Change log file for Exim from version 3.01
------------------------------------------

Version 3.36
------------

1. Bug in string expansion: if a "fail" substring of a conditional contained
another conditional that used the "fail" facility, Exim didn't swallow the
right number of closing parentheses in the case when the original condition 
succeeded (i.e. when the condition containing the "fail" should be 
skipped). 

2. NULLs in a message body are turned into spaces for $message_body[_end].

3. If a message with the -N flag was on the spool, and was selected during a
queue run by -R or -S, the -N flag was incorrectly passed on to all subsequent
messages, leading to their being thrown away.

4. The -H files for Exim 4 have changed again with regard to the data for 
one_time addresses. Make Exim 3 capable of coping with the new format.



Version 3.35
------------

1. Accidentally omitted from the 3.34 ChangeLog: if a host list in a domainlist
route rule was in quotes, but contained single quotes, it was broken.

2. Change 27 for 3.30 caused newlines in "freeze" texts from message filters to
be sent as \n when freeze_tell_mailmaster was set.

3. Rename the macro DB_LOCK_TIMEOUT because it clashes with a macro in DB
version 4.

4. Make Exim 3 capable of reading -H files written by Exim 4, which have
a different format for the one_time data (extraneous other stuff removed.)

5. Eximstats: one line addition to reduce memory usage.

6. Exim crashed if called with -C followed by a ridiculously long string.

7. Some other potential points of trouble caused by pathological input data
   have been defended.


Version 3.34
------------

1. Exim was failing to diagnose a lone \ at the end of an expansion string as
an error (basically a typo in the code).

2. If logging was only to syslog, and Exim was trying to panic-die, it crashed
instead of dying cleanly.

3. If an address was routed using a DNS lookup that found no MX records, but
one or more A records, and fallback hosts were specified on the transport, the
fallback hosts were ignored.

4. $message_body_size was set incorrectly (to zero) during filter testing.

5. Ensure the configuration file is closed before running the -bi command.

6. Reap all complete processes within the loop for accepting -bs or -bS
messages, because it seems that not all OS do this automatically when SIGCHLD
is set to SIG_IGN.

7. Reset SIGHUP to SIG_IGN before restarting a daemon, in case another SIGHUP
arrives very quickly and kills the newly started Exim before it has a chance to
get going.

8. After "452 space shortage", was not unsetting the sender address. Could lead
to strange effects when the client was pipelining.

9. There was no check that getpeername() was giving a socket address when
called on stdin passed from a previous delivery.

10. If a local part beginning with a pipe symbol was directed to a pipe
transport, the transport got confused as to which command it should run.
This could be a security exposure if unchecked local parts are directed
or routed to pipe transports.


Version 3.33
------------

1. The test for an unset system-specific ERRNO_QUOTA was happening _before_ the
inclusion of config.h, where the system-specific setting happens. (I think it's
only SCO, which has no quotas, that actually sets this.) This caused a warning
about redefinition of the macro.

2. Change 3.32/7 broke IPv6 on Linux, which handles wildcard listening with a
single IPv6 socket, and _forbids_ a second IPv4 socket. (But the USAGI IPv6
stack may be different.) The change also caused failures on systems that have
IPv6 libraries, but no IPv6 support in the kernel. The IPv6 code has been
reworked yet again, such that it should work on all the different variations,
and just revert to IPv4 when there is no IPv6 support in the kernel.

3. Aliasing a local part to /dev/null without setting file_transport caused
Exim to crash. Now it gives the same error as any other /file alias.

4. As the IETF looks to be about to demote A6 DNS records to "experimental"
status, I have cut out their support, using a compile-time macro. This, of
course, applies only when Exim is built with IPv6 support.

5. Expanded error message for unknown rewrite flag item to suggest it might be
caused by missing quotes (because this is turning into a FAQ).


Version 3.32
------------

1. Eximon's call to XawTextReplace to empty the queue display was using a very
large number to indicate "end of text". This works with many X libraries, but
it was failing on the library in the RedHat 7 systems. Wrote the proper code to
maintain an accurate count of the number of characters displayed. However, it
still doesn't seem to solve the original problem, but as it is "better" in some
sense, I've left it in.

2. Added #define SIOCGIFCONF_GIVES_ADDR to the OpenBSD os.h file.

3. Arranged to give correct data length to bind() function for IPv4 sockets
when compiled with IPv6 support. Some operating systems check.

4. Cleaning up the auths directory was omitted from "make clean".

5. Bodged a fix to pcre/pcretest.c so that it will compile with gcc 3, which
doesn't like #ifdef in the middle of macro arguments - it has defined printf()
as a macro. Sigh.

6. If a delivery in a subprocess (local or remote) opened a connection to (for
example) an MySQL server, that connection never got properly closed because the
cleanup function was called only in the main process. Calls to the tidyup
function have been added to the subprocesses.

7. Reworked the way the daemon sets up to listen for IPv4 addresses on IPv6
systems, because on some systems the TCP/IP stack doesn't pass incoming IPv4
calls to listening IPv6 sockets because of security concerns. Using separate
sockets should work in all cases. Also, for listening on explicit interfaces,
IPv4 sockets are now used for IPv4 addresses, instead of mapped addresses on
IPv6 sockets.

8. When any "Resent-" header existed, Exim was using "Resent-Subject:" as the
Subject header for logging. This was a delusion on my part: RFC 822 never
defined Resent-Subject: so the ordinary Subject: should always be used.

9. RFC 2822 has abolished Resent-Reply-To: as a header. Exim now just looks as
the ordinary Reply-To: even when there are Resent- headers in the message.

10. OpenLDAP 2.0.6 represented an unset hostname as "" instead of NULL; Exim
had code to cope with this. Later releases of OpenLDAP have reverted to NULL
instead; unfortunately Exim's code, which was supposed to cope with either
case, was broken. It has been fixed.

11. Drop an SMTP connection if more than 5 unrecognized commands are received.

12. Tab was not being counted as a printing character, so if it appeared in a
a "fail" message (for example) it was printed as \t in log lines and in bounce
messages. Now if you use a tab, you get a tab.


Version 3.31
------------

1. An address longer than 256 bytes could cause Exim to crash. Change 38 for
3.30 limits local addresses to 512 bytes (the RFC limit is 64bytes@255bytes and
SMTP addresses have always been limited), so the relevant vector has been
increased to 512 bytes.

2. The return_path generic transport option was being ignored for MAIL FROM
lines in BSMTP output in the appendfile and pipe transports.


Version 3.30
------------

1. Check for string shorter than 2 chars for the second argument of crypteq,
and force failure. Otherwise, with an empty string, it gives a false positive.

2. If ignore_target_hosts caused all hosts found from MX records to be
discarded, and there was more than one of them, Exim crashed.

3. If there were several ignored hosts, the name of the first one was always
output in the debug output.

4. If a local message was terminated by a line containing just "." while
reading the header (unlikely except in test situations) it could cause Exim to
crash, or to add some random data to the message's body.

5. Modified the system-dependent files for NetBSD to make it work on systems
that use ELF binary format as well as those that use a.out.

6. The code in the libident library was stopping reading after reaching a CR.
This left the LF which should follow the CR unread - causing trouble to some
people. Exim now swallows the LF.

7. When the (esoteric) CONFIGURE_FILE_USE_NODE option was in use, the version
of exicyclog that was built did not read the correct configuration file. The
same applied to exinext, exiwhat, and eximon.

8. Added -oMas and -oMai to set authenticated_sender and authenticated_id, if
the caller is trusted.

9. If a queue listing option (-bp, etc) is called by a non-admin user, and
queue_list_requires_admin is true, Exim now gives "permission denied" instead of
just listing the messages submitted by the caller.

10. If syslog_timestamp is set FALSE, the timestamps on Exim's log lines are
omitted when these lines are sent to syslog.

11. The actions for one_time are disabled for the first pass when delivering a
message in a -qq queue run.

12. Setting log_sender_on_delivery causes Exim to add an F=<sender> item to
delivery and bounce log lines (F is for "envelope from" - the same letter as is
used in rewriting rules).

13. When processing an "extract" expansion item, Exim was expanding both the
"yes" and the "no" strings fully, when it should have been skipping lookups
etc. in the one that it did not want. There was a similar problem when
processing ${tr} and ${sg} in "unwanted" substrings.

14. Found another place where databases might not be tidied up on the way out
of Exim (see 3.20/3 below).

15. Exim uses the O_NONBLOCK option for the pipes it uses to retrieve results
from remote parallel deliveries, but if the OS doesn't have O_NONBLOCK, it uses
O_NDELAY instead. At least, it is supposed to. There was a typo causing
compilation failure on systems without O_NONBLOCK (clearly very few!).

16. If "=" was missing after an option name, the error was 'unexpected "x"'
instead of 'missing "="'.

17. When reading addresses for the -t option, if an address contained a newline
because of folding of the header line, a malformed address was read, leading to
a malformed spool file.

18. If forbid_filter_lookup was set for a forwardfile director, this didn't
stop lookups inside a file that was expanded in the autoreply transport as a
result of a "mail expand file /foo/bar" command in the filter. Ditto for
forbid_existstest and forbid_perl.

19. Fixed a programming infelicity in the interpretation of file type bits in
appendfile and tls modules.

20. Added ignore_target_hosts = 127.0.0.0/8 to the default configuration.

21. Added alarm(0) just before re-exec of the daemon; there was a small window
before the new daemon re-established the signal handler (yes, somebody did hit
this).

