-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.212 2005/08/30 09:19:33 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.319 2006/03/01 11:40:51 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
+Exim version 4.61
+-----------------
+
+PH/01 The code for finding all the local interface addresses on a FreeBSD
+ system running IPv6 was broken. This may well have applied to all BSD
+ systems, as well as to others that have similar system calls. The broken
+ code found IPv4 interfaces correctly, but gave incorrect values for the
+ IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was
+ that it would not match correctly against @[] and not recognize the IPv6
+ addresses as local.
+
+PH/02 The ipliteral router was not recognizing addresses of the form user@
+ [ipv6:....] because it didn't know about the "ipv6:" prefix.
+
+PH/03 Added disable_ipv6.
+
+PH/04 Changed $reply_address to use the raw form of the headers instead of the
+ decoded form, because it is most often used to construct To: headers
+ lines in autoreplies, and the decoded form may well be syntactically
+ invalid. However, $reply_address has leading white space removed, and all
+ newlines turned into spaces so that the autoreply transport does not
+ grumble.
+
+PH/05 If group was specified without a user on a router, and no group or user
+ was specified on a transport, the group from the router was ignored.
+
+PH/06 Increased the number of ACL variables to 20 of each type, and arranged
+ for visible compile-time settings that can be used to change these
+ numbers, for those that want even more. Backwards compatibility with old
+ spool files has been maintained. However, going back to a previous Exim
+ release will lost any variables that are in spool files.
+
+PH/07 Two small changes when running in the test harness: increase delay when
+ passing a TCP/IP connection to a new process, in case the original
+ process has to generate a bounce, and remove special handling of
+ 127.0.0.2 (sic), which is no longer necessary.
+
+PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to
+ be the same on different OS.
+
+PH/09 Moved a debug statement in filter processing to avoid a race problem when
+ testing.
+
+JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:"
+ whether --show-vars was specified or not
+
+JJ/02 exipick: Added support for new ACL variable spool format introduced
+ in 4.61-PH/06
+
+PH/10 Fixed another bug related to PH/04 above: if an incoming message had a
+ syntactically invalid From: or Reply-to: line, and a filter used this to
+ generate an autoreply, and therefore failed to obtain an address for the
+ autoreply, Exim could try to deliver to a non-existent relative file
+ name, causing unrelated and misleading errors. What now happens is that
+ it logs this as a hard delivery error, but does not attempt to create a
+ bounce message.
+
+PH/11 The exinext utility has a -C option for testing purposes, but although
+ the given file was scanned by exinext itself; it wasn't being passed on
+ when Exim was called.
+
+PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as
+ an end-of-file indication when reading a command response.
+
+PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was
+ compiled. In many other places in Exim, IPv6 addresses are always
+ recognized, so I have changed this. It also means that IPv4 domain
+ literals of the form [IPV4:n.n.n.n] are now always recognized.
+
+PH/14 When a uid/gid is specified for the queryprogram router, it cannot be
+ used if the router is not running as root, for example, when verifying at
+ ACL time, or when using -bh. The debugging output from this situation was
+ non-existent - all you got was a failure to exec. I have made two
+ changes:
+
+ (a) Failures to set uid/gid, the current directory, or a process leader
+ in a subprocess such as that created by queryprogram now generate
+ suitable debugging ouput when -d is set.
+
+ (b) The queryprogram router detects when it is not running as root,
+ outputs suitable debugging information if -d is set, and then runs
+ the subprocess without attempting to change uid/gid.
+
+PH/15 Minor change to Makefile for building test_host (undocumented testing
+ feature).
+
+PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the
+ additional section of a DNS packet that returns MX or SRV records.
+ Instead, it always explicitly searches for A/AAAA records. This avoids
+ major problems that occur when a DNS server includes only records of one
+ type (A or AAAA) in an MX/SRV packet. A byproduct of this change has
+ fixed another bug: if SRV records were looked up and the corresponding
+ address records were *not* found in the additional section, the port
+ values from the SRV records were lost.
+
+PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not
+ using the correct key (the original address) when searching the retry
+ rules in order to find which one to use for generating the retry hint.
+
+PH/18 If quota_warn_message contains a From: header, Exim now refrains from
+ adding the default one. Similarly, if it contains a Reply-To: header, the
+ errors_reply_to option, if set, is not used.
