Commit | Line | Data |
---|---|---|
e97957bc | 1 | $Cambridge: exim/doc/doc-txt/NewStuff,v 1.96 2006/03/09 15:10:16 ph10 Exp $ |
495ae4b0 PH |
2 | |
3 | New Features in Exim | |
4 | -------------------- | |
5 | ||
6 | This file contains descriptions of new features that have been added to Exim, | |
7 | but have not yet made it into the main manual (which is most conveniently | |
8 | updated when there is a relatively large batch of changes). The doc/ChangeLog | |
9 | file contains a listing of all changes, including bug fixes. | |
10 | ||
7e66e54d PH |
11 | Version 4.61 |
12 | ------------ | |
13 | ||
14 | PH/01 There is a new global option called disable_ipv6, which does exactly what | |
15 | its name implies. If set true, even if the Exim binary has IPv6 support, | |
c8ea1597 PH |
16 | no IPv6 activities take place. AAAA records are never looked up for host |
17 | names given in manual routing data or elsewhere. AAAA records that are | |
18 | received from the DNS as additional data for MX records are ignored. Any | |
19 | IPv6 addresses that are listed in local_interfaces, manualroute route | |
7e66e54d PH |
20 | data, etc. are also ignored. If IP literals are enabled, the ipliteral |
21 | router declines to handle IPv6 literal addresses. | |
22 | ||
064a94c9 | 23 | PH/02 There are now 20 of each type of ACL variable by default (instead of 10). |
47ca6d6c PH |
24 | It is also possible to change the numbers by setting ACL_CVARS and/or |
25 | ACL_MVARS in Local/Makefile. Backward compatibility is maintained if you | |
26 | upgrade to this release with existing messages containing ACL variable | |
27 | settings on the queue. However, going in the other direction | |
28 | (downgrading) will not be compatible; the values of ACL variables will be | |
29 | lost. | |
30 | ||
064a94c9 PH |
31 | PH/03 If quota_warn_message contains a From: header, Exim now refrains from |
32 | adding the default one. Similarly, if it contains a Reply-To: header, the | |
33 | errors_reply_to option, if set, is not used. | |
34 | ||
f78eb7c6 PH |
35 | PH/04 The variables $auth1, $auth2, $auth3 are now available in authenticators, |
36 | containing the same values as $1, $2, $3. The new variables are provided | |
37 | because the numerical variables can be reset during string expansions | |
38 | (for example, during a "match" operation) and so may lose the | |
39 | authentication data. The preferred variables are now the new ones, with | |
40 | the use of the numerical ones being deprecated, though the support will | |
41 | not be removed, at least, not for a long time. | |
42 | ||
6a3f1455 PH |
43 | PH/05 The "control=freeze" ACL modifier can now be followed by /no_tell. If |
44 | the global option freeze_tell is set, it is ignored for the current | |
45 | message (that is, nobody is told about the freezing), provided all the | |
46 | "control=freeze" modifiers that are obeyed in the current message have | |
47 | the /no_tell option. | |
48 | ||
c91535f3 PH |
49 | PH/06 In both GnuTLS and OpenSSL, an expansion of tls_privatekey that results |
50 | in an empty string is now treated as unset. | |
51 | ||
278c6e6c PH |
52 | PH/07 There is a new log selector called sender_verify_fail, which is set by |
53 | default. If it is unset, the separate log line that gives details of a | |
54 | sender verification failure is not written. Log lines for the rejection | |
55 | of SMTP commands (e.g. RCPT) contain just "sender verify failed", so some | |
56 | detail is lost. | |
57 | ||
230205fc PH |
58 | PH/08 The default for dns_check_names_pattern now allows slashes within names, |
59 | as there are now some PTR records that contain slashes. This check is | |
60 | only to protect against broken name servers that fall over on strange | |
61 | characters, so the fact that it applies to all lookups doesn't matter. | |
62 | ||
8def5aaf PH |
63 | PH/09 The default for rfc4131_query_timeout has been changed from 30s to 5s. |
64 | ||
929ba01c PH |
