test from the snapshots or the CVS before the documentation is updated. Once
the documentation is updated, this file is reduced to a short list.
+Version 4.86
+------------
+
+ 1. Support for using the system standard CA bundle.
+
+ 2. New expansion items $config_file, $config_dir, containing the file
+ and directory name of the main configuration file. Also $exim_version.
+
+ 3. New "malware=" support for Avast.
+
+ 4. New "spam=" variant option for Rspamd.
+
+ 5. Assorted options on malware= and spam= scanners.
+
+ 6. A commandline option to write a comment into the logfile.
+
+Version 4.85
+------------
+
+ 1. If built with EXPERIMENTAL_DANE feature enabled, Exim will follow the
+ DANE smtp draft to assess a secure chain of trust of the certificate
+ used to establish the TLS connection based on a TLSA record in the
+ domain of the sender.
+
+ 2. The EXPERIMENTAL_TPDA feature has been renamed to EXPERIMENTAL_EVENT
+ and several new events have been created. The reason is because it has
+ been expanded beyond just firing events during the transport phase. Any
+ existing TPDA transport options will have to be rewritten to use a new
+ $event_name expansion variable in a condition. Refer to the
+ experimental-spec.txt for details and examples.
+
+ 3. The EXPERIMENTAL_CERTNAMES features is an enhancement to verify that
+ server certs used for TLS match the result of the MX lookup. It does
+ not use the same mechanism as DANE.
+
+
+Version 4.84
+------------
+
+
Version 4.83
------------
4. New malware type "sock". Talks over a Unix or TCP socket, sending one
command line and matching a regex against the return data for trigger
- and a second regex to extract malware_name. The mail spoofile name can
+ and a second regex to extract malware_name. The mail spoolfile name can
be included in the command line.
5. The smtp transport now supports options "tls_verify_hosts" and
7. New command-line option -C for exiqgrep to specify alternate exim.conf
file when searching the queue.
- 8. EXPERIMENTAL_OCSP now supports GnuTLS also, if you have version 3.1.3
- or later of that.
+ 8. OCSP now supports GnuTLS also, if you have version 3.1.3 or later of that.
9. Support for DNSSEC on outbound connections.
10. New variables "tls_(in,out)_(our,peer)cert" and expansion item
"certextract" to extract fields from them. Hash operators md5 and sha1
- work over them for generating fingerprints.
+ work over them for generating fingerprints, and a new sha256 operator
+ for them added.
+
+11. PRDR is now supported dy default.
+
+12. OCSP stapling is now supported by default.
+
+13. If built with the EXPERIMENTAL_DSN feature enabled, Exim will output
+ Delivery Status Notification messages in MIME format, and negociate
+ DSN features per RFC 3461.
Version 4.82