Docs: fix definition of msg:fail:delivery event
[exim.git] / doc / doc-txt / ChangeLog
CommitLineData
495ae4b0 1Change log file for Exim from version 4.21
f988ce57 2------------------------------------------
446415f5
HSHR
3This document describes *changes* to previous versions, that might
4affect Exim's operation, with an unchanged configuration file. For new
5options, and new features, see the NewStuff file next to this ChangeLog.
495ae4b0 6
4c57a40e 7
acfc18c3
PP
8Exim version 4.90
9-----------------
10
11JH/01 Rework error string handling in TLS interface so that the caller in
12 more cases is responsible for logging. This permits library-sourced
13 string to be attached to addresses during delivery, and collapses
14 pairs of long lines into single ones.
15
856d1e16
PP
16PP/01 Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
17 during configuration. Wildcards are allowed and expanded.
18
b9df1829
JH
19JH/02 Rework error string handling in DKIM to pass more info back to callers.
20 This permits better logging.
21
875512a3
JH
22JH/03 Rework the transport continued-connection mechanism: when TLS is active,
23 do not close it down and have the child transport start it up again on
24 the passed-on TCP connection. Instead, proxy the child (and any
25 subsequent ones) for TLS via a unix-domain socket channel. Logging is
26 affected: the continued delivery log lines do not have any DNSSEC, TLS
5013d912 27 Certificate or OCSP information. TLS cipher information is still logged.
875512a3 28
fc3f96af
JH
29JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of
30 identical IP addresses on different listening ports. Will also affect
31 "exiwhat" output.
32
98913c8e
BK
33PP/02 Bug 2070: uClibc defines __GLIBC__ without providing glibc headers;
34 add noisy ifdef guards to special-case this sillyness.
35 Patch from Bernd Kuhls.
36
8d909960
JH
37JH/05 Tighten up the checking in isip4 (et al): dotted-quad components larger
38 than 255 are no longer allowed.
39
acfc18c3 40
fd047340 41Exim version 4.89
acfc18c3 42-----------------
4c57a40e 43
9427e879 44JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules
4c04137d 45 than -2003 did; needs libidn2 in addition to libidn.
fd047340 46
7b283890
JH
47JH/02 The path option on a pipe transport is now expanded before use.
48
4c57a40e
PP
49PP/01 GitHub PR 50: Do not call ldap_start_tls_s on ldapi:// connections.
50 Patch provided by "Björn", documentation fix added too.
51
5d036699
JH
52JH/03 Bug 2003: fix Proxy Protocol v2 handling: the address size field was
53 missing a wire-to-host endian conversion.
54
f4630439
JH
55JH/04 Bug 2004: fix CHUNKING in non-PIPELINEING mode. Chunk data following
56 close after a BDAT command line could be taken as a following command,
57 giving a synch failure. Fix by only checking for synch immediately
58 before acknowledging the chunk.
59
f988ce57
JS
60PP/02 GitHub PR 52: many spelling fixes, which include fixing parsing of
61 no_require_dnssec option and creation of _HAVE_TRANSPORT_APPEND_MAILDIR
62 macro. Patches provided by Josh Soref.
63
bd8fbe36
JH
64JH/05 Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
65 Previously we did not; the RFC seems ambiguous and VRFY is not listed
66 by IANA as a service extension. However, John Klensin suggests that we
67 should.
68
69JH/06 Bug 2017: Fix DKIM verification in -bh test mode. The data feed into
b895f4b2
JH
70 the dkim code may be unix-mode line endings rather than smtp wire-format
71 CRLF, so prepend a CR to any bare LF.
fd047340 72
bd8fbe36 73JH/07 Rationalise the coding for callout smtp conversations and transport ones.
902fbd69
JH
74 As a side-benfit, callouts can now use PIPELINING hence fewer round-trips.
75
bd8fbe36
JH
76JH/08 Bug 2016: Fix DKIM verification vs. CHUNKING. Any BDAT commands after
77 the first were themselves being wrongly included in the feed into dkim
78 processing; with most chunk sizes in use this resulted in an incorrect
79 body hash calculated value.
80
eea19017
JH
81JH/09 Bug 2014: permit inclusion of a DKIM-Signature header in a received
82 DKIM signature block, for verification. Although advised against by
83 standards it is specifically not ruled illegal.
84
44e6651b
JH
85JH/10 Bug 2025: Fix reception of (quoted) local-parts with embedded spaces.
86
87JH/11 Bug 2029: Fix crash in DKIM verification when a message signature block is
88 missing a body hash (the bh= tag).
89
90JH/12 Bug 2018: Re-order Proxy Protocol startup versus TLS-on-connect startup.
91 It seems that HAProxy sends the Proxy Protocol information in clear and
92 only then does a TLS startup, so do the same.
93
94JH/13 Bug 2027: Avoid attempting to use TCP Fast Open for non-transport client
95 TCP connections (such as for Spamd) unless the daemon successfully set
96 Fast Open mode on its listening sockets. This fixes breakage seen on
97 too-old kernels or those not configured for Fast Open, at the cost of
98 requiring both directions being enabled for TFO, and TFO never being used
99 by non-daemon-related Exim processes.
100
101JH/14 Bug 2000: Reject messages recieved with CHUNKING but with malformed line
102 endings, at least on the first header line. Try to canonify any that get
103 past that check, despite the cost.
104
b6040544
JH
105JH/15 Angle-bracket nesting (an error inserted by broken sendmails) levels are
106 now limited to an arbitrary five deep, while parsing addresses with the
107 strip_excess_angle_brackets option enabled.
108
f700ea4d
PP
109PP/03 Bug 2018: For Proxy Protocol and TLS-on-connect, do not over-read and
110 instead leave the unprompted TLS handshake in socket buffer for the
111 TLS library to consume.
112
da88acae
PP
113PP/04 Bug 2018: Also handle Proxy Protocol v2 safely.
114
f6ef9370
PP
115PP/05 FreeBSD compat: handle that Ports no longer create /usr/bin/perl
116
90341c71
JH
117JH/16 Drop variables when they go out of scope. Memory management drops a whole
118 region in one operation, for speed, and this leaves assigned pointers
119 dangling. Add checks run only under the testsuite which checks all
120 variables at a store-reset and panics on a dangling pointer; add code
121 explicitly nulling out all the variables discovered. Fixes one known
122 bug: a transport crash, where a dangling pointer for $sending_ip_address
123 originally assigned in a verify callout, is re-used.
124
1ec2ab36
PP
125PP/06 Drop '.' from @INC in various Perl scripts.
126
127PP/07 Switch FreeBSD iconv to always use the base-system libc functions.
128
129PP/08 Reduce a number of compilation warnings under clang; building with
130 CC=clang CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses
131 should be warning-free.
132
8b2b9480
PP
133JH/17 Fix inbound CHUNKING when DKIM disabled at runtime.
134
135HS/01 Fix portability problems introduced by PP/08 for platforms where
136 realloc(NULL) is not equivalent to malloc() [SunOS et al].
137
d953610f
HSHR
138HS/02 Bug 1974: Fix missing line terminator on the last received BDAT
139 chunk. This allows us to accept broken chunked messages. We need a more
140 general solution here.
141
7dc5f827
PP
142PP/09 Wrote util/chunking_fixqueue_finalnewlines.pl to help recover
143 already-broken messages in the queue.
144
4bb432cb
PP
145JH/18 Bug 2061: Fix ${extract } corrupting an enclosing ${reduce } $value.
146
3b1a84c8
PP
147JH/19 Fix reference counting bug in routing-generated-address tracking.
148
902fbd69 149
8d042305
JH
150Exim version 4.88
151-----------------
4c57a40e 152
9094b84b
JH
153JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
154 supports it and a size is available (ie. the sending peer gave us one).
8d042305 155
03d5892b
JH
156JH/02 The obsolete acl condition "demime" is removed (finally, after ten
157 years of being deprecated). The replacements are the ACLs
158 acl_smtp_mime and acl_not_smtp_mime.
159
4b0fe319
JH
160JH/03 Upgrade security requirements imposed for hosts_try_dane: previously
161 a downgraded non-dane trust-anchor for the TLS connection (CA-style)
162 or even an in-clear connection were permitted. Now, if the host lookup
163 was dnssec and dane was requested then the host is only used if the
164 TLSA lookup succeeds and is dnssec. Further hosts (eg. lower priority
165 MXs) will be tried (for hosts_try_dane though not for hosts_require_dane)
166 if one fails this test.
167 This means that a poorly-configured remote DNS will make it incommunicado;
168 but it protects against a DNS-interception attack on it.
169
789f8a4f
JH
170JH/04 Bug 1810: make continued-use of an open smtp transport connection
171 non-noisy when a race steals the message being considered.
172
23bb6982 173JH/05 If main configuration option tls_certificate is unset, generate a
f59aaaaa 174 self-signed certificate for inbound TLS connections.
23bb6982 175
0bd1b1ed 176JH/06 Bug 165: hide more cases of password exposure - this time in expansions
f42deca9 177 in rewrites and routers.
0bd1b1ed 178
20b9a2dc
JH
179JH/07 Retire gnutls_require_mac et.al. These were nonfunctional since 4.80
180 and logged a warning sing 4.83; now they are a configuration file error.
181
05392bbc
JH
182JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name
183 (lacking @domain). Apply the same qualification processing as RCPT.
184
1a6230a3
JH
185JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode.
186
cfab9d68
JH
187JH/10 Support ${sha256:} applied to a string (as well as the previous
188 certificate).
189
98c82a3d
JH
190JH/11 Cutthrough: avoid using the callout hints db on a verify callout when
191 a cutthrough deliver is pending, as we always want to make a connection.
192 This also avoids re-routing the message when later placing the cutthrough
193 connection after a verify cache hit.
194 Do not update it with the verify result either.
195
196JH/12 Cutthrough: disable when verify option success_on_redirect is used, and
197 when routing results in more than one destination address.
198
ae8386f0
JH
199JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim
200 signing (which inhibits the cutthrough capability). Previously only
201 the presence of an option was tested; now an expansion evaluating as
202 empty is permissible (obviously it should depend only on data available
203 when the cutthrough connection is made).
204
0d9fa8c0
JH
205JH/14 Fix logging of errors under PIPELINING. Previously the log line giving
206 the relevant preceding SMTP command did not note the pipelining mode.
207
3581f321
JH
208JH/15 Fix counting of empty lines in $body_linecount and $message_linecount.
209 Previously they were not counted.
210
ef3a1a30
JH
211JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same
212 as one having no matching records. Previously we deferred the message
213 that needed the lookup.
214
4c04137d 215JH/17 Fakereject: previously logged as a normal message arrival "<="; now
27b9e5f4
JH
216 distinguished as "(=".
217
1435d4b2
JH
218JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work
219 for missing MX records. Previously it only worked for missing A records.
220
eea0defe
JB
221JH/19 Bug 1850: support Radius libraries that return REJECT_RC.
222
223JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops
224 after the data-go-ahead and data-ack. Patch from Jason Betts.
860cdda2 225
4c04137d 226JH/21 Bug 1846: Send DMARC forensic reports for reject and quarantine results,
72a201e2
TM
227 even for a "none" policy. Patch from Tony Meyer.
228
1c788856
JH
229JH/22 Fix continued use of a connection for further deliveries. If a port was
230 specified by a router, it must also match for the delivery to be
231 compatible.
232
e3b1f624
JH
233JH/23 Bug 1874: fix continued use of a connection for further deliveries.
234 When one of the recipients of a message was unsuitable for the connection
235 (has no matching addresses), we lost track of needing to mark it
236 deferred. As a result mail would be lost.
237
a57ce043
JH
238JH/24 Bug 1832: Log EHLO response on getting conn-close response for HELO.
239
f59aaaaa 240JH/25 Decoding ACL controls is now done using a binary search; the source code
2d009132
JH
241 takes up less space and should be simpler to maintain. Merge the ACL
242 condition decode tables also, with similar effect.
d7bed771 243
d1f9fb42
JH
244JH/26 Fix problem with one_time used on a redirect router which returned the
245 parent address unchanged. A retry would see the parent address marked as
246 delivered, so not attempt the (identical) child. As a result mail would
247 be lost.
248
92b0827a
JH
249JH/27 Fix a possible security hole, wherein a process operating with the Exim
250 UID can gain a root shell. Credit to http://www.halfdog.net/ for
251 discovery and writeup. Ubuntu bug 1580454; no bug raised against Exim
252 itself :(
253
ddf1b11a
JH
254JH/28 Enable {spool,log} filesystem space and inode checks as default.
255 Main config options check_{log,spool}_{inodes,space} are now
256 100 inodes, 10MB unless set otherwise in the configuration.
257
3cc3f762
JH
258JH/29 Fix the connection_reject log selector to apply to the connect ACL.
259 Previously it only applied to the main-section connection policy
260 options.
261
ae5afa61
JH
262JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext.
263
317e40ac
PP
264PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
265 by me. Added RFC7919 DH primes as an alternative.
266
8b0fb68e
PP
267PP/02 Unbreak build via pkg-config with new hash support when crypto headers
268 are not in the system include path.
269
ad7fc6eb 270JH/31 Fix longstanding bug with aborted TLS server connection handling. Under
f59aaaaa 271 GnuTLS, when a session startup failed (eg because the client disconnected)
ad7fc6eb
JH
272 Exim did stdio operations after fclose. This was exposed by a recent
273 change which nulled out the file handle after the fclose.
ad7fc6eb 274
ee5b1e28
JH
275JH/32 Bug 1909: Fix OCSP proof verification for cases where the proof is
276 signed directly by the cert-signing cert, rather than an intermediate
277 OCSP-signing cert. This is the model used by LetsEncrypt.
278
5ddc9771
JH
279JH/33 Bug 1914: Ensure socket is nonblocking before draining after SMTP QUIT.
280
8d73599f
JH
281HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on
282 an incoming connection.
283
446415f5
HSHR
284HS/02 Bug 1802: Do not half-close the connection after sending a request
285 to rspamd.
286
8e53a4fc
HSHR
287HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2
288 fallback to "prime256v1".
8d042305 289
87cb4a16 290JH/34 SECURITY: Use proper copy of DATA command in error message.
4c57a40e 291 Could leak key material. Remotely exploitable. CVE-2016-9963.
87cb4a16
JH
292
293
0d9b78be
JH
294Exim version 4.87
295-----------------
4c57a40e 296
82d14d6a
JH
297JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16
298 and 3.4.4 - once the server is enabled to respond to an OCSP request
299 it does even when not requested, resulting in a stapling non-aware
300 client dropping the TLS connection.
0d9b78be 301
6c6d6e48
TF
302TF/01 Code cleanup: Overhaul the debug_selector and log_selector machinery to
303 support variable-length bit vectors. No functional change.
304
ac881e27
TF
305TF/02 Improve the consistency of logging incoming and outgoing interfaces.
306 The I= interface field on outgoing lines is now after the H= remote
307 host field, same as incoming lines. There is a separate
308 outgoing_interface log selector which allows you to disable the
309 outgoing I= field.
310
c8899c20
JH
311JH/02 Bug 728: Close logfiles after a daemon-process "exceptional" log write.
312 If not running log_selector +smtp_connection the mainlog would be held
313 open indefinitely after a "too many connections" event, including to a
314 deleted file after a log rotate. Leave the per net connection logging
315 leaving it open for efficiency as that will be quickly detected by the
316 check on the next write.
317
f1b81d81
HSHR
318HS/01 Bug 1671: Fix post transport crash.
319 Processing the wait-<transport> messages could crash the delivery
320 process if the message IDs didn't exist for some reason. When
321 using 'split_spool_directory=yes' the construction of the spool
322 file name failed already, exposing the same netto behaviour.
323
f38917cc
JH
324JH/03 Bug 425: Capture substrings in $regex1, $regex2 etc from regex &
325 mime_regex ACL conditions.
326
895fbaf2
JH
327JH/04 Bug 1686: When compiled with EXPERIMENTAL_DSN_INFO: Add extra information
328 to DSN fail messages (bounces): remote IP, remote greeting, remote response
329 to HELO, local diagnostic string.
330
805bb5c3
JH
331JH/05 Downgrade message for a TLS-certificate-based authentication fail from
332 log line to debug. Even when configured with a tls authenticator many
333 client connections are expected to not authenticate in this way, so
334 an authenticate fail is not an error.
335
56c2a7be
HSHR
336HS/02 Add the Exim version string to the process info. This way exiwhat
337 gives some more detail about the running daemon.
338
4c04137d 339JH/06 Bug 1395: time-limit caching of DNS lookups, to the TTL value. This may
14b3c5bc
JH
340 matter for fast-change records such as DNSBLs.
341
6f6dedcc
JH
342JH/07 Bug 1678: Always record an interface option value, if set, as part of a
343 retry record, even if constant. There may be multiple transports with
344 different interface settings and the retry behaviour needs to be kept
345 distinct.
346
0f557e90
JH
347JH/08 Bug 1586: exiqgrep now refuses to run if there are unexpected arguments.
348
349JH/09 Bug 1700: ignore space & tab embedded in base64 during decode.
350
ec0eb1a3
JH
351JH/10 Bug 840: fix log_defer_output option of pipe transport
352
41e93589
JH
353JH/11 Bug 830: use same host for all RCPTS of a message, even under
354 hosts_randomize. This matters a lot when combined with mua_wrapper.
355
98b98887 356JH/12 Bug 1706: percent and underbar characters are no longer escaped by the
376d2ec0
JH
357 ${quote_pgsql:<string>} operator.
358
98b98887
JH
359JH/13 Bug 1708: avoid misaligned access in cached lookup.
360
858e91c2
JH
361JH/14 Change header file name for freeradius-client. Relevant if compiling
362 with Radius support; from the Gentoo tree and checked under Fedora.
363
364JH/15 Bug 1712: Introduce $prdr_requested flag variable
365
6ff55e50
JH
366JH/16 Bug 1714: Permit an empty string as expansion result for transport
367 option transport_filter, meaning no filtering.
368
3b957582
JB
369JH/17 Bug 1713: Fix non-PDKIM_DEBUG build. Patch from Jasen Betts.
370
23f3dc67
JH
371JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now
372 defaults to "*" (all hosts). The variable is now available when not built
4c04137d 373 with TLS, default unset, mainly to enable keeping the testsuite sane.
23f3dc67
JH
374 If a server certificate is not supplied (via tls_certificate) an error is
375 logged, and clients will find TLS connections fail on startup. Presumably
376 they will retry in-clear.
377 Packagers of Exim are strongly encouraged to create a server certificate
378 at installation time.
379
240c288f
JH
380HS/03 Add -bP config_file as a synonym for -bP configure_file, for consistency
381 with the $config_file variable.
382
5ef5dd52
JB
383JH/19 Two additional event types: msg:rcpt:defer and msg:rcpt:host:defer. Both
384 in transport context, after the attempt, and per-recipient. The latter type
385 is per host attempted. The event data is the error message, and the errno
386 information encodes the lookup type (A vs. MX) used for the (first) host,
4c04137d 387 and the trailing two digits of the smtp 4xx response.
