-This file contains descriptions of new features that have been added to Exim,
-but have not yet made it into the main manual (which is most conveniently
-updated when there is a relatively large batch of changes). The doc/ChangeLog
-file contains a listing of all changes, including bug fixes.
-
-Exim version 4.53
------------------
-
-TK/01 Added the "success_on_redirect" address verification option. When an
- address generates new addresses during routing, Exim will abort
- verification with "success" when more than one address has been
- generated, but continue to verify a single new address. The latter
- does not happen when the new "success_on_redirect" option is set, like
-
- require verify = recipient/success_on_redirect/callout=10s
-
- In that case, verification will succeed when a router generates a new
- address.
-
-
-Exim version 4.52
------------------
-
-TF/01 Support for checking Client SMTP Authorization has been added. CSA is a
- system which allows a site to advertise which machines are and are not
- permitted to send email. This is done by placing special SRV records in
- the DNS, which are looked up using the client's HELO domain. At this
- time CSA is still an Internet-Draft.
-
- Client SMTP Authorization checks are performed by the ACL condition
- verify=csa. This will fail if the client is not authorized. If there is
- a DNS problem, or if no valid CSA SRV record is found, or if the client
- is authorized, the condition succeeds. These three cases can be
- distinguished using the expansion variable $csa_status, which can take
- one of the values "fail", "defer", "unknown", or "ok". The condition
- does not itself defer because that would be likely to cause problems
- for legitimate email.
-
- The error messages produced by the CSA code include slightly more
- detail. If $csa_status is "defer" this may be because of problems
- looking up the CSA SRV record, or problems looking up the CSA target
- address record. There are four reasons for $csa_status being "fail":
- the client's host name is explicitly not authorized; the client's IP
- address does not match any of the CSA target IP addresses; the client's
- host name is authorized but it has no valid target IP addresses (e.g.
- the target's addresses are IPv6 and the client is using IPv4); or the
- client's host name has no CSA SRV record but a parent domain has
- asserted that all subdomains must be explicitly authorized.
-
- The verify=csa condition can take an argument which is the domain to
- use for the DNS query. The default is verify=csa/$sender_helo_name.
-
- This implementation includes an extension to CSA. If the query domain
- is an address literal such as [192.0.2.95], or if it is a bare IP
- address, Exim will search for CSA SRV records in the reverse DNS as if
- the HELO domain was e.g. 95.2.0.192.in-addr.arpa. Therefore it is
- meaningful to say, for example, verify=csa/$sender_host_address - in
- fact, this is the check that Exim performs if the client does not say
- HELO. This extension can be turned off by setting the main
- configuration option dns_csa_use_reverse = false.
-
- If a CSA SRV record is not found for the domain itself, then a search
- is performed through its parent domains for a record which might be
- making assertions about subdomains. The maximum depth of this search is
- limited using the main configuration option dns_csa_search_limit, which
- takes the value 5 by default. Exim does not look for CSA SRV records in
- a top level domain, so the default settings handle HELO domains as long
- as seven (hostname.five.four.three.two.one.com) which encompasses the
- vast majority of legitimate HELO domains.
-
- The dnsdb lookup also has support for CSA. Although dnsdb already
- supports SRV lookups, this is not sufficient because of the extra
- parent domain search behaviour of CSA, and (as with PTR lookups)
- dnsdb also turns IP addresses into lookups in the reverse DNS space.
- The result of ${lookup dnsdb {csa=$sender_helo_name} } has two
- space-separated fields: an authorization code and a target host name.
- The authorization code can be "Y" for yes, "N" for no, "X" for explicit
- authorization required but absent, or "?" for unknown.
-
-PH/01 The amount of output produced by the "make" process has been reduced,
- because the compile lines are often rather long, making it all pretty
- unreadable. The new style is along the lines of the 2.6 Linux kernel:
- just a short line for each module that is being compiled or linked.
