Builtin macros: note config trigger line in debug output
[exim.git] / doc / doc-txt / ChangeLog
CommitLineData
495ae4b0 1Change log file for Exim from version 4.21
f988ce57 2------------------------------------------
446415f5
HSHR
3This document describes *changes* to previous versions, that might
4affect Exim's operation, with an unchanged configuration file. For new
5options, and new features, see the NewStuff file next to this ChangeLog.
495ae4b0 6
4c57a40e 7
acfc18c3
PP
8Exim version 4.90
9-----------------
10
11JH/01 Rework error string handling in TLS interface so that the caller in
12 more cases is responsible for logging. This permits library-sourced
13 string to be attached to addresses during delivery, and collapses
14 pairs of long lines into single ones.
15
856d1e16
PP
16PP/01 Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
17 during configuration. Wildcards are allowed and expanded.
18
b9df1829
JH
19JH/02 Rework error string handling in DKIM to pass more info back to callers.
20 This permits better logging.
21
875512a3
JH
22JH/03 Rework the transport continued-connection mechanism: when TLS is active,
23 do not close it down and have the child transport start it up again on
24 the passed-on TCP connection. Instead, proxy the child (and any
25 subsequent ones) for TLS via a unix-domain socket channel. Logging is
26 affected: the continued delivery log lines do not have any DNSSEC, TLS
5013d912 27 Certificate or OCSP information. TLS cipher information is still logged.
875512a3 28
fc3f96af
JH
29JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of
30 identical IP addresses on different listening ports. Will also affect
31 "exiwhat" output.
32
98913c8e
BK
33PP/02 Bug 2070: uClibc defines __GLIBC__ without providing glibc headers;
34 add noisy ifdef guards to special-case this sillyness.
35 Patch from Bernd Kuhls.
36
8d909960
JH
37JH/05 Tighten up the checking in isip4 (et al): dotted-quad components larger
38 than 255 are no longer allowed.
39
7006ee24
JH
40JH/06 Default openssl_options to include +no_ticket, to reduce load on peers.
41 Disable the session-cache too, which might reduce our load. Since we
42 currrectly use a new context for every connection, both as server and
43 client, there is no benefit for these.
44 GnuTLS appears to not support tickets server-side by default (we don't
45 call gnutls_session_ticket_enable_server()) but client side is enabled
46 by default on recent versions (3.1.3 +) unless the PFS priority string
47 is used (3.2.4 +).
48
6e411084
PP
49PP/03 Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
50 <https://reproducible-builds.org/specs/source-date-epoch/>.
51
acfc18c3 52
fd047340 53Exim version 4.89
acfc18c3 54-----------------
4c57a40e 55
9427e879 56JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules
4c04137d 57 than -2003 did; needs libidn2 in addition to libidn.
fd047340 58
7b283890
JH
59JH/02 The path option on a pipe transport is now expanded before use.
60
4c57a40e
PP
61PP/01 GitHub PR 50: Do not call ldap_start_tls_s on ldapi:// connections.
62 Patch provided by "Björn", documentation fix added too.
63
5d036699
JH
64JH/03 Bug 2003: fix Proxy Protocol v2 handling: the address size field was
65 missing a wire-to-host endian conversion.
66
f4630439
JH
67JH/04 Bug 2004: fix CHUNKING in non-PIPELINEING mode. Chunk data following
68 close after a BDAT command line could be taken as a following command,
69 giving a synch failure. Fix by only checking for synch immediately
70 before acknowledging the chunk.
71
f988ce57
JS
72PP/02 GitHub PR 52: many spelling fixes, which include fixing parsing of
73 no_require_dnssec option and creation of _HAVE_TRANSPORT_APPEND_MAILDIR
74 macro. Patches provided by Josh Soref.
75
bd8fbe36
JH
76JH/05 Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
77 Previously we did not; the RFC seems ambiguous and VRFY is not listed
78 by IANA as a service extension. However, John Klensin suggests that we
79 should.
80
81JH/06 Bug 2017: Fix DKIM verification in -bh test mode. The data feed into
b895f4b2
JH
82 the dkim code may be unix-mode line endings rather than smtp wire-format
83 CRLF, so prepend a CR to any bare LF.
fd047340 84
bd8fbe36 85JH/07 Rationalise the coding for callout smtp conversations and transport ones.
902fbd69
JH
86 As a side-benfit, callouts can now use PIPELINING hence fewer round-trips.
87
bd8fbe36
JH
88JH/08 Bug 2016: Fix DKIM verification vs. CHUNKING. Any BDAT commands after
89 the first were themselves being wrongly included in the feed into dkim
90 processing; with most chunk sizes in use this resulted in an incorrect
91 body hash calculated value.
92
eea19017
JH
93JH/09 Bug 2014: permit inclusion of a DKIM-Signature header in a received
94 DKIM signature block, for verification. Although advised against by
95 standards it is specifically not ruled illegal.
96
44e6651b
JH
97JH/10 Bug 2025: Fix reception of (quoted) local-parts with embedded spaces.
98
99JH/11 Bug 2029: Fix crash in DKIM verification when a message signature block is
100 missing a body hash (the bh= tag).
101
102JH/12 Bug 2018: Re-order Proxy Protocol startup versus TLS-on-connect startup.
103 It seems that HAProxy sends the Proxy Protocol information in clear and
104 only then does a TLS startup, so do the same.
105
106JH/13 Bug 2027: Avoid attempting to use TCP Fast Open for non-transport client
107 TCP connections (such as for Spamd) unless the daemon successfully set
108 Fast Open mode on its listening sockets. This fixes breakage seen on
109 too-old kernels or those not configured for Fast Open, at the cost of
110 requiring both directions being enabled for TFO, and TFO never being used
111 by non-daemon-related Exim processes.
112
113JH/14 Bug 2000: Reject messages recieved with CHUNKING but with malformed line
114 endings, at least on the first header line. Try to canonify any that get
115 past that check, despite the cost.
116
b6040544
JH
117JH/15 Angle-bracket nesting (an error inserted by broken sendmails) levels are
118 now limited to an arbitrary five deep, while parsing addresses with the
119 strip_excess_angle_brackets option enabled.
120
f700ea4d
PP
121PP/03 Bug 2018: For Proxy Protocol and TLS-on-connect, do not over-read and
122 instead leave the unprompted TLS handshake in socket buffer for the
123 TLS library to consume.
124
da88acae
PP
125PP/04 Bug 2018: Also handle Proxy Protocol v2 safely.
126
f6ef9370
PP
127PP/05 FreeBSD compat: handle that Ports no longer create /usr/bin/perl
128
90341c71
JH
129JH/16 Drop variables when they go out of scope. Memory management drops a whole
130 region in one operation, for speed, and this leaves assigned pointers
131 dangling. Add checks run only under the testsuite which checks all
132 variables at a store-reset and panics on a dangling pointer; add code
133 explicitly nulling out all the variables discovered. Fixes one known
134 bug: a transport crash, where a dangling pointer for $sending_ip_address
135 originally assigned in a verify callout, is re-used.
136
1ec2ab36
PP
137PP/06 Drop '.' from @INC in various Perl scripts.
138
139PP/07 Switch FreeBSD iconv to always use the base-system libc functions.
140
141PP/08 Reduce a number of compilation warnings under clang; building with
142 CC=clang CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses
143 should be warning-free.
144
8b2b9480
PP
145JH/17 Fix inbound CHUNKING when DKIM disabled at runtime.
146
147HS/01 Fix portability problems introduced by PP/08 for platforms where
148 realloc(NULL) is not equivalent to malloc() [SunOS et al].
149
d953610f
HSHR
150HS/02 Bug 1974: Fix missing line terminator on the last received BDAT
151 chunk. This allows us to accept broken chunked messages. We need a more
152 general solution here.
153
7dc5f827
PP
154PP/09 Wrote util/chunking_fixqueue_finalnewlines.pl to help recover
155 already-broken messages in the queue.
156
4bb432cb
PP
157JH/18 Bug 2061: Fix ${extract } corrupting an enclosing ${reduce } $value.
158
3b1a84c8
PP
159JH/19 Fix reference counting bug in routing-generated-address tracking.
160
902fbd69 161
8d042305
JH
162Exim version 4.88
163-----------------
4c57a40e 164
9094b84b
JH
165JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
166 supports it and a size is available (ie. the sending peer gave us one).
8d042305 167
03d5892b
JH
168JH/02 The obsolete acl condition "demime" is removed (finally, after ten
169 years of being deprecated). The replacements are the ACLs
170 acl_smtp_mime and acl_not_smtp_mime.
171
4b0fe319
JH
172JH/03 Upgrade security requirements imposed for hosts_try_dane: previously
173 a downgraded non-dane trust-anchor for the TLS connection (CA-style)
174 or even an in-clear connection were permitted. Now, if the host lookup
175 was dnssec and dane was requested then the host is only used if the
176 TLSA lookup succeeds and is dnssec. Further hosts (eg. lower priority
177 MXs) will be tried (for hosts_try_dane though not for hosts_require_dane)
178 if one fails this test.
179 This means that a poorly-configured remote DNS will make it incommunicado;
180 but it protects against a DNS-interception attack on it.
181
789f8a4f
JH
182JH/04 Bug 1810: make continued-use of an open smtp transport connection
183 non-noisy when a race steals the message being considered.
184
23bb6982 185JH/05 If main configuration option tls_certificate is unset, generate a
f59aaaaa 186 self-signed certificate for inbound TLS connections.
23bb6982 187
0bd1b1ed 188JH/06 Bug 165: hide more cases of password exposure - this time in expansions
f42deca9 189 in rewrites and routers.
0bd1b1ed 190
20b9a2dc
JH
191JH/07 Retire gnutls_require_mac et.al. These were nonfunctional since 4.80
192 and logged a warning sing 4.83; now they are a configuration file error.
193
05392bbc
JH
194JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name
195 (lacking @domain). Apply the same qualification processing as RCPT.
196
1a6230a3
JH
197JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode.
198
cfab9d68
JH
199JH/10 Support ${sha256:} applied to a string (as well as the previous
200 certificate).
201
98c82a3d
JH
202JH/11 Cutthrough: avoid using the callout hints db on a verify callout when
203 a cutthrough deliver is pending, as we always want to make a connection.
204 This also avoids re-routing the message when later placing the cutthrough
205 connection after a verify cache hit.
206 Do not update it with the verify result either.
207
208JH/12 Cutthrough: disable when verify option success_on_redirect is used, and
209 when routing results in more than one destination address.
210
ae8386f0
JH
211JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim
212 signing (which inhibits the cutthrough capability). Previously only
213 the presence of an option was tested; now an expansion evaluating as
214 empty is permissible (obviously it should depend only on data available
215 when the cutthrough connection is made).
216
0d9fa8c0
JH
217JH/14 Fix logging of errors under PIPELINING. Previously the log line giving
218 the relevant preceding SMTP command did not note the pipelining mode.
219
3581f321
JH
220JH/15 Fix counting of empty lines in $body_linecount and $message_linecount.
221 Previously they were not counted.
222
ef3a1a30
JH
223JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same
224 as one having no matching records. Previously we deferred the message
225 that needed the lookup.
226
4c04137d 227JH/17 Fakereject: previously logged as a normal message arrival "<="; now
27b9e5f4
JH
228 distinguished as "(=".
229
1435d4b2
JH
230JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work
231 for missing MX records. Previously it only worked for missing A records.
232
eea0defe
JB
233JH/19 Bug 1850: support Radius libraries that return REJECT_RC.
234
235JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops
236 after the data-go-ahead and data-ack. Patch from Jason Betts.
860cdda2 237
4c04137d 238JH/21 Bug 1846: Send DMARC forensic reports for reject and quarantine results,
72a201e2
TM
239 even for a "none" policy. Patch from Tony Meyer.
240
1c788856
JH
241JH/22 Fix continued use of a connection for further deliveries. If a port was
242 specified by a router, it must also match for the delivery to be
243 compatible.
244
e3b1f624
JH
245JH/23 Bug 1874: fix continued use of a connection for further deliveries.
246 When one of the recipients of a message was unsuitable for the connection
247 (has no matching addresses), we lost track of needing to mark it
248 deferred. As a result mail would be lost.
249
a57ce043
JH
250JH/24 Bug 1832: Log EHLO response on getting conn-close response for HELO.
251
f59aaaaa 252JH/25 Decoding ACL controls is now done using a binary search; the source code
2d009132
JH
253 takes up less space and should be simpler to maintain. Merge the ACL
254 condition decode tables also, with similar effect.
d7bed771 255
d1f9fb42
JH
256JH/26 Fix problem with one_time used on a redirect router which returned the
257 parent address unchanged. A retry would see the parent address marked as
258 delivered, so not attempt the (identical) child. As a result mail would
259 be lost.
260
92b0827a
JH
261JH/27 Fix a possible security hole, wherein a process operating with the Exim
262 UID can gain a root shell. Credit to http://www.halfdog.net/ for
263 discovery and writeup. Ubuntu bug 1580454; no bug raised against Exim
264 itself :(
265
ddf1b11a
JH
266JH/28 Enable {spool,log} filesystem space and inode checks as default.
267 Main config options check_{log,spool}_{inodes,space} are now
268 100 inodes, 10MB unless set otherwise in the configuration.
269
3cc3f762
JH
270JH/29 Fix the connection_reject log selector to apply to the connect ACL.
271 Previously it only applied to the main-section connection policy
272 options.
273
ae5afa61
JH
274JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext.
275
317e40ac
PP
276PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
277 by me. Added RFC7919 DH primes as an alternative.
278
8b0fb68e
PP
279PP/02 Unbreak build via pkg-config with new hash support when crypto headers
280 are not in the system include path.
281
ad7fc6eb 282JH/31 Fix longstanding bug with aborted TLS server connection handling. Under
f59aaaaa 283 GnuTLS, when a session startup failed (eg because the client disconnected)
ad7fc6eb
JH
284 Exim did stdio operations after fclose. This was exposed by a recent
285 change which nulled out the file handle after the fclose.
ad7fc6eb 286
ee5b1e28
JH
287JH/32 Bug 1909: Fix OCSP proof verification for cases where the proof is
288 signed directly by the cert-signing cert, rather than an intermediate
289 OCSP-signing cert. This is the model used by LetsEncrypt.
290
5ddc9771
JH
291JH/33 Bug 1914: Ensure socket is nonblocking before draining after SMTP QUIT.
292
8d73599f
JH
293HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on
294 an incoming connection.
295
446415f5
HSHR
296HS/02 Bug 1802: Do not half-close the connection after sending a request
297 to rspamd.
298
8e53a4fc
HSHR
299HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2
300 fallback to "prime256v1".
8d042305 301
87cb4a16 302JH/34 SECURITY: Use proper copy of DATA command in error message.
4c57a40e 303 Could leak key material. Remotely exploitable. CVE-2016-9963.
87cb4a16
JH
304
305
0d9b78be
JH
306Exim version 4.87
307-----------------
4c57a40e 308
82d14d6a
JH
309JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16
310 and 3.4.4 - once the server is enabled to respond to an OCSP request
311 it does even when not requested, resulting in a stapling non-aware
312 client dropping the TLS connection.
0d9b78be 313
6c6d6e48
TF
314TF/01 Code cleanup: Overhaul the debug_selector and log_selector machinery to
315 support variable-length bit vectors. No functional change.
316
ac881e27
TF
317TF/02 Improve the consistency of logging incoming and outgoing interfaces.
318 The I= interface field on outgoing lines is now after the H= remote
319 host field, same as incoming lines. There is a separate
320 outgoing_interface log selector which allows you to disable the
321 outgoing I= field.
322
c8899c20
JH
323JH/02 Bug 728: Close logfiles after a daemon-process "exceptional" log write.
324 If not running log_selector +smtp_connection the mainlog would be held
325 open indefinitely after a "too many connections" event, including to a
326 deleted file after a log rotate. Leave the per net connection logging
327 leaving it open for efficiency as that will be quickly detected by the
328 check on the next write.
329
f1b81d81
HSHR
330HS/01 Bug 1671: Fix post transport crash.
331 Processing the wait-<transport> messages could crash the delivery
332 process if the message IDs didn't exist for some reason. When
333 using 'split_spool_directory=yes' the construction of the spool
334 file name failed already, exposing the same netto behaviour.
335
f38917cc
JH
336JH/03 Bug 425: Capture substrings in $regex1, $regex2 etc from regex &
337 mime_regex ACL conditions.
338
895fbaf2
JH
339JH/04 Bug 1686: When compiled with EXPERIMENTAL_DSN_INFO: Add extra information
340 to DSN fail messages (bounces): remote IP, remote greeting, remote response
341 to HELO, local diagnostic string.
342
805bb5c3
JH
343JH/05 Downgrade message for a TLS-certificate-based authentication fail from
344 log line to debug. Even when configured with a tls authenticator many
345 client connections are expected to not authenticate in this way, so
346 an authenticate fail is not an error.
347
56c2a7be
HSHR
348HS/02 Add the Exim version string to the process info. This way exiwhat
349 gives some more detail about the running daemon.
350
4c04137d 351JH/06 Bug 1395: time-limit caching of DNS lookups, to the TTL value. This may
14b3c5bc
JH
352 matter for fast-change records such as DNSBLs.
353
6f6dedcc
JH
354JH/07 Bug 1678: Always record an interface option value, if set, as part of a
355 retry record, even if constant. There may be multiple transports with
356 different interface settings and the retry behaviour needs to be kept
357 distinct.
358
0f557e90
JH
359JH/08 Bug 1586: exiqgrep now refuses to run if there are unexpected arguments.
360
361JH/09 Bug 1700: ignore space & tab embedded in base64 during decode.
362
ec0eb1a3
JH
363JH/10 Bug 840: fix log_defer_output option of pipe transport
364
41e93589
JH
365JH/11 Bug 830: use same host for all RCPTS of a message, even under
366 hosts_randomize. This matters a lot when combined with mua_wrapper.
367
98b98887 368JH/12 Bug 1706: percent and underbar characters are no longer escaped by the
376d2ec0
JH
369 ${quote_pgsql:<string>} operator.
370
98b98887
JH
371JH/13 Bug 1708: avoid misaligned access in cached lookup.
372
858e91c2
JH
373JH/14 Change header file name for freeradius-client. Relevant if compiling
374 with Radius support; from the Gentoo tree and checked under Fedora.
375
376JH/15 Bug 1712: Introduce $prdr_requested flag variable
377
6ff55e50
JH
378JH/16 Bug 1714: Permit an empty string as expansion result for transport
379 option transport_filter, meaning no filtering.
380
3b957582
JB
381JH/17 Bug 1713: Fix non-PDKIM_DEBUG build. Patch from Jasen Betts.
382
23f3dc67
JH
383JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now
384 defaults to "*" (all hosts). The variable is now available when not built
4c04137d 385 with TLS, default unset, mainly to enable keeping the testsuite sane.
23f3dc67
JH
386 If a server certificate is not supplied (via tls_certificate) an error is
387 logged, and clients will find TLS connections fail on startup. Presumably
388 they will retry in-clear.
