Add Valgrind hooks for memory pools
[exim.git] / doc / doc-txt / ChangeLog
CommitLineData
5dc43717 1$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.632 2010/06/12 15:21:25 jetmore Exp $
495ae4b0
PH
2
3Change log file for Exim from version 4.21
4-------------------------------------------
5
97fd1e48 6Exim version 4.73
ed7f7860 7-----------------
97fd1e48
PP
8
9PP/01 Date: & Message-Id: revert to normally being appended to a message,
10 only prepend for the Resent-* case. Fixes regression introduced in
11 Exim 4.70 by NM/22 for Bugzilla 607.
12
6901c596
PP
13PP/02 Include check_rfc2047_length in configure.default because we're seeing
14 increasing numbers of administrators be bitten by this.
15
a8c8d6b5
JJ
16JJ/01 Added DISABLE_DKIM and comment to src/EDITME
17
77bb000f
PP
18PP/03 Bugzilla 994: added openssl_options main configuration option.
19
a29e5231
PP
20PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
21
ec5a0394 22PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports.
a29e5231 23
55c75993
PP
24PP/06 Adjust NTLM authentication to handle SASL Initial Response.
25
453a6645 26PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
ec5a0394
PP
27 without a peer certificate, leading to a segfault because of an
28 assumption that peers always have certificates. Be a little more
453a6645
PP
29 paranoid. Problem reported by Martin Tscholak.
30
8544e77a
PP
31PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
32 filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
33 NB: ClamAV planning to remove STREAM in "middle of 2010".
3346ab01
PP
34 CL also introduces -bmalware, various -d+acl logging additions and
35 more caution in buffer sizes.
8544e77a 36
83e029d5
PP
37PP/09 Implemented reverse_ip expansion operator.
38
ed7f7860
PP
39PP/10 Bugzilla 937: provide a "debug" ACL control.
40
7d9f747b
PP
41PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne.
42
4b2241d2
PP
43PP/12 Bugzilla 973: Implement --version.
44
10385c15
PP
45PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0.
46
dbc4b90d
PP
47PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.
48
532be449
PP
49PP/15 Bugzilla 816: support multiple condition rules on Routers.
50
6a8de854 51PP/16 Add bool_lax{} expansion operator and use that for combining multiple
71265ae9
PP
52 condition rules, instead of bool{}. Make both bool{} and bool_lax{}
53 ignore trailing whitespace.
6a8de854 54
5dc43717
JJ
55JJ/02 prevent non-panic DKIM error from being sent to paniclog
56
57JJ/03 added tcp_wrappers_daemon_name to allow host entries other than
58 "exim" to be used
55c75993 59
3346ab01
PP
60PP/17 Fix malware regression for cmdline scanner introduced in PP/08.
61 Notification from Dr Andrew Aitchison.
62
491fab4c
PP
63PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's
64 ExtendedDetectionInfo response format.
65 Notification from John Horne.
66
13eb9497
PP
67PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards
68 compatible.
69
70PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http:
71 XSL and documented dependency on system catalogs, with examples of how
72 it normally works.
73
7f36d675
DW
74DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
75 access.
76
3346ab01 77
465e92cf
JJ
78Exim version 4.72
79-----------------
80
453a6645
PP
81JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
82 $data_path, and $header_path variables; fixed documentation bugs and
83 typos
465e92cf 84
453a6645
PP
85JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
86 exipick to access non-standard spools, including the "frozen" queue
87 (Finput)
edae0343 88
9bd3e22c
NM
89NM/01 Bugzilla 965: Support mysql stored procedures.
90 Patch from Alain Williams
91
bb576ff7
NM
92NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD
93
5a1a5845
NM
94NM/03 Bugzilla 955: Documentation fix for max_rcpts.
95 Patch from Andreas Metzler
96
981a9fad
NM
97NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator.
98 Patch from Kirill Miazine
99
7fc497ee
NM
100NM/05 Bugzilla 671: Added umask to procmail example.
101
1a41defa
JJ
102JJ/03 installed exipick 20100323.0, fixing doc bug
103
a466095c 104NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail
b26eacf1 105 directory. Notification and patch from Dan Rosenberg.
a466095c 106
94a6bd0b
NM
107TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1.
108
109TK/02 Improve log output when DKIM signing operation fails.
110
111MH/01 Treat the transport option dkim_domain as a colon separated
112 list, not as a single string, and sign the message with each element,
113 omitting multiple occurences of the same signer.
114
c1b141a8
NM
115NM/07 Null terminate DKIM strings, Null initialise DKIM variable
116 Bugzilla 985, 986. Patch by Simon Arlott
94a6bd0b 117
b26eacf1 118NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related)
0d0c6357
NM
119 Patch by Simon Arlott
120
179c5980 121PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on
b26eacf1 122 MBX locking. Notification from Dan Rosenberg.
179c5980 123
9bd3e22c 124
7c6d71af
NM
125Exim version 4.71
126-----------------
127
7d9f747b 128TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body.
7c6d71af 129
f013fb92
NM
130NM/01 Bugzilla 913: Documentation fix for gnutls_* options.
131
0eb8eedd
NM
132NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults.
133
663ee6d9
NM
134NM/03 Bugzilla 847: Enable DNSDB lookup by default.
135
177ebd9b
NM
136NM/04 Bugzilla 915: Flag broken perl installation during build.
137
7c6d71af 138
210f147e
NM
139Exim version 4.70
140-----------------
141
cdd3bb85 142TK/01 Added patch by Johannes Berg that expands the main option
e739e3d9 143 "spamd_address" if it starts with a dollar sign.
cdd3bb85
TK
144
145TK/02 Write list of recipients to X-Envelope-Sender header when building
146 the mbox-format spool file for content scanning (suggested by Jakob
7d9f747b 147 Hirsch).
cdd3bb85
TK
148
149TK/03 Added patch by Wolfgang Breyha that adds experimental DCC
150 (http://www.dcc-servers.net/) support via dccifd. Activated by
e739e3d9 151 setting EXPERIMENTAL_DCC=yes in Local/Makefile.
cdd3bb85
TK
152
153TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted
154 by Mark Daniel Reidel <mr@df.eu>.
155
210f147e
NM
156NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree.
157 When building exim an external PCRE library is now needed -
158 PCRE is a system library on the majority of modern systems.
159 See entry on PCRE_LIBS in EDITME file.
160
deafd5b3
NM
161NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator
162 conversation. Added nologin parameter to request.
7d9f747b 163 Patch contributed by Kirill Miazine.
deafd5b3 164
089793a4
TF
165TF/01 Do not log submission mode rewrites if they do not change the address.
166
5f16ca82
TF
167TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c.
168
dae9d94e 169NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty
7d9f747b 170 log files in place. Contributed by Roberto Lima.
dae9d94e 171
7d9f747b 172NM/04 Bugzilla 667: Close socket used by dovecot authenticator.
3f0da4d0 173
06864c44
TF
174TF/03 Bugzilla 615: When checking the local_parts router precondition
175 after a local_part_suffix or local_part_prefix option, Exim now
176 does not use the address's named list lookup cache, since this
177 contains cached lookups for the whole local part.
178
65a7d8c3 179NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by
7d9f747b 180 Robert Millan. Documentation is in experimental-spec.txt.
65a7d8c3 181
23510047 182TF/04 Bugzilla 668: Fix parallel build (make -j).
65a7d8c3 183
7d9f747b 184NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000.
5f28a6e8 185
7d8eec3a 186NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling.
7d9f747b 187 Patch provided by Jan Srzednicki.
6c588e74 188
89dec7b6
TF
189TF/05 Leading white space used to be stripped from $spam_report which
190 wrecked the formatting. Now it is preserved.
5f28a6e8 191
a99de90c
TF
192TF/06 Save $spam_score, $spam_bar, and $spam_report in spool files, so
193 that they are available at delivery time.
194
e2803e40
TF
195TF/07 Fix the way ${extract is skipped in the untaken branch of a conditional.
196
7199e1ee
TF
197TF/08 TLS error reporting now respects the incoming_interface and
198 incoming_port log selectors.
199
e276e04b
TF
200TF/09 Produce a more useful error message if an SMTP transport's hosts
201 setting expands to an empty string.
202
ce552449 203NM/06 Bugzilla 744: EXPN did not work under TLS.
7d9f747b 204 Patch provided by Phil Pennock.
ce552449 205
e765a0f1 206NM/07 Bugzilla 769: Extraneous comma in usage fprintf
7d9f747b 207 Patch provided by Richard Godbee.
e765a0f1 208
4f054c63 209NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be
447de4b0 210 acl_smtp_notquit, added index entry.
4f054c63 211
7d9f747b
PP
212NM/09 Bugzilla 787: Potential buffer overflow in string_format.
213 Patch provided by Eugene Bujak.
24c929a2 214
7d9f747b
PP
215NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to
216 accept(). Patch provided by Maxim Dounin.
cf73943b 217
b52bc06e 218NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero.
7d9f747b 219 Patch provided by Phil Pennock.
b52bc06e 220
447de4b0
NM
221NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists.
222
4c69d561 223NM/13 Bugzilla 590: Correct handling of Resent-Date headers.
7d9f747b 224 Patch provided by Brad "anomie" Jorsch.
4c69d561 225
d5c39246 226NM/14 Bugzilla 622: Added timeout setting to transport filter.
7d9f747b 227 Patch provided by Dean Brooks.
9b989985 228
0b23848a
TK
229TK/05 Add native DKIM support (does not depend on external libraries).
230
8f3414a1 231NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful.
7d9f747b 232 Patch provided by Graeme Fowler.
e2aacdfd 233
fb6f955d
NM
234NM/16 Bugzilla 851: Documentation example syntax fix.
235
236NM/17 Changed NOTICE file to remove references to embedded PCRE.
8f3414a1 237
7d9f747b
PP
238NM/18 Bugzilla 894: Fix issue with very long lines including comments in
239 lsearch.
dbb0bf41 240
7d9f747b
PP
241NM/19 Bugzilla 745: TLS version reporting.
242 Patch provided by Phil Pennock.
f3766eb5 243
7d9f747b
PP
244NM/20 Bugzilla 167: bool: condition support.
245 Patch provided by Phil Pennock.
36f12725 246
7d9f747b
PP
247NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken
248 clients. Patch provided by Phil Pennock.
e6060e2c 249
7d9f747b
PP
250NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date.
251 Patch provided by Brad "anomie" Jorsch.
5eb690a1 252
7d9f747b
PP
253NM/23 Bugzilla 687: Fix misparses in eximstats.
254 Patch provided by Heiko Schlittermann.
d5c13d66 255
7d9f747b
PP
256NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid.
257 Patch provided by Heiko Schlittermann.
b2335c0b 258
7d9f747b 259NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file.
1da77999 260 plus update to original patch.
f4cd9433 261
7d9f747b 262NM/26 Bugzilla 799: Documentation correction for ratelimit.
dc988b7e 263
7d9f747b
PP
264NM/27 Bugzilla 802: Improvements to local interface IP addr detection.
265 Patch provided by David Brownlee.
8dc71ab3 266
7d9f747b 267NM/28 Bugzilla 807: Improvements to LMTP delivery logging.
400eda43 268
7d9f747b 269NM/29 Bugzilla 862, 866, 875: Documentation bugfixes.
ec5a421b 270
7d9f747b 271NM/30 Bugzilla 888: TLS documentation bugfixes.
07af267e 272
7d9f747b 273NM/31 Bugzilla 896: Dovecot buffer overrun fix.
51473862 274
17792b53 275NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --"
7d9f747b 276 Unlike the original bugzilla I have changed all shell scripts in src tree.
17792b53 277
7d9f747b
PP
278NM/33 Bugzilla 898: Transport filter timeout fix.
279 Patch by Todd Rinaldo.
52383f8f 280
7d9f747b
PP
281NM/34 Bugzilla 901: Fix sign/unsigned and UTF mistmatches.
282 Patch by Serge Demonchaux.
5ca6d115 283
7d9f747b
PP
284NM/35 Bugzilla 39: Base64 decode bug fixes.
285 Patch by Jakob Hirsch.
baee9eee 286
7d9f747b 287NM/36 Bugzilla 909: Correct connect() call in dcc code.
e93a964c 288
7d9f747b 289NM/37 Bugzilla 910: Correct issue with relaxed/simple handling.
9bf3d68f 290
7d9f747b 291NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed.
96535b98 292
7d9f747b 293NM/39 Bugzilla 911: Fixed MakeLinks build script.
30339e0f 294
deafd5b3 295
47db1125
NM
296Exim version 4.69
297-----------------
298
4b3504d0
TK
299TK/01 Add preliminary DKIM support. Currently requires a forked version of
300 ALT-N's libdkim that I have put here:
301 http://duncanthrax.net/exim-experimental/
302
303 Note to Michael Haardt: I had to rename some vars in sieve.c. They
304 were called 'true' and it seems that C99 defines that as a reserved
305 keyword to be used with 'bool' variable types. That means you could
306 not include C99-style headers which use bools without triggering
307 build errors in sieve.c.
308
81ea09ca
NM
309NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
310 as mailq or other aliases. Changed the --help handling significantly
311 to do whats expected. exim_usage() emits usage/help information.
312
f13cddcb
SC
313SC/01 Added the -bylocaldomain option to eximstats.
314
7d9f747b 315NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr.
8ad076b2 316
7d9f747b 317NM/03 Bugzilla 613: Documentation fix for acl_not_smtp.
a843aaa6 318
7d9f747b 319NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall).
47db1125
NM
320
321
eb4c0de6
PH
322Exim version 4.68
323-----------------
324
325PH/01 Another patch from the Sieve maintainer.
326
6a3bceb1
PH
327PH/02 When an IPv6 address is converted to a string for single-key lookup
328 in an address list (e.g. for an item such as "net24-dbm;/net/works"),
329 dots are used instead of colons so that keys in lsearch files need not
330 contain colons. This was done some time before quoting was made available
331 in lsearch files. However, iplsearch files do require colons in IPv6 keys
332 (notated using the quote facility) so as to distinguish them from IPv4
333 keys. This meant that lookups for IP addresses in host lists did not work
334 for iplsearch lookups.
335
336 This has been fixed by arranging for IPv6 addresses to be expressed with
337 colons if the lookup type is iplsearch. This is not incompatible, because
338 previously such lookups could never work.
339
340 The situation is now rather anomolous, since one *can* have colons in
341 ordinary lsearch keys. However, making the change in all cases is
342 incompatible and would probably break a number of configurations.
343
2e30fa9d
TK
344TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
345 version.
346
0806a9c5
MH
347MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
348 conversion specification without a maximum field width, thereby enabling
349 a rogue spamd server to cause a buffer overflow. While nobody in their
350 right mind would setup Exim to query an untrusted spamd server, an
351 attacker that gains access to a server running spamd could potentially
352 exploit this vulnerability to run arbitrary code as the Exim user.
353
ae276964
TK
354TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
355 $primary_hostname instead of what libspf2 thinks the hosts name is.
356
0f2cbd1b
MH
357MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
358 a directory entry by the name of the lookup key. Previously, if a
359 symlink pointed to a non-existing file or a file in a directory that
360 Exim lacked permissions to read, a lookup for a key matching that
361 symlink would fail. Now it is enough that a matching directory entry
362 exists, symlink or not. (Bugzilla 503.)
363
2b85bce7
PH
364PH/03 The body_linecount and body_zerocount variables are now exported in the
365 local_scan API.
366
93655c46
PH
367PH/04 Added the $dnslist_matched variable.
368
6c512171
PH
369PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
370 This means they are set thereafter only if the connection becomes
371 encrypted.
372
373PH/06 Added the client_condition to authenticators so that some can be skipped
374 by clients under certain conditions.
375
aa6dc513
PH
376PH/07 The error message for a badly-placed control=no_multiline_responses left
377 "_responses" off the end of the name.
378
a96603a0
PH
379PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
380
8f240103
PH
381PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
382 (without spaces) instead of just copying the configuration text.
383
384PH/10 Added the /noupdate option to the ratelimit ACL condition.
385
d677b2f2
PH
386PH/11 Added $max_received_linelength.
387
d52120f2
PH
388PH/12 Added +ignore_defer and +include_defer to host lists.
389
64f2600a
PH
390PH/13 Installed PCRE version 7.2. This needed some changes because of the new
391 way in which PCRE > 7.0 is built.
392
8669f003
PH
393PH/14 Implemented queue_only_load_latch.
394
a4dc33a8
PH
395PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
396 MAIL command. The effect was to mangle the value on 64-bit systems.
397
d6a60c0f
PH
398PH/16 Another patch from the Sieve maintainer.
399
8f128379
PH
400PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
401
8932dffe
PH
402PH/18 If a system quota error occurred while trying to create the file for
403 a maildir delivery, the message "Mailbox is full" was not appended to the
404 bounce if the delivery eventually timed out. Change 4.67/27 below applied
405 only to a quota excession during the actual writing of the file.
d6a60c0f 406
ddea74fa 407PH/19 It seems that peer DN values may contain newlines (and other non-printing
48ed62d9
PH
408 characters?) which causes problems in log lines. The DN values are now
409 passed through string_printing() before being added to log lines.
410
ddea74fa 411PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
b7670459
PH
412 and InterBase are left for another time.)
413
ddea74fa
PH
414PH/21 Added message_body_newlines option.
415
ce9f225c
PH
416PH/22 Guard against possible overflow in moan_check_errorcopy().
417
19897d52
PH
418PH/23 POSIX allows open() to be a macro; guard against that.
419
bc64a74d
PH
420PH/24 If the recipient of an error message contained an @ in the local part
421 (suitably quoted, of course), incorrect values were put in $domain and
422 $local_part during the evaluation of errors_copy.
423
eb4c0de6 424
b4ed4da0
PH
425Exim version 4.67
426-----------------
427
22ad45c9
MH
428MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address
429 is unset (happens when testing with -bh and -oMi isn't used). Thanks to
430 Jan Srzednicki.
431
b4ed4da0
PH
432PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not
433 issue a MAIL command.
434
431b7361
PH
435PH/02 In an ACL statement such as
436
437 deny dnslists = X!=127.0.0.2 : X=127.0.0.2
438
439 if a client was not listed at all, or was listed with a value other than
440 127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list,
441 the condition was not true (as it should be), so access was not denied.
442 The bug was that the ! inversion was incorrectly passed on to the second
443 item. This has been fixed.
444
445PH/03 Added additional dnslists conditions == and =& which are different from
446 = and & when the dns lookup returns more than one IP address.
447
83da1223
PH
448PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the
449 cipher suites used by GnuTLS. These options are ignored by OpenSSL.
450
54fc8428
PH
451PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_
452 FSYNC, which compiles an option called disable_fsync that allows for
453 bypassing fsync(). The documentation is heavily laced with warnings.
454
34c5e8dd
SC
455SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket.
456
bbe15da8
PH
457PH/06 Some tidies to the infrastructure of the Test Suite that is concerned
458 with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT
459 to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile,
460 including adding "make clean"; (3) Added -fPIC when compiling the test
461 dynamically loaded module, to get rid of a warning.
462
0e8a9471
MH
463MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce
464 message fails, move_frozen_messages = true and ignore_bounce_errors_after
465 = 0s. The bug is otherwise harmless.
466
f0872424
PH
467PH/07 There was a bug in the dovecot authenticator such that the value of
468 $auth1 could be overwritten, and so not correctly preserved, after a
469 successful authentication. This usually meant that the value preserved by
470 the server_setid option was incorrect.
471
b01dd148
PH
472PH/08 Added $smtp_count_at_connection_start, deliberately with a long name.
473
6bf342e1
PH
474PH/09 Installed PCRE release 7.0.
475
273f34d0
PH
476PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being
477 run for batched SMTP input. It is now run at the start of every message
478 in the batch. While fixing this I discovered that the process information
479 (output by running exiwhat) was not always getting set for -bs and -bS
480 input. This is fixed, and it now also says "batched" for BSMTP.
481
cf8b11a5
PH
482PH/11 Added control=no_pipelining.