5ef5dd52 388
e161710d
GF
389GF/01 Bug 1715: Fix for race condition in exicyclog, where exim could attempt
390 to write to mainlog (or rejectlog, paniclog) in the window between file
391 creation and permissions/ownership being changed. Particularly affects
392 installations where exicyclog is run as root, rather than exim user;
393 result is that the running daemon panics and dies.
394
a159f203
JH
395JH/20 Bug 1701: For MySQL lookups, support MySQL config file option group names.
396
7f06582c
JH
397JH/21 Bug 1720: Add support for priority groups and weighted-random proxy
398 selection for the EXPERIMENTAL_SOCKS feature, via new per-proxy options
399 "pri" and "weight". Note that the previous implicit priority given by the
400 list order is no longer honoured.
401
4c04137d 402JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalization
abe1010c
JH
403 for DKIM processing.
404
f0989ec0
JH
405JH/23 Move SOCKS5 support from Experimental to mainline, enabled for a build
406 by defining SUPPORT_SOCKS.
74f150bf 407
cee5f132
JH
408JH/26 Move PROXY support from Experimental to mainline, enabled for a build
409 by defining SUPPORT_PROXY. Note that the proxy_required_hosts option
e6d2a989
JH
410 is renamed to hosts_proxy, and the proxy_{host,target}_{address,port}.
411 variables are renamed to proxy_{local,external}_{address,port}.
cee5f132 412
8c5d388a
JH
413JH/27 Move Internationalisation support from Experimental to mainline, enabled
414 for a build by defining SUPPORT_I18N
415
2d8d625b
JH
416JH/28 Bug 1745: Fix redis lookups to handle (quoted) spaces embedded in parts
417 of the query string, and make ${quote_redis:} do that quoting.
418
0cbf2b82
JH
419JH/29 Move Events support from Experimental to mainline, enabled by default
420 and removable for a build by defining DISABLE_EVENT.
421
f2f2c91b
JH
422JH/30 Updated DANE implementation code to current from Viktor Dukhovni.
423
ce325893
JH
424JH/31 Fix bug with hosts_connection_nolog and named-lists which were wrongly
425 cached by the daemon.
426
de78e2d5
JH
427JH/32 Move Redis support from Experimental to mainline, enabled for a build
428 by defining LOOKUP_REDIS. The libhiredis library is required.
429
379ba7d0
JH
430JH/33 Bug 1748: Permit ACL dnslists= condition in non-smtp ACLs if explicit
431 keys are given for lookup.
432
f444c2c7
JH
433JH/34 Bug 1192: replace the embedded copy of PolarSSL RSA routines in the DKIM
434 support, by using OpenSSL or GnuTLS library ones. This means DKIM is
07c73177
JH
435 only supported when built with TLS support. The PolarSSL SHA routines
436 are still used when the TLS library is too old for convenient support.
f444c2c7 437
a57b6200
JH
438JH/35 Require SINGLE_DH_USE by default in OpenSSL (main config option
439 openssl_options), for security. OpenSSL forces this from version 1.1.0
440 server-side so match that on older versions.
441
07c73177 442JH/36 Bug 1778: longstanding bug in memory use by the ${run } expansion: A fresh
fa01e4f8 443 allocation for $value could be released as the expansion processing
07c73177 444 concluded, but leaving the global pointer active for it.
fa01e4f8 445
4f6ae5c3
JH
446JH/37 Bug 1769: Permit a VRFY ACL to override the default 252 response,
447 and to use the domains and local_parts ACL conditions.
448
1bc460a6
JH
449JH/38 Fix cutthrough bug with body lines having a single dot. The dot was
450 incorrectly not doubled on cutthrough transmission, hence seen as a
451 body-termination at the receiving system - resulting in truncated mails.
62ac2eb7 452 Commonly the sender saw a TCP-level error, and retransmitted the message
1bc460a6
JH
453 via the normal store-and-forward channel. This could result in duplicates
454 received - but deduplicating mailstores were liable to retain only the
455 initial truncated version.
456
ab9152ff 457JH/39 Bug 1781: Fix use of DKIM private-keys having trailing '=' in the base-64.
df3def24 458
67e87fcf
JH
459JH/40 Fix crash in queryprogram router when compiled with EXPERIMENTAL_SRS.
460
ab9152ff
JH
461JH/41 Bug 1792: Fix selection of headers to sign for DKIM: bottom-up. While
462 we're in there, support oversigning also; bug 1309.
463
af483912
JH
464JH/42 Bug 1796: Fix error logged on a malware scanner connection failure.
465
bc3c7bb7 466HS/04 Add support for keep_environment and add_environment options.
df3def24 467
13559da6
JH
468JH/43 Tidy coding issues detected by gcc --fsanitize=undefined. Some remain;
469 either intentional arithmetic overflow during PRNG, or testing config-
470 induced overflows.
471
59eaad2b
JH
472JH/44 Bug 1800: The combination of a -bhc commandline option and cutthrough
473 delivery resulted in actual delivery. Cancel cutthrough before DATA
474 stage.
475
f9334a28
JH
476JH/45 Fix cutthrough, when connection not opened by verify and target hard-
477 rejects a recipient: pass the reject to the originator.
478
dc8091e7
JH
479JH/46 Multiple issues raised by Coverity. Some were obvious or plausible bugs.
480 Many were false-positives and ignorable, but it's worth fixing the
481 former class.
482
dfe7d917
JH
483JH/47 Fix build on HP-UX and older Solaris, which need (un)setenv now also
484 for the new environment-manipulation done at startup. Move the routines
485 from being local to tls.c to being global via the os.c file.
486
93cc2d6e
JH
487JH/48 Bug 1807: Fix ${extract } for the numeric/3-string case. While preparsing
488 an extract embedded as result-arg for a map, the first arg for extract
489 is unavailable so we cannot tell if this is a numbered or keyed
490 extraction. Accept either.
491
13559da6 492
9c695f6d
JH
493Exim version 4.86
494-----------------
4c57a40e 495
9c695f6d
JH
496JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
497 expanded.
498
506900af
JH
499JH/02 The smtp transport option "multi_domain" is now expanded.
500
ad07e9ad
JH
501JH/03 The smtp transport now requests PRDR by default, if the server offers
502 it.
503
01a4a5c5 504JH/04 Certificate name checking on server certificates, when exim is a client,
b3ef41c9 505 is now done by default. The transport option tls_verify_cert_hostnames
01a4a5c5
JH
506 can be used to disable this per-host. The build option
507 EXPERIMENTAL_CERTNAMES is withdrawn.
508
cb1d7830 509JH/05 The value of the tls_verify_certificates smtp transport and main options
0e0f3f56 510 default to the word "system" to access the system default CA bundle.
cb1d7830
JH
511 For GnuTLS, only version 3.0.20 or later.
512
610ff438 513JH/06 Verification of the server certificate for a TLS connection is now tried
6d580f19
JH
514 (but not required) by default. The verification status is now logged by
515 default, for both outbound TLS and client-certificate supplying inbound
516 TLS connections
610ff438 517
f926e272
JH
518JH/07 Changed the default rfc1413 lookup settings to disable calls. Few
519 sites use this now.
520
50dc7409
JH
521JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery
522 Status Notification (bounce) messages are now MIME format per RFC 3464.
523 Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised
524 under the control of the dsn_advertise_hosts option, and routers may
525 have a dsn_lasthop option.
526
0f0c8159
JH
527JH/09 A timeout of 2 minutes is now applied to all malware scanner types by
528 default, modifiable by a malware= option. The list separator for
23763898 529 the options can now be changed in the usual way. Bug 68.
4e71661f 530
1ad6489e
JH
531JH/10 The smtp_receive_timeout main option is now expanded before use.
532
aeaf5db3
JH
533JH/11 The incoming_interface log option now also enables logging of the
534 local interface on delivery outgoing connections.
535
5032d1cf
JH
536JH/12 The cutthrough-routing facility now supports multi-recipient mails,
537 if the interface and destination host and port all match.
538
7e8360e6
JH
539JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
540 /defer_ok option.
541
c5f280e2
AL
542JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd.
543 Patch from Andrew Lewis.
544
fd4d8871 545JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition)
dc7b3d36 546 now supports optional time-restrictions, weighting, and priority
fd4d8871
R
547 modifiers per server. Patch originally by <rommer@active.by>.
548
549JH/16 The spamd_address main option now supports a mixed list of local
2aad5761
JH
550 and remote servers. Remote servers can be IPv6 addresses, and
551 specify a port-range.
fd4d8871 552
23763898
JH
553JH/17 Bug 68: The spamd_address main option now supports an optional
554 timeout value per server.
555
2ad78978
JH
556JH/18 Bug 1581: Router and transport options headers_add/remove can
557 now have the list separator specified.
558
8a512ed5 559JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry
cfab9d68 560 option values.
8a512ed5 561
82c0c8ea 562JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails
f69979cf
JH
563 under OpenSSL.
564
cc00f4af
JH
565JH/21 Support for the A6 type of dns record is withdrawn.
566
82c0c8ea
JH
567JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
568 rather than the verbs used.
569
b980ed83
JH
570JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
571 from 255 to 1024 chars.
572
6c9ed72e
JH
573JH/24 Verification callouts now attempt to use TLS by default.
574
cfab9d68 575HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains)
99c1bb4e 576 are generic router options now. The defaults didn't change.
50dc7409 577
f846c8f5
JH
578JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames.
579 Original patch from Alexander Shikoff, worked over by JH.
580
fd4c285c
HSHR
581HS/02 Bug 1575: exigrep falls back to autodetection of compressed
582 files if ZCAT_COMMAND is not executable.
583
4c04137d 584JH/26 Bug 1539: Add timeout/retry options on dnsdb lookups.
fd7f7910 585
d2a2c69b
JH
586JH/27 Bug 286: Support SOA lookup in dnsdb lookups.
587
8241d8dd
JH
588JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
589 Normally benign, it bites when the pair was led to by a CNAME;
4c04137d 590 modern usage is to not canonicalize the domain to a CNAME target
8241d8dd
JH
591 (and we were inconsistent anyway for A-only vs AAAA+A).
592
1f12df4d
JH
593JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
594
1f155f8e
JH
595JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
596 when evaluating $sender_host_dnssec.
597
1705dd20
JH
598JH/31 Check the HELO verification lookup for DNSSEC, adding new
599 $sender_helo_dnssec variable.
600
038597d2
PP
601JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve.
602
474f71bf
JH
603JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log.
604
7137ca4b
JH
605JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.
606
dcb1095c
JH
607JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was
608 documented as working, but never had. Support all but $spam_report.
609
2f460950
JH
610JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
611 added for tls authenticator.
612
2f680c0c
HSHR
613HS/03 Add perl_taintmode main config option
614
9c695f6d 615
e449c3b0
TL
616Exim version 4.85
617-----------------
4c57a40e 618
e449c3b0
TL
619TL/01 When running the test suite, the README says that variables such as
620 no_msglog_check are global and can be placed anywhere in a specific
621 test's script, however it was observed that placement needed to be near
622 the beginning for it to behave that way. Changed the runtest perl
623 script to read through the entire script once to detect and set these
624 variables, reset to the beginning of the script, and then run through
625 the script parsing/test process like normal.
626
ac20058f
TL
627TL/02 The BSD's have an arc4random API. One of the functions to induce
628 adding randomness was arc4random_stir(), but it has been removed in
629 OpenBSD 5.5. Detect this OpenBSD version and skip calling this
630 function when detected.
631
a9b8ec8b
JH
632JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now
633 cause callback expansion.
634
6286d7c4
TL
635TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that
636 syntax errors in an expansion can be treated as a string instead of
637 logging or causing an error, due to the internal use of bool_lax
638 instead of bool when processing it.
639
0f06b4f2 640JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
d567a64d
JH
641 server certificates when making smtp deliveries.
642
be36e572
JH
643JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups.
644
ac4ef9bd
JH
645JH/04 Add ${sort {list}{condition}{extractor}} expansion item.
646
0eb51736
TL
647TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep.
648
c713ca4b
TL
649TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
650 Merged patch from Sebastian Wiedenroth.
e449c3b0 651
bd21a787
WB
652JH/05 Fix results-pipe from transport process. Several recipients, combined
653 with certificate use, exposed issues where response data items split
654 over buffer boundaries were not parsed properly. This eventually
655 resulted in duplicates being sent. This issue only became common enough
4c04137d 656 to notice due to the introduction of connection certificate information,
bd21a787
WB
657 the item size being so much larger. Found and fixed by Wolfgang Breyha.
658
8bc732e8
JH
659JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed
660 size buffer was used, resulting in syntax errors when an expansion
661 exceeded it.
662
a7fec7a7
JH
663JH/07 Add support for directories of certificates when compiled with a GnuTLS
664 version 3.3.6 or later.
665
4c04137d 666JH/08 Rename the TPDA experimental facility to Event Actions. The #ifdef
774ef2d7
JH
667 is EXPERIMENTAL_EVENT, the main-configuration and transport options
668 both become "event_action", the variables become $event_name, $event_data
aec45841 669 and $event_defer_errno. There is a new variable $verify_mode, usable in
723fe533
JH
670 routers, transports and related events. The tls:cert event is now also
671 raised for inbound connections, if the main configuration event_action
672 option is defined.
774ef2d7 673
eca4debb
TL
674TL/06 In test suite, disable OCSP for old versions of openssl which contained
675 early OCSP support, but no stapling (appears to be less than 1.0.0).
676
8d692470
JH
677JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
678 server certificate names available under the smtp transport option
679 "tls_verify_cert_hostname" now do not permit multi-component wildcard
680 matches.
681
e9477a08
JH
682JH/10 Time-related extraction expansions from certificates now use the main
683 option "timezone" setting for output formatting, and are consistent
684 between OpenSSL and GnuTLS compilations. Bug 1541.
685
ad4c5ff9
JH
686JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047-
687 encoded parameter in the incoming message. Bug 1558.
8dea5edf
JH
688
689JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now
690 include certificate info, eximon was claiming there were spoolfile
691 syntax errors.
692
3394b36a 693JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return.
8dea5edf
JH
694
695JH/14 Log delivery-related information more consistently, using the sequence
696 "H=<name> [<ip>]" wherever possible.
697
3394b36a
TL
698TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which
699 are problematic for Debian distribution, omit them from the release
700 tarball.
701
ad4c5ff9
JH
702JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature.
703
4c04137d 704JH/16 Fix string representation of time values on 64bit time_t architectures.
ad4c5ff9
JH
705 Bug 1561.
706
707JH/17 Fix a null-indirection in certextract expansions when a nondefault
708 output list separator was used.
709
8bc732e8 710
1f0ebb98
TL
711Exim version 4.84
712-----------------
09728d20
TL
713TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static
714 checkers that were complaining about end of non-void function with no
715 return.
1f0ebb98 716
a612424f 717JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers.
4c04137d 718 This was a regression introduced in 4.83 by another bugfix.
a612424f
JH
719
720JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled.
721
722TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when
a9b8ec8b 723 EXPERIMENTAL_DSN is enabled. Fix from Wolfgang Breyha.
a612424f 724
1f0ebb98 725
c0e56233
TF
726Exim version 4.83
727-----------------
728
729TF/01 Correctly close the server side of TLS when forking for delivery.
730
731 When a message was received over SMTP with TLS, Exim failed to clear up
732 the incoming connection properly after forking off the child process to
733 deliver the message. In some situations the subsequent outgoing
734 delivery connection happened to have the same fd number as the incoming
735 connection previously had. Exim would try to use TLS and fail, logging
736 a "Bad file descriptor" error.
737
7245734e
TF
738TF/02 Portability fix for building lookup modules on Solaris when the xpg4
739 utilities have not been installed.
740
fd5dad68
JH
741JH/01 Fix memory-handling in use of acl as a conditional; avoid free of
742 temporary space as the ACL may create new global variables.
743
5428a946
TL
744TL/01 LDAP support uses per connection or global context settings, depending
745 upon the detected version of the libraries at build time.
746
a3c86431
TL
747TL/02 Experimental Proxy Protocol support: allows a proxied SMTP connection
748 to extract and use the src ip:port in logging and expansions as if it
8ded8589
TL
749 were a direct connection from the outside internet. PPv2 support was
750 updated based on HAProxy spec change in May 2014.
a3c86431 751
aa26e137
JH
752JH/02 Add ${listextract {number}{list}{success}{fail}}.
753
5a1b8443
WB
754TL/03 Bugzilla 1433: Fix DMARC SEGV with specific From header contents.
755 Properly escape header and check for NULL return.
756
72c9e342
PP
757PP/01 Continue incomplete 4.82 PP/19 by fixing docs too: use dns_dnssec_ok
758 not dns_use_dnssec.
759
76f44207
WB
760JH/03 Bugzilla 1157: support log_selector smtp_confirmation for lmtp.
761
770747fd
MFM
762TL/04 Add verify = header_names_ascii check to reject email with non-ASCII
763 characters in header names, implemented as a verify condition.
764 Contributed by Michael Fischer v. Mollard.
765
8ddef691 766TL/05 Rename SPF condition results err_perm and err_temp to standardized
982650ec
TL
767 results permerror and temperror. Previous values are deprecated but
768 still accepted. In a future release, err_perm and err_temp will be
769 completely removed, which will be a backward incompatibility if the
770 ACL tests for either of these two old results. Patch contributed by
8ddef691 771 user bes-internal on the mailing list.
c0e56233 772
b9c2e32f
AR
773JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
774
e45a1c37
JH
775JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
776 selectors, in both main and reject logs.
777
67d81c10
JH
778JH/06 Log outbound-TLS and port details, subject to log selectors, for a
779 failed delivery.
780
b1f8e4f8
JH
781JH/07 Add malware type "sock" for talking to simple daemon.
782
511a6c14 783JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport.
511a6c14
JH
784
785JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in
786 routers/transports under cutthrough routing.
214042d2 787
51c7471d
JH
788JH/10 Bugzilla 1005: ACL "condition =" should accept values which are negative
789 numbers. Touch up "bool" conditional to keep the same definition.
790
3695be34
TL
791TL/06 Remove duplicated language in spec file from 4.82 TL/16.
792
1e06383a
TL
793JH/11 Add dnsdb tlsa lookup. From Todd Lyons.
794
76146973
JH
795JH/12 Expand items in router/transport headers_add or headers_remove lists
796 individually rather than the list as a whole. Bug 1452.
797
798 Required for reasonable handling of multiple headers_ options when
799 they may be empty; requires that headers_remove items with embedded
800 colons must have them doubled (or the list-separator changed).
801
8c8b8274
TL
802TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly
803 view the policy declared in the DMARC record. Currently, $dmarc_status
804 is a combined value of both the record presence and the result of the
805 analysis.
b1f8e4f8 806
35aba663
JH
807JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455.
808
8c51eead 809JH/14 New options dnssec_request_domains, dnssec_require_domains on the
578897ea
JH
810 dnslookup router and the smtp transport (applying to the forward
811 lookup).
