Added the hosts_max_try_hardlimit option. (The removed file is left over
[exim.git] / doc / doc-txt / NewStuff
CommitLineData
533244af 1$Cambridge: exim/doc/doc-txt/NewStuff,v 1.25 2005/01/04 16:36:27 ph10 Exp $
495ae4b0
PH
2
3New Features in Exim
4--------------------
5
6This file contains descriptions of new features that have been added to Exim,
7but have not yet made it into the main manual (which is most conveniently
8updated when there is a relatively large batch of changes). The doc/ChangeLog
9file contains a listing of all changes, including bug fixes.
10
11
f7b63901 12Version 4.50
35edf2ff
PH
13------------
14
15 1. There is a new build-time option called CONFIGURE_GROUP which works like
16 CONFIGURE_OWNER. It specifies one additional group that is permitted for
17 the runtime configuration file when the group write permission is set.
18
51a0ece1 19 2. The "control=submission" facility has a new option /sender_retain. This
69358f02
PH
20 has the effect of setting local_sender_retain true and local_from_check
21 false for the incoming message in which it is encountered.
22
5131419f
PH
23 3. $recipients is now available in the predata ACL (oversight).
24
25 4. The value of address_data from a sender verification is now available in
26 $sender_address_data in subsequent conditions in the ACL statement. Note:
27 this is just like $address_data. The value does not persist after the end
28 of the current ACL statement. If you want to preserve it, you can use one
29 of the ACL variables.
30
23c7ff99
PH
31 5. The redirect router has two new options: forbid_sieve_filter and
32 forbid_exim_filter. When filtering is enabled by allow_filter, these
33 options control which type(s) of filtering are permitted. By default, both
34 Exim and Sieve filters are allowed.
35
4deaf07d
PH
36 6. A new option for callouts makes it possible to set a different (usually
37 smaller) timeout for making the SMTP connection. The keyword is "connect".
38 For example:
39
40 verify = sender/callout=5s,connect=1s
41
42 If not specified, it defaults to the general timeout value.
43
2c7db3f5
PH
44 7. The new variables $sender_verify_failure and $recipient_verify_failure
45 contain information about exactly what failed. In an ACL, after one of
46 these failures, the relevant variable contains one of the following words:
47
48 qualify the address was unqualified (no domain), and the message
49 was neither local nor came from an exempted host;
50
51 route routing failed;
52
53 mail routing succeeded, and a callout was attempted; rejection
54 occurred at or before the MAIL command (that is, on initial
55 connection, HELO, or MAIL);
56
57 recipient the RCPT command in a callout was rejected;
58
59 postmaster the postmaster check in a callout was rejected.
60
61 The main use of these variables is expected to be to distinguish between
62 rejections of MAIL and rejections of RCPT.
63
3d235903
PH
64 8. The command line option -dd behaves exactly like -d except when used on a
65 command that starts a daemon process. In that case, debugging is turned off
66 for the subprocesses that the daemon creates. Thus, it is useful for
67 monitoring the behaviour of the daemon without creating as much output as
68 full debugging.
69
d4eb88df
PH
70 9. $host_address is now set to the target address during the checking of
71 ignore_target_hosts.
72
5cb8cbc6
PH
7310. There are four new variables called $spool_space, $log_space,
74 $spool_inodes, and $log_inodes. The first two contain the amount of free
75 space in the disk partitions where Exim has its spool directory and log
76 directory, respectively. (When these are in the same partition, the values
77 will, of course, be the same.) The second two variables contain the numbers
78 of free inodes in the respective partitions.
79
80 NOTE: Because disks can nowadays be very large, the values in the space
81 variables are in kilobytes rather than in bytes. Thus, for example, to
82 check in an ACL that there is at least 50M free on the spool, you would
83 write:
84
85 condition = ${if > {$spool_space}{50000}{yes}{no}}
86
87 The values are recalculated whenever any of these variables is referenced.
88 If the relevant file system does not have the concept of inodes, the value
89 of those variables is -1. If the operating system does not have the ability
90 to find the amount of free space (only true for experimental systems), the
91 space value is -1.
2c7db3f5 92
063b1e99
PH
9311. It is now permitted to omit both strings after an "if" condition; if the
94 condition is true, the result is the string "true". As before, when the
95 second string is omitted, a false condition yields an empty string. This
96 makes it less cumbersome to write custom ACL and router conditions. For
97 example, instead of
98
99 condition = ${if eq {$acl_m4}{1}{yes}{no}}
100
101 or the shorter form
102
103 condition = ${if eq {$acl_m4}{1}{yes}}
104
105 (because the second string has always defaulted to ""), you can now write
106
107 condition = ${if eq {$acl_m4}{1}}
108
109 Previously this was a syntax error.
110
ea3bc19b 11112. There is a new "record type" that can be specified in dnsdb lookups. It
33397d19
PH
112 is "zns" (for "zone NS"). It performs a lookup for NS records on the given
113 domain, but if none are found, it removes the first component of the domain
114 name, and tries again. This process continues until NS records are found
115 or there are no more components left (or there's a DNS error). In other
116 words, it may return the name servers for a top-level domain, but it never
117 returns the root name servers. If there are no NS records for the top-level
118 domain, the lookup fails.
