Change note
[exim.git] / doc / doc-txt / ChangeLog
CommitLineData
495ae4b0
PH
1Change log file for Exim from version 4.21
2-------------------------------------------
3
c0e56233 4
9c695f6d
JH
5Exim version 4.86
6-----------------
7JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
8 expanded.
9
506900af
JH
10JH/02 The smtp transport option "multi_domain" is now expanded.
11
ad07e9ad
JH
12JH/03 The smtp transport now requests PRDR by default, if the server offers
13 it.
14
01a4a5c5 15JH/04 Certificate name checking on server certificates, when exim is a client,
b3ef41c9 16 is now done by default. The transport option tls_verify_cert_hostnames
01a4a5c5
JH
17 can be used to disable this per-host. The build option
18 EXPERIMENTAL_CERTNAMES is withdrawn.
19
cb1d7830 20JH/05 The value of the tls_verify_certificates smtp transport and main options
0e0f3f56 21 default to the word "system" to access the system default CA bundle.
cb1d7830
JH
22 For GnuTLS, only version 3.0.20 or later.
23
610ff438 24JH/06 Verification of the server certificate for a TLS connection is now tried
6d580f19
JH
25 (but not required) by default. The verification status is now logged by
26 default, for both outbound TLS and client-certificate supplying inbound
27 TLS connections
610ff438 28
f926e272
JH
29JH/07 Changed the default rfc1413 lookup settings to disable calls. Few
30 sites use this now.
31
50dc7409
JH
32JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery
33 Status Notification (bounce) messages are now MIME format per RFC 3464.
34 Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised
35 under the control of the dsn_advertise_hosts option, and routers may
36 have a dsn_lasthop option.
37
0f0c8159
JH
38JH/09 A timeout of 2 minutes is now applied to all malware scanner types by
39 default, modifiable by a malware= option. The list separator for
23763898 40 the options can now be changed in the usual way. Bug 68.
4e71661f 41
1ad6489e
JH
42JH/10 The smtp_receive_timeout main option is now expanded before use.
43
aeaf5db3
JH
44JH/11 The incoming_interface log option now also enables logging of the
45 local interface on delivery outgoing connections.
46
5032d1cf
JH
47JH/12 The cutthrough-routing facility now supports multi-recipient mails,
48 if the interface and destination host and port all match.
49
7e8360e6
JH
50JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
51 /defer_ok option.
52
c5f280e2
AL
53JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd.
54 Patch from Andrew Lewis.
55
fd4d8871 56JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition)
dc7b3d36 57 now supports optional time-restrictions, weighting, and priority
fd4d8871
R
58 modifiers per server. Patch originally by <rommer@active.by>.
59
60JH/16 The spamd_address main option now supports a mixed list of local
2aad5761
JH
61 and remote servers. Remote servers can be IPv6 addresses, and
62 specify a port-range.
fd4d8871 63
23763898
JH
64JH/17 Bug 68: The spamd_address main option now supports an optional
65 timeout value per server.
66
2ad78978
JH
67JH/18 Bug 1581: Router and transport options headers_add/remove can
68 now have the list separator specified.
69
8a512ed5
JH
70JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry
71 option values.
72
82c0c8ea 73JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails
f69979cf
JH
74 under OpenSSL.
75
cc00f4af
JH
76JH/21 Support for the A6 type of dns record is withdrawn.
77
82c0c8ea
JH
78JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
79 rather than the verbs used.
80
b980ed83
JH
81JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
82 from 255 to 1024 chars.
83
6c9ed72e
JH
84JH/24 Verification callouts now attempt to use TLS by default.
85
99c1bb4e
HSHR
86HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains)
87 are generic router options now. The defaults didn't change.
50dc7409 88
f846c8f5
JH
89JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames.
90 Original patch from Alexander Shikoff, worked over by JH.
91
fd4c285c
HSHR
92HS/02 Bug 1575: exigrep falls back to autodetection of compressed
93 files if ZCAT_COMMAND is not executable.
94
fd7f7910
JH
95JH/26 Bug 1539: Add timout/retry options on dnsdb lookups.
96
d2a2c69b
JH
97JH/27 Bug 286: Support SOA lookup in dnsdb lookups.
98
8241d8dd
JH
99JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
100 Normally benign, it bites when the pair was led to by a CNAME;
101 modern usage is to not canoicalize the domain to a CNAME target
102 (and we were inconsistent anyway for A-only vs AAAA+A).
103
1f12df4d
JH
104JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
105
1f155f8e
JH
106JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
107 when evaluating $sender_host_dnssec.
108
1705dd20
JH
109JH/31 Check the HELO verification lookup for DNSSEC, adding new
110 $sender_helo_dnssec variable.
111
038597d2
PP
112JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve.
113
474f71bf
JH
114JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log.
115
7137ca4b
JH
116JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.
117
9c695f6d 118
e449c3b0
TL
119Exim version 4.85
120-----------------
121TL/01 When running the test suite, the README says that variables such as
122 no_msglog_check are global and can be placed anywhere in a specific
123 test's script, however it was observed that placement needed to be near
124 the beginning for it to behave that way. Changed the runtest perl
125 script to read through the entire script once to detect and set these
126 variables, reset to the beginning of the script, and then run through
127 the script parsing/test process like normal.
128
ac20058f
TL
129TL/02 The BSD's have an arc4random API. One of the functions to induce
130 adding randomness was arc4random_stir(), but it has been removed in
131 OpenBSD 5.5. Detect this OpenBSD version and skip calling this
132 function when detected.
133
a9b8ec8b
JH
134JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now
135 cause callback expansion.
136
6286d7c4
TL
137TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that
138 syntax errors in an expansion can be treated as a string instead of
139 logging or causing an error, due to the internal use of bool_lax
140 instead of bool when processing it.
141
0f06b4f2 142JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
d567a64d
JH
143 server certificates when making smtp deliveries.
144
be36e572
JH
145JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups.
146
ac4ef9bd
JH
147JH/04 Add ${sort {list}{condition}{extractor}} expansion item.
148
0eb51736
TL
149TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep.
150
c713ca4b
TL
151TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
152 Merged patch from Sebastian Wiedenroth.
e449c3b0 153
bd21a787
WB
154JH/05 Fix results-pipe from transport process. Several recipients, combined
155 with certificate use, exposed issues where response data items split
156 over buffer boundaries were not parsed properly. This eventually
157 resulted in duplicates being sent. This issue only became common enough
158 to notice due to the introduction of conection certificate information,
159 the item size being so much larger. Found and fixed by Wolfgang Breyha.
160
8bc732e8
JH
161JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed
162 size buffer was used, resulting in syntax errors when an expansion
163 exceeded it.
164
a7fec7a7
JH
165JH/07 Add support for directories of certificates when compiled with a GnuTLS
166 version 3.3.6 or later.
167
774ef2d7
JH
168JH/08 Rename the TPDA expermimental facility to Event Actions. The #ifdef
169 is EXPERIMENTAL_EVENT, the main-configuration and transport options
170 both become "event_action", the variables become $event_name, $event_data
aec45841 171 and $event_defer_errno. There is a new variable $verify_mode, usable in
723fe533
JH
172 routers, transports and related events. The tls:cert event is now also
173 raised for inbound connections, if the main configuration event_action
174 option is defined.
774ef2d7 175
eca4debb
TL
176TL/06 In test suite, disable OCSP for old versions of openssl which contained
177 early OCSP support, but no stapling (appears to be less than 1.0.0).
178
8d692470
JH
179JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
180 server certificate names available under the smtp transport option
181 "tls_verify_cert_hostname" now do not permit multi-component wildcard
182 matches.
183
e9477a08
JH
184JH/10 Time-related extraction expansions from certificates now use the main
185 option "timezone" setting for output formatting, and are consistent
186 between OpenSSL and GnuTLS compilations. Bug 1541.
187
ad4c5ff9
JH
188JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047-
189 encoded parameter in the incoming message. Bug 1558.
8dea5edf
JH
190
191JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now
192 include certificate info, eximon was claiming there were spoolfile
193 syntax errors.
194
3394b36a 195JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return.
8dea5edf
JH
196
197JH/14 Log delivery-related information more consistently, using the sequence
198 "H=<name> [<ip>]" wherever possible.
199
3394b36a
TL
200TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which
201 are problematic for Debian distribution, omit them from the release
202 tarball.
203
ad4c5ff9
JH
204JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature.
205
206JH/16 Fix string representation of time values on 64bit time_t anchitectures.
207 Bug 1561.
208
209JH/17 Fix a null-indirection in certextract expansions when a nondefault
210 output list separator was used.
211
8bc732e8 212
1f0ebb98
TL
213Exim version 4.84
214-----------------
09728d20
TL
215TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static
216 checkers that were complaining about end of non-void function with no
217 return.
1f0ebb98 218
a612424f
JH
219JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers.
220 This was a regression intruduced in 4.83 by another bugfix.
221
222JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled.
223
224TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when
a9b8ec8b 225 EXPERIMENTAL_DSN is enabled. Fix from Wolfgang Breyha.
a612424f 226
1f0ebb98 227
c0e56233
TF
228Exim version 4.83
229-----------------
230
231TF/01 Correctly close the server side of TLS when forking for delivery.
232
233 When a message was received over SMTP with TLS, Exim failed to clear up
234 the incoming connection properly after forking off the child process to
235 deliver the message. In some situations the subsequent outgoing
236 delivery connection happened to have the same fd number as the incoming
237 connection previously had. Exim would try to use TLS and fail, logging
238 a "Bad file descriptor" error.
239
7245734e
TF
240TF/02 Portability fix for building lookup modules on Solaris when the xpg4
241 utilities have not been installed.
242
fd5dad68
JH
243JH/01 Fix memory-handling in use of acl as a conditional; avoid free of
244 temporary space as the ACL may create new global variables.
245
5428a946
TL
246TL/01 LDAP support uses per connection or global context settings, depending
247 upon the detected version of the libraries at build time.
248
a3c86431
TL
249TL/02 Experimental Proxy Protocol support: allows a proxied SMTP connection
250 to extract and use the src ip:port in logging and expansions as if it
8ded8589
TL
251 were a direct connection from the outside internet. PPv2 support was
252 updated based on HAProxy spec change in May 2014.
a3c86431 253
aa26e137
JH
254JH/02 Add ${listextract {number}{list}{success}{fail}}.
255
5a1b8443
WB
256TL/03 Bugzilla 1433: Fix DMARC SEGV with specific From header contents.
257 Properly escape header and check for NULL return.
258
72c9e342
PP
259PP/01 Continue incomplete 4.82 PP/19 by fixing docs too: use dns_dnssec_ok
260 not dns_use_dnssec.
261
76f44207
WB
262JH/03 Bugzilla 1157: support log_selector smtp_confirmation for lmtp.
263
770747fd
MFM
264TL/04 Add verify = header_names_ascii check to reject email with non-ASCII
265 characters in header names, implemented as a verify condition.
266 Contributed by Michael Fischer v. Mollard.
267
8ddef691 268TL/05 Rename SPF condition results err_perm and err_temp to standardized
982650ec
TL
269 results permerror and temperror. Previous values are deprecated but
270 still accepted. In a future release, err_perm and err_temp will be
271 completely removed, which will be a backward incompatibility if the
272 ACL tests for either of these two old results. Patch contributed by
8ddef691 273 user bes-internal on the mailing list.
c0e56233 274
b9c2e32f
AR
275JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
276
e45a1c37
JH
277JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
278 selectors, in both main and reject logs.
279
67d81c10
JH
280JH/06 Log outbound-TLS and port details, subject to log selectors, for a
281 failed delivery.
282
b1f8e4f8
JH
283JH/07 Add malware type "sock" for talking to simple daemon.
284
511a6c14 285JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport.
511a6c14
JH
286
287JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in
288 routers/transports under cutthrough routing.
214042d2 289
51c7471d
JH
290JH/10 Bugzilla 1005: ACL "condition =" should accept values which are negative
291 numbers. Touch up "bool" conditional to keep the same definition.
292
3695be34
TL
293TL/06 Remove duplicated language in spec file from 4.82 TL/16.
294
1e06383a
TL
295JH/11 Add dnsdb tlsa lookup. From Todd Lyons.
296
76146973
JH
297JH/12 Expand items in router/transport headers_add or headers_remove lists
298 individually rather than the list as a whole. Bug 1452.
299
300 Required for reasonable handling of multiple headers_ options when
301 they may be empty; requires that headers_remove items with embedded
302 colons must have them doubled (or the list-separator changed).
303
8c8b8274
TL
304TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly
305 view the policy declared in the DMARC record. Currently, $dmarc_status
306 is a combined value of both the record presence and the result of the
307 analysis.
b1f8e4f8 308
35aba663
JH
309JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455.
310
8c51eead 311JH/14 New options dnssec_request_domains, dnssec_require_domains on the
578897ea
JH
312 dnslookup router and the smtp transport (applying to the forward
313 lookup).
8c51eead 314
deae092e
HS
315TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list
316 of ldap servers used for a specific lookup. Patch provided by Heiko
317 Schlichting.
35aba663 318
fd3b6a4a 319JH/18 New options dnssec_lax, dnssec_strict on dnsdb lookups.
4e0983dc 320 New variable $lookup_dnssec_authenticated for observability.
fd3b6a4a 321
8d91c6dc
LT
322TL/09 Bugzilla 609: Add -C option to exiqgrep, specify which exim.conf to use.
323 Patch submitted by Lars Timman.
324
2b4a568d
JH
325JH/19 EXPERIMENTAL_OCSP support under GnuTLS. Bug 1459.
326
d2af03f4
HS
327TL/10 Bugzilla 1454: New -oMm option to pass message reference to Exim.
328 Requires trusted mode and valid format message id, aborts otherwise.
329 Patch contributed by Heiko Schlichting.
330
9d1c15ef
JH
331JH/20 New expansion variables tls_(in,out)_(our,peer)cert, and expansion item
332 certextract with support for various fields. Bug 1358.
333
44662487
JH
334JH/21 Observability of OCSP via variables tls_(in,out)_ocsp. Stapling
335 is requested by default, modifiable by smtp transport option
6a8a60e0
JH
336 hosts_request_ocsp.
337
ed3bba5f 338JH/22 Expansion operators ${md5:string} and ${sha1:string} can now
6a8a60e0 339 operate on certificate variables to give certificate fingerprints
9ef9101c 340 Also new ${sha256:cert_variable}.
44662487 341
8ccd00b1
JH
342JH/23 The PRDR feature is moved from being Experimental into the mainline.
343
8ded8589
TL
344TL/11 Bug 1119: fix memory allocation in string_printing2(). Patch from
345 Christian Aistleitner.
346
f2de3a33
JH
347JH/24 The OCSP stapling feature is moved from Experimental into the mainline.
348
6eb02f88
TL
349TL/12 Bug 1444: Fix improper \r\n sequence handling when writing spool
350 file. Patch from Wolfgang Breyha.
351
00bff6f6
JH
352JH/25 Expand the coverage of the delivery $host and $host_address to
353 client authenticators run in verify callout. Bug 1476.
354
071c51f7
JH
355JH/26 Port service names are now accepted for tls_on_connect_ports, to
356 align with daemon_smtp_ports. Bug 72.
357
a6d4c44e
TF
358TF/03 Fix udpsend. The ip_connectedsocket() function's socket type
359 support and error reporting did not work properly.
360
3ae173e7
ACK
361TL/13 Bug 1495: Exiqgrep check if -C config file specified on cli exists
362 and is readable. Patch from Andrew Colin Kissa.
363
c13d09b8
TL
364TL/14 Enhance documentation of ${run expansion and how it parses the
365 commandline after expansion, particularly in the case when an
366 unquoted variable expansion results in an empty value.
367
0df4ab80
JH
368JH/27 The TLS SNI feature was broken in 4.82. Fix it.
369
66be95e0
PP
370PP/02 Fix internal collision of T_APL on systems which support RFC3123
371 by renaming away from it. Addresses GH issue 15, reported by
372 Jasper Wallace.
373
1bd0d12b
JH
374JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
375
0de7239e
TL
376TL/15 SECURITY: prevent double expansion in math comparison functions
377 (can expand unsanitized data). Not remotely exploitable.
378 CVE-2014-2972
379
fd3b6a4a 380
2c422e6f 381Exim version 4.82
98a90c36
PP
382-----------------
383
384PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities.
385
12f69989
PP
386PP/02 Make -n do something, by making it not do something.
387 When combined with -bP, the name of an option is not output.
388
54c90be1
PP
389PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured
390 by GnuTLS.
391
1f4a55da
PP
392PP/04 First step towards DNSSEC, provide $sender_host_dnssec for
393 $sender_host_name and config options to manage this, and basic check
394 routines.
395
13363eba 396PP/05 DSCP support for outbound connections and control modifier for inbound.
36a3ae5f 397
66645890 398PP/06 Cyrus SASL: set local and remote IP;port properties for driver.
e402235f
PP
399 (Only plugin which currently uses this is kerberos4, which nobody should
400 be using, but we should make it available and other future plugins might
401 conceivably use it, even though it would break NAT; stuff *should* be
402 using channel bindings instead).
66645890 403
a3fb9793 404PP/07 Handle "exim -L <tag>" to indicate to use syslog with tag as the process
f4ee74ac
PP
405 name; added for Sendmail compatibility; requires admin caller.
406 Handle -G as equivalent to "control = suppress_local_fixups" (we used to
407 just ignore it); requires trusted caller.
a3fb9793 408 Also parse but ignore: -Ac -Am -X<logfile>
f4ee74ac 409 Bugzilla 1117.
a3fb9793 410
d27f98fe 411TL/01 Bugzilla 1258 - Refactor MAIL FROM optional args processing.
98a90c36 412
6822b909
TL
413TL/02 Add +smtp_confirmation as a default logging option.
414
e7568d51
TL
415TL/03 Bugzilla 198 - Implement remove_header ACL modifier.
416 Patch by Magnus Holmgren from 2007-02-20.
417
ae0e32ee 418TL/04 Bugzilla 1281 - Spec typo.
ca0ff207 419 Bugzilla 1283 - Spec typo.
97f42f10 420 Bugzilla 1290 - Spec grammar fixes.
ca0ff207
TL
421
422TL/05 Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
ae0e32ee 423
e2658fff
TL
424TL/06 Add Experimental DMARC support using libopendmarc libraries.
425
83712b39
TL
426TL/07 Fix an out of order global option causing a segfault. Reported to dev
427 mailing list by by Dmitry Isaikin.
428
976b7e9f
JH
429JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
430
be4a1376
JH
431JH/02 Support "G" suffix to numbers in ${if comparisons.
432
ec4b68e5
PP
433PP/08 Handle smtp transport tls_sni option forced-fail for OpenSSL.
