minimal updates for exim 4

[exim-website.git] / changelogs / ChangeLog-3.10.html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
  <head>
    <title>exim changelogs - Version 3.10</title>
  </head>

  <body bgcolor="#FFFFFF" text="#00005A" link="#000060" alink="#E8700D" vlink="#003050">
    <h1>Exim changelog for Version 3.10 - last non-testing release was 3.03</h1>

<h2>New Features and user visible changes</h2>

<ol>

<li>The option log_queue_run_level specifies the log level for the
messages "Start queue run" and "End queue run". The default is 0.</li>

<li>Addition of forbid_lookup, forbid_existstest and forbid_perl to
the forwardfile director.</li>

<li>All directors except smartuser had current_directory and
home_directory options, to set values used at transport time. These
options have now been made generic, so now apply to all
directors.</li>

<li>If SUPPORT_MOVE_FROZEN_MESSAGES is set at compile time, the new
option move_frozen_messages causes frozen messages and their message
logs to be moved from the input and msglog directories on the spool to
Finput and Fmsglog.  There is currently no support in Exim or the
standard utilities for handling such moved messages and they won't
show up in lists generated by -bp or eximon.</li>

<li>If no transport is specified for a smartuser director, the
new_address field may now specify a comma-separated list of new
addresses, and :blackhole:, :defer: and :fail: can also be used
there. In otherwords, new_address is like a line from an alias file
(except that :include: is not supported).</li>

<li>The exigrep utility now automatically zcats any log file whose
name ends in COMPRESS_SUFFIX, using ZCAT_COMMAND, as defined in
Local/Makefile.</li>

<li>The expansion condition first_delivery is true for the first
delivery attempt on a message; queue_running is true when a delivery
attempt is caused by a queue runner.</li>

<li>When log_refused_recipients is set, each log line now has a reason
for refusal such as "(RBL)" or "(sender_reject_recipients)".</li>

<li>The magic string "+warn_unknown" behaves like "+allow_unknown",
but it writes a log line every time it lets through a host whose name
can't be looked up.</li>

<li>If EXIMON_LOG_FILE_PATH is set in the environment when eximon
starts up, it overrides the configuration setting. This makes it
possible to have eximon tailing log data that is written to syslog,
provided that MAIL.INFO messages are routed to a separate file.</li>

<li>Policy rejections of recipients can now be overridden for certain
senders by setting recipients_reject_except_senders.</li>

<li>When all deferred addresses have the same domain, it is set in
$domain during the expansion of delay_warning_condition. For pipes,
files, or autoreplies, this is the domain of the parent.</li>

<li>-Rr (and -Rrf, -Rrff) treat the string as a regular
expression.</li>

<li>Added -S (with all variations), which works like -R except that it
checks the message's sender instead of the undelivered recipients. If
both -R and -S are given, both conditions must be satisfied.</li>

<li>The new expansion variable $message_age contains the length of
time since the message was received as a number of seconds.</li>

<li>The syntax of LDAP queries has been extended to allow the passing
of more information than is available in the LDAP URL. An LDAP query
may now consist of a URL preceded by any number of "name=value"
settings, separated by spaces. If a value contains spaces it must be
enclosed in double quotes, and when double quotes are used, backslash
is interpreted in the usual way inside them. The following names are
recognized:
<dl>
<dt>USER</dt>    <dd>set the DN for authenticating the LDAP bind</dd>
<dt>PASS</dt>     <dd>set the password </dd>
<dt>SIZE</dt>    <dd>set the limit for the number of entries returned</dd>
<dt>TIME</dt>    <dd>set the maximum waiting time for a query</dd>
</dl>
</li>

<li>Callers whose gid is Exim's gid are now automatically trusted
(only the uid was looked at previously).</li>

<li>There's a new option called admin_groups. If the current or any of
the supplementary groups of the caller is in this list, the caller has
admin user privileges.</li>

<li>There is now support for PAM (Pluggable Authentication Modules), a
facility which is available in the latest releases of Solaris and in
some GNU/Linux distributions (see
        <a href="http://ftp.at.kernel.org/pub/linux/libs/pam/">http://ftp.at.kernel.org/pub/linux/libs/pam/</a>).</li>

<li>The file that the exiwhat mechanism uses for process status
information is no longer bundled with the log files. Instead,
"exim-process.info" in the spool directory is used.</li>

<li>Exim can now be configured to log to syslog as well as or instead
of to local log files. </li>

<li>There's a new expansion operator called "mask" which converts an
IP address to binary, masks off the least significant bits, and
converts the result back to text, with mask appended. For example:
${mask:10.111.131.206/28} returns the string
"10.111.131.192/28". </li>

