$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.147 2005/06/03 14:37:20 steve Exp $ Change log file for Exim from version 4.21 ------------------------------------------- Exim version 4.52 ----------------- TF/01 Added support for Client SMTP Authorization. See NewStuff for details. PH/01 When a transport filter timed out in a pipe delivery, and the pipe command itself ended in error, the underlying message about the transport filter timeout was being overwritten with the pipe command error. Now the underlying error message should be appended to the second error message. TK/01 Fix poll() being unavailable on Mac OSX 10.2. PH/02 Reduce the amount of output that "make" produces by default. Full output can still be requested. PH/03 The warning log line about a condition test deferring for a "warn" verb was being output only once per connection, rather than after each occurrence (because it was using the same function as for successful "warn" verbs). This seems wrong, so I have changed it. TF/02 Two buglets in acl.c which caused Exim to read a few bytes of memory that it should not have, which might have caused a crash in the right circumstances, but probably never did. PH/04 Installed a modified version of Tony Finch's patch to make submission mode fix the return path as well as the Sender: header line, and to add a /name= option so that you can make the user's friendly name appear in the header line. TF/03 Added the control = fakedefer ACL modifier. TF/04 Added the ratelimit ACL condition. See NewStuff for details. TK/02 Rewrote SPF support to work with libspf2 versions >1.2.0. TK/03 Merged latest SRS patch from Miles Wilton. PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts with the definition in sysexits.h (which is #included earlier). Fortunately, Exim does not actually use EX_OK. The code used to try to preserve the sysexits.h value, by assumimg that macro definitions were scanned for macro replacements. I have been disabused of this notion, so now the code just undefines EX_OK before #including unistd.h. PH/06 There is a timeout for writing blocks of data, set by, e.g. data_timeout in the smtp transport. When a block could not be written in a single write() function, the timeout was being re-applied to each part-write. This seems wrong - if the receiver was accepting one byte at a time it would take for ever. The timeout is now adjusted when this happens. It doesn't have to be particularly precise. TK/04 Added simple SPF lookup method in EXPERIMENTAL_SPF. See NewStuff for details. Thanks to Chris Webb for the patch! PH/07 Added "fullpostmaster" verify option, which does a check to without a domain if the check to fails. SC/01 Eximstats: added -xls and the ability to specify output files (patch written by Frank Heydlauf). SC/02 Eximstats: use FileHandles for outputing results. SC/03 Eximstats: allow any combination of xls, txt, and html output. SC/04 Eximstats: fixed display of large numbers with -nvr option SC/05 Eximstats: fixed merging of reports with empty tables. SC/06 Eximstats: added the -include_original_destination flag SC/07 Eximstats: removed tabs and trailing whitespace. Exim version 4.51 ----------------- TK/01 Added Yahoo DomainKeys support via libdomainkeys. See doc/experimental-spec.txt for details. (http://domainkeys.sf.net) TK/02 Fix ACL "control" statement not being available in MIME ACL. TK/03 Fix ACL "regex" condition not being available in MIME ACL. PH/01 Installed a patch from the Sieve maintainer that allows -bf to be used to test Sieve filters that use "vacation". PH/02 Installed a slightly modified version of Nikos Mavrogiannopoulos' patch that changes the way the GnuTLS parameters are stored in the cache file. The new format can be generated externally. For backward compatibility, if the data in the cache doesn't make sense, Exim assumes it has read an old-format file, and it generates new data and writes a new file. This means that you can't go back to an older release without removing the file. PH/03 A redirect router that has both "unseen" and "one_time" set does not work if there are any delivery delays because "one_time" forces the parent to be marked "delivered", so its unseen clone is never tried again. For this reason, Exim now forbids the simultaneous setting of these two options. PH/04 Change 4.11/85 fixed an obscure bug concerned with addresses that are redirected to themselves ("homonym" addresses). Read the long ChangeLog entry if you want to know the details. The fix, however, neglected to consider the case when local delivery batching is involved. The test for "previously delivered" was not happening when checking to see if an address could be batched with a previous (undelivered) one; under certain circumstances this could lead to multiple deliveries to the same address. PH/05 Renamed the macro SOCKLEN_T as EXIM_SOCKLEN_T because AIX uses SOCKLEN_T in