389 Packagers of Exim are strongly encouraged to create a server certificate
390 at installation time.
391
240c288f
JH
392HS/03 Add -bP config_file as a synonym for -bP configure_file, for consistency
393 with the $config_file variable.
394
5ef5dd52
JB
395JH/19 Two additional event types: msg:rcpt:defer and msg:rcpt:host:defer. Both
396 in transport context, after the attempt, and per-recipient. The latter type
397 is per host attempted. The event data is the error message, and the errno
398 information encodes the lookup type (A vs. MX) used for the (first) host,
4c04137d 399 and the trailing two digits of the smtp 4xx response.
5ef5dd52 400
e161710d
GF
401GF/01 Bug 1715: Fix for race condition in exicyclog, where exim could attempt
402 to write to mainlog (or rejectlog, paniclog) in the window between file
403 creation and permissions/ownership being changed. Particularly affects
404 installations where exicyclog is run as root, rather than exim user;
405 result is that the running daemon panics and dies.
406
a159f203
JH
407JH/20 Bug 1701: For MySQL lookups, support MySQL config file option group names.
408
7f06582c
JH
409JH/21 Bug 1720: Add support for priority groups and weighted-random proxy
410 selection for the EXPERIMENTAL_SOCKS feature, via new per-proxy options
411 "pri" and "weight". Note that the previous implicit priority given by the
412 list order is no longer honoured.
413
4c04137d 414JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalization
abe1010c
JH
415 for DKIM processing.
416
f0989ec0
JH
417JH/23 Move SOCKS5 support from Experimental to mainline, enabled for a build
418 by defining SUPPORT_SOCKS.
74f150bf 419
cee5f132
JH
420JH/26 Move PROXY support from Experimental to mainline, enabled for a build
421 by defining SUPPORT_PROXY. Note that the proxy_required_hosts option
e6d2a989
JH
422 is renamed to hosts_proxy, and the proxy_{host,target}_{address,port}.
423 variables are renamed to proxy_{local,external}_{address,port}.
cee5f132 424
8c5d388a
JH
425JH/27 Move Internationalisation support from Experimental to mainline, enabled
426 for a build by defining SUPPORT_I18N
427
2d8d625b
JH
428JH/28 Bug 1745: Fix redis lookups to handle (quoted) spaces embedded in parts
429 of the query string, and make ${quote_redis:} do that quoting.
430
0cbf2b82
JH
431JH/29 Move Events support from Experimental to mainline, enabled by default
432 and removable for a build by defining DISABLE_EVENT.
433
f2f2c91b
JH
434JH/30 Updated DANE implementation code to current from Viktor Dukhovni.
435
ce325893
JH
436JH/31 Fix bug with hosts_connection_nolog and named-lists which were wrongly
437 cached by the daemon.
438
de78e2d5
JH
439JH/32 Move Redis support from Experimental to mainline, enabled for a build
440 by defining LOOKUP_REDIS. The libhiredis library is required.
441
379ba7d0
JH
442JH/33 Bug 1748: Permit ACL dnslists= condition in non-smtp ACLs if explicit
443 keys are given for lookup.
444
f444c2c7
JH
445JH/34 Bug 1192: replace the embedded copy of PolarSSL RSA routines in the DKIM
446 support, by using OpenSSL or GnuTLS library ones. This means DKIM is
07c73177
JH
447 only supported when built with TLS support. The PolarSSL SHA routines
448 are still used when the TLS library is too old for convenient support.
f444c2c7 449
a57b6200
JH
450JH/35 Require SINGLE_DH_USE by default in OpenSSL (main config option
451 openssl_options), for security. OpenSSL forces this from version 1.1.0
452 server-side so match that on older versions.
453
07c73177 454JH/36 Bug 1778: longstanding bug in memory use by the ${run } expansion: A fresh
fa01e4f8 455 allocation for $value could be released as the expansion processing
07c73177 456 concluded, but leaving the global pointer active for it.
fa01e4f8 457
4f6ae5c3
JH
458JH/37 Bug 1769: Permit a VRFY ACL to override the default 252 response,
459 and to use the domains and local_parts ACL conditions.
460
1bc460a6
JH
461JH/38 Fix cutthrough bug with body lines having a single dot. The dot was
462 incorrectly not doubled on cutthrough transmission, hence seen as a
463 body-termination at the receiving system - resulting in truncated mails.
62ac2eb7 464 Commonly the sender saw a TCP-level error, and retransmitted the message
1bc460a6
JH
465 via the normal store-and-forward channel. This could result in duplicates
466 received - but deduplicating mailstores were liable to retain only the
467 initial truncated version.
468
ab9152ff 469JH/39 Bug 1781: Fix use of DKIM private-keys having trailing '=' in the base-64.
df3def24 470
67e87fcf
JH
471JH/40 Fix crash in queryprogram router when compiled with EXPERIMENTAL_SRS.
472
ab9152ff
JH
473JH/41 Bug 1792: Fix selection of headers to sign for DKIM: bottom-up. While
474 we're in there, support oversigning also; bug 1309.
475
af483912
JH
476JH/42 Bug 1796: Fix error logged on a malware scanner connection failure.
477
bc3c7bb7 478HS/04 Add support for keep_environment and add_environment options.
df3def24 479
13559da6
JH
480JH/43 Tidy coding issues detected by gcc --fsanitize=undefined. Some remain;
481 either intentional arithmetic overflow during PRNG, or testing config-
482 induced overflows.
483
59eaad2b
JH
484JH/44 Bug 1800: The combination of a -bhc commandline option and cutthrough
485 delivery resulted in actual delivery. Cancel cutthrough before DATA
486 stage.
487
f9334a28
JH
488JH/45 Fix cutthrough, when connection not opened by verify and target hard-
489 rejects a recipient: pass the reject to the originator.
490
dc8091e7
JH
491JH/46 Multiple issues raised by Coverity. Some were obvious or plausible bugs.
492 Many were false-positives and ignorable, but it's worth fixing the
493 former class.
494
dfe7d917
JH
495JH/47 Fix build on HP-UX and older Solaris, which need (un)setenv now also
496 for the new environment-manipulation done at startup. Move the routines
497 from being local to tls.c to being global via the os.c file.
498
93cc2d6e
JH
499JH/48 Bug 1807: Fix ${extract } for the numeric/3-string case. While preparsing
500 an extract embedded as result-arg for a map, the first arg for extract
501 is unavailable so we cannot tell if this is a numbered or keyed
502 extraction. Accept either.
503
13559da6 504
9c695f6d
JH
505Exim version 4.86
506-----------------
4c57a40e 507
9c695f6d
JH
508JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
509 expanded.
510
506900af
JH
511JH/02 The smtp transport option "multi_domain" is now expanded.
512
ad07e9ad
JH
513JH/03 The smtp transport now requests PRDR by default, if the server offers
514 it.
515
01a4a5c5 516JH/04 Certificate name checking on server certificates, when exim is a client,
b3ef41c9 517 is now done by default. The transport option tls_verify_cert_hostnames
01a4a5c5
JH
518 can be used to disable this per-host. The build option
519 EXPERIMENTAL_CERTNAMES is withdrawn.
520
cb1d7830 521JH/05 The value of the tls_verify_certificates smtp transport and main options
0e0f3f56 522 default to the word "system" to access the system default CA bundle.
cb1d7830
JH
523 For GnuTLS, only version 3.0.20 or later.
524
610ff438 525JH/06 Verification of the server certificate for a TLS connection is now tried
6d580f19
JH
526 (but not required) by default. The verification status is now logged by
527 default, for both outbound TLS and client-certificate supplying inbound
528 TLS connections
610ff438 529
f926e272
JH
530JH/07 Changed the default rfc1413 lookup settings to disable calls. Few
531 sites use this now.
532
50dc7409
JH
533JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery
534 Status Notification (bounce) messages are now MIME format per RFC 3464.
535 Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised
536 under the control of the dsn_advertise_hosts option, and routers may
537 have a dsn_lasthop option.
538
0f0c8159
JH
539JH/09 A timeout of 2 minutes is now applied to all malware scanner types by
540 default, modifiable by a malware= option. The list separator for
23763898 541 the options can now be changed in the usual way. Bug 68.
4e71661f 542
1ad6489e
JH
543JH/10 The smtp_receive_timeout main option is now expanded before use.
544
aeaf5db3
JH
545JH/11 The incoming_interface log option now also enables logging of the
546 local interface on delivery outgoing connections.
547
5032d1cf
JH
548JH/12 The cutthrough-routing facility now supports multi-recipient mails,
549 if the interface and destination host and port all match.
550
7e8360e6
JH
551JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
552 /defer_ok option.
553
c5f280e2
AL
554JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd.
555 Patch from Andrew Lewis.
556
fd4d8871 557JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition)
dc7b3d36 558 now supports optional time-restrictions, weighting, and priority
fd4d8871
R
559 modifiers per server. Patch originally by <rommer@active.by>.
560
561JH/16 The spamd_address main option now supports a mixed list of local
2aad5761
JH
562 and remote servers. Remote servers can be IPv6 addresses, and
563 specify a port-range.
fd4d8871 564
23763898
JH
565JH/17 Bug 68: The spamd_address main option now supports an optional
566 timeout value per server.
567
2ad78978
JH
568JH/18 Bug 1581: Router and transport options headers_add/remove can
569 now have the list separator specified.
570
8a512ed5 571JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry
cfab9d68 572 option values.
8a512ed5 573
82c0c8ea 574JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails
f69979cf
JH
575 under OpenSSL.
576
cc00f4af
JH
577JH/21 Support for the A6 type of dns record is withdrawn.
578
82c0c8ea
JH
579JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
580 rather than the verbs used.
581
b980ed83
JH
582JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
583 from 255 to 1024 chars.
584
6c9ed72e
JH
585JH/24 Verification callouts now attempt to use TLS by default.
586
cfab9d68 587HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains)
99c1bb4e 588 are generic router options now. The defaults didn't change.
50dc7409 589
f846c8f5
JH
590JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames.
591 Original patch from Alexander Shikoff, worked over by JH.
592
fd4c285c
HSHR
593HS/02 Bug 1575: exigrep falls back to autodetection of compressed
594 files if ZCAT_COMMAND is not executable.
595
4c04137d 596JH/26 Bug 1539: Add timeout/retry options on dnsdb lookups.
fd7f7910 597
d2a2c69b
JH
598JH/27 Bug 286: Support SOA lookup in dnsdb lookups.
599
8241d8dd
JH
600JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
601 Normally benign, it bites when the pair was led to by a CNAME;
4c04137d 602 modern usage is to not canonicalize the domain to a CNAME target
8241d8dd
JH
603 (and we were inconsistent anyway for A-only vs AAAA+A).
604
1f12df4d
JH
605JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
606
1f155f8e
JH
607JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
608 when evaluating $sender_host_dnssec.
609
1705dd20
JH
610JH/31 Check the HELO verification lookup for DNSSEC, adding new
611 $sender_helo_dnssec variable.
612
038597d2
PP
613JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve.
614
474f71bf
JH
615JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log.
616
7137ca4b
JH
617JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.
618
dcb1095c
JH
619JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was
620 documented as working, but never had. Support all but $spam_report.
621
2f460950
JH
622JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
623 added for tls authenticator.
624
2f680c0c
HSHR
625HS/03 Add perl_taintmode main config option
626
9c695f6d 627
e449c3b0
TL
628Exim version 4.85
629-----------------
4c57a40e 630
e449c3b0
TL
631TL/01 When running the test suite, the README says that variables such as
632 no_msglog_check are global and can be placed anywhere in a specific
633 test's script, however it was observed that placement needed to be near
634 the beginning for it to behave that way. Changed the runtest perl
635 script to read through the entire script once to detect and set these
636 variables, reset to the beginning of the script, and then run through
637 the script parsing/test process like normal.
638
ac20058f
TL
639TL/02 The BSD's have an arc4random API. One of the functions to induce
640 adding randomness was arc4random_stir(), but it has been removed in
641 OpenBSD 5.5. Detect this OpenBSD version and skip calling this
642 function when detected.
643
a9b8ec8b
JH
644JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now
645 cause callback expansion.
646
6286d7c4
TL
647TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that
648 syntax errors in an expansion can be treated as a string instead of
649 logging or causing an error, due to the internal use of bool_lax
650 instead of bool when processing it.
651
0f06b4f2 652JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
d567a64d
JH
653 server certificates when making smtp deliveries.
654
be36e572
JH
655JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups.
656
ac4ef9bd
JH
657JH/04 Add ${sort {list}{condition}{extractor}} expansion item.
658
0eb51736
TL
659TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep.
660
c713ca4b
TL
661TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
662 Merged patch from Sebastian Wiedenroth.
e449c3b0 663
bd21a787
WB
664JH/05 Fix results-pipe from transport process. Several recipients, combined
665 with certificate use, exposed issues where response data items split
666 over buffer boundaries were not parsed properly. This eventually
667 resulted in duplicates being sent. This issue only became common enough
4c04137d 668 to notice due to the introduction of connection certificate information,
bd21a787
WB
669 the item size being so much larger. Found and fixed by Wolfgang Breyha.
670
8bc732e8
JH
671JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed
672 size buffer was used, resulting in syntax errors when an expansion
673 exceeded it.
674
a7fec7a7
JH
675JH/07 Add support for directories of certificates when compiled with a GnuTLS
676 version 3.3.6 or later.
677
4c04137d 678JH/08 Rename the TPDA experimental facility to Event Actions. The #ifdef
774ef2d7
JH
679 is EXPERIMENTAL_EVENT, the main-configuration and transport options
680 both become "event_action", the variables become $event_name, $event_data
aec45841 681 and $event_defer_errno. There is a new variable $verify_mode, usable in
723fe533
JH
682 routers, transports and related events. The tls:cert event is now also
683 raised for inbound connections, if the main configuration event_action
684 option is defined.
774ef2d7 685
eca4debb
TL
686TL/06 In test suite, disable OCSP for old versions of openssl which contained
687 early OCSP support, but no stapling (appears to be less than 1.0.0).
688
8d692470
JH
689JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
690 server certificate names available under the smtp transport option
691 "tls_verify_cert_hostname" now do not permit multi-component wildcard
692 matches.
693
e9477a08
JH
694JH/10 Time-related extraction expansions from certificates now use the main
695 option "timezone" setting for output formatting, and are consistent
696 between OpenSSL and GnuTLS compilations. Bug 1541.
697
ad4c5ff9
JH
698JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047-
699 encoded parameter in the incoming message. Bug 1558.
8dea5edf
JH
700
701JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now
702 include certificate info, eximon was claiming there were spoolfile
703 syntax errors.
704
3394b36a 705JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return.
8dea5edf
JH
706
707JH/14 Log delivery-related information more consistently, using the sequence
708 "H=<name> [<ip>]" wherever possible.
709
3394b36a
TL
710TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which
711 are problematic for Debian distribution, omit them from the release
712 tarball.
713
ad4c5ff9
JH
714JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature.
715
4c04137d 716JH/16 Fix string representation of time values on 64bit time_t architectures.
ad4c5ff9
JH
717 Bug 1561.
718
719JH/17 Fix a null-indirection in certextract expansions when a nondefault
720 output list separator was used.
721
8bc732e8 722
1f0ebb98
TL
723Exim version 4.84
724-----------------
09728d20
TL
725TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static
726 checkers that were complaining about end of non-void function with no
727 return.
1f0ebb98 728
a612424f 729JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers.
4c04137d 730 This was a regression introduced in 4.83 by another bugfix.
a612424f
JH
731
732JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled.
733
734TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when
a9b8ec8b 735 EXPERIMENTAL_DSN is enabled. Fix from Wolfgang Breyha.
a612424f 736
1f0ebb98 737
c0e56233
TF
738Exim version 4.83
739-----------------
740
741TF/01 Correctly close the server side of TLS when forking for delivery.
742
743 When a message was received over SMTP with TLS, Exim failed to clear up
744 the incoming connection properly after forking off the child process to
745 deliver the message. In some situations the subsequent outgoing
746 delivery connection happened to have the same fd number as the incoming
747 connection previously had. Exim would try to use TLS and fail, logging
748 a "Bad file descriptor" error.
749
7245734e
TF
750TF/02 Portability fix for building lookup modules on Solaris when the xpg4
751 utilities have not been installed.
752
fd5dad68
JH
753JH/01 Fix memory-handling in use of acl as a conditional; avoid free of
754 temporary space as the ACL may create new global variables.
755
5428a946
TL
756TL/01 LDAP support uses per connection or global context settings, depending
757 upon the detected version of the libraries at build time.
758
a3c86431
TL
759TL/02 Experimental Proxy Protocol support: allows a proxied SMTP connection
760 to extract and use the src ip:port in logging and expansions as if it
8ded8589
TL
761 were a direct connection from the outside internet. PPv2 support was
762 updated based on HAProxy spec change in May 2014.
a3c86431 763
aa26e137
JH
764JH/02 Add ${listextract {number}{list}{success}{fail}}.
765
5a1b8443
WB
766TL/03 Bugzilla 1433: Fix DMARC SEGV with specific From header contents.
767 Properly escape header and check for NULL return.
768
72c9e342
PP
769PP/01 Continue incomplete 4.82 PP/19 by fixing docs too: use dns_dnssec_ok
770 not dns_use_dnssec.
771
76f44207
WB
772JH/03 Bugzilla 1157: support log_selector smtp_confirmation for lmtp.
773
770747fd
MFM
774TL/04 Add verify = header_names_ascii check to reject email with non-ASCII
775 characters in header names, implemented as a verify condition.
776 Contributed by Michael Fischer v. Mollard.
777
8ddef691 778TL/05 Rename SPF condition results err_perm and err_temp to standardized
982650ec
TL
779 results permerror and temperror. Previous values are deprecated but
780 still accepted. In a future release, err_perm and err_temp will be
781 completely removed, which will be a backward incompatibility if the
782 ACL tests for either of these two old results. Patch contributed by
8ddef691 783 user bes-internal on the mailing list.
c0e56233 784
b9c2e32f
AR
785JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
786
e45a1c37
JH
787JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
788 selectors, in both main and reject logs.
789
67d81c10
JH
790JH/06 Log outbound-TLS and port details, subject to log selectors, for a
791 failed delivery.
792
b1f8e4f8
JH
793JH/07 Add malware type "sock" for talking to simple daemon.
794
511a6c14 795JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport.
511a6c14
JH
796
797JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in
798 routers/transports under cutthrough routing.
214042d2 799
51c7471d
JH
800JH/10 Bugzilla 1005: ACL "condition =" should accept values which are negative
801 numbers. Touch up "bool" conditional to keep the same definition.
802
3695be34
TL
803TL/06 Remove duplicated language in spec file from 4.82 TL/16.
804
1e06383a
TL
805JH/11 Add dnsdb tlsa lookup. From Todd Lyons.
