Escape funny characters when logging DN=
[exim.git] / doc / doc-txt / NewStuff
CommitLineData
8f128379 1$Cambridge: exim/doc/doc-txt/NewStuff,v 1.155 2007/08/22 10:10:23 ph10 Exp $
495ae4b0
PH
2
3New Features in Exim
4--------------------
5
38a0a95f
PH
6This file contains descriptions of new features that have been added to Exim.
7Before a formal release, there may be quite a lot of detail so that people can
8test from the snapshots or the CVS before the documentation is updated. Once
9the documentation is updated, this file is reduced to a short list.
10
2b85bce7
PH
11Version 4.68
12------------
13
14 1. The body_linecount and body_zerocount C variables are now exported in the
15 local_scan API.
16
93655c46
PH
17 2. When a dnslists lookup succeeds, the key that was looked up is now placed
18 in $dnslist_matched. When the key is an IP address, it is not reversed in
19 this variable (though it is, of course, in the actual lookup). In simple
20 cases, for example:
21
22 deny dnslists = spamhaus.example
23
24 the key is also available in another variable (in this case,
25 $sender_host_address). In more complicated cases, however, this is not
26 true. For example, using a data lookup might generate a dnslists lookup
27 like this:
28
29 deny dnslists = spamhaus.example/<|192.168.1.2|192.168.6.7|...
30
31 If this condition succeeds, the value in $dnslist_matched might be
32 192.168.6.7 (for example).
33
6c512171
PH
34 3. Authenticators now have a client_condition option. When Exim is running as
35 a client, it skips an authenticator whose client_condition expansion yields
36 "0", "no", or "false". This can be used, for example, to skip plain text
37 authenticators when the connection is not encrypted by a setting such as:
38
39 client_condition = ${if !eq{$tls_cipher}{}}
40
41 Note that the 4.67 documentation states that $tls_cipher contains the
42 cipher used for incoming messages. In fact, during SMTP delivery, it
43 contains the cipher used for the delivery. The same is true for
44 $tls_peerdn.
45
a96603a0
PH
46 4. There is now a -Mvc <message-id> option, which outputs a copy of the
47 message to the standard output, in RFC 2822 format. The option can be used
48 only by an admin user.
49
8f240103
PH
50 5. There is now a /noupdate option for the ratelimit ACL condition. It
51 computes the rate and checks the limit as normal, but it does not update
52 the saved data. This means that, in relevant ACLs, it is possible to lookup
53 the existence of a specified (or auto-generated) ratelimit key without
54 incrementing the ratelimit counter for that key.
55
56 In order for this to be useful, another ACL entry must set the rate
57 for the same key somewhere (otherwise it will always be zero).
58
59 Example:
60
61 acl_check_connect:
62 # Read the rate; if it doesn't exist or is below the maximum
63 # we update it below
64 deny ratelimit = 100 / 5m / strict / noupdate
65 log_message = RATE: $sender_rate / $sender_rate_period \
66 (max $sender_rate_limit)
67
68 [... some other logic and tests...]
69
70 warn ratelimit = 100 / 5m / strict / per_cmd
71 log_message = RATE UPDATE: $sender_rate / $sender_rate_period \
72 (max $sender_rate_limit)
73 condition = ${if le{$sender_rate}{$sender_rate_limit}}
74
75 accept
76
d677b2f2
PH
77 6. The variable $max_received_linelength contains the number of bytes in the
78 longest line that was received as part of the message, not counting the
79 line termination character(s).
80
d52120f2
PH
81 7. Host lists can now include +ignore_defer and +include_defer, analagous to
82 +ignore_unknown and +include_unknown. These options should be used with
83 care, probably only in non-critical host lists such as whitelists.
84
8669f003
PH
85 8. There's a new option called queue_only_load_latch, which defaults true.
86 If set false when queue_only_load is greater than zero, Exim re-evaluates
87 the load for each incoming message in an SMTP session. Otherwise, once one
88 message is queued, the remainder are also.
