Commit | Line | Data |
---|---|---|
0f4f2a88 PH |
1 | This document contains detailed information about incompatibilities that might |
2 | be encountered when upgrading from one release of Exim to another. The | |
3 | information is in reverse order of release numbers. Mostly these are relatively | |
4 | small points, and the configuration file is normally upwards compatible, but | |
5 | there have been two big upheavals... | |
6 | ||
7 | ||
8 | ************************************************************************** | |
9 | * There was a big reworking of the way mail routing works for release * | |
10 | * 4.00. Previously used "directors" were abolished, and all routing is * | |
11 | * now done by routers. Policy controls for incoming mail are now done by * | |
12 | * Access Control Lists instead of separate options. All this means that * | |
13 | * pre-4.00 configuration files have to be massively converted. If you * | |
14 | * are coming from a 3.xx release, please read the document in the file * | |
15 | * doc/Exim4.upgrade, and allow some time to complete the upgrade. * | |
16 | * * | |
17 | * There was a big reworking of the way domain/host/net/address lists are * | |
18 | * handled at release 3.00. If you are coming from a pre-3.00 release, it * | |
19 | * might be easier to start again from a default configuration. Otherwise * | |
20 | * you need to read doc/Exim3.upgrade and do a double conversion of your * | |
21 | * configuration file. * | |
22 | ************************************************************************** | |
23 | ||
24 | ||
25 | The rest of this document contains information about changes in 4.xx releases | |
26 | that might affect a running system. | |
2eda48c6 | 27 | |
ebcf27af PP |
28 | |
29 | Exim version 4.94 | |
30 | ----------------- | |
31 | ||
32 | Some Transports now refuse to use tainted data in constructing their delivery | |
33 | location; this WILL BREAK configurations which are not updated accordingly. | |
ebcf27af PP |
34 | In particular: any Transport use of $local_user which has been relying upon |
35 | check_local_user far away in the Router to make it safe, should be updated to | |
36 | replace $local_user with $local_part_verified. | |
37 | ||
cd6a4c65 JH |
38 | Attempting to remove, in router or transport, a header name that ends with |
39 | an asterisk (which is a standards-legal name) will now result in all headers | |
40 | named starting with the string before the asterisk being removed. We recommend | |
41 | staying away from such names, if they are private ones (and in case of future | |
42 | enhancements, alao header names that look like REs). | |
43 | ||
ebcf27af | 44 | |
885bb037 HSHR |
45 | Exim version 4.93 |
46 | ----------------- | |
47 | ||
48 | For a detailed list of changes that might affect Exim's operation with | |
49 | an unchanged configuration, please see the doc/ChangeLog file. | |
50 | ||
51 | Build: | |
52 | ||
53 | * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC | |
54 | ||
55 | * DISABLE_TLS replaces SUPPORT_TLS | |
56 | ||
57 | * Bump the version for the local_scan API. | |
58 | ||
59 | Runtime: | |
60 | ||
61 | * smtp transport option hosts_try_fastopen defaults to "*". | |
62 | ||
63 | * DNSSec is requested (not required) for all queries. (This seemes to | |
64 | ask for trouble if your resolver is a systemd-resolved.) | |
65 | ||
66 | * Generic router option retry_use_local_part defaults to "true" under specific | |
67 | pre-conditions. | |
68 | ||
69 | * Introduce a tainting mechanism for values read from untrusted sources. | |
70 | ||
71 | * Use longer file names for temporary spool files (this avoids | |
72 | name conflicts with spool on a shared file system). | |
73 | ||
74 | * Use dsn_from main config option (was ignored previously). | |
75 | ||
e6acf885 | 76 | |
d8d9f930 JH |
77 | Exim version 4.92 |
78 | ----------------- | |
79 | ||
80 | * Exim used to manually follow CNAME chains, to a limited depth. In this | |
81 | day-and-age we expect the resolver to be doing this for us, so the loop | |
82 | is limited to one retry unless the (new) config option dns_cname_loops | |
83 | is changed. | |
84 | ||
1f791335 PP |
85 | Exim version 4.91 |
86 | ----------------- | |
87 | ||
88 | * DANE and SPF have been promoted from Experimental to Supported status, thus | |
89 | the options to enable them in Local/Makefile have been renamed. | |
90 | See current src/EDITME for full details, including changes in dependencies, | |
91 | but loosely: replace EXPERIMENTAL_SPF with SUPPORT_SPF and replace | |
92 | EXPERIMENTAL_DANE with SUPPORT_DANE. | |
93 | ||
94 | * Ancient ClamAV stream support, long deprecated by ClamAV, has been removed; | |
95 | if you were building with WITH_OLD_CLAMAV_STREAM enabled then your problems | |
96 | have marginally increased. | |
97 | ||
98 | * A number of logging changes; if relying upon the previous DKIM additional | |
99 | log-line, explicit log_selector configuration is needed to keep it. | |
100 | ||
101 | * Other incompatible changes in EXPERIMENTAL_* features, read NewStuff and | |
102 | ChangeLog carefully if relying upon an experimental feature such as DMARC. | |
103 | Note that this includes changes to SPF as it was promoted into Supported. | |
104 | ||
105 | ||
2eec84ca PP |
106 | Exim version 4.89 |
107 | ----------------- | |
108 | ||
7dc5f827 PP |
109 | * SMTP CHUNKING in Exim 4.88 did not ensure that received mails had a final |
110 | newline; attempts to deliver such messages onwards to non-chunking hosts | |
111 | would probably hang, as Exim does not insert the newline before a ".". | |
112 | In 4.89, the newline is added upon receipt. For already-received messages | |
113 | in your queue, try util/chunking_fixqueue_finalnewlines.pl | |
114 | to walk the queue, fixing any affected messages. Note that because a | |
115 | delivery attempt will be hanging, attempts to lock the messages for fixing | |
116 | them will stall; stopping all queue-runners temporarily is recommended. | |
117 | ||
2eec84ca PP |
