Exim version 4.11 ----------------- 1. Ignore trailing spaces after numbers in expansion comparisons such as ${if > { 5 } { 4 } ... (leading spaces were already ignored). 2. Two variables, $warnmsg_delay, and $warnmsg_recipients, had got left with their old Exim 3 names, when I meant to change to "warn_message", along with the warn_message_file option. They have now been changed. The old names remain as synonyms, but will be undocumented in due course. 3. The message "This message was created automatically by mail delivery software (Exim)." still confuses people. If they are sufficiently Internet- ignorant, they think the message has come from exim.org. At first, I changed thw wording to "This message was created automatically by mail delivery software (Exim) running on a mail server handling mail for ." in the hope that that might be better. However, in testing that still proved confusing on servers handling multiple domains. The message has now reverted to the original, simple wording: "This message was created automatically by mail delivery software." 4. It has been discovered that, under Linux, when a process and its children are being traced by "strace -f", the children are stolen from the parent while they are being traced. A call to waitpid(-1,&x,NOHANG), which Exim uses to test for the completion of "any of my children" in a non-blocking manner, returns as if there are no children in existence. Exim used treat this as a serious unexpected error state. What it does now is to use kill(pid,0) to check explicitly for the continued existence of any of its children. If it finds any, it assumes it is being traced, and proceeds as if the return from waitpid() had been "none of your children have finished yet". If it can't find any children, it gives the error as before. 5. When Exim creates hints databases and their lock files as root, it needs to change their ownership to exim. In Exim 3, the function to open a hints database wasn't called as root very often, and the check "are we running as root?" would usually fail. However, because Exim 4 eschews the use of seteuid(), it runs all its routing as root, and this always calls the hints database opening function. It wasn't noticing when it was actually creating the database, and so it was running chmod() on all the files in the db directory every time. This does no harm, of course, but wastes resources. Exim now detects when the database was already in existence by opening without O_CREAT at first. If this succeeds, it doesn't do the root test. 6. The line in MakeLinks that creates a link for direct.c had been accidentally left in (cf 4.03/6). 7. The value of $0 in the replacement in a rewriting rule was being corrupted, leading to incorrect results or error diagnostics. 8. Added support for ldapi:// URLs to the LDAP lookups (OpenLDAP only). Also, re-organized the code to use ldap_initialize() with OpenLDAP in all cases (it seems to be preferred). 9. With OpenLDAP 2.0.25, ldaps:// doesn't seem to work unless the LDAP protocol level is set to 3. This is now standard in the Exim code, as v3 has been around for 5 years now. Testing ldaps:// is now included in the Exim test suite. Although earlier versions claimed to support it, I rather suspect that it never worked. 10. Inserted some checking of the syntax of the IP address given as the first argument to the exim_checkaccess utility. This gives a better error message, especially in the case when somebody gets the arguments in the wrong order. 11. Improved the panic log entry if an unsupported format type is passed to string_vformat() (now gives the whole format string, not just the little bit that's wrong). 12. Ever since its early days, Exim has checked the syntax of non-SMTP addresses according to RFC [2]822 rules, rather than the stricter RFC [2]821 rules that it uses for SMTP. This allows for a wider set of characters in domains. This has now caused a problem, because I forgot about it when making some changes to the format of spool files (see 3.953/44, 4.03/10, and 4.04/1). I can't believe that anybody actually makes use of this feature (which isn't documented), so I have removed it. All domains must now conform to RFC [2]821 rules. A non-SMTP message with a domain that would previously have been accepted will now be bounced. 13. If widening a domain in a dnslookup router made it syntactically invalid, the error message quoted the original domains instead of the widened domain. 14. During a queue run initiated by -R or -S (or by -i when the use of message logs is disabled), if Exim encountered a message with certain characteristics (including text for $local_scan_data, and the setting of the "manually thawed" flag), this data was not correctly reset for subsequent messages. So if they didn't have those settings themselves, strange things could occur. 15. With the "percent hack" enabled for percenthack.domain, if a message had two addresses such as X%some.domain@percenthack.domain and X@some.domain, Exim was not recognizing the duplication, and was making two deliveries instead of one. 16. The output from verification (for -bv and VRFY) used to list a child address when verification was applied to children (this happens, for example, for aliases that generate just a single child). Now it lists only the original address. 