483
41c7c167
PH
484PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's
485 patch, slightly modified), and move the expansion of helo_data till after
486 the connection is made in the smtp transport (so it can use these
487 values).
488
9c57cbc0
PH
489PH/13 Added ${rfc2047d: to decoded RFC 2047 strings.
490
f3f065bb
PH
491PH/14 Added log_selector = +pid.
492
047bdd8c
PH
493PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set.
494
0ce9abe6
PH
495PH/16 Add ${if forany and ${if forall.
496
0e22dfd1
PH
497PH/17 Added dsn_from option to vary the From: line in DSNs.
498
4c590bd1
PH
499PH/18 Flush SMTP output before performing a callout, unless control =
500 no_callout_flush is set.
501
09945f1e
PH
502PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender
503 was true (the default) a successful delivery failed to delete the retry
504 item, thus causing premature timeout of the address. The bug is now
505 fixed.
506
c51b8e75
PH
507PH/20 Added hosts_avoid_pipelining to the smtp transport.
508
e28326d8
PH
509PH/21 Long custom messages for fakedefer and fakereject are now split up
510 into multiline reponses in the same way that messages for "deny" and
511 other ACL rejections are.
512
75b1493f
PH
513PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep,
514 with slight modification.
515
7c5214ec
PH
516PH/23 Applied sieve patches from the maintainer "tracking the latest notify
517 draft, changing the syntax and factoring some duplicate code".
518
4311097e
PH
519PH/24 When the log selector "outgoing_port" was set, the port was shown as -1
520 for deliveries of the second and subsequent messages over the same SMTP
521 connection.
522
29f89cad
PH
523PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and
524 ${reduce, with only minor "tidies".
525
5e687460
SC
526SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match.
527
c3611384
PH
528PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its
529 expansion side effects.
530
5a11a7b4
PH
531PH/27 When a message times out after an over-quota error from an Exim-imposed
532 quota, the bounce message says "mailbox is full". This message was not
533 being given when it was a system quota that was exceeded. It now should
534 be the same.
535
0e20aff9
MH
536MH/03 Made $recipients available in local_scan(). local_scan() already has
537 better access to the recipient list through recipients_list[], but
538 $recipients can be useful in postmaster-provided expansion strings.
539
ca86f471
PH
540PH/28 The $smtp_command and $smtp_command_argument variables were not correct
541 in the case of a MAIL command with additional options following the
542 address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings
543 were accidentally chopped off.
544
a14e5636
PH
545PH/29 SMTP synchronization checks are implemented when a command is read -
546 there is a check that no more input is waiting when there shouldn't be
547 any. However, for some commands, a delay in an ACL can mean that it is
548 some time before the response is written. In this time, more input might
549 arrive, invalidly. So now there are extra checks after an ACL has run for
550 HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when
551 pipelining has not been advertised.
552
ec95d1a6
PH
553PH/30 MH's patch to allow iscntrl() characters to be list separators.
554
42855d71
PH
555PH/31 Unlike :fail:, a custom message specified with :defer: was not being
556 returned in the SMTP response when smtp_return_error_details was false.
557 This has been fixed.
558
57c2c631
PH
559PH/32 Change the Dovecot authenticator to use read() and write() on the socket
560 instead of the C I/O that was originally supplied, because problems were
561 reported on Solaris.
562
58c01c94
PH
563PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in
564 Exim which did not show up earlier: it was assuming that a call to
565 SSL_CTX_set_info_callback() might give an error value. In fact, there is
566 no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback()
567 was a macro that became an assignment, so it seemed to work. This has
568 changed to a proper function call with a void return, hence the compile
569 error. Exim's code has been fixed.
570
dee5a20a
PH
571PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit
572 cpus.
573
d2ee6114
PH
574PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify".
575
b2d5182b
PH
576PH/36 Applied John Jetmore's patch to add -v functionality to exigrep.
577
79749a79
PH
578PH/37 If a message is not accepted after it has had an id assigned (e.g.
579 because it turns out to be too big or there is a timeout) there is no
3ce62588
PH
580 "Completed" line in the log. When some messages of this type were
581 selected by exigrep, they were listed as "not completed". Others were
582 picked up by some special patterns. I have improved the selection
583 criteria to be more general.
79749a79 584
c456d9bb
PH
585PH/38 The host_find_failed option in the manualroute router can now be set
586 to "ignore", to completely ignore a host whose IP address cannot be
587 found. If all hosts are ignored, the behaviour is controlled by the new
588 host_all_ignored option.
589
cd9868ec
PH
590PH/39 In a list of hosts for manualroute, if one item (either because of multi-
591 homing or because of multiple MX records with /mx) generated more than
592 one IP address, and the following item turned out to be the local host,
593 all the secondary addresses of the first item were incorrectly removed
594 from the list, along with the local host and any following hosts (which
595 is what is supposed to happen).
596
ebeaf996
PH
597PH/40 When Exim receives a message, it writes the login name, uid, and gid of
598 whoever called Exim into the -H file. In the case of the daemon it was
599 behaving confusingly. When first started, it used values for whoever
600 started the daemon, but after a SIGHUP it used the Exim user (because it
601 calls itself on a restart). I have changed the code so that it now always
602 uses the Exim user.
603
2679d413
PH
604PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a
605 message are rejected with the same error (e.g. no authentication or bad
606 sender address), and a DATA command is nevertheless sent (as can happen
607 with PIPELINING or a stupid MUA), the error message that was given to the
608 RCPT commands is included in the rejection of the DATA command. This is
609 intended to be helpful for MUAs that show only the final error to their
610 users.
611
84024b72
PH
612PH/42 Another patch from the Sieve maintainer.
613
8005d38e
SC
614SC/02 Eximstats - Differentiate between permanent and temporary rejects.
615 Eximstats - Fixed some broken HTML links and added missing column headers
616 (Jez Hancock).
617 Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email
618 columns for Rejects, Temp Rejects, Ham, and Spam rows.
619
3298c6c6
SC
620SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables.
621
a43a27c5
PH
622PH/43 Yet another patch from the Sieve maintainer.
623
58eb016e 624PH/44 I found a way to check for a TCP/IP connection going away before sending
563b63fa
PH
625 the response to the final '.' that terminates a message, but only in the
626 case where the client has not sent further data following the '.'
627 (unfortunately, this is allowed). However, in many cases there won't be
628 any further data because there won't be any more messages to send. A call
629 to select() can be used: if it shows that the input is "ready", there is
630 either input waiting, or the socket has been closed. An attempt to read
631 the next input character can distinguish the two cases. Previously, Exim
58eb016e 632 would have sent an OK response which the client would never have see.
563b63fa
PH
633 This could lead to message repetition. This fix should cure that, at
634 least in a lot of common cases.
58eb016e 635
b43a74ea
PH
636PH/45 Do not advertise STARTTLS in response to HELP unless it would be
637 advertised in response to EHLO.
638
b4ed4da0 639
5dd1517f
PH
640Exim version 4.66
641-----------------
642
643PH/01 Two more bugs that were introduced by 4.64/PH/07, in addition to the one
644 fixed by 4.65/MH/01 (is this a record?) are fixed:
645
646 (i) An empty string was always treated as zero by the numeric comparison
647 operators. This behaviour has been restored.
648
649 (ii) It is documented that the numeric comparison operators always treat
650 their arguments as decimal numbers. This was broken in that numbers
651 starting with 0 were being interpreted as octal.
652
653 While fixing these problems I realized that there was another issue that
654 hadn't been noticed. Values of message_size_limit (both the global option
655 and the transport option) were treated as octal if they started with 0.
656 The documentation was vague. These values are now always treated as
657 decimal, and I will make that clear in the documentation.
658
659
93cfa765
TK
660Exim version 4.65
661-----------------
662
663TK/01 Disable default definition of HAVE_LINUX_SENDFILE. Clashes with
664 Linux large file support (_FILE_OFFSET_BITS=64) on older glibc
665 versions. (#438)
666
d6066548
MH
667MH/01 Don't check that the operands of numeric comparison operators are
668 integers when their expansion is in "skipping" mode (fixes bug
669 introduced by 4.64-PH/07).
670
4362ff0d
PH
671PH/01 If a system filter or a router generates more than SHRT_MAX (32767)
672 child addresses, Exim now panics and dies. Previously, because the count
673 is held in a short int, deliveries were likely to be lost. As such a
674 large number of recipients for a single message is ridiculous
675 (performance will be very, very poor), I have chosen to impose a limit
676 rather than extend the field.
677
93cfa765 678
944e9e9c
TF
679Exim version 4.64
680-----------------
aa41d2de 681
21d74bd9
TK
682TK/01 Bugzilla #401. Fix DK spooling code so that it can overwrite a
683 leftover -K file (the existence of which was triggered by #402).
684 While we were at it, introduced process PID as part of the -K
685 filename. This should rule out race conditions when creating
686 these files.
687
688TK/02 Bugzilla #402. Apply patch from Simon Arlott, speeding up DK signing
689 processing considerably. Previous code took too long for large mails,
690 triggering a timeout which in turn triggers #401.
691
692TK/03 Introduced HAVE_LINUX_SENDFILE to os.h-Linux. Currently only used
693 in the DK code in transports.c. sendfile() is not really portable,
694 hence the _LINUX specificness.
944e9e9c
TF
695
696TF/01 In the add_headers option to the mail command in an Exim filter,
697 there was a bug that Exim would claim a syntax error in any
698 header after the first one which had an odd number of characters
699 in the field name.
700
2b1c6e3a
PH
701PH/01 If a server that rejects MAIL FROM:<> was the target of a sender
702 callout verification, Exim cached a "reject" for the entire domain. This
703 is correct for most verifications, but it is not correct for a recipient
704 verification with use_sender or use_postmaster set, because in that case
705 the callout does not use MAIL FROM:<>. Exim now distinguishes the special
706 case of MAIL FROM:<> rejection from other early rejections (e.g.
707 rejection of HELO). When verifying a recipient using a non-null MAIL
708 address, the cache is ignored if it shows MAIL FROM:<> rejection.
709 Whatever the result of the callout, the value of the domain cache is
710 left unchanged (for any other kind of callout, getting as far as trying
711 RCPT means that the domain itself is ok).
712
1f872c80
PH
713PH/02 Tidied a number of unused variable and signed/unsigned warnings that
714 gcc 4.1.1 threw up.
715
716PH/03 On Solaris, an unexpectedly close socket (dropped connection) can
717 manifest itself as EPIPE rather than ECONNECT. When tidying away a
718 session, the daemon ignores ECONNECT errors and logs others; it now
719 ignores EPIPE as well.
720
d203e649
PH
721PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c
722 (quoted-printable decoding).
723
cc2ed8f7 724PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and
21a04aa3 725 later the small subsequent patch to fix an introduced bug.
f951fd57 726
ddfcd446
PH
727PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer.
728
d45b1de8
PH
729PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}.
730
731PH/08 An error is now given if message_size_limit is specified negative.
732
38a0a95f 733PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables
641cb756 734 to be given (somewhat) arbitrary names.
38a0a95f 735
a2405d83
JJ
736JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced
737 in 4.64-PH/09.
738
739JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions,
740 miscellaneous code fixes
741
6ea85e9a
PH
742PH/10 Added the log_reject_target ACL modifier to specify where to log
743 rejections.
744
26da7e20
PH
745PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_
746 hostname. This is wrong, because it relates to the incoming message (and
747 probably the interface on which it is arriving) and not to the outgoing
748 callout (which could be using a different interface). This has been
749 changed to use the value of the helo_data option from the smtp transport
750 instead - this is what is used when a message is actually being sent. If
751 there is no remote transport (possible with a router that sets up host
752 addresses), $smtp_active_hostname is used.
6ea85e9a 753
14aa5a05 754PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various
7befa435 755 tweaks were necessary in order to get it to work (see also 21 below):
14aa5a05
PH
756 (a) The code assumed that strncpy() returns a negative number on buffer
757 overflow, which isn't the case. Replaced with Exim's string_format()
758 function.
759 (b) There were several signed/unsigned issues. I just did the minimum
760 hacking in of casts. There is scope for a larger refactoring.
761 (c) The code used strcasecmp() which is not a standard C function.
762 Replaced with Exim's strcmpic() function.
763 (d) The code set only $1; it now sets $auth1 as well.
764 (e) A simple test gave the error "authentication client didn't specify
765 service in request". It would seem that Dovecot has changed its
766 interface. Fortunately there's a specification; I followed it and
767 changed what the client sends and it appears to be working now.
768
ff75a1f7
PH
769PH/13 Added $message_headers_raw to provide the headers without RFC 2047
770 decoding.
771
e6f6568e
PH
772PH/14 Corrected misleading output from -bv when -v was also used. Suppose the
773 address A is aliased to B and C, where B exists and C does not. Without
774 -v the output is "A verified" because verification stops after a
775 successful redirection if more than one address is generated. However,
776 with -v the child addresses are also verified. Exim was outputting "A
777 failed to verify" and then showing the successful verification for C,
778 with its parentage. It now outputs "B failed to verify", showing B's
779 parentage before showing the successful verification of C.
780
d6f6e0dc
PH
781PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to
782 look up a TXT record in a specific list after matching in a combined
783 list.
784
322050c2
PH
785PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and
786 RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when
787 they consult the DNS. I had assumed they would set it the way they
788 wanted; and indeed my experiments on Linux seem to show that in some
789 cases they do (I could influence IPv6 lookups but not IPv4 lookups).
790 To be on the safe side, however, I have now made the interface to
791 host_find_byname() similar to host_find_bydns(), with an argument
792 containing the DNS resolver options. The host_find_byname() function now
793 sets these options at its start, just as host_find_bydns() does. The smtp
794 transport options dns_qualify_single and dns_search_parents are passed to
795 host_find_byname() when gethostbyname=TRUE in this transport. Other uses
796 of host_find_byname() use the default settings of RES_DEFNAMES
797 (qualify_single) but not RES_DNSRCH (search_parents).
798
08955dd3
PH
799PH/17 Applied (a modified version of) Nico Erfurth's patch to make
800 spool_read_header() do less string testing, by means of a preliminary
801 switch on the second character of optional "-foo" lines. (This is
802 overdue, caused by the large number of possibilities that now exist.
803 Originally there were few.) While I was there, I also converted the
804 str(n)cmp tests so they don't re-test the leading "-" and the first
805 character, in the hope this might squeeze out yet more improvement.
806
1eccaa59
PH
807PH/18 Two problems with "group" syntax in header lines when verifying: (1) The
808 flag allowing group syntax was set by the header_syntax check but not
809 turned off, possible causing trouble later; (2) The flag was not being
810 set at all for the header_verify test, causing "group"-style headers to
811 be rejected. I have now set it in this case, and also caused header_
812 verify to ignore an empty address taken from a group. While doing this, I
813 came across some other cases where the code for allowing group syntax
814 while scanning a header line wasn't quite right (mostly, not resetting
815 the flag correctly in the right place). These bugs could have caused
816 trouble for malformed header lines. I hope it is now all correct.
817
602e59e5
PH
818PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called
819 with the "reply" argument non-NULL. The code, however (which originally
820 came from elsewhere) had *some* tests for NULL when it wrote to *reply,
821 but it didn't always do it. This confused somebody who was copying the
822 code for some other use. I have removed all the tests.
823
411ef850
PH
824PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a
825 feature that was used to support insecure browsers during the U.S. crypto
826 embargo. It requires special client support, and Exim is probably the
827 only MTA that supported it -- and would never use it because real RSA is
828 always available. This code has been removed, because it had the bad
829 effect of slowing Exim down by computing (never used) parameters for the
830 RSA_EXPORT functionality.
831
7befa435
PH
832PH/21 On the advice of Timo Sirainen, added a check to the dovecot
833 authenticator to fail if there's a tab character in the incoming data
834 (there should never be unless someone is messing about, as it's supposed
835 to be base64-encoded). Also added, on Timo's advice, the "secured" option
836 if the connection is using TLS or if the remote IP is the same as the
837 local IP, and the "valid-client-cert option" if a client certificate has
838 been verified.
839
48da4259 840PH/22 As suggested by Dennis Davis, added a server_condition option to *all*
16ff981e
PH
841 authenticators. This can be used for authorization after authentication
842 succeeds. (In the case of plaintext, it servers for both authentication
843 and authorization.)
844
48da4259
PH
845PH/23 Testing for tls_required and lost_connection in a retry rule didn't work
846 if any retry times were supplied.
847
d1d5595c
PH
848PH/24 Exim crashed if verify=helo was activated during an incoming -bs
849 connection, where there is no client IP address to check. In this
850 situation, the verify now always succeeds.
851
0ef732d9
PH
852PH/25 Applied John Jetmore's -Mset patch.
853
328895cc
PH
854PH/26 Added -bem to be like -Mset, but loading a message from a file.
855
fd700877
PH
856PH/27 In a string expansion for a processed (not raw) header when multiple
857 headers of the same name were present, leading whitespace was being
858 removed from all of them, but trailing whitespace was being removed only
859 from the last one. Now trailing whitespace is removed from each header
f6c332bd
PH
860 before concatenation. Completely empty headers in a concatenation (as
861 before) are ignored.
fd700877 862
8dce1a6f
PH
863PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John
864 Jetmore). It would have mis-read ACL variables from pre-4.61 spool files.
865
17af4a17
PH
866PH/29 [Removed. This was a change that I later backed out, and forgot to
867 correct the ChangeLog entry (that I had efficiently created) before
868 committing the later change.]
f6c332bd
PH
869
870PH/30 Exim was sometimes attempting to deliver messages that had suffered
871 address errors (4xx response to RCPT) over the same connection as other
872 messages routed to the same hosts. Such deliveries are always "forced",
873 so retry times are not inspected. This resulted in far too many retries
874 for the affected addresses. The effect occurred only when there were more
875 hosts than the hosts_max_try setting in the smtp transport when it had
876 the 4xx errors. Those hosts that it had tried were not added to the list
877 of hosts for which the message was waiting, so if all were tried, there
878 was no problem. Two fixes have been applied:
879
880 (i) If there are any address or message errors in an SMTP delivery, none
881 of the hosts (tried or untried) are now added to the list of hosts
882 for which the message is waiting, so the message should not be a
883 candidate for sending over the same connection that was used for a
884 successful delivery of some other message. This seems entirely
885 reasonable: after all the message is NOT "waiting for some host".
886 This is so "obvious" that I'm not sure why it wasn't done
887 previously. Hope I haven't missed anything, but it can't do any
888 harm, as the worst effect is to miss an optimization.
889
890 (ii) If, despite (i), such a delivery is accidentally attempted, the
891 routing retry time is respected, so at least it doesn't keep
892 hammering the server.
893
c1114884
PH
894PH/31 Installed Andrew Findlay's patch to close the writing end of the socket
895 in ${readsocket because some servers need this prod.
896
7a0743eb
PH
897PH/32 Added some extra debug output when updating a wait-xxx database.
898
0d85fa3f
PH
899PH/33 The hint "could be header name not terminated by colon", which has been
900 given for certain expansion errors for a long time, was not being given
901 for the ${if def:h_colon_omitted{... case.
902
1bf43b78
PH
903PH/34 The spec says: "With one important exception, whenever a domain list is
904 being scanned, $domain contains the subject domain." There was at least
905 one case where this was not true.
906
520de300
PH
907PH/35 The error "getsockname() failed: connection reset by peer" was being
908 written to the panic log as well as the main log, but it isn't really
909 panic-worthy as it just means the connection died rather early on. I have
910 removed the panic log writing for the ECONNRESET error when getsockname()
911 fails.
912
48c7f9e2
PH
913PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue
914 runs only) independently of the message's sender address. This meant
915 that, if the 4xx error was in fact related to the sender, a different
916 message to the same recipient with a different sender could confuse
917 things. In particualar, this can happen when sending to a greylisting
918 server, but other circumstances could also provoke similar problems.
919 I have changed the default so that the retry time for these errors is now
920 based a combination of the sender and recipient addresses. This change
921 can be overridden by setting address_retry_include_sender=false in the
922 smtp transport.
923
99ea1c86
PH
924PH/37 For LMTP over TCP/IP (the smtp transport), error responses from the
925 remote server are returned as part of bounce messages. This was not
926 happening for LMTP over a pipe (the lmtp transport), but now it is the
927 same for both kinds of LMTP.
