-PH/01 The format in which GnuTLS parameters are written to the gnutls-param
- file in the spool directory has been changed. This change has been made
- to alleviate problems that some people had with the generation of the
- parameters by Exim when /dev/random was exhausted. In this situation,
- Exim would hang until /dev/random acquired some more entropy.
-
- The new code exports and imports the DH and RSA parameters in PEM
- format. This means that the parameters can be generated externally using
- the certtool command that is part of GnuTLS.
-
- To replace the parameters with new ones, instead of deleting the file
- and letting Exim re-create it, you can generate new parameters using
- certtool and, when this has been done, replace Exim's cache file by
- renaming. The relevant commands are something like this:
-
- # rm -f new.params
- # touch new.params
- # chown exim:exim new.params
- # chmod 0400 new.params
- # certtool --generate-privkey --bits 512 >new.params
- # echo "" >>new.params
- # certtool --generate-dh-params --bits 1024 >> new.params
- # mv new.params params
-
- If Exim never has to generate the parameters itself, the possibility of
- stalling is removed.
-
-PH/02 A new expansion item for dynamically loading and calling a locally-
- written C function is now provided, if Exim is compiled with
-
- EXPAND_DLFUNC=yes
-
- set in Local/Makefile. The facility is not included by default (a
- suitable error is given if you try to use it when it is not there.)
-
- If you enable EXPAND_DLFUNC, you should also be aware of the new redirect
- router option forbid_filter_dlfunc. If you have unprivileged users on
- your system who are permitted to create filter files, you might want to
- set forbid_filter_dlfunc=true in the appropriate router, to stop them
- using ${dlfunc to run code within Exim.
+1. There is a new Boolean option called filter_prepend_home for the redirect
+ router. It defaults true, for backward compatibility. If a "save" command in
+ an Exim filter has a relative path for its argument, and $home is defined,
+ it is automatically prepended to the relative path. This action can now be
+ prevented by setting filter_prepend_home false.
+
+2. There is a new acl, set by acl_not_smtp_start, which is run right at the
+ start of receiving a non-SMTP message, before any of the message has been
+ read. (This is the analogue of the acl_smtp_predata ACL for SMTP input.) The
+ result of this ACL is ignored; it cannot be used to reject a message. If
+ you really need to, you could set a value in an ACL variable here and reject
+ based on that in the acl_not_smtp ACL. However, this ACL can be used to set
+ controls, and in particular, it can be used to set control=suppress_local_
+ fixups, which cannot be used in the acl_not_smtp ACL because by the time
+ that ACL is run, it is too late. When the acl_not_smtp_start ACL is run, the
+ sender and recipients are known, so the "senders" and "sender_domains"
+ conditions and $sender_address and $recipients variables can be used.
+ Variables such as $authenticated_ sender are also available. It is possible
+ to specify added header lines in this ACL.
+
+3. When an SMTP error message is specified in a "message" modifier in an ACL,
+ or in a :fail: or :defer: message in a redirect router, Exim now checks the
+ start of the message for an SMTP error code. This consists of three digits
+ followed by a space, optionally followed by an extended code of the form
+ n.n.n, also followed by a space. If this is the case and the very first
+ digit is the same as the default error code, the code from the message is
+ used instead. If the very first digit is incorrect, a panic error is logged,
+ and the default code is used. This is an incompatible change, but it is not
+ expected to affect many (if any) configurations. It is possible to suppress
+ the use of the supplied code in a redirect router by setting the
+ smtp_error_code option false. In this case, any SMTP code is quietly
+ ignored.
+
+4. There is a new parameter for LDAP lookups called "referrals", which takes
+ one of the settings "follow" (the default) or "nofollow". The latter stops
+ the LDAP library from trying to follow referrals issued by the LDAP server.
+
+
+Version 4.62
+------------