- However, it is still possible to get the full output, by calling "make"
- like this:
-
- FULLECHO='' make -e
-
- The value of FULLECHO defaults to "@", the flag character that suppresses
- command reflection in "make". When you ask for the full output, it is
- given in addition to the the short output.
-
-TF/02 There have been two changes concerned with submission mode:
-
- Until now submission mode always left the return path alone, whereas
- locally-submitted messages from untrusted users have the return path
- fixed to the user's email address. Submission mode now fixes the return
- path to the same address as is used to create the Sender: header. If
- /sender_retain is specified then both the Sender: header and the return
- path are left alone.
-
- Note that the changes caused by submission mode take effect after the
- predata ACL. This means that any sender checks performed before the
- fix-ups will use the untrusted sender address specified by the user, not
- the trusted sender address specified by submission mode. Although this
- might be slightly unexpected, it does mean that you can configure ACL
- checks to spot that a user is trying to spoof another's address, for
- example.
-
- There is also a new /name= option for submission mode which allows you
- to specify the user's full name to be included in the Sender: header.
- For example:
-
- accept authenticated = *
- control = submission/name=${lookup {$authenticated_id} \
- lsearch {/etc/exim/namelist} }
-
- The namelist file contains entries like
-
- fanf: Tony Finch
-
- And the resulting Sender: header looks like
-
- Sender: Tony Finch <fanf@exim.org>
-
-TF/03 The control = fakereject ACL modifier now has a fakedefer counterpart,
- which works in exactly the same way except it causes a fake SMTP 450
- response after the message data instead of a fake SMTP 550 response.
- You must take care when using fakedefer because it will cause messages
- to be duplicated when the sender retries. Therefore you should not use
- fakedefer if the message will be delivered normally.
-
-TF/04 There is a new ratelimit ACL condition which can be used to measure
- and control the rate at which clients can send email. This is more
- powerful than the existing smtp_ratelimit_* options, because those
- options only control the rate of commands in a single SMTP session,
- whereas the new ratelimit condition works across all connections
- (concurrent and sequential) to the same host.
-
- The syntax of the ratelimit condition is:
-
- ratelimit = <m> / <p> / <options> / <key>
-
- If the average client sending rate is less than m messages per time
- period p then the condition is false, otherwise it is true.
-
- The parameter p is the smoothing time constant, in the form of an Exim
- time interval e.g. 8h for eight hours. A larger time constant means it
- takes Exim longer to forget a client's past behaviour. The parameter m is
- the maximum number of messages that a client can send in a fast burst. By
- increasing both m and p but keeping m/p constant, you can allow a client
- to send more messages in a burst without changing its overall sending
- rate limit. Conversely, if m and p are both small then messages must be
- sent at an even rate.
-
- The key is used to look up the data used to calcluate the client's
- average sending rate. This data is stored in a database maintained by
- Exim in its spool directory alongside the retry database etc. For
- example, you can limit the sending rate of each authenticated user,
- independent of the computer they are sending from, by setting the key
- to $authenticated_id. The default key is $sender_host_address.
-
- Each ratelimit condition can have up to two options. The first option
- specifies what Exim measures the rate of, and the second specifies how
- Exim handles excessively fast clients.
-
- The per_mail option means that it measures the client's rate of sending
- messages. This is the default if none of the per_* options is specified.
-
- The per_conn option means that it measures the client's connection rate.
-
- The per_byte option limits the sender's email bandwidth. Note that it
- is best to use this option in the DATA ACL; if it is used in an earlier
- ACL it relies on the SIZE parameter on the MAIL command, which may be
- inaccurate or completely missing. You can follow the limit m in the
- configuration with K, M, or G to specify limits in kilobytes,
- megabytes, or gigabytes respectively.
-
- The per_cmd option means that Exim recomputes the rate every time the
- condition is processed, which can be used to limit the SMTP command rate.
- The alias per_rcpt is provided for use in the RCPT ACL instead of per_cmd
- to make it clear that the effect is to limit the rate at which recipients
- are accepted. Note that in this case the rate limiting engine will see a
- message with many recipients as a large high-speed burst.