119
120 For example, ${lookup dnsdb{zns=xxx.quercite.com}} returns the name
121 servers for quercite.com, whereas ${lookup dnsdb{zns=xxx.edu}} returns
122 the name servers for edu, assuming in each case that there are no NS
123 records for the full domain name.
124
125 You should be careful about how you use this lookup because, unless the
126 top-level domain does not exist, the lookup will always return some host
127 names. The sort of use to which this might be put is for seeing if the name
128 servers for a given domain are on a blacklist. You can probably assume that
129 the name servers for the high-level domains such as .com or .co.uk are not
130 going to be on such a list.
131
ea3bc19b
PH
13213. Another new "record type" is "mxh"; this looks up MX records just as "mx"
133 does, but it returns only the names of the hosts, omitting the priority
134 values.
135
13614. It is now possible to specify a list of domains or IP addresses to be
7bb56e1f
PH
137 looked up in a dnsdb lookup. The list is specified in the normal Exim way,
138 with colon as the default separator, but with the ability to change this.
139 For example:
140
141 ${lookup dnsdb{one.domain.com:two.domain.com}}
142 ${lookup dnsdb{a=one.host.com:two.host.com}}
143 ${lookup dnsdb{ptr = <; 1.2.3.4 ; 4.5.6.8}}
144
145 In order to retain backwards compatibility, there is one special case: if
146 the lookup type is PTR and no change of separator is specified, Exim looks
147 to see if the rest of the string is precisely one IPv6 address. In this
148 case, it does not treat it as a list.
149
150 The data from each lookup is concatenated, with newline separators (by
151 default - see 14 below), in the same way that multiple DNS records for a
152 single item are handled.
153
c38d6da9 154 The dnsdb lookup fails only if all the DNS lookups fail. If there is a
ff4dbb19
PH
155 temporary DNS error for any of them, the behaviour is controlled by
156 an optional keyword followed by a comma that may appear before the record
157 type. The possible keywords are "defer_strict", "defer_never", and
158 "defer_lax". With "strict" behaviour, any temporary DNS error causes the
159 whole lookup to defer. With "never" behaviour, a temporary DNS error is
160 ignored, and the behaviour is as if the DNS lookup failed to find anything.
161 With "lax" behaviour, all the queries are attempted, but a temporary DNS
162 error causes the whole lookup to defer only if none of the other lookups
163 succeed. The default is "lax", so the following lookups are equivalent:
164
165 ${lookup dnsdb{defer_lax,a=one.host.com:two.host.com}}
166 ${lookup dnsdb{a=one.host.com:two.host.com}}
167
168 Thus, in the default case, as long as at least one of the DNS lookups
169 yields some data, the dnsdb lookup succeeds.
7bb56e1f 170
ea3bc19b 17115. It is now possible to specify the character to be used as a separator when
7bb56e1f
PH
172 a dnsdb lookup returns data from more than one DNS record. The default is a
173 newline. To specify a different character, put '>' followed by the new
174 character at the start of the query. For example:
175
176 ${lookup dnsdb{>: a=h1.test.ex:h2.test.ex}}
ea3bc19b 177 ${lookup dnsdb{>| mxh=<;m1.test.ex;m2.test.ex}}
7bb56e1f
PH
178
179 It is permitted to specify a space as the separator character. Note that
180 more than one DNS record can be found for a single lookup item; this
181 feature is relevant even when you do not specify a list.
182
183 The same effect could be achieved by wrapping the lookup in ${tr...}; this
184 feature is just a syntactic simplification.
185
ea3bc19b 18616. It is now possible to supply a list of domains and/or IP addresses to be
0bcb2a0e
PH
187 lookup up in a DNS blacklist. Previously, only a single domain name could
188 be given, for example:
189
190 dnslists = black.list.tld/$sender_host_name
191
192 What follows the slash can now be a list. As with all lists, the default
193 separator is a colon. However, because this is a sublist within the list of
194 DNS blacklist domains, it is necessary either to double the separators like
195 this:
196
197 dnslists = black.list.tld/name.1::name.2
198
199 or to change the separator character, like this:
200
201 dnslists = black.list.tld/<;name.1;name.2
202
203 If an item in the list is an IP address, it is inverted before the DNS
204 blacklist domain is appended. If it is not an IP address, no inversion
205 occurs. Consider this condition:
206
207 dnslists = black.list.tls/<;192.168.1.2;a.domain
208
209 The DNS lookups that occur are for
210
211 2.1.168.192.black.list.tld and a.domain.black.list.tld
212
213 Once a DNS record has been found (that matches a specific IP return
c38d6da9
PH
214 address, if specified), no further lookups are done. If there is a
215 temporary DNS error, the rest of the sublist of domains or IP addresses is
216 tried. The dnslists item itself defers only if none of the other DNS
217 lookups in this sublist succeeds. In other words, a successful lookup for
218 any of the items in the sublist overrides a defer for a previous item.