+
+PH/19 When calculating a retry time, Exim used to measure the "time since
+ failure" by looking at the "first failed" field in the retry record. Now
+ it does not use this if it is later than than the arrival time of the
+ message. Instead it uses the arrival time. This makes for better
+ behaviour in cases where some deliveries succeed, thus re-setting the
+ "first failed" field. An example is a quota failure for a huge message
+ when small messages continue to be delivered. Without this change, the
+ "time since failure" will always be short, possible causing more frequent
+ delivery attempts for the huge message than are intended.
+
+PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
+ $1, $2, $3) because the numerical variables can be reset during some
+ expansion items (e.g. "match"), thereby losing the authentication data.
+
+PH/21 Make -bV show the size of off_t variables so that the test suite can
+ decide whether to run tests for quotas > 2G.
+
+PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold,
+ mailbox_size, and mailbox_filecount in the appendfile transport. If a
+ filecount value is greater than 2G or if a quota value is greater than 2G
+ on a system where the size of off_t is not greater than 4, a panic error
+ is given.
+
+PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
+ never match. The debug and -bh output now contains an explicit error
+ message indicating a malformed IPv4 address or mask.
+
+PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
+ 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
+ PH/23 above applies.
+
+PH/25 Do not write to syslog when running in the test harness. The only
+ occasion when this arises is a failure to open the main or panic logs
+ (for which there is an explicit test).
+
+PH/26 Added the /no_tell option to "control=freeze".
+
+PH/27 If a host name lookup failed very early in a connection, for example, if
+ the IP address matched host_lookup and the reverse lookup yielded a name
+ that did not have a forward lookup, an error message of the form "no IP
+ address found for host xxx.xxx.xxx (during SMTP connection from NULL)"
+ could be logged. Now it outputs the IP address instead of "NULL".
+
+PH/28 An enabling patch from MH: add new function child_open_exim2() which
+ allows the sender and the authenticated sender to be set when
+ submitting a message from within Exim. Since child_open_exim() is
+ documented for local_scan(), the new function should be too.
+
+PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
+ ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
+ results in an empty string is now treated as unset.
+
+PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
+
+PH/31 Added sender_verify_fail logging option.
+
+PH/32 In November 2003, the code in Exim that added an empty Bcc: header when
+ needed by RFC 822 but not by RFC 2822 was commented out. I have now
+ tidied the source and removed it altogether.
+
+PH/33 When a queue run was abandoned because the load average was too high, a
+ log line was always written; now it is written only if the queue_run log
+ selector is set. In addition, the log line for abandonment now contains
+ information about the queue run such as the pid. This is always present
+ in "start" and "stop" lines but was omitted from the "abandon" line.
+
+PH/34 Omit spaces between a header name and the colon in the error message that
+ is given when verify = headers_syntax fails (if there are lots of them,
+ the message gets confusing).
+
+PH/35 Change the default for dns_check_names_pattern to allow slashes within
+ names, as there are now some PTR records that contain slashes. This check
+ is only to protect against broken name servers that fall over on strange
+ characters, so the fact that it applies to all lookups doesn't matter.
+
+PH/36 Now that the new test suite is complete, we can remove some of the
+ special code in Exim that was needed for the old test suite. For example,
+ sorting DNS records because real resolvers return them in an arbitrary
+ order. The new test suite's fake resolver always returns records in the
+ same order.
+
+PH/37 When running in the test harness, use -odi for submitted messages (e.g.
+ bounces) except when queue_only is set, to avoid logging races between
+ the different processes.
+
+PH/38 Panic-die if .include specifies a non-absolute path.
+
+PH/39 A tweak to the "H" retry rule from its user.
+
+JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified
+ a label. They prevented compilation on older perls.
+
+JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused
+ a warning to be raised on newish perls.
+
+JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages
+ on queue. Changes to match documented behaviour of showing count of
+ messages matching specified criteria.
+
+PH/40 Changed the default ident timeout from 30s to 5s.
+
+PH/41 Added support for the use of login_cap features, on those BSD systems
+ that have them, for controlling the resources used by pipe deliveries.
+
+PH/42 The content-scanning code uses fopen() to create files in which to put
+ message data. Previously it was not paying any attention to the mode of
+ the files. Exim runs with umask(0) because the rest of the code creates
+ files with open(), and sets the required mode explicitly. Thus, these
+ files were ending up world-writeable. This was not a big issue, because,
+ being within the spool directory, they were not world-accessible. I have
+ created a function called modefopen, which takes an additional mode
+ argument. It sets umask(777), creates the file, chmods it to the required
+ mode, then resets the umask. All the relevant calls to fopen() in the
+ content scanning code have been changed to use this function.
