+ For the first blacklist item, this starts by doing a lookup in
+ sbl-xbl.spamhaus.org and testing for a 127.0.0.2 return. If there is a
+ match, it then looks in sbl.spamhaus.org, without checking the return
+ value, and as long as something is found, it looks for the corresponding
+ TXT record. If there is no match in sbl-xbl.spamhaus.org, nothing more is
+ done. The second blacklist item is processed similarly.
+
+ If you are interested in more than one merged list, the same list must be
+ given several times, but because the results of the DNS lookups are cached,
+ the DNS calls themselves are not repeated. For example:
+
+ reject dnslists = http.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.2 : \
+ socks.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.3 : \
+ misc.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.4 : \
+ dul.dnsbl.sorbs.net,dnsbl.sorbs.net=127.0.0.10
+
+ In this case there is a lookup in dnsbl.sorbs.net, and if none of the IP
+ values matches (or if no record is found), this is the only lookup that is
+ done. Only if there is a match is one of the more specific lists consulted.
+
+ 6. All authenticators now have a server_condition option. Previously, only
+ plaintext had this, and this has not changed: it must be set to the
+ authenticator as a server. For the others, if server_condition is set, it
+ is expanded if authentication is successful, and treated exactly as it is
+ in plaintext. This can serve as a means of adding authorization to an
+ authenticator.
+
+ 7. There is a new command-line option called -Mset. It is useful only in
+ conjunction with -be (that is, when testing string expansions). It must be
+ followed by a message id; Exim loads the given message from its spool
+ before doing the expansions, thus setting message-specific variables such
+ as $message_size and the header variables. The $recipients variable is
+ available. This feature is provided to make it easier to test expansions
+ that make use of these variables. However, Exim must be called by an admin
+ user when -Mset is used.
+
+ 8. Another similar new command-line option is called -bem. It operates like
+ -be except that it must be followed by the name of a file. For example:
+
+ exim -bem /tmp/testmessage
+
+ The file is read as a message (as if receiving a locally-submitted non-SMTP
+ message) before any of the test expansions are done. Thus, message-specific
+ variables such as $message_size and $h_from: are available. However, no
+ Received: header is added to the message. If the -t option is set,
+ recipients are read from the headers in the normal way, and are shown in
+ the $recipients variable. Note that recipients cannot be given on the
+ command line, because further arguments are taken as strings to expand
+ (just like -be).
+
+ 9. When an address is delayed because of a 4xx response to a RCPT command, it
+ is now the combination of sender and recipient that is delayed in
+ subsequent queue runs until its retry time is reached. You can revert to
+ the previous behavious, that is, delay the recipient independent of the
+ sender, by setting address_retry_include_sender=false in the smtp
+ transport. However, this can lead to problems with servers that regularly
+ issue 4xx responses to RCPT commands.
+
+10. Unary negation and the bitwise logical operators and, or, xor, not, and
+ shift, have been added to the eval: and eval10: expansion items. These
+ items may now contain arithmetic operators (plus, minus, times, divide,
+ remainder, negate), bitwise operators (and, or, xor, not, shift), and
+ parentheses. All operations are carried out using signed integer
+ arithmetic. Operator priorities are as in C, namely:
+
+ (highest) not, negate
+ times, divide, remainder
+ plus, minus
+ shift-left, shift-right
+ and
+ xor
+ (lowest) or
+
+ Binary operators with the same priority are evaluated from left to right.
+ For example:
+
+ ${eval:1+1} yields 2
+ ${eval:1+2*3} yields 7
+ ${eval:(1+2)*3} yields 9
+ ${eval:2+42%5} yields 4
+ ${eval:0xc&5} yields 4
+ ${eval:0xc|5} yields 13
+ ${eval:0xc^5} yields 9
+ ${eval:0xc>>1} yields 6
+ ${eval:0xc<<1} yields 24
+ ${eval:~255&0x1234} yields 4608
+ ${eval:-(~255&0x1234)} yields -4608
+
+11. The variables $interface_address and $interface_port have been renamed
+ as $received_ip_address and $received_port, to make it clear that they
+ relate to message reception rather than delivery. (The old names remain
+ available for compatibility.)
+
+12. The "message" modifier can now be used on acl verbs to vary the message
+ that is sent when an SMTP command. For example, in a RCPT ACL you could
+ have:
+
+ accept <some conditions>
+ message = OK, I'll allow you through today
+
+ Previously, this message modifier would have had no effect whatsoever.
+
+ IMPORTANT: The new behaviour applies to "accept" (and "discard") only if
+ there is no occurrence of "endpass" in the statement. If "endpass" is
+ present, the behaviour reverts to the old case, where "message" applies to
+ rejection. This is for backwards compatibility.
+
+ It is always possible to rewrite ACL statements so that "endpass" is not
+ needed (and indeed it is no longer used in the default configuration, and
+ is somewhat not recommended nowadays because it causes confusion.)
+
+ It is now generally true that the "message" modifier sets up a text string
+ that is expanded and used as a response message if the current statement
+ terminates the ACL. The expansion happens at the time Exim decides that the
+ ACL is to end, not at the time it processes "message". If the expansion
+ fails, or generates an empty string, the modifier is ignored.
+
+ For ACLs that are triggered by SMTP commands, the message is returned as
+ part of the SMTP response. In this situation, the message may begin with an
+ overriding SMTP response code, optionally followed by an "extended response
+ code". However, the first digit of the supplied response code must be the
+ same as would be sent by default. A panic occurs if it is not. For the
+ predata ACL, note that the default success code is 354, not 2xx.
+
+ However, notwithstanding the previous paragraph, for the QUIT ACL, unlike
+ the others, the message modifier cannot override the 221 response code.
+
+ In the case of the "connect" ACL, accepting with a message modifier
+ overrides the value of smtp_banner.
+
+ The ACL test specified by acl_smtp_helo happens when the client issues the
+ HELO or EHLO commands, after the tests specified by helo_accept_junk_hosts,
+ helo_allow_chars and helo(_try)_verify_hosts. An acceptance message
+ modifier for EHLO/HELO may not contain more than one line (it will be
+ truncated at the first newline and a panic logged), and it cannot affect
+ the EHLO options.
+