Exim version 4.05
-----------------

 1. In the log display in Eximon, put the insert point (caret) at the start of
    the last line instead of at the end, because this stops unwanted horizontal
    scrolling when certain X libraries are used.

 2. A malformed spool file with an incorrect number of recipients (which
    should never occur, of course) could cause eximon (and probably exim) to
    crash.

 3. Updated Cygwin Makefile and os.h (minor tweaks).

 4. Setting allow_domain_literals=true was not allowing domain literal
    addresses in the -f command line option.

 5. Added debugging output for removing and adding header lines at transport
    time.

 6. On systems where SA_NOCLDWAIT is defined, changed from using signal(
    SIGCHLD, SIG_DFL) to using sigaction(), with flags explicitly set zero, to
    ensure that SA_NOCLDWAIT is definitely off. This fixes a bug in AIX where
    subprocesses were disappearing without being turned into zombies for Exim
    to reap. There was a previous report of the error "remote delivery process
    count got out of step" on a Linux box that was never resolved. It is
    possible that this change fixes that too.

 7. Other applications that support IPv6 have been coded to choose IPv6
    addresses in preference to IPv4 addresses where possible. This is
    encouraged, in order to speed up the use of IPv6. Exim has now been changed
    to do likewise when it looks up IP addresses from host names. This applies
    both to hosts that have more than one IP address, and to MX records with
    equal preference values when the hosts they point to have both IPv4 and
    IPv6 addresses. Within one preference value, Exim will try all the IPv6
    addresses before any IPv4 addresses, even when some of the IPv4 addresses
    belong to hosts that also have IPv6 addresses.

 8. When Exim sent HELO after EHLO was rejected, or when it sent a second EHLO
    after starting a TLS session, it used the primary host name as the
    argument, instead of the expansion of the helo_data option.

 9. Exim was failing to batch addresses for local delivery when errors_to was
    set on the router to the same string for each address, in the case when the
    string involved some kind of expansion (that ended up with the same value
    each time). If the string was fixed (i.e. no expansion) the batching was
    not blocked. In other words, I was testing the addresses of the strings but
    forgetting to compare the content. The same problem was not present for
    remote deliveries, but the code was written out instead of using a
    subroutine that now exists for this purpose, so I tidied that code.

10. When Exim passes a connected TCP/IP socket to a new Exim process in order
    to deliver another message on the same connection, it closes down TLS,
    because it can't pass on the state information that is required by the
    OpenSSL package. The new process then tries to start up TLS again.
    Unfortunately, not all servers handle this - and, it has to be said, it is
    a bit of a dubious interpretation of the RFC. (Exim as a server copes OK,
    needless to say.) The problem is that the server may just die or give an
    invalid response, causing a retry delay to occur. The option
    hosts_nopass_tls was invented to help with this, but an automatic way of
    testing has been invented. What now happens is that Exim sends a new EHLO
    after shutting down TLS, before passing the socket on. This in itself
    reduces the dubiousness of the procedure. If there isn't an OK response,
    Exim doesn't try to pass the socket on.

11. There was inconsistency in the way failures to set up TLS sessions in the
    smtp transport were handled when the host was not in hosts_require_tls.
    It deferred for 4xx responses to STARTTLS, but tried in clear if the actual
    TLS negotiation failed. It now does the same thing in both cases, and what
    this is can be controlled by the new option tls_tempfail_tryclear. This
    defaults true, causing a retry in clear to occur. If it is set false, these
    kinds of temporary failure cause a defer (for that host; if there are
    other hosts, they are tried).

12. Tidying. When starting up a new delivery process to deliver another message
    over an existing SMTP connection, pass over the IP address as well as the
    host name. This saves having to get the IP address from the socket.

13. Added "#define base_62 36" to OS/os.h-Darwin because the MacOS X operating
    system has case-insensitive file names.

14. Tidies to rewriting code: (1) It was getting an unnecessarily large block
    of memory for a rewritten header. (2) Removed some unnecessary debugging
    code that just duplicated log output.

15. In an expansion like "${if <condition> {${mask:xxxx}}{yyyy}}" Exim still
    tried to perform the masking operation even when the condition was false
    and the yield was "yyyy". This could fail when "xxxx" wasn't a valid string
    for the masking operation. Some other operators (e.g. base62) could fail in
    a similar way. All string operations are now skipped when processing the
    unused substring of a condition.

16. If a verification of a sender address in a header (caused by verify =
    header_sender in an ACL) caused the address in the header to be rewritten
    (typically because a DNS lookup had widened the domain), the newline at the
    end of the header got lost, thereby causing two headers to be run together.
    Sometimes, but not always, this caused a "spool format error".

17. A user wanted to use "save" in a filter file with a non-absolute path, and
    to set file_transport to a non-appendfile transport that made use of
    $address_file for its own purposes. This didn't work because Exim was
    distinguishing between file and autoreplies by the leading '/' of the
    former. It now checks for the leading '>' of the latter instead.

18. The "accept" router was forcing log_as_local instead of just defaulting it.

19. Exim crashed while verifying a recipient in an ACL if the address was
    verified by a dnslookup router that widened the domain.

20. When checking the parameters returned from an ident call, Exim was assuming
    that the format would be textually identical to the values it sent,
    including the white space. This is not always the case, causing Exim to
    discard returned ident data that it should have been accepting.

21. Typo (space missing) in "failed to expand condition" error message.

22. The option of specifying an individual transport in a route_data or
    route_list option of the manualroute router wasn't working. Such settings
    were being completely ignored.

