Reduce space used by flags in smtp transport
[exim.git] / doc / doc-txt / ChangeLog
CommitLineData
495ae4b0
PH
1Change log file for Exim from version 4.21
2-------------------------------------------
3
8d042305
JH
4Exim version 4.88
5-----------------
9094b84b
JH
6JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
7 supports it and a size is available (ie. the sending peer gave us one).
8d042305 8
03d5892b
JH
9JH/02 The obsolete acl condition "demime" is removed (finally, after ten
10 years of being deprecated). The replacements are the ACLs
11 acl_smtp_mime and acl_not_smtp_mime.
12
4b0fe319
JH
13JH/03 Upgrade security requirements imposed for hosts_try_dane: previously
14 a downgraded non-dane trust-anchor for the TLS connection (CA-style)
15 or even an in-clear connection were permitted. Now, if the host lookup
16 was dnssec and dane was requested then the host is only used if the
17 TLSA lookup succeeds and is dnssec. Further hosts (eg. lower priority
18 MXs) will be tried (for hosts_try_dane though not for hosts_require_dane)
19 if one fails this test.
20 This means that a poorly-configured remote DNS will make it incommunicado;
21 but it protects against a DNS-interception attack on it.
22
789f8a4f
JH
23JH/04 Bug 1810: make continued-use of an open smtp transport connection
24 non-noisy when a race steals the message being considered.
25
23bb6982
JH
26JH/05 If main configuration option tls_certificate is unset, generate a
27 selfsigned certificate for inbound TLS connections.
28
0bd1b1ed 29JH/06 Bug 165: hide more cases of password exposure - this time in expansions
f42deca9 30 in rewrites and routers.
0bd1b1ed 31
20b9a2dc
JH
32JH/07 Retire gnutls_require_mac et.al. These were nonfunctional since 4.80
33 and logged a warning sing 4.83; now they are a configuration file error.
34
05392bbc
JH
35JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name
36 (lacking @domain). Apply the same qualification processing as RCPT.
37
1a6230a3
JH
38JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode.
39
cfab9d68
JH
40JH/10 Support ${sha256:} applied to a string (as well as the previous
41 certificate).
42
98c82a3d
JH
43JH/11 Cutthrough: avoid using the callout hints db on a verify callout when
44 a cutthrough deliver is pending, as we always want to make a connection.
45 This also avoids re-routing the message when later placing the cutthrough
46 connection after a verify cache hit.
47 Do not update it with the verify result either.
48
49JH/12 Cutthrough: disable when verify option success_on_redirect is used, and
50 when routing results in more than one destination address.
51
ae8386f0
JH
52JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim
53 signing (which inhibits the cutthrough capability). Previously only
54 the presence of an option was tested; now an expansion evaluating as
55 empty is permissible (obviously it should depend only on data available
56 when the cutthrough connection is made).
57
0d9fa8c0
JH
58JH/14 Fix logging of errors under PIPELINING. Previously the log line giving
59 the relevant preceding SMTP command did not note the pipelining mode.
60
3581f321
JH
61JH/15 Fix counting of empty lines in $body_linecount and $message_linecount.
62 Previously they were not counted.
63
ef3a1a30
JH
64JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same
65 as one having no matching records. Previously we deferred the message
66 that needed the lookup.
67
803628d5 68JH/17 Fakereject: previously logged as a norml message arrival "<="; now
27b9e5f4
JH
69 distinguished as "(=".
70
1435d4b2
JH
71JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work
72 for missing MX records. Previously it only worked for missing A records.
73
eea0defe
JB
74JH/19 Bug 1850: support Radius libraries that return REJECT_RC.
75
76JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops
77 after the data-go-ahead and data-ack. Patch from Jason Betts.
860cdda2 78
72a201e2
TM
79JH/21 Bug 1846: Send DMARC forensic reports for reject and quaratine results,
80 even for a "none" policy. Patch from Tony Meyer.
81
1c788856
JH
82JH/22 Fix continued use of a connection for further deliveries. If a port was
83 specified by a router, it must also match for the delivery to be
84 compatible.
85
e3b1f624
JH
86JH/23 Bug 1874: fix continued use of a connection for further deliveries.
87 When one of the recipients of a message was unsuitable for the connection
88 (has no matching addresses), we lost track of needing to mark it
89 deferred. As a result mail would be lost.
90
8d042305 91
0d9b78be
JH
92Exim version 4.87
93-----------------
82d14d6a
JH
94JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16
95 and 3.4.4 - once the server is enabled to respond to an OCSP request
96 it does even when not requested, resulting in a stapling non-aware
97 client dropping the TLS connection.
0d9b78be 98
6c6d6e48
TF
99TF/01 Code cleanup: Overhaul the debug_selector and log_selector machinery to
100 support variable-length bit vectors. No functional change.
101
ac881e27
TF
102TF/02 Improve the consistency of logging incoming and outgoing interfaces.
103 The I= interface field on outgoing lines is now after the H= remote
104 host field, same as incoming lines. There is a separate
105 outgoing_interface log selector which allows you to disable the
106 outgoing I= field.
107
c8899c20
JH
108JH/02 Bug 728: Close logfiles after a daemon-process "exceptional" log write.
109 If not running log_selector +smtp_connection the mainlog would be held
110 open indefinitely after a "too many connections" event, including to a
111 deleted file after a log rotate. Leave the per net connection logging
112 leaving it open for efficiency as that will be quickly detected by the
113 check on the next write.
114
f1b81d81
HSHR
115HS/01 Bug 1671: Fix post transport crash.
116 Processing the wait-<transport> messages could crash the delivery
117 process if the message IDs didn't exist for some reason. When
118 using 'split_spool_directory=yes' the construction of the spool
119 file name failed already, exposing the same netto behaviour.
120
f38917cc
JH
121JH/03 Bug 425: Capture substrings in $regex1, $regex2 etc from regex &
122 mime_regex ACL conditions.
123
895fbaf2
JH
124JH/04 Bug 1686: When compiled with EXPERIMENTAL_DSN_INFO: Add extra information
125 to DSN fail messages (bounces): remote IP, remote greeting, remote response
126 to HELO, local diagnostic string.
127
805bb5c3
JH
128JH/05 Downgrade message for a TLS-certificate-based authentication fail from
129 log line to debug. Even when configured with a tls authenticator many
130 client connections are expected to not authenticate in this way, so
131 an authenticate fail is not an error.
132
56c2a7be
HSHR
133HS/02 Add the Exim version string to the process info. This way exiwhat
134 gives some more detail about the running daemon.
135
14b3c5bc
JH
136JH/06 Bug 1395: time-limit cacheing of DNS lookups, to the TTL value. This may
137 matter for fast-change records such as DNSBLs.
138
6f6dedcc
JH
139JH/07 Bug 1678: Always record an interface option value, if set, as part of a
140 retry record, even if constant. There may be multiple transports with
141 different interface settings and the retry behaviour needs to be kept
142 distinct.
143
0f557e90
JH
144JH/08 Bug 1586: exiqgrep now refuses to run if there are unexpected arguments.
145
146JH/09 Bug 1700: ignore space & tab embedded in base64 during decode.
147
ec0eb1a3
JH
148JH/10 Bug 840: fix log_defer_output option of pipe transport
149
41e93589
JH
150JH/11 Bug 830: use same host for all RCPTS of a message, even under
151 hosts_randomize. This matters a lot when combined with mua_wrapper.
152
98b98887 153JH/12 Bug 1706: percent and underbar characters are no longer escaped by the
376d2ec0
JH
154 ${quote_pgsql:<string>} operator.
155
98b98887
JH
156JH/13 Bug 1708: avoid misaligned access in cached lookup.
157
858e91c2
JH
158JH/14 Change header file name for freeradius-client. Relevant if compiling
159 with Radius support; from the Gentoo tree and checked under Fedora.
160
161JH/15 Bug 1712: Introduce $prdr_requested flag variable
162
6ff55e50
JH
163JH/16 Bug 1714: Permit an empty string as expansion result for transport
164 option transport_filter, meaning no filtering.
165
3b957582
JB
166JH/17 Bug 1713: Fix non-PDKIM_DEBUG build. Patch from Jasen Betts.
167
23f3dc67
JH
168JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now
169 defaults to "*" (all hosts). The variable is now available when not built
170 with TLS, default unset, mainly to enable keeping the testuite sane.
171 If a server certificate is not supplied (via tls_certificate) an error is
172 logged, and clients will find TLS connections fail on startup. Presumably
173 they will retry in-clear.
174 Packagers of Exim are strongly encouraged to create a server certificate
175 at installation time.
176
240c288f
JH
177HS/03 Add -bP config_file as a synonym for -bP configure_file, for consistency
178 with the $config_file variable.
179
5ef5dd52
JB
180JH/19 Two additional event types: msg:rcpt:defer and msg:rcpt:host:defer. Both
181 in transport context, after the attempt, and per-recipient. The latter type
182 is per host attempted. The event data is the error message, and the errno
183 information encodes the lookup type (A vs. MX) used for the (first) host,
184 and the trailing two digits of the smtp 4xx reponse.
185
e161710d
GF
186GF/01 Bug 1715: Fix for race condition in exicyclog, where exim could attempt
187 to write to mainlog (or rejectlog, paniclog) in the window between file
188 creation and permissions/ownership being changed. Particularly affects
189 installations where exicyclog is run as root, rather than exim user;
190 result is that the running daemon panics and dies.
191
a159f203
JH
192JH/20 Bug 1701: For MySQL lookups, support MySQL config file option group names.
193
7f06582c
JH
194JH/21 Bug 1720: Add support for priority groups and weighted-random proxy
195 selection for the EXPERIMENTAL_SOCKS feature, via new per-proxy options
196 "pri" and "weight". Note that the previous implicit priority given by the
197 list order is no longer honoured.
198
abe1010c
JH
199JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalisation
200 for DKIM processing.
201
f0989ec0
JH
202JH/23 Move SOCKS5 support from Experimental to mainline, enabled for a build
203 by defining SUPPORT_SOCKS.
74f150bf 204
cee5f132
JH
205JH/26 Move PROXY support from Experimental to mainline, enabled for a build
206 by defining SUPPORT_PROXY. Note that the proxy_required_hosts option
e6d2a989
JH
207 is renamed to hosts_proxy, and the proxy_{host,target}_{address,port}.
208 variables are renamed to proxy_{local,external}_{address,port}.
cee5f132 209
8c5d388a
JH
210JH/27 Move Internationalisation support from Experimental to mainline, enabled
211 for a build by defining SUPPORT_I18N
212
2d8d625b
JH
213JH/28 Bug 1745: Fix redis lookups to handle (quoted) spaces embedded in parts
214 of the query string, and make ${quote_redis:} do that quoting.
215
0cbf2b82
JH
216JH/29 Move Events support from Experimental to mainline, enabled by default
217 and removable for a build by defining DISABLE_EVENT.
218
f2f2c91b
JH
219JH/30 Updated DANE implementation code to current from Viktor Dukhovni.
220
ce325893
JH
221JH/31 Fix bug with hosts_connection_nolog and named-lists which were wrongly
222 cached by the daemon.
223
de78e2d5
JH
224JH/32 Move Redis support from Experimental to mainline, enabled for a build
225 by defining LOOKUP_REDIS. The libhiredis library is required.
226
379ba7d0
JH
227JH/33 Bug 1748: Permit ACL dnslists= condition in non-smtp ACLs if explicit
228 keys are given for lookup.
229
f444c2c7
JH
230JH/34 Bug 1192: replace the embedded copy of PolarSSL RSA routines in the DKIM
231 support, by using OpenSSL or GnuTLS library ones. This means DKIM is
07c73177
JH
232 only supported when built with TLS support. The PolarSSL SHA routines
233 are still used when the TLS library is too old for convenient support.
f444c2c7 234
a57b6200
JH
235JH/35 Require SINGLE_DH_USE by default in OpenSSL (main config option
236 openssl_options), for security. OpenSSL forces this from version 1.1.0
237 server-side so match that on older versions.
238
07c73177 239JH/36 Bug 1778: longstanding bug in memory use by the ${run } expansion: A fresh
fa01e4f8 240 allocation for $value could be released as the expansion processing
07c73177 241 concluded, but leaving the global pointer active for it.
fa01e4f8 242
4f6ae5c3
JH
243JH/37 Bug 1769: Permit a VRFY ACL to override the default 252 response,
244 and to use the domains and local_parts ACL conditions.
245
1bc460a6
JH
246JH/38 Fix cutthrough bug with body lines having a single dot. The dot was
247 incorrectly not doubled on cutthrough transmission, hence seen as a
248 body-termination at the receiving system - resulting in truncated mails.
62ac2eb7 249 Commonly the sender saw a TCP-level error, and retransmitted the message
1bc460a6
JH
250 via the normal store-and-forward channel. This could result in duplicates
251 received - but deduplicating mailstores were liable to retain only the
252 initial truncated version.
253
ab9152ff 254JH/39 Bug 1781: Fix use of DKIM private-keys having trailing '=' in the base-64.
df3def24 255
67e87fcf
JH
256JH/40 Fix crash in queryprogram router when compiled with EXPERIMENTAL_SRS.
257
ab9152ff
JH
258JH/41 Bug 1792: Fix selection of headers to sign for DKIM: bottom-up. While
259 we're in there, support oversigning also; bug 1309.
260
af483912
JH
261JH/42 Bug 1796: Fix error logged on a malware scanner connection failure.
262
bc3c7bb7 263HS/04 Add support for keep_environment and add_environment options.
df3def24 264
13559da6
JH
265JH/43 Tidy coding issues detected by gcc --fsanitize=undefined. Some remain;
266 either intentional arithmetic overflow during PRNG, or testing config-
267 induced overflows.
268
59eaad2b
JH
269JH/44 Bug 1800: The combination of a -bhc commandline option and cutthrough
270 delivery resulted in actual delivery. Cancel cutthrough before DATA
271 stage.
272
f9334a28
JH
273JH/45 Fix cutthrough, when connection not opened by verify and target hard-
274 rejects a recipient: pass the reject to the originator.
275
dc8091e7
JH
276JH/46 Multiple issues raised by Coverity. Some were obvious or plausible bugs.
277 Many were false-positives and ignorable, but it's worth fixing the
278 former class.
279
dfe7d917
JH
280JH/47 Fix build on HP-UX and older Solaris, which need (un)setenv now also
281 for the new environment-manipulation done at startup. Move the routines
282 from being local to tls.c to being global via the os.c file.
283
93cc2d6e
JH
284JH/48 Bug 1807: Fix ${extract } for the numeric/3-string case. While preparsing
285 an extract embedded as result-arg for a map, the first arg for extract
286 is unavailable so we cannot tell if this is a numbered or keyed
287 extraction. Accept either.
288
13559da6 289
0d9b78be 290
9c695f6d
JH
291Exim version 4.86
292-----------------
293JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
294 expanded.
295
506900af
JH
296JH/02 The smtp transport option "multi_domain" is now expanded.
297
ad07e9ad
JH
298JH/03 The smtp transport now requests PRDR by default, if the server offers
299 it.
300
01a4a5c5 301JH/04 Certificate name checking on server certificates, when exim is a client,
b3ef41c9 302 is now done by default. The transport option tls_verify_cert_hostnames
01a4a5c5
JH
303 can be used to disable this per-host. The build option
304 EXPERIMENTAL_CERTNAMES is withdrawn.
305
cb1d7830 306JH/05 The value of the tls_verify_certificates smtp transport and main options
0e0f3f56 307 default to the word "system" to access the system default CA bundle.
cb1d7830
JH
308 For GnuTLS, only version 3.0.20 or later.
309
610ff438 310JH/06 Verification of the server certificate for a TLS connection is now tried
6d580f19
JH
311 (but not required) by default. The verification status is now logged by
312 default, for both outbound TLS and client-certificate supplying inbound
313 TLS connections
610ff438 314
f926e272
JH
315JH/07 Changed the default rfc1413 lookup settings to disable calls. Few
316 sites use this now.
317
50dc7409
JH
318JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery
319 Status Notification (bounce) messages are now MIME format per RFC 3464.
320 Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised
321 under the control of the dsn_advertise_hosts option, and routers may
322 have a dsn_lasthop option.
323
0f0c8159
JH
324JH/09 A timeout of 2 minutes is now applied to all malware scanner types by
325 default, modifiable by a malware= option. The list separator for
23763898 326 the options can now be changed in the usual way. Bug 68.
4e71661f 327
1ad6489e
JH
328JH/10 The smtp_receive_timeout main option is now expanded before use.
329
aeaf5db3
JH
330JH/11 The incoming_interface log option now also enables logging of the
331 local interface on delivery outgoing connections.
332
5032d1cf
JH
333JH/12 The cutthrough-routing facility now supports multi-recipient mails,
334 if the interface and destination host and port all match.
335
7e8360e6
JH
336JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
337 /defer_ok option.
338
c5f280e2
AL
339JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd.
340 Patch from Andrew Lewis.
341
fd4d8871 342JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition)
dc7b3d36 343 now supports optional time-restrictions, weighting, and priority
fd4d8871
R
344 modifiers per server. Patch originally by <rommer@active.by>.
345
346JH/16 The spamd_address main option now supports a mixed list of local
2aad5761
JH
347 and remote servers. Remote servers can be IPv6 addresses, and
348 specify a port-range.
fd4d8871 349
23763898
JH
350JH/17 Bug 68: The spamd_address main option now supports an optional
351 timeout value per server.
352
2ad78978
JH
353JH/18 Bug 1581: Router and transport options headers_add/remove can
354 now have the list separator specified.
355
8a512ed5 356JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry
cfab9d68 357 option values.
8a512ed5 358
82c0c8ea 359JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails
f69979cf
JH
360 under OpenSSL.
361
cc00f4af
JH
362JH/21 Support for the A6 type of dns record is withdrawn.
363
82c0c8ea
JH
364JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
365 rather than the verbs used.
366
b980ed83
JH
367JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
368 from 255 to 1024 chars.
369
6c9ed72e
JH
370JH/24 Verification callouts now attempt to use TLS by default.
371
cfab9d68 372HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains)
99c1bb4e 373 are generic router options now. The defaults didn't change.
50dc7409 374
f846c8f5
JH
375JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames.
376 Original patch from Alexander Shikoff, worked over by JH.
377
fd4c285c
HSHR
378HS/02 Bug 1575: exigrep falls back to autodetection of compressed
379 files if ZCAT_COMMAND is not executable.
380
fd7f7910
JH
381JH/26 Bug 1539: Add timout/retry options on dnsdb lookups.
382
d2a2c69b
JH
383JH/27 Bug 286: Support SOA lookup in dnsdb lookups.
384
8241d8dd
JH
385JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
386 Normally benign, it bites when the pair was led to by a CNAME;
387 modern usage is to not canoicalize the domain to a CNAME target
388 (and we were inconsistent anyway for A-only vs AAAA+A).
389
1f12df4d
JH
390JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
391
1f155f8e
JH
392JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
393 when evaluating $sender_host_dnssec.