118 | * OpenSSL: oldest supported release series is now 1.0.2, which is the oldest |
119 | supported by the OpenSSL project. If you can build Exim with an older | |
120 | release series, congratulations. If you can't, then upgrade. | |
121 | The file doc/openssl.txt contains instructions for installing a current | |
122 | OpenSSL outside the system library paths and building Exim to use it. | |
123 | ||
0aaf76a4 PP |
124 | * FreeBSD: we now always use the system iconv in libc, as all versions of |
125 | FreeBSD supported by the FreeBSD project provide this functionality. | |
126 | ||
2eec84ca | 127 | |
f59aaaaa PP |
128 | Exim version 4.88 |
129 | ----------------- | |
130 | ||
131 | * The "demime" ACL condition, deprecated for the past 10 years, has | |
132 | now been removed. | |
133 | ||
134 | * Old GnuTLS configuration options "gnutls_require_kx", "gnutls_require_mac", | |
135 | and "gnutls_require_protocols" have now been removed. (Inoperative from | |
136 | 4.80, per below; logging warnings since 4.83, again per below). | |
137 | ||
138 | ||
c50e5871 JH |
139 | Exim version 4.83 |
140 | ----------------- | |
141 | ||
142 | * SPF condition results renamed "permerror" and "temperror". The old | |
aded2255 | 143 | names are still accepted for back-compatibility, for this release. |
c50e5871 JH |
144 | |
145 | * TLS details are now logged on rejects, subject to log selectors. | |
146 | ||
147 | * Items in headers_remove lists must now have any embedded list-separators | |
148 | doubled. | |
149 | ||
150 | * Attempted use of the deprecated options "gnutls_require_kx" et. al. | |
151 | now result in logged warning. | |
152 | ||
153 | ||
2c422e6f | 154 | Exim version 4.82 |
a5f239e4 PP |
155 | ----------------- |
156 | ||
2519e60d | 157 | * New option gnutls_allow_auto_pkcs11 defaults false; if you have GnuTLS 2.12.0 |
a5f239e4 PP |
158 | or later and do want PKCS11 modules to be autoloaded, then set this option. |
159 | ||
8b260705 PP |
160 | * A per-transport wait-<name> database is no longer updated if the transport |
161 | sets "connection_max_messages" to 1, as it can not be used and causes | |
162 | unnecessary serialisation and load. External tools tracking the state of | |
163 | Exim by the hints databases may need modification to take this into account. | |
164 | ||
b10e4ec2 TL |
165 | * The av_scanner option can now accept multiple clamd TCP targets, all other |
166 | setting limitations remain. | |
167 | ||
a5f239e4 | 168 | |
83e2f8a2 | 169 | Exim version 4.80 |
dec5017e PP |
170 | ----------------- |
171 | ||
83e2f8a2 PP |
172 | * BEWARE backwards-incompatible changes in SSL libraries, thus the version |
173 | bump. See points below for details. | |
c2b063d4 | 174 | Also an LDAP data returned format change. |
83e2f8a2 | 175 | |
dec5017e PP |
176 | * The value of $tls_peerdn is now print-escaped when written to the spool file |
177 | in a -tls_peerdn line, and unescaped when read back in. We received reports | |
178 | of values with embedded newlines, which caused spool file corruption. | |
179 | ||
180 | If you have a corrupt spool file and you wish to recover the contents after | |
181 | upgrading, then lock the message, replace the new-lines that should be part | |
182 | of the -tls_peerdn line with the two-character sequence \n and then unlock | |
183 | the message. No tool has been provided as we believe this is a rare | |
aded2255 | 184 | occurrence. |
dec5017e | 185 | |
f0f5a555 PP |
186 | * For OpenSSL, SSLv2 is now disabled by default. (GnuTLS does not support |
187 | SSLv2). RFC 6176 prohibits SSLv2 and some informal surveys suggest no | |
188 | actual usage. You can re-enable with the "openssl_options" Exim option, | |
189 | in the main configuration section. Note that supporting SSLv2 exposes | |
190 | you to ciphersuite downgrade attacks. | |
191 | ||
c80c5570 PP |
192 | * With OpenSSL 1.0.1+, Exim now supports TLS 1.1 and TLS 1.2. If built |
193 | against 1.0.1a then you will get a warning message and the | |
194 | "openssl_options" value will not parse "no_tlsv1_1": the value changes | |
195 | incompatibly between 1.0.1a and 1.0.1b, because the value chosen for 1.0.1a | |
196 | is infelicitous. We advise avoiding 1.0.1a. | |
197 | ||
198 | "openssl_options" gains "no_tlsv1_1", "no_tlsv1_2" and "no_compression". | |
199 | ||
da3ad30d | 200 | COMPATIBILITY WARNING: The default value of "openssl_options" is no longer |
f0f5a555 PP |
201 | "+dont_insert_empty_fragments". We default to "+no_sslv2". |
202 | That old default was grandfathered in from before openssl_options became a | |
203 | configuration option. | |
da3ad30d PP |
204 | Empty fragments are inserted by default through TLS1.0, to partially defend |
205 | against certain attacks; TLS1.1+ change the protocol so that this is not | |
206 | needed. The DIEF SSL option was required for some old releases of mail | |
207 | clients which did not gracefully handle the empty fragments, and was | |
208 | initially set in Exim release 4.31 (see ChangeLog, item 37). | |
209 | ||
210 | If you still have affected mail-clients, and you see SSL protocol failures | |
211 | with this release of Exim, set: | |
212 | openssl_options = +dont_insert_empty_fragments | |
213 | in the main section of your Exim configuration file. You're trading off | |
214 | security for compatibility. Exim is now defaulting to higher security and | |
215 | rewarding more modern clients. | |
216 | ||
3375e053 PP |
217 | If the option tls_dhparams is set and the parameters loaded from the file |
218 | have a bit-count greater than the new option tls_dh_max_bits, then the file | |
219 | will now be ignored. If this affects you, raise the tls_dh_max_bits limit. | |
220 | We suspect that most folks are using dated defaults and will not be affected. | |
221 | ||
5407bfff JH |
222 | * Ldap lookups returning multi-valued attributes now separate the attributes |
223 | with only a comma, not a comma-space sequence. Also, an actual comma within | |
224 | a returned attribute is doubled. This makes it possible to parse the | |