928
a2042e78
PH
929PH/38 Despite being documented as not happening, Exim was rewriting addresses
930 in header lines that were in fact CNAMEs. This is no longer the case.
931
4fbcfc2e
PH
932PH/39 If -R or -S was given with -q<time>, the effect of -R or -S was ignored,
933 and queue runs started by the daemon processed all messages. This has
934 been fixed so that -R and -S can now usefully be given with -q<time>.
935
aa41d2de
PH
936PH/40 Import PCRE release 6.7 (fixes some bugs).
937
af561417
PH
938PH/41 Add bitwise logical operations to eval (courtesy Brad Jorsch).
939
3cc66b45
PH
940PH/42 Give an error if -q is specified more than once.
941
194cc0e4
PH
942PH/43 Renamed the variables $interface_address and $interface_port as
943 $received_ip_address and $received_port, to make it clear that these
944 values apply to message reception, and not to the outgoing interface when
945 a message is delivered. (The old names remain recognized, of course.)
946
a401ddaa
PH
947PH/44 There was no timeout on the connect() call when using a Unix domain
948 socket in the ${readsocket expansion. There now is.
949
4e88a19f
PH
950PH/45 Applied a modified version of Brad Jorsch's patch to allow "message" to
951 be meaningful with "accept".
952
d7d7b289
SC
953SC/01 Eximstats V1.43
954 Bug fix for V1.42 with -h0 specified. Spotted by Chris Lear.
955
956SC/02 Eximstats V1.44
957 Use a glob alias rather than an array ref in the generated
958 parser. This improves both readability and performance.
959
960SC/03 Eximstats V1.45 (Marco Gaiarin / Steve Campbell)
961 Collect SpamAssassin and rejection statistics.
962 Don't display local sender or destination tables unless
963 there is data to show.
964 Added average volumes into the top table text output.
965
966SC/04 Eximstats V1.46
967 Collect data on the number of addresses (recipients)
968 as well as the number of messages.
969
970SC/05 Eximstats V1.47
971 Added 'Message too big' to the list of mail rejection
972 reasons (thanks to Marco Gaiarin).
973
974SC/06 Eximstats V1.48
975 Mainlog lines which have GMT offsets and are too short to
976 have a flag are now skipped.
977
978SC/07 Eximstats V1.49 (Alain Williams)
979 Added the -emptyok flag.
980
981SC/08 Eximstats V1.50
982 Fixes for obtaining the IP address from reject messages.
983
0ea2a468
JJ
984JJ/03 exipick.20061117.2, made header handling as similar to exim as possible
985 (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed
986 whitesspace changes from 4.64-PH/27
987
988JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to
989 match 4.64-PH/13
990
991JJ/05 exipick.20061117.2, bug fixes (error out sooner when invalid criteria
992 are found, allow negative numbers in numeric criteria)
993
994JJ/06 exipick.20061117.2, added new $message_body_missing variable
995
996JJ/07 exipick.20061117.2, added $received_ip_address and $received_port
997 to match changes made in 4.64-PH/43
998
8a10f5a4
PH
999PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm.
1000
30e18802
PH
1001PH/47 Put in an explicit test for a DNS lookup of an address record where the
1002 "domain" is actually an IP address, and force a failure. This locks out
1003 those revolvers/nameservers that support "A-for-A" lookups, in
1004 contravention of the specifications.
1005
55728a4f
PH
1006PH/48 When a host name was looked up from an IP address, and the subsequent
1007 forward lookup of the name timed out, the host name was left in
1008 $sender_host_name, contrary to the specification.
d7d7b289 1009
d7837193
PH
1010PH/49 Although default lookup types such as lsearch* or cdb*@ have always been
1011 restricted to single-key lookups, Exim was not diagnosing an error if
1012 * or *@ was used with a query-style lookup.
1013
87054a31
PH
1014PH/50 Increased the value of DH_BITS in tls-gnu.c from 768 to 1024.
1015
ea2c01d2
MH
1016MH/01 local_scan ABI version incremented to 1.1. It should have been updated
1017 long ago, but noone interested enough thought of it. Let's just say that
1018 the "1.1" means that there are some new functions that weren't there at
1019 some point in the past.
1020
e4fa6968
PH
1021PH/51 Error processing for expansion failure of helo_data from an smtp
1022 transport during callout processing was broken.
1023
56f5d9bd
PH
1024PH/52 Applied John Jetmore's patch to allow tls-on-connect and STARTTLS to be
1025 tested/used via the -bh/-bhc/-bs options.
1026
922e1c28
PH
1027PH/53 Added missing "#include <time.h>" to pcre/pcretest.c (this was a PCRE
1028 bug, fixed in subsequent PCRE releases).
1029
21eb6e72
PH
1030PH/54 Applied Robert Bannocks' patch to avoid a problem with references that
1031 arises when using the Solaris LDAP libraries (but not with OpenLDAP).
1032
a0540757
PH
1033PH/55 Check for a ridiculously long file name in exim_dbmbuild.
1034
944e9e9c 1035
478be7b0
SC
1036Exim version 4.63
1037-----------------
1038
1039SC/01 Use a glob alias rather than an array ref in eximstats generated
1040 parser. This improves both readability and performance.
1041
1042SC/02 Collect SpamAssassin and rejection statistics in eximstats.
1043 Don't display local sender or destination tables in eximstats unless
1044 there is data to show.
1045 Added average volumes into the eximstats top table text output.
1046
1047SC/03 Collect data on the number of addresses (recipients) as well
1048 as the number of messages in eximstats.
1049
2b965a65
TF
1050TF/01 Correct an error in the documentation for the redirect router. Exim
1051 does (usually) call initgroups() when daemonizing.
478be7b0 1052
45b91596
PH
1053TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs
1054 with consistent privilege compared to when running as a daemon.
478be7b0 1055
c59f5781
TF
1056TF/03 Note in the spec that $authenticated_id is not set for local
1057 submissions from trusted users.
1058
90fc3069
TF
1059TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp.
1060 Thanks to Dean Brooks <dean@iglou.com> for the patch.
1061
6083aca0
TF
1062TF/05 Make it easier to get SMTP authentication and TLS/SSL support working
1063 by adding some example configuration directives to the default
1064 configuration file. A little bit of work is required to uncomment the
1065 directives and define how usernames and passwords are checked, but
1066 there is now a framework to start from.
1067
765b530f
PH
1068PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old"
1069 functions that Exim currently uses aren't defined in ldap.h for OpenLDAP
1070 without this. I don't know how relevant this is to other LDAP libraries.
1071
4e167a8c
PH
1072PH/02 Add the verb name to the "unknown ACL verb" error.
1073
4608d683
PH
1074PH/03 Magnus Holmgren's patch for filter_prepend_home.
1075
b8dc3e4a
PH
1076PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work.
1077
5418e93b
PH
1078PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home
1079 directory not expanded when it should be if an expanded home directory
1080 was set for the address (which is overridden by the transport).
1081
b4a9bda2
PH
1082PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with
1083 libradius.
1084
45b91596
PH
1085PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the
1086 bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL,
1087 because it is too late at that time, and has no effect.
1088
5547e2c5
PH
1089PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a
1090 security issue with \' (bugzilla #107). I could not use the
1091 PQescapeStringConn() function, because it needs a PGconn value as one of
1092 its arguments.
1093
dbcef0ea
PH
1094PH/08 When testing addresses using -bt, indicate those final addresses that
1095 are duplicates that would not cause an additional delivery. At least one
1096 person was confused, thinking that -bt output corresponded to deliveries.
1097 (Suppressing duplicates isn't a good idea as you lose the information
1098 about possibly different redirections that led to the duplicates.)
1099
25257489
PH
1100PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on
1101 systems where poll() doesn't work, in particular OS X.
1102
c816d124
PH
1103PH/10 Added more information to debugging output for retry time not reached.
1104
a9ccd69a
PH
1105PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read
1106 operations in malware.c.
1107
75fa1910
PH
1108PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys
1109 signatures.
1110
a7d7aa58
PH
1111PH/13 If write_rejectlog was set false when logging was sent to syslog with
1112 syslog_duplication set false, log lines that would normally be written
1113 both the the main log and to the reject log were not written to syslog at
1114 all.
1115
42119b09
PH
1116PH/14 In the default configuration, change the use of "message" in ACL warn
1117 statements to "add_header".
1118
41609df5
PH
1119PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not
1120 not followed by a command (e.g. "seen endif").
1121
a5bd321b
PH
1122PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail:
1123 and :defer: in a redirect router. Add forbid_smtp_code to suppress the
1124 latter.
1125
e85a7ad5 1126PH/17 Added extra conditions to the default value of delay_warning_condition
5dff5817
PH
1127 so that it is now:
1128
e85a7ad5
PH
1129 ${if or { \
1130 { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \
1131 { match{$h_precedence:}{(?i)bulk|list|junk} } \
1132 { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \
5dff5817
PH
1133 }{no}{yes}}
1134
e85a7ad5
PH
1135 The Auto-Submitted: and various List- headers are standardised, whereas I
1136 don't think Precedence: ever was.
5dff5817 1137
d8fe1c03
PH
1138PH/18 Refactored debugging code in route_finduser() to show more information,
1139 in particular, the error code if getpwnam() issues one.
1140
16282d2b
PH
1141PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module.
1142 This is apparently needed in addition to the PH/07 change above to avoid
1143 any possible encoding problems.
1144
35d40a98
PH
1145PH/20 Perl can change the locale. Exim was resetting it after a ${perl call,
1146 but not after initializing Perl.
1147
034d99ab
PH
1148PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and
1149 output them only if debugging. By default they are written stderr,
1150 apparently, which is not desirable.
1151
6ec97b1b
PH
1152PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on
1153 queries.
1154
e22ca4ac
JJ
1155JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and
1156 --not options
1157
1158JJ/02 exipick: rewrote --help documentation to hopefully make more clear.
1159
33d73e3b
PH
1160PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is
1161 authenticated or an ident call has been made. Suppress the default
1162 values for $authenticated_id and $authenticated_sender (but permit -oMai
1163 and -oMas) when testing with -bh.
1164
9ecb03f3
PH
1165PH/24 Re-jigged the order of the tests in the default configuration so that the
1166 tests for valid domains and recipients precede the DNS black list and CSA
1167 tests, on the grounds that those ones are more expensive.
1168
084efe8d
PH
1169PH/25 Exim was not testing for a space following SMTP commands such as EHLO
1170 that require one. Thus, EHLORHUBARB was interpreted as a valid command.
1171 This bug exists in every version of Exim that I still have, right back to
1172 0.12.
1173
366fc9f0
PH
1174PH/26 (n)wildlsearch lookups are documented as being done case-insensitively.
1175 However, an attempt to turn on case-sensitivity in a regex key by
1176 including (?-i) didn't work because the subject string was already
1177 lowercased, and the effects were non-intuitive. It turns out that a
1178 one-line patch can be used to allow (?-i) to work as expected.
1179
c59f5781 1180
c887c79e
TF
1181Exim version 4.62
1182-----------------
1183
1184TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst
1185 other effects) broke the use of negated acl sub-conditions.
1186
1cce3af8
PH
1187PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore
1188 patch).
1189
afb3eaaf
PH
1190PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow".
1191 "Deny" causes Exim to reject the incoming connection with a 554 error.
1192 Unfortunately, if there is a major crisis, such as a disk failure,
1193 tcp-wrappers gives "deny", whereas what one would like would be some
1194 kind of temporary error. A kludge has been added to help with this.
1195 Before calling hosts_ctl(), errno is set zero. If the result is "deny", a
1196 554 error is used if errno is still zero or contains ENOENT (which occurs
1197 if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a
1198 451 error is used.
1199
e173618b
PH
1200PH/03 Add -lutil to the default FreeBSD LIBS setting.
1201
dd16e114
PH
1202PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host
1203 errors. Otherwise a message that provokes a temporary error (when other
1204 messages do not) can cause a whole host to time out.
1205
f7fd3850
PH
1206PH/05 Batch deliveries by appendfile and pipe transports did not work when the
1207 addresses were routed directly to files or pipes from a redirect router.
1208 File deliveries just didn't batch; pipe deliveries might have suffered
1209 odd errors.
1210
d87df92c
PH
1211PH/06 A failure to get a lock for a hints database would erroneously always say
1212 "Failed to get write lock", even when it was really a read lock.
1213
7e9f683d
PH
1214PH/07 The appendfile transport was creating MBX lock files with a fixed mode
1215 of 0600. This has been changed to use the value of the lockfile_mode
1216 option (which defaults to 0600).
1217
bfad5236
PH
1218PH/08 Applied small patch from the Sieve maintainer.
1219
01c490df
PH
1220PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash
1221 folder from quota calculations, a direct delivery into this folder messed
1222 up the contents of the maildirsize file. This was because the regex was
1223 used only to exclude .Trash (or whatever) when the size of the mailbox
1224 was calculated. There was no check that a delivery was happening into an
1225 excluded directory. This bug has been fixed by ignoring all quota
1226 processing for deliveries into excluded directories.
1227
d6629cdc
PH
1228PH/10 Added the maildirfolder_create_regex option to appendfile.
1229
1cce3af8 1230
214e2000
PH
1231Exim version 4.61
1232-----------------
1233
1234PH/01 The code for finding all the local interface addresses on a FreeBSD
1235 system running IPv6 was broken. This may well have applied to all BSD
1236 systems, as well as to others that have similar system calls. The broken
1237 code found IPv4 interfaces correctly, but gave incorrect values for the
1238 IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was
1239 that it would not match correctly against @[] and not recognize the IPv6
1240 addresses as local.
1241
f9daeae0
PH
1242PH/02 The ipliteral router was not recognizing addresses of the form user@
1243 [ipv6:....] because it didn't know about the "ipv6:" prefix.
1244
7e66e54d
PH
1245PH/03 Added disable_ipv6.
1246
c8ea1597
PH
1247PH/04 Changed $reply_address to use the raw form of the headers instead of the
1248 decoded form, because it is most often used to construct To: headers
1249 lines in autoreplies, and the decoded form may well be syntactically
1250 invalid. However, $reply_address has leading white space removed, and all
1251 newlines turned into spaces so that the autoreply transport does not
1252 grumble.
1253
911f6fde
PH
1254PH/05 If group was specified without a user on a router, and no group or user
1255 was specified on a transport, the group from the router was ignored.
1256
47ca6d6c
PH
1257PH/06 Increased the number of ACL variables to 20 of each type, and arranged
1258 for visible compile-time settings that can be used to change these
1259 numbers, for those that want even more. Backwards compatibility with old
1260 spool files has been maintained. However, going back to a previous Exim
1261 release will lost any variables that are in spool files.
1262
ed0e9820
PH
1263PH/07 Two small changes when running in the test harness: increase delay when
1264 passing a TCP/IP connection to a new process, in case the original
1265 process has to generate a bounce, and remove special handling of
1266 127.0.0.2 (sic), which is no longer necessary.
1267
eff37e47
PH
1268PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to
1269 be the same on different OS.
1270
1921d2ea
PH
1271PH/09 Moved a debug statement in filter processing to avoid a race problem when
1272 testing.
1273
b3f69ca8
JJ
1274JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:"
1275 whether --show-vars was specified or not
1276
1277JJ/02 exipick: Added support for new ACL variable spool format introduced
1278 in 4.61-PH/06
1279
424a1c63
PH
1280PH/10 Fixed another bug related to PH/04 above: if an incoming message had a
1281 syntactically invalid From: or Reply-to: line, and a filter used this to
1282 generate an autoreply, and therefore failed to obtain an address for the
1283 autoreply, Exim could try to deliver to a non-existent relative file
1284 name, causing unrelated and misleading errors. What now happens is that
1285 it logs this as a hard delivery error, but does not attempt to create a
1286 bounce message.
1287
7a100415
PH
1288PH/11 The exinext utility has a -C option for testing purposes, but although
1289 the given file was scanned by exinext itself; it wasn't being passed on
1290 when Exim was called.
1291
19b9dc85
PH
1292PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as
1293 an end-of-file indication when reading a command response.
1294
309bd837
PH
1295PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was
1296 compiled. In many other places in Exim, IPv6 addresses are always
1297 recognized, so I have changed this. It also means that IPv4 domain
1298 literals of the form [IPV4:n.n.n.n] are now always recognized.
1299
59e82a2a
PH
1300PH/14 When a uid/gid is specified for the queryprogram router, it cannot be
1301 used if the router is not running as root, for example, when verifying at
1302 ACL time, or when using -bh. The debugging output from this situation was
1303 non-existent - all you got was a failure to exec. I have made two
1304 changes:
1305
1306 (a) Failures to set uid/gid, the current directory, or a process leader
1307 in a subprocess such as that created by queryprogram now generate
1308 suitable debugging ouput when -d is set.
1309
1310 (b) The queryprogram router detects when it is not running as root,
1311 outputs suitable debugging information if -d is set, and then runs
1312 the subprocess without attempting to change uid/gid.
1313
9edc04ce
PH
1314PH/15 Minor change to Makefile for building test_host (undocumented testing
1315 feature).
1316
1349e1e5
PH
1317PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the
1318 additional section of a DNS packet that returns MX or SRV records.
1319 Instead, it always explicitly searches for A/AAAA records. This avoids
1320 major problems that occur when a DNS server includes only records of one
1321 type (A or AAAA) in an MX/SRV packet. A byproduct of this change has
1322 fixed another bug: if SRV records were looked up and the corresponding
1323 address records were *not* found in the additional section, the port
1324 values from the SRV records were lost.
1325
ea49d0e1
PH
1326PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not
1327 using the correct key (the original address) when searching the retry
1328 rules in order to find which one to use for generating the retry hint.
1329
064a94c9
PH
1330PH/18 If quota_warn_message contains a From: header, Exim now refrains from
1331 adding the default one. Similarly, if it contains a Reply-To: header, the
1332 errors_reply_to option, if set, is not used.
1333
727071f8
PH
1334PH/19 When calculating a retry time, Exim used to measure the "time since
1335 failure" by looking at the "first failed" field in the retry record. Now
1336 it does not use this if it is later than than the arrival time of the
1337 message. Instead it uses the arrival time. This makes for better
1338 behaviour in cases where some deliveries succeed, thus re-setting the
1339 "first failed" field. An example is a quota failure for a huge message
1340 when small messages continue to be delivered. Without this change, the
1341 "time since failure" will always be short, possible causing more frequent
1342 delivery attempts for the huge message than are intended.
dd16e114 1343 [Note: This change was subsequently modified - see PH/04 for 4.62.]
727071f8 1344
f78eb7c6
PH
1345PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
1346 $1, $2, $3) because the numerical variables can be reset during some
1347 expansion items (e.g. "match"), thereby losing the authentication data.
1348
21c28500
PH
1349PH/21 Make -bV show the size of off_t variables so that the test suite can
1350 decide whether to run tests for quotas > 2G.
1351
1352PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold,
1353 mailbox_size, and mailbox_filecount in the appendfile transport. If a
1354 filecount value is greater than 2G or if a quota value is greater than 2G
1355 on a system where the size of off_t is not greater than 4, a panic error
1356 is given.
1357
1688f43b
PH
1358PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
1359 never match. The debug and -bh output now contains an explicit error
1360 message indicating a malformed IPv4 address or mask.
1361
1362PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
1363 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
1364 PH/23 above applies.
1365
9675b384
PH
1366PH/25 Do not write to syslog when running in the test harness. The only
1367 occasion when this arises is a failure to open the main or panic logs
1368 (for which there is an explicit test).
1369
6a3f1455
PH
1370PH/26 Added the /no_tell option to "control=freeze".
1371
dac79d3e
PH
1372PH/27 If a host name lookup failed very early in a connection, for example, if
1373 the IP address matched host_lookup and the reverse lookup yielded a name
1374 that did not have a forward lookup, an error message of the form "no IP
1375 address found for host xxx.xxx.xxx (during SMTP connection from NULL)"
1376 could be logged. Now it outputs the IP address instead of "NULL".