394
1705dd20
JH
395JH/31 Check the HELO verification lookup for DNSSEC, adding new
396 $sender_helo_dnssec variable.
397
038597d2
PP
398JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve.
399
474f71bf
JH
400JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log.
401
7137ca4b
JH
402JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.
403
dcb1095c
JH
404JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was
405 documented as working, but never had. Support all but $spam_report.
406
2f460950
JH
407JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
408 added for tls authenticator.
409
2f680c0c
HSHR
410HS/03 Add perl_taintmode main config option
411
9c695f6d 412
e449c3b0
TL
413Exim version 4.85
414-----------------
415TL/01 When running the test suite, the README says that variables such as
416 no_msglog_check are global and can be placed anywhere in a specific
417 test's script, however it was observed that placement needed to be near
418 the beginning for it to behave that way. Changed the runtest perl
419 script to read through the entire script once to detect and set these
420 variables, reset to the beginning of the script, and then run through
421 the script parsing/test process like normal.
422
ac20058f
TL
423TL/02 The BSD's have an arc4random API. One of the functions to induce
424 adding randomness was arc4random_stir(), but it has been removed in
425 OpenBSD 5.5. Detect this OpenBSD version and skip calling this
426 function when detected.
427
a9b8ec8b
JH
428JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now
429 cause callback expansion.
430
6286d7c4
TL
431TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that
432 syntax errors in an expansion can be treated as a string instead of
433 logging or causing an error, due to the internal use of bool_lax
434 instead of bool when processing it.
435
0f06b4f2 436JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
d567a64d
JH
437 server certificates when making smtp deliveries.
438
be36e572
JH
439JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups.
440
ac4ef9bd
JH
441JH/04 Add ${sort {list}{condition}{extractor}} expansion item.
442
0eb51736
TL
443TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep.
444
c713ca4b
TL
445TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
446 Merged patch from Sebastian Wiedenroth.
e449c3b0 447
bd21a787
WB
448JH/05 Fix results-pipe from transport process. Several recipients, combined
449 with certificate use, exposed issues where response data items split
450 over buffer boundaries were not parsed properly. This eventually
451 resulted in duplicates being sent. This issue only became common enough
452 to notice due to the introduction of conection certificate information,
453 the item size being so much larger. Found and fixed by Wolfgang Breyha.
454
8bc732e8
JH
455JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed
456 size buffer was used, resulting in syntax errors when an expansion
457 exceeded it.
458
a7fec7a7
JH
459JH/07 Add support for directories of certificates when compiled with a GnuTLS
460 version 3.3.6 or later.
461
774ef2d7
JH
462JH/08 Rename the TPDA expermimental facility to Event Actions. The #ifdef
463 is EXPERIMENTAL_EVENT, the main-configuration and transport options
464 both become "event_action", the variables become $event_name, $event_data
aec45841 465 and $event_defer_errno. There is a new variable $verify_mode, usable in
723fe533
JH
466 routers, transports and related events. The tls:cert event is now also
467 raised for inbound connections, if the main configuration event_action
468 option is defined.
774ef2d7 469
eca4debb
TL
470TL/06 In test suite, disable OCSP for old versions of openssl which contained
471 early OCSP support, but no stapling (appears to be less than 1.0.0).
472
8d692470
JH
473JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
474 server certificate names available under the smtp transport option
475 "tls_verify_cert_hostname" now do not permit multi-component wildcard
476 matches.
477
e9477a08
JH
478JH/10 Time-related extraction expansions from certificates now use the main
479 option "timezone" setting for output formatting, and are consistent
480 between OpenSSL and GnuTLS compilations. Bug 1541.
481
ad4c5ff9
JH
482JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047-
483 encoded parameter in the incoming message. Bug 1558.
8dea5edf
JH
484
485JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now
486 include certificate info, eximon was claiming there were spoolfile
487 syntax errors.
488
3394b36a 489JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return.
8dea5edf
JH
490
491JH/14 Log delivery-related information more consistently, using the sequence
492 "H=<name> [<ip>]" wherever possible.
493
3394b36a
TL
494TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which
495 are problematic for Debian distribution, omit them from the release
496 tarball.
497
ad4c5ff9
JH
498JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature.
499
500JH/16 Fix string representation of time values on 64bit time_t anchitectures.
501 Bug 1561.
502
503JH/17 Fix a null-indirection in certextract expansions when a nondefault
504 output list separator was used.
505
8bc732e8 506
1f0ebb98
TL
507Exim version 4.84
508-----------------
09728d20
TL
509TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static
510 checkers that were complaining about end of non-void function with no
511 return.
1f0ebb98 512
a612424f
JH
513JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers.
514 This was a regression intruduced in 4.83 by another bugfix.
515
516JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled.
517
518TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when
a9b8ec8b 519 EXPERIMENTAL_DSN is enabled. Fix from Wolfgang Breyha.
a612424f 520
1f0ebb98 521
c0e56233
TF
522Exim version 4.83
523-----------------
524
525TF/01 Correctly close the server side of TLS when forking for delivery.
526
527 When a message was received over SMTP with TLS, Exim failed to clear up
528 the incoming connection properly after forking off the child process to
529 deliver the message. In some situations the subsequent outgoing
530 delivery connection happened to have the same fd number as the incoming
531 connection previously had. Exim would try to use TLS and fail, logging
532 a "Bad file descriptor" error.
533
7245734e
TF
534TF/02 Portability fix for building lookup modules on Solaris when the xpg4
535 utilities have not been installed.
536
fd5dad68
JH
537JH/01 Fix memory-handling in use of acl as a conditional; avoid free of
538 temporary space as the ACL may create new global variables.
539
5428a946
TL
540TL/01 LDAP support uses per connection or global context settings, depending
541 upon the detected version of the libraries at build time.
542
a3c86431
TL
543TL/02 Experimental Proxy Protocol support: allows a proxied SMTP connection
544 to extract and use the src ip:port in logging and expansions as if it
8ded8589
TL
545 were a direct connection from the outside internet. PPv2 support was
546 updated based on HAProxy spec change in May 2014.
a3c86431 547
aa26e137
JH
548JH/02 Add ${listextract {number}{list}{success}{fail}}.
549
5a1b8443
WB
550TL/03 Bugzilla 1433: Fix DMARC SEGV with specific From header contents.
551 Properly escape header and check for NULL return.
552
72c9e342
PP
553PP/01 Continue incomplete 4.82 PP/19 by fixing docs too: use dns_dnssec_ok
554 not dns_use_dnssec.
555
76f44207
WB
556JH/03 Bugzilla 1157: support log_selector smtp_confirmation for lmtp.
557
770747fd
MFM
558TL/04 Add verify = header_names_ascii check to reject email with non-ASCII
559 characters in header names, implemented as a verify condition.
560 Contributed by Michael Fischer v. Mollard.
561
8ddef691 562TL/05 Rename SPF condition results err_perm and err_temp to standardized
982650ec
TL
563 results permerror and temperror. Previous values are deprecated but
564 still accepted. In a future release, err_perm and err_temp will be
565 completely removed, which will be a backward incompatibility if the
566 ACL tests for either of these two old results. Patch contributed by
8ddef691 567 user bes-internal on the mailing list.
c0e56233 568
b9c2e32f
AR
569JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
570
e45a1c37
JH
571JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
572 selectors, in both main and reject logs.
573
67d81c10
JH
574JH/06 Log outbound-TLS and port details, subject to log selectors, for a
575 failed delivery.
576
b1f8e4f8
JH
577JH/07 Add malware type "sock" for talking to simple daemon.
578
511a6c14 579JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport.
511a6c14
JH
580
581JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in
582 routers/transports under cutthrough routing.
214042d2 583
51c7471d
JH
584JH/10 Bugzilla 1005: ACL "condition =" should accept values which are negative
585 numbers. Touch up "bool" conditional to keep the same definition.
586
3695be34
TL
587TL/06 Remove duplicated language in spec file from 4.82 TL/16.
588
1e06383a
TL
589JH/11 Add dnsdb tlsa lookup. From Todd Lyons.
590
76146973
JH
591JH/12 Expand items in router/transport headers_add or headers_remove lists
592 individually rather than the list as a whole. Bug 1452.
593
594 Required for reasonable handling of multiple headers_ options when
595 they may be empty; requires that headers_remove items with embedded
596 colons must have them doubled (or the list-separator changed).
597
8c8b8274
TL
598TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly
599 view the policy declared in the DMARC record. Currently, $dmarc_status
600 is a combined value of both the record presence and the result of the
601 analysis.
b1f8e4f8 602
35aba663
JH
603JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455.
604
8c51eead 605JH/14 New options dnssec_request_domains, dnssec_require_domains on the
578897ea
JH
606 dnslookup router and the smtp transport (applying to the forward
607 lookup).
8c51eead 608
deae092e
HS
609TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list
610 of ldap servers used for a specific lookup. Patch provided by Heiko
611 Schlichting.
35aba663 612
fd3b6a4a 613JH/18 New options dnssec_lax, dnssec_strict on dnsdb lookups.
4e0983dc 614 New variable $lookup_dnssec_authenticated for observability.
fd3b6a4a 615
8d91c6dc
LT
616TL/09 Bugzilla 609: Add -C option to exiqgrep, specify which exim.conf to use.
617 Patch submitted by Lars Timman.
618
2b4a568d
JH
619JH/19 EXPERIMENTAL_OCSP support under GnuTLS. Bug 1459.
620
d2af03f4
HS
621TL/10 Bugzilla 1454: New -oMm option to pass message reference to Exim.
622 Requires trusted mode and valid format message id, aborts otherwise.
623 Patch contributed by Heiko Schlichting.
624
9d1c15ef
JH
625JH/20 New expansion variables tls_(in,out)_(our,peer)cert, and expansion item
626 certextract with support for various fields. Bug 1358.
627
44662487
JH
628JH/21 Observability of OCSP via variables tls_(in,out)_ocsp. Stapling
629 is requested by default, modifiable by smtp transport option
6a8a60e0
JH
630 hosts_request_ocsp.
631
ed3bba5f 632JH/22 Expansion operators ${md5:string} and ${sha1:string} can now
6a8a60e0 633 operate on certificate variables to give certificate fingerprints
9ef9101c 634 Also new ${sha256:cert_variable}.
44662487 635
8ccd00b1
JH
636JH/23 The PRDR feature is moved from being Experimental into the mainline.
637
8ded8589
TL
638TL/11 Bug 1119: fix memory allocation in string_printing2(). Patch from
639 Christian Aistleitner.
640
f2de3a33
JH
641JH/24 The OCSP stapling feature is moved from Experimental into the mainline.
642
6eb02f88
TL
643TL/12 Bug 1444: Fix improper \r\n sequence handling when writing spool
644 file. Patch from Wolfgang Breyha.
645
00bff6f6
JH
646JH/25 Expand the coverage of the delivery $host and $host_address to
647 client authenticators run in verify callout. Bug 1476.
648
071c51f7
JH
649JH/26 Port service names are now accepted for tls_on_connect_ports, to
650 align with daemon_smtp_ports. Bug 72.
651
a6d4c44e
TF
652TF/03 Fix udpsend. The ip_connectedsocket() function's socket type
653 support and error reporting did not work properly.
654
3ae173e7
ACK
655TL/13 Bug 1495: Exiqgrep check if -C config file specified on cli exists
656 and is readable. Patch from Andrew Colin Kissa.
657
c13d09b8
TL
658TL/14 Enhance documentation of ${run expansion and how it parses the
659 commandline after expansion, particularly in the case when an
660 unquoted variable expansion results in an empty value.
661
0df4ab80
JH
662JH/27 The TLS SNI feature was broken in 4.82. Fix it.
663
66be95e0
PP
664PP/02 Fix internal collision of T_APL on systems which support RFC3123
665 by renaming away from it. Addresses GH issue 15, reported by
666 Jasper Wallace.
667
1bd0d12b
JH
668JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
669
0de7239e
TL
670TL/15 SECURITY: prevent double expansion in math comparison functions
671 (can expand unsanitized data). Not remotely exploitable.
672 CVE-2014-2972
673
fd3b6a4a 674
2c422e6f 675Exim version 4.82
98a90c36
PP
676-----------------
677
678PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities.
679
12f69989
PP
680PP/02 Make -n do something, by making it not do something.
681 When combined with -bP, the name of an option is not output.
682
54c90be1
PP
683PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured
684 by GnuTLS.
685
1f4a55da
PP
686PP/04 First step towards DNSSEC, provide $sender_host_dnssec for
687 $sender_host_name and config options to manage this, and basic check
688 routines.
689
13363eba 690PP/05 DSCP support for outbound connections and control modifier for inbound.
36a3ae5f 691
66645890 692PP/06 Cyrus SASL: set local and remote IP;port properties for driver.
e402235f
PP
693 (Only plugin which currently uses this is kerberos4, which nobody should
694 be using, but we should make it available and other future plugins might
695 conceivably use it, even though it would break NAT; stuff *should* be
696 using channel bindings instead).
66645890 697
a3fb9793 698PP/07 Handle "exim -L <tag>" to indicate to use syslog with tag as the process
f4ee74ac
PP
699 name; added for Sendmail compatibility; requires admin caller.
700 Handle -G as equivalent to "control = suppress_local_fixups" (we used to
701 just ignore it); requires trusted caller.
a3fb9793 702 Also parse but ignore: -Ac -Am -X<logfile>
f4ee74ac 703 Bugzilla 1117.
a3fb9793 704
d27f98fe 705TL/01 Bugzilla 1258 - Refactor MAIL FROM optional args processing.
98a90c36 706
6822b909
TL
707TL/02 Add +smtp_confirmation as a default logging option.
708
e7568d51
TL
709TL/03 Bugzilla 198 - Implement remove_header ACL modifier.
710 Patch by Magnus Holmgren from 2007-02-20.
711
ae0e32ee 712TL/04 Bugzilla 1281 - Spec typo.
ca0ff207 713 Bugzilla 1283 - Spec typo.
97f42f10 714 Bugzilla 1290 - Spec grammar fixes.
ca0ff207
TL
715
716TL/05 Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
ae0e32ee 717
e2658fff
TL
718TL/06 Add Experimental DMARC support using libopendmarc libraries.
719
83712b39
TL
720TL/07 Fix an out of order global option causing a segfault. Reported to dev
721 mailing list by by Dmitry Isaikin.
722
976b7e9f
JH
723JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
724
be4a1376
JH
725JH/02 Support "G" suffix to numbers in ${if comparisons.
726
ec4b68e5
PP
727PP/08 Handle smtp transport tls_sni option forced-fail for OpenSSL.
728
d7148a07
NM
729NM/01 Bugzilla 1197 - Spec typo
730 Bugzilla 1196 - Spec examples corrections
ec4b68e5 731
585121e2 732JH/03 Add expansion operators ${listnamed:name} and ${listcount:string}
ec4b68e5 733
2519e60d
TL
734PP/09 Add gnutls_allow_auto_pkcs11 option (was originally called
735 gnutls_enable_pkcs11, but renamed to more accurately indicate its
736 function.
a5f239e4 737
13d08c90
PP
738PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
739 Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
740
bef3ea7f
JH
741JH/04 Add expansion item ${acl {name}{arg}...}, expansion condition
742 "acl {{name}{arg}...}", and optional args on acl condition
743 "acl = name arg..."
a5f239e4 744
846726c5
JH
745JH/05 Permit multiple router/transport headers_add/remove lines.
746
3a796370
JH
747JH/06 Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination.
748
ea722490 749JH/07 Avoid using a waiting database for a single-message-only transport.
8b260705
PP
750 Performance patch from Paul Fisher. Bugzilla 1262.
751
b1b05573
JH
752JH/08 Strip leading/trailing newlines from add_header ACL modifier data.
753 Bugzilla 884.
754
362145b5
JH
755JH/09 Add $headers_added variable, with content from use of ACL modifier
756 add_header (but not yet added to the message). Bugzilla 199.
757
3c0a92dc
JH
758JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line.
759 Pulled from Bugzilla 817 by Wolfgang Breyha.
760
6d7c6175
PP
761PP/11 SECURITY: protect DKIM DNS decoding from remote exploit.
762 CVE-2012-5671
e78e6ecf 763 (nb: this is the same fix as in Exim 4.80.1)
6d7c6175 764
6f123593
JH
765JH/11 Add A= logging on delivery lines, and a client_set_id option on
766 authenticators.
767
c8e2fc1e
JH
768JH/12 Add optional authenticated_sender logging to A= and a log_selector
769 for control.
770
005ac57f
PP
771PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29.
772
3f1df0e3
PP
773PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not
774 advertise SMTP AUTH mechanism to us, instead of a generic
775 protocol violation error. Also, make Exim more robust to bad
776 data from the Dovecot auth socket.
777
67bd1ab3
TF
778TF/01 Fix ultimate retry timeouts for intermittently deliverable recipients.
779
780 When a queue runner is handling a message, Exim first routes the
781 recipient addresses, during which it prunes them based on the retry
782 hints database. After that it attempts to deliver the message to
783 any remaining recipients. It then updates the hints database using
784 the retry rules.
785
786 So if a recipient address works intermittently, it can get repeatedly
787 deferred at routing time. The retry hints record remains fresh so the
788 address never reaches the final cutoff time.
789
790 This is a fairly common occurrence when a user is bumping up against
791 their storage quota. Exim had some logic in its local delivery code
792 to deal with this. However it did not apply to per-recipient defers
793 in remote deliveries, e.g. over LMTP to a separate IMAP message store.
794
1ddeb334
TF
795 This change adds a proper retry rule check during routing so that the
796 final cutoff time is checked against the message's age. We only do
797 this check if there is an address retry record and there is not a
798 domain retry record; this implies that previous attempts to handle
799 the address had the retry_use_local_parts option turned on. We use
800 this as an approximation for the destination being like a local
801 delivery, as in LMTP.
67bd1ab3
TF
802
803 I suspect this new check makes the old local delivery cutoff check
804 redundant, but I have not verified this so I left the code in place.
805
326cdc37
TF
806TF/02 Correct gecos expansion when From: is a prefix of the username.
807
808 Test 0254 submits a message to Exim with the header
809
810 Resent-From: f
811
812 When I ran the test suite under the user fanf2, Exim expanded
813 the header to contain my full name, whereas it should have added
814 a Resent-Sender: header. It erroneously treats any prefix of the
815 username as equal to the username.
816
817 This change corrects that bug.
818
f62514b3
GF
819GF/01 DCC debug and logging tidyup
820 Error conditions log to paniclog rather than rejectlog.
821 Debug lines prefixed by "DCC: " to remove any ambiguity.
822
eb505532
TF
823TF/03 Avoid unnecessary rebuilds of lookup-related code.
824
14c7b357
PP
825PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
826 Bug spotted by Jeremy Harris; was flawed since initial commit.
827 Would have resulted in OCSP responses post-SNI triggering an Exim
828 NULL dereference and crash.
829
94eaf700
PP
830JH/13 Add $router_name and $transport_name variables. Bugzilla 308.
831
6f5a440a
PP
832PP/15 Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd.