0bcb2a0e 219
ea3bc19b 22017. The log selector queue_time_overall causes Exim to output the time spent on
2ac0e484
PH
221 the queue as an addition to the "Completed" message. Like queue_time (which
222 puts the queue time on individual delivery lines), the time is tagged with
223 "QT=", and it is measured from the time that the message starts to be
224 received, so it includes the reception time.
225
f05da2e8
PH
22618. It is now possible to use both -bF and -bf on the same command, in order to
227 test a system filter and a user filter in the same run. For example:
228
229 exim -bF /system/filter -bf /user/filter </test/message
230
231 This is helpful when the system filter adds header lines or sets filter
232 variables that are used by the user filter.
233
f7b63901
PH
23419. The Exiscan patch is now merged into the main source. See src/EDITME for
235 parameters for the build.
236
b975ba52
PH
23720. If the key for a dnsdb PTR lookup is not an IP address, it is used
238 verbatim, without component reversal and without the addition of
239 in-addr.arpa or ip6.arpa.
7102e136 240
1f5b4c3d
PH
24121. Two changes related to the smtp_active_hostname option:
242
243 (1) $smtp_active_hostname is now available as a variable. Its value
244 sticks with the message and is therefore available in routers and
245 transports at delivery time.
246
247 (2) The default for smtp_banner uses $smtp_active_hostname instead
248 of $primary_hostname.
249
533244af
PH
25022. The hosts_max_try_hardlimit option (default 50) is added to the smtp
251 transport. Exim will never try more than this number of IP addresses; if it
252 hits this limit and they are all timed out, the message is bounced, even
253 though not all IP addresses may have been tried. Compare hosts_max_try,
254 which is a "soft" limit, because Exim will exceed it when hosts time out.
255 The new limit is a protection against lunatic DNS configurations with
256 hundreds of IP addresses.
257
35edf2ff 258
495ae4b0
PH
259Version 4.43
260------------
261
262 1. There is a new Boolean global option called mua_wrapper, defaulting false.
263 This causes Exim to run an a restricted mode, in order to provide a very
264 specific service.
265
266 Background: On a personal computer, it is a common requirement for all
267 email to be sent to a smarthost. There are plenty of MUAs that can be
268 configured to operate that way, for all the popular operating systems.
269 However, there are MUAs for Unix-like systems that cannot be so configured:
270 they submit messages using the command line interface of
271 /usr/sbin/sendmail. In addition, utility programs such as cron submit
272 messages this way.
273
274 Requirement: The requirement is for something that can provide the
275 /usr/sbin/sendmail interface and deliver messages to a smarthost, but not
276 provide any queueing or retrying facilities. Furthermore, the delivery to
277 the smarthost should be synchronous, so that if it fails, the sending MUA
278 is immediately informed. In other words, we want something that in effect
279 converts a command-line MUA into a TCP/SMTP MUA.
280
281 Solutions: There are a number of applications (for example, ssmtp) that do
282 this job. However, people have found them to be lacking in various ways.
283 For instance, some sites want to allow aliasing and forwarding before
284 sending to the smarthost.
285
286 Using Exim: Exim already had the necessary infrastructure for doing this
287 job. Just a few tweaks were needed to make it behave as required, though it
288 is somewhat of an overkill to use a fully-featured MTA for this purpose.
289
290 Setting mua_wrapper=true causes Exim to run in a special mode where it
291 assumes that it is being used to "wrap" a command-line MUA in the manner
292 just described.
293
294 If you set mua_wrapper=true, you also need to provide a compatible router
295 and transport configuration. Typically there will be just one router and
296 one transport, sending everything to a smarthost.
297
298 When run in MUA wrapping mode, the behaviour of Exim changes in the
299 following ways:
300
301 (a) A daemon cannot be run, nor will Exim accept incoming messages from
302 inetd. In other words, the only way to submit messages is via the
303 command line.
304
305 (b) Each message is synchonously delivered as soon as it is received (-odi
306 is assumed). All queueing options (queue_only, queue_smtp_domains,
307 control=queue, control=freeze in an ACL etc.) are quietly ignored. The
308 Exim reception process does not finish until the delivery attempt is
309 complete. If the delivery was successful, a zero return code is given.