1349e1e5 1377
5977a0b3
PH
1378PH/28 An enabling patch from MH: add new function child_open_exim2() which
1379 allows the sender and the authenticated sender to be set when
1380 submitting a message from within Exim. Since child_open_exim() is
1381 documented for local_scan(), the new function should be too.
1382
c91535f3
PH
1383PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
1384 ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
1385 results in an empty string is now treated as unset.
1386
0d46a8c8
PH
1387PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
1388
278c6e6c
PH
1389PH/31 Added sender_verify_fail logging option.
1390
2cbb4081
PH
1391PH/32 In November 2003, the code in Exim that added an empty Bcc: header when
1392 needed by RFC 822 but not by RFC 2822 was commented out. I have now
1393 tidied the source and removed it altogether.
1394
3eef829e
PH
1395PH/33 When a queue run was abandoned because the load average was too high, a
1396 log line was always written; now it is written only if the queue_run log
1397 selector is set. In addition, the log line for abandonment now contains
1398 information about the queue run such as the pid. This is always present
1399 in "start" and "stop" lines but was omitted from the "abandon" line.
1400
1ab95fa6
PH
1401PH/34 Omit spaces between a header name and the colon in the error message that
1402 is given when verify = headers_syntax fails (if there are lots of them,
1403 the message gets confusing).
1404
230205fc
PH
1405PH/35 Change the default for dns_check_names_pattern to allow slashes within
1406 names, as there are now some PTR records that contain slashes. This check
1407 is only to protect against broken name servers that fall over on strange
1408 characters, so the fact that it applies to all lookups doesn't matter.
1409
75e0e026
PH
1410PH/36 Now that the new test suite is complete, we can remove some of the
1411 special code in Exim that was needed for the old test suite. For example,
1412 sorting DNS records because real resolvers return them in an arbitrary
1413 order. The new test suite's fake resolver always returns records in the
1414 same order.
1415
1416PH/37 When running in the test harness, use -odi for submitted messages (e.g.
1417 bounces) except when queue_only is set, to avoid logging races between
1418 the different processes.
1419
145396a6
PH
1420PH/38 Panic-die if .include specifies a non-absolute path.
1421
3cd34f13
PH
1422PH/39 A tweak to the "H" retry rule from its user.
1423
11121d3d
JJ
1424JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified
1425 a label. They prevented compilation on older perls.
1426
1427JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused
1428 a warning to be raised on newish perls.
1429
1430JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages
1431 on queue. Changes to match documented behaviour of showing count of
1432 messages matching specified criteria.
1433
8def5aaf
PH
1434PH/40 Changed the default ident timeout from 30s to 5s.
1435
929ba01c
PH
1436PH/41 Added support for the use of login_cap features, on those BSD systems
1437 that have them, for controlling the resources used by pipe deliveries.
1438
2632889e
PH
1439PH/42 The content-scanning code uses fopen() to create files in which to put
1440 message data. Previously it was not paying any attention to the mode of
1441 the files. Exim runs with umask(0) because the rest of the code creates
1442 files with open(), and sets the required mode explicitly. Thus, these
1443 files were ending up world-writeable. This was not a big issue, because,
1444 being within the spool directory, they were not world-accessible. I have
1445 created a function called modefopen, which takes an additional mode
1446 argument. It sets umask(777), creates the file, chmods it to the required
1447 mode, then resets the umask. All the relevant calls to fopen() in the
1448 content scanning code have been changed to use this function.
1449
944a9c55
PH
1450PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset
1451 to 24 hours. This avoids potential overflow problems when processing G
1452 and H retry rules. I suspect nobody ever tinkers with this value.
1453
4a23603b
PH
1454PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile.
1455
4730f942
PH
1456PH/45 When the plaintext authenticator is running as a client, the server's
1457 challenges are checked to ensure they are valid base64 strings. By
1458 default, the authentication attempt is cancelled if an invalid string is
1459 received. Setting client_ignore_invalid_base64 true ignores these errors.
1460 The decoded challenge strings are now placed in $auth1, $auth2, etc. as
1461 they are received. Thus, the responses can be made to depend on the
1462 challenges. If an invalid string is ignored, an empty string is placed in
1463 the variable.
1464
30dba1e6
PH
1465PH/46 Messages that are created by the autoreply transport now contains a
1466 References: header, in accordance with RFCs 2822 and 3834.
1467
382afc6b
PH
1468PH/47 Added authenticated_sender_force to the smtp transport.
1469
a86229cf
PH
1470PH/48 The ${prvs expansion was broken on systems where time_t was long long.
1471
50c99ba6
PH
1472PH/49 Installed latest patch from the Sieve maintainer.
1473
d35e429d
PH
1474PH/50 When an Exim quota was set without a file count quota, and mailbox_size
1475 was also set, the appendfile transport was unnecessarily scanning a
1476 directory of message files (e.g. for maildir delivery) to find the count
1477 of files (along with the size), even though it did not need this
1478 information. It now does the scan only if it needs to find either the
1479 size of the count of files.
1480
f90d018c
PH
1481PH/51 Added ${time_eval: to convert Exim time strings into seconds.
1482
75def545
PH
1483PH/52 Two bugs concerned with error handling when the smtp transport is
1484 used in LMTP mode:
1485
1486 (i) Exim was not creating retry information for temporary errors given
1487 for individual recipients after the DATA command when the smtp transport
1488 was used in LMTP mode. This meant that they could be retried too
1489 frequently, and not timed out correctly.
1490
1491 (ii) Exim was setting the flag that allows error details to be returned
1492 for LMTP errors on RCPT commands, but not for LMTP errors for individual
1493 recipients that were returned after the DATA command.
1494
1495PH/53 This is related to PH/52, but is more general: for any failing address,
1496 when detailed error information was permitted to be returned to the
1497 sender, but the error was temporary, then after the final timeout, only
1498 "retry timeout exceeded" was returned. Now it returns the full error as
1499 well as "retry timeout exceeded".
1500
c46782ef
PH
1501PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that
1502 do this, and (what is worse) MTAs that accept it.
1503
71fafd95
PH
1504PH/55 Added the add_header modified to ACLs. The use of "message" with "warn"
1505 will now be deprecated.
1506
2c5db4fd
PH
1507PH/56 New os.c-cygwin from the Cygwin maintainer.
1508
9cf6b11a
JJ
1509JJ/06 exipick: added --unsorted option to allow unsorted output in all output
1510 formats (previously only available in exim formats via -bpr, -bpru,
1511 and -bpra. Now also available in native and exiqgrep formats)
1512
1513JJ/07 exipick: added --freeze and --thaw options to allow faster interaction
1514 with very large, slow to parse queues
1515
1516JJ/08 exipick: added ! as generic prefix to negate any criteria format
1517
1518JJ/09 exipick: miscellaneous performance enhancements (~24% improvements)
1519
898d150f
PH
1520PH/57 Tidies in SMTP dialogue display in debug output: (i) It was not showing
1521 responses to authentication challenges, though it was showing the
1522 challenges; (ii) I've removed the CR characters from the debug output for
1523 SMTP output lines.
1524
46218253
PH
1525PH/58 Allow for the insertion of a newline as well as a space when a string
1526 is turned into more than one encoded-word during RFC 2047 encoding. The
1527 Sieve code now uses this.
1528
e97957bc
PH
1529PH/59 Added the following errors that can be detected in retry rules: mail_4xx,
1530 data_4xx, lost_connection, tls_required.
1531
81e509d7
PH
1532PH/60 When a VRFY deferred or FAILED, the log message rather than the user
1533 message was being sent as an SMTP response.
1534
3d240ff7
PH
1535PH/61 Add -l and -k options to exicyclog.
1536
b37c4101
PH
1537PH/62 When verifying, if an address was redirected to one new address, so that
1538 verification continued, and the new address failed or deferred after
1539 having set something in $address_data, the value of $address_data was not
1540 passed back to the ACL. This was different to the case when no
1541 redirection occurred. The value is now passed back in both cases.
1542
79378e0f
PH
1543PH/63 Changed the macro HAVE_LOGIN_CAP (see PH/41 for this release above) to
1544 HAVE_SETCLASSRESOURCES because there are different APIs in use that all
1545 use login_cap.h, so on its own it isn't the distinguishing feature. The
1546 new name refers directly to the setclassresources() function.
1547
e49c7bb4
PH
1548PH/65 Added configuration files for NetBSD3.
1549
d114ec46
PH
1550PH/66 Updated OS/Makefile-HP-UX for gcc 4.1.0 with HP-UX 11.
1551
f3d7df6c
PH
1552PH/67 Fixed minor infelicity in the sorting of addresses to ensure that IPv6
1553 is preferred over IPv4.
1554
715ab376
PH
1555PH/68 The bounce_return_message and bounce_return_body options were not being
1556 honoured for bounces generated during the reception of non-SMTP messages.
1557 In particular, this applied to messages rejected by the ACL. This bug has
1558 been fixed. However, if bounce_return_message is true and bounce_return_
1559 body is false, the headers that are returned for a non-SMTP message
1560 include only those that have been read before the error was detected.
1561 (In the case of an ACL rejection, they have all been read.)
1562
6b31b150
PH
1563PH/69 The HTML version of the specification is now built in a directory called
1564 spec_html instead of spec.html, because the latter looks like a path with
1565 a MIME-type, and this confuses some software.
1566
1567PH/70 Catch two compiler warnings in sieve.c.
1568
d515a917
PH
1569PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The
1570 function verify_get_ident() calls ip_connect() to connect a socket, but
1571 if the "connect()" function timed out, ip_connect() used to close the
1572 socket. However, verify_get_ident() also closes the socket later, and in
1573 between Exim writes to the log, which may get opened at this point. When
1574 the socket was closed in ip_connect(), the log could get the same file
1575 descriptor number as the socket. This naturally causes chaos. The fix is
1576 not to close the socket in ip_connect(); the socket should be closed by
1577 the function that creates it. There was only one place in the code where
1578 this was missing, in the iplookup router, which I don't think anybody now
1579 uses, but I've fixed it anyway.
1580
9b8fadde
PH
1581PH/72 Make dns_again_means_nonexist apply to lookups using gethostbyname() as
1582 well as to direct DNS lookups. Otherwise the handling of names in host
1583 lists is inconsistent and therefore confusing.
1584
214e2000 1585
5de37277
PH
1586Exim version 4.60
1587-----------------
1588
cc38ddbf
PH
1589PH/01 Two changes to the default runtime configuration:
1590
1591 (1) Move the checks for relay_from_hosts and authenticated clients from
1592 after to before the (commented out) DNS black list checks.
1593
1594 (2) Add control=submission to the relay_from_hosts and authenticated
1595 clients checks, on the grounds that messages accepted by these
1596 statements are most likely to be submissions.
5de37277 1597
72fdd6ae
PH
1598PH/02 Several tidies to the handling of ${prvs and ${prvscheck:
1599
1600 (1) Generate an error if the third argument for the ${prvs expansion is
1601 not a single digit.
1602
1603 (2) Treat a missing third argument of ${prvscheck as if it were an empty
1604 string.
1605
1606 (3) Reset the variables that are obtained from the first argument of
1607 ${prvscheck and used in the second argument before leaving the code,
1608 because their memory is reclaimed, so using them afterwards may do
1609 silly things.
1610
1611 (4) Tidy up the code for expanding the arguments of ${prvscheck one by
1612 one (it's much easier than Tom thought :-).
1613
1614 (5) Because of (4), we can now allow for the use of $prvscheck_result
1615 inside the third argument.
cb9328de 1616
cb741023
PH
1617PH/03 For some reason, the default setting of PATH when running a command from
1618 a pipe transport was just "/usr/bin". I have changed it to
1619 "/bin:/usr/bin".
1620
f174f16e
PH
1621PH/04 SUPPORT_TRANSLATE_IP_ADDRESS and MOVE_FROZEN_MESSAGES did not cause
1622 anything to be listed in the output from -bV.
b2f5a032 1623
c25242d7
PH
1624PH/05 When a filter generated an autoreply, the entire To: header line was
1625 quoted in the delivery log line, like this:
1626
1627 => >A.N.Other <ano@some.domain> <original@ddress> ...
1628
1629 This has been changed so that it extracts the operative address. There
1630 may be more than one such address. If so, they are comma-separated, like
1631 this:
1632
1633 => >ano@some.domain,ona@other.domain <original@ddress> ...
1634
82c19f95
PH
1635PH/06 When a client host used a correct literal IP address in a HELO or EHLO
1636 command, (for example, EHLO [1.2.3.4]) and the client's IP address was
1637 not being looked up in the rDNS to get a host name, Exim was showing the
1638 IP address twice in Received: lines, even though the IP addresses were
1639 identical. For example:
1640
1641 Received: from [1.2.3.4] (helo=[1.2.3.4])
1642
1643 However, if the real host name was known, it was omitting the HELO data
1644 if it matched the actual IP address. This has been tidied up so that it
1645 doesn't show the same IP address twice.
1646
d7ffbc12
PH
1647PH/07 When both +timestamp and +memory debugging was on, the value given by
1648 $tod_xxx expansions could be wrong, because the tod_stamp() function was
1649 called by the debug printing, thereby overwriting the timestamp buffer.
1650 Debugging no longer uses the tod_stamp() function when +timestamp is set.
1651
9f526266
PH
1652PH/08 When the original message was included in an autoreply transport, it
1653 always said "this is a copy of the message, including all the headers",
1654 even if body_only or headers_only was set. It now gives an appropriate
1655 message.
1656
87fcc8b9
PH
1657PH/09 Applied a patch from the Sieve maintainer which:
1658
1659 o fixes some comments
1660 o adds the (disabled) notify extension core
1661 o adds some debug output for the result of if/elsif tests
1662 o points to the current vacation draft in the documentation
1663 and documents the missing references header update
1664
1665 and most important:
1666
1667 o fixes a bug in processing the envelope test (when testing
1668 multiple envelope elements, the last element determinted the
1669 result)
1670
456682f5
PH
1671PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to
1672 Electronic Mail") by including:
1673
1674 Auto-submitted: auto-generated
1675
1676 in the messages that it generates (bounce messages and others, such as
1677 warnings). In the case of bounce messages for non-SMTP mesages, there was
1678 also a typo: it was using "Auto_submitted" (underscore instead of
1679 hyphen). Since every message generated by Exim is necessarily in response
1680 to another message, thes have all been changed to:
1681
1682 Auto-Submitted: auto-replied
1683
1684 in accordance with these statements in the RFC:
1685
1686 The auto-replied keyword:
1687
1688 - SHOULD be used on messages sent in direct response to another
1689 message by an automatic process,
1690
1691 - MUST NOT be used on manually-generated messages,
1692
1693 - MAY be used on Delivery Status Notifications (DSNs) and Message
1694 Disposition Notifications (MDNs),
1695
1696 - MUST NOT be used on messages generated by automatic or periodic
1697 processes, except for messages which are automatic responses to
1698 other messages.
1699
3e46c1aa
PH
1700PH/11 Added "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
1701 to the default Received: header definition.
456682f5 1702
49826d12
PH
1703PH/12 Added log selector acl_warn_skipped (default on).
1704
eba0c039
PH
1705PH/13 After a successful wildlsearch lookup, discard the values of numeric
1706 variables because (a) they are in the wrong storage pool and (b) even if
1707 they were copied, it wouldn't work properly because of the caching.
1708
a0d6ba8a
PH
1709PH/14 Add check_rfc2047_length to disable enforcement of RFC 2047 length
1710 checking when decoding. Apparently there are clients that generate
1711 overlong encoded strings. Why am I not surprised?
1712
f0917727
PH
1713PH/15 If the first argument of "${if match_address" was not empty, but did not
1714 contain an "@" character, Exim crashed. Now it writes a panic log message
1715 and treats the condition as false.
1716
096fee00
PH
1717PH/16 In autoreply, treat an empty string for "once" the same as unset.
1718
024bd3c2
PH
1719PH/17 A further patch from the Sieve maintainer: "Introduce the new Sieve
1720 extension "envelope-auth". The code is finished and in agreement with
1721 other implementations, but there is no documentation so far and in fact,
1722 nobody wrote the draft yet. This extension is currently #undef'ed, thus
1723 not changing the active code.
1724
1725 Print executed "if" and "elsif" statements when debugging is used. This
1726 helps a great deal to understand what a filter does.
1727
1728 Document more things not specified clearly in RFC3028. I had all this
1729 sorted out, when out of a sudden new issues came to my mind. Oops."
1730
df199fec
PH
1731PH/18 Exim was not recognizing the "net-" search type prefix in match_ip lists
1732 (Bugzilla #53).
1733
d27f1df3
PH
1734PH/19 Exim expands the IPv6 address given to -bh to its full non-abbreviated
1735 canonical form (as documented). However, after a host name lookup from
1736 the IP address, check_host() was doing a simple string comparison with
1737 addresses acquired from the DNS when checking that the found name did
1738 have the original IP as one of its addresses. Since any found IPv6
1739 addresses are likely to be in abbreviated form, the comparison could
1740 fail. Luckily, there already exists a function for doing the comparison
1741 by converting both addresses to binary, so now that is used instead of
1742 the text comparison.
1743
96776534
PH
1744PH/20 There was another similar case to PH/19, when a complete host name was
1745 given in a host list; looking up its IP address could give an abbreviated
1746 form, whereas the current host's name might or might not be abbreviated.
1747 The same fix has been applied.
1748
5de37277 1749
9a799bc0
PH
1750Exim version 4.54
1751-----------------
1752
1753PH/01 The ${base62: operator adjusted itself to base 36 when BASE_62 was
1754 set to 36 (for Darwin and Cygwin), but the ${base62d: operator did not.
1755 It now does.
1756
99a4b039
PH
1757PH/02 Two minor problems detected in Cygwin: the os.{c,h} files had lost */ on
1758 the CVS lines, and there was a missing #if HAVE_IPV6 in host.c.
1759
1760PH/03 Typo: missing ".o" in src/pcre/Makefile.
1761
4b233853
PH
1762PH/04 Tighten up "personal" tests: Instead of testing for any "List-"
1763 header line, restrict the check to what is listed in RFCs 2369 and 2929.
1764 Also, for "Auto-Submitted", treat anything other than "no" as
1765 non-personal, in accordance with RFC 3834. (Previously it treated
1766 anything starting "auto-" as non-personal.)
1767
8857ccfd
PH
1768TF/01 The control=submission/name=... option had a problem with syntax
1769 errors if the name included a slash character. The /name= option
1770 now slurps the rest of the string, so it can include any characters
1771 but it must come last in the list of options (after /sender_retain
1772 or /domain=).
1773
433a2980
PH
1774PH/05 Some modifications to the interface to the fake nameserver for the new
1775 testing suite.
1776
3e46c1aa 1777
9a799bc0 1778
e3a311ba
TK
1779Exim version 4.53
1780-----------------
1781
1782TK/01 Added the "success_on_redirect" address verification option. See
1783 NewStuff for rationale and an example.
1784
13b685f9
PH
1785PH/01 Added support for SQLite, basic code supplied by David Woodhouse.
1786
395ff96d
PH
1787PH/02 Patch to exigrep to allow it to work on syslog lines.
1788
5b68f6e4
PH
1789PH/03 When creating an mbox file for a virus/spam scan, use fseek() instead of
1790 fread() to skip over the body file's header line, because in Cygwin the
1791 header line is locked and is inaccessible.
1792
1ab52c69
PH
1793PH/04 Added $message_exim_id, ultimately to replace $message_id (they will both
1794 co-exist for some time) to make it clear that it is the Exim ID that is
1795 referenced, not the Message-ID: header line.
1796
b07e6aa3
PH
1797PH/05 Replaced all Tom's calls to snprintf() with calls to the internal
1798 string_format() function, because snprintf() does not exist on all
1799 operating systems.
1800
254e032f
PH
1801PH/06 The use of forbid_filter_existstest now also locks out the use of the
1802 ${stat: expansion item.
1803
3af76a81
PH
1804PH/07 Changed "SMTP protocol violation: synchronization error" into "SMTP
1805 protocol synchronization error", to keep the pedants happy.