-
- If a client's average rate is greater than the maximum, the rate
- limiting engine can react in two possible ways, depending on the
- presence of the strict or leaky options. This is independent of the
- other counter-measures (e.g. rejecting the message) that may be
- specified by the rest of the ACL. The default mode is leaky, which
- avoids a sender's over-aggressive retry rate preventing it from getting
- any email through.
-
- The strict option means that the client's recorded rate is always
- updated. The effect of this is that Exim measures the client's average
- rate of attempts to send email, which can be much higher than the
- maximum. If the client is over the limit it will be subjected to
- counter-measures until it slows down below the maximum rate.
-
- The leaky option means that the client's recorded rate is not updated
- if it is above the limit. The effect of this is that Exim measures the
- client's average rate of successfully sent email, which cannot be
- greater than the maximum. If the client is over the limit it will
- suffer some counter-measures, but it will still be able to send email
- at the configured maximum rate, whatever the rate of its attempts.
-
- As a side-effect, the ratelimit condition will set the expansion
- variables $sender_rate containing the client's computed rate,
- $sender_rate_limit containing the configured value of m, and
- $sender_rate_period containing the configured value of p.
-
- Exim's other ACL facilities are used to define what counter-measures
- are taken when the rate limit is exceeded. This might be anything from
- logging a warning (e.g. while measuring existing sending rates in order
- to define our policy), through time delays to slow down fast senders,
- up to rejecting the message. For example,
-
- # Log all senders' rates
- warn
- ratelimit = 0 / 1h / strict
- log_message = \
- Sender rate $sender_rate > $sender_rate_limit / $sender_rate_period
-
- # Slow down fast senders
- warn
- ratelimit = 100 / 1h / per_rcpt / strict
- delay = ${eval: 10 * ($sender_rate - $sender_rate_limit) }
-
- # Keep authenticated users under control
- deny
- ratelimit = 100 / 1d / strict / $authenticated_id
-
- # System-wide rate limit
- defer
- message = Sorry, too busy. Try again later.
- ratelimit = 10 / 1s / $primary_hostname
-
- # Restrict incoming rate from each host, with a default rate limit
- # set using a macro and special cases looked up in a table.
- defer
- message = Sender rate $sender_rate exceeds \
- $sender_rate_limit messages per $sender_rate_period
- ratelimit = ${lookup {$sender_host_address} \
- cdb {DB/ratelimits.cdb} \
- {$value} {RATELIMIT} }
-
- Warning: if you have a busy server with a lot of ratelimit tests,
- especially with the per_rcpt option, you may suffer from a performance
- bottleneck caused by locking on the ratelimit hints database. Apart from
- making your ACLs less complicated, you can reduce the problem by using a
- RAM disk for Exim's hints directory, /var/spool/exim/db/. However this
- means that Exim will lose its hints data after a reboot (including retry
- hints, the callout cache, and ratelimit data).
-
-TK/01 Added an 'spf' lookup type that will return an SPF result for a given
- email address (the key) and an IP address (the database):
-
- ${lookup {tom@duncanthrax.net} spf{217.115.139.137}}
-
- The lookup will return the same result strings as they can appear in
- $spf_result (pass,fail,softfail,neutral,none,err_perm,err_temp). The
- lookup is armored in EXPERIMENTAL_SPF. Currently, only IPv4 addresses
- are supported.
-
- Patch submitted by Chris Webb <chris@arachsys.com>.
-
-PH/02 There's a new verify callout option, "fullpostmaster", which first acts
- as "postmaster" and checks the recipient <postmaster@domain>. If that
- fails, it tries just <postmaster>, without a domain, in accordance with
- the specification in RFC 2821.
-
-PH/03 The action of the auto_thaw option has been changed. It no longer applies
- to frozen bounce messages.