its include files, and this causes problems building Exim. PH/06 A number of "verify =" ACL conditions have no options (e.g. verify = header_syntax) but Exim was just ignoring anything given after a slash. In particular, this caused confusion with an attempt to use "verify = reverse_host_lookup/defer_ok". An error is now given when options are supplied for verify items that do not have them. (Maybe reverse_host_ lookup should have a defer_ok option, but that's a different point.) PH/07 Increase the size of the buffer for incoming SMTP commands from 512 (as defined by RFC 821) to 2048, because there were problems with some AUTH commands, and RFC 1869 says the size should be increased for extended SMTP commands that take arguments. PH/08 Added ${dlfunc dynamically loaded function for expansion (code from Tony Finch). PH/09 Previously, an attempt to use ${perl when it wasn't compiled gave an "unknown" error; now it says that the functionality isn't in the binary. PH/10 Added a nasty fudge to try to recognize and flatten LDAP passwords in an address' error message when a string expansion fails (syntax or whatever). Otherwise the password may appear in the log. Following change PH/42 below, there is no longer a chance of it appearing in a bounce message. PH/11 Installed exipick version 20050225.0 from John Jetmore. PH/12 If the last host in a fallback_hosts list was multihomed, only the first of its addresses was ever tried. (Bugzilla bug #2.) PH/13 If "headers_add" in a transport didn't end in a newline, Exim printed the result incorrectly in the debug output. (It correctly added a newline to what was transported.) TF/01 Added $received_time. PH/14 Modified the default configuration to add an acl_smtp_data ACL, with commented out examples of how to interface to a virus scanner and to SpamAssassin. Also added commented examples of av_scanner and spamd_address settings. PH/15 Further to TK/02 and TK/03 above, tidied up the tables of what conditions and controls are allowed in which ACLs. There were a couple of minor errors. Some of the entries in the conditions table (which is a table of where they are NOT allowed) were getting very unwieldy; rewrote them as a negation of where the condition IS allowed. PH/16 Installed updated OS/os.c-cygwin from the Cygwin maintainer. PH/17 The API for radiusclient changed at release 0.4.0. Unfortunately, the header file does not have a version number, so I've had to invent a new value for RADIUS_LIB_TYPE, namely "RADIUSCLIENTNEW" to request the new API. The code is untested by me (my Linux distribution still has 0.3.2 of radiusclient), but it was contributed by a Radius user. PH/18 Installed Lars Mainka's patch for the support of CRL collections in files or directories, for OpenSSL. PH/19 When an Exim process that is running as root has to create an Exim log file, it does so in a subprocess that runs as exim:exim so as to get the ownership right at creation (otherwise, other Exim processes might see the file with the wrong ownership). There was no test for failure of this fork() call, which would lead to the process getting stuck as it waited for a non-existent subprocess. Forks do occasionally fail when resources run out. I reviewed all the other calls to fork(); they all seem to check for failure. PH/20 When checking for unexpected SMTP input at connect time (before writing the banner), Exim was not dealing correctly with a non-positive return from the read() function. If the client had disconnected by this time, the result was a log entry for a synchronization error with an empty string after "input=" when read() returned zero. If read() returned -1 (an event I could not check), uninitialized data bytes were printed. There were reports of junk text (parts of files, etc) appearing after "input=". PH/21 Added acl_not_smtp_mime to allow for MIME scanning for non-SMTP messages. PH/22 Added support for macro redefinition, and (re)definition in between driver and ACL definitions. PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then forgetting to use the resulting value; it was using the unexpanded value. PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it hadn't been configured. The fix is from Juergen Kreileder, who understands it better than I do: "Here's what I see happening with three configured cyrus_sasl authenticators configured (plain, login, cram-md5): On startup auth_cyrus_sasl_init() gets called for each of these. This means three calls to sasl_listmech() without a specified mech_list. => SASL tests which mechs of all available mechs actually work => three warnings about OTP not working => the returned list contains: plain, login, cram-md5, digest-md5, ... With the patch, sasl_listmech() also gets called three times. But now SASL's mech_list option is set to the server_mech specified in the the authenticator. Or in other words, the answer from sasl_listmech() gets