1806
2548ba04
PH
1807PH/08 Arrange for USE_INET_NTOA_FIX to be set in config.h for AIX systems as
1808 well as for IRIX systems, when gcc is being used. See the host.c source
1809 file for comments.
1810
b6c6011d
PH
1811PH/09 Installed latest Cygwin configuration files from the Cygwin maintainer.
1812
cf39cf57
PH
1813PH/10 Named domain lists were not working if used in a queue_smtp_domains
1814 setting.
1815
f1513293
PH
1816PH/11 Added support for the IGNOREQUOTA extension to LMTP, both to the lmtp
1817 transport and to the smtp transport in LMTP mode.
1818
727549a4
PH
1819TK/02 Remove one case of BASE64 error detection FTTB (undocumented anyway).
1820
af46795e
PH
1821PH/12 There was a missing call to search_tidyup() before the fork() in rda.c to
1822 run a filter in a subprocess. This could lead to confusion in subsequent
1823 lookups in the parent process. There should also be a search_tidyup() at
1824 the end of the subprocess.
1825
d7b47fd0
PH
1826PH/13 Previously, if "verify = helo" was set in an ACL, the condition was true
1827 only if the host matched helo_try_verify_hosts, which caused the
1828 verification to occur when the EHLO/HELO command was issued. The ACL just
1829 tested the remembered result. Now, if a previous verification attempt has
1830 not happened, "verify = helo" does it there and then.
1831
ee744174
JJ
1832JJ/01 exipick: added $message_exim_id variable (see 4.53-PH/04)
1833
b582ab87
PH
1834TK/03 Fix log output including CR from clamd.
1835
41a13e0a
PH
1836PH/14 A reference to $reply_address when Reply-to: was empty and From: did not
1837 exist provoked a memory error which could cause a segfault.
1838
f625cc5a
PH
1839PH/15 Installed PCRE 6.2
1840
1841PH/17 Defined BIND_8_COMPAT in the Darwin os.h file.
1842
21f7af35
PH
1843PH/18 Reversed 4.52/PH/17 because the HP-UX user found it wasn't the cause
1844 of the problem. Specifically, suggested +O2 rather than +O1 for the
1845 HP-UX compiler.
1846
31480e42
PH
1847PH/19 Added sqlite_lock_timeout option (David Woodhouse's patch).
1848
2d280592
PH
1849PH/20 If a delivery was routed to a non-standard port by means of an SRV
1850 record, the port was not correctly logged when the outgoing_port log
1851 selector was set (it logged the transort's default port).
1852
7cd1141b
PH
1853PH/21 Added support for host-specific ports to manualroute, queryprogram,
1854 fallback_hosts, and "hosts" in the smtp transport.
1855
1856PH/22 If the log selector "outgoing_port" is set, the port is now also given on
1857 host errors such as "Connection refused".
1858
750af86e
PH
1859PH/23 Applied a patch to fix problems with exim-4.52 while doing radius
1860 authentication with radiusclient 0.4.9:
1861
1862 - Error returned from rc_read_config was caught wrongly
1863 - Username/password not passed on to radius server due to wrong length.
1864
1865 The presumption is that some radiusclient API changes for 4.51/PH/17
1866 were not taken care of correctly. The code is still untested by me (my
1867 Linux distribution still has 0.3.2 of radiusclient), but it was
1868 contributed by a Radius user.
1869
1870PH/24 When doing a callout, the value of $domain wasn't set correctly when
1871 expanding the "port" option of the smtp transport.
1872
4304270b
TK
1873TK/04 MIME ACL: Fix buffer underrun that occurs when EOF condition is met
1874 while reading a MIME header. Thanks to Tom Hughes for a patch.
1875
750af86e
PH
1876PH/24 Include config.h inside local_scan.h so that configuration settings are
1877 available.
1878
64ffc24f
PH
1879PH/25 Make $smtp_command_argument available after all SMTP commands. This means
1880 that in an ACL for RCPT (for example), you can examine exactly what was
1881 received.
1882
5dd9625b
PH
1883PH/26 Exim was recognizing IPv6 addresses of the form [IPv6:....] in EHLO
1884 commands, but it was not correctly comparing the address with the actual
1885 client host address. Thus, it would show the EHLO address in Received:
1886 header lines when this was not necessary.
1887
5591031b
PH
1888PH/27 Added the % operator to ${eval:}.
1889
ba18e66a
PH
1890PH/28 Exim tries to create and chdir to its spool directory when it starts;
1891 it should be ignoring failures (because with -C, for example, it has lost
1892 privilege). It wasn't ignoring creation failures other than "already
1893 exists".
1894
9cec981f
PH
1895PH/29 Added "crypteq" to the list of supported features that Exim outputs when
1896 -bV or -d is used.
1897
aa2b5c79
PH
1898PH/30 Fixed (presumably very longstanding) bug in exim_dbmbuild: if it failed
1899 because an input line was too long, either on its own, or by virtue of
1509d3a8
PH
1900 too many continuations, the temporary file was not being removed, and the
1901 return code was incorrect.
aa2b5c79 1902
48a53b7f
PH
1903PH/31 Missing "BOOL" in function definition in filtertest.c.
1904
1c59d63b
PH
1905PH/32 Applied Sieve patches from the maintainer.
1906
671012da
TK
1907TK/05 Domainkeys: Accomodate for a minor API change in libdomainkeys 0.67.
1908
1509d3a8
PH
1909PH/33 Added "verify = not_blind".
1910
1911PH/34 There are settings for CHOWN_COMMAND and MV_COMMAND that can be used in
1912 Local/Makefile (with some defaults set). These are used in built scripts
1913 such as exicyclog, but they have never been used in the exim_install
1914 script (though there are many overriding facilities there). I have
1915 arranged that the exim_install script now takes note of these two
1916 settings.
1917
1918PH/35 Installed configuration files for Dragonfly.
1919
2fe1a124
PH
1920PH/36 When a locally submitted message by a trusted user did not contain a
1921 From: header, and the sender address was obtained from -f or from an SMTP
1922 MAIL command, and the trusted user did not use -F to supply a sender
1923 name, $originator_name was incorrectly used when constructing a From:
1924 header. Furthermore, $originator_name was used for submission mode
1925 messages from external hosts without From: headers in a similar way,
1926 which is clearly wrong.
1927
8800895a
PH
1928PH/37 Added control=suppress_local_fixups.
1929
ccfdb010
PH
1930PH/38 When log_selector = +received_sender was set, and the addition of the
1931 sender made the log line's construction buffer exactly full, or one byte
1932 less than full, an overflow happened when the terminating "\n" was
1933 subsequently added.
1934
1130bfb0
PH
1935PH/39 Added a new log selector, "unknown_in_list", which provokes a log entry
1936 when the result of a list match is failure because a DNS lookup failed.
1937
ebcb507f
PH
1938PH/40 RM_COMMAND is now used in the building process.
1939
c35e155c
PH
1940PH/41 Added a "distclean" target to the top-level Makefile; it deletes all
1941 the "build-* directories that it finds.
1942
95d1f782
PH
1943PH/42 (But a TF fix): In a domain list, Exim incorrectly matched @[] if the IP
1944 address in a domain literal was a prefix of an interface address.
1945
fd6de02e
PH
1946PH/43 (Again a TF fix): In the dnslookup router, do not apply widen_domains
1947 when verifying a sender address, unless rewrite_headers is false.
1948
58de37c5
PH
1949PH/44 Wrote a long comment about why errors_to addresses are verified as
1950 recipients, not senders.
1951
261cf466
TF
1952TF/01 Add missing LIBS=-lm to OS/Makefile-OpenBSD which was overlooked when
1953 the ratelimit ACL was added.
1954
3ee512ff
PH
1955PH/45 Added $smtp_command for the full command (cf $smtp_command_argument).
1956
e08c430f
PH
1957PH/46 Added extra information about PostgreSQL errors to the error string.
1958
bef5a11f
PH
1959PH/47 Added an interface to a fake DNS resolver for use by the new test suite,
1960 avoiding the need to install special zones in a real server. This is
1961 backwards compatible; if it can't find the fake resolver, it drops back.
1962 Thus, both old and new test suites can be run.
1963
7546de58
TF
1964TF/02 Added util/ratelimit.pl
1965
e5d5a95f
TF
1966TF/03 Minor fix to the ratelimit code to improve its behaviour in case the
1967 clock is set back in time.
1968
2e88a017
TF
1969TF/04 Fix the ratelimit support in exim_fixdb. Patch provided by Brian
1970 Candler <B.Candler@pobox.com>.
1971
a5f65aa4
TF
1972TF/05 The fix for PH/43 was not completely correct; widen_domains is always
1973 OK for addresses that are the result of redirections.
1974
e7726cbf
PH
1975PH/48 A number of further additions for the benefit of the new test suite,
1976 including a fake gethostbyname() that interfaces to the fake DNS resolver
1977 (see PH/47 above).
1978
a7fdad5b
TF
1979TF/06 The fix for widen_domains has also been applied to qualify_single and
1980 search_parents which are the other dnslookup options that can cause
1981 header rewrites.
1982
6af56900
PH
1983PH/49 Michael Haardt's randomized retrying, but as a separate retry parameter
1984 type ("H").
1985
0925ede6
PH
1986PH/50 Make never_users, trusted_users, admin_groups, trusted_groups expandable.
1987
66afa403
TF
1988TF/07 Exim produced the error message "an SRV record indicated no SMTP
1989 service" if it encountered an MX record with an empty target hostname.
1990 The message is now "an MX or SRV record indicated no SMTP service".
1991
0154e85a
TF
1992TF/08 Change PH/13 introduced the possibility that verify=helo may defer,
1993 if the DNS of the sending site is misconfigured. This is quite a
1994 common situation. This change restores the behaviour of treating a
1995 helo verification defer as a failure.
1996
16f12c76
PH
1997PH/51 If self=fail was set on a router, the bounce message did not include the
1998 actual error message.
1999
bbe902f0 2000
e5a9dba6
PH
2001Exim version 4.52
2002-----------------
2003
2004TF/01 Added support for Client SMTP Authorization. See NewStuff for details.
2005
22c3b60b
PH
2006PH/01 When a transport filter timed out in a pipe delivery, and the pipe
2007 command itself ended in error, the underlying message about the transport
2008 filter timeout was being overwritten with the pipe command error. Now the
2009 underlying error message should be appended to the second error message.
2010
06a9b4b5
PH
2011TK/01 Fix poll() being unavailable on Mac OSX 10.2.
2012
c1ac6996
PH
2013PH/02 Reduce the amount of output that "make" produces by default. Full output
2014 can still be requested.
2015
9c7a242c
PH
2016PH/03 The warning log line about a condition test deferring for a "warn" verb
2017 was being output only once per connection, rather than after each
2018 occurrence (because it was using the same function as for successful
2019 "warn" verbs). This seems wrong, so I have changed it.
2020
87ba3f5f
PH
2021TF/02 Two buglets in acl.c which caused Exim to read a few bytes of memory that
2022 it should not have, which might have caused a crash in the right
2023 circumstances, but probably never did.
2024
2025PH/04 Installed a modified version of Tony Finch's patch to make submission
2026 mode fix the return path as well as the Sender: header line, and to
2027 add a /name= option so that you can make the user's friendly name appear
2028 in the header line.
2029
29aba418
TF
2030TF/03 Added the control = fakedefer ACL modifier.
2031
fe0dab11
TF
2032TF/04 Added the ratelimit ACL condition. See NewStuff for details. Thanks to
2033 Mark Lowes for thorough testing.
870f6ba8 2034
11d337a4
TK
2035TK/02 Rewrote SPF support to work with libspf2 versions >1.2.0.
2036
2037TK/03 Merged latest SRS patch from Miles Wilton.
2038
415c8f3b
PH
2039PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts
2040 with the definition in sysexits.h (which is #included earlier).
2041 Fortunately, Exim does not actually use EX_OK. The code used to try to
2042 preserve the sysexits.h value, by assumimg that macro definitions were
2043 scanned for macro replacements. I have been disabused of this notion,
2044 so now the code just undefines EX_OK before #including unistd.h.
11d337a4 2045
958541e9
PH
2046PH/06 There is a timeout for writing blocks of data, set by, e.g. data_timeout
2047 in the smtp transport. When a block could not be written in a single
2048 write() function, the timeout was being re-applied to each part-write.
2049 This seems wrong - if the receiver was accepting one byte at a time it
2050 would take for ever. The timeout is now adjusted when this happens. It
2051 doesn't have to be particularly precise.
2052
c206415f
TK
2053TK/04 Added simple SPF lookup method in EXPERIMENTAL_SPF. See NewStuff for
2054 details. Thanks to Chris Webb <chris@arachsys.com> for the patch!
2055
2a4be8f9
PH
2056PH/07 Added "fullpostmaster" verify option, which does a check to <postmaster>
2057 without a domain if the check to <postmaster@domain> fails.
2058
1cba11c5
SC
2059SC/01 Eximstats: added -xls and the ability to specify output files
2060 (patch written by Frank Heydlauf).
2061
2062SC/02 Eximstats: use FileHandles for outputing results.
2063
2064SC/03 Eximstats: allow any combination of xls, txt, and html output.
2065
2066SC/04 Eximstats: fixed display of large numbers with -nvr option
2067
2068SC/05 Eximstats: fixed merging of reports with empty tables.
2069
2070SC/06 Eximstats: added the -include_original_destination flag
2071
2072SC/07 Eximstats: removed tabs and trailing whitespace.
2073
1005d00e
TK
2074TK/05 Malware: Improve on aveserver error handling. Patch from Alex Miller.
2075
2076TK/06 MBOX spool code: Add real "From " MBOX separator line
2077 so the .eml file is really in mbox format (even though
2078 most programs do not really care). Patch from Alex Miller.
2079
2080TK/07 MBOX spool code: Add X-Envelope-From: and X-Envelope-To: headers.
2081 The latter is generated from $received_to and is only set if the
2082 message has one envelope recipient. SA can use these headers,
2083 obviously out-of-the-box. Patch from Alex Miller.
2084
9b4768fa
PH
2085PH/08 The ${def test on a variable was returning false if the variable's
2086 value was "0", contrary to what the specification has always said!
2087 The result should be true unless the variable is empty.
2088
2089PH/09 The syntax error of a character other than { following "${if
2090 def:variable_name" (after optional whitespace) was not being diagnosed.
2091 An expansion such as ${if def:sender_ident:{xxx}{yyy}} in which an
2092 accidental colon was present, for example, could give incorrect results.
2093
0d7eb84a
PH
2094PH/10 Tidied the code in a number of places where the st_size field of a stat()
2095 result is used (not including appendfile, where other changes are about
2096 to be made).
2097
2098PH/11 Upgraded appendfile so that quotas larger than 2G are now supported.
2099 This involved changing a lot of size variables from int to off_t. It
2100 should work with maildirs and everything.
2101
40727bee
TK
2102TK/08 Apply fix provided by Michael Haardt to prevent deadlock in case of
2103 spamd dying while we are connected to it.
2104
554d2369
TF
2105TF/05 Fixed a ${extract error message typo reported by Jeremy Harris
2106 <jgh@wizmail.org>
2107
1f922db1
PH
2108PH/12 Applied Alex Kiernan's patch for the API change for the error callback
2109 function for BDB 4.3.
2110
ef213c3b
PH
2111PH/13 Changed auto_thaw such that it does not apply to bounce messages.
2112
8ac170f3
PH
2113PH/14 Imported PCRE 6.0; this was more than just a trivial operation because
2114 the sources for PCRE have been re-arranged and more files are now
2115 involved.
2116
b1c749bb
PH
2117PH/15 The code I had for printing potentially long long variables in PH/11
2118 above was not the best (it lost precision). The length of off_t variables
2119 is now inspected at build time, and an appropriate printing format (%ld
c6c2dc1d
PH
2120 or %lld) is chosen and #defined by OFF_T_FMT. We also define LONGLONG_T
2121 to be "long long int" or "long int". This is needed for the internal
2122 formatting function string_vformat().
b1c749bb 2123
4aac9b49
PH
2124PH/16 Applied Matthew Newton's patch to exicyclog: "If log_file_path is set in
2125 the configuration file to be ":syslog", then the script "guesses" where
2126 the logs files are, rather than using the compiled in default. In our
2127 case the guess is not the same as the compiled default, so the script
2128 suddenly stopped working when I started to use syslog. The patch checks
2129 to see if log_file_path is "". If so, it attempts to read it from exim
2130 with no configuration file to get the compiled in version, before it
2131 falls back to the previous guessing code."
2132
294520c8
TK
2133TK/09 Added "prvs" and "prvscheck" expansion items. These help a lot with
2134 implementing BATV in an Exim configuration. See NewStuff for the gory
2135 details.
2136
5bd022fe
PH
2137PH/17 Applied Michael Haardt's patch for HP-UX, affecting only the os.h and
2138 Makefile that are specific to HP-UX.
2139
90e9ce59
PH
2140PH/18 If the "use_postmaster" option was set for a recipient callout together
2141 with the "random" option, the postmaster address was used as the MAIL
2142 FROM address for the random test, but not for the subsequent recipient
2143 test. It is now used for both.
2144
5ea81592
PH
2145PH/19 Applied Michael Haardt's patch to update Sieve to RFC3028bis. "The
2146 patch removes a few documentation additions to RFC 3028, because the
2147 latest draft now contains them. It adds the new en;ascii-case comparator
2148 and a new error check for 8bit text in MIME parts. Comparator and
2149 require names are now matched exactly. I enabled the subaddress
2150 extension, but it is not well tested yet (read: it works for me)."
2151
c6c2dc1d
PH
2152PH/20 Added macros for time_t as for off_t (see PH/15 above) and used them to
2153 rework some of the code of TK/09 above to avoid the hardwired use of
2154 "%lld" and "long long". Replaced the call to snprintf() with a call to
2155 string_vformat().
2156
fffffe4c
PH
2157PH/21 Added some other messages to those in 4.51/PH/42, namely "All relevant MX
2158 records point to non-existent hosts", "retry timeout exceeded", and
2159 "retry time not reached for any host after a long failure period".
ca02eafb 2160
9a26b6b2
PH
2161PH/22 Fixed some oversights/typos causing bugs when Exim is compiled with
2162 experimental DomainKeys support:
2163
2164 (1) The filter variables $n0-$n9 and $sn0-$sn9 were broken.
2165 (2) On an error such as an illegally used "control", the wrong name for
2166 the control was given.
2167
2168 These problems did NOT occur unless DomainKeys support was compiled.
2169
4aee0225
PH
2170PH/23 Added daemon_startup_retries and daemon_startup_sleep.
2171
32d668a5
PH
2172PH/24 Added ${if match_ip condition.
2173
8187c3f3
PH
2174PH/25 Put debug statements on either side of calls to EXIM_DBOPEN() for hints
2175 databases so that it will be absolutely obvious if a crash occurs in the
2176 DB library. This is a regular occurrence (often caused by mis-matched
2177 db.h files).
2178
ff790e47 2179PH/26 Insert a lot of missing (void) casts for functions such as chown(),
f1e894f3
PH
2180 chmod(), fcntl(), sscanf(), and other functions from stdio.h. These were
2181 picked up on a user's system that detects such things. There doesn't seem
2182 to be a gcc warning option for this - only an attribute that has to be
2183 put on the function's prototype. It seems that in Fedora Core 4 they have
2184 set this on a number of new functions. No doubt there will be more in due
2185 course.
ff790e47 2186
5417f6d1
PH
2187PH/27 If a dnslookup or manualroute router is set with verify=only, it need not
2188 specify a transport. However, if an address that was verified by such a
2189 router was the subject of a callout, Exim crashed because it tried to
2190 read the rcpt_include_affixes from the non-existent transport. Now it
2191 just assumes that the setting of that option is false. This bug was
2192 introduced by 4.51/PH/31.
2193
59cf8544
PH
2194PH/28 Changed -d+all to exclude +memory, because that information is very
2195 rarely of interest, but it makes the output a lot bigger. People tend to
2196 do -d+all out of habit.
2197
e7ad8a65
PH
2198PH/29 Removed support for the Linux-libc5 build, as it is obsolete and the
2199 code in os-type was giving problems when libc.so lives in lib64, like on
2200 x86_64 Fedora Core.
