP/04 Use .dylib instead of .so for dynamic library loading on MacOS.
1537
9e949f00 1538PP/05 Variable $av_failed, true if the AV scanner deferred.
7f2a2a43
PP
1539 Bugzilla 1078. Patch from John Horne.
1540
1541PP/06 Stop make process more reliably on build failure.
1542 Bugzilla 1087. Patch from Heiko Schlittermann.
9e949f00 1543
555ae6af 1544PP/07 Make maildir_use_size_file an _expandable_ boolean.
ac53fcda
PP
1545 Bugzilla 1089. Patch from Heiko Schlittermann.
1546
1547PP/08 Handle ${run} returning more data than OS pipe buffer size.
1548 Bugzilla 1131. Patch from Holger Weiß.
555ae6af 1549
6f7fe114
PP
1550PP/09 Handle IPv6 addresses with SPF.
1551 Bugzilla 860. Patch from Wolfgang Breyha.
1552
c566dd90
PP
1553PP/10 GnuTLS: support TLS 1.2 & 1.1.
1554 Bugzilla 1156.
89f897c3
PP
1555 Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler].
1556 Bugzilla 1095.
c566dd90 1557
d6cc7c78 1558PP/11 match_* no longer expand right-hand-side by default.
39257585
PP
1559 New compile-time build option, EXPAND_LISTMATCH_RHS.
1560 New expansion conditions, "inlist", "inlisti".
1561
0d0e4455
PP
1562PP/12 fix uninitialised greeting string from PP/03 (smtps client support).
1563
3399bb60 1564PP/13 shell and compiler warnings fixes for RC1-RC4 changes.
d690cbdc
PP
1565
1566PP/14 fix log_write() format string regression from TF/03.
1567 Bugzilla 1152. Patch from Dmitry Isaikin.
1568
0ca0cf52 1569
10906672
PP
1570Exim version 4.76
1571-----------------
1572
1573PP/01 The new ldap_require_cert option would segfault if used. Fixed.
1574
754a0503
PP
1575PP/02 Harmonised TLS library version reporting; only show if debugging.
1576 Layout now matches that introduced for other libraries in 4.74 PP/03.
1577
c0c7b2da
PP
1578PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
1579
e97d1f08
PP
1580PP/04 New "dns_use_edns0" global option.
1581
084c1d8c
PP
1582PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid.
1583 Bugzilla 1098.
1584
4e7ee012
PP
1585PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
1586 nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
da80c2a8 1587
c8d52a00
PP
1588TK/01 Updated PolarSSL code to 0.14.2.
1589 Bugzilla 1097. Patch from Andreas Metzler.
1590
54e7ce4a
PP
1591PP/07 Catch divide-by-zero in ${eval:...}.
1592 Fixes bugzilla 1102.
1593
5ee6f336
PP
1594PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed.
1595 Bugzilla 1104.
1596
c8d52a00 1597TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
6ea4a851
PP
1598 format-string attack -- SECURITY: remote arbitrary code execution.
1599
1600TK/03 SECURITY - DKIM signature header parsing was double-expanded, second
1601 time unintentionally subject to list matching rules, letting the header
1602 cause arbitrary Exim lookups (of items which can occur in lists, *not*
1603 arbitrary string expansion). This allowed for information disclosure.
1604
1605PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to
1606 INT_MIN/-1 -- value coerced to INT_MAX.
c8d52a00 1607
10906672 1608
aa097c4c
NM
1609Exim version 4.75
1610-----------------
1611
4c04137d 1612NM/01 Workaround for PCRE version dependency in version reporting
aa097c4c
NM
1613 Bugzilla 1073
1614
7f3d9eff
TF
1615TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0.
1616 This fixes portability to compilers other than gcc, notably
1617 Solaris CC and HP-UX CC. Fixes Bugzilla 1050.
1618
159f52d2
TF
1619TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup
1620 makefiles for portability to HP-UX and POSIX correctness.
1621
0cc9542a
PP
1622PP/01 Permit LOOKUP_foo enabling on the make command-line.
1623 Also via indented variable definition in the Makefile.
1624 (Debugging by Oliver Heesakkers).
1625
f7274286
PP
1626PP/02 Restore caching of spamd results with expanded spamd_address.
1627 Patch from author of expandable spamd_address patch, Wolfgang Breyha.
1628
7b797365
PP
1629PP/03 Build issue: lookups-Makefile now exports LC_ALL=C
1630 Improves build reliability. Fix from: Frank Elsner
1631
caacae52
NM
1632NM/02 Fix wide character breakage in the rfc2047 coding
1633 Fixes bug 1064. Patch from Andrey N. Oktyabrski
1634
09dcaba9
NM
1635NM/03 Allow underscore in dnslist lookups
1636 Fixes bug 1026. Patch from Graeme Fowler
1637
bc19a55b
PP
1638PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps).
1639 Code patches from Adam Ciarcinski of NetBSD.
caacae52 1640
bd4c9759
NM
1641NM/04 Fixed exiqgrep to cope with mailq missing size issue
1642 Fixes bug 943.
1643
b72aab72
PP
1644PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which
1645 is logged, to avoid truncation. Patch from John Horne.
1646
2fe76745
PP
1647PP/06 Bugzilla 1042: implement freeze_signal on pipe transports.
1648 Patch from Jakob Hirsch.
1649
76aa570c
PP
1650PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal
1651 SQL string expansion failure details.
1652 Patch from Andrey Oktyabrski.
1653
f1e5fef5
PP
1654PP/08 Bugzilla 486: implement %M datestamping in log filenames.
1655 Patch from Simon Arlott.
1656
4d805ee9
PP
1657PP/09 New lookups functionality failed to compile on old gcc which rejects
1658 extern declarations in function scope.
1659 Patch from Oliver Fleischmann
1660
cd59ab18
PP
1661PP/10 Use sig_atomic_t for flags set from signal handlers.
1662 Check getgroups() return and improve debugging.
1663 Fixed developed for diagnosis in bug 927 (which turned out to be
1664 a kernel bug).
1665
332f5cf3
PP
1666PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag.
1667 Patch from Mark Zealey.
1668
29cfeb94
PP
1669PP/12 Bugzilla 1056: Improved spamd server selection.
1670 Patch from Mark Zealey.
1671
660242ad
PP
1672PP/13 Bugzilla 1086: Deal with maildir quota file races.
1673 Based on patch from Heiko Schlittermann.
1674
bc4bc4c5
PP
1675PP/14 Bugzilla 1019: DKIM multiple signature generation fix.
1676 Patch from Uwe Doering, sign-off by Michael Haardt.
1677
2e64baa9
NM
1678NM/05 Fix to spam.c to accommodate older gcc versions which dislike
1679 variable declaration deep within a block. Bug and patch from
1680 Dennis Davis.
1681
4c04137d 1682PP/15 lookups-Makefile IRIX compatibility coercion.
bddd7526 1683
6bac1a9a
PP
1684PP/16 Make DISABLE_DKIM build knob functional.
1685
552193f0
NM
1686NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler
1687 Patch by Simon Arlott
baeee2c1 1688
1b587e48
TF
1689TF/03 Fix valgrind.h portability to C89 compilers that do not support
1690 variable argument macros. Our copy now differs from upstream.
1691
aa097c4c 1692
8c07b69f
TF
1693Exim version 4.74
1694-----------------
1695
1696TF/01 Failure to get a lock on a hints database can have serious
1697 consequences so log it to the panic log.
1698
c0ea85ab
TF
1699TF/02 Log LMTP confirmation messages in the same way as SMTP,
1700 controlled using the smtp_confirmation log selector.
1701
0761d44e
TF
1702TF/03 Include the error message when we fail to unlink a spool file.
1703
0a349494
PP
1704DW/01 Bugzilla 139: Support dynamically loaded lookups as modules.
1705 With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux
1706 for maintaining out-of-tree patches for some time.
1707
1708PP/01 Bugzilla 139: Documentation and portability issues.
1709 Avoid GNU Makefile-isms, let Exim continue to build on BSD.
1710 Handle per-OS dynamic-module compilation flags.
1711
fea24b2e
PP
1712PP/02 Let /dev/null have normal permissions.
1713 The 4.73 fixes were a little too stringent and complained about the
1714 permissions on /dev/null. Exempt it from some checks.
1715 Reported by Andreas M. Kirchwitz.
1716
6545de78
PP
1717PP/03 Report version information for many libraries, including
1718 Exim version information for dynamically loaded libraries. Created
1719 version.h, now support a version extension string for distributors
1720 who patch heavily. Dynamic module ABI change.
1721
1670ef10
PP
1722PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
1723 privilege escalation vulnerability whereby the Exim run-time user
1724 can cause root to append content of the attacker's choosing to
1725 arbitrary files.
1726
c0886197
PP
1727PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
1728 (Wolfgang Breyha)
1729
b7487bce
PP
1730PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
1731 If dropping privileges for untrusted macros, we disabled normal logging
1732 on the basis that it would fail; for the Exim run-time user, this is not
1733 the case, and it resulted in successful deliveries going unlogged.
1734 Fixed. Reported by Andreas Metzler.
1735
8c07b69f 1736
97fd1e48 1737Exim version 4.73
ed7f7860 1738-----------------
97fd1e48
PP
1739
1740PP/01 Date: & Message-Id: revert to normally being appended to a message,
1741 only prepend for the Resent-* case. Fixes regression introduced in
1742 Exim 4.70 by NM/22 for Bugzilla 607.
1743
6901c596
PP
1744PP/02 Include check_rfc2047_length in configure.default because we're seeing
1745 increasing numbers of administrators be bitten by this.
1746
a8c8d6b5
JJ
1747JJ/01 Added DISABLE_DKIM and comment to src/EDITME
1748
77bb000f
PP
1749PP/03 Bugzilla 994: added openssl_options main configuration option.
1750
a29e5231
PP
1751PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
1752
ec5a0394 1753PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports.
a29e5231 1754
55c75993
PP
1755PP/06 Adjust NTLM authentication to handle SASL Initial Response.