8c51eead 812
deae092e
HS
813TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list
814 of ldap servers used for a specific lookup. Patch provided by Heiko
815 Schlichting.
35aba663 816
fd3b6a4a 817JH/18 New options dnssec_lax, dnssec_strict on dnsdb lookups.
4e0983dc 818 New variable $lookup_dnssec_authenticated for observability.
fd3b6a4a 819
8d91c6dc
LT
820TL/09 Bugzilla 609: Add -C option to exiqgrep, specify which exim.conf to use.
821 Patch submitted by Lars Timman.
822
2b4a568d
JH
823JH/19 EXPERIMENTAL_OCSP support under GnuTLS. Bug 1459.
824
d2af03f4
HS
825TL/10 Bugzilla 1454: New -oMm option to pass message reference to Exim.
826 Requires trusted mode and valid format message id, aborts otherwise.
827 Patch contributed by Heiko Schlichting.
828
9d1c15ef
JH
829JH/20 New expansion variables tls_(in,out)_(our,peer)cert, and expansion item
830 certextract with support for various fields. Bug 1358.
831
44662487
JH
832JH/21 Observability of OCSP via variables tls_(in,out)_ocsp. Stapling
833 is requested by default, modifiable by smtp transport option
6a8a60e0
JH
834 hosts_request_ocsp.
835
ed3bba5f 836JH/22 Expansion operators ${md5:string} and ${sha1:string} can now
6a8a60e0 837 operate on certificate variables to give certificate fingerprints
9ef9101c 838 Also new ${sha256:cert_variable}.
44662487 839
8ccd00b1
JH
840JH/23 The PRDR feature is moved from being Experimental into the mainline.
841
8ded8589
TL
842TL/11 Bug 1119: fix memory allocation in string_printing2(). Patch from
843 Christian Aistleitner.
844
f2de3a33
JH
845JH/24 The OCSP stapling feature is moved from Experimental into the mainline.
846
6eb02f88
TL
847TL/12 Bug 1444: Fix improper \r\n sequence handling when writing spool
848 file. Patch from Wolfgang Breyha.
849
00bff6f6
JH
850JH/25 Expand the coverage of the delivery $host and $host_address to
851 client authenticators run in verify callout. Bug 1476.
852
071c51f7
JH
853JH/26 Port service names are now accepted for tls_on_connect_ports, to
854 align with daemon_smtp_ports. Bug 72.
855
a6d4c44e
TF
856TF/03 Fix udpsend. The ip_connectedsocket() function's socket type
857 support and error reporting did not work properly.
858
3ae173e7
ACK
859TL/13 Bug 1495: Exiqgrep check if -C config file specified on cli exists
860 and is readable. Patch from Andrew Colin Kissa.
861
c13d09b8
TL
862TL/14 Enhance documentation of ${run expansion and how it parses the
863 commandline after expansion, particularly in the case when an
864 unquoted variable expansion results in an empty value.
865
0df4ab80
JH
866JH/27 The TLS SNI feature was broken in 4.82. Fix it.
867
66be95e0
PP
868PP/02 Fix internal collision of T_APL on systems which support RFC3123
869 by renaming away from it. Addresses GH issue 15, reported by
870 Jasper Wallace.
871
1bd0d12b
JH
872JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
873
0de7239e
TL
874TL/15 SECURITY: prevent double expansion in math comparison functions
875 (can expand unsanitized data). Not remotely exploitable.
876 CVE-2014-2972
877
fd3b6a4a 878
2c422e6f 879Exim version 4.82
98a90c36
PP
880-----------------
881
882PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities.
883
12f69989
PP
884PP/02 Make -n do something, by making it not do something.
885 When combined with -bP, the name of an option is not output.
886
54c90be1
PP
887PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured
888 by GnuTLS.
889
1f4a55da
PP
890PP/04 First step towards DNSSEC, provide $sender_host_dnssec for
891 $sender_host_name and config options to manage this, and basic check
892 routines.
893
13363eba 894PP/05 DSCP support for outbound connections and control modifier for inbound.
36a3ae5f 895
66645890 896PP/06 Cyrus SASL: set local and remote IP;port properties for driver.
e402235f
PP
897 (Only plugin which currently uses this is kerberos4, which nobody should
898 be using, but we should make it available and other future plugins might
899 conceivably use it, even though it would break NAT; stuff *should* be
900 using channel bindings instead).
66645890 901
a3fb9793 902PP/07 Handle "exim -L <tag>" to indicate to use syslog with tag as the process
f4ee74ac
PP
903 name; added for Sendmail compatibility; requires admin caller.
904 Handle -G as equivalent to "control = suppress_local_fixups" (we used to
905 just ignore it); requires trusted caller.
a3fb9793 906 Also parse but ignore: -Ac -Am -X<logfile>
f4ee74ac 907 Bugzilla 1117.
a3fb9793 908
d27f98fe 909TL/01 Bugzilla 1258 - Refactor MAIL FROM optional args processing.
98a90c36 910
6822b909
TL
911TL/02 Add +smtp_confirmation as a default logging option.
912
e7568d51
TL
913TL/03 Bugzilla 198 - Implement remove_header ACL modifier.
914 Patch by Magnus Holmgren from 2007-02-20.
915
ae0e32ee 916TL/04 Bugzilla 1281 - Spec typo.
ca0ff207 917 Bugzilla 1283 - Spec typo.
97f42f10 918 Bugzilla 1290 - Spec grammar fixes.
ca0ff207
TL
919
920TL/05 Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
ae0e32ee 921
e2658fff
TL
922TL/06 Add Experimental DMARC support using libopendmarc libraries.
923
83712b39
TL
924TL/07 Fix an out of order global option causing a segfault. Reported to dev
925 mailing list by by Dmitry Isaikin.
926
976b7e9f
JH
927JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
928
be4a1376
JH
929JH/02 Support "G" suffix to numbers in ${if comparisons.
930
ec4b68e5
PP
931PP/08 Handle smtp transport tls_sni option forced-fail for OpenSSL.
932
d7148a07
NM
933NM/01 Bugzilla 1197 - Spec typo
934 Bugzilla 1196 - Spec examples corrections
ec4b68e5 935
585121e2 936JH/03 Add expansion operators ${listnamed:name} and ${listcount:string}
ec4b68e5 937
2519e60d
TL
938PP/09 Add gnutls_allow_auto_pkcs11 option (was originally called
939 gnutls_enable_pkcs11, but renamed to more accurately indicate its
940 function.
a5f239e4 941
13d08c90
PP
942PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
943 Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
944
bef3ea7f
JH
945JH/04 Add expansion item ${acl {name}{arg}...}, expansion condition
946 "acl {{name}{arg}...}", and optional args on acl condition
947 "acl = name arg..."
a5f239e4 948
846726c5
JH
949JH/05 Permit multiple router/transport headers_add/remove lines.
950
3a796370
JH
951JH/06 Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination.
952
ea722490 953JH/07 Avoid using a waiting database for a single-message-only transport.
8b260705
PP
954 Performance patch from Paul Fisher. Bugzilla 1262.
955
b1b05573
JH
956JH/08 Strip leading/trailing newlines from add_header ACL modifier data.
957 Bugzilla 884.
958
362145b5
JH
959JH/09 Add $headers_added variable, with content from use of ACL modifier
960 add_header (but not yet added to the message). Bugzilla 199.
961
3c0a92dc
JH
962JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line.
963 Pulled from Bugzilla 817 by Wolfgang Breyha.
964
6d7c6175
PP
965PP/11 SECURITY: protect DKIM DNS decoding from remote exploit.
966 CVE-2012-5671
e78e6ecf 967 (nb: this is the same fix as in Exim 4.80.1)
6d7c6175 968
6f123593
JH
969JH/11 Add A= logging on delivery lines, and a client_set_id option on
970 authenticators.
971
c8e2fc1e
JH
972JH/12 Add optional authenticated_sender logging to A= and a log_selector
973 for control.
974
005ac57f
PP
975PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29.
976
3f1df0e3
PP
977PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not
978 advertise SMTP AUTH mechanism to us, instead of a generic
979 protocol violation error. Also, make Exim more robust to bad
980 data from the Dovecot auth socket.
981
67bd1ab3
TF
982TF/01 Fix ultimate retry timeouts for intermittently deliverable recipients.
983
984 When a queue runner is handling a message, Exim first routes the
985 recipient addresses, during which it prunes them based on the retry
986 hints database. After that it attempts to deliver the message to
987 any remaining recipients. It then updates the hints database using
988 the retry rules.
989
990 So if a recipient address works intermittently, it can get repeatedly
991 deferred at routing time. The retry hints record remains fresh so the
992 address never reaches the final cutoff time.
993
994 This is a fairly common occurrence when a user is bumping up against
995 their storage quota. Exim had some logic in its local delivery code
996 to deal with this. However it did not apply to per-recipient defers
997 in remote deliveries, e.g. over LMTP to a separate IMAP message store.
998
1ddeb334
TF
999 This change adds a proper retry rule check during routing so that the
1000 final cutoff time is checked against the message's age. We only do
1001 this check if there is an address retry record and there is not a
1002 domain retry record; this implies that previous attempts to handle
1003 the address had the retry_use_local_parts option turned on. We use
1004 this as an approximation for the destination being like a local
1005 delivery, as in LMTP.
67bd1ab3
TF
1006
1007 I suspect this new check makes the old local delivery cutoff check
1008 redundant, but I have not verified this so I left the code in place.
1009
326cdc37
TF
1010TF/02 Correct gecos expansion when From: is a prefix of the username.
1011
1012 Test 0254 submits a message to Exim with the header
1013
1014 Resent-From: f
1015
1016 When I ran the test suite under the user fanf2, Exim expanded
1017 the header to contain my full name, whereas it should have added
1018 a Resent-Sender: header. It erroneously treats any prefix of the
1019 username as equal to the username.
1020
1021 This change corrects that bug.
1022
f62514b3
GF
1023GF/01 DCC debug and logging tidyup
1024 Error conditions log to paniclog rather than rejectlog.
1025 Debug lines prefixed by "DCC: " to remove any ambiguity.
1026
eb505532
TF
1027TF/03 Avoid unnecessary rebuilds of lookup-related code.
1028
14c7b357
PP
1029PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
1030 Bug spotted by Jeremy Harris; was flawed since initial commit.
1031 Would have resulted in OCSP responses post-SNI triggering an Exim
1032 NULL dereference and crash.
1033
94eaf700
PP
1034JH/13 Add $router_name and $transport_name variables. Bugzilla 308.
1035
6f5a440a
PP
1036PP/15 Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd.
1037 Bug detection, analysis and fix by Samuel Thibault.
1038 Bugzilla 1331, Debian bug #698092.
1039
514ee161
SC
1040SC/01 Update eximstats to watch out for senders sending 'HELO [IpAddr]'
1041
fd98a5c6
JH
1042JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt).
1043 Server implementation by Todd Lyons, client by JH.
1044 Only enabled when compiled with EXPERIMENTAL_PRDR. A new
1045 config variable "prdr_enable" controls whether the server
1046 advertises the facility. If the client requests PRDR a new
1047 acl_data_smtp_prdr ACL is called once for each recipient, after
1048 the body content is received and before the acl_smtp_data ACL.
4c04137d 1049 The client is controlled by both of: a hosts_try_prdr option
fd98a5c6
JH
1050 on the smtp transport, and the server advertisement.
1051 Default client logging of deliveries and rejections involving
1052 PRDR are flagged with the string "PRDR".
1053
035c7f1e
PP
1054PP/16 Fix problems caused by timeouts during quit ACLs trying to double
1055 fclose(). Diagnosis by Todd Lyons.
1056
ff284120
PP
1057PP/17 Update configure.default to handle IPv6 localhost better.
1058 Patch by Alain Williams (plus minor tweaks).
1059 Bugzilla 880.
1060
26e72755
PP
1061PP/18 OpenSSL made graceful with empty tls_verify_certificates setting.
1062 This is now consistent with GnuTLS, and is now documented: the
1063 previous undocumented portable approach to treating the option as
1064 unset was to force an expansion failure. That still works, and
1065 an empty string is now equivalent.
1066
0fbd9bff
PP
1067PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
1068 clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
1069 not performing validation itself.
1070
700d22f3
PP
1071PP/20 Added force_command boolean option to pipe transport.
1072 Patch from Nick Koston, of cPanel Inc.
1073
fcc8e047
JH
1074JH/15 AUTH support on callouts (and hence cutthrough-deliveries).
1075 Bugzilla 321, 823.
1076
4c04137d 1077TF/04 Added udpsend ACL modifier and hexquote expansion operator
7142daca 1078
8c020188
PP
1079PP/21 Fix eximon continuous updating with timestamped log-files.
1080 Broken in a format-string cleanup in 4.80, missed when I repaired the
1081 other false fix of the same issue.
1082 Report and fix from Heiko Schlichting.
1083 Bugzilla 1363.
1084
d13cdd30
PP
1085PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
1086 Report from Prashanth Katuri.
1087
e2fbf4a2
PP
1088PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options.
1089 It's SecureTransport, so affects any MacOS clients which use the
1090 system-integrated TLS libraries, including email clients.
1091
f4c1088b
PP
1092PP/24 Fix segfault from trying to fprintf() to a NULL stdio FILE* if
1093 using a MIME ACL for non-SMTP local injection.
1094 Report and assistance in diagnosis by Warren Baker.
1095
c5c2182f
PP
1096TL/08 Adjust exiqgrep to be case-insensitive for sender/receiver.
1097
73431ca9
JH
1098JH/16 Fix comparisons for 64b. Bugzilla 1385.
1099
2d07a215
TL
1100TL/09 Add expansion variable $authenticated_fail_id to keep track of
1101 last id that failed so it may be referenced in subsequent ACL's.
1102
a30a8861
TL
1103TL/10 Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by
1104 Alexander Miroch.
1105
33382dd9
TL
1106TL/11 Bugzilla 1382 - Option ldap_require_cert overrides start_tls
1107 ldap library initialization, allowing self-signed CA's to be
1108 used. Also properly sets require_cert option later in code by
1109 using NULL (global ldap config) instead of ldap handle (per
1110 session). Bug diagnosis and testing by alxgomz.
6d7c6175 1111
046172e6
TL
1112TL/12 Enhanced documentation in the ratelimit.pl script provided in
1113 the src/util/ subdirectory.
1114
581d7bee 1115TL/13 Bug 1031 - Imported transport SQL logging patch from Axel Rau
1a7b746d 1116 renamed to Transport Post Delivery Action by Jeremy Harris, as
9bdd29ad
TL
1117 EXPERIMENTAL_TPDA.
1118
1119TL/14 Bugzilla 1217 - Redis lookup support has been added. It is only enabled
1120 when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable
1121 redis_servers = needs to be configured which will be used by the redis
1122 lookup. Patch from Warren Baker, of The Packet Hub.
1123
237b2cf2
TL
1124TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard Hall.
1125
9fc5a352
TL
1126TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors looking up a
1127 hostname or reverse DNS when processing a host list. Used suggestions
1128 from multiple comments on this bug.
1a7b746d 1129
b10e4ec2
TL
1130TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
1131
e2cebd74
TL
1132TL/18 Had previously added a -CONTINUE option to runtest in the test suite.
1133 Missed a few lines, added it to make the runtest require no keyboard
1134 interaction.
1135
1136TL/19 Bugzilla 1402 - Test 533 fails if any part of the path to the test suite
1137 contains upper case chars. Make router use caseful_local_part.
1138
2519e60d
TL
1139TL/20 Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS
1140 support when GnuTLS has been built with p11-kit.
1141
e78e6ecf 1142
4263f395
PP
1143Exim version 4.80.1
1144-------------------
1145
1146PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
1147 CVE-2012-5671
2c422e6f 1148 This, or similar/improved, will also be change PP/11 of 4.82.
3c0a92dc 1149
ea722490 1150
b1770b6e 1151Exim version 4.80
0599f9cf
PP
1152-----------------
1153
1154PP/01 Handle short writes when writing local log-files.
1155 In practice, only affects FreeBSD (8 onwards).
1156 Bugzilla 1053, with thanks to Dmitry Isaikin.
1157
23c7e742
NM
1158NM/01 Bugzilla 949 - Documentation tweak
1159
b322aac8
NM
1160NM/02 Bugzilla 1093 - eximstats DATA reject detection regexps
1161 improved.
1162
4a891427
NM
1163NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs.
1164
c1e794ba 1165PP/02 Implemented gsasl authenticator.
b322aac8 1166
97753960
PP
1167PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option.
1168
1169PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
1170 `pkg-config foo` for cflags/libs.
1171
df6303fa
PP
1172PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
1173 with rest of GSASL and with heimdal_gssapi.
1174
7e6a8985
PP
1175PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
1176 `pkg-config foo` for cflags/libs for the TLS implementation.
1177
f1e05cc7 1178PP/07 New expansion variable $tls_bits; Cyrus SASL server connection
20aa9dbd
PP
1179 properties get this fed in as external SSF. A number of robustness
1180 and debugging improvements to the cyrus_sasl authenticator.
b322aac8 1181
4c287009
PP
1182PP/08 cyrus_sasl server now expands the server_realm option.
1183
b98bb9ac
PP
1184PP/09 Bugzilla 1214 - Log authentication information in reject log.
1185 Patch by Jeremy Harris.
1186
4a6a987a
PP
1187PP/10 Added dbmjz lookup type.
1188
c45dd180 1189PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid.
c7955b11 1190
7db8d074
PP
1191PP/12 MAIL args handles TAB as well as SP, for better interop with
1192 non-compliant senders.
1193 Analysis and variant patch by Todd Lyons.
1194
eae0036b 1195NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated
cfab9d68 1196 Bug report from Lars Müller <lars@samba.org> (via SUSE),
e0df1c83
DM
1197 Patch from Dirk Mueller <dmueller@suse.com>
1198
dec5017e
PP
1199PP/13 tls_peerdn now print-escaped for spool files.
1200 Observed some $tls_peerdn in wild which contained \n, which resulted
1201 in spool file corruption.
1202
c80c5570
PP
1203PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
1204 values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
1205 or write after TLS renegotiation, which otherwise led to messages
1206 "Got SSL error 2".
1207
076b11e2
PP
1208TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
1209 as a tracking header (ie: a signed header comes before the signature).
1210 Patch from Wolfgang Breyha.
1211
5407bfff
JH
1212JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
1213 comma-sep list; embedded commas doubled.
1214
9e45c72b
PP
1215JH/02 Refactored ACL "verify =" logic to table-driven dispatch.
1216
e74376d8
PP
1217PP/15 LDAP: Check for errors of TLS initialisation, to give correct
1218 diagnostics.
1219 Report and patch from Dmitry Banschikov.
1220
4c04137d 1221PP/16 Removed "dont_insert_empty_fragments" from "openssl_options".
da3ad30d
PP
1222 Removed SSL_clear() after SSL_new() which led to protocol negotiation
1223 failures. We appear to now support TLS1.1+ with Exim.