2201
ade42478
PH
2202PH/30 Exim's DNS code uses the original T_xxx names for DNS record times. These
2203 aren't the modern standard, and it seems that some systems' include files
2204 don't always have them. Exim was already checking for some of the newer
2205 ones like T_AAAA, and defining it itself. I've added checks for all the
2206 record types that Exim uses.
2207
182ad5cf
PH
2208PH/31 When using GnuTLS, if the parameters cache file did not exist, Exim was
2209 not automatically generating a new one, as it is supposed to. This
2210 prevented TLS from working. If the file did exist, but contained invalid
2211 data, a new version was generated, as expected. It was only the case of a
2212 non-existent file that was broken.
2213
b0d9fc80
TK
2214TK/10 Domainkeys: Fix a bug in verification that caused a crash in conjunction
2215 with a change in libdomainkeys > 0.64.
2216
2217TK/11 Domainkeys: Change the logic how the "testing" policy flag is retrieved
2218 from DNS. If the selector record carries the flag, it now has
2219 precedence over the domain-wide flag.
2220
2221TK/12 Cleared some compiler warnings related to SPF, SRS and DK code.
2222
47c7a64a
PH
2223PH/32 In mua_wrapper mode, if an smtp transport configuration error (such as
2224 the use of a port name that isn't defined in /etc/services) occurred, the
2225 message was deferred as in a normal delivery, and thus remained on the
2226 spool, instead of being failed because of the mua_wrapper setting. This
2227 is now fixed, and I tidied up some of the mua_wrapper messages at the
2228 same time.
2229
a388bce4
SC
2230SC/08 Eximstats: whilst parsing the mainlog(s), store information about
2231 the messages in a hash of arrays rather than using individual hashes.
2232 This is a bit cleaner and results in dramatic memory savings, albeit
2233 at a slight CPU cost.
2234
2235SC/09 Eximstats: added the -show_rt<list> and the -show_dt<list> flags
2236 as requested by Marc Sherman.
2237
2238SC/10 Eximstats: added histograms for user specified patterns as requested
2239 by Marc Sherman.
2240
0793e4ed
SC
2241SC/11 Eximstats: v1.43 - bugfix for pattern histograms with -h0 specified.
2242
c58b88df
PH
2243PH/33 Patch from the Cygwin maintainer to add "b" to all occurences of
2244 fopen() in the content-scanning modules that did not already have it.
2245
e7ad8a65 2246
7982096b
PH
2247Exim version 4.51
2248-----------------
2249
1a46a8c5
PH
2250TK/01 Added Yahoo DomainKeys support via libdomainkeys. See
2251 doc/experimental-spec.txt for details. (http://domainkeys.sf.net)
2252
2f079f46 2253TK/02 Fix ACL "control" statement not being available in MIME ACL.
1a46a8c5
PH
2254
2255TK/03 Fix ACL "regex" condition not being available in MIME ACL.
2256
2257PH/01 Installed a patch from the Sieve maintainer that allows -bf to be used
2258 to test Sieve filters that use "vacation".
2259
2260PH/02 Installed a slightly modified version of Nikos Mavrogiannopoulos' patch
2261 that changes the way the GnuTLS parameters are stored in the cache file.
2262 The new format can be generated externally. For backward compatibility,
2263 if the data in the cache doesn't make sense, Exim assumes it has read an
2264 old-format file, and it generates new data and writes a new file. This
2265 means that you can't go back to an older release without removing the
2266 file.
2267
2268PH/03 A redirect router that has both "unseen" and "one_time" set does not
2269 work if there are any delivery delays because "one_time" forces the
2270 parent to be marked "delivered", so its unseen clone is never tried
2271 again. For this reason, Exim now forbids the simultaneous setting of
2272 these two options.
2273
2274PH/04 Change 4.11/85 fixed an obscure bug concerned with addresses that are
2275 redirected to themselves ("homonym" addresses). Read the long ChangeLog
2276 entry if you want to know the details. The fix, however, neglected to
2277 consider the case when local delivery batching is involved. The test for
2278 "previously delivered" was not happening when checking to see if an
2279 address could be batched with a previous (undelivered) one; under
2280 certain circumstances this could lead to multiple deliveries to the same
c2c19e9d 2281 address.
1a46a8c5
PH
2282
2283PH/05 Renamed the macro SOCKLEN_T as EXIM_SOCKLEN_T because AIX uses SOCKLEN_T
2284 in its include files, and this causes problems building Exim.
2285
2286PH/06 A number of "verify =" ACL conditions have no options (e.g. verify =
2287 header_syntax) but Exim was just ignoring anything given after a slash.
2288 In particular, this caused confusion with an attempt to use "verify =
2289 reverse_host_lookup/defer_ok". An error is now given when options are
2290 supplied for verify items that do not have them. (Maybe reverse_host_
2291 lookup should have a defer_ok option, but that's a different point.)
2292
2293PH/07 Increase the size of the buffer for incoming SMTP commands from 512 (as
2294 defined by RFC 821) to 2048, because there were problems with some AUTH
2295 commands, and RFC 1869 says the size should be increased for extended
2296 SMTP commands that take arguments.
2297
2298PH/08 Added ${dlfunc dynamically loaded function for expansion (code from Tony
2299 Finch).
2300
2301PH/09 Previously, an attempt to use ${perl when it wasn't compiled gave an
2302 "unknown" error; now it says that the functionality isn't in the binary.
8d67ada3 2303
49c2d5ea
PH
2304PH/10 Added a nasty fudge to try to recognize and flatten LDAP passwords in
2305 an address' error message when a string expansion fails (syntax or
f331f3b6
PH
2306 whatever). Otherwise the password may appear in the log. Following change
2307 PH/42 below, there is no longer a chance of it appearing in a bounce
2308 message.
49c2d5ea 2309
bf759a8b
PH
2310PH/11 Installed exipick version 20050225.0 from John Jetmore.
2311
83364d30
PH
2312PH/12 If the last host in a fallback_hosts list was multihomed, only the first
2313 of its addresses was ever tried. (Bugzilla bug #2.)
2314
7999bbd7
PH
2315PH/13 If "headers_add" in a transport didn't end in a newline, Exim printed
2316 the result incorrectly in the debug output. (It correctly added a newline
2317 to what was transported.)
2318
7dbf77c9
PH
2319TF/01 Added $received_time.
2320
74e0617f
PH
2321PH/14 Modified the default configuration to add an acl_smtp_data ACL, with
2322 commented out examples of how to interface to a virus scanner and to
2323 SpamAssassin. Also added commented examples of av_scanner and
2324 spamd_address settings.
2325
2f079f46
PH
2326PH/15 Further to TK/02 and TK/03 above, tidied up the tables of what conditions
2327 and controls are allowed in which ACLs. There were a couple of minor
2328 errors. Some of the entries in the conditions table (which is a table of
2329 where they are NOT allowed) were getting very unwieldy; rewrote them as a
2330 negation of where the condition IS allowed.
2331
8c841523
PH
2332PH/16 Installed updated OS/os.c-cygwin from the Cygwin maintainer.
2333
7766a4f0
PH
2334PH/17 The API for radiusclient changed at release 0.4.0. Unfortunately, the
2335 header file does not have a version number, so I've had to invent a new
2336 value for RADIUS_LIB_TYPE, namely "RADIUSCLIENTNEW" to request the new
2337 API. The code is untested by me (my Linux distribution still has 0.3.2 of
2338 radiusclient), but it was contributed by a Radius user.
2339
8b417f2c
PH
2340PH/18 Installed Lars Mainka's patch for the support of CRL collections in
2341 files or directories, for OpenSSL.
2342
901f42cb
PH
2343PH/19 When an Exim process that is running as root has to create an Exim log
2344 file, it does so in a subprocess that runs as exim:exim so as to get the
2345 ownership right at creation (otherwise, other Exim processes might see
2346 the file with the wrong ownership). There was no test for failure of this
2347 fork() call, which would lead to the process getting stuck as it waited
2348 for a non-existent subprocess. Forks do occasionally fail when resources
2349 run out. I reviewed all the other calls to fork(); they all seem to check
2350 for failure.
2351
f9b9210e
PH
2352PH/20 When checking for unexpected SMTP input at connect time (before writing
2353 the banner), Exim was not dealing correctly with a non-positive return
2354 from the read() function. If the client had disconnected by this time,
2355 the result was a log entry for a synchronization error with an empty
2356 string after "input=" when read() returned zero. If read() returned -1
2357 (an event I could not check), uninitialized data bytes were printed.
2358 There were reports of junk text (parts of files, etc) appearing after
2359 "input=".
2360
54cdb463
PH
2361PH/21 Added acl_not_smtp_mime to allow for MIME scanning for non-SMTP messages.
2362
cf00dad6
PH
2363PH/22 Added support for macro redefinition, and (re)definition in between
2364 driver and ACL definitions.
2365
acb1b346
PH
2366PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then
2367 forgetting to use the resulting value; it was using the unexpanded value.
2368
c5ddb310
PH
2369PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it
2370 hadn't been configured. The fix is from Juergen Kreileder, who
2371 understands it better than I do:
2372
2373 "Here's what I see happening with three configured cyrus_sasl
2374 authenticators configured (plain, login, cram-md5):
2375
2376 On startup auth_cyrus_sasl_init() gets called for each of these.
2377 This means three calls to sasl_listmech() without a specified mech_list.
2378 => SASL tests which mechs of all available mechs actually work
2379 => three warnings about OTP not working
2380 => the returned list contains: plain, login, cram-md5, digest-md5, ...
2381
2382 With the patch, sasl_listmech() also gets called three times. But now
2383 SASL's mech_list option is set to the server_mech specified in the the
2384 authenticator. Or in other words, the answer from sasl_listmech()
2385 gets limited to just the mech you're testing for (which is different
2386 for each call.)
2387 => the return list contains just 'plain' or 'login', 'cram-md5' or
2388 nothing depending on the value of ob->server_mech.
2389
2390 I've just tested the patch: Authentication still works fine,
2391 unavailable mechs specified in the exim configuration are still
2392 caught, and the auth.log warnings about OTP are gone."
2393
31619da6
PH
2394PH/25 When debugging is enabled, the contents of the command line are added
2395 to the debugging output, even when log_selector=+arguments is not
2396 specified.
2397
bebaf0fc
PH
2398PH/26 Change scripts/os-type so that when "uname -s" returns just "GNU", the
2399 answer is "GNU", and only if the return is "GNU/something" is the answer
2400 "Linux".
2401
475fe28a
PH
2402PH/27 $acl_verify_message is now set immediately after the failure of a
2403 verification in an ACL, and so is available in subsequent modifiers. In
2404 particular, the message can be preserved by coding like this:
2405
2406 warn !verify = sender
2407 set acl_m0 = $acl_verify_message
2408
2409 Previously, $acl_verify_message was set only while expanding "message"
2410 and "log_message" when a very denied access.
2411
7e8bec7a
PH
2412PH/28 Modified OS/os.c-Linux with
2413
2414 -#ifndef OS_LOAD_AVERAGE
2415 +#if !defined(OS_LOAD_AVERAGE) && defined(__linux__)
2416
2417 to make Exim compile on kfreebsd-gnu. (I'm totally confused about the
2418 nomenclature these days.)
2419
e4a89c47
PH
2420PH/29 Installed patch from the Sieve maintainer that adds the options
2421 sieve_useraddress and sieve_subaddress to the redirect router.
2422
5ca2a9a1
PH
2423PH/30 In these circumstances:
2424 . Two addresses routed to the same list of hosts;
2425 . First host does not offer TLS;
2426 . First host accepts first address;
2427 . First host gives temporary error to second address;
2428 . Second host offers TLS and a TLS session is established;
2429 . Second host accepts second address.
2430 Exim incorrectly logged both deliveries with the TLS parameters (cipher
2431 and peerdn, if requested) that were in fact used only for the second
2432 address.
7e8bec7a 2433
c688b954
PH
2434PH/31 When doing a callout as part of verifying an address, Exim was not paying
2435 attention to any local part prefix or suffix that was matched by the
2436 router that accepted the address. It now behaves in the same way as it
2437 does for delivery: the affixes are removed from the local part unless
2438 rcpt_include_affixes is set on the transport.
2439
fed77020
PH
2440PH/32 Add the sender address, as F=<...>, to the log line when logging a
2441 timeout during the DATA phase of an incoming message.
2442
7fe1560f
PH
2443PH/33 Sieve envelope tests were broken for match types other than :is. I have
2444 applied a patch sanctioned by the Sieve maintainer.
c688b954 2445
ebb6e6d5
PH
2446PH/34 Change 4.50/80 broke Exim in that it could no longer handle cases where
2447 the uid or gid is negative. A case of a negative gid caused this to be
2448 noticed. The fix allows for either to be negative.
2449
9c4e8f60
PH
2450PH/35 ACL_WHERE_MIME is now declared unconditionally, to avoid too much code
2451 clutter, but the tables that are indexed by ACL_WHERE_xxx values had been
2452 overlooked.
2453
2454PH/36 The change PH/12 above was broken. Fixed it.
2455
d7174846
PH
2456PH/37 Exim used to check for duplicate addresses in the middle of routing, on
2457 the grounds that routing the same address twice would always produce the
2458 same answer. This might have been true once, but it is certainly no
2459 longer true now. Routing a child address may depend on the previous
2460 routing that produced that child. Some complicated redirection strategies
2461 went wrong when messages had multiple recipients, and made Exim's
2462 behaviour dependent on the order in which the addresses were given.
2463
2464 I have moved the duplicate checking until after the routing is complete.
2465 Exim scans the addresses that are assigned to local and remote
2466 transports, and removes any duplicates. This means that more work will be
2467 done, as duplicates will always all be routed, but duplicates are
2468 presumably rare, so I don't expect this is of any significance.
2469
2470 For deliveries to pipes, files, and autoreplies, the duplicate checking
2471 still happens during the routing process, since they are not going to be
2472 routed further.
2473
cfe75fc3
PH
2474PH/38 Installed a patch from Ian Freislich, with the agreement of Tom Kistner.
2475 It corrects a timeout issue with spamd. This is Ian's comment: "The
2476 background is that sometimes spamd either never reads data from a
2477 connection it has accepted, or it never writes response data. The exiscan
2478 spam.[ch] uses a 3600 second timeout on spamd socket reads, further, it
2479 blindly assumes that writes won't block so it may never time out."
2480
be22d70e
PH
2481PH/39 Allow G after quota size as well as K and M.
2482
0612b098
PH
2483PH/40 The value set for $authenticated_id in an authenticator may not contain
2484 binary zeroes or newlines because the value is written to log lines and
2485 to spool files. There was no check on this. Now the value is run through
2486 the string_printing() function so that such characters are converted to
2487 printable escape sequences.
2488
2e0c1448
PH
2489PH/41 $message_linecount is a new variable that contains the total number of
2490 lines in the message. Compare $body_linecount, which is the count for the
2491 body only.
2492
447d236c
PH
2493PH/42 Exim no longer gives details of delivery errors for specific addresses in
2494 bounce and delay warning messages, except in certain special cases, which
2495 are as follows:
2496
2497 (a) An SMTP error message from a remote host;
2498 (b) A message specified in a :fail: redirection;
2499 (c) A message specified in a "fail" command in a system filter;
2500 (d) A message specified in a FAIL return from the queryprogram router;
2501 (e) A message specified by the cannot_route_message router option.
2502
2503 In these cases only, Exim does include the error details in bounce and
2504 warning messages. There are also a few cases where bland messages such
2505 as "unrouteable address" or "local delivery error" are given.
2506
d20976dc
PH
2507PH/43 $value is now also set for the "else" part of a ${run expansion.
2508
f656d135
PH
2509PH/44 Applied patch from the Sieve maintainer: "The vacation draft is still
2510 being worked on, but at least Exim now implements the latest version to
2511 play with."
2512
2e2a30b4
PH
2513PH/45 In a pipe transport, although a timeout while waiting for the pipe
2514 process to complete was treated as a delivery failure, a timeout while
2515 writing the message to the pipe was logged, but erroneously treated as a
2516 successful delivery. Such timeouts include transport filter timeouts. For
2517 consistency with the overall process timeout, these timeouts are now
2518 treated as errors, giving rise to delivery failures by default. However,
2519 there is now a new Boolean option for the pipe transport called
2520 timeout_defer, which, if set TRUE, converts the failures into defers for
2521 both kinds of timeout. A transport filter timeout is now identified in
2522 the log output.
2523
9176e9f0
PH
2524PH/46 The "scripts/Configure-config.h" script calls "make" at one point. On
2525 systems where "make" and "gmake" are different, calling "gmake" at top
2526 level broke things. I've arranged for the value of $(MAKE) to be passed
2527 from the Makefile to this script so that it can call the same version of
2528 "make".
2529
7982096b 2530
bbe902f0
PH
2531A note about Exim versions 4.44 and 4.50
2532----------------------------------------
2533
2534Exim 4.50 was meant to be the next release after 4.43. It contains a lot of
2535changes of various kinds. As a consequence, a big documentation update was
2536needed. This delayed the release for rather longer than seemed good, especially
2537in the light of a couple of (minor) security issues. Therefore, the changes
2538that fixed bugs were backported into 4.43, to create a 4.44 maintenance
2539release. So 4.44 and 4.50 are in effect two different branches that both start
2540from 4.43.
2541
2542I have left the 4.50 change log unchanged; it contains all the changes since
25434.43. The change log for 4.44 is below; many of its items are identical to
2544those for 4.50. This seems to be the most sensible way to preserve the
2545historical information.
2546
2547
f7b63901 2548Exim version 4.50
495ae4b0
PH
2549-----------------
2550
5fe762f6
PH
2551 1. Minor wording change to the doc/README.SIEVE file.
2552
139059f6 2553 2. Change 4.43/35 introduced a bug: if quota_filecount was set, the
5fe762f6 2554 computation of the current number of files was incorrect.
495ae4b0 2555
7086e875
PH
2556 3. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
2557 bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
2558 place.
2559
35af9f61
PH
2560 4. Give more explanation in the error message when the command for a transport
2561 filter fails to execute.
2562
b668c215
PH
2563 5. There are several places where Exim runs a non-Exim command in a
2564 subprocess. The SIGUSR1 signal should be disabled for these processes. This
2565 was being done only for the command run by the queryprogram router. It is
2566 now done for all such subprocesses. The other cases are: ${run, transport
2567 filters, and the commands run by the lmtp and pipe transports.
2568
a494b1e1
PH
2569 6. Added CONFIGURE_GROUP build-time option.
2570
2571 7. Some older OS have a limit of 256 on the maximum number of file
2572 descriptors. Exim was using setrlimit() to set 1000 as a large value
2573 unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
2574 systems. I've change it so that if it can't get 1000, it tries for 256.
35edf2ff 2575
c5fcb476
PH
2576 8. "control=submission" was allowed, but had no effect, in a DATA ACL. This
2577 was an oversight, and furthermore, ever since the addition of extra
2578 controls (e.g. 4.43/32), the checks on when to allow different forms of
2579 "control" were broken. There should now be diagnostics for all cases when a
2580 control that does not make sense is encountered.
2581
69358f02
PH
2582 9. Added the /retain_sender option to "control=submission".
2583
5be20824
PH
258410. $recipients is now available in the predata ACL (oversight).
2585
eb2c0248
PH
258611. Tidy the search cache before the fork to do a delivery from a message
2587 received from the command line. Otherwise the child will trigger a lookup
2588 failure and thereby defer the delivery if it tries to use (for example) a
2589 cached ldap connection that the parent has called unbind on.
2590
2a3eea10
PH
259112. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
2592 of $address_data from the recipient verification was clobbered by the
2593 sender verification.
2594
259513. The value of address_data from a sender verification is now available in
2596 $sender_address_data in subsequent conditions in the ACL statement.
2597
23c7ff99
PH
259814. Added forbid_sieve_filter and forbid_exim_filter to the redirect router.
2599
4deaf07d
PH
260015. Added a new option "connect=<time>" to callout options, to set a different
2601 connection timeout.
