Exim version 4.03
-----------------

 1. Change 12 for 4.02 overlooked one case where 256 should have been replaced
    by MAX_LOCALHOST_NUMBER.

 2. Timeouts (etc) in dnslist lookups were not behaving as documented; they
    were deferring (causing 4xx errors) instead of behaving as if the host was
    not in the list. This has been fixed. In addition, some new special items
    may appear in dns lists, to control what happens in this case. The items
    are +include_unknown, +exclude_unknown, and +defer_unknown.

 3. Added #include <unix.h> to OS/os.h-QNX because it was reported that this
    was needed, in order to get O_NDELAY.

 4. Added #define BASE_62 36 to OS/os.h-Cygwin.

 5. Change 8 for 4.02 overlooked the fact that "directory" need not be set if
    the directory name is coming from a filter or forwarding file. The check
    has now been moved from initialization time to run time. Thus, it happens
    later, but it still helps to diagnose the problem.

 6. The file direct.c had been accidentally left in the distribution.

 7. When a new process was forked to deliver another message down an existing
    SMTP connection, a pipe file descriptor was accidentally left open. This
    meant that if there was a long chain of such processes, the number of open
    file descriptors increased by one for each process, and if there were
    sufficent, the limit of open descriptors could be reached, causing various
    problems.

 8. When an address was being checked with -bt and the routing involved an
    errors_to setting whose address verification also involved an errors_to
    setting, Exim got into a verifying loop. It shouldn't verify an errors_to
    setting when already verifying, but got this wrong if it started from -bt.

 9. Tidied up some compiler warnings when compiling with TCP wrappers.

10. When a child address was promoted to a toplevel address by "one_time" after
    a deferred delivery, it was not remembering any "errors_to" address that
    was set by the routers that processed the original address. Consequently,
    the subsequent delivery had (incorrectly) the original sender address in
    the envelope. Exim now remembers the "errors_to" address with the new
    toplevel address and reinstates it for the next delivery.

11. When Exim received a message other than from the daemon, there were two
    situations in which it did not re-exec itself for delivery: when it was
    running as root, or when it was running in an unprivileged mode. This was
    an attempt to save some resources (very early Exims ran as root more often)
    but has turned out to be pretty rare. A bug has been discovered in this
    case: if the incoming message was on a TLS session (from inetd, for
    example), but the outgoing delivery was on an unencrypted SMTP connection,
    Exim got confused. The effect was minimal: it sent two EHLO commands, but
    otherwise worked. Multiple EHLOs are not an error, according to the RFCs,
    but there was at least one broken MTA that objected. This error would have
    occurred only when synchronous delivery (-odi or -odf) was specified.

    While sorting this out, I have abandoned the logic that did a delivery
    without forking in the interests of simplicity. This was an even rarer
    case: it only happened when Exim was running as root or in an unprivileged
    mode AND synchronous delivery was specified.

12. Change references to /bin/rm in the Makefile to plain rm.

13. If EXIM_PERL was set in Local/Makefile, but PERL_COMMAND was set to a
    command that was not a file, or if it was set to a non-existent file,
    the build process carried on trying to build Perl support, but without the
    relevant variables for the Perl libraries, etc., which is disastrous. In
    fact, the build process shouldn't have been using PERL_COMMAND; that is a
    value for screwing into utility scripts. The build process assumes a
    suitable PATH for things like rm, mv, etc., which have xxx_COMMAND
    variables for scripts. So I've changed it to use just "perl". It now bombs
    out if "perl --version" doesn't produce some output.

14. Changed the #includes in perl.c for the Perl headers to use <> instead of
    "" because this is apparently better usage.

15. Added local_scan_timeout to apply a timeout to local_scan().

16. Recognize IPv6 addresses as IP addresses, even when Exim is not compiled
    with IPv6 support.

17. When verifying a HELO/EHLO name, Exim was not checking the alias host names
    it obtained from calling gethostbyaddr(). In many cases, this didn't cause
    any unwanted rejections because as a last resort Exim does a forward lookup
    on the HELO name to see if any of its IP addresses matches. But it fixing
    the bug saves the unnecessary additional lookup.

18. Added "domains = ! +local_domains" to the commented-out ipliteral router in
    the default configuration.

19. Default sender_host_aliases to an empty alias list, instead of NULL. This
    is just for tidiness; the way it was coded, it didn't cause any problems.

20. Added -tls-on-connect, which starts a TLS session without waiting for
    STARTTLS. This supports older clients that used a different port.

21. Added support for the Cyrus pwcheck daemon.

22. Arranged to use getipnodebyaddr() instead of gethostbyaddr() in systems
    with IPv6 support that have this function, because gethostbyaddr() doesn't
    work for IPv6 addresses on all systems (it does on some).

23. Header lines added by "warn" statements in the ACL for RCPT are saved up to
    be added after the message's header has been received. Previously, Exim was
    saving up all added headers, from both RCPT and DATA, until the very end.
    Now it adds those from RCPT before the DATA ACL is obeyed, so that they can
    be accessed from within the DATA ACL.

24. Changed TLS initialization to use SSL_CTX_use_certificate_chain_file()
    instead of SSL_CTX_use_certificate_file(). This means that the file can
    contain the whole chain of certificates that authenticate the server.

25. Updated convert4r4 to check for colons that look as if they are part of
    expansion items in require_files lists (e.g. ${lc:xxxx}). In Exim 3, the
    whole list was expanded before splitting up, but in Exim 4, the splitting
    happens first, so such colons must be doubled. The conversion script now
    doubles such colons, and outputs a warning message. The test for one of
    these colons is a match against "\$\{\w+:".

26. If, while verifying a recipient address, a router was skipped because a
    lookup did not succeed, and the following router suffered a temporary
    failure (e.g. a timeout), the log line for the temporary rejection showed
    the error from the first router instead of from the second.

27. Exim crashed if a dnslists test was obeyed in an ACL for an SMTP message
    from the local host. Now it just fails to match the list.

****