17. Changes 34 and 35 of 4.10 did not wholly solve problems with widened domains. The following bug still existed: . A recipient address was abbreviated (e.g. one component). . A dnslookup router caused it to be widened. . The new domain was a local domain. . The address was redirected to itself. At this point, Exim thought it was a duplicate, and discarded it. This whole thing turned out to be a large can of worms, so I have reworked the address widening code. This should get rid of all these problems. Widening now appears similar to redirection, with the unwidened address becoming a proper parent address. As part of this, there has been some general re-organization of the way addresses are handled. 18. When a filter generated only "unseen" deliveries, the normal delivery that happened subsequently lost any value of address_data that was previously set. The handling of values like that that are propagated from parents to children has been reworked. 19. Added smtp_return_error_details and the check_postmaster option for address verification callouts. 20. Long SMTP responses (from ACL messages or wherever) are now automatically split up into multi-line responses if possible. The split happens at an occurrence of ": " if present after 40 characters. Otherwise it happens at the last space before 75 characters. Existing newlines in the message are taken into account. 21. When verify = header_sender is set, a different error message is now given if a syntax is detected, as opposed to failure to verify. 22. Extended the general mechanism for ${quote_lookuptype:...} expansions by allowing for an option to be given after the lookup name, for example ${quote_ldap_dn:...}. Unrecognized options cause errors. 23. Re-worked the quote_ldap expansion items to provide two different kinds of quoting, since the requirements of filter strings and DNs are different. Sigh. Arranged for the DN given in the USER= setting to be de-URL-quoted because not all libraries do it themselves. 24. The handling of responses from LDAP searches wasn't right. It was detecting situations of the form "ldap_result failed internally or couldn't provide you with a message" but not "the server has reported a problem with your search". This has now been tidied up (thanks, Brian). Problems of the latter kind are now handled as follows: (1) For LDAP_SIZELIMIT_EXCEEDED, the truncated list of results is returned. This is what happened before. (2) For a small set of errors that, in effect, mean "that object does not, or cannot, exist in the database", the lookup fails. This is also as before. (3) For other problems, the lookup defers, giving the LDAP error. 25. Added $ldap_dn to hold the DN of the last entry retrieved in the most recent LDAP lookup. 26. Exim was not checking for the LDAP_INVALID_CREDENTIALS error when ldap_bind() failed during an ldapauth call. With (at least) OpenLDAP2, the connection to the server doesn't happen until ldap_bind(), so failures to connect were being treated as authentication failures, and given hard errors. Now, all errors other than LDAP_INVALID_CREDENTIALS are treated the same way for all calls to ldap_bind(), whether ldaputh or otherwise. They lead to temporary errors - if there are more servers, they will be tried. 27. If there was a reference to a non-existent named list, for example, a setting such as "senders = +something", but no lists of that type were actually defined, Exim misbehaved. For an address list, it treated the name as a domain list. For a domain list, it just didn't match. Now it gives a panic error about a non-existent named list (as it always did if there were named lists of the appropriate type). The error now tells you what type of list it thought it was looking for. 28. When -bt or -bv is used by a non-admin user, and there is some kind of DEFER (e.g. database unreachable), details of the failure are no longer given, because they may include private data such as the password for an LDAP lookup. 29. The logic for using a remote host name as a key for looking up retry rules in preference to the domain of the email address was broken. It wouldn't find such retry rules. 30. There were some problems with the action of hosts_max_try in the smtp transport where there were indeed more hosts available than the limit. (a) Exim used to time out an address out if all the hosts that were tried were past their retry limits, ignoring the state of any hosts that were not tried because the hosts_max_try limit was reached. Now it won't time out an address unless all its hosts are actually considered and are past their retry limits. (b) Hosts that are past their retry limits are no longer counted for hosts_max_try. This means that when some hosts are in this state, a greater number of hosts are tried than before, but this is the only way to ensure that all hosts are considered before timing out an address. (c) When the hosts_max_try limit is reached, Exim now looks down the host list to see if there is a subsequent host with a different MX. If there is, that host is used next, and the current host is not counted. More details in NewStuff. 