310
311 (c) Address redirection is permitted, but the final routing for all
312 addresses must be to the same remote transport, and to the same list of
313 hosts. Furthermore, the return_address must be the same for all
314 recipients, as must any added or deleted header lines. In other words,
315 it must be possible to deliver the message in a single SMTP
316 transaction, however many recipients there are.
317
318 (d) If the conditions in (c) are not met, or if routing any address results
319 in a failure or defer status, or if Exim is unable to deliver all the
320 recipients successfully to one of the hosts immediately, delivery of
321 the entire message fails.
322
323 (e) Because no queueing is allowed, all failures are treated as permanent;
324 there is no distinction between 4xx and 5xx SMTP response codes from
325 the smarthost. Furthermore, because only a single yes/no response can
326 be given to the caller, it is not possible to deliver to some
327 recipients and not others. If there is an error (temporary or
328 permanent) for any recipient, all are failed.
329
330 (f) If more than one host is listed, Exim will try another host after a
331 connection failure or a timeout, in the normal way. However, if this
332 kind of failure happens for all the hosts, the delivery fails.
333
334 (g) When delivery fails, an error message is written to the standard error
335 stream (as well as to Exim's log), and Exim exits to the caller with a
336 return code value 1. The message is expunged from Exim's spool files.
337 No bounce messages are ever generated.
338
339 (h) No retry data is maintained, and any retry rules are ignored.
340
341 (i) A number of Exim options are overridden: deliver_drop_privilege is
342 forced true, max_rcpt in the smtp transport is forced to "unlimited",
343 remote_max_parallel is forced to one, and fallback hosts are ignored.
344
345 The overall effect is that Exim makes a single synchronous attempt to
346 deliver the message, failing if there is any kind of problem. Because no
347 local deliveries are done and no daemon can be run, Exim does not need root
348 privilege. It should be possible to run it setuid=exim instead of
349 setuid=root. See section 48.3 in the 4.40 manual for a general discussion
350 about the advantages and disadvantages of running without root privilege.
351
352 2. There have been problems with DNS servers when SRV records are looked up.
353 Some mis-behaving servers return a DNS error or timeout when a non-existent
354 SRV record is sought. Similar problems have in the past been reported for
355 MX records. The global dns_again_means_nonexist option can help with this
356 problem, but it is heavy-handed because it is a global option. There are
357 now two new options for the dnslookup router. They are called
358 srv_fail_domains and mx_fail_domains. In each case, the value is a domain
359 list. If an attempt to look up an SRV or MX record results in a DNS failure
360 or "try again" response, and the domain matches the relevant list, Exim
361 behaves as if the DNS had responded "no such record". In the case of an SRV
362 lookup, this means that the router proceeds to look for MX records; in the
363 case of an MX lookup, it proceeds to look for A or AAAA records, unless the
364 domain matches mx_domains.
365
366 3. The following functions are now available in the local_scan() API:
367
368 (a) void header_remove(int occurrence, uschar *name)
369
370 This function removes header lines. If "occurrence" is zero or negative,
371 all occurrences of the header are removed. If occurrence is greater
372 than zero, that particular instance of the header is removed. If no
373 header(s) can be found that match the specification, the function does
374 nothing.
375
376 (b) BOOL header_testname(header_line *hdr, uschar *name, int length,
377 BOOL notdel)
378
379 This function tests whether the given header has the given name. It
380 is not just a string comparison, because whitespace is permitted
381 between the name and the colon. If the "notdel" argument is TRUE, a
382 FALSE return is forced for all "deleted" headers; otherwise they are
383 not treated specially. For example:
384
385 if (header_testname(h, US"X-Spam", 6, TRUE)) ...
386
387 (c) void header_add_at_position(BOOL after, uschar *name, BOOL topnot,
388 int type, char *format, ...)
389
390 This function adds a new header line at a specified point in the header
391 chain. If "name" is NULL, the new header is added at the end of the
392 chain if "after" is TRUE, or at the start if "after" is FALSE. If
393 "name" is not NULL, the headers are searched for the first non-deleted
394 header that matches the name. If one is found, the new header is added
395 before it if "after" is FALSE. If "after" is true, the new header is
396 added after the found header and any adjacent subsequent ones with the
397 same name (even if marked "deleted"). If no matching non-deleted header
398 is found, the "topnot" option controls where the header is added. If it
399 is TRUE, addition is at the top; otherwise at the bottom. Thus, to add
400 a header after all the Received: headers, or at the top if there are no
401 Received: headers, you could use
402
403 header_add_at_position(TRUE, US"Received", TRUE, ' ', "X-xxx: ...");
404
405 Normally, there is always at least one non-deleted Received: header,
406 but there may not be if received_header_text expands to an empty
407 string.