1224
7be682ca
PP
1225PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
1226 lets Exim select keys and certificates based upon TLS SNI from client.
3f0945ff
PP
1227 Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly
1228 before an outbound SMTP session. New log_selector, +tls_sni.
7be682ca 1229
ef840681
PP
1230PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
1231 NULL dereference. Report and patch from Alun Jones.
1232
5bfb4cdf
PP
1233PP/19 DNS resolver init changes for NetBSD compatibility. (Risk of breakage
1234 on less well tested platforms). Obviates NetBSD pkgsrc patch-ac.
1235 Not seeing resolver debug output on NetBSD, but suspect this is a
1236 resolver implementation change.
1237
c6e95d22
PP
1238PP/20 Revert part of NM/04, it broke log_path containing %D expansions.
1239 Left warnings. Added "eximon gdb" invocation mode.
1240
9cbad13b
PP
1241PP/21 Defaulting "accept_8bitmime" to true, not false.
1242
9ee44efb
PP
1243PP/22 Added -bw for inetd wait mode support.
1244
6a6084f8
PP
1245PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
1246 locate the relevant includes and libraries. Made this the default.
1247
12dd53c7
PP
1248PP/24 Fixed headers_only on smtp transports (was not sending trailing dot).
1249 Bugzilla 1246, report and most of solution from Tomasz Kusy.
1250
9e45c72b 1251JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
97d17305
JH
1252 This may cause build issues on older platforms.
1253
17c76198
PP
1254PP/25 Revamped GnuTLS support, passing tls_require_ciphers to
1255 gnutls_priority_init, ignoring Exim options gnutls_require_kx,
1256 gnutls_require_mac & gnutls_require_protocols (no longer supported).
1257 Added SNI support via GnuTLS too.
af3498d6 1258 Made ${randint:..} supplier available, if using not-too-old GnuTLS.
17c76198 1259
53947857 1260PP/26 Added EXPERIMENTAL_OCSP for OpenSSL.
3f7eeb86 1261
eae0036b 1262PP/27 Applied dnsdb SPF support patch from Janne Snabb.
8ee4b30e
PP
1263 Applied second patch from Janne, implementing suggestion to default
1264 multiple-strings-in-record handling to match SPF spec.
eae0036b 1265
9e45c72b 1266JH/04 Added expansion variable $tod_epoch_l for a higher-precision time.
2605c55b 1267
7390e768
PP
1268PP/28 Fix DCC dcc_header content corruption (stack memory referenced,
1269 read-only, out of scope).
1270 Patch from Wolfgang Breyha, report from Stuart Northfield.
1271
08488c86
PP
1272PP/29 Fix three issues highlighted by clang analyser static analysis.
1273 Only crash-plausible issue would require the Cambridge-specific
1274 iplookup router and a misconfiguration.
1275 Report from Marcin Mirosław.
1276
6475bd82
PP
1277PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
1278
81f91683
PP
1279PP/31 %D in printf continues to cause issues (-Wformat=security), so for
1280 now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
1281 As part of this, removing so much warning spew let me fix some minor
1282 real issues in debug logging.
1283
5779e6aa
PP
1284PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing
1285 assignment on my part. Fixed.
1286
3375e053
PP
1287PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit
1288 of NSS, for GnuTLS/NSS interop. Problem root cause diagnosis by
1289 Janne Snabb (who went above and beyond: thank you).
1290
1291PP/34 Validate tls_require_ciphers on startup, since debugging an invalid
1292 string otherwise requires a connection and a bunch more work and it's
78e0c7a3
PP
1293 relatively easy to get wrong. Should also expose TLS library linkage
1294 problems.
3375e053 1295
9d26b8c0
PP
1296PP/35 Pull in <features.h> on Linux, for some portability edge-cases of
1297 64-bit ${eval} (JH/03).
1298
57eb9e91 1299PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of
b87a6e0e
PP
1300 GNU libc to support some of the 64-bit stuff, should not lead to
1301 conflicts. Defined before os.h is pulled in, so if a given platform
1302 needs to override this, it can.
1303
16880d1a
PP
1304PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought
1305 protection layer was required, which is not implemented.
1306 Bugzilla 1254, patch from Wolfgang Breyha.
1307
a799883d
PP
1308PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
1309 into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make
1310 tls_dhparam take prime identifiers. Also unbreak combination of
1311 OpenSSL+DH_params+TLSSNI.
1312
3ecab157 1313PP/39 Disable SSLv2 by default in OpenSSL support.
f0f5a555 1314
0599f9cf 1315
867fcbf5
PP
1316Exim version 4.77
1317-----------------
1318
1319PP/01 Solaris build fix for Oracle's LDAP libraries.
1320 Bugzilla 1109, patch from Stephen Usher.
1321
f1a29782
TF
1322TF/01 HP/UX build fix: avoid arithmetic on a void pointer.
1323
ab42bd23
TK
1324TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o
1325 whitespace trailer
867fcbf5 1326
0ca0cf52
TF
1327TF/02 Fix a couple more cases where we did not log the error message
1328 when unlink() failed. See also change 4.74-TF/03.
1329
921b12ca
TF
1330TF/03 Make the exiwhat support code safe for signals. Previously Exim might
1331 lock up or crash if it happened to be inside a call to libc when it
1332 got a SIGUSR1 from exiwhat.
1333
1334 The SIGUSR1 handler appends the current process status to the process
1335 log which is later printed by exiwhat. It used to use the general
1336 purpose logging code to do this, but several functions it calls are
1337 not safe for signals.
1338
1339 The new output code in the SIGUSR1 handler is specific to the process
1340 log, and simple enough that it's easy to inspect for signal safety.
1341 Removing some special cases also simplifies the general logging code.
1342 Removing the spurious timestamps from the process log simplifies
1343 exiwhat.
1344
c99ce5c9
TF
1345TF/04 Improved ratelimit ACL condition.
1346
1347 The /noupdate option has been deprecated in favour of /readonly which
1348 has clearer semantics. The /leaky, /strict, and /readonly update modes
1349 are mutually exclusive. The update mode is no longer included in the
1350 database key; it just determines when the database is updated. (This
4c04137d 1351 means that when you upgrade Exim will forget old rate measurements.)
c99ce5c9
TF
1352
1353 Exim now checks that the per_* options are used with an update mode that
1354 makes sense for the current ACL. For example, when Exim is processing a
1355 message (e.g. acl_smtp_rcpt or acl_smtp_data, etc.) you can specify
1356 per_mail/leaky or per_mail/strict; otherwise (e.g. in acl_smtp_helo) you
1357 must specify per_mail/readonly. If you omit the update mode it defaults to
1358 /leaky where that makes sense (as before) or /readonly where required.
1359
1360 The /noupdate option is now undocumented but still supported for
1361 backwards compatibility. It is equivalent to /readonly except that in
1362 ACLs where /readonly is required you may specify /leaky/noupdate or
1363 /strict/noupdate which are treated the same as /readonly.
1364
1365 A useful new feature is the /count= option. This is a generalization
1366 of the per_byte option, so that you can measure the throughput of other
1367 aggregate values. For example, the per_byte option is now equivalent
1368 to per_mail/count=${if >{0}{$message_size} {0} {$message_size} }.
1369
1370 The per_rcpt option has been generalized using the /count= mechanism
1371 (though it's more complicated than the per_byte equivalence). When it is
1372 used in acl_smtp_rcpt, the per_rcpt option adds recipients to the
1373 measured rate one at a time; if it is used later (e.g. in acl_smtp_data)
1374 or in a non-SMTP ACL it adds all the recipients in one go. (The latter
1375 /count=$recipients_count behaviour used to work only in non-SMTP ACLs.)
1376 Note that using per_rcpt with a non-readonly update mode in more than
1377 one ACL will cause the recipients to be double-counted. (The per_mail
1378 and per_byte options don't have this problem.)
1379
1380 The handling of very low rates has changed slightly. If the computed rate
1381 is less than the event's count (usually one) then this event is the first
1382 after a long gap. In this case the rate is set to the same as this event's
1383 count, so that the first message of a spam run is counted properly.
1384
1385 The major new feature is a mechanism for counting the rate of unique
1386 events. The new per_addr option counts the number of different
1387 recipients that someone has sent messages to in the last time period. It
1388 behaves like per_rcpt if all the recipient addresses are different, but
1389 duplicate recipient addresses do not increase the measured rate. Like
1390 the /count= option this is a general mechanism, so the per_addr option
1391 is equivalent to per_rcpt/unique=$local_part@$domain. You can, for
1392 example, measure the rate that a client uses different sender addresses
1393 with the options per_mail/unique=$sender_address. There are further
1394 details in the main documentation.
1395
3634fc25
TF
1396TF/05 Removed obsolete $Cambridge$ CVS revision strings.
1397
792e8a19
TF
1398TF/06 Removed a few PCRE remnants.
1399
5901f0ab
TF
1400TF/07 Automatically extract Exim's version number from tags in the git
1401 repository when doing development or release builds.
1402
7f2a2a43
PP
1403PP/02 Raise smtp_cmd_buffer_size to 16kB.
1404 Bugzilla 879. Patch from Paul Fisher.
e2ca7082 1405
061b7ebd
PP
1406PP/03 Implement SSL-on-connect outbound with protocol=smtps on smtp transport.
1407 Heavily based on revision 40f9a89a from Simon Arlott's tree.
1408 Bugzilla 97.
1409
e12f8c32
PP
1410PP/04 Use .dylib instead of .so for dynamic library loading on MacOS.
1411
9e949f00 1412PP/05 Variable $av_failed, true if the AV scanner deferred.
7f2a2a43
PP
1413 Bugzilla 1078. Patch from John Horne.
1414
1415PP/06 Stop make process more reliably on build failure.
1416 Bugzilla 1087. Patch from Heiko Schlittermann.
9e949f00 1417
555ae6af 1418PP/07 Make maildir_use_size_file an _expandable_ boolean.
ac53fcda
PP
1419 Bugzilla 1089. Patch from Heiko Schlittermann.
1420
1421PP/08 Handle ${run} returning more data than OS pipe buffer size.
1422 Bugzilla 1131. Patch from Holger Weiß.
555ae6af 1423
6f7fe114
PP
1424PP/09 Handle IPv6 addresses with SPF.
1425 Bugzilla 860. Patch from Wolfgang Breyha.
1426
c566dd90
PP
1427PP/10 GnuTLS: support TLS 1.2 & 1.1.
1428 Bugzilla 1156.
89f897c3
PP
1429 Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler].
1430 Bugzilla 1095.
c566dd90 1431
d6cc7c78 1432PP/11 match_* no longer expand right-hand-side by default.
39257585
PP
1433 New compile-time build option, EXPAND_LISTMATCH_RHS.
1434 New expansion conditions, "inlist", "inlisti".
1435
0d0e4455
PP
1436PP/12 fix uninitialised greeting string from PP/03 (smtps client support).
1437
3399bb60 1438PP/13 shell and compiler warnings fixes for RC1-RC4 changes.
d690cbdc
PP
1439
1440PP/14 fix log_write() format string regression from TF/03.
1441 Bugzilla 1152. Patch from Dmitry Isaikin.
1442
0ca0cf52 1443
10906672
PP
1444Exim version 4.76
1445-----------------
1446
1447PP/01 The new ldap_require_cert option would segfault if used. Fixed.
1448
754a0503
PP
1449PP/02 Harmonised TLS library version reporting; only show if debugging.
1450 Layout now matches that introduced for other libraries in 4.74 PP/03.
1451
c0c7b2da
PP
1452PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
1453
e97d1f08
PP
1454PP/04 New "dns_use_edns0" global option.
1455
084c1d8c
PP
1456PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid.
1457 Bugzilla 1098.
1458
4e7ee012
PP
1459PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
1460 nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
da80c2a8 1461
c8d52a00
PP
1462TK/01 Updated PolarSSL code to 0.14.2.
1463 Bugzilla 1097. Patch from Andreas Metzler.
1464
54e7ce4a
PP
1465PP/07 Catch divide-by-zero in ${eval:...}.
1466 Fixes bugzilla 1102.
1467
5ee6f336
PP
1468PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed.
1469 Bugzilla 1104.
1470
c8d52a00 1471TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
6ea4a851
PP
1472 format-string attack -- SECURITY: remote arbitrary code execution.
1473
1474TK/03 SECURITY - DKIM signature header parsing was double-expanded, second
1475 time unintentionally subject to list matching rules, letting the header
1476 cause arbitrary Exim lookups (of items which can occur in lists, *not*
1477 arbitrary string expansion). This allowed for information disclosure.
1478
1479PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to
1480 INT_MIN/-1 -- value coerced to INT_MAX.
c8d52a00 1481
10906672 1482
aa097c4c
NM
1483Exim version 4.75
1484-----------------
1485
4c04137d 1486NM/01 Workaround for PCRE version dependency in version reporting
aa097c4c
NM
1487 Bugzilla 1073
1488
7f3d9eff
TF
1489TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0.
1490 This fixes portability to compilers other than gcc, notably
1491 Solaris CC and HP-UX CC. Fixes Bugzilla 1050.
1492
159f52d2
TF
1493TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup
1494 makefiles for portability to HP-UX and POSIX correctness.
1495
0cc9542a
PP
1496PP/01 Permit LOOKUP_foo enabling on the make command-line.
1497 Also via indented variable definition in the Makefile.
1498 (Debugging by Oliver Heesakkers).
1499
f7274286
PP
1500PP/02 Restore caching of spamd results with expanded spamd_address.
1501 Patch from author of expandable spamd_address patch, Wolfgang Breyha.
1502
7b797365
PP
1503PP/03 Build issue: lookups-Makefile now exports LC_ALL=C
1504 Improves build reliability. Fix from: Frank Elsner
1505
caacae52
NM
1506NM/02 Fix wide character breakage in the rfc2047 coding
1507 Fixes bug 1064. Patch from Andrey N. Oktyabrski
1508
09dcaba9
NM
1509NM/03 Allow underscore in dnslist lookups
1510 Fixes bug 1026. Patch from Graeme Fowler
1511
bc19a55b
PP
1512PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps).
1513 Code patches from Adam Ciarcinski of NetBSD.
caacae52 1514
bd4c9759
NM
1515NM/04 Fixed exiqgrep to cope with mailq missing size issue
1516 Fixes bug 943.
1517
b72aab72
PP
1518PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which
1519 is logged, to avoid truncation. Patch from John Horne.
1520
2fe76745
PP
1521PP/06 Bugzilla 1042: implement freeze_signal on pipe transports.
1522 Patch from Jakob Hirsch.
1523
76aa570c
PP
1524PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal
1525 SQL string expansion failure details.
1526 Patch from Andrey Oktyabrski.
1527
f1e5fef5
PP
1528PP/08 Bugzilla 486: implement %M datestamping in log filenames.
1529 Patch from Simon Arlott.
1530
4d805ee9
PP
1531PP/09 New lookups functionality failed to compile on old gcc which rejects
1532 extern declarations in function scope.
1533 Patch from Oliver Fleischmann
1534
cd59ab18
PP
1535PP/10 Use sig_atomic_t for flags set from signal handlers.
1536 Check getgroups() return and improve debugging.
1537 Fixed developed for diagnosis in bug 927 (which turned out to be
1538 a kernel bug).
1539
332f5cf3
PP
1540PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag.
1541 Patch from Mark Zealey.
1542
29cfeb94
PP
1543PP/12 Bugzilla 1056: Improved spamd server selection.
1544 Patch from Mark Zealey.
1545
660242ad
PP
1546PP/13 Bugzilla 1086: Deal with maildir quota file races.
1547 Based on patch from Heiko Schlittermann.
1548
bc4bc4c5
PP
1549PP/14 Bugzilla 1019: DKIM multiple signature generation fix.
1550 Patch from Uwe Doering, sign-off by Michael Haardt.
1551
2e64baa9
NM
1552NM/05 Fix to spam.c to accommodate older gcc versions which dislike
1553 variable declaration deep within a block. Bug and patch from
1554 Dennis Davis.
1555
4c04137d 1556PP/15 lookups-Makefile IRIX compatibility coercion.
bddd7526 1557
6bac1a9a
PP
1558PP/16 Make DISABLE_DKIM build knob functional.
1559
552193f0
NM
1560NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler
1561 Patch by Simon Arlott
baeee2c1 1562
1b587e48
TF
1563TF/03 Fix valgrind.h portability to C89 compilers that do not support
1564 variable argument macros. Our copy now differs from upstream.
1565
aa097c4c 1566
8c07b69f
TF
1567Exim version 4.74
1568-----------------
1569
1570TF/01 Failure to get a lock on a hints database can have serious
1571 consequences so log it to the panic log.
1572
c0ea85ab
TF
1573TF/02 Log LMTP confirmation messages in the same way as SMTP,
1574 controlled using the smtp_confirmation log selector.
1575
0761d44e
TF
1576TF/03 Include the error message when we fail to unlink a spool file.
1577
0a349494
PP
1578DW/01 Bugzilla 139: Support dynamically loaded lookups as modules.
1579 With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux
1580 for maintaining out-of-tree patches for some time.
1581
1582PP/01 Bugzilla 139: Documentation and portability issues.
1583 Avoid GNU Makefile-isms, let Exim continue to build on BSD.
1584 Handle per-OS dynamic-module compilation flags.
1585
fea24b2e
PP
1586PP/02 Let /dev/null have normal permissions.
1587 The 4.73 fixes were a little too stringent and complained about the
1588 permissions on /dev/null. Exempt it from some checks.
1589 Reported by Andreas M. Kirchwitz.
1590
6545de78
PP
1591PP/03 Report version information for many libraries, including
1592 Exim version information for dynamically loaded libraries. Created
1593 version.h, now support a version extension string for distributors
1594 who patch heavily. Dynamic module ABI change.
1595
1670ef10
PP
1596PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
1597 privilege escalation vulnerability whereby the Exim run-time user
1598 can cause root to append content of the attacker's choosing to
1599 arbitrary files.
1600
c0886197
PP
1601PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
1602 (Wolfgang Breyha)
1603
b7487bce
PP
1604PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
1605 If dropping privileges for untrusted macros, we disabled normal logging
1606 on the basis that it would fail; for the Exim run-time user, this is not
1607 the case, and it resulted in successful deliveries going unlogged.
1608 Fixed. Reported by Andreas Metzler.
1609
8c07b69f 1610
97fd1e48 1611Exim version 4.73
ed7f7860 1612-----------------
97fd1e48
PP
1613
1614PP/01 Date: & Message-Id: revert to normally being appended to a message,
1615 only prepend for the Resent-* case. Fixes regression introduced in
1616 Exim 4.70 by NM/22 for Bugzilla 607.
1617
6901c596
PP
1618PP/02 Include check_rfc2047_length in configure.default because we're seeing
1619 increasing numbers of administrators be bitten by this.
1620
a8c8d6b5
JJ
1621JJ/01 Added DISABLE_DKIM and comment to src/EDITME
1622
77bb000f
PP
1623PP/03 Bugzilla 994: added openssl_options main configuration option.