833 Bug detection, analysis and fix by Samuel Thibault.
834 Bugzilla 1331, Debian bug #698092.
835
514ee161
SC
836SC/01 Update eximstats to watch out for senders sending 'HELO [IpAddr]'
837
fd98a5c6
JH
838JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt).
839 Server implementation by Todd Lyons, client by JH.
840 Only enabled when compiled with EXPERIMENTAL_PRDR. A new
841 config variable "prdr_enable" controls whether the server
842 advertises the facility. If the client requests PRDR a new
843 acl_data_smtp_prdr ACL is called once for each recipient, after
844 the body content is received and before the acl_smtp_data ACL.
845 The client is controlled by bolth of: a hosts_try_prdr option
846 on the smtp transport, and the server advertisement.
847 Default client logging of deliveries and rejections involving
848 PRDR are flagged with the string "PRDR".
849
035c7f1e
PP
850PP/16 Fix problems caused by timeouts during quit ACLs trying to double
851 fclose(). Diagnosis by Todd Lyons.
852
ff284120
PP
853PP/17 Update configure.default to handle IPv6 localhost better.
854 Patch by Alain Williams (plus minor tweaks).
855 Bugzilla 880.
856
26e72755
PP
857PP/18 OpenSSL made graceful with empty tls_verify_certificates setting.
858 This is now consistent with GnuTLS, and is now documented: the
859 previous undocumented portable approach to treating the option as
860 unset was to force an expansion failure. That still works, and
861 an empty string is now equivalent.
862
0fbd9bff
PP
863PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
864 clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
865 not performing validation itself.
866
700d22f3
PP
867PP/20 Added force_command boolean option to pipe transport.
868 Patch from Nick Koston, of cPanel Inc.
869
fcc8e047
JH
870JH/15 AUTH support on callouts (and hence cutthrough-deliveries).
871 Bugzilla 321, 823.
872
7142daca
PP
873TF/04 Added udpsend ACL modifer and hexquote expansion operator
874
8c020188
PP
875PP/21 Fix eximon continuous updating with timestamped log-files.
876 Broken in a format-string cleanup in 4.80, missed when I repaired the
877 other false fix of the same issue.
878 Report and fix from Heiko Schlichting.
879 Bugzilla 1363.
880
d13cdd30
PP
881PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
882 Report from Prashanth Katuri.
883
e2fbf4a2
PP
884PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options.
885 It's SecureTransport, so affects any MacOS clients which use the
886 system-integrated TLS libraries, including email clients.
887
f4c1088b
PP
888PP/24 Fix segfault from trying to fprintf() to a NULL stdio FILE* if
889 using a MIME ACL for non-SMTP local injection.
890 Report and assistance in diagnosis by Warren Baker.
891
c5c2182f
PP
892TL/08 Adjust exiqgrep to be case-insensitive for sender/receiver.
893
73431ca9
JH
894JH/16 Fix comparisons for 64b. Bugzilla 1385.
895
2d07a215
TL
896TL/09 Add expansion variable $authenticated_fail_id to keep track of
897 last id that failed so it may be referenced in subsequent ACL's.
898
a30a8861
TL
899TL/10 Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by
900 Alexander Miroch.
901
33382dd9
TL
902TL/11 Bugzilla 1382 - Option ldap_require_cert overrides start_tls
903 ldap library initialization, allowing self-signed CA's to be
904 used. Also properly sets require_cert option later in code by
905 using NULL (global ldap config) instead of ldap handle (per
906 session). Bug diagnosis and testing by alxgomz.
6d7c6175 907
046172e6
TL
908TL/12 Enhanced documentation in the ratelimit.pl script provided in
909 the src/util/ subdirectory.
910
581d7bee 911TL/13 Bug 1031 - Imported transport SQL logging patch from Axel Rau
1a7b746d 912 renamed to Transport Post Delivery Action by Jeremy Harris, as
9bdd29ad
TL
913 EXPERIMENTAL_TPDA.
914
915TL/14 Bugzilla 1217 - Redis lookup support has been added. It is only enabled
916 when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable
917 redis_servers = needs to be configured which will be used by the redis
918 lookup. Patch from Warren Baker, of The Packet Hub.
919
237b2cf2
TL
920TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard Hall.
921
9fc5a352
TL
922TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors looking up a
923 hostname or reverse DNS when processing a host list. Used suggestions
924 from multiple comments on this bug.
1a7b746d 925
b10e4ec2
TL
926TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
927
e2cebd74
TL
928TL/18 Had previously added a -CONTINUE option to runtest in the test suite.
929 Missed a few lines, added it to make the runtest require no keyboard
930 interaction.
931
932TL/19 Bugzilla 1402 - Test 533 fails if any part of the path to the test suite
933 contains upper case chars. Make router use caseful_local_part.
934
2519e60d
TL
935TL/20 Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS
936 support when GnuTLS has been built with p11-kit.
937
e78e6ecf 938
4263f395
PP
939Exim version 4.80.1
940-------------------
941
942PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
943 CVE-2012-5671
2c422e6f 944 This, or similar/improved, will also be change PP/11 of 4.82.
3c0a92dc 945
ea722490 946
b1770b6e 947Exim version 4.80
0599f9cf
PP
948-----------------
949
950PP/01 Handle short writes when writing local log-files.
951 In practice, only affects FreeBSD (8 onwards).
952 Bugzilla 1053, with thanks to Dmitry Isaikin.
953
23c7e742
NM
954NM/01 Bugzilla 949 - Documentation tweak
955
b322aac8
NM
956NM/02 Bugzilla 1093 - eximstats DATA reject detection regexps
957 improved.
958
4a891427
NM
959NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs.
960
c1e794ba 961PP/02 Implemented gsasl authenticator.
b322aac8 962
97753960
PP
963PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option.
964
965PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
966 `pkg-config foo` for cflags/libs.
967
df6303fa
PP
968PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
969 with rest of GSASL and with heimdal_gssapi.
970
7e6a8985
PP
971PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
972 `pkg-config foo` for cflags/libs for the TLS implementation.
973
f1e05cc7 974PP/07 New expansion variable $tls_bits; Cyrus SASL server connection
20aa9dbd
PP
975 properties get this fed in as external SSF. A number of robustness
976 and debugging improvements to the cyrus_sasl authenticator.
b322aac8 977
4c287009
PP
978PP/08 cyrus_sasl server now expands the server_realm option.
979
b98bb9ac
PP
980PP/09 Bugzilla 1214 - Log authentication information in reject log.
981 Patch by Jeremy Harris.
982
4a6a987a
PP
983PP/10 Added dbmjz lookup type.
984
c45dd180 985PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid.
c7955b11 986
7db8d074
PP
987PP/12 MAIL args handles TAB as well as SP, for better interop with
988 non-compliant senders.
989 Analysis and variant patch by Todd Lyons.
990
eae0036b 991NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated
cfab9d68 992 Bug report from Lars Müller <lars@samba.org> (via SUSE),
e0df1c83
DM
993 Patch from Dirk Mueller <dmueller@suse.com>
994
dec5017e
PP
995PP/13 tls_peerdn now print-escaped for spool files.
996 Observed some $tls_peerdn in wild which contained \n, which resulted
997 in spool file corruption.
998
c80c5570
PP
999PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
1000 values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
1001 or write after TLS renegotiation, which otherwise led to messages
1002 "Got SSL error 2".
1003
076b11e2
PP
1004TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
1005 as a tracking header (ie: a signed header comes before the signature).
1006 Patch from Wolfgang Breyha.
1007
5407bfff
JH
1008JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
1009 comma-sep list; embedded commas doubled.
1010
9e45c72b
PP
1011JH/02 Refactored ACL "verify =" logic to table-driven dispatch.
1012
e74376d8
PP
1013PP/15 LDAP: Check for errors of TLS initialisation, to give correct
1014 diagnostics.
1015 Report and patch from Dmitry Banschikov.
1016
da3ad30d
PP
1017PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options".
1018 Removed SSL_clear() after SSL_new() which led to protocol negotiation
1019 failures. We appear to now support TLS1.1+ with Exim.
1020
7be682ca
PP
1021PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
1022 lets Exim select keys and certificates based upon TLS SNI from client.
3f0945ff
PP
1023 Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly
1024 before an outbound SMTP session. New log_selector, +tls_sni.
7be682ca 1025
ef840681
PP
1026PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
1027 NULL dereference. Report and patch from Alun Jones.
1028
5bfb4cdf
PP
1029PP/19 DNS resolver init changes for NetBSD compatibility. (Risk of breakage
1030 on less well tested platforms). Obviates NetBSD pkgsrc patch-ac.
1031 Not seeing resolver debug output on NetBSD, but suspect this is a
1032 resolver implementation change.
1033
c6e95d22
PP
1034PP/20 Revert part of NM/04, it broke log_path containing %D expansions.
1035 Left warnings. Added "eximon gdb" invocation mode.
1036
9cbad13b
PP
1037PP/21 Defaulting "accept_8bitmime" to true, not false.
1038
9ee44efb
PP
1039PP/22 Added -bw for inetd wait mode support.
1040
6a6084f8
PP
1041PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
1042 locate the relevant includes and libraries. Made this the default.
1043
12dd53c7
PP
1044PP/24 Fixed headers_only on smtp transports (was not sending trailing dot).
1045 Bugzilla 1246, report and most of solution from Tomasz Kusy.
1046
9e45c72b 1047JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
97d17305
JH
1048 This may cause build issues on older platforms.
1049
17c76198
PP
1050PP/25 Revamped GnuTLS support, passing tls_require_ciphers to
1051 gnutls_priority_init, ignoring Exim options gnutls_require_kx,
1052 gnutls_require_mac & gnutls_require_protocols (no longer supported).
1053 Added SNI support via GnuTLS too.
af3498d6 1054 Made ${randint:..} supplier available, if using not-too-old GnuTLS.
17c76198 1055
53947857 1056PP/26 Added EXPERIMENTAL_OCSP for OpenSSL.
3f7eeb86 1057
eae0036b 1058PP/27 Applied dnsdb SPF support patch from Janne Snabb.
8ee4b30e
PP
1059 Applied second patch from Janne, implementing suggestion to default
1060 multiple-strings-in-record handling to match SPF spec.
eae0036b 1061
9e45c72b 1062JH/04 Added expansion variable $tod_epoch_l for a higher-precision time.
2605c55b 1063
7390e768
PP
1064PP/28 Fix DCC dcc_header content corruption (stack memory referenced,
1065 read-only, out of scope).
1066 Patch from Wolfgang Breyha, report from Stuart Northfield.
1067
08488c86
PP
1068PP/29 Fix three issues highlighted by clang analyser static analysis.
1069 Only crash-plausible issue would require the Cambridge-specific
1070 iplookup router and a misconfiguration.
1071 Report from Marcin Mirosław.
1072
6475bd82
PP
1073PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
1074
81f91683
PP
1075PP/31 %D in printf continues to cause issues (-Wformat=security), so for
1076 now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
1077 As part of this, removing so much warning spew let me fix some minor
1078 real issues in debug logging.
1079
5779e6aa
PP
1080PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing
1081 assignment on my part. Fixed.
1082
3375e053
PP
1083PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit
1084 of NSS, for GnuTLS/NSS interop. Problem root cause diagnosis by
1085 Janne Snabb (who went above and beyond: thank you).
1086
1087PP/34 Validate tls_require_ciphers on startup, since debugging an invalid
1088 string otherwise requires a connection and a bunch more work and it's
78e0c7a3
PP
1089 relatively easy to get wrong. Should also expose TLS library linkage
1090 problems.
3375e053 1091
9d26b8c0
PP
1092PP/35 Pull in <features.h> on Linux, for some portability edge-cases of
1093 64-bit ${eval} (JH/03).
1094
57eb9e91 1095PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of
b87a6e0e
PP
1096 GNU libc to support some of the 64-bit stuff, should not lead to
1097 conflicts. Defined before os.h is pulled in, so if a given platform
1098 needs to override this, it can.
1099
16880d1a
PP
1100PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought
1101 protection layer was required, which is not implemented.
1102 Bugzilla 1254, patch from Wolfgang Breyha.
1103
a799883d
PP
1104PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
1105 into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make
1106 tls_dhparam take prime identifiers. Also unbreak combination of
1107 OpenSSL+DH_params+TLSSNI.
1108
3ecab157 1109PP/39 Disable SSLv2 by default in OpenSSL support.
f0f5a555 1110
0599f9cf 1111
867fcbf5
PP
1112Exim version 4.77
1113-----------------
1114
1115PP/01 Solaris build fix for Oracle's LDAP libraries.
1116 Bugzilla 1109, patch from Stephen Usher.
1117
f1a29782
TF
1118TF/01 HP/UX build fix: avoid arithmetic on a void pointer.
1119
ab42bd23
TK
1120TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o
1121 whitespace trailer
867fcbf5 1122
0ca0cf52
TF
1123TF/02 Fix a couple more cases where we did not log the error message
1124 when unlink() failed. See also change 4.74-TF/03.
1125
921b12ca
TF
1126TF/03 Make the exiwhat support code safe for signals. Previously Exim might
1127 lock up or crash if it happened to be inside a call to libc when it
1128 got a SIGUSR1 from exiwhat.
1129
1130 The SIGUSR1 handler appends the current process status to the process
1131 log which is later printed by exiwhat. It used to use the general
1132 purpose logging code to do this, but several functions it calls are
1133 not safe for signals.
1134
1135 The new output code in the SIGUSR1 handler is specific to the process
1136 log, and simple enough that it's easy to inspect for signal safety.
1137 Removing some special cases also simplifies the general logging code.
1138 Removing the spurious timestamps from the process log simplifies
1139 exiwhat.
1140
c99ce5c9
TF
1141TF/04 Improved ratelimit ACL condition.
1142
1143 The /noupdate option has been deprecated in favour of /readonly which
1144 has clearer semantics. The /leaky, /strict, and /readonly update modes
1145 are mutually exclusive. The update mode is no longer included in the
1146 database key; it just determines when the database is updated. (This
1147 means that when you upgrde Exim will forget old rate measurements.)
1148
1149 Exim now checks that the per_* options are used with an update mode that
1150 makes sense for the current ACL. For example, when Exim is processing a
1151 message (e.g. acl_smtp_rcpt or acl_smtp_data, etc.) you can specify
1152 per_mail/leaky or per_mail/strict; otherwise (e.g. in acl_smtp_helo) you
1153 must specify per_mail/readonly. If you omit the update mode it defaults to
1154 /leaky where that makes sense (as before) or /readonly where required.
1155
1156 The /noupdate option is now undocumented but still supported for
1157 backwards compatibility. It is equivalent to /readonly except that in
1158 ACLs where /readonly is required you may specify /leaky/noupdate or
1159 /strict/noupdate which are treated the same as /readonly.
1160
1161 A useful new feature is the /count= option. This is a generalization
1162 of the per_byte option, so that you can measure the throughput of other
1163 aggregate values. For example, the per_byte option is now equivalent
1164 to per_mail/count=${if >{0}{$message_size} {0} {$message_size} }.
1165
1166 The per_rcpt option has been generalized using the /count= mechanism
1167 (though it's more complicated than the per_byte equivalence). When it is
1168 used in acl_smtp_rcpt, the per_rcpt option adds recipients to the
1169 measured rate one at a time; if it is used later (e.g. in acl_smtp_data)
1170 or in a non-SMTP ACL it adds all the recipients in one go. (The latter
1171 /count=$recipients_count behaviour used to work only in non-SMTP ACLs.)
1172 Note that using per_rcpt with a non-readonly update mode in more than
1173 one ACL will cause the recipients to be double-counted. (The per_mail
1174 and per_byte options don't have this problem.)
1175
1176 The handling of very low rates has changed slightly. If the computed rate
1177 is less than the event's count (usually one) then this event is the first
1178 after a long gap. In this case the rate is set to the same as this event's
1179 count, so that the first message of a spam run is counted properly.
1180
1181 The major new feature is a mechanism for counting the rate of unique
1182 events. The new per_addr option counts the number of different
1183 recipients that someone has sent messages to in the last time period. It
1184 behaves like per_rcpt if all the recipient addresses are different, but
1185 duplicate recipient addresses do not increase the measured rate. Like
1186 the /count= option this is a general mechanism, so the per_addr option
1187 is equivalent to per_rcpt/unique=$local_part@$domain. You can, for
1188 example, measure the rate that a client uses different sender addresses
1189 with the options per_mail/unique=$sender_address. There are further
1190 details in the main documentation.
1191
3634fc25
TF
1192TF/05 Removed obsolete $Cambridge$ CVS revision strings.
1193
792e8a19
TF
1194TF/06 Removed a few PCRE remnants.
1195
5901f0ab
TF
1196TF/07 Automatically extract Exim's version number from tags in the git
1197 repository when doing development or release builds.
1198
7f2a2a43
PP
1199PP/02 Raise smtp_cmd_buffer_size to 16kB.
1200 Bugzilla 879. Patch from Paul Fisher.
e2ca7082 1201
061b7ebd
PP
1202PP/03 Implement SSL-on-connect outbound with protocol=smtps on smtp transport.
1203 Heavily based on revision 40f9a89a from Simon Arlott's tree.
1204 Bugzilla 97.
1205
e12f8c32
PP
1206PP/04 Use .dylib instead of .so for dynamic library loading on MacOS.
1207
9e949f00 1208PP/05 Variable $av_failed, true if the AV scanner deferred.
7f2a2a43
PP
1209 Bugzilla 1078. Patch from John Horne.
1210
1211PP/06 Stop make process more reliably on build failure.
1212 Bugzilla 1087. Patch from Heiko Schlittermann.
9e949f00 1213
555ae6af 1214PP/07 Make maildir_use_size_file an _expandable_ boolean.
ac53fcda
PP
1215 Bugzilla 1089. Patch from Heiko Schlittermann.
1216
1217PP/08 Handle ${run} returning more data than OS pipe buffer size.
1218 Bugzilla 1131. Patch from Holger Weiß.
555ae6af 1219
6f7fe114
PP
1220PP/09 Handle IPv6 addresses with SPF.
1221 Bugzilla 860. Patch from Wolfgang Breyha.
1222
c566dd90
PP
1223PP/10 GnuTLS: support TLS 1.2 & 1.1.
1224 Bugzilla 1156.
89f897c3
PP
1225 Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler].
1226 Bugzilla 1095.
c566dd90 1227
d6cc7c78 1228PP/11 match_* no longer expand right-hand-side by default.
39257585
PP
1229 New compile-time build option, EXPAND_LISTMATCH_RHS.
1230 New expansion conditions, "inlist", "inlisti".
1231
0d0e4455
PP
1232PP/12 fix uninitialised greeting string from PP/03 (smtps client support).
1233
3399bb60 1234PP/13 shell and compiler warnings fixes for RC1-RC4 changes.
d690cbdc
PP
1235
1236PP/14 fix log_write() format string regression from TF/03.