-
-TK/02 There are two new expansion items to help with the implementation of
- the BATV "prvs" scheme in an Exim configuration:
-
-
- ${prvs {<ADDRESS>}{<KEY>}{[KEYNUM]}}
-
- The "prvs" expansion item takes three arguments: A qualified RFC2821
- email address, a key and an (optional) key number. All arguments are
- expanded before being used, so it is easily possible to lookup a key
- and key number using the address as the lookup key. The key number is
- optional and defaults to "0". The item will expand to a "prvs"-signed
- email address, to be typically used with the "return_path" option on
- a smtp transport. The decision if BATV should be used with a given
- sender/recipient pair should be done on router level, to avoid having
- to set "max_rcpt = 1" on the transport.
-
-
- ${prvscheck {<ADDRESS>}{<SECRET>}{<RETURN_STRING>}}
-
- The "prvscheck" expansion item takes three arguments. Argument 1 is
- expanded first. When the expansion does not yield a SYNTACTICALLY
- valid "prvs"-scheme address, the whole "prvscheck" item expands to
- the empty string. If <ADDRESS> is a "prvs"-encoded address after
- expansion, two expansion variables are set up:
+This file contains descriptions of new features that have been added to Exim.
+Before a formal release, there may be quite a lot of detail so that people can
+test from the snapshots or the Git before the documentation is updated. Once
+the documentation is updated, this file is reduced to a short list.
+
+Version 4.98
+------------
+ 1. A sieve_inbox option for redirect routers
+
+ 2. A "connection_id" variable
+
+ 3. Events smtp:fail:protocol and smtp:fail:syntax
+
+ 4. JSON lookup support, all the router drivers except manualroute, all the
+ transport drivers except smtp, and all the authenticator drivers except
+ plaintext, gsasl and spa can now be built as loadable modules
+
+Version 4.98
+------------
+ 1. The dkim_status ACL condition may now be used in data ACLs
+
+ 2. The dkim_verbose logging control also enables logging of signing
+
+ 3. The dkim_timestamps signing option now accepts zero to include a current
+ timestamp but no expiry timestamp. Code by Simon Arlott; testsuite
+ additions by jgh
+
+ 4. The recipients_max main option is now expanded
+
+ 5. Setting variables for "exim -be" can set a tainted value
+
+ 6. A dns:fail event
+
+ 7. The dsearch lookup supports search for a sub-path
+
+ 8. Include mailtest utility for simple connection checking
+
+ 9. Add SMTP WELLKNOWN extension
+
+ 10. Sqlite3 can be used for the hints databases (vs. DBD, NDB, GBDM, TDB).
+ Add "USE_SQLITE = y" and "DBMLIB = -lsqlite3" in Local/Makefile, to
+ override the settings done in the OS/Makefile-<platform> file
+
+Version 4.97
+------------
+
+ 1. The expansion-test facility (exim -be) can set variables.
+
+ 2. An event on a failing SMTP AUTH, for both client and server operations.
+
+ 3. Variable $sender_helo_verified with the result of an ACL "verify = helo".
+
+ 4. Predefined macros for expansion items, operators, conditions and variables.
+
+ 5. The smtp transport option "max_rcpt" is now expanded before use.
+
+ 6. The tls_eccurve option for OpenSSL now takes a list of group names.
+
+ 7. Queue runners for several queues can now be started from one daemon.
+
+ 8. New utility exim_msgdate converts message-ids to human readable format.
+
+ 9. An expansion operator for wrapping long header lines.
+
+ 10. A commandline option to print just the message IDs of the queue
+
+ 11. An option for the ${readsocket } expansion to set an SNI for TLS.
+
+ 12. The ACL remove_header modifier can take a pattern.
+
+ 13. Variable $recipients_list, a properly-quoted exim list.
+
+ 14. A log_selector for an incoming connection ID.
+
+Version 4.96
+------------
+
+ 1. A new ACL condition: seen. Records/tests a timestamp against a key.
+
+ 2. A variant of the "mask" expansion operator to give normalised IPv6.
+
+ 3. UTC output option for exim_dumpdb, exim_fixdb.
+
+ 4. An event for failing TLS connects to the daemon.