434
d7148a07
NM
435NM/01 Bugzilla 1197 - Spec typo
436 Bugzilla 1196 - Spec examples corrections
ec4b68e5 437
585121e2 438JH/03 Add expansion operators ${listnamed:name} and ${listcount:string}
ec4b68e5 439
2519e60d
TL
440PP/09 Add gnutls_allow_auto_pkcs11 option (was originally called
441 gnutls_enable_pkcs11, but renamed to more accurately indicate its
442 function.
a5f239e4 443
13d08c90
PP
444PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
445 Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
446
bef3ea7f
JH
447JH/04 Add expansion item ${acl {name}{arg}...}, expansion condition
448 "acl {{name}{arg}...}", and optional args on acl condition
449 "acl = name arg..."
a5f239e4 450
846726c5
JH
451JH/05 Permit multiple router/transport headers_add/remove lines.
452
3a796370
JH
453JH/06 Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination.
454
ea722490 455JH/07 Avoid using a waiting database for a single-message-only transport.
8b260705
PP
456 Performance patch from Paul Fisher. Bugzilla 1262.
457
b1b05573
JH
458JH/08 Strip leading/trailing newlines from add_header ACL modifier data.
459 Bugzilla 884.
460
362145b5
JH
461JH/09 Add $headers_added variable, with content from use of ACL modifier
462 add_header (but not yet added to the message). Bugzilla 199.
463
3c0a92dc
JH
464JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line.
465 Pulled from Bugzilla 817 by Wolfgang Breyha.
466
6d7c6175
PP
467PP/11 SECURITY: protect DKIM DNS decoding from remote exploit.
468 CVE-2012-5671
e78e6ecf 469 (nb: this is the same fix as in Exim 4.80.1)
6d7c6175 470
6f123593
JH
471JH/11 Add A= logging on delivery lines, and a client_set_id option on
472 authenticators.
473
c8e2fc1e
JH
474JH/12 Add optional authenticated_sender logging to A= and a log_selector
475 for control.
476
005ac57f
PP
477PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29.
478
3f1df0e3
PP
479PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not
480 advertise SMTP AUTH mechanism to us, instead of a generic
481 protocol violation error. Also, make Exim more robust to bad
482 data from the Dovecot auth socket.
483
67bd1ab3
TF
484TF/01 Fix ultimate retry timeouts for intermittently deliverable recipients.
485
486 When a queue runner is handling a message, Exim first routes the
487 recipient addresses, during which it prunes them based on the retry
488 hints database. After that it attempts to deliver the message to
489 any remaining recipients. It then updates the hints database using
490 the retry rules.
491
492 So if a recipient address works intermittently, it can get repeatedly
493 deferred at routing time. The retry hints record remains fresh so the
494 address never reaches the final cutoff time.
495
496 This is a fairly common occurrence when a user is bumping up against
497 their storage quota. Exim had some logic in its local delivery code
498 to deal with this. However it did not apply to per-recipient defers
499 in remote deliveries, e.g. over LMTP to a separate IMAP message store.
500
1ddeb334
TF
501 This change adds a proper retry rule check during routing so that the
502 final cutoff time is checked against the message's age. We only do
503 this check if there is an address retry record and there is not a
504 domain retry record; this implies that previous attempts to handle
505 the address had the retry_use_local_parts option turned on. We use
506 this as an approximation for the destination being like a local
507 delivery, as in LMTP.
67bd1ab3
TF
508
509 I suspect this new check makes the old local delivery cutoff check
510 redundant, but I have not verified this so I left the code in place.
511
326cdc37
TF
512TF/02 Correct gecos expansion when From: is a prefix of the username.
513
514 Test 0254 submits a message to Exim with the header
515
516 Resent-From: f
517
518 When I ran the test suite under the user fanf2, Exim expanded
519 the header to contain my full name, whereas it should have added
520 a Resent-Sender: header. It erroneously treats any prefix of the
521 username as equal to the username.
522
523 This change corrects that bug.
524
f62514b3
GF
525GF/01 DCC debug and logging tidyup
526 Error conditions log to paniclog rather than rejectlog.
527 Debug lines prefixed by "DCC: " to remove any ambiguity.
528
eb505532
TF
529TF/03 Avoid unnecessary rebuilds of lookup-related code.
530
14c7b357
PP
531PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
532 Bug spotted by Jeremy Harris; was flawed since initial commit.
533 Would have resulted in OCSP responses post-SNI triggering an Exim
534 NULL dereference and crash.
535
94eaf700
PP
536JH/13 Add $router_name and $transport_name variables. Bugzilla 308.
537
6f5a440a
PP
538PP/15 Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd.
539 Bug detection, analysis and fix by Samuel Thibault.
540 Bugzilla 1331, Debian bug #698092.
541
514ee161
SC
542SC/01 Update eximstats to watch out for senders sending 'HELO [IpAddr]'
543
fd98a5c6
JH
544JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt).
545 Server implementation by Todd Lyons, client by JH.
546 Only enabled when compiled with EXPERIMENTAL_PRDR. A new
547 config variable "prdr_enable" controls whether the server
548 advertises the facility. If the client requests PRDR a new
549 acl_data_smtp_prdr ACL is called once for each recipient, after
550 the body content is received and before the acl_smtp_data ACL.
551 The client is controlled by bolth of: a hosts_try_prdr option
552 on the smtp transport, and the server advertisement.
553 Default client logging of deliveries and rejections involving
554 PRDR are flagged with the string "PRDR".
555
035c7f1e
PP
556PP/16 Fix problems caused by timeouts during quit ACLs trying to double
557 fclose(). Diagnosis by Todd Lyons.
558
ff284120
PP
559PP/17 Update configure.default to handle IPv6 localhost better.
560 Patch by Alain Williams (plus minor tweaks).
561 Bugzilla 880.
562
26e72755
PP
563PP/18 OpenSSL made graceful with empty tls_verify_certificates setting.
564 This is now consistent with GnuTLS, and is now documented: the
565 previous undocumented portable approach to treating the option as
566 unset was to force an expansion failure. That still works, and
567 an empty string is now equivalent.
568
0fbd9bff
PP
569PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
570 clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
571 not performing validation itself.
572
700d22f3
PP
573PP/20 Added force_command boolean option to pipe transport.
574 Patch from Nick Koston, of cPanel Inc.
575
fcc8e047
JH
576JH/15 AUTH support on callouts (and hence cutthrough-deliveries).
577 Bugzilla 321, 823.
578
7142daca
PP
579TF/04 Added udpsend ACL modifer and hexquote expansion operator
580
8c020188
PP
581PP/21 Fix eximon continuous updating with timestamped log-files.
582 Broken in a format-string cleanup in 4.80, missed when I repaired the
583 other false fix of the same issue.
584 Report and fix from Heiko Schlichting.
585 Bugzilla 1363.
586
d13cdd30
PP
587PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
588 Report from Prashanth Katuri.
589
e2fbf4a2
PP
590PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options.
591 It's SecureTransport, so affects any MacOS clients which use the
592 system-integrated TLS libraries, including email clients.
593
f4c1088b
PP
594PP/24 Fix segfault from trying to fprintf() to a NULL stdio FILE* if
595 using a MIME ACL for non-SMTP local injection.
596 Report and assistance in diagnosis by Warren Baker.
597
c5c2182f
PP
598TL/08 Adjust exiqgrep to be case-insensitive for sender/receiver.
599
73431ca9
JH
600JH/16 Fix comparisons for 64b. Bugzilla 1385.
601
2d07a215
TL
602TL/09 Add expansion variable $authenticated_fail_id to keep track of
603 last id that failed so it may be referenced in subsequent ACL's.
604
a30a8861
TL
605TL/10 Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by
606 Alexander Miroch.
607
33382dd9
TL
608TL/11 Bugzilla 1382 - Option ldap_require_cert overrides start_tls
609 ldap library initialization, allowing self-signed CA's to be
610 used. Also properly sets require_cert option later in code by
611 using NULL (global ldap config) instead of ldap handle (per
612 session). Bug diagnosis and testing by alxgomz.
6d7c6175 613
046172e6
TL
614TL/12 Enhanced documentation in the ratelimit.pl script provided in
615 the src/util/ subdirectory.
616
581d7bee 617TL/13 Bug 1031 - Imported transport SQL logging patch from Axel Rau
1a7b746d 618 renamed to Transport Post Delivery Action by Jeremy Harris, as
9bdd29ad
TL
619 EXPERIMENTAL_TPDA.
620
621TL/14 Bugzilla 1217 - Redis lookup support has been added. It is only enabled
622 when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable
623 redis_servers = needs to be configured which will be used by the redis
624 lookup. Patch from Warren Baker, of The Packet Hub.
625
237b2cf2
TL
626TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard Hall.
627
9fc5a352
TL
628TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors looking up a
629 hostname or reverse DNS when processing a host list. Used suggestions
630 from multiple comments on this bug.
1a7b746d 631
b10e4ec2
TL
632TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
633
e2cebd74
TL
634TL/18 Had previously added a -CONTINUE option to runtest in the test suite.
635 Missed a few lines, added it to make the runtest require no keyboard
636 interaction.
637
638TL/19 Bugzilla 1402 - Test 533 fails if any part of the path to the test suite
639 contains upper case chars. Make router use caseful_local_part.
640
2519e60d
TL
641TL/20 Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS
642 support when GnuTLS has been built with p11-kit.
643
e78e6ecf 644
4263f395
PP
645Exim version 4.80.1
646-------------------
647
648PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
649 CVE-2012-5671
2c422e6f 650 This, or similar/improved, will also be change PP/11 of 4.82.
3c0a92dc 651
ea722490 652
b1770b6e 653Exim version 4.80
0599f9cf
PP
654-----------------
655
656PP/01 Handle short writes when writing local log-files.
657 In practice, only affects FreeBSD (8 onwards).
658 Bugzilla 1053, with thanks to Dmitry Isaikin.
659
23c7e742
NM
660NM/01 Bugzilla 949 - Documentation tweak
661
b322aac8
NM
662NM/02 Bugzilla 1093 - eximstats DATA reject detection regexps
663 improved.
664
4a891427
NM
665NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs.
666
c1e794ba 667PP/02 Implemented gsasl authenticator.
b322aac8 668
97753960
PP
669PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option.
670
671PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
672 `pkg-config foo` for cflags/libs.
673
df6303fa
PP
674PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
675 with rest of GSASL and with heimdal_gssapi.
676
7e6a8985
PP
677PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
678 `pkg-config foo` for cflags/libs for the TLS implementation.
679
f1e05cc7 680PP/07 New expansion variable $tls_bits; Cyrus SASL server connection
20aa9dbd
PP
681 properties get this fed in as external SSF. A number of robustness
682 and debugging improvements to the cyrus_sasl authenticator.
b322aac8 683
4c287009
PP
684PP/08 cyrus_sasl server now expands the server_realm option.
685
b98bb9ac
PP
686PP/09 Bugzilla 1214 - Log authentication information in reject log.
687 Patch by Jeremy Harris.
688
4a6a987a
PP
689PP/10 Added dbmjz lookup type.
690
c45dd180 691PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid.
c7955b11 692
7db8d074
PP
693PP/12 MAIL args handles TAB as well as SP, for better interop with
694 non-compliant senders.
695 Analysis and variant patch by Todd Lyons.
696
eae0036b 697NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated
e0df1c83
DM
698 Bug report from Lars Müller <lars@samba.org> (via SUSE),
699 Patch from Dirk Mueller <dmueller@suse.com>
700
dec5017e
PP
701PP/13 tls_peerdn now print-escaped for spool files.
702 Observed some $tls_peerdn in wild which contained \n, which resulted
703 in spool file corruption.
704
c80c5570
PP
705PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
706 values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
707 or write after TLS renegotiation, which otherwise led to messages
708 "Got SSL error 2".
709
076b11e2
PP
710TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
711 as a tracking header (ie: a signed header comes before the signature).
712 Patch from Wolfgang Breyha.
713
5407bfff
JH
714JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
715 comma-sep list; embedded commas doubled.
716
9e45c72b
PP
717JH/02 Refactored ACL "verify =" logic to table-driven dispatch.
718
e74376d8
PP
719PP/15 LDAP: Check for errors of TLS initialisation, to give correct
720 diagnostics.
721 Report and patch from Dmitry Banschikov.
722
da3ad30d
PP
723PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options".
724 Removed SSL_clear() after SSL_new() which led to protocol negotiation
725 failures. We appear to now support TLS1.1+ with Exim.
726
7be682ca
PP
727PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
728 lets Exim select keys and certificates based upon TLS SNI from client.
3f0945ff
PP
729 Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly
730 before an outbound SMTP session. New log_selector, +tls_sni.
7be682ca 731
ef840681
PP
732PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
733 NULL dereference. Report and patch from Alun Jones.
734
5bfb4cdf
PP
735PP/19 DNS resolver init changes for NetBSD compatibility. (Risk of breakage
736 on less well tested platforms). Obviates NetBSD pkgsrc patch-ac.
737 Not seeing resolver debug output on NetBSD, but suspect this is a
738 resolver implementation change.
739
c6e95d22
PP
740PP/20 Revert part of NM/04, it broke log_path containing %D expansions.
741 Left warnings. Added "eximon gdb" invocation mode.
742
9cbad13b
PP
743PP/21 Defaulting "accept_8bitmime" to true, not false.
744
9ee44efb
PP
745PP/22 Added -bw for inetd wait mode support.
746
6a6084f8
PP
747PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
748 locate the relevant includes and libraries. Made this the default.
749
12dd53c7
PP
750PP/24 Fixed headers_only on smtp transports (was not sending trailing dot).
751 Bugzilla 1246, report and most of solution from Tomasz Kusy.
752
9e45c72b 753JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
97d17305
JH
754 This may cause build issues on older platforms.
755
17c76198
PP
756PP/25 Revamped GnuTLS support, passing tls_require_ciphers to
757 gnutls_priority_init, ignoring Exim options gnutls_require_kx,
758 gnutls_require_mac & gnutls_require_protocols (no longer supported).
759 Added SNI support via GnuTLS too.
af3498d6 760 Made ${randint:..} supplier available, if using not-too-old GnuTLS.
17c76198 761
53947857 762PP/26 Added EXPERIMENTAL_OCSP for OpenSSL.
3f7eeb86 763
eae0036b 764PP/27 Applied dnsdb SPF support patch from Janne Snabb.
8ee4b30e
PP
765 Applied second patch from Janne, implementing suggestion to default
766 multiple-strings-in-record handling to match SPF spec.
eae0036b 767
9e45c72b 768JH/04 Added expansion variable $tod_epoch_l for a higher-precision time.
2605c55b 769
7390e768
PP
770PP/28 Fix DCC dcc_header content corruption (stack memory referenced,
771 read-only, out of scope).
772 Patch from Wolfgang Breyha, report from Stuart Northfield.
773
08488c86
PP
774PP/29 Fix three issues highlighted by clang analyser static analysis.
775 Only crash-plausible issue would require the Cambridge-specific
776 iplookup router and a misconfiguration.
777 Report from Marcin Mirosław.
778
6475bd82
PP
779PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
780
81f91683
PP
781PP/31 %D in printf continues to cause issues (-Wformat=security), so for
782 now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
783 As part of this, removing so much warning spew let me fix some minor
784 real issues in debug logging.
785
5779e6aa
PP
786PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing
787 assignment on my part. Fixed.
788
3375e053
PP
789PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit
790 of NSS, for GnuTLS/NSS interop. Problem root cause diagnosis by
791 Janne Snabb (who went above and beyond: thank you).
792
793PP/34 Validate tls_require_ciphers on startup, since debugging an invalid
794 string otherwise requires a connection and a bunch more work and it's
78e0c7a3
PP
795 relatively easy to get wrong. Should also expose TLS library linkage
796 problems.
3375e053 797
9d26b8c0
PP
798PP/35 Pull in <features.h> on Linux, for some portability edge-cases of
799 64-bit ${eval} (JH/03).
800
57eb9e91 801PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of
b87a6e0e
PP
802 GNU libc to support some of the 64-bit stuff, should not lead to
803 conflicts. Defined before os.h is pulled in, so if a given platform
804 needs to override this, it can.
805
16880d1a
PP
806PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought
807 protection layer was required, which is not implemented.
808 Bugzilla 1254, patch from Wolfgang Breyha.
809
a799883d
PP
810PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
811 into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make
812 tls_dhparam take prime identifiers. Also unbreak combination of
813 OpenSSL+DH_params+TLSSNI.
814
3ecab157 815PP/39 Disable SSLv2 by default in OpenSSL support.
f0f5a555 816
0599f9cf 817
867fcbf5
PP
818Exim version 4.77
819-----------------
820
821PP/01 Solaris build fix for Oracle's LDAP libraries.
822 Bugzilla 1109, patch from Stephen Usher.
823
f1a29782
TF
824TF/01 HP/UX build fix: avoid arithmetic on a void pointer.
825
ab42bd23
TK
826TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o
827 whitespace trailer
867fcbf5 828
0ca0cf52
TF
829TF/02 Fix a couple more cases where we did not log the error message
830 when unlink() failed. See also change 4.74-TF/03.
831
921b12ca
TF
832TF/03 Make the exiwhat support code safe for signals. Previously Exim might
833 lock up or crash if it happened to be inside a call to libc when it
834 got a SIGUSR1 from exiwhat.
835
836 The SIGUSR1 handler appends the current process status to the process
837 log which is later printed by exiwhat. It used to use the general
838 purpose logging code to do this, but several functions it calls are
839 not safe for signals.
840
841 The new output code in the SIGUSR1 handler is specific to the process
842 log, and simple enough that it's easy to inspect for signal safety.
843 Removing some special cases also simplifies the general logging code.
844 Removing the spurious timestamps from the process log simplifies
845 exiwhat.
846
c99ce5c9
TF
847TF/04 Improved ratelimit ACL condition.
848
849 The /noupdate option has been deprecated in favour of /readonly which
850 has clearer semantics. The /leaky, /strict, and /readonly update modes
851 are mutually exclusive. The update mode is no longer included in the
852 database key; it just determines when the database is updated. (This
853 means that when you upgrde Exim will forget old rate measurements.)
854
855 Exim now checks that the per_* options are used with an update mode that
856 makes sense for the current ACL. For example, when Exim is processing a
857 message (e.g. acl_smtp_rcpt or acl_smtp_data, etc.) you can specify
858 per_mail/leaky or per_mail/strict; otherwise (e.g. in acl_smtp_helo) you
859 must specify per_mail/readonly. If you omit the update mode it defaults to
860 /leaky where that makes sense (as before) or /readonly where required.
861
862 The /noupdate option is now undocumented but still supported for
863 backwards compatibility. It is equivalent to /readonly except that in
864 ACLs where /readonly is required you may specify /leaky/noupdate or
865 /strict/noupdate which are treated the same as /readonly.
866
867 A useful new feature is the /count= option. This is a generalization
868 of the per_byte option, so that you can measure the throughput of other
869 aggregate values. For example, the per_byte option is now equivalent
870 to per_mail/count=${if >{0}{$message_size} {0} {$message_size} }.
871
872 The per_rcpt option has been generalized using the /count= mechanism
873 (though it's more complicated than the per_byte equivalence). When it is
874 used in acl_smtp_rcpt, the per_rcpt option adds recipients to the
875 measured rate one at a time; if it is used later (e.g. in acl_smtp_data)
876 or in a non-SMTP ACL it adds all the recipients in one go. (The latter
877 /count=$recipients_count behaviour used to work only in non-SMTP ACLs.)