2602
926e1192
PH
260316. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
2604 was its contents. (It was OK if the option was not defined at all.)
2605
650edc6f
PH
260617. A "Completed" log line is now written for messages that are removed from
2607 the spool by the -Mrm option.
2608
2c7db3f5
PH
260918. New variables $sender_verify_failure and $recipient_verify_failure contain
2610 information about exactly what failed.
2611
3d235903
PH
261219. Added -dd to debug only the daemon process.
2613
7c7ad977
PH
261420. Incorporated Michael Haardt's patch to ldap.c for improving the way it
2615 handles timeouts, both on the server side and network timeouts. Renamed the
2616 CONNECT parameter as NETTIMEOUT (but kept the old name for compatibility).
2617
981756db
PH
261821. The rare case of EHLO->STARTTLS->HELO was setting the protocol to "smtp".
2619 It is now set to "smtps".
2620
d4eb88df
PH
262122. $host_address is now set to the target address during the checking of
2622 ignore_target_hosts.
2623
262423. When checking ignore_target_hosts for an ipliteral router, no host name was
2625 being passed; this would have caused $sender_host_name to have been used if
2626 matching the list had actually called for a host name (not very likely,
2627 since this list is usually IP addresses). A host name is now passed as
2628 "[x.x.x.x]".
2629
7d468ab8
PH
263024. Changed the calls that set up the SIGCHLD handler in the daemon to use the
2631 code that specifies a non-restarting handler (typically sigaction() in
2632 modern systems) in an attempt to fix a rare and obscure crash bug.
2633
263425. Narrowed the window for a race in the daemon that could cause it to ignore
2635 SIGCHLD signals. This is not a major problem, because they are used only to
2636 wake it up if nothing else does.
2637
62c0818f
PH
263826. A malformed maildirsize file could cause Exim to calculate negative values
2639 for the mailbox size or file count. Odd effects could occur as a result.
2640 The maildirsize information is now recalculated if the size or filecount
2641 end up negative.
2642
26034054
PH
264327. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
2644 support for a long time. Removed HAVE_SYS_VFS_H.
2645
af66f652
PH
264628. Installed the latest version of exipick from John Jetmore.
2647
90af77f4
PH
264829. In an address list, if the pattern was not a regular expression, an empty
2649 subject address (from a bounce message) matched only if the pattern was an
2650 empty string. Non-empty patterns were not even tested. This was the wrong
2651 because it is perfectly reasonable to use an empty address as part of a
2652 database query. An empty address is now tested by patterns that are
2653 lookups. However, all the other forms of pattern expect the subject to
2654 contain a local part and a domain, and therefore, for them, an empty
2655 address still always fails if the pattern is not itself empty.
2656
d8ef3577
PH
265730. Exim went into a mad DNS loop when attempting to do a callout where the
2658 host was specified on an smtp transport, and looking it up yielded more
2659 than one IP address.
2660
5cb8cbc6
PH
266131. Re-factored the code for checking spool and log partition space into a
2662 function that finds that data and another that does the check. The former
2663 is then used to implement four new variables: $spool_space, $log_space,
2664 $spool_inodes, and $log_inodes.
2665
14702f5b
PH
266632. The RFC2047 encoding function was originally intended for short strings
2667 such as real names; it was not keeping to the 75-character limit for
2668 encoded words that the RFC imposes. It now respects the limit, and
2669 generates multiple encoded words if necessary. To be on the safe side, I
2670 have increased the buffer size for the ${rfc2047: expansion operator from
2671 1024 to 2048 bytes.
2672
063b1e99
PH
267333. It is now permitted to omit both strings after an "if" condition; if the
2674 condition is true, the result is "true". As before, when the second string
2675 is omitted, a false condition yields an empty string. This makes it less
2676 cumbersome to write custom ACL and router conditions.
2677
652e1b65
PH
267834. Failure to deliver a bounce message always caused it to be frozen, even if
2679 there was an errors_to setting on the router. The errors_to setting is now
2680 respected.
2681
6f0c9a4f
PH
268235. If an IPv6 address is given for -bh or -bhc, it is now converted to the
2683 canonical form (fully expanded) before being placed in
2684 $sender_host_address.
2685
33397d19
PH
268636. The table in the code that translates DNS record types into text (T_A to
2687 "A" for instance) was missing entries for NS and CNAME. It is just possible
2688 that this could have caused confusion if both these types were looked up
2689 for the same domain, because the text type is used as part of Exim's
2690 per-process caching. But the chance of anyone hitting this buglet seems
2691 very small.
2692
7bb56e1f
PH
269337. The dnsdb lookup has been extended in a number of ways.
2694
2695 (1) There is a new type, "zns", which walks up the domain tree until it
2696 finds some nameserver records. It should be used with care.
2697
ea3bc19b
PH
2698 (2) There is a new type, "mxh", which is like "mx" except that it returns
2699 just the host names, not the priorities.
2700
2701 (3) It is now possible to give a list of domains (or IP addresses) to be
ff4dbb19
PH
2702 looked up. The behaviour when one of the lookups defers can be
2703 controlled by a keyword.
7bb56e1f 2704
ea3bc19b 2705 (4) It is now possible to specify the separator character for use when
7bb56e1f 2706 multiple records are returned.
33397d19 2707
0bcb2a0e
PH
270838. The dnslists ACL condition has been extended: it is now possible to supply
2709 a list of IP addresses and/or domains to be looked up in a particular DNS
2710 domain.
2711
2ac0e484
PH
271239. Added log_selector=+queue_time_overall.
2713
4e1fde53
PH
271440. When running the queue in the test harness, wait just a tad after forking a
2715 delivery process, to get repeatability of debugging output.
2716
de365ded
PH
271741. Include certificate and key file names in error message when GnuTLS fails
2718 to set them up, because the GnuTLS error message doesn't include the name
2719 of the failing file when there is a problem reading it.
2720
f05da2e8
PH
272142. Allow both -bf and -bF in the same test run.
2722
d6453af2
PH
272343. Did the same fix as 41 above for OpenSSL, which had the same infelicity.
2724
f7b63901
PH
272544. The "Exiscan patch" is now merged into the mainline Exim source.
2726
272745. Sometimes the final signoff response after QUIT could fail to get
2728 transmitted in the non-TLS case. Testing !tls_active instead of tls_active
2729 < 0 before doing a fflush(). This bug looks as though it goes back to the
2730 introduction of TLS in release 3.20, but "sometimes" must have been rare
2731 because the tests only now provoked it.
2732
a444213a
PH
273346. Reset the locale to "C" after calling embedded Perl, in case it was changed
2734 (this can affect the format of dates).
2735
0ec020ea
PH
273647. exim_tidydb, when checking for the continued existence of a message for
2737 which it has found a message-specific retry record, was not finding
2738 messages that were in split spool directories. Consequently, it was
2739 deleting retry records that should have stayed in existence.
2740
b1206957
PH
274148. Steve fixed some bugs in eximstats.
2742
274349. The SPA authentication driver was not abandoning authentication and moving
2744 on to the next authenticator when an expansion was forced to fail,
2745 contradicting the general specification for all authenticators. Instead it
2746 was generating a temporary error. It now behaves as specified.
2747
26dd5a95
PH
274850. The default ordering of permitted cipher suites for GnuTLS was pessimal
2749 (the order specifies the preference for clients). The order is now AES256,
2750 AES128, 3DES, ARCFOUR128.
2751
343b2385
PH
275251. Small patch to Sieve code - explicitly set From: when generating an
2753 autoreply.
2754
1c5466b9
PH
275552. Exim crashed if a remote delivery caused a very long error message to be
2756 recorded - for instance if somebody sent an entire SpamAssassin report back
2757 as a large number of 550 error lines. This bug was coincidentally fixed by
2758 increasing the size of one of Exim's internal buffers (big_buffer) that
2759 happened as part of the Exiscan merge. However, to be on the safe side, I
2760 have made the code more robust (and fixed the comments that describe what
2761 is going on).
2762
55ee9ee3
PH
276353. Now that there can be additional text after "Completed" in log lines (if
2764 the queue_time_overall log selector is set), a one-byte patch to exigrep
2765 was needed to allow it to recognize "Completed" as not the last thing in
2766 the line.
2767
d38f8232
PH
276854. The LDAP lookup was not handling a return of LDAP_RES_SEARCH_REFERENCE. A
2769 patch that reportedly fixes this has been added. I am not expert enough to
2770 create a test for it. This is what the patch creator wrote:
2771
2772 "I found a little strange behaviour of ldap code when working with
2773 Windows 2003 AD Domain, where users was placed in more than one
2774 Organization Units. When I tried to give exim partial DN, the exit code
2775 of ldap_search was unknown to exim because of LDAP_RES_SEARCH_REFERENCE.
2776 But simultaneously result of request was absolutely normal ldap result,
2777 so I produce this patch..."
2778
3295e65b
PH
2779 Later: it seems that not all versions of LDAP support LDAP_RES_SEARCH_
2780 REFERENCE, so I have modified the code to exclude the patch when that macro
2781 is not defined.
2782
7102e136
PH
278355. Some experimental protocols are using DNS PTR records for new purposes. The
2784 keys for these records are domain names, not reversed IP addresses. The
b975ba52
PH
2785 dnsdb PTR lookup now tests whether its key is an IP address. If not, it
2786 leaves it alone. Component reversal etc. now happens only for IP addresses.
ea3a6f44 2787 CAN-2005-0021
7102e136 2788
3ca0ba97
PH
278956. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP.
2790
c2bcbe20
PH
279157. Double the size of the debug message buffer (to 2048) so that more of very
2792 long debug lines gets shown.
2793
18ce445d
PH
279458. The exicyclog utility now does better if the number of log files to keep
2795 exceeds 99. In this case, it numbers them 001, 002 ... instead of 01, 02...
2796
1f5b4c3d
PH
279759. Two changes related to the smtp_active_hostname option:
2798
2799 (1) $smtp_active_hostname is now available as a variable.
2800 (2) The default for smtp_banner uses $smtp_active_hostname instead
2801 of $primary_hostname.
2802
b975ba52
PH
280360. The host_aton() function is supposed to be passed a string that is known
2804 to be a valid IP address. However, in the case of IPv6 addresses, it was
2805 not checking this. This is a hostage to fortune. Exim now panics and dies
2806 if the condition is not met. A case was found where this could be provoked
85b87bc2
PH
2807 from a dnsdb PTR lookup with an IPv6 address that had more than 8
2808 components; fortuitously, this particular loophole had already been fixed
2809 by change 4.50/55 above.
2810
2811 If there are any other similar loopholes, the new check in host_aton()
2812 itself should stop them being exploited. The report I received stated that
2813 data on the command line could provoke the exploit when Exim was running as
2814 exim, but did not say which command line option was involved. All I could
2815 find was the use of -be with a bad dnsdb PTR lookup, and in that case it is
2816 running as the user.
ea3a6f44 2817 CAN-2005-0021
85b87bc2
PH
2818
281961. There was a buffer overflow vulnerability in the SPA authentication code
2820 (which came originally from the Samba project). I have added a test to the
2821 spa_base64_to_bits() function which I hope fixes it.
ea3a6f44 2822 CAN-2005-0022
b975ba52 2823
17ffcae7
PH
282462. Configuration update for GNU/Hurd and variations. Updated Makefile-GNU and
2825 os.h-GNU, and added configuration files for GNUkFreeBSD and GNUkNetBSD.
2826
d95f9fdb
PH
282763. The daemon start-up calls getloadavg() while still root for those OS that
2828 need the first call to be done as root, but it missed one case: when
2829 deliver_queue_load_max is set with deliver_drop_privilege. This is
2830 necessary for the benefit of the queue runner, because there is no re-exec
2831 when deliver_drop_privilege is set.
2832
86b8287f
PH
283364. A call to exiwhat cut short delays set up by "delay" modifiers in ACLs.
2834 This has been fixed.
2835
60dc5e56
PH
283665. Caching of lookup data for "hosts =" ACL conditions, when a named host list
2837 was in use, was not putting the data itself into the right store pool;
2838 consequently, it could be overwritten for a subsequent message in the same
2839 SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked
2840 the caching.)
2841
533244af
PH
284266. Added hosts_max_try_hardlimit to the smtp transport, default 50.
2843
a5a28604
PH
284467. The string_is_ip_address() function returns 0, 4, or 6, for "no an IP
2845 address", "IPv4 address", and "IPv6 address", respectively. Some calls of
2846 the function were treating the return as a boolean value, which happened to
2847 work because 0=false and not-0=true, but is not correct code.
2848
7e634d24
PH
284968. The host_aton() function was not handling scoped IPv6 addresses (those
2850 with, for example, "%eth0" on the end) correctly.
2851
3e11c26b
PH
285269. Fixed some compiler warnings in acl.c for the bitmaps specified with
2853 negated items (that is, ~something) in unsigned ints. Some compilers
2854 apparently mutter when there is no cast.
2855
6729cf78
PH
285670. If an address verification called from an ACL failed, and did not produce a
2857 user-specific message (i.e. there was only a "system" message), nothing was
2858 put in $acl_verify_message. In this situation, it now puts the system
2859 message there.
2860
00f00ca5
PH
286171. Change 4.23/11 added synchronization checking at the start of an SMTP
2862 session; change 4.31/43 added the unwanted input to the log line - except
2863 that it did not do this in the start of session case. It now does.
2864
c9bdd01c
PH
286572. After a timeout in a callout SMTP session, Exim still sent a QUIT command.
2866 This is wrong and can cause the other end to generate a synchronization
2867 error if it is another Exim or anything else that does the synchronization
2868 check. A QUIT command is no longer sent after a timeout.
2869
d43194df
PH
287073. $host_lookup_deferred has been added, to make it easier to detect DEFERs
2871 during host lookups.
2872
fe5b5d0b
PH
287374. The defer_ok option of callout verification was not working if it was used
2874 when verifying addresses in header lines, that is, for this case:
2875
2876 verify = header_sender/callout=defer_ok
2877
76a2d7ba
PH
287875. A backgrounded daemon closed stdin/stdout/stderr on entry; this meant that
2879 those file descriptors could be used for SMTP connections. If anything
2880 wrote to stderr (the example that came up was "warn" in embedded Perl), it
2881 could be sent to the SMTP client, causing chaos. The daemon now opens
2882 stdin, stdout, and stderr to /dev/null when it puts itself into the
2883 background.
2884
288576. Arrange for output from Perl's "warn" command to be written to Exim's main
2886 log by default. The user can override this with suitable Perl magic.
2887
04f7d5b9
PH
288877. The use of log_message on a "discard" ACL verb, which is supposed to add to
2889 the log message when discard triggers, was not working for the DATA ACL or
2890 for the non-SMTP ACL.
2891
bc60667e
PH
289278. Error message wording change in sieve.c.
2893
bb6e88ff
PH
289479. If smtp_accept_max_per_host was set, the number of connections could be
2895 restricted to fewer than expected, because the daemon was trying to set up
2896 a new connection before checking whether the processes handling previous
2897 connections had finished. The check for completed processes is now done
2898 earlier. On busy systems, this bug wouldn't be noticed because something
2899 else would have woken the daemon, and it would have reaped the completed
2900 process earlier.
2901
1e70f85b
PH
290280. If a message was submitted locally by a user whose login name contained one
2903 or more spaces (ugh!), the spool file that Exim wrote was not re-readable.
2904 It caused a spool format error. I have fixed the spool reading code. A
2905 related problem was that the "from" clause in the Received: line became
2906 illegal because of the space(s). It is now covered by ${quote_local_part.
2907
290881. Included the latest eximstats from Steve (adds average sizes to HTML Top
2909 tables).
2910
4e01f9d6
PH
291182. Updated OS/Makefile-AIX as per message from Mike Meredith.
2912
1ee1cef2
PH
291383. Patch from Sieve maintainer to fix unterminated string problem in
2914 "vacation" handling.
2915
6e2b4ccc
PH
291684. Some minor changes to the Linux configuration files to help with other
2917 OS variants using glibc.
2918
8e669ac1
PH
291985. One more patch for Sieve to update vacation handling to latest spec.
2920
495ae4b0 2921
bbe902f0
PH
2922----------------------------------------------------
2923See the note above about the 4.44 and 4.50 releases.
2924----------------------------------------------------
2925
2926
2927Exim version 4.44
2928-----------------
2929
2930 1. Change 4.43/35 introduced a bug that caused file counts to be
2931 incorrectly computed when quota_filecount was set in an appendfile
2932 transport
2933
2934 2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
2935 bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
2936 place.
2937
2938 3. Give more explanation in the error message when the command for a transport
2939 filter fails to execute.
2940
2941 4. There are several places where Exim runs a non-Exim command in a
2942 subprocess. The SIGUSR1 signal should be disabled for these processes. This
2943 was being done only for the command run by the queryprogram router. It is
2944 now done for all such subprocesses. The other cases are: ${run, transport
2945 filters, and the commands run by the lmtp and pipe transports.
2946
2947 5. Some older OS have a limit of 256 on the maximum number of file
2948 descriptors. Exim was using setrlimit() to set 1000 as a large value
2949 unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
2950 systems. I've change it so that if it can't get 1000, it tries for 256.
2951
2952 6. "control=submission" was allowed, but had no effect, in a DATA ACL. This
2953 was an oversight, and furthermore, ever since the addition of extra
2954 controls (e.g. 4.43/32), the checks on when to allow different forms of
2955 "control" were broken. There should now be diagnostics for all cases when a
2956 control that does not make sense is encountered.
2957
2958 7. $recipients is now available in the predata ACL (oversight).
2959
2960 8. Tidy the search cache before the fork to do a delivery from a message
2961 received from the command line. Otherwise the child will trigger a lookup
2962 failure and thereby defer the delivery if it tries to use (for example) a
2963 cached ldap connection that the parent has called unbind on.
2964
2965 9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
2966 of $address_data from the recipient verification was clobbered by the
2967 sender verification.
2968
296910. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
2970 was its contents. (It was OK if the option was not defined at all.)
2971
297211. A "Completed" log line is now written for messages that are removed from
2973 the spool by the -Mrm option.
2974
297512. $host_address is now set to the target address during the checking of
2976 ignore_target_hosts.
2977
297813. When checking ignore_target_hosts for an ipliteral router, no host name was
2979 being passed; this would have caused $sender_host_name to have been used if
2980 matching the list had actually called for a host name (not very likely,
2981 since this list is usually IP addresses). A host name is now passed as
2982 "[x.x.x.x]".
2983
298414. Changed the calls that set up the SIGCHLD handler in the daemon to use the
2985 code that specifies a non-restarting handler (typically sigaction() in
2986 modern systems) in an attempt to fix a rare and obscure crash bug.
2987
298815. Narrowed the window for a race in the daemon that could cause it to ignore
2989 SIGCHLD signals. This is not a major problem, because they are used only to
2990 wake it up if nothing else does.
2991
299216. A malformed maildirsize file could cause Exim to calculate negative values
2993 for the mailbox size or file count. Odd effects could occur as a result.
2994 The maildirsize information is now recalculated if the size or filecount
2995 end up negative.
2996
299717. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
2998 support for a long time. Removed HAVE_SYS_VFS_H.
2999
ea3a6f44 300018. Updated exipick to current release from John Jetmore.
bbe902f0
PH
3001
300219. Allow an empty sender to be matched against a lookup in an address list.
3003 Previously the only cases considered were a regular expression, or an
3004 empty pattern.
3005
300620. Exim went into a mad DNS lookup loop when doing a callout where the
3007 host was specified on the transport, if the DNS lookup yielded more than
3008 one IP address.
3009
ea3a6f44
NM
301021. The RFC2047 encoding function was originally intended for short strings
3011 such as real names; it was not keeping to the 75-character limit for
3012 encoded words that the RFC imposes. It now respects the limit, and
3013 generates multiple encoded words if necessary. To be on the safe side, I
3014 have increased the buffer size for the ${rfc2047: expansion operator from
3015 1024 to 2048 bytes.
bbe902f0 3016
ea3a6f44
NM
301722. Failure to deliver a bounce message always caused it to be frozen, even if
3018 there was an errors_to setting on the router. The errors_to setting is now
3019 respected.
bbe902f0
PH
3020
302123. If an IPv6 address is given for -bh or -bhc, it is now converted to the
3022 canonical form (fully expanded) before being placed in
3023 $sender_host_address.