22. If a message with an address that resolved to :blackhole: had several
delivery attempts (because other addresses deferred), a log entry for
:blackhole: was written for each delivery attempt, instead of just the first.

23. Appendfile uses a temporary file when doing MBX delivery; change from using
tmpnam() to using tmpfile() because of worries over the security of tmpnam().

24. Added system configuration files in the OS directory for Darwin (Mac OS X).

25. If a write error occurred when updating the -H file, an incorrect error
message could be output (errno not preserved). This has been fixed, and more
detail is now included in the message.

26. Add "could be header name not terminated by colon" to another case of
expansion string syntax failure when a non-existent header name contains }.

27. The "freeze" or "fail" message in a system filter can become very large if
long header lines are included: truncate it if it's over 1000 characters long.
Also ensure that it contains only printing characters (by escaping if
necessary) so as not to mess up the log.

28. Address rewriting was inadvertantly lower-casing local parts so that if
they were used via numerical variables in the replacement string, the wrong
case appeared. Matching addresses in rewriting rules is now done casefully, but
with the domain in the incoming address forced to lower case (exactly as for an
address list after a +caseful item, and as documented).

29. The checking of From: headers against a local login was happening after the
headers had been rewritten; if logins were being rewritten to other names, this
meant that Sender: headers were being added unnecessarily, often containing the
same rewritten address as From: (which is what you are supposed not to do). As
part of this fix, if Exim creates a From: header from an envelope sender, it
does so with the unrewritten value.

30. If stdin was a socket, Exim was assuming it was an INET socket, implying a
call from inetd. This caused problems if a UNIX domain socket was used. Exim
now checks.

31. The expansion operator "md5" computes the MD5 hash of its argument.

32. If quota and quota_warn_threshold in appendfile were set big enough (e.g.
50M and 41%) there was a integer overflow during the calculation.

33. If an "unseen" director or router had an errors_to setting, it was
erroneously passed on to the subsequent "seen" drivers for the address.

34. Fixed small security exposure caused by what is essentially typo. If an
SMTP error message generated during batch SMTP input contained quoted external
material (e.g. a bad header line), the inclusion of formatting characters (e.g.
%s) in the quoted material could cause all sorts of problems.

35. If -Mrm was used on a non-existent message id, it still logged "removed by
<user>". Now it writes this line only if it finds at least one file to remove.

36. Modified base make file so that setting STRIP_COMMAND causes all the
binaries to be stripped.

37. Modified scripts/exim_install to change the code for installing the texinfo
documentation (as requested by FreeBSD maintainer).

38. Give error if address on a command line is longer than 512 bytes (RFC 2821
limits local parts to 64 and domains to 255 - allow extra for escapes, the "@"
and so on.) Previously Exim crashed if an address was longer than 1024.


Version 3.22
------------

1. Fixed a crash in the following obscure circumstances: A system filter obeyed
a "mail" command, then then froze the message. The message created by the
"mail" command could not be passed to a nested Exim for some reason (e.g.
system ran out of process ids). The failure to send the message was logged, but
then the original Exim crashed.

2. Fixed a bug in the libident library (not my bug!). If a very long response
was received, it could overrun the buffer by one byte.

3. There was no explicit checking for the length of message created for
log_ip_options when a call with IP options was received. However, the length of
the option string is limited to 40 on the systems I've looked at, so there
wasn't a real problem. Nevertheless, I have added some paranoid length
checking, just in case.

4. Change 10 of 3.166 introduced a bug; it continued trying to verify when the
child was a pipe, file, or autoreply. This could cause crashes.

5. Added server_mail_auth_condition to authenticators.

6. xtext decoding for AUTH on MAIL commands wasn't adding a terminating zero.

7. There was a bug in the table for decoding data encoded in base 64
(authentication data). '/' was being turned into 73 instead of 63.

8. If a numeric variable in an expansion had a number so large that it
overflowed, Exim crashed. Now it just inserts a null string, as for any other
unset numeric variable.


Version 3.21
------------

1. Verify callbacks crashed if any host on the list didn't have a known IP
address.

2. Macro names longer than 23 characters were truncated when defined, but of
course caused trouble when used. The limit has been raised to 63, and a
configuration error occurs if it it exceeded.

3. Make dns_ipv4_lookup also apply to gethostbyname(), so that it looks only
for IPv4 addresses. I forgot this when I invented the option. For tidyness, add
a synonym ipv4_address_lookup.

4. Do not call gethostbyaddr() directly in appendfile when notify_comsat is
set. Instead call host_bind_byname() to get all local addresses. However, for
the moment, we continue to use 127.0.0.1 only, because (on some systems at
least), comsat doesn't listen on the ::1 address.

5. In readconf.c, when making the result of uname() fully qualified, don't just
call gethostbyname(). Call the appropriate function depending on IPv4/IPv6
settings.

6. If the expansion of require_files suffered a lookup defer, the correct error
message wasn't being passed back with the DEFER status.

7. When an Envelope-To: header was added to a delivery, more than one instance
of the same envelope address could appear if there were discarded duplicates
that had the same original address. In other cases, different originals might
not appear when they should.

8. If quota_warn_threshold was given as a percentage when quota was not set,
Exim objected. Now it just ignores the setting.

9. The -Mmd (mark delivered) option now operates case-insensitively.

10. Give more information in syntax error messages for incorrect conditions in
expansions.

11. When the daemon is SIGHUPped and re-execs itself, it used to go through the
forking thing in order to get rid of the controlling terminal, even though in
this case it was not needed. It no longer plays this game if its parent process
is 1. This means that the pid no longer changes when the daemon is SIGHUPped.

12. Omit the reason for the delay in warning messages when it is "retry time
not reached", because this doesn't convey much, and just confuses people.
Unfortunately, it ain't easy to find the real reason at this stage.

13. When hide_child_in_errmsg was set, and a delivery to a pipe produced output
to be sent back, the child was being shown at the head of the returned output.
It now hides the address in the same was as it does for the list of failing
addresses.

14. If the expansion of require_files fails, delivery is now deferred for all
kinds of failure, not just forced ones. Previously Exim panicked. This change
has also been made for file names that are not absolute.

15. When outputting a host list for -bv -v when an address is routed to a local
transport, just give the host name, omitting "[unknown]" for the address. The
detail of what was output when -v (or -d) was set for -bv and -bt has been
changed. It now always gives the director, router, and transport names.

16. The -bpc option gives a count of messages on the queue. It is faster than
processing the output of -bp because it doesn't open any of the files.

17. The smtp transport has a new option called helo_data which is expanded to
give the text used as the argument for EHLO or HELO. The default setting is
"$primary_hostname".

18. It appears that mkdir() ignores any mode bits other than 0777, at least on
some OS. If such bits are set in (for example) directory_mode of appendfile, we
now do an explicit chmod() to ensure they get set.

19. A way round the problems with gcc on IRIX systems has been found. A
replacement function for inet_ntoa() is provided. This is now included by means
of a macro switch which is set on IRIX systems when gcc is in use.


Version 3.20
------------

1. The TLS close function is called on a number of paths through the code. It
does nothing if TLS is not active, but it was logging this case at a low debug
level, quite unnecessarily. No debug output is now produced.

2. I'd forgotten to add the details of callback verification failures to log
lines.

3. Tidying up open database connections wasn't happening on all the ways out of
Exim. Closed some holes.

4. In the daemon, move the setting up of the signal handler for SIGHUP to
before writing the pid file in the spool (it was just after). This should be
better behaved if some process is reading the pid file and sending SIGHUPs in
quick succession.

5. Added the ldapdn lookup type, to return a DN from an entry.

6. When a size or time limit was not set in an LDAP query, Exim was doing
nothing; this meant that if it re-used a cached connection, the limit from the
previous query was used. It now sets the limits explicitly for every query,
defaulting to "unlimited".


Version 3.169
-------------

SMTP callback checking (3.168/13) was not working on little-endian hosts.


Version 3.168
-------------

1. When testing with -be, privilege is discarded, and Exim runs as the calling
user.

2. Untrusted users may now be permitted to use -f with any value, by setting
untrusted_set_sender=true. In implementing this, I had to do some tidying up of
the way sender setting and various checks are implemented, including a revision
of the previous facility, whereby only -f <> was permitted to untrusted
callers. If an untrusted user uses -f, the user's login id is displayed in
parentheses after the sender address in -bp and eximon displays. In the
previous code that did this for eximon (for -f <>), there was a store bug; the
code is replaced rather than fixed, but I log it for the record.

3. Added once_file_size to the autoreply transport.

4. Added support for the tdb DBM library.

5. Made consistent the handling of address listings in bounce and defer
messages. Added hide_child_in_errmsg options to relevant directors.

6. Added support for the maildir++ "maildirfolder" feature.

7. If an address was passed to the directors by self=local, and then picked up
by an "unseen" director, it reverted to the routers afterwards, instead of
continuing with the directors.

8. The use of pipes and files in new_address in smartuser was supposed to be
locked out. In fact, it caused segfaults.

9. Extended smartuser to allow the use of pipes and files in new_address; added
appropriate options such as file_transport and forbid_file.

10. An incorrect message might have been logged when an attempt to open a hints
file failed.

11. If self=send was activated on a domainlist router (i.e. the first host was
the local host), but more than one local host address was in the list, all but
the first were being removed (and any that followed a local host). This no
longer happens. Also, if fallback hosts were set, they were not being used in
this case (as if the local host had been removed from the list).

