Exim version 4.21 ----------------- 1. smtp_return_error_details was not giving details for temporary sender or receiver verification errors. 2. Diagnose a configuration error if two authenticators have the same public name. 3. Exim used not to create the message log file for a message until the first delivery attempt. This could be confusing when incoming messages were held for policy or load reasons. The message log file is now created at the time the message is received, and an initial "Received" line is written to it. 4. The automatically generated man page for command line options had a minor bug that caused no ill effects; however, a more serious problem was that the procedure for building the man page automatically didn't always operate. Consequently, release 4.20 contains an out-of-date version. This shouldn't happen again. 5. When building Exim with embedded Perl support, the script that builds the Makefile was calling 'perl' to find its compile-time parameters, ignoring any setting of PERL_COMMAND in Local/Makefile. This is now fixed. 6. The freeze_tell option was not being used for messages that were frozen on arrival, either by an ACL or by local_scan(). 7. Added the smtp_incomplete_transaction log selector. 8. After STARTTLS, Exim was not forgetting that it had advertised AUTH, so it was accepting AUTH without a new EHLO. 9. Added tls_remember_esmtp to cope with YAEB. This allows AUTH and other ESMTP extensions after STARTTLS without a new EHLO, in contravention of the RFC. 10. Logging of TCP/IP connections (when configured) now happens in the main daemon process instead of the child process, so that the TCP/IP connection count is more accurate (but it can never be perfect). 11. The use of "drop" in a nested ACL was not being handled correctly in the outer ACL. Now, if condition failure induced by the nested "drop" causes the outer ACL verb to deny access ("accept" or "discard" after "endpass", or "require"), the connection is dropped. 12. Similarly, "discard" in a nested ACL wasn't being handled. A nested ACL that yield "discard" can now be used with an "accept" or a "discard" verb, but an error is generated for any others (because I can't see a useful way to define what should happen). 13. When an ACL is read dynamically from a file (or anywhere else), the lines are now processed in the same way as lines in the Exim configuration file. In particular, continuation lines are supported. 14. Added the "dnslists = a.b.c!=n.n.n.n" feature. 15. Added -ti meaning -t -i. 16. Check for letters, digits, hyphens, and dots in the names of dnslist domains, and warn by logging if others are found. 17. At least on BSD, alignment is not guarenteed for the array of ifreq's returned from GIFCONF when Exim is trying to find the list of interfaces on a host. The code in os.c has been modified to copy each ifreq to an aligned structure in all cases. Also, in some cases, the returned ifreq's were being copied to a 'struct ifreq' on the stack, which was subsequently passed to host_ntoa(). That means the last couple of bytes of an IPv6 address could be chopped if the ifreq contained only a normal sockaddr (14 bytes storage). 18. Named domain lists were not supported in the hosts_treat_as_local option. An entry such as +xxxx was not recognized, and was treated as a literal domain name. 19. Ensure that header lines added by a DATA ACL are included in the reject log if the ACL subsequently rejects the message. 20. Upgrade the cramtest.pl utility script to use Digest::MD5 instead of just MD5 (which is deprecated). 21. When testing a filter file using -bf, Exim was writing a message when it took the sender from a "From " line in the message, but it was not doing so when it took $return_path from a Return-Path: header line. It now does. 22. If the contents of a "message" modifier for a "warn" ACL verb do not begin with a valid header line field name (a series of printing characters terminated by a colon, Exim now inserts X-ACL-Warn: at the beginning. 23. Changed "disc" in the source to "disk" to conform to the documentation and the book and for uniformity. 24. Ignore Sendmail's -Ooption=value command line item. 25. When execve() failed while trying to run a command in a pipe transport, Exim was returning EX_UNAVAILBLE (69) from the subprocess. However, this could be confused with a return value of 69 from the command itself. This has been changed to 127, the value the shell returns if it is asked to run a non-existent command. The wording for the related log line suggests a non-existent command as the problem. 26. If received_header_text expands to an empty string, do not add a Received: header line to the message. (Well, it adds a token one on the spool, but marks it "old" so that it doesn't get used or transmitted.) 27. Installed eximstats 1.28 (addition of -nt option). 