<li>There exist some rare networking situations (for example, packet
radio) where it is helpful to be able to translate IP addresses
generated by normal routing mechanisms into other IP addresses, thus
performing a kind of manual IP routing. This should be done only if
the normal IP routing of the TCP/IP stack is inadequate or
broken. Exim now has this capability.</li>

<li>A new option called retry_data_expire (default 7d) specifies that
retry data older than this should be ignored. This means that if, for
example, a host hasn't been tried for 7 days, Exim will behave as if
it had no knowledge of past failures.</li>

<li>To help with formulating lookup queries, there is a new expansion
operator

<tt>${quote_<lookup-type>:<string>}</tt>

which quotes the characters of the string in a lookup-specific way. For 
example, the safest way to write a NIS+ query is

<tt>[name="${quote_nisplus:$local_part}"]</tt>
</li>

<li>The from_hack option in the appendfile and pipe transports has
been replaced by two string options, check_string and
escape_string. When set, the start of each line is tested for matching
check_string, and if it does, those characters are replaced by the
contents of escape_string.</li>

<li>The appendfile transport has a new option called file_format,
defaulting unset. If set, it requests the transport to check the
format of an existing file before adding to it.</li>

<li>There is a new expansion condition called crypteq, which is
automatically available if Exim is built to support any authentication
mechanisms.  Otherwise, it is necessary to define SUPPORT_CRYPTEQ to
get it included in the binary. The crypteq condition has two
arguments. The first is encrypted and compared against the second,
which is already encrypted. Two encryption types are currently
supported:
<ul>
          <li>md5 first computes the MD5 digest of the string, and
          then expresses this as printable characters by means of the
          base64 encoding.</li>

          <li>crypt calls the crypt() function as used for encrypting
          login passwords.</li>
</li>

<li>There is now support for the AUTH extension to SMTP (RFC 2554),
both as a client and as a server.</li>

<li>The -bv option now runs interactively, like -bt, if no addresses
are given on the command line.</li>

<li>There is a new option called -be which is for testing string
expansion. If no arguments are given it runs interactively. It simply
does a string expansion on arguments (or data lines) and outputs the
result.</li>

<li>The GNU/Hurd operating system is now supported.</li>

<li>If quota is specified on an appendfile transport, then
quota_warn_threshold may optionally be specified as a percentage.</li>

<li>There's an alternative hashing function for expanded strings,
called "nhash" for "numeric hash". An item of the form
${nhash_<n>:string} produces a number in the range 0-n, while an item
of the form ${nhash_<n>_<m>:string} produces two numbers, separated by
a '/', in the ranges 0-n and 0-m respectively, using a div/mod
hash.</li>

<li>The expansion variable $host_lookup_failed contains "1" if there
has been an attempt to look up the sending host's name from its IP
address, and this has failed to find the name. Otherwise
$host_lookup_failed contains "0".</li>

<li>The exim_dbmbuild utility now warns if it encounters a duplicate
key. By default, only the first of a set of duplicates is used - this
is a change from the previous state, but it does make it compatible
with lsearch lookups.  There is an option -lastdup which causes it to
use the last instead, which is compatible with what it did
before. There is also an option -nowarn, which stops it listing
duplicate keys to stderr. If any duplicates are encountered, the
return code is 1. For other errors, where it doesn't actually make a
new file, the return code is 2.</li>

<li>There is a new option called ldap_default_servers which can be
used to supply a colon-separated list of replicated LDAP servers. If
an LDAP lookup has no server mentioned in the URL, that is, the URL
begins "ldap:///...", and ldap_default_servers is set, then the query
is passed to each of the listed servers in turn.</li>

<li>There is now a variant of the dbm lookup type called dbmnz, which
does not include a trailing binary zero in the keystring that is
looked up.</li>

<li>Support for MYSQL is now available when LOOKUP_MYSQL is
defined.</li>

<li>In a system filter file (but not in a user filter) a "deliver"
command may now be followed by "errors_to <some address>" in order to
change the envelope sender (and hence the error reporting) for that
delivery.</li>

<li>The number can now be omitted from host list net searches, in
which case the IP address is looked up without masking and without any
additional text.  For example, if an item in a host list is
net-lsearch;/some/file and the calling host has IP address 10.9.8.7
then the key that is used in the lookup is "10.9.8.7".</li>

<li>When IPv6 addresses are used in net lookups, the separator between
the components is "." rather than the conventional ":" because colon
is the key terminator in lsearch files. The full, unabbreviated IPv6
address is always used.</li>

<h1>Changelogs</h1>

<h2>Version 3.10</h2>
<pre>

1. Exim was crashing when lookup_open_max was exceeded if the type of file
being closed was different to the type of file being opened.