13. Added support for callback verification of senders.

14. Changes to the LDAP lookup:

    * Abandoned auto-guess of LDAP library (was in fact broken).
    * Added support for OpenLDAP 2.0.6 (changed API from 1.x release).
    * Use ldap_search and asynchronous ldap_result instead of ldap_url_search.
    * Changes to the way multiple values are returned.
    * Miscellaneous internal tidies.

15. Only an admin user may now set a debug level greater than 1 (because
passwords etc. may be shown in debugging output from lookups, and filter file
processing can be seen).

16. The smtp transport now has an option called hosts_max_try, which limits the
number of IP addresses that will be tried for a single delivery. The default is
5.

17. If log_incoming_port is set, the remote port number (separated by a dot) is
added to the IP address of incoming calls in all log entries, and in Received:
header lines. For example:

  127.0.0.1.48433
  ::1.48433

This is implemented by changing the value that is put in the $sender_fullhost
and $sender_rcvhost variables, to include the port. There is also a separate
variable called $sender_host_port which contains just the port number. This is
available whether of not log_incoming_port is set.

18. A port number may be specified with the -oMa or -bh options.

19. Internal tidying of the function for formatting host names/addresses
and ident data for logging.

20. Added the headers_rewrite transport option.

21. Error message when : omitted from header name in expansion now suggests
this possibility.

22. $rbl_domain contains the RBL domain that failed during the expansion of
$prohibition_message after an RBL rejection.

23. When the "domains", "local_parts", or "senders" options on directors and
routers contain query-style lookups, they have to make use of $key, but because
these options are pre-expanded, $key was getting replaced too early, with an
empty string. The expansions of these options now replace $key with "$key", so
that its expansion is delayed till later, when an individual query-style lookup
item is expanded.

24. Extended the "extract" expansion item so as to have yes/no substrings, like
if and lookup. As a side effect of backwards compatibility, "lookup" can now be
given with no substitution strings - this behaves like {$value}{}.

25. If move_frozen_messages was set, Exim was trying to move messages that had
completed as well, causing spurious log entries to be written when it failed.

26. Added dns_ipv4_lookup to enable people to turn off DNS lookups for AAAA and
A6 records in versions of Exim compiled with IPv6 support.

27. Re-arranged code of aliasfile so the query/queries handling could be
abstracted into a separate function.

28. Added new "data" option to forwardfile.

29. The use of authentication over TLS was broken for any authentication method
that required prompting for data, that is, all except PLAIN.

30. Ignore -U; Sendmail uses this for initial message submission, apparently.


Version 3.167
-------------

1. Added support for outgoing pipelining to the SMTP transport. Crude tests
indicate a definite benefit.

2. Added "(Exim)" after "This message was automatically created by mail
delivery software" to make it clear which piece of software is doing it.

3. Fixed problem with protocol=lmtp in the smtp transport; it was assuming
progress had been made on a message when it hadn't (change 3.166/5 wasn't
working properly for LMTP).

4. If protocol=lmtp in the smtp transport, the port defaults to "lmtp" instead
of "smtp".


Version 3.166
-------------

1. When the "percent hack" was in use, it didn't work if the domain of the new
address was not local.

2. Added timeout_frozen_after, and changed ignore_errmsg_errors to check
against the message's age, not the time since last freezing.

3. Included ignore_errmsg_errors and timeout_frozen_after in the default
configuration.

4. Tidied up the code for logging deliveries, defers, and failures. It had got
very messy. One consequence is that the text written to the message log is
identical to that written to the main log in most cases (previously there were
minor variations, mostly historical accidents).

5. If there were several messages queued for the same host, and at every
attempt to deliver, all the addresses got 4xx errors, Exim could get into a
loop trying to deliver the messages over the same SMTP channel, and cycling
round the messages as it did so. Now, it won't pass the channel to another
message unless at least one address was either successfully delivered, or
rejected with a hard (5xx) error. In other words, unless there was some
progress in delivering to that host.

6. As another safety precaution against the problem encountered in 5, the
default value of the batch_max option in the SMTP transport has been changed
from zero (unlimited) to 500.

7. The use of -f <> by an untrusted caller was ignored when delivery was by
BSMTP (either file or pipe).

8. If -q was given with a second message id, to stop the queue run before the
end, a message with that exactly id was not considered.

9. Exim was treating a 5xx response on connection to an SMTP server, or in
response to HELO, in the same way as a connection failure - that is, as a
temporary error, causing the message to be tried again later. It now bounces
all the addresses in these situations.

10. When an incoming address is aliased to just one child address, in an
aliasfile or in a smartuser director (but *not* for forwardfile), then
verification now continues with the child address. Previously it stopped, as if
it were a mailing list, but this isn't the best strategy. (As before, if -v is
given with a -bv command, it verifies the complete tree; it's the default case
that has changed.)

11. If a temporary SMTP error had a humungously long text string associated
with it, this whole error string was included in the retry record. This is not
sensible, and besides, some DBM libraries have limits on the data length. There
is now a limit of 100 characters.

12. SMTP errors caused by headers_check_syntax could contain up to 1024
characters of an offending header (as in log lines). This is probably
unreasonable; it has been reduced to 256.

13. Change 11 of 3.164 introduced a bug whereby if an incoming SMTP message was
terminated by '.' before the blank line that ends the headers had been
received, Exim saw an extra blank line at the end, and gave an SMTP 'unknown
command' error.

14. Changed the setting of host_lookup in the default configuration from
0.0.0.0/0 to *, so that it catches IPv6 addresses too.

15. Re-organized the way SMTP responses were read for outgoing messages, in
preparation for adding LMTP support over TCP/IP and outgoing PIPELINING
support, both of which must accept multiple responses in single incoming
packets.

16. Added protocol=lmtp to the smtp transport, to support LMTP over TCP/IP.

17. When an smtp transport is configured to use a non-standard port, the port
number is now added to the host name and IP address to create the retry key.
This means that failures to connect to one port do not cause delays on other
ports. With the advent of support for LMTP over TCP/IP this became important.


Version 3.165
-------------

1. The re-arrangements for change 3.164/3 introduced a bug that could cause
segmentation faults while looking up things in the DNS.

2. If there was an SMTP error in the 2nd or subsequent message sent down a
single SMTP connection, it was always reported as "after initial connection"
instead of after the actual command that provoked it.

3. If -oX was followed by something that wasn't a digit string, no error was
diagnosed.

4. Ignore trailing spaces at the end of local_host_number.

5. Added debug message stating when the primary host name is added to
local_domains as a result of local_domains_include_host.

6. The -N debugging option used to apply only to the run of Exim on which it
was set. This could be embarrassing if a test message got deferred (for a
routing reason or whatever) because it could then get delivered later by a
queue runner. The way -N works has therefore been changed. It now sticks to a
message, so that it can never actually be delivered. This applies to messages
that are received with -N set, and also to existing messages that are the
subject of manual delivery attempts with -N (a privileged action).

7. If /etc/aliases was not a regular file, the error message wittered on about
bad mode bits and was confusing. It now says that it isn't a regular file.

8. Removed the Exim version number from exiwhat output. It doesn't seem to
serve any really useful purpose.


Version 3.164
-------------

1. Changed default setting of tls_advertise_hosts from "*" to "".

2. Removed the code for checking that a host name obtained from gethostbyaddr()
actually had a correct IP address, since gethostbyaddr() seems to do this check
internally anyway (and Exim wasn't checking any aliases).

3. Added support for A6 DNS records (RFC 2874).

4. Changed what happens if a user or group name in a require_files list does
not exist. Previously Exim panicked. Now it just fails the require_files
condition. Change 15 of 3.161 made $local_part as a user name unusable in
a localuser director, because it panicked for non-local-users. This change
makes it useable again.

5. An x'ff' byte in a message transfered over TLS caused premature
termination. This was a char * that should have been unsigned. Sigh.

6. prohibition_message wasn't being used after a receiver verify failure (it
was after a sender verify failure). It now is, with reason "receiver_verify".

7. If an option setting is preceded by "hide", it is displayed by -bP only to
admin users.

8. Obscure buglet: if routing an address changes the domain name, and finds the
routing is local, the expanded domain name is re-processed from scratch. If the
new name is not in local_domains it comes back to the routers. The loop-
breaking code was causing the original router to be incorrectly skipped (since
the name has changed, it should be re-run).

9. There was no timeout in the server on negotiation of a TLS session. If a
client sent nothing after STARTTLS, the server waited for ever.

10. There was no timeout in the client on negotation of a TLS session. If a
server sent nothing after the 220 following TLS, the client waited for ever.

11. In SMTP input, a line containing just .. before the end of the header lines
terminated the message. It now turns into the first data line, as a line
consisting of just a dot.


Version 3.163
-------------

1. In preparation for introducing support for A6 DNS records, re-arranged the
DNS functions to use a passed control block instead of static variables.

2. I broke log_smtp_confirmation in 3.162/10(b). Fixed the typo.

3. Call RAND_status() to check up on random seeding for TLS. Gives a tidy error
on failure. If OK at start, it must have seeded from /dev/urandom, and we don't
do anything more.

4. Change 3.162/10(a) also broke something; with immediate delivery, Exim was
sending two copies of the 250 OK message. The buffer is now flushed before
forking a delivery process.

5. I broke something else in 3.162/10(b). If the contents of message-id: in an
incoming message happened to contain %r, or some other unimplemented printing
escape, Exim fell over. Another stupid error fixed.