408
409 (d) BOOL receive_remove_recipient(uschar *recipient)
410
411 This is a convenience function to remove a named recipient from the
412 list of recipients. It returns TRUE if a recipient was removed, and
413 FALSE if no matching recipient could be found. The argument must be a
414 complete email address.
415
416 4. When an ACL "warn" statement adds one or more header lines to a message,
417 they are added at the end of the existing header lines by default. It is
418 now possible to specify that any particular header line should be added
419 right at the start (before all the Received: lines) or immediately after
420 the first block of Received: lines in the message. This is done by
421 specifying :at_start: or :after_received: (or, for completeness, :at_end:)
422 before the text of the header line. (Header text cannot start with a colon,
423 as there has to be a header name first.) For example:
424
425 warn message = :after_received:X-My-Header: something or other...
426
427 If more than one header is supplied in a single warn statement, each one is
428 treated independently and can therefore be placed differently. If you add
429 more than one line at the start, or after the Received: block, they will
430 end up in reverse order.
431
432 Warning: This facility currently applies only to header lines that are
433 added in an ACL. It does NOT work for header lines that are added in a
434 system filter or in a router or transport.
435
436 5. There is now a new error code that can be used in retry rules. Its name is
437 "rcpt_4xx", and there are three forms. A literal "rcpt_4xx" matches any 4xx
438 error received for an outgoing SMTP RCPT command; alternatively, either the
439 first or both of the x's can be given as digits, for example: "rcpt_45x" or
440 "rcpt_436". If you want (say) to recognize 452 errors given to RCPT
441 commands by a particular host, and have only a one-hour retry for them, you
442 can set up a retry rule of this form:
443
444 the.host.name rcpt_452 F,1h,10m
445
446 Naturally, this rule must come before any others that would match.
447
448 These new errors apply to both outgoing SMTP (the smtp transport) and
449 outgoing LMTP (either the lmtp transport, or the smtp transport in LMTP
450 mode). Note, however, that they apply only to responses to RCPT commands.
451
452 6. The "postmaster" option of the callout feature of address verification has
453 been extended to make it possible to use a non-empty MAIL FROM address when
454 checking a postmaster address. The new suboption is called "postmaster_
455 mailfrom", and you use it like this:
456
457 require verify = sender/callout=postmaster_mailfrom=abc@x.y.z
458
459 Providing this suboption causes the postmaster check to be done using the
460 given address. The original "postmaster" option is equivalent to
461
462 require verify = sender/callout=postmaster_mailfrom=
463
464 If both suboptions are present, the rightmost one overrides.
465
466 Important notes:
467
468 (1) If you use a non-empty sender address for postmaster checking, there is
469 the likelihood that the remote host will itself initiate a callout
470 check back to your host to check that address. As this is a "normal"
471 callout check, the sender will most probably be empty, thus avoiding
472 possible callout loops. However, to be on the safe side it would be
473 best to set up your own ACLs so that they do not do sender verification
474 checks when the recipient is the address you use for postmaster callout
475 checking.
476
477 (2) The caching arrangements for postmaster checking do NOT take account of
478 the sender address. It is assumed that either the empty address, or a
479 fixed non-empty address will be used. All that Exim remembers is that
480 the postmaster check for the domain succeeded or failed.
481
482 7. When verifying addresses in header lines using the verify=header_sender
483 option, Exim behaves by default as if the addresses are envelope sender
484 addresses from a message. Callout verification therefore tests to see
485 whether a bounce message could be delivered, by using an empty address in
486 the MAIL FROM command. However, it is arguable that these addresses might
487 never be used as envelope senders, and could therefore justifiably reject
488 bounce messages (empty senders). There is now an additional callout option
489 for verify=header_sender that allows you to specify what address to use in
490 the MAIL FROM command. You use it as in this example:
491
492 require verify = header_sender/callout=mailfrom=abcd@x.y.z
493
494 Important notes:
495
496 (1) As in the case of postmaster_mailfrom (see above), you should think
497 about possible loops.
498
499 (2) In this case, as in the case of recipient callouts with non-empty
500 senders (the use_sender option), caching is done on the basis of a
501 recipient/sender pair.
502
503 8. If you build Exim with USE_READLINE=yes in Local/Makefile, it will try to
504 load libreadline dynamically whenever the -be (test expansion) option is
505 used without command line arguments. If successful, it will then use
506 readline() for reading the test data. A line history is supported. By the
507 time Exim does this, it is running as the calling user, so this should not
508 cause any security problems. Security is the reason why this is NOT
509 supported for -bt or -bv, when Exim is running as root or exim,
510 respectively. Note that this option adds to the size of the Exim binary,
511 because the dynamic loading library is not otherwise included. On my
512 desktop it adds about 2.5K. You may need to add -ldl to EXTRA_LIBS when you
513 set USE_READLINE=yes.
