TL/02 Experimental Proxy Protocol support: allows a proxied SMTP connection
to extract and use the src ip:port in logging and expansions as if it
- were a direct connection from the outside internet.
+ were a direct connection from the outside internet. PPv2 support was
+ updated based on HAProxy spec change in May 2014.
JH/02 Add ${listextract {number}{list}{success}{fail}}.
Contributed by Michael Fischer v. Mollard.
TL/05 Rename SPF condition results err_perm and err_temp to standardized
- results permerror and temperror. Is a backward incompatibility if
- the ACL tests for either of these two results. Patch contributed by
+ results permerror and temperror. Previous values are deprecated but
+ still accepted. In a future release, err_perm and err_temp will be
+ completely removed, which will be a backward incompatibility if the
+ ACL tests for either of these two old results. Patch contributed by
user bes-internal on the mailing list.
+JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
+
+JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
+ selectors, in both main and reject logs.
+
+JH/06 Log outbound-TLS and port details, subject to log selectors, for a
+ failed delivery.
+
+JH/07 Add malware type "sock" for talking to simple daemon.
+
+JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport.
+
+JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in
+ routers/transports under cutthrough routing.
+
+JH/10 Bugzilla 1005: ACL "condition =" should accept values which are negative
+ numbers. Touch up "bool" conditional to keep the same definition.
+
+TL/06 Remove duplicated language in spec file from 4.82 TL/16.
+
+JH/11 Add dnsdb tlsa lookup. From Todd Lyons.
+
+JH/12 Expand items in router/transport headers_add or headers_remove lists
+ individually rather than the list as a whole. Bug 1452.
+
+ Required for reasonable handling of multiple headers_ options when
+ they may be empty; requires that headers_remove items with embedded
+ colons must have them doubled (or the list-separator changed).
+
+TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly
+ view the policy declared in the DMARC record. Currently, $dmarc_status
+ is a combined value of both the record presence and the result of the
+ analysis.
+
+JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455.
+
+JH/14 New options dnssec_request_domains, dnssec_require_domains on the
+ dnslookup router and the smtp transport (applying to the forward
+ lookup).
+
+TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list
+ of ldap servers used for a specific lookup. Patch provided by Heiko
+ Schlichting.
+
+JH/18 New options dnssec_lax, dnssec_strict on dnsdb lookups.
+ New variable $lookup_dnssec_authenticated for observability.
+
+TL/09 Bugzilla 609: Add -C option to exiqgrep, specify which exim.conf to use.
+ Patch submitted by Lars Timman.
+
+JH/19 EXPERIMENTAL_OCSP support under GnuTLS. Bug 1459.
+
+TL/10 Bugzilla 1454: New -oMm option to pass message reference to Exim.
+ Requires trusted mode and valid format message id, aborts otherwise.
+ Patch contributed by Heiko Schlichting.
+
+JH/20 New expansion variables tls_(in,out)_(our,peer)cert, and expansion item
+ certextract with support for various fields. Bug 1358.
+
+JH/21 Observability of OCSP via variables tls_(in,out)_ocsp. Stapling
+ is requested by default, modifiable by smtp transport option
+ hosts_request_ocsp.
+
+JH/22 Expansion operators ${md5:string} and ${sha1:string} can now
+ operate on certificate variables to give certificate fingerprints
+ Also new ${sha256:cert_variable}.
+
+JH/23 The PRDR feature is moved from being Experimental into the mainline.
+
+TL/11 Bug 1119: fix memory allocation in string_printing2(). Patch from
+ Christian Aistleitner.
+
+JH/24 The OCSP stapling feature is moved from Experimental into the mainline.
+
+TL/12 Bug 1444: Fix improper \r\n sequence handling when writing spool
+ file. Patch from Wolfgang Breyha.
+
+JH/25 Expand the coverage of the delivery $host and $host_address to
+ client authenticators run in verify callout. Bug 1476.
+
+JH/26 Port service names are now accepted for tls_on_connect_ports, to
+ align with daemon_smtp_ports. Bug 72.
+
+TF/03 Fix udpsend. The ip_connectedsocket() function's socket type
+ support and error reporting did not work properly.
+
+TL/13 Bug 1495: Exiqgrep check if -C config file specified on cli exists
+ and is readable. Patch from Andrew Colin Kissa.
+
+TL/14 Enhance documentation of ${run expansion and how it parses the
+ commandline after expansion, particularly in the case when an
+ unquoted variable expansion results in an empty value.
+
+JH/27 The TLS SNI feature was broken in 4.82. Fix it.
+
+PP/02 Fix internal collision of T_APL on systems which support RFC3123
+ by renaming away from it. Addresses GH issue 15, reported by
+ Jasper Wallace.
+
+JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
+
+TL/15 SECURITY: prevent double expansion in math comparison functions
+ (can expand unsanitized data). Not remotely exploitable.
+ CVE-2014-2972
+
+
Exim version 4.82
-----------------
TL/12 Enhanced documentation in the ratelimit.pl script provided in
the src/util/ subdirectory.
-TL/13 Bug 1301 - Imported transport SQL logging patch from Axel Rau
+TL/13 Bug 1031 - Imported transport SQL logging patch from Axel Rau
renamed to Transport Post Delivery Action by Jeremy Harris, as
EXPERIMENTAL_TPDA.