1756
453a6645 1757PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
ec5a0394
PP
1758 without a peer certificate, leading to a segfault because of an
1759 assumption that peers always have certificates. Be a little more
453a6645
PP
1760 paranoid. Problem reported by Martin Tscholak.
1761
8544e77a
PP
1762PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
1763 filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
1764 NB: ClamAV planning to remove STREAM in "middle of 2010".
3346ab01
PP
1765 CL also introduces -bmalware, various -d+acl logging additions and
1766 more caution in buffer sizes.
8544e77a 1767
83e029d5
PP
1768PP/09 Implemented reverse_ip expansion operator.
1769
ed7f7860
PP
1770PP/10 Bugzilla 937: provide a "debug" ACL control.
1771
7d9f747b
PP
1772PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne.
1773
4b2241d2
PP
1774PP/12 Bugzilla 973: Implement --version.
1775
10385c15
PP
1776PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0.
1777
dbc4b90d
PP
1778PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.
1779
532be449
PP
1780PP/15 Bugzilla 816: support multiple condition rules on Routers.
1781
6a8de854 1782PP/16 Add bool_lax{} expansion operator and use that for combining multiple
71265ae9
PP
1783 condition rules, instead of bool{}. Make both bool{} and bool_lax{}
1784 ignore trailing whitespace.
6a8de854 1785
5dc43717
JJ
1786JJ/02 prevent non-panic DKIM error from being sent to paniclog
1787
1788JJ/03 added tcp_wrappers_daemon_name to allow host entries other than
1789 "exim" to be used
55c75993 1790
3346ab01
PP
1791PP/17 Fix malware regression for cmdline scanner introduced in PP/08.
1792 Notification from Dr Andrew Aitchison.
1793
491fab4c
PP
1794PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's
1795 ExtendedDetectionInfo response format.
1796 Notification from John Horne.
1797
13eb9497
PP
1798PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards
1799 compatible.
1800
1801PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http:
1802 XSL and documented dependency on system catalogs, with examples of how
1803 it normally works.
1804
7f36d675
DW
1805DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
1806 access.
1807
c1d94452
DW
1808DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
1809 of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
1810 configuration file which is writeable by the Exim user or group.
1811
e2f5dc15
DW
1812DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
1813 of configuration files to cover files specified with the -C option if
1814 they are going to be used with root privileges, not just the default
1815 configuration file.
1816
cd25e41d
DW
1817DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
1818 option (effectively making it always true).
1819
261dc43e
DW
1820DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
1821 files to be used while preserving root privileges.
1822
fa32850b
DW
1823DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
1824 that rogue child processes cannot use them.
1825
79d4bc3d
PP
1826PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim
1827 run-time user, instead of root.
1828
43236f35 1829PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the
2cfd3221
PP
1830 Exim run-time user without dropping privileges.
1831
fb08281f
DW
1832DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
1833 result string, instead of calling string_vformat() twice with the same
1834 arguments.
3346ab01 1835
74935b98
DW
1836DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not
1837 for other users. Others should always drop root privileges if they use
1838 -C on the command line, even for a whitelisted configure file.
1839
90b6341f
DW
1840DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes.
1841
57730b52
ML
1842NM/01 Fixed bug #1002 - Message loss when using multiple deliveries
1843
66581d1e 1844
465e92cf
JJ
1845Exim version 4.72
1846-----------------
1847
453a6645
PP
1848JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
1849 $data_path, and $header_path variables; fixed documentation bugs and
1850 typos
465e92cf 1851
453a6645
PP
1852JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
1853 exipick to access non-standard spools, including the "frozen" queue
1854 (Finput)
edae0343 1855
9bd3e22c
NM
1856NM/01 Bugzilla 965: Support mysql stored procedures.
1857 Patch from Alain Williams
1858
bb576ff7
NM
1859NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD
1860
5a1a5845
NM
1861NM/03 Bugzilla 955: Documentation fix for max_rcpts.
1862 Patch from Andreas Metzler
1863
981a9fad
NM
1864NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator.
1865 Patch from Kirill Miazine
1866
7fc497ee
NM
1867NM/05 Bugzilla 671: Added umask to procmail example.
1868
1a41defa
JJ
1869JJ/03 installed exipick 20100323.0, fixing doc bug
1870
a466095c 1871NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail
b26eacf1 1872 directory. Notification and patch from Dan Rosenberg.
a466095c 1873
94a6bd0b
NM
1874TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1.
1875
1876TK/02 Improve log output when DKIM signing operation fails.
1877
1878MH/01 Treat the transport option dkim_domain as a colon separated
1879 list, not as a single string, and sign the message with each element,
1880 omitting multiple occurences of the same signer.
1881
c1b141a8
NM
1882NM/07 Null terminate DKIM strings, Null initialise DKIM variable
1883 Bugzilla 985, 986. Patch by Simon Arlott
94a6bd0b 1884
b26eacf1 1885NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related)
0d0c6357
NM
1886 Patch by Simon Arlott
1887
179c5980 1888PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on
b26eacf1 1889 MBX locking. Notification from Dan Rosenberg.
179c5980 1890
9bd3e22c 1891
7c6d71af
NM
1892Exim version 4.71
1893-----------------
1894
7d9f747b 1895TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body.
7c6d71af 1896
f013fb92
NM
1897NM/01 Bugzilla 913: Documentation fix for gnutls_* options.
1898
0eb8eedd
NM
1899NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults.
1900
663ee6d9
NM
1901NM/03 Bugzilla 847: Enable DNSDB lookup by default.
1902
177ebd9b
NM
1903NM/04 Bugzilla 915: Flag broken perl installation during build.
1904
7c6d71af 1905
210f147e
NM
1906Exim version 4.70
1907-----------------
1908
cdd3bb85 1909TK/01 Added patch by Johannes Berg that expands the main option
e739e3d9 1910 "spamd_address" if it starts with a dollar sign.
cdd3bb85
TK
1911
1912TK/02 Write list of recipients to X-Envelope-Sender header when building
1913 the mbox-format spool file for content scanning (suggested by Jakob
7d9f747b 1914 Hirsch).
cdd3bb85
TK
1915
1916TK/03 Added patch by Wolfgang Breyha that adds experimental DCC
1917 (http://www.dcc-servers.net/) support via dccifd. Activated by
e739e3d9 1918 setting EXPERIMENTAL_DCC=yes in Local/Makefile.
cdd3bb85
TK
1919
1920TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted
1921 by Mark Daniel Reidel <mr@df.eu>.
1922
210f147e
NM
1923NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree.
1924 When building exim an external PCRE library is now needed -
1925 PCRE is a system library on the majority of modern systems.
1926 See entry on PCRE_LIBS in EDITME file.
1927
deafd5b3
NM
1928NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator
1929 conversation. Added nologin parameter to request.
7d9f747b 1930 Patch contributed by Kirill Miazine.
deafd5b3 1931
089793a4
TF
1932TF/01 Do not log submission mode rewrites if they do not change the address.
1933
5f16ca82
TF
1934TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c.
1935
dae9d94e 1936NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty
7d9f747b 1937 log files in place. Contributed by Roberto Lima.
dae9d94e 1938
7d9f747b 1939NM/04 Bugzilla 667: Close socket used by dovecot authenticator.
3f0da4d0 1940
06864c44
TF
1941TF/03 Bugzilla 615: When checking the local_parts router precondition
1942 after a local_part_suffix or local_part_prefix option, Exim now
1943 does not use the address's named list lookup cache, since this
1944 contains cached lookups for the whole local part.
1945
65a7d8c3 1946NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by
7d9f747b 1947 Robert Millan. Documentation is in experimental-spec.txt.
65a7d8c3 1948
23510047 1949TF/04 Bugzilla 668: Fix parallel build (make -j).
65a7d8c3 1950
7d9f747b 1951NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000.
5f28a6e8 1952
7d8eec3a 1953NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling.
7d9f747b 1954 Patch provided by Jan Srzednicki.
6c588e74 1955
89dec7b6
TF
1956TF/05 Leading white space used to be stripped from $spam_report which
1957 wrecked the formatting. Now it is preserved.
5f28a6e8 1958
a99de90c
TF
1959TF/06 Save $spam_score, $spam_bar, and $spam_report in spool files, so
1960 that they are available at delivery time.
1961
e2803e40
TF
1962TF/07 Fix the way ${extract is skipped in the untaken branch of a conditional.
1963
7199e1ee
TF
1964TF/08 TLS error reporting now respects the incoming_interface and
1965 incoming_port log selectors.
1966
e276e04b
TF
1967TF/09 Produce a more useful error message if an SMTP transport's hosts
1968 setting expands to an empty string.
1969
ce552449 1970NM/06 Bugzilla 744: EXPN did not work under TLS.
7d9f747b 1971 Patch provided by Phil Pennock.
ce552449 1972
e765a0f1 1973NM/07 Bugzilla 769: Extraneous comma in usage fprintf
7d9f747b 1974 Patch provided by Richard Godbee.
e765a0f1 1975
4f054c63 1976NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be
447de4b0 1977 acl_smtp_notquit, added index entry.
4f054c63 1978
7d9f747b
PP
1979NM/09 Bugzilla 787: Potential buffer overflow in string_format.
1980 Patch provided by Eugene Bujak.
24c929a2 1981
7d9f747b
PP
1982NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to
1983 accept(). Patch provided by Maxim Dounin.
cf73943b 1984
b52bc06e 1985NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero.
7d9f747b 1986 Patch provided by Phil Pennock.
b52bc06e 1987
447de4b0
NM
1988NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists.
1989
4c69d561 1990NM/13 Bugzilla 590: Correct handling of Resent-Date headers.
7d9f747b 1991 Patch provided by Brad "anomie" Jorsch.
4c69d561 1992
d5c39246 1993NM/14 Bugzilla 622: Added timeout setting to transport filter.
7d9f747b 1994 Patch provided by Dean Brooks.
