Version 4.14
------------

 1. Support has been added for PostgreSQL lookups to use Unix domain socket
    connections to the database. This is usually faster and costs less CPU time
    than a TCP/IP connection. However it can only be used if the mail server
    runs on the same machine as the database server. A configuration line for
    PostgreSQL via Unix domain sockets looks like this:

      hide pgsql_servers = (/tmp/.s.PGSQL.5432)/db/user/password [:<nextserver>]

    In other words, instead of supplying a host name, a path to the socket is
    given. The path name is enclosed in parentheses so that its slashes aren't
    visually confused with the delimiters for the other server parameters.

 2. The number of unknown SMTP commands that Exim will accept before dropping
    a connection can now be changed by smtp_max_unknown_commands. The default
    value is 3. Previously, a fixed value of 5 was used.

 3. The configuration file now supports conditional skipping, using the
    "directives" .ifdef, .ifndef, .elifdef, .elifndef, .else, and .endif.
    The implementation is very simple. The first four of them should be
    followed by text which includes the names of one or macros. The condition
    that is tested is whether or not any macro substitution takes place in the
    line. Thus:

      .ifdef AAA
      message_size_limit = 50M
      .else
      message_size_limit = 100M
      .endif

    sets a message size limit of 50M if the macro AAA is defined, and 100
    otherwise. If there is more than one macro named on the line, the condition
    is true if any of them are defined. That is, it is an "or" condition. To
    obtain an "and" condition, you need to use nested .ifdefs.

    Although you can use a macro expansion to generate one of these directives,
    it isn't very useful, because the condition "there was a macro substitution
    in this line" will always be true.

    Text following .else and .endif is ignored, and can be used as comment to
    clarify complicated nestings.

 4. The crypt() function that can be used with the crypteq expansion condition
    uses only the first 8 characters of the cleartext password. Subsequent
    characters are ignored. At least one operating system has a crypt16()
    function (also known as "bigcrypt"), which uses up to 16 characters. Exim
    now has its own version of crypt16() (which is just a double call to
    crypt()) that can be used by putting "{crypt16}" in front of an encrypted
    password. For example:

      ${if crypteq{test}{\{crypt16\}azrazPWCQJhygdJWzb77lQMA}{yes}{no}}

    For operating systems that have their own version of crypt16(), setting
    HAVE_CRYPT16 in Local/Makefile when building lets Exim use the OS' version
    instead of its own. So far, I know of only one OS (OSF1, or whatever it is
    called this week) that has crypt16(), and I have set HAVE_CRYPT16 in its
    Makefile.

    If you don't put any curly bracket encryption type in a crypteq comparison,
    the default is either crypt() or crypt16(), as determined by the setting of
    DEFAULT_CRYPT in Local/Makefile. The default default is crypt(). Whatever
    the default, you can always use either function by specifying it
    explicitly in curly brackets.

    Note that if a password is no longer than 8 characters, the results of
    encrypting it with crypt() and crypt16() are identical. That means that
    crypt16() is backwards compatible, as long as nobody feeds it a password
    longer than 8 characters.

 5. Previously, if a MySQL query was issued that did not request any data (an
    insert, update, or delete command), Exim gave a lookup error and deferred.
    This case is now recognized, and the result of the lookup is now the number
    of rows affected.

 6. A new router condition called "address_test" (default true) can be used to
    skip routers when testing addresses using -bt (compare no_verify). This can
    be a convenience when your first router sends stuff to an external scanner.

 7. There is a new generic authenticator server option called
    server_advertise_condition. When a server is about to advertise an
    authentication mechanism, the condition is expanded. If it yields the empty
    string, "0", "no", or "false", the mechanism is not advertised. This can be
    used, for example, to restrict the advertisement of PLAIN and LOGIN
    mechanisms to encrypted connections, by a setting such as

      server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}

    When an AUTH command is received, Exim recognizes only those mechanisms
    that it has actually advertised.

 8. The ldap_version option can be used to force Exim to set a specific
    protocol version for LDAP. If this option is unset, it is shown by "exim
    -bP" as -1. When this is the case, the default is 3 if LDAP_VERSION3 is
    defined in the LDAP headers; otherwise it is 2.

 9. The smtp transport now has an option called authenticated_sender. This to
    set a value for the AUTH= item on a MAIL command, overriding any existing
    authenticated sender value. The string is expanded; if expansion is forced
    to fail, the option is ignored. Other expansion failures cause delivery to
    be deferred. If the result of expansion is an empty string, that is also
    ignored.

    This option means that you can use the smtp transport in LMTP mode to
    deliver mail to Cyrus IMAP and provide the proper local part as the
    "authenticated_sender", via a setting such as

      authenticated_sender = $local_part

    This removes the need for IMAP subfolders to be assigned special ACLs to
    allow direct delivery to those subfolders.

    Because of expected uses such as that just described for Cyrus (when no
    domain is involved), there is no checking on the syntax of the provided
    value.

10. The exim_lock utility has a new option called -restore-times. When set, it
    causes exim_lock to restore the modified and read times to the the locked
    file before exiting. This allows you to access a locked mailbox (for
    example, to take a backup copy) without disturbing the times that the user
    subsequently sees.