514
515 9. Added ${str2b64:<string>} to the expansion operators. This operator
516 converts an arbitrary string into one that is base64 encoded.
517
51810. A new authenticator, called cyrus_sasl, has been added. This requires
519 the presence of the Cyrus SASL library; it authenticates by calling this
520 library, which supports a number of authentication mechanisms, including
521 PLAIN and LOGIN, but also several others that Exim does not support
522 directly. The code for this authenticator was provided by Matthew
523 Byng-Maddick of A L Digital Ltd (http://www.aldigital.co.uk). Here follows
524 draft documentation:
525
526 xx. THE CYRUS_SASL AUTHENTICATOR
527
528 The cyrus_sasl authenticator provides server support for the Cyrus library
529 Implementation of the RFC 2222 "Simple Authentication and Security Layer".
530 It provides a gatewaying mechanism directly to the Cyrus interface, so if
531 your Cyrus library can do, for example, CRAM-MD5, then so can the
532 cyrus_sasl authenticator. By default it uses the public name of the driver
533 to determine which mechanism to support.
534
535 Where access to some kind of secret file is required, for example in GSSAPI
536 or CRAM-MD5, it is worth noting that the authenticator runs as the exim
537 user, and that the Cyrus SASL library has no way of escalating privileges
538 by default. You may also find you need to set environment variables,
539 depending on the driver you are using.
540
541 xx.1 Using cyrus_sasl as a server
542
543 The cyrus_sasl authenticator has four private options. It puts the username
544 (on a successful authentication) into $1.
545
546 server_hostname Type: string* Default: $primary_hostname
547
548 This option selects the hostname that is used when communicating with
549 the library. It is up to the underlying SASL plug-in what it does with
550 this data.
551
552 server_mech Type: string Default: public_name
553
554 This option selects the authentication mechanism this driver should
555 use. It allows you to use a different underlying mechanism from the
556 advertised name. For example:
557
558 sasl:
559 driver = cyrus_sasl
560 public_name = X-ANYTHING
561 server_mech = CRAM-MD5
562 server_set_id = $1
563
564 server_realm Type: string Default: unset
565
566 This is the SASL realm that the server is claiming to be in.
567
568 server_service Type: string Default: "smtp"
569
570 This is the SASL service that the server claims to implement.
571
572 For straigthforward cases, you do not need to set any of the
573 authenticator's private options. All you need to do is to specify an
574 appropriate mechanism as the public name. Thus, if you have a SASL library
575 that supports CRAM-MD5 and PLAIN, you might have two authenticators as
576 follows:
577
578 sasl_cram_md5:
579 driver = cyrus_sasl
580 public_name = CRAM-MD5
581 server_set_id = $1
582
583 sasl_plain:
584 driver = cyrus_sasl
585 public_name = PLAIN
586 server_set_id = $1
587
58811. There is a new global option called tls_on_connect_ports. Its value must be
589 a list of port numbers; the most common use is expected to be
590
591 tls_on_connect_ports = 465
592
593 Setting this option has the same effect as -tls-on-connect on the command
594 line, but only for the specified ports. It applies to all connections, both
595 via the daemon and via inetd. You still need to specify all the ports for
596 the daemon (using daemon_smtp_ports or local_interfaces or the -X command
597 line option) because this option does not add an extra port -- rather, it
598 specifies different behaviour on a port that is defined elsewhere. The
599 -tls-on-connect command line option overrides tls_on_connect_ports, and
600 forces tls-on-connect for all ports.
601
60212. There is a new ACL that is run when a DATA command is received, before the
603 data itself is received. The ACL is defined by acl_smtp_predata. (Compare
604 acl_smtp_data, which is run after the data has been received.)
605 This new ACL allows a negative response to be given to the DATA command
606 itself. Header lines added by MAIL or RCPT ACLs are not visible at this
607 time, but any that are defined here are visible when the acl_smtp_data ACL
608 is run.
609
61013. The "control=submission" ACL modifier has an option "/domain=xxx" which
611 specifies the domain to be used when creating From: or Sender: lines using
612 the authenticated id as a local part. If the option is supplied with an
613 empty domain, that is, just "/domain=", Exim assumes that the authenticated
614 id is a complete email address, and it uses it as is when creating From:
615 or Sender: lines.