+
+ 5. The ACL "debug" control gains options "stop", "pretrigger" and "trigger".
+
+ 6. Query-style lookups are now checked for quoting, if the query string is
+ built using untrusted data ("tainted"). For now lack of quoting is merely
+ logged; a future release will upgrade this to an error.
+
+ 7. The expansion conditions match_<list-type> and inlist now set $value for
+ the expansion of the "true" result of the ${if}. With a static list, this
+ can be used for de-tainting.
+
+ 8. Recipient verify callouts now set $domain_data & $local_part_data, with
+ de-tainted values.
+
+Version 4.95
+------------
+
+ 1. The fast-ramp two phase queue run support, previously experimental, is
+ now supported by default.
+
+ 2. The native SRS support, previously experimental, is now supported. It is
+ not built unless specified in the Local/Makefile.
+
+ 3. TLS resumption support, previously experimental, is now supported and
+ included in default builds.
+
+ 4. Single-key LMDB lookups, previously experimental, are now supported.
+ The support is not built unless specified in the Local/Makefile.
+
+ 5. Option "message_linelength_limit" on the smtp transport to enforce (by
+ default) the RFC 998 character limit.
+
+ 6. An option to ignore the cache on a lookup.
+
+ 7. Quota checking during reception (i.e. at SMTP time) for appendfile-
+ transport-managed quotas.
+
+ 8. Sqlite lookups accept a "file=<path>" option to specify a per-operation
+ db file, replacing the previous prefix to the SQL string (which had
+ issues when the SQL used tainted values).
+
+ 9. Lsearch lookups accept a "ret=full" option, to return both the portion
+ of the line matching the key, and the remainder.
+
+10. A command-line option to have a daemon not create a notifier socket.
+
+11. Faster TLS startup. When various configuration options contain no
+ expandable elements, the information can be preloaded and cached rather
+ than the previous behaviour of always loading at startup time for every
+ connection. This helps particularly for the CA bundle.
+
+12. Proxy Protocol Timeout is configurable via "proxy_protocol_timeout"
+ main config option.
+
+13. Option "smtp_accept_max_per_connection" is now expanded.
+
+14. Log selector "queue_time_exclusive", enabled by default, to exclude the
+ time taken for reception from QT log elements.
+
+15. Main option "smtp_backlog_monitor", to set a level above which listen
+ socket backlogs are logged.
+
+16. Main option "hosts_require_helo", requiring HELO or EHLO before MAIL.
+
+17. A main config option "allow_insecure_tainted_data" allows to turn
+
+18. TLS ALPN handling. By default, refuse TLS connections that try to specify
+ a non-smtp (eg. http) use. Options for customising.
+
+19. Support for MacOS (darwin) has been dropped.
+
+
+Version 4.94
+------------
+
+ 1. EXPERIMENTAL_SRS_NATIVE optional build feature. See the experimental.spec
+ file.
+
+ 2. Channel-binding for authenticators is now supported under OpenSSL.
+ Previously it was GnuTLS-only.
+
+ 3. A msg:defer event.
+
+ 4. Client-side support in the gsasl authenticator. Tested against the
+ plaintext driver for PLAIN; only against itself for SCRAM-SHA-1 and
+ SCRAM-SHA-1-PLUS methods.
+
+ 5. Server-side support in the gsasl authenticator for encrypted passwords, as
+ an alternate for the existing plaintext.
+
+ 6. Variable $local_part_data now also set by router check_local_user option,
+ with an de-tainted version of $local_part.
+
+ 7. Named-list definitions can now be prefixed "hide" so that "-bP" commands do
+ not output the content. Previously this could only be done on options.
+
+ 8. As an experimental feature, the dovecot authentication driver supports inet
+ sockets. Previously it was unix-domain sockets only.
+
+ 9. The ACL control "queue_only" can also be spelled "queue", and now takes an
+ option "first_pass_route" to do the same as a "-odqs" on the command line.
+
+10. Items specified for the router and transport headers_remove option can use
+ a trailing asterisk to specify globbing.