9b989985 1995
0b23848a
TK
1996TK/05 Add native DKIM support (does not depend on external libraries).
1997
8f3414a1 1998NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful.
7d9f747b 1999 Patch provided by Graeme Fowler.
e2aacdfd 2000
fb6f955d
NM
2001NM/16 Bugzilla 851: Documentation example syntax fix.
2002
2003NM/17 Changed NOTICE file to remove references to embedded PCRE.
8f3414a1 2004
7d9f747b
PP
2005NM/18 Bugzilla 894: Fix issue with very long lines including comments in
2006 lsearch.
dbb0bf41 2007
7d9f747b
PP
2008NM/19 Bugzilla 745: TLS version reporting.
2009 Patch provided by Phil Pennock.
f3766eb5 2010
7d9f747b
PP
2011NM/20 Bugzilla 167: bool: condition support.
2012 Patch provided by Phil Pennock.
36f12725 2013
7d9f747b
PP
2014NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken
2015 clients. Patch provided by Phil Pennock.
e6060e2c 2016
7d9f747b
PP
2017NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date.
2018 Patch provided by Brad "anomie" Jorsch.
5eb690a1 2019
7d9f747b
PP
2020NM/23 Bugzilla 687: Fix misparses in eximstats.
2021 Patch provided by Heiko Schlittermann.
d5c13d66 2022
7d9f747b
PP
2023NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid.
2024 Patch provided by Heiko Schlittermann.
b2335c0b 2025
7d9f747b 2026NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file.
1da77999 2027 plus update to original patch.
f4cd9433 2028
7d9f747b 2029NM/26 Bugzilla 799: Documentation correction for ratelimit.
dc988b7e 2030
7d9f747b
PP
2031NM/27 Bugzilla 802: Improvements to local interface IP addr detection.
2032 Patch provided by David Brownlee.
8dc71ab3 2033
7d9f747b 2034NM/28 Bugzilla 807: Improvements to LMTP delivery logging.
400eda43 2035
7d9f747b 2036NM/29 Bugzilla 862, 866, 875: Documentation bugfixes.
ec5a421b 2037
7d9f747b 2038NM/30 Bugzilla 888: TLS documentation bugfixes.
07af267e 2039
7d9f747b 2040NM/31 Bugzilla 896: Dovecot buffer overrun fix.
51473862 2041
17792b53 2042NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --"
7d9f747b 2043 Unlike the original bugzilla I have changed all shell scripts in src tree.
17792b53 2044
7d9f747b
PP
2045NM/33 Bugzilla 898: Transport filter timeout fix.
2046 Patch by Todd Rinaldo.
52383f8f 2047
91576cec 2048NM/34 Bugzilla 901: Fix sign/unsigned and UTF mismatches.
7d9f747b 2049 Patch by Serge Demonchaux.
5ca6d115 2050
7d9f747b
PP
2051NM/35 Bugzilla 39: Base64 decode bug fixes.
2052 Patch by Jakob Hirsch.
baee9eee 2053
7d9f747b 2054NM/36 Bugzilla 909: Correct connect() call in dcc code.
e93a964c 2055
7d9f747b 2056NM/37 Bugzilla 910: Correct issue with relaxed/simple handling.
9bf3d68f 2057
7d9f747b 2058NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed.
96535b98 2059
7d9f747b 2060NM/39 Bugzilla 911: Fixed MakeLinks build script.
30339e0f 2061
deafd5b3 2062
47db1125
NM
2063Exim version 4.69
2064-----------------
2065
4b3504d0
TK
2066TK/01 Add preliminary DKIM support. Currently requires a forked version of
2067 ALT-N's libdkim that I have put here:
2068 http://duncanthrax.net/exim-experimental/
2069
2070 Note to Michael Haardt: I had to rename some vars in sieve.c. They
2071 were called 'true' and it seems that C99 defines that as a reserved
2072 keyword to be used with 'bool' variable types. That means you could
2073 not include C99-style headers which use bools without triggering
2074 build errors in sieve.c.
2075
81ea09ca
NM
2076NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
2077 as mailq or other aliases. Changed the --help handling significantly
2078 to do whats expected. exim_usage() emits usage/help information.
2079
f13cddcb
SC
2080SC/01 Added the -bylocaldomain option to eximstats.
2081
7d9f747b 2082NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr.
8ad076b2 2083
7d9f747b 2084NM/03 Bugzilla 613: Documentation fix for acl_not_smtp.
a843aaa6 2085
7d9f747b 2086NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall).
47db1125
NM
2087
2088
eb4c0de6
PH
2089Exim version 4.68
2090-----------------
2091
2092PH/01 Another patch from the Sieve maintainer.
2093
6a3bceb1
PH
2094PH/02 When an IPv6 address is converted to a string for single-key lookup
2095 in an address list (e.g. for an item such as "net24-dbm;/net/works"),
2096 dots are used instead of colons so that keys in lsearch files need not
2097 contain colons. This was done some time before quoting was made available
2098 in lsearch files. However, iplsearch files do require colons in IPv6 keys
2099 (notated using the quote facility) so as to distinguish them from IPv4
2100 keys. This meant that lookups for IP addresses in host lists did not work
2101 for iplsearch lookups.
2102
2103 This has been fixed by arranging for IPv6 addresses to be expressed with
2104 colons if the lookup type is iplsearch. This is not incompatible, because
2105 previously such lookups could never work.
2106
4c04137d 2107 The situation is now rather anomalous, since one *can* have colons in
6a3bceb1
PH
2108 ordinary lsearch keys. However, making the change in all cases is
2109 incompatible and would probably break a number of configurations.
2110
2e30fa9d
TK
2111TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
2112 version.
2113
0806a9c5
MH
2114MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
2115 conversion specification without a maximum field width, thereby enabling
2116 a rogue spamd server to cause a buffer overflow. While nobody in their
2117 right mind would setup Exim to query an untrusted spamd server, an
2118 attacker that gains access to a server running spamd could potentially
2119 exploit this vulnerability to run arbitrary code as the Exim user.
2120
ae276964
TK
2121TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
2122 $primary_hostname instead of what libspf2 thinks the hosts name is.
2123
0f2cbd1b
MH
2124MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
2125 a directory entry by the name of the lookup key. Previously, if a
2126 symlink pointed to a non-existing file or a file in a directory that
2127 Exim lacked permissions to read, a lookup for a key matching that
2128 symlink would fail. Now it is enough that a matching directory entry
2129 exists, symlink or not. (Bugzilla 503.)
2130
2b85bce7
PH
2131PH/03 The body_linecount and body_zerocount variables are now exported in the
2132 local_scan API.
2133
93655c46
PH
2134PH/04 Added the $dnslist_matched variable.
2135
6c512171
PH
2136PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
2137 This means they are set thereafter only if the connection becomes
2138 encrypted.
2139
2140PH/06 Added the client_condition to authenticators so that some can be skipped
2141 by clients under certain conditions.
2142
aa6dc513
PH
2143PH/07 The error message for a badly-placed control=no_multiline_responses left
2144 "_responses" off the end of the name.
2145
a96603a0
PH
2146PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
2147
8f240103
PH
2148PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
2149 (without spaces) instead of just copying the configuration text.
2150
2151PH/10 Added the /noupdate option to the ratelimit ACL condition.
2152
d677b2f2
PH
2153PH/11 Added $max_received_linelength.
2154
d52120f2
PH
2155PH/12 Added +ignore_defer and +include_defer to host lists.
2156
64f2600a
PH
2157PH/13 Installed PCRE version 7.2. This needed some changes because of the new
2158 way in which PCRE > 7.0 is built.
2159
8669f003
PH
2160PH/14 Implemented queue_only_load_latch.
2161
a4dc33a8
PH
2162PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
2163 MAIL command. The effect was to mangle the value on 64-bit systems.
2164
d6a60c0f
PH
2165PH/16 Another patch from the Sieve maintainer.
2166
8f128379
PH
2167PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
2168
8932dffe
PH
2169PH/18 If a system quota error occurred while trying to create the file for
2170 a maildir delivery, the message "Mailbox is full" was not appended to the
2171 bounce if the delivery eventually timed out. Change 4.67/27 below applied
2172 only to a quota excession during the actual writing of the file.
d6a60c0f 2173
ddea74fa 2174PH/19 It seems that peer DN values may contain newlines (and other non-printing
48ed62d9
PH
2175 characters?) which causes problems in log lines. The DN values are now
2176 passed through string_printing() before being added to log lines.
2177
ddea74fa 2178PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
b7670459
PH
2179 and InterBase are left for another time.)
2180
ddea74fa
PH
2181PH/21 Added message_body_newlines option.
2182
ce9f225c
PH
2183PH/22 Guard against possible overflow in moan_check_errorcopy().
2184
19897d52
PH
2185PH/23 POSIX allows open() to be a macro; guard against that.
2186
bc64a74d
PH
2187PH/24 If the recipient of an error message contained an @ in the local part
2188 (suitably quoted, of course), incorrect values were put in $domain and
2189 $local_part during the evaluation of errors_copy.
2190
eb4c0de6 2191
b4ed4da0
PH
2192Exim version 4.67
2193-----------------
2194
22ad45c9
MH
2195MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address
2196 is unset (happens when testing with -bh and -oMi isn't used). Thanks to
2197 Jan Srzednicki.
2198
b4ed4da0
PH
2199PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not
2200 issue a MAIL command.
2201
431b7361
PH
2202PH/02 In an ACL statement such as
2203
2204 deny dnslists = X!=127.0.0.2 : X=127.0.0.2
2205
2206 if a client was not listed at all, or was listed with a value other than
2207 127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list,
2208 the condition was not true (as it should be), so access was not denied.
2209 The bug was that the ! inversion was incorrectly passed on to the second
2210 item. This has been fixed.
2211
2212PH/03 Added additional dnslists conditions == and =& which are different from
2213 = and & when the dns lookup returns more than one IP address.
2214
83da1223
PH
2215PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the
2216 cipher suites used by GnuTLS. These options are ignored by OpenSSL.