878 Note that using per_rcpt with a non-readonly update mode in more than
879 one ACL will cause the recipients to be double-counted. (The per_mail
880 and per_byte options don't have this problem.)
881
882 The handling of very low rates has changed slightly. If the computed rate
883 is less than the event's count (usually one) then this event is the first
884 after a long gap. In this case the rate is set to the same as this event's
885 count, so that the first message of a spam run is counted properly.
886
887 The major new feature is a mechanism for counting the rate of unique
888 events. The new per_addr option counts the number of different
889 recipients that someone has sent messages to in the last time period. It
890 behaves like per_rcpt if all the recipient addresses are different, but
891 duplicate recipient addresses do not increase the measured rate. Like
892 the /count= option this is a general mechanism, so the per_addr option
893 is equivalent to per_rcpt/unique=$local_part@$domain. You can, for
894 example, measure the rate that a client uses different sender addresses
895 with the options per_mail/unique=$sender_address. There are further
896 details in the main documentation.
897
3634fc25
TF
898TF/05 Removed obsolete $Cambridge$ CVS revision strings.
899
792e8a19
TF
900TF/06 Removed a few PCRE remnants.
901
5901f0ab
TF
902TF/07 Automatically extract Exim's version number from tags in the git
903 repository when doing development or release builds.
904
7f2a2a43
PP
905PP/02 Raise smtp_cmd_buffer_size to 16kB.
906 Bugzilla 879. Patch from Paul Fisher.
e2ca7082 907
061b7ebd
PP
908PP/03 Implement SSL-on-connect outbound with protocol=smtps on smtp transport.
909 Heavily based on revision 40f9a89a from Simon Arlott's tree.
910 Bugzilla 97.
911
e12f8c32
PP
912PP/04 Use .dylib instead of .so for dynamic library loading on MacOS.
913
9e949f00 914PP/05 Variable $av_failed, true if the AV scanner deferred.
7f2a2a43
PP
915 Bugzilla 1078. Patch from John Horne.
916
917PP/06 Stop make process more reliably on build failure.
918 Bugzilla 1087. Patch from Heiko Schlittermann.
9e949f00 919
555ae6af 920PP/07 Make maildir_use_size_file an _expandable_ boolean.
ac53fcda
PP
921 Bugzilla 1089. Patch from Heiko Schlittermann.
922
923PP/08 Handle ${run} returning more data than OS pipe buffer size.
924 Bugzilla 1131. Patch from Holger Weiß.
555ae6af 925
6f7fe114
PP
926PP/09 Handle IPv6 addresses with SPF.
927 Bugzilla 860. Patch from Wolfgang Breyha.
928
c566dd90
PP
929PP/10 GnuTLS: support TLS 1.2 & 1.1.
930 Bugzilla 1156.
89f897c3
PP
931 Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler].
932 Bugzilla 1095.
c566dd90 933
d6cc7c78 934PP/11 match_* no longer expand right-hand-side by default.
39257585
PP
935 New compile-time build option, EXPAND_LISTMATCH_RHS.
936 New expansion conditions, "inlist", "inlisti".
937
0d0e4455
PP
938PP/12 fix uninitialised greeting string from PP/03 (smtps client support).
939
3399bb60 940PP/13 shell and compiler warnings fixes for RC1-RC4 changes.
d690cbdc
PP
941
942PP/14 fix log_write() format string regression from TF/03.
943 Bugzilla 1152. Patch from Dmitry Isaikin.
944
0ca0cf52 945
10906672
PP
946Exim version 4.76
947-----------------
948
949PP/01 The new ldap_require_cert option would segfault if used. Fixed.
950
754a0503
PP
951PP/02 Harmonised TLS library version reporting; only show if debugging.
952 Layout now matches that introduced for other libraries in 4.74 PP/03.
953
c0c7b2da
PP
954PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
955
e97d1f08
PP
956PP/04 New "dns_use_edns0" global option.
957
084c1d8c
PP
958PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid.
959 Bugzilla 1098.
960
4e7ee012
PP
961PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
962 nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
da80c2a8 963
c8d52a00
PP
964TK/01 Updated PolarSSL code to 0.14.2.
965 Bugzilla 1097. Patch from Andreas Metzler.
966
54e7ce4a
PP
967PP/07 Catch divide-by-zero in ${eval:...}.
968 Fixes bugzilla 1102.
969
5ee6f336
PP
970PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed.
971 Bugzilla 1104.
972
c8d52a00 973TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
6ea4a851
PP
974 format-string attack -- SECURITY: remote arbitrary code execution.
975
976TK/03 SECURITY - DKIM signature header parsing was double-expanded, second
977 time unintentionally subject to list matching rules, letting the header
978 cause arbitrary Exim lookups (of items which can occur in lists, *not*
979 arbitrary string expansion). This allowed for information disclosure.
980
981PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to
982 INT_MIN/-1 -- value coerced to INT_MAX.
c8d52a00 983
10906672 984
aa097c4c
NM
985Exim version 4.75
986-----------------
987
4c9ef03a 988NM/01 Workround for PCRE version dependency in version reporting
aa097c4c
NM
989 Bugzilla 1073
990
7f3d9eff
TF
991TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0.
992 This fixes portability to compilers other than gcc, notably
993 Solaris CC and HP-UX CC. Fixes Bugzilla 1050.
994
159f52d2
TF
995TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup
996 makefiles for portability to HP-UX and POSIX correctness.
997
0cc9542a
PP
998PP/01 Permit LOOKUP_foo enabling on the make command-line.
999 Also via indented variable definition in the Makefile.
1000 (Debugging by Oliver Heesakkers).
1001
f7274286
PP
1002PP/02 Restore caching of spamd results with expanded spamd_address.
1003 Patch from author of expandable spamd_address patch, Wolfgang Breyha.
1004
7b797365
PP
1005PP/03 Build issue: lookups-Makefile now exports LC_ALL=C
1006 Improves build reliability. Fix from: Frank Elsner
1007
caacae52
NM
1008NM/02 Fix wide character breakage in the rfc2047 coding
1009 Fixes bug 1064. Patch from Andrey N. Oktyabrski
1010
09dcaba9
NM
1011NM/03 Allow underscore in dnslist lookups
1012 Fixes bug 1026. Patch from Graeme Fowler
1013
bc19a55b
PP
1014PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps).
1015 Code patches from Adam Ciarcinski of NetBSD.
caacae52 1016
bd4c9759
NM
1017NM/04 Fixed exiqgrep to cope with mailq missing size issue
1018 Fixes bug 943.
1019
b72aab72
PP
1020PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which
1021 is logged, to avoid truncation. Patch from John Horne.
1022
2fe76745
PP
1023PP/06 Bugzilla 1042: implement freeze_signal on pipe transports.
1024 Patch from Jakob Hirsch.
1025
76aa570c
PP
1026PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal
1027 SQL string expansion failure details.
1028 Patch from Andrey Oktyabrski.
1029
f1e5fef5
PP
1030PP/08 Bugzilla 486: implement %M datestamping in log filenames.
1031 Patch from Simon Arlott.
1032
4d805ee9
PP
1033PP/09 New lookups functionality failed to compile on old gcc which rejects
1034 extern declarations in function scope.
1035 Patch from Oliver Fleischmann
1036
cd59ab18
PP
1037PP/10 Use sig_atomic_t for flags set from signal handlers.
1038 Check getgroups() return and improve debugging.
1039 Fixed developed for diagnosis in bug 927 (which turned out to be
1040 a kernel bug).
1041
332f5cf3
PP
1042PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag.
1043 Patch from Mark Zealey.
1044
29cfeb94
PP
1045PP/12 Bugzilla 1056: Improved spamd server selection.
1046 Patch from Mark Zealey.
1047
660242ad
PP
1048PP/13 Bugzilla 1086: Deal with maildir quota file races.
1049 Based on patch from Heiko Schlittermann.
1050
bc4bc4c5
PP
1051PP/14 Bugzilla 1019: DKIM multiple signature generation fix.
1052 Patch from Uwe Doering, sign-off by Michael Haardt.
1053
2e64baa9
NM
1054NM/05 Fix to spam.c to accommodate older gcc versions which dislike
1055 variable declaration deep within a block. Bug and patch from
1056 Dennis Davis.
1057
bddd7526
PP
1058PP/15 lookups-Makefile IRIX compatibilty coercion.
1059
6bac1a9a
PP
1060PP/16 Make DISABLE_DKIM build knob functional.
1061
552193f0
NM
1062NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler
1063 Patch by Simon Arlott
baeee2c1 1064
1b587e48
TF
1065TF/03 Fix valgrind.h portability to C89 compilers that do not support
1066 variable argument macros. Our copy now differs from upstream.
1067
aa097c4c 1068
8c07b69f
TF
1069Exim version 4.74
1070-----------------
1071
1072TF/01 Failure to get a lock on a hints database can have serious
1073 consequences so log it to the panic log.
1074
c0ea85ab
TF
1075TF/02 Log LMTP confirmation messages in the same way as SMTP,
1076 controlled using the smtp_confirmation log selector.
1077
0761d44e
TF
1078TF/03 Include the error message when we fail to unlink a spool file.
1079
0a349494
PP
1080DW/01 Bugzilla 139: Support dynamically loaded lookups as modules.
1081 With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux
1082 for maintaining out-of-tree patches for some time.
1083
1084PP/01 Bugzilla 139: Documentation and portability issues.
1085 Avoid GNU Makefile-isms, let Exim continue to build on BSD.
1086 Handle per-OS dynamic-module compilation flags.
1087
fea24b2e
PP
1088PP/02 Let /dev/null have normal permissions.
1089 The 4.73 fixes were a little too stringent and complained about the
1090 permissions on /dev/null. Exempt it from some checks.
1091 Reported by Andreas M. Kirchwitz.
1092
6545de78
PP
1093PP/03 Report version information for many libraries, including
1094 Exim version information for dynamically loaded libraries. Created
1095 version.h, now support a version extension string for distributors
1096 who patch heavily. Dynamic module ABI change.
1097
1670ef10
PP
1098PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
1099 privilege escalation vulnerability whereby the Exim run-time user
1100 can cause root to append content of the attacker's choosing to
1101 arbitrary files.
1102
c0886197
PP
1103PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
1104 (Wolfgang Breyha)
1105
b7487bce
PP
1106PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
1107 If dropping privileges for untrusted macros, we disabled normal logging
1108 on the basis that it would fail; for the Exim run-time user, this is not
1109 the case, and it resulted in successful deliveries going unlogged.
1110 Fixed. Reported by Andreas Metzler.
1111
8c07b69f 1112
97fd1e48 1113Exim version 4.73
ed7f7860 1114-----------------
97fd1e48
PP
1115
1116PP/01 Date: & Message-Id: revert to normally being appended to a message,
1117 only prepend for the Resent-* case. Fixes regression introduced in
1118 Exim 4.70 by NM/22 for Bugzilla 607.
1119
6901c596
PP
1120PP/02 Include check_rfc2047_length in configure.default because we're seeing
1121 increasing numbers of administrators be bitten by this.
1122
a8c8d6b5
JJ
1123JJ/01 Added DISABLE_DKIM and comment to src/EDITME
1124
77bb000f
PP
1125PP/03 Bugzilla 994: added openssl_options main configuration option.
1126
a29e5231
PP
1127PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
1128
ec5a0394 1129PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports.
a29e5231 1130
55c75993
PP
1131PP/06 Adjust NTLM authentication to handle SASL Initial Response.
1132
453a6645 1133PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
ec5a0394
PP
1134 without a peer certificate, leading to a segfault because of an
1135 assumption that peers always have certificates. Be a little more
453a6645
PP
1136 paranoid. Problem reported by Martin Tscholak.
1137
8544e77a
PP
1138PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
1139 filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
1140 NB: ClamAV planning to remove STREAM in "middle of 2010".
3346ab01
PP
1141 CL also introduces -bmalware, various -d+acl logging additions and
1142 more caution in buffer sizes.
8544e77a 1143
83e029d5
PP
1144PP/09 Implemented reverse_ip expansion operator.
1145
ed7f7860
PP
1146PP/10 Bugzilla 937: provide a "debug" ACL control.
1147
7d9f747b
PP
1148PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne.
1149
4b2241d2
PP
1150PP/12 Bugzilla 973: Implement --version.
1151
10385c15
PP
1152PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0.
1153
dbc4b90d
PP
1154PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.
1155
532be449
PP
1156PP/15 Bugzilla 816: support multiple condition rules on Routers.
1157
6a8de854 1158PP/16 Add bool_lax{} expansion operator and use that for combining multiple
71265ae9
PP
1159 condition rules, instead of bool{}. Make both bool{} and bool_lax{}
1160 ignore trailing whitespace.
6a8de854 1161
5dc43717
JJ
1162JJ/02 prevent non-panic DKIM error from being sent to paniclog
1163
1164JJ/03 added tcp_wrappers_daemon_name to allow host entries other than
1165 "exim" to be used
55c75993 1166
3346ab01
PP
1167PP/17 Fix malware regression for cmdline scanner introduced in PP/08.
1168 Notification from Dr Andrew Aitchison.
1169
491fab4c
PP
1170PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's
1171 ExtendedDetectionInfo response format.
1172 Notification from John Horne.
1173
13eb9497
PP
1174PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards
1175 compatible.
1176
1177PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http:
1178 XSL and documented dependency on system catalogs, with examples of how
1179 it normally works.
1180
7f36d675
DW
1181DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
1182 access.
1183
c1d94452
DW
1184DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
1185 of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
1186 configuration file which is writeable by the Exim user or group.
1187
e2f5dc15
DW
1188DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
1189 of configuration files to cover files specified with the -C option if
1190 they are going to be used with root privileges, not just the default
1191 configuration file.
1192
cd25e41d
DW
1193DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
1194 option (effectively making it always true).
1195
261dc43e
DW
1196DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
1197 files to be used while preserving root privileges.
1198
fa32850b
DW
1199DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
1200 that rogue child processes cannot use them.
1201
79d4bc3d
PP
1202PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim
1203 run-time user, instead of root.
1204
43236f35 1205PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the
2cfd3221
PP
1206 Exim run-time user without dropping privileges.
1207
fb08281f
DW
1208DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
1209 result string, instead of calling string_vformat() twice with the same
1210 arguments.
3346ab01 1211
74935b98
DW
1212DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not
1213 for other users. Others should always drop root privileges if they use
1214 -C on the command line, even for a whitelisted configure file.
1215
90b6341f
DW
1216DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes.
1217
57730b52
ML
1218NM/01 Fixed bug #1002 - Message loss when using multiple deliveries
1219
66581d1e 1220
465e92cf
JJ
1221Exim version 4.72
1222-----------------
1223
453a6645
PP
1224JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
1225 $data_path, and $header_path variables; fixed documentation bugs and
1226 typos
465e92cf 1227
453a6645
PP
1228JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
1229 exipick to access non-standard spools, including the "frozen" queue
1230 (Finput)
edae0343 1231
9bd3e22c
NM
1232NM/01 Bugzilla 965: Support mysql stored procedures.
1233 Patch from Alain Williams
1234
bb576ff7
NM
1235NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD
1236
5a1a5845
NM
1237NM/03 Bugzilla 955: Documentation fix for max_rcpts.
1238 Patch from Andreas Metzler
1239
981a9fad
NM
1240NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator.
1241 Patch from Kirill Miazine
1242
7fc497ee
NM
1243NM/05 Bugzilla 671: Added umask to procmail example.
1244
1a41defa
JJ
1245JJ/03 installed exipick 20100323.0, fixing doc bug
1246
a466095c 1247NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail
b26eacf1 1248 directory. Notification and patch from Dan Rosenberg.
a466095c 1249
94a6bd0b
NM
1250TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1.
1251
1252TK/02 Improve log output when DKIM signing operation fails.
1253
1254MH/01 Treat the transport option dkim_domain as a colon separated
1255 list, not as a single string, and sign the message with each element,
1256 omitting multiple occurences of the same signer.
1257
c1b141a8
NM
1258NM/07 Null terminate DKIM strings, Null initialise DKIM variable
1259 Bugzilla 985, 986. Patch by Simon Arlott
94a6bd0b 1260
b26eacf1 1261NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related)
0d0c6357
NM
1262 Patch by Simon Arlott
1263
179c5980 1264PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on
b26eacf1 1265 MBX locking. Notification from Dan Rosenberg.
179c5980 1266
9bd3e22c 1267
7c6d71af
NM
1268Exim version 4.71
1269-----------------
1270
7d9f747b 1271TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body.
7c6d71af 1272
f013fb92
NM
1273NM/01 Bugzilla 913: Documentation fix for gnutls_* options.
1274
0eb8eedd
NM
1275NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults.
1276
663ee6d9
NM
1277NM/03 Bugzilla 847: Enable DNSDB lookup by default.
1278
177ebd9b
NM
1279NM/04 Bugzilla 915: Flag broken perl installation during build.
1280
7c6d71af 1281
210f147e
NM
1282Exim version 4.70
1283-----------------
1284
cdd3bb85 1285TK/01 Added patch by Johannes Berg that expands the main option
e739e3d9 1286 "spamd_address" if it starts with a dollar sign.
cdd3bb85
TK
1287
1288TK/02 Write list of recipients to X-Envelope-Sender header when building
1289 the mbox-format spool file for content scanning (suggested by Jakob
7d9f747b 1290 Hirsch).
cdd3bb85
TK
1291
1292TK/03 Added patch by Wolfgang Breyha that adds experimental DCC
1293 (http://www.dcc-servers.net/) support via dccifd. Activated by
e739e3d9 1294 setting EXPERIMENTAL_DCC=yes in Local/Makefile.
cdd3bb85
TK
1295
1296TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted
1297 by Mark Daniel Reidel <mr@df.eu>.
1298
210f147e
NM
1299NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree.
1300 When building exim an external PCRE library is now needed -
1301 PCRE is a system library on the majority of modern systems.
1302 See entry on PCRE_LIBS in EDITME file.
1303
deafd5b3
NM
1304NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator
1305 conversation. Added nologin parameter to request.
7d9f747b 1306 Patch contributed by Kirill Miazine.
deafd5b3 1307
089793a4
TF
1308TF/01 Do not log submission mode rewrites if they do not change the address.
1309
5f16ca82
TF
1310TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c.
1311
dae9d94e 1312NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty
7d9f747b 1313 log files in place. Contributed by Roberto Lima.
dae9d94e 1314
7d9f747b 1315NM/04 Bugzilla 667: Close socket used by dovecot authenticator.
3f0da4d0 1316
06864c44
TF
1317TF/03 Bugzilla 615: When checking the local_parts router precondition
1318 after a local_part_suffix or local_part_prefix option, Exim now
1319 does not use the address's named list lookup cache, since this
1320 contains cached lookups for the whole local part.
1321
65a7d8c3 1322NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by
7d9f747b 1323 Robert Millan. Documentation is in experimental-spec.txt.
65a7d8c3 1324
23510047 1325TF/04 Bugzilla 668: Fix parallel build (make -j).