28. There was no check for failure on the call to getsockname() in the daemon code. This can fail if there is a shortage of resources on the system, with ENOMEM, for example. A temporary error is now given on failure. 29. Contrary to the C standard, it seems that in some environments, the equivalent of setlocale(LC_ALL, "C") is not obeyed at the start of a C program. Exim now does this explicitly; it affects the formatting of timestamps using strftime(). 30. If exiqsumm was given junk data, it threw up some uninitialized variable complaints. I've now initialized all the variables, to avoid this. 32. Header lines added by a system filter were not being "seen" during transport-time rewrites. 33. The info_callback() function passed to OpenSSL is set up with type void (*)(SSL *, int, int), as described somewhere. However, when calling the function (actually a macro) that sets it up, the type void(*)() is expected. I've put in a cast to prevent warnings from picky compilers. 34. If a DNS black list lookup found a CNAME record, but there were no A records associated with the domain it pointed at, Exim crashed. 35. If a DNS black list lookup returned more than one A record, Exim ignored all but the first. It now scans all returned addresses if a particular IP value is being sought. In this situation, the contents of the $dnslist_value variable are a list of all the addresses, separated by a comma and a space. 36. Tightened up the rules for host name lookups using reverse DNS. Exim used to accept a host name and all its aliases if the forward lookup for any of them yielded the IP address of the incoming connection. Now it accepts only those names whose forward lookup yields the correct IP address. Any other names are discarded. This closes a loophole whereby a rogue DNS administrator could create reverse DNS records to break through a wildcarded host restriction in an ACL. 37. If a user filter or a system filter that ran in a subprocess used any of the numerical variables ($1, $2 etc), or $thisaddress, in a pipe command, the wrong values were passed to the pipe command ($thisaddress had the value of $0, $0 had the value of $1, etc). This bug was introduced by change 4.11/101, and not discovered because I wrote an inadequate test. :-( 38. Improved the line breaking for long SMTP error messages from ACLs. Previously, if there was no break point between 40 and 75 characters, Exim left the rest of the message alone. Two changes have been made: (a) I've reduced the minimum length to 35 characters; (b) if it can't find a break point between 35 and 75 characters, it looks ahead and uses the first one that it finds. This may give the occasional overlong line, but at least the remaining text gets split now. 39. Change 82 of 4.11 was unimaginative. It assumed the limit on the number of file descriptors might be low, and that setting 1000 would always raise it. It turns out that in some environments, the limit is already over 1000 and that lowering it causes trouble. So now Exim takes care not to decrease it. 40. When delivering a message, the value of $return_path is set to $sender_ address at the start of routing (routers may change the value). By an oversight, this default was not being set up when an address was tested by -bt or -bv, which affected the outcome if any router or filter referred to $return_path. 41. The idea of the "warn" ACL verb is that it adds a header or writes to the log only when "message" or "log_message" are set. However, if one of the conditions was an address verification, or a call to a nested ACL, the messages generated by the underlying test were being passed through. This no longer happens. The underlying message is available in $acl_verify_ message for both "message" and "log_message" expansions, so it can be passed through if needed. 42. Added RFC 2047 interpretation of header lines for $h_ expansions, with a new expansion $bh_ to give the encoded byte string without charset translation. Translation happens only if iconv() is available; HAVE_ICONV indicates this at build time. HEADERS_CHARSET gives the charset to translate to; headers_charset can change it in the configuration, and "headers charset" can change it in an individual filter file. 43. Now that we have a default RFC 2047 charset (see above), the code in Exim that creates RFC 2047 encoded "words" labels them as that charset instead of always using iso-8859-1. The cases are (i) the explicit ${rfc2047: expansion operator; (ii) when Exim creates a From: line for a local message; (iii) when a header line is rewritten to include a "phrase" part. 44. Nasty bug in exiqsumm: the regex to skip already-delivered addresses was buggy, causing it to skip the first lines of messages whose message ID ended in 'D'. This would not have bitten before Exim release 4.14, because message IDs were unlikely to end in 'D' before then. The effect was to have incorrect size information for certain domains. 