225 | attribute as a comma-separated list. Note the distinction from multiple | |
226 | attributes being returned, where each one is a name=value pair. | |
c80c5570 | 227 | |
c2b063d4 PP |
228 | If you are currently splitting the results from LDAP upon a comma, then you |
229 | should check carefully to see if adjustments are needed. | |
230 | ||
231 | This change lets cautious folks distinguish "comma used as separator for | |
232 | joining values" from "comma inside the data". | |
233 | ||
9cbad13b PP |
234 | * accept_8bitmime now defaults on, which is not RFC compliant but is better |
235 | suited to today's Internet. See http://cr.yp.to/smtp/8bitmime.html for a | |
236 | sane rationale. Those who wish to be strictly RFC compliant, or know that | |
237 | they need to talk to servers that are not 8-bit-clean, now need to take | |
238 | explicit configuration action to default this option off. This is not a | |
239 | new option, you can safely force it off before upgrading, to decouple | |
240 | configuration changes from the binary upgrade while remaining RFC compliant. | |
241 | ||
f90a9fd1 PP |
242 | * The GnuTLS support has been mostly rewritten, to use APIs which don't cause |
243 | deprecation warnings in GnuTLS 2.12.x. As part of this, these three options | |
244 | are no longer supported: | |
17c76198 PP |
245 | |
246 | gnutls_require_kx | |
247 | gnutls_require_mac | |
248 | gnutls_require_protocols | |
249 | ||
f90a9fd1 PP |
250 | Their functionality is entirely subsumed into tls_require_ciphers. In turn, |
251 | tls_require_ciphers is no longer an Exim list and is not parsed by Exim, but | |
252 | is instead given to gnutls_priority_init(3), which expects a priority string; | |
253 | this behaviour is much closer to the OpenSSL behaviour. See: | |
17c76198 | 254 | |
42bfef1e | 255 | http://www.gnutls.org/manual/html_node/Priority-Strings.html |
17c76198 PP |
256 | |
257 | for fuller documentation of the strings parsed. The three gnutls_require_* | |
258 | options are still parsed by Exim and, for this release, silently ignored. | |
259 | A future release will add warnings, before a later still release removes | |
260 | parsing entirely and the presence of the options will be a configuration | |
261 | error. | |
262 | ||
83e2f8a2 PP |
263 | Note that by default, GnuTLS will not accept RSA-MD5 signatures in chains. |
264 | A tls_require_ciphers value of NORMAL:%VERIFY_ALLOW_SIGN_RSA_MD5 may | |
265 | re-enable support, but this is not supported by the Exim maintainers. | |
266 | Our test suite no longer includes MD5-based certificates. | |
267 | ||
17c76198 PP |
268 | This rewrite means that Exim will continue to build against GnuTLS in the |
269 | future, brings Exim closer to other GnuTLS applications and lets us add | |
270 | support for SNI and other features more readily. We regret that it wasn't | |
271 | feasible to retain the three dropped options. | |
272 | ||
3375e053 PP |
273 | * If built with TLS support, then Exim will now validate the value of |
274 | the main section tls_require_ciphers option at start-up. Before, this | |
275 | would cause a STARTTLS 4xx failure, now it causes a failure to start. | |
276 | Running with a broken configuration which causes failures that may only | |
277 | be left in the logs has been traded off for something more visible. This | |
278 | change makes an existing problem more prominent, but we do not believe | |
279 | anyone would deliberately be running with an invalid tls_require_ciphers | |
280 | option. | |
281 | ||
282 | This also means that library linkage issues caused by conflicts of some | |
283 | kind might take out the main daemon, not just the delivery or receiving | |
284 | process. Conceivably some folks might prefer to continue delivering | |
285 | mail plaintext when their binary is broken in this way, if there is a | |
286 | server that is a candidate to receive such mails that does not advertise | |
287 | STARTTLS. Note that Exim is typically a setuid root binary and given | |
288 | broken linkage problems that cause segfaults, we feel it is safer to | |
289 | fail completely. (The check is not done as root, to ensure that problems | |
290 | here are not made worse by the check). | |
291 | ||
a799883d PP |
292 | * The "tls_dhparam" option has been updated, so that it can now specify a |
293 | path or an identifier for a standard DH prime from one of a few RFCs. | |
294 | The default for OpenSSL is no longer to not use DH but instead to use | |
295 | one of these standard primes. The default for GnuTLS is no longer to use | |
296 | a file in the spool directory, but to use that same standard prime. | |
297 | The option is now used by GnuTLS too. If it points to a path, then | |
298 | GnuTLS will use that path, instead of a file in the spool directory; | |
299 | GnuTLS will attempt to create it if it does not exist. | |
300 | ||
301 | To preserve the previous behaviour of generating files in the spool | |
302 | directory, set "tls_dhparam = historic". Since prior releases of Exim | |
303 | ignored tls_dhparam when using GnuTLS, this can safely be done before | |
304 | the upgrade. | |
305 | ||
306 | ||
dec5017e | 307 | |
c566dd90 PP |
308 | Exim version 4.77 |
309 | ----------------- | |
310 | ||
311 | * GnuTLS will now attempt to use TLS 1.2 and TLS 1.1 before TLS 1.0 and SSL3, | |
312 | if supported by your GnuTLS library. Use the existing | |
313 | "gnutls_require_protocols" option to downgrade this if that will be a | |
314 | problem. Prior to this release, supported values were "TLS1" and "SSL3", | |
315 | so you should be able to update configuration prior to update. | |
316 | ||
0215ec07 PP |
317 | [nb: gnutls_require_protocols removed in Exim 4.80, instead use |
318 | tls_require_ciphers to provide a priority string; see notes above] | |
319 | ||
39257585 PP |
320 | * The match_<type>{string1}{string2} expansion conditions no longer subject |
321 | string2 to string expansion, unless Exim was built with the new | |
322 | "EXPAND_LISTMATCH_RHS" option. Too many people have inadvertently created | |
