Testsuite: teach the fakedns zonefile generator about the ipv6 double-colon rule.
[exim.git] / doc / doc-txt / ChangeLog
CommitLineData
495ae4b0
PH
1Change log file for Exim from version 4.21
2-------------------------------------------
3
0599f9cf
PP
4Exim version 4.78
5-----------------
6
7PP/01 Handle short writes when writing local log-files.
8 In practice, only affects FreeBSD (8 onwards).
9 Bugzilla 1053, with thanks to Dmitry Isaikin.
10
23c7e742
NM
11NM/01 Bugzilla 949 - Documentation tweak
12
b322aac8
NM
13NM/02 Bugzilla 1093 - eximstats DATA reject detection regexps
14 improved.
15
4a891427
NM
16NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs.
17
c1e794ba 18PP/02 Implemented gsasl authenticator.
b322aac8 19
97753960
PP
20PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option.
21
22PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
23 `pkg-config foo` for cflags/libs.
24
df6303fa
PP
25PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
26 with rest of GSASL and with heimdal_gssapi.
27
7e6a8985
PP
28PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
29 `pkg-config foo` for cflags/libs for the TLS implementation.
30
f1e05cc7 31PP/07 New expansion variable $tls_bits; Cyrus SASL server connection
20aa9dbd
PP
32 properties get this fed in as external SSF. A number of robustness
33 and debugging improvements to the cyrus_sasl authenticator.
b322aac8 34
4c287009
PP
35PP/08 cyrus_sasl server now expands the server_realm option.
36
b98bb9ac
PP
37PP/09 Bugzilla 1214 - Log authentication information in reject log.
38 Patch by Jeremy Harris.
39
4a6a987a
PP
40PP/10 Added dbmjz lookup type.
41
c45dd180 42PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid.
c7955b11 43
7db8d074
PP
44PP/12 MAIL args handles TAB as well as SP, for better interop with
45 non-compliant senders.
46 Analysis and variant patch by Todd Lyons.
47
e0df1c83
DM
48NM/04 Bugzilla 1237 - fix cases where printf format usage no indicated
49 Bug report from Lars Müller <lars@samba.org> (via SUSE),
50 Patch from Dirk Mueller <dmueller@suse.com>
51
dec5017e
PP
52PP/13 tls_peerdn now print-escaped for spool files.
53 Observed some $tls_peerdn in wild which contained \n, which resulted
54 in spool file corruption.
55
c80c5570
PP
56PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
57 values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
58 or write after TLS renegotiation, which otherwise led to messages
59 "Got SSL error 2".
60
076b11e2
PP
61TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
62 as a tracking header (ie: a signed header comes before the signature).
63 Patch from Wolfgang Breyha.
64
5407bfff
JH
65JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
66 comma-sep list; embedded commas doubled.
67
e74376d8
PP
68PP/15 LDAP: Check for errors of TLS initialisation, to give correct
69 diagnostics.
70 Report and patch from Dmitry Banschikov.
71
da3ad30d
PP
72PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options".
73 Removed SSL_clear() after SSL_new() which led to protocol negotiation
74 failures. We appear to now support TLS1.1+ with Exim.
75
7be682ca
PP
76PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
77 lets Exim select keys and certificates based upon TLS SNI from client.
3f0945ff
PP
78 Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly
79 before an outbound SMTP session. New log_selector, +tls_sni.
7be682ca 80
ef840681
PP
81PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
82 NULL dereference. Report and patch from Alun Jones.
83
5bfb4cdf
PP
84PP/19 DNS resolver init changes for NetBSD compatibility. (Risk of breakage
85 on less well tested platforms). Obviates NetBSD pkgsrc patch-ac.
86 Not seeing resolver debug output on NetBSD, but suspect this is a
87 resolver implementation change.
88
0599f9cf 89
867fcbf5
PP
90Exim version 4.77
91-----------------
92
93PP/01 Solaris build fix for Oracle's LDAP libraries.
94 Bugzilla 1109, patch from Stephen Usher.
95
f1a29782
TF
96TF/01 HP/UX build fix: avoid arithmetic on a void pointer.
97
ab42bd23
TK
98TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o
99 whitespace trailer
867fcbf5 100
0ca0cf52
TF
101TF/02 Fix a couple more cases where we did not log the error message
102 when unlink() failed. See also change 4.74-TF/03.
103
921b12ca
TF
104TF/03 Make the exiwhat support code safe for signals. Previously Exim might
105 lock up or crash if it happened to be inside a call to libc when it
106 got a SIGUSR1 from exiwhat.
107
108 The SIGUSR1 handler appends the current process status to the process
109 log which is later printed by exiwhat. It used to use the general
110 purpose logging code to do this, but several functions it calls are
111 not safe for signals.
112
113 The new output code in the SIGUSR1 handler is specific to the process
114 log, and simple enough that it's easy to inspect for signal safety.
115 Removing some special cases also simplifies the general logging code.
116 Removing the spurious timestamps from the process log simplifies
117 exiwhat.
118
c99ce5c9
TF
119TF/04 Improved ratelimit ACL condition.
120
121 The /noupdate option has been deprecated in favour of /readonly which
122 has clearer semantics. The /leaky, /strict, and /readonly update modes
123 are mutually exclusive. The update mode is no longer included in the
124 database key; it just determines when the database is updated. (This
125 means that when you upgrde Exim will forget old rate measurements.)
126
127 Exim now checks that the per_* options are used with an update mode that
128 makes sense for the current ACL. For example, when Exim is processing a
129 message (e.g. acl_smtp_rcpt or acl_smtp_data, etc.) you can specify
130 per_mail/leaky or per_mail/strict; otherwise (e.g. in acl_smtp_helo) you
131 must specify per_mail/readonly. If you omit the update mode it defaults to
132 /leaky where that makes sense (as before) or /readonly where required.
133
134 The /noupdate option is now undocumented but still supported for
135 backwards compatibility. It is equivalent to /readonly except that in
136 ACLs where /readonly is required you may specify /leaky/noupdate or
137 /strict/noupdate which are treated the same as /readonly.
138
139 A useful new feature is the /count= option. This is a generalization
140 of the per_byte option, so that you can measure the throughput of other
141 aggregate values. For example, the per_byte option is now equivalent
142 to per_mail/count=${if >{0}{$message_size} {0} {$message_size} }.
143
144 The per_rcpt option has been generalized using the /count= mechanism
145 (though it's more complicated than the per_byte equivalence). When it is
146 used in acl_smtp_rcpt, the per_rcpt option adds recipients to the
147 measured rate one at a time; if it is used later (e.g. in acl_smtp_data)
148 or in a non-SMTP ACL it adds all the recipients in one go. (The latter
149 /count=$recipients_count behaviour used to work only in non-SMTP ACLs.)
150 Note that using per_rcpt with a non-readonly update mode in more than
151 one ACL will cause the recipients to be double-counted. (The per_mail
152 and per_byte options don't have this problem.)
153
154 The handling of very low rates has changed slightly. If the computed rate
155 is less than the event's count (usually one) then this event is the first
156 after a long gap. In this case the rate is set to the same as this event's
157 count, so that the first message of a spam run is counted properly.
158
159 The major new feature is a mechanism for counting the rate of unique
160 events. The new per_addr option counts the number of different
161 recipients that someone has sent messages to in the last time period. It
162 behaves like per_rcpt if all the recipient addresses are different, but
163 duplicate recipient addresses do not increase the measured rate. Like
164 the /count= option this is a general mechanism, so the per_addr option
165 is equivalent to per_rcpt/unique=$local_part@$domain. You can, for
166 example, measure the rate that a client uses different sender addresses
167 with the options per_mail/unique=$sender_address. There are further
168 details in the main documentation.
169
3634fc25
TF
170TF/05 Removed obsolete $Cambridge$ CVS revision strings.
171
792e8a19
TF
172TF/06 Removed a few PCRE remnants.
173
5901f0ab
TF
174TF/07 Automatically extract Exim's version number from tags in the git
175 repository when doing development or release builds.
176
7f2a2a43
PP
177PP/02 Raise smtp_cmd_buffer_size to 16kB.
178 Bugzilla 879. Patch from Paul Fisher.
e2ca7082 179
061b7ebd
PP
180PP/03 Implement SSL-on-connect outbound with protocol=smtps on smtp transport.
181 Heavily based on revision 40f9a89a from Simon Arlott's tree.
182 Bugzilla 97.
183
e12f8c32
PP
184PP/04 Use .dylib instead of .so for dynamic library loading on MacOS.
185
9e949f00 186PP/05 Variable $av_failed, true if the AV scanner deferred.
7f2a2a43
PP
187 Bugzilla 1078. Patch from John Horne.
188
189PP/06 Stop make process more reliably on build failure.
190 Bugzilla 1087. Patch from Heiko Schlittermann.
9e949f00 191
555ae6af 192PP/07 Make maildir_use_size_file an _expandable_ boolean.
ac53fcda
PP
193 Bugzilla 1089. Patch from Heiko Schlittermann.
194
195PP/08 Handle ${run} returning more data than OS pipe buffer size.
196 Bugzilla 1131. Patch from Holger Weiß.
555ae6af 197
6f7fe114
PP
198PP/09 Handle IPv6 addresses with SPF.
199 Bugzilla 860. Patch from Wolfgang Breyha.
200
c566dd90
PP
201PP/10 GnuTLS: support TLS 1.2 & 1.1.
202 Bugzilla 1156.
89f897c3
PP
203 Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler].
204 Bugzilla 1095.
c566dd90 205
d6cc7c78 206PP/11 match_* no longer expand right-hand-side by default.
39257585
PP
207 New compile-time build option, EXPAND_LISTMATCH_RHS.
208 New expansion conditions, "inlist", "inlisti".
209
0d0e4455
PP
210PP/12 fix uninitialised greeting string from PP/03 (smtps client support).
211
3399bb60 212PP/13 shell and compiler warnings fixes for RC1-RC4 changes.
d690cbdc
PP
213
214PP/14 fix log_write() format string regression from TF/03.
215 Bugzilla 1152. Patch from Dmitry Isaikin.
216
0ca0cf52 217
10906672
PP
218Exim version 4.76
219-----------------
220
221PP/01 The new ldap_require_cert option would segfault if used. Fixed.
222
754a0503
PP
223PP/02 Harmonised TLS library version reporting; only show if debugging.
224 Layout now matches that introduced for other libraries in 4.74 PP/03.
225
c0c7b2da
PP
226PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
227
e97d1f08
PP
228PP/04 New "dns_use_edns0" global option.
229
084c1d8c
PP
230PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid.
231 Bugzilla 1098.
232
4e7ee012
PP
233PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
234 nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
da80c2a8 235
c8d52a00
PP
236TK/01 Updated PolarSSL code to 0.14.2.
237 Bugzilla 1097. Patch from Andreas Metzler.
238
54e7ce4a
PP
239PP/07 Catch divide-by-zero in ${eval:...}.
240 Fixes bugzilla 1102.
241
5ee6f336
PP
242PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed.
243 Bugzilla 1104.
244
c8d52a00 245TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
6ea4a851
PP
246 format-string attack -- SECURITY: remote arbitrary code execution.
247
248TK/03 SECURITY - DKIM signature header parsing was double-expanded, second
249 time unintentionally subject to list matching rules, letting the header
250 cause arbitrary Exim lookups (of items which can occur in lists, *not*
251 arbitrary string expansion). This allowed for information disclosure.
252
253PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to
254 INT_MIN/-1 -- value coerced to INT_MAX.
c8d52a00 255
10906672 256
aa097c4c
NM
257Exim version 4.75
258-----------------
259
4c9ef03a 260NM/01 Workround for PCRE version dependency in version reporting
aa097c4c
NM
261 Bugzilla 1073
262
7f3d9eff
TF
263TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0.
264 This fixes portability to compilers other than gcc, notably
265 Solaris CC and HP-UX CC. Fixes Bugzilla 1050.
266
159f52d2
TF
267TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup
268 makefiles for portability to HP-UX and POSIX correctness.
269
0cc9542a
PP
270PP/01 Permit LOOKUP_foo enabling on the make command-line.
271 Also via indented variable definition in the Makefile.
272 (Debugging by Oliver Heesakkers).
273
f7274286
PP
274PP/02 Restore caching of spamd results with expanded spamd_address.
275 Patch from author of expandable spamd_address patch, Wolfgang Breyha.
276
7b797365
PP
277PP/03 Build issue: lookups-Makefile now exports LC_ALL=C
278 Improves build reliability. Fix from: Frank Elsner
279
caacae52
NM
280NM/02 Fix wide character breakage in the rfc2047 coding
281 Fixes bug 1064. Patch from Andrey N. Oktyabrski
282
09dcaba9
NM
283NM/03 Allow underscore in dnslist lookups
284 Fixes bug 1026. Patch from Graeme Fowler
285
bc19a55b
PP
286PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps).
287 Code patches from Adam Ciarcinski of NetBSD.
caacae52 288
bd4c9759
NM
289NM/04 Fixed exiqgrep to cope with mailq missing size issue
290 Fixes bug 943.
291
b72aab72
PP
292PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which
293 is logged, to avoid truncation. Patch from John Horne.
294
2fe76745
PP
295PP/06 Bugzilla 1042: implement freeze_signal on pipe transports.
296 Patch from Jakob Hirsch.
297
76aa570c
PP
298PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal
299 SQL string expansion failure details.
300 Patch from Andrey Oktyabrski.
301
f1e5fef5
PP
302PP/08 Bugzilla 486: implement %M datestamping in log filenames.
303 Patch from Simon Arlott.
304
4d805ee9
PP
305PP/09 New lookups functionality failed to compile on old gcc which rejects
306 extern declarations in function scope.
307 Patch from Oliver Fleischmann
308
cd59ab18
PP
309PP/10 Use sig_atomic_t for flags set from signal handlers.
310 Check getgroups() return and improve debugging.
311 Fixed developed for diagnosis in bug 927 (which turned out to be
312 a kernel bug).
313
332f5cf3
PP
314PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag.
315 Patch from Mark Zealey.
316
29cfeb94
PP
317PP/12 Bugzilla 1056: Improved spamd server selection.
318 Patch from Mark Zealey.
319
660242ad
PP
320PP/13 Bugzilla 1086: Deal with maildir quota file races.
321 Based on patch from Heiko Schlittermann.
322
bc4bc4c5
PP
323PP/14 Bugzilla 1019: DKIM multiple signature generation fix.
324 Patch from Uwe Doering, sign-off by Michael Haardt.
325
2e64baa9
NM
326NM/05 Fix to spam.c to accommodate older gcc versions which dislike
327 variable declaration deep within a block. Bug and patch from
328 Dennis Davis.
329
bddd7526
PP
330PP/15 lookups-Makefile IRIX compatibilty coercion.
331
6bac1a9a
PP
332PP/16 Make DISABLE_DKIM build knob functional.
333
552193f0
NM
334NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler
335 Patch by Simon Arlott
baeee2c1 336
1b587e48
TF
337TF/03 Fix valgrind.h portability to C89 compilers that do not support
338 variable argument macros. Our copy now differs from upstream.
339
aa097c4c 340
8c07b69f
TF
341Exim version 4.74
342-----------------
343
344TF/01 Failure to get a lock on a hints database can have serious
345 consequences so log it to the panic log.
346
c0ea85ab
TF
347TF/02 Log LMTP confirmation messages in the same way as SMTP,
348 controlled using the smtp_confirmation log selector.
349
0761d44e
TF
350TF/03 Include the error message when we fail to unlink a spool file.
351
0a349494
PP
352DW/01 Bugzilla 139: Support dynamically loaded lookups as modules.
353 With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux
354 for maintaining out-of-tree patches for some time.
355
356PP/01 Bugzilla 139: Documentation and portability issues.
357 Avoid GNU Makefile-isms, let Exim continue to build on BSD.
358 Handle per-OS dynamic-module compilation flags.
359
fea24b2e
PP
360PP/02 Let /dev/null have normal permissions.
361 The 4.73 fixes were a little too stringent and complained about the
362 permissions on /dev/null. Exempt it from some checks.
363 Reported by Andreas M. Kirchwitz.
364
6545de78
PP
365PP/03 Report version information for many libraries, including
366 Exim version information for dynamically loaded libraries. Created
367 version.h, now support a version extension string for distributors
368 who patch heavily. Dynamic module ABI change.
369
1670ef10
PP
370PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
371 privilege escalation vulnerability whereby the Exim run-time user
372 can cause root to append content of the attacker's choosing to
373 arbitrary files.
374
c0886197
PP
375PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
376 (Wolfgang Breyha)
377
b7487bce
PP
378PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
379 If dropping privileges for untrusted macros, we disabled normal logging
380 on the basis that it would fail; for the Exim run-time user, this is not
381 the case, and it resulted in successful deliveries going unlogged.
382 Fixed. Reported by Andreas Metzler.
383
8c07b69f 384
97fd1e48 385Exim version 4.73
ed7f7860 386-----------------
97fd1e48
PP
387
388PP/01 Date: & Message-Id: revert to normally being appended to a message,
389 only prepend for the Resent-* case. Fixes regression introduced in
390 Exim 4.70 by NM/22 for Bugzilla 607.
391
6901c596
PP
392PP/02 Include check_rfc2047_length in configure.default because we're seeing
393 increasing numbers of administrators be bitten by this.
394
a8c8d6b5
JJ
395JJ/01 Added DISABLE_DKIM and comment to src/EDITME
396
77bb000f
PP
397PP/03 Bugzilla 994: added openssl_options main configuration option.
398
a29e5231
PP
399PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
400
ec5a0394 401PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports.
a29e5231 402
55c75993
PP
403PP/06 Adjust NTLM authentication to handle SASL Initial Response.
404
453a6645 405PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
ec5a0394
PP
406 without a peer certificate, leading to a segfault because of an
407 assumption that peers always have certificates. Be a little more
453a6645
PP
408 paranoid. Problem reported by Martin Tscholak.
409
8544e77a
PP
410PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
411 filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
412 NB: ClamAV planning to remove STREAM in "middle of 2010".
3346ab01
PP
413 CL also introduces -bmalware, various -d+acl logging additions and
414 more caution in buffer sizes.
8544e77a 415
83e029d5
PP
416PP/09 Implemented reverse_ip expansion operator.
417
ed7f7860
PP
418PP/10 Bugzilla 937: provide a "debug" ACL control.
419
7d9f747b
PP
420PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne.
421
4b2241d2
PP
422PP/12 Bugzilla 973: Implement --version.
423
10385c15
PP
424PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0.
425
dbc4b90d
PP
426PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.
427
532be449
PP
428PP/15 Bugzilla 816: support multiple condition rules on Routers.
429
6a8de854 430PP/16 Add bool_lax{} expansion operator and use that for combining multiple
71265ae9
PP
431 condition rules, instead of bool{}. Make both bool{} and bool_lax{}
432 ignore trailing whitespace.
6a8de854 433
5dc43717
JJ
434JJ/02 prevent non-panic DKIM error from being sent to paniclog
435
436JJ/03 added tcp_wrappers_daemon_name to allow host entries other than
437 "exim" to be used
55c75993 438
3346ab01
PP
439PP/17 Fix malware regression for cmdline scanner introduced in PP/08.
440 Notification from Dr Andrew Aitchison.
441
491fab4c
PP
442PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's
443 ExtendedDetectionInfo response format.
444 Notification from John Horne.
445
13eb9497
PP
446PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards
447 compatible.
448
449PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http:
450 XSL and documented dependency on system catalogs, with examples of how
451 it normally works.
452
7f36d675
DW
453DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
454 access.
455
c1d94452
DW
456DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
457 of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
458 configuration file which is writeable by the Exim user or group.
459
e2f5dc15
DW
460DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
461 of configuration files to cover files specified with the -C option if
462 they are going to be used with root privileges, not just the default
463 configuration file.