1624
a29e5231
PP
1625PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
1626
ec5a0394 1627PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports.
a29e5231 1628
55c75993
PP
1629PP/06 Adjust NTLM authentication to handle SASL Initial Response.
1630
453a6645 1631PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
ec5a0394
PP
1632 without a peer certificate, leading to a segfault because of an
1633 assumption that peers always have certificates. Be a little more
453a6645
PP
1634 paranoid. Problem reported by Martin Tscholak.
1635
8544e77a
PP
1636PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
1637 filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
1638 NB: ClamAV planning to remove STREAM in "middle of 2010".
3346ab01
PP
1639 CL also introduces -bmalware, various -d+acl logging additions and
1640 more caution in buffer sizes.
8544e77a 1641
83e029d5
PP
1642PP/09 Implemented reverse_ip expansion operator.
1643
ed7f7860
PP
1644PP/10 Bugzilla 937: provide a "debug" ACL control.
1645
7d9f747b
PP
1646PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne.
1647
4b2241d2
PP
1648PP/12 Bugzilla 973: Implement --version.
1649
10385c15
PP
1650PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0.
1651
dbc4b90d
PP
1652PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.
1653
532be449
PP
1654PP/15 Bugzilla 816: support multiple condition rules on Routers.
1655
6a8de854 1656PP/16 Add bool_lax{} expansion operator and use that for combining multiple
71265ae9
PP
1657 condition rules, instead of bool{}. Make both bool{} and bool_lax{}
1658 ignore trailing whitespace.
6a8de854 1659
5dc43717
JJ
1660JJ/02 prevent non-panic DKIM error from being sent to paniclog
1661
1662JJ/03 added tcp_wrappers_daemon_name to allow host entries other than
1663 "exim" to be used
55c75993 1664
3346ab01
PP
1665PP/17 Fix malware regression for cmdline scanner introduced in PP/08.
1666 Notification from Dr Andrew Aitchison.
1667
491fab4c
PP
1668PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's
1669 ExtendedDetectionInfo response format.
1670 Notification from John Horne.
1671
13eb9497
PP
1672PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards
1673 compatible.
1674
1675PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http:
1676 XSL and documented dependency on system catalogs, with examples of how
1677 it normally works.
1678
7f36d675
DW
1679DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
1680 access.
1681
c1d94452
DW
1682DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
1683 of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
1684 configuration file which is writeable by the Exim user or group.
1685
e2f5dc15
DW
1686DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
1687 of configuration files to cover files specified with the -C option if
1688 they are going to be used with root privileges, not just the default
1689 configuration file.
1690
cd25e41d
DW
1691DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
1692 option (effectively making it always true).
1693
261dc43e
DW
1694DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
1695 files to be used while preserving root privileges.
1696
fa32850b
DW
1697DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
1698 that rogue child processes cannot use them.
1699
79d4bc3d
PP
1700PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim
1701 run-time user, instead of root.
1702
43236f35 1703PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the
2cfd3221
PP
1704 Exim run-time user without dropping privileges.
1705
fb08281f
DW
1706DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
1707 result string, instead of calling string_vformat() twice with the same
1708 arguments.
3346ab01 1709
74935b98
DW
1710DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not
1711 for other users. Others should always drop root privileges if they use
1712 -C on the command line, even for a whitelisted configure file.
1713
90b6341f
DW
1714DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes.
1715
57730b52
ML
1716NM/01 Fixed bug #1002 - Message loss when using multiple deliveries
1717
66581d1e 1718
465e92cf
JJ
1719Exim version 4.72
1720-----------------
1721
453a6645
PP
1722JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
1723 $data_path, and $header_path variables; fixed documentation bugs and
1724 typos
465e92cf 1725
453a6645
PP
1726JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
1727 exipick to access non-standard spools, including the "frozen" queue
1728 (Finput)
edae0343 1729
9bd3e22c
NM
1730NM/01 Bugzilla 965: Support mysql stored procedures.
1731 Patch from Alain Williams
1732
bb576ff7
NM
1733NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD
1734
5a1a5845
NM
1735NM/03 Bugzilla 955: Documentation fix for max_rcpts.
1736 Patch from Andreas Metzler
1737
981a9fad
NM
1738NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator.
1739 Patch from Kirill Miazine
1740
7fc497ee
NM
1741NM/05 Bugzilla 671: Added umask to procmail example.
1742
1a41defa
JJ
1743JJ/03 installed exipick 20100323.0, fixing doc bug
1744
a466095c 1745NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail
b26eacf1 1746 directory. Notification and patch from Dan Rosenberg.
a466095c 1747
94a6bd0b
NM
1748TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1.
1749
1750TK/02 Improve log output when DKIM signing operation fails.
1751
1752MH/01 Treat the transport option dkim_domain as a colon separated
1753 list, not as a single string, and sign the message with each element,
1754 omitting multiple occurences of the same signer.
1755
c1b141a8
NM
1756NM/07 Null terminate DKIM strings, Null initialise DKIM variable
1757 Bugzilla 985, 986. Patch by Simon Arlott
94a6bd0b 1758
b26eacf1 1759NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related)
0d0c6357
NM
1760 Patch by Simon Arlott
1761
179c5980 1762PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on
b26eacf1 1763 MBX locking. Notification from Dan Rosenberg.
179c5980 1764
9bd3e22c 1765
7c6d71af
NM
1766Exim version 4.71
1767-----------------
1768
7d9f747b 1769TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body.
7c6d71af 1770
f013fb92
NM
1771NM/01 Bugzilla 913: Documentation fix for gnutls_* options.
1772
0eb8eedd
NM
1773NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults.
1774
663ee6d9
NM
1775NM/03 Bugzilla 847: Enable DNSDB lookup by default.
1776
177ebd9b
NM
1777NM/04 Bugzilla 915: Flag broken perl installation during build.
1778
7c6d71af 1779
210f147e
NM
1780Exim version 4.70
1781-----------------
1782
cdd3bb85 1783TK/01 Added patch by Johannes Berg that expands the main option
e739e3d9 1784 "spamd_address" if it starts with a dollar sign.
cdd3bb85
TK
1785
1786TK/02 Write list of recipients to X-Envelope-Sender header when building
1787 the mbox-format spool file for content scanning (suggested by Jakob
7d9f747b 1788 Hirsch).
cdd3bb85
TK
1789
1790TK/03 Added patch by Wolfgang Breyha that adds experimental DCC
1791 (http://www.dcc-servers.net/) support via dccifd. Activated by
e739e3d9 1792 setting EXPERIMENTAL_DCC=yes in Local/Makefile.
cdd3bb85
TK
1793
1794TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted
1795 by Mark Daniel Reidel <mr@df.eu>.
1796
210f147e
NM
1797NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree.
1798 When building exim an external PCRE library is now needed -
1799 PCRE is a system library on the majority of modern systems.
1800 See entry on PCRE_LIBS in EDITME file.
1801
deafd5b3
NM
1802NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator
1803 conversation. Added nologin parameter to request.
7d9f747b 1804 Patch contributed by Kirill Miazine.
deafd5b3 1805
089793a4
TF
1806TF/01 Do not log submission mode rewrites if they do not change the address.
1807
5f16ca82
TF
1808TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c.
1809
dae9d94e 1810NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty
7d9f747b 1811 log files in place. Contributed by Roberto Lima.
dae9d94e 1812
7d9f747b 1813NM/04 Bugzilla 667: Close socket used by dovecot authenticator.
3f0da4d0 1814
06864c44
TF
1815TF/03 Bugzilla 615: When checking the local_parts router precondition
1816 after a local_part_suffix or local_part_prefix option, Exim now
1817 does not use the address's named list lookup cache, since this
1818 contains cached lookups for the whole local part.
1819
65a7d8c3 1820NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by
7d9f747b 1821 Robert Millan. Documentation is in experimental-spec.txt.
65a7d8c3 1822
23510047 1823TF/04 Bugzilla 668: Fix parallel build (make -j).
65a7d8c3 1824
7d9f747b 1825NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000.
5f28a6e8 1826
7d8eec3a 1827NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling.
7d9f747b 1828 Patch provided by Jan Srzednicki.
6c588e74 1829
89dec7b6
TF
1830TF/05 Leading white space used to be stripped from $spam_report which
1831 wrecked the formatting. Now it is preserved.
5f28a6e8 1832
a99de90c
TF
1833TF/06 Save $spam_score, $spam_bar, and $spam_report in spool files, so
1834 that they are available at delivery time.
1835
e2803e40
TF
1836TF/07 Fix the way ${extract is skipped in the untaken branch of a conditional.
1837
7199e1ee
TF
1838TF/08 TLS error reporting now respects the incoming_interface and
1839 incoming_port log selectors.
1840
e276e04b
TF
1841TF/09 Produce a more useful error message if an SMTP transport's hosts
1842 setting expands to an empty string.
1843
ce552449 1844NM/06 Bugzilla 744: EXPN did not work under TLS.
7d9f747b 1845 Patch provided by Phil Pennock.
ce552449 1846
e765a0f1 1847NM/07 Bugzilla 769: Extraneous comma in usage fprintf
7d9f747b 1848 Patch provided by Richard Godbee.
e765a0f1 1849
4f054c63 1850NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be
447de4b0 1851 acl_smtp_notquit, added index entry.
4f054c63 1852
7d9f747b
PP
1853NM/09 Bugzilla 787: Potential buffer overflow in string_format.
1854 Patch provided by Eugene Bujak.
24c929a2 1855
7d9f747b
PP
1856NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to
1857 accept(). Patch provided by Maxim Dounin.
cf73943b 1858
b52bc06e 1859NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero.
7d9f747b 1860 Patch provided by Phil Pennock.
b52bc06e 1861
447de4b0
NM
1862NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists.
1863
4c69d561 1864NM/13 Bugzilla 590: Correct handling of Resent-Date headers.
7d9f747b 1865 Patch provided by Brad "anomie" Jorsch.
4c69d561 1866
d5c39246 1867NM/14 Bugzilla 622: Added timeout setting to transport filter.
7d9f747b 1868 Patch provided by Dean Brooks.
9b989985 1869
0b23848a
TK
1870TK/05 Add native DKIM support (does not depend on external libraries).
1871
8f3414a1 1872NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful.
7d9f747b 1873 Patch provided by Graeme Fowler.
e2aacdfd 1874
fb6f955d
NM
1875NM/16 Bugzilla 851: Documentation example syntax fix.
1876
1877NM/17 Changed NOTICE file to remove references to embedded PCRE.
8f3414a1 1878
7d9f747b
PP
1879NM/18 Bugzilla 894: Fix issue with very long lines including comments in
1880 lsearch.
dbb0bf41 1881
7d9f747b
PP
1882NM/19 Bugzilla 745: TLS version reporting.
1883 Patch provided by Phil Pennock.
f3766eb5 1884
7d9f747b
PP
1885NM/20 Bugzilla 167: bool: condition support.
1886 Patch provided by Phil Pennock.
36f12725 1887
7d9f747b
PP
1888NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken
1889 clients. Patch provided by Phil Pennock.
e6060e2c 1890
7d9f747b
PP
1891NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date.
1892 Patch provided by Brad "anomie" Jorsch.
5eb690a1 1893
7d9f747b
PP
1894NM/23 Bugzilla 687: Fix misparses in eximstats.
1895 Patch provided by Heiko Schlittermann.
d5c13d66 1896
7d9f747b
PP
1897NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid.
1898 Patch provided by Heiko Schlittermann.
b2335c0b 1899
7d9f747b 1900NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file.
1da77999 1901 plus update to original patch.
f4cd9433 1902
7d9f747b 1903NM/26 Bugzilla 799: Documentation correction for ratelimit.
dc988b7e 1904
7d9f747b
PP
1905NM/27 Bugzilla 802: Improvements to local interface IP addr detection.
1906 Patch provided by David Brownlee.
8dc71ab3 1907
7d9f747b 1908NM/28 Bugzilla 807: Improvements to LMTP delivery logging.
400eda43 1909
7d9f747b 1910NM/29 Bugzilla 862, 866, 875: Documentation bugfixes.
ec5a421b 1911
7d9f747b 1912NM/30 Bugzilla 888: TLS documentation bugfixes.
07af267e 1913
7d9f747b 1914NM/31 Bugzilla 896: Dovecot buffer overrun fix.
51473862 1915
17792b53 1916NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --"
7d9f747b 1917 Unlike the original bugzilla I have changed all shell scripts in src tree.
17792b53 1918
7d9f747b
PP
1919NM/33 Bugzilla 898: Transport filter timeout fix.
1920 Patch by Todd Rinaldo.
52383f8f 1921
91576cec 1922NM/34 Bugzilla 901: Fix sign/unsigned and UTF mismatches.
7d9f747b 1923 Patch by Serge Demonchaux.
5ca6d115 1924
7d9f747b
PP
1925NM/35 Bugzilla 39: Base64 decode bug fixes.
1926 Patch by Jakob Hirsch.
baee9eee 1927
7d9f747b 1928NM/36 Bugzilla 909: Correct connect() call in dcc code.
e93a964c 1929
7d9f747b 1930NM/37 Bugzilla 910: Correct issue with relaxed/simple handling.
9bf3d68f 1931
7d9f747b 1932NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed.
96535b98 1933
7d9f747b 1934NM/39 Bugzilla 911: Fixed MakeLinks build script.
30339e0f 1935
deafd5b3 1936
47db1125
NM
1937Exim version 4.69
1938-----------------
1939
4b3504d0
TK
1940TK/01 Add preliminary DKIM support. Currently requires a forked version of
1941 ALT-N's libdkim that I have put here:
1942 http://duncanthrax.net/exim-experimental/
1943
1944 Note to Michael Haardt: I had to rename some vars in sieve.c. They
1945 were called 'true' and it seems that C99 defines that as a reserved
1946 keyword to be used with 'bool' variable types. That means you could
1947 not include C99-style headers which use bools without triggering
1948 build errors in sieve.c.
1949
81ea09ca
NM
1950NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
1951 as mailq or other aliases. Changed the --help handling significantly
1952 to do whats expected. exim_usage() emits usage/help information.
1953
f13cddcb
SC
1954SC/01 Added the -bylocaldomain option to eximstats.
1955
7d9f747b 1956NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr.
8ad076b2 1957
7d9f747b 1958NM/03 Bugzilla 613: Documentation fix for acl_not_smtp.
a843aaa6 1959
7d9f747b 1960NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall).
47db1125
NM
1961
1962
eb4c0de6
PH
1963Exim version 4.68
1964-----------------
1965
1966PH/01 Another patch from the Sieve maintainer.
1967
6a3bceb1
PH
1968PH/02 When an IPv6 address is converted to a string for single-key lookup
1969 in an address list (e.g. for an item such as "net24-dbm;/net/works"),
1970 dots are used instead of colons so that keys in lsearch files need not
1971 contain colons. This was done some time before quoting was made available
1972 in lsearch files. However, iplsearch files do require colons in IPv6 keys
1973 (notated using the quote facility) so as to distinguish them from IPv4
1974 keys. This meant that lookups for IP addresses in host lists did not work
1975 for iplsearch lookups.
1976
1977 This has been fixed by arranging for IPv6 addresses to be expressed with
1978 colons if the lookup type is iplsearch. This is not incompatible, because
1979 previously such lookups could never work.
1980
4c04137d 1981 The situation is now rather anomalous, since one *can* have colons in
6a3bceb1
PH
1982 ordinary lsearch keys. However, making the change in all cases is
1983 incompatible and would probably break a number of configurations.
1984
2e30fa9d
TK
1985TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
1986 version.
1987
0806a9c5
MH
1988MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
1989 conversion specification without a maximum field width, thereby enabling
1990 a rogue spamd server to cause a buffer overflow. While nobody in their
1991 right mind would setup Exim to query an untrusted spamd server, an
1992 attacker that gains access to a server running spamd could potentially
1993 exploit this vulnerability to run arbitrary code as the Exim user.
1994
ae276964
TK
1995TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
1996 $primary_hostname instead of what libspf2 thinks the hosts name is.
1997
0f2cbd1b
MH
1998MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
1999 a directory entry by the name of the lookup key. Previously, if a
2000 symlink pointed to a non-existing file or a file in a directory that
2001 Exim lacked permissions to read, a lookup for a key matching that
2002 symlink would fail. Now it is enough that a matching directory entry
2003 exists, symlink or not. (Bugzilla 503.)
2004
2b85bce7
PH
2005PH/03 The body_linecount and body_zerocount variables are now exported in the
2006 local_scan API.
2007
93655c46
PH
2008PH/04 Added the $dnslist_matched variable.
2009
6c512171
PH
2010PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
2011 This means they are set thereafter only if the connection becomes
2012 encrypted.
2013
2014PH/06 Added the client_condition to authenticators so that some can be skipped
2015 by clients under certain conditions.
2016
aa6dc513
PH
2017PH/07 The error message for a badly-placed control=no_multiline_responses left
2018 "_responses" off the end of the name.
2019
a96603a0
PH
2020PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
2021
8f240103
PH
2022PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
2023 (without spaces) instead of just copying the configuration text.
2024
2025PH/10 Added the /noupdate option to the ratelimit ACL condition.
2026
d677b2f2
PH
2027PH/11 Added $max_received_linelength.
2028
d52120f2
PH
2029PH/12 Added +ignore_defer and +include_defer to host lists.
2030
64f2600a
PH
2031PH/13 Installed PCRE version 7.2. This needed some changes because of the new
2032 way in which PCRE > 7.0 is built.
2033
8669f003
PH
2034PH/14 Implemented queue_only_load_latch.
2035
a4dc33a8
PH
2036PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
2037 MAIL command. The effect was to mangle the value on 64-bit systems.
2038
d6a60c0f
PH
2039PH/16 Another patch from the Sieve maintainer.
2040
8f128379
PH
2041PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
2042
8932dffe
PH
2043PH/18 If a system quota error occurred while trying to create the file for
2044 a maildir delivery, the message "Mailbox is full" was not appended to the
2045 bounce if the delivery eventually timed out. Change 4.67/27 below applied
2046 only to a quota excession during the actual writing of the file.
d6a60c0f 2047
ddea74fa 2048PH/19 It seems that peer DN values may contain newlines (and other non-printing
48ed62d9
PH
2049 characters?) which causes problems in log lines. The DN values are now
2050 passed through string_printing() before being added to log lines.
2051
ddea74fa 2052PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
b7670459
PH
2053 and InterBase are left for another time.)
2054
ddea74fa
PH
2055PH/21 Added message_body_newlines option.
2056
ce9f225c
PH
2057PH/22 Guard against possible overflow in moan_check_errorcopy().
2058
19897d52
PH
2059PH/23 POSIX allows open() to be a macro; guard against that.
2060
bc64a74d
PH
2061PH/24 If the recipient of an error message contained an @ in the local part
2062 (suitably quoted, of course), incorrect values were put in $domain and
2063 $local_part during the evaluation of errors_copy.