806
76146973
JH
807JH/12 Expand items in router/transport headers_add or headers_remove lists
808 individually rather than the list as a whole. Bug 1452.
809
810 Required for reasonable handling of multiple headers_ options when
811 they may be empty; requires that headers_remove items with embedded
812 colons must have them doubled (or the list-separator changed).
813
8c8b8274
TL
814TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly
815 view the policy declared in the DMARC record. Currently, $dmarc_status
816 is a combined value of both the record presence and the result of the
817 analysis.
b1f8e4f8 818
35aba663
JH
819JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455.
820
8c51eead 821JH/14 New options dnssec_request_domains, dnssec_require_domains on the
578897ea
JH
822 dnslookup router and the smtp transport (applying to the forward
823 lookup).
8c51eead 824
deae092e
HS
825TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list
826 of ldap servers used for a specific lookup. Patch provided by Heiko
827 Schlichting.
35aba663 828
fd3b6a4a 829JH/18 New options dnssec_lax, dnssec_strict on dnsdb lookups.
4e0983dc 830 New variable $lookup_dnssec_authenticated for observability.
fd3b6a4a 831
8d91c6dc
LT
832TL/09 Bugzilla 609: Add -C option to exiqgrep, specify which exim.conf to use.
833 Patch submitted by Lars Timman.
834
2b4a568d
JH
835JH/19 EXPERIMENTAL_OCSP support under GnuTLS. Bug 1459.
836
d2af03f4
HS
837TL/10 Bugzilla 1454: New -oMm option to pass message reference to Exim.
838 Requires trusted mode and valid format message id, aborts otherwise.
839 Patch contributed by Heiko Schlichting.
840
9d1c15ef
JH
841JH/20 New expansion variables tls_(in,out)_(our,peer)cert, and expansion item
842 certextract with support for various fields. Bug 1358.
843
44662487
JH
844JH/21 Observability of OCSP via variables tls_(in,out)_ocsp. Stapling
845 is requested by default, modifiable by smtp transport option
6a8a60e0
JH
846 hosts_request_ocsp.
847
ed3bba5f 848JH/22 Expansion operators ${md5:string} and ${sha1:string} can now
6a8a60e0 849 operate on certificate variables to give certificate fingerprints
9ef9101c 850 Also new ${sha256:cert_variable}.
44662487 851
8ccd00b1
JH
852JH/23 The PRDR feature is moved from being Experimental into the mainline.
853
8ded8589
TL
854TL/11 Bug 1119: fix memory allocation in string_printing2(). Patch from
855 Christian Aistleitner.
856
f2de3a33
JH
857JH/24 The OCSP stapling feature is moved from Experimental into the mainline.
858
6eb02f88
TL
859TL/12 Bug 1444: Fix improper \r\n sequence handling when writing spool
860 file. Patch from Wolfgang Breyha.
861
00bff6f6
JH
862JH/25 Expand the coverage of the delivery $host and $host_address to
863 client authenticators run in verify callout. Bug 1476.
864
071c51f7
JH
865JH/26 Port service names are now accepted for tls_on_connect_ports, to
866 align with daemon_smtp_ports. Bug 72.
867
a6d4c44e
TF
868TF/03 Fix udpsend. The ip_connectedsocket() function's socket type
869 support and error reporting did not work properly.
870
3ae173e7
ACK
871TL/13 Bug 1495: Exiqgrep check if -C config file specified on cli exists
872 and is readable. Patch from Andrew Colin Kissa.
873
c13d09b8
TL
874TL/14 Enhance documentation of ${run expansion and how it parses the
875 commandline after expansion, particularly in the case when an
876 unquoted variable expansion results in an empty value.
877
0df4ab80
JH
878JH/27 The TLS SNI feature was broken in 4.82. Fix it.
879
66be95e0
PP
880PP/02 Fix internal collision of T_APL on systems which support RFC3123
881 by renaming away from it. Addresses GH issue 15, reported by
882 Jasper Wallace.
883
1bd0d12b
JH
884JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
885
0de7239e
TL
886TL/15 SECURITY: prevent double expansion in math comparison functions
887 (can expand unsanitized data). Not remotely exploitable.
888 CVE-2014-2972
889
fd3b6a4a 890
2c422e6f 891Exim version 4.82
98a90c36
PP
892-----------------
893
894PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities.
895
12f69989
PP
896PP/02 Make -n do something, by making it not do something.
897 When combined with -bP, the name of an option is not output.
898
54c90be1
PP
899PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured
900 by GnuTLS.
901
1f4a55da
PP
902PP/04 First step towards DNSSEC, provide $sender_host_dnssec for
903 $sender_host_name and config options to manage this, and basic check
904 routines.
905
13363eba 906PP/05 DSCP support for outbound connections and control modifier for inbound.
36a3ae5f 907
66645890 908PP/06 Cyrus SASL: set local and remote IP;port properties for driver.
e402235f
PP
909 (Only plugin which currently uses this is kerberos4, which nobody should
910 be using, but we should make it available and other future plugins might
911 conceivably use it, even though it would break NAT; stuff *should* be
912 using channel bindings instead).
66645890 913
a3fb9793 914PP/07 Handle "exim -L <tag>" to indicate to use syslog with tag as the process
f4ee74ac
PP
915 name; added for Sendmail compatibility; requires admin caller.
916 Handle -G as equivalent to "control = suppress_local_fixups" (we used to
917 just ignore it); requires trusted caller.
a3fb9793 918 Also parse but ignore: -Ac -Am -X<logfile>
f4ee74ac 919 Bugzilla 1117.
a3fb9793 920
d27f98fe 921TL/01 Bugzilla 1258 - Refactor MAIL FROM optional args processing.
98a90c36 922
6822b909
TL
923TL/02 Add +smtp_confirmation as a default logging option.
924
e7568d51
TL
925TL/03 Bugzilla 198 - Implement remove_header ACL modifier.
926 Patch by Magnus Holmgren from 2007-02-20.
927
ae0e32ee 928TL/04 Bugzilla 1281 - Spec typo.
ca0ff207 929 Bugzilla 1283 - Spec typo.
97f42f10 930 Bugzilla 1290 - Spec grammar fixes.
ca0ff207
TL
931
932TL/05 Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
ae0e32ee 933
e2658fff
TL
934TL/06 Add Experimental DMARC support using libopendmarc libraries.
935
83712b39
TL
936TL/07 Fix an out of order global option causing a segfault. Reported to dev
937 mailing list by by Dmitry Isaikin.
938
976b7e9f
JH
939JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
940
be4a1376
JH
941JH/02 Support "G" suffix to numbers in ${if comparisons.
942
ec4b68e5
PP
943PP/08 Handle smtp transport tls_sni option forced-fail for OpenSSL.
944
d7148a07
NM
945NM/01 Bugzilla 1197 - Spec typo
946 Bugzilla 1196 - Spec examples corrections
ec4b68e5 947
585121e2 948JH/03 Add expansion operators ${listnamed:name} and ${listcount:string}
ec4b68e5 949
2519e60d
TL
950PP/09 Add gnutls_allow_auto_pkcs11 option (was originally called
951 gnutls_enable_pkcs11, but renamed to more accurately indicate its
952 function.
a5f239e4 953
13d08c90
PP
954PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
955 Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
956
bef3ea7f
JH
957JH/04 Add expansion item ${acl {name}{arg}...}, expansion condition
958 "acl {{name}{arg}...}", and optional args on acl condition
959 "acl = name arg..."
a5f239e4 960
846726c5
JH
961JH/05 Permit multiple router/transport headers_add/remove lines.
962
3a796370
JH
963JH/06 Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination.
964
ea722490 965JH/07 Avoid using a waiting database for a single-message-only transport.
8b260705
PP
966 Performance patch from Paul Fisher. Bugzilla 1262.
967
b1b05573
JH
968JH/08 Strip leading/trailing newlines from add_header ACL modifier data.
969 Bugzilla 884.
970
362145b5
JH
971JH/09 Add $headers_added variable, with content from use of ACL modifier
972 add_header (but not yet added to the message). Bugzilla 199.
973
3c0a92dc
JH
974JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line.
975 Pulled from Bugzilla 817 by Wolfgang Breyha.
976
6d7c6175
PP
977PP/11 SECURITY: protect DKIM DNS decoding from remote exploit.
978 CVE-2012-5671
e78e6ecf 979 (nb: this is the same fix as in Exim 4.80.1)
6d7c6175 980
6f123593
JH
981JH/11 Add A= logging on delivery lines, and a client_set_id option on
982 authenticators.
983
c8e2fc1e
JH
984JH/12 Add optional authenticated_sender logging to A= and a log_selector
985 for control.
986
005ac57f
PP
987PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29.
988
3f1df0e3
PP
989PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not
990 advertise SMTP AUTH mechanism to us, instead of a generic
991 protocol violation error. Also, make Exim more robust to bad
992 data from the Dovecot auth socket.
993
67bd1ab3
TF
994TF/01 Fix ultimate retry timeouts for intermittently deliverable recipients.
995
996 When a queue runner is handling a message, Exim first routes the
997 recipient addresses, during which it prunes them based on the retry
998 hints database. After that it attempts to deliver the message to
999 any remaining recipients. It then updates the hints database using
1000 the retry rules.
1001
1002 So if a recipient address works intermittently, it can get repeatedly
1003 deferred at routing time. The retry hints record remains fresh so the
1004 address never reaches the final cutoff time.
1005
1006 This is a fairly common occurrence when a user is bumping up against
1007 their storage quota. Exim had some logic in its local delivery code
1008 to deal with this. However it did not apply to per-recipient defers
1009 in remote deliveries, e.g. over LMTP to a separate IMAP message store.
1010
1ddeb334
TF
1011 This change adds a proper retry rule check during routing so that the
1012 final cutoff time is checked against the message's age. We only do
1013 this check if there is an address retry record and there is not a
1014 domain retry record; this implies that previous attempts to handle
1015 the address had the retry_use_local_parts option turned on. We use
1016 this as an approximation for the destination being like a local
1017 delivery, as in LMTP.
67bd1ab3
TF
1018
1019 I suspect this new check makes the old local delivery cutoff check
1020 redundant, but I have not verified this so I left the code in place.
1021
326cdc37
TF
1022TF/02 Correct gecos expansion when From: is a prefix of the username.
1023
1024 Test 0254 submits a message to Exim with the header
1025
1026 Resent-From: f
1027
1028 When I ran the test suite under the user fanf2, Exim expanded
1029 the header to contain my full name, whereas it should have added
1030 a Resent-Sender: header. It erroneously treats any prefix of the
1031 username as equal to the username.
1032
1033 This change corrects that bug.
1034
f62514b3
GF
1035GF/01 DCC debug and logging tidyup
1036 Error conditions log to paniclog rather than rejectlog.
1037 Debug lines prefixed by "DCC: " to remove any ambiguity.
1038
eb505532
TF
1039TF/03 Avoid unnecessary rebuilds of lookup-related code.
1040
14c7b357
PP
1041PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
1042 Bug spotted by Jeremy Harris; was flawed since initial commit.
1043 Would have resulted in OCSP responses post-SNI triggering an Exim
1044 NULL dereference and crash.
1045
94eaf700
PP
1046JH/13 Add $router_name and $transport_name variables. Bugzilla 308.
1047
6f5a440a
PP
1048PP/15 Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd.
1049 Bug detection, analysis and fix by Samuel Thibault.
1050 Bugzilla 1331, Debian bug #698092.
1051
514ee161
SC
1052SC/01 Update eximstats to watch out for senders sending 'HELO [IpAddr]'
1053
fd98a5c6
JH
1054JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt).
1055 Server implementation by Todd Lyons, client by JH.
1056 Only enabled when compiled with EXPERIMENTAL_PRDR. A new
1057 config variable "prdr_enable" controls whether the server
1058 advertises the facility. If the client requests PRDR a new
1059 acl_data_smtp_prdr ACL is called once for each recipient, after
1060 the body content is received and before the acl_smtp_data ACL.
4c04137d 1061 The client is controlled by both of: a hosts_try_prdr option
fd98a5c6
JH
1062 on the smtp transport, and the server advertisement.
1063 Default client logging of deliveries and rejections involving
1064 PRDR are flagged with the string "PRDR".
1065
035c7f1e
PP
1066PP/16 Fix problems caused by timeouts during quit ACLs trying to double
1067 fclose(). Diagnosis by Todd Lyons.
1068
ff284120
PP
1069PP/17 Update configure.default to handle IPv6 localhost better.
1070 Patch by Alain Williams (plus minor tweaks).
1071 Bugzilla 880.
1072
26e72755
PP
1073PP/18 OpenSSL made graceful with empty tls_verify_certificates setting.
1074 This is now consistent with GnuTLS, and is now documented: the
1075 previous undocumented portable approach to treating the option as
1076 unset was to force an expansion failure. That still works, and
1077 an empty string is now equivalent.
1078
0fbd9bff
PP
1079PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
1080 clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
1081 not performing validation itself.
1082
700d22f3
PP
1083PP/20 Added force_command boolean option to pipe transport.
1084 Patch from Nick Koston, of cPanel Inc.
1085
fcc8e047
JH
1086JH/15 AUTH support on callouts (and hence cutthrough-deliveries).
1087 Bugzilla 321, 823.
1088
4c04137d 1089TF/04 Added udpsend ACL modifier and hexquote expansion operator
7142daca 1090
8c020188
PP
1091PP/21 Fix eximon continuous updating with timestamped log-files.
1092 Broken in a format-string cleanup in 4.80, missed when I repaired the
1093 other false fix of the same issue.
1094 Report and fix from Heiko Schlichting.
1095 Bugzilla 1363.
1096
d13cdd30
PP
1097PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
1098 Report from Prashanth Katuri.
1099
e2fbf4a2
PP
1100PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options.
1101 It's SecureTransport, so affects any MacOS clients which use the
1102 system-integrated TLS libraries, including email clients.
1103
f4c1088b
PP
1104PP/24 Fix segfault from trying to fprintf() to a NULL stdio FILE* if
1105 using a MIME ACL for non-SMTP local injection.
1106 Report and assistance in diagnosis by Warren Baker.
1107
c5c2182f
PP
1108TL/08 Adjust exiqgrep to be case-insensitive for sender/receiver.
1109
73431ca9
JH
1110JH/16 Fix comparisons for 64b. Bugzilla 1385.
1111
2d07a215
TL
1112TL/09 Add expansion variable $authenticated_fail_id to keep track of
1113 last id that failed so it may be referenced in subsequent ACL's.
1114
a30a8861
TL
1115TL/10 Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by
1116 Alexander Miroch.
1117
33382dd9
TL
1118TL/11 Bugzilla 1382 - Option ldap_require_cert overrides start_tls
1119 ldap library initialization, allowing self-signed CA's to be
1120 used. Also properly sets require_cert option later in code by
1121 using NULL (global ldap config) instead of ldap handle (per
1122 session). Bug diagnosis and testing by alxgomz.
6d7c6175 1123
046172e6
TL
1124TL/12 Enhanced documentation in the ratelimit.pl script provided in
1125 the src/util/ subdirectory.
1126
581d7bee 1127TL/13 Bug 1031 - Imported transport SQL logging patch from Axel Rau
1a7b746d 1128 renamed to Transport Post Delivery Action by Jeremy Harris, as
9bdd29ad
TL
1129 EXPERIMENTAL_TPDA.
1130
1131TL/14 Bugzilla 1217 - Redis lookup support has been added. It is only enabled
1132 when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable
1133 redis_servers = needs to be configured which will be used by the redis
1134 lookup. Patch from Warren Baker, of The Packet Hub.
1135
237b2cf2
TL
1136TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard Hall.
1137
9fc5a352
TL
1138TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors looking up a
1139 hostname or reverse DNS when processing a host list. Used suggestions
1140 from multiple comments on this bug.
1a7b746d 1141
b10e4ec2
TL
1142TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
1143
e2cebd74
TL
1144TL/18 Had previously added a -CONTINUE option to runtest in the test suite.
1145 Missed a few lines, added it to make the runtest require no keyboard
1146 interaction.
1147
1148TL/19 Bugzilla 1402 - Test 533 fails if any part of the path to the test suite
1149 contains upper case chars. Make router use caseful_local_part.
1150
2519e60d
TL
1151TL/20 Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS
1152 support when GnuTLS has been built with p11-kit.
1153
e78e6ecf 1154
4263f395
PP
1155Exim version 4.80.1
1156-------------------
1157
1158PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
1159 CVE-2012-5671
2c422e6f 1160 This, or similar/improved, will also be change PP/11 of 4.82.
3c0a92dc 1161
ea722490 1162
b1770b6e 1163Exim version 4.80
0599f9cf
PP
1164-----------------
1165
1166PP/01 Handle short writes when writing local log-files.
1167 In practice, only affects FreeBSD (8 onwards).
1168 Bugzilla 1053, with thanks to Dmitry Isaikin.
1169
23c7e742
NM
1170NM/01 Bugzilla 949 - Documentation tweak
1171
b322aac8
NM
1172NM/02 Bugzilla 1093 - eximstats DATA reject detection regexps
1173 improved.
1174
4a891427
NM
1175NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs.
1176
c1e794ba 1177PP/02 Implemented gsasl authenticator.
b322aac8 1178
97753960
PP
1179PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option.
1180
1181PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
1182 `pkg-config foo` for cflags/libs.
1183
df6303fa
PP
1184PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
1185 with rest of GSASL and with heimdal_gssapi.
1186
7e6a8985
PP
1187PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
1188 `pkg-config foo` for cflags/libs for the TLS implementation.
1189
f1e05cc7 1190PP/07 New expansion variable $tls_bits; Cyrus SASL server connection
20aa9dbd
PP
1191 properties get this fed in as external SSF. A number of robustness
1192 and debugging improvements to the cyrus_sasl authenticator.
b322aac8 1193
4c287009
PP
1194PP/08 cyrus_sasl server now expands the server_realm option.
1195
b98bb9ac
PP
1196PP/09 Bugzilla 1214 - Log authentication information in reject log.
1197 Patch by Jeremy Harris.
1198
4a6a987a
PP
1199PP/10 Added dbmjz lookup type.
1200
c45dd180 1201PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid.
c7955b11 1202
7db8d074
PP
1203PP/12 MAIL args handles TAB as well as SP, for better interop with
1204 non-compliant senders.
1205 Analysis and variant patch by Todd Lyons.
1206
eae0036b 1207NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated
cfab9d68 1208 Bug report from Lars Müller <lars@samba.org> (via SUSE),
e0df1c83
DM
1209 Patch from Dirk Mueller <dmueller@suse.com>
1210
dec5017e
PP
1211PP/13 tls_peerdn now print-escaped for spool files.
1212 Observed some $tls_peerdn in wild which contained \n, which resulted
1213 in spool file corruption.
1214
c80c5570
PP
1215PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
1216 values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
1217 or write after TLS renegotiation, which otherwise led to messages
1218 "Got SSL error 2".
1219
076b11e2
PP
1220TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
1221 as a tracking header (ie: a signed header comes before the signature).