464
cd25e41d
DW
465DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
466 option (effectively making it always true).
467
261dc43e
DW
468DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
469 files to be used while preserving root privileges.
470
fa32850b
DW
471DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
472 that rogue child processes cannot use them.
473
79d4bc3d
PP
474PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim
475 run-time user, instead of root.
476
43236f35 477PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the
2cfd3221
PP
478 Exim run-time user without dropping privileges.
479
fb08281f
DW
480DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
481 result string, instead of calling string_vformat() twice with the same
482 arguments.
3346ab01 483
74935b98
DW
484DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not
485 for other users. Others should always drop root privileges if they use
486 -C on the command line, even for a whitelisted configure file.
487
90b6341f
DW
488DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes.
489
57730b52
ML
490NM/01 Fixed bug #1002 - Message loss when using multiple deliveries
491
66581d1e 492
465e92cf
JJ
493Exim version 4.72
494-----------------
495
453a6645
PP
496JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
497 $data_path, and $header_path variables; fixed documentation bugs and
498 typos
465e92cf 499
453a6645
PP
500JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
501 exipick to access non-standard spools, including the "frozen" queue
502 (Finput)
edae0343 503
9bd3e22c
NM
504NM/01 Bugzilla 965: Support mysql stored procedures.
505 Patch from Alain Williams
506
bb576ff7
NM
507NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD
508
5a1a5845
NM
509NM/03 Bugzilla 955: Documentation fix for max_rcpts.
510 Patch from Andreas Metzler
511
981a9fad
NM
512NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator.
513 Patch from Kirill Miazine
514
7fc497ee
NM
515NM/05 Bugzilla 671: Added umask to procmail example.
516
1a41defa
JJ
517JJ/03 installed exipick 20100323.0, fixing doc bug
518
a466095c 519NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail
b26eacf1 520 directory. Notification and patch from Dan Rosenberg.
a466095c 521
94a6bd0b
NM
522TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1.
523
524TK/02 Improve log output when DKIM signing operation fails.
525
526MH/01 Treat the transport option dkim_domain as a colon separated
527 list, not as a single string, and sign the message with each element,
528 omitting multiple occurences of the same signer.
529
c1b141a8
NM
530NM/07 Null terminate DKIM strings, Null initialise DKIM variable
531 Bugzilla 985, 986. Patch by Simon Arlott
94a6bd0b 532
b26eacf1 533NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related)
0d0c6357
NM
534 Patch by Simon Arlott
535
179c5980 536PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on
b26eacf1 537 MBX locking. Notification from Dan Rosenberg.
179c5980 538
9bd3e22c 539
7c6d71af
NM
540Exim version 4.71
541-----------------
542
7d9f747b 543TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body.
7c6d71af 544
f013fb92
NM
545NM/01 Bugzilla 913: Documentation fix for gnutls_* options.
546
0eb8eedd
NM
547NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults.
548
663ee6d9
NM
549NM/03 Bugzilla 847: Enable DNSDB lookup by default.
550
177ebd9b
NM
551NM/04 Bugzilla 915: Flag broken perl installation during build.
552
7c6d71af 553
210f147e
NM
554Exim version 4.70
555-----------------
556
cdd3bb85 557TK/01 Added patch by Johannes Berg that expands the main option
e739e3d9 558 "spamd_address" if it starts with a dollar sign.
cdd3bb85
TK
559
560TK/02 Write list of recipients to X-Envelope-Sender header when building
561 the mbox-format spool file for content scanning (suggested by Jakob
7d9f747b 562 Hirsch).
cdd3bb85
TK
563
564TK/03 Added patch by Wolfgang Breyha that adds experimental DCC
565 (http://www.dcc-servers.net/) support via dccifd. Activated by
e739e3d9 566 setting EXPERIMENTAL_DCC=yes in Local/Makefile.
cdd3bb85
TK
567
568TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted
569 by Mark Daniel Reidel <mr@df.eu>.
570
210f147e
NM
571NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree.
572 When building exim an external PCRE library is now needed -
573 PCRE is a system library on the majority of modern systems.
574 See entry on PCRE_LIBS in EDITME file.
575
deafd5b3
NM
576NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator
577 conversation. Added nologin parameter to request.
7d9f747b 578 Patch contributed by Kirill Miazine.
deafd5b3 579
089793a4
TF
580TF/01 Do not log submission mode rewrites if they do not change the address.
581
5f16ca82
TF
582TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c.
583
dae9d94e 584NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty
7d9f747b 585 log files in place. Contributed by Roberto Lima.
dae9d94e 586
7d9f747b 587NM/04 Bugzilla 667: Close socket used by dovecot authenticator.
3f0da4d0 588
06864c44
TF
589TF/03 Bugzilla 615: When checking the local_parts router precondition
590 after a local_part_suffix or local_part_prefix option, Exim now
591 does not use the address's named list lookup cache, since this
592 contains cached lookups for the whole local part.
593
65a7d8c3 594NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by
7d9f747b 595 Robert Millan. Documentation is in experimental-spec.txt.
65a7d8c3 596
23510047 597TF/04 Bugzilla 668: Fix parallel build (make -j).
65a7d8c3 598
7d9f747b 599NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000.
5f28a6e8 600
7d8eec3a 601NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling.
7d9f747b 602 Patch provided by Jan Srzednicki.
6c588e74 603
89dec7b6
TF
604TF/05 Leading white space used to be stripped from $spam_report which
605 wrecked the formatting. Now it is preserved.
5f28a6e8 606
a99de90c
TF
607TF/06 Save $spam_score, $spam_bar, and $spam_report in spool files, so
608 that they are available at delivery time.
609
e2803e40
TF
610TF/07 Fix the way ${extract is skipped in the untaken branch of a conditional.
611
7199e1ee
TF
612TF/08 TLS error reporting now respects the incoming_interface and
613 incoming_port log selectors.
614
e276e04b
TF
615TF/09 Produce a more useful error message if an SMTP transport's hosts
616 setting expands to an empty string.
617
ce552449 618NM/06 Bugzilla 744: EXPN did not work under TLS.
7d9f747b 619 Patch provided by Phil Pennock.
ce552449 620
e765a0f1 621NM/07 Bugzilla 769: Extraneous comma in usage fprintf
7d9f747b 622 Patch provided by Richard Godbee.
e765a0f1 623
4f054c63 624NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be
447de4b0 625 acl_smtp_notquit, added index entry.
4f054c63 626
7d9f747b
PP
627NM/09 Bugzilla 787: Potential buffer overflow in string_format.
628 Patch provided by Eugene Bujak.
24c929a2 629
7d9f747b
PP
630NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to
631 accept(). Patch provided by Maxim Dounin.
cf73943b 632
b52bc06e 633NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero.
7d9f747b 634 Patch provided by Phil Pennock.
b52bc06e 635
447de4b0
NM
636NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists.
637
4c69d561 638NM/13 Bugzilla 590: Correct handling of Resent-Date headers.
7d9f747b 639 Patch provided by Brad "anomie" Jorsch.
4c69d561 640
d5c39246 641NM/14 Bugzilla 622: Added timeout setting to transport filter.
7d9f747b 642 Patch provided by Dean Brooks.
9b989985 643
0b23848a
TK
644TK/05 Add native DKIM support (does not depend on external libraries).
645
8f3414a1 646NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful.
7d9f747b 647 Patch provided by Graeme Fowler.
e2aacdfd 648
fb6f955d
NM
649NM/16 Bugzilla 851: Documentation example syntax fix.
650
651NM/17 Changed NOTICE file to remove references to embedded PCRE.
8f3414a1 652
7d9f747b
PP
653NM/18 Bugzilla 894: Fix issue with very long lines including comments in
654 lsearch.
dbb0bf41 655
7d9f747b
PP
656NM/19 Bugzilla 745: TLS version reporting.
657 Patch provided by Phil Pennock.
f3766eb5 658
7d9f747b
PP
659NM/20 Bugzilla 167: bool: condition support.
660 Patch provided by Phil Pennock.
36f12725 661
7d9f747b
PP
662NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken
663 clients. Patch provided by Phil Pennock.
e6060e2c 664
7d9f747b
PP
665NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date.
666 Patch provided by Brad "anomie" Jorsch.
5eb690a1 667
7d9f747b
PP
668NM/23 Bugzilla 687: Fix misparses in eximstats.
669 Patch provided by Heiko Schlittermann.
d5c13d66 670
7d9f747b
PP
671NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid.
672 Patch provided by Heiko Schlittermann.
b2335c0b 673
7d9f747b 674NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file.
1da77999 675 plus update to original patch.
f4cd9433 676
7d9f747b 677NM/26 Bugzilla 799: Documentation correction for ratelimit.
dc988b7e 678
7d9f747b
PP
679NM/27 Bugzilla 802: Improvements to local interface IP addr detection.
680 Patch provided by David Brownlee.
8dc71ab3 681
7d9f747b 682NM/28 Bugzilla 807: Improvements to LMTP delivery logging.
400eda43 683
7d9f747b 684NM/29 Bugzilla 862, 866, 875: Documentation bugfixes.
ec5a421b 685
7d9f747b 686NM/30 Bugzilla 888: TLS documentation bugfixes.
07af267e 687
7d9f747b 688NM/31 Bugzilla 896: Dovecot buffer overrun fix.
51473862 689
17792b53 690NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --"
7d9f747b 691 Unlike the original bugzilla I have changed all shell scripts in src tree.
17792b53 692
7d9f747b
PP
693NM/33 Bugzilla 898: Transport filter timeout fix.
694 Patch by Todd Rinaldo.
52383f8f 695
7d9f747b
PP
696NM/34 Bugzilla 901: Fix sign/unsigned and UTF mistmatches.
697 Patch by Serge Demonchaux.
5ca6d115 698
7d9f747b
PP
699NM/35 Bugzilla 39: Base64 decode bug fixes.
700 Patch by Jakob Hirsch.
baee9eee 701
7d9f747b 702NM/36 Bugzilla 909: Correct connect() call in dcc code.
e93a964c 703
7d9f747b 704NM/37 Bugzilla 910: Correct issue with relaxed/simple handling.
9bf3d68f 705
7d9f747b 706NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed.
96535b98 707
7d9f747b 708NM/39 Bugzilla 911: Fixed MakeLinks build script.
30339e0f 709
deafd5b3 710
47db1125
NM
711Exim version 4.69
712-----------------
713
4b3504d0
TK
714TK/01 Add preliminary DKIM support. Currently requires a forked version of
715 ALT-N's libdkim that I have put here:
716 http://duncanthrax.net/exim-experimental/
717
718 Note to Michael Haardt: I had to rename some vars in sieve.c. They
719 were called 'true' and it seems that C99 defines that as a reserved
720 keyword to be used with 'bool' variable types. That means you could
721 not include C99-style headers which use bools without triggering
722 build errors in sieve.c.
723
81ea09ca
NM
724NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
725 as mailq or other aliases. Changed the --help handling significantly
726 to do whats expected. exim_usage() emits usage/help information.
727
f13cddcb
SC
728SC/01 Added the -bylocaldomain option to eximstats.
729
7d9f747b 730NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr.
8ad076b2 731
7d9f747b 732NM/03 Bugzilla 613: Documentation fix for acl_not_smtp.
a843aaa6 733
7d9f747b 734NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall).
47db1125
NM
735
736
eb4c0de6
PH
737Exim version 4.68
738-----------------
739
740PH/01 Another patch from the Sieve maintainer.
741
6a3bceb1
PH
742PH/02 When an IPv6 address is converted to a string for single-key lookup
743 in an address list (e.g. for an item such as "net24-dbm;/net/works"),
744 dots are used instead of colons so that keys in lsearch files need not
745 contain colons. This was done some time before quoting was made available
746 in lsearch files. However, iplsearch files do require colons in IPv6 keys
747 (notated using the quote facility) so as to distinguish them from IPv4
748 keys. This meant that lookups for IP addresses in host lists did not work
749 for iplsearch lookups.
750
751 This has been fixed by arranging for IPv6 addresses to be expressed with
752 colons if the lookup type is iplsearch. This is not incompatible, because
753 previously such lookups could never work.
754
755 The situation is now rather anomolous, since one *can* have colons in
756 ordinary lsearch keys. However, making the change in all cases is
757 incompatible and would probably break a number of configurations.
758
2e30fa9d
TK
759TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
760 version.
761
0806a9c5
MH
762MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
763 conversion specification without a maximum field width, thereby enabling
764 a rogue spamd server to cause a buffer overflow. While nobody in their
765 right mind would setup Exim to query an untrusted spamd server, an
766 attacker that gains access to a server running spamd could potentially
767 exploit this vulnerability to run arbitrary code as the Exim user.
768
ae276964
TK
769TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
770 $primary_hostname instead of what libspf2 thinks the hosts name is.
771
0f2cbd1b
MH
772MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
773 a directory entry by the name of the lookup key. Previously, if a
774 symlink pointed to a non-existing file or a file in a directory that
775 Exim lacked permissions to read, a lookup for a key matching that
776 symlink would fail. Now it is enough that a matching directory entry
777 exists, symlink or not. (Bugzilla 503.)
778
2b85bce7
PH
779PH/03 The body_linecount and body_zerocount variables are now exported in the
780 local_scan API.
781
93655c46
PH
782PH/04 Added the $dnslist_matched variable.
783
6c512171
PH
784PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
785 This means they are set thereafter only if the connection becomes
786 encrypted.
787
788PH/06 Added the client_condition to authenticators so that some can be skipped
789 by clients under certain conditions.
790
aa6dc513
PH
791PH/07 The error message for a badly-placed control=no_multiline_responses left
792 "_responses" off the end of the name.
793
a96603a0
PH
794PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
795
8f240103
PH
796PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
797 (without spaces) instead of just copying the configuration text.
798
799PH/10 Added the /noupdate option to the ratelimit ACL condition.
800
d677b2f2
PH
801PH/11 Added $max_received_linelength.
802
d52120f2
PH
803PH/12 Added +ignore_defer and +include_defer to host lists.
804
64f2600a
PH
805PH/13 Installed PCRE version 7.2. This needed some changes because of the new
806 way in which PCRE > 7.0 is built.
807
8669f003
PH
808PH/14 Implemented queue_only_load_latch.
809
a4dc33a8
PH
810PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
811 MAIL command. The effect was to mangle the value on 64-bit systems.
812
d6a60c0f
PH
813PH/16 Another patch from the Sieve maintainer.
814
8f128379
PH
815PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
816
8932dffe
PH
817PH/18 If a system quota error occurred while trying to create the file for
818 a maildir delivery, the message "Mailbox is full" was not appended to the
819 bounce if the delivery eventually timed out. Change 4.67/27 below applied
820 only to a quota excession during the actual writing of the file.
d6a60c0f 821
ddea74fa 822PH/19 It seems that peer DN values may contain newlines (and other non-printing
48ed62d9
PH
823 characters?) which causes problems in log lines. The DN values are now
824 passed through string_printing() before being added to log lines.
825
ddea74fa 826PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
b7670459
PH
827 and InterBase are left for another time.)
828
ddea74fa
PH
829PH/21 Added message_body_newlines option.
830
ce9f225c
PH
831PH/22 Guard against possible overflow in moan_check_errorcopy().
832
19897d52
PH
833PH/23 POSIX allows open() to be a macro; guard against that.
834
bc64a74d
PH
835PH/24 If the recipient of an error message contained an @ in the local part
836 (suitably quoted, of course), incorrect values were put in $domain and
837 $local_part during the evaluation of errors_copy.
838
eb4c0de6 839
b4ed4da0
PH
840Exim version 4.67
841-----------------
842
22ad45c9
MH
843MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address
844 is unset (happens when testing with -bh and -oMi isn't used). Thanks to
845 Jan Srzednicki.
846
b4ed4da0
PH
847PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not
848 issue a MAIL command.
849
431b7361
PH
850PH/02 In an ACL statement such as
851
852 deny dnslists = X!=127.0.0.2 : X=127.0.0.2
853
854 if a client was not listed at all, or was listed with a value other than
855 127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list,
856 the condition was not true (as it should be), so access was not denied.
857 The bug was that the ! inversion was incorrectly passed on to the second
858 item. This has been fixed.
859
860PH/03 Added additional dnslists conditions == and =& which are different from
861 = and & when the dns lookup returns more than one IP address.
862
83da1223
PH
863PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the
864 cipher suites used by GnuTLS. These options are ignored by OpenSSL.
865
54fc8428
PH
866PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_
867 FSYNC, which compiles an option called disable_fsync that allows for
868 bypassing fsync(). The documentation is heavily laced with warnings.
869
34c5e8dd
SC
870SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket.
871
bbe15da8
PH
872PH/06 Some tidies to the infrastructure of the Test Suite that is concerned
873 with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT
874 to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile,
875 including adding "make clean"; (3) Added -fPIC when compiling the test
876 dynamically loaded module, to get rid of a warning.
877
0e8a9471
MH
878MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce
879 message fails, move_frozen_messages = true and ignore_bounce_errors_after
880 = 0s. The bug is otherwise harmless.
881
f0872424
PH
882PH/07 There was a bug in the dovecot authenticator such that the value of
883 $auth1 could be overwritten, and so not correctly preserved, after a
884 successful authentication. This usually meant that the value preserved by
885 the server_setid option was incorrect.
886
b01dd148
PH
887PH/08 Added $smtp_count_at_connection_start, deliberately with a long name.
888
6bf342e1
PH
889PH/09 Installed PCRE release 7.0.
890
273f34d0
PH
891PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being
892 run for batched SMTP input. It is now run at the start of every message
893 in the batch. While fixing this I discovered that the process information
894 (output by running exiwhat) was not always getting set for -bs and -bS
895 input. This is fixed, and it now also says "batched" for BSMTP.
896
cf8b11a5
PH
897PH/11 Added control=no_pipelining.
898
41c7c167
PH
899PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's
900 patch, slightly modified), and move the expansion of helo_data till after
901 the connection is made in the smtp transport (so it can use these
902 values).
903
9c57cbc0
PH
904PH/13 Added ${rfc2047d: to decoded RFC 2047 strings.
905
f3f065bb
PH
906PH/14 Added log_selector = +pid.
907
047bdd8c
PH
908PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set.
909
0ce9abe6
PH
910PH/16 Add ${if forany and ${if forall.
911
0e22dfd1
PH
912PH/17 Added dsn_from option to vary the From: line in DSNs.
913
4c590bd1
PH
914PH/18 Flush SMTP output before performing a callout, unless control =
915 no_callout_flush is set.
916
09945f1e
PH
917PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender
918 was true (the default) a successful delivery failed to delete the retry
919 item, thus causing premature timeout of the address. The bug is now
920 fixed.
921
c51b8e75
PH
922PH/20 Added hosts_avoid_pipelining to the smtp transport.
923
e28326d8
PH
924PH/21 Long custom messages for fakedefer and fakereject are now split up
925 into multiline reponses in the same way that messages for "deny" and
926 other ACL rejections are.
927
75b1493f
PH
928PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep,
929 with slight modification.
930
7c5214ec
PH
931PH/23 Applied sieve patches from the maintainer "tracking the latest notify
932 draft, changing the syntax and factoring some duplicate code".
933
4311097e
PH
934PH/24 When the log selector "outgoing_port" was set, the port was shown as -1
935 for deliveries of the second and subsequent messages over the same SMTP
936 connection.
937
29f89cad
PH
938PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and
939 ${reduce, with only minor "tidies".
940
5e687460
SC
941SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match.
942
c3611384
PH
943PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its
944 expansion side effects.
945
5a11a7b4
PH
946PH/27 When a message times out after an over-quota error from an Exim-imposed
947 quota, the bounce message says "mailbox is full". This message was not
948 being given when it was a system quota that was exceeded. It now should
949 be the same.