2. Some further tidies of the os-type and arch-type scripts.

3. ENOSPC is not treated in the same way as a quota error for the purposes of
retrying.

4. The revised exigrep (3.091/26) had "gz" and "Z" built in. Change it to check
for COMPRESS_SUFFIX.

5. If a reverse lookup done within a message failed because the name looked up
had no matching forward lookup, the error text for this got obliterated at the
end of the message, and so if it was needed for a subsequent message on the
same SMTP connection, junk got logged.


Version 3.093
-------------

1. The -bP option wasn't recognizing "authenticator xxx". It was recognizing
"auths" and "auth_list", but this abbreviation seems unexpected, so changed
those to use the full word.

2. Removed a now (since 2.12/3) useless optimization in the code for checking
whether two addresses have the same list of hosts.

3. After some calls to execv() the failure code wasn't being output.

4. Increased field widths in eximstats, as the numbers can be quite big on busy
systems.

5. Arrange for X-RBL-Warning: headers to be inserted when recipients are
allowed through by an exception list from an RBL domain that is set to reject.

6. Tidied error messages from -brw. Also, if an SMTP rewrite happens and the
source address isn't syntactically valid, just skip the other rewrites. Skip
them in any case if there are no rules with non-S flags. If there are no rules
at all, say so.

7. Reworded "no valid sender in message headers" error message, because it has
confused people. Tidied some related messages as well.

8. Added USE_DB=yes to the OpenBSD configuration.

9. Ignore check_log_space if log_file_path just contains "syslog".

10. Add closelog() to the function that closes all log files. The important
case of this is the call just before the daemon closes all file descriptors,
because otherwise it is closing the syslog one behind the system's back.

11. Two "frozen" messages were getting written to the message log in some
circumstances.

12. Bug in 3.091/23 (fixing an earlier bug) caused a crash if a list of MX
records with some identical host names came in a specific order (so it only
showed now and again).

13. In the arch-type script, when uname -p gives something containing spaces,
try uname -m. (Previously it did this only for "" or "unknown".)

14. Recognize i686 in scripts/arch-type.

15. Re-organize the os-type and arch-type scripts so that $OSTYPE and $ARCHTYPE
are now tried after uname rather than before, as many shells set silly values
in them. Manual overrides are now provided by EXIM_OSTYPE and EXIM_ARCHTYPE.


Version 3.092
-------------

1. Serious bug caused by 1-character typo: In very long messages, characters
could occasionally be lost (e.g. 3 lost in a 1.5M file). This bug was
introduced in the changes made for 3.033, so it was never in a main release.


Version 3.091
-------------

1. Exim was not reporting the actual error if there was an I/O error while
reading a message or writing the spool file during message reception. Nor was
it logging anything.

2. Some reorganization and tidying up of code for handling errors while writing
the spool header file.

3. When showing log messages for debugging, display the DIE flag when set.

4. Add logging of SMTP AUTH information to the "message received" log line.

5. Added forbid_lookup, forbid_existstest, forbid_perl to forwardfile (later
changed to better names forbid_filter_lookup etc.).

6. create_file = belowhome in appendfile could be defeated by the use of /../
in the name. Sigh. I'm not devious enough... Symbolic links could also defeat
it. These are now checked for by means of realpath(), which all the Unixes I've
checked do have. Also, Exim was creating any necessary directories before
checking create_file. It now creates directories only if it is permitted to
create the file.

7. Add more code to ldap to remember when a bind was done and with what
credentials so that it doesn't repeat the bind for a subsequent lookup with the
same credentials.

8. If create_directory was set on appendfile and the directory creation failed
for some reason, the error was not reported, so it appeared as if
create_directory had been ignored.

9. All directors except smartuser had current_directory and home_directory
options, to set values used at transport time. These options have now been made
generic, so now apply to all directors.

10. If a local delivery failed and created message longer than 256 characters,
it got truncated when logged.

11. Change "all" to "one or more" in bounce and delay messages.

12. The convert43t conversion utility didn't work for driver names containing
capital letters.

13. Change autoreply and other generated messages to use "Reply-To" instead of
"Reply-to" because that's the "suggested" form in RFC 822.

14. Pulled some common code out of aliasfile and forwardfile and made it into a
separate function which they each call.

15. The function for writing the -H file tried to create the directory if it
didn't exist, but it always will, because the -H file isn't written until the
-D file has been successfully written. So we can save a bit of code (which in
fact was buggy because it didn't support sub-directories).

