-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.276 2005/12/15 11:18:21 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.365 2006/06/30 15:36:08 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
+Exim version 4.63
+-----------------
+
+SC/01 Use a glob alias rather than an array ref in eximstats generated
+ parser. This improves both readability and performance.
+
+SC/02 Collect SpamAssassin and rejection statistics in eximstats.
+ Don't display local sender or destination tables in eximstats unless
+ there is data to show.
+ Added average volumes into the eximstats top table text output.
+
+SC/03 Collect data on the number of addresses (recipients) as well
+ as the number of messages in eximstats.
+
+TF/01 Correct an error in the documentation for the redirect router. Exim
+ does (usually) call initgroups() when daemonizing.
+
+TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs
+ with consistent privilege compared to when running as a daemon.
+
+TF/03 Note in the spec that $authenticated_id is not set for local
+ submissions from trusted users.
+
+TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp.
+ Thanks to Dean Brooks <dean@iglou.com> for the patch.
+
+TF/05 Make it easier to get SMTP authentication and TLS/SSL support working
+ by adding some example configuration directives to the default
+ configuration file. A little bit of work is required to uncomment the
+ directives and define how usernames and passwords are checked, but
+ there is now a framework to start from.
+
+PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old"
+ functions that Exim currently uses aren't defined in ldap.h for OpenLDAP
+ without this. I don't know how relevant this is to other LDAP libraries.
+
+PH/02 Add the verb name to the "unknown ACL verb" error.
+
+PH/03 Magnus Holmgren's patch for filter_prepend_home.
+
+PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work.
+
+PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home
+ directory not expanded when it should be if an expanded home directory
+ was set for the address (which is overridden by the transport).
+
+PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with
+ libradius.
+
+PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the
+ bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL,
+ because it is too late at that time, and has no effect.
+
+PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a
+ security issue with \' (bugzilla #107). I could not use the
+ PQescapeStringConn() function, because it needs a PGconn value as one of
+ its arguments.
+
+PH/08 When testing addresses using -bt, indicate those final addresses that
+ are duplicates that would not cause an additional delivery. At least one
+ person was confused, thinking that -bt output corresponded to deliveries.
+ (Suppressing duplicates isn't a good idea as you lose the information
+ about possibly different redirections that led to the duplicates.)
+
+
+Exim version 4.62
+-----------------
+
+TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst
+ other effects) broke the use of negated acl sub-conditions.
+
+PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore
+ patch).
+
+PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow".
+ "Deny" causes Exim to reject the incoming connection with a 554 error.
+ Unfortunately, if there is a major crisis, such as a disk failure,
+ tcp-wrappers gives "deny", whereas what one would like would be some
+ kind of temporary error. A kludge has been added to help with this.
+ Before calling hosts_ctl(), errno is set zero. If the result is "deny", a
+ 554 error is used if errno is still zero or contains ENOENT (which occurs
+ if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a
+ 451 error is used.
+
+PH/03 Add -lutil to the default FreeBSD LIBS setting.
+
+PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host
+ errors. Otherwise a message that provokes a temporary error (when other
+ messages do not) can cause a whole host to time out.
+
+PH/05 Batch deliveries by appendfile and pipe transports did not work when the
+ addresses were routed directly to files or pipes from a redirect router.
+ File deliveries just didn't batch; pipe deliveries might have suffered
+ odd errors.
+
+PH/06 A failure to get a lock for a hints database would erroneously always say
+ "Failed to get write lock", even when it was really a read lock.
+
+PH/07 The appendfile transport was creating MBX lock files with a fixed mode
+ of 0600. This has been changed to use the value of the lockfile_mode
+ option (which defaults to 0600).
+
+PH/08 Applied small patch from the Sieve maintainer.
+
+PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash
+ folder from quota calculations, a direct delivery into this folder messed
+ up the contents of the maildirsize file. This was because the regex was
+ used only to exclude .Trash (or whatever) when the size of the mailbox
+ was calculated. There was no check that a delivery was happening into an
+ excluded directory. This bug has been fixed by ignoring all quota
+ processing for deliveries into excluded directories.
+
+PH/10 Added the maildirfolder_create_regex option to appendfile.
+
+
Exim version 4.61
-----------------
PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to
be the same on different OS.
+PH/09 Moved a debug statement in filter processing to avoid a race problem when
+ testing.