950
0e20aff9
MH
951MH/03 Made $recipients available in local_scan(). local_scan() already has
952 better access to the recipient list through recipients_list[], but
953 $recipients can be useful in postmaster-provided expansion strings.
954
ca86f471
PH
955PH/28 The $smtp_command and $smtp_command_argument variables were not correct
956 in the case of a MAIL command with additional options following the
957 address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings
958 were accidentally chopped off.
959
a14e5636
PH
960PH/29 SMTP synchronization checks are implemented when a command is read -
961 there is a check that no more input is waiting when there shouldn't be
962 any. However, for some commands, a delay in an ACL can mean that it is
963 some time before the response is written. In this time, more input might
964 arrive, invalidly. So now there are extra checks after an ACL has run for
965 HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when
966 pipelining has not been advertised.
967
ec95d1a6
PH
968PH/30 MH's patch to allow iscntrl() characters to be list separators.
969
42855d71
PH
970PH/31 Unlike :fail:, a custom message specified with :defer: was not being
971 returned in the SMTP response when smtp_return_error_details was false.
972 This has been fixed.
973
57c2c631
PH
974PH/32 Change the Dovecot authenticator to use read() and write() on the socket
975 instead of the C I/O that was originally supplied, because problems were
976 reported on Solaris.
977
58c01c94
PH
978PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in
979 Exim which did not show up earlier: it was assuming that a call to
980 SSL_CTX_set_info_callback() might give an error value. In fact, there is
981 no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback()
982 was a macro that became an assignment, so it seemed to work. This has
983 changed to a proper function call with a void return, hence the compile
984 error. Exim's code has been fixed.
985
dee5a20a
PH
986PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit
987 cpus.
988
d2ee6114
PH
989PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify".
990
b2d5182b
PH
991PH/36 Applied John Jetmore's patch to add -v functionality to exigrep.
992
79749a79
PH
993PH/37 If a message is not accepted after it has had an id assigned (e.g.
994 because it turns out to be too big or there is a timeout) there is no
3ce62588
PH
995 "Completed" line in the log. When some messages of this type were
996 selected by exigrep, they were listed as "not completed". Others were
997 picked up by some special patterns. I have improved the selection
998 criteria to be more general.
79749a79 999
c456d9bb
PH
1000PH/38 The host_find_failed option in the manualroute router can now be set
1001 to "ignore", to completely ignore a host whose IP address cannot be
1002 found. If all hosts are ignored, the behaviour is controlled by the new
1003 host_all_ignored option.
1004
cd9868ec
PH
1005PH/39 In a list of hosts for manualroute, if one item (either because of multi-
1006 homing or because of multiple MX records with /mx) generated more than
1007 one IP address, and the following item turned out to be the local host,
1008 all the secondary addresses of the first item were incorrectly removed
1009 from the list, along with the local host and any following hosts (which
1010 is what is supposed to happen).
1011
ebeaf996
PH
1012PH/40 When Exim receives a message, it writes the login name, uid, and gid of
1013 whoever called Exim into the -H file. In the case of the daemon it was
1014 behaving confusingly. When first started, it used values for whoever
1015 started the daemon, but after a SIGHUP it used the Exim user (because it
1016 calls itself on a restart). I have changed the code so that it now always
1017 uses the Exim user.
1018
2679d413
PH
1019PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a
1020 message are rejected with the same error (e.g. no authentication or bad
1021 sender address), and a DATA command is nevertheless sent (as can happen
1022 with PIPELINING or a stupid MUA), the error message that was given to the
1023 RCPT commands is included in the rejection of the DATA command. This is
1024 intended to be helpful for MUAs that show only the final error to their
1025 users.
1026
84024b72
PH
1027PH/42 Another patch from the Sieve maintainer.
1028
8005d38e
SC
1029SC/02 Eximstats - Differentiate between permanent and temporary rejects.
1030 Eximstats - Fixed some broken HTML links and added missing column headers
1031 (Jez Hancock).
1032 Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email
1033 columns for Rejects, Temp Rejects, Ham, and Spam rows.
1034
3298c6c6
SC
1035SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables.
1036
a43a27c5
PH
1037PH/43 Yet another patch from the Sieve maintainer.
1038
58eb016e 1039PH/44 I found a way to check for a TCP/IP connection going away before sending
563b63fa
PH
1040 the response to the final '.' that terminates a message, but only in the
1041 case where the client has not sent further data following the '.'
1042 (unfortunately, this is allowed). However, in many cases there won't be
1043 any further data because there won't be any more messages to send. A call
1044 to select() can be used: if it shows that the input is "ready", there is
1045 either input waiting, or the socket has been closed. An attempt to read
1046 the next input character can distinguish the two cases. Previously, Exim
58eb016e 1047 would have sent an OK response which the client would never have see.
563b63fa
PH
1048 This could lead to message repetition. This fix should cure that, at
1049 least in a lot of common cases.
58eb016e 1050
b43a74ea
PH
1051PH/45 Do not advertise STARTTLS in response to HELP unless it would be
1052 advertised in response to EHLO.
1053
b4ed4da0 1054
5dd1517f
PH
1055Exim version 4.66
1056-----------------
1057
1058PH/01 Two more bugs that were introduced by 4.64/PH/07, in addition to the one
1059 fixed by 4.65/MH/01 (is this a record?) are fixed:
1060
1061 (i) An empty string was always treated as zero by the numeric comparison
1062 operators. This behaviour has been restored.
1063
1064 (ii) It is documented that the numeric comparison operators always treat
1065 their arguments as decimal numbers. This was broken in that numbers
1066 starting with 0 were being interpreted as octal.
1067
1068 While fixing these problems I realized that there was another issue that
1069 hadn't been noticed. Values of message_size_limit (both the global option
1070 and the transport option) were treated as octal if they started with 0.
1071 The documentation was vague. These values are now always treated as
1072 decimal, and I will make that clear in the documentation.
1073
1074
93cfa765
TK
1075Exim version 4.65
1076-----------------
1077
1078TK/01 Disable default definition of HAVE_LINUX_SENDFILE. Clashes with
1079 Linux large file support (_FILE_OFFSET_BITS=64) on older glibc
1080 versions. (#438)
1081
d6066548
MH
1082MH/01 Don't check that the operands of numeric comparison operators are
1083 integers when their expansion is in "skipping" mode (fixes bug
1084 introduced by 4.64-PH/07).
1085
4362ff0d
PH
1086PH/01 If a system filter or a router generates more than SHRT_MAX (32767)
1087 child addresses, Exim now panics and dies. Previously, because the count
1088 is held in a short int, deliveries were likely to be lost. As such a
1089 large number of recipients for a single message is ridiculous
1090 (performance will be very, very poor), I have chosen to impose a limit
1091 rather than extend the field.
1092
93cfa765 1093
944e9e9c
TF
1094Exim version 4.64
1095-----------------
aa41d2de 1096
21d74bd9
TK
1097TK/01 Bugzilla #401. Fix DK spooling code so that it can overwrite a
1098 leftover -K file (the existence of which was triggered by #402).
1099 While we were at it, introduced process PID as part of the -K
1100 filename. This should rule out race conditions when creating
1101 these files.
1102
1103TK/02 Bugzilla #402. Apply patch from Simon Arlott, speeding up DK signing
1104 processing considerably. Previous code took too long for large mails,
1105 triggering a timeout which in turn triggers #401.
1106
1107TK/03 Introduced HAVE_LINUX_SENDFILE to os.h-Linux. Currently only used
1108 in the DK code in transports.c. sendfile() is not really portable,
1109 hence the _LINUX specificness.
944e9e9c
TF
1110
1111TF/01 In the add_headers option to the mail command in an Exim filter,
1112 there was a bug that Exim would claim a syntax error in any
1113 header after the first one which had an odd number of characters
1114 in the field name.
1115
2b1c6e3a
PH
1116PH/01 If a server that rejects MAIL FROM:<> was the target of a sender
1117 callout verification, Exim cached a "reject" for the entire domain. This
1118 is correct for most verifications, but it is not correct for a recipient
1119 verification with use_sender or use_postmaster set, because in that case
1120 the callout does not use MAIL FROM:<>. Exim now distinguishes the special
1121 case of MAIL FROM:<> rejection from other early rejections (e.g.
1122 rejection of HELO). When verifying a recipient using a non-null MAIL
1123 address, the cache is ignored if it shows MAIL FROM:<> rejection.
1124 Whatever the result of the callout, the value of the domain cache is
1125 left unchanged (for any other kind of callout, getting as far as trying
1126 RCPT means that the domain itself is ok).
1127
1f872c80
PH
1128PH/02 Tidied a number of unused variable and signed/unsigned warnings that
1129 gcc 4.1.1 threw up.
1130
1131PH/03 On Solaris, an unexpectedly close socket (dropped connection) can
1132 manifest itself as EPIPE rather than ECONNECT. When tidying away a
1133 session, the daemon ignores ECONNECT errors and logs others; it now
1134 ignores EPIPE as well.
1135
d203e649
PH
1136PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c
1137 (quoted-printable decoding).
1138
cc2ed8f7 1139PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and
21a04aa3 1140 later the small subsequent patch to fix an introduced bug.
f951fd57 1141
ddfcd446
PH
1142PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer.
1143
d45b1de8
PH
1144PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}.
1145
1146PH/08 An error is now given if message_size_limit is specified negative.
1147
38a0a95f 1148PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables
641cb756 1149 to be given (somewhat) arbitrary names.
38a0a95f 1150
a2405d83
JJ
1151JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced
1152 in 4.64-PH/09.
1153
1154JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions,
1155 miscellaneous code fixes
1156
6ea85e9a
PH
1157PH/10 Added the log_reject_target ACL modifier to specify where to log
1158 rejections.
1159
26da7e20
PH
1160PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_
1161 hostname. This is wrong, because it relates to the incoming message (and
1162 probably the interface on which it is arriving) and not to the outgoing
1163 callout (which could be using a different interface). This has been
1164 changed to use the value of the helo_data option from the smtp transport
1165 instead - this is what is used when a message is actually being sent. If
1166 there is no remote transport (possible with a router that sets up host
1167 addresses), $smtp_active_hostname is used.
6ea85e9a 1168
14aa5a05 1169PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various
7befa435 1170 tweaks were necessary in order to get it to work (see also 21 below):
14aa5a05
PH
1171 (a) The code assumed that strncpy() returns a negative number on buffer
1172 overflow, which isn't the case. Replaced with Exim's string_format()
1173 function.
1174 (b) There were several signed/unsigned issues. I just did the minimum
1175 hacking in of casts. There is scope for a larger refactoring.
1176 (c) The code used strcasecmp() which is not a standard C function.
1177 Replaced with Exim's strcmpic() function.
1178 (d) The code set only $1; it now sets $auth1 as well.
1179 (e) A simple test gave the error "authentication client didn't specify
1180 service in request". It would seem that Dovecot has changed its
1181 interface. Fortunately there's a specification; I followed it and
1182 changed what the client sends and it appears to be working now.
1183
ff75a1f7
PH
1184PH/13 Added $message_headers_raw to provide the headers without RFC 2047
1185 decoding.
1186
e6f6568e
PH
1187PH/14 Corrected misleading output from -bv when -v was also used. Suppose the
1188 address A is aliased to B and C, where B exists and C does not. Without
1189 -v the output is "A verified" because verification stops after a
1190 successful redirection if more than one address is generated. However,
1191 with -v the child addresses are also verified. Exim was outputting "A
1192 failed to verify" and then showing the successful verification for C,
1193 with its parentage. It now outputs "B failed to verify", showing B's
1194 parentage before showing the successful verification of C.
1195
d6f6e0dc
PH
1196PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to
1197 look up a TXT record in a specific list after matching in a combined
1198 list.
1199
322050c2
PH
1200PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and
1201 RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when
1202 they consult the DNS. I had assumed they would set it the way they
1203 wanted; and indeed my experiments on Linux seem to show that in some
1204 cases they do (I could influence IPv6 lookups but not IPv4 lookups).
1205 To be on the safe side, however, I have now made the interface to
1206 host_find_byname() similar to host_find_bydns(), with an argument
1207 containing the DNS resolver options. The host_find_byname() function now
1208 sets these options at its start, just as host_find_bydns() does. The smtp
1209 transport options dns_qualify_single and dns_search_parents are passed to
1210 host_find_byname() when gethostbyname=TRUE in this transport. Other uses
1211 of host_find_byname() use the default settings of RES_DEFNAMES
1212 (qualify_single) but not RES_DNSRCH (search_parents).
1213
08955dd3
PH
1214PH/17 Applied (a modified version of) Nico Erfurth's patch to make
1215 spool_read_header() do less string testing, by means of a preliminary
1216 switch on the second character of optional "-foo" lines. (This is
1217 overdue, caused by the large number of possibilities that now exist.
1218 Originally there were few.) While I was there, I also converted the
1219 str(n)cmp tests so they don't re-test the leading "-" and the first
1220 character, in the hope this might squeeze out yet more improvement.
1221
1eccaa59
PH
1222PH/18 Two problems with "group" syntax in header lines when verifying: (1) The
1223 flag allowing group syntax was set by the header_syntax check but not
1224 turned off, possible causing trouble later; (2) The flag was not being
1225 set at all for the header_verify test, causing "group"-style headers to
1226 be rejected. I have now set it in this case, and also caused header_
1227 verify to ignore an empty address taken from a group. While doing this, I
1228 came across some other cases where the code for allowing group syntax
1229 while scanning a header line wasn't quite right (mostly, not resetting
1230 the flag correctly in the right place). These bugs could have caused
1231 trouble for malformed header lines. I hope it is now all correct.
1232
602e59e5
PH
1233PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called
1234 with the "reply" argument non-NULL. The code, however (which originally
1235 came from elsewhere) had *some* tests for NULL when it wrote to *reply,
1236 but it didn't always do it. This confused somebody who was copying the
1237 code for some other use. I have removed all the tests.
1238
411ef850
PH
1239PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a
1240 feature that was used to support insecure browsers during the U.S. crypto
1241 embargo. It requires special client support, and Exim is probably the
1242 only MTA that supported it -- and would never use it because real RSA is
1243 always available. This code has been removed, because it had the bad
1244 effect of slowing Exim down by computing (never used) parameters for the
1245 RSA_EXPORT functionality.
1246
7befa435
PH
1247PH/21 On the advice of Timo Sirainen, added a check to the dovecot
1248 authenticator to fail if there's a tab character in the incoming data
1249 (there should never be unless someone is messing about, as it's supposed
1250 to be base64-encoded). Also added, on Timo's advice, the "secured" option
1251 if the connection is using TLS or if the remote IP is the same as the
1252 local IP, and the "valid-client-cert option" if a client certificate has
1253 been verified.
1254
48da4259 1255PH/22 As suggested by Dennis Davis, added a server_condition option to *all*
16ff981e
PH
1256 authenticators. This can be used for authorization after authentication
1257 succeeds. (In the case of plaintext, it servers for both authentication
1258 and authorization.)
1259
48da4259
PH
1260PH/23 Testing for tls_required and lost_connection in a retry rule didn't work
1261 if any retry times were supplied.
1262
d1d5595c
PH
1263PH/24 Exim crashed if verify=helo was activated during an incoming -bs
1264 connection, where there is no client IP address to check. In this
1265 situation, the verify now always succeeds.
1266
0ef732d9
PH
1267PH/25 Applied John Jetmore's -Mset patch.
1268
328895cc
PH
1269PH/26 Added -bem to be like -Mset, but loading a message from a file.
1270
fd700877
PH
1271PH/27 In a string expansion for a processed (not raw) header when multiple
1272 headers of the same name were present, leading whitespace was being
1273 removed from all of them, but trailing whitespace was being removed only
1274 from the last one. Now trailing whitespace is removed from each header
f6c332bd
PH
1275 before concatenation. Completely empty headers in a concatenation (as
1276 before) are ignored.
fd700877 1277
8dce1a6f
PH
1278PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John
1279 Jetmore). It would have mis-read ACL variables from pre-4.61 spool files.
1280
17af4a17
PH
1281PH/29 [Removed. This was a change that I later backed out, and forgot to
1282 correct the ChangeLog entry (that I had efficiently created) before
1283 committing the later change.]
f6c332bd
PH
1284
1285PH/30 Exim was sometimes attempting to deliver messages that had suffered
1286 address errors (4xx response to RCPT) over the same connection as other
1287 messages routed to the same hosts. Such deliveries are always "forced",
1288 so retry times are not inspected. This resulted in far too many retries
1289 for the affected addresses. The effect occurred only when there were more
1290 hosts than the hosts_max_try setting in the smtp transport when it had
1291 the 4xx errors. Those hosts that it had tried were not added to the list
1292 of hosts for which the message was waiting, so if all were tried, there
1293 was no problem. Two fixes have been applied:
1294
1295 (i) If there are any address or message errors in an SMTP delivery, none
1296 of the hosts (tried or untried) are now added to the list of hosts
1297 for which the message is waiting, so the message should not be a
1298 candidate for sending over the same connection that was used for a
1299 successful delivery of some other message. This seems entirely
1300 reasonable: after all the message is NOT "waiting for some host".
1301 This is so "obvious" that I'm not sure why it wasn't done
1302 previously. Hope I haven't missed anything, but it can't do any
1303 harm, as the worst effect is to miss an optimization.
1304
1305 (ii) If, despite (i), such a delivery is accidentally attempted, the
1306 routing retry time is respected, so at least it doesn't keep
1307 hammering the server.
1308
c1114884
PH
1309PH/31 Installed Andrew Findlay's patch to close the writing end of the socket
1310 in ${readsocket because some servers need this prod.
1311
7a0743eb
PH
1312PH/32 Added some extra debug output when updating a wait-xxx database.
1313
0d85fa3f
PH
1314PH/33 The hint "could be header name not terminated by colon", which has been
1315 given for certain expansion errors for a long time, was not being given
1316 for the ${if def:h_colon_omitted{... case.
1317
1bf43b78
PH
1318PH/34 The spec says: "With one important exception, whenever a domain list is
1319 being scanned, $domain contains the subject domain." There was at least
1320 one case where this was not true.
1321
520de300
PH
1322PH/35 The error "getsockname() failed: connection reset by peer" was being
1323 written to the panic log as well as the main log, but it isn't really
1324 panic-worthy as it just means the connection died rather early on. I have
1325 removed the panic log writing for the ECONNRESET error when getsockname()
1326 fails.
1327
48c7f9e2
PH
1328PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue
1329 runs only) independently of the message's sender address. This meant
1330 that, if the 4xx error was in fact related to the sender, a different
1331 message to the same recipient with a different sender could confuse
1332 things. In particualar, this can happen when sending to a greylisting
1333 server, but other circumstances could also provoke similar problems.
1334 I have changed the default so that the retry time for these errors is now
1335 based a combination of the sender and recipient addresses. This change
1336 can be overridden by setting address_retry_include_sender=false in the
1337 smtp transport.
1338
99ea1c86
PH
1339PH/37 For LMTP over TCP/IP (the smtp transport), error responses from the
1340 remote server are returned as part of bounce messages. This was not
1341 happening for LMTP over a pipe (the lmtp transport), but now it is the
1342 same for both kinds of LMTP.
1343
a2042e78
PH
1344PH/38 Despite being documented as not happening, Exim was rewriting addresses
1345 in header lines that were in fact CNAMEs. This is no longer the case.
1346
4fbcfc2e
PH
1347PH/39 If -R or -S was given with -q<time>, the effect of -R or -S was ignored,
1348 and queue runs started by the daemon processed all messages. This has
1349 been fixed so that -R and -S can now usefully be given with -q<time>.
1350
aa41d2de
PH
1351PH/40 Import PCRE release 6.7 (fixes some bugs).
1352
af561417
PH
1353PH/41 Add bitwise logical operations to eval (courtesy Brad Jorsch).