2064
eb4c0de6 2065
b4ed4da0
PH
2066Exim version 4.67
2067-----------------
2068
22ad45c9
MH
2069MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address
2070 is unset (happens when testing with -bh and -oMi isn't used). Thanks to
2071 Jan Srzednicki.
2072
b4ed4da0
PH
2073PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not
2074 issue a MAIL command.
2075
431b7361
PH
2076PH/02 In an ACL statement such as
2077
2078 deny dnslists = X!=127.0.0.2 : X=127.0.0.2
2079
2080 if a client was not listed at all, or was listed with a value other than
2081 127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list,
2082 the condition was not true (as it should be), so access was not denied.
2083 The bug was that the ! inversion was incorrectly passed on to the second
2084 item. This has been fixed.
2085
2086PH/03 Added additional dnslists conditions == and =& which are different from
2087 = and & when the dns lookup returns more than one IP address.
2088
83da1223
PH
2089PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the
2090 cipher suites used by GnuTLS. These options are ignored by OpenSSL.
2091
54fc8428
PH
2092PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_
2093 FSYNC, which compiles an option called disable_fsync that allows for
2094 bypassing fsync(). The documentation is heavily laced with warnings.
2095
34c5e8dd
SC
2096SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket.
2097
bbe15da8
PH
2098PH/06 Some tidies to the infrastructure of the Test Suite that is concerned
2099 with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT
2100 to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile,
2101 including adding "make clean"; (3) Added -fPIC when compiling the test
2102 dynamically loaded module, to get rid of a warning.
2103
0e8a9471
MH
2104MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce
2105 message fails, move_frozen_messages = true and ignore_bounce_errors_after
2106 = 0s. The bug is otherwise harmless.
2107
f0872424
PH
2108PH/07 There was a bug in the dovecot authenticator such that the value of
2109 $auth1 could be overwritten, and so not correctly preserved, after a
2110 successful authentication. This usually meant that the value preserved by
2111 the server_setid option was incorrect.
2112
b01dd148
PH
2113PH/08 Added $smtp_count_at_connection_start, deliberately with a long name.
2114
6bf342e1
PH
2115PH/09 Installed PCRE release 7.0.
2116
273f34d0
PH
2117PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being
2118 run for batched SMTP input. It is now run at the start of every message
2119 in the batch. While fixing this I discovered that the process information
2120 (output by running exiwhat) was not always getting set for -bs and -bS
2121 input. This is fixed, and it now also says "batched" for BSMTP.
2122
cf8b11a5
PH
2123PH/11 Added control=no_pipelining.
2124
41c7c167
PH
2125PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's
2126 patch, slightly modified), and move the expansion of helo_data till after
2127 the connection is made in the smtp transport (so it can use these
2128 values).
2129
9c57cbc0
PH
2130PH/13 Added ${rfc2047d: to decoded RFC 2047 strings.
2131
f3f065bb
PH
2132PH/14 Added log_selector = +pid.
2133
047bdd8c
PH
2134PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set.
2135
0ce9abe6
PH
2136PH/16 Add ${if forany and ${if forall.
2137
0e22dfd1
PH
2138PH/17 Added dsn_from option to vary the From: line in DSNs.
2139
4c590bd1
PH
2140PH/18 Flush SMTP output before performing a callout, unless control =
2141 no_callout_flush is set.
2142
09945f1e
PH
2143PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender
2144 was true (the default) a successful delivery failed to delete the retry
2145 item, thus causing premature timeout of the address. The bug is now
2146 fixed.
2147
c51b8e75
PH
2148PH/20 Added hosts_avoid_pipelining to the smtp transport.
2149
e28326d8 2150PH/21 Long custom messages for fakedefer and fakereject are now split up
4c04137d 2151 into multiline responses in the same way that messages for "deny" and
e28326d8
PH
2152 other ACL rejections are.
2153
75b1493f
PH
2154PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep,
2155 with slight modification.
2156
7c5214ec
PH
2157PH/23 Applied sieve patches from the maintainer "tracking the latest notify
2158 draft, changing the syntax and factoring some duplicate code".
2159
4311097e
PH
2160PH/24 When the log selector "outgoing_port" was set, the port was shown as -1
2161 for deliveries of the second and subsequent messages over the same SMTP
2162 connection.
2163
29f89cad
PH
2164PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and
2165 ${reduce, with only minor "tidies".
2166
5e687460
SC
2167SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match.
2168
c3611384
PH
2169PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its
2170 expansion side effects.
2171
5a11a7b4
PH
2172PH/27 When a message times out after an over-quota error from an Exim-imposed
2173 quota, the bounce message says "mailbox is full". This message was not
2174 being given when it was a system quota that was exceeded. It now should
2175 be the same.
2176
0e20aff9
MH
2177MH/03 Made $recipients available in local_scan(). local_scan() already has
2178 better access to the recipient list through recipients_list[], but
2179 $recipients can be useful in postmaster-provided expansion strings.
2180
ca86f471
PH
2181PH/28 The $smtp_command and $smtp_command_argument variables were not correct
2182 in the case of a MAIL command with additional options following the
2183 address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings
2184 were accidentally chopped off.
2185
a14e5636
PH
2186PH/29 SMTP synchronization checks are implemented when a command is read -
2187 there is a check that no more input is waiting when there shouldn't be
2188 any. However, for some commands, a delay in an ACL can mean that it is
2189 some time before the response is written. In this time, more input might
2190 arrive, invalidly. So now there are extra checks after an ACL has run for
2191 HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when
2192 pipelining has not been advertised.
2193
ec95d1a6
PH
2194PH/30 MH's patch to allow iscntrl() characters to be list separators.
2195
42855d71
PH
2196PH/31 Unlike :fail:, a custom message specified with :defer: was not being
2197 returned in the SMTP response when smtp_return_error_details was false.
2198 This has been fixed.
2199
57c2c631
PH
2200PH/32 Change the Dovecot authenticator to use read() and write() on the socket
2201 instead of the C I/O that was originally supplied, because problems were
2202 reported on Solaris.
2203
58c01c94
PH
2204PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in
2205 Exim which did not show up earlier: it was assuming that a call to
2206 SSL_CTX_set_info_callback() might give an error value. In fact, there is
2207 no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback()
2208 was a macro that became an assignment, so it seemed to work. This has
2209 changed to a proper function call with a void return, hence the compile
2210 error. Exim's code has been fixed.
2211
dee5a20a
PH
2212PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit
2213 cpus.
2214
d2ee6114
PH
2215PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify".
2216
b2d5182b
PH
2217PH/36 Applied John Jetmore's patch to add -v functionality to exigrep.
2218
79749a79
PH
2219PH/37 If a message is not accepted after it has had an id assigned (e.g.
2220 because it turns out to be too big or there is a timeout) there is no
3ce62588
PH
2221 "Completed" line in the log. When some messages of this type were
2222 selected by exigrep, they were listed as "not completed". Others were
2223 picked up by some special patterns. I have improved the selection
2224 criteria to be more general.
79749a79 2225
c456d9bb
PH
2226PH/38 The host_find_failed option in the manualroute router can now be set
2227 to "ignore", to completely ignore a host whose IP address cannot be
2228 found. If all hosts are ignored, the behaviour is controlled by the new
2229 host_all_ignored option.
2230
cd9868ec
PH
2231PH/39 In a list of hosts for manualroute, if one item (either because of multi-
2232 homing or because of multiple MX records with /mx) generated more than
2233 one IP address, and the following item turned out to be the local host,
2234 all the secondary addresses of the first item were incorrectly removed
2235 from the list, along with the local host and any following hosts (which
2236 is what is supposed to happen).
2237
ebeaf996
PH
2238PH/40 When Exim receives a message, it writes the login name, uid, and gid of
2239 whoever called Exim into the -H file. In the case of the daemon it was
2240 behaving confusingly. When first started, it used values for whoever
2241 started the daemon, but after a SIGHUP it used the Exim user (because it
2242 calls itself on a restart). I have changed the code so that it now always
2243 uses the Exim user.
2244
2679d413
PH
2245PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a
2246 message are rejected with the same error (e.g. no authentication or bad
2247 sender address), and a DATA command is nevertheless sent (as can happen
2248 with PIPELINING or a stupid MUA), the error message that was given to the
2249 RCPT commands is included in the rejection of the DATA command. This is
2250 intended to be helpful for MUAs that show only the final error to their
2251 users.
2252
84024b72
PH
2253PH/42 Another patch from the Sieve maintainer.
2254
8005d38e
SC
2255SC/02 Eximstats - Differentiate between permanent and temporary rejects.
2256 Eximstats - Fixed some broken HTML links and added missing column headers
2257 (Jez Hancock).
2258 Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email
2259 columns for Rejects, Temp Rejects, Ham, and Spam rows.
2260
3298c6c6
SC
2261SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables.
2262
a43a27c5
PH
2263PH/43 Yet another patch from the Sieve maintainer.
2264
58eb016e 2265PH/44 I found a way to check for a TCP/IP connection going away before sending
563b63fa
PH
2266 the response to the final '.' that terminates a message, but only in the
2267 case where the client has not sent further data following the '.'
2268 (unfortunately, this is allowed). However, in many cases there won't be
2269 any further data because there won't be any more messages to send. A call
2270 to select() can be used: if it shows that the input is "ready", there is
2271 either input waiting, or the socket has been closed. An attempt to read
2272 the next input character can distinguish the two cases. Previously, Exim
58eb016e 2273 would have sent an OK response which the client would never have see.
563b63fa
PH
2274 This could lead to message repetition. This fix should cure that, at
2275 least in a lot of common cases.
58eb016e 2276
b43a74ea
PH
2277PH/45 Do not advertise STARTTLS in response to HELP unless it would be
2278 advertised in response to EHLO.
2279
b4ed4da0 2280
5dd1517f
PH
2281Exim version 4.66
2282-----------------
2283
2284PH/01 Two more bugs that were introduced by 4.64/PH/07, in addition to the one
2285 fixed by 4.65/MH/01 (is this a record?) are fixed:
2286
2287 (i) An empty string was always treated as zero by the numeric comparison
2288 operators. This behaviour has been restored.
2289
2290 (ii) It is documented that the numeric comparison operators always treat
2291 their arguments as decimal numbers. This was broken in that numbers
2292 starting with 0 were being interpreted as octal.
2293
2294 While fixing these problems I realized that there was another issue that
2295 hadn't been noticed. Values of message_size_limit (both the global option
2296 and the transport option) were treated as octal if they started with 0.
2297 The documentation was vague. These values are now always treated as
2298 decimal, and I will make that clear in the documentation.
2299
2300
93cfa765
TK
2301Exim version 4.65
2302-----------------
2303
2304TK/01 Disable default definition of HAVE_LINUX_SENDFILE. Clashes with
2305 Linux large file support (_FILE_OFFSET_BITS=64) on older glibc
2306 versions. (#438)
2307
d6066548
MH
2308MH/01 Don't check that the operands of numeric comparison operators are
2309 integers when their expansion is in "skipping" mode (fixes bug
2310 introduced by 4.64-PH/07).
2311
4362ff0d
PH
2312PH/01 If a system filter or a router generates more than SHRT_MAX (32767)
2313 child addresses, Exim now panics and dies. Previously, because the count
2314 is held in a short int, deliveries were likely to be lost. As such a
2315 large number of recipients for a single message is ridiculous
2316 (performance will be very, very poor), I have chosen to impose a limit
2317 rather than extend the field.
2318
93cfa765 2319
944e9e9c
TF
2320Exim version 4.64
2321-----------------
aa41d2de 2322
21d74bd9
TK
2323TK/01 Bugzilla #401. Fix DK spooling code so that it can overwrite a
2324 leftover -K file (the existence of which was triggered by #402).
2325 While we were at it, introduced process PID as part of the -K
2326 filename. This should rule out race conditions when creating
2327 these files.
2328
2329TK/02 Bugzilla #402. Apply patch from Simon Arlott, speeding up DK signing
2330 processing considerably. Previous code took too long for large mails,
2331 triggering a timeout which in turn triggers #401.
2332
2333TK/03 Introduced HAVE_LINUX_SENDFILE to os.h-Linux. Currently only used
2334 in the DK code in transports.c. sendfile() is not really portable,
2335 hence the _LINUX specificness.
944e9e9c
TF
2336
2337TF/01 In the add_headers option to the mail command in an Exim filter,
2338 there was a bug that Exim would claim a syntax error in any
2339 header after the first one which had an odd number of characters
2340 in the field name.
2341
2b1c6e3a
PH
2342PH/01 If a server that rejects MAIL FROM:<> was the target of a sender
2343 callout verification, Exim cached a "reject" for the entire domain. This
2344 is correct for most verifications, but it is not correct for a recipient
2345 verification with use_sender or use_postmaster set, because in that case
2346 the callout does not use MAIL FROM:<>. Exim now distinguishes the special
2347 case of MAIL FROM:<> rejection from other early rejections (e.g.
2348 rejection of HELO). When verifying a recipient using a non-null MAIL
2349 address, the cache is ignored if it shows MAIL FROM:<> rejection.
2350 Whatever the result of the callout, the value of the domain cache is
2351 left unchanged (for any other kind of callout, getting as far as trying
2352 RCPT means that the domain itself is ok).
2353
1f872c80
PH
2354PH/02 Tidied a number of unused variable and signed/unsigned warnings that
2355 gcc 4.1.1 threw up.
2356
2357PH/03 On Solaris, an unexpectedly close socket (dropped connection) can
2358 manifest itself as EPIPE rather than ECONNECT. When tidying away a
2359 session, the daemon ignores ECONNECT errors and logs others; it now
2360 ignores EPIPE as well.
2361
d203e649
PH
2362PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c
2363 (quoted-printable decoding).
2364
cc2ed8f7 2365PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and
21a04aa3 2366 later the small subsequent patch to fix an introduced bug.
f951fd57 2367
ddfcd446
PH
2368PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer.
2369
d45b1de8
PH
2370PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}.
2371
2372PH/08 An error is now given if message_size_limit is specified negative.
2373
38a0a95f 2374PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables
641cb756 2375 to be given (somewhat) arbitrary names.
38a0a95f 2376
a2405d83
JJ
2377JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced
2378 in 4.64-PH/09.
2379
2380JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions,
2381 miscellaneous code fixes
2382
6ea85e9a
PH
2383PH/10 Added the log_reject_target ACL modifier to specify where to log
2384 rejections.
2385
26da7e20
PH
2386PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_
2387 hostname. This is wrong, because it relates to the incoming message (and
2388 probably the interface on which it is arriving) and not to the outgoing
2389 callout (which could be using a different interface). This has been
2390 changed to use the value of the helo_data option from the smtp transport
2391 instead - this is what is used when a message is actually being sent. If
2392 there is no remote transport (possible with a router that sets up host
2393 addresses), $smtp_active_hostname is used.
6ea85e9a 2394
14aa5a05 2395PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various
7befa435 2396 tweaks were necessary in order to get it to work (see also 21 below):
14aa5a05
PH
2397 (a) The code assumed that strncpy() returns a negative number on buffer
2398 overflow, which isn't the case. Replaced with Exim's string_format()
2399 function.
2400 (b) There were several signed/unsigned issues. I just did the minimum
2401 hacking in of casts. There is scope for a larger refactoring.
2402 (c) The code used strcasecmp() which is not a standard C function.
2403 Replaced with Exim's strcmpic() function.
2404 (d) The code set only $1; it now sets $auth1 as well.
2405 (e) A simple test gave the error "authentication client didn't specify
2406 service in request". It would seem that Dovecot has changed its
2407 interface. Fortunately there's a specification; I followed it and
2408 changed what the client sends and it appears to be working now.
2409
ff75a1f7
PH
2410PH/13 Added $message_headers_raw to provide the headers without RFC 2047
2411 decoding.
2412
e6f6568e
PH
2413PH/14 Corrected misleading output from -bv when -v was also used. Suppose the
2414 address A is aliased to B and C, where B exists and C does not. Without
2415 -v the output is "A verified" because verification stops after a
2416 successful redirection if more than one address is generated. However,
2417 with -v the child addresses are also verified. Exim was outputting "A
2418 failed to verify" and then showing the successful verification for C,
2419 with its parentage. It now outputs "B failed to verify", showing B's
2420 parentage before showing the successful verification of C.
2421
d6f6e0dc
PH
2422PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to
2423 look up a TXT record in a specific list after matching in a combined
2424 list.
2425
322050c2
PH
2426PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and
2427 RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when
2428 they consult the DNS. I had assumed they would set it the way they
2429 wanted; and indeed my experiments on Linux seem to show that in some
2430 cases they do (I could influence IPv6 lookups but not IPv4 lookups).
2431 To be on the safe side, however, I have now made the interface to
2432 host_find_byname() similar to host_find_bydns(), with an argument
2433 containing the DNS resolver options. The host_find_byname() function now
2434 sets these options at its start, just as host_find_bydns() does. The smtp
2435 transport options dns_qualify_single and dns_search_parents are passed to
2436 host_find_byname() when gethostbyname=TRUE in this transport. Other uses
2437 of host_find_byname() use the default settings of RES_DEFNAMES
2438 (qualify_single) but not RES_DNSRCH (search_parents).
2439
08955dd3
PH
2440PH/17 Applied (a modified version of) Nico Erfurth's patch to make
2441 spool_read_header() do less string testing, by means of a preliminary
2442 switch on the second character of optional "-foo" lines. (This is
2443 overdue, caused by the large number of possibilities that now exist.
2444 Originally there were few.) While I was there, I also converted the
2445 str(n)cmp tests so they don't re-test the leading "-" and the first
2446 character, in the hope this might squeeze out yet more improvement.
2447
1eccaa59
PH
2448PH/18 Two problems with "group" syntax in header lines when verifying: (1) The
2449 flag allowing group syntax was set by the header_syntax check but not
2450 turned off, possible causing trouble later; (2) The flag was not being
2451 set at all for the header_verify test, causing "group"-style headers to
2452 be rejected. I have now set it in this case, and also caused header_
2453 verify to ignore an empty address taken from a group. While doing this, I
2454 came across some other cases where the code for allowing group syntax
2455 while scanning a header line wasn't quite right (mostly, not resetting
2456 the flag correctly in the right place). These bugs could have caused
2457 trouble for malformed header lines. I hope it is now all correct.
2458
602e59e5
PH
2459PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called
2460 with the "reply" argument non-NULL. The code, however (which originally
2461 came from elsewhere) had *some* tests for NULL when it wrote to *reply,
2462 but it didn't always do it. This confused somebody who was copying the
2463 code for some other use. I have removed all the tests.