323 | insecure configurations that way. If you need the functionality and turn on | |
324 | that build option, please let the developers know, and know why, so we can | |
325 | try to provide a safer mechanism for you. | |
326 | ||
a7ee5955 PP |
327 | The match{}{} expansion condition (for regular expressions) is NOT affected. |
328 | For match_<type>{s1}{s2}, all list functionality is unchanged. The only | |
329 | change is that a '$' appearing in s2 will not trigger expansion, but instead | |
330 | will be treated as a literal $ sign; the effect is very similar to having | |
331 | wrapped s2 with \N...\N. If s2 contains a named list and the list definition | |
332 | uses $expansions then those _will_ be processed as normal. It is only the | |
333 | point at which s2 is read where expansion is inhibited. | |
334 | ||
335 | If you are trying to test if two email addresses are equal, use eqi{s1}{s2}. | |
336 | If you are testing if the address in s1 occurs in the list of items given | |
337 | in s2, either use the new inlisti{s1}{s2} condition (added in 4.77) or use | |
338 | the pre-existing forany{s2}{eqi{$item}{s1}} condition. | |
339 | ||
c566dd90 | 340 | |
e6acf885 PP |
341 | Exim version 4.74 |
342 | ----------------- | |
343 | ||
4050a044 PP |
344 | * The integrated support for dynamically loadable lookup modules has an ABI |
345 | change from the modules supported by some OS vendors through an unofficial | |
346 | patch. Don't try to mix & match. | |
347 | ||
348 | * Some parts of the build system are now beginning to assume that the host | |
349 | environment is POSIX. If you're building on a system where POSIX tools are | |
350 | not the default, you might have an easier time if you switch to the POSIX | |
351 | tools. Feel free to report non-POSIX issues as a request for a feature | |
352 | enhancement, but if the POSIX variants are available then the fix will | |
353 | probably just involve some coercion. See the README instructions for | |
354 | building on such hosts. | |
e6acf885 PP |
355 | |
356 | ||
357 | Exim version 4.73 | |
358 | ----------------- | |
359 | ||
360 | * The Exim run-time user can no longer be root; this was always | |
361 | strongly discouraged, but is now prohibited both at build and | |
362 | run-time. If you need Exim to run routinely as root, you'll need to | |
363 | patch the source and accept the risk. Here be dragons. | |
364 | ||
365 | * Exim will no longer accept a configuration file owned by the Exim | |
366 | run-time user, unless that account is explicitly the value in | |
367 | CONFIGURE_OWNER, which we discourage. Exim now checks to ensure that | |
a7ee5955 | 368 | files are not writeable by other accounts. |
e6acf885 PP |
369 | |
370 | * The ALT_CONFIG_ROOT_ONLY build option is no longer optional and is forced | |
371 | on; the Exim user can, by default, no longer use -C/-D and retain privilege. | |
372 | Two new build options mitigate this. | |
373 | ||
374 | * TRUSTED_CONFIG_LIST defines a file containing a whitelist of config | |
375 | files that are trusted to be selected by the Exim user; one per line. | |
376 | This is the recommended approach going forward. | |
377 | ||
378 | * WHITELIST_D_MACROS defines a colon-separated list of macro names which | |
379 | the Exim run-time user may safely pass without dropping privileges. | |
380 | Because changes to this involve a recompile, this is not the recommended | |
381 | approach but may ease transition. The values of the macros, when | |
43236f35 | 382 | overridden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$ |
e6acf885 PP |
383 | |
384 | * The system_filter_user option now defaults to the Exim run-time user, | |
385 | rather than root. You can still set it explicitly to root and this | |
386 | can be done with prior versions too, letting you roll versions | |
387 | without needing to change this configuration option. | |
388 | ||
389 | * ClamAV must be at least version 0.95 unless WITH_OLD_CLAMAV_STREAM is | |
390 | defined at build time. | |
391 | ||
392 | ||
2eda48c6 TK |
393 | Exim version 4.70 |
394 | ----------------- | |
395 | ||
396 | 1. Experimental Yahoo! Domainkeys support has been dropped in this release. | |
aded2255 | 397 | It has been superseded by a native implementation of its successor DKIM. |
2eda48c6 TK |
398 | |
399 | 2. Up to version 4.69, Exim came with an embedded version of the PCRE library. | |
400 | As of 4.70, this is no longer the case. To compile Exim, you will need PCRE | |
a7ee5955 | 401 | installed. Most OS distributions have ready-made library and development |
2eda48c6 | 402 | packages. |
0f4f2a88 PH |
403 | |
404 | ||
3c223874 PH |
405 | Exim version 4.68 |
406 | ----------------- | |
407 | ||
408 | 1. The internal implementation of the database keys that are used for ACL | |
409 | ratelimiting has been tidied up. This means that an update to 4.68 might cause | |
410 | Exim to "forget" previous rates that it had calculated, and reset them to zero. | |
411 | ||
412 | ||
26da7e20 PH |
413 | Exim version 4.64 |
414 | ----------------- | |
415 | ||
416 | 1. Callouts were setting the name used for EHLO/HELO from $smtp_active_ | |
417 | hostname. This is wrong, because it relates to the incoming message (and | |
418 | probably the interface on which it is arriving) and not to the outgoing | |
419 | callout (which could be using a different interface). This has been | |
420 | changed to use the value of the helo_data option from the smtp transport | |
421 | instead - this is what is used when a message is actually being sent. If | |
422 | there is no remote transport (possible with a router that sets up host | |
423 | addresses), $smtp_active_hostname is used. This change is mentioned here in | |
424 | case somebody is relying on the use of $smtp_active_hostname. | |
425 | ||
ebc9d865 PH |
426 | 2. A bug has been fixed that might just possibly be something that is relied on |
427 | in some configurations. In expansion items such as ${if >{xxx}{yyy}...} an | |
428 | empty string (that is {}) was being interpreted as if it was {0} and therefore | |