31. The source for spa authentication (taken from the Samba project) used the type "int16". This has caused compilation problems in some systems that happen to have a different definition of it. (Naughty, naughty, non- standard.) I've renamed all the defined types by adding "x" on the end. 32. When a delivery that used authentication was run with -v (which an unprivileged user can use) it included the authentication data when it showed the SMTP transaction. Such data is now replaced by asterisks in any reflection of the SMTP commands. This also applies if the command is logged as a result of an error response. 33. Some little problems in queue runs: (a) The reading end of the synchronising pipe was being left open in the delivery subprocess. This caused no harm, but used up a file descriptor till that series of deliveries was done. (b) If the load level got high enough to abandon a queue run, the synchronizing pipe was accidentally not closed. Normally, this wouldn't matter, because the queue runner process would finish any way, but... (c) If split_spool_directory was set without queue_run_in_order, the code for abandoning a queue run because of too high load didn't stop cleanly. Instead, it went on to look at the remaining subdirectories. Each one would then notice the high load, and abort. Not only was this a waste of time, but because of (b) above, it used up one file descriptor per subdirectory. With up to 62 subdirectories, this could hit the limit of file descriptors if it was as low as 64 (which it sometimes is). 34. Added SYSTEM_ALIASES_FILE to the build-time configuration, and the ability to set ROOT= when installing. Removed installation instructions for the info version of the overview document, because that document no longer exists for Exim 4. 35. Added a total line to exiqsumm. 36. convert4r4 can now handle "optional" for single-key lookups in aliasfile directors. 37. Change 4.03/25 (making convert4r4 double colons in require_files lists) was incomplete. It worked for routers, but not for directors. 38. After verify=recipient in an ACL, the value of $address_data is the last value that was set while routing the address. 39. Included eximstats 1.22. 40. If a delivery of another message over an existing SMTP connection yields DEFER, we do NOT set up retry data for the host. This covers the case when there are delays in routing the addresses in the second message that are so long that the server times out. This is alleviated by not routing addresses that previously had routing defers when handling an existing connection, but even so, this case may occur (e.g. if a previously happily routed address starts giving routing defers). If the host is genuinely down, another non-continued message delivery will notice it soon enough. 41. Added quota_directory to appendfile. 42. Changed the order of processing configuration input lines. Previously, it was comment, .include, continuation, macro expansion, comment again (in case a macro turned a logical line into a comment). This meant that macros could not be used in .include lines. The order is now macro, comment, .include, continuation. That is, macro expansion is done on physical lines, not on logical lines. 43. Improved the error message if an option-setting line in the configuration does not start with a letter. (It used to say 'option "" unknown'.) 44. Allow -D to set a macro to the empty string. Previously it would have moved on to the next commandline item. This seems pointless. Either -DXX or -DXX= sets an empty string. 45. Changed OS/Makefile-FreeBSD thus: EXIWHAT_MULTIKILL_CMD='killall -m' EXIWHAT_MULTIKILL_ARG='^exim($$|-[0-9.]+-[0-9]+$$)' This is because, with the Exim standard installation using a symbolic link, the name of the running program is not "exim" but (e.g.) "exim-4.10-1". 46. An Exim server now accepts AUTH or STARTTLS commands only if their availability has been advertised in response to EHLO. 47. A few source changes to avoid warnings from very picky compilers that don't complain about unset variables when the only setting is by passing the address to another function. 48. Added -d+pid to force the adding of the pid to all debug lines. Default it on when the daemon is run with any debugging turned on. (Pids are still automatically added when multiple deliveries are run in parallel.) 49. Included Matt Hubbard's exiqgrep utility. 50. Give error for two routers, directors, or authenticators with the same name. (It already caught duplicate ACLs.) 51. If a host has more than MAX_INTERFACES interfaces (common for hosts with a slew of virtual interfaces), and Exim had to find the list of local interfaces, it ran off the end of the list that the ioctl returned. I had assumed the length would be set to correspond to the amount of data returned - but in at least one OS it is set to the actual number of interfaces, even if they don't all fit in the buffer. 