+
+JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:"
+ whether --show-vars was specified or not
+
+JJ/02 exipick: Added support for new ACL variable spool format introduced
+ in 4.61-PH/06
+
+PH/10 Fixed another bug related to PH/04 above: if an incoming message had a
+ syntactically invalid From: or Reply-to: line, and a filter used this to
+ generate an autoreply, and therefore failed to obtain an address for the
+ autoreply, Exim could try to deliver to a non-existent relative file
+ name, causing unrelated and misleading errors. What now happens is that
+ it logs this as a hard delivery error, but does not attempt to create a
+ bounce message.
+
+PH/11 The exinext utility has a -C option for testing purposes, but although
+ the given file was scanned by exinext itself; it wasn't being passed on
+ when Exim was called.
+
+PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as
+ an end-of-file indication when reading a command response.
+
+PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was
+ compiled. In many other places in Exim, IPv6 addresses are always
+ recognized, so I have changed this. It also means that IPv4 domain
+ literals of the form [IPV4:n.n.n.n] are now always recognized.
+
+PH/14 When a uid/gid is specified for the queryprogram router, it cannot be
+ used if the router is not running as root, for example, when verifying at
+ ACL time, or when using -bh. The debugging output from this situation was
+ non-existent - all you got was a failure to exec. I have made two
+ changes:
+
+ (a) Failures to set uid/gid, the current directory, or a process leader
+ in a subprocess such as that created by queryprogram now generate
+ suitable debugging ouput when -d is set.
+
+ (b) The queryprogram router detects when it is not running as root,
+ outputs suitable debugging information if -d is set, and then runs
+ the subprocess without attempting to change uid/gid.
+
+PH/15 Minor change to Makefile for building test_host (undocumented testing
+ feature).
+
+PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the
+ additional section of a DNS packet that returns MX or SRV records.
+ Instead, it always explicitly searches for A/AAAA records. This avoids
+ major problems that occur when a DNS server includes only records of one
+ type (A or AAAA) in an MX/SRV packet. A byproduct of this change has
+ fixed another bug: if SRV records were looked up and the corresponding
+ address records were *not* found in the additional section, the port
+ values from the SRV records were lost.
+
+PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not
+ using the correct key (the original address) when searching the retry
+ rules in order to find which one to use for generating the retry hint.
+
+PH/18 If quota_warn_message contains a From: header, Exim now refrains from
+ adding the default one. Similarly, if it contains a Reply-To: header, the
+ errors_reply_to option, if set, is not used.
+
+PH/19 When calculating a retry time, Exim used to measure the "time since
+ failure" by looking at the "first failed" field in the retry record. Now
+ it does not use this if it is later than than the arrival time of the
+ message. Instead it uses the arrival time. This makes for better
+ behaviour in cases where some deliveries succeed, thus re-setting the
+ "first failed" field. An example is a quota failure for a huge message
+ when small messages continue to be delivered. Without this change, the
+ "time since failure" will always be short, possible causing more frequent
+ delivery attempts for the huge message than are intended.
+ [Note: This change was subsequently modified - see PH/04 for 4.62.]
+
+PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
+ $1, $2, $3) because the numerical variables can be reset during some
+ expansion items (e.g. "match"), thereby losing the authentication data.
+
+PH/21 Make -bV show the size of off_t variables so that the test suite can
+ decide whether to run tests for quotas > 2G.
+
+PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold,
+ mailbox_size, and mailbox_filecount in the appendfile transport. If a
+ filecount value is greater than 2G or if a quota value is greater than 2G
+ on a system where the size of off_t is not greater than 4, a panic error
+ is given.
+
+PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
+ never match. The debug and -bh output now contains an explicit error
+ message indicating a malformed IPv4 address or mask.
+
+PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
+ 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
+ PH/23 above applies.
+
+PH/25 Do not write to syslog when running in the test harness. The only
+ occasion when this arises is a failure to open the main or panic logs
+ (for which there is an explicit test).
+
+PH/26 Added the /no_tell option to "control=freeze".
+
+PH/27 If a host name lookup failed very early in a connection, for example, if
+ the IP address matched host_lookup and the reverse lookup yielded a name
+ that did not have a forward lookup, an error message of the form "no IP
+ address found for host xxx.xxx.xxx (during SMTP connection from NULL)"
+ could be logged. Now it outputs the IP address instead of "NULL".
+
+PH/28 An enabling patch from MH: add new function child_open_exim2() which
+ allows the sender and the authenticated sender to be set when
+ submitting a message from within Exim. Since child_open_exim() is
+ documented for local_scan(), the new function should be too.