2217
54fc8428
PH
2218PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_
2219 FSYNC, which compiles an option called disable_fsync that allows for
2220 bypassing fsync(). The documentation is heavily laced with warnings.
2221
34c5e8dd
SC
2222SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket.
2223
bbe15da8
PH
2224PH/06 Some tidies to the infrastructure of the Test Suite that is concerned
2225 with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT
2226 to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile,
2227 including adding "make clean"; (3) Added -fPIC when compiling the test
2228 dynamically loaded module, to get rid of a warning.
2229
0e8a9471
MH
2230MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce
2231 message fails, move_frozen_messages = true and ignore_bounce_errors_after
2232 = 0s. The bug is otherwise harmless.
2233
f0872424
PH
2234PH/07 There was a bug in the dovecot authenticator such that the value of
2235 $auth1 could be overwritten, and so not correctly preserved, after a
2236 successful authentication. This usually meant that the value preserved by
2237 the server_setid option was incorrect.
2238
b01dd148
PH
2239PH/08 Added $smtp_count_at_connection_start, deliberately with a long name.
2240
6bf342e1
PH
2241PH/09 Installed PCRE release 7.0.
2242
273f34d0
PH
2243PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being
2244 run for batched SMTP input. It is now run at the start of every message
2245 in the batch. While fixing this I discovered that the process information
2246 (output by running exiwhat) was not always getting set for -bs and -bS
2247 input. This is fixed, and it now also says "batched" for BSMTP.
2248
cf8b11a5
PH
2249PH/11 Added control=no_pipelining.
2250
41c7c167
PH
2251PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's
2252 patch, slightly modified), and move the expansion of helo_data till after
2253 the connection is made in the smtp transport (so it can use these
2254 values).
2255
9c57cbc0
PH
2256PH/13 Added ${rfc2047d: to decoded RFC 2047 strings.
2257
f3f065bb
PH
2258PH/14 Added log_selector = +pid.
2259
047bdd8c
PH
2260PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set.
2261
0ce9abe6
PH
2262PH/16 Add ${if forany and ${if forall.
2263
0e22dfd1
PH
2264PH/17 Added dsn_from option to vary the From: line in DSNs.
2265
4c590bd1
PH
2266PH/18 Flush SMTP output before performing a callout, unless control =
2267 no_callout_flush is set.
2268
09945f1e
PH
2269PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender
2270 was true (the default) a successful delivery failed to delete the retry
2271 item, thus causing premature timeout of the address. The bug is now
2272 fixed.
2273
c51b8e75
PH
2274PH/20 Added hosts_avoid_pipelining to the smtp transport.
2275
e28326d8 2276PH/21 Long custom messages for fakedefer and fakereject are now split up
4c04137d 2277 into multiline responses in the same way that messages for "deny" and
e28326d8
PH
2278 other ACL rejections are.
2279
75b1493f
PH
2280PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep,
2281 with slight modification.
2282
7c5214ec
PH
2283PH/23 Applied sieve patches from the maintainer "tracking the latest notify
2284 draft, changing the syntax and factoring some duplicate code".
2285
4311097e
PH
2286PH/24 When the log selector "outgoing_port" was set, the port was shown as -1
2287 for deliveries of the second and subsequent messages over the same SMTP
2288 connection.
2289
29f89cad
PH
2290PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and
2291 ${reduce, with only minor "tidies".
2292
5e687460
SC
2293SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match.
2294
c3611384
PH
2295PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its
2296 expansion side effects.
2297
5a11a7b4
PH
2298PH/27 When a message times out after an over-quota error from an Exim-imposed
2299 quota, the bounce message says "mailbox is full". This message was not
2300 being given when it was a system quota that was exceeded. It now should
2301 be the same.
2302
0e20aff9
MH
2303MH/03 Made $recipients available in local_scan(). local_scan() already has
2304 better access to the recipient list through recipients_list[], but
2305 $recipients can be useful in postmaster-provided expansion strings.
2306
ca86f471
PH
2307PH/28 The $smtp_command and $smtp_command_argument variables were not correct
2308 in the case of a MAIL command with additional options following the
2309 address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings
2310 were accidentally chopped off.
2311
a14e5636
PH
2312PH/29 SMTP synchronization checks are implemented when a command is read -
2313 there is a check that no more input is waiting when there shouldn't be
2314 any. However, for some commands, a delay in an ACL can mean that it is
2315 some time before the response is written. In this time, more input might
2316 arrive, invalidly. So now there are extra checks after an ACL has run for
2317 HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when
2318 pipelining has not been advertised.
2319
ec95d1a6
PH
2320PH/30 MH's patch to allow iscntrl() characters to be list separators.
2321
42855d71
PH
2322PH/31 Unlike :fail:, a custom message specified with :defer: was not being
2323 returned in the SMTP response when smtp_return_error_details was false.
2324 This has been fixed.
2325
57c2c631
PH
2326PH/32 Change the Dovecot authenticator to use read() and write() on the socket
2327 instead of the C I/O that was originally supplied, because problems were
2328 reported on Solaris.
2329
58c01c94
PH
2330PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in
2331 Exim which did not show up earlier: it was assuming that a call to
2332 SSL_CTX_set_info_callback() might give an error value. In fact, there is
2333 no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback()
2334 was a macro that became an assignment, so it seemed to work. This has
2335 changed to a proper function call with a void return, hence the compile
2336 error. Exim's code has been fixed.
2337
dee5a20a
PH
2338PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit
2339 cpus.
2340
d2ee6114
PH
2341PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify".
2342
b2d5182b
PH
2343PH/36 Applied John Jetmore's patch to add -v functionality to exigrep.
2344
79749a79
PH
2345PH/37 If a message is not accepted after it has had an id assigned (e.g.
2346 because it turns out to be too big or there is a timeout) there is no
3ce62588
PH
2347 "Completed" line in the log. When some messages of this type were
2348 selected by exigrep, they were listed as "not completed". Others were
2349 picked up by some special patterns. I have improved the selection
2350 criteria to be more general.
79749a79 2351
c456d9bb
PH
2352PH/38 The host_find_failed option in the manualroute router can now be set
2353 to "ignore", to completely ignore a host whose IP address cannot be
2354 found. If all hosts are ignored, the behaviour is controlled by the new
2355 host_all_ignored option.
2356
cd9868ec
PH
2357PH/39 In a list of hosts for manualroute, if one item (either because of multi-
2358 homing or because of multiple MX records with /mx) generated more than
2359 one IP address, and the following item turned out to be the local host,
2360 all the secondary addresses of the first item were incorrectly removed
2361 from the list, along with the local host and any following hosts (which
2362 is what is supposed to happen).
2363
ebeaf996
PH
2364PH/40 When Exim receives a message, it writes the login name, uid, and gid of
2365 whoever called Exim into the -H file. In the case of the daemon it was
2366 behaving confusingly. When first started, it used values for whoever
2367 started the daemon, but after a SIGHUP it used the Exim user (because it
2368 calls itself on a restart). I have changed the code so that it now always
2369 uses the Exim user.
2370
2679d413
PH
2371PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a
2372 message are rejected with the same error (e.g. no authentication or bad
2373 sender address), and a DATA command is nevertheless sent (as can happen
2374 with PIPELINING or a stupid MUA), the error message that was given to the
2375 RCPT commands is included in the rejection of the DATA command. This is
2376 intended to be helpful for MUAs that show only the final error to their
2377 users.
2378
84024b72
PH
2379PH/42 Another patch from the Sieve maintainer.
2380
8005d38e
SC
2381SC/02 Eximstats - Differentiate between permanent and temporary rejects.
2382 Eximstats - Fixed some broken HTML links and added missing column headers
2383 (Jez Hancock).
2384 Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email
2385 columns for Rejects, Temp Rejects, Ham, and Spam rows.
2386
3298c6c6
SC
2387SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables.
2388
a43a27c5
PH
2389PH/43 Yet another patch from the Sieve maintainer.
2390
58eb016e 2391PH/44 I found a way to check for a TCP/IP connection going away before sending
563b63fa
PH
2392 the response to the final '.' that terminates a message, but only in the
2393 case where the client has not sent further data following the '.'
2394 (unfortunately, this is allowed). However, in many cases there won't be
2395 any further data because there won't be any more messages to send. A call
2396 to select() can be used: if it shows that the input is "ready", there is
2397 either input waiting, or the socket has been closed. An attempt to read
2398 the next input character can distinguish the two cases. Previously, Exim
58eb016e 2399 would have sent an OK response which the client would never have see.
563b63fa
PH
2400 This could lead to message repetition. This fix should cure that, at
2401 least in a lot of common cases.
58eb016e 2402
b43a74ea
PH
2403PH/45 Do not advertise STARTTLS in response to HELP unless it would be
2404 advertised in response to EHLO.
2405
b4ed4da0 2406
5dd1517f
PH
2407Exim version 4.66
2408-----------------
2409
2410PH/01 Two more bugs that were introduced by 4.64/PH/07, in addition to the one
2411 fixed by 4.65/MH/01 (is this a record?) are fixed:
2412
2413 (i) An empty string was always treated as zero by the numeric comparison
2414 operators. This behaviour has been restored.
2415
2416 (ii) It is documented that the numeric comparison operators always treat
2417 their arguments as decimal numbers. This was broken in that numbers
2418 starting with 0 were being interpreted as octal.
2419
2420 While fixing these problems I realized that there was another issue that
2421 hadn't been noticed. Values of message_size_limit (both the global option
2422 and the transport option) were treated as octal if they started with 0.
2423 The documentation was vague. These values are now always treated as
2424 decimal, and I will make that clear in the documentation.
2425
2426
93cfa765
TK
2427Exim version 4.65
2428-----------------
2429
2430TK/01 Disable default definition of HAVE_LINUX_SENDFILE. Clashes with
2431 Linux large file support (_FILE_OFFSET_BITS=64) on older glibc
2432 versions. (#438)
2433
d6066548
MH
2434MH/01 Don't check that the operands of numeric comparison operators are
2435 integers when their expansion is in "skipping" mode (fixes bug
2436 introduced by 4.64-PH/07).