52. Nit-picking changes to store.c. It was assuming the length of the storeblock structure would be a multiple of the alignment, which is almost certainly "always" true. However, just in case it might not be it is now rounded up. For some long-forgotten reason, Exim was getting blocks of store of the size (8192 - alignment), which seems strange. I've changed it to plain 8192. 53. Added functions to compute SHA-1 digests, added the ${sha1: expansion operator, added support for {sha1} to crypteq. 54. When local_scan() times out, include the message size in the log line. 55. If a pipe transport had no command specified, and the address also had no command associated with it, the transport process crashed. Now it defers with a suitable message. 56. An Exim server output mangled junk if it received a HELP command on an TLS-encrypted session. 57. The output from -bV (and at the start of debugging) now lists the optional items included in the binary (which routers, etc). The debugging output now includes the name of the configuration file at its start. 58. Added support for GnuTLS as an alternative to OpenSSL. 59. Give a configuration error if tls_verify_hosts is set, but tls_verify_ certificates is not set. It doesn't make sense to require some hosts to verify if there's nothing to verify against. 60. A pipe transport may now have temp_errors = * to specify that all errors are to be treated as temporary. 61. The lmtp transport can now handle delivery to Unix domain sockets. 62. Added support for flock() to appendfile, for those operating situations that need it. Not all OS support flock(). 63. It seems that host lists obtained from MX records often turn out to have duplicate IP addresses, especially for large sites with many MXs and many hosts. Exim now removes duplicate IP addresses. (Previously, it removed only duplicate names.) 64. If ${readfile was inside a substring that was not part of the final expansion value (because its condition wasn't met), Exim still tried to read the file. This made an "exists" test for the file useless. 65. Added ${readsocket to the expansion facilities. 66. It is now possible to set errors_to to the empty string in routers. 67. Added disable_logging as a generic transport and a generic router option. 68. Applied Stefan Traby's patch to support threaded Perl. As I don't have a threaded Perl, I can't test that this fixed the problem, but it doesn't appear to break the non-threaded case. 69. For SPA (NTLM) client authentication, the options are now expanded. 70. Added support for SPA server authentication, courtesy of Tom Kistner. 71. Latest versions of TCPwrappers use the macro HAVE_IPV6 inside the tcpd.h header, it appears, and this clashes with Exim's use of that macro. Renaming it for Exim is an incompatible change, so instead I've just arranged that HAVE_IPV6 is undefined while including the tcpd.h header. 72. Mac OS 10.2 (Darwin) has IP option support that looks like the later versions of glibc, but without the __GLIBC__ macro setting. I've added a new macro called DARWIN_IP_OPTIONS, and tidied up the code in smtp_in.c to simplify the handling of the three different ways of doing this. 73. If no "subject" keyword is given for a "vacation" command in a filter, the subject now defaults to "On vacation". 74. Exim now counts the number of "non-mail" commands in an SMTP session, and drops the connection if there are too many. The new option smtp_accept_max_nonmail option defines "too many". This catches some DoS attempts and things like repeated failing AUTHs. 75. Installed configuration files for OpenUNIX. 76. When a TLS session was started over a TCP/IP connection for LMTP, Exim was sending EHLO instead of LHLO after the encrypted channel was established. 77. When an address that was being verified routed to an smtp transport whose protocol was set to LMTP, the SMTP callout used EHLO instead of LHLO. 78. Installed eximstats 1.23 in the distribution. 79. Installed a new set of Cygwin-specific files from Pierre Humblet. 80. Added caching for callout verification. 81. Added datestamped logs and $tod_logfile. 82. When Exim starts up with root privilege, set a high limit (1000) for the number of files that can be open and the number of processes that can be created (on systems where this is possible), in case Exim is called from a restricted environment. 83. Minor bugfix in appendfile: when renaming failed for a file whose name was extended with a tag, the untagged name was shown in the error message. 84. If Exim's retry configuration was changed so as to bounce a certain delivery failure immediately, for example to bounce quota errors: * quota and there were messages on the queue that had previously been deferred because of this error, Exim crashed when trying to deliver them in a queue run. Now it will make one more delivery attempt and bounce on failure. 