89
8f128379
PH
90 9. There is a new ACL, specified by smtp_notquit_acl, which is run in most
91 cases when an SMTP session ends without sending QUIT. However, when Exim
92 itself is is bad trouble, such as being unable to write to its log files,
93 this ACL is not run, because it might try to do things (such as write to
94 log files) that make the situation even worse.
95
96 Like the QUIT ACL, this new ACL is provided to make it possible to gather
97 statistics. Whatever it returns (accept or deny) is immaterial. The "delay"
98 modifier is forbidden in this ACL.
99
100 When the NOTQUIT ACL is running, the variable $smtp_notquit_reason is set
101 to a string that indicates the reason for the termination of the SMTP
102 connection. The possible values are:
103
104 acl-drop Another ACL issued a "drop" command
105 bad-commands Too many unknown or non-mail commands
106 command-timeout Timeout while reading SMTP commands
107 connection-lost The SMTP connection has been lost
108 data-timeout Timeout while reading message data
109 local-scan-error The local_scan() function crashed
110 local-scan-timeout The local_scan() function timed out
111 signal-exit SIGTERM or SIGINT
112 synchronization-error SMTP synchronization error
113 tls-failed TLS failed to start
114
115 In most cases when an SMTP connection is closed without having received
116 QUIT, Exim sends an SMTP response message before actually closing the
117 connection. With the exception of acl-drop, the default message can be
118 overridden by the "message" modifier in the NOTQUIT ACL. In the case of a
119 "drop" verb in another ACL, it is the message from the other ACL that is
120 used.
121
2b85bce7 122
b4ed4da0
PH
123Version 4.67
124------------
125
126 1. There is a new log selector called smtp_no_mail, which is not included in
127 the default setting. When it is set, a line is written to the main log
128 whenever an accepted SMTP connection terminates without having issued a
4aa45c31 129 MAIL command.
b4ed4da0 130
431b7361 131 2. When an item in a dnslists list is followed by = and & and a list of IP
4aa45c31
PH
132 addresses, the behaviour was not clear when the lookup returned more than
133 one IP address. This has been solved by the addition of == and =& for "all"
93655c46 134 rather than the default "any" matching.
431b7361 135
4aa45c31
PH
136 3. Up till now, the only control over which cipher suites GnuTLS uses has been
137 for the cipher algorithms. New options have been added to allow some of the
138 other parameters to be varied.
431b7361 139
4aa45c31
PH
140 4. There is a new compile-time option called ENABLE_DISABLE_FSYNC. When it is
141 set, Exim compiles a runtime option called disable_fsync.
431b7361 142
4aa45c31 143 5. There is a new variable called $smtp_count_at_connection_start.
431b7361 144
4aa45c31 145 6. There's a new control called no_pipelining.
cf8b11a5 146
41c7c167 147 7. There are two new variables called $sending_ip_address and $sending_port.
4aa45c31 148 These are set whenever an SMTP connection to another host has been set up.
41c7c167
PH
149
150 8. The expansion of the helo_data option in the smtp transport now happens
4aa45c31 151 after the connection to the server has been made.
41c7c167 152
9c57cbc0 153 9. There is a new expansion operator ${rfc2047d: that decodes strings that
4aa45c31 154 are encoded as per RFC 2047.
9c57cbc0 155
f3f065bb
PH
15610. There is a new log selector called "pid", which causes the current process
157 id to be added to every log line, in square brackets, immediately after the
158 time and date.
159
047bdd8c 16011. Exim has been modified so that it flushes SMTP output before implementing
4c590bd1
PH
161 a delay in an ACL. It also flushes the output before performing a callout,
162 as this can take a substantial time. These behaviours can be disabled by
163 obeying control = no_delay_flush or control = no_callout_flush,
4aa45c31 164 respectively, at some earlier stage of the connection.
047bdd8c 165
0ce9abe6 16612. There are two new expansion conditions that iterate over a list. They are
4aa45c31 167 called forany and forall.
0ce9abe6 168
0e22dfd1
PH
16913. There's a new global option called dsn_from that can be used to vary the
170 contents of From: lines in bounces and other automatically generated
171 messages ("delivery status notifications" - hence the name of the option).
