[exim.git] / doc / doc-txt / NewStuff

$Cambridge: exim/doc/doc-txt/NewStuff,v 1.90 2006/02/23 12:41:22 ph10 Exp $

New Features in Exim
--------------------

This file contains descriptions of new features that have been added to Exim,
but have not yet made it into the main manual (which is most conveniently
updated when there is a relatively large batch of changes). The doc/ChangeLog
file contains a listing of all changes, including bug fixes.

Version 4.61
------------

PH/01 There is a new global option called disable_ipv6, which does exactly what
      its name implies. If set true, even if the Exim binary has IPv6 support,
      no IPv6 activities take place. AAAA records are never looked up for host
      names given in manual routing data or elsewhere. AAAA records that are
      received from the DNS as additional data for MX records are ignored. Any
      IPv6 addresses that are listed in local_interfaces, manualroute route
      data, etc. are also ignored. If IP literals are enabled, the ipliteral
      router declines to handle IPv6 literal addresses.

PH/02 There are now 20 of each type of ACL variable by default (instead of 10).
      It is also possible to change the numbers by setting ACL_CVARS and/or
      ACL_MVARS in Local/Makefile. Backward compatibility is maintained if you
      upgrade to this release with existing messages containing ACL variable
      settings on the queue. However, going in the other direction
      (downgrading) will not be compatible; the values of ACL variables will be
      lost.

PH/03 If quota_warn_message contains a From: header, Exim now refrains from
      adding the default one. Similarly, if it contains a Reply-To: header, the
      errors_reply_to option, if set, is not used.

PH/04 The variables $auth1, $auth2, $auth3 are now available in authenticators,
      containing the same values as $1, $2, $3. The new variables are provided
      because the numerical variables can be reset during string expansions
      (for example, during a "match" operation) and so may lose the
      authentication data. The preferred variables are now the new ones, with
      the use of the numerical ones being deprecated, though the support will
      not be removed, at least, not for a long time.

PH/05 The "control=freeze" ACL modifier can now be followed by /no_tell. If
      the global option freeze_tell is set, it is ignored for the current
      message (that is, nobody is told about the freezing), provided all the
      "control=freeze" modifiers that are obeyed in the current message have
      the /no_tell option.

PH/06 In both GnuTLS and OpenSSL, an expansion of tls_privatekey that results
      in an empty string is now treated as unset.

PH/07 There is a new log selector called sender_verify_fail, which is set by
      default. If it is unset, the separate log line that gives details of a
      sender verification failure is not written. Log lines for the rejection
      of SMTP commands (e.g. RCPT) contain just "sender verify failed", so some
      detail is lost.

PH/08 The default for dns_check_names_pattern now allows slashes within names,
      as there are now some PTR records that contain slashes. This check is
      only to protect against broken name servers that fall over on strange
      characters, so the fact that it applies to all lookups doesn't matter.

PH/09 The default for rfc4131_query_timeout has been changed from 30s to 5s.

PH/10 When compiled on FreeBSD, NetBSD, or BSD/OS, the pipe transport has a new
      Boolean option called use_classresources, defaulting false. If it is set
      true, the setclassresources() function is used to set resource limits
      when a pipe transport is run to perform a delivery. The limits for the
      uid under which the pipe is to run are obtained from the login class
      database.

PH/11 If retry_interval_max is set greater than 24 hours, it is quietly reset
      to 24 hours. This avoids potential overflow problems when processing G
      and H retry rules, and it seems reasonable to require a retry at least
      once a day.

PH/12 When the plaintext authenticator is running as a client, the server
      challenges are now checked to ensure they are valid base64 strings. The
      default action on failure is to abort the authentication. However, if
      client_ignore_invalid_base64 is set true, invalid responses are ignored.

PH/13 When the plaintext authenticator is running as a client, the challenges
      from the server are placed in $auth1, $auth2, etc. as they are received.
      Thus, the challege that is received in response to sending the first
      string (with the AUTH command) can be used in the expansion of the second
      string, and so on. Currently, up to 3 challenge strings are available in
      this way. If an invalid base64 string is received when client_ignore_
      invalid_base64 is set, an empty string is put in the $auth<n> variable.


Version 4.60
------------

The documentation is up-to-date for the 4.60 release. Major new features since
the 4.50 release are:

. Support for SQLite.

. Support for IGNOREQUOTA in LMTP.

. Extensions to the "submission mode" features.

. Support for Client SMTP Authorization (CSA).

. Support for ratelimiting hosts and users.

. New expansion items to help with the BATV "prvs" scheme.

. A "match_ip" condition, that matches an IP address against a list.

There are many more minor changes.