85. Fixed an obscure problem that arose when (a) an address was redirected to itself, AND (b) the message was not delivered at the first attempt, AND (c) the pattern of redirection was changed at the next delivery attempt. When an address is redirected to the same address, Exim labels the new address as "2nd generation", and so on, in order to distinguish these homonym addresses from each other. Previously, it recorded the delivery of a homonym address as a delivery of the appropriate generation. This does not work if the generation numbers change at the next delivery attempt. The symptoms can be either duplicated deliveries, or missing deliveries, depending on the configuration. A real-life example is a configuration that takes "unseen" copies of messages at certain times only, because an "unseen" router in effect does a redirection to a modified address (the unseen delivery) and to the original address (for normal delivery). Thus the normal delivery can be either the 1st or 2nd generation, depending on whether or not the unseen router is triggered at the time of delivery. The fix is not to record a delivery to a homonym address as such, but instead to record a delivery to the original address by the final transport. If the same address is subsequently routed to the same transport (whichever generation it now is), the delivery is discarded because it has already happened. Homonym addresses that are themselves redirected are now never recorded as "done", but non-homonym addresses are unaffected, so they are marked when all their children are complete (as before), thus saving an unnecessary subsequent expansion. The fix causes more routing processing to be done when homonyms are in use and a message is not delivered at the first attempt, but this is not expected to be very common, and the extra processing isn't all that much. 86. Make sure Exim doesn't overrun the buffer if an oversize packet is received from a nameserver. 87. Added argument-expanding versions of hash, length, nhash, and substr expansions. 88. The API for Berkeley DB changed at release 4.1. Exim now supports this release. 89. When a host was looked up using gethostbyname() (or the more recent getipnodebyname() on IPv6 systems), Exim was not inspecting the error code on failure. Thus, any failure was treated as "host not found". Exim now checks for temporary errors, so the behaviour of "byname" and "bydns" lookups in this respect should be the same. However, on some OS it has been observed that getipnodebyname() gives HOST_NOT_FOUND for names for which a DNS lookup gives TRY_AGAIN. See also change 125 below. 90. Minor rewording of ACL error for attemted header check after RCPT. 91. When USE_GDBM was set, exim_dbmbuild wasn't working properly (still assumed NDBM compatibilify interface); similarly in dbmdb lookups when ownership was being tested. 92. If a Reply-To: header contained newlines and was used to generate recipients for an autoreply, the log line for the autoreply "delivery" had unwanted newlines. Such newlines are now turned into spaces. 93. When a redirect router that has the "file" option set discovers that the file does not exist (the ENOENT error), it tries to stat() the parent directory, as a check against unmounted NFS directories. If the parent can't be statted, delivery is deferred. However, it seems wrong to do this check if ignore_enotdir is set, because that option tells Exim to ignore the error "something on the path is not a directory" (the ENOTDIR error). In fact, it seems that some operating systems give ENOENT where others give ENOTDIR, so this is a confusing area. 94. When the rejectlog was cycled, an existing Exim process was not noticing, and was therefore not opening a new file. 95. If expansion of an address_data setting was forced to fail, and debugging was enabled, a debugging statement tried to print an undefined value instead of the string that was being expanded. This could cause a crash. 96. When Berkeley DB version 3 or higher is in use, a callback function is now set up to log DB error messages that are passed back. 97. The conditions in the Makefile for rebuilding the exim_dbmbuild utility were wrong, leading to failures to rebuild when it should have done. 98. Added -no_chown and -no_symlink options to the exim_install script. Also arranged for the environment variable INSTALL_ARG to be passed over from "make install". 99. Exim sets the IPV6_V6ONLY option on IPv6 listening sockets on operating systems that support it. The call to setsockopt() to do this had SOL_SOCKET instead of IPPROTO_IPV6 as its second argument (and so wouldn't work). 100. When a frozen message was timed out by timeout_frozen_after, the system filter was incorrectly being run for the message before it was thrown away. 101. If a filter used $thisaddress in an argument to a pipe command, its value was not inserted where expected, because the expansion of a pipe command does not happen till transport time, and $thisaddress was not being saved. It is now saved (along with $1, $2, etc, which were already being saved), and reinstated at transport time. 102. Added host grouping for randomizing to manualroute and smtp. A host list that is randomized by manualroute is never re-randomized by smtp. Two host lists that are randomized by manualroute are now treated as "the same" when checking for possible multiple deliveries in one SMTP transaction (this was always true for MX'd host lists). 