2464
411ef850
PH
2465PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a
2466 feature that was used to support insecure browsers during the U.S. crypto
2467 embargo. It requires special client support, and Exim is probably the
2468 only MTA that supported it -- and would never use it because real RSA is
2469 always available. This code has been removed, because it had the bad
2470 effect of slowing Exim down by computing (never used) parameters for the
2471 RSA_EXPORT functionality.
2472
7befa435
PH
2473PH/21 On the advice of Timo Sirainen, added a check to the dovecot
2474 authenticator to fail if there's a tab character in the incoming data
2475 (there should never be unless someone is messing about, as it's supposed
2476 to be base64-encoded). Also added, on Timo's advice, the "secured" option
2477 if the connection is using TLS or if the remote IP is the same as the
2478 local IP, and the "valid-client-cert option" if a client certificate has
2479 been verified.
2480
48da4259 2481PH/22 As suggested by Dennis Davis, added a server_condition option to *all*
16ff981e
PH
2482 authenticators. This can be used for authorization after authentication
2483 succeeds. (In the case of plaintext, it servers for both authentication
2484 and authorization.)
2485
48da4259
PH
2486PH/23 Testing for tls_required and lost_connection in a retry rule didn't work
2487 if any retry times were supplied.
2488
d1d5595c
PH
2489PH/24 Exim crashed if verify=helo was activated during an incoming -bs
2490 connection, where there is no client IP address to check. In this
2491 situation, the verify now always succeeds.
2492
0ef732d9
PH
2493PH/25 Applied John Jetmore's -Mset patch.
2494
328895cc
PH
2495PH/26 Added -bem to be like -Mset, but loading a message from a file.
2496
fd700877
PH
2497PH/27 In a string expansion for a processed (not raw) header when multiple
2498 headers of the same name were present, leading whitespace was being
2499 removed from all of them, but trailing whitespace was being removed only
2500 from the last one. Now trailing whitespace is removed from each header
f6c332bd
PH
2501 before concatenation. Completely empty headers in a concatenation (as
2502 before) are ignored.
fd700877 2503
8dce1a6f
PH
2504PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John
2505 Jetmore). It would have mis-read ACL variables from pre-4.61 spool files.
2506
17af4a17
PH
2507PH/29 [Removed. This was a change that I later backed out, and forgot to
2508 correct the ChangeLog entry (that I had efficiently created) before
2509 committing the later change.]
f6c332bd
PH
2510
2511PH/30 Exim was sometimes attempting to deliver messages that had suffered
2512 address errors (4xx response to RCPT) over the same connection as other
2513 messages routed to the same hosts. Such deliveries are always "forced",
2514 so retry times are not inspected. This resulted in far too many retries
2515 for the affected addresses. The effect occurred only when there were more
2516 hosts than the hosts_max_try setting in the smtp transport when it had
2517 the 4xx errors. Those hosts that it had tried were not added to the list
2518 of hosts for which the message was waiting, so if all were tried, there
2519 was no problem. Two fixes have been applied:
2520
2521 (i) If there are any address or message errors in an SMTP delivery, none
2522 of the hosts (tried or untried) are now added to the list of hosts
2523 for which the message is waiting, so the message should not be a
2524 candidate for sending over the same connection that was used for a
2525 successful delivery of some other message. This seems entirely
2526 reasonable: after all the message is NOT "waiting for some host".
2527 This is so "obvious" that I'm not sure why it wasn't done
2528 previously. Hope I haven't missed anything, but it can't do any
2529 harm, as the worst effect is to miss an optimization.
2530
2531 (ii) If, despite (i), such a delivery is accidentally attempted, the
2532 routing retry time is respected, so at least it doesn't keep
2533 hammering the server.
2534
c1114884
PH
2535PH/31 Installed Andrew Findlay's patch to close the writing end of the socket
2536 in ${readsocket because some servers need this prod.
2537
7a0743eb
PH
2538PH/32 Added some extra debug output when updating a wait-xxx database.
2539
0d85fa3f
PH
2540PH/33 The hint "could be header name not terminated by colon", which has been
2541 given for certain expansion errors for a long time, was not being given
2542 for the ${if def:h_colon_omitted{... case.
2543
1bf43b78
PH
2544PH/34 The spec says: "With one important exception, whenever a domain list is
2545 being scanned, $domain contains the subject domain." There was at least
2546 one case where this was not true.
2547
520de300
PH
2548PH/35 The error "getsockname() failed: connection reset by peer" was being
2549 written to the panic log as well as the main log, but it isn't really
2550 panic-worthy as it just means the connection died rather early on. I have
2551 removed the panic log writing for the ECONNRESET error when getsockname()
2552 fails.
2553
48c7f9e2
PH
2554PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue
2555 runs only) independently of the message's sender address. This meant
2556 that, if the 4xx error was in fact related to the sender, a different
2557 message to the same recipient with a different sender could confuse
4c04137d 2558 things. In particular, this can happen when sending to a greylisting
48c7f9e2
PH
2559 server, but other circumstances could also provoke similar problems.
2560 I have changed the default so that the retry time for these errors is now
2561 based a combination of the sender and recipient addresses. This change
2562 can be overridden by setting address_retry_include_sender=false in the
2563 smtp transport.
2564
99ea1c86
PH
2565PH/37 For LMTP over TCP/IP (the smtp transport), error responses from the
2566 remote server are returned as part of bounce messages. This was not
2567 happening for LMTP over a pipe (the lmtp transport), but now it is the
2568 same for both kinds of LMTP.
2569
a2042e78
PH
2570PH/38 Despite being documented as not happening, Exim was rewriting addresses
2571 in header lines that were in fact CNAMEs. This is no longer the case.
2572
4fbcfc2e
PH
2573PH/39 If -R or -S was given with -q<time>, the effect of -R or -S was ignored,
2574 and queue runs started by the daemon processed all messages. This has
2575 been fixed so that -R and -S can now usefully be given with -q<time>.
2576
aa41d2de
PH
2577PH/40 Import PCRE release 6.7 (fixes some bugs).
2578
af561417
PH
2579PH/41 Add bitwise logical operations to eval (courtesy Brad Jorsch).
2580
3cc66b45
PH
2581PH/42 Give an error if -q is specified more than once.
2582
194cc0e4
PH
2583PH/43 Renamed the variables $interface_address and $interface_port as
2584 $received_ip_address and $received_port, to make it clear that these
2585 values apply to message reception, and not to the outgoing interface when
2586 a message is delivered. (The old names remain recognized, of course.)
2587
a401ddaa
PH
2588PH/44 There was no timeout on the connect() call when using a Unix domain
2589 socket in the ${readsocket expansion. There now is.
2590
4e88a19f
PH
2591PH/45 Applied a modified version of Brad Jorsch's patch to allow "message" to
2592 be meaningful with "accept".
2593
d7d7b289
SC
2594SC/01 Eximstats V1.43
2595 Bug fix for V1.42 with -h0 specified. Spotted by Chris Lear.
2596
2597SC/02 Eximstats V1.44
2598 Use a glob alias rather than an array ref in the generated
2599 parser. This improves both readability and performance.
2600
2601SC/03 Eximstats V1.45 (Marco Gaiarin / Steve Campbell)
2602 Collect SpamAssassin and rejection statistics.
2603 Don't display local sender or destination tables unless
2604 there is data to show.
2605 Added average volumes into the top table text output.
2606
2607SC/04 Eximstats V1.46
2608 Collect data on the number of addresses (recipients)
2609 as well as the number of messages.
2610
2611SC/05 Eximstats V1.47
2612 Added 'Message too big' to the list of mail rejection
2613 reasons (thanks to Marco Gaiarin).
2614
2615SC/06 Eximstats V1.48
2616 Mainlog lines which have GMT offsets and are too short to
2617 have a flag are now skipped.
2618
2619SC/07 Eximstats V1.49 (Alain Williams)
2620 Added the -emptyok flag.
2621
2622SC/08 Eximstats V1.50
2623 Fixes for obtaining the IP address from reject messages.
2624
0ea2a468
JJ
2625JJ/03 exipick.20061117.2, made header handling as similar to exim as possible
2626 (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed
4c04137d 2627 whitespace changes from 4.64-PH/27
0ea2a468
JJ
2628
2629JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to
2630 match 4.64-PH/13
2631
2632JJ/05 exipick.20061117.2, bug fixes (error out sooner when invalid criteria
2633 are found, allow negative numbers in numeric criteria)
2634
2635JJ/06 exipick.20061117.2, added new $message_body_missing variable
2636
2637JJ/07 exipick.20061117.2, added $received_ip_address and $received_port
2638 to match changes made in 4.64-PH/43
2639
8a10f5a4
PH
2640PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm.
2641
30e18802
PH
2642PH/47 Put in an explicit test for a DNS lookup of an address record where the
2643 "domain" is actually an IP address, and force a failure. This locks out
2644 those revolvers/nameservers that support "A-for-A" lookups, in
2645 contravention of the specifications.
2646
55728a4f
PH
2647PH/48 When a host name was looked up from an IP address, and the subsequent
2648 forward lookup of the name timed out, the host name was left in
2649 $sender_host_name, contrary to the specification.
d7d7b289 2650
d7837193
PH
2651PH/49 Although default lookup types such as lsearch* or cdb*@ have always been
2652 restricted to single-key lookups, Exim was not diagnosing an error if
2653 * or *@ was used with a query-style lookup.
2654
87054a31
PH
2655PH/50 Increased the value of DH_BITS in tls-gnu.c from 768 to 1024.
2656
ea2c01d2
MH
2657MH/01 local_scan ABI version incremented to 1.1. It should have been updated
2658 long ago, but noone interested enough thought of it. Let's just say that
2659 the "1.1" means that there are some new functions that weren't there at
2660 some point in the past.
2661
e4fa6968
PH
2662PH/51 Error processing for expansion failure of helo_data from an smtp
2663 transport during callout processing was broken.
2664
56f5d9bd
PH
2665PH/52 Applied John Jetmore's patch to allow tls-on-connect and STARTTLS to be
2666 tested/used via the -bh/-bhc/-bs options.
2667
922e1c28
PH
2668PH/53 Added missing "#include <time.h>" to pcre/pcretest.c (this was a PCRE
2669 bug, fixed in subsequent PCRE releases).
2670
21eb6e72
PH
2671PH/54 Applied Robert Bannocks' patch to avoid a problem with references that
2672 arises when using the Solaris LDAP libraries (but not with OpenLDAP).
2673
a0540757
PH
2674PH/55 Check for a ridiculously long file name in exim_dbmbuild.
2675
944e9e9c 2676
478be7b0
SC
2677Exim version 4.63
2678-----------------
2679
2680SC/01 Use a glob alias rather than an array ref in eximstats generated
2681 parser. This improves both readability and performance.
2682
2683SC/02 Collect SpamAssassin and rejection statistics in eximstats.
2684 Don't display local sender or destination tables in eximstats unless
2685 there is data to show.
2686 Added average volumes into the eximstats top table text output.
2687
2688SC/03 Collect data on the number of addresses (recipients) as well
2689 as the number of messages in eximstats.
2690
2b965a65
TF
2691TF/01 Correct an error in the documentation for the redirect router. Exim
2692 does (usually) call initgroups() when daemonizing.
478be7b0 2693
45b91596
PH
2694TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs
2695 with consistent privilege compared to when running as a daemon.
478be7b0 2696
c59f5781
TF
2697TF/03 Note in the spec that $authenticated_id is not set for local
2698 submissions from trusted users.
2699
90fc3069
TF
2700TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp.
2701 Thanks to Dean Brooks <dean@iglou.com> for the patch.
2702
6083aca0
TF
2703TF/05 Make it easier to get SMTP authentication and TLS/SSL support working
2704 by adding some example configuration directives to the default
2705 configuration file. A little bit of work is required to uncomment the
2706 directives and define how usernames and passwords are checked, but
2707 there is now a framework to start from.
2708
765b530f
PH
2709PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old"
2710 functions that Exim currently uses aren't defined in ldap.h for OpenLDAP
2711 without this. I don't know how relevant this is to other LDAP libraries.
2712
4e167a8c
PH
2713PH/02 Add the verb name to the "unknown ACL verb" error.
2714
4608d683
PH
2715PH/03 Magnus Holmgren's patch for filter_prepend_home.
2716
b8dc3e4a
PH
2717PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work.
2718
5418e93b
PH
2719PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home
2720 directory not expanded when it should be if an expanded home directory
2721 was set for the address (which is overridden by the transport).
2722
b4a9bda2
PH
2723PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with
2724 libradius.
2725
45b91596
PH
2726PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the
2727 bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL,
2728 because it is too late at that time, and has no effect.
2729
5547e2c5
PH
2730PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a
2731 security issue with \' (bugzilla #107). I could not use the
2732 PQescapeStringConn() function, because it needs a PGconn value as one of
2733 its arguments.
2734
dbcef0ea
PH
2735PH/08 When testing addresses using -bt, indicate those final addresses that
2736 are duplicates that would not cause an additional delivery. At least one
2737 person was confused, thinking that -bt output corresponded to deliveries.
2738 (Suppressing duplicates isn't a good idea as you lose the information
2739 about possibly different redirections that led to the duplicates.)
2740
25257489
PH
2741PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on
2742 systems where poll() doesn't work, in particular OS X.
2743
c816d124
PH
2744PH/10 Added more information to debugging output for retry time not reached.
2745
a9ccd69a
PH
2746PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read
2747 operations in malware.c.
2748
75fa1910
PH
2749PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys
2750 signatures.
2751
a7d7aa58
PH
2752PH/13 If write_rejectlog was set false when logging was sent to syslog with
2753 syslog_duplication set false, log lines that would normally be written
2754 both the the main log and to the reject log were not written to syslog at
2755 all.
2756
42119b09
PH
2757PH/14 In the default configuration, change the use of "message" in ACL warn
2758 statements to "add_header".
2759
41609df5
PH
2760PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not
2761 not followed by a command (e.g. "seen endif").
2762
a5bd321b
PH
2763PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail:
2764 and :defer: in a redirect router. Add forbid_smtp_code to suppress the
2765 latter.
2766
e85a7ad5 2767PH/17 Added extra conditions to the default value of delay_warning_condition
5dff5817
PH
2768 so that it is now:
2769
e85a7ad5
PH
2770 ${if or { \
2771 { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \
2772 { match{$h_precedence:}{(?i)bulk|list|junk} } \
2773 { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \
5dff5817
PH
2774 }{no}{yes}}
2775
e85a7ad5
PH
2776 The Auto-Submitted: and various List- headers are standardised, whereas I
2777 don't think Precedence: ever was.
5dff5817 2778
d8fe1c03
PH
2779PH/18 Refactored debugging code in route_finduser() to show more information,
2780 in particular, the error code if getpwnam() issues one.
2781
16282d2b
PH
2782PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module.
2783 This is apparently needed in addition to the PH/07 change above to avoid
2784 any possible encoding problems.
2785
35d40a98
PH
2786PH/20 Perl can change the locale. Exim was resetting it after a ${perl call,
2787 but not after initializing Perl.
2788
034d99ab
PH
2789PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and
2790 output them only if debugging. By default they are written stderr,
2791 apparently, which is not desirable.
2792
6ec97b1b
PH
2793PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on
2794 queries.
2795
e22ca4ac
JJ
2796JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and
2797 --not options
2798
2799JJ/02 exipick: rewrote --help documentation to hopefully make more clear.
2800
33d73e3b
PH
2801PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is
2802 authenticated or an ident call has been made. Suppress the default
2803 values for $authenticated_id and $authenticated_sender (but permit -oMai
2804 and -oMas) when testing with -bh.
2805
9ecb03f3
PH
2806PH/24 Re-jigged the order of the tests in the default configuration so that the
2807 tests for valid domains and recipients precede the DNS black list and CSA
2808 tests, on the grounds that those ones are more expensive.
2809
084efe8d
PH
2810PH/25 Exim was not testing for a space following SMTP commands such as EHLO
2811 that require one. Thus, EHLORHUBARB was interpreted as a valid command.
2812 This bug exists in every version of Exim that I still have, right back to
2813 0.12.
2814
366fc9f0
PH
2815PH/26 (n)wildlsearch lookups are documented as being done case-insensitively.
2816 However, an attempt to turn on case-sensitivity in a regex key by
2817 including (?-i) didn't work because the subject string was already
2818 lowercased, and the effects were non-intuitive. It turns out that a
2819 one-line patch can be used to allow (?-i) to work as expected.
2820
c59f5781 2821
c887c79e
TF
2822Exim version 4.62
2823-----------------
2824
2825TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst
2826 other effects) broke the use of negated acl sub-conditions.
2827
1cce3af8
PH
2828PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore
2829 patch).
2830
afb3eaaf
PH
2831PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow".
2832 "Deny" causes Exim to reject the incoming connection with a 554 error.
2833 Unfortunately, if there is a major crisis, such as a disk failure,
2834 tcp-wrappers gives "deny", whereas what one would like would be some
2835 kind of temporary error. A kludge has been added to help with this.
2836 Before calling hosts_ctl(), errno is set zero. If the result is "deny", a
2837 554 error is used if errno is still zero or contains ENOENT (which occurs
2838 if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a
2839 451 error is used.
2840
e173618b
PH
2841PH/03 Add -lutil to the default FreeBSD LIBS setting.
2842
dd16e114
PH
2843PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host
2844 errors. Otherwise a message that provokes a temporary error (when other
2845 messages do not) can cause a whole host to time out.
2846
f7fd3850
PH
2847PH/05 Batch deliveries by appendfile and pipe transports did not work when the
2848 addresses were routed directly to files or pipes from a redirect router.
2849 File deliveries just didn't batch; pipe deliveries might have suffered
2850 odd errors.
2851
d87df92c
PH
2852PH/06 A failure to get a lock for a hints database would erroneously always say
2853 "Failed to get write lock", even when it was really a read lock.
2854
7e9f683d
PH
2855PH/07 The appendfile transport was creating MBX lock files with a fixed mode
2856 of 0600. This has been changed to use the value of the lockfile_mode
2857 option (which defaults to 0600).
2858
bfad5236
PH
2859PH/08 Applied small patch from the Sieve maintainer.
2860
01c490df
PH
2861PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash
2862 folder from quota calculations, a direct delivery into this folder messed
2863 up the contents of the maildirsize file. This was because the regex was
2864 used only to exclude .Trash (or whatever) when the size of the mailbox
2865 was calculated. There was no check that a delivery was happening into an
2866 excluded directory. This bug has been fixed by ignoring all quota
2867 processing for deliveries into excluded directories.
2868
d6629cdc
PH
2869PH/10 Added the maildirfolder_create_regex option to appendfile.
2870
1cce3af8 2871
214e2000
PH
2872Exim version 4.61
2873-----------------
2874
2875PH/01 The code for finding all the local interface addresses on a FreeBSD
2876 system running IPv6 was broken. This may well have applied to all BSD
2877 systems, as well as to others that have similar system calls. The broken
2878 code found IPv4 interfaces correctly, but gave incorrect values for the
2879 IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was
2880 that it would not match correctly against @[] and not recognize the IPv6
2881 addresses as local.
2882
f9daeae0
PH
2883PH/02 The ipliteral router was not recognizing addresses of the form user@
2884 [ipv6:....] because it didn't know about the "ipv6:" prefix.