+
+PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset
+ to 24 hours. This avoids potential overflow problems when processing G
+ and H retry rules. I suspect nobody ever tinkers with this value.
+
+PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile.
+
+PH/45 When the plaintext authenticator is running as a client, the server's
+ challenges are checked to ensure they are valid base64 strings. By
+ default, the authentication attempt is cancelled if an invalid string is
+ received. Setting client_ignore_invalid_base64 true ignores these errors.
+ The decoded challenge strings are now placed in $auth1, $auth2, etc. as
+ they are received. Thus, the responses can be made to depend on the
+ challenges. If an invalid string is ignored, an empty string is placed in
+ the variable.
+
+PH/46 Messages that are created by the autoreply transport now contains a
+ References: header, in accordance with RFCs 2822 and 3834.
+
+PH/47 Added authenticated_sender_force to the smtp transport.
+
+PH/48 The ${prvs expansion was broken on systems where time_t was long long.
+
+PH/49 Installed latest patch from the Sieve maintainer.
+
+PH/50 When an Exim quota was set without a file count quota, and mailbox_size
+ was also set, the appendfile transport was unnecessarily scanning a
+ directory of message files (e.g. for maildir delivery) to find the count
+ of files (along with the size), even though it did not need this
+ information. It now does the scan only if it needs to find either the
+ size of the count of files.
+
+PH/51 Added ${time_eval: to convert Exim time strings into seconds.
+
+
+Exim version 4.60
+-----------------
+
+PH/01 Two changes to the default runtime configuration:
+
+ (1) Move the checks for relay_from_hosts and authenticated clients from
+ after to before the (commented out) DNS black list checks.
+
+ (2) Add control=submission to the relay_from_hosts and authenticated
+ clients checks, on the grounds that messages accepted by these
+ statements are most likely to be submissions.
+
+PH/02 Several tidies to the handling of ${prvs and ${prvscheck:
+
+ (1) Generate an error if the third argument for the ${prvs expansion is
+ not a single digit.
+
+ (2) Treat a missing third argument of ${prvscheck as if it were an empty
+ string.
+
+ (3) Reset the variables that are obtained from the first argument of
+ ${prvscheck and used in the second argument before leaving the code,
+ because their memory is reclaimed, so using them afterwards may do
+ silly things.
+
+ (4) Tidy up the code for expanding the arguments of ${prvscheck one by
+ one (it's much easier than Tom thought :-).
+
+ (5) Because of (4), we can now allow for the use of $prvscheck_result
+ inside the third argument.
+
+PH/03 For some reason, the default setting of PATH when running a command from
+ a pipe transport was just "/usr/bin". I have changed it to
+ "/bin:/usr/bin".
+
+PH/04 SUPPORT_TRANSLATE_IP_ADDRESS and MOVE_FROZEN_MESSAGES did not cause
+ anything to be listed in the output from -bV.
+
+PH/05 When a filter generated an autoreply, the entire To: header line was
+ quoted in the delivery log line, like this:
+
+ => >A.N.Other <ano@some.domain> <original@ddress> ...
+
+ This has been changed so that it extracts the operative address. There
+ may be more than one such address. If so, they are comma-separated, like
+ this:
+
+ => >ano@some.domain,ona@other.domain <original@ddress> ...
+
+PH/06 When a client host used a correct literal IP address in a HELO or EHLO
+ command, (for example, EHLO [1.2.3.4]) and the client's IP address was
+ not being looked up in the rDNS to get a host name, Exim was showing the
+ IP address twice in Received: lines, even though the IP addresses were
+ identical. For example:
+
+ Received: from [1.2.3.4] (helo=[1.2.3.4])
+
+ However, if the real host name was known, it was omitting the HELO data
+ if it matched the actual IP address. This has been tidied up so that it
+ doesn't show the same IP address twice.
+
+PH/07 When both +timestamp and +memory debugging was on, the value given by
+ $tod_xxx expansions could be wrong, because the tod_stamp() function was
+ called by the debug printing, thereby overwriting the timestamp buffer.
+ Debugging no longer uses the tod_stamp() function when +timestamp is set.
+
+PH/08 When the original message was included in an autoreply transport, it
+ always said "this is a copy of the message, including all the headers",
+ even if body_only or headers_only was set. It now gives an appropriate
+ message.