****
Commit	Line	Data
4730f942	1	$Cambridge: exim/doc/doc-txt/NewStuff,v 1.90 2006/02/23 12:41:22 ph10 Exp $
495ae4b0 PH	2
	3	New Features in Exim
	4	--------------------
	5
	6	This file contains descriptions of new features that have been added to Exim,
	7	but have not yet made it into the main manual (which is most conveniently
	8	updated when there is a relatively large batch of changes). The doc/ChangeLog
	9	file contains a listing of all changes, including bug fixes.
	10
7e66e54d PH	11	Version 4.61
	12	------------
	13
	14	PH/01 There is a new global option called disable_ipv6, which does exactly what
	15	its name implies. If set true, even if the Exim binary has IPv6 support,
c8ea1597 PH	16	no IPv6 activities take place. AAAA records are never looked up for host
	17	names given in manual routing data or elsewhere. AAAA records that are
	18	received from the DNS as additional data for MX records are ignored. Any
	19	IPv6 addresses that are listed in local_interfaces, manualroute route
7e66e54d PH	20	data, etc. are also ignored. If IP literals are enabled, the ipliteral
	21	router declines to handle IPv6 literal addresses.
	22
064a94c9	23	PH/02 There are now 20 of each type of ACL variable by default (instead of 10).
47ca6d6c PH	24	It is also possible to change the numbers by setting ACL_CVARS and/or
	25	ACL_MVARS in Local/Makefile. Backward compatibility is maintained if you
	26	upgrade to this release with existing messages containing ACL variable
	27	settings on the queue. However, going in the other direction
	28	(downgrading) will not be compatible; the values of ACL variables will be
	29	lost.
	30
064a94c9 PH	31	PH/03 If quota_warn_message contains a From: header, Exim now refrains from
	32	adding the default one. Similarly, if it contains a Reply-To: header, the
	33	errors_reply_to option, if set, is not used.
	34
f78eb7c6 PH	35	PH/04 The variables $auth1, $auth2, $auth3 are now available in authenticators,
	36	containing the same values as $1, $2, $3. The new variables are provided
	37	because the numerical variables can be reset during string expansions
	38	(for example, during a "match" operation) and so may lose the
	39	authentication data. The preferred variables are now the new ones, with
	40	the use of the numerical ones being deprecated, though the support will
	41	not be removed, at least, not for a long time.
	42
6a3f1455 PH	43	PH/05 The "control=freeze" ACL modifier can now be followed by /no_tell. If
	44	the global option freeze_tell is set, it is ignored for the current
	45	message (that is, nobody is told about the freezing), provided all the
	46	"control=freeze" modifiers that are obeyed in the current message have
	47	the /no_tell option.
	48
c91535f3 PH	49	PH/06 In both GnuTLS and OpenSSL, an expansion of tls_privatekey that results
	50	in an empty string is now treated as unset.
	51
278c6e6c PH	52	PH/07 There is a new log selector called sender_verify_fail, which is set by
	53	default. If it is unset, the separate log line that gives details of a
	54	sender verification failure is not written. Log lines for the rejection
	55	of SMTP commands (e.g. RCPT) contain just "sender verify failed", so some
	56	detail is lost.
	57
230205fc PH	58	PH/08 The default for dns_check_names_pattern now allows slashes within names,
	59	as there are now some PTR records that contain slashes. This check is
	60	only to protect against broken name servers that fall over on strange
	61	characters, so the fact that it applies to all lookups doesn't matter.
	62
8def5aaf PH	63	PH/09 The default for rfc4131_query_timeout has been changed from 30s to 5s.
8def5aaf PH	64
929ba01c PH	65	PH/10 When compiled on FreeBSD, NetBSD, or BSD/OS, the pipe transport has a new
	66	Boolean option called use_classresources, defaulting false. If it is set
	67	true, the setclassresources() function is used to set resource limits
	68	when a pipe transport is run to perform a delivery. The limits for the
	69	uid under which the pipe is to run are obtained from the login class
	70	database.
230205fc	71
944a9c55 PH	72	PH/11 If retry_interval_max is set greater than 24 hours, it is quietly reset
	73	to 24 hours. This avoids potential overflow problems when processing G
	74	and H retry rules, and it seems reasonable to require a retry at least
	75	once a day.
	76
4730f942 PH	77	PH/12 When the plaintext authenticator is running as a client, the server
	78	challenges are now checked to ensure they are valid base64 strings. The
	79	default action on failure is to abort the authentication. However, if
	80	client_ignore_invalid_base64 is set true, invalid responses are ignored.
	81
	82	PH/13 When the plaintext authenticator is running as a client, the challenges
	83	from the server are placed in $auth1, $auth2, etc. as they are received.
	84	Thus, the challege that is received in response to sending the first
	85	string (with the AUTH command) can be used in the expansion of the second
	86	string, and so on. Currently, up to 3 challenge strings are available in
	87	this way. If an invalid base64 string is received when client_ignore_
	88	invalid_base64 is set, an empty string is put in the $auth<n> variable.
	89
7e66e54d	90
425ae40f	91	Version 4.60
b5aea5e1 PH	92	------------
b5aea5e1 PH	93
425ae40f PH	94	The documentation is up-to-date for the 4.60 release. Major new features since
425ae40f PH	95	the 4.50 release are:
1a46a8c5	96
425ae40f	97	. Support for SQLite.
1a46a8c5	98
425ae40f	99	. Support for IGNOREQUOTA in LMTP.
1a46a8c5	100
425ae40f	101	. Extensions to the "submission mode" features.
1a46a8c5	102
425ae40f	103	. Support for Client SMTP Authorization (CSA).
1a46a8c5	104
425ae40f	105	. Support for ratelimiting hosts and users.
b5aea5e1	106
425ae40f	107	. New expansion items to help with the BATV "prvs" scheme.
b5aea5e1	108
425ae40f	109	. A "match_ip" condition, that matches an IP address against a list.
35edf2ff	110
425ae40f	111	There are many more minor changes.
495ae4b0 PH	112
495ae4b0 PH	113	****