+
+11. New $queue_size variable.
+
+12. New variables $local_part_{pre,suf}fix_v.
+
+13. New main option "sqlite_dbfile", for use in preference to prefixing the
+ lookup string. The older method fails when tainted variables are used
+ in the lookup, as the filename becomes tainted. The new method keeps the
+ filename separate.
+
+14. Options on the dsearch lookup, to return the full path and to filter
+ filetypes for matching.
+
+15. Options on pgsql and mysql lookups, to specify server separate from the
+ lookup string.
+
+16. An option on all single-key lookups, to return (on a hit) a de-tainted
+ version of the lookup key rather than the looked-up data.
+
+17. $domain_data and $local_part_data are now set by all list-match successes.
+ Previously only list items that performed lookups did so.
+ Also, matching list items that are tail-match or RE-match now set the
+ numeric variables $0 (etc) in the same way os other RE matches.
+
+18. Expansion item ${listquote {<char} {<item>}}.
+
+19. An option for the ${readsocket {}{}{}} expansion to make the result data
+ cacheable.
+
+20. dkim_verify_min_keysizes, a list of minimum acceptable public-key sizes.
+
+21. bounce_message_file and warn_message_file are now expanded before use.
+
+22. New main config option spf_smtp_comment_template to customise the
+ $spf_smtp_comment variable
+
+
+
+Version 4.93
+------------
+
+ 1. An "external" authenticator, per RFC 4422 Appendix A.
+
+ 2. A JSON lookup type, and JSON variants of the forall/any expansion conditions.
+
+ 3. Variables $tls_in_cipher_std, $tls_out_cipher_std giving the RFC names
+ for ciphersuites.
+
+ 4. Log_selectors "msg_id" (on by default) and "msg_id_created".
+
+ 5. A case_insensitive option for verify=not_blind.
+
+ 6. EXPERIMENTAL_TLS_RESUME optional build feature. See the experimental.spec
+ file.
+
+ 7. A main option exim_version to override the version Exim
+ reports in verious places ($exim_version, $version_number).
+
+ 8. Expansion operator ${sha2_N:} for N=256, 384, 512.
+
+ 9. Router variables, $r_... settable from router options and usable in routers
+ and transports.
+
+10. The spf lookup now supports IPv6.
+
+11. Main options for DKIM verify to filter hash and key types.
+
+12. With TLS1.3, support for full-chain OCSP stapling.
+
+13. Dual-certificate stacks on servers now support OCSP stapling, under OpenSSL.
+
+14: An smtp:ehlo transport event, for observability of the remote offered features.
+
+15: Support under OpenSSL for writing NSS-style key files for packet-capture
+ decode. The environment variable SSLKEYLOGFILE is used; if an absolute path
+ it must indicate a file under the spool directory; if relative the the spool
+ directory is prepended. Works on the server side only. Support under
+ GnuTLS was already there, being done purely by the library (server side
+ only, and exim must be run as root).
+
+16: Command-line option to move messages from one named queue to another.
+
+17. Variables $tls_in_ver, $tls_out_ver.
+
+
+Version 4.92
+--------------
+
+ 1. ${l_header:<name>} and ${l_h:<name>} expansion items, giving a colon-sep
+ list when there are multiple headers having a given name. This matters
+ when individual headers are wrapped onto multiple lines; with previous
+ facilities hard to parse.
+
+ 2. The ${readsocket } expansion item now takes a "tls" option, doing the
+ obvious thing.
+
+ 3. EXPERIMENTAL_REQUIRETLS and EXPERIMENTAL_PIPE_CONNECT optional build
+ features. See the experimental.spec file.
+
+ 4. If built with SUPPORT_I18N a "utf8_downconvert" option on the smtp transport.
+
+ 5. A "pipelining" log_selector.
+
+ 6. Builtin macros for supported log_selector and openssl_options values.
+
+ 7. JSON variants of the ${extract } expansion item.
+
+ 8. A "noutf8" debug option, for disabling the UTF-8 characters in debug output.