+
+PH/09 Applied a patch from the Sieve maintainer which:
+
+ o fixes some comments
+ o adds the (disabled) notify extension core
+ o adds some debug output for the result of if/elsif tests
+ o points to the current vacation draft in the documentation
+ and documents the missing references header update
+
+ and most important:
+
+ o fixes a bug in processing the envelope test (when testing
+ multiple envelope elements, the last element determinted the
+ result)
+
+PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to
+ Electronic Mail") by including:
+
+ Auto-submitted: auto-generated
+
+ in the messages that it generates (bounce messages and others, such as
+ warnings). In the case of bounce messages for non-SMTP mesages, there was
+ also a typo: it was using "Auto_submitted" (underscore instead of
+ hyphen). Since every message generated by Exim is necessarily in response
+ to another message, thes have all been changed to:
+
+ Auto-Submitted: auto-replied
+
+ in accordance with these statements in the RFC:
+
+ The auto-replied keyword:
+
+ - SHOULD be used on messages sent in direct response to another
+ message by an automatic process,
+
+ - MUST NOT be used on manually-generated messages,
+
+ - MAY be used on Delivery Status Notifications (DSNs) and Message
+ Disposition Notifications (MDNs),
+
+ - MUST NOT be used on messages generated by automatic or periodic
+ processes, except for messages which are automatic responses to
+ other messages.
+
+PH/11 Added "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
+ to the default Received: header definition.
+
+PH/12 Added log selector acl_warn_skipped (default on).
+
+PH/13 After a successful wildlsearch lookup, discard the values of numeric
+ variables because (a) they are in the wrong storage pool and (b) even if
+ they were copied, it wouldn't work properly because of the caching.
+
+PH/14 Add check_rfc2047_length to disable enforcement of RFC 2047 length
+ checking when decoding. Apparently there are clients that generate
+ overlong encoded strings. Why am I not surprised?
+
+PH/15 If the first argument of "${if match_address" was not empty, but did not
+ contain an "@" character, Exim crashed. Now it writes a panic log message
+ and treats the condition as false.
+
+PH/16 In autoreply, treat an empty string for "once" the same as unset.
+
+PH/17 A further patch from the Sieve maintainer: "Introduce the new Sieve
+ extension "envelope-auth". The code is finished and in agreement with
+ other implementations, but there is no documentation so far and in fact,
+ nobody wrote the draft yet. This extension is currently #undef'ed, thus
+ not changing the active code.
+
+ Print executed "if" and "elsif" statements when debugging is used. This
+ helps a great deal to understand what a filter does.
+
+ Document more things not specified clearly in RFC3028. I had all this
+ sorted out, when out of a sudden new issues came to my mind. Oops."
+
+PH/18 Exim was not recognizing the "net-" search type prefix in match_ip lists
+ (Bugzilla #53).
+
+PH/19 Exim expands the IPv6 address given to -bh to its full non-abbreviated
+ canonical form (as documented). However, after a host name lookup from
+ the IP address, check_host() was doing a simple string comparison with
+ addresses acquired from the DNS when checking that the found name did
+ have the original IP as one of its addresses. Since any found IPv6
+ addresses are likely to be in abbreviated form, the comparison could
+ fail. Luckily, there already exists a function for doing the comparison
+ by converting both addresses to binary, so now that is used instead of
+ the text comparison.
+
+PH/20 There was another similar case to PH/19, when a complete host name was
+ given in a host list; looking up its IP address could give an abbreviated
+ form, whereas the current host's name might or might not be abbreviated.
+ The same fix has been applied.
+
+
+Exim version 4.54
+-----------------
+
+PH/01 The ${base62: operator adjusted itself to base 36 when BASE_62 was
+ set to 36 (for Darwin and Cygwin), but the ${base62d: operator did not.
+ It now does.
+
+PH/02 Two minor problems detected in Cygwin: the os.{c,h} files had lost */ on
+ the CVS lines, and there was a missing #if HAVE_IPV6 in host.c.
+
+PH/03 Typo: missing ".o" in src/pcre/Makefile.
+
+PH/04 Tighten up "personal" tests: Instead of testing for any "List-"
+ header line, restrict the check to what is listed in RFCs 2369 and 2929.
+ Also, for "Auto-Submitted", treat anything other than "no" as
+ non-personal, in accordance with RFC 3834. (Previously it treated
+ anything starting "auto-" as non-personal.)
+
+TF/01 The control=submission/name=... option had a problem with syntax
+ errors if the name included a slash character. The /name= option
+ now slurps the rest of the string, so it can include any characters
+ but it must come last in the list of options (after /sender_retain
+ or /domain=).
+
+PH/05 Some modifications to the interface to the fake nameserver for the new
+ testing suite.