1237 Bugzilla 1152. Patch from Dmitry Isaikin.
1238
0ca0cf52 1239
10906672
PP
1240Exim version 4.76
1241-----------------
1242
1243PP/01 The new ldap_require_cert option would segfault if used. Fixed.
1244
754a0503
PP
1245PP/02 Harmonised TLS library version reporting; only show if debugging.
1246 Layout now matches that introduced for other libraries in 4.74 PP/03.
1247
c0c7b2da
PP
1248PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
1249
e97d1f08
PP
1250PP/04 New "dns_use_edns0" global option.
1251
084c1d8c
PP
1252PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid.
1253 Bugzilla 1098.
1254
4e7ee012
PP
1255PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
1256 nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
da80c2a8 1257
c8d52a00
PP
1258TK/01 Updated PolarSSL code to 0.14.2.
1259 Bugzilla 1097. Patch from Andreas Metzler.
1260
54e7ce4a
PP
1261PP/07 Catch divide-by-zero in ${eval:...}.
1262 Fixes bugzilla 1102.
1263
5ee6f336
PP
1264PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed.
1265 Bugzilla 1104.
1266
c8d52a00 1267TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
6ea4a851
PP
1268 format-string attack -- SECURITY: remote arbitrary code execution.
1269
1270TK/03 SECURITY - DKIM signature header parsing was double-expanded, second
1271 time unintentionally subject to list matching rules, letting the header
1272 cause arbitrary Exim lookups (of items which can occur in lists, *not*
1273 arbitrary string expansion). This allowed for information disclosure.
1274
1275PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to
1276 INT_MIN/-1 -- value coerced to INT_MAX.
c8d52a00 1277
10906672 1278
aa097c4c
NM
1279Exim version 4.75
1280-----------------
1281
4c9ef03a 1282NM/01 Workround for PCRE version dependency in version reporting
aa097c4c
NM
1283 Bugzilla 1073
1284
7f3d9eff
TF
1285TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0.
1286 This fixes portability to compilers other than gcc, notably
1287 Solaris CC and HP-UX CC. Fixes Bugzilla 1050.
1288
159f52d2
TF
1289TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup
1290 makefiles for portability to HP-UX and POSIX correctness.
1291
0cc9542a
PP
1292PP/01 Permit LOOKUP_foo enabling on the make command-line.
1293 Also via indented variable definition in the Makefile.
1294 (Debugging by Oliver Heesakkers).
1295
f7274286
PP
1296PP/02 Restore caching of spamd results with expanded spamd_address.
1297 Patch from author of expandable spamd_address patch, Wolfgang Breyha.
1298
7b797365
PP
1299PP/03 Build issue: lookups-Makefile now exports LC_ALL=C
1300 Improves build reliability. Fix from: Frank Elsner
1301
caacae52
NM
1302NM/02 Fix wide character breakage in the rfc2047 coding
1303 Fixes bug 1064. Patch from Andrey N. Oktyabrski
1304
09dcaba9
NM
1305NM/03 Allow underscore in dnslist lookups
1306 Fixes bug 1026. Patch from Graeme Fowler
1307
bc19a55b
PP
1308PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps).
1309 Code patches from Adam Ciarcinski of NetBSD.
caacae52 1310
bd4c9759
NM
1311NM/04 Fixed exiqgrep to cope with mailq missing size issue
1312 Fixes bug 943.
1313
b72aab72
PP
1314PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which
1315 is logged, to avoid truncation. Patch from John Horne.
1316
2fe76745
PP
1317PP/06 Bugzilla 1042: implement freeze_signal on pipe transports.
1318 Patch from Jakob Hirsch.
1319
76aa570c
PP
1320PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal
1321 SQL string expansion failure details.
1322 Patch from Andrey Oktyabrski.
1323
f1e5fef5
PP
1324PP/08 Bugzilla 486: implement %M datestamping in log filenames.
1325 Patch from Simon Arlott.
1326
4d805ee9
PP
1327PP/09 New lookups functionality failed to compile on old gcc which rejects
1328 extern declarations in function scope.
1329 Patch from Oliver Fleischmann
1330
cd59ab18
PP
1331PP/10 Use sig_atomic_t for flags set from signal handlers.
1332 Check getgroups() return and improve debugging.
1333 Fixed developed for diagnosis in bug 927 (which turned out to be
1334 a kernel bug).
1335
332f5cf3
PP
1336PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag.
1337 Patch from Mark Zealey.
1338
29cfeb94
PP
1339PP/12 Bugzilla 1056: Improved spamd server selection.
1340 Patch from Mark Zealey.
1341
660242ad
PP
1342PP/13 Bugzilla 1086: Deal with maildir quota file races.
1343 Based on patch from Heiko Schlittermann.
1344
bc4bc4c5
PP
1345PP/14 Bugzilla 1019: DKIM multiple signature generation fix.
1346 Patch from Uwe Doering, sign-off by Michael Haardt.
1347
2e64baa9
NM
1348NM/05 Fix to spam.c to accommodate older gcc versions which dislike
1349 variable declaration deep within a block. Bug and patch from
1350 Dennis Davis.
1351
bddd7526
PP
1352PP/15 lookups-Makefile IRIX compatibilty coercion.
1353
6bac1a9a
PP
1354PP/16 Make DISABLE_DKIM build knob functional.
1355
552193f0
NM
1356NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler
1357 Patch by Simon Arlott
baeee2c1 1358
1b587e48
TF
1359TF/03 Fix valgrind.h portability to C89 compilers that do not support
1360 variable argument macros. Our copy now differs from upstream.
1361
aa097c4c 1362
8c07b69f
TF
1363Exim version 4.74
1364-----------------
1365
1366TF/01 Failure to get a lock on a hints database can have serious
1367 consequences so log it to the panic log.
1368
c0ea85ab
TF
1369TF/02 Log LMTP confirmation messages in the same way as SMTP,
1370 controlled using the smtp_confirmation log selector.
1371
0761d44e
TF
1372TF/03 Include the error message when we fail to unlink a spool file.
1373
0a349494
PP
1374DW/01 Bugzilla 139: Support dynamically loaded lookups as modules.
1375 With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux
1376 for maintaining out-of-tree patches for some time.
1377
1378PP/01 Bugzilla 139: Documentation and portability issues.
1379 Avoid GNU Makefile-isms, let Exim continue to build on BSD.
1380 Handle per-OS dynamic-module compilation flags.
1381
fea24b2e
PP
1382PP/02 Let /dev/null have normal permissions.
1383 The 4.73 fixes were a little too stringent and complained about the
1384 permissions on /dev/null. Exempt it from some checks.
1385 Reported by Andreas M. Kirchwitz.
1386
6545de78
PP
1387PP/03 Report version information for many libraries, including
1388 Exim version information for dynamically loaded libraries. Created
1389 version.h, now support a version extension string for distributors
1390 who patch heavily. Dynamic module ABI change.
1391
1670ef10
PP
1392PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
1393 privilege escalation vulnerability whereby the Exim run-time user
1394 can cause root to append content of the attacker's choosing to
1395 arbitrary files.
1396
c0886197
PP
1397PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
1398 (Wolfgang Breyha)
1399
b7487bce
PP
1400PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
1401 If dropping privileges for untrusted macros, we disabled normal logging
1402 on the basis that it would fail; for the Exim run-time user, this is not
1403 the case, and it resulted in successful deliveries going unlogged.
1404 Fixed. Reported by Andreas Metzler.
1405
8c07b69f 1406
97fd1e48 1407Exim version 4.73
ed7f7860 1408-----------------
97fd1e48
PP
1409
1410PP/01 Date: & Message-Id: revert to normally being appended to a message,
1411 only prepend for the Resent-* case. Fixes regression introduced in
1412 Exim 4.70 by NM/22 for Bugzilla 607.
1413
6901c596
PP
1414PP/02 Include check_rfc2047_length in configure.default because we're seeing
1415 increasing numbers of administrators be bitten by this.
1416
a8c8d6b5
JJ
1417JJ/01 Added DISABLE_DKIM and comment to src/EDITME
1418
77bb000f
PP
1419PP/03 Bugzilla 994: added openssl_options main configuration option.
1420
a29e5231
PP
1421PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
1422
ec5a0394 1423PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports.
a29e5231 1424
55c75993
PP
1425PP/06 Adjust NTLM authentication to handle SASL Initial Response.
1426
453a6645 1427PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
ec5a0394
PP
1428 without a peer certificate, leading to a segfault because of an
1429 assumption that peers always have certificates. Be a little more
453a6645
PP
1430 paranoid. Problem reported by Martin Tscholak.
1431
8544e77a
PP
1432PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
1433 filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
1434 NB: ClamAV planning to remove STREAM in "middle of 2010".
3346ab01
PP
1435 CL also introduces -bmalware, various -d+acl logging additions and
1436 more caution in buffer sizes.
8544e77a 1437
83e029d5
PP
1438PP/09 Implemented reverse_ip expansion operator.
1439
ed7f7860
PP
1440PP/10 Bugzilla 937: provide a "debug" ACL control.
1441
7d9f747b
PP
1442PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne.
1443
4b2241d2
PP
1444PP/12 Bugzilla 973: Implement --version.
1445
10385c15
PP
1446PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0.
1447
dbc4b90d
PP
1448PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.
1449
532be449
PP
1450PP/15 Bugzilla 816: support multiple condition rules on Routers.
1451
6a8de854 1452PP/16 Add bool_lax{} expansion operator and use that for combining multiple
71265ae9
PP
1453 condition rules, instead of bool{}. Make both bool{} and bool_lax{}
1454 ignore trailing whitespace.
6a8de854 1455
5dc43717
JJ
1456JJ/02 prevent non-panic DKIM error from being sent to paniclog
1457
1458JJ/03 added tcp_wrappers_daemon_name to allow host entries other than
1459 "exim" to be used
55c75993 1460
3346ab01
PP
1461PP/17 Fix malware regression for cmdline scanner introduced in PP/08.
1462 Notification from Dr Andrew Aitchison.
1463
491fab4c
PP
1464PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's
1465 ExtendedDetectionInfo response format.
1466 Notification from John Horne.
1467
13eb9497
PP
1468PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards
1469 compatible.
1470
1471PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http:
1472 XSL and documented dependency on system catalogs, with examples of how
1473 it normally works.
1474
7f36d675
DW
1475DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
1476 access.
1477
c1d94452
DW
1478DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
1479 of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
1480 configuration file which is writeable by the Exim user or group.
1481
e2f5dc15
DW
1482DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
1483 of configuration files to cover files specified with the -C option if
1484 they are going to be used with root privileges, not just the default
1485 configuration file.
1486
cd25e41d
DW
1487DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
1488 option (effectively making it always true).
1489
261dc43e
DW
1490DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
1491 files to be used while preserving root privileges.
1492
fa32850b
DW
1493DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
1494 that rogue child processes cannot use them.
1495
79d4bc3d
PP
1496PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim
1497 run-time user, instead of root.
1498
43236f35 1499PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the
2cfd3221
PP
1500 Exim run-time user without dropping privileges.
1501
fb08281f
DW
1502DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
1503 result string, instead of calling string_vformat() twice with the same
1504 arguments.
3346ab01 1505
74935b98
DW
1506DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not
1507 for other users. Others should always drop root privileges if they use
1508 -C on the command line, even for a whitelisted configure file.
1509
90b6341f
DW
1510DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes.
1511
57730b52
ML
1512NM/01 Fixed bug #1002 - Message loss when using multiple deliveries
1513
66581d1e 1514
465e92cf
JJ
1515Exim version 4.72
1516-----------------
1517
453a6645
PP
1518JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
1519 $data_path, and $header_path variables; fixed documentation bugs and
1520 typos
465e92cf 1521
453a6645
PP
1522JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
1523 exipick to access non-standard spools, including the "frozen" queue
1524 (Finput)
edae0343 1525
9bd3e22c
NM
1526NM/01 Bugzilla 965: Support mysql stored procedures.
1527 Patch from Alain Williams
1528
bb576ff7
NM
1529NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD
1530
5a1a5845
NM
1531NM/03 Bugzilla 955: Documentation fix for max_rcpts.
1532 Patch from Andreas Metzler
1533
981a9fad
NM
1534NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator.
1535 Patch from Kirill Miazine
1536
7fc497ee
NM
1537NM/05 Bugzilla 671: Added umask to procmail example.
1538
1a41defa
JJ
1539JJ/03 installed exipick 20100323.0, fixing doc bug
1540
a466095c 1541NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail
b26eacf1 1542 directory. Notification and patch from Dan Rosenberg.
a466095c 1543
94a6bd0b
NM
1544TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1.
1545
1546TK/02 Improve log output when DKIM signing operation fails.
1547
1548MH/01 Treat the transport option dkim_domain as a colon separated
1549 list, not as a single string, and sign the message with each element,
1550 omitting multiple occurences of the same signer.
1551
c1b141a8
NM
1552NM/07 Null terminate DKIM strings, Null initialise DKIM variable
1553 Bugzilla 985, 986. Patch by Simon Arlott
94a6bd0b 1554
b26eacf1 1555NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related)
0d0c6357
NM
1556 Patch by Simon Arlott
1557
179c5980 1558PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on
b26eacf1 1559 MBX locking. Notification from Dan Rosenberg.
179c5980 1560
9bd3e22c 1561
7c6d71af
NM
1562Exim version 4.71
1563-----------------
1564
7d9f747b 1565TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body.
7c6d71af 1566
f013fb92
NM
1567NM/01 Bugzilla 913: Documentation fix for gnutls_* options.
1568
0eb8eedd
NM
1569NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults.
1570
663ee6d9
NM
1571NM/03 Bugzilla 847: Enable DNSDB lookup by default.
1572
177ebd9b
NM
1573NM/04 Bugzilla 915: Flag broken perl installation during build.
1574
7c6d71af 1575
210f147e
NM
1576Exim version 4.70
1577-----------------
1578
cdd3bb85 1579TK/01 Added patch by Johannes Berg that expands the main option
e739e3d9 1580 "spamd_address" if it starts with a dollar sign.
cdd3bb85
TK
1581
1582TK/02 Write list of recipients to X-Envelope-Sender header when building
1583 the mbox-format spool file for content scanning (suggested by Jakob
7d9f747b 1584 Hirsch).
cdd3bb85
TK
1585
1586TK/03 Added patch by Wolfgang Breyha that adds experimental DCC
1587 (http://www.dcc-servers.net/) support via dccifd. Activated by
e739e3d9 1588 setting EXPERIMENTAL_DCC=yes in Local/Makefile.
cdd3bb85
TK
1589
1590TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted
1591 by Mark Daniel Reidel <mr@df.eu>.
1592
210f147e
NM
1593NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree.
1594 When building exim an external PCRE library is now needed -
1595 PCRE is a system library on the majority of modern systems.
1596 See entry on PCRE_LIBS in EDITME file.
1597
deafd5b3
NM
1598NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator
1599 conversation. Added nologin parameter to request.
7d9f747b 1600 Patch contributed by Kirill Miazine.
deafd5b3 1601
089793a4
TF
1602TF/01 Do not log submission mode rewrites if they do not change the address.
1603
5f16ca82
TF
1604TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c.
1605
dae9d94e 1606NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty
7d9f747b 1607 log files in place. Contributed by Roberto Lima.
dae9d94e 1608
7d9f747b 1609NM/04 Bugzilla 667: Close socket used by dovecot authenticator.
3f0da4d0 1610
06864c44
TF
1611TF/03 Bugzilla 615: When checking the local_parts router precondition
1612 after a local_part_suffix or local_part_prefix option, Exim now
1613 does not use the address's named list lookup cache, since this
1614 contains cached lookups for the whole local part.
1615
65a7d8c3 1616NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by
7d9f747b 1617 Robert Millan. Documentation is in experimental-spec.txt.
65a7d8c3 1618
23510047 1619TF/04 Bugzilla 668: Fix parallel build (make -j).
65a7d8c3 1620
7d9f747b 1621NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000.
5f28a6e8 1622
7d8eec3a 1623NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling.
7d9f747b 1624 Patch provided by Jan Srzednicki.
6c588e74 1625
89dec7b6
TF
1626TF/05 Leading white space used to be stripped from $spam_report which
1627 wrecked the formatting. Now it is preserved.
5f28a6e8 1628
a99de90c
TF
1629TF/06 Save $spam_score, $spam_bar, and $spam_report in spool files, so
1630 that they are available at delivery time.
1631
e2803e40
TF
1632TF/07 Fix the way ${extract is skipped in the untaken branch of a conditional.
1633
7199e1ee
TF
1634TF/08 TLS error reporting now respects the incoming_interface and
1635 incoming_port log selectors.
1636
e276e04b
TF
1637TF/09 Produce a more useful error message if an SMTP transport's hosts
1638 setting expands to an empty string.
1639
ce552449 1640NM/06 Bugzilla 744: EXPN did not work under TLS.
7d9f747b 1641 Patch provided by Phil Pennock.
ce552449 1642
e765a0f1 1643NM/07 Bugzilla 769: Extraneous comma in usage fprintf
7d9f747b 1644 Patch provided by Richard Godbee.
e765a0f1 1645
4f054c63 1646NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be
447de4b0 1647 acl_smtp_notquit, added index entry.
4f054c63 1648
7d9f747b
PP
1649NM/09 Bugzilla 787: Potential buffer overflow in string_format.
1650 Patch provided by Eugene Bujak.
24c929a2 1651
7d9f747b
PP
1652NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to
1653 accept(). Patch provided by Maxim Dounin.
cf73943b 1654
b52bc06e 1655NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero.
7d9f747b 1656 Patch provided by Phil Pennock.
b52bc06e 1657
447de4b0
NM
1658NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists.
1659
4c69d561 1660NM/13 Bugzilla 590: Correct handling of Resent-Date headers.
7d9f747b 1661 Patch provided by Brad "anomie" Jorsch.
4c69d561 1662
d5c39246 1663NM/14 Bugzilla 622: Added timeout setting to transport filter.
7d9f747b 1664 Patch provided by Dean Brooks.
9b989985 1665
0b23848a
TK
1666TK/05 Add native DKIM support (does not depend on external libraries).
1667
8f3414a1 1668NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful.
7d9f747b 1669 Patch provided by Graeme Fowler.
e2aacdfd 1670
fb6f955d
NM
1671NM/16 Bugzilla 851: Documentation example syntax fix.
1672
1673NM/17 Changed NOTICE file to remove references to embedded PCRE.
8f3414a1 1674
7d9f747b
PP
1675NM/18 Bugzilla 894: Fix issue with very long lines including comments in
1676 lsearch.
dbb0bf41 1677
7d9f747b
PP
1678NM/19 Bugzilla 745: TLS version reporting.
1679 Patch provided by Phil Pennock.
f3766eb5 1680
7d9f747b
PP
1681NM/20 Bugzilla 167: bool: condition support.
1682 Patch provided by Phil Pennock.
36f12725 1683
7d9f747b
PP
1684NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken
1685 clients. Patch provided by Phil Pennock.
e6060e2c 1686
7d9f747b
PP
1687NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date.