429 | treated as the number zero. From release 4.64, such strings cause an error | |
430 | because a decimal number, possibly followed by K or M, is required (as has | |
431 | always been documented). | |
432 | ||
b6c27e28 PH |
433 | 3. There has been a change to the GnuTLS support (ChangeLog/PH/20) to improve |
434 | Exim's performance. Unfortunately, this has the side effect of being slightly | |
435 | non-upwards compatible for versions 4.50 and earlier. If you are upgrading from | |
436 | one of these earlier versions and you use GnuTLS, you must remove the file | |
437 | called gnutls-params in Exim's spool directory. If you don't do this, you will | |
438 | see this error: | |
439 | ||
440 | TLS error on connection from ... (DH params import): Base64 decoding error. | |
441 | ||
442 | Removing the file causes Exim to recompute the relevant encryption parameters | |
443 | and cache them in the new format that was introduced for release 4.51 (May | |
444 | 2005). If you are upgrading from release 4.51 or later, there should be no | |
445 | problem. | |
446 | ||
26da7e20 | 447 | |
a5bd321b PH |
448 | Exim version 4.63 |
449 | ----------------- | |
450 | ||
451 | When an SMTP error message is specified in a "message" modifier in an ACL, or | |
452 | in a :fail: or :defer: message in a redirect router, Exim now checks the start | |
453 | of the message for an SMTP error code. This consists of three digits followed | |
454 | by a space, optionally followed by an extended code of the form n.n.n, also | |
455 | followed by a space. If this is the case and the very first digit is the same | |
456 | as the default error code, the code from the message is used instead. If the | |
457 | very first digit is incorrect, a panic error is logged, and the default code is | |
458 | used. This is an incompatible change, but it is not expected to affect many (if | |
459 | any) configurations. It is possible to suppress the use of the supplied code in | |
460 | a redirect router by setting the smtp_error_code option false. In this case, | |
461 | any SMTP code is quietly ignored. | |
462 | ||
463 | ||
47ca6d6c PH |
464 | Exim version 4.61 |
465 | ----------------- | |
466 | ||
8def5aaf PH |
467 | 1. The default number of ACL variables of each type has been increased to 20, |
468 | and it's possible to compile Exim with more. You can safely upgrade to this | |
469 | release if you already have messages on the queue with saved ACL variable | |
470 | values. However, if you downgrade from this release with messages on the queue, | |
471 | any saved ACL values they may have will be lost. | |
472 | ||
473 | 2. The default value for rfc1413_query_timeout has been changed from 30s to 5s. | |
47ca6d6c PH |
474 | |
475 | ||
8857ccfd PH |
476 | Exim version 4.54 |
477 | ----------------- | |
478 | ||
479 | There was a problem with 4.52/TF/02 in that a "name=" option on control= | |
480 | submission terminated at the next slash, thereby not allowing for slashes in | |
481 | the name. This has been changed so that "name=" takes the rest of the string as | |
482 | its data. It must therefore be the last option. | |
483 | ||
484 | ||
f3f0a1f0 PH |
485 | Version 4.53 |
486 | ------------ | |
487 | ||
488 | If you are using the experimental Domain Keys support, you must upgrade to | |
489 | at least libdomainkeys 0.67 in order to run this release of Exim. | |
490 | ||
491 | ||
b5aea5e1 PH |
492 | Version 4.51 |
493 | ------------ | |
494 | ||
c688b954 PH |
495 | 1. The format in which GnuTLS parameters are cached (in the file gnutls-params |
496 | in the spool directory) has been changed. The new format can also be generated | |
b5aea5e1 PH |
497 | externally, so it is now possible to update the values from outside Exim. This |
498 | has been implemented in an upwards, BUT NOT downwards, compatible manner. | |
499 | Upgrading should be seamless: when Exim finds that it cannot understand an | |
500 | existing cache file, it generates new parameters and writes them to the cache | |
501 | in the new format. If, however, you downgrade from 4.51 to a previous release, | |
502 | you MUST delete the gnutls-params file in the spool directory, because the | |
503 | older Exim will not recognize the new format. | |
504 | ||
c688b954 PH |
505 | 2. When doing a callout as part of verifying an address, Exim was not paying |
506 | attention to any local part prefix or suffix that was matched by the router | |
507 | that accepted the address. It now behaves in the same way as it does for | |
508 | delivery: the affixes are removed from the local part unless | |
509 | rcpt_include_affixes is set on the transport. If you have a configuration that | |
510 | uses prefixes or suffixes on addresses that could be used for callouts, and you | |
511 | want the affixes to be retained, you must make sure that rcpt_include_affixes | |
512 | is set on the transport. | |
513 | ||
447d236c PH |
514 | 3. Bounce and delay warning messages no longer contain details of delivery |
515 | errors, except for explicit messages (e.g. generated by :fail:) and SMTP | |
516 | responses from remote hosts. | |
517 | ||
b5aea5e1 | 518 | |
8b5af54d PH |
519 | Version 4.50 |
520 | ------------ | |
521 | ||
4964e932 PH |
522 | The exicyclog script has been updated to use three-digit numbers in rotated log |
523 | files if the maximum number to keep is greater than 99. If you are already | |
524 | keeping more than 99, there will be an incompatible change when you upgrade. | |
525 | You will probably want to rename your old log files to the new form before | |
c3af992c | 526 | running the new exicyclog. |
8b5af54d PH |
527 | |
528 | ||
0f4f2a88 PH |
529 | Version 4.42 |
530 | ------------ | |
531 | ||
532 | RFC 3848 specifies standard names for the "with" phrase in Received: header | |
533 | lines when AUTH and/or TLS are in use. This is the "received protocol" | |
534 | field. Exim used to use "asmtp" for authenticated SMTP, without any | |
535 | indication (in the protocol name) for TLS use. Now it follows the RFC and | |