0e22dfd1 172
4aa45c31 17314. The smtp transport has a new option called hosts_avoid_pipelining.
c51b8e75 174
75b1493f 17515. By default, exigrep does case-insensitive matches. There is now a -I option
4aa45c31 176 that makes it case-sensitive.
29f89cad 177
4aa45c31
PH
17816. A number of new features ("addresses", "map", "filter", and "reduce") have
179 been added to string expansions to make it easier to process lists of
180 items, typically addresses.
29f89cad 181
c3611384
PH
18217. There's a new ACL modifier called "continue". It does nothing of itself,
183 and processing of the ACL always continues with the next condition or
184 modifier. It is provided so that the side effects of expanding its argument
4aa45c31 185 can be used.
c3611384 186
ec95d1a6 18718. It is now possible to use newline and other control characters (those with
4aa45c31 188 values less than 32, plus DEL) as separators in lists.
ec95d1a6 189
b2d5182b
PH
19019. The exigrep utility now has a -v option, which inverts the matching
191 condition.
192
c456d9bb 19320. The host_find_failed option in the manualroute router can now be set to
4aa45c31 194 "ignore".
c456d9bb 195
b4ed4da0
PH
196
197Version 4.66
198------------
199
200No new features were added to 4.66.
201
202
203Version 4.65
204------------
205
206No new features were added to 4.65.
207
38a0a95f
PH
208
209Version 4.64
210------------
211
af561417
PH
212 1. ACL variables can now be given arbitrary names, as long as they start with
213 "acl_c" or "acl_m" (for connection variables and message variables), are at
214 least six characters long, with the sixth character being either a digit or
883335dc 215 an underscore.
af561417
PH
216
217 2. There is a new ACL modifier called log_reject_target. It makes it possible
883335dc 218 to specify which logs are used for messages about ACL rejections.
af561417
PH
219
220 3. There is a new authenticator called "dovecot". This is an interface to the
221 authentication facility of the Dovecot POP/IMAP server, which can support a
883335dc 222 number of authentication methods.
af561417
PH
223
224 4. The variable $message_headers_raw provides a concatenation of all the
225 messages's headers without any decoding. This is in contrast to
226 $message_headers, which does RFC2047 decoding on the header contents.
227
883335dc
PH
228 5. In a DNS black list, if two domain names, comma-separated, are given, the
229 second is used first to do an initial check, making use of any IP value
230 restrictions that are set. If there is a match, the first domain is used,
231 without any IP value restrictions, to get the TXT record.
af561417 232
883335dc 233 6. All authenticators now have a server_condition option.
af561417
PH
234
235 7. There is a new command-line option called -Mset. It is useful only in
236 conjunction with -be (that is, when testing string expansions). It must be
237 followed by a message id; Exim loads the given message from its spool
883335dc 238 before doing the expansions.
af561417
PH
239
240 8. Another similar new command-line option is called -bem. It operates like
883335dc
PH
241 -be except that it must be followed by the name of a file that contains a
242 message.
af561417
PH
243
244 9. When an address is delayed because of a 4xx response to a RCPT command, it
245 is now the combination of sender and recipient that is delayed in
883335dc 246 subsequent queue runs until its retry time is reached.
af561417
PH
247
24810. Unary negation and the bitwise logical operators and, or, xor, not, and
883335dc 249 shift, have been added to the eval: and eval10: expansion items.
48c7f9e2 250
194cc0e4
PH
25111. The variables $interface_address and $interface_port have been renamed
252 as $received_ip_address and $received_port, to make it clear that they
253 relate to message reception rather than delivery. (The old names remain
254 available for compatibility.)
255
883335dc
PH
25612. The "message" modifier can now be used on "accept" and "discard" acl verbs
257 to vary the message that is sent when an SMTP command is accepted.
4e88a19f 258
495ae4b0 259
4608d683
PH
260Version 4.63
261------------
262
2631. There is a new Boolean option called filter_prepend_home for the redirect
38a0a95f 264 router.
4608d683 265
45b91596
PH
2662. There is a new acl, set by acl_not_smtp_start, which is run right at the
267 start of receiving a non-SMTP message, before any of the message has been
38a0a95f 268 read.
