- 1. There is a new build-time option called CONFIGURE_GROUP which works like
- CONFIGURE_OWNER. It specifies one additional group that is permitted for
- the runtime configuration file when the group write permission is set.
-
- 2. The "control=submission" facility has a new option /retain_sender. This
- has the effect of setting local_sender_retain true and local_from_check
- false for the incoming message in which it is encountered.
-
- 3. $recipients is now available in the predata ACL (oversight).
-
- 4. The value of address_data from a sender verification is now available in
- $sender_address_data in subsequent conditions in the ACL statement. Note:
- this is just like $address_data. The value does not persist after the end
- of the current ACL statement. If you want to preserve it, you can use one
- of the ACL variables.
-
- 5. The redirect router has two new options: forbid_sieve_filter and
- forbid_exim_filter. When filtering is enabled by allow_filter, these
- options control which type(s) of filtering are permitted. By default, both
- Exim and Sieve filters are allowed.
-
- 6. A new option for callouts makes it possible to set a different (usually
- smaller) timeout for making the SMTP connection. The keyword is "connect".
- For example:
-
- verify = sender/callout=5s,connect=1s
-
- If not specified, it defaults to the general timeout value.
-
- 7. The new variables $sender_verify_failure and $recipient_verify_failure
- contain information about exactly what failed. In an ACL, after one of
- these failures, the relevant variable contains one of the following words:
-
- qualify the address was unqualified (no domain), and the message
- was neither local nor came from an exempted host;
-
- route routing failed;
-
- mail routing succeeded, and a callout was attempted; rejection
- occurred at or before the MAIL command (that is, on initial
- connection, HELO, or MAIL);
-
- recipient the RCPT command in a callout was rejected;
-
- postmaster the postmaster check in a callout was rejected.
-
- The main use of these variables is expected to be to distinguish between
- rejections of MAIL and rejections of RCPT.
-
- 8. The command line option -dd behaves exactly like -d except when used on a
- command that starts a daemon process. In that case, debugging is turned off
- for the subprocesses that the daemon creates. Thus, it is useful for
- monitoring the behaviour of the daemon without creating as much output as
- full debugging.
-
- 9. $host_address is now set to the target address during the checking of
- ignore_target_hosts.
-
-10. There are four new variables called $spool_space, $log_space,
- $spool_inodes, and $log_inodes. The first two contain the amount of free
- space in the disk partitions where Exim has its spool directory and log
- directory, respectively. (When these are in the same partition, the values
- will, of course, be the same.) The second two variables contain the numbers
- of free inodes in the respective partitions.
-
- NOTE: Because disks can nowadays be very large, the values in the space
- variables are in kilobytes rather than in bytes. Thus, for example, to
- check in an ACL that there is at least 50M free on the spool, you would
- write:
-
- condition = ${if > {$spool_space}{50000}{yes}{no}}
-
- The values are recalculated whenever any of these variables is referenced.
- If the relevant file system does not have the concept of inodes, the value
- of those variables is -1. If the operating system does not have the ability
- to find the amount of free space (only true for experimental systems), the
- space value is -1.
-
-11. It is now permitted to omit both strings after an "if" condition; if the
- condition is true, the result is the string "true". As before, when the
- second string is omitted, a false condition yields an empty string. This
- makes it less cumbersome to write custom ACL and router conditions. For
- example, instead of
-
- condition = ${if eq {$acl_m4}{1}{yes}{no}}
-
- or the shorter form
-
- condition = ${if eq {$acl_m4}{1}{yes}}
-
- (because the second string has always defaulted to ""), you can now write
-
- condition = ${if eq {$acl_m4}{1}}
-
- Previously this was a syntax error.
-
-12. There is now a new "record type" that can be specified in dnsdb lookups. It
- is "zns" (for "zone NS"). It performs a lookup for NS records on the given
- domain, but if none are found, it removes the first component of the domain
- name, and tries again. This process continues until NS records are found
- or there are no more components left (or there's a DNS error). In other
- words, it may return the name servers for a top-level domain, but it never
- returns the root name servers. If there are no NS records for the top-level
- domain, the lookup fails.
-
- For example, ${lookup dnsdb{zns=xxx.quercite.com}} returns the name
- servers for quercite.com, whereas ${lookup dnsdb{zns=xxx.edu}} returns
- the name servers for edu, assuming in each case that there are no NS
- records for the full domain name.
-
- You should be careful about how you use this lookup because, unless the
- top-level domain does not exist, the lookup will always return some host
- names. The sort of use to which this might be put is for seeing if the name
- servers for a given domain are on a blacklist. You can probably assume that
- the name servers for the high-level domains such as .com or .co.uk are not
- going to be on such a list.
-
-13. It is now possible to specify a list of domains or IP addresses to be
- looked up in a dnsdb lookup. The list is specified in the normal Exim way,
- with colon as the default separator, but with the ability to change this.