1354
3cc66b45
PH
1355PH/42 Give an error if -q is specified more than once.
1356
194cc0e4
PH
1357PH/43 Renamed the variables $interface_address and $interface_port as
1358 $received_ip_address and $received_port, to make it clear that these
1359 values apply to message reception, and not to the outgoing interface when
1360 a message is delivered. (The old names remain recognized, of course.)
1361
a401ddaa
PH
1362PH/44 There was no timeout on the connect() call when using a Unix domain
1363 socket in the ${readsocket expansion. There now is.
1364
4e88a19f
PH
1365PH/45 Applied a modified version of Brad Jorsch's patch to allow "message" to
1366 be meaningful with "accept".
1367
d7d7b289
SC
1368SC/01 Eximstats V1.43
1369 Bug fix for V1.42 with -h0 specified. Spotted by Chris Lear.
1370
1371SC/02 Eximstats V1.44
1372 Use a glob alias rather than an array ref in the generated
1373 parser. This improves both readability and performance.
1374
1375SC/03 Eximstats V1.45 (Marco Gaiarin / Steve Campbell)
1376 Collect SpamAssassin and rejection statistics.
1377 Don't display local sender or destination tables unless
1378 there is data to show.
1379 Added average volumes into the top table text output.
1380
1381SC/04 Eximstats V1.46
1382 Collect data on the number of addresses (recipients)
1383 as well as the number of messages.
1384
1385SC/05 Eximstats V1.47
1386 Added 'Message too big' to the list of mail rejection
1387 reasons (thanks to Marco Gaiarin).
1388
1389SC/06 Eximstats V1.48
1390 Mainlog lines which have GMT offsets and are too short to
1391 have a flag are now skipped.
1392
1393SC/07 Eximstats V1.49 (Alain Williams)
1394 Added the -emptyok flag.
1395
1396SC/08 Eximstats V1.50
1397 Fixes for obtaining the IP address from reject messages.
1398
0ea2a468
JJ
1399JJ/03 exipick.20061117.2, made header handling as similar to exim as possible
1400 (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed
1401 whitesspace changes from 4.64-PH/27
1402
1403JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to
1404 match 4.64-PH/13
1405
1406JJ/05 exipick.20061117.2, bug fixes (error out sooner when invalid criteria
1407 are found, allow negative numbers in numeric criteria)
1408
1409JJ/06 exipick.20061117.2, added new $message_body_missing variable
1410
1411JJ/07 exipick.20061117.2, added $received_ip_address and $received_port
1412 to match changes made in 4.64-PH/43
1413
8a10f5a4
PH
1414PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm.
1415
30e18802
PH
1416PH/47 Put in an explicit test for a DNS lookup of an address record where the
1417 "domain" is actually an IP address, and force a failure. This locks out
1418 those revolvers/nameservers that support "A-for-A" lookups, in
1419 contravention of the specifications.
1420
55728a4f
PH
1421PH/48 When a host name was looked up from an IP address, and the subsequent
1422 forward lookup of the name timed out, the host name was left in
1423 $sender_host_name, contrary to the specification.
d7d7b289 1424
d7837193
PH
1425PH/49 Although default lookup types such as lsearch* or cdb*@ have always been
1426 restricted to single-key lookups, Exim was not diagnosing an error if
1427 * or *@ was used with a query-style lookup.
1428
87054a31
PH
1429PH/50 Increased the value of DH_BITS in tls-gnu.c from 768 to 1024.
1430
ea2c01d2
MH
1431MH/01 local_scan ABI version incremented to 1.1. It should have been updated
1432 long ago, but noone interested enough thought of it. Let's just say that
1433 the "1.1" means that there are some new functions that weren't there at
1434 some point in the past.
1435
e4fa6968
PH
1436PH/51 Error processing for expansion failure of helo_data from an smtp
1437 transport during callout processing was broken.
1438
56f5d9bd
PH
1439PH/52 Applied John Jetmore's patch to allow tls-on-connect and STARTTLS to be
1440 tested/used via the -bh/-bhc/-bs options.
1441
922e1c28
PH
1442PH/53 Added missing "#include <time.h>" to pcre/pcretest.c (this was a PCRE
1443 bug, fixed in subsequent PCRE releases).
1444
21eb6e72
PH
1445PH/54 Applied Robert Bannocks' patch to avoid a problem with references that
1446 arises when using the Solaris LDAP libraries (but not with OpenLDAP).
1447
a0540757
PH
1448PH/55 Check for a ridiculously long file name in exim_dbmbuild.
1449
944e9e9c 1450
478be7b0
SC
1451Exim version 4.63
1452-----------------
1453
1454SC/01 Use a glob alias rather than an array ref in eximstats generated
1455 parser. This improves both readability and performance.
1456
1457SC/02 Collect SpamAssassin and rejection statistics in eximstats.
1458 Don't display local sender or destination tables in eximstats unless
1459 there is data to show.
1460 Added average volumes into the eximstats top table text output.
1461
1462SC/03 Collect data on the number of addresses (recipients) as well
1463 as the number of messages in eximstats.
1464
2b965a65
TF
1465TF/01 Correct an error in the documentation for the redirect router. Exim
1466 does (usually) call initgroups() when daemonizing.
478be7b0 1467
45b91596
PH
1468TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs
1469 with consistent privilege compared to when running as a daemon.
478be7b0 1470
c59f5781
TF
1471TF/03 Note in the spec that $authenticated_id is not set for local
1472 submissions from trusted users.
1473
90fc3069
TF
1474TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp.
1475 Thanks to Dean Brooks <dean@iglou.com> for the patch.
1476
6083aca0
TF
1477TF/05 Make it easier to get SMTP authentication and TLS/SSL support working
1478 by adding some example configuration directives to the default
1479 configuration file. A little bit of work is required to uncomment the
1480 directives and define how usernames and passwords are checked, but
1481 there is now a framework to start from.
1482
765b530f
PH
1483PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old"
1484 functions that Exim currently uses aren't defined in ldap.h for OpenLDAP
1485 without this. I don't know how relevant this is to other LDAP libraries.
1486
4e167a8c
PH
1487PH/02 Add the verb name to the "unknown ACL verb" error.
1488
4608d683
PH
1489PH/03 Magnus Holmgren's patch for filter_prepend_home.
1490
b8dc3e4a
PH
1491PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work.
1492
5418e93b
PH
1493PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home
1494 directory not expanded when it should be if an expanded home directory
1495 was set for the address (which is overridden by the transport).
1496
b4a9bda2
PH
1497PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with
1498 libradius.
1499
45b91596
PH
1500PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the
1501 bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL,
1502 because it is too late at that time, and has no effect.
1503
5547e2c5
PH
1504PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a
1505 security issue with \' (bugzilla #107). I could not use the
1506 PQescapeStringConn() function, because it needs a PGconn value as one of
1507 its arguments.
1508
dbcef0ea
PH
1509PH/08 When testing addresses using -bt, indicate those final addresses that
1510 are duplicates that would not cause an additional delivery. At least one
1511 person was confused, thinking that -bt output corresponded to deliveries.
1512 (Suppressing duplicates isn't a good idea as you lose the information
1513 about possibly different redirections that led to the duplicates.)
1514
25257489
PH
1515PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on
1516 systems where poll() doesn't work, in particular OS X.
1517
c816d124
PH
1518PH/10 Added more information to debugging output for retry time not reached.
1519
a9ccd69a
PH
1520PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read
1521 operations in malware.c.
1522
75fa1910
PH
1523PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys
1524 signatures.
1525
a7d7aa58
PH
1526PH/13 If write_rejectlog was set false when logging was sent to syslog with
1527 syslog_duplication set false, log lines that would normally be written
1528 both the the main log and to the reject log were not written to syslog at
1529 all.
1530
42119b09
PH
1531PH/14 In the default configuration, change the use of "message" in ACL warn
1532 statements to "add_header".
1533
41609df5
PH
1534PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not
1535 not followed by a command (e.g. "seen endif").
1536
a5bd321b
PH
1537PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail:
1538 and :defer: in a redirect router. Add forbid_smtp_code to suppress the
1539 latter.
1540
e85a7ad5 1541PH/17 Added extra conditions to the default value of delay_warning_condition
5dff5817
PH
1542 so that it is now:
1543
e85a7ad5
PH
1544 ${if or { \
1545 { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \
1546 { match{$h_precedence:}{(?i)bulk|list|junk} } \
1547 { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \
5dff5817
PH
1548 }{no}{yes}}
1549
e85a7ad5
PH
1550 The Auto-Submitted: and various List- headers are standardised, whereas I
1551 don't think Precedence: ever was.
5dff5817 1552
d8fe1c03
PH
1553PH/18 Refactored debugging code in route_finduser() to show more information,
1554 in particular, the error code if getpwnam() issues one.
1555
16282d2b
PH
1556PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module.
1557 This is apparently needed in addition to the PH/07 change above to avoid
1558 any possible encoding problems.
1559
35d40a98
PH
1560PH/20 Perl can change the locale. Exim was resetting it after a ${perl call,
1561 but not after initializing Perl.
1562
034d99ab
PH
1563PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and
1564 output them only if debugging. By default they are written stderr,
1565 apparently, which is not desirable.
1566
6ec97b1b
PH
1567PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on
1568 queries.
1569
e22ca4ac
JJ
1570JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and
1571 --not options
1572
1573JJ/02 exipick: rewrote --help documentation to hopefully make more clear.
1574
33d73e3b
PH
1575PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is
1576 authenticated or an ident call has been made. Suppress the default
1577 values for $authenticated_id and $authenticated_sender (but permit -oMai
1578 and -oMas) when testing with -bh.
1579
9ecb03f3
PH
1580PH/24 Re-jigged the order of the tests in the default configuration so that the
1581 tests for valid domains and recipients precede the DNS black list and CSA
1582 tests, on the grounds that those ones are more expensive.
1583
084efe8d
PH
1584PH/25 Exim was not testing for a space following SMTP commands such as EHLO
1585 that require one. Thus, EHLORHUBARB was interpreted as a valid command.
1586 This bug exists in every version of Exim that I still have, right back to
1587 0.12.
1588
366fc9f0
PH
1589PH/26 (n)wildlsearch lookups are documented as being done case-insensitively.
1590 However, an attempt to turn on case-sensitivity in a regex key by
1591 including (?-i) didn't work because the subject string was already
1592 lowercased, and the effects were non-intuitive. It turns out that a
1593 one-line patch can be used to allow (?-i) to work as expected.
1594
c59f5781 1595
c887c79e
TF
1596Exim version 4.62
1597-----------------
1598
1599TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst
1600 other effects) broke the use of negated acl sub-conditions.
1601
1cce3af8
PH
1602PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore
1603 patch).
1604
afb3eaaf
PH
1605PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow".
1606 "Deny" causes Exim to reject the incoming connection with a 554 error.
1607 Unfortunately, if there is a major crisis, such as a disk failure,
1608 tcp-wrappers gives "deny", whereas what one would like would be some
1609 kind of temporary error. A kludge has been added to help with this.
1610 Before calling hosts_ctl(), errno is set zero. If the result is "deny", a
1611 554 error is used if errno is still zero or contains ENOENT (which occurs
1612 if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a
1613 451 error is used.
1614
e173618b
PH
1615PH/03 Add -lutil to the default FreeBSD LIBS setting.
1616
dd16e114
PH
1617PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host
1618 errors. Otherwise a message that provokes a temporary error (when other
1619 messages do not) can cause a whole host to time out.
1620
f7fd3850
PH
1621PH/05 Batch deliveries by appendfile and pipe transports did not work when the
1622 addresses were routed directly to files or pipes from a redirect router.
1623 File deliveries just didn't batch; pipe deliveries might have suffered
1624 odd errors.
1625
d87df92c
PH
1626PH/06 A failure to get a lock for a hints database would erroneously always say
1627 "Failed to get write lock", even when it was really a read lock.
1628
7e9f683d
PH
1629PH/07 The appendfile transport was creating MBX lock files with a fixed mode
1630 of 0600. This has been changed to use the value of the lockfile_mode
1631 option (which defaults to 0600).
1632
bfad5236
PH
1633PH/08 Applied small patch from the Sieve maintainer.
1634
01c490df
PH
1635PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash
1636 folder from quota calculations, a direct delivery into this folder messed
1637 up the contents of the maildirsize file. This was because the regex was
1638 used only to exclude .Trash (or whatever) when the size of the mailbox
1639 was calculated. There was no check that a delivery was happening into an
1640 excluded directory. This bug has been fixed by ignoring all quota
1641 processing for deliveries into excluded directories.
1642
d6629cdc
PH
1643PH/10 Added the maildirfolder_create_regex option to appendfile.
1644
1cce3af8 1645
214e2000
PH
1646Exim version 4.61
1647-----------------
1648
1649PH/01 The code for finding all the local interface addresses on a FreeBSD
1650 system running IPv6 was broken. This may well have applied to all BSD
1651 systems, as well as to others that have similar system calls. The broken
1652 code found IPv4 interfaces correctly, but gave incorrect values for the
1653 IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was
1654 that it would not match correctly against @[] and not recognize the IPv6
1655 addresses as local.
1656
f9daeae0
PH
1657PH/02 The ipliteral router was not recognizing addresses of the form user@
1658 [ipv6:....] because it didn't know about the "ipv6:" prefix.
1659
7e66e54d
PH
1660PH/03 Added disable_ipv6.
1661
c8ea1597
PH
1662PH/04 Changed $reply_address to use the raw form of the headers instead of the
1663 decoded form, because it is most often used to construct To: headers
1664 lines in autoreplies, and the decoded form may well be syntactically
1665 invalid. However, $reply_address has leading white space removed, and all
1666 newlines turned into spaces so that the autoreply transport does not
1667 grumble.
1668
911f6fde
PH
1669PH/05 If group was specified without a user on a router, and no group or user
1670 was specified on a transport, the group from the router was ignored.
1671
47ca6d6c
PH
1672PH/06 Increased the number of ACL variables to 20 of each type, and arranged
1673 for visible compile-time settings that can be used to change these
1674 numbers, for those that want even more. Backwards compatibility with old
1675 spool files has been maintained. However, going back to a previous Exim
1676 release will lost any variables that are in spool files.
1677
ed0e9820
PH
1678PH/07 Two small changes when running in the test harness: increase delay when
1679 passing a TCP/IP connection to a new process, in case the original
1680 process has to generate a bounce, and remove special handling of
1681 127.0.0.2 (sic), which is no longer necessary.
1682
eff37e47
PH
1683PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to
1684 be the same on different OS.
1685
1921d2ea
PH
1686PH/09 Moved a debug statement in filter processing to avoid a race problem when
1687 testing.
1688
b3f69ca8
JJ
1689JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:"
1690 whether --show-vars was specified or not
1691
1692JJ/02 exipick: Added support for new ACL variable spool format introduced
1693 in 4.61-PH/06
1694
424a1c63
PH
1695PH/10 Fixed another bug related to PH/04 above: if an incoming message had a
1696 syntactically invalid From: or Reply-to: line, and a filter used this to
1697 generate an autoreply, and therefore failed to obtain an address for the
1698 autoreply, Exim could try to deliver to a non-existent relative file
1699 name, causing unrelated and misleading errors. What now happens is that
1700 it logs this as a hard delivery error, but does not attempt to create a
1701 bounce message.
1702
7a100415
PH
1703PH/11 The exinext utility has a -C option for testing purposes, but although
1704 the given file was scanned by exinext itself; it wasn't being passed on
1705 when Exim was called.
1706
19b9dc85
PH
1707PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as
1708 an end-of-file indication when reading a command response.
1709
309bd837
PH
1710PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was
1711 compiled. In many other places in Exim, IPv6 addresses are always
1712 recognized, so I have changed this. It also means that IPv4 domain
1713 literals of the form [IPV4:n.n.n.n] are now always recognized.
1714
59e82a2a
PH
1715PH/14 When a uid/gid is specified for the queryprogram router, it cannot be
1716 used if the router is not running as root, for example, when verifying at
1717 ACL time, or when using -bh. The debugging output from this situation was
1718 non-existent - all you got was a failure to exec. I have made two
1719 changes:
1720
1721 (a) Failures to set uid/gid, the current directory, or a process leader
1722 in a subprocess such as that created by queryprogram now generate
1723 suitable debugging ouput when -d is set.
1724
1725 (b) The queryprogram router detects when it is not running as root,
1726 outputs suitable debugging information if -d is set, and then runs
1727 the subprocess without attempting to change uid/gid.
1728
9edc04ce
PH
1729PH/15 Minor change to Makefile for building test_host (undocumented testing
1730 feature).
1731
1349e1e5
PH
1732PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the
1733 additional section of a DNS packet that returns MX or SRV records.
1734 Instead, it always explicitly searches for A/AAAA records. This avoids
1735 major problems that occur when a DNS server includes only records of one
1736 type (A or AAAA) in an MX/SRV packet. A byproduct of this change has
1737 fixed another bug: if SRV records were looked up and the corresponding
1738 address records were *not* found in the additional section, the port
1739 values from the SRV records were lost.
1740
ea49d0e1
PH
1741PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not
1742 using the correct key (the original address) when searching the retry
1743 rules in order to find which one to use for generating the retry hint.
1744
064a94c9
PH
1745PH/18 If quota_warn_message contains a From: header, Exim now refrains from
1746 adding the default one. Similarly, if it contains a Reply-To: header, the
1747 errors_reply_to option, if set, is not used.
1748
727071f8
PH
1749PH/19 When calculating a retry time, Exim used to measure the "time since
1750 failure" by looking at the "first failed" field in the retry record. Now
1751 it does not use this if it is later than than the arrival time of the
1752 message. Instead it uses the arrival time. This makes for better
1753 behaviour in cases where some deliveries succeed, thus re-setting the
1754 "first failed" field. An example is a quota failure for a huge message
1755 when small messages continue to be delivered. Without this change, the
1756 "time since failure" will always be short, possible causing more frequent
1757 delivery attempts for the huge message than are intended.
dd16e114 1758 [Note: This change was subsequently modified - see PH/04 for 4.62.]
727071f8 1759
f78eb7c6
PH
1760PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
1761 $1, $2, $3) because the numerical variables can be reset during some
1762 expansion items (e.g. "match"), thereby losing the authentication data.
1763
21c28500
PH
1764PH/21 Make -bV show the size of off_t variables so that the test suite can
1765 decide whether to run tests for quotas > 2G.
1766
1767PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold,
1768 mailbox_size, and mailbox_filecount in the appendfile transport. If a
1769 filecount value is greater than 2G or if a quota value is greater than 2G
1770 on a system where the size of off_t is not greater than 4, a panic error
1771 is given.
1772
1688f43b
PH
1773PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
1774 never match. The debug and -bh output now contains an explicit error
1775 message indicating a malformed IPv4 address or mask.
1776
1777PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
1778 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
1779 PH/23 above applies.
1780
9675b384
PH
1781PH/25 Do not write to syslog when running in the test harness. The only
1782 occasion when this arises is a failure to open the main or panic logs
1783 (for which there is an explicit test).
1784
6a3f1455
PH
1785PH/26 Added the /no_tell option to "control=freeze".
1786
dac79d3e
PH
1787PH/27 If a host name lookup failed very early in a connection, for example, if
1788 the IP address matched host_lookup and the reverse lookup yielded a name
1789 that did not have a forward lookup, an error message of the form "no IP
1790 address found for host xxx.xxx.xxx (during SMTP connection from NULL)"
1791 could be logged. Now it outputs the IP address instead of "NULL".
1349e1e5 1792
5977a0b3
PH
1793PH/28 An enabling patch from MH: add new function child_open_exim2() which
1794 allows the sender and the authenticated sender to be set when
1795 submitting a message from within Exim. Since child_open_exim() is
1796 documented for local_scan(), the new function should be too.