2437
4362ff0d
PH
2438PH/01 If a system filter or a router generates more than SHRT_MAX (32767)
2439 child addresses, Exim now panics and dies. Previously, because the count
2440 is held in a short int, deliveries were likely to be lost. As such a
2441 large number of recipients for a single message is ridiculous
2442 (performance will be very, very poor), I have chosen to impose a limit
2443 rather than extend the field.
2444
93cfa765 2445
944e9e9c
TF
2446Exim version 4.64
2447-----------------
aa41d2de 2448
21d74bd9
TK
2449TK/01 Bugzilla #401. Fix DK spooling code so that it can overwrite a
2450 leftover -K file (the existence of which was triggered by #402).
2451 While we were at it, introduced process PID as part of the -K
2452 filename. This should rule out race conditions when creating
2453 these files.
2454
2455TK/02 Bugzilla #402. Apply patch from Simon Arlott, speeding up DK signing
2456 processing considerably. Previous code took too long for large mails,
2457 triggering a timeout which in turn triggers #401.
2458
2459TK/03 Introduced HAVE_LINUX_SENDFILE to os.h-Linux. Currently only used
2460 in the DK code in transports.c. sendfile() is not really portable,
2461 hence the _LINUX specificness.
944e9e9c
TF
2462
2463TF/01 In the add_headers option to the mail command in an Exim filter,
2464 there was a bug that Exim would claim a syntax error in any
2465 header after the first one which had an odd number of characters
2466 in the field name.
2467
2b1c6e3a
PH
2468PH/01 If a server that rejects MAIL FROM:<> was the target of a sender
2469 callout verification, Exim cached a "reject" for the entire domain. This
2470 is correct for most verifications, but it is not correct for a recipient
2471 verification with use_sender or use_postmaster set, because in that case
2472 the callout does not use MAIL FROM:<>. Exim now distinguishes the special
2473 case of MAIL FROM:<> rejection from other early rejections (e.g.
2474 rejection of HELO). When verifying a recipient using a non-null MAIL
2475 address, the cache is ignored if it shows MAIL FROM:<> rejection.
2476 Whatever the result of the callout, the value of the domain cache is
2477 left unchanged (for any other kind of callout, getting as far as trying
2478 RCPT means that the domain itself is ok).
2479
1f872c80
PH
2480PH/02 Tidied a number of unused variable and signed/unsigned warnings that
2481 gcc 4.1.1 threw up.
2482
2483PH/03 On Solaris, an unexpectedly close socket (dropped connection) can
2484 manifest itself as EPIPE rather than ECONNECT. When tidying away a
2485 session, the daemon ignores ECONNECT errors and logs others; it now
2486 ignores EPIPE as well.
2487
d203e649
PH
2488PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c
2489 (quoted-printable decoding).
2490
cc2ed8f7 2491PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and
21a04aa3 2492 later the small subsequent patch to fix an introduced bug.
f951fd57 2493
ddfcd446
PH
2494PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer.
2495
d45b1de8
PH
2496PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}.
2497
2498PH/08 An error is now given if message_size_limit is specified negative.
2499
38a0a95f 2500PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables
641cb756 2501 to be given (somewhat) arbitrary names.
38a0a95f 2502
a2405d83
JJ
2503JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced
2504 in 4.64-PH/09.
2505
2506JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions,
2507 miscellaneous code fixes
2508
6ea85e9a
PH
2509PH/10 Added the log_reject_target ACL modifier to specify where to log
2510 rejections.
2511
26da7e20
PH
2512PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_
2513 hostname. This is wrong, because it relates to the incoming message (and
2514 probably the interface on which it is arriving) and not to the outgoing
2515 callout (which could be using a different interface). This has been
2516 changed to use the value of the helo_data option from the smtp transport
2517 instead - this is what is used when a message is actually being sent. If
2518 there is no remote transport (possible with a router that sets up host
2519 addresses), $smtp_active_hostname is used.
6ea85e9a 2520
14aa5a05 2521PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various
7befa435 2522 tweaks were necessary in order to get it to work (see also 21 below):
14aa5a05
PH
2523 (a) The code assumed that strncpy() returns a negative number on buffer
2524 overflow, which isn't the case. Replaced with Exim's string_format()
2525 function.
2526 (b) There were several signed/unsigned issues. I just did the minimum
2527 hacking in of casts. There is scope for a larger refactoring.
2528 (c) The code used strcasecmp() which is not a standard C function.
2529 Replaced with Exim's strcmpic() function.
2530 (d) The code set only $1; it now sets $auth1 as well.
2531 (e) A simple test gave the error "authentication client didn't specify
2532 service in request". It would seem that Dovecot has changed its
2533 interface. Fortunately there's a specification; I followed it and
2534 changed what the client sends and it appears to be working now.
2535
ff75a1f7
PH
2536PH/13 Added $message_headers_raw to provide the headers without RFC 2047
2537 decoding.
2538
e6f6568e
PH
2539PH/14 Corrected misleading output from -bv when -v was also used. Suppose the
2540 address A is aliased to B and C, where B exists and C does not. Without
2541 -v the output is "A verified" because verification stops after a
2542 successful redirection if more than one address is generated. However,
2543 with -v the child addresses are also verified. Exim was outputting "A
2544 failed to verify" and then showing the successful verification for C,
2545 with its parentage. It now outputs "B failed to verify", showing B's
2546 parentage before showing the successful verification of C.
2547
d6f6e0dc
PH
2548PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to
2549 look up a TXT record in a specific list after matching in a combined
2550 list.
2551
322050c2
PH
2552PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and
2553 RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when
2554 they consult the DNS. I had assumed they would set it the way they
2555 wanted; and indeed my experiments on Linux seem to show that in some
2556 cases they do (I could influence IPv6 lookups but not IPv4 lookups).
2557 To be on the safe side, however, I have now made the interface to
2558 host_find_byname() similar to host_find_bydns(), with an argument
2559 containing the DNS resolver options. The host_find_byname() function now
2560 sets these options at its start, just as host_find_bydns() does. The smtp
2561 transport options dns_qualify_single and dns_search_parents are passed to
2562 host_find_byname() when gethostbyname=TRUE in this transport. Other uses
2563 of host_find_byname() use the default settings of RES_DEFNAMES
2564 (qualify_single) but not RES_DNSRCH (search_parents).
2565
08955dd3
PH
2566PH/17 Applied (a modified version of) Nico Erfurth's patch to make
2567 spool_read_header() do less string testing, by means of a preliminary
2568 switch on the second character of optional "-foo" lines. (This is
2569 overdue, caused by the large number of possibilities that now exist.
2570 Originally there were few.) While I was there, I also converted the
2571 str(n)cmp tests so they don't re-test the leading "-" and the first
2572 character, in the hope this might squeeze out yet more improvement.
2573
1eccaa59
PH
2574PH/18 Two problems with "group" syntax in header lines when verifying: (1) The
2575 flag allowing group syntax was set by the header_syntax check but not
2576 turned off, possible causing trouble later; (2) The flag was not being
2577 set at all for the header_verify test, causing "group"-style headers to
2578 be rejected. I have now set it in this case, and also caused header_
2579 verify to ignore an empty address taken from a group. While doing this, I
2580 came across some other cases where the code for allowing group syntax
2581 while scanning a header line wasn't quite right (mostly, not resetting
2582 the flag correctly in the right place). These bugs could have caused
2583 trouble for malformed header lines. I hope it is now all correct.
2584
602e59e5
PH
2585PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called
2586 with the "reply" argument non-NULL. The code, however (which originally
2587 came from elsewhere) had *some* tests for NULL when it wrote to *reply,
2588 but it didn't always do it. This confused somebody who was copying the
2589 code for some other use. I have removed all the tests.
2590
411ef850
PH
2591PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a
2592 feature that was used to support insecure browsers during the U.S. crypto
2593 embargo. It requires special client support, and Exim is probably the
2594 only MTA that supported it -- and would never use it because real RSA is
2595 always available. This code has been removed, because it had the bad
2596 effect of slowing Exim down by computing (never used) parameters for the
2597 RSA_EXPORT functionality.
2598
7befa435
PH
2599PH/21 On the advice of Timo Sirainen, added a check to the dovecot
2600 authenticator to fail if there's a tab character in the incoming data
2601 (there should never be unless someone is messing about, as it's supposed
2602 to be base64-encoded). Also added, on Timo's advice, the "secured" option
2603 if the connection is using TLS or if the remote IP is the same as the
2604 local IP, and the "valid-client-cert option" if a client certificate has
2605 been verified.
2606
48da4259 2607PH/22 As suggested by Dennis Davis, added a server_condition option to *all*
16ff981e
PH
2608 authenticators. This can be used for authorization after authentication
2609 succeeds. (In the case of plaintext, it servers for both authentication
2610 and authorization.)
2611
48da4259
PH
2612PH/23 Testing for tls_required and lost_connection in a retry rule didn't work
2613 if any retry times were supplied.
2614
d1d5595c
PH
2615PH/24 Exim crashed if verify=helo was activated during an incoming -bs
2616 connection, where there is no client IP address to check. In this
2617 situation, the verify now always succeeds.
2618
0ef732d9
PH
2619PH/25 Applied John Jetmore's -Mset patch.
2620
328895cc
PH
2621PH/26 Added -bem to be like -Mset, but loading a message from a file.