1688 Patch provided by Brad "anomie" Jorsch.
5eb690a1 1689
7d9f747b
PP
1690NM/23 Bugzilla 687: Fix misparses in eximstats.
1691 Patch provided by Heiko Schlittermann.
d5c13d66 1692
7d9f747b
PP
1693NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid.
1694 Patch provided by Heiko Schlittermann.
b2335c0b 1695
7d9f747b 1696NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file.
1da77999 1697 plus update to original patch.
f4cd9433 1698
7d9f747b 1699NM/26 Bugzilla 799: Documentation correction for ratelimit.
dc988b7e 1700
7d9f747b
PP
1701NM/27 Bugzilla 802: Improvements to local interface IP addr detection.
1702 Patch provided by David Brownlee.
8dc71ab3 1703
7d9f747b 1704NM/28 Bugzilla 807: Improvements to LMTP delivery logging.
400eda43 1705
7d9f747b 1706NM/29 Bugzilla 862, 866, 875: Documentation bugfixes.
ec5a421b 1707
7d9f747b 1708NM/30 Bugzilla 888: TLS documentation bugfixes.
07af267e 1709
7d9f747b 1710NM/31 Bugzilla 896: Dovecot buffer overrun fix.
51473862 1711
17792b53 1712NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --"
7d9f747b 1713 Unlike the original bugzilla I have changed all shell scripts in src tree.
17792b53 1714
7d9f747b
PP
1715NM/33 Bugzilla 898: Transport filter timeout fix.
1716 Patch by Todd Rinaldo.
52383f8f 1717
91576cec 1718NM/34 Bugzilla 901: Fix sign/unsigned and UTF mismatches.
7d9f747b 1719 Patch by Serge Demonchaux.
5ca6d115 1720
7d9f747b
PP
1721NM/35 Bugzilla 39: Base64 decode bug fixes.
1722 Patch by Jakob Hirsch.
baee9eee 1723
7d9f747b 1724NM/36 Bugzilla 909: Correct connect() call in dcc code.
e93a964c 1725
7d9f747b 1726NM/37 Bugzilla 910: Correct issue with relaxed/simple handling.
9bf3d68f 1727
7d9f747b 1728NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed.
96535b98 1729
7d9f747b 1730NM/39 Bugzilla 911: Fixed MakeLinks build script.
30339e0f 1731
deafd5b3 1732
47db1125
NM
1733Exim version 4.69
1734-----------------
1735
4b3504d0
TK
1736TK/01 Add preliminary DKIM support. Currently requires a forked version of
1737 ALT-N's libdkim that I have put here:
1738 http://duncanthrax.net/exim-experimental/
1739
1740 Note to Michael Haardt: I had to rename some vars in sieve.c. They
1741 were called 'true' and it seems that C99 defines that as a reserved
1742 keyword to be used with 'bool' variable types. That means you could
1743 not include C99-style headers which use bools without triggering
1744 build errors in sieve.c.
1745
81ea09ca
NM
1746NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
1747 as mailq or other aliases. Changed the --help handling significantly
1748 to do whats expected. exim_usage() emits usage/help information.
1749
f13cddcb
SC
1750SC/01 Added the -bylocaldomain option to eximstats.
1751
7d9f747b 1752NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr.
8ad076b2 1753
7d9f747b 1754NM/03 Bugzilla 613: Documentation fix for acl_not_smtp.
a843aaa6 1755
7d9f747b 1756NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall).
47db1125
NM
1757
1758
eb4c0de6
PH
1759Exim version 4.68
1760-----------------
1761
1762PH/01 Another patch from the Sieve maintainer.
1763
6a3bceb1
PH
1764PH/02 When an IPv6 address is converted to a string for single-key lookup
1765 in an address list (e.g. for an item such as "net24-dbm;/net/works"),
1766 dots are used instead of colons so that keys in lsearch files need not
1767 contain colons. This was done some time before quoting was made available
1768 in lsearch files. However, iplsearch files do require colons in IPv6 keys
1769 (notated using the quote facility) so as to distinguish them from IPv4
1770 keys. This meant that lookups for IP addresses in host lists did not work
1771 for iplsearch lookups.
1772
1773 This has been fixed by arranging for IPv6 addresses to be expressed with
1774 colons if the lookup type is iplsearch. This is not incompatible, because
1775 previously such lookups could never work.
1776
1777 The situation is now rather anomolous, since one *can* have colons in
1778 ordinary lsearch keys. However, making the change in all cases is
1779 incompatible and would probably break a number of configurations.
1780
2e30fa9d
TK
1781TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
1782 version.
1783
0806a9c5
MH
1784MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
1785 conversion specification without a maximum field width, thereby enabling
1786 a rogue spamd server to cause a buffer overflow. While nobody in their
1787 right mind would setup Exim to query an untrusted spamd server, an
1788 attacker that gains access to a server running spamd could potentially
1789 exploit this vulnerability to run arbitrary code as the Exim user.
1790
ae276964
TK
1791TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
1792 $primary_hostname instead of what libspf2 thinks the hosts name is.
1793
0f2cbd1b
MH
1794MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
1795 a directory entry by the name of the lookup key. Previously, if a
1796 symlink pointed to a non-existing file or a file in a directory that
1797 Exim lacked permissions to read, a lookup for a key matching that
1798 symlink would fail. Now it is enough that a matching directory entry
1799 exists, symlink or not. (Bugzilla 503.)
1800
2b85bce7
PH
1801PH/03 The body_linecount and body_zerocount variables are now exported in the
1802 local_scan API.
1803
93655c46
PH
1804PH/04 Added the $dnslist_matched variable.
1805
6c512171
PH
1806PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
1807 This means they are set thereafter only if the connection becomes
1808 encrypted.
1809
1810PH/06 Added the client_condition to authenticators so that some can be skipped
1811 by clients under certain conditions.
1812
aa6dc513
PH
1813PH/07 The error message for a badly-placed control=no_multiline_responses left
1814 "_responses" off the end of the name.
1815
a96603a0
PH
1816PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
1817
8f240103
PH
1818PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
1819 (without spaces) instead of just copying the configuration text.
1820
1821PH/10 Added the /noupdate option to the ratelimit ACL condition.
1822
d677b2f2
PH
1823PH/11 Added $max_received_linelength.
1824
d52120f2
PH
1825PH/12 Added +ignore_defer and +include_defer to host lists.
1826
64f2600a
PH
1827PH/13 Installed PCRE version 7.2. This needed some changes because of the new
1828 way in which PCRE > 7.0 is built.
1829
8669f003
PH
1830PH/14 Implemented queue_only_load_latch.
1831
a4dc33a8
PH
1832PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
1833 MAIL command. The effect was to mangle the value on 64-bit systems.
1834
d6a60c0f
PH
1835PH/16 Another patch from the Sieve maintainer.
1836
8f128379
PH
1837PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
1838
8932dffe
PH
1839PH/18 If a system quota error occurred while trying to create the file for
1840 a maildir delivery, the message "Mailbox is full" was not appended to the
1841 bounce if the delivery eventually timed out. Change 4.67/27 below applied
1842 only to a quota excession during the actual writing of the file.
d6a60c0f 1843
ddea74fa 1844PH/19 It seems that peer DN values may contain newlines (and other non-printing
48ed62d9
PH
1845 characters?) which causes problems in log lines. The DN values are now
1846 passed through string_printing() before being added to log lines.
1847
ddea74fa 1848PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
b7670459
PH
1849 and InterBase are left for another time.)
1850
ddea74fa
PH
1851PH/21 Added message_body_newlines option.
1852
ce9f225c
PH
1853PH/22 Guard against possible overflow in moan_check_errorcopy().
1854
19897d52
PH
1855PH/23 POSIX allows open() to be a macro; guard against that.
1856
bc64a74d
PH
1857PH/24 If the recipient of an error message contained an @ in the local part
1858 (suitably quoted, of course), incorrect values were put in $domain and
1859 $local_part during the evaluation of errors_copy.
1860
eb4c0de6 1861
b4ed4da0
PH
1862Exim version 4.67
1863-----------------
1864
22ad45c9
MH
1865MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address
1866 is unset (happens when testing with -bh and -oMi isn't used). Thanks to
1867 Jan Srzednicki.
1868
b4ed4da0
PH
1869PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not
1870 issue a MAIL command.
1871
431b7361
PH
1872PH/02 In an ACL statement such as
1873
1874 deny dnslists = X!=127.0.0.2 : X=127.0.0.2
1875
1876 if a client was not listed at all, or was listed with a value other than
1877 127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list,
1878 the condition was not true (as it should be), so access was not denied.
1879 The bug was that the ! inversion was incorrectly passed on to the second
1880 item. This has been fixed.
1881
1882PH/03 Added additional dnslists conditions == and =& which are different from
1883 = and & when the dns lookup returns more than one IP address.
1884
83da1223
PH
1885PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the
1886 cipher suites used by GnuTLS. These options are ignored by OpenSSL.
1887
54fc8428
PH
1888PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_
1889 FSYNC, which compiles an option called disable_fsync that allows for
1890 bypassing fsync(). The documentation is heavily laced with warnings.
1891
34c5e8dd
SC
1892SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket.
1893
bbe15da8
PH
1894PH/06 Some tidies to the infrastructure of the Test Suite that is concerned
1895 with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT
1896 to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile,
1897 including adding "make clean"; (3) Added -fPIC when compiling the test
1898 dynamically loaded module, to get rid of a warning.
1899
0e8a9471
MH
1900MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce
1901 message fails, move_frozen_messages = true and ignore_bounce_errors_after
1902 = 0s. The bug is otherwise harmless.
1903
f0872424
PH
1904PH/07 There was a bug in the dovecot authenticator such that the value of
1905 $auth1 could be overwritten, and so not correctly preserved, after a
1906 successful authentication. This usually meant that the value preserved by
1907 the server_setid option was incorrect.
1908
b01dd148
PH
1909PH/08 Added $smtp_count_at_connection_start, deliberately with a long name.
1910
6bf342e1
PH
1911PH/09 Installed PCRE release 7.0.
1912
273f34d0
PH
1913PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being
1914 run for batched SMTP input. It is now run at the start of every message
1915 in the batch. While fixing this I discovered that the process information
1916 (output by running exiwhat) was not always getting set for -bs and -bS
1917 input. This is fixed, and it now also says "batched" for BSMTP.
1918
cf8b11a5
PH
1919PH/11 Added control=no_pipelining.
1920
41c7c167
PH
1921PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's
1922 patch, slightly modified), and move the expansion of helo_data till after
1923 the connection is made in the smtp transport (so it can use these
1924 values).
1925
9c57cbc0
PH
1926PH/13 Added ${rfc2047d: to decoded RFC 2047 strings.
1927
f3f065bb
PH
1928PH/14 Added log_selector = +pid.
1929
047bdd8c
PH
1930PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set.
1931
0ce9abe6
PH
1932PH/16 Add ${if forany and ${if forall.
1933
0e22dfd1
PH
1934PH/17 Added dsn_from option to vary the From: line in DSNs.
1935
4c590bd1
PH
1936PH/18 Flush SMTP output before performing a callout, unless control =
1937 no_callout_flush is set.
1938
09945f1e
PH
1939PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender
1940 was true (the default) a successful delivery failed to delete the retry
1941 item, thus causing premature timeout of the address. The bug is now
1942 fixed.
1943
c51b8e75
PH
1944PH/20 Added hosts_avoid_pipelining to the smtp transport.
1945
e28326d8
PH
1946PH/21 Long custom messages for fakedefer and fakereject are now split up
1947 into multiline reponses in the same way that messages for "deny" and
1948 other ACL rejections are.
1949
75b1493f
PH
1950PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep,
1951 with slight modification.
1952
7c5214ec
PH
1953PH/23 Applied sieve patches from the maintainer "tracking the latest notify
1954 draft, changing the syntax and factoring some duplicate code".
1955
4311097e
PH
1956PH/24 When the log selector "outgoing_port" was set, the port was shown as -1
1957 for deliveries of the second and subsequent messages over the same SMTP
1958 connection.
1959
29f89cad
PH
1960PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and
1961 ${reduce, with only minor "tidies".
1962
5e687460
SC
1963SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match.
1964
c3611384
PH
1965PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its
1966 expansion side effects.
1967
5a11a7b4
PH
1968PH/27 When a message times out after an over-quota error from an Exim-imposed
1969 quota, the bounce message says "mailbox is full". This message was not
1970 being given when it was a system quota that was exceeded. It now should
1971 be the same.
1972
0e20aff9
MH
1973MH/03 Made $recipients available in local_scan(). local_scan() already has
1974 better access to the recipient list through recipients_list[], but
1975 $recipients can be useful in postmaster-provided expansion strings.
1976
ca86f471
PH
1977PH/28 The $smtp_command and $smtp_command_argument variables were not correct
1978 in the case of a MAIL command with additional options following the
1979 address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings
1980 were accidentally chopped off.
1981
a14e5636
PH
1982PH/29 SMTP synchronization checks are implemented when a command is read -
1983 there is a check that no more input is waiting when there shouldn't be
1984 any. However, for some commands, a delay in an ACL can mean that it is
1985 some time before the response is written. In this time, more input might
1986 arrive, invalidly. So now there are extra checks after an ACL has run for
1987 HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when
1988 pipelining has not been advertised.
1989
ec95d1a6
PH
1990PH/30 MH's patch to allow iscntrl() characters to be list separators.
1991
42855d71
PH
1992PH/31 Unlike :fail:, a custom message specified with :defer: was not being
1993 returned in the SMTP response when smtp_return_error_details was false.
1994 This has been fixed.
1995
57c2c631
PH
1996PH/32 Change the Dovecot authenticator to use read() and write() on the socket
1997 instead of the C I/O that was originally supplied, because problems were
1998 reported on Solaris.
1999
58c01c94
PH
2000PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in
2001 Exim which did not show up earlier: it was assuming that a call to
2002 SSL_CTX_set_info_callback() might give an error value. In fact, there is
2003 no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback()
2004 was a macro that became an assignment, so it seemed to work. This has
2005 changed to a proper function call with a void return, hence the compile
2006 error. Exim's code has been fixed.
2007
dee5a20a
PH
2008PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit
2009 cpus.
2010
d2ee6114
PH
2011PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify".
2012
b2d5182b
PH
2013PH/36 Applied John Jetmore's patch to add -v functionality to exigrep.
2014
79749a79
PH
2015PH/37 If a message is not accepted after it has had an id assigned (e.g.
2016 because it turns out to be too big or there is a timeout) there is no
3ce62588
PH
2017 "Completed" line in the log. When some messages of this type were
2018 selected by exigrep, they were listed as "not completed". Others were
2019 picked up by some special patterns. I have improved the selection
2020 criteria to be more general.
79749a79 2021
c456d9bb
PH
2022PH/38 The host_find_failed option in the manualroute router can now be set
2023 to "ignore", to completely ignore a host whose IP address cannot be
2024 found. If all hosts are ignored, the behaviour is controlled by the new
2025 host_all_ignored option.
2026
cd9868ec
PH
2027PH/39 In a list of hosts for manualroute, if one item (either because of multi-
2028 homing or because of multiple MX records with /mx) generated more than
2029 one IP address, and the following item turned out to be the local host,
2030 all the secondary addresses of the first item were incorrectly removed
2031 from the list, along with the local host and any following hosts (which
2032 is what is supposed to happen).
2033
ebeaf996
PH
2034PH/40 When Exim receives a message, it writes the login name, uid, and gid of
2035 whoever called Exim into the -H file. In the case of the daemon it was
2036 behaving confusingly. When first started, it used values for whoever
2037 started the daemon, but after a SIGHUP it used the Exim user (because it
2038 calls itself on a restart). I have changed the code so that it now always
2039 uses the Exim user.
2040
2679d413
PH
2041PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a
2042 message are rejected with the same error (e.g. no authentication or bad
2043 sender address), and a DATA command is nevertheless sent (as can happen
2044 with PIPELINING or a stupid MUA), the error message that was given to the
2045 RCPT commands is included in the rejection of the DATA command. This is
2046 intended to be helpful for MUAs that show only the final error to their
2047 users.
2048
84024b72
PH
2049PH/42 Another patch from the Sieve maintainer.
2050
8005d38e
SC
2051SC/02 Eximstats - Differentiate between permanent and temporary rejects.
2052 Eximstats - Fixed some broken HTML links and added missing column headers
2053 (Jez Hancock).
2054 Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email
2055 columns for Rejects, Temp Rejects, Ham, and Spam rows.
2056
3298c6c6
SC
2057SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables.
2058
a43a27c5
PH
2059PH/43 Yet another patch from the Sieve maintainer.
2060
58eb016e 2061PH/44 I found a way to check for a TCP/IP connection going away before sending
563b63fa
PH
2062 the response to the final '.' that terminates a message, but only in the
2063 case where the client has not sent further data following the '.'
2064 (unfortunately, this is allowed). However, in many cases there won't be
2065 any further data because there won't be any more messages to send. A call
2066 to select() can be used: if it shows that the input is "ready", there is
2067 either input waiting, or the socket has been closed. An attempt to read
2068 the next input character can distinguish the two cases. Previously, Exim
58eb016e 2069 would have sent an OK response which the client would never have see.
563b63fa
PH
2070 This could lead to message repetition. This fix should cure that, at
2071 least in a lot of common cases.
58eb016e 2072
b43a74ea
PH
2073PH/45 Do not advertise STARTTLS in response to HELP unless it would be
2074 advertised in response to EHLO.
2075
b4ed4da0 2076
5dd1517f
PH
2077Exim version 4.66
2078-----------------
2079
2080PH/01 Two more bugs that were introduced by 4.64/PH/07, in addition to the one
2081 fixed by 4.65/MH/01 (is this a record?) are fixed:
2082
2083 (i) An empty string was always treated as zero by the numeric comparison
2084 operators. This behaviour has been restored.
2085
2086 (ii) It is documented that the numeric comparison operators always treat
2087 their arguments as decimal numbers. This was broken in that numbers
2088 starting with 0 were being interpreted as octal.
2089
2090 While fixing these problems I realized that there was another issue that
2091 hadn't been noticed. Values of message_size_limit (both the global option
2092 and the transport option) were treated as octal if they started with 0.
2093 The documentation was vague. These values are now always treated as
2094 decimal, and I will make that clear in the documentation.
2095
2096
93cfa765
TK
2097Exim version 4.65
2098-----------------
2099
2100TK/01 Disable default definition of HAVE_LINUX_SENDFILE. Clashes with
2101 Linux large file support (_FILE_OFFSET_BITS=64) on older glibc
2102 versions. (#438)
2103
d6066548
MH
2104MH/01 Don't check that the operands of numeric comparison operators are
2105 integers when their expansion is in "skipping" mode (fixes bug
2106 introduced by 4.64-PH/07).
2107
4362ff0d
PH
2108PH/01 If a system filter or a router generates more than SHRT_MAX (32767)
2109 child addresses, Exim now panics and dies. Previously, because the count
2110 is held in a short int, deliveries were likely to be lost. As such a
2111 large number of recipients for a single message is ridiculous
2112 (performance will be very, very poor), I have chosen to impose a limit
2113 rather than extend the field.