1222 Patch from Wolfgang Breyha.
1223
5407bfff
JH
1224JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
1225 comma-sep list; embedded commas doubled.
1226
9e45c72b
PP
1227JH/02 Refactored ACL "verify =" logic to table-driven dispatch.
1228
e74376d8
PP
1229PP/15 LDAP: Check for errors of TLS initialisation, to give correct
1230 diagnostics.
1231 Report and patch from Dmitry Banschikov.
1232
4c04137d 1233PP/16 Removed "dont_insert_empty_fragments" from "openssl_options".
da3ad30d
PP
1234 Removed SSL_clear() after SSL_new() which led to protocol negotiation
1235 failures. We appear to now support TLS1.1+ with Exim.
1236
7be682ca
PP
1237PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
1238 lets Exim select keys and certificates based upon TLS SNI from client.
3f0945ff
PP
1239 Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly
1240 before an outbound SMTP session. New log_selector, +tls_sni.
7be682ca 1241
ef840681
PP
1242PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
1243 NULL dereference. Report and patch from Alun Jones.
1244
5bfb4cdf
PP
1245PP/19 DNS resolver init changes for NetBSD compatibility. (Risk of breakage
1246 on less well tested platforms). Obviates NetBSD pkgsrc patch-ac.
1247 Not seeing resolver debug output on NetBSD, but suspect this is a
1248 resolver implementation change.
1249
c6e95d22
PP
1250PP/20 Revert part of NM/04, it broke log_path containing %D expansions.
1251 Left warnings. Added "eximon gdb" invocation mode.
1252
9cbad13b
PP
1253PP/21 Defaulting "accept_8bitmime" to true, not false.
1254
9ee44efb
PP
1255PP/22 Added -bw for inetd wait mode support.
1256
6a6084f8
PP
1257PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
1258 locate the relevant includes and libraries. Made this the default.
1259
12dd53c7
PP
1260PP/24 Fixed headers_only on smtp transports (was not sending trailing dot).
1261 Bugzilla 1246, report and most of solution from Tomasz Kusy.
1262
9e45c72b 1263JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
97d17305
JH
1264 This may cause build issues on older platforms.
1265
17c76198
PP
1266PP/25 Revamped GnuTLS support, passing tls_require_ciphers to
1267 gnutls_priority_init, ignoring Exim options gnutls_require_kx,
1268 gnutls_require_mac & gnutls_require_protocols (no longer supported).
1269 Added SNI support via GnuTLS too.
af3498d6 1270 Made ${randint:..} supplier available, if using not-too-old GnuTLS.
17c76198 1271
53947857 1272PP/26 Added EXPERIMENTAL_OCSP for OpenSSL.
3f7eeb86 1273
eae0036b 1274PP/27 Applied dnsdb SPF support patch from Janne Snabb.
8ee4b30e
PP
1275 Applied second patch from Janne, implementing suggestion to default
1276 multiple-strings-in-record handling to match SPF spec.
eae0036b 1277
9e45c72b 1278JH/04 Added expansion variable $tod_epoch_l for a higher-precision time.
2605c55b 1279
7390e768
PP
1280PP/28 Fix DCC dcc_header content corruption (stack memory referenced,
1281 read-only, out of scope).
1282 Patch from Wolfgang Breyha, report from Stuart Northfield.
1283
08488c86
PP
1284PP/29 Fix three issues highlighted by clang analyser static analysis.
1285 Only crash-plausible issue would require the Cambridge-specific
1286 iplookup router and a misconfiguration.
1287 Report from Marcin Mirosław.
1288
6475bd82
PP
1289PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
1290
81f91683
PP
1291PP/31 %D in printf continues to cause issues (-Wformat=security), so for
1292 now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
1293 As part of this, removing so much warning spew let me fix some minor
1294 real issues in debug logging.
1295
5779e6aa
PP
1296PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing
1297 assignment on my part. Fixed.
1298
3375e053
PP
1299PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit
1300 of NSS, for GnuTLS/NSS interop. Problem root cause diagnosis by
1301 Janne Snabb (who went above and beyond: thank you).
1302
1303PP/34 Validate tls_require_ciphers on startup, since debugging an invalid
1304 string otherwise requires a connection and a bunch more work and it's
78e0c7a3
PP
1305 relatively easy to get wrong. Should also expose TLS library linkage
1306 problems.
3375e053 1307
9d26b8c0
PP
1308PP/35 Pull in <features.h> on Linux, for some portability edge-cases of
1309 64-bit ${eval} (JH/03).
1310
57eb9e91 1311PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of
b87a6e0e
PP
1312 GNU libc to support some of the 64-bit stuff, should not lead to
1313 conflicts. Defined before os.h is pulled in, so if a given platform
1314 needs to override this, it can.
1315
16880d1a
PP
1316PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought
1317 protection layer was required, which is not implemented.
1318 Bugzilla 1254, patch from Wolfgang Breyha.
1319
a799883d
PP
1320PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
1321 into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make
1322 tls_dhparam take prime identifiers. Also unbreak combination of
1323 OpenSSL+DH_params+TLSSNI.
1324
3ecab157 1325PP/39 Disable SSLv2 by default in OpenSSL support.
f0f5a555 1326
0599f9cf 1327
867fcbf5
PP
1328Exim version 4.77
1329-----------------
1330
1331PP/01 Solaris build fix for Oracle's LDAP libraries.
1332 Bugzilla 1109, patch from Stephen Usher.
1333
f1a29782
TF
1334TF/01 HP/UX build fix: avoid arithmetic on a void pointer.
1335
ab42bd23
TK
1336TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o
1337 whitespace trailer
867fcbf5 1338
0ca0cf52
TF
1339TF/02 Fix a couple more cases where we did not log the error message
1340 when unlink() failed. See also change 4.74-TF/03.
1341
921b12ca
TF
1342TF/03 Make the exiwhat support code safe for signals. Previously Exim might
1343 lock up or crash if it happened to be inside a call to libc when it
1344 got a SIGUSR1 from exiwhat.
1345
1346 The SIGUSR1 handler appends the current process status to the process
1347 log which is later printed by exiwhat. It used to use the general
1348 purpose logging code to do this, but several functions it calls are
1349 not safe for signals.
1350
1351 The new output code in the SIGUSR1 handler is specific to the process
1352 log, and simple enough that it's easy to inspect for signal safety.
1353 Removing some special cases also simplifies the general logging code.
1354 Removing the spurious timestamps from the process log simplifies
1355 exiwhat.
1356
c99ce5c9
TF
1357TF/04 Improved ratelimit ACL condition.
1358
1359 The /noupdate option has been deprecated in favour of /readonly which
1360 has clearer semantics. The /leaky, /strict, and /readonly update modes
1361 are mutually exclusive. The update mode is no longer included in the
1362 database key; it just determines when the database is updated. (This
4c04137d 1363 means that when you upgrade Exim will forget old rate measurements.)
c99ce5c9
TF
1364
1365 Exim now checks that the per_* options are used with an update mode that
1366 makes sense for the current ACL. For example, when Exim is processing a
1367 message (e.g. acl_smtp_rcpt or acl_smtp_data, etc.) you can specify
1368 per_mail/leaky or per_mail/strict; otherwise (e.g. in acl_smtp_helo) you
1369 must specify per_mail/readonly. If you omit the update mode it defaults to
1370 /leaky where that makes sense (as before) or /readonly where required.
1371
1372 The /noupdate option is now undocumented but still supported for
1373 backwards compatibility. It is equivalent to /readonly except that in
1374 ACLs where /readonly is required you may specify /leaky/noupdate or
1375 /strict/noupdate which are treated the same as /readonly.
1376
1377 A useful new feature is the /count= option. This is a generalization
1378 of the per_byte option, so that you can measure the throughput of other
1379 aggregate values. For example, the per_byte option is now equivalent
1380 to per_mail/count=${if >{0}{$message_size} {0} {$message_size} }.
1381
1382 The per_rcpt option has been generalized using the /count= mechanism
1383 (though it's more complicated than the per_byte equivalence). When it is
1384 used in acl_smtp_rcpt, the per_rcpt option adds recipients to the
1385 measured rate one at a time; if it is used later (e.g. in acl_smtp_data)
1386 or in a non-SMTP ACL it adds all the recipients in one go. (The latter
1387 /count=$recipients_count behaviour used to work only in non-SMTP ACLs.)
1388 Note that using per_rcpt with a non-readonly update mode in more than
1389 one ACL will cause the recipients to be double-counted. (The per_mail
1390 and per_byte options don't have this problem.)
1391
1392 The handling of very low rates has changed slightly. If the computed rate
1393 is less than the event's count (usually one) then this event is the first
1394 after a long gap. In this case the rate is set to the same as this event's
1395 count, so that the first message of a spam run is counted properly.
1396
1397 The major new feature is a mechanism for counting the rate of unique
1398 events. The new per_addr option counts the number of different
1399 recipients that someone has sent messages to in the last time period. It
1400 behaves like per_rcpt if all the recipient addresses are different, but
1401 duplicate recipient addresses do not increase the measured rate. Like
1402 the /count= option this is a general mechanism, so the per_addr option
1403 is equivalent to per_rcpt/unique=$local_part@$domain. You can, for
1404 example, measure the rate that a client uses different sender addresses
1405 with the options per_mail/unique=$sender_address. There are further
1406 details in the main documentation.
1407
3634fc25
TF
1408TF/05 Removed obsolete $Cambridge$ CVS revision strings.
1409
792e8a19
TF
1410TF/06 Removed a few PCRE remnants.
1411
5901f0ab
TF
1412TF/07 Automatically extract Exim's version number from tags in the git
1413 repository when doing development or release builds.
1414
7f2a2a43
PP
1415PP/02 Raise smtp_cmd_buffer_size to 16kB.
1416 Bugzilla 879. Patch from Paul Fisher.
e2ca7082 1417
061b7ebd
PP
1418PP/03 Implement SSL-on-connect outbound with protocol=smtps on smtp transport.
1419 Heavily based on revision 40f9a89a from Simon Arlott's tree.
1420 Bugzilla 97.
1421
e12f8c32
PP
1422PP/04 Use .dylib instead of .so for dynamic library loading on MacOS.
1423
9e949f00 1424PP/05 Variable $av_failed, true if the AV scanner deferred.
7f2a2a43
PP
1425 Bugzilla 1078. Patch from John Horne.
1426
1427PP/06 Stop make process more reliably on build failure.
1428 Bugzilla 1087. Patch from Heiko Schlittermann.
9e949f00 1429
555ae6af 1430PP/07 Make maildir_use_size_file an _expandable_ boolean.
ac53fcda
PP
1431 Bugzilla 1089. Patch from Heiko Schlittermann.
1432
1433PP/08 Handle ${run} returning more data than OS pipe buffer size.
1434 Bugzilla 1131. Patch from Holger Weiß.
555ae6af 1435
6f7fe114
PP
1436PP/09 Handle IPv6 addresses with SPF.
1437 Bugzilla 860. Patch from Wolfgang Breyha.
1438
c566dd90
PP
1439PP/10 GnuTLS: support TLS 1.2 & 1.1.
1440 Bugzilla 1156.
89f897c3
PP
1441 Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler].
1442 Bugzilla 1095.
c566dd90 1443
d6cc7c78 1444PP/11 match_* no longer expand right-hand-side by default.
39257585
PP
1445 New compile-time build option, EXPAND_LISTMATCH_RHS.
1446 New expansion conditions, "inlist", "inlisti".
1447
0d0e4455
PP
1448PP/12 fix uninitialised greeting string from PP/03 (smtps client support).
1449
3399bb60 1450PP/13 shell and compiler warnings fixes for RC1-RC4 changes.
d690cbdc
PP
1451
1452PP/14 fix log_write() format string regression from TF/03.
1453 Bugzilla 1152. Patch from Dmitry Isaikin.
1454
0ca0cf52 1455
10906672
PP
1456Exim version 4.76
1457-----------------
1458
1459PP/01 The new ldap_require_cert option would segfault if used. Fixed.
1460
754a0503
PP
1461PP/02 Harmonised TLS library version reporting; only show if debugging.
1462 Layout now matches that introduced for other libraries in 4.74 PP/03.
1463
c0c7b2da
PP
1464PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
1465
e97d1f08
PP
1466PP/04 New "dns_use_edns0" global option.
1467
084c1d8c
PP
1468PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid.
1469 Bugzilla 1098.
1470
4e7ee012
PP
1471PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
1472 nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
da80c2a8 1473
c8d52a00
PP
1474TK/01 Updated PolarSSL code to 0.14.2.
1475 Bugzilla 1097. Patch from Andreas Metzler.
1476
54e7ce4a
PP
1477PP/07 Catch divide-by-zero in ${eval:...}.
1478 Fixes bugzilla 1102.
1479
5ee6f336
PP
1480PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed.
1481 Bugzilla 1104.
1482
c8d52a00 1483TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
6ea4a851
PP
1484 format-string attack -- SECURITY: remote arbitrary code execution.
1485
1486TK/03 SECURITY - DKIM signature header parsing was double-expanded, second
1487 time unintentionally subject to list matching rules, letting the header
1488 cause arbitrary Exim lookups (of items which can occur in lists, *not*
1489 arbitrary string expansion). This allowed for information disclosure.
1490
1491PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to
1492 INT_MIN/-1 -- value coerced to INT_MAX.
c8d52a00 1493
10906672 1494
aa097c4c
NM
1495Exim version 4.75
1496-----------------
1497
4c04137d 1498NM/01 Workaround for PCRE version dependency in version reporting
aa097c4c
NM
1499 Bugzilla 1073
1500
7f3d9eff
TF
1501TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0.
1502 This fixes portability to compilers other than gcc, notably
1503 Solaris CC and HP-UX CC. Fixes Bugzilla 1050.
1504
159f52d2
TF
1505TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup
1506 makefiles for portability to HP-UX and POSIX correctness.
1507
0cc9542a
PP
1508PP/01 Permit LOOKUP_foo enabling on the make command-line.
1509 Also via indented variable definition in the Makefile.
1510 (Debugging by Oliver Heesakkers).
1511
f7274286
PP
1512PP/02 Restore caching of spamd results with expanded spamd_address.
1513 Patch from author of expandable spamd_address patch, Wolfgang Breyha.
1514
7b797365
PP
1515PP/03 Build issue: lookups-Makefile now exports LC_ALL=C
1516 Improves build reliability. Fix from: Frank Elsner
1517
caacae52
NM
1518NM/02 Fix wide character breakage in the rfc2047 coding
1519 Fixes bug 1064. Patch from Andrey N. Oktyabrski
1520
09dcaba9
NM
1521NM/03 Allow underscore in dnslist lookups
1522 Fixes bug 1026. Patch from Graeme Fowler
1523
bc19a55b
PP
1524PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps).
1525 Code patches from Adam Ciarcinski of NetBSD.
caacae52 1526
bd4c9759
NM
1527NM/04 Fixed exiqgrep to cope with mailq missing size issue
1528 Fixes bug 943.
1529
b72aab72
PP
1530PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which
1531 is logged, to avoid truncation. Patch from John Horne.
1532
2fe76745
PP
1533PP/06 Bugzilla 1042: implement freeze_signal on pipe transports.
1534 Patch from Jakob Hirsch.
1535
76aa570c
PP
1536PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal
1537 SQL string expansion failure details.
1538 Patch from Andrey Oktyabrski.
1539
f1e5fef5
PP
1540PP/08 Bugzilla 486: implement %M datestamping in log filenames.
1541 Patch from Simon Arlott.
1542
4d805ee9
PP
1543PP/09 New lookups functionality failed to compile on old gcc which rejects
1544 extern declarations in function scope.
1545 Patch from Oliver Fleischmann
1546
cd59ab18
PP
1547PP/10 Use sig_atomic_t for flags set from signal handlers.
1548 Check getgroups() return and improve debugging.
1549 Fixed developed for diagnosis in bug 927 (which turned out to be
1550 a kernel bug).
1551
332f5cf3
PP
1552PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag.
1553 Patch from Mark Zealey.
1554
29cfeb94
PP
1555PP/12 Bugzilla 1056: Improved spamd server selection.
1556 Patch from Mark Zealey.
1557
660242ad
PP
1558PP/13 Bugzilla 1086: Deal with maildir quota file races.
1559 Based on patch from Heiko Schlittermann.
1560
bc4bc4c5
PP
1561PP/14 Bugzilla 1019: DKIM multiple signature generation fix.
1562 Patch from Uwe Doering, sign-off by Michael Haardt.
1563
2e64baa9
NM
1564NM/05 Fix to spam.c to accommodate older gcc versions which dislike
1565 variable declaration deep within a block. Bug and patch from
1566 Dennis Davis.
1567
4c04137d 1568PP/15 lookups-Makefile IRIX compatibility coercion.
bddd7526 1569
6bac1a9a
PP
1570PP/16 Make DISABLE_DKIM build knob functional.
1571
552193f0
NM
1572NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler
1573 Patch by Simon Arlott
baeee2c1 1574
1b587e48
TF
1575TF/03 Fix valgrind.h portability to C89 compilers that do not support
1576 variable argument macros. Our copy now differs from upstream.
1577
aa097c4c 1578
8c07b69f
TF
1579Exim version 4.74
1580-----------------
1581
1582TF/01 Failure to get a lock on a hints database can have serious
1583 consequences so log it to the panic log.
1584
c0ea85ab
TF
1585TF/02 Log LMTP confirmation messages in the same way as SMTP,
1586 controlled using the smtp_confirmation log selector.
1587
0761d44e
TF
1588TF/03 Include the error message when we fail to unlink a spool file.
1589
0a349494
PP
1590DW/01 Bugzilla 139: Support dynamically loaded lookups as modules.
1591 With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux
1592 for maintaining out-of-tree patches for some time.
1593
1594PP/01 Bugzilla 139: Documentation and portability issues.
1595 Avoid GNU Makefile-isms, let Exim continue to build on BSD.
1596 Handle per-OS dynamic-module compilation flags.
1597
fea24b2e
PP
1598PP/02 Let /dev/null have normal permissions.
1599 The 4.73 fixes were a little too stringent and complained about the
1600 permissions on /dev/null. Exempt it from some checks.
1601 Reported by Andreas M. Kirchwitz.
1602
6545de78
PP
1603PP/03 Report version information for many libraries, including
1604 Exim version information for dynamically loaded libraries. Created
1605 version.h, now support a version extension string for distributors
1606 who patch heavily. Dynamic module ABI change.
1607
1670ef10
PP
1608PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
1609 privilege escalation vulnerability whereby the Exim run-time user
1610 can cause root to append content of the attacker's choosing to
1611 arbitrary files.
1612
c0886197
PP
1613PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
1614 (Wolfgang Breyha)
1615
b7487bce
PP
1616PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
1617 If dropping privileges for untrusted macros, we disabled normal logging
1618 on the basis that it would fail; for the Exim run-time user, this is not
1619 the case, and it resulted in successful deliveries going unlogged.