limited to just the mech you're testing for (which is different for each call.) => the return list contains just 'plain' or 'login', 'cram-md5' or nothing depending on the value of ob->server_mech. I've just tested the patch: Authentication still works fine, unavailable mechs specified in the exim configuration are still caught, and the auth.log warnings about OTP are gone." PH/25 When debugging is enabled, the contents of the command line are added to the debugging output, even when log_selector=+arguments is not specified. PH/26 Change scripts/os-type so that when "uname -s" returns just "GNU", the answer is "GNU", and only if the return is "GNU/something" is the answer "Linux". PH/27 $acl_verify_message is now set immediately after the failure of a verification in an ACL, and so is available in subsequent modifiers. In particular, the message can be preserved by coding like this: warn !verify = sender set acl_m0 = $acl_verify_message Previously, $acl_verify_message was set only while expanding "message" and "log_message" when a very denied access. PH/28 Modified OS/os.c-Linux with -#ifndef OS_LOAD_AVERAGE +#if !defined(OS_LOAD_AVERAGE) && defined(__linux__) to make Exim compile on kfreebsd-gnu. (I'm totally confused about the nomenclature these days.) PH/29 Installed patch from the Sieve maintainer that adds the options sieve_useraddress and sieve_subaddress to the redirect router. PH/30 In these circumstances: . Two addresses routed to the same list of hosts; . First host does not offer TLS; . First host accepts first address; . First host gives temporary error to second address; . Second host offers TLS and a TLS session is established; . Second host accepts second address. Exim incorrectly logged both deliveries with the TLS parameters (cipher and peerdn, if requested) that were in fact used only for the second address. PH/31 When doing a callout as part of verifying an address, Exim was not paying attention to any local part prefix or suffix that was matched by the router that accepted the address. It now behaves in the same way as it does for delivery: the affixes are removed from the local part unless rcpt_include_affixes is set on the transport. PH/32 Add the sender address, as F=<...>, to the log line when logging a timeout during the DATA phase of an incoming message. PH/33 Sieve envelope tests were broken for match types other than :is. I have applied a patch sanctioned by the Sieve maintainer. PH/34 Change 4.50/80 broke Exim in that it could no longer handle cases where the uid or gid is negative. A case of a negative gid caused this to be noticed. The fix allows for either to be negative. PH/35 ACL_WHERE_MIME is now declared unconditionally, to avoid too much code clutter, but the tables that are indexed by ACL_WHERE_xxx values had been overlooked. PH/36 The change PH/12 above was broken. Fixed it. PH/37 Exim used to check for duplicate addresses in the middle of routing, on the grounds that routing the same address twice would always produce the same answer. This might have been true once, but it is certainly no longer true now. Routing a child address may depend on the previous routing that produced that child. Some complicated redirection strategies went wrong when messages had multiple recipients, and made Exim's behaviour dependent on the order in which the addresses were given. I have moved the duplicate checking until after the routing is complete. Exim scans the addresses that are assigned to local and remote transports, and removes any duplicates. This means that more work will be done, as duplicates will always all be routed, but duplicates are presumably rare, so I don't expect this is of any significance. For deliveries to pipes, files, and autoreplies, the duplicate checking still happens during the routing process, since they are not going to be routed further. PH/38 Installed a patch from Ian Freislich, with the agreement of Tom Kistner. It corrects a timeout issue with spamd. This is Ian's comment: "The background is that sometimes spamd either never reads data from a connection it has accepted, or it never writes response data. The exiscan spam.[ch] uses a 3600 second timeout on spamd socket reads, further, it blindly assumes that writes won't block so it may never time out." PH/39 Allow G after quota size as well as K and M. PH/40 The value set for $authenticated_id in an authenticator may not contain binary zeroes or newlines because the value is written to log lines and to spool files. There was no check on this. Now the value is run through the string_printing() function so that such characters are converted to printable escape sequences. PH/41 $message_linecount is a new variable that contains the total number of lines in the message. Compare $body_linecount, which is the count for the body only. PH/42 Exim no longer gives details of delivery errors for specific addresses