536 | uses "esmtpa" if the connection is authenticated, "esmtps" if it is | |
537 | encrypted, and "esmtpsa" if it is both encrypted and authenticated. These names | |
538 | appear in log lines as well as in Received: header lines. | |
539 | ||
540 | ||
541 | Version 4.34 | |
542 | ------------ | |
543 | ||
544 | Change 4.31/2 gave problems to data ACLs and local_scan() functions that | |
545 | expected to see a Received: header. I have changed to yet another scheme. The | |
546 | Received: header is now generated after the body is received, but before the | |
547 | ACL or local_scan() is called. After they have run, the timestamp in the | |
548 | Received: header is updated. | |
549 | ||
550 | Thus, change (a) of 4.31/2 has been reversed, but change (b) is still true, | |
551 | which is lucky, since I decided it was a bug fix. | |
552 | ||
553 | ||
554 | Version 4.33 | |
555 | ------------ | |
556 | ||
557 | If an expansion in a condition on a "warn" statement fails because a lookup | |
558 | defers, the "warn" statement is abandoned, and the next ACL statement is | |
559 | processed. Previously this caused the whole ACL to be aborted. | |
560 | ||
561 | ||
562 | Version 4.32 | |
563 | ------------ | |
564 | ||
565 | Change 4.31/2 has been reversed, as it proved contentious. Recipient callout | |
566 | verification now uses <> in the MAIL command by default, as it did before. A | |
567 | new callout option, "use_sender", has been added to request the other | |
568 | behaviour. | |
569 | ||
570 | ||
571 | Version 4.31 | |
572 | ------------ | |
573 | ||
574 | 1. If you compile Exim to use GnuTLS, it now requires the use of release 1.0.0 | |
575 | or greater. The interface to the obsolete 0.8.x releases is no longer | |
576 | supported. There is one externally visible change: the format for the | |
577 | display of Distinguished Names now uses commas as a separator rather than a | |
578 | slash. This is to comply with RFC 2253. | |
579 | ||
580 | 2. When a message is received, the Received: header line is now generated when | |
581 | reception is complete, instead of at the start of reception. For messages | |
582 | that take a long time to come in, this changes the meaning of the timestamp. | |
583 | There are several side-effects of this change: | |
584 | ||
585 | (a) If a message is rejected by a DATA or non-SMTP ACL, or by local_scan(), | |
586 | the logged header lines no longer include the local Received: line, | |
587 | because it has not yet been created. If the message is a non-SMTP one, | |
588 | and the error is processed by sending a message to the sender, the copy | |
589 | of the original message that is returned does not have an added | |
590 | Received: line. | |
591 | ||
592 | (b) When a filter file is tested using -bf, no additional Received: header | |
593 | is added to the test message. After some thought, I decided that this | |
594 | is a bug fix. | |
595 | ||
596 | The contents of $received_for are not affected by this change. This | |
597 | variable still contains the single recipient of a message, copied after | |
598 | addresses have been rewritten, but before local_scan() is run. | |
599 | ||
600 | 2. Recipient callout verification, like sender verification, was using <> in | |
601 | the MAIL FROM command. This isn't really the right thing, since the actual | |
602 | sender may affect whether the remote host accepts the recipient or not. I | |
603 | have changed it to use the actual sender in the callout; this means that | |
604 | the cache record is now keyed on a recipient/sender pair, not just the | |
605 | recipient address. There doesn't seem to be a real danger of callout loops, | |
606 | since a callout by the remote host to check the sender would use <>. | |
607 | ||
608 | ||
609 | Version 4.30 | |
610 | ------------ | |
611 | ||
612 | 1. I have abolished timeout_DNS as an error that can be detected in retry | |
613 | rules, because it has never worked. Despite the fact that it has been | |
614 | documented since at least release 1.62, there was no code to support it. | |
615 | If you have used it in your retry rules, you will now get a warning message | |
616 | to the log and panic log. It is now treated as plain "timeout". | |
617 | ||
618 | 2. After discussion on the mailing list, Exim no longer adds From:, Date:, or | |
619 | Message-Id: header lines to messages that do not originate locally, that is, | |
620 | messages that have an associated sending host address. | |
621 | ||
622 | 3. When looking up a host name from an IP address, Exim now tries the DNS | |
623 | first, and only if that fails does it use gethostbyaddr() (or equivalent). | |
624 | This change was made because on some OS, not all the names are given for | |
625 | addresses with multiple PTR records via the gethostbyaddr() interface. The | |
626 | order of lookup can be changed by setting host_lookup_order. | |
627 | ||
628 | ||
629 | Version 4.23 | |
630 | ------------ | |
631 | ||
632 | 1. The new FIXED_NEVER_USERS build-time option creates a list of "never users" | |
633 | that cannot be overridden. The default in the distributed EDITME is "root". | |
634 | If for some reason you were (against advice) running deliveries as root, you | |
635 | will have to ensure that FIXED_NEVER_USERS is not set in your | |
636 | Local/Makefile. | |
637 | ||
638 | 2. The ${quote: operator now quotes an empty string, which it did not before. | |
639 | ||
640 | 3. Version 4.23 saves the contents of the ACL variables with the message, so | |
641 | that they can be used later. If one of these variables contains a newline, | |
642 | there will be a newline character in the spool that will not be interpreted | |
4c04137d | 643 | correctly by a previous version of Exim. (Exim ignores keyed spool file |
0f4f2a88 PH |
644 | items that it doesn't understand - precisely for this kind of problem - but |
645 | it expects them all to be on one line.) | |
646 | ||
647 | So the bottom line is: if you have newlines in your ACL variables, you | |
648 | cannot retreat from 4.23. | |
649 | ||
650 | ||