103. Added "randomize" and "no_randomize" options to manualroute. 104. Added ${hmac expansion item. 105. When compiling with gcc, make use of its facility for checking printf-like function calls (debug_printf and smtp_printf). This would have found the problem in 95 above. It actually found a number of missing casts to (int) in debug lines, and one spurious additional argument. 106. Created an ACKNOWLEDGEMENTS file, which I will endeavour to update in future. 107. Minor modification to Makefile: when a command that starts off "cd xxx;" is followed by another command (on the next line), put the first one in parentheses so that if a "clever" make program amalgamates them, the change of directory is turned off when it should be. 108. If log_timezone is set true, the timestamps in log files now include the timezone offset. A new variable $tod_zone contains the offset. The exigrep utility has been updated to handle timestamps with offsets. The eximstats version included with this release (1.23) has been patched to handle timestamps with offsets. There is also a new -utc option that specifies the timestamps are in UTC. The Exim monitor has been modified so that it omits the zone offset from its display. 109. If the expansion of an errors_to option is forced to fail, the option is ignored. 110. Added $load_average. 111. Added router_home_directory generic router option. 112. Exim crashed on an attempt to check senders or sender domains in an ACL other than after RCPT or DATA. It's now a temporary error. 113. \r was omitted before \n in the SMTP failure response for EHLO/HELO argument checking. 114. On receiving EHLO or HELO, Exim was resetting its state before checking the validity of the command. However, RFC 2821 says that the state should not be changed if an invalid EHLO/HELO is received, so Exim has been changed to conform. This applies mainly when there is more than one EHLO/HELO command in a session. 115. When an Exim root process wrote to a log file, and the log file did not already exist, Exim used to create it as root, and then change its ownership to exim:exim. This could lead to a race condition if several processes were trying to log things at the same time; this happens especially when the exiwhat utility is used. I've changed things so that, if an Exim root process needs to create a log file, it does so in a subprocess that is running as exim:exim. 116. When running filter tests (-bf and -bF) Exim now changes the current directory to "/" so that any assumptions about a particular current directory are false. 117. The appendfile transport was doing the quota_threshold check before actually writing the message. However, the act of writing the message could make it longer by the addition of prefix, suffix, or additional headers. This meant that quota warning could be missed if the basic length of a message kept the mailbox below the threshold, but the transport additions took it over. The warning threshold check is now done after writing the message, when an accurate size is known. 118. If all verifications for verify = header_sender deferred, the log was "temporarily rejected after DATA", without saying why. Now it adds "all attempts to verify a sender in a header line deferred". 119. Added message_id_header_domain option. 120. Ignore message_id_header_text forced expansion failure. 121. Typos: "uknown" in acl.c; missing NULL initialized in drtables.c. 122. When return_size_limit was set greater than zero but smaller than an Exim transport buffer size (so that only one buffer would be written), a message that was longer than the limit could be omitted from the bounce entirely under some circumstances. In other cases, the final buffer full before truncation could be omitted. 123. The inode variables in log.c were of type int with -1 for unset; they have been changed to ino_t with 0 for unset. 124. There are two Makefiles for NetBSD (for different object formats). They were originally supplied in a format where one .included the other. The problem with this has finally surfaced: when processing the Makefile to build config.h, the inclusion isn't seen. The easy way out has been taken: there are now two fully independent files. At the same time, HAVE_IPV6 has been added to both of them. 125. Changed the default way of finding an IP address in both the manualroute and queryprogram routers. Exim now does a DNS lookup; if that yields HOST_NOT_FOUND, it tries calling getipnodebyname() (or gethostbyname()). See also change 89 above. 126. Fixed a race bug in the loop that waits for a delivery subprocess to complete. After reading all the data from, and then closing, the pipe, it assumed that a call to waitpid() for the known pid would always return status for that process. An unfortunately timed signal (e.g. SIGUSR1 from exiwhat) could cause waitpid() to return -1/EINTR instead. The effect of this was to remain in the loop and call FD_SET() with an argument of -1. On Solaris it caused a crash; on other systems it might have looped. 