65a7d8c3 1326
7d9f747b 1327NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000.
5f28a6e8 1328
7d8eec3a 1329NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling.
7d9f747b 1330 Patch provided by Jan Srzednicki.
6c588e74 1331
89dec7b6
TF
1332TF/05 Leading white space used to be stripped from $spam_report which
1333 wrecked the formatting. Now it is preserved.
5f28a6e8 1334
a99de90c
TF
1335TF/06 Save $spam_score, $spam_bar, and $spam_report in spool files, so
1336 that they are available at delivery time.
1337
e2803e40
TF
1338TF/07 Fix the way ${extract is skipped in the untaken branch of a conditional.
1339
7199e1ee
TF
1340TF/08 TLS error reporting now respects the incoming_interface and
1341 incoming_port log selectors.
1342
e276e04b
TF
1343TF/09 Produce a more useful error message if an SMTP transport's hosts
1344 setting expands to an empty string.
1345
ce552449 1346NM/06 Bugzilla 744: EXPN did not work under TLS.
7d9f747b 1347 Patch provided by Phil Pennock.
ce552449 1348
e765a0f1 1349NM/07 Bugzilla 769: Extraneous comma in usage fprintf
7d9f747b 1350 Patch provided by Richard Godbee.
e765a0f1 1351
4f054c63 1352NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be
447de4b0 1353 acl_smtp_notquit, added index entry.
4f054c63 1354
7d9f747b
PP
1355NM/09 Bugzilla 787: Potential buffer overflow in string_format.
1356 Patch provided by Eugene Bujak.
24c929a2 1357
7d9f747b
PP
1358NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to
1359 accept(). Patch provided by Maxim Dounin.
cf73943b 1360
b52bc06e 1361NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero.
7d9f747b 1362 Patch provided by Phil Pennock.
b52bc06e 1363
447de4b0
NM
1364NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists.
1365
4c69d561 1366NM/13 Bugzilla 590: Correct handling of Resent-Date headers.
7d9f747b 1367 Patch provided by Brad "anomie" Jorsch.
4c69d561 1368
d5c39246 1369NM/14 Bugzilla 622: Added timeout setting to transport filter.
7d9f747b 1370 Patch provided by Dean Brooks.
9b989985 1371
0b23848a
TK
1372TK/05 Add native DKIM support (does not depend on external libraries).
1373
8f3414a1 1374NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful.
7d9f747b 1375 Patch provided by Graeme Fowler.
e2aacdfd 1376
fb6f955d
NM
1377NM/16 Bugzilla 851: Documentation example syntax fix.
1378
1379NM/17 Changed NOTICE file to remove references to embedded PCRE.
8f3414a1 1380
7d9f747b
PP
1381NM/18 Bugzilla 894: Fix issue with very long lines including comments in
1382 lsearch.
dbb0bf41 1383
7d9f747b
PP
1384NM/19 Bugzilla 745: TLS version reporting.
1385 Patch provided by Phil Pennock.
f3766eb5 1386
7d9f747b
PP
1387NM/20 Bugzilla 167: bool: condition support.
1388 Patch provided by Phil Pennock.
36f12725 1389
7d9f747b
PP
1390NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken
1391 clients. Patch provided by Phil Pennock.
e6060e2c 1392
7d9f747b
PP
1393NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date.
1394 Patch provided by Brad "anomie" Jorsch.
5eb690a1 1395
7d9f747b
PP
1396NM/23 Bugzilla 687: Fix misparses in eximstats.
1397 Patch provided by Heiko Schlittermann.
d5c13d66 1398
7d9f747b
PP
1399NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid.
1400 Patch provided by Heiko Schlittermann.
b2335c0b 1401
7d9f747b 1402NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file.
1da77999 1403 plus update to original patch.
f4cd9433 1404
7d9f747b 1405NM/26 Bugzilla 799: Documentation correction for ratelimit.
dc988b7e 1406
7d9f747b
PP
1407NM/27 Bugzilla 802: Improvements to local interface IP addr detection.
1408 Patch provided by David Brownlee.
8dc71ab3 1409
7d9f747b 1410NM/28 Bugzilla 807: Improvements to LMTP delivery logging.
400eda43 1411
7d9f747b 1412NM/29 Bugzilla 862, 866, 875: Documentation bugfixes.
ec5a421b 1413
7d9f747b 1414NM/30 Bugzilla 888: TLS documentation bugfixes.
07af267e 1415
7d9f747b 1416NM/31 Bugzilla 896: Dovecot buffer overrun fix.
51473862 1417
17792b53 1418NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --"
7d9f747b 1419 Unlike the original bugzilla I have changed all shell scripts in src tree.
17792b53 1420
7d9f747b
PP
1421NM/33 Bugzilla 898: Transport filter timeout fix.
1422 Patch by Todd Rinaldo.
52383f8f 1423
91576cec 1424NM/34 Bugzilla 901: Fix sign/unsigned and UTF mismatches.
7d9f747b 1425 Patch by Serge Demonchaux.
5ca6d115 1426
7d9f747b
PP
1427NM/35 Bugzilla 39: Base64 decode bug fixes.
1428 Patch by Jakob Hirsch.
baee9eee 1429
7d9f747b 1430NM/36 Bugzilla 909: Correct connect() call in dcc code.
e93a964c 1431
7d9f747b 1432NM/37 Bugzilla 910: Correct issue with relaxed/simple handling.
9bf3d68f 1433
7d9f747b 1434NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed.
96535b98 1435
7d9f747b 1436NM/39 Bugzilla 911: Fixed MakeLinks build script.
30339e0f 1437
deafd5b3 1438
47db1125
NM
1439Exim version 4.69
1440-----------------
1441
4b3504d0
TK
1442TK/01 Add preliminary DKIM support. Currently requires a forked version of
1443 ALT-N's libdkim that I have put here:
1444 http://duncanthrax.net/exim-experimental/
1445
1446 Note to Michael Haardt: I had to rename some vars in sieve.c. They
1447 were called 'true' and it seems that C99 defines that as a reserved
1448 keyword to be used with 'bool' variable types. That means you could
1449 not include C99-style headers which use bools without triggering
1450 build errors in sieve.c.
1451
81ea09ca
NM
1452NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
1453 as mailq or other aliases. Changed the --help handling significantly
1454 to do whats expected. exim_usage() emits usage/help information.
1455
f13cddcb
SC
1456SC/01 Added the -bylocaldomain option to eximstats.
1457
7d9f747b 1458NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr.
8ad076b2 1459
7d9f747b 1460NM/03 Bugzilla 613: Documentation fix for acl_not_smtp.
a843aaa6 1461
7d9f747b 1462NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall).
47db1125
NM
1463
1464
eb4c0de6
PH
1465Exim version 4.68
1466-----------------
1467
1468PH/01 Another patch from the Sieve maintainer.
1469
6a3bceb1
PH
1470PH/02 When an IPv6 address is converted to a string for single-key lookup
1471 in an address list (e.g. for an item such as "net24-dbm;/net/works"),
1472 dots are used instead of colons so that keys in lsearch files need not
1473 contain colons. This was done some time before quoting was made available
1474 in lsearch files. However, iplsearch files do require colons in IPv6 keys
1475 (notated using the quote facility) so as to distinguish them from IPv4
1476 keys. This meant that lookups for IP addresses in host lists did not work
1477 for iplsearch lookups.
1478
1479 This has been fixed by arranging for IPv6 addresses to be expressed with
1480 colons if the lookup type is iplsearch. This is not incompatible, because
1481 previously such lookups could never work.
1482
1483 The situation is now rather anomolous, since one *can* have colons in
1484 ordinary lsearch keys. However, making the change in all cases is
1485 incompatible and would probably break a number of configurations.
1486
2e30fa9d
TK
1487TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
1488 version.
1489
0806a9c5
MH
1490MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
1491 conversion specification without a maximum field width, thereby enabling
1492 a rogue spamd server to cause a buffer overflow. While nobody in their
1493 right mind would setup Exim to query an untrusted spamd server, an
1494 attacker that gains access to a server running spamd could potentially
1495 exploit this vulnerability to run arbitrary code as the Exim user.
1496
ae276964
TK
1497TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
1498 $primary_hostname instead of what libspf2 thinks the hosts name is.
1499
0f2cbd1b
MH
1500MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
1501 a directory entry by the name of the lookup key. Previously, if a
1502 symlink pointed to a non-existing file or a file in a directory that
1503 Exim lacked permissions to read, a lookup for a key matching that
1504 symlink would fail. Now it is enough that a matching directory entry
1505 exists, symlink or not. (Bugzilla 503.)
1506
2b85bce7
PH
1507PH/03 The body_linecount and body_zerocount variables are now exported in the
1508 local_scan API.
1509
93655c46
PH
1510PH/04 Added the $dnslist_matched variable.
1511
6c512171
PH
1512PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
1513 This means they are set thereafter only if the connection becomes
1514 encrypted.
1515
1516PH/06 Added the client_condition to authenticators so that some can be skipped
1517 by clients under certain conditions.
1518
aa6dc513
PH
1519PH/07 The error message for a badly-placed control=no_multiline_responses left
1520 "_responses" off the end of the name.
1521
a96603a0
PH
1522PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
1523
8f240103
PH
1524PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
1525 (without spaces) instead of just copying the configuration text.
1526
1527PH/10 Added the /noupdate option to the ratelimit ACL condition.
1528
d677b2f2
PH
1529PH/11 Added $max_received_linelength.
1530
d52120f2
PH
1531PH/12 Added +ignore_defer and +include_defer to host lists.
1532
64f2600a
PH
1533PH/13 Installed PCRE version 7.2. This needed some changes because of the new
1534 way in which PCRE > 7.0 is built.
1535
8669f003
PH
1536PH/14 Implemented queue_only_load_latch.
1537
a4dc33a8
PH
1538PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
1539 MAIL command. The effect was to mangle the value on 64-bit systems.
1540
d6a60c0f
PH
1541PH/16 Another patch from the Sieve maintainer.
1542
8f128379
PH
1543PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
1544
8932dffe
PH
1545PH/18 If a system quota error occurred while trying to create the file for
1546 a maildir delivery, the message "Mailbox is full" was not appended to the
1547 bounce if the delivery eventually timed out. Change 4.67/27 below applied
1548 only to a quota excession during the actual writing of the file.
d6a60c0f 1549
ddea74fa 1550PH/19 It seems that peer DN values may contain newlines (and other non-printing
48ed62d9
PH
1551 characters?) which causes problems in log lines. The DN values are now
1552 passed through string_printing() before being added to log lines.
1553
ddea74fa 1554PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
b7670459
PH
1555 and InterBase are left for another time.)
1556
ddea74fa
PH
1557PH/21 Added message_body_newlines option.
1558
ce9f225c
PH
1559PH/22 Guard against possible overflow in moan_check_errorcopy().
1560
19897d52
PH
1561PH/23 POSIX allows open() to be a macro; guard against that.
1562
bc64a74d
PH
1563PH/24 If the recipient of an error message contained an @ in the local part
1564 (suitably quoted, of course), incorrect values were put in $domain and
1565 $local_part during the evaluation of errors_copy.
1566
eb4c0de6 1567
b4ed4da0
PH
1568Exim version 4.67
1569-----------------
1570
22ad45c9
MH
1571MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address
1572 is unset (happens when testing with -bh and -oMi isn't used). Thanks to
1573 Jan Srzednicki.
1574
b4ed4da0
PH
1575PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not
1576 issue a MAIL command.
1577
431b7361
PH
1578PH/02 In an ACL statement such as
1579
1580 deny dnslists = X!=127.0.0.2 : X=127.0.0.2
1581
1582 if a client was not listed at all, or was listed with a value other than
1583 127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list,
1584 the condition was not true (as it should be), so access was not denied.
1585 The bug was that the ! inversion was incorrectly passed on to the second
1586 item. This has been fixed.
1587
1588PH/03 Added additional dnslists conditions == and =& which are different from
1589 = and & when the dns lookup returns more than one IP address.
1590
83da1223
PH
1591PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the
1592 cipher suites used by GnuTLS. These options are ignored by OpenSSL.
1593
54fc8428
PH
1594PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_
1595 FSYNC, which compiles an option called disable_fsync that allows for
1596 bypassing fsync(). The documentation is heavily laced with warnings.
1597
34c5e8dd
SC
1598SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket.
1599
bbe15da8
PH
1600PH/06 Some tidies to the infrastructure of the Test Suite that is concerned
1601 with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT
1602 to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile,
1603 including adding "make clean"; (3) Added -fPIC when compiling the test
1604 dynamically loaded module, to get rid of a warning.
1605
0e8a9471
MH
1606MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce
1607 message fails, move_frozen_messages = true and ignore_bounce_errors_after
1608 = 0s. The bug is otherwise harmless.
1609
f0872424
PH
1610PH/07 There was a bug in the dovecot authenticator such that the value of
1611 $auth1 could be overwritten, and so not correctly preserved, after a
1612 successful authentication. This usually meant that the value preserved by
1613 the server_setid option was incorrect.
1614
b01dd148
PH
1615PH/08 Added $smtp_count_at_connection_start, deliberately with a long name.
1616
6bf342e1
PH
1617PH/09 Installed PCRE release 7.0.
1618
273f34d0
PH
1619PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being
1620 run for batched SMTP input. It is now run at the start of every message
1621 in the batch. While fixing this I discovered that the process information
1622 (output by running exiwhat) was not always getting set for -bs and -bS
1623 input. This is fixed, and it now also says "batched" for BSMTP.
1624
cf8b11a5
PH
1625PH/11 Added control=no_pipelining.
1626
41c7c167
PH
1627PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's
1628 patch, slightly modified), and move the expansion of helo_data till after
1629 the connection is made in the smtp transport (so it can use these
1630 values).
1631
9c57cbc0
PH
1632PH/13 Added ${rfc2047d: to decoded RFC 2047 strings.
1633
f3f065bb
PH
1634PH/14 Added log_selector = +pid.
1635
047bdd8c
PH
1636PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set.
1637
0ce9abe6
PH
1638PH/16 Add ${if forany and ${if forall.
1639
0e22dfd1
PH
1640PH/17 Added dsn_from option to vary the From: line in DSNs.
1641
4c590bd1
PH
1642PH/18 Flush SMTP output before performing a callout, unless control =
1643 no_callout_flush is set.
1644
09945f1e
PH
1645PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender
1646 was true (the default) a successful delivery failed to delete the retry
1647 item, thus causing premature timeout of the address. The bug is now
1648 fixed.
1649
c51b8e75
PH
1650PH/20 Added hosts_avoid_pipelining to the smtp transport.
1651
e28326d8
PH
1652PH/21 Long custom messages for fakedefer and fakereject are now split up
1653 into multiline reponses in the same way that messages for "deny" and
1654 other ACL rejections are.
1655
75b1493f
PH
1656PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep,
1657 with slight modification.
1658
7c5214ec
PH
1659PH/23 Applied sieve patches from the maintainer "tracking the latest notify
1660 draft, changing the syntax and factoring some duplicate code".
1661
4311097e
PH
1662PH/24 When the log selector "outgoing_port" was set, the port was shown as -1
1663 for deliveries of the second and subsequent messages over the same SMTP
1664 connection.
1665
29f89cad
PH
1666PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and
1667 ${reduce, with only minor "tidies".
1668
5e687460
SC
1669SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match.
1670
c3611384
PH
1671PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its
1672 expansion side effects.
1673
5a11a7b4
PH
1674PH/27 When a message times out after an over-quota error from an Exim-imposed
1675 quota, the bounce message says "mailbox is full". This message was not
1676 being given when it was a system quota that was exceeded. It now should
1677 be the same.
1678
0e20aff9
MH
1679MH/03 Made $recipients available in local_scan(). local_scan() already has
1680 better access to the recipient list through recipients_list[], but
1681 $recipients can be useful in postmaster-provided expansion strings.
1682
ca86f471
PH
1683PH/28 The $smtp_command and $smtp_command_argument variables were not correct
1684 in the case of a MAIL command with additional options following the
1685 address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings
1686 were accidentally chopped off.
1687
a14e5636
PH
1688PH/29 SMTP synchronization checks are implemented when a command is read -
1689 there is a check that no more input is waiting when there shouldn't be
1690 any. However, for some commands, a delay in an ACL can mean that it is
1691 some time before the response is written. In this time, more input might
1692 arrive, invalidly. So now there are extra checks after an ACL has run for
1693 HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when
1694 pipelining has not been advertised.
1695
ec95d1a6
PH
1696PH/30 MH's patch to allow iscntrl() characters to be list separators.
1697
42855d71
PH
1698PH/31 Unlike :fail:, a custom message specified with :defer: was not being
1699 returned in the SMTP response when smtp_return_error_details was false.
1700 This has been fixed.
1701
57c2c631
PH
1702PH/32 Change the Dovecot authenticator to use read() and write() on the socket
1703 instead of the C I/O that was originally supplied, because problems were
1704 reported on Solaris.
1705
58c01c94
PH
1706PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in
1707 Exim which did not show up earlier: it was assuming that a call to
1708 SSL_CTX_set_info_callback() might give an error value. In fact, there is
1709 no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback()
1710 was a macro that became an assignment, so it seemed to work. This has
1711 changed to a proper function call with a void return, hence the compile
1712 error. Exim's code has been fixed.
1713
dee5a20a
PH
1714PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit
1715 cpus.
1716
d2ee6114
PH
1717PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify".
1718
b2d5182b
PH
1719PH/36 Applied John Jetmore's patch to add -v functionality to exigrep.
1720
79749a79
PH
1721PH/37 If a message is not accepted after it has had an id assigned (e.g.
1722 because it turns out to be too big or there is a timeout) there is no
3ce62588
PH
1723 "Completed" line in the log. When some messages of this type were
1724 selected by exigrep, they were listed as "not completed". Others were
1725 picked up by some special patterns. I have improved the selection
1726 criteria to be more general.
79749a79 1727
c456d9bb
PH
1728PH/38 The host_find_failed option in the manualroute router can now be set
1729 to "ignore", to completely ignore a host whose IP address cannot be
1730 found. If all hosts are ignored, the behaviour is controlled by the new
1731 host_all_ignored option.
1732
cd9868ec
PH
1733PH/39 In a list of hosts for manualroute, if one item (either because of multi-
1734 homing or because of multiple MX records with /mx) generated more than
1735 one IP address, and the following item turned out to be the local host,
1736 all the secondary addresses of the first item were incorrectly removed
1737 from the list, along with the local host and any following hosts (which
1738 is what is supposed to happen).
1739
ebeaf996
PH
1740PH/40 When Exim receives a message, it writes the login name, uid, and gid of
1741 whoever called Exim into the -H file. In the case of the daemon it was
1742 behaving confusingly. When first started, it used values for whoever
1743 started the daemon, but after a SIGHUP it used the Exim user (because it
1744 calls itself on a restart). I have changed the code so that it now always
1745 uses the Exim user.
