+ 2. The "control=submission" facility has a new option /sender_retain. This
+ has the effect of setting local_sender_retain true and local_from_check
+ false for the incoming message in which it is encountered.
+
+ 3. $recipients is now available in the predata ACL (oversight).
+
+ 4. The value of address_data from a sender verification is now available in
+ $sender_address_data in subsequent conditions in the ACL statement. Note:
+ this is just like $address_data. The value does not persist after the end
+ of the current ACL statement. If you want to preserve it, you can use one
+ of the ACL variables.
+
+ 5. The redirect router has two new options: forbid_sieve_filter and
+ forbid_exim_filter. When filtering is enabled by allow_filter, these
+ options control which type(s) of filtering are permitted. By default, both
+ Exim and Sieve filters are allowed.
+
+ 6. A new option for callouts makes it possible to set a different (usually
+ smaller) timeout for making the SMTP connection. The keyword is "connect".
+ For example:
+
+ verify = sender/callout=5s,connect=1s
+
+ If not specified, it defaults to the general timeout value.
+
+ 7. The new variables $sender_verify_failure and $recipient_verify_failure
+ contain information about exactly what failed. In an ACL, after one of
+ these failures, the relevant variable contains one of the following words:
+
+ qualify the address was unqualified (no domain), and the message
+ was neither local nor came from an exempted host;
+
+ route routing failed;
+
+ mail routing succeeded, and a callout was attempted; rejection
+ occurred at or before the MAIL command (that is, on initial
+ connection, HELO, or MAIL);
+
+ recipient the RCPT command in a callout was rejected;
+
+ postmaster the postmaster check in a callout was rejected.
+
+ The main use of these variables is expected to be to distinguish between
+ rejections of MAIL and rejections of RCPT.
+
+ 8. The command line option -dd behaves exactly like -d except when used on a
+ command that starts a daemon process. In that case, debugging is turned off
+ for the subprocesses that the daemon creates. Thus, it is useful for
+ monitoring the behaviour of the daemon without creating as much output as
+ full debugging.
+
+ 9. $host_address is now set to the target address during the checking of
+ ignore_target_hosts.
+
+10. There are four new variables called $spool_space, $log_space,
+ $spool_inodes, and $log_inodes. The first two contain the amount of free
+ space in the disk partitions where Exim has its spool directory and log
+ directory, respectively. (When these are in the same partition, the values
+ will, of course, be the same.) The second two variables contain the numbers
+ of free inodes in the respective partitions.
+
+ NOTE: Because disks can nowadays be very large, the values in the space
+ variables are in kilobytes rather than in bytes. Thus, for example, to
+ check in an ACL that there is at least 50M free on the spool, you would
+ write:
+
+ condition = ${if > {$spool_space}{50000}{yes}{no}}
+
+ The values are recalculated whenever any of these variables is referenced.
+ If the relevant file system does not have the concept of inodes, the value
+ of those variables is -1. If the operating system does not have the ability
+ to find the amount of free space (only true for experimental systems), the
+ space value is -1.
+
+11. It is now permitted to omit both strings after an "if" condition; if the
+ condition is true, the result is the string "true". As before, when the
+ second string is omitted, a false condition yields an empty string. This
+ makes it less cumbersome to write custom ACL and router conditions. For
+ example, instead of
+
+ condition = ${if eq {$acl_m4}{1}{yes}{no}}
+
+ or the shorter form
+
+ condition = ${if eq {$acl_m4}{1}{yes}}
+
+ (because the second string has always defaulted to ""), you can now write
+
+ condition = ${if eq {$acl_m4}{1}}
+
+ Previously this was a syntax error.
+
+12. There is a new "record type" that can be specified in dnsdb lookups. It
+ is "zns" (for "zone NS"). It performs a lookup for NS records on the given
+ domain, but if none are found, it removes the first component of the domain
+ name, and tries again. This process continues until NS records are found
+ or there are no more components left (or there's a DNS error). In other
+ words, it may return the name servers for a top-level domain, but it never
+ returns the root name servers. If there are no NS records for the top-level
+ domain, the lookup fails.
+
+ For example, ${lookup dnsdb{zns=xxx.quercite.com}} returns the name
+ servers for quercite.com, whereas ${lookup dnsdb{zns=xxx.edu}} returns
+ the name servers for edu, assuming in each case that there are no NS
+ records for the full domain name.
+
+ You should be careful about how you use this lookup because, unless the
+ top-level domain does not exist, the lookup will always return some host
+ names. The sort of use to which this might be put is for seeing if the name
+ servers for a given domain are on a blacklist. You can probably assume that
+ the name servers for the high-level domains such as .com or .co.uk are not
+ going to be on such a list.
+
+13. Another new "record type" is "mxh"; this looks up MX records just as "mx"
+ does, but it returns only the names of the hosts, omitting the priority
+ values.
