X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/5abeaa6ed041be7701397e36ceed5379ac356998..431b736177e2cdfd0b4da4c8545d8b732286abe1:/doc/doc-txt/NewStuff?ds=sidebyside diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 7f00ee5cd..960f93ce8 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -1,52 +1,191 @@ -$Cambridge: exim/doc/doc-txt/NewStuff,v 1.108 2006/07/31 14:19:31 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/NewStuff,v 1.127 2007/01/17 11:17:58 ph10 Exp $ New Features in Exim -------------------- -This file contains descriptions of new features that have been added to Exim, -but have not yet made it into the main manual (which is most conveniently -updated when there is a relatively large batch of changes). The doc/ChangeLog -file contains a listing of all changes, including bug fixes. +This file contains descriptions of new features that have been added to Exim. +Before a formal release, there may be quite a lot of detail so that people can +test from the snapshots or the CVS before the documentation is updated. Once +the documentation is updated, this file is reduced to a short list. + +Version 4.67 +------------ + + 1. There is a new log selector called smtp_no_mail, which is not included in + the default setting. When it is set, a line is written to the main log + whenever an accepted SMTP connection terminates without having issued a + MAIL command. This includes both the case when the connection is dropped, + and the case when QUIT is used. Note that it does not include cases where + the connection is rejected right at the start (by an ACL, or because there + are too many connections, or whatever). These cases already have their own + log lines. + + The log line that is written contains the identity of the client in the + usual way, followed by D= and a time, which records the duration of the + connection. If the connection was authenticated, this fact is logged + exactly as it is for an incoming message, with an A= item. If the + connection was encrypted, CV=, DN=, and X= items may appear as they do for + an incoming message, controlled by the same logging options. + + Finally, if any SMTP commands were issued during the connection, a C= item + is added to the line, listing the commands that were used. For example, + + C=EHLO,QUIT + + shows that the client issued QUIT straight after EHLO. If there were fewer + than 20 commands, they are all listed. If there were more than 20 commands, + the last 20 are listed, preceded by "...". However, with the default + setting of 10 for smtp_accep_max_nonmail, the connection will in any case + be aborted before 20 non-mail commands are processed. + + 2. When an item in a dnslists list is followed by = and & and a list of IP + addresses, in order to restrict the match to specific results from the DNS + lookup, the behaviour was not clear when the lookup returned more than one + IP address. For example, consider the condition + + dnslists = a.b.c=127.0.0.1 + + What happens if the DNS lookup for the incoming IP address yields both + 127.0.0.1 and 127.0.0.2 by means of two separate DNS records? Is the + condition true because at least one given value was found, or is it false + because at least one of the found values was not listed? And how does this + affect negated conditions? + + The behaviour of = and & has not been changed; however, the text below + documents it more clearly. In addition, two new additional conditions (== + and =&) have been added, to permit the "other" behaviour to be configured. + + A DNS lookup may yield more than one record. Thus, the result of the lookup + for a dnslists check may yield more than one IP address. The question then + arises as to whether all the looked up addresses must be listed, or whether + just one is good enough. Both possibilities are provided for: + + . If = or & is used, the condition is true if any one of the looked up + IP addresses matches one of the listed addresses. Consider: + + dnslists = a.b.c=127.0.0.1 + + If the DNS lookup yields both 127.0.0.1 and 127.0.0.2, the condition is + true because 127.0.0.1 matches. + + . If == or =& is used, the condition is true only if every one of the + looked up IP addresses matches one of the listed addresses. Consider: + + dnslists = a.b.c==127.0.0.1 + + If the DNS lookup yields both 127.0.0.1 and 127.0.0.2, the condition is + false because 127.0.0.2 is not listed. You would need to have + + dnslists = a.b.c==127.0.0.1,127.0.0.2 + + for the condition to be true. + + When ! is used to negate IP address matching, it inverts the result, giving + the precise opposite of the behaviour above. Thus: + + . If != or !& is used, the condition is true if none of the looked up IP + addresses matches one of the listed addresses. Consider: + + dnslists = a.b.c!&0.0.0.1 + + If the DNS lookup yields both 127.0.0.1 and 127.0.0.2, the condition is + false because 127.0.0.1 matches. + + . If !== or !=& is used, the condition is true there is at least one looked + up IP address that does not match. Consider: + + dnslists = a.b.c!=&0.0.0.1 + + If the DNS lookup yields both 127.0.0.1 and 127.0.0.2, the condition is + true, because 127.0.0.2 does not match. You would need to have + + dnslists = a.b.c!