1746
2679d413
PH
1747PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a
1748 message are rejected with the same error (e.g. no authentication or bad
1749 sender address), and a DATA command is nevertheless sent (as can happen
1750 with PIPELINING or a stupid MUA), the error message that was given to the
1751 RCPT commands is included in the rejection of the DATA command. This is
1752 intended to be helpful for MUAs that show only the final error to their
1753 users.
1754
84024b72
PH
1755PH/42 Another patch from the Sieve maintainer.
1756
8005d38e
SC
1757SC/02 Eximstats - Differentiate between permanent and temporary rejects.
1758 Eximstats - Fixed some broken HTML links and added missing column headers
1759 (Jez Hancock).
1760 Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email
1761 columns for Rejects, Temp Rejects, Ham, and Spam rows.
1762
3298c6c6
SC
1763SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables.
1764
a43a27c5
PH
1765PH/43 Yet another patch from the Sieve maintainer.
1766
58eb016e 1767PH/44 I found a way to check for a TCP/IP connection going away before sending
563b63fa
PH
1768 the response to the final '.' that terminates a message, but only in the
1769 case where the client has not sent further data following the '.'
1770 (unfortunately, this is allowed). However, in many cases there won't be
1771 any further data because there won't be any more messages to send. A call
1772 to select() can be used: if it shows that the input is "ready", there is
1773 either input waiting, or the socket has been closed. An attempt to read
1774 the next input character can distinguish the two cases. Previously, Exim
58eb016e 1775 would have sent an OK response which the client would never have see.
563b63fa
PH
1776 This could lead to message repetition. This fix should cure that, at
1777 least in a lot of common cases.
58eb016e 1778
b43a74ea
PH
1779PH/45 Do not advertise STARTTLS in response to HELP unless it would be
1780 advertised in response to EHLO.
1781
b4ed4da0 1782
5dd1517f
PH
1783Exim version 4.66
1784-----------------
1785
1786PH/01 Two more bugs that were introduced by 4.64/PH/07, in addition to the one
1787 fixed by 4.65/MH/01 (is this a record?) are fixed:
1788
1789 (i) An empty string was always treated as zero by the numeric comparison
1790 operators. This behaviour has been restored.
1791
1792 (ii) It is documented that the numeric comparison operators always treat
1793 their arguments as decimal numbers. This was broken in that numbers
1794 starting with 0 were being interpreted as octal.
1795
1796 While fixing these problems I realized that there was another issue that
1797 hadn't been noticed. Values of message_size_limit (both the global option
1798 and the transport option) were treated as octal if they started with 0.
1799 The documentation was vague. These values are now always treated as
1800 decimal, and I will make that clear in the documentation.
1801
1802
93cfa765
TK
1803Exim version 4.65
1804-----------------
1805
1806TK/01 Disable default definition of HAVE_LINUX_SENDFILE. Clashes with
1807 Linux large file support (_FILE_OFFSET_BITS=64) on older glibc
1808 versions. (#438)
1809
d6066548
MH
1810MH/01 Don't check that the operands of numeric comparison operators are
1811 integers when their expansion is in "skipping" mode (fixes bug
1812 introduced by 4.64-PH/07).
1813
4362ff0d
PH
1814PH/01 If a system filter or a router generates more than SHRT_MAX (32767)
1815 child addresses, Exim now panics and dies. Previously, because the count
1816 is held in a short int, deliveries were likely to be lost. As such a
1817 large number of recipients for a single message is ridiculous
1818 (performance will be very, very poor), I have chosen to impose a limit
1819 rather than extend the field.
1820
93cfa765 1821
944e9e9c
TF
1822Exim version 4.64
1823-----------------
aa41d2de 1824
21d74bd9
TK
1825TK/01 Bugzilla #401. Fix DK spooling code so that it can overwrite a
1826 leftover -K file (the existence of which was triggered by #402).
1827 While we were at it, introduced process PID as part of the -K
1828 filename. This should rule out race conditions when creating
1829 these files.
1830
1831TK/02 Bugzilla #402. Apply patch from Simon Arlott, speeding up DK signing
1832 processing considerably. Previous code took too long for large mails,
1833 triggering a timeout which in turn triggers #401.
1834
1835TK/03 Introduced HAVE_LINUX_SENDFILE to os.h-Linux. Currently only used
1836 in the DK code in transports.c. sendfile() is not really portable,
1837 hence the _LINUX specificness.
944e9e9c
TF
1838
1839TF/01 In the add_headers option to the mail command in an Exim filter,
1840 there was a bug that Exim would claim a syntax error in any
1841 header after the first one which had an odd number of characters
1842 in the field name.
1843
2b1c6e3a
PH
1844PH/01 If a server that rejects MAIL FROM:<> was the target of a sender
1845 callout verification, Exim cached a "reject" for the entire domain. This
1846 is correct for most verifications, but it is not correct for a recipient
1847 verification with use_sender or use_postmaster set, because in that case
1848 the callout does not use MAIL FROM:<>. Exim now distinguishes the special
1849 case of MAIL FROM:<> rejection from other early rejections (e.g.
1850 rejection of HELO). When verifying a recipient using a non-null MAIL
1851 address, the cache is ignored if it shows MAIL FROM:<> rejection.
1852 Whatever the result of the callout, the value of the domain cache is
1853 left unchanged (for any other kind of callout, getting as far as trying
1854 RCPT means that the domain itself is ok).
1855
1f872c80
PH
1856PH/02 Tidied a number of unused variable and signed/unsigned warnings that
1857 gcc 4.1.1 threw up.
1858
1859PH/03 On Solaris, an unexpectedly close socket (dropped connection) can
1860 manifest itself as EPIPE rather than ECONNECT. When tidying away a
1861 session, the daemon ignores ECONNECT errors and logs others; it now
1862 ignores EPIPE as well.
1863
d203e649
PH
1864PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c
1865 (quoted-printable decoding).
1866
cc2ed8f7 1867PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and
21a04aa3 1868 later the small subsequent patch to fix an introduced bug.
f951fd57 1869
ddfcd446
PH
1870PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer.
1871
d45b1de8
PH
1872PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}.
1873
1874PH/08 An error is now given if message_size_limit is specified negative.
1875
38a0a95f 1876PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables
641cb756 1877 to be given (somewhat) arbitrary names.
38a0a95f 1878
a2405d83
JJ
1879JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced
1880 in 4.64-PH/09.
1881
1882JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions,
1883 miscellaneous code fixes
1884
6ea85e9a
PH
1885PH/10 Added the log_reject_target ACL modifier to specify where to log
1886 rejections.
1887
26da7e20
PH
1888PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_
1889 hostname. This is wrong, because it relates to the incoming message (and
1890 probably the interface on which it is arriving) and not to the outgoing
1891 callout (which could be using a different interface). This has been
1892 changed to use the value of the helo_data option from the smtp transport
1893 instead - this is what is used when a message is actually being sent. If
1894 there is no remote transport (possible with a router that sets up host
1895 addresses), $smtp_active_hostname is used.
6ea85e9a 1896
14aa5a05 1897PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various
7befa435 1898 tweaks were necessary in order to get it to work (see also 21 below):
14aa5a05
PH
1899 (a) The code assumed that strncpy() returns a negative number on buffer
1900 overflow, which isn't the case. Replaced with Exim's string_format()
1901 function.
1902 (b) There were several signed/unsigned issues. I just did the minimum
1903 hacking in of casts. There is scope for a larger refactoring.
1904 (c) The code used strcasecmp() which is not a standard C function.
1905 Replaced with Exim's strcmpic() function.
1906 (d) The code set only $1; it now sets $auth1 as well.
1907 (e) A simple test gave the error "authentication client didn't specify
1908 service in request". It would seem that Dovecot has changed its
1909 interface. Fortunately there's a specification; I followed it and
1910 changed what the client sends and it appears to be working now.
1911
ff75a1f7
PH
1912PH/13 Added $message_headers_raw to provide the headers without RFC 2047
1913 decoding.
1914
e6f6568e
PH
1915PH/14 Corrected misleading output from -bv when -v was also used. Suppose the
1916 address A is aliased to B and C, where B exists and C does not. Without
1917 -v the output is "A verified" because verification stops after a
1918 successful redirection if more than one address is generated. However,
1919 with -v the child addresses are also verified. Exim was outputting "A
1920 failed to verify" and then showing the successful verification for C,
1921 with its parentage. It now outputs "B failed to verify", showing B's
1922 parentage before showing the successful verification of C.
1923
d6f6e0dc
PH
1924PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to
1925 look up a TXT record in a specific list after matching in a combined
1926 list.
1927
322050c2
PH
1928PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and
1929 RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when
1930 they consult the DNS. I had assumed they would set it the way they
1931 wanted; and indeed my experiments on Linux seem to show that in some
1932 cases they do (I could influence IPv6 lookups but not IPv4 lookups).
1933 To be on the safe side, however, I have now made the interface to
1934 host_find_byname() similar to host_find_bydns(), with an argument
1935 containing the DNS resolver options. The host_find_byname() function now
1936 sets these options at its start, just as host_find_bydns() does. The smtp
1937 transport options dns_qualify_single and dns_search_parents are passed to
1938 host_find_byname() when gethostbyname=TRUE in this transport. Other uses
1939 of host_find_byname() use the default settings of RES_DEFNAMES
1940 (qualify_single) but not RES_DNSRCH (search_parents).
1941
08955dd3
PH
1942PH/17 Applied (a modified version of) Nico Erfurth's patch to make
1943 spool_read_header() do less string testing, by means of a preliminary
1944 switch on the second character of optional "-foo" lines. (This is
1945 overdue, caused by the large number of possibilities that now exist.
1946 Originally there were few.) While I was there, I also converted the
1947 str(n)cmp tests so they don't re-test the leading "-" and the first
1948 character, in the hope this might squeeze out yet more improvement.
1949
1eccaa59
PH
1950PH/18 Two problems with "group" syntax in header lines when verifying: (1) The
1951 flag allowing group syntax was set by the header_syntax check but not
1952 turned off, possible causing trouble later; (2) The flag was not being
1953 set at all for the header_verify test, causing "group"-style headers to
1954 be rejected. I have now set it in this case, and also caused header_
1955 verify to ignore an empty address taken from a group. While doing this, I
1956 came across some other cases where the code for allowing group syntax
1957 while scanning a header line wasn't quite right (mostly, not resetting
1958 the flag correctly in the right place). These bugs could have caused
1959 trouble for malformed header lines. I hope it is now all correct.
1960
602e59e5
PH
1961PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called
1962 with the "reply" argument non-NULL. The code, however (which originally
1963 came from elsewhere) had *some* tests for NULL when it wrote to *reply,
1964 but it didn't always do it. This confused somebody who was copying the
1965 code for some other use. I have removed all the tests.
1966
411ef850
PH
1967PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a
1968 feature that was used to support insecure browsers during the U.S. crypto
1969 embargo. It requires special client support, and Exim is probably the
1970 only MTA that supported it -- and would never use it because real RSA is
1971 always available. This code has been removed, because it had the bad
1972 effect of slowing Exim down by computing (never used) parameters for the
1973 RSA_EXPORT functionality.
1974
7befa435
PH
1975PH/21 On the advice of Timo Sirainen, added a check to the dovecot
1976 authenticator to fail if there's a tab character in the incoming data
1977 (there should never be unless someone is messing about, as it's supposed
1978 to be base64-encoded). Also added, on Timo's advice, the "secured" option
1979 if the connection is using TLS or if the remote IP is the same as the
1980 local IP, and the "valid-client-cert option" if a client certificate has
1981 been verified.
1982
48da4259 1983PH/22 As suggested by Dennis Davis, added a server_condition option to *all*
16ff981e
PH
1984 authenticators. This can be used for authorization after authentication
1985 succeeds. (In the case of plaintext, it servers for both authentication
1986 and authorization.)
1987
48da4259
PH
1988PH/23 Testing for tls_required and lost_connection in a retry rule didn't work
1989 if any retry times were supplied.
1990
d1d5595c
PH
1991PH/24 Exim crashed if verify=helo was activated during an incoming -bs
1992 connection, where there is no client IP address to check. In this
1993 situation, the verify now always succeeds.
1994
0ef732d9
PH
1995PH/25 Applied John Jetmore's -Mset patch.
1996
328895cc
PH
1997PH/26 Added -bem to be like -Mset, but loading a message from a file.
1998
fd700877
PH
1999PH/27 In a string expansion for a processed (not raw) header when multiple
2000 headers of the same name were present, leading whitespace was being
2001 removed from all of them, but trailing whitespace was being removed only
2002 from the last one. Now trailing whitespace is removed from each header
f6c332bd
PH
2003 before concatenation. Completely empty headers in a concatenation (as
2004 before) are ignored.
fd700877 2005
8dce1a6f
PH
2006PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John
2007 Jetmore). It would have mis-read ACL variables from pre-4.61 spool files.
2008
17af4a17
PH
2009PH/29 [Removed. This was a change that I later backed out, and forgot to
2010 correct the ChangeLog entry (that I had efficiently created) before
2011 committing the later change.]
f6c332bd
PH
2012
2013PH/30 Exim was sometimes attempting to deliver messages that had suffered
2014 address errors (4xx response to RCPT) over the same connection as other
2015 messages routed to the same hosts. Such deliveries are always "forced",
2016 so retry times are not inspected. This resulted in far too many retries
2017 for the affected addresses. The effect occurred only when there were more
2018 hosts than the hosts_max_try setting in the smtp transport when it had
2019 the 4xx errors. Those hosts that it had tried were not added to the list
2020 of hosts for which the message was waiting, so if all were tried, there
2021 was no problem. Two fixes have been applied:
2022
2023 (i) If there are any address or message errors in an SMTP delivery, none
2024 of the hosts (tried or untried) are now added to the list of hosts
2025 for which the message is waiting, so the message should not be a
2026 candidate for sending over the same connection that was used for a
2027 successful delivery of some other message. This seems entirely
2028 reasonable: after all the message is NOT "waiting for some host".
2029 This is so "obvious" that I'm not sure why it wasn't done
2030 previously. Hope I haven't missed anything, but it can't do any
2031 harm, as the worst effect is to miss an optimization.
2032
2033 (ii) If, despite (i), such a delivery is accidentally attempted, the
2034 routing retry time is respected, so at least it doesn't keep
2035 hammering the server.
2036
c1114884
PH
2037PH/31 Installed Andrew Findlay's patch to close the writing end of the socket
2038 in ${readsocket because some servers need this prod.
2039
7a0743eb
PH
2040PH/32 Added some extra debug output when updating a wait-xxx database.
2041
0d85fa3f
PH
2042PH/33 The hint "could be header name not terminated by colon", which has been
2043 given for certain expansion errors for a long time, was not being given
2044 for the ${if def:h_colon_omitted{... case.
2045
1bf43b78
PH
2046PH/34 The spec says: "With one important exception, whenever a domain list is
2047 being scanned, $domain contains the subject domain." There was at least
2048 one case where this was not true.
2049
520de300
PH
2050PH/35 The error "getsockname() failed: connection reset by peer" was being
2051 written to the panic log as well as the main log, but it isn't really
2052 panic-worthy as it just means the connection died rather early on. I have
2053 removed the panic log writing for the ECONNRESET error when getsockname()
2054 fails.
2055
48c7f9e2
PH
2056PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue
2057 runs only) independently of the message's sender address. This meant
2058 that, if the 4xx error was in fact related to the sender, a different
2059 message to the same recipient with a different sender could confuse
2060 things. In particualar, this can happen when sending to a greylisting
2061 server, but other circumstances could also provoke similar problems.
2062 I have changed the default so that the retry time for these errors is now
2063 based a combination of the sender and recipient addresses. This change
2064 can be overridden by setting address_retry_include_sender=false in the
2065 smtp transport.
2066
99ea1c86
PH
2067PH/37 For LMTP over TCP/IP (the smtp transport), error responses from the
2068 remote server are returned as part of bounce messages. This was not
2069 happening for LMTP over a pipe (the lmtp transport), but now it is the
2070 same for both kinds of LMTP.
2071
a2042e78
PH
2072PH/38 Despite being documented as not happening, Exim was rewriting addresses
2073 in header lines that were in fact CNAMEs. This is no longer the case.
2074
4fbcfc2e
PH
2075PH/39 If -R or -S was given with -q<time>, the effect of -R or -S was ignored,
2076 and queue runs started by the daemon processed all messages. This has
2077 been fixed so that -R and -S can now usefully be given with -q<time>.
2078
aa41d2de
PH
2079PH/40 Import PCRE release 6.7 (fixes some bugs).
2080
af561417
PH
2081PH/41 Add bitwise logical operations to eval (courtesy Brad Jorsch).
2082
3cc66b45
PH
2083PH/42 Give an error if -q is specified more than once.
2084
194cc0e4
PH
2085PH/43 Renamed the variables $interface_address and $interface_port as
2086 $received_ip_address and $received_port, to make it clear that these
2087 values apply to message reception, and not to the outgoing interface when
2088 a message is delivered. (The old names remain recognized, of course.)
2089
a401ddaa
PH
2090PH/44 There was no timeout on the connect() call when using a Unix domain
2091 socket in the ${readsocket expansion. There now is.
2092
4e88a19f
PH
2093PH/45 Applied a modified version of Brad Jorsch's patch to allow "message" to
2094 be meaningful with "accept".
2095
d7d7b289
SC
2096SC/01 Eximstats V1.43
2097 Bug fix for V1.42 with -h0 specified. Spotted by Chris Lear.
2098
2099SC/02 Eximstats V1.44
2100 Use a glob alias rather than an array ref in the generated
2101 parser. This improves both readability and performance.
2102
2103SC/03 Eximstats V1.45 (Marco Gaiarin / Steve Campbell)
2104 Collect SpamAssassin and rejection statistics.
2105 Don't display local sender or destination tables unless
2106 there is data to show.
2107 Added average volumes into the top table text output.
2108
2109SC/04 Eximstats V1.46
2110 Collect data on the number of addresses (recipients)
2111 as well as the number of messages.
2112
2113SC/05 Eximstats V1.47
2114 Added 'Message too big' to the list of mail rejection
2115 reasons (thanks to Marco Gaiarin).
2116
2117SC/06 Eximstats V1.48
2118 Mainlog lines which have GMT offsets and are too short to
2119 have a flag are now skipped.
2120
2121SC/07 Eximstats V1.49 (Alain Williams)
2122 Added the -emptyok flag.
2123
2124SC/08 Eximstats V1.50
2125 Fixes for obtaining the IP address from reject messages.
2126
0ea2a468
JJ
2127JJ/03 exipick.20061117.2, made header handling as similar to exim as possible
2128 (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed
2129 whitesspace changes from 4.64-PH/27
2130
2131JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to
2132 match 4.64-PH/13
2133
2134JJ/05 exipick.20061117.2, bug fixes (error out sooner when invalid criteria
2135 are found, allow negative numbers in numeric criteria)
2136
2137JJ/06 exipick.20061117.2, added new $message_body_missing variable
2138
2139JJ/07 exipick.20061117.2, added $received_ip_address and $received_port
2140 to match changes made in 4.64-PH/43
2141
8a10f5a4
PH
2142PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm.
