X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/532be4499552dfab0e3173f7d3e85c81e1496147..2cfd322193567dbbeca47b0fc0ee2836f46e2600:/doc/doc-txt/NewStuff diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 559a9f4c0..b9d88ff82 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/NewStuff,v 1.173 2010/06/07 07:09:10 pdp Exp $ +$Cambridge: exim/doc/doc-txt/NewStuff,v 1.176 2010/06/14 18:51:10 pdp Exp $ New Features in Exim -------------------- @@ -12,6 +12,9 @@ the documentation is updated, this file is reduced to a short list. Version 4.73 ------------ + NOTE: this version is not guaranteed backwards-compatible, please read the + items below carefully + 1. A new main configuration option, "openssl_options", is available if Exim is built with SSL support provided by OpenSSL. The option allows administrators to specify OpenSSL options to be used on connections; @@ -38,10 +41,14 @@ Version 4.73 av_scanner = clamd:192.0.2.3 1234:local + ClamAV's ExtendedDetectionInfo response format is now handled. + 4. There is now a -bmalware option, restricted to admin users. This option takes one parameter, a filename, and scans that file with Exim's malware-scanning framework. This is intended purely as a debugging aid to ensure that Exim's scanning is working, not to replace other tools. + Note that the ACL framework is not invoked, so if av_scanner references + ACL variables without a fallback then this will fail. 5. There is a new expansion operator, "reverse_ip", which will reverse IP addresses; IPv4 into dotted quad, IPv6 into dotted nibble. Examples: @@ -75,14 +82,39 @@ Version 4.73 then henceforth you will have to maintain your own local patches to strip the safeties off. - 8. Routers now support multiple "condition" tests, IF each router yields - a string which the bool{} operator recognises. Note that this is a departure - from normal Router "condition" truth, requiring the stricter standard of - "true" that ACLS use. This might be relaxed in a future release if there - is sufficient demand. - When debugging, bear in mind that these are internally wrapped up into - a longer, more complicated, string. There's a reason that the bool{} - logic is a dependency. + 8. There is a new expansion operator, bool_lax{}. Where bool{} uses the ACL + condition logic to determine truth/failure and will fail to expand many + strings, bool_lax{} uses the router condition logic, where most strings + do evaluate true. + Note: bool{00} is false, bool_lax{00} is true. + + 9. Routers now support multiple "condition" tests, + +10. There is now a runtime configuration option "tcp_wrappers_daemon_name". + Setting this allows an admin to define which entry in the tcpwrappers + config file will be used to control access to the daemon. This option + is only available when Exim is built with USE_TCP_WRAPPERS. The + default value is set at build time using the TCP_WRAPPERS_DAEMON_NAME + build option. + +11. [POSSIBLE CONFIG BREAKAGE] The default value for system_filter_user is now + the Exim run-time user, instead of root. + +12. [POSSIBLE CONFIG BREAKAGE] ALT_CONFIG_ROOT_ONLY is no longer optional and + is forced on. This is mitigated by the new build option + TRUSTED_CONFIG_PREFIX_LIST which defines a list of pathname prefices which + are trusted; if a config file is owned by root and is under that prefix, + then it may be used by the Exim run-time user. + +13. [POSSIBLE CONFIG BREAKAGE] The Exim user is no longer automatically + trusted to supply -D overrides on the command-line. Going + forward, we recommend using TRUSTED_CONFIG_PREFIX_LIST with shim configs + that include the main config. As a transition mechanism, we are + temporarily providing a work-around: the new build option + WHITELIST_D_MACROS provides a colon-separated list of macro names which + may be overriden by the Exim run-time user. The values of these macros + are constrained to the regex ^[A-Za-z0-9_/.-]*$ (which explicitly does + allow for empty values). Version 4.72