+
+ 9. TCP Fast Open support on MacOS.
+
+Version 4.91
+--------------
+
+ 1. Dual-certificate stacks on servers now support OCSP stapling, under GnuTLS
+ version 3.5.6 or later.
+
+ 2. DANE is now supported under GnuTLS version 3.0.0 or later. Both GnuTLS and
+ OpenSSL versions are moved to mainline support from Experimental.
+ New SMTP transport option "dane_require_tls_ciphers".
+
+ 3. Feature macros for the compiled-in set of malware scanner interfaces.
+
+ 4. SPF support is promoted from Experimental to mainline status. The template
+ src/EDITME makefile does not enable its inclusion.
+
+ 5. Logging control for DKIM verification. The existing DKIM log line is
+ controlled by a "dkim_verbose" selector which is _not_ enabled by default.
+ A new tag "DKIM=<domain>" is added to <= lines by default, controlled by
+ a "dkim" log_selector.
+
+ 6. Receive duration on <= lines, under a new log_selector "receive_time".
+
+ 7. Options "ipv4_only" and "ipv4_prefer" on the dnslookup router and on
+ routing rules in the manualroute router.
+
+ 8. Expansion item ${sha3:<string>} / ${sha3_<N>:<string>} now also supported
+ under OpenSSL version 1.1.1 or later.
+
+ 9. DKIM operations can now use the Ed25519 algorithm in addition to RSA, under
+ GnuTLS 3.6.0 or OpenSSL 1.1.1 or later.
+
+10. Builtin feature-macros _CRYPTO_HASH_SHA3 and _CRYPTO_SIGN_ED25519, library
+ version dependent.
+
+11. "exim -bP macro <name>" returns caller-usable status.
+
+12. Expansion item ${authresults {<machine>}} for creating an
+ Authentication-Results: header.
+
+13. EXPERIMENTAL_ARC. See the experimental.spec file.
+ See also new util/renew-opendmarc-tlds.sh script for use with DMARC/ARC.
+
+14: A dane:fail event, intended to facilitate reporting.
+
+15. "Lightweight" support for Redis Cluster. Requires redis_servers list to
+ contain all the servers in the cluster, all of which must be reachable from
+ the running exim instance. If the cluster has master/slave replication, the
+ list must contain all the master and slave servers.
+
+16. Add an option to the Avast scanner interface: "pass_unscanned". This
+ allows to treat unscanned files as clean. Files may be unscanned for
+ several reasons: decompression bombs, broken archives.
+
+
+Version 4.90
+------------
+
+ 1. PKG_CONFIG_PATH can now be set in Local/Makefile;
+ wildcards will be expanded, values are collapsed.
+
+ 2. The ${readsocket } expansion now takes an option to not shutdown the
+ connection after sending the query string. The default remains to do so.
+
+ 3. An smtp transport option "hosts_noproxy_tls" to control whether multiple
+ deliveries on a single TCP connection can maintain a TLS connection
+ open. By default disabled for all hosts, doing so saves the cost of
+ making new TLS sessions, at the cost of having to proxy the data via
+ another process. Logging is also affected.
+
+ 4. A malware connection type for the FPSCAND protocol.
+
+ 5. An option for recipient verify callouts to hold the connection open for
+ further recipients and for delivery.
+
+ 6. The reproducible build $SOURCE_DATE_EPOCH environment variable is now
+ supported.
+
+ 7. Optionally, an alternate format for spool data-files which matches the
+ wire format - meaning more efficient reception and transmission (at the
+ cost of difficulty with standard Unix tools). Only used for messages
+ received using the ESMTP CHUNKING option, and when a new main-section
+ option "spool_wireformat" (false by default) is set.
+
+ 8. New main configuration option "commandline_checks_require_admin" to
+ restrict who can use various introspection options.
+
+ 9. New option modifier "no_check" for quota and quota_filecount
+ appendfile transport.
+
+10. Variable $smtp_command_history returning a comma-sep list of recent
+ SMTP commands.