23. The memory management was poor when building up a string from a lookup that
    retrieved a large number of data items that had to be concatenated, for
    example, an alias lookup in a database that returned thousands of
    addresses. In extreme cases, this could grind the host to a halt. (Compare
    change 8 for 4.00, which was a similar effect.) Two changes have been made
    to improve matters: (a) For longer strings, it extends them in bigger
    chunks, thus requiring fewer extensions. (b) It is now able to release some
    unwanted memory when a string is copied out of it into a larger block.

24. There was a small error in the memory sizes quoted when -d+memory was used
    and emptied memory blocks were released.

25. When helo[_try]_verify was set, Exim crashed if the reverse DNS lookup gave
    a temporary error when trying to look up the host name. It now tries to
    check with a forward DNS lookup (as it does when the reverse lookup can't
    find a name). For helo_verify, a temporary error is now given if
    verification failed, but the host name lookup gave a temporary error. (As
    before, a permanent error is given if there is no host name available.)

26. When checking quotes for maildir++ format, if the directory name was given
    with a trailing slash in the "directory" option of the appendfile
    transport, Exim got the quota calculation wrong because it scanned the
    final directory instead of the parent directory.

27. The "quota_xxx" error facility for retry rules was broken in Exim 4 if
    the mailbox had not been read for more than approximately 10 hours.

28. If a router with "unseen" had a setting of address_data, the value was not
    passed on to subsequent routers for the continuing processing of the
    address. It now is.

29. If a daemon was started with (e.g.) -qff15m, it omitted the second 'f' when
    starting queue runners. Likewise, if the flags included 'i', this was
    omitted.

30. Some operating systems log warnings if exec() happens without the standard
    input, output, and error file descriptors existing. The worry is that the
    called program will open some file which will be allocated one of these
    fds. Another bit of code might assume it can write an error message to
    stderr, or whatever. Exim was calling itself to regain privilege for
    delivery without these fds set, thus provoking the warning. Of course, it
    didn't make use of them itself, but the exposure was there for libraries it
    might be using. The code has been changed to ensure that, if any of the
    file descriptors 0, 1, or 2 does not exist at the time of a call to exec(),
    they are opened to /dev/null.

31. A delivery process could loop under the unusual combination of the
    following circumstances:
      (1) A delivery process had envelope_to_add set for its transport.
      (2) The delivery was for a child address of an envelope address that
          also had another child.
      (3) This other child had been discarded because it was a duplicate of a
          second envelope address.
      (4) The second envelope address had generated a child that was discarded
          because it was a duplicate of the first envelope address.

32. The -bp option was failing to notice delivered addresses that were in the
    -J file but had not yet made it into the -H file. (This got broken between
    Exim 3 and Exim 4.)

33. If "query" or "queries" in aliasfile director, or "route_query" or
    "route_queries" in a domainlist router were enclosed in quotes, the
    convert4r4 script was not removing the quotes before inserting the query
    into an expansion string, leading to invalid queries within the string.

34. If more than two addresses were being delivered in a batch (either local or
    remote deliveries), and they all had the same, non-empty value for
    $self_hostname, but had different domains, Exim crashed. (This is rare,
    because the use of "self=pass", which is the only way $self_hostname gets
    set, is rare.)

35. If $message_headers was used in a context where there were no headers (e.g.
    while verifying an address before receiving a message), it caused an
    "unknown variable" error. Now it just returns an empty string.

36. Exim was not diagnosing missing time units letters in times on retry
    rules. It was treating such malformed times as "-1", which caused the rules
    to misbehave.

37. Added some debugging output to the CRAM-MD5 server code.

38. In the appendfile transport, check for a file name supplied by redirection
    by checking for "not pipe and not autoreply" instead of looking for a
    leading '/' in the "address".

39. The os.h file for Darwin defined CRYPT_H, which apparently is wrong.

40. The "condition" condition in ACLs has been tightened up. Formerly, anything
    other than an empty string, "0", "no" or "false" was treated as "true". Now
    it insists on "yes", "true", or a non-zero number.

41. Change 22 of 4.02 has been improved; somebody mailed me the correct code
    to get an error message when ldap_result() doesn't set a result.

42. Update convert4r4 to recognize "ldap:" in require_files, and double the
    colon.

43. Added "protocol violation" to the "SMTP synchronization" error message, to
    make it clearer what it is complaining about.

44. Change 26 of 4.03 was incomplete. The same problem could arise if a lookup
    failed while checking the pre-conditions of a router that was subsequently
    run. This can happen for negated conditions such as "domains = !<lookup>".

45. Somebody managed to set up a configuration that crashed buildconfig such
    that it left a half-built config.h but did not stop the build process. I
    can't reproduce it, but I have added a check after building config.h to
    test for the presence of its last line ("/* End of config.h */").

46. Added a .PHONY target to the Makefile to be tidy for GNU make. (It should
    be ignored by other versions).

45. When Exim uses Berkeley DB version 3 or 4 to create a DBM file, it creates
    it in hashed format. Previously, it opened these files for reading in the
    same format. Now it opens them as "unknown", which means that other formats
    can be accommodated when using DB files for auxiliary data.

46. When concatenating header lines that may contain lists of addresses (From:,
    To:, etc.) as a result of references to $h_from: etc., a comma is now
    inserted at the concatenation point. Without it, the use of "if
    foranyaddress" fails on such headers, which is dangerous.

47. The code for ratelimiting MAIL commands was triggering on the count of
    messages received, instead of the number of MAIL commands (which is not the
    same thing if no message is accepted in a transaction). The smtp_accept_
    max_per_connection limit has also been changed to use the count of MAIL
    commands instead of the count of messages accepted.

48. There was a typo in the exiwhat script which broke it if the esoteric
    CONFIGURE_FILE_USE_NODE option was in use.

****