Version 3.162
-------------

1. When refusing to run EXPN because not authenticated, the log message
referred to VRFY rather than EXPN.

2. A "mailing list" type address that was expanded by a smartuser director
missed off one of the addresses when tested using EXPN.

3. If EXPN when used via a daemon provoked any attempted logging (e.g. via
log_rewrites), Exim crashed instead of just ignoring the logging.

4. If hosts_randomize was used in an smtp transport, and remote_max_parallel
was also set, each parallel delivery sorted the hosts the same way, in a queue
run, because the random number generator was already initialized before the
forking took place. We now reset the generator after forking.

5. If freeze_tell_mailmaster was set and a message was frozen in a system
filter, the text given with the freeze command was not included in the message
that was sent (though it did appear in the log).

6. The size of the structure used for each address has been reduced by 72 bytes
by changing to single-bit flags. This may matter when mailing lists have
thousands of subscribers.

7. Added some missing paranoia checks on the results of setuid() and setgid().

8. If an address given to EXPN had a domain not in local_domains, it got
bounced as "Not a local domain", even though routing it might have turned it
into a local domain. The routing is now done, and "Not a local domain" is given
only if it really is a remote domain.

9. When routing fails because of a syntax error in a domain name, say so in the
error message.

10. When tidying up for TLS/SSL support:
  (a) removed 3 redundant calls to fflush().
  (b) changed the way log lines are generated in accept.c (it was getting
      far too messy).

11. Added missing -lcrypt to LIBS for GNU/Hurd.

12. For SMTP output, always try EHLO first now. Previously it did this only if
the greeting contained "ESMTP", because some MTAs didn't grok EHLO. I think
enough time has now passed.

13. In the Linux-specific module, replaced the lines

  #include <linux/kernel.h>
  #include <linux/sys.h>

with

  #include <sys/sysinfo.h>

14. Added support for TLS/SSL, using the OpenSSL library.


Version 3.161
-------------

1. Removed -lwrap from SCO_SV default configuration because not all systems
have it installed.

2. Increase maximum size of string that a filter can handle in a condition from
256 to 1024 characters (regular expressions can get long).

3. On some operating systems, the SIOCGIFCONF ioctl returns the IP addresses
with the list of interfaces, and there is no need to call SIOCGIFADDR for each
individual address. Mostly, making the second call does no harm, but on Linux
when there are IP aliases, it causes things to go wrong. This also seems to be
the case on some BSD systems. Therefore, there is now a macro to cut it out,
currently defined in os.h for Linux, Solaris, FreeBSD, NetBSD and BSDI.

4. Reorganized the code for finding local interface addresses, which is
becoming more system-specific with the advent of IPv6. Moved the code into os.c
for the common cases, with the IRIX code in OS/os.c-IRIX (all versions).

5. Used macros to recognize the Solaris way of finding IPv4 and IPv6
interfaces, which just re-defines the old way using new structures. If any
other OS do the same thing, this will kick in automatically.

6. Added some contributed code for finding IPv6 interfaces in Linux by scanning
/proc/net/if_inet6.

7. The "new" way of getting the load average in Linux is apparently extremely
slow. The code now tries the original way, using /proc (which is fast) and
reverts to the "new" way if that doesn't work.

8. Installed PCRE 3.4 (latest release; bug fixes).

9. Added generic router option ignore_target_hosts.

10. Added #define HAVE_GETIPNODEBYNAME 1 to os.h for Tru64 Unix (aka OSF1),
because it seems to have that kind of IPv6.

11. Change 16 of release 3.14 broke EXPN if called from a -bs session.

12. Allow negations in match_directory.

14. If smtp_etrn_command was set to a non-existent path, an extra SMTP response
was sent in addition to the OK, because the forked process was still
(incorrectly) connected to the SMTP session.

15. If a local part that was not a local user was passed to a localuser or
forwardfile director which also had no_more and a "condition" setting that
failed, the local part was not passed to subsequent directors as it should have
been (because "condition" failures bypass no_more).

16. Added the phrase "mailbox is full" to quota errors, because not everybody
realizes what "quota" refers to.

17. If the list separator for local_domains was changed, local_domains_include_
host_literals went wrong for IPv6 addresses.

18. Sender: headers were being removed from local messages that were submitted
by trusted callers.

19. If randomize_hosts was set on an smtp transport, and the host list did not
need to be expanded because it contained no "$" characters, it was not being
re-randomized every time the transport was called.

20. Check that the output of a transport filter ends with NL when transporting
over SMTP, and add one if it is missing.

21. If no_quota_is_inclusive is set in appendfile, the quota check does not
include the current message.

22. When Exim builds a From: or Sender: line from the gecos name field, it now
encodes it according to RFC 2047 if the user's name includes non-printing
characters. Formerly, these were turned into question marks.

23. If a host list failed to expand in the smtp transport, and more than one
address was being handled at once, only the first one got the correct error
message.

24. Added support for LMTP. This has entailed a surprisingly large amount of
internal re-arrangement of the local delivery logic. Batched local deliveries
now treat each address independently. The retry_use_local_part option is no
longer forced to be FALSE when batching (in retrospect, this was a bad idea,
especially when multiple domains were involved).


Version 3.16
------------

1. Debugging output listing the value of errors_to after forwarding, wasn't
giving the right value when a filter file had changed it (change 9 of 3.14).

2. Add errors_to to debugging output that says "queued for xxx transport".

3. If a user filter changed the errors_to field, this wasn't getting put into
the right storage pool, and might be corrupted.

4. Change 8 of 3.15 was bungled, leading to a message which had been frozen in
a system filter being discarded when manually thawed instead of delivered,
under some circumstances.

5. $value was being reset to empty at the start of a $lookup item. This has now
been changed; it retains its former value except when processing the "success"
string. This makes nested lookups, where the second is in the "success" string
of the first, work.

6. A transport name given as the second field in the string returned by a
queryprogram router was being ignored.

7. When a host that had no reverse DNS was RBL blacklisted, the two messages
confused people. Cut out the comment about no reverse DNS when rejecting for
RBL reasons. Instead, say explicitly, "host is blacklisted".

8. If a message was failed with \-Mg\ the system filter was still run before
the addresses were failed. This no longer happens.

9. The handling of "freeze" and "fail" in system filters has been changed.
Deliveries set up in the filter are honoured (previously they were discarded).
The same is true for non-system filters that have allow_system_actions set. A
consequence of this is that first_delivery now becomes false after freezing in
a system filter, whereas previously it did not.

10. An explicit setting of "owners =" (i.e. explicitly unsetting it) on a
forwardfile director was failing, and likewise for owngroups.

11. Added support for Berkeley DB version 3.1 (they changed the API again).
Unknown if this works with 3.0.

12. Update OpenBSD Makefile to give location of chgrp command (/usr/sbin/chgrp).

13. Introduced LIBS_EXIM and EXTRALIBS_EXIM which are on the Exim binary only,
to make it easier to avoid unwanted bits of the TCP wrappers library in the
other binaries.

14. Arranged for the pcre documentation to be in the doc directory instead of
being hidden away in src/pcre, and for pcretest to be put in the util
directory after building.

15. Added the argument of MAIL FROM to the log line when rejecting because of
lack of authentication.

16. When the /skiprelay option was set on an RBL domain, and a host that was
not in host_accept_relay tried to relay, a segmentation fault could occur, or a
screwed-up log message (the relay error message was not getting correctly set.)

17. The use of -N for testing by bypassing deliveries was not being logged with
"*>" for local deliveries (it was OK for remote ones).

18. When log_subject was set, if the subject contained newlines they got logged
as \\n instead of \n; and there was similar duplication for other non-printing
characters that were escaped.

19. Removed the test_expand testing program; it is no longer needed now that we
have exim -be.

20. -qqf was not working; deliveries were being done on the first scan if 'f'
was present in the option.

21. The SIZE_STRIPCHART and SIZE_STRIPCHART_NAME settings for Eximon couldn't
be overridden by EXIMON_SIZE_STRIPCHART[_NAME] at run time.

22. The exicyclog script was broken if the string "syslog" happened to occur in
the path set in log_file_path, e.g. /var/syslog/exim-%s. (It is supposed to
remove the item "syslog" from the value, and screwed up.)

23. Nothing was being logged when a message was rejected because SIZE was
larger than the maximum permitted size. This case is now logged in the same way
as rejection after an overlarge message has been received.

24. Added an in-memory cache of DNS lookups that fail or give DNS failures such
as timeouts. This means that a message with many addresses at the same domain
that times out won't take an excessively long time to route. There is no
caching for successful lookups - we rely on resolver and name server caching in
that case.

25. Improved one case when an overlong header could cause a bomb out if
referenced via $h_ in a filter file.

26. Previously, only the current group was tested against trusted_groups. This
has been changed so that the supplementary groups are tested as well.

27. Some file servers don't have the concept of inodes, and return -1 when
asked how many are free. Don't check against check_spool_inodes when this is
the case.

28. The use of IS NOT and DOES NOT (in caps) in filter files was not working,
giving syntax errors.

29. If one_time was set on an alias or forward file, and one of the generated
addresses then passed through a smartuser director with a new_address and a
transport, and got deferred, the generated address was incorrectly marked
"delivered" (instead of the parent address).

30. Added $body_linecount for Mutt users (data was there, just the variable
needed adding).

31. Minor wording change to bounce messages. Discussions on the mailing list
are continuing...


Version 3.15
------------

1. The "belowhome" test in appendfile used realpath() to get rid of any
symbolic links in the file being created, before comparing against the home
directory. However, it wasn't using realpath() on the home directory, which
could cause false failures if the home directory had symbolic links in it.