45b91596 269
a5bd321b
PH
2703. When an SMTP error message is specified in a "message" modifier in an ACL,
271 or in a :fail: or :defer: message in a redirect router, Exim now checks the
38a0a95f 272 start of the message for an SMTP error code.
a5bd321b 273
6ec97b1b 2744. There is a new parameter for LDAP lookups called "referrals", which takes
38a0a95f 275 one of the settings "follow" (the default) or "nofollow".
6ec97b1b 276
e22ca4ac
JJ
2775. Version 20070721.2 of exipick now included, offering these new options:
278 --reverse
279 After all other sorting options have bee processed, reverse order
280 before displaying messages (-R is synonym).
281 --random
282 Randomize order of matching messages before displaying.
283 --size
284 Instead of displaying the matching messages, display the sum
285 of their sizes.
286 --sort <variable>[,<variable>...]
287 Before displaying matching messages, sort the messages according to
288 each messages value for each variable.
289 --not
290 Negate the value for every test (returns inverse output from the
291 same criteria without --not).
292
4608d683 293
1cce3af8
PH
294Version 4.62
295------------
296
2971. The ${readsocket expansion item now supports Internet domain sockets as well
298 as Unix domain sockets. If the first argument begins "inet:", it must be of
299 the form "inet:host:port". The port is mandatory; it may be a number or the
300 name of a TCP port in /etc/services. The host may be a name, or it may be an
301 IP address. An ip address may optionally be enclosed in square brackets.
302 This is best for IPv6 addresses. For example:
303
304 ${readsocket{inet:[::1]:1234}{<request data>}...
305
306 Only a single host name may be given, but if looking it up yield more than
307 one IP address, they are each tried in turn until a connection is made. Once
308 a connection has been made, the behaviour is as for ${readsocket with a Unix
309 domain socket.
310
f7fd3850
PH
3112. If a redirect router sets up file or pipe deliveries for more than one
312 incoming address, and the relevant transport has batch_max set greater than
313 one, a batch delivery now occurs.
314
d6629cdc
PH
3153. The appendfile transport has a new option called maildirfolder_create_regex.
316 Its value is a regular expression. For a maildir delivery, this is matched
317 against the maildir directory; if it matches, Exim ensures that a
318 maildirfolder file is created alongside the new, cur, and tmp directories.
319
1cce3af8 320
7e66e54d
PH
321Version 4.61
322------------
323
4f578862
PH
324The documentation is up-to-date for the 4.61 release. Major new features since
325the 4.60 release are:
326
327. An option called disable_ipv6, to disable the use of IPv6 completely.
328
329. An increase in the number of ACL variables to 20 of each type.
330
331. A change to use $auth1, $auth2, and $auth3 in authenticators instead of $1,
332 $2, $3, (though those are still set) because the numeric variables get used
333 for other things in complicated expansions.
334
843a41e8 335. The default for rfc1413_query_timeout has been changed from 30s to 5s.
4f578862
PH
336
337. It is possible to use setclassresources() on some BSD OS to control the
338 resources used in pipe deliveries.
339
340. A new ACL modifier called add_header, which can be used with any verb.
341
342. More errors are detectable in retry rules.
343
344There are a number of other additions too.
71fafd95 345
7e66e54d 346
425ae40f 347Version 4.60
b5aea5e1
PH
348------------
349
425ae40f
PH
350The documentation is up-to-date for the 4.60 release. Major new features since
351the 4.50 release are:
1a46a8c5 352
425ae40f 353. Support for SQLite.
1a46a8c5 354
425ae40f 355. Support for IGNOREQUOTA in LMTP.
1a46a8c5 356
425ae40f 357. Extensions to the "submission mode" features.
1a46a8c5 358
425ae40f 359. Support for Client SMTP Authorization (CSA).
1a46a8c5 360
425ae40f 361. Support for ratelimiting hosts and users.
b5aea5e1 362
425ae40f 363. New expansion items to help with the BATV "prvs" scheme.
b5aea5e1 364
425ae40f 365. A "match_ip" condition, that matches an IP address against a list.
35edf2ff 366
425ae40f 367There are many more minor changes.
495ae4b0
PH
368
369****