45. #include "config.h" was missing at the start of the crypt16.c module. This caused trouble on Tru64 (aka OSF1) systems, because HAVE_CRYPT16 was not noticed. 46. If there was a timeout during a "random" callout check, Exim treated it as a failure of the random address, and carried on sending RSET and the real address. If the delay was just some slowness somewhere, the response to the original RCPT would be taken as a response to RSET and so on, causing mayhem of various kinds. 47. Change 50 for 4.20 was a heap of junk. I don't know what I was thinking when I implemented it. It didn't allow for the fact that some option values may legitimatetly be negative (e.g. size_addition), and it didn't even do the right test for positive values. 48. Domain names in DNS records are case-independent. Exim always looks them up in lower case. Some resolvers return domain names in exactly the case they appear in the zone file, that is, they may contain uppercase letters. Not all resolvers do this - some return always lower case. Exim was treating a change of case by a resolver as a change of domain, similar to a widening of a domain abbreviation. This triggered its re-routing code and so it was trying to route what was effectively the same domain again. This normally caused routing to fail (because the router wouldn't handle the domain twice). Now Exim checks for this case specially, and just changes the casing of the domain that it ultimately uses when it transmits the message envelope. 49. Added Sieve (RFC 3028) support, courtesy of Michael Haardt's contributed module. 50. If a filter generated a file delivery with a non-absolute name (possible if no home directory exists for the router), the forbid_file option was not forbidding it. 51. Added '&' feature to dnslists, to provide bit mask matching in addition to the existing equality matching. 52. Exim was using ints instead of ino_t variables in some places where it was dealing with inode numbers. 53. If TMPDIR is defined in Local/Makefile (default in src/EDITME is TMPDIR="/tmp"), Exim checks for the presence of an environment variable called TMPDIR, and if it finds it is different, it changes its value. 54. The smtp_printf() function is now made available to local_scan() so additional output lines can be written before returning. There is also an smtp_fflush() function to enable the detection of a dropped connection. The variables smtp_input and smtp_batched_input are exported to local_scan(). 55. Changed the default runtime configuration: the message "Unknown user" has been removed from the ACL, and instead placed on the localuser router, using the cannot_route_message feature. This means that any verification failures that generate their own messages won't get overridden. Similarly, the "Unrouteable address" message that was in the ACL for unverifiable relay addresses has also been removed. 56. Added hosts_avoid_esmtp to the smtp transport. 57. The exicyclog script was not checking for the esoteric option CONFIGURE_FILE_USE_EUID in the Local/Makefile. It now does this, but it will work only if exicyclog is run under the appropriate euid. 58. Following a discussion on the list, the rules by which Exim recognises line endings on incoming messages have been changed. The -dropcr and drop_cr options are now no-ops, retained only for backwards compatibility. The following line terminators are recognized: LF CRLF CR. However, special processing applies to CR: (i) The sequence CR . CR does *not* terminate an incoming SMTP message, nor a local message in the state where . is a terminator. (ii) If a bare CR is encountered in a header line, an extra space is added after the line terminator so as not to end the header. The reasoning behind this is that bare CRs in header lines are most likely either to be mistakes, or people trying to play silly games. 59. The size of a message, as listed by "-bp" or in the Exim monitor window, was being incorrectly given as 18 bytes larger than it should have been. This is a VOB (very old bug). 60. This may never have affected anything current, but just in case it has: When the local host is found other than at the start of a list of hosts, the local host, those with the same MX, and any that follow, are discarded. When the list in question was part of a longer list of hosts, the following hosts (not currently being processed) were also being discarded. This no longer happens. I'm not sure if this situation could ever has previously arisen. 61. Added the "/MX" feature to lists of hosts in the manualroute and query program routers. 