65 | PH/10 When compiled on FreeBSD, NetBSD, or BSD/OS, the pipe transport has a new |
66 | Boolean option called use_classresources, defaulting false. If it is set | |
67 | true, the setclassresources() function is used to set resource limits | |
68 | when a pipe transport is run to perform a delivery. The limits for the | |
69 | uid under which the pipe is to run are obtained from the login class | |
70 | database. | |
230205fc | 71 | |
944a9c55 PH |
72 | PH/11 If retry_interval_max is set greater than 24 hours, it is quietly reset |
73 | to 24 hours. This avoids potential overflow problems when processing G | |
74 | and H retry rules, and it seems reasonable to require a retry at least | |
75 | once a day. | |
76 | ||
4730f942 PH |
77 | PH/12 When the plaintext authenticator is running as a client, the server |
78 | challenges are now checked to ensure they are valid base64 strings. The | |
79 | default action on failure is to abort the authentication. However, if | |
80 | client_ignore_invalid_base64 is set true, invalid responses are ignored. | |
81 | ||
82 | PH/13 When the plaintext authenticator is running as a client, the challenges | |
83 | from the server are placed in $auth1, $auth2, etc. as they are received. | |
84 | Thus, the challege that is received in response to sending the first | |
85 | string (with the AUTH command) can be used in the expansion of the second | |
86 | string, and so on. Currently, up to 3 challenge strings are available in | |
87 | this way. If an invalid base64 string is received when client_ignore_ | |
88 | invalid_base64 is set, an empty string is put in the $auth<n> variable. | |
89 | ||
30dba1e6 PH |
90 | PH/14 Messages created by the autoreply transport now contain a References: |
91 | header. This is constructed in accordance with rules that are described | |
92 | in section 3.64 of RFC 2822, which states that replies should contain | |
93 | such a header line, and section 3.14 of RFC 3834, which states that | |
94 | automatic responses are not different in this respect. However, because | |
95 | some mail processing software does not cope well with very long header | |
96 | lines, no more than 12 message IDs are copied from the References: header | |
97 | line in the incoming message. If there are more than 12, the first one | |
98 | and then the final 11 are copied, before adding the message ID of the | |
99 | incoming message. | |
100 | ||
382afc6b PH |
101 | PH/15 The smtp transport has a new option called authenticated_sender_force. |
102 | When set true, it allows the authenticated_sender option's value to be | |
103 | used, even if Exim has not authenticated as a client. | |
104 | ||
f90d018c PH |
105 | PH/16 The expansion ${time_eval:<string>} converts an Exim time string such as |
106 | 2d4h1m into a number of seconds. | |
107 | ||
c46782ef PH |
108 | PH/17 The ACL modifier control=allow_auth_unadvertised can be used to permit a |
109 | client host to use the SMTP AUTH command even when it has not been | |
110 | advertised in response to EHLO. Furthermore, because there are apparently | |
111 | some really broken clients that do this, Exim will even accept AUTH after | |
112 | HELO when this control is set. It should only be used if you really need | |
113 | it, and you should limit its use to those broken hosts that do not work | |
114 | without it. For example: | |
115 | ||
116 | warn hosts = 192.168.34.25 | |
117 | control = allow_auth_unadvertised | |
118 | ||
119 | This control is permitted only in the connection and HELO ACLs. | |
120 | ||
71fafd95 PH |
121 | PH/18 There is a new ACL modifier called "add_header" which does what its name |
122 | implies. It specifies one of more header lines that are to be added to an | |
123 | incoming message, assuming, of course, that the message is ultimately | |
124 | accepted. | |
125 | ||
126 | This modifier is permitted in the MAIL, RCPT, PREDATA, DATA, MIME, and | |
127 | non-SMTP ACLs (in other words, those that are concerned with accepting a | |