1797
c91535f3
PH
1798PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
1799 ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
1800 results in an empty string is now treated as unset.
1801
0d46a8c8
PH
1802PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
1803
278c6e6c
PH
1804PH/31 Added sender_verify_fail logging option.
1805
2cbb4081
PH
1806PH/32 In November 2003, the code in Exim that added an empty Bcc: header when
1807 needed by RFC 822 but not by RFC 2822 was commented out. I have now
1808 tidied the source and removed it altogether.
1809
3eef829e
PH
1810PH/33 When a queue run was abandoned because the load average was too high, a
1811 log line was always written; now it is written only if the queue_run log
1812 selector is set. In addition, the log line for abandonment now contains
1813 information about the queue run such as the pid. This is always present
1814 in "start" and "stop" lines but was omitted from the "abandon" line.
1815
1ab95fa6
PH
1816PH/34 Omit spaces between a header name and the colon in the error message that
1817 is given when verify = headers_syntax fails (if there are lots of them,
1818 the message gets confusing).
1819
230205fc
PH
1820PH/35 Change the default for dns_check_names_pattern to allow slashes within
1821 names, as there are now some PTR records that contain slashes. This check
1822 is only to protect against broken name servers that fall over on strange
1823 characters, so the fact that it applies to all lookups doesn't matter.
1824
75e0e026
PH
1825PH/36 Now that the new test suite is complete, we can remove some of the
1826 special code in Exim that was needed for the old test suite. For example,
1827 sorting DNS records because real resolvers return them in an arbitrary
1828 order. The new test suite's fake resolver always returns records in the
1829 same order.
1830
1831PH/37 When running in the test harness, use -odi for submitted messages (e.g.
1832 bounces) except when queue_only is set, to avoid logging races between
1833 the different processes.
1834
145396a6
PH
1835PH/38 Panic-die if .include specifies a non-absolute path.
1836
3cd34f13
PH
1837PH/39 A tweak to the "H" retry rule from its user.
1838
11121d3d
JJ
1839JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified
1840 a label. They prevented compilation on older perls.
1841
1842JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused
1843 a warning to be raised on newish perls.
1844
1845JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages
1846 on queue. Changes to match documented behaviour of showing count of
1847 messages matching specified criteria.
1848
8def5aaf
PH
1849PH/40 Changed the default ident timeout from 30s to 5s.
1850
929ba01c
PH
1851PH/41 Added support for the use of login_cap features, on those BSD systems
1852 that have them, for controlling the resources used by pipe deliveries.
1853
2632889e
PH
1854PH/42 The content-scanning code uses fopen() to create files in which to put
1855 message data. Previously it was not paying any attention to the mode of
1856 the files. Exim runs with umask(0) because the rest of the code creates
1857 files with open(), and sets the required mode explicitly. Thus, these
1858 files were ending up world-writeable. This was not a big issue, because,
1859 being within the spool directory, they were not world-accessible. I have
1860 created a function called modefopen, which takes an additional mode
1861 argument. It sets umask(777), creates the file, chmods it to the required
1862 mode, then resets the umask. All the relevant calls to fopen() in the
1863 content scanning code have been changed to use this function.
1864
944a9c55
PH
1865PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset
1866 to 24 hours. This avoids potential overflow problems when processing G
1867 and H retry rules. I suspect nobody ever tinkers with this value.
1868
4a23603b
PH
1869PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile.
1870
4730f942
PH
1871PH/45 When the plaintext authenticator is running as a client, the server's
1872 challenges are checked to ensure they are valid base64 strings. By
1873 default, the authentication attempt is cancelled if an invalid string is
1874 received. Setting client_ignore_invalid_base64 true ignores these errors.
1875 The decoded challenge strings are now placed in $auth1, $auth2, etc. as
1876 they are received. Thus, the responses can be made to depend on the
1877 challenges. If an invalid string is ignored, an empty string is placed in
1878 the variable.
1879
30dba1e6
PH
1880PH/46 Messages that are created by the autoreply transport now contains a
1881 References: header, in accordance with RFCs 2822 and 3834.
1882
382afc6b
PH
1883PH/47 Added authenticated_sender_force to the smtp transport.
1884
a86229cf
PH
1885PH/48 The ${prvs expansion was broken on systems where time_t was long long.
1886
50c99ba6
PH
1887PH/49 Installed latest patch from the Sieve maintainer.
1888
d35e429d
PH
1889PH/50 When an Exim quota was set without a file count quota, and mailbox_size
1890 was also set, the appendfile transport was unnecessarily scanning a
1891 directory of message files (e.g. for maildir delivery) to find the count
1892 of files (along with the size), even though it did not need this
1893 information. It now does the scan only if it needs to find either the
1894 size of the count of files.
1895
f90d018c
PH
1896PH/51 Added ${time_eval: to convert Exim time strings into seconds.
1897
75def545
PH
1898PH/52 Two bugs concerned with error handling when the smtp transport is
1899 used in LMTP mode:
1900
1901 (i) Exim was not creating retry information for temporary errors given
1902 for individual recipients after the DATA command when the smtp transport
1903 was used in LMTP mode. This meant that they could be retried too
1904 frequently, and not timed out correctly.
1905
1906 (ii) Exim was setting the flag that allows error details to be returned
1907 for LMTP errors on RCPT commands, but not for LMTP errors for individual
1908 recipients that were returned after the DATA command.
1909
1910PH/53 This is related to PH/52, but is more general: for any failing address,
1911 when detailed error information was permitted to be returned to the
1912 sender, but the error was temporary, then after the final timeout, only
1913 "retry timeout exceeded" was returned. Now it returns the full error as
1914 well as "retry timeout exceeded".
1915
c46782ef
PH
1916PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that
1917 do this, and (what is worse) MTAs that accept it.
1918
71fafd95
PH
1919PH/55 Added the add_header modified to ACLs. The use of "message" with "warn"
1920 will now be deprecated.
1921
2c5db4fd
PH
1922PH/56 New os.c-cygwin from the Cygwin maintainer.
1923
9cf6b11a
JJ
1924JJ/06 exipick: added --unsorted option to allow unsorted output in all output
1925 formats (previously only available in exim formats via -bpr, -bpru,
1926 and -bpra. Now also available in native and exiqgrep formats)
1927
1928JJ/07 exipick: added --freeze and --thaw options to allow faster interaction
1929 with very large, slow to parse queues
1930
1931JJ/08 exipick: added ! as generic prefix to negate any criteria format
1932
1933JJ/09 exipick: miscellaneous performance enhancements (~24% improvements)
1934
898d150f
PH
1935PH/57 Tidies in SMTP dialogue display in debug output: (i) It was not showing
1936 responses to authentication challenges, though it was showing the
1937 challenges; (ii) I've removed the CR characters from the debug output for
1938 SMTP output lines.
1939
46218253
PH
1940PH/58 Allow for the insertion of a newline as well as a space when a string
1941 is turned into more than one encoded-word during RFC 2047 encoding. The
1942 Sieve code now uses this.
1943
e97957bc
PH
1944PH/59 Added the following errors that can be detected in retry rules: mail_4xx,
1945 data_4xx, lost_connection, tls_required.
1946
81e509d7
PH
1947PH/60 When a VRFY deferred or FAILED, the log message rather than the user
1948 message was being sent as an SMTP response.
1949
3d240ff7
PH
1950PH/61 Add -l and -k options to exicyclog.
1951
b37c4101
PH
1952PH/62 When verifying, if an address was redirected to one new address, so that
1953 verification continued, and the new address failed or deferred after
1954 having set something in $address_data, the value of $address_data was not
1955 passed back to the ACL. This was different to the case when no
1956 redirection occurred. The value is now passed back in both cases.
1957
79378e0f
PH
1958PH/63 Changed the macro HAVE_LOGIN_CAP (see PH/41 for this release above) to
1959 HAVE_SETCLASSRESOURCES because there are different APIs in use that all
1960 use login_cap.h, so on its own it isn't the distinguishing feature. The
1961 new name refers directly to the setclassresources() function.
1962
e49c7bb4
PH
1963PH/65 Added configuration files for NetBSD3.
1964
d114ec46
PH
1965PH/66 Updated OS/Makefile-HP-UX for gcc 4.1.0 with HP-UX 11.
1966
f3d7df6c
PH
1967PH/67 Fixed minor infelicity in the sorting of addresses to ensure that IPv6
1968 is preferred over IPv4.
1969
715ab376
PH
1970PH/68 The bounce_return_message and bounce_return_body options were not being
1971 honoured for bounces generated during the reception of non-SMTP messages.
1972 In particular, this applied to messages rejected by the ACL. This bug has
1973 been fixed. However, if bounce_return_message is true and bounce_return_
1974 body is false, the headers that are returned for a non-SMTP message
1975 include only those that have been read before the error was detected.
1976 (In the case of an ACL rejection, they have all been read.)
1977
6b31b150
PH
1978PH/69 The HTML version of the specification is now built in a directory called
1979 spec_html instead of spec.html, because the latter looks like a path with
1980 a MIME-type, and this confuses some software.
1981
1982PH/70 Catch two compiler warnings in sieve.c.
1983
d515a917
PH
1984PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The
1985 function verify_get_ident() calls ip_connect() to connect a socket, but
1986 if the "connect()" function timed out, ip_connect() used to close the
1987 socket. However, verify_get_ident() also closes the socket later, and in
1988 between Exim writes to the log, which may get opened at this point. When
1989 the socket was closed in ip_connect(), the log could get the same file
1990 descriptor number as the socket. This naturally causes chaos. The fix is
1991 not to close the socket in ip_connect(); the socket should be closed by
1992 the function that creates it. There was only one place in the code where
1993 this was missing, in the iplookup router, which I don't think anybody now
1994 uses, but I've fixed it anyway.
1995
9b8fadde
PH
1996PH/72 Make dns_again_means_nonexist apply to lookups using gethostbyname() as
1997 well as to direct DNS lookups. Otherwise the handling of names in host
1998 lists is inconsistent and therefore confusing.
1999
214e2000 2000
5de37277
PH
2001Exim version 4.60
2002-----------------
2003
cc38ddbf
PH
2004PH/01 Two changes to the default runtime configuration:
2005
2006 (1) Move the checks for relay_from_hosts and authenticated clients from
2007 after to before the (commented out) DNS black list checks.
2008
2009 (2) Add control=submission to the relay_from_hosts and authenticated
2010 clients checks, on the grounds that messages accepted by these
2011 statements are most likely to be submissions.
5de37277 2012
72fdd6ae
PH
2013PH/02 Several tidies to the handling of ${prvs and ${prvscheck:
2014
2015 (1) Generate an error if the third argument for the ${prvs expansion is
2016 not a single digit.
2017
2018 (2) Treat a missing third argument of ${prvscheck as if it were an empty
2019 string.
2020
2021 (3) Reset the variables that are obtained from the first argument of
2022 ${prvscheck and used in the second argument before leaving the code,
2023 because their memory is reclaimed, so using them afterwards may do
2024 silly things.
2025
2026 (4) Tidy up the code for expanding the arguments of ${prvscheck one by
2027 one (it's much easier than Tom thought :-).
2028
2029 (5) Because of (4), we can now allow for the use of $prvscheck_result
2030 inside the third argument.
cb9328de 2031
cb741023
PH
2032PH/03 For some reason, the default setting of PATH when running a command from
2033 a pipe transport was just "/usr/bin". I have changed it to
2034 "/bin:/usr/bin".
2035
f174f16e
PH
2036PH/04 SUPPORT_TRANSLATE_IP_ADDRESS and MOVE_FROZEN_MESSAGES did not cause
2037 anything to be listed in the output from -bV.
b2f5a032 2038
c25242d7
PH
2039PH/05 When a filter generated an autoreply, the entire To: header line was
2040 quoted in the delivery log line, like this:
2041
2042 => >A.N.Other <ano@some.domain> <original@ddress> ...
2043
2044 This has been changed so that it extracts the operative address. There
2045 may be more than one such address. If so, they are comma-separated, like
2046 this:
2047
2048 => >ano@some.domain,ona@other.domain <original@ddress> ...
2049
82c19f95
PH
2050PH/06 When a client host used a correct literal IP address in a HELO or EHLO
2051 command, (for example, EHLO [1.2.3.4]) and the client's IP address was
2052 not being looked up in the rDNS to get a host name, Exim was showing the
2053 IP address twice in Received: lines, even though the IP addresses were
2054 identical. For example:
2055
2056 Received: from [1.2.3.4] (helo=[1.2.3.4])
2057
2058 However, if the real host name was known, it was omitting the HELO data
2059 if it matched the actual IP address. This has been tidied up so that it
2060 doesn't show the same IP address twice.
2061
d7ffbc12
PH
2062PH/07 When both +timestamp and +memory debugging was on, the value given by
2063 $tod_xxx expansions could be wrong, because the tod_stamp() function was
2064 called by the debug printing, thereby overwriting the timestamp buffer.
2065 Debugging no longer uses the tod_stamp() function when +timestamp is set.
2066
9f526266
PH
2067PH/08 When the original message was included in an autoreply transport, it
2068 always said "this is a copy of the message, including all the headers",
2069 even if body_only or headers_only was set. It now gives an appropriate
2070 message.
2071
87fcc8b9
PH
2072PH/09 Applied a patch from the Sieve maintainer which:
2073
2074 o fixes some comments
2075 o adds the (disabled) notify extension core
2076 o adds some debug output for the result of if/elsif tests
2077 o points to the current vacation draft in the documentation
2078 and documents the missing references header update
2079
2080 and most important:
2081
2082 o fixes a bug in processing the envelope test (when testing
2083 multiple envelope elements, the last element determinted the
2084 result)
2085
456682f5
PH
2086PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to
2087 Electronic Mail") by including:
2088
2089 Auto-submitted: auto-generated
2090
2091 in the messages that it generates (bounce messages and others, such as
2092 warnings). In the case of bounce messages for non-SMTP mesages, there was
2093 also a typo: it was using "Auto_submitted" (underscore instead of
2094 hyphen). Since every message generated by Exim is necessarily in response
2095 to another message, thes have all been changed to:
2096
2097 Auto-Submitted: auto-replied
2098
2099 in accordance with these statements in the RFC:
2100
2101 The auto-replied keyword:
2102
2103 - SHOULD be used on messages sent in direct response to another
2104 message by an automatic process,
2105
2106 - MUST NOT be used on manually-generated messages,
2107
2108 - MAY be used on Delivery Status Notifications (DSNs) and Message
2109 Disposition Notifications (MDNs),
2110
2111 - MUST NOT be used on messages generated by automatic or periodic
2112 processes, except for messages which are automatic responses to
2113 other messages.
2114
3e46c1aa
PH
2115PH/11 Added "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
2116 to the default Received: header definition.
456682f5 2117
49826d12
PH
2118PH/12 Added log selector acl_warn_skipped (default on).
2119
eba0c039
PH
2120PH/13 After a successful wildlsearch lookup, discard the values of numeric
2121 variables because (a) they are in the wrong storage pool and (b) even if
2122 they were copied, it wouldn't work properly because of the caching.
2123
a0d6ba8a
PH
2124PH/14 Add check_rfc2047_length to disable enforcement of RFC 2047 length
2125 checking when decoding. Apparently there are clients that generate
2126 overlong encoded strings. Why am I not surprised?
2127
f0917727
PH
2128PH/15 If the first argument of "${if match_address" was not empty, but did not
2129 contain an "@" character, Exim crashed. Now it writes a panic log message
2130 and treats the condition as false.
2131
096fee00
PH
2132PH/16 In autoreply, treat an empty string for "once" the same as unset.
2133
024bd3c2
PH
2134PH/17 A further patch from the Sieve maintainer: "Introduce the new Sieve
2135 extension "envelope-auth". The code is finished and in agreement with
2136 other implementations, but there is no documentation so far and in fact,
2137 nobody wrote the draft yet. This extension is currently #undef'ed, thus
2138 not changing the active code.
2139
2140 Print executed "if" and "elsif" statements when debugging is used. This
2141 helps a great deal to understand what a filter does.
2142
2143 Document more things not specified clearly in RFC3028. I had all this
2144 sorted out, when out of a sudden new issues came to my mind. Oops."
2145
df199fec
PH
2146PH/18 Exim was not recognizing the "net-" search type prefix in match_ip lists
2147 (Bugzilla #53).
2148
d27f1df3
PH
2149PH/19 Exim expands the IPv6 address given to -bh to its full non-abbreviated
2150 canonical form (as documented). However, after a host name lookup from
2151 the IP address, check_host() was doing a simple string comparison with
2152 addresses acquired from the DNS when checking that the found name did
2153 have the original IP as one of its addresses. Since any found IPv6
2154 addresses are likely to be in abbreviated form, the comparison could
2155 fail. Luckily, there already exists a function for doing the comparison
2156 by converting both addresses to binary, so now that is used instead of
2157 the text comparison.
2158
96776534
PH
2159PH/20 There was another similar case to PH/19, when a complete host name was
2160 given in a host list; looking up its IP address could give an abbreviated
2161 form, whereas the current host's name might or might not be abbreviated.
2162 The same fix has been applied.
2163
5de37277 2164
9a799bc0
PH
2165Exim version 4.54
2166-----------------
2167
2168PH/01 The ${base62: operator adjusted itself to base 36 when BASE_62 was
2169 set to 36 (for Darwin and Cygwin), but the ${base62d: operator did not.
2170 It now does.
2171
99a4b039
PH
2172PH/02 Two minor problems detected in Cygwin: the os.{c,h} files had lost */ on
2173 the CVS lines, and there was a missing #if HAVE_IPV6 in host.c.
2174
2175PH/03 Typo: missing ".o" in src/pcre/Makefile.
2176
4b233853
PH
2177PH/04 Tighten up "personal" tests: Instead of testing for any "List-"
2178 header line, restrict the check to what is listed in RFCs 2369 and 2929.
2179 Also, for "Auto-Submitted", treat anything other than "no" as
2180 non-personal, in accordance with RFC 3834. (Previously it treated
2181 anything starting "auto-" as non-personal.)
2182
8857ccfd
PH
2183TF/01 The control=submission/name=... option had a problem with syntax
2184 errors if the name included a slash character. The /name= option
2185 now slurps the rest of the string, so it can include any characters
2186 but it must come last in the list of options (after /sender_retain
2187 or /domain=).
2188
433a2980
PH
2189PH/05 Some modifications to the interface to the fake nameserver for the new
2190 testing suite.
2191
3e46c1aa 2192
9a799bc0 2193
e3a311ba
TK
2194Exim version 4.53
2195-----------------
2196
2197TK/01 Added the "success_on_redirect" address verification option. See
2198 NewStuff for rationale and an example.
2199
13b685f9
PH
2200PH/01 Added support for SQLite, basic code supplied by David Woodhouse.
2201
395ff96d
PH
2202PH/02 Patch to exigrep to allow it to work on syslog lines.
2203
5b68f6e4
PH
2204PH/03 When creating an mbox file for a virus/spam scan, use fseek() instead of
2205 fread() to skip over the body file's header line, because in Cygwin the
2206 header line is locked and is inaccessible.
2207
1ab52c69
PH
2208PH/04 Added $message_exim_id, ultimately to replace $message_id (they will both
2209 co-exist for some time) to make it clear that it is the Exim ID that is
2210 referenced, not the Message-ID: header line.
2211
b07e6aa3
PH
2212PH/05 Replaced all Tom's calls to snprintf() with calls to the internal
2213 string_format() function, because snprintf() does not exist on all
2214 operating systems.
2215
254e032f
PH
2216PH/06 The use of forbid_filter_existstest now also locks out the use of the
2217 ${stat: expansion item.
2218
3af76a81
PH
2219PH/07 Changed "SMTP protocol violation: synchronization error" into "SMTP
2220 protocol synchronization error", to keep the pedants happy.
