<author><firstname>Philip</firstname><surname>Hazel</surname></author>
<authorinitials>PH</authorinitials>
<revhistory><revision>
- <revnumber>4.75</revnumber>
- <date>21 Feb 2011</date>
+ <revnumber>4.76</revnumber>
+ <date>06 May 2011</date>
<authorinitials>PH</authorinitials>
</revision></revhistory>
<copyright><year>2010</year><holder>University of Cambridge</holder></copyright>
.chapter "Forwarding and filtering in Exim" "CHAPforandfilt"
This document describes the user interfaces to Exim's in-built mail filtering
facilities, and is copyright © University of Cambridge 2007. It
-corresponds to Exim version 4.75.
+corresponds to Exim version 4.76.
. /////////////////////////////////////////////////////////////////////////////
.set previousversion "4.75"
-.set version "4.75"
+.set version "4.76"
.set ACL "access control lists (ACLs)"
.set I " "
<bookinfo>
<title>Specification of the Exim Mail Transfer Agent</title>
<titleabbrev>The Exim MTA</titleabbrev>
-<date>21 Jan 2011</date>
+<date>06 May 2011</date>
<author><firstname>Exim</firstname><surname>Maintainers</surname></author>
<authorinitials>EM</authorinitials>
<revhistory><revision>
- <revnumber>4.75</revnumber>
- <date>21 Feb 2011</date>
+ <revnumber>4.76</revnumber>
+ <date>06 May 2011</date>
<authorinitials>EM</authorinitials>
</revision></revhistory>
<copyright><year>2011</year><holder>University of Cambridge</holder></copyright>
PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
+TK/01 Updated PolarSSL code to 0.14.2.
+ Bugzilla 1097. Patch from Andreas Metzler.
+
PP/07 Catch divide-by-zero in ${eval:...}.
Fixes bugzilla 1102.
PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed.
Bugzilla 1104.
+TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
+ format-string attack.
+
Exim version 4.75
-----------------
PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim
run-time user, instead of root.
-PP/28 Add WHITELIST_D_MACROS option to let some macros be overriden by the
+PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the
Exim run-time user without dropping privileges.
DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
2. A new pipe transport option, "permit_coredumps", may help with problem
diagnosis in some scenarios. Note that Exim is typically installed as
a setuid binary, which on most OSes will inhibit coredumps by default,
- so that safety mechanism would have to be overriden for this option to
+ so that safety mechanism would have to be overridden for this option to
be able to take effect.
3. ClamAV 0.95 is now required for ClamAV support in Exim, unless
forward, we recommend using TRUSTED_CONFIG_LIST with shim configs that
include the main config. As a transition mechanism, we are temporarily
providing a work-around: the new build option WHITELIST_D_MACROS provides
- a colon-separated list of macro names which may be overriden by the Exim
+ a colon-separated list of macro names which may be overridden by the Exim
run-time user. The values of these macros are constrained to the regex
^[A-Za-z0-9_/.-]*$ (which explicitly does allow for empty values).
the Exim run-time user may safely pass without dropping privileges.
Because changes to this involve a recompile, this is not the recommended
approach but may ease transition. The values of the macros, when
- overriden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$
+ overridden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$
* The system_filter_user option now defaults to the Exim run-time user,
rather than root. You can still set it explicitly to root and this
*/
void
-log_write(unsigned int selector, int flags, char *format, ...)
+log_write(unsigned int selector, int flags, const char *format, ...)
{
va_list ap;
va_start(ap, format);
#
# As a strictly transient measure to ease migration to 4.73, the
# WHITELIST_D_MACROS value definies a colon-separated list of macro-names
-# which are permitted to be overriden from the command-line which will be
+# which are permitted to be overridden from the command-line which will be
# honoured by the Exim user. So these are macros that can persist to delivery
# time.
# Examples might be -DTLS or -DSPOOL=/some/dir. The values on the
return FALSE;
}
}
-DEBUG(D_any) debug_printf("macros_trusted overriden to true by whitelisting\n");
+DEBUG(D_any) debug_printf("macros_trusted overridden to true by whitelisting\n");
return TRUE;
#endif
}
This program does not perfectly handle messages whose received
and delivered log lines are in different files, which can happen
when you have multiple mail servers and a message cannot be
-immeadiately delivered. Fixing this could be tricky...
+immediately delivered. Fixing this could be tricky...
Merging of xls files is not (yet) possible. Be free to implement :)
=item NUMERIC
-Valid comparisons are <, <=, >, >=, ==, and !=. Numbers can be integers or floats. Any number in a test suffixed with d, h, m, s, M, K, or B will be mulitplied by 86400, 3600, 60, 1, 1048576, 1024, or 1 respectively. Examples of valid numeric tests:
+Valid comparisons are <, <=, >, >=, ==, and !=. Numbers can be integers or floats. Any number in a test suffixed with d, h, m, s, M, K, or B will be multiplied by 86400, 3600, 60, 1, 1048576, 1024, or 1 respectively. Examples of valid numeric tests:
'$message_age >= 3d'
'$local_interface == 587'
'$message_size < 30K'
=item NEGATION
-There are many ways to negate tests, each having a reason for existing. Many tests can be negated using native operators. For instance, >1 is the opposite of <=1 and eq and ne are opposites. In addition, each individual test can be negated by adding a ! at the beginning of the test. For instance, '!$acl_m1 =~ /^DENY$/' is the same as '$acl_m1 !~ /^DENY$/'. Finally, every test can be specified by using the command line argument --not. This is functionally equivilant to adding a ! to the beginning of every test.
+There are many ways to negate tests, each having a reason for existing. Many tests can be negated using native operators. For instance, >1 is the opposite of <=1 and eq and ne are opposites. In addition, each individual test can be negated by adding a ! at the beginning of the test. For instance, '!$acl_m1 =~ /^DENY$/' is the same as '$acl_m1 !~ /^DENY$/'. Finally, every test can be specified by using the command line argument --not. This is functionally equivalent to adding a ! to the beginning of every test.
=back
extern ip_address_item *os_common_find_running_interfaces(void);
#endif
-/* If these exist as a macro, then they're overriden away from us and we
+/* If these exist as a macro, then they're overridden away from us and we
rely upon the system headers to provide prototype declarations for us.
Notably, strsignal() is not in the Single Unix Specification (v3) and
predicting constness is awkward. */
/* See the file NOTICE for conditions of use and distribution. */
/* This is bumped by the Exim Maintainers, the release engineer: */
-#define EXIM_RELEASE_VERSION_STR "4.75"
+#define EXIM_RELEASE_VERSION_STR "4.76"
/* If you apply extensive local patches, consider putting -foo into here */
#define EXIM_VARIANT_VERSION ""
next if /^changing group to \d+ failed: Operation not permitted/;
# We invoke Exim with -D, so we hit this new messag as of Exim 4.73:
- next if /^macros_trusted overriden to true by whitelisting/;
+ next if /^macros_trusted overridden to true by whitelisting/;
# We have to omit the localhost ::1 address so that all is well in
# the IPv4-only case.
git://git.exim.org / exim.git / commitdiff