2114
93cfa765 2115
944e9e9c
TF
2116Exim version 4.64
2117-----------------
aa41d2de 2118
21d74bd9
TK
2119TK/01 Bugzilla #401. Fix DK spooling code so that it can overwrite a
2120 leftover -K file (the existence of which was triggered by #402).
2121 While we were at it, introduced process PID as part of the -K
2122 filename. This should rule out race conditions when creating
2123 these files.
2124
2125TK/02 Bugzilla #402. Apply patch from Simon Arlott, speeding up DK signing
2126 processing considerably. Previous code took too long for large mails,
2127 triggering a timeout which in turn triggers #401.
2128
2129TK/03 Introduced HAVE_LINUX_SENDFILE to os.h-Linux. Currently only used
2130 in the DK code in transports.c. sendfile() is not really portable,
2131 hence the _LINUX specificness.
944e9e9c
TF
2132
2133TF/01 In the add_headers option to the mail command in an Exim filter,
2134 there was a bug that Exim would claim a syntax error in any
2135 header after the first one which had an odd number of characters
2136 in the field name.
2137
2b1c6e3a
PH
2138PH/01 If a server that rejects MAIL FROM:<> was the target of a sender
2139 callout verification, Exim cached a "reject" for the entire domain. This
2140 is correct for most verifications, but it is not correct for a recipient
2141 verification with use_sender or use_postmaster set, because in that case
2142 the callout does not use MAIL FROM:<>. Exim now distinguishes the special
2143 case of MAIL FROM:<> rejection from other early rejections (e.g.
2144 rejection of HELO). When verifying a recipient using a non-null MAIL
2145 address, the cache is ignored if it shows MAIL FROM:<> rejection.
2146 Whatever the result of the callout, the value of the domain cache is
2147 left unchanged (for any other kind of callout, getting as far as trying
2148 RCPT means that the domain itself is ok).
2149
1f872c80
PH
2150PH/02 Tidied a number of unused variable and signed/unsigned warnings that
2151 gcc 4.1.1 threw up.
2152
2153PH/03 On Solaris, an unexpectedly close socket (dropped connection) can
2154 manifest itself as EPIPE rather than ECONNECT. When tidying away a
2155 session, the daemon ignores ECONNECT errors and logs others; it now
2156 ignores EPIPE as well.
2157
d203e649
PH
2158PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c
2159 (quoted-printable decoding).
2160
cc2ed8f7 2161PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and
21a04aa3 2162 later the small subsequent patch to fix an introduced bug.
f951fd57 2163
ddfcd446
PH
2164PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer.
2165
d45b1de8
PH
2166PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}.
2167
2168PH/08 An error is now given if message_size_limit is specified negative.
2169
38a0a95f 2170PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables
641cb756 2171 to be given (somewhat) arbitrary names.
38a0a95f 2172
a2405d83
JJ
2173JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced
2174 in 4.64-PH/09.
2175
2176JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions,
2177 miscellaneous code fixes
2178
6ea85e9a
PH
2179PH/10 Added the log_reject_target ACL modifier to specify where to log
2180 rejections.
2181
26da7e20
PH
2182PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_
2183 hostname. This is wrong, because it relates to the incoming message (and
2184 probably the interface on which it is arriving) and not to the outgoing
2185 callout (which could be using a different interface). This has been
2186 changed to use the value of the helo_data option from the smtp transport
2187 instead - this is what is used when a message is actually being sent. If
2188 there is no remote transport (possible with a router that sets up host
2189 addresses), $smtp_active_hostname is used.
6ea85e9a 2190
14aa5a05 2191PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various
7befa435 2192 tweaks were necessary in order to get it to work (see also 21 below):
14aa5a05
PH
2193 (a) The code assumed that strncpy() returns a negative number on buffer
2194 overflow, which isn't the case. Replaced with Exim's string_format()
2195 function.
2196 (b) There were several signed/unsigned issues. I just did the minimum
2197 hacking in of casts. There is scope for a larger refactoring.
2198 (c) The code used strcasecmp() which is not a standard C function.
2199 Replaced with Exim's strcmpic() function.
2200 (d) The code set only $1; it now sets $auth1 as well.
2201 (e) A simple test gave the error "authentication client didn't specify
2202 service in request". It would seem that Dovecot has changed its
2203 interface. Fortunately there's a specification; I followed it and
2204 changed what the client sends and it appears to be working now.
2205
ff75a1f7
PH
2206PH/13 Added $message_headers_raw to provide the headers without RFC 2047
2207 decoding.
2208
e6f6568e
PH
2209PH/14 Corrected misleading output from -bv when -v was also used. Suppose the
2210 address A is aliased to B and C, where B exists and C does not. Without
2211 -v the output is "A verified" because verification stops after a
2212 successful redirection if more than one address is generated. However,
2213 with -v the child addresses are also verified. Exim was outputting "A
2214 failed to verify" and then showing the successful verification for C,
2215 with its parentage. It now outputs "B failed to verify", showing B's
2216 parentage before showing the successful verification of C.
2217
d6f6e0dc
PH
2218PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to
2219 look up a TXT record in a specific list after matching in a combined
2220 list.
2221
322050c2
PH
2222PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and
2223 RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when
2224 they consult the DNS. I had assumed they would set it the way they
2225 wanted; and indeed my experiments on Linux seem to show that in some
2226 cases they do (I could influence IPv6 lookups but not IPv4 lookups).
2227 To be on the safe side, however, I have now made the interface to
2228 host_find_byname() similar to host_find_bydns(), with an argument
2229 containing the DNS resolver options. The host_find_byname() function now
2230 sets these options at its start, just as host_find_bydns() does. The smtp
2231 transport options dns_qualify_single and dns_search_parents are passed to
2232 host_find_byname() when gethostbyname=TRUE in this transport. Other uses
2233 of host_find_byname() use the default settings of RES_DEFNAMES
2234 (qualify_single) but not RES_DNSRCH (search_parents).
2235
08955dd3
PH
2236PH/17 Applied (a modified version of) Nico Erfurth's patch to make
2237 spool_read_header() do less string testing, by means of a preliminary
2238 switch on the second character of optional "-foo" lines. (This is
2239 overdue, caused by the large number of possibilities that now exist.
2240 Originally there were few.) While I was there, I also converted the
2241 str(n)cmp tests so they don't re-test the leading "-" and the first
2242 character, in the hope this might squeeze out yet more improvement.
2243
1eccaa59
PH
2244PH/18 Two problems with "group" syntax in header lines when verifying: (1) The
2245 flag allowing group syntax was set by the header_syntax check but not
2246 turned off, possible causing trouble later; (2) The flag was not being
2247 set at all for the header_verify test, causing "group"-style headers to
2248 be rejected. I have now set it in this case, and also caused header_
2249 verify to ignore an empty address taken from a group. While doing this, I
2250 came across some other cases where the code for allowing group syntax
2251 while scanning a header line wasn't quite right (mostly, not resetting
2252 the flag correctly in the right place). These bugs could have caused
2253 trouble for malformed header lines. I hope it is now all correct.
2254
602e59e5
PH
2255PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called
2256 with the "reply" argument non-NULL. The code, however (which originally
2257 came from elsewhere) had *some* tests for NULL when it wrote to *reply,
2258 but it didn't always do it. This confused somebody who was copying the
2259 code for some other use. I have removed all the tests.
2260
411ef850
PH
2261PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a
2262 feature that was used to support insecure browsers during the U.S. crypto
2263 embargo. It requires special client support, and Exim is probably the
2264 only MTA that supported it -- and would never use it because real RSA is
2265 always available. This code has been removed, because it had the bad
2266 effect of slowing Exim down by computing (never used) parameters for the
2267 RSA_EXPORT functionality.
2268
7befa435
PH
2269PH/21 On the advice of Timo Sirainen, added a check to the dovecot
2270 authenticator to fail if there's a tab character in the incoming data
2271 (there should never be unless someone is messing about, as it's supposed
2272 to be base64-encoded). Also added, on Timo's advice, the "secured" option
2273 if the connection is using TLS or if the remote IP is the same as the
2274 local IP, and the "valid-client-cert option" if a client certificate has
2275 been verified.
2276
48da4259 2277PH/22 As suggested by Dennis Davis, added a server_condition option to *all*
16ff981e
PH
2278 authenticators. This can be used for authorization after authentication
2279 succeeds. (In the case of plaintext, it servers for both authentication
2280 and authorization.)
2281
48da4259
PH
2282PH/23 Testing for tls_required and lost_connection in a retry rule didn't work
2283 if any retry times were supplied.
2284
d1d5595c
PH
2285PH/24 Exim crashed if verify=helo was activated during an incoming -bs
2286 connection, where there is no client IP address to check. In this
2287 situation, the verify now always succeeds.
2288
0ef732d9
PH
2289PH/25 Applied John Jetmore's -Mset patch.
2290
328895cc
PH
2291PH/26 Added -bem to be like -Mset, but loading a message from a file.
2292
fd700877
PH
2293PH/27 In a string expansion for a processed (not raw) header when multiple
2294 headers of the same name were present, leading whitespace was being
2295 removed from all of them, but trailing whitespace was being removed only
2296 from the last one. Now trailing whitespace is removed from each header
f6c332bd
PH
2297 before concatenation. Completely empty headers in a concatenation (as
2298 before) are ignored.
fd700877 2299
8dce1a6f
PH
2300PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John
2301 Jetmore). It would have mis-read ACL variables from pre-4.61 spool files.
2302
17af4a17
PH
2303PH/29 [Removed. This was a change that I later backed out, and forgot to
2304 correct the ChangeLog entry (that I had efficiently created) before
2305 committing the later change.]
f6c332bd
PH
2306
2307PH/30 Exim was sometimes attempting to deliver messages that had suffered
2308 address errors (4xx response to RCPT) over the same connection as other
2309 messages routed to the same hosts. Such deliveries are always "forced",
2310 so retry times are not inspected. This resulted in far too many retries
2311 for the affected addresses. The effect occurred only when there were more
2312 hosts than the hosts_max_try setting in the smtp transport when it had
2313 the 4xx errors. Those hosts that it had tried were not added to the list
2314 of hosts for which the message was waiting, so if all were tried, there
2315 was no problem. Two fixes have been applied:
2316
2317 (i) If there are any address or message errors in an SMTP delivery, none
2318 of the hosts (tried or untried) are now added to the list of hosts
2319 for which the message is waiting, so the message should not be a
2320 candidate for sending over the same connection that was used for a
2321 successful delivery of some other message. This seems entirely
2322 reasonable: after all the message is NOT "waiting for some host".
2323 This is so "obvious" that I'm not sure why it wasn't done
2324 previously. Hope I haven't missed anything, but it can't do any
2325 harm, as the worst effect is to miss an optimization.
2326
2327 (ii) If, despite (i), such a delivery is accidentally attempted, the
2328 routing retry time is respected, so at least it doesn't keep
2329 hammering the server.
2330
c1114884
PH
2331PH/31 Installed Andrew Findlay's patch to close the writing end of the socket
2332 in ${readsocket because some servers need this prod.
2333
7a0743eb
PH
2334PH/32 Added some extra debug output when updating a wait-xxx database.
2335
0d85fa3f
PH
2336PH/33 The hint "could be header name not terminated by colon", which has been
2337 given for certain expansion errors for a long time, was not being given
2338 for the ${if def:h_colon_omitted{... case.
2339
1bf43b78
PH
2340PH/34 The spec says: "With one important exception, whenever a domain list is
2341 being scanned, $domain contains the subject domain." There was at least
2342 one case where this was not true.
2343
520de300
PH
2344PH/35 The error "getsockname() failed: connection reset by peer" was being
2345 written to the panic log as well as the main log, but it isn't really
2346 panic-worthy as it just means the connection died rather early on. I have
2347 removed the panic log writing for the ECONNRESET error when getsockname()
2348 fails.
2349
48c7f9e2
PH
2350PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue
2351 runs only) independently of the message's sender address. This meant
2352 that, if the 4xx error was in fact related to the sender, a different
2353 message to the same recipient with a different sender could confuse
2354 things. In particualar, this can happen when sending to a greylisting
2355 server, but other circumstances could also provoke similar problems.
2356 I have changed the default so that the retry time for these errors is now
2357 based a combination of the sender and recipient addresses. This change
2358 can be overridden by setting address_retry_include_sender=false in the
2359 smtp transport.
2360
99ea1c86
PH
2361PH/37 For LMTP over TCP/IP (the smtp transport), error responses from the
2362 remote server are returned as part of bounce messages. This was not
2363 happening for LMTP over a pipe (the lmtp transport), but now it is the
2364 same for both kinds of LMTP.
2365
a2042e78
PH
2366PH/38 Despite being documented as not happening, Exim was rewriting addresses
2367 in header lines that were in fact CNAMEs. This is no longer the case.
2368
4fbcfc2e
PH
2369PH/39 If -R or -S was given with -q<time>, the effect of -R or -S was ignored,
2370 and queue runs started by the daemon processed all messages. This has
2371 been fixed so that -R and -S can now usefully be given with -q<time>.
2372
aa41d2de
PH
2373PH/40 Import PCRE release 6.7 (fixes some bugs).
2374
af561417
PH
2375PH/41 Add bitwise logical operations to eval (courtesy Brad Jorsch).
2376
3cc66b45
PH
2377PH/42 Give an error if -q is specified more than once.
2378
194cc0e4
PH
2379PH/43 Renamed the variables $interface_address and $interface_port as
2380 $received_ip_address and $received_port, to make it clear that these
2381 values apply to message reception, and not to the outgoing interface when
2382 a message is delivered. (The old names remain recognized, of course.)
2383
a401ddaa
PH
2384PH/44 There was no timeout on the connect() call when using a Unix domain
2385 socket in the ${readsocket expansion. There now is.
2386
4e88a19f
PH
2387PH/45 Applied a modified version of Brad Jorsch's patch to allow "message" to
2388 be meaningful with "accept".
2389
d7d7b289
SC
2390SC/01 Eximstats V1.43
2391 Bug fix for V1.42 with -h0 specified. Spotted by Chris Lear.
2392
2393SC/02 Eximstats V1.44
2394 Use a glob alias rather than an array ref in the generated
2395 parser. This improves both readability and performance.
2396
2397SC/03 Eximstats V1.45 (Marco Gaiarin / Steve Campbell)
2398 Collect SpamAssassin and rejection statistics.
2399 Don't display local sender or destination tables unless
2400 there is data to show.
2401 Added average volumes into the top table text output.
2402
2403SC/04 Eximstats V1.46
2404 Collect data on the number of addresses (recipients)
2405 as well as the number of messages.
2406
2407SC/05 Eximstats V1.47
2408 Added 'Message too big' to the list of mail rejection
2409 reasons (thanks to Marco Gaiarin).
2410
2411SC/06 Eximstats V1.48
2412 Mainlog lines which have GMT offsets and are too short to
2413 have a flag are now skipped.
2414
2415SC/07 Eximstats V1.49 (Alain Williams)
2416 Added the -emptyok flag.
2417
2418SC/08 Eximstats V1.50
2419 Fixes for obtaining the IP address from reject messages.
2420
0ea2a468
JJ
2421JJ/03 exipick.20061117.2, made header handling as similar to exim as possible
2422 (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed
2423 whitesspace changes from 4.64-PH/27
2424
2425JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to
2426 match 4.64-PH/13
2427
2428JJ/05 exipick.20061117.2, bug fixes (error out sooner when invalid criteria
2429 are found, allow negative numbers in numeric criteria)
2430
2431JJ/06 exipick.20061117.2, added new $message_body_missing variable
2432
2433JJ/07 exipick.20061117.2, added $received_ip_address and $received_port
2434 to match changes made in 4.64-PH/43
2435
8a10f5a4
PH
2436PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm.
2437
30e18802
PH
2438PH/47 Put in an explicit test for a DNS lookup of an address record where the
2439 "domain" is actually an IP address, and force a failure. This locks out
2440 those revolvers/nameservers that support "A-for-A" lookups, in
2441 contravention of the specifications.
2442
55728a4f
PH
2443PH/48 When a host name was looked up from an IP address, and the subsequent
2444 forward lookup of the name timed out, the host name was left in
2445 $sender_host_name, contrary to the specification.
d7d7b289 2446
d7837193
PH
2447PH/49 Although default lookup types such as lsearch* or cdb*@ have always been
2448 restricted to single-key lookups, Exim was not diagnosing an error if
2449 * or *@ was used with a query-style lookup.
2450
87054a31
PH
2451PH/50 Increased the value of DH_BITS in tls-gnu.c from 768 to 1024.
2452
ea2c01d2
MH
2453MH/01 local_scan ABI version incremented to 1.1. It should have been updated
2454 long ago, but noone interested enough thought of it. Let's just say that
2455 the "1.1" means that there are some new functions that weren't there at
2456 some point in the past.
2457
e4fa6968
PH
2458PH/51 Error processing for expansion failure of helo_data from an smtp
2459 transport during callout processing was broken.
2460
56f5d9bd
PH
2461PH/52 Applied John Jetmore's patch to allow tls-on-connect and STARTTLS to be
2462 tested/used via the -bh/-bhc/-bs options.
2463
922e1c28
PH
2464PH/53 Added missing "#include <time.h>" to pcre/pcretest.c (this was a PCRE
2465 bug, fixed in subsequent PCRE releases).
2466
21eb6e72
PH
2467PH/54 Applied Robert Bannocks' patch to avoid a problem with references that
2468 arises when using the Solaris LDAP libraries (but not with OpenLDAP).
2469
a0540757
PH
2470PH/55 Check for a ridiculously long file name in exim_dbmbuild.
2471
944e9e9c 2472
478be7b0
SC
2473Exim version 4.63
2474-----------------
2475
2476SC/01 Use a glob alias rather than an array ref in eximstats generated
2477 parser. This improves both readability and performance.
2478
2479SC/02 Collect SpamAssassin and rejection statistics in eximstats.
2480 Don't display local sender or destination tables in eximstats unless
2481 there is data to show.
2482 Added average volumes into the eximstats top table text output.
2483
2484SC/03 Collect data on the number of addresses (recipients) as well
2485 as the number of messages in eximstats.
2486
2b965a65
TF
2487TF/01 Correct an error in the documentation for the redirect router. Exim
2488 does (usually) call initgroups() when daemonizing.
478be7b0 2489
45b91596
PH
2490TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs
2491 with consistent privilege compared to when running as a daemon.
478be7b0 2492
c59f5781
TF
2493TF/03 Note in the spec that $authenticated_id is not set for local
2494 submissions from trusted users.
2495
90fc3069
TF
2496TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp.
2497 Thanks to Dean Brooks <dean@iglou.com> for the patch.
2498
6083aca0
TF
2499TF/05 Make it easier to get SMTP authentication and TLS/SSL support working
2500 by adding some example configuration directives to the default
2501 configuration file. A little bit of work is required to uncomment the
2502 directives and define how usernames and passwords are checked, but
2503 there is now a framework to start from.