2221
2548ba04
PH
2222PH/08 Arrange for USE_INET_NTOA_FIX to be set in config.h for AIX systems as
2223 well as for IRIX systems, when gcc is being used. See the host.c source
2224 file for comments.
2225
b6c6011d
PH
2226PH/09 Installed latest Cygwin configuration files from the Cygwin maintainer.
2227
cf39cf57
PH
2228PH/10 Named domain lists were not working if used in a queue_smtp_domains
2229 setting.
2230
f1513293
PH
2231PH/11 Added support for the IGNOREQUOTA extension to LMTP, both to the lmtp
2232 transport and to the smtp transport in LMTP mode.
2233
727549a4
PH
2234TK/02 Remove one case of BASE64 error detection FTTB (undocumented anyway).
2235
af46795e
PH
2236PH/12 There was a missing call to search_tidyup() before the fork() in rda.c to
2237 run a filter in a subprocess. This could lead to confusion in subsequent
2238 lookups in the parent process. There should also be a search_tidyup() at
2239 the end of the subprocess.
2240
d7b47fd0
PH
2241PH/13 Previously, if "verify = helo" was set in an ACL, the condition was true
2242 only if the host matched helo_try_verify_hosts, which caused the
2243 verification to occur when the EHLO/HELO command was issued. The ACL just
2244 tested the remembered result. Now, if a previous verification attempt has
2245 not happened, "verify = helo" does it there and then.
2246
ee744174
JJ
2247JJ/01 exipick: added $message_exim_id variable (see 4.53-PH/04)
2248
b582ab87
PH
2249TK/03 Fix log output including CR from clamd.
2250
41a13e0a
PH
2251PH/14 A reference to $reply_address when Reply-to: was empty and From: did not
2252 exist provoked a memory error which could cause a segfault.
2253
f625cc5a
PH
2254PH/15 Installed PCRE 6.2
2255
2256PH/17 Defined BIND_8_COMPAT in the Darwin os.h file.
2257
21f7af35
PH
2258PH/18 Reversed 4.52/PH/17 because the HP-UX user found it wasn't the cause
2259 of the problem. Specifically, suggested +O2 rather than +O1 for the
2260 HP-UX compiler.
2261
31480e42
PH
2262PH/19 Added sqlite_lock_timeout option (David Woodhouse's patch).
2263
2d280592
PH
2264PH/20 If a delivery was routed to a non-standard port by means of an SRV
2265 record, the port was not correctly logged when the outgoing_port log
2266 selector was set (it logged the transort's default port).
2267
7cd1141b
PH
2268PH/21 Added support for host-specific ports to manualroute, queryprogram,
2269 fallback_hosts, and "hosts" in the smtp transport.
2270
2271PH/22 If the log selector "outgoing_port" is set, the port is now also given on
2272 host errors such as "Connection refused".
2273
750af86e
PH
2274PH/23 Applied a patch to fix problems with exim-4.52 while doing radius
2275 authentication with radiusclient 0.4.9:
2276
2277 - Error returned from rc_read_config was caught wrongly
2278 - Username/password not passed on to radius server due to wrong length.
2279
2280 The presumption is that some radiusclient API changes for 4.51/PH/17
2281 were not taken care of correctly. The code is still untested by me (my
2282 Linux distribution still has 0.3.2 of radiusclient), but it was
2283 contributed by a Radius user.
2284
2285PH/24 When doing a callout, the value of $domain wasn't set correctly when
2286 expanding the "port" option of the smtp transport.
2287
4304270b
TK
2288TK/04 MIME ACL: Fix buffer underrun that occurs when EOF condition is met
2289 while reading a MIME header. Thanks to Tom Hughes for a patch.
2290
750af86e
PH
2291PH/24 Include config.h inside local_scan.h so that configuration settings are
2292 available.
2293
64ffc24f
PH
2294PH/25 Make $smtp_command_argument available after all SMTP commands. This means
2295 that in an ACL for RCPT (for example), you can examine exactly what was
2296 received.
2297
5dd9625b
PH
2298PH/26 Exim was recognizing IPv6 addresses of the form [IPv6:....] in EHLO
2299 commands, but it was not correctly comparing the address with the actual
2300 client host address. Thus, it would show the EHLO address in Received:
2301 header lines when this was not necessary.
2302
5591031b
PH
2303PH/27 Added the % operator to ${eval:}.
2304
ba18e66a
PH
2305PH/28 Exim tries to create and chdir to its spool directory when it starts;
2306 it should be ignoring failures (because with -C, for example, it has lost
2307 privilege). It wasn't ignoring creation failures other than "already
2308 exists".
2309
9cec981f
PH
2310PH/29 Added "crypteq" to the list of supported features that Exim outputs when
2311 -bV or -d is used.
2312
aa2b5c79
PH
2313PH/30 Fixed (presumably very longstanding) bug in exim_dbmbuild: if it failed
2314 because an input line was too long, either on its own, or by virtue of
1509d3a8
PH
2315 too many continuations, the temporary file was not being removed, and the
2316 return code was incorrect.
aa2b5c79 2317
48a53b7f
PH
2318PH/31 Missing "BOOL" in function definition in filtertest.c.
2319
1c59d63b
PH
2320PH/32 Applied Sieve patches from the maintainer.
2321
671012da
TK
2322TK/05 Domainkeys: Accomodate for a minor API change in libdomainkeys 0.67.
2323
1509d3a8
PH
2324PH/33 Added "verify = not_blind".
2325
2326PH/34 There are settings for CHOWN_COMMAND and MV_COMMAND that can be used in
2327 Local/Makefile (with some defaults set). These are used in built scripts
2328 such as exicyclog, but they have never been used in the exim_install
2329 script (though there are many overriding facilities there). I have
2330 arranged that the exim_install script now takes note of these two
2331 settings.
2332
2333PH/35 Installed configuration files for Dragonfly.
2334
2fe1a124
PH
2335PH/36 When a locally submitted message by a trusted user did not contain a
2336 From: header, and the sender address was obtained from -f or from an SMTP
2337 MAIL command, and the trusted user did not use -F to supply a sender
2338 name, $originator_name was incorrectly used when constructing a From:
2339 header. Furthermore, $originator_name was used for submission mode
2340 messages from external hosts without From: headers in a similar way,
2341 which is clearly wrong.
2342
8800895a
PH
2343PH/37 Added control=suppress_local_fixups.
2344
ccfdb010
PH
2345PH/38 When log_selector = +received_sender was set, and the addition of the
2346 sender made the log line's construction buffer exactly full, or one byte
2347 less than full, an overflow happened when the terminating "\n" was
2348 subsequently added.
2349
1130bfb0
PH
2350PH/39 Added a new log selector, "unknown_in_list", which provokes a log entry
2351 when the result of a list match is failure because a DNS lookup failed.
2352
ebcb507f
PH
2353PH/40 RM_COMMAND is now used in the building process.
2354
c35e155c
PH
2355PH/41 Added a "distclean" target to the top-level Makefile; it deletes all
2356 the "build-* directories that it finds.
2357
95d1f782
PH
2358PH/42 (But a TF fix): In a domain list, Exim incorrectly matched @[] if the IP
2359 address in a domain literal was a prefix of an interface address.
2360
fd6de02e
PH
2361PH/43 (Again a TF fix): In the dnslookup router, do not apply widen_domains
2362 when verifying a sender address, unless rewrite_headers is false.
2363
58de37c5
PH
2364PH/44 Wrote a long comment about why errors_to addresses are verified as
2365 recipients, not senders.
2366
261cf466
TF
2367TF/01 Add missing LIBS=-lm to OS/Makefile-OpenBSD which was overlooked when
2368 the ratelimit ACL was added.
2369
3ee512ff
PH
2370PH/45 Added $smtp_command for the full command (cf $smtp_command_argument).
2371
e08c430f
PH
2372PH/46 Added extra information about PostgreSQL errors to the error string.
2373
bef5a11f
PH
2374PH/47 Added an interface to a fake DNS resolver for use by the new test suite,
2375 avoiding the need to install special zones in a real server. This is
2376 backwards compatible; if it can't find the fake resolver, it drops back.
2377 Thus, both old and new test suites can be run.
2378
7546de58
TF
2379TF/02 Added util/ratelimit.pl
2380
e5d5a95f
TF
2381TF/03 Minor fix to the ratelimit code to improve its behaviour in case the
2382 clock is set back in time.
2383
2e88a017
TF
2384TF/04 Fix the ratelimit support in exim_fixdb. Patch provided by Brian
2385 Candler <B.Candler@pobox.com>.
2386
a5f65aa4
TF
2387TF/05 The fix for PH/43 was not completely correct; widen_domains is always
2388 OK for addresses that are the result of redirections.
2389
e7726cbf
PH
2390PH/48 A number of further additions for the benefit of the new test suite,
2391 including a fake gethostbyname() that interfaces to the fake DNS resolver
2392 (see PH/47 above).
2393
a7fdad5b
TF
2394TF/06 The fix for widen_domains has also been applied to qualify_single and
2395 search_parents which are the other dnslookup options that can cause
2396 header rewrites.
2397
6af56900
PH
2398PH/49 Michael Haardt's randomized retrying, but as a separate retry parameter
2399 type ("H").
2400
0925ede6
PH
2401PH/50 Make never_users, trusted_users, admin_groups, trusted_groups expandable.
2402
66afa403
TF
2403TF/07 Exim produced the error message "an SRV record indicated no SMTP
2404 service" if it encountered an MX record with an empty target hostname.
2405 The message is now "an MX or SRV record indicated no SMTP service".
2406
0154e85a
TF
2407TF/08 Change PH/13 introduced the possibility that verify=helo may defer,
2408 if the DNS of the sending site is misconfigured. This is quite a
2409 common situation. This change restores the behaviour of treating a
2410 helo verification defer as a failure.
2411
16f12c76
PH
2412PH/51 If self=fail was set on a router, the bounce message did not include the
2413 actual error message.
2414
bbe902f0 2415
e5a9dba6
PH
2416Exim version 4.52
2417-----------------
2418
2419TF/01 Added support for Client SMTP Authorization. See NewStuff for details.
2420
22c3b60b
PH
2421PH/01 When a transport filter timed out in a pipe delivery, and the pipe
2422 command itself ended in error, the underlying message about the transport
2423 filter timeout was being overwritten with the pipe command error. Now the
2424 underlying error message should be appended to the second error message.
2425
06a9b4b5
PH
2426TK/01 Fix poll() being unavailable on Mac OSX 10.2.
2427
c1ac6996
PH
2428PH/02 Reduce the amount of output that "make" produces by default. Full output
2429 can still be requested.
2430
9c7a242c
PH
2431PH/03 The warning log line about a condition test deferring for a "warn" verb
2432 was being output only once per connection, rather than after each
2433 occurrence (because it was using the same function as for successful
2434 "warn" verbs). This seems wrong, so I have changed it.
2435
87ba3f5f
PH
2436TF/02 Two buglets in acl.c which caused Exim to read a few bytes of memory that
2437 it should not have, which might have caused a crash in the right
2438 circumstances, but probably never did.
2439
2440PH/04 Installed a modified version of Tony Finch's patch to make submission
2441 mode fix the return path as well as the Sender: header line, and to
2442 add a /name= option so that you can make the user's friendly name appear
2443 in the header line.
2444
29aba418
TF
2445TF/03 Added the control = fakedefer ACL modifier.
2446
fe0dab11
TF
2447TF/04 Added the ratelimit ACL condition. See NewStuff for details. Thanks to
2448 Mark Lowes for thorough testing.
870f6ba8 2449
11d337a4
TK
2450TK/02 Rewrote SPF support to work with libspf2 versions >1.2.0.
2451
2452TK/03 Merged latest SRS patch from Miles Wilton.
2453
415c8f3b
PH
2454PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts
2455 with the definition in sysexits.h (which is #included earlier).
2456 Fortunately, Exim does not actually use EX_OK. The code used to try to
2457 preserve the sysexits.h value, by assumimg that macro definitions were
2458 scanned for macro replacements. I have been disabused of this notion,
2459 so now the code just undefines EX_OK before #including unistd.h.
11d337a4 2460
958541e9
PH
2461PH/06 There is a timeout for writing blocks of data, set by, e.g. data_timeout
2462 in the smtp transport. When a block could not be written in a single
2463 write() function, the timeout was being re-applied to each part-write.
2464 This seems wrong - if the receiver was accepting one byte at a time it
2465 would take for ever. The timeout is now adjusted when this happens. It
2466 doesn't have to be particularly precise.
2467
c206415f
TK
2468TK/04 Added simple SPF lookup method in EXPERIMENTAL_SPF. See NewStuff for
2469 details. Thanks to Chris Webb <chris@arachsys.com> for the patch!
2470
2a4be8f9
PH
2471PH/07 Added "fullpostmaster" verify option, which does a check to <postmaster>
2472 without a domain if the check to <postmaster@domain> fails.
2473
1cba11c5
SC
2474SC/01 Eximstats: added -xls and the ability to specify output files
2475 (patch written by Frank Heydlauf).
2476
2477SC/02 Eximstats: use FileHandles for outputing results.
2478
2479SC/03 Eximstats: allow any combination of xls, txt, and html output.
2480
2481SC/04 Eximstats: fixed display of large numbers with -nvr option
2482
2483SC/05 Eximstats: fixed merging of reports with empty tables.
2484
2485SC/06 Eximstats: added the -include_original_destination flag
2486
2487SC/07 Eximstats: removed tabs and trailing whitespace.
2488
1005d00e
TK
2489TK/05 Malware: Improve on aveserver error handling. Patch from Alex Miller.
2490
2491TK/06 MBOX spool code: Add real "From " MBOX separator line
2492 so the .eml file is really in mbox format (even though
2493 most programs do not really care). Patch from Alex Miller.
2494
2495TK/07 MBOX spool code: Add X-Envelope-From: and X-Envelope-To: headers.
2496 The latter is generated from $received_to and is only set if the
2497 message has one envelope recipient. SA can use these headers,
2498 obviously out-of-the-box. Patch from Alex Miller.
2499
9b4768fa
PH
2500PH/08 The ${def test on a variable was returning false if the variable's
2501 value was "0", contrary to what the specification has always said!
2502 The result should be true unless the variable is empty.
2503
2504PH/09 The syntax error of a character other than { following "${if
2505 def:variable_name" (after optional whitespace) was not being diagnosed.
2506 An expansion such as ${if def:sender_ident:{xxx}{yyy}} in which an
2507 accidental colon was present, for example, could give incorrect results.
2508
0d7eb84a
PH
2509PH/10 Tidied the code in a number of places where the st_size field of a stat()
2510 result is used (not including appendfile, where other changes are about
2511 to be made).
2512
2513PH/11 Upgraded appendfile so that quotas larger than 2G are now supported.
2514 This involved changing a lot of size variables from int to off_t. It
2515 should work with maildirs and everything.
2516
40727bee
TK
2517TK/08 Apply fix provided by Michael Haardt to prevent deadlock in case of
2518 spamd dying while we are connected to it.
2519
554d2369
TF
2520TF/05 Fixed a ${extract error message typo reported by Jeremy Harris
2521 <jgh@wizmail.org>
2522
1f922db1
PH
2523PH/12 Applied Alex Kiernan's patch for the API change for the error callback
2524 function for BDB 4.3.
2525
ef213c3b
PH
2526PH/13 Changed auto_thaw such that it does not apply to bounce messages.
2527
8ac170f3
PH
2528PH/14 Imported PCRE 6.0; this was more than just a trivial operation because
2529 the sources for PCRE have been re-arranged and more files are now
2530 involved.
2531
b1c749bb
PH
2532PH/15 The code I had for printing potentially long long variables in PH/11
2533 above was not the best (it lost precision). The length of off_t variables
2534 is now inspected at build time, and an appropriate printing format (%ld
c6c2dc1d
PH
2535 or %lld) is chosen and #defined by OFF_T_FMT. We also define LONGLONG_T
2536 to be "long long int" or "long int". This is needed for the internal
2537 formatting function string_vformat().
b1c749bb 2538
4aac9b49
PH
2539PH/16 Applied Matthew Newton's patch to exicyclog: "If log_file_path is set in
2540 the configuration file to be ":syslog", then the script "guesses" where
2541 the logs files are, rather than using the compiled in default. In our
2542 case the guess is not the same as the compiled default, so the script
2543 suddenly stopped working when I started to use syslog. The patch checks
2544 to see if log_file_path is "". If so, it attempts to read it from exim
2545 with no configuration file to get the compiled in version, before it
2546 falls back to the previous guessing code."
2547
294520c8
TK
2548TK/09 Added "prvs" and "prvscheck" expansion items. These help a lot with
2549 implementing BATV in an Exim configuration. See NewStuff for the gory
2550 details.
2551
5bd022fe
PH
2552PH/17 Applied Michael Haardt's patch for HP-UX, affecting only the os.h and
2553 Makefile that are specific to HP-UX.
2554
90e9ce59
PH
2555PH/18 If the "use_postmaster" option was set for a recipient callout together
2556 with the "random" option, the postmaster address was used as the MAIL
2557 FROM address for the random test, but not for the subsequent recipient
2558 test. It is now used for both.
2559
5ea81592
PH
2560PH/19 Applied Michael Haardt's patch to update Sieve to RFC3028bis. "The
2561 patch removes a few documentation additions to RFC 3028, because the
2562 latest draft now contains them. It adds the new en;ascii-case comparator
2563 and a new error check for 8bit text in MIME parts. Comparator and
2564 require names are now matched exactly. I enabled the subaddress
2565 extension, but it is not well tested yet (read: it works for me)."
2566
c6c2dc1d
PH
2567PH/20 Added macros for time_t as for off_t (see PH/15 above) and used them to
2568 rework some of the code of TK/09 above to avoid the hardwired use of
2569 "%lld" and "long long". Replaced the call to snprintf() with a call to
2570 string_vformat().
2571
fffffe4c
PH
2572PH/21 Added some other messages to those in 4.51/PH/42, namely "All relevant MX
2573 records point to non-existent hosts", "retry timeout exceeded", and
2574 "retry time not reached for any host after a long failure period".
ca02eafb 2575
9a26b6b2
PH
2576PH/22 Fixed some oversights/typos causing bugs when Exim is compiled with
2577 experimental DomainKeys support:
2578
2579 (1) The filter variables $n0-$n9 and $sn0-$sn9 were broken.
2580 (2) On an error such as an illegally used "control", the wrong name for
2581 the control was given.
2582
2583 These problems did NOT occur unless DomainKeys support was compiled.
2584
4aee0225
PH
2585PH/23 Added daemon_startup_retries and daemon_startup_sleep.
2586
32d668a5
PH
2587PH/24 Added ${if match_ip condition.
2588
8187c3f3
PH
2589PH/25 Put debug statements on either side of calls to EXIM_DBOPEN() for hints
2590 databases so that it will be absolutely obvious if a crash occurs in the
2591 DB library. This is a regular occurrence (often caused by mis-matched
2592 db.h files).
2593
ff790e47 2594PH/26 Insert a lot of missing (void) casts for functions such as chown(),
f1e894f3
PH
2595 chmod(), fcntl(), sscanf(), and other functions from stdio.h. These were
2596 picked up on a user's system that detects such things. There doesn't seem
2597 to be a gcc warning option for this - only an attribute that has to be
2598 put on the function's prototype. It seems that in Fedora Core 4 they have
2599 set this on a number of new functions. No doubt there will be more in due
2600 course.
ff790e47 2601
5417f6d1
PH
2602PH/27 If a dnslookup or manualroute router is set with verify=only, it need not
2603 specify a transport. However, if an address that was verified by such a
2604 router was the subject of a callout, Exim crashed because it tried to
2605 read the rcpt_include_affixes from the non-existent transport. Now it
2606 just assumes that the setting of that option is false. This bug was
2607 introduced by 4.51/PH/31.