16. Added move_frozen_messages, but only if SUPPORT_MOVE_FROZEN_MESSAGES
is defined. There is no current support for handling such messages.

17. If queue_smtp or queue_remote got set via queue_only_file for an incoming
SMTP message received by the daemon, the flag was not being passed on to the
delivery process.

18. An explanation to the long-standing problem of eximon menus not working
when num-lock is set has been received, and a workaround implemented.

19. Address rewrites that happened during delivery (typically on new addresses
from forward or filter files) were causing an X-rewrote-address dummy header to
be added to the message each time it happened. This could get embarrassing if
retrying went on for a long time.

20. Only write "children all complete" to the msglog file if the address has no
parent address with the same original address. Otherwise (e.g. in cases where
xxx is aliased to xxx and other things, and the new xxx gets further aliased by
another director) it can be confusing.

21. After successful directing, the debugging line showed the transport field
from the original address, which could be misleading if copied address had been
queued (e.g. by smartuser). As the general queuing function now outputs this
info, remove it at top level.

22. Smartuser was showing the old rather than the new address in its debugging
output.

23. If a broken MX list contained the same host more than once, Exim was coded
to keep only the lowest precedence, but if it saw a lower value after a higher
one, and had seen precedences between the two values, it screwed up the
sorting.

24. The revision of RFC 822 increases the encouragement for collapsing source
routed addresses from the MAY of RFC 1123 to SHOULD. I have therefore cut out
all the source route handling code, with the exception of parsing and
collapsing. The option collapse_source_routes now has no effect - they are
always collapsed. This has made it possible to make some tidies in various
places.

25. Rewrote the smartuser director - if no transport is specified, the
new_address option may now specify a list of addresses, and it may also specify
:blackhole:, :defer:, or :fail:.

26. Upgraded exigrep so that it automatically zcats compressed file.

27. Added expansion conditions first_delivery and queue_running.

28. When log_refused_recipients is set, give a reason in each log line.

29. Implemented +warn_unknown.

30. Allow EXIMON_LOG_FILE_PATH to override in eximon - useful when syslog is in
use.

31. -Mg was not forcing a thaw of frozen messages (an unwanted side effect of
change 17 in version 2.950).

32. -M and other delivery forcers (e.g. -qf) were not overriding
queue_remote_domains and queue_smtp_domains.

33. Added recipients_reject_except_senders.

34. When all deferred addresses have the same domain, it is set in $domain
during the expansion of delay_warning_condition. For pipes, files, or
autoreplies, this is the domain of the parent.

35. Changed the default configuration file to lock out domain literal support.
This is strictly contrary to the RFCs, but people don't understand about it and
it has been abused by spammers seeking open relays.

36. -Rr (and -Rrf, -Rrff) treat the string as a regular expression.

37. Added -S, which works like -R except that it checks the message's sender.

38. Added $message_age.

39. Make Exim ignore -n (no aliasing), and make -oitrue the same as -oi.

40. Typo in ldap code could cause junk to appear in the error message if a
search call failed (which it normally doesn't).

41. Source tidies to get rid of compiler warnings for possibly uninitialized
variables.


Version 3.040
-------------

1. Added additional parameters to LDAP lookups.


Version 3.039
-------------

1. Callers who have exim's gid as the current gid are now trusted.

2. Added new option admin_groups.

3. There was a bug in store handling for expansions involving very large
strings, e.g. if message_body_size was set large and was the subject of a
"match" filter condition. The symptom was a bus error.

4. Exim wouldn't build if LOG_FILE_PATH was set to any of the new syslog
variations.

5. A couple more compile-time tweaks for netBSD (default USE_DB=yes and look
for chown in /usr/sbin).


Version 3.038
-------------

1. Added support for PAM authentication.


Version 3.037
-------------

1. When forwardfile defers because it doesn't like the file's permissions,
include the offending bits in the error message.

2. General tidy of error messages from directors to remove duplicated
information. (e.g. director names, because they are also shown in the D= item
of log lines).

3. Pulled some general outgoing SMTP code out of transports/smtp.c and put it
in functions in smtp_out.c. This is also used by client authenticator code; the
interface is now cleaner.

4. Added log_queue_run_level.

5. When a message with very long headers was rejected, and the reflection of
the headers to the rejectlog filled up the log buffer, the terminating
separator line got lost, and the entry didn't necessarily end with \n. It now
always puts in the separator, and adds "*** truncated ***" if something has
been chopped off.

6. Updated eximon to cope with cases when syslog is being used. If only syslog
is being used, eximon cannot tail a log - omit that part of its window.