2. With headers_check_syntax, a missing double quote in a header line
containing very many addresses could cause a very long "address" to be created.
This could push the error message over 4096 bytes, which caused trouble in an
SMTP response. The amount of address quoted is now limited - the whole address
that follows was already limited for this very reason.

3. Changes in support of terminology change from "fail" to "decline":
  (a) Generic router synonyms:  "pass" for "fail_soft", "fail" for "fail_hard".
  (b) Ditto for host_find_failed in domainlist.
  (c) Queryprogram: "decline" for "fail".
  (d) Routers that definitely pass the domain on to the next router always
      override no_more.
  (e) Changed return values in code from FAIL to DECLINE and FAILMORE to PASS.
  (f) Wording of debugging messages changed from "failed" to "declined".

4. Installed PCRE release 3.2 (bug fix).

5. If local_interfaces contained an IPv4 address on an IPv6 system, the daemon
failed to set up the listening socket correctly.

6. Flattening the environment (3.14/40) turns out to be a *very* bad idea.
Apart from anything else, it makes -Meb fail to work. This change has been
backed off.

7. Revised time zone handling implemented: added timezone option to set what is
required.

8. When testing a system filter with -bF, if "freeze" or "fail" was
encountered, it was not treated as a significant delivery, leading to a
misleading message about normal delivery.

9. System filter files do not in fact need #Exim filter at the start; they are
always interpreted as filter files. However, -bF didn't know this.

10. $recipients was accepted in a pipe command in a system filter if the
transport did not have use_shell set, but was rejected if it did.

11. If an address passed through several directors, added headers were
eventually added in reverse order. Change this to output them in the order that
is probably expected.

12. Permit envelope sender addresses to be rewritten to <>.

13. The default connect_timeout in the smtp transport has been changed from
zero (use system default) to 5 minutes because on some systems, the system
default doesn't always seem to work. The value of 5 minutes is as recommended
by RFC 1123.

14. The error message for freeze/fail in a system filter was sometimes getting
lost or mangled.

15. If a system filter generated a pipe, file, or autoreply delivery, and no
transport was set, the unhelpful message was "No transport set by director".
This has been improved.

16. A better error message is given if a closing brace is omitted after a
variable name.

17. If the closing brace was omitted after a nested expansion, for example, if
a string was  ${expand:abcd   no error was diagnosed, and a garbled result
could be given.


Version 3.14
------------

1. Allow any user to specify -oMa etc when testing a filter.

2. $recipients wasn't getting set when testing a filter - only relevant to
system filters of course. However, only a single recipient can be set when
testing any kind of filter.

3. Transport filters were not working for SMTP output. This has been broken
since the reorganization of release 3.033.

4. Instead of importing the entire PCRE distribution, just import the files
needed for PCRE, excluding the POSIX interface and the test data, and all the
autoconf support material. Import the latest release of PCRE (3.0).

5. Eximon was mis-aligning the "..." at the end of a list of recipients.

6. Changed ${quote_mysql: so that it no longer quotes % and _ because these
must be quoted only when they are part of a pattern, *and not otherwise*. If
they are quoted in error, it doesn't work.

7. If an appendfile transport was set up with mbx_format but no file name,
it got the default locking wrong (i.e. didn't default to MBX locking).

8. $domain_data and $local_part_data were previously available only during the
running of directors and routers, but this caused confusion: (a) There was a
bug that meant they never got cleared - so *sometimes* were still set when a
transport was run; and (b) people expected them to be set in the transport,
especially if they set home_directory in a director/router (this doesn't expand
till transport time). The values are now preserved with the address and made
available at transport time.

9. Allow errors_to on deliver commands in user filters, provided that the given
address is the address that is causing the filter to run.

10. In the old days of IPv4, failure to create a socket usually meant things
were dire, and so Exim used to panic and die. However, with the arrival of IPv6
there are circumstances where IPv6 sockets fail, but IPv4 ones work, and if a
domain is routed to a mixture of IPv4 and IPv6 addresses, the right thing to do
is to let it try them all. Consequently, this error no longer causes a panic,
but instead gives an error return, and the smtp transport will carry on to the
next host, if there is one.

11. Added lock_fcntl_timeout to appendfile, to allow for blocking fcntl()
locking. The default remains blocking, however.

12. Updated exim_lock to allow for non-blocking fcntl() locking by specifying a
timeout.

13. Extended RBL handling, adding /accept, /skiprelay, and the facility to
check for specific IP addresses.

14. When autoreply complains about non-printing characters, give the character
number. Relax the rules, and allow any characters in the "text" option.

15. Ignore an ENOPROTOOPT error from the getsockopt() call for checking IP
options, instead of rejecting the call. This allows for OS such as GNU/Hurd,
which have the interface but not the underlying code.

16. Add "to <hostname>" to 550 EXPN not available, because the host check isn't
done till EXPN time (it's advertised if the list is not empty).

17. Don't suppress -oMr etc. values for non-trusted users when testing
addresses with -bv, -bvs, or -bt.

18. Include details of delivery errors in warning messages.

19. Gcc -Wall now gives a warning for subscripts of type "char" on machines
where "char" is signed. The source of Exim now has explicit casts in these
cases, which are entirely calls to isspace() etc. [I have learned my lesson.
The next program I write will explicitly use unsigned chars everywhere.]

20. Tweaked a couple of function definitions in the modified Athena widgets
code from old-style to standard C, to stop gcc giving warnings.

21. Sun's cc compiler gives warnings if an initializing value for an automatic
variable contains an operator that modifies something else, e.g. ++ or +=.
The few places in Exim where this was used have been changed.

22. Some cases of failing to close a file have been fixed: after reading an
interpolated file in a list, and after reading a header or body or message log
with -Mvh/-Mvb/-Mvl

23. The GNU Hurd allows a maximum of 2^31 open file descriptors, so Exim's
crude sledgehammer of closing all fd's before execve() calls, and when starting
up the daemon, caused a problem. This machinery has been revised. It now uses
FD_CLOEXEC on files that should not survive an exec. There has also been a
general tidying of the way it handles subprocesses with pipes. In the daemon,
explicit closing of stdin/stdout/stderr is used.

24. Relaxed restrictions on contents of maildir_tag to allow any graphic
characters, and only insert the initial colon if the first character is
alphanumeric. The expansion of the tag value now takes place after the file has
been written, and $message_size is updated to the accurate value of the file
before this expansion.

25. If quota is set on an appendfile transport, and one of the delivery modes
that writes a separate file for each message is being used, then when Exim
wants to find the size of a file, it first checks quota_size_regex. If this is
set to a regular expression that matches the file name, and it captures one
string, then that string is interpreted as a representation of the file's size.

26. Don't advertise AUTH if host in host_accept_relay, even if it is in
host_auth_accept_relay (unless "always advertise", of course).

27. Fixed some IPv6 buglets: (a) IN6ADDR_ANY_INIT doesn't need braces round it;
(b) reworked the code for outgoing calls so as to use entirely separate
structures for IPv4 and IPv6 addresses instead of trying to overlay them.

28. The "ultimate address timeout" only kicks in after a failed delivery
attempt. This means that if there are lot of messages and the destination is
going up and down, some never get tried, and so never hit this timeout. The
"ultimate message timeout" finally gets them, but in some configurations it may
be considerably longer than the address' maximum timeout. The rules for
retrying have now been changed: if a retry time has not been reached, but the
message has been on the queue for longer than the address' maximum timeout, a
delivery is attempted - if this fails, the ultimate address timeout will be
invoked. Thus the "ultimate message timeout" is no longer needed, and has been
removed from the code.

29. quota_warn_threshold was sending its message even if the actual delivery
failed because it completely overshot the quota.

30. Previously, if a lookup defered during a search of a host, or domain list,
Exim panicked and died. Now it takes less serious action (e.g. during delivery,
if this is in local_domains, it just defers the address it is checking.)

31. When displaying an IPv6 address, if it is a mapped IPv4 address, show it as
a plain V4 address without the preceding "::ffff:".

32. If a domainlist router encountered a DNS timeout (or other temporary error)
while looking up a host in a route list, it deferred (correctly), but did not
set up an appropriate message for the log.

33. It appears that more and more DNS zones are breaking the rules and putting
IP addresses on the RHS of MX records. Exim follows the rules and rejects this,
but other MTAs do support it, so allow_mx_to_ip has been added to permit this
heinous activity.

34. All configuration lines may now be continued by ending them with backslash
(ignoring trailing spaces), not just those in quotes.

35. Fixed problem in perl.c which was causing compilation failure with the
developer version of Perl (use of variable 'na').

36. Added support for Postgres SQL, analagous to MySQL.

37. Renamed forbid_reply in forwardfile as forbid_filter_reply, to go along
with other forbid_filter_xxx options, keeping the old name as a synonym.

38. All lists except log_file_path can not use an alternative separator to
colon by starting the list with <x where x is a punctuation character.

39. If Exim's spool partition got full, it was timing out on short SMTP
messages (that didn't do any writing till '.' was received) instead of giving
the correct error (a subsequent '.' gave the error - it hadn't noticed that the
'.' had been received). Some additional tidying concerned with input
termination was done in conjunction with fixing this bug.