in bounce and delay warning messages, except in certain special cases, which are as follows: (a) An SMTP error message from a remote host; (b) A message specified in a :fail: redirection; (c) A message specified in a "fail" command in a system filter; (d) A message specified in a FAIL return from the queryprogram router; (e) A message specified by the cannot_route_message router option. In these cases only, Exim does include the error details in bounce and warning messages. There are also a few cases where bland messages such as "unrouteable address" or "local delivery error" are given. PH/43 $value is now also set for the "else" part of a ${run expansion. PH/44 Applied patch from the Sieve maintainer: "The vacation draft is still being worked on, but at least Exim now implements the latest version to play with." PH/45 In a pipe transport, although a timeout while waiting for the pipe process to complete was treated as a delivery failure, a timeout while writing the message to the pipe was logged, but erroneously treated as a successful delivery. Such timeouts include transport filter timeouts. For consistency with the overall process timeout, these timeouts are now treated as errors, giving rise to delivery failures by default. However, there is now a new Boolean option for the pipe transport called timeout_defer, which, if set TRUE, converts the failures into defers for both kinds of timeout. A transport filter timeout is now identified in the log output. PH/46 The "scripts/Configure-config.h" script calls "make" at one point. On systems where "make" and "gmake" are different, calling "gmake" at top level broke things. I've arranged for the value of $(MAKE) to be passed from the Makefile to this script so that it can call the same version of "make". A note about Exim versions 4.44 and 4.50 ---------------------------------------- Exim 4.50 was meant to be the next release after 4.43. It contains a lot of changes of various kinds. As a consequence, a big documentation update was needed. This delayed the release for rather longer than seemed good, especially in the light of a couple of (minor) security issues. Therefore, the changes that fixed bugs were backported into 4.43, to create a 4.44 maintenance release. So 4.44 and 4.50 are in effect two different branches that both start from 4.43. I have left the 4.50 change log unchanged; it contains all the changes since 4.43. The change log for 4.44 is below; many of its items are identical to those for 4.50. This seems to be the most sensible way to preserve the historical information. Exim version 4.50 ----------------- 1. Minor wording change to the doc/README.SIEVE file. 2. Change 4.43/35 introduced a bug: if quota_filecount was set, the computation of the current number of files was incorrect. 3. Closing a stable door: arrange to panic-die if setitimer() ever fails. The bug fixed in 4.43/37 would have been diagnosed quickly if this had been in place. 4. Give more explanation in the error message when the command for a transport filter fails to execute. 5. There are several places where Exim runs a non-Exim command in a subprocess. The SIGUSR1 signal should be disabled for these processes. This was being done only for the command run by the queryprogram router. It is now done for all such subprocesses. The other cases are: ${run, transport filters, and the commands run by the lmtp and pipe transports. 6. Added CONFIGURE_GROUP build-time option. 7. Some older OS have a limit of 256 on the maximum number of file descriptors. Exim was using setrlimit() to set 1000 as a large value unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these systems. I've change it so that if it can't get 1000, it tries for 256. 8. "control=submission" was allowed, but had no effect, in a DATA ACL. This was an oversight, and furthermore, ever since the addition of extra controls (e.g. 4.43/32), the checks on when to allow different forms of "control" were broken. There should now be diagnostics for all cases when a control that does not make sense is encountered. 9. Added the /retain_sender option to "control=submission". 10. $recipients is now available in the predata ACL (oversight). 11. Tidy the search cache before the fork to do a delivery from a message received from the command line. Otherwise the child will trigger a lookup failure and thereby defer the delivery if it tries to use (for example) a cached ldap connection that the parent has called unbind on. 12. If verify=recipient was followed by verify=sender in a RCPT ACL, the value of $address_data from the recipient verification was clobbered by the sender verification. 13. The value of address_data from a sender verification is now available in $sender_address_data in subsequent conditions in the ACL statement. 14. Added forbid_sieve_filter and forbid_exim_filter to the redirect router. 15. Added a new option "connect=