+ 2. New verify option header_names_ascii, which will check to make sure
+ there are no non-ASCII characters in header names. Exim itself handles
+ those non-ASCII characters, but downstream apps may not, so Exim can
+ detect and reject if those characters are present.
+
+ 3. New expansion operator ${utf8clean:string} to replace malformed UTF8
+ codepoints with valid ones.
+
+ 4. New malware type "sock". Talks over a Unix or TCP socket, sending one
+ command line and matching a regex against the return data for trigger
+ and a second regex to extract malware_name. The mail spoofile name can
+ be included in the command line.
+
+ 5. The smtp transport now supports options "tls_verify_hosts" and
+ "tls_try_verify_hosts". If either is set the certificate verification
+ is split from the encryption operation. The default remains that a failed
+ verification cancels the encryption.
+
+ 6. New SERVERS override of default ldap server list. In the ACLs, an ldap
+ lookup can now set a list of servers to use that is different from the
+ default list.
+
+ 7. New command-line option -C for exiqgrep to specify alternate exim.conf
+ file when searching the queue.
+
+ 8. OCSP now supports GnuTLS also, if you have version 3.1.3 or later of that.
+
+ 9. Support for DNSSEC on outbound connections.
+
+10. New variables "tls_(in,out)_(our,peer)cert" and expansion item
+ "certextract" to extract fields from them. Hash operators md5 and sha1
+ work over them for generating fingerprints, and a new sha256 operator
+ for them added.
+
+11. PRDR is now supported dy default.
+
+12. OCSP stapling is now supported by default.
+
+13. If built with the EXPERIMENTAL_DSN feature enabled, Exim will output
+ Delivery Status Notification messages in MIME format, and negociate
+ DSN features per RFC 3461.
+