2608
59cf8544
PH
2609PH/28 Changed -d+all to exclude +memory, because that information is very
2610 rarely of interest, but it makes the output a lot bigger. People tend to
2611 do -d+all out of habit.
2612
e7ad8a65
PH
2613PH/29 Removed support for the Linux-libc5 build, as it is obsolete and the
2614 code in os-type was giving problems when libc.so lives in lib64, like on
2615 x86_64 Fedora Core.
2616
ade42478
PH
2617PH/30 Exim's DNS code uses the original T_xxx names for DNS record times. These
2618 aren't the modern standard, and it seems that some systems' include files
2619 don't always have them. Exim was already checking for some of the newer
2620 ones like T_AAAA, and defining it itself. I've added checks for all the
2621 record types that Exim uses.
2622
182ad5cf
PH
2623PH/31 When using GnuTLS, if the parameters cache file did not exist, Exim was
2624 not automatically generating a new one, as it is supposed to. This
2625 prevented TLS from working. If the file did exist, but contained invalid
2626 data, a new version was generated, as expected. It was only the case of a
2627 non-existent file that was broken.
2628
b0d9fc80
TK
2629TK/10 Domainkeys: Fix a bug in verification that caused a crash in conjunction
2630 with a change in libdomainkeys > 0.64.
2631
2632TK/11 Domainkeys: Change the logic how the "testing" policy flag is retrieved
2633 from DNS. If the selector record carries the flag, it now has
2634 precedence over the domain-wide flag.
2635
2636TK/12 Cleared some compiler warnings related to SPF, SRS and DK code.
2637
47c7a64a
PH
2638PH/32 In mua_wrapper mode, if an smtp transport configuration error (such as
2639 the use of a port name that isn't defined in /etc/services) occurred, the
2640 message was deferred as in a normal delivery, and thus remained on the
2641 spool, instead of being failed because of the mua_wrapper setting. This
2642 is now fixed, and I tidied up some of the mua_wrapper messages at the
2643 same time.
2644
a388bce4
SC
2645SC/08 Eximstats: whilst parsing the mainlog(s), store information about
2646 the messages in a hash of arrays rather than using individual hashes.
2647 This is a bit cleaner and results in dramatic memory savings, albeit
2648 at a slight CPU cost.
2649
2650SC/09 Eximstats: added the -show_rt<list> and the -show_dt<list> flags
2651 as requested by Marc Sherman.
2652
2653SC/10 Eximstats: added histograms for user specified patterns as requested
2654 by Marc Sherman.
2655
0793e4ed
SC
2656SC/11 Eximstats: v1.43 - bugfix for pattern histograms with -h0 specified.
2657
c58b88df
PH
2658PH/33 Patch from the Cygwin maintainer to add "b" to all occurences of
2659 fopen() in the content-scanning modules that did not already have it.
2660
e7ad8a65 2661
7982096b
PH
2662Exim version 4.51
2663-----------------
2664
1a46a8c5
PH
2665TK/01 Added Yahoo DomainKeys support via libdomainkeys. See
2666 doc/experimental-spec.txt for details. (http://domainkeys.sf.net)
2667
2f079f46 2668TK/02 Fix ACL "control" statement not being available in MIME ACL.
1a46a8c5
PH
2669
2670TK/03 Fix ACL "regex" condition not being available in MIME ACL.
2671
2672PH/01 Installed a patch from the Sieve maintainer that allows -bf to be used
2673 to test Sieve filters that use "vacation".
2674
2675PH/02 Installed a slightly modified version of Nikos Mavrogiannopoulos' patch
2676 that changes the way the GnuTLS parameters are stored in the cache file.
2677 The new format can be generated externally. For backward compatibility,
2678 if the data in the cache doesn't make sense, Exim assumes it has read an
2679 old-format file, and it generates new data and writes a new file. This
2680 means that you can't go back to an older release without removing the
2681 file.
2682
2683PH/03 A redirect router that has both "unseen" and "one_time" set does not
2684 work if there are any delivery delays because "one_time" forces the
2685 parent to be marked "delivered", so its unseen clone is never tried
2686 again. For this reason, Exim now forbids the simultaneous setting of
2687 these two options.
2688
2689PH/04 Change 4.11/85 fixed an obscure bug concerned with addresses that are
2690 redirected to themselves ("homonym" addresses). Read the long ChangeLog
2691 entry if you want to know the details. The fix, however, neglected to
2692 consider the case when local delivery batching is involved. The test for
2693 "previously delivered" was not happening when checking to see if an
2694 address could be batched with a previous (undelivered) one; under
2695 certain circumstances this could lead to multiple deliveries to the same
c2c19e9d 2696 address.
1a46a8c5
PH
2697
2698PH/05 Renamed the macro SOCKLEN_T as EXIM_SOCKLEN_T because AIX uses SOCKLEN_T
2699 in its include files, and this causes problems building Exim.
2700
2701PH/06 A number of "verify =" ACL conditions have no options (e.g. verify =
2702 header_syntax) but Exim was just ignoring anything given after a slash.
2703 In particular, this caused confusion with an attempt to use "verify =
2704 reverse_host_lookup/defer_ok". An error is now given when options are
2705 supplied for verify items that do not have them. (Maybe reverse_host_
2706 lookup should have a defer_ok option, but that's a different point.)
2707
2708PH/07 Increase the size of the buffer for incoming SMTP commands from 512 (as
2709 defined by RFC 821) to 2048, because there were problems with some AUTH
2710 commands, and RFC 1869 says the size should be increased for extended
2711 SMTP commands that take arguments.
2712
2713PH/08 Added ${dlfunc dynamically loaded function for expansion (code from Tony
2714 Finch).
2715
2716PH/09 Previously, an attempt to use ${perl when it wasn't compiled gave an
2717 "unknown" error; now it says that the functionality isn't in the binary.
8d67ada3 2718
49c2d5ea
PH
2719PH/10 Added a nasty fudge to try to recognize and flatten LDAP passwords in
2720 an address' error message when a string expansion fails (syntax or
f331f3b6
PH
2721 whatever). Otherwise the password may appear in the log. Following change
2722 PH/42 below, there is no longer a chance of it appearing in a bounce
2723 message.
49c2d5ea 2724
bf759a8b
PH
2725PH/11 Installed exipick version 20050225.0 from John Jetmore.
2726
83364d30
PH
2727PH/12 If the last host in a fallback_hosts list was multihomed, only the first
2728 of its addresses was ever tried. (Bugzilla bug #2.)
2729
7999bbd7
PH
2730PH/13 If "headers_add" in a transport didn't end in a newline, Exim printed
2731 the result incorrectly in the debug output. (It correctly added a newline
2732 to what was transported.)
2733
7dbf77c9
PH
2734TF/01 Added $received_time.
2735
74e0617f
PH
2736PH/14 Modified the default configuration to add an acl_smtp_data ACL, with
2737 commented out examples of how to interface to a virus scanner and to
2738 SpamAssassin. Also added commented examples of av_scanner and
2739 spamd_address settings.
2740
2f079f46
PH
2741PH/15 Further to TK/02 and TK/03 above, tidied up the tables of what conditions
2742 and controls are allowed in which ACLs. There were a couple of minor
2743 errors. Some of the entries in the conditions table (which is a table of
2744 where they are NOT allowed) were getting very unwieldy; rewrote them as a
2745 negation of where the condition IS allowed.
2746
8c841523
PH
2747PH/16 Installed updated OS/os.c-cygwin from the Cygwin maintainer.
2748
7766a4f0
PH
2749PH/17 The API for radiusclient changed at release 0.4.0. Unfortunately, the
2750 header file does not have a version number, so I've had to invent a new
2751 value for RADIUS_LIB_TYPE, namely "RADIUSCLIENTNEW" to request the new
2752 API. The code is untested by me (my Linux distribution still has 0.3.2 of
2753 radiusclient), but it was contributed by a Radius user.
2754
8b417f2c
PH
2755PH/18 Installed Lars Mainka's patch for the support of CRL collections in
2756 files or directories, for OpenSSL.
2757
901f42cb
PH
2758PH/19 When an Exim process that is running as root has to create an Exim log
2759 file, it does so in a subprocess that runs as exim:exim so as to get the
2760 ownership right at creation (otherwise, other Exim processes might see
2761 the file with the wrong ownership). There was no test for failure of this
2762 fork() call, which would lead to the process getting stuck as it waited
2763 for a non-existent subprocess. Forks do occasionally fail when resources
2764 run out. I reviewed all the other calls to fork(); they all seem to check
2765 for failure.
2766
f9b9210e
PH
2767PH/20 When checking for unexpected SMTP input at connect time (before writing
2768 the banner), Exim was not dealing correctly with a non-positive return
2769 from the read() function. If the client had disconnected by this time,
2770 the result was a log entry for a synchronization error with an empty
2771 string after "input=" when read() returned zero. If read() returned -1
2772 (an event I could not check), uninitialized data bytes were printed.
2773 There were reports of junk text (parts of files, etc) appearing after
2774 "input=".
2775
54cdb463
PH
2776PH/21 Added acl_not_smtp_mime to allow for MIME scanning for non-SMTP messages.
2777
cf00dad6
PH
2778PH/22 Added support for macro redefinition, and (re)definition in between
2779 driver and ACL definitions.
2780
acb1b346
PH
2781PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then
2782 forgetting to use the resulting value; it was using the unexpanded value.
2783
c5ddb310
PH
2784PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it
2785 hadn't been configured. The fix is from Juergen Kreileder, who
2786 understands it better than I do:
2787
2788 "Here's what I see happening with three configured cyrus_sasl
2789 authenticators configured (plain, login, cram-md5):
2790
2791 On startup auth_cyrus_sasl_init() gets called for each of these.
2792 This means three calls to sasl_listmech() without a specified mech_list.
2793 => SASL tests which mechs of all available mechs actually work
2794 => three warnings about OTP not working
2795 => the returned list contains: plain, login, cram-md5, digest-md5, ...
2796
2797 With the patch, sasl_listmech() also gets called three times. But now
2798 SASL's mech_list option is set to the server_mech specified in the the
2799 authenticator. Or in other words, the answer from sasl_listmech()
2800 gets limited to just the mech you're testing for (which is different
2801 for each call.)
2802 => the return list contains just 'plain' or 'login', 'cram-md5' or
2803 nothing depending on the value of ob->server_mech.
2804
2805 I've just tested the patch: Authentication still works fine,
2806 unavailable mechs specified in the exim configuration are still
2807 caught, and the auth.log warnings about OTP are gone."
2808
31619da6
PH
2809PH/25 When debugging is enabled, the contents of the command line are added
2810 to the debugging output, even when log_selector=+arguments is not
2811 specified.
2812
bebaf0fc
PH
2813PH/26 Change scripts/os-type so that when "uname -s" returns just "GNU", the
2814 answer is "GNU", and only if the return is "GNU/something" is the answer
2815 "Linux".
2816
475fe28a
PH
2817PH/27 $acl_verify_message is now set immediately after the failure of a
2818 verification in an ACL, and so is available in subsequent modifiers. In
2819 particular, the message can be preserved by coding like this:
2820
2821 warn !verify = sender
2822 set acl_m0 = $acl_verify_message
2823
2824 Previously, $acl_verify_message was set only while expanding "message"
2825 and "log_message" when a very denied access.
2826
7e8bec7a
PH
2827PH/28 Modified OS/os.c-Linux with
2828
2829 -#ifndef OS_LOAD_AVERAGE
2830 +#if !defined(OS_LOAD_AVERAGE) && defined(__linux__)
2831
2832 to make Exim compile on kfreebsd-gnu. (I'm totally confused about the
2833 nomenclature these days.)
2834
e4a89c47
PH
2835PH/29 Installed patch from the Sieve maintainer that adds the options
2836 sieve_useraddress and sieve_subaddress to the redirect router.
2837
5ca2a9a1
PH
2838PH/30 In these circumstances:
2839 . Two addresses routed to the same list of hosts;
2840 . First host does not offer TLS;
2841 . First host accepts first address;
2842 . First host gives temporary error to second address;
2843 . Second host offers TLS and a TLS session is established;
2844 . Second host accepts second address.
2845 Exim incorrectly logged both deliveries with the TLS parameters (cipher
2846 and peerdn, if requested) that were in fact used only for the second
2847 address.
7e8bec7a 2848
c688b954
PH
2849PH/31 When doing a callout as part of verifying an address, Exim was not paying
2850 attention to any local part prefix or suffix that was matched by the
2851 router that accepted the address. It now behaves in the same way as it
2852 does for delivery: the affixes are removed from the local part unless
2853 rcpt_include_affixes is set on the transport.
2854
fed77020
PH
2855PH/32 Add the sender address, as F=<...>, to the log line when logging a
2856 timeout during the DATA phase of an incoming message.
2857
7fe1560f
PH
2858PH/33 Sieve envelope tests were broken for match types other than :is. I have
2859 applied a patch sanctioned by the Sieve maintainer.
c688b954 2860
ebb6e6d5
PH
2861PH/34 Change 4.50/80 broke Exim in that it could no longer handle cases where
2862 the uid or gid is negative. A case of a negative gid caused this to be
2863 noticed. The fix allows for either to be negative.
2864
9c4e8f60
PH
2865PH/35 ACL_WHERE_MIME is now declared unconditionally, to avoid too much code
2866 clutter, but the tables that are indexed by ACL_WHERE_xxx values had been
2867 overlooked.
2868
2869PH/36 The change PH/12 above was broken. Fixed it.
2870
d7174846
PH
2871PH/37 Exim used to check for duplicate addresses in the middle of routing, on
2872 the grounds that routing the same address twice would always produce the
2873 same answer. This might have been true once, but it is certainly no
2874 longer true now. Routing a child address may depend on the previous
2875 routing that produced that child. Some complicated redirection strategies
2876 went wrong when messages had multiple recipients, and made Exim's
2877 behaviour dependent on the order in which the addresses were given.
2878
2879 I have moved the duplicate checking until after the routing is complete.
2880 Exim scans the addresses that are assigned to local and remote
2881 transports, and removes any duplicates. This means that more work will be
2882 done, as duplicates will always all be routed, but duplicates are
2883 presumably rare, so I don't expect this is of any significance.
2884
2885 For deliveries to pipes, files, and autoreplies, the duplicate checking
2886 still happens during the routing process, since they are not going to be
2887 routed further.
2888
cfe75fc3
PH
2889PH/38 Installed a patch from Ian Freislich, with the agreement of Tom Kistner.
2890 It corrects a timeout issue with spamd. This is Ian's comment: "The
2891 background is that sometimes spamd either never reads data from a
2892 connection it has accepted, or it never writes response data. The exiscan
2893 spam.[ch] uses a 3600 second timeout on spamd socket reads, further, it
2894 blindly assumes that writes won't block so it may never time out."
2895
be22d70e
PH
2896PH/39 Allow G after quota size as well as K and M.
2897
0612b098
PH
2898PH/40 The value set for $authenticated_id in an authenticator may not contain
2899 binary zeroes or newlines because the value is written to log lines and
2900 to spool files. There was no check on this. Now the value is run through
2901 the string_printing() function so that such characters are converted to
2902 printable escape sequences.
2903
2e0c1448
PH
2904PH/41 $message_linecount is a new variable that contains the total number of
2905 lines in the message. Compare $body_linecount, which is the count for the
2906 body only.
2907
447d236c
PH
2908PH/42 Exim no longer gives details of delivery errors for specific addresses in
2909 bounce and delay warning messages, except in certain special cases, which
2910 are as follows:
2911
2912 (a) An SMTP error message from a remote host;
2913 (b) A message specified in a :fail: redirection;
2914 (c) A message specified in a "fail" command in a system filter;
2915 (d) A message specified in a FAIL return from the queryprogram router;
2916 (e) A message specified by the cannot_route_message router option.
2917
2918 In these cases only, Exim does include the error details in bounce and
2919 warning messages. There are also a few cases where bland messages such
2920 as "unrouteable address" or "local delivery error" are given.
2921
d20976dc
PH
2922PH/43 $value is now also set for the "else" part of a ${run expansion.
2923
f656d135
PH
2924PH/44 Applied patch from the Sieve maintainer: "The vacation draft is still
2925 being worked on, but at least Exim now implements the latest version to
2926 play with."
2927
2e2a30b4
PH
2928PH/45 In a pipe transport, although a timeout while waiting for the pipe
2929 process to complete was treated as a delivery failure, a timeout while
2930 writing the message to the pipe was logged, but erroneously treated as a
2931 successful delivery. Such timeouts include transport filter timeouts. For
2932 consistency with the overall process timeout, these timeouts are now
2933 treated as errors, giving rise to delivery failures by default. However,
2934 there is now a new Boolean option for the pipe transport called
2935 timeout_defer, which, if set TRUE, converts the failures into defers for
2936 both kinds of timeout. A transport filter timeout is now identified in
2937 the log output.
2938
9176e9f0
PH
2939PH/46 The "scripts/Configure-config.h" script calls "make" at one point. On
2940 systems where "make" and "gmake" are different, calling "gmake" at top
2941 level broke things. I've arranged for the value of $(MAKE) to be passed
2942 from the Makefile to this script so that it can call the same version of
2943 "make".
2944
7982096b 2945
bbe902f0
PH
2946A note about Exim versions 4.44 and 4.50
2947----------------------------------------
2948
2949Exim 4.50 was meant to be the next release after 4.43. It contains a lot of
2950changes of various kinds. As a consequence, a big documentation update was
2951needed. This delayed the release for rather longer than seemed good, especially
2952in the light of a couple of (minor) security issues. Therefore, the changes
2953that fixed bugs were backported into 4.43, to create a 4.44 maintenance
2954release. So 4.44 and 4.50 are in effect two different branches that both start
2955from 4.43.
2956
2957I have left the 4.50 change log unchanged; it contains all the changes since
29584.43. The change log for 4.44 is below; many of its items are identical to
2959those for 4.50. This seems to be the most sensible way to preserve the
2960historical information.
2961
2962
f7b63901 2963Exim version 4.50
495ae4b0
PH
2964-----------------
2965
5fe762f6
PH
2966 1. Minor wording change to the doc/README.SIEVE file.
2967
139059f6 2968 2. Change 4.43/35 introduced a bug: if quota_filecount was set, the
5fe762f6 2969 computation of the current number of files was incorrect.
495ae4b0 2970
7086e875
PH
2971 3. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
2972 bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
2973 place.
2974
35af9f61
PH
2975 4. Give more explanation in the error message when the command for a transport
2976 filter fails to execute.
2977
b668c215
PH
2978 5. There are several places where Exim runs a non-Exim command in a
2979 subprocess. The SIGUSR1 signal should be disabled for these processes. This
2980 was being done only for the command run by the queryprogram router. It is
2981 now done for all such subprocesses. The other cases are: ${run, transport
2982 filters, and the commands run by the lmtp and pipe transports.
2983
a494b1e1
PH
2984 6. Added CONFIGURE_GROUP build-time option.
2985
2986 7. Some older OS have a limit of 256 on the maximum number of file
2987 descriptors. Exim was using setrlimit() to set 1000 as a large value
2988 unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
2989 systems. I've change it so that if it can't get 1000, it tries for 256.
35edf2ff 2990
c5fcb476
PH
2991 8. "control=submission" was allowed, but had no effect, in a DATA ACL. This
2992 was an oversight, and furthermore, ever since the addition of extra
2993 controls (e.g. 4.43/32), the checks on when to allow different forms of
2994 "control" were broken. There should now be diagnostics for all cases when a
2995 control that does not make sense is encountered.
2996
69358f02
PH
2997 9. Added the /retain_sender option to "control=submission".
2998
5be20824
PH
299910. $recipients is now available in the predata ACL (oversight).