40. I finally found out how to turn off the effect of any setting of TZ in the
environment, for most (but not all) OS. Setting "environ" to point to an empty
environment gets rid of all settings (none of which Exim needs), including TZ,
and that causes localtime() to revert to wall clock time. Exceptions: AIX,
DGUX, HP-UX, IRIX, and SCO. To cope with those, the new code is omitted if
HANDS_OFF_ENVIRONMENT is defined in the os.h file.

41. All timestamps are done in UTC if timestamps_utc is set.

42. Added local_from_check, local_from_prefix, local_from_suffix.

43. In an aliasfile director that uses a query-style lookup, "optional"
(previously ignored) now causes the address to be passed to the next director
if all the queries defer.

44. Added hosts_randomize to domainlist and smtp.

45. Queue runners with split spool now process each subdirectory separately,
except when queue_run_in_order is set.

46. Extended dnsdb lookups: (a) multiple records (b) support for different
record types.

47. If HELO was used during -bs message input, the data wasn't being preserved
in sender_helo_name.

48. Some OS (e.g. Linux) don't allow fsync() to be called for a FIFO, so skip
that call when writing to a FIFO.

49. Added forbid_include and forbid_special to aliasfile.

50. When Exim accepts a local message and forks a new process to do the
delivery in the background, it now closes stdin and stdout (and stderr unless
debugging) in the new process. Previously they were left open. This meant that
if the calling process had set up stdout as a pipe and was was trying to read
it, it didn't get the EOF until after the delivery process had finished, thus
causing the calling process to hang around longer than necessary.

51. When Exim is writing to a FIFO and the process reading it is not keeping
up, the write() function gets an EAGAIN error. Exim now waits one second and
tries again.

52. Added "tr" and "sg" expansion operators.

53. Add check_owner to appendfile, and use geteuid() instead of getuid() to
check ownership (change affects non-suid installations).

54. Re-organize uid/gid checks in local delivery process so as to work better
for non-suid installations.

55. Added sender_address_relay_hosts.

56. Added security=unprivileged for those that want to run all local deliveries
as the Exim user.

57. The "unable to get root" error for local deliveries was going only to the
panic log - send it to mainlog as well.

58. If SPOOL_DIRECTORY was not defined in Local/Makefile, the monitor would not
build.


Version 3.13
------------

1. Incoming SMTP timeouts were getting disabled after certain kinds of
verification.

2. The "senders" setting on directors and routers was getting string expanded
twice, by mistake. This mattered if after the first expansion there was a \ or
a $ in the string (e.g. in a regex).

3. Exim could crash if any rewriting rules that applied to envelope recipients
referred to the contents of any header lines.

4. If an attempt to authenticate using PAM failed because of some error
condition, Exim was accepting rather than rejecting the authentication.

5. Exim crashed if a test for first_delivery or queue_running in an expansion
string was part of an "or" group of which an earlier condition succeeded.

6. LDAP fallover to multiple servers in ldap_default_servers was not working
if an LDAP lookup included initial parameter settings for user, password,
time, etc.

7. A ${hash_n:xxx} expansion did the wrong thing if n was less than the length
of xxx, screwing up later text in the expansion string.

8. The second argument of the pam_converse() function is defined without a
leading "const" in Solaris, unlike Linux. This is now parameterized so that
different OS can use different values, and thereby avoid compile-time warnings.

9. A missing data string for PAM could cause a crash instead of passing back an
empty string.

10. A lookup defer while processing sender_reject was giving a 550 error code
to MAIL instead of 451. For sender_reject_recipients, a lookup defer was
rejecting recipients (with 550); now it gives a 451 to the MAIL command. If
there is a lookup defer while processing host_reject_recipients, it now rejects
the call instead of rejecting the recipients (so there will be a retry later).
If there is a lookup defer while checking host_accept_relay, the rejection now
uses 451 instead of 550.

11. A couple of 450 codes have been changed to 451.

12. Add "(another process is handling this message)" to "Spool file is locked"
to try to forestall the FAQ.

13. When looking up an IP address for a host obtained from MX records in an
IPv6-aware version of Exim, it deferred if the AAAA lookup deferred; now it
goes on to try for the A record in that circumstance. If either record is
found, it is happy (both are used if present); deferral happens only if one of
them deferred and the other did not succeed. Both must fail outright for it to
conclude that there is no available IP address.

14. The sed commands in the Makefile were not quoting their arguments, so if,
for example, something like MV_COMMAND was set to a string containing white
space, the command fell over. This change means that the quotes set up for
EXIWHAT_EGREP_ARG get passed through into the munged script, so remove the ones
in the script. (We can't remove those in Makefile-Default because we can't then
have leading white space in the value.)

15. Some monitor parameters had been overlooked in the default settings in the
eximon script, and not set up so that they could be overridden by environment
variables with names EXIMON_xxxx.

16. Made exiwhat sort process ids numerically. On some systems duplicate
information gets output, so remove duplicate lines in the output.

17. For filter testing (-bf and -bF) output the sender and recipient address at
the start, to avoid confusion.

18. Implemented auth_always_advertise (default TRUE).

19. If an address became local through routing (e.g. via self=local) and it
then passed through a filter which did no significant deliveries, it got passed
back to the routers instead of on to the next director.

20. Add the sender address to the log message for log_refused_recipients,
because recipients_reject_except_senders means that it might matter.

21. Add allow_fifo to appendfile to allow delivery to named pipes.

22. Reword "unavailable filtering command X" as "filtering command X is
available only in system filters".

23. Added qualify_preserve_domain to smartuser, to make it the same as
aliasfile and forwardfile.

24. Added -noduperr to exim_dbmbuild, to prevent an error return just for
duplicate keys.


Version 3.12
------------

1. After a successful delivery, the message log file was being fclosed twice;
some operating systems' C libraries just ignore the second fclose, but others
crashed; this caused -J files to be left lying about.

2. The "contains" operation in filter files was failing to find matches when
the initial character of the searched-for string was duplicated in the subject
string, e.g. searching for "[Boston]" in "[[Boston] ..." failed. The bug was in
the "strstric()" function, which would also have affected -R and -S operations.


Version 3.11
------------

1. For repeatable testing, arrange memory tracing output not to list addresses
in special regression testing case.

2. When reading a very, very long header line, Exim was continually copying the
string as it got longer, but never freeing any of the store. Thus it could
bloat to hundreds of megabytes. Improvements in this area:

  (a) It now frees up the intermediate blocks.
  (b) Instead of incrementing the header text size by 256 each time it runs
      out, it now doubles the size.
  (c) The memory debugging output shows the current total for pool memory
      so you can see it going up and down.
  (d) When scanning a header for rewrites and qualifications, it resets the
      pool memory when an address isn't changed.

3. Change 3.033/14 introduced a bug whereby the check_string didn't match the
very first line of the body of a message.

4. When a header got rewritten on input, the length of both the old and the new
was being included in the message's size.


Version 3.10
------------

1. Exim was crashing when lookup_open_max was exceeded if the type of file
being closed was different to the type of file being opened.

2. Some further tidies of the os-type and arch-type scripts.

3. ENOSPC is not treated in the same way as a quota error for the purposes of
retrying.

4. The revised exigrep (3.091/26) had "gz" and "Z" built in. Change it to check
for COMPRESS_SUFFIX.

5. If a reverse lookup done within a message failed because the name looked up
had no matching forward lookup, the error text for this got obliterated at the
end of the message, and so if it was needed for a subsequent message on the
same SMTP connection, junk got logged.


Version 3.093
-------------

1. The -bP option wasn't recognizing "authenticator xxx". It was recognizing
"auths" and "auth_list", but this abbreviation seems unexpected, so changed
those to use the full word.

2. Removed a now (since 2.12/3) useless optimization in the code for checking
whether two addresses have the same list of hosts.

3. After some calls to execv() the failure code wasn't being output.

4. Increased field widths in eximstats, as the numbers can be quite big on busy
systems.

5. Arrange for X-RBL-Warning: headers to be inserted when recipients are
allowed through by an exception list from an RBL domain that is set to reject.

6. Tidied error messages from -brw. Also, if an SMTP rewrite happens and the
source address isn't syntactically valid, just skip the other rewrites. Skip
them in any case if there are no rules with non-S flags. If there are no rules
at all, say so.

7. Reworded "no valid sender in message headers" error message, because it has
confused people. Tidied some related messages as well.

8. Added USE_DB=yes to the OpenBSD configuration.

9. Ignore check_log_space if log_file_path just contains "syslog".

10. Add closelog() to the function that closes all log files. The important
case of this is the call just before the daemon closes all file descriptors,
because otherwise it is closing the syslog one behind the system's back.

11. Two "frozen" messages were getting written to the message log in some
circumstances.

12. Bug in 3.091/23 (fixing an earlier bug) caused a crash if a list of MX
records with some identical host names came in a specific order (so it only
showed now and again).

13. In the arch-type script, when uname -p gives something containing spaces,
try uname -m. (Previously it did this only for "" or "unknown".)

14. Recognize i686 in scripts/arch-type.

15. Re-organize the os-type and arch-type scripts so that $OSTYPE and $ARCHTYPE
are now tried after uname rather than before, as many shells set silly values
in them. Manual overrides are now provided by EXIM_OSTYPE and EXIM_ARCHTYPE.


Version 3.092
-------------

1. Serious bug caused by 1-character typo: In very long messages, characters
could occasionally be lost (e.g. 3 lost in a 1.5M file). This bug was
introduced in the changes made for 3.033, so it was never in a main release.


Version 3.091
-------------

1. Exim was not reporting the actual error if there was an I/O error while
reading a message or writing the spool file during message reception. Nor was
it logging anything.