1620 Fixed. Reported by Andreas Metzler.
1621
8c07b69f 1622
97fd1e48 1623Exim version 4.73
ed7f7860 1624-----------------
97fd1e48
PP
1625
1626PP/01 Date: & Message-Id: revert to normally being appended to a message,
1627 only prepend for the Resent-* case. Fixes regression introduced in
1628 Exim 4.70 by NM/22 for Bugzilla 607.
1629
6901c596
PP
1630PP/02 Include check_rfc2047_length in configure.default because we're seeing
1631 increasing numbers of administrators be bitten by this.
1632
a8c8d6b5
JJ
1633JJ/01 Added DISABLE_DKIM and comment to src/EDITME
1634
77bb000f
PP
1635PP/03 Bugzilla 994: added openssl_options main configuration option.
1636
a29e5231
PP
1637PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
1638
ec5a0394 1639PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports.
a29e5231 1640
55c75993
PP
1641PP/06 Adjust NTLM authentication to handle SASL Initial Response.
1642
453a6645 1643PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
ec5a0394
PP
1644 without a peer certificate, leading to a segfault because of an
1645 assumption that peers always have certificates. Be a little more
453a6645
PP
1646 paranoid. Problem reported by Martin Tscholak.
1647
8544e77a
PP
1648PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
1649 filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
1650 NB: ClamAV planning to remove STREAM in "middle of 2010".
3346ab01
PP
1651 CL also introduces -bmalware, various -d+acl logging additions and
1652 more caution in buffer sizes.
8544e77a 1653
83e029d5
PP
1654PP/09 Implemented reverse_ip expansion operator.
1655
ed7f7860
PP
1656PP/10 Bugzilla 937: provide a "debug" ACL control.
1657
7d9f747b
PP
1658PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne.
1659
4b2241d2
PP
1660PP/12 Bugzilla 973: Implement --version.
1661
10385c15
PP
1662PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0.
1663
dbc4b90d
PP
1664PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.
1665
532be449
PP
1666PP/15 Bugzilla 816: support multiple condition rules on Routers.
1667
6a8de854 1668PP/16 Add bool_lax{} expansion operator and use that for combining multiple
71265ae9
PP
1669 condition rules, instead of bool{}. Make both bool{} and bool_lax{}
1670 ignore trailing whitespace.
6a8de854 1671
5dc43717
JJ
1672JJ/02 prevent non-panic DKIM error from being sent to paniclog
1673
1674JJ/03 added tcp_wrappers_daemon_name to allow host entries other than
1675 "exim" to be used
55c75993 1676
3346ab01
PP
1677PP/17 Fix malware regression for cmdline scanner introduced in PP/08.
1678 Notification from Dr Andrew Aitchison.
1679
491fab4c
PP
1680PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's
1681 ExtendedDetectionInfo response format.
1682 Notification from John Horne.
1683
13eb9497
PP
1684PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards
1685 compatible.
1686
1687PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http:
1688 XSL and documented dependency on system catalogs, with examples of how
1689 it normally works.
1690
7f36d675
DW
1691DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
1692 access.
1693
c1d94452
DW
1694DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
1695 of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
1696 configuration file which is writeable by the Exim user or group.
1697
e2f5dc15
DW
1698DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
1699 of configuration files to cover files specified with the -C option if
1700 they are going to be used with root privileges, not just the default
1701 configuration file.
1702
cd25e41d
DW
1703DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
1704 option (effectively making it always true).
1705
261dc43e
DW
1706DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
1707 files to be used while preserving root privileges.
1708
fa32850b
DW
1709DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
1710 that rogue child processes cannot use them.
1711
79d4bc3d
PP
1712PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim
1713 run-time user, instead of root.
1714
43236f35 1715PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the
2cfd3221
PP
1716 Exim run-time user without dropping privileges.
1717
fb08281f
DW
1718DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
1719 result string, instead of calling string_vformat() twice with the same
1720 arguments.
3346ab01 1721
74935b98
DW
1722DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not
1723 for other users. Others should always drop root privileges if they use
1724 -C on the command line, even for a whitelisted configure file.
1725
90b6341f
DW
1726DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes.
1727
57730b52
ML
1728NM/01 Fixed bug #1002 - Message loss when using multiple deliveries
1729
66581d1e 1730
465e92cf
JJ
1731Exim version 4.72
1732-----------------
1733
453a6645
PP
1734JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
1735 $data_path, and $header_path variables; fixed documentation bugs and
1736 typos
465e92cf 1737
453a6645
PP
1738JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
1739 exipick to access non-standard spools, including the "frozen" queue
1740 (Finput)
edae0343 1741
9bd3e22c
NM
1742NM/01 Bugzilla 965: Support mysql stored procedures.
1743 Patch from Alain Williams
1744
bb576ff7
NM
1745NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD
1746
5a1a5845
NM
1747NM/03 Bugzilla 955: Documentation fix for max_rcpts.
1748 Patch from Andreas Metzler
1749
981a9fad
NM
1750NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator.
1751 Patch from Kirill Miazine
1752
7fc497ee
NM
1753NM/05 Bugzilla 671: Added umask to procmail example.
1754
1a41defa
JJ
1755JJ/03 installed exipick 20100323.0, fixing doc bug
1756
a466095c 1757NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail
b26eacf1 1758 directory. Notification and patch from Dan Rosenberg.
a466095c 1759
94a6bd0b
NM
1760TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1.
1761
1762TK/02 Improve log output when DKIM signing operation fails.
1763
1764MH/01 Treat the transport option dkim_domain as a colon separated
1765 list, not as a single string, and sign the message with each element,
1766 omitting multiple occurences of the same signer.
1767
c1b141a8
NM
1768NM/07 Null terminate DKIM strings, Null initialise DKIM variable
1769 Bugzilla 985, 986. Patch by Simon Arlott
94a6bd0b 1770
b26eacf1 1771NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related)
0d0c6357
NM
1772 Patch by Simon Arlott
1773
179c5980 1774PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on
b26eacf1 1775 MBX locking. Notification from Dan Rosenberg.
179c5980 1776
9bd3e22c 1777
7c6d71af
NM
1778Exim version 4.71
1779-----------------
1780
7d9f747b 1781TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body.
7c6d71af 1782
f013fb92
NM
1783NM/01 Bugzilla 913: Documentation fix for gnutls_* options.
1784
0eb8eedd
NM
1785NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults.
1786
663ee6d9
NM
1787NM/03 Bugzilla 847: Enable DNSDB lookup by default.
1788
177ebd9b
NM
1789NM/04 Bugzilla 915: Flag broken perl installation during build.
1790
7c6d71af 1791
210f147e
NM
1792Exim version 4.70
1793-----------------
1794
cdd3bb85 1795TK/01 Added patch by Johannes Berg that expands the main option
e739e3d9 1796 "spamd_address" if it starts with a dollar sign.
cdd3bb85
TK
1797
1798TK/02 Write list of recipients to X-Envelope-Sender header when building
1799 the mbox-format spool file for content scanning (suggested by Jakob
7d9f747b 1800 Hirsch).
cdd3bb85
TK
1801
1802TK/03 Added patch by Wolfgang Breyha that adds experimental DCC
1803 (http://www.dcc-servers.net/) support via dccifd. Activated by
e739e3d9 1804 setting EXPERIMENTAL_DCC=yes in Local/Makefile.
cdd3bb85
TK
1805
1806TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted
1807 by Mark Daniel Reidel <mr@df.eu>.
1808
210f147e
NM
1809NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree.
1810 When building exim an external PCRE library is now needed -
1811 PCRE is a system library on the majority of modern systems.
1812 See entry on PCRE_LIBS in EDITME file.
1813
deafd5b3
NM
1814NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator
1815 conversation. Added nologin parameter to request.
7d9f747b 1816 Patch contributed by Kirill Miazine.
deafd5b3 1817
089793a4
TF
1818TF/01 Do not log submission mode rewrites if they do not change the address.
1819
5f16ca82
TF
1820TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c.
1821
dae9d94e 1822NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty
7d9f747b 1823 log files in place. Contributed by Roberto Lima.
dae9d94e 1824
7d9f747b 1825NM/04 Bugzilla 667: Close socket used by dovecot authenticator.
3f0da4d0 1826
06864c44
TF
1827TF/03 Bugzilla 615: When checking the local_parts router precondition
1828 after a local_part_suffix or local_part_prefix option, Exim now
1829 does not use the address's named list lookup cache, since this
1830 contains cached lookups for the whole local part.
1831
65a7d8c3 1832NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by
7d9f747b 1833 Robert Millan. Documentation is in experimental-spec.txt.
65a7d8c3 1834
23510047 1835TF/04 Bugzilla 668: Fix parallel build (make -j).
65a7d8c3 1836
7d9f747b 1837NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000.
5f28a6e8 1838
7d8eec3a 1839NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling.
7d9f747b 1840 Patch provided by Jan Srzednicki.
6c588e74 1841
89dec7b6
TF
1842TF/05 Leading white space used to be stripped from $spam_report which
1843 wrecked the formatting. Now it is preserved.
5f28a6e8 1844
a99de90c
TF
1845TF/06 Save $spam_score, $spam_bar, and $spam_report in spool files, so
1846 that they are available at delivery time.
1847
e2803e40
TF
1848TF/07 Fix the way ${extract is skipped in the untaken branch of a conditional.
1849
7199e1ee
TF
1850TF/08 TLS error reporting now respects the incoming_interface and
1851 incoming_port log selectors.
1852
e276e04b
TF
1853TF/09 Produce a more useful error message if an SMTP transport's hosts
1854 setting expands to an empty string.
1855
ce552449 1856NM/06 Bugzilla 744: EXPN did not work under TLS.
7d9f747b 1857 Patch provided by Phil Pennock.
ce552449 1858
e765a0f1 1859NM/07 Bugzilla 769: Extraneous comma in usage fprintf
7d9f747b 1860 Patch provided by Richard Godbee.
e765a0f1 1861
4f054c63 1862NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be
447de4b0 1863 acl_smtp_notquit, added index entry.
4f054c63 1864
7d9f747b
PP
1865NM/09 Bugzilla 787: Potential buffer overflow in string_format.
1866 Patch provided by Eugene Bujak.
24c929a2 1867
7d9f747b
PP
1868NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to
1869 accept(). Patch provided by Maxim Dounin.
cf73943b 1870
b52bc06e 1871NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero.
7d9f747b 1872 Patch provided by Phil Pennock.
b52bc06e 1873
447de4b0
NM
1874NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists.
1875
4c69d561 1876NM/13 Bugzilla 590: Correct handling of Resent-Date headers.
7d9f747b 1877 Patch provided by Brad "anomie" Jorsch.
4c69d561 1878
d5c39246 1879NM/14 Bugzilla 622: Added timeout setting to transport filter.
7d9f747b 1880 Patch provided by Dean Brooks.
9b989985 1881
0b23848a
TK
1882TK/05 Add native DKIM support (does not depend on external libraries).
1883
8f3414a1 1884NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful.
7d9f747b 1885 Patch provided by Graeme Fowler.
e2aacdfd 1886
fb6f955d
NM
1887NM/16 Bugzilla 851: Documentation example syntax fix.
1888
1889NM/17 Changed NOTICE file to remove references to embedded PCRE.
8f3414a1 1890
7d9f747b
PP
1891NM/18 Bugzilla 894: Fix issue with very long lines including comments in
1892 lsearch.
dbb0bf41 1893
7d9f747b
PP
1894NM/19 Bugzilla 745: TLS version reporting.
1895 Patch provided by Phil Pennock.
f3766eb5 1896
7d9f747b
PP
1897NM/20 Bugzilla 167: bool: condition support.
1898 Patch provided by Phil Pennock.
36f12725 1899
7d9f747b
PP
1900NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken
1901 clients. Patch provided by Phil Pennock.
e6060e2c 1902
7d9f747b
PP
1903NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date.
1904 Patch provided by Brad "anomie" Jorsch.
5eb690a1 1905
7d9f747b
PP
1906NM/23 Bugzilla 687: Fix misparses in eximstats.
1907 Patch provided by Heiko Schlittermann.
d5c13d66 1908
7d9f747b
PP
1909NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid.
1910 Patch provided by Heiko Schlittermann.
b2335c0b 1911
7d9f747b 1912NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file.
1da77999 1913 plus update to original patch.
f4cd9433 1914
7d9f747b 1915NM/26 Bugzilla 799: Documentation correction for ratelimit.
dc988b7e 1916
7d9f747b
PP
1917NM/27 Bugzilla 802: Improvements to local interface IP addr detection.
1918 Patch provided by David Brownlee.
8dc71ab3 1919
7d9f747b 1920NM/28 Bugzilla 807: Improvements to LMTP delivery logging.
400eda43 1921
7d9f747b 1922NM/29 Bugzilla 862, 866, 875: Documentation bugfixes.
ec5a421b 1923
7d9f747b 1924NM/30 Bugzilla 888: TLS documentation bugfixes.
07af267e 1925
7d9f747b 1926NM/31 Bugzilla 896: Dovecot buffer overrun fix.
51473862 1927
17792b53 1928NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --"
7d9f747b 1929 Unlike the original bugzilla I have changed all shell scripts in src tree.
17792b53 1930
7d9f747b
PP
1931NM/33 Bugzilla 898: Transport filter timeout fix.
1932 Patch by Todd Rinaldo.
52383f8f 1933
91576cec 1934NM/34 Bugzilla 901: Fix sign/unsigned and UTF mismatches.
7d9f747b 1935 Patch by Serge Demonchaux.
5ca6d115 1936
7d9f747b
PP
1937NM/35 Bugzilla 39: Base64 decode bug fixes.
1938 Patch by Jakob Hirsch.
baee9eee 1939
7d9f747b 1940NM/36 Bugzilla 909: Correct connect() call in dcc code.
e93a964c 1941
7d9f747b 1942NM/37 Bugzilla 910: Correct issue with relaxed/simple handling.
9bf3d68f 1943
7d9f747b 1944NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed.
96535b98 1945
7d9f747b 1946NM/39 Bugzilla 911: Fixed MakeLinks build script.
30339e0f 1947
deafd5b3 1948
47db1125
NM
1949Exim version 4.69
1950-----------------
1951
4b3504d0
TK
1952TK/01 Add preliminary DKIM support. Currently requires a forked version of
1953 ALT-N's libdkim that I have put here:
1954 http://duncanthrax.net/exim-experimental/
1955
1956 Note to Michael Haardt: I had to rename some vars in sieve.c. They
1957 were called 'true' and it seems that C99 defines that as a reserved
1958 keyword to be used with 'bool' variable types. That means you could
1959 not include C99-style headers which use bools without triggering
1960 build errors in sieve.c.
1961
81ea09ca
NM
1962NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
1963 as mailq or other aliases. Changed the --help handling significantly
1964 to do whats expected. exim_usage() emits usage/help information.
1965
f13cddcb
SC
1966SC/01 Added the -bylocaldomain option to eximstats.
1967
7d9f747b 1968NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr.
8ad076b2 1969
7d9f747b 1970NM/03 Bugzilla 613: Documentation fix for acl_not_smtp.
a843aaa6 1971
7d9f747b 1972NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall).
47db1125
NM
1973
1974
eb4c0de6
PH
1975Exim version 4.68
1976-----------------
1977
1978PH/01 Another patch from the Sieve maintainer.
1979
6a3bceb1
PH
1980PH/02 When an IPv6 address is converted to a string for single-key lookup
1981 in an address list (e.g. for an item such as "net24-dbm;/net/works"),
1982 dots are used instead of colons so that keys in lsearch files need not
1983 contain colons. This was done some time before quoting was made available
1984 in lsearch files. However, iplsearch files do require colons in IPv6 keys
1985 (notated using the quote facility) so as to distinguish them from IPv4
1986 keys. This meant that lookups for IP addresses in host lists did not work
1987 for iplsearch lookups.
1988
1989 This has been fixed by arranging for IPv6 addresses to be expressed with
1990 colons if the lookup type is iplsearch. This is not incompatible, because
1991 previously such lookups could never work.
1992
4c04137d 1993 The situation is now rather anomalous, since one *can* have colons in
6a3bceb1
PH
1994 ordinary lsearch keys. However, making the change in all cases is
1995 incompatible and would probably break a number of configurations.
1996
2e30fa9d
TK
1997TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
1998 version.
1999
0806a9c5
MH
2000MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
2001 conversion specification without a maximum field width, thereby enabling
2002 a rogue spamd server to cause a buffer overflow. While nobody in their
2003 right mind would setup Exim to query an untrusted spamd server, an
2004 attacker that gains access to a server running spamd could potentially
2005 exploit this vulnerability to run arbitrary code as the Exim user.
2006
ae276964
TK
2007TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
2008 $primary_hostname instead of what libspf2 thinks the hosts name is.
2009
0f2cbd1b
MH
2010MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
2011 a directory entry by the name of the lookup key. Previously, if a
2012 symlink pointed to a non-existing file or a file in a directory that
2013 Exim lacked permissions to read, a lookup for a key matching that
2014 symlink would fail. Now it is enough that a matching directory entry
2015 exists, symlink or not. (Bugzilla 503.)
2016
2b85bce7
PH
2017PH/03 The body_linecount and body_zerocount variables are now exported in the
2018 local_scan API.
2019
93655c46
PH
2020PH/04 Added the $dnslist_matched variable.
2021
6c512171
PH
2022PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
2023 This means they are set thereafter only if the connection becomes
2024 encrypted.
2025
2026PH/06 Added the client_condition to authenticators so that some can be skipped
2027 by clients under certain conditions.
2028
aa6dc513
PH
2029PH/07 The error message for a badly-placed control=no_multiline_responses left
2030 "_responses" off the end of the name.
2031
a96603a0
PH
2032PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
2033
8f240103
PH
2034PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
2035 (without spaces) instead of just copying the configuration text.
2036
2037PH/10 Added the /noupdate option to the ratelimit ACL condition.
2038
d677b2f2
PH
2039PH/11 Added $max_received_linelength.
2040
d52120f2
PH
2041PH/12 Added +ignore_defer and +include_defer to host lists.
2042
64f2600a
PH
2043PH/13 Installed PCRE version 7.2. This needed some changes because of the new
2044 way in which PCRE > 7.0 is built.
2045
8669f003
PH
2046PH/14 Implemented queue_only_load_latch.
2047
a4dc33a8
PH
2048PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
2049 MAIL command. The effect was to mangle the value on 64-bit systems.
2050
d6a60c0f
PH
2051PH/16 Another patch from the Sieve maintainer.
2052
8f128379
PH
2053PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
2054
8932dffe
PH
2055PH/18 If a system quota error occurred while trying to create the file for
2056 a maildir delivery, the message "Mailbox is full" was not appended to the
2057 bounce if the delivery eventually timed out. Change 4.67/27 below applied
2058 only to a quota excession during the actual writing of the file.
d6a60c0f 2059
ddea74fa 2060PH/19 It seems that peer DN values may contain newlines (and other non-printing
48ed62d9
PH
2061 characters?) which causes problems in log lines. The DN values are now
2062 passed through string_printing() before being added to log lines.