3000
eb2c0248
PH
300111. Tidy the search cache before the fork to do a delivery from a message
3002 received from the command line. Otherwise the child will trigger a lookup
3003 failure and thereby defer the delivery if it tries to use (for example) a
3004 cached ldap connection that the parent has called unbind on.
3005
2a3eea10
PH
300612. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
3007 of $address_data from the recipient verification was clobbered by the
3008 sender verification.
3009
301013. The value of address_data from a sender verification is now available in
3011 $sender_address_data in subsequent conditions in the ACL statement.
3012
23c7ff99
PH
301314. Added forbid_sieve_filter and forbid_exim_filter to the redirect router.
3014
4deaf07d
PH
301515. Added a new option "connect=<time>" to callout options, to set a different
3016 connection timeout.
3017
926e1192
PH
301816. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
3019 was its contents. (It was OK if the option was not defined at all.)
3020
650edc6f
PH
302117. A "Completed" log line is now written for messages that are removed from
3022 the spool by the -Mrm option.
3023
2c7db3f5
PH
302418. New variables $sender_verify_failure and $recipient_verify_failure contain
3025 information about exactly what failed.
3026
3d235903
PH
302719. Added -dd to debug only the daemon process.
3028
7c7ad977
PH
302920. Incorporated Michael Haardt's patch to ldap.c for improving the way it
3030 handles timeouts, both on the server side and network timeouts. Renamed the
3031 CONNECT parameter as NETTIMEOUT (but kept the old name for compatibility).
3032
981756db
PH
303321. The rare case of EHLO->STARTTLS->HELO was setting the protocol to "smtp".
3034 It is now set to "smtps".
3035
d4eb88df
PH
303622. $host_address is now set to the target address during the checking of
3037 ignore_target_hosts.
3038
303923. When checking ignore_target_hosts for an ipliteral router, no host name was
3040 being passed; this would have caused $sender_host_name to have been used if
3041 matching the list had actually called for a host name (not very likely,
3042 since this list is usually IP addresses). A host name is now passed as
3043 "[x.x.x.x]".
3044
7d468ab8
PH
304524. Changed the calls that set up the SIGCHLD handler in the daemon to use the
3046 code that specifies a non-restarting handler (typically sigaction() in
3047 modern systems) in an attempt to fix a rare and obscure crash bug.
3048
304925. Narrowed the window for a race in the daemon that could cause it to ignore
3050 SIGCHLD signals. This is not a major problem, because they are used only to
3051 wake it up if nothing else does.
3052
62c0818f
PH
305326. A malformed maildirsize file could cause Exim to calculate negative values
3054 for the mailbox size or file count. Odd effects could occur as a result.
3055 The maildirsize information is now recalculated if the size or filecount
3056 end up negative.
3057
26034054
PH
305827. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
3059 support for a long time. Removed HAVE_SYS_VFS_H.
3060
af66f652
PH
306128. Installed the latest version of exipick from John Jetmore.
3062
90af77f4
PH
306329. In an address list, if the pattern was not a regular expression, an empty
3064 subject address (from a bounce message) matched only if the pattern was an
3065 empty string. Non-empty patterns were not even tested. This was the wrong
3066 because it is perfectly reasonable to use an empty address as part of a
3067 database query. An empty address is now tested by patterns that are
3068 lookups. However, all the other forms of pattern expect the subject to
3069 contain a local part and a domain, and therefore, for them, an empty
3070 address still always fails if the pattern is not itself empty.
3071
d8ef3577
PH
307230. Exim went into a mad DNS loop when attempting to do a callout where the
3073 host was specified on an smtp transport, and looking it up yielded more
3074 than one IP address.
3075
5cb8cbc6
PH
307631. Re-factored the code for checking spool and log partition space into a
3077 function that finds that data and another that does the check. The former
3078 is then used to implement four new variables: $spool_space, $log_space,
3079 $spool_inodes, and $log_inodes.
3080
14702f5b
PH
308132. The RFC2047 encoding function was originally intended for short strings
3082 such as real names; it was not keeping to the 75-character limit for
3083 encoded words that the RFC imposes. It now respects the limit, and
3084 generates multiple encoded words if necessary. To be on the safe side, I
3085 have increased the buffer size for the ${rfc2047: expansion operator from
3086 1024 to 2048 bytes.
3087
063b1e99
PH
308833. It is now permitted to omit both strings after an "if" condition; if the
3089 condition is true, the result is "true". As before, when the second string
3090 is omitted, a false condition yields an empty string. This makes it less
3091 cumbersome to write custom ACL and router conditions.
3092
652e1b65
PH
309334. Failure to deliver a bounce message always caused it to be frozen, even if
3094 there was an errors_to setting on the router. The errors_to setting is now
3095 respected.
3096
6f0c9a4f
PH
309735. If an IPv6 address is given for -bh or -bhc, it is now converted to the
3098 canonical form (fully expanded) before being placed in
3099 $sender_host_address.
3100
33397d19
PH
310136. The table in the code that translates DNS record types into text (T_A to
3102 "A" for instance) was missing entries for NS and CNAME. It is just possible
3103 that this could have caused confusion if both these types were looked up
3104 for the same domain, because the text type is used as part of Exim's
3105 per-process caching. But the chance of anyone hitting this buglet seems
3106 very small.
3107
7bb56e1f
PH
310837. The dnsdb lookup has been extended in a number of ways.
3109
3110 (1) There is a new type, "zns", which walks up the domain tree until it
3111 finds some nameserver records. It should be used with care.
3112
ea3bc19b
PH
3113 (2) There is a new type, "mxh", which is like "mx" except that it returns
3114 just the host names, not the priorities.
3115
3116 (3) It is now possible to give a list of domains (or IP addresses) to be
ff4dbb19
PH
3117 looked up. The behaviour when one of the lookups defers can be
3118 controlled by a keyword.
7bb56e1f 3119
ea3bc19b 3120 (4) It is now possible to specify the separator character for use when
7bb56e1f 3121 multiple records are returned.
33397d19 3122
0bcb2a0e
PH
312338. The dnslists ACL condition has been extended: it is now possible to supply
3124 a list of IP addresses and/or domains to be looked up in a particular DNS
3125 domain.
3126
2ac0e484
PH
312739. Added log_selector=+queue_time_overall.
3128
4e1fde53
PH
312940. When running the queue in the test harness, wait just a tad after forking a
3130 delivery process, to get repeatability of debugging output.
3131
de365ded
PH
313241. Include certificate and key file names in error message when GnuTLS fails
3133 to set them up, because the GnuTLS error message doesn't include the name
3134 of the failing file when there is a problem reading it.
3135
f05da2e8
PH
313642. Allow both -bf and -bF in the same test run.
3137
d6453af2
PH
313843. Did the same fix as 41 above for OpenSSL, which had the same infelicity.
3139
f7b63901
PH
314044. The "Exiscan patch" is now merged into the mainline Exim source.
3141
314245. Sometimes the final signoff response after QUIT could fail to get
3143 transmitted in the non-TLS case. Testing !tls_active instead of tls_active
3144 < 0 before doing a fflush(). This bug looks as though it goes back to the
3145 introduction of TLS in release 3.20, but "sometimes" must have been rare
3146 because the tests only now provoked it.
3147
a444213a
PH
314846. Reset the locale to "C" after calling embedded Perl, in case it was changed
3149 (this can affect the format of dates).
3150
0ec020ea
PH
315147. exim_tidydb, when checking for the continued existence of a message for
3152 which it has found a message-specific retry record, was not finding
3153 messages that were in split spool directories. Consequently, it was
3154 deleting retry records that should have stayed in existence.
3155
b1206957
PH
315648. Steve fixed some bugs in eximstats.
3157
315849. The SPA authentication driver was not abandoning authentication and moving
3159 on to the next authenticator when an expansion was forced to fail,
3160 contradicting the general specification for all authenticators. Instead it
3161 was generating a temporary error. It now behaves as specified.
3162
26dd5a95
PH
316350. The default ordering of permitted cipher suites for GnuTLS was pessimal
3164 (the order specifies the preference for clients). The order is now AES256,
3165 AES128, 3DES, ARCFOUR128.
3166
343b2385
PH
316751. Small patch to Sieve code - explicitly set From: when generating an
3168 autoreply.
3169
1c5466b9
PH
317052. Exim crashed if a remote delivery caused a very long error message to be
3171 recorded - for instance if somebody sent an entire SpamAssassin report back
3172 as a large number of 550 error lines. This bug was coincidentally fixed by
3173 increasing the size of one of Exim's internal buffers (big_buffer) that
3174 happened as part of the Exiscan merge. However, to be on the safe side, I
3175 have made the code more robust (and fixed the comments that describe what
3176 is going on).
3177
55ee9ee3
PH
317853. Now that there can be additional text after "Completed" in log lines (if
3179 the queue_time_overall log selector is set), a one-byte patch to exigrep
3180 was needed to allow it to recognize "Completed" as not the last thing in
3181 the line.
3182
d38f8232
PH
318354. The LDAP lookup was not handling a return of LDAP_RES_SEARCH_REFERENCE. A
3184 patch that reportedly fixes this has been added. I am not expert enough to
3185 create a test for it. This is what the patch creator wrote:
3186
3187 "I found a little strange behaviour of ldap code when working with
3188 Windows 2003 AD Domain, where users was placed in more than one
3189 Organization Units. When I tried to give exim partial DN, the exit code
3190 of ldap_search was unknown to exim because of LDAP_RES_SEARCH_REFERENCE.
3191 But simultaneously result of request was absolutely normal ldap result,
3192 so I produce this patch..."
3193
3295e65b
PH
3194 Later: it seems that not all versions of LDAP support LDAP_RES_SEARCH_
3195 REFERENCE, so I have modified the code to exclude the patch when that macro
3196 is not defined.
3197
7102e136
PH
319855. Some experimental protocols are using DNS PTR records for new purposes. The
3199 keys for these records are domain names, not reversed IP addresses. The
b975ba52
PH
3200 dnsdb PTR lookup now tests whether its key is an IP address. If not, it
3201 leaves it alone. Component reversal etc. now happens only for IP addresses.
ea3a6f44 3202 CAN-2005-0021
7102e136 3203
3ca0ba97
PH
320456. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP.
3205
c2bcbe20
PH
320657. Double the size of the debug message buffer (to 2048) so that more of very
3207 long debug lines gets shown.
3208
18ce445d
PH
320958. The exicyclog utility now does better if the number of log files to keep
3210 exceeds 99. In this case, it numbers them 001, 002 ... instead of 01, 02...
3211
1f5b4c3d
PH
321259. Two changes related to the smtp_active_hostname option:
3213
3214 (1) $smtp_active_hostname is now available as a variable.
3215 (2) The default for smtp_banner uses $smtp_active_hostname instead
3216 of $primary_hostname.
3217
b975ba52
PH
321860. The host_aton() function is supposed to be passed a string that is known
3219 to be a valid IP address. However, in the case of IPv6 addresses, it was
3220 not checking this. This is a hostage to fortune. Exim now panics and dies
3221 if the condition is not met. A case was found where this could be provoked
85b87bc2
PH
3222 from a dnsdb PTR lookup with an IPv6 address that had more than 8
3223 components; fortuitously, this particular loophole had already been fixed
3224 by change 4.50/55 above.
3225
3226 If there are any other similar loopholes, the new check in host_aton()
3227 itself should stop them being exploited. The report I received stated that
3228 data on the command line could provoke the exploit when Exim was running as
3229 exim, but did not say which command line option was involved. All I could
3230 find was the use of -be with a bad dnsdb PTR lookup, and in that case it is
3231 running as the user.
ea3a6f44 3232 CAN-2005-0021
85b87bc2
PH
3233
323461. There was a buffer overflow vulnerability in the SPA authentication code
3235 (which came originally from the Samba project). I have added a test to the
3236 spa_base64_to_bits() function which I hope fixes it.
ea3a6f44 3237 CAN-2005-0022
b975ba52 3238
17ffcae7
PH
323962. Configuration update for GNU/Hurd and variations. Updated Makefile-GNU and
3240 os.h-GNU, and added configuration files for GNUkFreeBSD and GNUkNetBSD.
3241
d95f9fdb
PH
324263. The daemon start-up calls getloadavg() while still root for those OS that
3243 need the first call to be done as root, but it missed one case: when
3244 deliver_queue_load_max is set with deliver_drop_privilege. This is
3245 necessary for the benefit of the queue runner, because there is no re-exec
3246 when deliver_drop_privilege is set.
3247
86b8287f
PH
324864. A call to exiwhat cut short delays set up by "delay" modifiers in ACLs.
3249 This has been fixed.
3250
60dc5e56
PH
325165. Caching of lookup data for "hosts =" ACL conditions, when a named host list
3252 was in use, was not putting the data itself into the right store pool;
3253 consequently, it could be overwritten for a subsequent message in the same
3254 SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked
3255 the caching.)
3256
533244af
PH
325766. Added hosts_max_try_hardlimit to the smtp transport, default 50.
3258
a5a28604
PH
325967. The string_is_ip_address() function returns 0, 4, or 6, for "no an IP
3260 address", "IPv4 address", and "IPv6 address", respectively. Some calls of
3261 the function were treating the return as a boolean value, which happened to
3262 work because 0=false and not-0=true, but is not correct code.
3263
7e634d24
PH
326468. The host_aton() function was not handling scoped IPv6 addresses (those
3265 with, for example, "%eth0" on the end) correctly.
3266
3e11c26b
PH
326769. Fixed some compiler warnings in acl.c for the bitmaps specified with
3268 negated items (that is, ~something) in unsigned ints. Some compilers
3269 apparently mutter when there is no cast.
3270
6729cf78
PH
327170. If an address verification called from an ACL failed, and did not produce a
3272 user-specific message (i.e. there was only a "system" message), nothing was
3273 put in $acl_verify_message. In this situation, it now puts the system
3274 message there.
3275
00f00ca5
PH
327671. Change 4.23/11 added synchronization checking at the start of an SMTP
3277 session; change 4.31/43 added the unwanted input to the log line - except
3278 that it did not do this in the start of session case. It now does.
3279
c9bdd01c
PH
328072. After a timeout in a callout SMTP session, Exim still sent a QUIT command.
3281 This is wrong and can cause the other end to generate a synchronization
3282 error if it is another Exim or anything else that does the synchronization
3283 check. A QUIT command is no longer sent after a timeout.
3284
d43194df
PH
328573. $host_lookup_deferred has been added, to make it easier to detect DEFERs
3286 during host lookups.
3287
fe5b5d0b
PH
328874. The defer_ok option of callout verification was not working if it was used
3289 when verifying addresses in header lines, that is, for this case:
3290
3291 verify = header_sender/callout=defer_ok
3292
76a2d7ba
PH
329375. A backgrounded daemon closed stdin/stdout/stderr on entry; this meant that
3294 those file descriptors could be used for SMTP connections. If anything
3295 wrote to stderr (the example that came up was "warn" in embedded Perl), it
3296 could be sent to the SMTP client, causing chaos. The daemon now opens
3297 stdin, stdout, and stderr to /dev/null when it puts itself into the
3298 background.
3299
330076. Arrange for output from Perl's "warn" command to be written to Exim's main
3301 log by default. The user can override this with suitable Perl magic.
3302
04f7d5b9
PH
330377. The use of log_message on a "discard" ACL verb, which is supposed to add to
3304 the log message when discard triggers, was not working for the DATA ACL or
3305 for the non-SMTP ACL.
3306
bc60667e
PH
330778. Error message wording change in sieve.c.
3308
bb6e88ff
PH
330979. If smtp_accept_max_per_host was set, the number of connections could be
3310 restricted to fewer than expected, because the daemon was trying to set up
3311 a new connection before checking whether the processes handling previous
3312 connections had finished. The check for completed processes is now done
3313 earlier. On busy systems, this bug wouldn't be noticed because something
3314 else would have woken the daemon, and it would have reaped the completed
3315 process earlier.
3316
1e70f85b
PH
331780. If a message was submitted locally by a user whose login name contained one
3318 or more spaces (ugh!), the spool file that Exim wrote was not re-readable.
3319 It caused a spool format error. I have fixed the spool reading code. A
3320 related problem was that the "from" clause in the Received: line became
3321 illegal because of the space(s). It is now covered by ${quote_local_part.
3322
332381. Included the latest eximstats from Steve (adds average sizes to HTML Top
3324 tables).
3325
4e01f9d6
PH
332682. Updated OS/Makefile-AIX as per message from Mike Meredith.
3327
1ee1cef2
PH
332883. Patch from Sieve maintainer to fix unterminated string problem in
3329 "vacation" handling.
3330
6e2b4ccc
PH
333184. Some minor changes to the Linux configuration files to help with other
3332 OS variants using glibc.
3333
8e669ac1
PH
333485. One more patch for Sieve to update vacation handling to latest spec.
3335
495ae4b0 3336
bbe902f0
PH
3337----------------------------------------------------
3338See the note above about the 4.44 and 4.50 releases.
3339----------------------------------------------------
3340
3341
3342Exim version 4.44
3343-----------------
3344
3345 1. Change 4.43/35 introduced a bug that caused file counts to be
3346 incorrectly computed when quota_filecount was set in an appendfile
3347 transport
3348
3349 2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
3350 bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
3351 place.
3352
3353 3. Give more explanation in the error message when the command for a transport
3354 filter fails to execute.
3355
3356 4. There are several places where Exim runs a non-Exim command in a
3357 subprocess. The SIGUSR1 signal should be disabled for these processes. This
3358 was being done only for the command run by the queryprogram router. It is
3359 now done for all such subprocesses. The other cases are: ${run, transport
3360 filters, and the commands run by the lmtp and pipe transports.
3361
3362 5. Some older OS have a limit of 256 on the maximum number of file
3363 descriptors. Exim was using setrlimit() to set 1000 as a large value
3364 unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
3365 systems. I've change it so that if it can't get 1000, it tries for 256.
3366
3367 6. "control=submission" was allowed, but had no effect, in a DATA ACL. This
3368 was an oversight, and furthermore, ever since the addition of extra
3369 controls (e.g. 4.43/32), the checks on when to allow different forms of
3370 "control" were broken. There should now be diagnostics for all cases when a
3371 control that does not make sense is encountered.
3372
3373 7. $recipients is now available in the predata ACL (oversight).
3374
3375 8. Tidy the search cache before the fork to do a delivery from a message
3376 received from the command line. Otherwise the child will trigger a lookup
3377 failure and thereby defer the delivery if it tries to use (for example) a
3378 cached ldap connection that the parent has called unbind on.
3379
3380 9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
3381 of $address_data from the recipient verification was clobbered by the
3382 sender verification.
3383
338410. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
3385 was its contents. (It was OK if the option was not defined at all.)
3386
338711. A "Completed" log line is now written for messages that are removed from
3388 the spool by the -Mrm option.
3389
339012. $host_address is now set to the target address during the checking of
3391 ignore_target_hosts.
3392
339313. When checking ignore_target_hosts for an ipliteral router, no host name was
3394 being passed; this would have caused $sender_host_name to have been used if
3395 matching the list had actually called for a host name (not very likely,
3396 since this list is usually IP addresses). A host name is now passed as
3397 "[x.x.x.x]".
3398
339914. Changed the calls that set up the SIGCHLD handler in the daemon to use the
3400 code that specifies a non-restarting handler (typically sigaction() in
3401 modern systems) in an attempt to fix a rare and obscure crash bug.
3402
340315. Narrowed the window for a race in the daemon that could cause it to ignore
3404 SIGCHLD signals. This is not a major problem, because they are used only to
3405 wake it up if nothing else does.
3406
340716. A malformed maildirsize file could cause Exim to calculate negative values
3408 for the mailbox size or file count. Odd effects could occur as a result.
3409 The maildirsize information is now recalculated if the size or filecount
3410 end up negative.
3411