2. Some reorganization and tidying up of code for handling errors while writing
the spool header file.

3. When showing log messages for debugging, display the DIE flag when set.

4. Add logging of SMTP AUTH information to the "message received" log line.

5. Added forbid_lookup, forbid_existstest, forbid_perl to forwardfile (later
changed to better names forbid_filter_lookup etc.).

6. create_file = belowhome in appendfile could be defeated by the use of /../
in the name. Sigh. I'm not devious enough... Symbolic links could also defeat
it. These are now checked for by means of realpath(), which all the Unixes I've
checked do have. Also, Exim was creating any necessary directories before
checking create_file. It now creates directories only if it is permitted to
create the file.

7. Add more code to ldap to remember when a bind was done and with what
credentials so that it doesn't repeat the bind for a subsequent lookup with the
same credentials.

8. If create_directory was set on appendfile and the directory creation failed
for some reason, the error was not reported, so it appeared as if
create_directory had been ignored.

9. All directors except smartuser had current_directory and home_directory
options, to set values used at transport time. These options have now been made
generic, so now apply to all directors.

10. If a local delivery failed and created message longer than 256 characters,
it got truncated when logged.

11. Change "all" to "one or more" in bounce and delay messages.

12. The convert43t conversion utility didn't work for driver names containing
capital letters.

13. Change autoreply and other generated messages to use "Reply-To" instead of
"Reply-to" because that's the "suggested" form in RFC 822.

14. Pulled some common code out of aliasfile and forwardfile and made it into a
separate function which they each call.

15. The function for writing the -H file tried to create the directory if it
didn't exist, but it always will, because the -H file isn't written until the
-D file has been successfully written. So we can save a bit of code (which in
fact was buggy because it didn't support sub-directories).

16. Added move_frozen_messages, but only if SUPPORT_MOVE_FROZEN_MESSAGES
is defined. There is no current support for handling such messages.

17. If queue_smtp or queue_remote got set via queue_only_file for an incoming
SMTP message received by the daemon, the flag was not being passed on to the
delivery process.

18. An explanation to the long-standing problem of eximon menus not working
when num-lock is set has been received, and a workaround implemented.

19. Address rewrites that happened during delivery (typically on new addresses
from forward or filter files) were causing an X-rewrote-address dummy header to
be added to the message each time it happened. This could get embarrassing if
retrying went on for a long time.

20. Only write "children all complete" to the msglog file if the address has no
parent address with the same original address. Otherwise (e.g. in cases where
xxx is aliased to xxx and other things, and the new xxx gets further aliased by
another director) it can be confusing.

21. After successful directing, the debugging line showed the transport field
from the original address, which could be misleading if copied address had been
queued (e.g. by smartuser). As the general queuing function now outputs this
info, remove it at top level.

22. Smartuser was showing the old rather than the new address in its debugging
output.

23. If a broken MX list contained the same host more than once, Exim was coded
to keep only the lowest precedence, but if it saw a lower value after a higher
one, and had seen precedences between the two values, it screwed up the
sorting.

24. The revision of RFC 822 increases the encouragement for collapsing source
routed addresses from the MAY of RFC 1123 to SHOULD. I have therefore cut out
all the source route handling code, with the exception of parsing and
collapsing. The option collapse_source_routes now has no effect - they are
always collapsed. This has made it possible to make some tidies in various
places.

25. Rewrote the smartuser director - if no transport is specified, the
new_address option may now specify a list of addresses, and it may also specify
:blackhole:, :defer:, or :fail:.

26. Upgraded exigrep so that it automatically zcats compressed file.

27. Added expansion conditions first_delivery and queue_running.

28. When log_refused_recipients is set, give a reason in each log line.

29. Implemented +warn_unknown.

30. Allow EXIMON_LOG_FILE_PATH to override in eximon - useful when syslog is in
use.

31. -Mg was not forcing a thaw of frozen messages (an unwanted side effect of
change 17 in version 2.950).

32. -M and other delivery forcers (e.g. -qf) were not overriding
queue_remote_domains and queue_smtp_domains.

33. Added recipients_reject_except_senders.

34. When all deferred addresses have the same domain, it is set in $domain
during the expansion of delay_warning_condition. For pipes, files, or
autoreplies, this is the domain of the parent.

35. Changed the default configuration file to lock out domain literal support.
This is strictly contrary to the RFCs, but people don't understand about it and
it has been abused by spammers seeking open relays.

36. -Rr (and -Rrf, -Rrff) treat the string as a regular expression.

37. Added -S, which works like -R except that it checks the message's sender.

38. Added $message_age.

39. Make Exim ignore -n (no aliasing), and make -oitrue the same as -oi.

40. Typo in ldap code could cause junk to appear in the error message if a
search call failed (which it normally doesn't).

41. Source tidies to get rid of compiler warnings for possibly uninitialized
variables.


Version 3.040
-------------

1. Added additional parameters to LDAP lookups.


Version 3.039
-------------

1. Callers who have exim's gid as the current gid are now trusted.

2. Added new option admin_groups.

3. There was a bug in store handling for expansions involving very large
strings, e.g. if message_body_size was set large and was the subject of a
"match" filter condition. The symptom was a bus error.

4. Exim wouldn't build if LOG_FILE_PATH was set to any of the new syslog
variations.

5. A couple more compile-time tweaks for netBSD (default USE_DB=yes and look
for chown in /usr/sbin).


Version 3.038
-------------

1. Added support for PAM authentication.


Version 3.037
-------------

1. When forwardfile defers because it doesn't like the file's permissions,
include the offending bits in the error message.

2. General tidy of error messages from directors to remove duplicated
information. (e.g. director names, because they are also shown in the D= item
of log lines).

3. Pulled some general outgoing SMTP code out of transports/smtp.c and put it
in functions in smtp_out.c. This is also used by client authenticator code; the
interface is now cleaner.

4. Added log_queue_run_level.

5. When a message with very long headers was rejected, and the reflection of
the headers to the rejectlog filled up the log buffer, the terminating
separator line got lost, and the entry didn't necessarily end with \n. It now
always puts in the separator, and adds "*** truncated ***" if something has
been chopped off.

6. Updated eximon to cope with cases when syslog is being used. If only syslog
is being used, eximon cannot tail a log - omit that part of its window.

7. Updated exicyclog to cope with cases when syslog is being used. If only
syslog is being used, exicyclog can't cycle anything.

8. Fixed bug in base64 decoding function that was messing up CRAM-MD5
authentication for certain lengths of user name.


Version 3.036
-------------

1. Moved the logging of a message's freezing to just before the -H file is
updated, to minimize cases when the logging happens but the file doesn't get
updated (an incident was observed when a system was being shut down).

2. Ignore SIGTERM during the tidying-up phase at the end of a delivery, to
minimize the chances of things being half done.

3. Don't bother doing an RBL lookup if the host has already matched
host_reject_recipients.

4. Added "sort | uniq" into the exiwhat script, to cut out duplicates, which
sometimes happen in "ps" output.

5. Changed the file exiwhat uses to spool/exim-process.info instead of a log
file. This is so that it will continue to work when syslog logging is used.

6. Added support for syslog, configured in log_file_path.


Version 3.035
-------------

1. The debug_print option wasn't working for the smtp transport.

2. The responses to AUTH commands weren't being copied to debug output.

3. Changed the condition handling in the plaintext authenticator to allow for
forced DEFER returns ("", "0", "no", "false" => FAIL, "1"; "yes", "true" => OK;
anything else defers, text is message).

4. Added ${mask:} expansion operator.

5. Added translate_ip_address.


Version 3.034
-------------

1. When a header syntax check failed, a humungously long address that was too
much for string_sprintf to fit in the error message caused a panic exit. This
could happen, for example, if a double quote was omitted in a very long list of
addresses in a header. It now reflects just the first 1K of the address. Put a
similar limit on sender addresses in verify failed messages.


Version 3.033
-------------

1. Arrange for crypt.h to be included only on those OS that have it (Solaris,
IRIX 6, modern Linux), and for -lcrypt to be set up for those OS that need it
(FreeBSD, NetBSD, modern Linux).

2. Made MAXINTERFACES changeable in Local/Makefile.

3. When sending a delay warning message, quote the top-level original address
only, saying "an address generated from" if the actual problem is with a child.

4. Set a default for delay_warning_condition to skip precedence bulk/list/junk.

5. Allow for spaces around colons in temp_errors setting in smtp transport.

6. The "personal" test in filter files now checks for "list" and "junk" as well
as "bulk" in the Precedence: header.

7. Added retry_data_expire.

8. If a key in a partial match was very long (longer than the buffer for
string_sprintf()), Exim couldn't handle it.

9. Added expansion operator ${quote_xxx:} where xxx is a search type. Each
search type has its own (optional) quoting function. Added suitable functions
for NIS+, LDAP, and MYSQL.

10. Internal revision of the way the "From hack" and SMTP dot escaping is done
in preparation for extending appendfile. They are now unified, and are
therefore mutually exclusive.

11. The "From hack" was failing if the string "From " happened to be split
between two buffers when transporting the message.

12. If a non-SMTP message that was being read without -oi ended with "\n."
(no following NL) then the "." got lost.

13. Ensure that all non-SMTP messages have a final NL at input time, instead of
testing at delivery time. This simplifies the delivery code.