2063
ddea74fa 2064PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
b7670459
PH
2065 and InterBase are left for another time.)
2066
ddea74fa
PH
2067PH/21 Added message_body_newlines option.
2068
ce9f225c
PH
2069PH/22 Guard against possible overflow in moan_check_errorcopy().
2070
19897d52
PH
2071PH/23 POSIX allows open() to be a macro; guard against that.
2072
bc64a74d
PH
2073PH/24 If the recipient of an error message contained an @ in the local part
2074 (suitably quoted, of course), incorrect values were put in $domain and
2075 $local_part during the evaluation of errors_copy.
2076
eb4c0de6 2077
b4ed4da0
PH
2078Exim version 4.67
2079-----------------
2080
22ad45c9
MH
2081MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address
2082 is unset (happens when testing with -bh and -oMi isn't used). Thanks to
2083 Jan Srzednicki.
2084
b4ed4da0
PH
2085PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not
2086 issue a MAIL command.
2087
431b7361
PH
2088PH/02 In an ACL statement such as
2089
2090 deny dnslists = X!=127.0.0.2 : X=127.0.0.2
2091
2092 if a client was not listed at all, or was listed with a value other than
2093 127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list,
2094 the condition was not true (as it should be), so access was not denied.
2095 The bug was that the ! inversion was incorrectly passed on to the second
2096 item. This has been fixed.
2097
2098PH/03 Added additional dnslists conditions == and =& which are different from
2099 = and & when the dns lookup returns more than one IP address.
2100
83da1223
PH
2101PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the
2102 cipher suites used by GnuTLS. These options are ignored by OpenSSL.
2103
54fc8428
PH
2104PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_
2105 FSYNC, which compiles an option called disable_fsync that allows for
2106 bypassing fsync(). The documentation is heavily laced with warnings.
2107
34c5e8dd
SC
2108SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket.
2109
bbe15da8
PH
2110PH/06 Some tidies to the infrastructure of the Test Suite that is concerned
2111 with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT
2112 to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile,
2113 including adding "make clean"; (3) Added -fPIC when compiling the test
2114 dynamically loaded module, to get rid of a warning.
2115
0e8a9471
MH
2116MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce
2117 message fails, move_frozen_messages = true and ignore_bounce_errors_after
2118 = 0s. The bug is otherwise harmless.
2119
f0872424
PH
2120PH/07 There was a bug in the dovecot authenticator such that the value of
2121 $auth1 could be overwritten, and so not correctly preserved, after a
2122 successful authentication. This usually meant that the value preserved by
2123 the server_setid option was incorrect.
2124
b01dd148
PH
2125PH/08 Added $smtp_count_at_connection_start, deliberately with a long name.
2126
6bf342e1
PH
2127PH/09 Installed PCRE release 7.0.
2128
273f34d0
PH
2129PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being
2130 run for batched SMTP input. It is now run at the start of every message
2131 in the batch. While fixing this I discovered that the process information
2132 (output by running exiwhat) was not always getting set for -bs and -bS
2133 input. This is fixed, and it now also says "batched" for BSMTP.
2134
cf8b11a5
PH
2135PH/11 Added control=no_pipelining.
2136
41c7c167
PH
2137PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's
2138 patch, slightly modified), and move the expansion of helo_data till after
2139 the connection is made in the smtp transport (so it can use these
2140 values).
2141
9c57cbc0
PH
2142PH/13 Added ${rfc2047d: to decoded RFC 2047 strings.
2143
f3f065bb
PH
2144PH/14 Added log_selector = +pid.
2145
047bdd8c
PH
2146PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set.
2147
0ce9abe6
PH
2148PH/16 Add ${if forany and ${if forall.
2149
0e22dfd1
PH
2150PH/17 Added dsn_from option to vary the From: line in DSNs.
2151
4c590bd1
PH
2152PH/18 Flush SMTP output before performing a callout, unless control =
2153 no_callout_flush is set.
2154
09945f1e
PH
2155PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender
2156 was true (the default) a successful delivery failed to delete the retry
2157 item, thus causing premature timeout of the address. The bug is now
2158 fixed.
2159
c51b8e75
PH
2160PH/20 Added hosts_avoid_pipelining to the smtp transport.
2161
e28326d8 2162PH/21 Long custom messages for fakedefer and fakereject are now split up
4c04137d 2163 into multiline responses in the same way that messages for "deny" and
e28326d8
PH
2164 other ACL rejections are.
2165
75b1493f
PH
2166PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep,
2167 with slight modification.
2168
7c5214ec
PH
2169PH/23 Applied sieve patches from the maintainer "tracking the latest notify
2170 draft, changing the syntax and factoring some duplicate code".
2171
4311097e
PH
2172PH/24 When the log selector "outgoing_port" was set, the port was shown as -1
2173 for deliveries of the second and subsequent messages over the same SMTP
2174 connection.
2175
29f89cad
PH
2176PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and
2177 ${reduce, with only minor "tidies".
2178
5e687460
SC
2179SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match.
2180
c3611384
PH
2181PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its
2182 expansion side effects.
2183
5a11a7b4
PH
2184PH/27 When a message times out after an over-quota error from an Exim-imposed
2185 quota, the bounce message says "mailbox is full". This message was not
2186 being given when it was a system quota that was exceeded. It now should
2187 be the same.
2188
0e20aff9
MH
2189MH/03 Made $recipients available in local_scan(). local_scan() already has
2190 better access to the recipient list through recipients_list[], but
2191 $recipients can be useful in postmaster-provided expansion strings.
2192
ca86f471
PH
2193PH/28 The $smtp_command and $smtp_command_argument variables were not correct
2194 in the case of a MAIL command with additional options following the
2195 address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings
2196 were accidentally chopped off.
2197
a14e5636
PH
2198PH/29 SMTP synchronization checks are implemented when a command is read -
2199 there is a check that no more input is waiting when there shouldn't be
2200 any. However, for some commands, a delay in an ACL can mean that it is
2201 some time before the response is written. In this time, more input might
2202 arrive, invalidly. So now there are extra checks after an ACL has run for
2203 HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when
2204 pipelining has not been advertised.
2205
ec95d1a6
PH
2206PH/30 MH's patch to allow iscntrl() characters to be list separators.
2207
42855d71
PH
2208PH/31 Unlike :fail:, a custom message specified with :defer: was not being
2209 returned in the SMTP response when smtp_return_error_details was false.
2210 This has been fixed.
2211
57c2c631
PH
2212PH/32 Change the Dovecot authenticator to use read() and write() on the socket
2213 instead of the C I/O that was originally supplied, because problems were
2214 reported on Solaris.
2215
58c01c94
PH
2216PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in
2217 Exim which did not show up earlier: it was assuming that a call to
2218 SSL_CTX_set_info_callback() might give an error value. In fact, there is
2219 no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback()
2220 was a macro that became an assignment, so it seemed to work. This has
2221 changed to a proper function call with a void return, hence the compile
2222 error. Exim's code has been fixed.
2223
dee5a20a
PH
2224PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit
2225 cpus.
2226
d2ee6114
PH
2227PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify".
2228
b2d5182b
PH
2229PH/36 Applied John Jetmore's patch to add -v functionality to exigrep.
2230
79749a79
PH
2231PH/37 If a message is not accepted after it has had an id assigned (e.g.
2232 because it turns out to be too big or there is a timeout) there is no
3ce62588
PH
2233 "Completed" line in the log. When some messages of this type were
2234 selected by exigrep, they were listed as "not completed". Others were
2235 picked up by some special patterns. I have improved the selection
2236 criteria to be more general.
79749a79 2237
c456d9bb
PH
2238PH/38 The host_find_failed option in the manualroute router can now be set
2239 to "ignore", to completely ignore a host whose IP address cannot be
2240 found. If all hosts are ignored, the behaviour is controlled by the new
2241 host_all_ignored option.
2242
cd9868ec
PH
2243PH/39 In a list of hosts for manualroute, if one item (either because of multi-
2244 homing or because of multiple MX records with /mx) generated more than
2245 one IP address, and the following item turned out to be the local host,
2246 all the secondary addresses of the first item were incorrectly removed
2247 from the list, along with the local host and any following hosts (which
2248 is what is supposed to happen).
2249
ebeaf996
PH
2250PH/40 When Exim receives a message, it writes the login name, uid, and gid of
2251 whoever called Exim into the -H file. In the case of the daemon it was
2252 behaving confusingly. When first started, it used values for whoever
2253 started the daemon, but after a SIGHUP it used the Exim user (because it
2254 calls itself on a restart). I have changed the code so that it now always
2255 uses the Exim user.
2256
2679d413
PH
2257PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a
2258 message are rejected with the same error (e.g. no authentication or bad
2259 sender address), and a DATA command is nevertheless sent (as can happen
2260 with PIPELINING or a stupid MUA), the error message that was given to the
2261 RCPT commands is included in the rejection of the DATA command. This is
2262 intended to be helpful for MUAs that show only the final error to their
2263 users.
2264
84024b72
PH
2265PH/42 Another patch from the Sieve maintainer.
2266
8005d38e
SC
2267SC/02 Eximstats - Differentiate between permanent and temporary rejects.
2268 Eximstats - Fixed some broken HTML links and added missing column headers
2269 (Jez Hancock).
2270 Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email
2271 columns for Rejects, Temp Rejects, Ham, and Spam rows.
2272
3298c6c6
SC
2273SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables.
2274
a43a27c5
PH
2275PH/43 Yet another patch from the Sieve maintainer.
2276
58eb016e 2277PH/44 I found a way to check for a TCP/IP connection going away before sending
563b63fa
PH
2278 the response to the final '.' that terminates a message, but only in the
2279 case where the client has not sent further data following the '.'
2280 (unfortunately, this is allowed). However, in many cases there won't be
2281 any further data because there won't be any more messages to send. A call
2282 to select() can be used: if it shows that the input is "ready", there is
2283 either input waiting, or the socket has been closed. An attempt to read
2284 the next input character can distinguish the two cases. Previously, Exim
58eb016e 2285 would have sent an OK response which the client would never have see.
563b63fa
PH
2286 This could lead to message repetition. This fix should cure that, at
2287 least in a lot of common cases.
58eb016e 2288
b43a74ea
PH
2289PH/45 Do not advertise STARTTLS in response to HELP unless it would be
2290 advertised in response to EHLO.
2291
b4ed4da0 2292
5dd1517f
PH
2293Exim version 4.66
2294-----------------
2295
2296PH/01 Two more bugs that were introduced by 4.64/PH/07, in addition to the one
2297 fixed by 4.65/MH/01 (is this a record?) are fixed:
2298
2299 (i) An empty string was always treated as zero by the numeric comparison
2300 operators. This behaviour has been restored.
2301
2302 (ii) It is documented that the numeric comparison operators always treat
2303 their arguments as decimal numbers. This was broken in that numbers
2304 starting with 0 were being interpreted as octal.
2305
2306 While fixing these problems I realized that there was another issue that
2307 hadn't been noticed. Values of message_size_limit (both the global option
2308 and the transport option) were treated as octal if they started with 0.
2309 The documentation was vague. These values are now always treated as
2310 decimal, and I will make that clear in the documentation.
2311
2312
93cfa765
TK
2313Exim version 4.65
2314-----------------
2315
2316TK/01 Disable default definition of HAVE_LINUX_SENDFILE. Clashes with
2317 Linux large file support (_FILE_OFFSET_BITS=64) on older glibc
2318 versions. (#438)
2319
d6066548
MH
2320MH/01 Don't check that the operands of numeric comparison operators are
2321 integers when their expansion is in "skipping" mode (fixes bug
2322 introduced by 4.64-PH/07).
2323
4362ff0d
PH
2324PH/01 If a system filter or a router generates more than SHRT_MAX (32767)
2325 child addresses, Exim now panics and dies. Previously, because the count
2326 is held in a short int, deliveries were likely to be lost. As such a
2327 large number of recipients for a single message is ridiculous
2328 (performance will be very, very poor), I have chosen to impose a limit
2329 rather than extend the field.
2330
93cfa765 2331
944e9e9c
TF
2332Exim version 4.64
2333-----------------
aa41d2de 2334
21d74bd9
TK
2335TK/01 Bugzilla #401. Fix DK spooling code so that it can overwrite a
2336 leftover -K file (the existence of which was triggered by #402).
2337 While we were at it, introduced process PID as part of the -K
2338 filename. This should rule out race conditions when creating
2339 these files.
2340
2341TK/02 Bugzilla #402. Apply patch from Simon Arlott, speeding up DK signing
2342 processing considerably. Previous code took too long for large mails,
2343 triggering a timeout which in turn triggers #401.
2344
2345TK/03 Introduced HAVE_LINUX_SENDFILE to os.h-Linux. Currently only used
2346 in the DK code in transports.c. sendfile() is not really portable,
2347 hence the _LINUX specificness.
944e9e9c
TF
2348
2349TF/01 In the add_headers option to the mail command in an Exim filter,
2350 there was a bug that Exim would claim a syntax error in any
2351 header after the first one which had an odd number of characters
2352 in the field name.
2353
2b1c6e3a
PH
2354PH/01 If a server that rejects MAIL FROM:<> was the target of a sender
2355 callout verification, Exim cached a "reject" for the entire domain. This
2356 is correct for most verifications, but it is not correct for a recipient
2357 verification with use_sender or use_postmaster set, because in that case
2358 the callout does not use MAIL FROM:<>. Exim now distinguishes the special
2359 case of MAIL FROM:<> rejection from other early rejections (e.g.
2360 rejection of HELO). When verifying a recipient using a non-null MAIL
2361 address, the cache is ignored if it shows MAIL FROM:<> rejection.
2362 Whatever the result of the callout, the value of the domain cache is
2363 left unchanged (for any other kind of callout, getting as far as trying
2364 RCPT means that the domain itself is ok).
2365
1f872c80
PH
2366PH/02 Tidied a number of unused variable and signed/unsigned warnings that
2367 gcc 4.1.1 threw up.
2368
2369PH/03 On Solaris, an unexpectedly close socket (dropped connection) can
2370 manifest itself as EPIPE rather than ECONNECT. When tidying away a
2371 session, the daemon ignores ECONNECT errors and logs others; it now
2372 ignores EPIPE as well.
2373
d203e649
PH
2374PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c
2375 (quoted-printable decoding).
2376
cc2ed8f7 2377PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and
21a04aa3 2378 later the small subsequent patch to fix an introduced bug.
f951fd57 2379
ddfcd446
PH
2380PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer.
2381
d45b1de8
PH
2382PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}.
2383
2384PH/08 An error is now given if message_size_limit is specified negative.
2385
38a0a95f 2386PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables
641cb756 2387 to be given (somewhat) arbitrary names.
38a0a95f 2388
a2405d83
JJ
2389JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced
2390 in 4.64-PH/09.
2391
2392JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions,
2393 miscellaneous code fixes
2394
6ea85e9a
PH
2395PH/10 Added the log_reject_target ACL modifier to specify where to log
2396 rejections.
2397
26da7e20
PH
2398PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_
2399 hostname. This is wrong, because it relates to the incoming message (and
2400 probably the interface on which it is arriving) and not to the outgoing
2401 callout (which could be using a different interface). This has been
2402 changed to use the value of the helo_data option from the smtp transport
2403 instead - this is what is used when a message is actually being sent. If
2404 there is no remote transport (possible with a router that sets up host
2405 addresses), $smtp_active_hostname is used.
6ea85e9a 2406
14aa5a05 2407PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various
7befa435 2408 tweaks were necessary in order to get it to work (see also 21 below):
14aa5a05
PH
2409 (a) The code assumed that strncpy() returns a negative number on buffer
2410 overflow, which isn't the case. Replaced with Exim's string_format()
2411 function.
2412 (b) There were several signed/unsigned issues. I just did the minimum
2413 hacking in of casts. There is scope for a larger refactoring.
2414 (c) The code used strcasecmp() which is not a standard C function.
2415 Replaced with Exim's strcmpic() function.
2416 (d) The code set only $1; it now sets $auth1 as well.
2417 (e) A simple test gave the error "authentication client didn't specify
2418 service in request". It would seem that Dovecot has changed its
2419 interface. Fortunately there's a specification; I followed it and
2420 changed what the client sends and it appears to be working now.
2421
ff75a1f7
PH
2422PH/13 Added $message_headers_raw to provide the headers without RFC 2047
2423 decoding.
2424
e6f6568e
PH
2425PH/14 Corrected misleading output from -bv when -v was also used. Suppose the
2426 address A is aliased to B and C, where B exists and C does not. Without
2427 -v the output is "A verified" because verification stops after a
2428 successful redirection if more than one address is generated. However,
2429 with -v the child addresses are also verified. Exim was outputting "A
2430 failed to verify" and then showing the successful verification for C,
2431 with its parentage. It now outputs "B failed to verify", showing B's
2432 parentage before showing the successful verification of C.
2433
d6f6e0dc
PH
2434PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to
2435 look up a TXT record in a specific list after matching in a combined
2436 list.
2437
322050c2
PH
2438PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and
2439 RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when
2440 they consult the DNS. I had assumed they would set it the way they
2441 wanted; and indeed my experiments on Linux seem to show that in some
2442 cases they do (I could influence IPv6 lookups but not IPv4 lookups).
2443 To be on the safe side, however, I have now made the interface to
2444 host_find_byname() similar to host_find_bydns(), with an argument
2445 containing the DNS resolver options. The host_find_byname() function now
2446 sets these options at its start, just as host_find_bydns() does. The smtp
2447 transport options dns_qualify_single and dns_search_parents are passed to
2448 host_find_byname() when gethostbyname=TRUE in this transport. Other uses
2449 of host_find_byname() use the default settings of RES_DEFNAMES
2450 (qualify_single) but not RES_DNSRCH (search_parents).
2451
08955dd3
PH
2452PH/17 Applied (a modified version of) Nico Erfurth's patch to make
2453 spool_read_header() do less string testing, by means of a preliminary
2454 switch on the second character of optional "-foo" lines. (This is
2455 overdue, caused by the large number of possibilities that now exist.
2456 Originally there were few.) While I was there, I also converted the
2457 str(n)cmp tests so they don't re-test the leading "-" and the first
2458 character, in the hope this might squeeze out yet more improvement.
2459
1eccaa59
PH
2460PH/18 Two problems with "group" syntax in header lines when verifying: (1) The
2461 flag allowing group syntax was set by the header_syntax check but not
2462 turned off, possible causing trouble later; (2) The flag was not being
2463 set at all for the header_verify test, causing "group"-style headers to
2464 be rejected. I have now set it in this case, and also caused header_
2465 verify to ignore an empty address taken from a group. While doing this, I
2466 came across some other cases where the code for allowing group syntax
2467 while scanning a header line wasn't quite right (mostly, not resetting
2468 the flag correctly in the right place). These bugs could have caused
2469 trouble for malformed header lines. I hope it is now all correct.