128 | message). Added header lines are accumulated during the MAIL, RCPT, and | |
129 | PREDATA ACLs, with any duplicates being discarded. They are then added to | |
130 | the message before processing the DATA and MIME ACLs, during which | |
131 | further added header lines are accumulated, again with duplicates | |
132 | discarded. Thus, it is possible to add two identical header lines to an | |
133 | SMTP message, but only if one is added before DATA and one after. | |
134 | ||
135 | In the case of non-SMTP messages, new headers are accumulated during the | |
136 | non-SMTP ACL, and added to the message at the end. | |
137 | ||
138 | The add_header modifier is available for use with all ACL verbs. In the | |
139 | case of the WARN verb, add_header supersedes the use of "message" for | |
140 | this purpose; for the other verbs, it provides a new facility. If both | |
141 | add_header and "message" are present on a WARN verb, both are processed | |
142 | according to their specifications. | |
143 | ||
144 | The add_header modifier acts immediately it is encountered during the | |
145 | processing of an ACL. This is different to the (now-deprecated) use of | |
146 | "message" on a WARN verb, where the action is taken only if all the | |
147 | conditions are true. Notice the difference between these two cases on a | |
148 | RCPT ACL: | |
149 | ||
150 | deny add_header = ADDED: some text | |
151 | <some condition> | |
152 | ||
153 | deny <some condition> | |
154 | add_header = ADDED: some text | |
155 | ||
156 | In the first case, the header is always added, whether or not the current | |
157 | recipient is rejected. In the second case, the header is added only if | |
158 | the recipient is rejected. | |
159 | ||
160 | If add_header appears more than once on an ACL statement, multiple | |
161 | headers are added, provided that they have different content. (In the | |
162 | case of WARN with "message", only the last value of "message" is used.) | |
163 | ||
164 | The facility for specifying where the new header is to be inserted, as | |
165 | described for WARN with "message" in section 39.19 of the 4.60 manual, is | |
166 | supported. | |
167 | ||
e97957bc PH |
168 | PH/19 The following errors can now be detected in retry rules: |
169 | ||
170 | mail_4xx This is like rcpt_4xx, but applies to MAIL commands | |
171 | ||
172 | data_4xx This is like rcpt_4xx, but applies to DATA commands and the | |
173 | response code after the end of the data | |
174 | ||
175 | lost_connection This error occurs when the server unexpectedly closes | |
176 | the SMTP connection. There may, of course, legitmate reasons | |
177 | for this (host died, network died), but if it repeats a lot | |
178 | for the same host, it indicates something odd. | |
179 | ||
180 | tls_required The server was required to use TLS (hosts_require_tls), | |
181 | but either did not offer it, or responded with 4xx to | |
182 | STARTTLS, or there was a problem setting up the TLS connection | |
183 | ||
184 | Note that a 5xx response to STARTTLS is a permanent error. | |
185 | ||
71fafd95 | 186 | |
7e66e54d | 187 | |
425ae40f | 188 | Version 4.60 |
b5aea5e1 PH |
189 | ------------ |
190 | ||
425ae40f PH |
191 | The documentation is up-to-date for the 4.60 release. Major new features since |
192 | the 4.50 release are: | |
1a46a8c5 | 193 | |
425ae40f | 194 | . Support for SQLite. |
1a46a8c5 | 195 | |
425ae40f | 196 | . Support for IGNOREQUOTA in LMTP. |
1a46a8c5 | 197 | |
425ae40f | 198 | . Extensions to the "submission mode" features. |
1a46a8c5 | 199 | |
425ae40f | 200 | . Support for Client SMTP Authorization (CSA). |
1a46a8c5 | 201 | |
425ae40f | 202 | . Support for ratelimiting hosts and users. |
b5aea5e1 | 203 | |
425ae40f | 204 | . New expansion items to help with the BATV "prvs" scheme. |
b5aea5e1 | 205 | |
425ae40f | 206 | . A "match_ip" condition, that matches an IP address against a list. |
35edf2ff | 207 | |
425ae40f | 208 | There are many more minor changes. |
495ae4b0 PH |
209 | |
210 | **** |