2622
fd700877
PH
2623PH/27 In a string expansion for a processed (not raw) header when multiple
2624 headers of the same name were present, leading whitespace was being
2625 removed from all of them, but trailing whitespace was being removed only
2626 from the last one. Now trailing whitespace is removed from each header
f6c332bd
PH
2627 before concatenation. Completely empty headers in a concatenation (as
2628 before) are ignored.
fd700877 2629
8dce1a6f
PH
2630PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John
2631 Jetmore). It would have mis-read ACL variables from pre-4.61 spool files.
2632
17af4a17
PH
2633PH/29 [Removed. This was a change that I later backed out, and forgot to
2634 correct the ChangeLog entry (that I had efficiently created) before
2635 committing the later change.]
f6c332bd
PH
2636
2637PH/30 Exim was sometimes attempting to deliver messages that had suffered
2638 address errors (4xx response to RCPT) over the same connection as other
2639 messages routed to the same hosts. Such deliveries are always "forced",
2640 so retry times are not inspected. This resulted in far too many retries
2641 for the affected addresses. The effect occurred only when there were more
2642 hosts than the hosts_max_try setting in the smtp transport when it had
2643 the 4xx errors. Those hosts that it had tried were not added to the list
2644 of hosts for which the message was waiting, so if all were tried, there
2645 was no problem. Two fixes have been applied:
2646
2647 (i) If there are any address or message errors in an SMTP delivery, none
2648 of the hosts (tried or untried) are now added to the list of hosts
2649 for which the message is waiting, so the message should not be a
2650 candidate for sending over the same connection that was used for a
2651 successful delivery of some other message. This seems entirely
2652 reasonable: after all the message is NOT "waiting for some host".
2653 This is so "obvious" that I'm not sure why it wasn't done
2654 previously. Hope I haven't missed anything, but it can't do any
2655 harm, as the worst effect is to miss an optimization.
2656
2657 (ii) If, despite (i), such a delivery is accidentally attempted, the
2658 routing retry time is respected, so at least it doesn't keep
2659 hammering the server.
2660
c1114884
PH
2661PH/31 Installed Andrew Findlay's patch to close the writing end of the socket
2662 in ${readsocket because some servers need this prod.
2663
7a0743eb
PH
2664PH/32 Added some extra debug output when updating a wait-xxx database.
2665
0d85fa3f
PH
2666PH/33 The hint "could be header name not terminated by colon", which has been
2667 given for certain expansion errors for a long time, was not being given
2668 for the ${if def:h_colon_omitted{... case.
2669
1bf43b78
PH
2670PH/34 The spec says: "With one important exception, whenever a domain list is
2671 being scanned, $domain contains the subject domain." There was at least
2672 one case where this was not true.
2673
520de300
PH
2674PH/35 The error "getsockname() failed: connection reset by peer" was being
2675 written to the panic log as well as the main log, but it isn't really
2676 panic-worthy as it just means the connection died rather early on. I have
2677 removed the panic log writing for the ECONNRESET error when getsockname()
2678 fails.
2679
48c7f9e2
PH
2680PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue
2681 runs only) independently of the message's sender address. This meant
2682 that, if the 4xx error was in fact related to the sender, a different
2683 message to the same recipient with a different sender could confuse
4c04137d 2684 things. In particular, this can happen when sending to a greylisting
48c7f9e2
PH
2685 server, but other circumstances could also provoke similar problems.
2686 I have changed the default so that the retry time for these errors is now
2687 based a combination of the sender and recipient addresses. This change
2688 can be overridden by setting address_retry_include_sender=false in the
2689 smtp transport.
2690
99ea1c86
PH
2691PH/37 For LMTP over TCP/IP (the smtp transport), error responses from the
2692 remote server are returned as part of bounce messages. This was not
2693 happening for LMTP over a pipe (the lmtp transport), but now it is the
2694 same for both kinds of LMTP.
2695
a2042e78
PH
2696PH/38 Despite being documented as not happening, Exim was rewriting addresses
2697 in header lines that were in fact CNAMEs. This is no longer the case.
2698
4fbcfc2e
PH
2699PH/39 If -R or -S was given with -q<time>, the effect of -R or -S was ignored,
2700 and queue runs started by the daemon processed all messages. This has
2701 been fixed so that -R and -S can now usefully be given with -q<time>.
2702
aa41d2de
PH
2703PH/40 Import PCRE release 6.7 (fixes some bugs).
2704
af561417
PH
2705PH/41 Add bitwise logical operations to eval (courtesy Brad Jorsch).
2706
3cc66b45
PH
2707PH/42 Give an error if -q is specified more than once.
2708
194cc0e4
PH
2709PH/43 Renamed the variables $interface_address and $interface_port as
2710 $received_ip_address and $received_port, to make it clear that these
2711 values apply to message reception, and not to the outgoing interface when
2712 a message is delivered. (The old names remain recognized, of course.)
2713
a401ddaa
PH
2714PH/44 There was no timeout on the connect() call when using a Unix domain
2715 socket in the ${readsocket expansion. There now is.
2716
4e88a19f
PH
2717PH/45 Applied a modified version of Brad Jorsch's patch to allow "message" to
2718 be meaningful with "accept".
2719
d7d7b289
SC
2720SC/01 Eximstats V1.43
2721 Bug fix for V1.42 with -h0 specified. Spotted by Chris Lear.
2722
2723SC/02 Eximstats V1.44
2724 Use a glob alias rather than an array ref in the generated
2725 parser. This improves both readability and performance.
2726
2727SC/03 Eximstats V1.45 (Marco Gaiarin / Steve Campbell)
2728 Collect SpamAssassin and rejection statistics.
2729 Don't display local sender or destination tables unless
2730 there is data to show.
2731 Added average volumes into the top table text output.
2732
2733SC/04 Eximstats V1.46
2734 Collect data on the number of addresses (recipients)
2735 as well as the number of messages.
2736
2737SC/05 Eximstats V1.47
2738 Added 'Message too big' to the list of mail rejection
2739 reasons (thanks to Marco Gaiarin).
2740
2741SC/06 Eximstats V1.48
2742 Mainlog lines which have GMT offsets and are too short to
2743 have a flag are now skipped.
2744
2745SC/07 Eximstats V1.49 (Alain Williams)
2746 Added the -emptyok flag.
2747
2748SC/08 Eximstats V1.50
2749 Fixes for obtaining the IP address from reject messages.
2750
0ea2a468
JJ
2751JJ/03 exipick.20061117.2, made header handling as similar to exim as possible
2752 (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed
4c04137d 2753 whitespace changes from 4.64-PH/27
0ea2a468
JJ
2754
2755JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to
2756 match 4.64-PH/13
2757
2758JJ/05 exipick.20061117.2, bug fixes (error out sooner when invalid criteria
2759 are found, allow negative numbers in numeric criteria)
2760
2761JJ/06 exipick.20061117.2, added new $message_body_missing variable
2762
2763JJ/07 exipick.20061117.2, added $received_ip_address and $received_port
2764 to match changes made in 4.64-PH/43
2765
8a10f5a4
PH
2766PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm.
2767
30e18802
PH
2768PH/47 Put in an explicit test for a DNS lookup of an address record where the
2769 "domain" is actually an IP address, and force a failure. This locks out
2770 those revolvers/nameservers that support "A-for-A" lookups, in
2771 contravention of the specifications.
2772
55728a4f
PH
2773PH/48 When a host name was looked up from an IP address, and the subsequent
2774 forward lookup of the name timed out, the host name was left in
2775 $sender_host_name, contrary to the specification.
d7d7b289 2776
d7837193
PH
2777PH/49 Although default lookup types such as lsearch* or cdb*@ have always been
2778 restricted to single-key lookups, Exim was not diagnosing an error if
2779 * or *@ was used with a query-style lookup.
2780
87054a31
PH
2781PH/50 Increased the value of DH_BITS in tls-gnu.c from 768 to 1024.
2782
ea2c01d2
MH
2783MH/01 local_scan ABI version incremented to 1.1. It should have been updated
2784 long ago, but noone interested enough thought of it. Let's just say that
2785 the "1.1" means that there are some new functions that weren't there at
2786 some point in the past.
2787
e4fa6968
PH
2788PH/51 Error processing for expansion failure of helo_data from an smtp
2789 transport during callout processing was broken.
2790
56f5d9bd
PH
2791PH/52 Applied John Jetmore's patch to allow tls-on-connect and STARTTLS to be
2792 tested/used via the -bh/-bhc/-bs options.
2793
922e1c28
PH
2794PH/53 Added missing "#include <time.h>" to pcre/pcretest.c (this was a PCRE
2795 bug, fixed in subsequent PCRE releases).
2796
21eb6e72
PH
2797PH/54 Applied Robert Bannocks' patch to avoid a problem with references that
2798 arises when using the Solaris LDAP libraries (but not with OpenLDAP).
2799
a0540757
PH
2800PH/55 Check for a ridiculously long file name in exim_dbmbuild.
2801
944e9e9c 2802
478be7b0
SC
2803Exim version 4.63
2804-----------------
2805
2806SC/01 Use a glob alias rather than an array ref in eximstats generated
2807 parser. This improves both readability and performance.
2808
2809SC/02 Collect SpamAssassin and rejection statistics in eximstats.
2810 Don't display local sender or destination tables in eximstats unless
2811 there is data to show.
2812 Added average volumes into the eximstats top table text output.
2813
2814SC/03 Collect data on the number of addresses (recipients) as well
2815 as the number of messages in eximstats.
2816
2b965a65
TF
2817TF/01 Correct an error in the documentation for the redirect router. Exim
2818 does (usually) call initgroups() when daemonizing.
478be7b0 2819
45b91596
PH
2820TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs
2821 with consistent privilege compared to when running as a daemon.
478be7b0 2822
c59f5781
TF
2823TF/03 Note in the spec that $authenticated_id is not set for local
2824 submissions from trusted users.
2825
90fc3069
TF
2826TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp.
2827 Thanks to Dean Brooks <dean@iglou.com> for the patch.
2828
6083aca0
TF
2829TF/05 Make it easier to get SMTP authentication and TLS/SSL support working
2830 by adding some example configuration directives to the default
2831 configuration file. A little bit of work is required to uncomment the
2832 directives and define how usernames and passwords are checked, but
2833 there is now a framework to start from.
2834
765b530f
PH
2835PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old"
2836 functions that Exim currently uses aren't defined in ldap.h for OpenLDAP
2837 without this. I don't know how relevant this is to other LDAP libraries.