7. Updated exicyclog to cope with cases when syslog is being used. If only
syslog is being used, exicyclog can't cycle anything.

8. Fixed bug in base64 decoding function that was messing up CRAM-MD5
authentication for certain lengths of user name.


Version 3.036
-------------

1. Moved the logging of a message's freezing to just before the -H file is
updated, to minimize cases when the logging happens but the file doesn't get
updated (an incident was observed when a system was being shut down).

2. Ignore SIGTERM during the tidying-up phase at the end of a delivery, to
minimize the chances of things being half done.

3. Don't bother doing an RBL lookup if the host has already matched
host_reject_recipients.

4. Added "sort | uniq" into the exiwhat script, to cut out duplicates, which
sometimes happen in "ps" output.

5. Changed the file exiwhat uses to spool/exim-process.info instead of a log
file. This is so that it will continue to work when syslog logging is used.

6. Added support for syslog, configured in log_file_path.


Version 3.035
-------------

1. The debug_print option wasn't working for the smtp transport.

2. The responses to AUTH commands weren't being copied to debug output.

3. Changed the condition handling in the plaintext authenticator to allow for
forced DEFER returns ("", "0", "no", "false" => FAIL, "1"; "yes", "true" => OK;
anything else defers, text is message).

4. Added ${mask:} expansion operator.

5. Added translate_ip_address.


Version 3.034
-------------

1. When a header syntax check failed, a humungously long address that was too
much for string_sprintf to fit in the error message caused a panic exit. This
could happen, for example, if a double quote was omitted in a very long list of
addresses in a header. It now reflects just the first 1K of the address. Put a
similar limit on sender addresses in verify failed messages.


Version 3.033
-------------

1. Arrange for crypt.h to be included only on those OS that have it (Solaris,
IRIX 6, modern Linux), and for -lcrypt to be set up for those OS that need it
(FreeBSD, NetBSD, modern Linux).

2. Made MAXINTERFACES changeable in Local/Makefile.

3. When sending a delay warning message, quote the top-level original address
only, saying "an address generated from" if the actual problem is with a child.

4. Set a default for delay_warning_condition to skip precedence bulk/list/junk.

5. Allow for spaces around colons in temp_errors setting in smtp transport.

6. The "personal" test in filter files now checks for "list" and "junk" as well
as "bulk" in the Precedence: header.

7. Added retry_data_expire.

8. If a key in a partial match was very long (longer than the buffer for
string_sprintf()), Exim couldn't handle it.

9. Added expansion operator ${quote_xxx:} where xxx is a search type. Each
search type has its own (optional) quoting function. Added suitable functions
for NIS+, LDAP, and MYSQL.

10. Internal revision of the way the "From hack" and SMTP dot escaping is done
in preparation for extending appendfile. They are now unified, and are
therefore mutually exclusive.

11. The "From hack" was failing if the string "From " happened to be split
between two buffers when transporting the message.

12. If a non-SMTP message that was being read without -oi ended with "\n."
(no following NL) then the "." got lost.

13. Ensure that all non-SMTP messages have a final NL at input time, instead of
testing at delivery time. This simplifies the delivery code.

14. Replaced from_hack in appendfile and pipe by check_string and escape_string.

15. Added file_format to appendfile.


Version 3.032
-------------

1. If remove_headers contained a "fail" expansion, it caused a crash.

2. The generic headers_remove option in transports is now expanded. (Seems to
have been an oversight.)

3. Changed $host_authenticated to $sender_host_authenticated (oversight).

4. Added server_set_id generic option to authenticators and $authenticated_id
for accessing it.


Version 3.031
-------------

1. Removed unnecessary #ifdefs from lookups which don't have private header
files.

2. Added crypteq as a new expansion condition.

3. Make it recognise "netbsd" as equivalent to "NetBSD".

4. Updated the FSF's address in LICENCE and NOTICE files.

5. Code tidies for SMTP input to remove repetition of real and debugging
output by using a subroutine.

6. Added support for AUTH.

7. Source tidies of a lot of unnecessarily complicated calls to
string_nextinlist().

8. Source tidies in lookup handling.

9. Set XLFLAGS empty for IRIX6 as it doesn't seem to need anything.

10. Typo in code for decoding quota_<time> fixed; only effect would be to fail
to diagnose bad syntax.

11. -bv now runs interactively like -bt if no addresses are given.

12. Added -be for string expansion tests with configuration read.

</pre>

    <hr>
    <h6>$Id: ChangeLog-3.10.html,v 1.3 1999/11/28 21:00:42 nigel Exp $</h6>
<!-- Created: Mon Aug 25 13:12:18 BST 1997 -->
  </body>
</html>