2885
7e66e54d
PH
2886PH/03 Added disable_ipv6.
2887
c8ea1597
PH
2888PH/04 Changed $reply_address to use the raw form of the headers instead of the
2889 decoded form, because it is most often used to construct To: headers
2890 lines in autoreplies, and the decoded form may well be syntactically
2891 invalid. However, $reply_address has leading white space removed, and all
2892 newlines turned into spaces so that the autoreply transport does not
2893 grumble.
2894
911f6fde
PH
2895PH/05 If group was specified without a user on a router, and no group or user
2896 was specified on a transport, the group from the router was ignored.
2897
47ca6d6c
PH
2898PH/06 Increased the number of ACL variables to 20 of each type, and arranged
2899 for visible compile-time settings that can be used to change these
2900 numbers, for those that want even more. Backwards compatibility with old
2901 spool files has been maintained. However, going back to a previous Exim
2902 release will lost any variables that are in spool files.
2903
ed0e9820
PH
2904PH/07 Two small changes when running in the test harness: increase delay when
2905 passing a TCP/IP connection to a new process, in case the original
2906 process has to generate a bounce, and remove special handling of
2907 127.0.0.2 (sic), which is no longer necessary.
2908
eff37e47
PH
2909PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to
2910 be the same on different OS.
2911
1921d2ea
PH
2912PH/09 Moved a debug statement in filter processing to avoid a race problem when
2913 testing.
2914
b3f69ca8
JJ
2915JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:"
2916 whether --show-vars was specified or not
2917
2918JJ/02 exipick: Added support for new ACL variable spool format introduced
2919 in 4.61-PH/06
2920
424a1c63
PH
2921PH/10 Fixed another bug related to PH/04 above: if an incoming message had a
2922 syntactically invalid From: or Reply-to: line, and a filter used this to
2923 generate an autoreply, and therefore failed to obtain an address for the
2924 autoreply, Exim could try to deliver to a non-existent relative file
2925 name, causing unrelated and misleading errors. What now happens is that
2926 it logs this as a hard delivery error, but does not attempt to create a
2927 bounce message.
2928
7a100415
PH
2929PH/11 The exinext utility has a -C option for testing purposes, but although
2930 the given file was scanned by exinext itself; it wasn't being passed on
2931 when Exim was called.
2932
19b9dc85
PH
2933PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as
2934 an end-of-file indication when reading a command response.
2935
309bd837
PH
2936PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was
2937 compiled. In many other places in Exim, IPv6 addresses are always
2938 recognized, so I have changed this. It also means that IPv4 domain
2939 literals of the form [IPV4:n.n.n.n] are now always recognized.
2940
59e82a2a
PH
2941PH/14 When a uid/gid is specified for the queryprogram router, it cannot be
2942 used if the router is not running as root, for example, when verifying at
2943 ACL time, or when using -bh. The debugging output from this situation was
2944 non-existent - all you got was a failure to exec. I have made two
2945 changes:
2946
2947 (a) Failures to set uid/gid, the current directory, or a process leader
2948 in a subprocess such as that created by queryprogram now generate
4c04137d 2949 suitable debugging output when -d is set.
59e82a2a
PH
2950
2951 (b) The queryprogram router detects when it is not running as root,
2952 outputs suitable debugging information if -d is set, and then runs
2953 the subprocess without attempting to change uid/gid.
2954
9edc04ce
PH
2955PH/15 Minor change to Makefile for building test_host (undocumented testing
2956 feature).
2957
1349e1e5
PH
2958PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the
2959 additional section of a DNS packet that returns MX or SRV records.
2960 Instead, it always explicitly searches for A/AAAA records. This avoids
2961 major problems that occur when a DNS server includes only records of one
2962 type (A or AAAA) in an MX/SRV packet. A byproduct of this change has
2963 fixed another bug: if SRV records were looked up and the corresponding
2964 address records were *not* found in the additional section, the port
2965 values from the SRV records were lost.
2966
ea49d0e1
PH
2967PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not
2968 using the correct key (the original address) when searching the retry
2969 rules in order to find which one to use for generating the retry hint.
2970
064a94c9
PH
2971PH/18 If quota_warn_message contains a From: header, Exim now refrains from
2972 adding the default one. Similarly, if it contains a Reply-To: header, the
2973 errors_reply_to option, if set, is not used.
2974
727071f8
PH
2975PH/19 When calculating a retry time, Exim used to measure the "time since
2976 failure" by looking at the "first failed" field in the retry record. Now
2977 it does not use this if it is later than than the arrival time of the
2978 message. Instead it uses the arrival time. This makes for better
2979 behaviour in cases where some deliveries succeed, thus re-setting the
2980 "first failed" field. An example is a quota failure for a huge message
2981 when small messages continue to be delivered. Without this change, the
2982 "time since failure" will always be short, possible causing more frequent
2983 delivery attempts for the huge message than are intended.
dd16e114 2984 [Note: This change was subsequently modified - see PH/04 for 4.62.]
727071f8 2985
f78eb7c6
PH
2986PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
2987 $1, $2, $3) because the numerical variables can be reset during some
2988 expansion items (e.g. "match"), thereby losing the authentication data.
2989
21c28500
PH
2990PH/21 Make -bV show the size of off_t variables so that the test suite can
2991 decide whether to run tests for quotas > 2G.
2992
2993PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold,
2994 mailbox_size, and mailbox_filecount in the appendfile transport. If a
2995 filecount value is greater than 2G or if a quota value is greater than 2G
2996 on a system where the size of off_t is not greater than 4, a panic error
2997 is given.
2998
1688f43b
PH
2999PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
3000 never match. The debug and -bh output now contains an explicit error
3001 message indicating a malformed IPv4 address or mask.
3002
3003PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
3004 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
3005 PH/23 above applies.
3006
9675b384
PH
3007PH/25 Do not write to syslog when running in the test harness. The only
3008 occasion when this arises is a failure to open the main or panic logs
3009 (for which there is an explicit test).
3010
6a3f1455
PH
3011PH/26 Added the /no_tell option to "control=freeze".
3012
dac79d3e
PH
3013PH/27 If a host name lookup failed very early in a connection, for example, if
3014 the IP address matched host_lookup and the reverse lookup yielded a name
3015 that did not have a forward lookup, an error message of the form "no IP
3016 address found for host xxx.xxx.xxx (during SMTP connection from NULL)"
3017 could be logged. Now it outputs the IP address instead of "NULL".
1349e1e5 3018
5977a0b3
PH
3019PH/28 An enabling patch from MH: add new function child_open_exim2() which
3020 allows the sender and the authenticated sender to be set when
3021 submitting a message from within Exim. Since child_open_exim() is
3022 documented for local_scan(), the new function should be too.
3023
c91535f3
PH
3024PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
3025 ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
3026 results in an empty string is now treated as unset.
3027
0d46a8c8
PH
3028PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
3029
278c6e6c
PH
3030PH/31 Added sender_verify_fail logging option.
3031
2cbb4081
PH
3032PH/32 In November 2003, the code in Exim that added an empty Bcc: header when
3033 needed by RFC 822 but not by RFC 2822 was commented out. I have now
3034 tidied the source and removed it altogether.
3035
3eef829e
PH
3036PH/33 When a queue run was abandoned because the load average was too high, a
3037 log line was always written; now it is written only if the queue_run log
3038 selector is set. In addition, the log line for abandonment now contains
3039 information about the queue run such as the pid. This is always present
3040 in "start" and "stop" lines but was omitted from the "abandon" line.
3041
1ab95fa6
PH
3042PH/34 Omit spaces between a header name and the colon in the error message that
3043 is given when verify = headers_syntax fails (if there are lots of them,
3044 the message gets confusing).
3045
230205fc
PH
3046PH/35 Change the default for dns_check_names_pattern to allow slashes within
3047 names, as there are now some PTR records that contain slashes. This check
3048 is only to protect against broken name servers that fall over on strange
3049 characters, so the fact that it applies to all lookups doesn't matter.
3050
75e0e026
PH
3051PH/36 Now that the new test suite is complete, we can remove some of the
3052 special code in Exim that was needed for the old test suite. For example,
3053 sorting DNS records because real resolvers return them in an arbitrary
3054 order. The new test suite's fake resolver always returns records in the
3055 same order.
3056
3057PH/37 When running in the test harness, use -odi for submitted messages (e.g.
3058 bounces) except when queue_only is set, to avoid logging races between
3059 the different processes.
3060
145396a6
PH
3061PH/38 Panic-die if .include specifies a non-absolute path.
3062
3cd34f13
PH
3063PH/39 A tweak to the "H" retry rule from its user.
3064
11121d3d
JJ
3065JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified
3066 a label. They prevented compilation on older perls.
3067
3068JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused
3069 a warning to be raised on newish perls.
3070
3071JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages
3072 on queue. Changes to match documented behaviour of showing count of
3073 messages matching specified criteria.
3074
8def5aaf
PH
3075PH/40 Changed the default ident timeout from 30s to 5s.
3076
929ba01c
PH
3077PH/41 Added support for the use of login_cap features, on those BSD systems
3078 that have them, for controlling the resources used by pipe deliveries.
3079
2632889e
PH
3080PH/42 The content-scanning code uses fopen() to create files in which to put
3081 message data. Previously it was not paying any attention to the mode of
3082 the files. Exim runs with umask(0) because the rest of the code creates
3083 files with open(), and sets the required mode explicitly. Thus, these
3084 files were ending up world-writeable. This was not a big issue, because,
3085 being within the spool directory, they were not world-accessible. I have
3086 created a function called modefopen, which takes an additional mode
3087 argument. It sets umask(777), creates the file, chmods it to the required
3088 mode, then resets the umask. All the relevant calls to fopen() in the
3089 content scanning code have been changed to use this function.
3090
944a9c55
PH
3091PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset
3092 to 24 hours. This avoids potential overflow problems when processing G
3093 and H retry rules. I suspect nobody ever tinkers with this value.
3094
4a23603b
PH
3095PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile.
3096
4730f942
PH
3097PH/45 When the plaintext authenticator is running as a client, the server's
3098 challenges are checked to ensure they are valid base64 strings. By
3099 default, the authentication attempt is cancelled if an invalid string is
3100 received. Setting client_ignore_invalid_base64 true ignores these errors.
3101 The decoded challenge strings are now placed in $auth1, $auth2, etc. as
3102 they are received. Thus, the responses can be made to depend on the
3103 challenges. If an invalid string is ignored, an empty string is placed in
3104 the variable.
3105
30dba1e6
PH
3106PH/46 Messages that are created by the autoreply transport now contains a
3107 References: header, in accordance with RFCs 2822 and 3834.
3108
382afc6b
PH
3109PH/47 Added authenticated_sender_force to the smtp transport.
3110
a86229cf
PH
3111PH/48 The ${prvs expansion was broken on systems where time_t was long long.
3112
50c99ba6
PH
3113PH/49 Installed latest patch from the Sieve maintainer.
3114
d35e429d
PH
3115PH/50 When an Exim quota was set without a file count quota, and mailbox_size
3116 was also set, the appendfile transport was unnecessarily scanning a
3117 directory of message files (e.g. for maildir delivery) to find the count
3118 of files (along with the size), even though it did not need this
3119 information. It now does the scan only if it needs to find either the
3120 size of the count of files.
3121
f90d018c
PH
3122PH/51 Added ${time_eval: to convert Exim time strings into seconds.
3123
75def545
PH
3124PH/52 Two bugs concerned with error handling when the smtp transport is
3125 used in LMTP mode:
3126
3127 (i) Exim was not creating retry information for temporary errors given
3128 for individual recipients after the DATA command when the smtp transport
3129 was used in LMTP mode. This meant that they could be retried too
3130 frequently, and not timed out correctly.
3131
3132 (ii) Exim was setting the flag that allows error details to be returned
3133 for LMTP errors on RCPT commands, but not for LMTP errors for individual
3134 recipients that were returned after the DATA command.
3135
3136PH/53 This is related to PH/52, but is more general: for any failing address,
3137 when detailed error information was permitted to be returned to the
3138 sender, but the error was temporary, then after the final timeout, only
3139 "retry timeout exceeded" was returned. Now it returns the full error as
3140 well as "retry timeout exceeded".
3141
c46782ef
PH
3142PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that
3143 do this, and (what is worse) MTAs that accept it.
3144
71fafd95
PH
3145PH/55 Added the add_header modified to ACLs. The use of "message" with "warn"
3146 will now be deprecated.
3147
2c5db4fd
PH
3148PH/56 New os.c-cygwin from the Cygwin maintainer.
3149
9cf6b11a
JJ
3150JJ/06 exipick: added --unsorted option to allow unsorted output in all output
3151 formats (previously only available in exim formats via -bpr, -bpru,
3152 and -bpra. Now also available in native and exiqgrep formats)
3153
3154JJ/07 exipick: added --freeze and --thaw options to allow faster interaction
3155 with very large, slow to parse queues
3156
3157JJ/08 exipick: added ! as generic prefix to negate any criteria format
3158
3159JJ/09 exipick: miscellaneous performance enhancements (~24% improvements)
3160
898d150f
PH
3161PH/57 Tidies in SMTP dialogue display in debug output: (i) It was not showing
3162 responses to authentication challenges, though it was showing the
3163 challenges; (ii) I've removed the CR characters from the debug output for
3164 SMTP output lines.
3165
46218253
PH
3166PH/58 Allow for the insertion of a newline as well as a space when a string
3167 is turned into more than one encoded-word during RFC 2047 encoding. The
3168 Sieve code now uses this.
3169
e97957bc
PH
3170PH/59 Added the following errors that can be detected in retry rules: mail_4xx,
3171 data_4xx, lost_connection, tls_required.
3172
81e509d7
PH
3173PH/60 When a VRFY deferred or FAILED, the log message rather than the user
3174 message was being sent as an SMTP response.
3175
3d240ff7
PH
3176PH/61 Add -l and -k options to exicyclog.
3177
b37c4101
PH
3178PH/62 When verifying, if an address was redirected to one new address, so that
3179 verification continued, and the new address failed or deferred after
3180 having set something in $address_data, the value of $address_data was not
3181 passed back to the ACL. This was different to the case when no
3182 redirection occurred. The value is now passed back in both cases.
3183
79378e0f
PH
3184PH/63 Changed the macro HAVE_LOGIN_CAP (see PH/41 for this release above) to
3185 HAVE_SETCLASSRESOURCES because there are different APIs in use that all
3186 use login_cap.h, so on its own it isn't the distinguishing feature. The
3187 new name refers directly to the setclassresources() function.
3188
e49c7bb4
PH
3189PH/65 Added configuration files for NetBSD3.
3190
d114ec46
PH
3191PH/66 Updated OS/Makefile-HP-UX for gcc 4.1.0 with HP-UX 11.
3192
f3d7df6c
PH
3193PH/67 Fixed minor infelicity in the sorting of addresses to ensure that IPv6
3194 is preferred over IPv4.
3195
715ab376
PH
3196PH/68 The bounce_return_message and bounce_return_body options were not being
3197 honoured for bounces generated during the reception of non-SMTP messages.
3198 In particular, this applied to messages rejected by the ACL. This bug has
3199 been fixed. However, if bounce_return_message is true and bounce_return_
3200 body is false, the headers that are returned for a non-SMTP message
3201 include only those that have been read before the error was detected.
3202 (In the case of an ACL rejection, they have all been read.)
3203
6b31b150
PH
3204PH/69 The HTML version of the specification is now built in a directory called
3205 spec_html instead of spec.html, because the latter looks like a path with
3206 a MIME-type, and this confuses some software.
3207
3208PH/70 Catch two compiler warnings in sieve.c.
3209
d515a917
PH
3210PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The
3211 function verify_get_ident() calls ip_connect() to connect a socket, but
3212 if the "connect()" function timed out, ip_connect() used to close the
3213 socket. However, verify_get_ident() also closes the socket later, and in
3214 between Exim writes to the log, which may get opened at this point. When
3215 the socket was closed in ip_connect(), the log could get the same file
3216 descriptor number as the socket. This naturally causes chaos. The fix is
3217 not to close the socket in ip_connect(); the socket should be closed by
3218 the function that creates it. There was only one place in the code where
3219 this was missing, in the iplookup router, which I don't think anybody now
3220 uses, but I've fixed it anyway.
3221
9b8fadde
PH
3222PH/72 Make dns_again_means_nonexist apply to lookups using gethostbyname() as
3223 well as to direct DNS lookups. Otherwise the handling of names in host
3224 lists is inconsistent and therefore confusing.
3225
214e2000 3226
5de37277
PH
3227Exim version 4.60
3228-----------------
3229
cc38ddbf
PH
3230PH/01 Two changes to the default runtime configuration:
3231
3232 (1) Move the checks for relay_from_hosts and authenticated clients from
3233 after to before the (commented out) DNS black list checks.
3234
3235 (2) Add control=submission to the relay_from_hosts and authenticated
3236 clients checks, on the grounds that messages accepted by these
3237 statements are most likely to be submissions.
5de37277 3238
72fdd6ae
PH
3239PH/02 Several tidies to the handling of ${prvs and ${prvscheck:
3240
3241 (1) Generate an error if the third argument for the ${prvs expansion is
3242 not a single digit.
3243
3244 (2) Treat a missing third argument of ${prvscheck as if it were an empty
3245 string.
3246
3247 (3) Reset the variables that are obtained from the first argument of
3248 ${prvscheck and used in the second argument before leaving the code,
3249 because their memory is reclaimed, so using them afterwards may do
3250 silly things.
3251
3252 (4) Tidy up the code for expanding the arguments of ${prvscheck one by
3253 one (it's much easier than Tom thought :-).
3254
3255 (5) Because of (4), we can now allow for the use of $prvscheck_result
3256 inside the third argument.
cb9328de 3257
cb741023
PH
3258PH/03 For some reason, the default setting of PATH when running a command from
3259 a pipe transport was just "/usr/bin". I have changed it to
3260 "/bin:/usr/bin".
3261
f174f16e
PH
3262PH/04 SUPPORT_TRANSLATE_IP_ADDRESS and MOVE_FROZEN_MESSAGES did not cause
3263 anything to be listed in the output from -bV.
b2f5a032 3264
c25242d7
PH
3265PH/05 When a filter generated an autoreply, the entire To: header line was
3266 quoted in the delivery log line, like this:
3267
3268 => >A.N.Other <ano@some.domain> <original@ddress> ...
3269
3270 This has been changed so that it extracts the operative address. There
3271 may be more than one such address. If so, they are comma-separated, like
3272 this:
3273
3274 => >ano@some.domain,ona@other.domain <original@ddress> ...
3275
82c19f95
PH
3276PH/06 When a client host used a correct literal IP address in a HELO or EHLO
3277 command, (for example, EHLO [1.2.3.4]) and the client's IP address was
3278 not being looked up in the rDNS to get a host name, Exim was showing the
3279 IP address twice in Received: lines, even though the IP addresses were
3280 identical. For example:
3281
3282 Received: from [1.2.3.4] (helo=[1.2.3.4])
3283