+
+14. It is now possible to specify a list of domains or IP addresses to be
+ looked up in a dnsdb lookup. The list is specified in the normal Exim way,
+ with colon as the default separator, but with the ability to change this.
+ For example:
+
+ ${lookup dnsdb{one.domain.com:two.domain.com}}
+ ${lookup dnsdb{a=one.host.com:two.host.com}}
+ ${lookup dnsdb{ptr = <; 1.2.3.4 ; 4.5.6.8}}
+
+ In order to retain backwards compatibility, there is one special case: if
+ the lookup type is PTR and no change of separator is specified, Exim looks
+ to see if the rest of the string is precisely one IPv6 address. In this
+ case, it does not treat it as a list.
+
+ The data from each lookup is concatenated, with newline separators (by
+ default - see 14 below), in the same way that multiple DNS records for a
+ single item are handled.
+
+ The dnsdb lookup fails only if all the DNS lookups fail. If there is a
+ temporary DNS error for any of them, the behaviour is controlled by
+ an optional keyword followed by a comma that may appear before the record
+ type. The possible keywords are "defer_strict", "defer_never", and
+ "defer_lax". With "strict" behaviour, any temporary DNS error causes the
+ whole lookup to defer. With "never" behaviour, a temporary DNS error is
+ ignored, and the behaviour is as if the DNS lookup failed to find anything.
+ With "lax" behaviour, all the queries are attempted, but a temporary DNS
+ error causes the whole lookup to defer only if none of the other lookups
+ succeed. The default is "lax", so the following lookups are equivalent:
+
+ ${lookup dnsdb{defer_lax,a=one.host.com:two.host.com}}
+ ${lookup dnsdb{a=one.host.com:two.host.com}}
+
+ Thus, in the default case, as long as at least one of the DNS lookups
+ yields some data, the dnsdb lookup succeeds.
+
+15. It is now possible to specify the character to be used as a separator when
+ a dnsdb lookup returns data from more than one DNS record. The default is a
+ newline. To specify a different character, put '>' followed by the new
+ character at the start of the query. For example:
+
+ ${lookup dnsdb{>: a=h1.test.ex:h2.test.ex}}
+ ${lookup dnsdb{>| mxh=<;m1.test.ex;m2.test.ex}}
+
+ It is permitted to specify a space as the separator character. Note that
+ more than one DNS record can be found for a single lookup item; this
+ feature is relevant even when you do not specify a list.
+
+ The same effect could be achieved by wrapping the lookup in ${tr...}; this
+ feature is just a syntactic simplification.
+
+16. It is now possible to supply a list of domains and/or IP addresses to be
+ lookup up in a DNS blacklist. Previously, only a single domain name could
+ be given, for example:
+
+ dnslists = black.list.tld/$sender_host_name
+
+ What follows the slash can now be a list. As with all lists, the default
+ separator is a colon. However, because this is a sublist within the list of
+ DNS blacklist domains, it is necessary either to double the separators like
+ this:
+
+ dnslists = black.list.tld/name.1::name.2
+
+ or to change the separator character, like this:
+
+ dnslists = black.list.tld/<;name.1;name.2
+
+ If an item in the list is an IP address, it is inverted before the DNS
+ blacklist domain is appended. If it is not an IP address, no inversion
+ occurs. Consider this condition:
+
+ dnslists = black.list.tls/<;192.168.1.2;a.domain
+
+ The DNS lookups that occur are for
+
+ 2.1.168.192.black.list.tld and a.domain.black.list.tld
+
+ Once a DNS record has been found (that matches a specific IP return
+ address, if specified), no further lookups are done. If there is a
+ temporary DNS error, the rest of the sublist of domains or IP addresses is
+ tried. The dnslists item itself defers only if none of the other DNS
+ lookups in this sublist succeeds. In other words, a successful lookup for
+ any of the items in the sublist overrides a defer for a previous item.
+
+17. The log selector queue_time_overall causes Exim to output the time spent on
+ the queue as an addition to the "Completed" message. Like queue_time (which
+ puts the queue time on individual delivery lines), the time is tagged with
+ "QT=", and it is measured from the time that the message starts to be
+ received, so it includes the reception time.
+
+18. It is now possible to use both -bF and -bf on the same command, in order to
+ test a system filter and a user filter in the same run. For example:
+
+ exim -bF /system/filter -bf /user/filter </test/message
+
+ This is helpful when the system filter adds header lines or sets filter
+ variables that are used by the user filter.
+
+19. The Exiscan patch is now merged into the main source. See src/EDITME for
+ parameters for the build.
+
+20. If the key for a dnsdb lookup is not an IP address, it is used verbatim,
+ without component reversal and without the addition of in-addr.arpa or
+ ip6.arpa.
+