127. If an ACL that was read from a file was used in more than one message in a single SMTP transaction, Exim could crash or misbehave in arbitrary ways. The problem was that the ACL was remembered in memory that was thrown away at the end of the first message. In fixing this, I've done a bit of refactoring of the way memory allocation works, to provide a non-malloc allocator for small blocks of data that must be kept for the life of the process. There's a new function store_get_perm() and I've reintroduced a second storage pool (previously dropped on the 3->4 conversion). A number of instances of malloc calls for small amounts of memory have been changed to use this instead. It might be a tad more efficient. Then again, it might not... 128. A similar problem to 127: memory corruption could occur for multiple messages in one SMTP connection if the data from DNS black list lookups was being used in log or user messages, e.g. references to $dnslists_text. 129. Blanks lines and comments are now ignored in ACLs that are read from files. 130. Two instances of missing \n in debug output. 131. The new debugging tag +timestamp causes a timestamp to be added to each debug output line. 132. Some debug information is written in multiple calls to debug_printf(), with a newline only on the last one. When debugging multiple simultaneous processes, the pid was added to each debug text, and for this reason, a newline was always forced. Now Exim buffers up debug output until the newline is reached, which makes things look much tidier. Also, if there are internal newlines and prefix data such as a pid or timestamp are being added, the prefix is inserted at the internal newlines. 133. When running in the test harness, arrange to overwrite all memory that is released or freed, so that bugs are more easily found. This picked up the following bug: 134. Expansion error messages were left in released store, so could have been overwritten - but in fact most are used immediately, before this happened. 135. A list of configuration files can be given; the first one that exists is used. 136. Moved the code that ensures that newly-created hints databases and their lockfiles are owned by exim:exim so that it runs before the test for successful opening, because a case was reported where the file itself was created, but the DBM library returned an opening error. 137. If an address is redirected to just one child address, verification continues with the child address. However, if verification of the child failed because of (for example) a :fail: redirection, the error message did not get passed back as it would have been had the original address failed. The error information is now passed back for both fail and defer responses. 138. Added $rcpt_defer_count and $rcpt_fail_count. 139. Added "rejected_header" log selector. 140. Added the cannot_route_message generic router option. 141. Change 87 above introduced a bug in the expansion of substrings when the offset was greater than the length of the string, for example ${substr_1:}. Exim crashed instead of returning an empty string. 142. Added extra features to ACLs: the "drop" and "defer" verbs, and the "delay" and "control" modifiers (the latter with "freeze" and "queue_only"). 143. If Exim failed to create a log file, it used to try to create the superior directories only if the logs were being written in the spool directory. Now it tries in all cases, but always from a process running as the exim user. 144. Added $authentication_failed. 145. Added $host_data for use in ACLs. 146. Added new ACLs for non-SMTP messages, SMTP connection, MAIL, and STARTTLS. 147. Added a number of new features to the local_scan() API: Access to debug_printf() and the local_scan debug selector Direct access to the message_id variable LOCAL_SCAN_REJECT_NOLOGHDR and LOCAL_SCAN_TEMPREJECT_NOLOGHDR Access to store_get_perm() and store_pool (see 127 above) Access to expand_string_message Option settings in the main configuration file LOCAL_SCAN_ACCEPT_FREEZE and LOCAL_SCAN_ACCEPT_QUEUE LOG_PANIC to write to the panic log Access to host_checking Supporting functions lss_match_xxx() for matching lists 148. Minor security problem involving pid_file_path (admin user could get root) has been fixed. 149. When an ACL contained a sender_domains condition with a reference to a named domain list, the result of the check was not being cached (an oversight). 150. Allowed for quoted keys in lsearch lookups; this makes it possible to have whitespace and colons in keys. 151. Added wildlsearch lookup. 152. Yet another new set of configuration files for Cygwin from Pierre Humblet. 153. Ensure that log_file_path contains at most one instance of %s and one instance of %D and no other % characters. 154. Added $tls_certificate_verified. 155. Now that the list of lookup types has got so long (and more are in prospect) arrange to search it by binary chop instead of linear search. 156. Added passwd lookup. 157. Added simple arithmetic in expansion strings. 158. Added the ability to vary what is appended for partial lookups. 159. Made base 64 encode/decode functions available to local_scan. ****