2504
765b530f
PH
2505PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old"
2506 functions that Exim currently uses aren't defined in ldap.h for OpenLDAP
2507 without this. I don't know how relevant this is to other LDAP libraries.
2508
4e167a8c
PH
2509PH/02 Add the verb name to the "unknown ACL verb" error.
2510
4608d683
PH
2511PH/03 Magnus Holmgren's patch for filter_prepend_home.
2512
b8dc3e4a
PH
2513PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work.
2514
5418e93b
PH
2515PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home
2516 directory not expanded when it should be if an expanded home directory
2517 was set for the address (which is overridden by the transport).
2518
b4a9bda2
PH
2519PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with
2520 libradius.
2521
45b91596
PH
2522PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the
2523 bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL,
2524 because it is too late at that time, and has no effect.
2525
5547e2c5
PH
2526PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a
2527 security issue with \' (bugzilla #107). I could not use the
2528 PQescapeStringConn() function, because it needs a PGconn value as one of
2529 its arguments.
2530
dbcef0ea
PH
2531PH/08 When testing addresses using -bt, indicate those final addresses that
2532 are duplicates that would not cause an additional delivery. At least one
2533 person was confused, thinking that -bt output corresponded to deliveries.
2534 (Suppressing duplicates isn't a good idea as you lose the information
2535 about possibly different redirections that led to the duplicates.)
2536
25257489
PH
2537PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on
2538 systems where poll() doesn't work, in particular OS X.
2539
c816d124
PH
2540PH/10 Added more information to debugging output for retry time not reached.
2541
a9ccd69a
PH
2542PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read
2543 operations in malware.c.
2544
75fa1910
PH
2545PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys
2546 signatures.
2547
a7d7aa58
PH
2548PH/13 If write_rejectlog was set false when logging was sent to syslog with
2549 syslog_duplication set false, log lines that would normally be written
2550 both the the main log and to the reject log were not written to syslog at
2551 all.
2552
42119b09
PH
2553PH/14 In the default configuration, change the use of "message" in ACL warn
2554 statements to "add_header".
2555
41609df5
PH
2556PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not
2557 not followed by a command (e.g. "seen endif").
2558
a5bd321b
PH
2559PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail:
2560 and :defer: in a redirect router. Add forbid_smtp_code to suppress the
2561 latter.
2562
e85a7ad5 2563PH/17 Added extra conditions to the default value of delay_warning_condition
5dff5817
PH
2564 so that it is now:
2565
e85a7ad5
PH
2566 ${if or { \
2567 { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \
2568 { match{$h_precedence:}{(?i)bulk|list|junk} } \
2569 { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \
5dff5817
PH
2570 }{no}{yes}}
2571
e85a7ad5
PH
2572 The Auto-Submitted: and various List- headers are standardised, whereas I
2573 don't think Precedence: ever was.
5dff5817 2574
d8fe1c03
PH
2575PH/18 Refactored debugging code in route_finduser() to show more information,
2576 in particular, the error code if getpwnam() issues one.
2577
16282d2b
PH
2578PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module.
2579 This is apparently needed in addition to the PH/07 change above to avoid
2580 any possible encoding problems.
2581
35d40a98
PH
2582PH/20 Perl can change the locale. Exim was resetting it after a ${perl call,
2583 but not after initializing Perl.
2584
034d99ab
PH
2585PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and
2586 output them only if debugging. By default they are written stderr,
2587 apparently, which is not desirable.
2588
6ec97b1b
PH
2589PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on
2590 queries.
2591
e22ca4ac
JJ
2592JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and
2593 --not options
2594
2595JJ/02 exipick: rewrote --help documentation to hopefully make more clear.
2596
33d73e3b
PH
2597PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is
2598 authenticated or an ident call has been made. Suppress the default
2599 values for $authenticated_id and $authenticated_sender (but permit -oMai
2600 and -oMas) when testing with -bh.
2601
9ecb03f3
PH
2602PH/24 Re-jigged the order of the tests in the default configuration so that the
2603 tests for valid domains and recipients precede the DNS black list and CSA
2604 tests, on the grounds that those ones are more expensive.
2605
084efe8d
PH
2606PH/25 Exim was not testing for a space following SMTP commands such as EHLO
2607 that require one. Thus, EHLORHUBARB was interpreted as a valid command.
2608 This bug exists in every version of Exim that I still have, right back to
2609 0.12.
2610
366fc9f0
PH
2611PH/26 (n)wildlsearch lookups are documented as being done case-insensitively.
2612 However, an attempt to turn on case-sensitivity in a regex key by
2613 including (?-i) didn't work because the subject string was already
2614 lowercased, and the effects were non-intuitive. It turns out that a
2615 one-line patch can be used to allow (?-i) to work as expected.
2616
c59f5781 2617
c887c79e
TF
2618Exim version 4.62
2619-----------------
2620
2621TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst
2622 other effects) broke the use of negated acl sub-conditions.
2623
1cce3af8
PH
2624PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore
2625 patch).
2626
afb3eaaf
PH
2627PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow".
2628 "Deny" causes Exim to reject the incoming connection with a 554 error.
2629 Unfortunately, if there is a major crisis, such as a disk failure,
2630 tcp-wrappers gives "deny", whereas what one would like would be some
2631 kind of temporary error. A kludge has been added to help with this.
2632 Before calling hosts_ctl(), errno is set zero. If the result is "deny", a
2633 554 error is used if errno is still zero or contains ENOENT (which occurs
2634 if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a
2635 451 error is used.
2636
e173618b
PH
2637PH/03 Add -lutil to the default FreeBSD LIBS setting.
2638
dd16e114
PH
2639PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host
2640 errors. Otherwise a message that provokes a temporary error (when other
2641 messages do not) can cause a whole host to time out.
2642
f7fd3850
PH
2643PH/05 Batch deliveries by appendfile and pipe transports did not work when the
2644 addresses were routed directly to files or pipes from a redirect router.
2645 File deliveries just didn't batch; pipe deliveries might have suffered
2646 odd errors.
2647
d87df92c
PH
2648PH/06 A failure to get a lock for a hints database would erroneously always say
2649 "Failed to get write lock", even when it was really a read lock.
2650
7e9f683d
PH
2651PH/07 The appendfile transport was creating MBX lock files with a fixed mode
2652 of 0600. This has been changed to use the value of the lockfile_mode
2653 option (which defaults to 0600).
2654
bfad5236
PH
2655PH/08 Applied small patch from the Sieve maintainer.
2656
01c490df
PH
2657PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash
2658 folder from quota calculations, a direct delivery into this folder messed
2659 up the contents of the maildirsize file. This was because the regex was
2660 used only to exclude .Trash (or whatever) when the size of the mailbox
2661 was calculated. There was no check that a delivery was happening into an
2662 excluded directory. This bug has been fixed by ignoring all quota
2663 processing for deliveries into excluded directories.
2664
d6629cdc
PH
2665PH/10 Added the maildirfolder_create_regex option to appendfile.
2666
1cce3af8 2667
214e2000
PH
2668Exim version 4.61
2669-----------------
2670
2671PH/01 The code for finding all the local interface addresses on a FreeBSD
2672 system running IPv6 was broken. This may well have applied to all BSD
2673 systems, as well as to others that have similar system calls. The broken
2674 code found IPv4 interfaces correctly, but gave incorrect values for the
2675 IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was
2676 that it would not match correctly against @[] and not recognize the IPv6
2677 addresses as local.
2678
f9daeae0
PH
2679PH/02 The ipliteral router was not recognizing addresses of the form user@
2680 [ipv6:....] because it didn't know about the "ipv6:" prefix.
2681
7e66e54d
PH
2682PH/03 Added disable_ipv6.
2683
c8ea1597
PH
2684PH/04 Changed $reply_address to use the raw form of the headers instead of the
2685 decoded form, because it is most often used to construct To: headers
2686 lines in autoreplies, and the decoded form may well be syntactically
2687 invalid. However, $reply_address has leading white space removed, and all
2688 newlines turned into spaces so that the autoreply transport does not
2689 grumble.
2690
911f6fde
PH
2691PH/05 If group was specified without a user on a router, and no group or user
2692 was specified on a transport, the group from the router was ignored.
2693
47ca6d6c
PH
2694PH/06 Increased the number of ACL variables to 20 of each type, and arranged
2695 for visible compile-time settings that can be used to change these
2696 numbers, for those that want even more. Backwards compatibility with old
2697 spool files has been maintained. However, going back to a previous Exim
2698 release will lost any variables that are in spool files.
2699
ed0e9820
PH
2700PH/07 Two small changes when running in the test harness: increase delay when
2701 passing a TCP/IP connection to a new process, in case the original
2702 process has to generate a bounce, and remove special handling of
2703 127.0.0.2 (sic), which is no longer necessary.
2704
eff37e47
PH
2705PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to
2706 be the same on different OS.
2707
1921d2ea
PH
2708PH/09 Moved a debug statement in filter processing to avoid a race problem when
2709 testing.
2710
b3f69ca8
JJ
2711JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:"
2712 whether --show-vars was specified or not
2713
2714JJ/02 exipick: Added support for new ACL variable spool format introduced
2715 in 4.61-PH/06
2716
424a1c63
PH
2717PH/10 Fixed another bug related to PH/04 above: if an incoming message had a
2718 syntactically invalid From: or Reply-to: line, and a filter used this to
2719 generate an autoreply, and therefore failed to obtain an address for the
2720 autoreply, Exim could try to deliver to a non-existent relative file
2721 name, causing unrelated and misleading errors. What now happens is that
2722 it logs this as a hard delivery error, but does not attempt to create a
2723 bounce message.
2724
7a100415
PH
2725PH/11 The exinext utility has a -C option for testing purposes, but although
2726 the given file was scanned by exinext itself; it wasn't being passed on
2727 when Exim was called.
2728
19b9dc85
PH
2729PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as
2730 an end-of-file indication when reading a command response.
2731
309bd837
PH
2732PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was
2733 compiled. In many other places in Exim, IPv6 addresses are always
2734 recognized, so I have changed this. It also means that IPv4 domain
2735 literals of the form [IPV4:n.n.n.n] are now always recognized.
2736
59e82a2a
PH
2737PH/14 When a uid/gid is specified for the queryprogram router, it cannot be
2738 used if the router is not running as root, for example, when verifying at
2739 ACL time, or when using -bh. The debugging output from this situation was
2740 non-existent - all you got was a failure to exec. I have made two
2741 changes:
2742
2743 (a) Failures to set uid/gid, the current directory, or a process leader
2744 in a subprocess such as that created by queryprogram now generate
2745 suitable debugging ouput when -d is set.
2746
2747 (b) The queryprogram router detects when it is not running as root,
2748 outputs suitable debugging information if -d is set, and then runs
2749 the subprocess without attempting to change uid/gid.
2750
9edc04ce
PH
2751PH/15 Minor change to Makefile for building test_host (undocumented testing
2752 feature).
2753
1349e1e5
PH
2754PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the
2755 additional section of a DNS packet that returns MX or SRV records.
2756 Instead, it always explicitly searches for A/AAAA records. This avoids
2757 major problems that occur when a DNS server includes only records of one
2758 type (A or AAAA) in an MX/SRV packet. A byproduct of this change has
2759 fixed another bug: if SRV records were looked up and the corresponding
2760 address records were *not* found in the additional section, the port
2761 values from the SRV records were lost.
2762
ea49d0e1
PH
2763PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not
2764 using the correct key (the original address) when searching the retry
2765 rules in order to find which one to use for generating the retry hint.
2766
064a94c9
PH
2767PH/18 If quota_warn_message contains a From: header, Exim now refrains from
2768 adding the default one. Similarly, if it contains a Reply-To: header, the
2769 errors_reply_to option, if set, is not used.
2770
727071f8
PH
2771PH/19 When calculating a retry time, Exim used to measure the "time since
2772 failure" by looking at the "first failed" field in the retry record. Now
2773 it does not use this if it is later than than the arrival time of the
2774 message. Instead it uses the arrival time. This makes for better
2775 behaviour in cases where some deliveries succeed, thus re-setting the
2776 "first failed" field. An example is a quota failure for a huge message
2777 when small messages continue to be delivered. Without this change, the
2778 "time since failure" will always be short, possible causing more frequent
2779 delivery attempts for the huge message than are intended.
dd16e114 2780 [Note: This change was subsequently modified - see PH/04 for 4.62.]
727071f8 2781
f78eb7c6
PH
2782PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
2783 $1, $2, $3) because the numerical variables can be reset during some
2784 expansion items (e.g. "match"), thereby losing the authentication data.
2785
21c28500
PH
2786PH/21 Make -bV show the size of off_t variables so that the test suite can
2787 decide whether to run tests for quotas > 2G.
2788
2789PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold,
2790 mailbox_size, and mailbox_filecount in the appendfile transport. If a
2791 filecount value is greater than 2G or if a quota value is greater than 2G
2792 on a system where the size of off_t is not greater than 4, a panic error
2793 is given.
2794
1688f43b
PH
2795PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
2796 never match. The debug and -bh output now contains an explicit error
2797 message indicating a malformed IPv4 address or mask.
2798
2799PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
2800 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
2801 PH/23 above applies.
2802
9675b384
PH
2803PH/25 Do not write to syslog when running in the test harness. The only
2804 occasion when this arises is a failure to open the main or panic logs
2805 (for which there is an explicit test).
2806
6a3f1455
PH
2807PH/26 Added the /no_tell option to "control=freeze".
2808
dac79d3e
PH
2809PH/27 If a host name lookup failed very early in a connection, for example, if
2810 the IP address matched host_lookup and the reverse lookup yielded a name
2811 that did not have a forward lookup, an error message of the form "no IP
2812 address found for host xxx.xxx.xxx (during SMTP connection from NULL)"
2813 could be logged. Now it outputs the IP address instead of "NULL".
1349e1e5 2814
5977a0b3
PH
2815PH/28 An enabling patch from MH: add new function child_open_exim2() which
2816 allows the sender and the authenticated sender to be set when
2817 submitting a message from within Exim. Since child_open_exim() is
2818 documented for local_scan(), the new function should be too.
2819
c91535f3
PH
2820PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
2821 ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
2822 results in an empty string is now treated as unset.
2823
0d46a8c8
PH
2824PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
2825
278c6e6c
PH
2826PH/31 Added sender_verify_fail logging option.
2827
2cbb4081
PH
2828PH/32 In November 2003, the code in Exim that added an empty Bcc: header when
2829 needed by RFC 822 but not by RFC 2822 was commented out. I have now
2830 tidied the source and removed it altogether.
2831
3eef829e
PH
2832PH/33 When a queue run was abandoned because the load average was too high, a
2833 log line was always written; now it is written only if the queue_run log
2834 selector is set. In addition, the log line for abandonment now contains
2835 information about the queue run such as the pid. This is always present
2836 in "start" and "stop" lines but was omitted from the "abandon" line.
2837
1ab95fa6
PH
2838PH/34 Omit spaces between a header name and the colon in the error message that
2839 is given when verify = headers_syntax fails (if there are lots of them,
2840 the message gets confusing).
2841
230205fc
PH
2842PH/35 Change the default for dns_check_names_pattern to allow slashes within
2843 names, as there are now some PTR records that contain slashes. This check
2844 is only to protect against broken name servers that fall over on strange
2845 characters, so the fact that it applies to all lookups doesn't matter.
2846
75e0e026
PH
2847PH/36 Now that the new test suite is complete, we can remove some of the
2848 special code in Exim that was needed for the old test suite. For example,
2849 sorting DNS records because real resolvers return them in an arbitrary
2850 order. The new test suite's fake resolver always returns records in the
2851 same order.
2852
2853PH/37 When running in the test harness, use -odi for submitted messages (e.g.
2854 bounces) except when queue_only is set, to avoid logging races between
2855 the different processes.
2856
145396a6
PH
2857PH/38 Panic-die if .include specifies a non-absolute path.
2858
3cd34f13
PH
2859PH/39 A tweak to the "H" retry rule from its user.
2860
11121d3d
JJ
2861JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified
2862 a label. They prevented compilation on older perls.
2863
2864JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused
2865 a warning to be raised on newish perls.
2866
2867JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages
2868 on queue. Changes to match documented behaviour of showing count of
2869 messages matching specified criteria.
2870
8def5aaf
PH
2871PH/40 Changed the default ident timeout from 30s to 5s.
2872
929ba01c
PH
2873PH/41 Added support for the use of login_cap features, on those BSD systems
2874 that have them, for controlling the resources used by pipe deliveries.
2875
2632889e
PH
2876PH/42 The content-scanning code uses fopen() to create files in which to put
2877 message data. Previously it was not paying any attention to the mode of
2878 the files. Exim runs with umask(0) because the rest of the code creates
2879 files with open(), and sets the required mode explicitly. Thus, these
2880 files were ending up world-writeable. This was not a big issue, because,
2881 being within the spool directory, they were not world-accessible. I have
2882 created a function called modefopen, which takes an additional mode
2883 argument. It sets umask(777), creates the file, chmods it to the required
2884 mode, then resets the umask. All the relevant calls to fopen() in the
2885 content scanning code have been changed to use this function.
2886
944a9c55
PH
2887PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset
2888 to 24 hours. This avoids potential overflow problems when processing G
2889 and H retry rules. I suspect nobody ever tinkers with this value.
2890
4a23603b
PH
2891PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile.
2892
4730f942
PH
2893PH/45 When the plaintext authenticator is running as a client, the server's
2894 challenges are checked to ensure they are valid base64 strings. By
2895 default, the authentication attempt is cancelled if an invalid string is
2896 received. Setting client_ignore_invalid_base64 true ignores these errors.
2897 The decoded challenge strings are now placed in $auth1, $auth2, etc. as
2898 they are received. Thus, the responses can be made to depend on the
2899 challenges. If an invalid string is ignored, an empty string is placed in
2900 the variable.
2901
30dba1e6
PH
2902PH/46 Messages that are created by the autoreply transport now contains a
2903 References: header, in accordance with RFCs 2822 and 3834.
2904
382afc6b
PH
2905PH/47 Added authenticated_sender_force to the smtp transport.
2906
a86229cf
PH
2907PH/48 The ${prvs expansion was broken on systems where time_t was long long.
2908
50c99ba6
PH
2909PH/49 Installed latest patch from the Sieve maintainer.
2910
d35e429d
PH
2911PH/50 When an Exim quota was set without a file count quota, and mailbox_size
2912 was also set, the appendfile transport was unnecessarily scanning a
2913 directory of message files (e.g. for maildir delivery) to find the count
2914 of files (along with the size), even though it did not need this
2915 information. It now does the scan only if it needs to find either the
2916 size of the count of files.
2917
f90d018c
PH
2918PH/51 Added ${time_eval: to convert Exim time strings into seconds.
2919
75def545
PH
2920PH/52 Two bugs concerned with error handling when the smtp transport is
2921 used in LMTP mode:
2922
2923 (i) Exim was not creating retry information for temporary errors given
2924 for individual recipients after the DATA command when the smtp transport
2925 was used in LMTP mode. This meant that they could be retried too
2926 frequently, and not timed out correctly.