2143
30e18802
PH
2144PH/47 Put in an explicit test for a DNS lookup of an address record where the
2145 "domain" is actually an IP address, and force a failure. This locks out
2146 those revolvers/nameservers that support "A-for-A" lookups, in
2147 contravention of the specifications.
2148
55728a4f
PH
2149PH/48 When a host name was looked up from an IP address, and the subsequent
2150 forward lookup of the name timed out, the host name was left in
2151 $sender_host_name, contrary to the specification.
d7d7b289 2152
d7837193
PH
2153PH/49 Although default lookup types such as lsearch* or cdb*@ have always been
2154 restricted to single-key lookups, Exim was not diagnosing an error if
2155 * or *@ was used with a query-style lookup.
2156
87054a31
PH
2157PH/50 Increased the value of DH_BITS in tls-gnu.c from 768 to 1024.
2158
ea2c01d2
MH
2159MH/01 local_scan ABI version incremented to 1.1. It should have been updated
2160 long ago, but noone interested enough thought of it. Let's just say that
2161 the "1.1" means that there are some new functions that weren't there at
2162 some point in the past.
2163
e4fa6968
PH
2164PH/51 Error processing for expansion failure of helo_data from an smtp
2165 transport during callout processing was broken.
2166
56f5d9bd
PH
2167PH/52 Applied John Jetmore's patch to allow tls-on-connect and STARTTLS to be
2168 tested/used via the -bh/-bhc/-bs options.
2169
922e1c28
PH
2170PH/53 Added missing "#include <time.h>" to pcre/pcretest.c (this was a PCRE
2171 bug, fixed in subsequent PCRE releases).
2172
21eb6e72
PH
2173PH/54 Applied Robert Bannocks' patch to avoid a problem with references that
2174 arises when using the Solaris LDAP libraries (but not with OpenLDAP).
2175
a0540757
PH
2176PH/55 Check for a ridiculously long file name in exim_dbmbuild.
2177
944e9e9c 2178
478be7b0
SC
2179Exim version 4.63
2180-----------------
2181
2182SC/01 Use a glob alias rather than an array ref in eximstats generated
2183 parser. This improves both readability and performance.
2184
2185SC/02 Collect SpamAssassin and rejection statistics in eximstats.
2186 Don't display local sender or destination tables in eximstats unless
2187 there is data to show.
2188 Added average volumes into the eximstats top table text output.
2189
2190SC/03 Collect data on the number of addresses (recipients) as well
2191 as the number of messages in eximstats.
2192
2b965a65
TF
2193TF/01 Correct an error in the documentation for the redirect router. Exim
2194 does (usually) call initgroups() when daemonizing.
478be7b0 2195
45b91596
PH
2196TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs
2197 with consistent privilege compared to when running as a daemon.
478be7b0 2198
c59f5781
TF
2199TF/03 Note in the spec that $authenticated_id is not set for local
2200 submissions from trusted users.
2201
90fc3069
TF
2202TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp.
2203 Thanks to Dean Brooks <dean@iglou.com> for the patch.
2204
6083aca0
TF
2205TF/05 Make it easier to get SMTP authentication and TLS/SSL support working
2206 by adding some example configuration directives to the default
2207 configuration file. A little bit of work is required to uncomment the
2208 directives and define how usernames and passwords are checked, but
2209 there is now a framework to start from.
2210
765b530f
PH
2211PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old"
2212 functions that Exim currently uses aren't defined in ldap.h for OpenLDAP
2213 without this. I don't know how relevant this is to other LDAP libraries.
2214
4e167a8c
PH
2215PH/02 Add the verb name to the "unknown ACL verb" error.
2216
4608d683
PH
2217PH/03 Magnus Holmgren's patch for filter_prepend_home.
2218
b8dc3e4a
PH
2219PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work.
2220
5418e93b
PH
2221PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home
2222 directory not expanded when it should be if an expanded home directory
2223 was set for the address (which is overridden by the transport).
2224
b4a9bda2
PH
2225PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with
2226 libradius.
2227
45b91596
PH
2228PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the
2229 bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL,
2230 because it is too late at that time, and has no effect.
2231
5547e2c5
PH
2232PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a
2233 security issue with \' (bugzilla #107). I could not use the
2234 PQescapeStringConn() function, because it needs a PGconn value as one of
2235 its arguments.
2236
dbcef0ea
PH
2237PH/08 When testing addresses using -bt, indicate those final addresses that
2238 are duplicates that would not cause an additional delivery. At least one
2239 person was confused, thinking that -bt output corresponded to deliveries.
2240 (Suppressing duplicates isn't a good idea as you lose the information
2241 about possibly different redirections that led to the duplicates.)
2242
25257489
PH
2243PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on
2244 systems where poll() doesn't work, in particular OS X.
2245
c816d124
PH
2246PH/10 Added more information to debugging output for retry time not reached.
2247
a9ccd69a
PH
2248PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read
2249 operations in malware.c.
2250
75fa1910
PH
2251PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys
2252 signatures.
2253
a7d7aa58
PH
2254PH/13 If write_rejectlog was set false when logging was sent to syslog with
2255 syslog_duplication set false, log lines that would normally be written
2256 both the the main log and to the reject log were not written to syslog at
2257 all.
2258
42119b09
PH
2259PH/14 In the default configuration, change the use of "message" in ACL warn
2260 statements to "add_header".
2261
41609df5
PH
2262PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not
2263 not followed by a command (e.g. "seen endif").
2264
a5bd321b
PH
2265PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail:
2266 and :defer: in a redirect router. Add forbid_smtp_code to suppress the
2267 latter.
2268
e85a7ad5 2269PH/17 Added extra conditions to the default value of delay_warning_condition
5dff5817
PH
2270 so that it is now:
2271
e85a7ad5
PH
2272 ${if or { \
2273 { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \
2274 { match{$h_precedence:}{(?i)bulk|list|junk} } \
2275 { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \
5dff5817
PH
2276 }{no}{yes}}
2277
e85a7ad5
PH
2278 The Auto-Submitted: and various List- headers are standardised, whereas I
2279 don't think Precedence: ever was.
5dff5817 2280
d8fe1c03
PH
2281PH/18 Refactored debugging code in route_finduser() to show more information,
2282 in particular, the error code if getpwnam() issues one.
2283
16282d2b
PH
2284PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module.
2285 This is apparently needed in addition to the PH/07 change above to avoid
2286 any possible encoding problems.
2287
35d40a98
PH
2288PH/20 Perl can change the locale. Exim was resetting it after a ${perl call,
2289 but not after initializing Perl.
2290
034d99ab
PH
2291PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and
2292 output them only if debugging. By default they are written stderr,
2293 apparently, which is not desirable.
2294
6ec97b1b
PH
2295PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on
2296 queries.
2297
e22ca4ac
JJ
2298JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and
2299 --not options
2300
2301JJ/02 exipick: rewrote --help documentation to hopefully make more clear.
2302
33d73e3b
PH
2303PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is
2304 authenticated or an ident call has been made. Suppress the default
2305 values for $authenticated_id and $authenticated_sender (but permit -oMai
2306 and -oMas) when testing with -bh.
2307
9ecb03f3
PH
2308PH/24 Re-jigged the order of the tests in the default configuration so that the
2309 tests for valid domains and recipients precede the DNS black list and CSA
2310 tests, on the grounds that those ones are more expensive.
2311
084efe8d
PH
2312PH/25 Exim was not testing for a space following SMTP commands such as EHLO
2313 that require one. Thus, EHLORHUBARB was interpreted as a valid command.
2314 This bug exists in every version of Exim that I still have, right back to
2315 0.12.
2316
366fc9f0
PH
2317PH/26 (n)wildlsearch lookups are documented as being done case-insensitively.
2318 However, an attempt to turn on case-sensitivity in a regex key by
2319 including (?-i) didn't work because the subject string was already
2320 lowercased, and the effects were non-intuitive. It turns out that a
2321 one-line patch can be used to allow (?-i) to work as expected.
2322
c59f5781 2323
c887c79e
TF
2324Exim version 4.62
2325-----------------
2326
2327TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst
2328 other effects) broke the use of negated acl sub-conditions.
2329
1cce3af8
PH
2330PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore
2331 patch).
2332
afb3eaaf
PH
2333PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow".
2334 "Deny" causes Exim to reject the incoming connection with a 554 error.
2335 Unfortunately, if there is a major crisis, such as a disk failure,
2336 tcp-wrappers gives "deny", whereas what one would like would be some
2337 kind of temporary error. A kludge has been added to help with this.
2338 Before calling hosts_ctl(), errno is set zero. If the result is "deny", a
2339 554 error is used if errno is still zero or contains ENOENT (which occurs
2340 if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a
2341 451 error is used.
2342
e173618b
PH
2343PH/03 Add -lutil to the default FreeBSD LIBS setting.
2344
dd16e114
PH
2345PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host
2346 errors. Otherwise a message that provokes a temporary error (when other
2347 messages do not) can cause a whole host to time out.
2348
f7fd3850
PH
2349PH/05 Batch deliveries by appendfile and pipe transports did not work when the
2350 addresses were routed directly to files or pipes from a redirect router.
2351 File deliveries just didn't batch; pipe deliveries might have suffered
2352 odd errors.
2353
d87df92c
PH
2354PH/06 A failure to get a lock for a hints database would erroneously always say
2355 "Failed to get write lock", even when it was really a read lock.
2356
7e9f683d
PH
2357PH/07 The appendfile transport was creating MBX lock files with a fixed mode
2358 of 0600. This has been changed to use the value of the lockfile_mode
2359 option (which defaults to 0600).
2360
bfad5236
PH
2361PH/08 Applied small patch from the Sieve maintainer.
2362
01c490df
PH
2363PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash
2364 folder from quota calculations, a direct delivery into this folder messed
2365 up the contents of the maildirsize file. This was because the regex was
2366 used only to exclude .Trash (or whatever) when the size of the mailbox
2367 was calculated. There was no check that a delivery was happening into an
2368 excluded directory. This bug has been fixed by ignoring all quota
2369 processing for deliveries into excluded directories.
2370
d6629cdc
PH
2371PH/10 Added the maildirfolder_create_regex option to appendfile.
2372
1cce3af8 2373
214e2000
PH
2374Exim version 4.61
2375-----------------
2376
2377PH/01 The code for finding all the local interface addresses on a FreeBSD
2378 system running IPv6 was broken. This may well have applied to all BSD
2379 systems, as well as to others that have similar system calls. The broken
2380 code found IPv4 interfaces correctly, but gave incorrect values for the
2381 IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was
2382 that it would not match correctly against @[] and not recognize the IPv6
2383 addresses as local.
2384
f9daeae0
PH
2385PH/02 The ipliteral router was not recognizing addresses of the form user@
2386 [ipv6:....] because it didn't know about the "ipv6:" prefix.
2387
7e66e54d
PH
2388PH/03 Added disable_ipv6.
2389
c8ea1597
PH
2390PH/04 Changed $reply_address to use the raw form of the headers instead of the
2391 decoded form, because it is most often used to construct To: headers
2392 lines in autoreplies, and the decoded form may well be syntactically
2393 invalid. However, $reply_address has leading white space removed, and all
2394 newlines turned into spaces so that the autoreply transport does not
2395 grumble.
2396
911f6fde
PH
2397PH/05 If group was specified without a user on a router, and no group or user
2398 was specified on a transport, the group from the router was ignored.
2399
47ca6d6c
PH
2400PH/06 Increased the number of ACL variables to 20 of each type, and arranged
2401 for visible compile-time settings that can be used to change these
2402 numbers, for those that want even more. Backwards compatibility with old
2403 spool files has been maintained. However, going back to a previous Exim
2404 release will lost any variables that are in spool files.
2405
ed0e9820
PH
2406PH/07 Two small changes when running in the test harness: increase delay when
2407 passing a TCP/IP connection to a new process, in case the original
2408 process has to generate a bounce, and remove special handling of
2409 127.0.0.2 (sic), which is no longer necessary.
2410
eff37e47
PH
2411PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to
2412 be the same on different OS.
2413
1921d2ea
PH
2414PH/09 Moved a debug statement in filter processing to avoid a race problem when
2415 testing.
2416
b3f69ca8
JJ
2417JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:"
2418 whether --show-vars was specified or not
2419
2420JJ/02 exipick: Added support for new ACL variable spool format introduced
2421 in 4.61-PH/06
2422
424a1c63
PH
2423PH/10 Fixed another bug related to PH/04 above: if an incoming message had a
2424 syntactically invalid From: or Reply-to: line, and a filter used this to
2425 generate an autoreply, and therefore failed to obtain an address for the
2426 autoreply, Exim could try to deliver to a non-existent relative file
2427 name, causing unrelated and misleading errors. What now happens is that
2428 it logs this as a hard delivery error, but does not attempt to create a
2429 bounce message.
2430
7a100415
PH
2431PH/11 The exinext utility has a -C option for testing purposes, but although
2432 the given file was scanned by exinext itself; it wasn't being passed on
2433 when Exim was called.
2434
19b9dc85
PH
2435PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as
2436 an end-of-file indication when reading a command response.
2437
309bd837
PH
2438PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was
2439 compiled. In many other places in Exim, IPv6 addresses are always
2440 recognized, so I have changed this. It also means that IPv4 domain
2441 literals of the form [IPV4:n.n.n.n] are now always recognized.
2442
59e82a2a
PH
2443PH/14 When a uid/gid is specified for the queryprogram router, it cannot be
2444 used if the router is not running as root, for example, when verifying at
2445 ACL time, or when using -bh. The debugging output from this situation was
2446 non-existent - all you got was a failure to exec. I have made two
2447 changes:
2448
2449 (a) Failures to set uid/gid, the current directory, or a process leader
2450 in a subprocess such as that created by queryprogram now generate
2451 suitable debugging ouput when -d is set.
2452
2453 (b) The queryprogram router detects when it is not running as root,
2454 outputs suitable debugging information if -d is set, and then runs
2455 the subprocess without attempting to change uid/gid.
2456
9edc04ce
PH
2457PH/15 Minor change to Makefile for building test_host (undocumented testing
2458 feature).
2459
1349e1e5
PH
2460PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the
2461 additional section of a DNS packet that returns MX or SRV records.
2462 Instead, it always explicitly searches for A/AAAA records. This avoids
2463 major problems that occur when a DNS server includes only records of one
2464 type (A or AAAA) in an MX/SRV packet. A byproduct of this change has
2465 fixed another bug: if SRV records were looked up and the corresponding
2466 address records were *not* found in the additional section, the port
2467 values from the SRV records were lost.
2468
ea49d0e1
PH
2469PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not
2470 using the correct key (the original address) when searching the retry
2471 rules in order to find which one to use for generating the retry hint.
2472
064a94c9
PH
2473PH/18 If quota_warn_message contains a From: header, Exim now refrains from
2474 adding the default one. Similarly, if it contains a Reply-To: header, the
2475 errors_reply_to option, if set, is not used.
2476
727071f8
PH
2477PH/19 When calculating a retry time, Exim used to measure the "time since
2478 failure" by looking at the "first failed" field in the retry record. Now
2479 it does not use this if it is later than than the arrival time of the
2480 message. Instead it uses the arrival time. This makes for better
2481 behaviour in cases where some deliveries succeed, thus re-setting the
2482 "first failed" field. An example is a quota failure for a huge message
2483 when small messages continue to be delivered. Without this change, the
2484 "time since failure" will always be short, possible causing more frequent
2485 delivery attempts for the huge message than are intended.
dd16e114 2486 [Note: This change was subsequently modified - see PH/04 for 4.62.]
727071f8 2487
f78eb7c6
PH
2488PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
2489 $1, $2, $3) because the numerical variables can be reset during some
2490 expansion items (e.g. "match"), thereby losing the authentication data.
2491
21c28500
PH
2492PH/21 Make -bV show the size of off_t variables so that the test suite can
2493 decide whether to run tests for quotas > 2G.
2494
2495PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold,
2496 mailbox_size, and mailbox_filecount in the appendfile transport. If a
2497 filecount value is greater than 2G or if a quota value is greater than 2G
2498 on a system where the size of off_t is not greater than 4, a panic error
2499 is given.
2500
1688f43b
PH
2501PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
2502 never match. The debug and -bh output now contains an explicit error
2503 message indicating a malformed IPv4 address or mask.
2504
2505PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
2506 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
2507 PH/23 above applies.
2508
9675b384
PH
2509PH/25 Do not write to syslog when running in the test harness. The only
2510 occasion when this arises is a failure to open the main or panic logs
2511 (for which there is an explicit test).
2512
6a3f1455
PH
2513PH/26 Added the /no_tell option to "control=freeze".
2514
dac79d3e
PH
2515PH/27 If a host name lookup failed very early in a connection, for example, if
2516 the IP address matched host_lookup and the reverse lookup yielded a name
2517 that did not have a forward lookup, an error message of the form "no IP
2518 address found for host xxx.xxx.xxx (during SMTP connection from NULL)"
2519 could be logged. Now it outputs the IP address instead of "NULL".
1349e1e5 2520
5977a0b3
PH
2521PH/28 An enabling patch from MH: add new function child_open_exim2() which
2522 allows the sender and the authenticated sender to be set when
2523 submitting a message from within Exim. Since child_open_exim() is
2524 documented for local_scan(), the new function should be too.
2525
c91535f3
PH
2526PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
2527 ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
2528 results in an empty string is now treated as unset.
2529
0d46a8c8
PH
2530PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
2531
278c6e6c
PH
2532PH/31 Added sender_verify_fail logging option.
2533
2cbb4081
PH
2534PH/32 In November 2003, the code in Exim that added an empty Bcc: header when
2535 needed by RFC 822 but not by RFC 2822 was commented out. I have now
2536 tidied the source and removed it altogether.
2537
3eef829e
PH
2538PH/33 When a queue run was abandoned because the load average was too high, a
2539 log line was always written; now it is written only if the queue_run log
2540 selector is set. In addition, the log line for abandonment now contains
2541 information about the queue run such as the pid. This is always present
2542 in "start" and "stop" lines but was omitted from the "abandon" line.
2543
1ab95fa6
PH
2544PH/34 Omit spaces between a header name and the colon in the error message that
2545 is given when verify = headers_syntax fails (if there are lots of them,
2546 the message gets confusing).
2547
230205fc
PH
2548PH/35 Change the default for dns_check_names_pattern to allow slashes within
2549 names, as there are now some PTR records that contain slashes. This check
2550 is only to protect against broken name servers that fall over on strange
2551 characters, so the fact that it applies to all lookups doesn't matter.
2552
75e0e026
PH
2553PH/36 Now that the new test suite is complete, we can remove some of the
2554 special code in Exim that was needed for the old test suite. For example,
2555 sorting DNS records because real resolvers return them in an arbitrary
2556 order. The new test suite's fake resolver always returns records in the
2557 same order.
2558
2559PH/37 When running in the test harness, use -odi for submitted messages (e.g.
2560 bounces) except when queue_only is set, to avoid logging races between
2561 the different processes.
2562
145396a6
PH
2563PH/38 Panic-die if .include specifies a non-absolute path.