2470
602e59e5
PH
2471PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called
2472 with the "reply" argument non-NULL. The code, however (which originally
2473 came from elsewhere) had *some* tests for NULL when it wrote to *reply,
2474 but it didn't always do it. This confused somebody who was copying the
2475 code for some other use. I have removed all the tests.
2476
411ef850
PH
2477PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a
2478 feature that was used to support insecure browsers during the U.S. crypto
2479 embargo. It requires special client support, and Exim is probably the
2480 only MTA that supported it -- and would never use it because real RSA is
2481 always available. This code has been removed, because it had the bad
2482 effect of slowing Exim down by computing (never used) parameters for the
2483 RSA_EXPORT functionality.
2484
7befa435
PH
2485PH/21 On the advice of Timo Sirainen, added a check to the dovecot
2486 authenticator to fail if there's a tab character in the incoming data
2487 (there should never be unless someone is messing about, as it's supposed
2488 to be base64-encoded). Also added, on Timo's advice, the "secured" option
2489 if the connection is using TLS or if the remote IP is the same as the
2490 local IP, and the "valid-client-cert option" if a client certificate has
2491 been verified.
2492
48da4259 2493PH/22 As suggested by Dennis Davis, added a server_condition option to *all*
16ff981e
PH
2494 authenticators. This can be used for authorization after authentication
2495 succeeds. (In the case of plaintext, it servers for both authentication
2496 and authorization.)
2497
48da4259
PH
2498PH/23 Testing for tls_required and lost_connection in a retry rule didn't work
2499 if any retry times were supplied.
2500
d1d5595c
PH
2501PH/24 Exim crashed if verify=helo was activated during an incoming -bs
2502 connection, where there is no client IP address to check. In this
2503 situation, the verify now always succeeds.
2504
0ef732d9
PH
2505PH/25 Applied John Jetmore's -Mset patch.
2506
328895cc
PH
2507PH/26 Added -bem to be like -Mset, but loading a message from a file.
2508
fd700877
PH
2509PH/27 In a string expansion for a processed (not raw) header when multiple
2510 headers of the same name were present, leading whitespace was being
2511 removed from all of them, but trailing whitespace was being removed only
2512 from the last one. Now trailing whitespace is removed from each header
f6c332bd
PH
2513 before concatenation. Completely empty headers in a concatenation (as
2514 before) are ignored.
fd700877 2515
8dce1a6f
PH
2516PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John
2517 Jetmore). It would have mis-read ACL variables from pre-4.61 spool files.
2518
17af4a17
PH
2519PH/29 [Removed. This was a change that I later backed out, and forgot to
2520 correct the ChangeLog entry (that I had efficiently created) before
2521 committing the later change.]
f6c332bd
PH
2522
2523PH/30 Exim was sometimes attempting to deliver messages that had suffered
2524 address errors (4xx response to RCPT) over the same connection as other
2525 messages routed to the same hosts. Such deliveries are always "forced",
2526 so retry times are not inspected. This resulted in far too many retries
2527 for the affected addresses. The effect occurred only when there were more
2528 hosts than the hosts_max_try setting in the smtp transport when it had
2529 the 4xx errors. Those hosts that it had tried were not added to the list
2530 of hosts for which the message was waiting, so if all were tried, there
2531 was no problem. Two fixes have been applied:
2532
2533 (i) If there are any address or message errors in an SMTP delivery, none
2534 of the hosts (tried or untried) are now added to the list of hosts
2535 for which the message is waiting, so the message should not be a
2536 candidate for sending over the same connection that was used for a
2537 successful delivery of some other message. This seems entirely
2538 reasonable: after all the message is NOT "waiting for some host".
2539 This is so "obvious" that I'm not sure why it wasn't done
2540 previously. Hope I haven't missed anything, but it can't do any
2541 harm, as the worst effect is to miss an optimization.
2542
2543 (ii) If, despite (i), such a delivery is accidentally attempted, the
2544 routing retry time is respected, so at least it doesn't keep
2545 hammering the server.
2546
c1114884
PH
2547PH/31 Installed Andrew Findlay's patch to close the writing end of the socket
2548 in ${readsocket because some servers need this prod.
2549
7a0743eb
PH
2550PH/32 Added some extra debug output when updating a wait-xxx database.
2551
0d85fa3f
PH
2552PH/33 The hint "could be header name not terminated by colon", which has been
2553 given for certain expansion errors for a long time, was not being given
2554 for the ${if def:h_colon_omitted{... case.
2555
1bf43b78
PH
2556PH/34 The spec says: "With one important exception, whenever a domain list is
2557 being scanned, $domain contains the subject domain." There was at least
2558 one case where this was not true.
2559
520de300
PH
2560PH/35 The error "getsockname() failed: connection reset by peer" was being
2561 written to the panic log as well as the main log, but it isn't really
2562 panic-worthy as it just means the connection died rather early on. I have
2563 removed the panic log writing for the ECONNRESET error when getsockname()
2564 fails.
2565
48c7f9e2
PH
2566PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue
2567 runs only) independently of the message's sender address. This meant
2568 that, if the 4xx error was in fact related to the sender, a different
2569 message to the same recipient with a different sender could confuse
4c04137d 2570 things. In particular, this can happen when sending to a greylisting
48c7f9e2
PH
2571 server, but other circumstances could also provoke similar problems.
2572 I have changed the default so that the retry time for these errors is now
2573 based a combination of the sender and recipient addresses. This change
2574 can be overridden by setting address_retry_include_sender=false in the
2575 smtp transport.
2576
99ea1c86
PH
2577PH/37 For LMTP over TCP/IP (the smtp transport), error responses from the
2578 remote server are returned as part of bounce messages. This was not
2579 happening for LMTP over a pipe (the lmtp transport), but now it is the
2580 same for both kinds of LMTP.
2581
a2042e78
PH
2582PH/38 Despite being documented as not happening, Exim was rewriting addresses
2583 in header lines that were in fact CNAMEs. This is no longer the case.
2584
4fbcfc2e
PH
2585PH/39 If -R or -S was given with -q<time>, the effect of -R or -S was ignored,
2586 and queue runs started by the daemon processed all messages. This has
2587 been fixed so that -R and -S can now usefully be given with -q<time>.
2588
aa41d2de
PH
2589PH/40 Import PCRE release 6.7 (fixes some bugs).
2590
af561417
PH
2591PH/41 Add bitwise logical operations to eval (courtesy Brad Jorsch).
2592
3cc66b45
PH
2593PH/42 Give an error if -q is specified more than once.
2594
194cc0e4
PH
2595PH/43 Renamed the variables $interface_address and $interface_port as
2596 $received_ip_address and $received_port, to make it clear that these
2597 values apply to message reception, and not to the outgoing interface when
2598 a message is delivered. (The old names remain recognized, of course.)
2599
a401ddaa
PH
2600PH/44 There was no timeout on the connect() call when using a Unix domain
2601 socket in the ${readsocket expansion. There now is.
2602
4e88a19f
PH
2603PH/45 Applied a modified version of Brad Jorsch's patch to allow "message" to
2604 be meaningful with "accept".
2605
d7d7b289
SC
2606SC/01 Eximstats V1.43
2607 Bug fix for V1.42 with -h0 specified. Spotted by Chris Lear.
2608
2609SC/02 Eximstats V1.44
2610 Use a glob alias rather than an array ref in the generated
2611 parser. This improves both readability and performance.
2612
2613SC/03 Eximstats V1.45 (Marco Gaiarin / Steve Campbell)
2614 Collect SpamAssassin and rejection statistics.
2615 Don't display local sender or destination tables unless
2616 there is data to show.
2617 Added average volumes into the top table text output.
2618
2619SC/04 Eximstats V1.46
2620 Collect data on the number of addresses (recipients)
2621 as well as the number of messages.
2622
2623SC/05 Eximstats V1.47
2624 Added 'Message too big' to the list of mail rejection
2625 reasons (thanks to Marco Gaiarin).
2626
2627SC/06 Eximstats V1.48
2628 Mainlog lines which have GMT offsets and are too short to
2629 have a flag are now skipped.
2630
2631SC/07 Eximstats V1.49 (Alain Williams)
2632 Added the -emptyok flag.
2633
2634SC/08 Eximstats V1.50
2635 Fixes for obtaining the IP address from reject messages.
2636
0ea2a468
JJ
2637JJ/03 exipick.20061117.2, made header handling as similar to exim as possible
2638 (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed
4c04137d 2639 whitespace changes from 4.64-PH/27
0ea2a468
JJ
2640
2641JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to
2642 match 4.64-PH/13
2643
2644JJ/05 exipick.20061117.2, bug fixes (error out sooner when invalid criteria
2645 are found, allow negative numbers in numeric criteria)
2646
2647JJ/06 exipick.20061117.2, added new $message_body_missing variable
2648
2649JJ/07 exipick.20061117.2, added $received_ip_address and $received_port
2650 to match changes made in 4.64-PH/43
2651
8a10f5a4
PH
2652PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm.
2653
30e18802
PH
2654PH/47 Put in an explicit test for a DNS lookup of an address record where the
2655 "domain" is actually an IP address, and force a failure. This locks out
2656 those revolvers/nameservers that support "A-for-A" lookups, in
2657 contravention of the specifications.
2658
55728a4f
PH
2659PH/48 When a host name was looked up from an IP address, and the subsequent
2660 forward lookup of the name timed out, the host name was left in
2661 $sender_host_name, contrary to the specification.
d7d7b289 2662
d7837193
PH
2663PH/49 Although default lookup types such as lsearch* or cdb*@ have always been
2664 restricted to single-key lookups, Exim was not diagnosing an error if
2665 * or *@ was used with a query-style lookup.
2666
87054a31
PH
2667PH/50 Increased the value of DH_BITS in tls-gnu.c from 768 to 1024.
2668
ea2c01d2
MH
2669MH/01 local_scan ABI version incremented to 1.1. It should have been updated
2670 long ago, but noone interested enough thought of it. Let's just say that
2671 the "1.1" means that there are some new functions that weren't there at
2672 some point in the past.
2673
e4fa6968
PH
2674PH/51 Error processing for expansion failure of helo_data from an smtp
2675 transport during callout processing was broken.
2676
56f5d9bd
PH
2677PH/52 Applied John Jetmore's patch to allow tls-on-connect and STARTTLS to be
2678 tested/used via the -bh/-bhc/-bs options.
2679
922e1c28
PH
2680PH/53 Added missing "#include <time.h>" to pcre/pcretest.c (this was a PCRE
2681 bug, fixed in subsequent PCRE releases).
2682
21eb6e72
PH
2683PH/54 Applied Robert Bannocks' patch to avoid a problem with references that
2684 arises when using the Solaris LDAP libraries (but not with OpenLDAP).
2685
a0540757
PH
2686PH/55 Check for a ridiculously long file name in exim_dbmbuild.
2687
944e9e9c 2688
478be7b0
SC
2689Exim version 4.63
2690-----------------
2691
2692SC/01 Use a glob alias rather than an array ref in eximstats generated
2693 parser. This improves both readability and performance.
2694
2695SC/02 Collect SpamAssassin and rejection statistics in eximstats.
2696 Don't display local sender or destination tables in eximstats unless
2697 there is data to show.
2698 Added average volumes into the eximstats top table text output.
2699
2700SC/03 Collect data on the number of addresses (recipients) as well
2701 as the number of messages in eximstats.
2702
2b965a65
TF
2703TF/01 Correct an error in the documentation for the redirect router. Exim
2704 does (usually) call initgroups() when daemonizing.
478be7b0 2705
45b91596
PH
2706TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs
2707 with consistent privilege compared to when running as a daemon.
478be7b0 2708
c59f5781
TF
2709TF/03 Note in the spec that $authenticated_id is not set for local
2710 submissions from trusted users.
2711
90fc3069
TF
2712TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp.
2713 Thanks to Dean Brooks <dean@iglou.com> for the patch.
2714
6083aca0
TF
2715TF/05 Make it easier to get SMTP authentication and TLS/SSL support working
2716 by adding some example configuration directives to the default
2717 configuration file. A little bit of work is required to uncomment the
2718 directives and define how usernames and passwords are checked, but
2719 there is now a framework to start from.
2720
765b530f
PH
2721PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old"
2722 functions that Exim currently uses aren't defined in ldap.h for OpenLDAP
2723 without this. I don't know how relevant this is to other LDAP libraries.
2724
4e167a8c
PH
2725PH/02 Add the verb name to the "unknown ACL verb" error.
2726
4608d683
PH
2727PH/03 Magnus Holmgren's patch for filter_prepend_home.
2728
b8dc3e4a
PH
2729PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work.
2730
5418e93b
PH
2731PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home
2732 directory not expanded when it should be if an expanded home directory
2733 was set for the address (which is overridden by the transport).
2734
b4a9bda2
PH
2735PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with
2736 libradius.
2737
45b91596
PH
2738PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the
2739 bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL,
2740 because it is too late at that time, and has no effect.
2741
5547e2c5
PH
2742PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a
2743 security issue with \' (bugzilla #107). I could not use the
2744 PQescapeStringConn() function, because it needs a PGconn value as one of
2745 its arguments.
2746
dbcef0ea
PH
2747PH/08 When testing addresses using -bt, indicate those final addresses that
2748 are duplicates that would not cause an additional delivery. At least one
2749 person was confused, thinking that -bt output corresponded to deliveries.
2750 (Suppressing duplicates isn't a good idea as you lose the information
2751 about possibly different redirections that led to the duplicates.)
2752
25257489
PH
2753PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on
2754 systems where poll() doesn't work, in particular OS X.
2755
c816d124
PH
2756PH/10 Added more information to debugging output for retry time not reached.
2757
a9ccd69a
PH
2758PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read
2759 operations in malware.c.
2760
75fa1910
PH
2761PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys
2762 signatures.
2763
a7d7aa58
PH
2764PH/13 If write_rejectlog was set false when logging was sent to syslog with
2765 syslog_duplication set false, log lines that would normally be written
2766 both the the main log and to the reject log were not written to syslog at
2767 all.
2768
42119b09
PH
2769PH/14 In the default configuration, change the use of "message" in ACL warn
2770 statements to "add_header".
2771
41609df5
PH
2772PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not
2773 not followed by a command (e.g. "seen endif").
2774
a5bd321b
PH
2775PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail:
2776 and :defer: in a redirect router. Add forbid_smtp_code to suppress the
2777 latter.
2778
e85a7ad5 2779PH/17 Added extra conditions to the default value of delay_warning_condition
5dff5817
PH
2780 so that it is now:
2781
e85a7ad5
PH
2782 ${if or { \
2783 { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \
2784 { match{$h_precedence:}{(?i)bulk|list|junk} } \
2785 { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \
5dff5817
PH
2786 }{no}{yes}}
2787
e85a7ad5
PH
2788 The Auto-Submitted: and various List- headers are standardised, whereas I
2789 don't think Precedence: ever was.
5dff5817 2790
d8fe1c03
PH
2791PH/18 Refactored debugging code in route_finduser() to show more information,
2792 in particular, the error code if getpwnam() issues one.
2793
16282d2b
PH
2794PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module.
2795 This is apparently needed in addition to the PH/07 change above to avoid
2796 any possible encoding problems.
2797
35d40a98
PH
2798PH/20 Perl can change the locale. Exim was resetting it after a ${perl call,
2799 but not after initializing Perl.
2800
034d99ab
PH
2801PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and
2802 output them only if debugging. By default they are written stderr,
2803 apparently, which is not desirable.
2804
6ec97b1b
PH
2805PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on
2806 queries.
2807
e22ca4ac
JJ
2808JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and
2809 --not options
2810
2811JJ/02 exipick: rewrote --help documentation to hopefully make more clear.
2812
33d73e3b
PH
2813PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is
2814 authenticated or an ident call has been made. Suppress the default
2815 values for $authenticated_id and $authenticated_sender (but permit -oMai
2816 and -oMas) when testing with -bh.
2817
9ecb03f3
PH
2818PH/24 Re-jigged the order of the tests in the default configuration so that the
2819 tests for valid domains and recipients precede the DNS black list and CSA
2820 tests, on the grounds that those ones are more expensive.
2821
084efe8d
PH
2822PH/25 Exim was not testing for a space following SMTP commands such as EHLO
2823 that require one. Thus, EHLORHUBARB was interpreted as a valid command.
2824 This bug exists in every version of Exim that I still have, right back to
2825 0.12.
2826
366fc9f0
PH
2827PH/26 (n)wildlsearch lookups are documented as being done case-insensitively.
2828 However, an attempt to turn on case-sensitivity in a regex key by
2829 including (?-i) didn't work because the subject string was already
2830 lowercased, and the effects were non-intuitive. It turns out that a
2831 one-line patch can be used to allow (?-i) to work as expected.
2832
c59f5781 2833
c887c79e
TF
2834Exim version 4.62
2835-----------------
2836
2837TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst
2838 other effects) broke the use of negated acl sub-conditions.
2839
1cce3af8
PH
2840PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore
2841 patch).
2842
afb3eaaf
PH
2843PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow".
2844 "Deny" causes Exim to reject the incoming connection with a 554 error.
2845 Unfortunately, if there is a major crisis, such as a disk failure,
2846 tcp-wrappers gives "deny", whereas what one would like would be some
2847 kind of temporary error. A kludge has been added to help with this.
2848 Before calling hosts_ctl(), errno is set zero. If the result is "deny", a
2849 554 error is used if errno is still zero or contains ENOENT (which occurs
2850 if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a
2851 451 error is used.
2852
e173618b
PH
2853PH/03 Add -lutil to the default FreeBSD LIBS setting.
2854
dd16e114
PH
2855PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host
2856 errors. Otherwise a message that provokes a temporary error (when other
2857 messages do not) can cause a whole host to time out.
2858
f7fd3850
PH
2859PH/05 Batch deliveries by appendfile and pipe transports did not work when the
2860 addresses were routed directly to files or pipes from a redirect router.
2861 File deliveries just didn't batch; pipe deliveries might have suffered
2862 odd errors.
2863
d87df92c
PH
2864PH/06 A failure to get a lock for a hints database would erroneously always say
2865 "Failed to get write lock", even when it was really a read lock.
2866
7e9f683d
PH
2867PH/07 The appendfile transport was creating MBX lock files with a fixed mode
2868 of 0600. This has been changed to use the value of the lockfile_mode
2869 option (which defaults to 0600).
2870
bfad5236
PH
2871PH/08 Applied small patch from the Sieve maintainer.
2872
01c490df
PH
2873PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash
2874 folder from quota calculations, a direct delivery into this folder messed
2875 up the contents of the maildirsize file. This was because the regex was
2876 used only to exclude .Trash (or whatever) when the size of the mailbox
2877 was calculated. There was no check that a delivery was happening into an
2878 excluded directory. This bug has been fixed by ignoring all quota
2879 processing for deliveries into excluded directories.
2880
d6629cdc
PH
2881PH/10 Added the maildirfolder_create_regex option to appendfile.