2927
2928 (ii) Exim was setting the flag that allows error details to be returned
2929 for LMTP errors on RCPT commands, but not for LMTP errors for individual
2930 recipients that were returned after the DATA command.
2931
2932PH/53 This is related to PH/52, but is more general: for any failing address,
2933 when detailed error information was permitted to be returned to the
2934 sender, but the error was temporary, then after the final timeout, only
2935 "retry timeout exceeded" was returned. Now it returns the full error as
2936 well as "retry timeout exceeded".
2937
c46782ef
PH
2938PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that
2939 do this, and (what is worse) MTAs that accept it.
2940
71fafd95
PH
2941PH/55 Added the add_header modified to ACLs. The use of "message" with "warn"
2942 will now be deprecated.
2943
2c5db4fd
PH
2944PH/56 New os.c-cygwin from the Cygwin maintainer.
2945
9cf6b11a
JJ
2946JJ/06 exipick: added --unsorted option to allow unsorted output in all output
2947 formats (previously only available in exim formats via -bpr, -bpru,
2948 and -bpra. Now also available in native and exiqgrep formats)
2949
2950JJ/07 exipick: added --freeze and --thaw options to allow faster interaction
2951 with very large, slow to parse queues
2952
2953JJ/08 exipick: added ! as generic prefix to negate any criteria format
2954
2955JJ/09 exipick: miscellaneous performance enhancements (~24% improvements)
2956
898d150f
PH
2957PH/57 Tidies in SMTP dialogue display in debug output: (i) It was not showing
2958 responses to authentication challenges, though it was showing the
2959 challenges; (ii) I've removed the CR characters from the debug output for
2960 SMTP output lines.
2961
46218253
PH
2962PH/58 Allow for the insertion of a newline as well as a space when a string
2963 is turned into more than one encoded-word during RFC 2047 encoding. The
2964 Sieve code now uses this.
2965
e97957bc
PH
2966PH/59 Added the following errors that can be detected in retry rules: mail_4xx,
2967 data_4xx, lost_connection, tls_required.
2968
81e509d7
PH
2969PH/60 When a VRFY deferred or FAILED, the log message rather than the user
2970 message was being sent as an SMTP response.
2971
3d240ff7
PH
2972PH/61 Add -l and -k options to exicyclog.
2973
b37c4101
PH
2974PH/62 When verifying, if an address was redirected to one new address, so that
2975 verification continued, and the new address failed or deferred after
2976 having set something in $address_data, the value of $address_data was not
2977 passed back to the ACL. This was different to the case when no
2978 redirection occurred. The value is now passed back in both cases.
2979
79378e0f
PH
2980PH/63 Changed the macro HAVE_LOGIN_CAP (see PH/41 for this release above) to
2981 HAVE_SETCLASSRESOURCES because there are different APIs in use that all
2982 use login_cap.h, so on its own it isn't the distinguishing feature. The
2983 new name refers directly to the setclassresources() function.
2984
e49c7bb4
PH
2985PH/65 Added configuration files for NetBSD3.
2986
d114ec46
PH
2987PH/66 Updated OS/Makefile-HP-UX for gcc 4.1.0 with HP-UX 11.
2988
f3d7df6c
PH
2989PH/67 Fixed minor infelicity in the sorting of addresses to ensure that IPv6
2990 is preferred over IPv4.
2991
715ab376
PH
2992PH/68 The bounce_return_message and bounce_return_body options were not being
2993 honoured for bounces generated during the reception of non-SMTP messages.
2994 In particular, this applied to messages rejected by the ACL. This bug has
2995 been fixed. However, if bounce_return_message is true and bounce_return_
2996 body is false, the headers that are returned for a non-SMTP message
2997 include only those that have been read before the error was detected.
2998 (In the case of an ACL rejection, they have all been read.)
2999
6b31b150
PH
3000PH/69 The HTML version of the specification is now built in a directory called
3001 spec_html instead of spec.html, because the latter looks like a path with
3002 a MIME-type, and this confuses some software.
3003
3004PH/70 Catch two compiler warnings in sieve.c.
3005
d515a917
PH
3006PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The
3007 function verify_get_ident() calls ip_connect() to connect a socket, but
3008 if the "connect()" function timed out, ip_connect() used to close the
3009 socket. However, verify_get_ident() also closes the socket later, and in
3010 between Exim writes to the log, which may get opened at this point. When
3011 the socket was closed in ip_connect(), the log could get the same file
3012 descriptor number as the socket. This naturally causes chaos. The fix is
3013 not to close the socket in ip_connect(); the socket should be closed by
3014 the function that creates it. There was only one place in the code where
3015 this was missing, in the iplookup router, which I don't think anybody now
3016 uses, but I've fixed it anyway.
3017
9b8fadde
PH
3018PH/72 Make dns_again_means_nonexist apply to lookups using gethostbyname() as
3019 well as to direct DNS lookups. Otherwise the handling of names in host
3020 lists is inconsistent and therefore confusing.
3021
214e2000 3022
5de37277
PH
3023Exim version 4.60
3024-----------------
3025
cc38ddbf
PH
3026PH/01 Two changes to the default runtime configuration:
3027
3028 (1) Move the checks for relay_from_hosts and authenticated clients from
3029 after to before the (commented out) DNS black list checks.
3030
3031 (2) Add control=submission to the relay_from_hosts and authenticated
3032 clients checks, on the grounds that messages accepted by these
3033 statements are most likely to be submissions.
5de37277 3034
72fdd6ae
PH
3035PH/02 Several tidies to the handling of ${prvs and ${prvscheck:
3036
3037 (1) Generate an error if the third argument for the ${prvs expansion is
3038 not a single digit.
3039
3040 (2) Treat a missing third argument of ${prvscheck as if it were an empty
3041 string.
3042
3043 (3) Reset the variables that are obtained from the first argument of
3044 ${prvscheck and used in the second argument before leaving the code,
3045 because their memory is reclaimed, so using them afterwards may do
3046 silly things.
3047
3048 (4) Tidy up the code for expanding the arguments of ${prvscheck one by
3049 one (it's much easier than Tom thought :-).
3050
3051 (5) Because of (4), we can now allow for the use of $prvscheck_result
3052 inside the third argument.
cb9328de 3053
cb741023
PH
3054PH/03 For some reason, the default setting of PATH when running a command from
3055 a pipe transport was just "/usr/bin". I have changed it to
3056 "/bin:/usr/bin".
3057
f174f16e
PH
3058PH/04 SUPPORT_TRANSLATE_IP_ADDRESS and MOVE_FROZEN_MESSAGES did not cause
3059 anything to be listed in the output from -bV.
b2f5a032 3060
c25242d7
PH
3061PH/05 When a filter generated an autoreply, the entire To: header line was
3062 quoted in the delivery log line, like this:
3063
3064 => >A.N.Other <ano@some.domain> <original@ddress> ...
3065
3066 This has been changed so that it extracts the operative address. There
3067 may be more than one such address. If so, they are comma-separated, like
3068 this:
3069
3070 => >ano@some.domain,ona@other.domain <original@ddress> ...
3071
82c19f95
PH
3072PH/06 When a client host used a correct literal IP address in a HELO or EHLO
3073 command, (for example, EHLO [1.2.3.4]) and the client's IP address was
3074 not being looked up in the rDNS to get a host name, Exim was showing the
3075 IP address twice in Received: lines, even though the IP addresses were
3076 identical. For example:
3077
3078 Received: from [1.2.3.4] (helo=[1.2.3.4])
3079
3080 However, if the real host name was known, it was omitting the HELO data
3081 if it matched the actual IP address. This has been tidied up so that it
3082 doesn't show the same IP address twice.
3083
d7ffbc12
PH
3084PH/07 When both +timestamp and +memory debugging was on, the value given by
3085 $tod_xxx expansions could be wrong, because the tod_stamp() function was
3086 called by the debug printing, thereby overwriting the timestamp buffer.
3087 Debugging no longer uses the tod_stamp() function when +timestamp is set.
3088
9f526266
PH
3089PH/08 When the original message was included in an autoreply transport, it
3090 always said "this is a copy of the message, including all the headers",
3091 even if body_only or headers_only was set. It now gives an appropriate
3092 message.
3093
87fcc8b9
PH
3094PH/09 Applied a patch from the Sieve maintainer which:
3095
3096 o fixes some comments
3097 o adds the (disabled) notify extension core
3098 o adds some debug output for the result of if/elsif tests
3099 o points to the current vacation draft in the documentation
3100 and documents the missing references header update
3101
3102 and most important:
3103
3104 o fixes a bug in processing the envelope test (when testing
3105 multiple envelope elements, the last element determinted the
3106 result)
3107
456682f5
PH
3108PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to
3109 Electronic Mail") by including:
3110
3111 Auto-submitted: auto-generated
3112
3113 in the messages that it generates (bounce messages and others, such as
3114 warnings). In the case of bounce messages for non-SMTP mesages, there was
3115 also a typo: it was using "Auto_submitted" (underscore instead of
3116 hyphen). Since every message generated by Exim is necessarily in response
3117 to another message, thes have all been changed to:
3118
3119 Auto-Submitted: auto-replied
3120
3121 in accordance with these statements in the RFC:
3122
3123 The auto-replied keyword:
3124
3125 - SHOULD be used on messages sent in direct response to another
3126 message by an automatic process,
3127
3128 - MUST NOT be used on manually-generated messages,
3129
3130 - MAY be used on Delivery Status Notifications (DSNs) and Message
3131 Disposition Notifications (MDNs),
3132
3133 - MUST NOT be used on messages generated by automatic or periodic
3134 processes, except for messages which are automatic responses to
3135 other messages.
3136
3e46c1aa
PH
3137PH/11 Added "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
3138 to the default Received: header definition.
456682f5 3139
49826d12
PH
3140PH/12 Added log selector acl_warn_skipped (default on).
3141
eba0c039
PH
3142PH/13 After a successful wildlsearch lookup, discard the values of numeric
3143 variables because (a) they are in the wrong storage pool and (b) even if
3144 they were copied, it wouldn't work properly because of the caching.
3145
a0d6ba8a
PH
3146PH/14 Add check_rfc2047_length to disable enforcement of RFC 2047 length
3147 checking when decoding. Apparently there are clients that generate
3148 overlong encoded strings. Why am I not surprised?
3149
f0917727
PH
3150PH/15 If the first argument of "${if match_address" was not empty, but did not
3151 contain an "@" character, Exim crashed. Now it writes a panic log message
3152 and treats the condition as false.
3153
096fee00
PH
3154PH/16 In autoreply, treat an empty string for "once" the same as unset.
3155
024bd3c2
PH
3156PH/17 A further patch from the Sieve maintainer: "Introduce the new Sieve
3157 extension "envelope-auth". The code is finished and in agreement with
3158 other implementations, but there is no documentation so far and in fact,
3159 nobody wrote the draft yet. This extension is currently #undef'ed, thus
3160 not changing the active code.
3161
3162 Print executed "if" and "elsif" statements when debugging is used. This
3163 helps a great deal to understand what a filter does.
3164
3165 Document more things not specified clearly in RFC3028. I had all this
3166 sorted out, when out of a sudden new issues came to my mind. Oops."
3167
df199fec
PH
3168PH/18 Exim was not recognizing the "net-" search type prefix in match_ip lists
3169 (Bugzilla #53).
3170
d27f1df3
PH
3171PH/19 Exim expands the IPv6 address given to -bh to its full non-abbreviated
3172 canonical form (as documented). However, after a host name lookup from
3173 the IP address, check_host() was doing a simple string comparison with
3174 addresses acquired from the DNS when checking that the found name did
3175 have the original IP as one of its addresses. Since any found IPv6
3176 addresses are likely to be in abbreviated form, the comparison could
3177 fail. Luckily, there already exists a function for doing the comparison
3178 by converting both addresses to binary, so now that is used instead of
3179 the text comparison.
3180
96776534
PH
3181PH/20 There was another similar case to PH/19, when a complete host name was
3182 given in a host list; looking up its IP address could give an abbreviated
3183 form, whereas the current host's name might or might not be abbreviated.
3184 The same fix has been applied.
3185
5de37277 3186
9a799bc0
PH
3187Exim version 4.54
3188-----------------
3189
3190PH/01 The ${base62: operator adjusted itself to base 36 when BASE_62 was
3191 set to 36 (for Darwin and Cygwin), but the ${base62d: operator did not.
3192 It now does.
3193
99a4b039
PH
3194PH/02 Two minor problems detected in Cygwin: the os.{c,h} files had lost */ on
3195 the CVS lines, and there was a missing #if HAVE_IPV6 in host.c.
3196
3197PH/03 Typo: missing ".o" in src/pcre/Makefile.
3198
4b233853
PH
3199PH/04 Tighten up "personal" tests: Instead of testing for any "List-"
3200 header line, restrict the check to what is listed in RFCs 2369 and 2929.
3201 Also, for "Auto-Submitted", treat anything other than "no" as
3202 non-personal, in accordance with RFC 3834. (Previously it treated
3203 anything starting "auto-" as non-personal.)
3204
8857ccfd
PH
3205TF/01 The control=submission/name=... option had a problem with syntax
3206 errors if the name included a slash character. The /name= option
3207 now slurps the rest of the string, so it can include any characters
3208 but it must come last in the list of options (after /sender_retain
3209 or /domain=).
3210
433a2980
PH
3211PH/05 Some modifications to the interface to the fake nameserver for the new
3212 testing suite.
3213
3e46c1aa 3214
9a799bc0 3215
e3a311ba
TK
3216Exim version 4.53
3217-----------------
3218
3219TK/01 Added the "success_on_redirect" address verification option. See
3220 NewStuff for rationale and an example.
3221
13b685f9
PH
3222PH/01 Added support for SQLite, basic code supplied by David Woodhouse.
3223
395ff96d
PH
3224PH/02 Patch to exigrep to allow it to work on syslog lines.
3225
5b68f6e4
PH
3226PH/03 When creating an mbox file for a virus/spam scan, use fseek() instead of
3227 fread() to skip over the body file's header line, because in Cygwin the
3228 header line is locked and is inaccessible.
3229
1ab52c69
PH
3230PH/04 Added $message_exim_id, ultimately to replace $message_id (they will both
3231 co-exist for some time) to make it clear that it is the Exim ID that is
3232 referenced, not the Message-ID: header line.
3233
b07e6aa3
PH
3234PH/05 Replaced all Tom's calls to snprintf() with calls to the internal
3235 string_format() function, because snprintf() does not exist on all
3236 operating systems.
3237
254e032f
PH
3238PH/06 The use of forbid_filter_existstest now also locks out the use of the
3239 ${stat: expansion item.
3240
3af76a81
PH
3241PH/07 Changed "SMTP protocol violation: synchronization error" into "SMTP
3242 protocol synchronization error", to keep the pedants happy.
3243
2548ba04
PH
3244PH/08 Arrange for USE_INET_NTOA_FIX to be set in config.h for AIX systems as
3245 well as for IRIX systems, when gcc is being used. See the host.c source
3246 file for comments.
3247
b6c6011d
PH
3248PH/09 Installed latest Cygwin configuration files from the Cygwin maintainer.
3249
cf39cf57
PH
3250PH/10 Named domain lists were not working if used in a queue_smtp_domains
3251 setting.
3252
f1513293
PH
3253PH/11 Added support for the IGNOREQUOTA extension to LMTP, both to the lmtp
3254 transport and to the smtp transport in LMTP mode.
3255
727549a4
PH
3256TK/02 Remove one case of BASE64 error detection FTTB (undocumented anyway).
3257
af46795e
PH
3258PH/12 There was a missing call to search_tidyup() before the fork() in rda.c to
3259 run a filter in a subprocess. This could lead to confusion in subsequent
3260 lookups in the parent process. There should also be a search_tidyup() at
3261 the end of the subprocess.
3262
d7b47fd0
PH
3263PH/13 Previously, if "verify = helo" was set in an ACL, the condition was true
3264 only if the host matched helo_try_verify_hosts, which caused the
3265 verification to occur when the EHLO/HELO command was issued. The ACL just
3266 tested the remembered result. Now, if a previous verification attempt has
3267 not happened, "verify = helo" does it there and then.
3268
ee744174
JJ
3269JJ/01 exipick: added $message_exim_id variable (see 4.53-PH/04)
3270
b582ab87
PH
3271TK/03 Fix log output including CR from clamd.
3272
41a13e0a
PH
3273PH/14 A reference to $reply_address when Reply-to: was empty and From: did not
3274 exist provoked a memory error which could cause a segfault.
3275
f625cc5a
PH
3276PH/15 Installed PCRE 6.2
3277
3278PH/17 Defined BIND_8_COMPAT in the Darwin os.h file.
3279
21f7af35
PH
3280PH/18 Reversed 4.52/PH/17 because the HP-UX user found it wasn't the cause
3281 of the problem. Specifically, suggested +O2 rather than +O1 for the
3282 HP-UX compiler.
3283
31480e42
PH
3284PH/19 Added sqlite_lock_timeout option (David Woodhouse's patch).
3285
2d280592
PH
3286PH/20 If a delivery was routed to a non-standard port by means of an SRV
3287 record, the port was not correctly logged when the outgoing_port log
3288 selector was set (it logged the transort's default port).
3289
7cd1141b
PH
3290PH/21 Added support for host-specific ports to manualroute, queryprogram,
3291 fallback_hosts, and "hosts" in the smtp transport.
3292
3293PH/22 If the log selector "outgoing_port" is set, the port is now also given on
3294 host errors such as "Connection refused".
3295
750af86e
PH
3296PH/23 Applied a patch to fix problems with exim-4.52 while doing radius
3297 authentication with radiusclient 0.4.9:
3298
3299 - Error returned from rc_read_config was caught wrongly
3300 - Username/password not passed on to radius server due to wrong length.
3301
3302 The presumption is that some radiusclient API changes for 4.51/PH/17
3303 were not taken care of correctly. The code is still untested by me (my
3304 Linux distribution still has 0.3.2 of radiusclient), but it was
3305 contributed by a Radius user.
3306
3307PH/24 When doing a callout, the value of $domain wasn't set correctly when
3308 expanding the "port" option of the smtp transport.
3309
4304270b
TK
3310TK/04 MIME ACL: Fix buffer underrun that occurs when EOF condition is met
3311 while reading a MIME header. Thanks to Tom Hughes for a patch.
3312
750af86e
PH
3313PH/24 Include config.h inside local_scan.h so that configuration settings are
3314 available.
3315
64ffc24f
PH
3316PH/25 Make $smtp_command_argument available after all SMTP commands. This means
3317 that in an ACL for RCPT (for example), you can examine exactly what was
3318 received.
3319
5dd9625b
PH
3320PH/26 Exim was recognizing IPv6 addresses of the form [IPv6:....] in EHLO
3321 commands, but it was not correctly comparing the address with the actual
3322 client host address. Thus, it would show the EHLO address in Received:
3323 header lines when this was not necessary.