62. Whenever Exim generates a new message, it now adds an Auto-Submitted: header. This is something that is recommended in a new Internet Draft, and is something that is documented as being done by Sendmail. There are two possible values. For messages generated by the autoreply transport, Exim adds: Auto-Submitted: auto-replied whereas for all other generated messages (e.g. bounces) it adds Auto-Submitted: auto-generated 63. The "personal" condition in filters now includes a test for the Auto-Submitted: header. If it contains the string "auto-" the message it not considered personal. 64. Added rcpt_include_affixes as a generic transport option. 65. Added queue_only_override (default true). 66. Added the syslog_duplication option. 67. If what should have been the first header line of a message consisted of a space followed by a colon, Exim was mis-interpreting it as a header line. It isn't of course - it is syntactically invalid and should therefore be treated as the start of the message body. The misbehaviour could have caused a number of strange effects, including loss of data in subsequent header lines, and spool format errors. 68. Formerly, the AUTH parameter on a MAIL command was trusted only if the client host had authenticated. This control can now be exercised by an ACL for more flexibility. 69. By default, callouts do not happen when testing with -bh. There is now a variant, -bhc, which does actually run the callout code, including consulting and updating the callout cache. 70. Added support for saslauthd authentication, courtesy of Alexander Sabourenkov. 71. If statvfs() failed on the spool or log directories while checking their size for availability, Exim confusingly gave the error "space shortage". Furthermore, in debugging mode it crashed with a floating point exception. These checks are done if check_{spool,log}_{space,inodes} are set, and when an SMTP message arrives with SIZE= on the MAIL command. As this is a really serious problem, Exim now writes to the main and panic logs when this happens, with details of the failure. It then refuses to accept the incoming message, giving the message "spool directory problem" or "log directory problem" with a 421 code for SMTP messages. 72. When Exim is about to re-exec itself, it ensures that the file descriptors 0, 1, and 2 exist, because some OS complain for execs without them (see ChangeLog 4.05/30). If necessary, Exim opens /dev/null to use for these descriptors. However, the code omitted to check that the open succeeded, causing mysterious errors if for some reason the permissions on /dev/null got screwed. Now Exim writes a message to the main and panic logs, and bombs out if it can't open /dev/null. 73. Re-vamped the way daemon_smtp_port, local_interfaces, and -oX work and interact so that it is all more flexible. It is supposed to remain backwards compatible. Also added extra_local_interfaces. 74. Invalid data sent to a SPA (NTLM) server authenticator could cause the code to bomb out with an assertion failure - to the client this appears as a connection drop. This problem occurs in the part of the code that was taken from the Samba project. Fortunately, the assertion is in a very simple function, so I have fixed this by reproducing the function inline in the one place where it is called, and arranging for authentication to fail instead of killing the process with assert(). 75. The SPA client code was not working when the server requested OEM rather than Unicode encoding. 76. Added code to make require_files with a specific uid setting more usable in the case where statting the file as root fails - usually a non-root-mounted NFS file system. When this happens and the failure is EACCES, Exim now forks a subprocess and does the per-uid checking as the relevant uid. 77. Added process_log_path. 78. If log_file_path was not explicitly set, a setting of check_log_space or check_log_inodes was ignored. 79. If a space check for the spool or log partitions fails, the incident is now logged. Of course, in the latter case the data may get lost... 80. Added the %p formatting code to string_format() so that it can be used to print addresses in debug_print(). Adjusted all the address printing in the debugging in store.c to use %p rather than %d. 81. There was a concern that a line of code in smtp_in.c could overflow a buffer if a HELO/EHLO command was given followed by 500 or so spaces. As initially expressed, the concern was not well-founded, because trailing spaces are removed early. However, if the trailing spaces were followed by a NULL, they did not get removed, so the overflow was possible. Two fixes were applied: (a) I re-wrote the offending code in a cleaner fashion. (b) If an incoming SMTP command contains a NULL character, it is rejected as invalid. 82. When Exim changes uid/gid to the Exim user at daemon start time, it now runs initgroups(), so that if the Exim user is in any additional groups, they will be used during message reception. ****