+
+11. Millisecond timetamps in logs, on log_selector "millisec". Also affects
+ log elements QT, DT and D, and timstamps in debug output.
+
+12. TCP Fast Open logging. As a server, logs when the SMTP banner was sent
+ while still in SYN_RECV state; as a client logs when the connection
+ is opened with a TFO cookie.
+
+13. DKIM support for multiple signing, by domain and/or key-selector.
+ DKIM support for multiple hashes, and for alternate-identity tags.
+ Builtin macro with default list of signed headers.
+ Better syntax for specifying oversigning.
+ The DKIM ACL can override verification status, and status is visible in
+ the data ACL.
+
+14. Exipick understands -C|--config for an alternative Exim
+ configuration file.
+
+15. TCP Fast Open used, with data-on-SYN, for client SMTP via SOCKS5 proxy,
+ for ${readsocket } expansions, and for ClamAV.
+
+16. The "-be" expansion test mode now supports macros. Macros are expanded
+ in test lines, and new macros can be defined.
+
+17. Support for server-side dual-certificate-stacks (eg. RSA + ECDSA).
+
+
+Version 4.89
+------------
+
+ 1. Allow relative config file names for ".include"
+
+ 2. A main-section config option "debug_store" to control the checks on
+ variable locations during store-reset. Normally false but can be enabled
+ when a memory corruption issue is suspected on a production system.
+
+
+Version 4.88
+------------
+
+ 1. The new perl_taintmode option allows to run the embedded perl
+ interpreter in taint mode.
+
+ 2. New log_selector: dnssec, adds a "DS" tag to acceptance and delivery lines.
+
+ 3. Speculative debugging, via a "kill" option to the "control=debug" ACL
+ modifier.
+
+ 4. New expansion item ${sha3:<string>} / ${sha3_<N>:<string>}.
+ N can be 224, 256 (default), 384, 512.
+ With GnuTLS 3.5.0 or later, only.
+
+ 5. Facility for named queues: A command-line argument can specify
+ the queue name for a queue operation, and an ACL modifier can set
+ the queue to be used for a message. A $queue_name variable gives
+ visibility.
+
+ 6. New expansion operators base32/base32d.
+
+ 7. The CHUNKING ESMTP extension from RFC 3030. May give some slight
+ performance increase and network load decrease. Main config option
+ chunking_advertise_hosts, and smtp transport option hosts_try_chunking
+ for control.
+
+ 8. LMDB lookup support, as Experimental. Patch supplied by Andrew Colin Kissa.
+
+ 9. Expansion operator escape8bit, like escape but not touching newline etc..
+
+10. Feature macros, generated from compile options. All start with "_HAVE_"
+ and go on with some roughly recognisable name. Driver macros, for
+ router, transport and authentication drivers; names starting with "_DRIVER_".
+ Option macros, for each configuration-file option; all start with "_OPT_".
+ Use the "-bP macros" command-line option to see what is present.
+
+11. Integer values for options can take a "G" multiplier.
+
+12. defer=pass option for the ACL control cutthrough_delivery, to reflect 4xx
+ returns from the target back to the initiator, rather than spooling the
+ message.
+
+13. New built-in constants available for tls_dhparam and default changed.
+
+14. If built with EXPERIMENTAL_QUEUEFILE, a queuefile transport, for writing
+ out copies of the message spool files for use by 3rd-party scanners.
+
+15. A new option on the smtp transport, hosts_try_fastopen. If the system
+ supports it (on Linux it must be enabled in the kernel by the sysadmin)
+ try to use RFC 7413 "TCP Fast Open". No data is sent on the SYN segment
+ but it permits a peer that also supports the facility to send its SMTP
+ banner immediately after the SYN,ACK segment rather then waiting for
+ another ACK - so saving up to one roundtrip time. Because it requires
+ previous communication with the peer (we save a cookie from it) this
+ will only become active on frequently-contacted destinations.
+
+16. A new syslog_pid option to suppress PID duplication in syslog lines.
+