+
+
+
Exim version 4.53
-----------------
PH/30 Fixed (presumably very longstanding) bug in exim_dbmbuild: if it failed
because an input line was too long, either on its own, or by virtue of
- too many continuations, the temporary file was not being removed.
+ too many continuations, the temporary file was not being removed, and the
+ return code was incorrect.
+
+PH/31 Missing "BOOL" in function definition in filtertest.c.
+
+PH/32 Applied Sieve patches from the maintainer.
+
+TK/05 Domainkeys: Accomodate for a minor API change in libdomainkeys 0.67.
+
+PH/33 Added "verify = not_blind".
+
+PH/34 There are settings for CHOWN_COMMAND and MV_COMMAND that can be used in
+ Local/Makefile (with some defaults set). These are used in built scripts
+ such as exicyclog, but they have never been used in the exim_install
+ script (though there are many overriding facilities there). I have
+ arranged that the exim_install script now takes note of these two
+ settings.
+
+PH/35 Installed configuration files for Dragonfly.
+
+PH/36 When a locally submitted message by a trusted user did not contain a
+ From: header, and the sender address was obtained from -f or from an SMTP
+ MAIL command, and the trusted user did not use -F to supply a sender
+ name, $originator_name was incorrectly used when constructing a From:
+ header. Furthermore, $originator_name was used for submission mode
+ messages from external hosts without From: headers in a similar way,
+ which is clearly wrong.
+
+PH/37 Added control=suppress_local_fixups.
+
+PH/38 When log_selector = +received_sender was set, and the addition of the
+ sender made the log line's construction buffer exactly full, or one byte
+ less than full, an overflow happened when the terminating "\n" was
+ subsequently added.
+
+PH/39 Added a new log selector, "unknown_in_list", which provokes a log entry
+ when the result of a list match is failure because a DNS lookup failed.
+
+PH/40 RM_COMMAND is now used in the building process.
+
+PH/41 Added a "distclean" target to the top-level Makefile; it deletes all
+ the "build-* directories that it finds.
+
+PH/42 (But a TF fix): In a domain list, Exim incorrectly matched @[] if the IP
+ address in a domain literal was a prefix of an interface address.
+
+PH/43 (Again a TF fix): In the dnslookup router, do not apply widen_domains
+ when verifying a sender address, unless rewrite_headers is false.
+
+PH/44 Wrote a long comment about why errors_to addresses are verified as
+ recipients, not senders.
+
+TF/01 Add missing LIBS=-lm to OS/Makefile-OpenBSD which was overlooked when
+ the ratelimit ACL was added.
+
+PH/45 Added $smtp_command for the full command (cf $smtp_command_argument).
+
+PH/46 Added extra information about PostgreSQL errors to the error string.
+
+PH/47 Added an interface to a fake DNS resolver for use by the new test suite,
+ avoiding the need to install special zones in a real server. This is
+ backwards compatible; if it can't find the fake resolver, it drops back.
+ Thus, both old and new test suites can be run.
+
+TF/02 Added util/ratelimit.pl
+
+TF/03 Minor fix to the ratelimit code to improve its behaviour in case the
+ clock is set back in time.
+
+TF/04 Fix the ratelimit support in exim_fixdb. Patch provided by Brian
+ Candler <B.Candler@pobox.com>.
+
+TF/05 The fix for PH/43 was not completely correct; widen_domains is always
+ OK for addresses that are the result of redirections.
+
+PH/48 A number of further additions for the benefit of the new test suite,
+ including a fake gethostbyname() that interfaces to the fake DNS resolver
+ (see PH/47 above).
+
+TF/06 The fix for widen_domains has also been applied to qualify_single and
+ search_parents which are the other dnslookup options that can cause
+ header rewrites.
+
+PH/49 Michael Haardt's randomized retrying, but as a separate retry parameter
+ type ("H").
+
+PH/50 Make never_users, trusted_users, admin_groups, trusted_groups expandable.
+
+TF/07 Exim produced the error message "an SRV record indicated no SMTP
+ service" if it encountered an MX record with an empty target hostname.
+ The message is now "an MX or SRV record indicated no SMTP service".
+
+TF/08 Change PH/13 introduced the possibility that verify=helo may defer,
+ if the DNS of the sending site is misconfigured. This is quite a
+ common situation. This change restores the behaviour of treating a
+ helo verification defer as a failure.
+
+PH/51 If self=fail was set on a router, the bounce message did not include the
+ actual error message.
Exim version 4.52