2838
4e167a8c
PH
2839PH/02 Add the verb name to the "unknown ACL verb" error.
2840
4608d683
PH
2841PH/03 Magnus Holmgren's patch for filter_prepend_home.
2842
b8dc3e4a
PH
2843PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work.
2844
5418e93b
PH
2845PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home
2846 directory not expanded when it should be if an expanded home directory
2847 was set for the address (which is overridden by the transport).
2848
b4a9bda2
PH
2849PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with
2850 libradius.
2851
45b91596
PH
2852PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the
2853 bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL,
2854 because it is too late at that time, and has no effect.
2855
5547e2c5
PH
2856PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a
2857 security issue with \' (bugzilla #107). I could not use the
2858 PQescapeStringConn() function, because it needs a PGconn value as one of
2859 its arguments.
2860
dbcef0ea
PH
2861PH/08 When testing addresses using -bt, indicate those final addresses that
2862 are duplicates that would not cause an additional delivery. At least one
2863 person was confused, thinking that -bt output corresponded to deliveries.
2864 (Suppressing duplicates isn't a good idea as you lose the information
2865 about possibly different redirections that led to the duplicates.)
2866
25257489
PH
2867PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on
2868 systems where poll() doesn't work, in particular OS X.
2869
c816d124
PH
2870PH/10 Added more information to debugging output for retry time not reached.
2871
a9ccd69a
PH
2872PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read
2873 operations in malware.c.
2874
75fa1910
PH
2875PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys
2876 signatures.
2877
a7d7aa58
PH
2878PH/13 If write_rejectlog was set false when logging was sent to syslog with
2879 syslog_duplication set false, log lines that would normally be written
2880 both the the main log and to the reject log were not written to syslog at
2881 all.
2882
42119b09
PH
2883PH/14 In the default configuration, change the use of "message" in ACL warn
2884 statements to "add_header".
2885
41609df5
PH
2886PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not
2887 not followed by a command (e.g. "seen endif").
2888
a5bd321b
PH
2889PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail:
2890 and :defer: in a redirect router. Add forbid_smtp_code to suppress the
2891 latter.
2892
e85a7ad5 2893PH/17 Added extra conditions to the default value of delay_warning_condition
5dff5817
PH
2894 so that it is now:
2895
e85a7ad5
PH
2896 ${if or { \
2897 { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \
2898 { match{$h_precedence:}{(?i)bulk|list|junk} } \
2899 { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \
5dff5817
PH
2900 }{no}{yes}}
2901
e85a7ad5
PH
2902 The Auto-Submitted: and various List- headers are standardised, whereas I
2903 don't think Precedence: ever was.
5dff5817 2904
d8fe1c03
PH
2905PH/18 Refactored debugging code in route_finduser() to show more information,
2906 in particular, the error code if getpwnam() issues one.
2907
16282d2b
PH
2908PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module.
2909 This is apparently needed in addition to the PH/07 change above to avoid
2910 any possible encoding problems.
2911
35d40a98
PH
2912PH/20 Perl can change the locale. Exim was resetting it after a ${perl call,
2913 but not after initializing Perl.
2914
034d99ab
PH
2915PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and
2916 output them only if debugging. By default they are written stderr,
2917 apparently, which is not desirable.
2918
6ec97b1b
PH
2919PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on
2920 queries.
2921
e22ca4ac
JJ
2922JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and
2923 --not options
2924
2925JJ/02 exipick: rewrote --help documentation to hopefully make more clear.
2926
33d73e3b
PH
2927PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is
2928 authenticated or an ident call has been made. Suppress the default
2929 values for $authenticated_id and $authenticated_sender (but permit -oMai
2930 and -oMas) when testing with -bh.
2931
9ecb03f3
PH
2932PH/24 Re-jigged the order of the tests in the default configuration so that the
2933 tests for valid domains and recipients precede the DNS black list and CSA
2934 tests, on the grounds that those ones are more expensive.
2935
084efe8d
PH
2936PH/25 Exim was not testing for a space following SMTP commands such as EHLO
2937 that require one. Thus, EHLORHUBARB was interpreted as a valid command.
2938 This bug exists in every version of Exim that I still have, right back to
2939 0.12.
2940
366fc9f0
PH
2941PH/26 (n)wildlsearch lookups are documented as being done case-insensitively.
2942 However, an attempt to turn on case-sensitivity in a regex key by
2943 including (?-i) didn't work because the subject string was already
2944 lowercased, and the effects were non-intuitive. It turns out that a
2945 one-line patch can be used to allow (?-i) to work as expected.
2946
c59f5781 2947
c887c79e
TF
2948Exim version 4.62
2949-----------------
2950
2951TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst
2952 other effects) broke the use of negated acl sub-conditions.
2953
1cce3af8
PH
2954PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore
2955 patch).
2956
afb3eaaf
PH
2957PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow".
2958 "Deny" causes Exim to reject the incoming connection with a 554 error.
2959 Unfortunately, if there is a major crisis, such as a disk failure,
2960 tcp-wrappers gives "deny", whereas what one would like would be some
2961 kind of temporary error. A kludge has been added to help with this.
2962 Before calling hosts_ctl(), errno is set zero. If the result is "deny", a
2963 554 error is used if errno is still zero or contains ENOENT (which occurs
2964 if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a
2965 451 error is used.
2966
e173618b
PH
2967PH/03 Add -lutil to the default FreeBSD LIBS setting.
2968
dd16e114
PH
2969PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host
2970 errors. Otherwise a message that provokes a temporary error (when other
2971 messages do not) can cause a whole host to time out.
2972
f7fd3850
PH
2973PH/05 Batch deliveries by appendfile and pipe transports did not work when the
2974 addresses were routed directly to files or pipes from a redirect router.
2975 File deliveries just didn't batch; pipe deliveries might have suffered
2976 odd errors.
2977
d87df92c
PH
2978PH/06 A failure to get a lock for a hints database would erroneously always say
2979 "Failed to get write lock", even when it was really a read lock.
2980
7e9f683d
PH
2981PH/07 The appendfile transport was creating MBX lock files with a fixed mode
2982 of 0600. This has been changed to use the value of the lockfile_mode
2983 option (which defaults to 0600).
2984
bfad5236
PH
2985PH/08 Applied small patch from the Sieve maintainer.
2986
01c490df
PH
2987PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash
2988 folder from quota calculations, a direct delivery into this folder messed
2989 up the contents of the maildirsize file. This was because the regex was
2990 used only to exclude .Trash (or whatever) when the size of the mailbox
2991 was calculated. There was no check that a delivery was happening into an
2992 excluded directory. This bug has been fixed by ignoring all quota
2993 processing for deliveries into excluded directories.
2994
d6629cdc
PH
2995PH/10 Added the maildirfolder_create_regex option to appendfile.
2996
1cce3af8 2997
214e2000
PH
2998Exim version 4.61
2999-----------------
3000
3001PH/01 The code for finding all the local interface addresses on a FreeBSD
3002 system running IPv6 was broken. This may well have applied to all BSD
3003 systems, as well as to others that have similar system calls. The broken
3004 code found IPv4 interfaces correctly, but gave incorrect values for the
3005 IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was
3006 that it would not match correctly against @[] and not recognize the IPv6
3007 addresses as local.
3008
f9daeae0
PH
3009PH/02 The ipliteral router was not recognizing addresses of the form user@
3010 [ipv6:....] because it didn't know about the "ipv6:" prefix.
3011
7e66e54d
PH
3012PH/03 Added disable_ipv6.
3013
c8ea1597
PH
3014PH/04 Changed $reply_address to use the raw form of the headers instead of the
3015 decoded form, because it is most often used to construct To: headers
3016 lines in autoreplies, and the decoded form may well be syntactically
3017 invalid. However, $reply_address has leading white space removed, and all
3018 newlines turned into spaces so that the autoreply transport does not
3019 grumble.
3020
911f6fde
PH
3021PH/05 If group was specified without a user on a router, and no group or user
3022 was specified on a transport, the group from the router was ignored.
3023
47ca6d6c
PH
3024PH/06 Increased the number of ACL variables to 20 of each type, and arranged
3025 for visible compile-time settings that can be used to change these
3026 numbers, for those that want even more. Backwards compatibility with old
3027 spool files has been maintained. However, going back to a previous Exim
3028 release will lost any variables that are in spool files.
3029
ed0e9820
PH
3030PH/07 Two small changes when running in the test harness: increase delay when
3031 passing a TCP/IP connection to a new process, in case the original
3032 process has to generate a bounce, and remove special handling of
3033 127.0.0.2 (sic), which is no longer necessary.
3034
eff37e47
PH
3035PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to
3036 be the same on different OS.
3037
1921d2ea
PH
3038PH/09 Moved a debug statement in filter processing to avoid a race problem when
3039 testing.
3040
b3f69ca8
JJ
3041JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:"
3042 whether --show-vars was specified or not
3043
3044JJ/02 exipick: Added support for new ACL variable spool format introduced
3045 in 4.61-PH/06
3046
424a1c63
PH
3047PH/10 Fixed another bug related to PH/04 above: if an incoming message had a
3048 syntactically invalid From: or Reply-to: line, and a filter used this to
3049 generate an autoreply, and therefore failed to obtain an address for the
3050 autoreply, Exim could try to deliver to a non-existent relative file
3051 name, causing unrelated and misleading errors. What now happens is that
3052 it logs this as a hard delivery error, but does not attempt to create a
3053 bounce message.
3054
7a100415
PH
3055PH/11 The exinext utility has a -C option for testing purposes, but although
3056 the given file was scanned by exinext itself; it wasn't being passed on
3057 when Exim was called.
3058
19b9dc85
PH
3059PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as
3060 an end-of-file indication when reading a command response.
3061
309bd837
PH
3062PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was
3063 compiled. In many other places in Exim, IPv6 addresses are always
3064 recognized, so I have changed this. It also means that IPv4 domain
3065 literals of the form [IPV4:n.n.n.n] are now always recognized.