616
61714. It is now possible to make retry rules that apply only when the failing
618 message has a specific sender. In particular, this can be used to define
619 retry rules that apply only to bounce messages. The syntax is to add a new
620 third item to a retry rule, of the form "senders=<address list>". The retry
621 timings themselves then become the fourth item. For example:
622
623 * * senders=: F,1h,30m
624
625 would match all bounce messages. If the address list contains white space,
626 it must be enclosed in quotes. For example:
627
628 a.domain timeout senders="x@b.dom : y@c.dom" G,8h,10m,1.5
629
630 When testing retry rules using -brt, you can supply a sender using the -f
631 command line option, like this:
632
633 exim -f "" -brt user@dom.ain
634
635 If you do not set -f with -brt, a retry rule that contains a senders list
636 will never be matched.
637
63815. Two new control modifiers have been added to ACLs: "control = enforce_sync"
639 and "control = no_enforce_sync". This makes it possible to be selective
640 about when SMTP synchronization is enforced. The global option
641 smtp_enforce_sync now specifies the default state of the switch. These
642 controls can appear in any ACL, but the most obvious place to put them is
643 in the ACL defined by acl_smtp_connect, which is run at the start of an
644 incoming SMTP connection, before the first synchronization check.
645
64616. Another two new control modifiers are "control = caseful_local_part" and
647 "control = caselower_local_part". These are permitted only in the ACL
648 specified by acl_smtp_rcpt (i.e. during RCPT processing). By default, the
649 contents of $local_part are lower cased before ACL processing.
650 After "control = caseful_local_part", any uppercase letters in the original
651 local part are restored in $local_part for the rest of the ACL, or until
652 "control = caselower_local_part" is encountered. However, this applies only
653 to local part handling that takes place directly in the ACL (for example,
654 as a key in lookups). If a "verify = recipient" test is obeyed, the
655 case-related handling of the local part during the verification is
656 controlled by the router configuration (see the caseful_local_part generic
657 router option).
658
659 This facility could be used, for example, to add a spam score to local
660 parts containing upper case letters. For example, using $acl_m4 to
661 accumulate the spam score:
662
663 warn control = caseful_local_part
664 set acl_m4 = ${eval:\
665 $acl_m4 + \
666 ${if match{$local_part}{[A-Z]}{1}{0}}\
667 }
668 control = caselower_local_part
669
670 Notice that we put back the lower cased version afterwards, assuming that
671 is what is wanted for subsequent tests.
672
67317. The option hosts_connection_nolog is provided so that certain hosts can be
674 excepted from logging when the +smtp_connection log selector is set. For
675 example, you might want not to log SMTP connections from local processes,
676 or from 127.0.0.1, or from your local LAN. The option is a host list with
677 an unset default. Because it is consulted in the main loop of the daemon,
678 you should strive to restrict its value to a short inline list of IP
679 addresses and networks. To disable logging SMTP connections from local
680 processes, you must create a host list with an empty item. For example:
681
682 hosts_connection_nolog = :
683
684 If the +smtp_connection log selector is not set, this option has no effect.
685
68618. There is now an acl called acl_smtp_quit, which is run for the QUIT
687 command. The outcome of the ACL does not affect the response code to QUIT,
688 which is always 221. Thus, the ACL does not in fact control any access.
689 For this reason, the only verbs that are permitted are "accept" and "warn".
690
691 The ACL can be used for tasks such as custom logging at the end of an SMTP
692 session. For example, you can use ACL variables in other ACLs to count
693 messages, recipients, etc., and log the totals at QUIT time using one or
694 more "logwrite" modifiers on a "warn" command.
695
696 You do not need to have a final "accept", but if you do, you can use a
697 "message" modifier to specify custom text that is sent as part of the 221
698 response.
699
700 This ACL is run only for a "normal" QUIT. For certain kinds of disastrous
701 failure (for example, failure to open a log file, or when Exim is bombing
702 out because it has detected an unrecoverable error), all SMTP commands
703 from the client are given temporary error responses until QUIT is received
704 or the connection is closed. In these special cases, the ACL is not run.
705
70619. The appendfile transport has two new options, mailbox_size and mailbox_
707 filecount. If either these options are set, it is expanded, and the result
708 is taken as the current size of the mailbox or the number of files in the
709 mailbox, respectively. This makes it possible to use some external means of
710 maintaining the data about the size of a mailbox for enforcing quota
711 limits. The result of expanding these option values must be a decimal
712 number, optionally followed by "K" or "M".
713
71420. It seems that there are broken clients in use that cannot handle multiline
715 SMTP responses. Can't people who implement these braindead programs read?
716 RFC 821 mentions multiline responses, and it is over 20 years old. They
717 must handle multiline responses for EHLO, or do they still use HELO?