651 | Version 4.21 | |
652 | ------------ | |
653 | ||
654 | 1. The idea of the "warn" ACL verb is that it adds a header or writes to the | |
655 | log only when "message" or "log_message" are set. However, if one of the | |
656 | conditions was an address verification, or a call to a nested ACL, the | |
657 | messages generated by the underlying test were being passed through. This | |
658 | no longer happens. The underlying message is available in $acl_verify_ | |
659 | message for both "message" and "log_message" expansions, so it can be | |
660 | passed through if needed. | |
661 | ||
662 | 2. The way that the $h_ (and $header_) expansions work has been changed by the | |
663 | addition of RFC 2047 decoding. See the main documentation (the NewStuff file | |
664 | until release 4.30, then the manual) for full details. Briefly, there are | |
665 | now three forms: | |
666 | ||
667 | $rh_xxx: and $rheader_xxx: give the original content of the header | |
668 | line(s), with no processing at all. | |
669 | ||
670 | $bh_xxx: and $bheader_xxx: remove leading and trailing white space, and | |
671 | then decode base64 or quoted-printable "words" within the header text, | |
672 | but do not do charset translation. | |
673 | ||
674 | $h_xxx: and $header_xxx: attempt to translate the $bh_ string to a | |
675 | standard character set. | |
676 | ||
677 | If you have previously been using $h_ expansions to access the raw | |
678 | characters, you should change to $rh_ instead. | |
679 | ||
680 | 3. When Exim creates an RFC 2047 encoded word in a header line, it labels it | |
681 | with the default character set from the headers_charset option instead of | |
682 | always using iso-8859-1. | |
683 | ||
684 | 4. If TMPDIR is defined in Local/Makefile (default in src/EDITME is | |
685 | TMPDIR="/tmp"), Exim checks for the presence of an environment variable | |
686 | called TMPDIR, and if it finds it is different, it changes its value. | |
687 | ||
688 | 5. Following a discussion on the list, the rules by which Exim recognises line | |
689 | endings on incoming messages have been changed. The -dropcr and drop_cr | |
690 | options are now no-ops, retained only for backwards compatibility. The | |
691 | following line terminators are recognized: LF CRLF CR. However, special | |
692 | processing applies to CR: | |
693 | ||
694 | (i) The sequence CR . CR does *not* terminate an incoming SMTP message, | |
695 | nor a local message in the state where . is a terminator. | |
696 | ||
697 | (ii) If a bare CR is encountered in a header line, an extra space is added | |
698 | after the line terminator so as not to end the header. The reasoning | |
699 | behind this is that bare CRs in header lines are most likely either | |
700 | to be mistakes, or people trying to play silly games. | |
701 | ||
702 | 6. The code for using daemon_smtp_port, local_interfaces, and the -oX options | |
703 | has been reorganized. It is supposed to be backwards compatible, but it is | |
704 | mentioned here just in case I've screwed up. | |
705 | ||
706 | ||
707 | ||
708 | Version 4.20 | |
709 | ------------ | |
710 | ||
711 | 1. I have tidied and re-organized the code that uses alarm() for imposing time | |
712 | limits on various things. It shouldn't affect anything, but if you notice | |
713 | processes getting stuck, it may be that I've broken something. | |
714 | ||
715 | 2. The "arguments" log selector now also logs the current working directory | |
716 | when Exim is called. | |
717 | ||
718 | 3. An incompatible change has been made to the appendfile transport. This | |
719 | affects the case when it is used for file deliveries that are set up by | |
720 | .forward and filter files. Previously, any settings of the "file" or | |
721 | "directory" options were ignored. It is hoped that, like the address_file | |
722 | transport in the default configuration, these options were never in fact set | |
723 | on such transports, because they were of no use. | |
724 | ||
725 | Now, if either of these options is set, it is used. The path that is passed | |
726 | by the router is in $address_file (this is not new), so it can be used as | |
727 | part of a longer path, or modified in any other way that expansion permits. | |
728 | ||
729 | If neither "file" nor "directory" is set, the behaviour is unchanged. | |
730 | ||
731 | 4. Related to the above: in a filter, if a "save" command specifies a non- | |
732 | absolute path, the value of $home/ is pre-pended. This no longer happens if | |
733 | $home is unset or is set to an empty string. | |
734 | ||
735 | 5. Multiple file deliveries from a filter or .forward file can never be | |
736 | batched; the value of batch_max on the transport is ignored for file | |
737 | deliveries. I'm assuming that nobody ever actually set batch_max on the | |
738 | address_file transport - it would have had odd effects previously. | |
739 | ||
740 | 6. DESTDIR is the more common variable that ROOT for use when installing | |
741 | software under a different root filing system. The Exim install script now | |
742 | recognizes DESTDIR first; if it is not set, ROOT is used. | |
743 | ||
744 | 7. If DESTDIR is set when installing Exim, it no longer prepends its value to | |
745 | the path of the system aliases file that appears in the default | |
746 | configuration (when a default configuration is installed). If an aliases | |
747 | file is actually created, its name *does* use the prefix. | |
748 | ||
749 | ||
750 | Version 4.14 | |
751 | ------------ | |
752 | ||
753 | 1. The default for the maximum number of unknown SMTP commands that Exim will | |
754 | accept before dropping a connection has been reduced from 5 to 3. However, you | |
755 | can now change the value by setting smtp_max_unknown_commands. | |
756 | ||
757 | 2. The ${quote: operator has been changed so that it turns newline and carriage | |
758 | return characters into \n and \r, respectively. | |
759 | ||
760 | 3. The file names used for maildir messages now include the microsecond time | |