2564
3cd34f13
PH
2565PH/39 A tweak to the "H" retry rule from its user.
2566
11121d3d
JJ
2567JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified
2568 a label. They prevented compilation on older perls.
2569
2570JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused
2571 a warning to be raised on newish perls.
2572
2573JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages
2574 on queue. Changes to match documented behaviour of showing count of
2575 messages matching specified criteria.
2576
8def5aaf
PH
2577PH/40 Changed the default ident timeout from 30s to 5s.
2578
929ba01c
PH
2579PH/41 Added support for the use of login_cap features, on those BSD systems
2580 that have them, for controlling the resources used by pipe deliveries.
2581
2632889e
PH
2582PH/42 The content-scanning code uses fopen() to create files in which to put
2583 message data. Previously it was not paying any attention to the mode of
2584 the files. Exim runs with umask(0) because the rest of the code creates
2585 files with open(), and sets the required mode explicitly. Thus, these
2586 files were ending up world-writeable. This was not a big issue, because,
2587 being within the spool directory, they were not world-accessible. I have
2588 created a function called modefopen, which takes an additional mode
2589 argument. It sets umask(777), creates the file, chmods it to the required
2590 mode, then resets the umask. All the relevant calls to fopen() in the
2591 content scanning code have been changed to use this function.
2592
944a9c55
PH
2593PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset
2594 to 24 hours. This avoids potential overflow problems when processing G
2595 and H retry rules. I suspect nobody ever tinkers with this value.
2596
4a23603b
PH
2597PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile.
2598
4730f942
PH
2599PH/45 When the plaintext authenticator is running as a client, the server's
2600 challenges are checked to ensure they are valid base64 strings. By
2601 default, the authentication attempt is cancelled if an invalid string is
2602 received. Setting client_ignore_invalid_base64 true ignores these errors.
2603 The decoded challenge strings are now placed in $auth1, $auth2, etc. as
2604 they are received. Thus, the responses can be made to depend on the
2605 challenges. If an invalid string is ignored, an empty string is placed in
2606 the variable.
2607
30dba1e6
PH
2608PH/46 Messages that are created by the autoreply transport now contains a
2609 References: header, in accordance with RFCs 2822 and 3834.
2610
382afc6b
PH
2611PH/47 Added authenticated_sender_force to the smtp transport.
2612
a86229cf
PH
2613PH/48 The ${prvs expansion was broken on systems where time_t was long long.
2614
50c99ba6
PH
2615PH/49 Installed latest patch from the Sieve maintainer.
2616
d35e429d
PH
2617PH/50 When an Exim quota was set without a file count quota, and mailbox_size
2618 was also set, the appendfile transport was unnecessarily scanning a
2619 directory of message files (e.g. for maildir delivery) to find the count
2620 of files (along with the size), even though it did not need this
2621 information. It now does the scan only if it needs to find either the
2622 size of the count of files.
2623
f90d018c
PH
2624PH/51 Added ${time_eval: to convert Exim time strings into seconds.
2625
75def545
PH
2626PH/52 Two bugs concerned with error handling when the smtp transport is
2627 used in LMTP mode:
2628
2629 (i) Exim was not creating retry information for temporary errors given
2630 for individual recipients after the DATA command when the smtp transport
2631 was used in LMTP mode. This meant that they could be retried too
2632 frequently, and not timed out correctly.
2633
2634 (ii) Exim was setting the flag that allows error details to be returned
2635 for LMTP errors on RCPT commands, but not for LMTP errors for individual
2636 recipients that were returned after the DATA command.
2637
2638PH/53 This is related to PH/52, but is more general: for any failing address,
2639 when detailed error information was permitted to be returned to the
2640 sender, but the error was temporary, then after the final timeout, only
2641 "retry timeout exceeded" was returned. Now it returns the full error as
2642 well as "retry timeout exceeded".
2643
c46782ef
PH
2644PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that
2645 do this, and (what is worse) MTAs that accept it.
2646
71fafd95
PH
2647PH/55 Added the add_header modified to ACLs. The use of "message" with "warn"
2648 will now be deprecated.
2649
2c5db4fd
PH
2650PH/56 New os.c-cygwin from the Cygwin maintainer.
2651
9cf6b11a
JJ
2652JJ/06 exipick: added --unsorted option to allow unsorted output in all output
2653 formats (previously only available in exim formats via -bpr, -bpru,
2654 and -bpra. Now also available in native and exiqgrep formats)
2655
2656JJ/07 exipick: added --freeze and --thaw options to allow faster interaction
2657 with very large, slow to parse queues
2658
2659JJ/08 exipick: added ! as generic prefix to negate any criteria format
2660
2661JJ/09 exipick: miscellaneous performance enhancements (~24% improvements)
2662
898d150f
PH
2663PH/57 Tidies in SMTP dialogue display in debug output: (i) It was not showing
2664 responses to authentication challenges, though it was showing the
2665 challenges; (ii) I've removed the CR characters from the debug output for
2666 SMTP output lines.
2667
46218253
PH
2668PH/58 Allow for the insertion of a newline as well as a space when a string
2669 is turned into more than one encoded-word during RFC 2047 encoding. The
2670 Sieve code now uses this.
2671
e97957bc
PH
2672PH/59 Added the following errors that can be detected in retry rules: mail_4xx,
2673 data_4xx, lost_connection, tls_required.
2674
81e509d7
PH
2675PH/60 When a VRFY deferred or FAILED, the log message rather than the user
2676 message was being sent as an SMTP response.
2677
3d240ff7
PH
2678PH/61 Add -l and -k options to exicyclog.
2679
b37c4101
PH
2680PH/62 When verifying, if an address was redirected to one new address, so that
2681 verification continued, and the new address failed or deferred after
2682 having set something in $address_data, the value of $address_data was not
2683 passed back to the ACL. This was different to the case when no
2684 redirection occurred. The value is now passed back in both cases.
2685
79378e0f
PH
2686PH/63 Changed the macro HAVE_LOGIN_CAP (see PH/41 for this release above) to
2687 HAVE_SETCLASSRESOURCES because there are different APIs in use that all
2688 use login_cap.h, so on its own it isn't the distinguishing feature. The
2689 new name refers directly to the setclassresources() function.
2690
e49c7bb4
PH
2691PH/65 Added configuration files for NetBSD3.
2692
d114ec46
PH
2693PH/66 Updated OS/Makefile-HP-UX for gcc 4.1.0 with HP-UX 11.
2694
f3d7df6c
PH
2695PH/67 Fixed minor infelicity in the sorting of addresses to ensure that IPv6
2696 is preferred over IPv4.
2697
715ab376
PH
2698PH/68 The bounce_return_message and bounce_return_body options were not being
2699 honoured for bounces generated during the reception of non-SMTP messages.
2700 In particular, this applied to messages rejected by the ACL. This bug has
2701 been fixed. However, if bounce_return_message is true and bounce_return_
2702 body is false, the headers that are returned for a non-SMTP message
2703 include only those that have been read before the error was detected.
2704 (In the case of an ACL rejection, they have all been read.)
2705
6b31b150
PH
2706PH/69 The HTML version of the specification is now built in a directory called
2707 spec_html instead of spec.html, because the latter looks like a path with
2708 a MIME-type, and this confuses some software.
2709
2710PH/70 Catch two compiler warnings in sieve.c.
2711
d515a917
PH
2712PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The
2713 function verify_get_ident() calls ip_connect() to connect a socket, but
2714 if the "connect()" function timed out, ip_connect() used to close the
2715 socket. However, verify_get_ident() also closes the socket later, and in
2716 between Exim writes to the log, which may get opened at this point. When
2717 the socket was closed in ip_connect(), the log could get the same file
2718 descriptor number as the socket. This naturally causes chaos. The fix is
2719 not to close the socket in ip_connect(); the socket should be closed by
2720 the function that creates it. There was only one place in the code where
2721 this was missing, in the iplookup router, which I don't think anybody now
2722 uses, but I've fixed it anyway.
2723
9b8fadde
PH
2724PH/72 Make dns_again_means_nonexist apply to lookups using gethostbyname() as
2725 well as to direct DNS lookups. Otherwise the handling of names in host
2726 lists is inconsistent and therefore confusing.
2727
214e2000 2728
5de37277
PH
2729Exim version 4.60
2730-----------------
2731
cc38ddbf
PH
2732PH/01 Two changes to the default runtime configuration:
2733
2734 (1) Move the checks for relay_from_hosts and authenticated clients from
2735 after to before the (commented out) DNS black list checks.
2736
2737 (2) Add control=submission to the relay_from_hosts and authenticated
2738 clients checks, on the grounds that messages accepted by these
2739 statements are most likely to be submissions.
5de37277 2740
72fdd6ae
PH
2741PH/02 Several tidies to the handling of ${prvs and ${prvscheck:
2742
2743 (1) Generate an error if the third argument for the ${prvs expansion is
2744 not a single digit.
2745
2746 (2) Treat a missing third argument of ${prvscheck as if it were an empty
2747 string.
2748
2749 (3) Reset the variables that are obtained from the first argument of
2750 ${prvscheck and used in the second argument before leaving the code,
2751 because their memory is reclaimed, so using them afterwards may do
2752 silly things.
2753
2754 (4) Tidy up the code for expanding the arguments of ${prvscheck one by
2755 one (it's much easier than Tom thought :-).
2756
2757 (5) Because of (4), we can now allow for the use of $prvscheck_result
2758 inside the third argument.
cb9328de 2759
cb741023
PH
2760PH/03 For some reason, the default setting of PATH when running a command from
2761 a pipe transport was just "/usr/bin". I have changed it to
2762 "/bin:/usr/bin".
2763
f174f16e
PH
2764PH/04 SUPPORT_TRANSLATE_IP_ADDRESS and MOVE_FROZEN_MESSAGES did not cause
2765 anything to be listed in the output from -bV.
b2f5a032 2766
c25242d7
PH
2767PH/05 When a filter generated an autoreply, the entire To: header line was
2768 quoted in the delivery log line, like this:
2769
2770 => >A.N.Other <ano@some.domain> <original@ddress> ...
2771
2772 This has been changed so that it extracts the operative address. There
2773 may be more than one such address. If so, they are comma-separated, like
2774 this:
2775
2776 => >ano@some.domain,ona@other.domain <original@ddress> ...
2777
82c19f95
PH
2778PH/06 When a client host used a correct literal IP address in a HELO or EHLO
2779 command, (for example, EHLO [1.2.3.4]) and the client's IP address was
2780 not being looked up in the rDNS to get a host name, Exim was showing the
2781 IP address twice in Received: lines, even though the IP addresses were
2782 identical. For example:
2783
2784 Received: from [1.2.3.4] (helo=[1.2.3.4])
2785
2786 However, if the real host name was known, it was omitting the HELO data
2787 if it matched the actual IP address. This has been tidied up so that it
2788 doesn't show the same IP address twice.
2789
d7ffbc12
PH
2790PH/07 When both +timestamp and +memory debugging was on, the value given by
2791 $tod_xxx expansions could be wrong, because the tod_stamp() function was
2792 called by the debug printing, thereby overwriting the timestamp buffer.
2793 Debugging no longer uses the tod_stamp() function when +timestamp is set.
2794
9f526266
PH
2795PH/08 When the original message was included in an autoreply transport, it
2796 always said "this is a copy of the message, including all the headers",
2797 even if body_only or headers_only was set. It now gives an appropriate
2798 message.
2799
87fcc8b9
PH
2800PH/09 Applied a patch from the Sieve maintainer which:
2801
2802 o fixes some comments
2803 o adds the (disabled) notify extension core
2804 o adds some debug output for the result of if/elsif tests
2805 o points to the current vacation draft in the documentation
2806 and documents the missing references header update
2807
2808 and most important:
2809
2810 o fixes a bug in processing the envelope test (when testing
2811 multiple envelope elements, the last element determinted the
2812 result)
2813
456682f5
PH
2814PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to
2815 Electronic Mail") by including:
2816
2817 Auto-submitted: auto-generated
2818
2819 in the messages that it generates (bounce messages and others, such as
2820 warnings). In the case of bounce messages for non-SMTP mesages, there was
2821 also a typo: it was using "Auto_submitted" (underscore instead of
2822 hyphen). Since every message generated by Exim is necessarily in response
2823 to another message, thes have all been changed to:
2824
2825 Auto-Submitted: auto-replied
2826
2827 in accordance with these statements in the RFC:
2828
2829 The auto-replied keyword:
2830
2831 - SHOULD be used on messages sent in direct response to another
2832 message by an automatic process,
2833
2834 - MUST NOT be used on manually-generated messages,
2835
2836 - MAY be used on Delivery Status Notifications (DSNs) and Message
2837 Disposition Notifications (MDNs),
2838
2839 - MUST NOT be used on messages generated by automatic or periodic
2840 processes, except for messages which are automatic responses to
2841 other messages.
2842
3e46c1aa
PH
2843PH/11 Added "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
2844 to the default Received: header definition.
456682f5 2845
49826d12
PH
2846PH/12 Added log selector acl_warn_skipped (default on).
2847
eba0c039
PH
2848PH/13 After a successful wildlsearch lookup, discard the values of numeric
2849 variables because (a) they are in the wrong storage pool and (b) even if
2850 they were copied, it wouldn't work properly because of the caching.
2851
a0d6ba8a
PH
2852PH/14 Add check_rfc2047_length to disable enforcement of RFC 2047 length
2853 checking when decoding. Apparently there are clients that generate
2854 overlong encoded strings. Why am I not surprised?
2855
f0917727
PH
2856PH/15 If the first argument of "${if match_address" was not empty, but did not
2857 contain an "@" character, Exim crashed. Now it writes a panic log message
2858 and treats the condition as false.
2859
096fee00
PH
2860PH/16 In autoreply, treat an empty string for "once" the same as unset.
2861
024bd3c2
PH
2862PH/17 A further patch from the Sieve maintainer: "Introduce the new Sieve
2863 extension "envelope-auth". The code is finished and in agreement with
2864 other implementations, but there is no documentation so far and in fact,
2865 nobody wrote the draft yet. This extension is currently #undef'ed, thus
2866 not changing the active code.
2867
2868 Print executed "if" and "elsif" statements when debugging is used. This
2869 helps a great deal to understand what a filter does.
2870
2871 Document more things not specified clearly in RFC3028. I had all this
2872 sorted out, when out of a sudden new issues came to my mind. Oops."
2873
df199fec
PH
2874PH/18 Exim was not recognizing the "net-" search type prefix in match_ip lists
2875 (Bugzilla #53).
2876
d27f1df3
PH
2877PH/19 Exim expands the IPv6 address given to -bh to its full non-abbreviated
2878 canonical form (as documented). However, after a host name lookup from
2879 the IP address, check_host() was doing a simple string comparison with
2880 addresses acquired from the DNS when checking that the found name did
2881 have the original IP as one of its addresses. Since any found IPv6
2882 addresses are likely to be in abbreviated form, the comparison could
2883 fail. Luckily, there already exists a function for doing the comparison
2884 by converting both addresses to binary, so now that is used instead of
2885 the text comparison.
2886
96776534
PH
2887PH/20 There was another similar case to PH/19, when a complete host name was
2888 given in a host list; looking up its IP address could give an abbreviated
2889 form, whereas the current host's name might or might not be abbreviated.
2890 The same fix has been applied.
2891
5de37277 2892
9a799bc0
PH
2893Exim version 4.54
2894-----------------
2895
2896PH/01 The ${base62: operator adjusted itself to base 36 when BASE_62 was
2897 set to 36 (for Darwin and Cygwin), but the ${base62d: operator did not.
2898 It now does.
2899
99a4b039
PH
2900PH/02 Two minor problems detected in Cygwin: the os.{c,h} files had lost */ on
2901 the CVS lines, and there was a missing #if HAVE_IPV6 in host.c.
2902
2903PH/03 Typo: missing ".o" in src/pcre/Makefile.
2904
4b233853
PH
2905PH/04 Tighten up "personal" tests: Instead of testing for any "List-"
2906 header line, restrict the check to what is listed in RFCs 2369 and 2929.
2907 Also, for "Auto-Submitted", treat anything other than "no" as
2908 non-personal, in accordance with RFC 3834. (Previously it treated
2909 anything starting "auto-" as non-personal.)
2910
8857ccfd
PH
2911TF/01 The control=submission/name=... option had a problem with syntax
2912 errors if the name included a slash character. The /name= option
2913 now slurps the rest of the string, so it can include any characters
2914 but it must come last in the list of options (after /sender_retain
2915 or /domain=).
2916
433a2980
PH
2917PH/05 Some modifications to the interface to the fake nameserver for the new
2918 testing suite.
2919
3e46c1aa 2920
9a799bc0 2921
e3a311ba
TK
2922Exim version 4.53
2923-----------------
2924
2925TK/01 Added the "success_on_redirect" address verification option. See
2926 NewStuff for rationale and an example.
2927
13b685f9
PH
2928PH/01 Added support for SQLite, basic code supplied by David Woodhouse.
2929
395ff96d
PH
2930PH/02 Patch to exigrep to allow it to work on syslog lines.
2931
5b68f6e4
PH
2932PH/03 When creating an mbox file for a virus/spam scan, use fseek() instead of
2933 fread() to skip over the body file's header line, because in Cygwin the
2934 header line is locked and is inaccessible.
2935
1ab52c69
PH
2936PH/04 Added $message_exim_id, ultimately to replace $message_id (they will both
2937 co-exist for some time) to make it clear that it is the Exim ID that is
2938 referenced, not the Message-ID: header line.
2939
b07e6aa3
PH
2940PH/05 Replaced all Tom's calls to snprintf() with calls to the internal
2941 string_format() function, because snprintf() does not exist on all
2942 operating systems.
2943
254e032f
PH
2944PH/06 The use of forbid_filter_existstest now also locks out the use of the
2945 ${stat: expansion item.
2946
3af76a81
PH
2947PH/07 Changed "SMTP protocol violation: synchronization error" into "SMTP
2948 protocol synchronization error", to keep the pedants happy.
2949
2548ba04
PH
2950PH/08 Arrange for USE_INET_NTOA_FIX to be set in config.h for AIX systems as
2951 well as for IRIX systems, when gcc is being used. See the host.c source
2952 file for comments.
2953
b6c6011d
PH
2954PH/09 Installed latest Cygwin configuration files from the Cygwin maintainer.
2955
cf39cf57
PH
2956PH/10 Named domain lists were not working if used in a queue_smtp_domains
2957 setting.
2958
f1513293
PH
2959PH/11 Added support for the IGNOREQUOTA extension to LMTP, both to the lmtp
2960 transport and to the smtp transport in LMTP mode.
2961
727549a4
PH
2962TK/02 Remove one case of BASE64 error detection FTTB (undocumented anyway).
2963
af46795e
PH
2964PH/12 There was a missing call to search_tidyup() before the fork() in rda.c to
2965 run a filter in a subprocess. This could lead to confusion in subsequent
2966 lookups in the parent process. There should also be a search_tidyup() at
2967 the end of the subprocess.