+
+PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
+ ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
+ results in an empty string is now treated as unset.
+
+PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
+
+PH/31 Added sender_verify_fail logging option.
+
+PH/32 In November 2003, the code in Exim that added an empty Bcc: header when
+ needed by RFC 822 but not by RFC 2822 was commented out. I have now
+ tidied the source and removed it altogether.
+
+PH/33 When a queue run was abandoned because the load average was too high, a
+ log line was always written; now it is written only if the queue_run log
+ selector is set. In addition, the log line for abandonment now contains
+ information about the queue run such as the pid. This is always present
+ in "start" and "stop" lines but was omitted from the "abandon" line.
+
+PH/34 Omit spaces between a header name and the colon in the error message that
+ is given when verify = headers_syntax fails (if there are lots of them,
+ the message gets confusing).
+
+PH/35 Change the default for dns_check_names_pattern to allow slashes within
+ names, as there are now some PTR records that contain slashes. This check
+ is only to protect against broken name servers that fall over on strange
+ characters, so the fact that it applies to all lookups doesn't matter.
+
+PH/36 Now that the new test suite is complete, we can remove some of the
+ special code in Exim that was needed for the old test suite. For example,
+ sorting DNS records because real resolvers return them in an arbitrary
+ order. The new test suite's fake resolver always returns records in the
+ same order.
+
+PH/37 When running in the test harness, use -odi for submitted messages (e.g.
+ bounces) except when queue_only is set, to avoid logging races between
+ the different processes.
+
+PH/38 Panic-die if .include specifies a non-absolute path.
+
+PH/39 A tweak to the "H" retry rule from its user.
+
+JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified
+ a label. They prevented compilation on older perls.
+
+JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused
+ a warning to be raised on newish perls.
+
+JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages
+ on queue. Changes to match documented behaviour of showing count of
+ messages matching specified criteria.
+
+PH/40 Changed the default ident timeout from 30s to 5s.
+
+PH/41 Added support for the use of login_cap features, on those BSD systems
+ that have them, for controlling the resources used by pipe deliveries.
+
+PH/42 The content-scanning code uses fopen() to create files in which to put
+ message data. Previously it was not paying any attention to the mode of
+ the files. Exim runs with umask(0) because the rest of the code creates
+ files with open(), and sets the required mode explicitly. Thus, these
+ files were ending up world-writeable. This was not a big issue, because,
+ being within the spool directory, they were not world-accessible. I have
+ created a function called modefopen, which takes an additional mode
+ argument. It sets umask(777), creates the file, chmods it to the required
+ mode, then resets the umask. All the relevant calls to fopen() in the
+ content scanning code have been changed to use this function.
+
+PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset
+ to 24 hours. This avoids potential overflow problems when processing G
+ and H retry rules. I suspect nobody ever tinkers with this value.
+
+PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile.
+
+PH/45 When the plaintext authenticator is running as a client, the server's
+ challenges are checked to ensure they are valid base64 strings. By
+ default, the authentication attempt is cancelled if an invalid string is
+ received. Setting client_ignore_invalid_base64 true ignores these errors.
+ The decoded challenge strings are now placed in $auth1, $auth2, etc. as
+ they are received. Thus, the responses can be made to depend on the
+ challenges. If an invalid string is ignored, an empty string is placed in
+ the variable.
+
+PH/46 Messages that are created by the autoreply transport now contains a
+ References: header, in accordance with RFCs 2822 and 3834.
+
+PH/47 Added authenticated_sender_force to the smtp transport.
+
+PH/48 The ${prvs expansion was broken on systems where time_t was long long.
+
+PH/49 Installed latest patch from the Sieve maintainer.
+
+PH/50 When an Exim quota was set without a file count quota, and mailbox_size
+ was also set, the appendfile transport was unnecessarily scanning a
+ directory of message files (e.g. for maildir delivery) to find the count
+ of files (along with the size), even though it did not need this
+ information. It now does the scan only if it needs to find either the
+ size of the count of files.
+
+PH/51 Added ${time_eval: to convert Exim time strings into seconds.
+
+PH/52 Two bugs concerned with error handling when the smtp transport is
+ used in LMTP mode:
+
+ (i) Exim was not creating retry information for temporary errors given
+ for individual recipients after the DATA command when the smtp transport
+ was used in LMTP mode. This meant that they could be retried too
+ frequently, and not timed out correctly.
+
+ (ii) Exim was setting the flag that allows error details to be returned
+ for LMTP errors on RCPT commands, but not for LMTP errors for individual
+ recipients that were returned after the DATA command.