- For example:
-
- ${lookup dnsdb{one.domain.com:two.domain.com}}
- ${lookup dnsdb{a=one.host.com:two.host.com}}
- ${lookup dnsdb{ptr = <; 1.2.3.4 ; 4.5.6.8}}
-
- In order to retain backwards compatibility, there is one special case: if
- the lookup type is PTR and no change of separator is specified, Exim looks
- to see if the rest of the string is precisely one IPv6 address. In this
- case, it does not treat it as a list.
-
- The data from each lookup is concatenated, with newline separators (by
- default - see 14 below), in the same way that multiple DNS records for a
- single item are handled.
-
- The lookup fails only if all the DNS lookups fail. As long as at least one
- of them yields some data, the lookup succeeds. However, if there is a
- temporary DNS error for any of them, the lookup defers.
-
-14. It is now possible to specify the character to be used as a separator when
- a dnsdb lookup returns data from more than one DNS record. The default is a
- newline. To specify a different character, put '>' followed by the new
- character at the start of the query. For example:
-
- ${lookup dnsdb{>: a=h1.test.ex:h2.test.ex}}
- ${lookup dnsdb{>| mx=<;m1.test.ex;m2.test.ex}}
-
- It is permitted to specify a space as the separator character. Note that
- more than one DNS record can be found for a single lookup item; this
- feature is relevant even when you do not specify a list.
-
- The same effect could be achieved by wrapping the lookup in ${tr...}; this
- feature is just a syntactic simplification.
-
-15. It is now possible to supply a list of domains and/or IP addresses to be
- lookup up in a DNS blacklist. Previously, only a single domain name could
- be given, for example:
-
- dnslists = black.list.tld/$sender_host_name
-
- What follows the slash can now be a list. As with all lists, the default
- separator is a colon. However, because this is a sublist within the list of
- DNS blacklist domains, it is necessary either to double the separators like
- this:
-
- dnslists = black.list.tld/name.1::name.2
-
- or to change the separator character, like this:
-
- dnslists = black.list.tld/<;name.1;name.2
-
- If an item in the list is an IP address, it is inverted before the DNS
- blacklist domain is appended. If it is not an IP address, no inversion
- occurs. Consider this condition:
-
- dnslists = black.list.tls/<;192.168.1.2;a.domain
-
- The DNS lookups that occur are for
-
- 2.1.168.192.black.list.tld and a.domain.black.list.tld
-
- Once a DNS record has been found (that matches a specific IP return
- address, if specified), no further lookups are done.
-
-16. The log selector queue_time_overall causes Exim to output the time spent on
- the queue as an addition to the "Completed" message. Like queue_time (which
- puts the queue time on individual delivery lines), the time is tagged with
- "QT=", and it is measured from the time that the message starts to be
- received, so it includes the reception time.
-
-
-Version 4.43
-------------
-
- 1. There is a new Boolean global option called mua_wrapper, defaulting false.
- This causes Exim to run an a restricted mode, in order to provide a very
- specific service.
-
- Background: On a personal computer, it is a common requirement for all
- email to be sent to a smarthost. There are plenty of MUAs that can be
- configured to operate that way, for all the popular operating systems.
- However, there are MUAs for Unix-like systems that cannot be so configured:
- they submit messages using the command line interface of
- /usr/sbin/sendmail. In addition, utility programs such as cron submit
- messages this way.
-
- Requirement: The requirement is for something that can provide the
- /usr/sbin/sendmail interface and deliver messages to a smarthost, but not
- provide any queueing or retrying facilities. Furthermore, the delivery to
- the smarthost should be synchronous, so that if it fails, the sending MUA
- is immediately informed. In other words, we want something that in effect
- converts a command-line MUA into a TCP/SMTP MUA.
-
- Solutions: There are a number of applications (for example, ssmtp) that do
- this job. However, people have found them to be lacking in various ways.
- For instance, some sites want to allow aliasing and forwarding before
- sending to the smarthost.
-
- Using Exim: Exim already had the necessary infrastructure for doing this
- job. Just a few tweaks were needed to make it behave as required, though it
- is somewhat of an overkill to use a fully-featured MTA for this purpose.
-
- Setting mua_wrapper=true causes Exim to run in a special mode where it
- assumes that it is being used to "wrap" a command-line MUA in the manner
- just described.
-
- If you set mua_wrapper=true, you also need to provide a compatible router
- and transport configuration. Typically there will be just one router and
- one transport, sending everything to a smarthost.
-
- When run in MUA wrapping mode, the behaviour of Exim changes in the
- following ways:
-
- (a) A daemon cannot be run, nor will Exim accept incoming messages from
- inetd. In other words, the only way to submit messages is via the
- command line.