2968
d7b47fd0
PH
2969PH/13 Previously, if "verify = helo" was set in an ACL, the condition was true
2970 only if the host matched helo_try_verify_hosts, which caused the
2971 verification to occur when the EHLO/HELO command was issued. The ACL just
2972 tested the remembered result. Now, if a previous verification attempt has
2973 not happened, "verify = helo" does it there and then.
2974
ee744174
JJ
2975JJ/01 exipick: added $message_exim_id variable (see 4.53-PH/04)
2976
b582ab87
PH
2977TK/03 Fix log output including CR from clamd.
2978
41a13e0a
PH
2979PH/14 A reference to $reply_address when Reply-to: was empty and From: did not
2980 exist provoked a memory error which could cause a segfault.
2981
f625cc5a
PH
2982PH/15 Installed PCRE 6.2
2983
2984PH/17 Defined BIND_8_COMPAT in the Darwin os.h file.
2985
21f7af35
PH
2986PH/18 Reversed 4.52/PH/17 because the HP-UX user found it wasn't the cause
2987 of the problem. Specifically, suggested +O2 rather than +O1 for the
2988 HP-UX compiler.
2989
31480e42
PH
2990PH/19 Added sqlite_lock_timeout option (David Woodhouse's patch).
2991
2d280592
PH
2992PH/20 If a delivery was routed to a non-standard port by means of an SRV
2993 record, the port was not correctly logged when the outgoing_port log
2994 selector was set (it logged the transort's default port).
2995
7cd1141b
PH
2996PH/21 Added support for host-specific ports to manualroute, queryprogram,
2997 fallback_hosts, and "hosts" in the smtp transport.
2998
2999PH/22 If the log selector "outgoing_port" is set, the port is now also given on
3000 host errors such as "Connection refused".
3001
750af86e
PH
3002PH/23 Applied a patch to fix problems with exim-4.52 while doing radius
3003 authentication with radiusclient 0.4.9:
3004
3005 - Error returned from rc_read_config was caught wrongly
3006 - Username/password not passed on to radius server due to wrong length.
3007
3008 The presumption is that some radiusclient API changes for 4.51/PH/17
3009 were not taken care of correctly. The code is still untested by me (my
3010 Linux distribution still has 0.3.2 of radiusclient), but it was
3011 contributed by a Radius user.
3012
3013PH/24 When doing a callout, the value of $domain wasn't set correctly when
3014 expanding the "port" option of the smtp transport.
3015
4304270b
TK
3016TK/04 MIME ACL: Fix buffer underrun that occurs when EOF condition is met
3017 while reading a MIME header. Thanks to Tom Hughes for a patch.
3018
750af86e
PH
3019PH/24 Include config.h inside local_scan.h so that configuration settings are
3020 available.
3021
64ffc24f
PH
3022PH/25 Make $smtp_command_argument available after all SMTP commands. This means
3023 that in an ACL for RCPT (for example), you can examine exactly what was
3024 received.
3025
5dd9625b
PH
3026PH/26 Exim was recognizing IPv6 addresses of the form [IPv6:....] in EHLO
3027 commands, but it was not correctly comparing the address with the actual
3028 client host address. Thus, it would show the EHLO address in Received:
3029 header lines when this was not necessary.
3030
5591031b
PH
3031PH/27 Added the % operator to ${eval:}.
3032
ba18e66a
PH
3033PH/28 Exim tries to create and chdir to its spool directory when it starts;
3034 it should be ignoring failures (because with -C, for example, it has lost
3035 privilege). It wasn't ignoring creation failures other than "already
3036 exists".
3037
9cec981f
PH
3038PH/29 Added "crypteq" to the list of supported features that Exim outputs when
3039 -bV or -d is used.
3040
aa2b5c79
PH
3041PH/30 Fixed (presumably very longstanding) bug in exim_dbmbuild: if it failed
3042 because an input line was too long, either on its own, or by virtue of
1509d3a8
PH
3043 too many continuations, the temporary file was not being removed, and the
3044 return code was incorrect.
aa2b5c79 3045
48a53b7f
PH
3046PH/31 Missing "BOOL" in function definition in filtertest.c.
3047
1c59d63b
PH
3048PH/32 Applied Sieve patches from the maintainer.
3049
671012da
TK
3050TK/05 Domainkeys: Accomodate for a minor API change in libdomainkeys 0.67.
3051
1509d3a8
PH
3052PH/33 Added "verify = not_blind".
3053
3054PH/34 There are settings for CHOWN_COMMAND and MV_COMMAND that can be used in
3055 Local/Makefile (with some defaults set). These are used in built scripts
3056 such as exicyclog, but they have never been used in the exim_install
3057 script (though there are many overriding facilities there). I have
3058 arranged that the exim_install script now takes note of these two
3059 settings.
3060
3061PH/35 Installed configuration files for Dragonfly.
3062
2fe1a124
PH
3063PH/36 When a locally submitted message by a trusted user did not contain a
3064 From: header, and the sender address was obtained from -f or from an SMTP
3065 MAIL command, and the trusted user did not use -F to supply a sender
3066 name, $originator_name was incorrectly used when constructing a From:
3067 header. Furthermore, $originator_name was used for submission mode
3068 messages from external hosts without From: headers in a similar way,
3069 which is clearly wrong.
3070
8800895a
PH
3071PH/37 Added control=suppress_local_fixups.
3072
ccfdb010
PH
3073PH/38 When log_selector = +received_sender was set, and the addition of the
3074 sender made the log line's construction buffer exactly full, or one byte
3075 less than full, an overflow happened when the terminating "\n" was
3076 subsequently added.
3077
1130bfb0
PH
3078PH/39 Added a new log selector, "unknown_in_list", which provokes a log entry
3079 when the result of a list match is failure because a DNS lookup failed.
3080
ebcb507f
PH
3081PH/40 RM_COMMAND is now used in the building process.
3082
c35e155c
PH
3083PH/41 Added a "distclean" target to the top-level Makefile; it deletes all
3084 the "build-* directories that it finds.
3085
95d1f782
PH
3086PH/42 (But a TF fix): In a domain list, Exim incorrectly matched @[] if the IP
3087 address in a domain literal was a prefix of an interface address.
3088
fd6de02e
PH
3089PH/43 (Again a TF fix): In the dnslookup router, do not apply widen_domains
3090 when verifying a sender address, unless rewrite_headers is false.
3091
58de37c5
PH
3092PH/44 Wrote a long comment about why errors_to addresses are verified as
3093 recipients, not senders.
3094
261cf466
TF
3095TF/01 Add missing LIBS=-lm to OS/Makefile-OpenBSD which was overlooked when
3096 the ratelimit ACL was added.
3097
3ee512ff
PH
3098PH/45 Added $smtp_command for the full command (cf $smtp_command_argument).
3099
e08c430f
PH
3100PH/46 Added extra information about PostgreSQL errors to the error string.
3101
bef5a11f
PH
3102PH/47 Added an interface to a fake DNS resolver for use by the new test suite,
3103 avoiding the need to install special zones in a real server. This is
3104 backwards compatible; if it can't find the fake resolver, it drops back.
3105 Thus, both old and new test suites can be run.
3106
7546de58
TF
3107TF/02 Added util/ratelimit.pl
3108
e5d5a95f
TF
3109TF/03 Minor fix to the ratelimit code to improve its behaviour in case the
3110 clock is set back in time.
3111
2e88a017
TF
3112TF/04 Fix the ratelimit support in exim_fixdb. Patch provided by Brian
3113 Candler <B.Candler@pobox.com>.
3114
a5f65aa4
TF
3115TF/05 The fix for PH/43 was not completely correct; widen_domains is always
3116 OK for addresses that are the result of redirections.
3117
e7726cbf
PH
3118PH/48 A number of further additions for the benefit of the new test suite,
3119 including a fake gethostbyname() that interfaces to the fake DNS resolver
3120 (see PH/47 above).
3121
a7fdad5b
TF
3122TF/06 The fix for widen_domains has also been applied to qualify_single and
3123 search_parents which are the other dnslookup options that can cause
3124 header rewrites.
3125
6af56900
PH
3126PH/49 Michael Haardt's randomized retrying, but as a separate retry parameter
3127 type ("H").
3128
0925ede6
PH
3129PH/50 Make never_users, trusted_users, admin_groups, trusted_groups expandable.
3130
66afa403
TF
3131TF/07 Exim produced the error message "an SRV record indicated no SMTP
3132 service" if it encountered an MX record with an empty target hostname.
3133 The message is now "an MX or SRV record indicated no SMTP service".
3134
0154e85a
TF
3135TF/08 Change PH/13 introduced the possibility that verify=helo may defer,
3136 if the DNS of the sending site is misconfigured. This is quite a
3137 common situation. This change restores the behaviour of treating a
3138 helo verification defer as a failure.
3139
16f12c76
PH
3140PH/51 If self=fail was set on a router, the bounce message did not include the
3141 actual error message.
3142
bbe902f0 3143
e5a9dba6
PH
3144Exim version 4.52
3145-----------------
3146
3147TF/01 Added support for Client SMTP Authorization. See NewStuff for details.
3148
22c3b60b
PH
3149PH/01 When a transport filter timed out in a pipe delivery, and the pipe
3150 command itself ended in error, the underlying message about the transport
3151 filter timeout was being overwritten with the pipe command error. Now the
3152 underlying error message should be appended to the second error message.
3153
06a9b4b5
PH
3154TK/01 Fix poll() being unavailable on Mac OSX 10.2.
3155
c1ac6996
PH
3156PH/02 Reduce the amount of output that "make" produces by default. Full output
3157 can still be requested.
3158
9c7a242c
PH
3159PH/03 The warning log line about a condition test deferring for a "warn" verb
3160 was being output only once per connection, rather than after each
3161 occurrence (because it was using the same function as for successful
3162 "warn" verbs). This seems wrong, so I have changed it.
3163
87ba3f5f
PH
3164TF/02 Two buglets in acl.c which caused Exim to read a few bytes of memory that
3165 it should not have, which might have caused a crash in the right
3166 circumstances, but probably never did.
3167
3168PH/04 Installed a modified version of Tony Finch's patch to make submission
3169 mode fix the return path as well as the Sender: header line, and to
3170 add a /name= option so that you can make the user's friendly name appear
3171 in the header line.
3172
29aba418
TF
3173TF/03 Added the control = fakedefer ACL modifier.
3174
fe0dab11
TF
3175TF/04 Added the ratelimit ACL condition. See NewStuff for details. Thanks to
3176 Mark Lowes for thorough testing.
870f6ba8 3177
11d337a4
TK
3178TK/02 Rewrote SPF support to work with libspf2 versions >1.2.0.
3179
3180TK/03 Merged latest SRS patch from Miles Wilton.
3181
415c8f3b
PH
3182PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts
3183 with the definition in sysexits.h (which is #included earlier).
3184 Fortunately, Exim does not actually use EX_OK. The code used to try to
3185 preserve the sysexits.h value, by assumimg that macro definitions were
3186 scanned for macro replacements. I have been disabused of this notion,
3187 so now the code just undefines EX_OK before #including unistd.h.
11d337a4 3188
958541e9
PH
3189PH/06 There is a timeout for writing blocks of data, set by, e.g. data_timeout
3190 in the smtp transport. When a block could not be written in a single
3191 write() function, the timeout was being re-applied to each part-write.
3192 This seems wrong - if the receiver was accepting one byte at a time it
3193 would take for ever. The timeout is now adjusted when this happens. It
3194 doesn't have to be particularly precise.
3195
c206415f
TK
3196TK/04 Added simple SPF lookup method in EXPERIMENTAL_SPF. See NewStuff for
3197 details. Thanks to Chris Webb <chris@arachsys.com> for the patch!
3198
2a4be8f9
PH
3199PH/07 Added "fullpostmaster" verify option, which does a check to <postmaster>
3200 without a domain if the check to <postmaster@domain> fails.
3201
1cba11c5
SC
3202SC/01 Eximstats: added -xls and the ability to specify output files
3203 (patch written by Frank Heydlauf).
3204
3205SC/02 Eximstats: use FileHandles for outputing results.
3206
3207SC/03 Eximstats: allow any combination of xls, txt, and html output.
3208
3209SC/04 Eximstats: fixed display of large numbers with -nvr option
3210
3211SC/05 Eximstats: fixed merging of reports with empty tables.
3212
3213SC/06 Eximstats: added the -include_original_destination flag
3214
3215SC/07 Eximstats: removed tabs and trailing whitespace.
3216
1005d00e
TK
3217TK/05 Malware: Improve on aveserver error handling. Patch from Alex Miller.
3218
3219TK/06 MBOX spool code: Add real "From " MBOX separator line
3220 so the .eml file is really in mbox format (even though
3221 most programs do not really care). Patch from Alex Miller.
3222
3223TK/07 MBOX spool code: Add X-Envelope-From: and X-Envelope-To: headers.
3224 The latter is generated from $received_to and is only set if the
3225 message has one envelope recipient. SA can use these headers,
3226 obviously out-of-the-box. Patch from Alex Miller.
3227
9b4768fa
PH
3228PH/08 The ${def test on a variable was returning false if the variable's
3229 value was "0", contrary to what the specification has always said!
3230 The result should be true unless the variable is empty.
3231
3232PH/09 The syntax error of a character other than { following "${if
3233 def:variable_name" (after optional whitespace) was not being diagnosed.
3234 An expansion such as ${if def:sender_ident:{xxx}{yyy}} in which an
3235 accidental colon was present, for example, could give incorrect results.
3236
0d7eb84a
PH
3237PH/10 Tidied the code in a number of places where the st_size field of a stat()
3238 result is used (not including appendfile, where other changes are about
3239 to be made).
3240
3241PH/11 Upgraded appendfile so that quotas larger than 2G are now supported.
3242 This involved changing a lot of size variables from int to off_t. It
3243 should work with maildirs and everything.
3244
40727bee
TK
3245TK/08 Apply fix provided by Michael Haardt to prevent deadlock in case of
3246 spamd dying while we are connected to it.
3247
554d2369
TF
3248TF/05 Fixed a ${extract error message typo reported by Jeremy Harris
3249 <jgh@wizmail.org>
3250
1f922db1
PH
3251PH/12 Applied Alex Kiernan's patch for the API change for the error callback
3252 function for BDB 4.3.
3253
ef213c3b
PH
3254PH/13 Changed auto_thaw such that it does not apply to bounce messages.
3255
8ac170f3
PH
3256PH/14 Imported PCRE 6.0; this was more than just a trivial operation because
3257 the sources for PCRE have been re-arranged and more files are now
3258 involved.
3259
b1c749bb
PH
3260PH/15 The code I had for printing potentially long long variables in PH/11
3261 above was not the best (it lost precision). The length of off_t variables
3262 is now inspected at build time, and an appropriate printing format (%ld
c6c2dc1d
PH
3263 or %lld) is chosen and #defined by OFF_T_FMT. We also define LONGLONG_T
3264 to be "long long int" or "long int". This is needed for the internal
3265 formatting function string_vformat().
b1c749bb 3266
4aac9b49
PH
3267PH/16 Applied Matthew Newton's patch to exicyclog: "If log_file_path is set in
3268 the configuration file to be ":syslog", then the script "guesses" where
3269 the logs files are, rather than using the compiled in default. In our
3270 case the guess is not the same as the compiled default, so the script
3271 suddenly stopped working when I started to use syslog. The patch checks
3272 to see if log_file_path is "". If so, it attempts to read it from exim
3273 with no configuration file to get the compiled in version, before it
3274 falls back to the previous guessing code."
3275
294520c8
TK
3276TK/09 Added "prvs" and "prvscheck" expansion items. These help a lot with
3277 implementing BATV in an Exim configuration. See NewStuff for the gory
3278 details.
3279
5bd022fe
PH
3280PH/17 Applied Michael Haardt's patch for HP-UX, affecting only the os.h and
3281 Makefile that are specific to HP-UX.
3282
90e9ce59
PH
3283PH/18 If the "use_postmaster" option was set for a recipient callout together
3284 with the "random" option, the postmaster address was used as the MAIL
3285 FROM address for the random test, but not for the subsequent recipient
3286 test. It is now used for both.
3287
5ea81592
PH
3288PH/19 Applied Michael Haardt's patch to update Sieve to RFC3028bis. "The
3289 patch removes a few documentation additions to RFC 3028, because the
3290 latest draft now contains them. It adds the new en;ascii-case comparator
3291 and a new error check for 8bit text in MIME parts. Comparator and
3292 require names are now matched exactly. I enabled the subaddress
3293 extension, but it is not well tested yet (read: it works for me)."
3294
c6c2dc1d
PH
3295PH/20 Added macros for time_t as for off_t (see PH/15 above) and used them to
3296 rework some of the code of TK/09 above to avoid the hardwired use of
3297 "%lld" and "long long". Replaced the call to snprintf() with a call to
3298 string_vformat().
3299
fffffe4c
PH
3300PH/21 Added some other messages to those in 4.51/PH/42, namely "All relevant MX
3301 records point to non-existent hosts", "retry timeout exceeded", and
3302 "retry time not reached for any host after a long failure period".
ca02eafb 3303
9a26b6b2
PH
3304PH/22 Fixed some oversights/typos causing bugs when Exim is compiled with
3305 experimental DomainKeys support:
3306
3307 (1) The filter variables $n0-$n9 and $sn0-$sn9 were broken.
3308 (2) On an error such as an illegally used "control", the wrong name for
3309 the control was given.
3310
3311 These problems did NOT occur unless DomainKeys support was compiled.
3312
4aee0225
PH
3313PH/23 Added daemon_startup_retries and daemon_startup_sleep.
3314
32d668a5
PH
3315PH/24 Added ${if match_ip condition.
3316
8187c3f3
PH
3317PH/25 Put debug statements on either side of calls to EXIM_DBOPEN() for hints
3318 databases so that it will be absolutely obvious if a crash occurs in the
3319 DB library. This is a regular occurrence (often caused by mis-matched
3320 db.h files).
3321
ff790e47 3322PH/26 Insert a lot of missing (void) casts for functions such as chown(),
f1e894f3
PH
3323 chmod(), fcntl(), sscanf(), and other functions from stdio.h. These were
3324 picked up on a user's system that detects such things. There doesn't seem
3325 to be a gcc warning option for this - only an attribute that has to be
3326 put on the function's prototype. It seems that in Fedora Core 4 they have
3327 set this on a number of new functions. No doubt there will be more in due
3328 course.
ff790e47 3329
5417f6d1
PH
3330PH/27 If a dnslookup or manualroute router is set with verify=only, it need not
3331 specify a transport. However, if an address that was verified by such a
3332 router was the subject of a callout, Exim crashed because it tried to
3333 read the rcpt_include_affixes from the non-existent transport. Now it
3334 just assumes that the setting of that option is false. This bug was
3335 introduced by 4.51/PH/31.
3336
59cf8544
PH
3337PH/28 Changed -d+all to exclude +memory, because that information is very
3338 rarely of interest, but it makes the output a lot bigger. People tend to
3339 do -d+all out of habit.
3340
e7ad8a65
PH
3341PH/29 Removed support for the Linux-libc5 build, as it is obsolete and the
3342 code in os-type was giving problems when libc.so lives in lib64, like on