+
+PH/53 This is related to PH/52, but is more general: for any failing address,
+ when detailed error information was permitted to be returned to the
+ sender, but the error was temporary, then after the final timeout, only
+ "retry timeout exceeded" was returned. Now it returns the full error as
+ well as "retry timeout exceeded".
+
+PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that
+ do this, and (what is worse) MTAs that accept it.
+
+PH/55 Added the add_header modified to ACLs. The use of "message" with "warn"
+ will now be deprecated.
+
+PH/56 New os.c-cygwin from the Cygwin maintainer.
+
+JJ/06 exipick: added --unsorted option to allow unsorted output in all output
+ formats (previously only available in exim formats via -bpr, -bpru,
+ and -bpra. Now also available in native and exiqgrep formats)
+
+JJ/07 exipick: added --freeze and --thaw options to allow faster interaction
+ with very large, slow to parse queues
+
+JJ/08 exipick: added ! as generic prefix to negate any criteria format
+
+JJ/09 exipick: miscellaneous performance enhancements (~24% improvements)
+
+PH/57 Tidies in SMTP dialogue display in debug output: (i) It was not showing
+ responses to authentication challenges, though it was showing the
+ challenges; (ii) I've removed the CR characters from the debug output for
+ SMTP output lines.
+
+PH/58 Allow for the insertion of a newline as well as a space when a string
+ is turned into more than one encoded-word during RFC 2047 encoding. The
+ Sieve code now uses this.
+
+PH/59 Added the following errors that can be detected in retry rules: mail_4xx,
+ data_4xx, lost_connection, tls_required.
+
+PH/60 When a VRFY deferred or FAILED, the log message rather than the user
+ message was being sent as an SMTP response.
+
+PH/61 Add -l and -k options to exicyclog.
+
+PH/62 When verifying, if an address was redirected to one new address, so that
+ verification continued, and the new address failed or deferred after
+ having set something in $address_data, the value of $address_data was not
+ passed back to the ACL. This was different to the case when no
+ redirection occurred. The value is now passed back in both cases.
+
+PH/63 Changed the macro HAVE_LOGIN_CAP (see PH/41 for this release above) to
+ HAVE_SETCLASSRESOURCES because there are different APIs in use that all
+ use login_cap.h, so on its own it isn't the distinguishing feature. The
+ new name refers directly to the setclassresources() function.
+
+PH/65 Added configuration files for NetBSD3.
+
+PH/66 Updated OS/Makefile-HP-UX for gcc 4.1.0 with HP-UX 11.
+
+PH/67 Fixed minor infelicity in the sorting of addresses to ensure that IPv6
+ is preferred over IPv4.
+
+PH/68 The bounce_return_message and bounce_return_body options were not being
+ honoured for bounces generated during the reception of non-SMTP messages.
+ In particular, this applied to messages rejected by the ACL. This bug has
+ been fixed. However, if bounce_return_message is true and bounce_return_
+ body is false, the headers that are returned for a non-SMTP message
+ include only those that have been read before the error was detected.
+ (In the case of an ACL rejection, they have all been read.)
+
+PH/69 The HTML version of the specification is now built in a directory called
+ spec_html instead of spec.html, because the latter looks like a path with
+ a MIME-type, and this confuses some software.
+
+PH/70 Catch two compiler warnings in sieve.c.
+
+PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The
+ function verify_get_ident() calls ip_connect() to connect a socket, but
+ if the "connect()" function timed out, ip_connect() used to close the
+ socket. However, verify_get_ident() also closes the socket later, and in
+ between Exim writes to the log, which may get opened at this point. When
+ the socket was closed in ip_connect(), the log could get the same file
+ descriptor number as the socket. This naturally causes chaos. The fix is
+ not to close the socket in ip_connect(); the socket should be closed by
+ the function that creates it. There was only one place in the code where
+ this was missing, in the iplookup router, which I don't think anybody now
+ uses, but I've fixed it anyway.
+
+PH/72 Make dns_again_means_nonexist apply to lookups using gethostbyname() as
+ well as to direct DNS lookups. Otherwise the handling of names in host
+ lists is inconsistent and therefore confusing.
+
Exim version 4.60
-----------------
PH/05 Some modifications to the interface to the fake nameserver for the new
testing suite.
-PH/06 Add ${if def:sender_address {(envelope-from <$sender_address>)\n\t}}
- into the default Received: header string.
-
Exim version 4.53