=&0.0.0.1,0.0.0.2 + + for the condition to be false. + + When the DNS lookup yields only a single IP address, there is no difference + between = and == and between & and =&. + + +Version 4.66 +------------ + +No new features were added to 4.66. + + +Version 4.65 +------------ + +No new features were added to 4.65. + + +Version 4.64 +------------ + + 1. ACL variables can now be given arbitrary names, as long as they start with + "acl_c" or "acl_m" (for connection variables and message variables), are at + least six characters long, with the sixth character being either a digit or + an underscore. + + 2. There is a new ACL modifier called log_reject_target. It makes it possible + to specify which logs are used for messages about ACL rejections. + + 3. There is a new authenticator called "dovecot". This is an interface to the + authentication facility of the Dovecot POP/IMAP server, which can support a + number of authentication methods. + + 4. The variable $message_headers_raw provides a concatenation of all the + messages's headers without any decoding. This is in contrast to + $message_headers, which does RFC2047 decoding on the header contents. + + 5. In a DNS black list, if two domain names, comma-separated, are given, the + second is used first to do an initial check, making use of any IP value + restrictions that are set. If there is a match, the first domain is used, + without any IP value restrictions, to get the TXT record. + + 6. All authenticators now have a server_condition option. + + 7. There is a new command-line option called -Mset. It is useful only in + conjunction with -be (that is, when testing string expansions). It must be + followed by a message id; Exim loads the given message from its spool + before doing the expansions. + + 8. Another similar new command-line option is called -bem. It operates like + -be except that it must be followed by the name of a file that contains a + message. + + 9. When an address is delayed because of a 4xx response to a RCPT command, it + is now the combination of sender and recipient that is delayed in + subsequent queue runs until its retry time is reached. + +10. Unary negation and the bitwise logical operators and, or, xor, not, and + shift, have been added to the eval: and eval10: expansion items. + +11. The variables $interface_address and $interface_port have been renamed + as $received_ip_address and $received_port, to make it clear that they + relate to message reception rather than delivery. (The old names remain + available for compatibility.) + +12. The "message" modifier can now be used on "accept" and "discard" acl verbs + to vary the message that is sent when an SMTP command is accepted. + Version 4.63 ------------ 1. There is a new Boolean option called filter_prepend_home for the redirect - router. It defaults true, for backward compatibility. If a "save" command in - an Exim filter has a relative path for its argument, and $home is defined, - it is automatically prepended to the relative path. This action can now be - prevented by setting filter_prepend_home false. + router. 2. There is a new acl, set by acl_not_smtp_start, which is run right at the start of receiving a non-SMTP message, before any of the message has been - read. (This is the analogue of the acl_smtp_predata ACL for SMTP input.) The - result of this ACL is ignored; it cannot be used to reject a message. If - you really need to, you could set a value in an ACL variable here and reject - based on that in the acl_not_smtp ACL. However, this ACL can be used to set - controls, and in particular, it can be used to set control=suppress_local_ - fixups, which cannot be used in the acl_not_smtp ACL because by the time - that ACL is run, it is too late. When the acl_not_smtp_start ACL is run, the - sender and recipients are known, so the "senders" and "sender_domains" - conditions and $sender_address and $recipients variables can be used. - Variables such as $authenticated_ sender are also available. It is possible - to specify added header lines in this ACL. + read. 3. When an SMTP error message is specified in a "message" modifier in an ACL, or in a :fail: or :defer: message in a redirect router, Exim now checks the - start of the message for an SMTP error code. This consists of three digits - followed by a space, optionally followed by an extended code of the form - n.n.n, also followed by a space. If this is the case and the very first - digit is the same as the default error code, the code from the message is - used instead. If the very first digit is incorrect, a panic error is logged, - and the default code is used. This is an incompatible change, but it is not - expected to affect many (if any) configurations. It is possible to suppress - the use of the supplied code in a redirect router by setting the - forbid_smtp_code option true. In this case, any SMTP code is quietly - ignored. + start of the message for an SMTP error code. 4. There is a new parameter for LDAP lookups called "referrals", which takes - one of the settings "follow" (the default) or "nofollow". The latter stops - the LDAP library from trying to follow referrals issued by the LDAP server. + one of the settings "follow" (the default) or "nofollow". 5. Version 20070721.2 of exipick now included, offering these new options: --reverse