718 Anyway, here is YAWFAB (yet another workaround for asinine brokenness).
719 There's a new ACL switch that can be set by
720
721 control = no_multiline_responses
722
723 If this is set, it suppresses multiline SMTP responses from ACL rejections.
724 One way of doing this would have been just to put out these responses as
725 one long line. However, RFC 2821 specifies a maximum of 512 bytes per
726 response ("use multiline responses for more" it says), and some of the
727 responses might get close to that. So I have implemented this by doing two
728 very easy things:
729
730 (1) Extra information that is normally output as part of a rejection
731 caused by sender verification failure is omitted. Only the final line
732 (typically "sender verification failed") is now sent.
733
734 (2) If a "message" modifier supplies a multiline response, only the first
735 line is output.
736
737 The setting of the switch can, of course, be made conditional on the
738 calling host.
739
74021. There is now support for the libradius library that comes with FreeBSD.
741 This is an alternative to the radiusclient library that Exim already
742 supports. To use the FreeBSD library, you need to set
743
744 RADIUS_LIB_TYPE=RADLIB
745
746 in Local/Makefile, in addition to RADIUS_CONFIGURE_FILE, and you probably
747 also need -libradius in EXTRALIBS.
748
749
750Version 4.42
751------------
752
753 1. The "personal" filter test is brought up-to-date with recommendations from
754 the Sieve specification: (a) The list of non-personal From: addresses now
755 includes "listserv", "majordomo", and "*-request"; (b) If the message
756 contains any header line starting with "List=-" it is treated as
757 non-personal.
758
759 2. The Sieve functionality has been extended to support the "copy" and
760 "vacation" extensions, and comparison tests.
761
762 3. There is now an overall timeout for performing a callout verification. It
763 defaults to 4 times the callout timeout, which applies to individual SMTP
764 commands during the callout. The overall timeout applies when there is more
765 than one host that can be tried. The timeout is checked before trying the
766 next host. This prevents very long delays if there are a large number of
767 hosts and all are timing out (e.g. when the network connections are timing
768 out). The value of the overall timeout can be changed by specifying an
769 additional sub-option for "callout", called "maxwait". For example:
770
771 verify = sender/callout=5s,maxwait=20s
772
773 4. Changes to the "personal" filter test:
774
775 (1) The list of non-personal local parts in From: addresses has been
776 extended to include "listserv", "majordomo", "*-request", and "owner-*",
777 taken from the Sieve specification recommendations.
778
779 (2) If the message contains any header line starting with "List-" it is
780 treated as non-personal.
781
782 (3) The test for "circular" in the Subject: header line has been removed
783 because it now seems ill-conceived.
784
785 5. The autoreply transport has a new option called never_mail. This is an
786 address list. If any run of the transport creates a message with a
787 recipient that matches any item in the list, that recipient is quietly
788 discarded. If all recipients are discarded, no message is created.
789
790
791Version 4.40
792------------
793
794The documentation is up-to-date for the 4.40 release. What follows here is a
795brief list of the new features that have been added since 4.30.
796
797 1. log_incoming_interface affects more log lines.
798
799 2. New ACL modifier "control = submission".
800
801 3. CONFIGURE_OWNER can be set at build time to define an alternative owner for
802 the configuration file, in addition to root and exim.
803
804 4. Added expansion variables $body_zerocount, $recipient_data, and
805 $sender_data.
806
807 5. The time of last modification of the "new" subdirectory is now used as the
808 "mailbox time last read" when there is a quota error for a maildir
809 delivery.
810
811 6. The special item "+ignore_unknown" may now appear in host lists.
812
813 7. The special domain-matching patterns @mx_any, @mx_primary, and
814 @mx_secondary can now be followed by "/ignore=<ip list>".
815
816 8. New expansion conditions: match_domain, match_address, match_local_part,
817 lt, lti, le, lei, gt, gti, ge, and new expansion operators time_interval,
818 eval10, and base62d.
819
820 9. New lookup type called "iplsearch".
821
82210. New log selectors ident_timeout, tls_certificate_verified, queue_time,
823 deliver_time, outgoing_port, return_path_on_delivery.
824
82511. New global options smtp_active_hostname and tls_require_ciphers.
826
82712. Exinext has -C and -D options.
828
82913. "domainlist_cache" forces caching of an apparently variable list.
830
83114. For compatibility with Sendmail, the command line option -prval:sval
832 is equivalent to -oMr rval -oMs sval.
833
83415. New callout options use_sender and use_postmaster for use when verifying
835 recipients.
836
83716. John Jetmore's "exipick" utility has been added to the distribution.
838
83917. The TLS code now supports CRLs.
840
84118. The dnslookup router and the dnsdb lookup type now support the use of SRV
842 records.
843
84419. The redirect router has a new option called qualify_domain.
845
84620. exigrep's output now also includes lines that are not related to any
847 particular message, but which do match the pattern.
848
84921. New global option write_rejectlog. If it is set false, Exim no longer
850 writes anything to the reject log.
851
852****