3024
302524. Updated eximstats to version 1.33
3026
ea3a6f44
NM
302725. Include certificate and key file names in error message when GnuTLS fails
3028 to set them up, because the GnuTLS error message doesn't include the name
3029 of the failing file when there is a problem reading it.
bbe902f0
PH
3030
303126. Expand error message when OpenSSL has problems setting up cert/key files.
ea3a6f44 3032 As per change 25.
bbe902f0 3033
ea3a6f44
NM
303427. Reset the locale to "C" after calling embedded Perl, in case it was changed
3035 (this can affect the format of dates).
bbe902f0 3036
ea3a6f44
NM
303728. exim_tidydb, when checking for the continued existence of a message for
3038 which it has found a message-specific retry record, was not finding
3039 messages that were in split spool directories. Consequently, it was
3040 deleting retry records that should have stayed in existence.
bbe902f0
PH
3041
304229. eximstats updated to version 1.35
3043 1.34 - allow eximstats to parse syslog lines as well as mainlog lines
3044 1.35 - bugfix such that pie charts by volume are generated correctly
3045
ea3a6f44
NM
304630. The SPA authentication driver was not abandoning authentication and moving
3047 on to the next authenticator when an expansion was forced to fail,
3048 contradicting the general specification for all authenticators. Instead it
3049 was generating a temporary error. It now behaves as specified.
bbe902f0 3050
ea3a6f44
NM
305131. The default ordering of permitted cipher suites for GnuTLS was pessimal
3052 (the order specifies the preference for clients). The order is now AES256,
3053 AES128, 3DES, ARCFOUR128.
bbe902f0 3054
ea3a6f44
NM
305531. Small patch to Sieve code - explicitly set From: when generating an
3056 autoreply.
bbe902f0 3057
ea3a6f44
NM
305832. Exim crashed if a remote delivery caused a very long error message to be
3059 recorded - for instance if somebody sent an entire SpamAssassin report back
3060 as a large number of 550 error lines. This bug was coincidentally fixed by
3061 increasing the size of one of Exim's internal buffers (big_buffer) that
3062 happened as part of the Exiscan merge. However, to be on the safe side, I
3063 have made the code more robust (and fixed the comments that describe what
3064 is going on).
bbe902f0 3065
ea3a6f44
NM
306633. Some experimental protocols are using DNS PTR records for new purposes. The
3067 keys for these records are domain names, not reversed IP addresses. The
3068 dnsdb PTR lookup now tests whether its key is an IP address. If not, it
3069 leaves it alone. Component reversal etc. now happens only for IP addresses.
bbe902f0
PH
3070 CAN-2005-0021
3071
ea3a6f44
NM
307234. The host_aton() function is supposed to be passed a string that is known
3073 to be a valid IP address. However, in the case of IPv6 addresses, it was
3074 not checking this. This is a hostage to fortune. Exim now panics and dies
3075 if the condition is not met. A case was found where this could be provoked
3076 from a dnsdb PTR lookup with an IPv6 address that had more than 8
3077 components; fortuitously, this particular loophole had already been fixed
3078 by change 4.50/55 or 4.44/33 above.
3079
3080 If there are any other similar loopholes, the new check in host_aton()
3081 itself should stop them being exploited. The report I received stated that
3082 data on the command line could provoke the exploit when Exim was running as
3083 exim, but did not say which command line option was involved. All I could
3084 find was the use of -be with a bad dnsdb PTR lookup, and in that case it is
3085 running as the user.
bbe902f0
PH
3086 CAN-2005-0021
3087
ea3a6f44
NM
308835. There was a buffer overflow vulnerability in the SPA authentication code
3089 (which came originally from the Samba project). I have added a test to the
3090 spa_base64_to_bits() function which I hope fixes it.
bbe902f0
PH
3091 CAN-2005-0022
3092
ea3a6f44
NM
309336. The daemon start-up calls getloadavg() while still root for those OS that
3094 need the first call to be done as root, but it missed one case: when
3095 deliver_queue_load_max is set with deliver_drop_privilege. This is
3096 necessary for the benefit of the queue runner, because there is no re-exec
3097 when deliver_drop_privilege is set.
bbe902f0 3098
ea3a6f44
NM
309937. Caching of lookup data for "hosts =" ACL conditions, when a named host list
3100 was in use, was not putting the data itself into the right store pool;
3101 consequently, it could be overwritten for a subsequent message in the same
3102 SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked
3103 the caching.)
bbe902f0 3104
ea3a6f44
NM
310538. Sometimes the final signoff response after QUIT could fail to get
3106 transmitted in the non-TLS case. Testing !tls_active instead of tls_active
3107 < 0 before doing a fflush(). This bug looks as though it goes back to the
3108 introduction of TLS in release 3.20, but "sometimes" must have been rare
3109 because the tests only now provoked it.
bbe902f0
PH
3110
3111
495ae4b0
PH
3112Exim version 4.43
3113-----------------
3114
3115 1. Fixed a longstanding but relatively impotent bug: a long time ago, before
3116 PIPELINING, the function smtp_write_command() used to return TRUE or FALSE.
3117 Now it returns an integer. A number of calls were still expecting a T/F
3118 return. Fortuitously, in all cases, the tests worked in OK situations,
3119 which is the norm. However, things would have gone wrong on any write
3120 failures on the smtp file descriptor. This function is used when sending
3121 messages over SMTP and also when doing verify callouts.
3122
3123 2. When Exim is called to do synchronous delivery of a locally submitted
3124 message (the -odf or -odi options), it no longer closes stderr before doing
3125 the delivery.
3126
3127 3. Implemented the mua_wrapper option.
3128
3129 4. Implemented mx_fail_domains and srv_fail_domains for the dnslookup router.
3130
3131 5. Implemented the functions header_remove(), header_testname(),
3132 header_add_at_position(), and receive_remove_recipient(), and exported them
3133 to local_scan().
3134
3135 6. If an ACL "warn" statement specified the addition of headers, Exim already
3136 inserted X-ACL-Warn: at the start if there was no header name. However, it
3137 was not making this test for the second and subsequent header lines if
3138 there were newlines in the string. This meant that an invalid header could
3139 be inserted if Exim was badly configured.
3140
3141 7. Allow an ACL "warn" statement to add header lines at the start or after all
3142 the Received: headers, as well as at the end.
3143
3144 8. Added the rcpt_4xx retry error code.
3145
3146 9. Added postmaster_mailfrom=xxx to callout verification option.
3147
314810. Added mailfrom=xxxx to the callout verification option, for verify=
3149 header_sender only.
3150
315111. ${substr_1_:xxxx} and ${substr__3:xxxx} are now diagnosed as syntax errors
3152 (they previously behaved as ${substr_1_0:xxxx} and ${substr:_0_3:xxxx}).
3153
315412. Inserted some casts to stop certain compilers warning when using pointer
3155 differences as field lengths or precisions in printf-type calls (mostly
3156 affecting debugging statements).
3157
315813. Added optional readline() support for -be (dynamically loaded).
3159
316014. Obscure bug fix: if a message error (e.g. 4xx to MAIL) happened within the
3161 same clock tick as a message's arrival, so that its received time was the
3162 same as the "first fail" time on the retry record, and that message
3163 remained on the queue past the ultimate address timeout, every queue runner
3164 would try a delivery (because it was past the ultimate address timeout) but
3165 after another failure, the ultimate address timeout, which should have then
3166 bounced the address, did not kick in. This was a "< instead of <=" error;
3167 in most cases the first failure would have been in the next clock tick
3168 after the received time, and all would be well.
3169
317015. The special items beginning with @ in domain lists (e.g. @mx_any) were not
3171 being recognized when the domain list was tested by the match_domain
3172 condition in an expansion string.
3173
317416. Added the ${str2b64: operator.
3175
317617. Exim was always calling setrlimit() to set a large limit for the number of
3177 processes, without checking whether the existing limit was already
3178 adequate. (It did check for the limit on file descriptors.) Furthermore,
3179 errors from getrlimit() and setrlimit() were being ignored. Now they are
3180 logged to the main and panic logs, but Exim does carry on, to try to do its
3181 job under whatever limits there are.
3182
318318. Imported PCRE 5.0.
3184
318519. Trivial typo in log message " temporarily refused connection" (the leading
3186 space).
3187
318820. If the log selector return_path_on_delivery was set and an address was
3189 redirected to /dev/null, the delivery process crashed because it assumed
3190 that a return path would always be set for a "successful" delivery. In this
3191 case, the whole delivery is bypassed as an optimization, and therefore no
3192 return path is set.
3193
319421. Internal re-arrangement: the function for sending a challenge and reading
3195 a response while authentication was assuming a zero-terminated challenge
3196 string. It's now changed to take a pointer and a length, to allow for
3197 binary data in such strings.
3198
319922. Added the cyrus_sasl authenticator (code supplied by MBM).
3200
320123. Exim was not respecting finduser_retries when seeking the login of the
3202 uid under which it was called; it was always trying 10 times. (The default
3203 setting of finduser_retries is zero.) Also, it was sleeping after the final
3204 failure, which is pointless.
3205
320624. Implemented tls_on_connect_ports.
3207
320825. Implemented acl_smtp_predata.
3209
321026. If the domain in control=submission is set empty, Exim assumes that the
3211 authenticated id is a complete email address when it generates From: or
3212 Sender: header lines.
3213
321427. Added "#define SOCKLEN_T int" to OS/os.h-SCO and OS/os.h-SCO_SV. Also added
3215 definitions to OS/Makefile-SCO and OS/Makefile-SCO_SV that put basename,
3216 chown and chgrp in /bin and hostname in /usr/bin.
3217
321828. Exim was keeping the "process log" file open after each use, just as it
3219 does for the main log. This opens the possibility of it remaining open for
3220 long periods when the USR1 signal hits a daemon. Occasional processlog
3221 errors were reported, that could have been caused by this. Anyway, it seems
3222 much more sensible not to leave this file open at all, so that is what now
3223 happens.
3224
322529. The long-running daemon process does not normally write to the log once it
3226 has entered its main loop, and it closes the log before doing so. This is
3227 so that log files can straightforwardly be renamed and moved. However,
3228 there are a couple of unusual error situations where the daemon does write
3229 log entries, and I had neglected to close the log afterwards.
3230
323130. The text of an SMTP error response that was received during a remote
3232 delivery was being truncated at 512 bytes. This is too short for some of
3233 the long messages that one sometimes sees. I've increased the limit to
3234 1024.
3235
323631. It is now possible to make retry rules that apply only when a message has a
3237 specific sender, in particular, an empty sender.
3238
323932. Added "control = enforce_sync" and "control = no_enforce_sync". This makes
3240 it possible to be selective about when SMTP synchronization is enforced.
3241
324233. Added "control = caseful_local_part" and "control = "caselower_local_part".
3243
324432. Implemented hosts_connection_nolog.
3245
324633. Added an ACL for QUIT.
3247
324834. Setting "delay_warning=" to disable warnings was not working; it gave a
3249 syntax error.
3250
325135. Added mailbox_size and mailbox_filecount to appendfile.
3252
325336. Added control = no_multiline_responses to ACLs.
3254
325537. There was a bug in the logic of the code that waits for the clock to tick
3256 in the case where the clock went backwards by a substantial amount such
3257 that the microsecond fraction of "now" was more than the microsecond
3258 fraction of "then" (but the whole seconds number was less).
3259
326038. Added support for the libradius Radius client library this is found on
3261 FreeBSD (previously only the radiusclient library was supported).
3262
3263
3264Exim version 4.42
3265-----------------
3266
3267 1. When certain lookups returned multiple values in the form name=value, the
3268 quoting of the values was not always being done properly. Specifically:
3269 (a) If the value started with a double quote, but contained no whitespace,
3270 it was not quoted.
3271 (b) If the value contained whitespace other than a space character (i.e.
3272 tabs or newlines or carriage returns) it was not quoted.
3273 This fix has been applied to the mysql and pgsql lookups by writing a
3274 separate quoting function and calling it from the lookup code. The fix
3275 should probably also be applied to nisplus, ibase and oracle lookups, but
3276 since I cannot test any of those, I have not disturbed their existing code.
3277
3278 2. A hit in the callout cache for a specific address caused a log line with no
3279 reason for rejecting RCPT. Now it says "Previous (cached) callout
3280 verification failure".
3281
3282 3. There was an off-by-one bug in the queryprogram router. An over-long
3283 return line was truncated at 256 instead of 255 characters, thereby
3284 overflowing its buffer with the terminating zero. As well as fixing this, I
3285 have increased the buffer size to 1024 (and made a note to document this).
3286
3287 4. If an interrupt, such as the USR1 signal that is send by exiwhat, arrives
3288 when Exim is waiting for an SMTP response from a remote server, Exim
3289 restarts its select() call on the socket, thereby resetting its timeout.
3290 This is not a problem when such interrupts are rare. Somebody set up a cron
3291 job to run exiwhat every 2 minutes, which is less than the normal select()
3292 timeout (5 or 10 minutes). This meant that the select() timeout never
3293 kicked in because it was always reset. I have fixed this by comparing the
3294 time when an interrupt arrives with the time at the start of the first call
3295 to select(). If more time than the timeout has elapsed, the interrupt is
3296 treated as a timeout.
3297
3298 5. Some internal re-factoring in preparation for the addition of Sieve
3299 extensions (by MH). In particular, the "personal" test is moved to a
3300 separate function, and given an option for scanning Cc: and Bcc: (which is
3301 not set for Exim filters).
3302
3303 6. When Exim created an email address using the login of the caller as the
3304 local part (e.g. when creating a From: or Sender: header line), it was not
3305 quoting the local part when it contained special characters such as @.
3306
3307 7. Installed new OpenBSD configuration files.
3308
3309 8. Reworded some messages for syntax errors in "and" and "or" conditions to
3310 try to make them clearer.
3311
3312 9. Callout options, other than the timeout value, were being ignored when
3313 verifying sender addresses in header lines. For example, when using
3314
3315 verify = header_sender/callout=no_cache
3316
3317 the cache was (incorrectly) being used.
3318
331910. Added a missing instance of ${EXE} to the exim_install script; this affects
3320 only the Cygwin environment.
3321
332211. When return_path_on_delivery was set as a log selector, if different remote
3323 addresses in the same message used different return paths and parallel
3324 remote delivery occurred, the wrong values would sometimes be logged.
3325 (Whenever a remote delivery process finished, the return path value from
3326 the most recently started remote delivery process was logged.)
3327
332812. RFC 3848 specifies standard names for the "with" phrase in Received: header
3329 lines when AUTH and/or TLS are in use. This is the "received protocol"
3330 field. Exim used to use "asmtp" for authenticated SMTP, without any
3331 indication (in the protocol name) for TLS use. Now it follows the RFC and
3332 uses "esmtpa" if the connection is authenticated, "esmtps" if it is
3333 encrypted, and "esmtpsa" if it is both encrypted and authenticated. These
3334 names appear in log lines as well as in Received: header lines.
3335
333613. Installed MH's patches for Sieve to add the "copy" and "vacation"
3337 extensions, and comparison tests, and to fix some bugs.
3338
333914. Changes to the "personal" filter test:
3340
3341 (1) The test was buggy in that it was just doing the equivalent of
3342 "contains" tests on header lines. For example, if a user's address was
3343 anne@some.where, the "personal" test would incorrectly be true for
3344
3345 To: susanne@some.where
3346
3347 This test is now done by extracting each address from the header in turn,
3348 and checking the entire address. Other tests that are part of "personal"
3349 are now done using regular expressions (for example, to check local parts
3350 of addresses in From: header lines).
3351
3352 (2) The list of non-personal local parts in From: addresses has been
3353 extended to include "listserv", "majordomo", "*-request", and "owner-*",
3354 taken from the Sieve specification recommendations.
3355
3356 (3) If the message contains any header line starting with "List-" it is
3357 treated as non-personal.
3358
3359 (4) The test for "circular" in the Subject: header line has been removed
3360 because it now seems ill-conceived.
3361
336215. Minor typos in src/EDITME comments corrected.
3363
336416. Installed latest exipick from John Jetmore.
3365
336617. If headers_add on a router specified a text string that was too long for
3367 string_sprintf() - that is, longer than 8192 bytes - Exim panicked. The use
3368 of string_sprintf() is now avoided.
3369
337018. $message_body_size was not set (it was always zero) when running the DATA
3371 ACL and the local_scan() function.
3372
337319. For the "mail" command in an Exim filter, no default was being set for
3374 the once_repeat time, causing a random time value to be used if "once" was
3375 specified. (If the value happened to be <= 0, no repeat happened.) The
3376 default is now 0s, meaning "never repeat". The "vacation" command was OK
3377 (its default is 7d). It's somewhat surprising nobody ever noticed this bug
3378 (I found it when inspecting the code).
3379
338020. There is now an overall timeout for performing a callout verification. It
3381 defaults to 4 times the callout timeout, which applies to individual SMTP
3382 commands during the callout. The overall timeout applies when there is more
3383 than one host that can be tried. The timeout is checked before trying the
3384 next host. This prevents very long delays if there are a large number of
3385 hosts and all are timing out (e.g. when the network connections are timing
3386 out). The value of the overall timeout can be changed by specifying an
3387 additional sub-option for "callout", called "maxwait". For example:
3388
3389 verify = sender/callout=5s,maxwait=20s
3390
339121. Add O_APPEND to the open() call for maildirsize files (Exim already seeks
3392 to the end before writing, but this should make it even safer).
3393
339422. Exim was forgetting that it had advertised PIPELINING for the second and
3395 subsequent messages on an SMTP connection. It was also not resetting its
3396 memory on STARTTLS and an internal HELO.
3397
339823. When Exim logs an SMTP synchronization error within a session, it now
3399 records whether PIPELINING has been advertised or not.
3400
340124. Added 3 instances of "(long int)" casts to time_t variables that were being
3402 formatted using %ld, because on OpenBSD (and perhaps others), time_t is int
3403 rather than long int.
3404
340525. Installed the latest Cygwin configuration files from the Cygwin maintainer.
3406
340726. Added the never_mail option to autoreply.
3408
3409
3410Exim version 4.41
3411-----------------
3412
3413 1. A reorganization of the code in order to implement 4.40/8 caused a daemon
3414 crash if the getsockname() call failed; this can happen if a connection is
3415 closed very soon after it is established. The problem was simply in the
3416 order in which certain operations were done, causing Exim to try to write
3417 to the SMTP stream before it had set up the file descriptor. The bug has
3418 been fixed by making things happen in the correct order.
3419
3420
3421Exim version 4.40
3422-----------------
3423
3424 1. If "drop" was used in a DATA ACL, the SMTP output buffer was not flushed
3425 before the connection was closed, thus losing the rejection response.
3426
3427 2. Commented out the definition of SOCKLEN_T in os.h-SunOS5. It is needed for
3428 some early Solaris releases, but causes trouble in current releases where
3429 socklen_t is defined.
3430
3431 3. When std{in,out,err} are closed, re-open them to /dev/null so that they
3432 always exist.
3433
3434 4. Minor refactoring of os.c-Linux to avoid compiler warning when IPv6 is not
3435 configured.
3436
3437 5. Refactoring in expand.c to improve memory usage. Pre-allocate a block so
3438 that releasing the top of it at the end releases what was used for sub-
3439 expansions (unless the block got too big). However, discard this block if
3440 the first thing is a variable or header, so that we can use its block when
3441 it is dynamic (useful for very large $message_headers, for example).
3442
3443 6. Lookups now cache *every* query, not just the most recent. A new, separate
3444 store pool is used for this. It can be recovered when all lookup caches are
3445 flushed. Lookups now release memory at the end of their result strings.
3446 This has involved some general refactoring of the lookup sources.
3447
3448 7. Some code has been added to the store_xxx() functions to reduce the amount
3449 of flapping under certain conditions.
3450
3451 8. log_incoming_interface used to affect only the <= reception log lines. Now
3452 it causes the local interface and port to be added to several more SMTP log