2882
1cce3af8 2883
214e2000
PH
2884Exim version 4.61
2885-----------------
2886
2887PH/01 The code for finding all the local interface addresses on a FreeBSD
2888 system running IPv6 was broken. This may well have applied to all BSD
2889 systems, as well as to others that have similar system calls. The broken
2890 code found IPv4 interfaces correctly, but gave incorrect values for the
2891 IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was
2892 that it would not match correctly against @[] and not recognize the IPv6
2893 addresses as local.
2894
f9daeae0
PH
2895PH/02 The ipliteral router was not recognizing addresses of the form user@
2896 [ipv6:....] because it didn't know about the "ipv6:" prefix.
2897
7e66e54d
PH
2898PH/03 Added disable_ipv6.
2899
c8ea1597
PH
2900PH/04 Changed $reply_address to use the raw form of the headers instead of the
2901 decoded form, because it is most often used to construct To: headers
2902 lines in autoreplies, and the decoded form may well be syntactically
2903 invalid. However, $reply_address has leading white space removed, and all
2904 newlines turned into spaces so that the autoreply transport does not
2905 grumble.
2906
911f6fde
PH
2907PH/05 If group was specified without a user on a router, and no group or user
2908 was specified on a transport, the group from the router was ignored.
2909
47ca6d6c
PH
2910PH/06 Increased the number of ACL variables to 20 of each type, and arranged
2911 for visible compile-time settings that can be used to change these
2912 numbers, for those that want even more. Backwards compatibility with old
2913 spool files has been maintained. However, going back to a previous Exim
2914 release will lost any variables that are in spool files.
2915
ed0e9820
PH
2916PH/07 Two small changes when running in the test harness: increase delay when
2917 passing a TCP/IP connection to a new process, in case the original
2918 process has to generate a bounce, and remove special handling of
2919 127.0.0.2 (sic), which is no longer necessary.
2920
eff37e47
PH
2921PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to
2922 be the same on different OS.
2923
1921d2ea
PH
2924PH/09 Moved a debug statement in filter processing to avoid a race problem when
2925 testing.
2926
b3f69ca8
JJ
2927JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:"
2928 whether --show-vars was specified or not
2929
2930JJ/02 exipick: Added support for new ACL variable spool format introduced
2931 in 4.61-PH/06
2932
424a1c63
PH
2933PH/10 Fixed another bug related to PH/04 above: if an incoming message had a
2934 syntactically invalid From: or Reply-to: line, and a filter used this to
2935 generate an autoreply, and therefore failed to obtain an address for the
2936 autoreply, Exim could try to deliver to a non-existent relative file
2937 name, causing unrelated and misleading errors. What now happens is that
2938 it logs this as a hard delivery error, but does not attempt to create a
2939 bounce message.
2940
7a100415
PH
2941PH/11 The exinext utility has a -C option for testing purposes, but although
2942 the given file was scanned by exinext itself; it wasn't being passed on
2943 when Exim was called.
2944
19b9dc85
PH
2945PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as
2946 an end-of-file indication when reading a command response.
2947
309bd837
PH
2948PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was
2949 compiled. In many other places in Exim, IPv6 addresses are always
2950 recognized, so I have changed this. It also means that IPv4 domain
2951 literals of the form [IPV4:n.n.n.n] are now always recognized.
2952
59e82a2a
PH
2953PH/14 When a uid/gid is specified for the queryprogram router, it cannot be
2954 used if the router is not running as root, for example, when verifying at
2955 ACL time, or when using -bh. The debugging output from this situation was
2956 non-existent - all you got was a failure to exec. I have made two
2957 changes:
2958
2959 (a) Failures to set uid/gid, the current directory, or a process leader
2960 in a subprocess such as that created by queryprogram now generate
4c04137d 2961 suitable debugging output when -d is set.
59e82a2a
PH
2962
2963 (b) The queryprogram router detects when it is not running as root,
2964 outputs suitable debugging information if -d is set, and then runs
2965 the subprocess without attempting to change uid/gid.
2966
9edc04ce
PH
2967PH/15 Minor change to Makefile for building test_host (undocumented testing
2968 feature).
2969
1349e1e5
PH
2970PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the
2971 additional section of a DNS packet that returns MX or SRV records.
2972 Instead, it always explicitly searches for A/AAAA records. This avoids
2973 major problems that occur when a DNS server includes only records of one
2974 type (A or AAAA) in an MX/SRV packet. A byproduct of this change has
2975 fixed another bug: if SRV records were looked up and the corresponding
2976 address records were *not* found in the additional section, the port
2977 values from the SRV records were lost.
2978
ea49d0e1
PH
2979PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not
2980 using the correct key (the original address) when searching the retry
2981 rules in order to find which one to use for generating the retry hint.
2982
064a94c9
PH
2983PH/18 If quota_warn_message contains a From: header, Exim now refrains from
2984 adding the default one. Similarly, if it contains a Reply-To: header, the
2985 errors_reply_to option, if set, is not used.
2986
727071f8
PH
2987PH/19 When calculating a retry time, Exim used to measure the "time since
2988 failure" by looking at the "first failed" field in the retry record. Now
2989 it does not use this if it is later than than the arrival time of the
2990 message. Instead it uses the arrival time. This makes for better
2991 behaviour in cases where some deliveries succeed, thus re-setting the
2992 "first failed" field. An example is a quota failure for a huge message
2993 when small messages continue to be delivered. Without this change, the
2994 "time since failure" will always be short, possible causing more frequent
2995 delivery attempts for the huge message than are intended.
dd16e114 2996 [Note: This change was subsequently modified - see PH/04 for 4.62.]
727071f8 2997
f78eb7c6
PH
2998PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
2999 $1, $2, $3) because the numerical variables can be reset during some
3000 expansion items (e.g. "match"), thereby losing the authentication data.
3001
21c28500
PH
3002PH/21 Make -bV show the size of off_t variables so that the test suite can
3003 decide whether to run tests for quotas > 2G.
3004
3005PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold,
3006 mailbox_size, and mailbox_filecount in the appendfile transport. If a
3007 filecount value is greater than 2G or if a quota value is greater than 2G
3008 on a system where the size of off_t is not greater than 4, a panic error
3009 is given.
3010
1688f43b
PH
3011PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
3012 never match. The debug and -bh output now contains an explicit error
3013 message indicating a malformed IPv4 address or mask.
3014
3015PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
3016 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
3017 PH/23 above applies.
3018
9675b384
PH
3019PH/25 Do not write to syslog when running in the test harness. The only
3020 occasion when this arises is a failure to open the main or panic logs
3021 (for which there is an explicit test).
3022
6a3f1455
PH
3023PH/26 Added the /no_tell option to "control=freeze".
3024
dac79d3e
PH
3025PH/27 If a host name lookup failed very early in a connection, for example, if
3026 the IP address matched host_lookup and the reverse lookup yielded a name
3027 that did not have a forward lookup, an error message of the form "no IP
3028 address found for host xxx.xxx.xxx (during SMTP connection from NULL)"
3029 could be logged. Now it outputs the IP address instead of "NULL".
1349e1e5 3030
5977a0b3
PH
3031PH/28 An enabling patch from MH: add new function child_open_exim2() which
3032 allows the sender and the authenticated sender to be set when
3033 submitting a message from within Exim. Since child_open_exim() is
3034 documented for local_scan(), the new function should be too.
3035
c91535f3
PH
3036PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
3037 ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
3038 results in an empty string is now treated as unset.
3039
0d46a8c8
PH
3040PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
3041
278c6e6c
PH
3042PH/31 Added sender_verify_fail logging option.
3043
2cbb4081
PH
3044PH/32 In November 2003, the code in Exim that added an empty Bcc: header when
3045 needed by RFC 822 but not by RFC 2822 was commented out. I have now
3046 tidied the source and removed it altogether.
3047
3eef829e
PH
3048PH/33 When a queue run was abandoned because the load average was too high, a
3049 log line was always written; now it is written only if the queue_run log
3050 selector is set. In addition, the log line for abandonment now contains
3051 information about the queue run such as the pid. This is always present
3052 in "start" and "stop" lines but was omitted from the "abandon" line.
3053
1ab95fa6
PH
3054PH/34 Omit spaces between a header name and the colon in the error message that
3055 is given when verify = headers_syntax fails (if there are lots of them,
3056 the message gets confusing).
3057
230205fc
PH
3058PH/35 Change the default for dns_check_names_pattern to allow slashes within
3059 names, as there are now some PTR records that contain slashes. This check
3060 is only to protect against broken name servers that fall over on strange
3061 characters, so the fact that it applies to all lookups doesn't matter.
3062
75e0e026
PH
3063PH/36 Now that the new test suite is complete, we can remove some of the
3064 special code in Exim that was needed for the old test suite. For example,
3065 sorting DNS records because real resolvers return them in an arbitrary
3066 order. The new test suite's fake resolver always returns records in the
3067 same order.
3068
3069PH/37 When running in the test harness, use -odi for submitted messages (e.g.
3070 bounces) except when queue_only is set, to avoid logging races between
3071 the different processes.
3072
145396a6
PH
3073PH/38 Panic-die if .include specifies a non-absolute path.
3074
3cd34f13
PH
3075PH/39 A tweak to the "H" retry rule from its user.
3076
11121d3d
JJ
3077JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified
3078 a label. They prevented compilation on older perls.
3079
3080JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused
3081 a warning to be raised on newish perls.
3082
3083JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages
3084 on queue. Changes to match documented behaviour of showing count of
3085 messages matching specified criteria.
3086
8def5aaf
PH
3087PH/40 Changed the default ident timeout from 30s to 5s.
3088
929ba01c
PH
3089PH/41 Added support for the use of login_cap features, on those BSD systems
3090 that have them, for controlling the resources used by pipe deliveries.
3091
2632889e
PH
3092PH/42 The content-scanning code uses fopen() to create files in which to put
3093 message data. Previously it was not paying any attention to the mode of
3094 the files. Exim runs with umask(0) because the rest of the code creates
3095 files with open(), and sets the required mode explicitly. Thus, these
3096 files were ending up world-writeable. This was not a big issue, because,
3097 being within the spool directory, they were not world-accessible. I have
3098 created a function called modefopen, which takes an additional mode
3099 argument. It sets umask(777), creates the file, chmods it to the required
3100 mode, then resets the umask. All the relevant calls to fopen() in the
3101 content scanning code have been changed to use this function.
3102
944a9c55
PH
3103PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset
3104 to 24 hours. This avoids potential overflow problems when processing G
3105 and H retry rules. I suspect nobody ever tinkers with this value.
3106
4a23603b
PH
3107PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile.
3108
4730f942
PH
3109PH/45 When the plaintext authenticator is running as a client, the server's
3110 challenges are checked to ensure they are valid base64 strings. By
3111 default, the authentication attempt is cancelled if an invalid string is
3112 received. Setting client_ignore_invalid_base64 true ignores these errors.
3113 The decoded challenge strings are now placed in $auth1, $auth2, etc. as
3114 they are received. Thus, the responses can be made to depend on the
3115 challenges. If an invalid string is ignored, an empty string is placed in
3116 the variable.
3117
30dba1e6
PH
3118PH/46 Messages that are created by the autoreply transport now contains a
3119 References: header, in accordance with RFCs 2822 and 3834.
3120
382afc6b
PH
3121PH/47 Added authenticated_sender_force to the smtp transport.
3122
a86229cf
PH
3123PH/48 The ${prvs expansion was broken on systems where time_t was long long.
3124
50c99ba6
PH
3125PH/49 Installed latest patch from the Sieve maintainer.
3126
d35e429d
PH
3127PH/50 When an Exim quota was set without a file count quota, and mailbox_size
3128 was also set, the appendfile transport was unnecessarily scanning a
3129 directory of message files (e.g. for maildir delivery) to find the count
3130 of files (along with the size), even though it did not need this
3131 information. It now does the scan only if it needs to find either the
3132 size of the count of files.
3133
f90d018c
PH
3134PH/51 Added ${time_eval: to convert Exim time strings into seconds.
3135
75def545
PH
3136PH/52 Two bugs concerned with error handling when the smtp transport is
3137 used in LMTP mode:
3138
3139 (i) Exim was not creating retry information for temporary errors given
3140 for individual recipients after the DATA command when the smtp transport
3141 was used in LMTP mode. This meant that they could be retried too
3142 frequently, and not timed out correctly.
3143
3144 (ii) Exim was setting the flag that allows error details to be returned
3145 for LMTP errors on RCPT commands, but not for LMTP errors for individual
3146 recipients that were returned after the DATA command.
3147
3148PH/53 This is related to PH/52, but is more general: for any failing address,
3149 when detailed error information was permitted to be returned to the
3150 sender, but the error was temporary, then after the final timeout, only
3151 "retry timeout exceeded" was returned. Now it returns the full error as
3152 well as "retry timeout exceeded".
3153
c46782ef
PH
3154PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that
3155 do this, and (what is worse) MTAs that accept it.
3156
71fafd95
PH
3157PH/55 Added the add_header modified to ACLs. The use of "message" with "warn"
3158 will now be deprecated.
3159
2c5db4fd
PH
3160PH/56 New os.c-cygwin from the Cygwin maintainer.
3161
9cf6b11a
JJ
3162JJ/06 exipick: added --unsorted option to allow unsorted output in all output
3163 formats (previously only available in exim formats via -bpr, -bpru,
3164 and -bpra. Now also available in native and exiqgrep formats)
3165
3166JJ/07 exipick: added --freeze and --thaw options to allow faster interaction
3167 with very large, slow to parse queues
3168
3169JJ/08 exipick: added ! as generic prefix to negate any criteria format
3170
3171JJ/09 exipick: miscellaneous performance enhancements (~24% improvements)
3172
898d150f
PH
3173PH/57 Tidies in SMTP dialogue display in debug output: (i) It was not showing
3174 responses to authentication challenges, though it was showing the
3175 challenges; (ii) I've removed the CR characters from the debug output for
3176 SMTP output lines.
3177
46218253
PH
3178PH/58 Allow for the insertion of a newline as well as a space when a string
3179 is turned into more than one encoded-word during RFC 2047 encoding. The
3180 Sieve code now uses this.
3181
e97957bc
PH
3182PH/59 Added the following errors that can be detected in retry rules: mail_4xx,
3183 data_4xx, lost_connection, tls_required.
3184
81e509d7
PH
3185PH/60 When a VRFY deferred or FAILED, the log message rather than the user
3186 message was being sent as an SMTP response.
3187
3d240ff7
PH
3188PH/61 Add -l and -k options to exicyclog.
3189
b37c4101
PH
3190PH/62 When verifying, if an address was redirected to one new address, so that
3191 verification continued, and the new address failed or deferred after
3192 having set something in $address_data, the value of $address_data was not
3193 passed back to the ACL. This was different to the case when no
3194 redirection occurred. The value is now passed back in both cases.
3195
79378e0f
PH
3196PH/63 Changed the macro HAVE_LOGIN_CAP (see PH/41 for this release above) to
3197 HAVE_SETCLASSRESOURCES because there are different APIs in use that all
3198 use login_cap.h, so on its own it isn't the distinguishing feature. The
3199 new name refers directly to the setclassresources() function.
3200
e49c7bb4
PH
3201PH/65 Added configuration files for NetBSD3.
3202
d114ec46
PH
3203PH/66 Updated OS/Makefile-HP-UX for gcc 4.1.0 with HP-UX 11.
3204
f3d7df6c
PH
3205PH/67 Fixed minor infelicity in the sorting of addresses to ensure that IPv6
3206 is preferred over IPv4.
3207
715ab376
PH
3208PH/68 The bounce_return_message and bounce_return_body options were not being
3209 honoured for bounces generated during the reception of non-SMTP messages.
3210 In particular, this applied to messages rejected by the ACL. This bug has
3211 been fixed. However, if bounce_return_message is true and bounce_return_
3212 body is false, the headers that are returned for a non-SMTP message
3213 include only those that have been read before the error was detected.
3214 (In the case of an ACL rejection, they have all been read.)
3215
6b31b150
PH
3216PH/69 The HTML version of the specification is now built in a directory called
3217 spec_html instead of spec.html, because the latter looks like a path with
3218 a MIME-type, and this confuses some software.
3219
3220PH/70 Catch two compiler warnings in sieve.c.
3221
d515a917
PH
3222PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The
3223 function verify_get_ident() calls ip_connect() to connect a socket, but
3224 if the "connect()" function timed out, ip_connect() used to close the
3225 socket. However, verify_get_ident() also closes the socket later, and in
3226 between Exim writes to the log, which may get opened at this point. When
3227 the socket was closed in ip_connect(), the log could get the same file
3228 descriptor number as the socket. This naturally causes chaos. The fix is
3229 not to close the socket in ip_connect(); the socket should be closed by
3230 the function that creates it. There was only one place in the code where
3231 this was missing, in the iplookup router, which I don't think anybody now
3232 uses, but I've fixed it anyway.
3233
9b8fadde
PH
3234PH/72 Make dns_again_means_nonexist apply to lookups using gethostbyname() as
3235 well as to direct DNS lookups. Otherwise the handling of names in host
3236 lists is inconsistent and therefore confusing.
3237
214e2000 3238
5de37277
PH
3239Exim version 4.60
3240-----------------
3241
cc38ddbf
PH
3242PH/01 Two changes to the default runtime configuration:
3243
3244 (1) Move the checks for relay_from_hosts and authenticated clients from
3245 after to before the (commented out) DNS black list checks.
3246
3247 (2) Add control=submission to the relay_from_hosts and authenticated
3248 clients checks, on the grounds that messages accepted by these
3249 statements are most likely to be submissions.
5de37277 3250
72fdd6ae
PH
3251PH/02 Several tidies to the handling of ${prvs and ${prvscheck:
3252
3253 (1) Generate an error if the third argument for the ${prvs expansion is
3254 not a single digit.
3255
3256 (2) Treat a missing third argument of ${prvscheck as if it were an empty
3257 string.
3258
3259 (3) Reset the variables that are obtained from the first argument of
3260 ${prvscheck and used in the second argument before leaving the code,
3261 because their memory is reclaimed, so using them afterwards may do
3262 silly things.
3263
3264 (4) Tidy up the code for expanding the arguments of ${prvscheck one by
3265 one (it's much easier than Tom thought :-).
3266
3267 (5) Because of (4), we can now allow for the use of $prvscheck_result
3268 inside the third argument.
cb9328de 3269
cb741023
PH
3270PH/03 For some reason, the default setting of PATH when running a command from
3271 a pipe transport was just "/usr/bin". I have changed it to
3272 "/bin:/usr/bin".
3273
f174f16e
PH
3274PH/04 SUPPORT_TRANSLATE_IP_ADDRESS and MOVE_FROZEN_MESSAGES did not cause
3275 anything to be listed in the output from -bV.
b2f5a032 3276
c25242d7
PH
3277PH/05 When a filter generated an autoreply, the entire To: header line was
3278 quoted in the delivery log line, like this:
3279