-
- (b) Each message is synchonously delivered as soon as it is received (-odi
- is assumed). All queueing options (queue_only, queue_smtp_domains,
- control=queue, control=freeze in an ACL etc.) are quietly ignored. The
- Exim reception process does not finish until the delivery attempt is
- complete. If the delivery was successful, a zero return code is given.
-
- (c) Address redirection is permitted, but the final routing for all
- addresses must be to the same remote transport, and to the same list of
- hosts. Furthermore, the return_address must be the same for all
- recipients, as must any added or deleted header lines. In other words,
- it must be possible to deliver the message in a single SMTP
- transaction, however many recipients there are.
-
- (d) If the conditions in (c) are not met, or if routing any address results
- in a failure or defer status, or if Exim is unable to deliver all the
- recipients successfully to one of the hosts immediately, delivery of
- the entire message fails.
-
- (e) Because no queueing is allowed, all failures are treated as permanent;
- there is no distinction between 4xx and 5xx SMTP response codes from
- the smarthost. Furthermore, because only a single yes/no response can
- be given to the caller, it is not possible to deliver to some
- recipients and not others. If there is an error (temporary or
- permanent) for any recipient, all are failed.
-
- (f) If more than one host is listed, Exim will try another host after a
- connection failure or a timeout, in the normal way. However, if this
- kind of failure happens for all the hosts, the delivery fails.
-
- (g) When delivery fails, an error message is written to the standard error
- stream (as well as to Exim's log), and Exim exits to the caller with a
- return code value 1. The message is expunged from Exim's spool files.
- No bounce messages are ever generated.
-
- (h) No retry data is maintained, and any retry rules are ignored.
-
- (i) A number of Exim options are overridden: deliver_drop_privilege is
- forced true, max_rcpt in the smtp transport is forced to "unlimited",
- remote_max_parallel is forced to one, and fallback hosts are ignored.
-
- The overall effect is that Exim makes a single synchronous attempt to
- deliver the message, failing if there is any kind of problem. Because no
- local deliveries are done and no daemon can be run, Exim does not need root
- privilege. It should be possible to run it setuid=exim instead of
- setuid=root. See section 48.3 in the 4.40 manual for a general discussion
- about the advantages and disadvantages of running without root privilege.
-
- 2. There have been problems with DNS servers when SRV records are looked up.
- Some mis-behaving servers return a DNS error or timeout when a non-existent
- SRV record is sought. Similar problems have in the past been reported for
- MX records. The global dns_again_means_nonexist option can help with this
- problem, but it is heavy-handed because it is a global option. There are
- now two new options for the dnslookup router. They are called
- srv_fail_domains and mx_fail_domains. In each case, the value is a domain
- list. If an attempt to look up an SRV or MX record results in a DNS failure
- or "try again" response, and the domain matches the relevant list, Exim
- behaves as if the DNS had responded "no such record". In the case of an SRV
- lookup, this means that the router proceeds to look for MX records; in the
- case of an MX lookup, it proceeds to look for A or AAAA records, unless the
- domain matches mx_domains.
-
- 3. The following functions are now available in the local_scan() API:
-
- (a) void header_remove(int occurrence, uschar *name)
-
- This function removes header lines. If "occurrence" is zero or negative,
- all occurrences of the header are removed. If occurrence is greater
- than zero, that particular instance of the header is removed. If no
- header(s) can be found that match the specification, the function does
- nothing.
-
- (b) BOOL header_testname(header_line *hdr, uschar *name, int length,
- BOOL notdel)
-
- This function tests whether the given header has the given name. It
- is not just a string comparison, because whitespace is permitted
- between the name and the colon. If the "notdel" argument is TRUE, a
- FALSE return is forced for all "deleted" headers; otherwise they are
- not treated specially. For example:
-
- if (header_testname(h, US"X-Spam", 6, TRUE)) ...
-
- (c) void header_add_at_position(BOOL after, uschar *name, BOOL topnot,
- int type, char *format, ...)
-
- This function adds a new header line at a specified point in the header
- chain. If "name" is NULL, the new header is added at the end of the
- chain if "after" is TRUE, or at the start if "after" is FALSE. If
- "name" is not NULL, the headers are searched for the first non-deleted
- header that matches the name. If one is found, the new header is added
- before it if "after" is FALSE. If "after" is true, the new header is
- added after the found header and any adjacent subsequent ones with the
- same name (even if marked "deleted"). If no matching non-deleted header
- is found, the "topnot" option controls where the header is added. If it
- is TRUE, addition is at the top; otherwise at the bottom. Thus, to add
- a header after all the Received: headers, or at the top if there are no
- Received: headers, you could use
-
- header_add_at_position(TRUE, US"Received", TRUE, ' ', "X-xxx: ...");
-
- Normally, there is always at least one non-deleted Received: header,
- but there may not be if received_header_text expands to an empty
- string.
-
- (d) BOOL receive_remove_recipient(uschar *recipient)