3066
59e82a2a
PH
3067PH/14 When a uid/gid is specified for the queryprogram router, it cannot be
3068 used if the router is not running as root, for example, when verifying at
3069 ACL time, or when using -bh. The debugging output from this situation was
3070 non-existent - all you got was a failure to exec. I have made two
3071 changes:
3072
3073 (a) Failures to set uid/gid, the current directory, or a process leader
3074 in a subprocess such as that created by queryprogram now generate
4c04137d 3075 suitable debugging output when -d is set.
59e82a2a
PH
3076
3077 (b) The queryprogram router detects when it is not running as root,
3078 outputs suitable debugging information if -d is set, and then runs
3079 the subprocess without attempting to change uid/gid.
3080
9edc04ce
PH
3081PH/15 Minor change to Makefile for building test_host (undocumented testing
3082 feature).
3083
1349e1e5
PH
3084PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the
3085 additional section of a DNS packet that returns MX or SRV records.
3086 Instead, it always explicitly searches for A/AAAA records. This avoids
3087 major problems that occur when a DNS server includes only records of one
3088 type (A or AAAA) in an MX/SRV packet. A byproduct of this change has
3089 fixed another bug: if SRV records were looked up and the corresponding
3090 address records were *not* found in the additional section, the port
3091 values from the SRV records were lost.
3092
ea49d0e1
PH
3093PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not
3094 using the correct key (the original address) when searching the retry
3095 rules in order to find which one to use for generating the retry hint.
3096
064a94c9
PH
3097PH/18 If quota_warn_message contains a From: header, Exim now refrains from
3098 adding the default one. Similarly, if it contains a Reply-To: header, the
3099 errors_reply_to option, if set, is not used.
3100
727071f8
PH
3101PH/19 When calculating a retry time, Exim used to measure the "time since
3102 failure" by looking at the "first failed" field in the retry record. Now
3103 it does not use this if it is later than than the arrival time of the
3104 message. Instead it uses the arrival time. This makes for better
3105 behaviour in cases where some deliveries succeed, thus re-setting the
3106 "first failed" field. An example is a quota failure for a huge message
3107 when small messages continue to be delivered. Without this change, the
3108 "time since failure" will always be short, possible causing more frequent
3109 delivery attempts for the huge message than are intended.
dd16e114 3110 [Note: This change was subsequently modified - see PH/04 for 4.62.]
727071f8 3111
f78eb7c6
PH
3112PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
3113 $1, $2, $3) because the numerical variables can be reset during some
3114 expansion items (e.g. "match"), thereby losing the authentication data.
3115
21c28500
PH
3116PH/21 Make -bV show the size of off_t variables so that the test suite can
3117 decide whether to run tests for quotas > 2G.
3118
3119PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold,
3120 mailbox_size, and mailbox_filecount in the appendfile transport. If a
3121 filecount value is greater than 2G or if a quota value is greater than 2G
3122 on a system where the size of off_t is not greater than 4, a panic error
3123 is given.
3124
1688f43b
PH
3125PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
3126 never match. The debug and -bh output now contains an explicit error
3127 message indicating a malformed IPv4 address or mask.
3128
3129PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
3130 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
3131 PH/23 above applies.
3132
9675b384
PH
3133PH/25 Do not write to syslog when running in the test harness. The only
3134 occasion when this arises is a failure to open the main or panic logs
3135 (for which there is an explicit test).
3136
6a3f1455
PH
3137PH/26 Added the /no_tell option to "control=freeze".
3138
dac79d3e
PH
3139PH/27 If a host name lookup failed very early in a connection, for example, if
3140 the IP address matched host_lookup and the reverse lookup yielded a name
3141 that did not have a forward lookup, an error message of the form "no IP
3142 address found for host xxx.xxx.xxx (during SMTP connection from NULL)"
3143 could be logged. Now it outputs the IP address instead of "NULL".
1349e1e5 3144
5977a0b3
PH
3145PH/28 An enabling patch from MH: add new function child_open_exim2() which
3146 allows the sender and the authenticated sender to be set when
3147 submitting a message from within Exim. Since child_open_exim() is
3148 documented for local_scan(), the new function should be too.
3149
c91535f3
PH
3150PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
3151 ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
3152 results in an empty string is now treated as unset.
3153
0d46a8c8
PH
3154PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
3155
278c6e6c
PH
3156PH/31 Added sender_verify_fail logging option.
3157
2cbb4081
PH
3158PH/32 In November 2003, the code in Exim that added an empty Bcc: header when
3159 needed by RFC 822 but not by RFC 2822 was commented out. I have now
3160 tidied the source and removed it altogether.
3161
3eef829e
PH
3162PH/33 When a queue run was abandoned because the load average was too high, a
3163 log line was always written; now it is written only if the queue_run log
3164 selector is set. In addition, the log line for abandonment now contains
3165 information about the queue run such as the pid. This is always present
3166 in "start" and "stop" lines but was omitted from the "abandon" line.
3167
1ab95fa6
PH
3168PH/34 Omit spaces between a header name and the colon in the error message that
3169 is given when verify = headers_syntax fails (if there are lots of them,
3170 the message gets confusing).
3171
230205fc
PH
3172PH/35 Change the default for dns_check_names_pattern to allow slashes within
3173 names, as there are now some PTR records that contain slashes. This check
3174 is only to protect against broken name servers that fall over on strange
3175 characters, so the fact that it applies to all lookups doesn't matter.
3176
75e0e026
PH
3177PH/36 Now that the new test suite is complete, we can remove some of the
3178 special code in Exim that was needed for the old test suite. For example,
3179 sorting DNS records because real resolvers return them in an arbitrary
3180 order. The new test suite's fake resolver always returns records in the
3181 same order.
3182
3183PH/37 When running in the test harness, use -odi for submitted messages (e.g.
3184 bounces) except when queue_only is set, to avoid logging races between
3185 the different processes.
3186
145396a6
PH
3187PH/38 Panic-die if .include specifies a non-absolute path.
3188
3cd34f13
PH
3189PH/39 A tweak to the "H" retry rule from its user.
3190
11121d3d
JJ
3191JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified
3192 a label. They prevented compilation on older perls.
3193
3194JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused
3195 a warning to be raised on newish perls.
3196
3197JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages
3198 on queue. Changes to match documented behaviour of showing count of
3199 messages matching specified criteria.
3200
8def5aaf
PH
3201PH/40 Changed the default ident timeout from 30s to 5s.
3202
929ba01c
PH
3203PH/41 Added support for the use of login_cap features, on those BSD systems
3204 that have them, for controlling the resources used by pipe deliveries.
3205
2632889e
PH
3206PH/42 The content-scanning code uses fopen() to create files in which to put
3207 message data. Previously it was not paying any attention to the mode of
3208 the files. Exim runs with umask(0) because the rest of the code creates
3209 files with open(), and sets the required mode explicitly. Thus, these
3210 files were ending up world-writeable. This was not a big issue, because,
3211 being within the spool directory, they were not world-accessible. I have
3212 created a function called modefopen, which takes an additional mode
3213 argument. It sets umask(777), creates the file, chmods it to the required
3214 mode, then resets the umask. All the relevant calls to fopen() in the
3215 content scanning code have been changed to use this function.
3216
944a9c55
PH
3217PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset
3218 to 24 hours. This avoids potential overflow problems when processing G
3219 and H retry rules. I suspect nobody ever tinkers with this value.
3220
4a23603b
PH
3221PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile.
3222
4730f942
PH
3223PH/45 When the plaintext authenticator is running as a client, the server's
3224 challenges are checked to ensure they are valid base64 strings. By
3225 default, the authentication attempt is cancelled if an invalid string is
3226 received. Setting client_ignore_invalid_base64 true ignores these errors.
3227 The decoded challenge strings are now placed in $auth1, $auth2, etc. as
3228 they are received. Thus, the responses can be made to depend on the
3229 challenges. If an invalid string is ignored, an empty string is placed in
3230 the variable.
3231
30dba1e6
PH
3232PH/46 Messages that are created by the autoreply transport now contains a
3233 References: header, in accordance with RFCs 2822 and 3834.
3234
382afc6b
PH
3235PH/47 Added authenticated_sender_force to the smtp transport.
3236
a86229cf
PH
3237PH/48 The ${prvs expansion was broken on systems where time_t was long long.
3238
50c99ba6
PH
3239PH/49 Installed latest patch from the Sieve maintainer.
3240
d35e429d
PH
3241PH/50 When an Exim quota was set without a file count quota, and mailbox_size
3242 was also set, the appendfile transport was unnecessarily scanning a
3243 directory of message files (e.g. for maildir delivery) to find the count
3244 of files (along with the size), even though it did not need this
3245 information. It now does the scan only if it needs to find either the
3246 size of the count of files.
3247
f90d018c
PH
3248PH/51 Added ${time_eval: to convert Exim time strings into seconds.
3249
75def545
PH
3250PH/52 Two bugs concerned with error handling when the smtp transport is
3251 used in LMTP mode:
3252
3253 (i) Exim was not creating retry information for temporary errors given
3254 for individual recipients after the DATA command when the smtp transport
3255 was used in LMTP mode. This meant that they could be retried too
3256 frequently, and not timed out correctly.
3257
3258 (ii) Exim was setting the flag that allows error details to be returned
3259 for LMTP errors on RCPT commands, but not for LMTP errors for individual
3260 recipients that were returned after the DATA command.
3261
3262PH/53 This is related to PH/52, but is more general: for any failing address,
3263 when detailed error information was permitted to be returned to the
3264 sender, but the error was temporary, then after the final timeout, only
3265 "retry timeout exceeded" was returned. Now it returns the full error as
3266 well as "retry timeout exceeded".
3267
c46782ef
PH
3268PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that
3269 do this, and (what is worse) MTAs that accept it.
3270
71fafd95
PH
3271PH/55 Added the add_header modified to ACLs. The use of "message" with "warn"
3272 will now be deprecated.