14. Replaced from_hack in appendfile and pipe by check_string and escape_string.

15. Added file_format to appendfile.


Version 3.032
-------------

1. If remove_headers contained a "fail" expansion, it caused a crash.

2. The generic headers_remove option in transports is now expanded. (Seems to
have been an oversight.)

3. Changed $host_authenticated to $sender_host_authenticated (oversight).

4. Added server_set_id generic option to authenticators and $authenticated_id
for accessing it.


Version 3.031
-------------

1. Removed unnecessary #ifdefs from lookups which don't have private header
files.

2. Added crypteq as a new expansion condition.

3. Make it recognise "netbsd" as equivalent to "NetBSD".

4. Updated the FSF's address in LICENCE and NOTICE files.

5. Code tidies for SMTP input to remove repetition of real and debugging
output by using a subroutine.

6. Added support for AUTH.

7. Source tidies of a lot of unnecessarily complicated calls to
string_nextinlist().

8. Source tidies in lookup handling.

9. Set XLFLAGS empty for IRIX6 as it doesn't seem to need anything.

10. Typo in code for decoding quota_<time> fixed; only effect would be to fail
to diagnose bad syntax.

11. -bv now runs interactively like -bt if no addresses are given.

12. Added -be for string expansion tests with configuration read.


Version 3.03
------------

1. The "failed to create child process" error wasn't including the error
information in the message.

2. The RBL function was failing to notice IPv6 addresses that were really
mapped IPv4 addresses, and so was looking up the wrong DNS names.

3. The initgroups setting on the forwardfile director was not being used unless
an explicit setting of "group" was present on that director. It now behaves as
documented and is used when either "user" is specified, or check_local_user is
set.

4. The error message for a non-absolute current directory path was quoting the
wrong path.

5. If home_directory set in a director contained a reference to $home, it got
replaced by the whole string during expansion at transport time, instead of by
the null string.

6. When opening an inline file in a host list failed, the name of the file was
omitted from the error message, and the name of the option being tested was
also missing unless debugging was in force. (It was given as NULL.)

7. A similar infelicity was present if an inline file opening failed while
checking a domain list or an address list (and in the latter case, no message
at might be written).

8. Installed PCRE 2.07.

9. An error on reading from a TCP/IP connection during the header part of a
message could lead to rubbish being added to the "unexpected disconnection" log
message.

10. The install script gave a misleading message if a file it was installing
didn't exist.


Version 3.024
-------------

1. "net24-lsearch" style host matches were failing on little-endian machines.

2. Added "net-lsearch" style, leaving off the mask value.


Version 3.023
-------------

1. If a lookup had nested lookups in the substring that was not used, the
first of them was skipped, but more deeply nested ones were not.

2. If a Return-Path: header was encountered while testing a filter file with
-bf, the value was being assigned to $return_path without removing the
enclosing <>.

3. In a system filter, the "deliver" command can now be followed by "errors_to
<some address>" to divert error reporting away from the original sender.

4. Some general code tidying for filter commands. The keyword "text" after
"fail" or "freeze" is supposed to be optional if a quote follows, but wasn't.



Version 3.022
-------------

1. tcsh sets HOSTTYPE to the OS name rather than the architecture, so ignore it
if runnining under tcsh in the arch-type script.

2. The iplookup router now sets a flag that prevents a sender address that is
being verified from being rewritten if the domain turns out to be local.

3. The double-check on the name found by an IP lookup pointing back to the
original IP address was failing when the IP address was ::ffff:<IPv4> address,
and the A records had only IPv4 addresses.

4. When something like host_accept_relay fails because a DNS reverse lookup
fails, make that clear in the rejectlog message.

5. Install pcre version 2.06 (new option plus optimisation).

6. If any normal deliveries followed in the same delivery process as ones down
a passed SMTP channel, they incorrectly got logged with "*" after the IP
address.

7. If Exim is built without EXIM_UID set, but exim_user is set in the runtime
configuration, and -C or -D is used when starting a daemon, then it gives up
root privilege on any re-execs from the daemon, but it wasn't noticing that
stderr is not provided in this situation, and when trying to write to it
instead of to the log, it wrote to file descriptor 2, which happened to be the
fd of the open -D file after a delivery attempt in some cases. It now always
has an attempt at writing the log if there is no stderr available. See also 11
below.

8. headers_sender_verify was looking only at the first address in each header.

9. Typo in top-level Makefile - ($SHELL) changed to $(SHELL).

10. If a domain is rejected in the lookuphost router because of the setting of
mx_domains, carry on with any configured widening.

11. Write to main and panic logs if called with -C or -D from an exim uid that
is defined only at runtime and not in the binary (because privilege gets lost
in that case).

12. Added configuration files for the GNU/Hurd OS.

13. Added quota_warn_threshold percent facility.

14. Added numeric hash expansion.

15. When testing with -bh, the "<=" log line wasn't being shown.

16. Added $host_lookup_failed.

17. Added the "failed to find hostname from IP address" phrase to the "relaying
prohibited" 550 message - other 5xx messages had it already.

18. Abolish the build-time settings HEADER_MAXLENGTH and HEADER_MAXHEADERS,
and replace them with a single setting HEADER_MAXSIZE that defines the maximum
size of the entire header section, defaulting to 1Mb.

19. Make Exim ignore options -oo (old style headers) and -Btype (set 7/8 bit).

20. The message id of the last message received was being attached to the
"closed by QUIT" log message for messages arriving via inetd.

21. dbmbuild used to ignore all but the last of a set of duplicate keys without
warning. Now it warns, and uses the first duplicate unless -lastdup is set, and
gives return code 1 if any duplicates are found.

22. The conversion of a textual IPv6 address to binary had a bug which could
cause it to give the wrong result sometimes (when the address wasn't followed
by *two* binary zeroes).

23. A system with IPv6 libraries, allowing Exim to compile with HAVE_IPV6, may
nevertheless not support IPv6 in the kernel. The daemon now reverts to trying
to use an IPv4 socket for listening if it can't create an IPv6 one and the
address it is listening on is not an explicit IPv6 address.

24. Added ldap_default_servers and did some tidying on the LDAP lookup code.

25. Add a terminating zero on to strings read by DBM lookup, in case there
isn't one already included. This might have caused odd effects in the past, but
not if the DBM file was built by dbmbuild, because that includes the zero by
default.

26. Added lookup type dbmnz, included with LOOKUP_DBM, that uses no trailing
zero on the key string.

27. Added option -nozero to dbmbuild, to leave off the trailing zeros on both
the keys and the data.

28. Add a 1-second delay before logging a SEGV during a DBM read, to guard
against logs filling up too fase.

29. Added MYSQL support.


Version 3.02
------------

1. When both domains and local_parts were specified on a router or director,
Exim did the expansion of both options before testing either of them (domain
first). This meant it might do a totally unnecessary lookup. Also tidied up for
senders checking.

2. Insert an explicit $(SHELL) in the Makefiles before all calls to scripts in
the scripts directory. This makes it possible to override /bin/sh easily for
those strange systems in which it isn't Bourne-compatible.

3. A smartuser director with no transport and no new_address setting (a
situation allowed only if verify_only was also set) was looping.

4. A tweak to scripts/os-type to handle SCO OpenServer v5.0.4, which is
identified as SCO_SV in 'uname -s' but sets $OSTYPE to 'sco3.2v5.0.4'.

5. When checking headers for headers_sender_verify, Exim was not ignoring
totally empty headers, which it used to do. Also, it now says which header
failed if there is a syntax error, and that the check was a result of
headers_sender_verify.

6. Tidied up matching of domains/hostnames and domain/host lists with regard to
caselessness. Inter alia, this fixes a bug where hosts_treat_as_local wasn't
working caselessly.

7. Add explicit fflush(smtp_out) after responding to SMTP QUIT. Some OS don't
seem to send out the response otherwise, and some MUAs don't like that.

8. Typo ("long_int" for "long ing") in rarely used optional code in readconf.c.

9. Show status of terminated process in debug output from daemon.

10. Rework timeout handling for SMTP input so as to call alarm() once per
buffer instead of once per line (can now do this because of 2.950/15).

11. Rework the way the queue runner waits for all descendents of the first
delivery process when it passes SMTP channels on. By passing a pipe to all the
processes, the end can be detected when a read() on the pipe unblocks (with
EOF). This should be faster because it involves no sleeping.

12. Debugging output of the final SMTP "OK" message was at level 9 instead of 3
(as all the other responses are).

13. Yet more information added to README.UPDATING as more wrinkles are
discovered.

14. Expansion of an ${if} item was doing the lookups in the substring that
wasn't going to be used, instead of skipping them.

15. If a timeout occurred while reading SMTP commands in BSMTP input, no error
message was generated.

16. Some versions of NetBSD set $ARCHTYPE to "NetBSD", which isn't helpful.
Ignore this value in a similar fudge to that used for $OSTYPE.

17. Removed out-of-date comment about pid files from src/EDITME.

18. In Sunos4, chown is in /usr/etc/chown, not /usr/bin/chown. Amazing nobody
had pointed this out before (it affects exicyclog).



Version 3.01
------------

1. Exim wasn't always handling (i.e. ignoring) white space following an
exclamation mark introducing a negative item in a domain, host, or address
list.

2. Exim was failing to compile under SunOS4 because on that OS getc, ungetc,
feof, and ferror are defined only as macros and not as assignable functions
(which Exim now needs). A suitable lash-up has been provided for this operating
system.

3. Additional information added to README.UPDATING and in comments output by
convert4r3.

[Entries for earlier versions of Exim have been archived]

****