761 | fraction as well as the time in seconds, to cope with systems where the process | |
762 | id can be re-used within the same second. The format is now | |
763 | ||
764 | <time>.H<microsec>P<pid>.<host> | |
765 | ||
766 | This should be a compatible change, but is noted here just in case. | |
767 | ||
768 | 4. The rules for creating message ids have changed, to cope with systems where | |
769 | the process id can be re-used within the same second. The format, however, is | |
770 | unchanged, so this should not cause any problems, except as noted in the next | |
771 | item. | |
772 | ||
773 | 5. The maximum value for localhost_number has been reduced from 255 to 16, in | |
774 | order to implement the new message id rules. For operating systems that have | |
775 | case-insensitive file systems (Cygwin and Darwin), the limit is 10. | |
776 | ||
777 | 6. verify = header_syntax was allowing unqualified addresses in all cases. Now | |
778 | it allows them only for locally generated messages and from hosts that match | |
779 | sender_unqualified_hosts or recipient_unqualified_hosts, respectively. | |
780 | ||
781 | 7. For reasons lost in the mists of time, when a pipe transport was run, the | |
782 | environment variable MESSAGE_ID was set to the message ID preceded by 'E' (the | |
783 | form used in Message-ID: header lines). The 'E' has been removed. | |
784 | ||
785 | ||
786 | Version 4.11 | |
787 | ------------ | |
788 | ||
789 | 1. The handling of lines in the configuration file has changed. Previously, | |
790 | macro expansion was applied to logical lines, after continuations had been | |
791 | joined on. This meant that it could not be used in .include lines, which are | |
792 | handled as physical rather than logical lines. Macro expansion is now done on | |
793 | physical lines rather than logical lines. This means there are two | |
794 | incompatibilities: | |
795 | ||
796 | (a) A macro that expands to # to turn a line into a comment now applies only | |
797 | to the physical line where it appears. Previously, it would have caused | |
798 | any following continuations also to be ignored. | |
799 | ||
800 | (b) A macro name can no longer be split over the boundary between a line and | |
801 | its continuation. Actually, this is more of a bug fix. :-) | |
802 | ||
803 | 2. The -D command line option must now all be within one command line item. | |
804 | This makes it possible to use -D to set a macro to the empty string by commands | |
805 | such as | |
806 | ||
807 | exim -DABC ... | |
808 | exim -DABC= ... | |
809 | ||
810 | Previously, these items would have moved on to the next item on the command | |
811 | line. To include spaces in a macro definition item, quotes must be used, in | |
812 | which case you can also have spaces after -D and surrounding the equals. For | |
813 | example: | |
814 | ||
815 | exim '-D ABC = something' ... | |
816 | ||
817 | 3. The way that addresses that redirect to themselves are handled has been | |
818 | changed, in order to fix an obscure bug. This should not cause any problems | |
819 | except in the case of wanting to go back from a 4.11 (or later) release to an | |
820 | earlier release. If there are undelivered messages on the spool that contain | |
821 | addresses which redirect to themselves, and the redirected addresses have | |
822 | already been delivered, you might get a duplicate delivery if you revert to an | |
823 | earlier Exim. | |
824 | ||
825 | 4. The default way of looking up IP addresses for hosts in the manualroute and | |
826 | queryprogram routers has been changed. If "byname" or "bydns" is explicitly | |
827 | specified, there is no change, but if no method is specified, Exim now behaves | |
828 | as follows: | |
829 | ||
830 | First, a DNS lookup is done. If this yields anything other than | |
831 | HOST_NOT_FOUND, that result is used. Otherwise, Exim goes on to try a call to | |
832 | getipnodebyname() (or gethostbyname() on older systems) and the result of the | |
833 | lookup is the result of that call. | |
834 | ||
835 | This change has been made because it has been discovered that on some systems, | |
836 | if a DNS lookup called via getipnodebyname() times out, HOST_NOT_FOUND is | |
837 | returned instead of TRY_AGAIN. Thus, it is safest to try a DNS lookup directly | |
838 | first, and only if that gives a definite "no such host" to try the local | |
839 | function. | |
840 | ||
841 | 5. In fixing the minor security problem with pid_file_path, I have removed some | |
842 | backwards-compatible (undocumented) code which was present to ease conversion | |
843 | from Exim 3. In Exim 4, pid_file_path is a literal; in Exim 3 it was allowed to | |
844 | contain "%s", which was replaced by the port number for daemons listening on | |
845 | non-standard ports. In Exim 4, such daemons do not write a pid file. The | |
846 | backwards compatibility feature was to replace "%s" by nothing if it occurred | |
847 | in an Exim 4 setting of pid_file_path. The bug was in this code. I have solved | |
848 | the problem by removing the backwards compatibility feature. Thus, if you still | |
849 | have "%s" somewhere in a setting of pid_file_path, you should remove it. | |
850 | ||
851 | 6. There has been an extension to lsearch files. The keys in these files may | |
852 | now be quoted in order to allow for whitespace and colons in them. This means | |
853 | that if you were previously using keys that began with a doublequote, you will | |
854 | now have to wrap them with extra quotes and escape the internal quotes. The | |
855 | possibility that anybody is actually doing this seems extremely remote, but it | |
856 | is documented just in case. | |
857 | ||
858 | ||
859 | Version 4.10 | |
860 | ------------ | |
861 | ||
862 | The build-time parameter EXIWHAT_KILL_ARG has been renamed EXIWHAT_KILL_SIGNAL | |
863 | to better reflect its function. The OS-specific files have been updated. Only | |
864 | if you have explicitly set this in your Makefile (highly unlikely) do you need | |
865 | to change anything. | |
866 | ||
867 | **** |