11. When a header address is rewritten by a rule that includes the "w" flag,
    the parts of the new address outside <> are now encoded according to RFC
    2047 if necessary (assuming ISO-8859-1 encoding).

12. There is a new expansion operator for doing RFC 2047 encoding explicitly:

      ${rfc2047:string}

    It is assumed that the input string is in ISO-8859-1 encoding. If the
    string contains only printing characters, and no instances of the
    characters ? = ( ) < > @ , ; : \ " . [ ] or _ it is not modified.
    Otherwise, the result is the RFC2047 encoding, as a single "coded word".

13. The world is slowly moving towards Unicode, although there are no standards
    for email yet. However, other applications (including some databases) are
    starting to store data in Unicode, using UTF-8 encoding. The Unicode code
    points with values less than 256 are compatible with ASCII and ISO-8859-1
    (aka Latin-1), which of course are single-byte encodings. Exim now has an
    operator that can convert from a UTF-8 string to ISO-8859-1:

      ${from_utf8:string}

    UTF-8 code values greater than 255 are converted to underscores. The input
    must be a valid UTF-8 string. If it is not, the result is an undefined
    sequence of bytes.

14. The file names used for maildir messages now include the microsecond time
    fraction as well as the time in seconds, to cope with systems where the
    process id can be re-used within the same second. The format is now

      <time>.H<microsec>P<pid>.<host>

    This should be a compatible change.

15. The rules for creating message ids have been change to allow for the fact
    that a PID might be re-used within one second. As part of this change, the
    maximum value of localhost_number has been reduced to 16 (or 10 for Cygwin
    and Darwin). The first two parts of the message id remain unchanged: the
    current time (in seconds) and the PID. The third part (two "digits") is now
    created as follows:

    (a) If localhost_number is not set, it is the fraction part of the time,
        normally in units of 1/2000 of a second, but for systems that must use
        base 36 instead of 62 (because of case-insensitive file systems), the
        units are 1/1000 of a second.

    (b) If localhost_number is set, it is multiplied by 200 (100) and added to
        the fractional part of the time, in units of 1/200 (1/100) of a second
        to create the final part of the message id.

    After a message has been received, Exim waits for the clock to tick at the
    appropriate resolution before proceeding, so that if another message is
    received by the same process, or another process with the same PID, we are
    sure the time will be different. In most cases, the clock will already have
    ticked.

16. verify = header_syntax was allowing unqualified addresses in all cases. Now
    it allows them only for locally generated messages and from hosts that
    match sender_unqualified_hosts or recipient_unqualified_hosts,
    respectively.

17. By default, Exim automatically qualifies unqualified addresses (those
    without domains) that appear in messages that are submitted locally (that
    is, not over TCP/IP). This qualification applies both to addresses in
    envelopes, and addresses in header lines.

    Sometimes, qualification is not wanted. For example, if -bS is being used
    to re-inject messages after scanning, you probably don't want to qualify
    unqualified addresses in header lines. (There won't be any such lines if
    you have verify = header_syntax set - see 16 above.)

    There is a new command line option -bnq, which suppresses all qualification
    of unqualified addresses in messages that originate on the local host. When
    this is used, unqualified addresses in the envelope provoke errors and
    unqualified addresses in header lines are left alone.

18. Added support for changing the Tcp connection timeout in LDAP; this is
    something that's available in Netscape SDK 4.1. The value is given in
    seconds as "connect=n" in a similar way to user and password. A value of
    zero apparently means the system connect time. Exim uses the given value
    if LDAP_X_OPT_CONNECT_TIMEOUT is defined in the LDAP headers.

19. A new debugging selector +expand has been added. This is not included in
    the default set of selectors. It requests detailed debugging information
    for string expansions.

20. The operator ${hex2b64:....} converts a string that is encoded in hex into
    a string that is encoded in base64.

21. The $tod_zulu variable contains the UTC time in "Zulu" format, as specified
    by ISO 8601, for example: 20030221154023Z.

22. The operator ${strlen:...} is replaced by the length of its argument
    string, expressed as d decimal number. Note: do not confuse ${strlen: and
    ${length:.

23. The operator ${stat:...} runs a stat() call on its argument. If the stat()
    fails, an error occurs and the expansion fails. If it succeeds, the data
    from the stat replaces the item, as a series of name=value pairs, where the
    values are all numerical. The names are mode (giving the mode as a 4-digit
    octal number), smode (giving the mode in symbolic format as a 10-character
    string, as for the ls command), inode, device, links, uid, gid, size,
    atime, mtime, and ctime. You can extract individual fields using ${extract.

24. There are now some variables that can be set explicitly during ACL
    processing, and used to pass information between different ACLs and
    different invocations of the same ACL. There are two sets of these
    variables:

    (1) The values of $acl_c0 to $acl_c9 persist throughout the connection.
        They are never reset.

    (2) The values of $acl_m0 to $acl_m9 persist only while a message is being
        received. They are reset afterwards. They are also reset by MAIL, RSET,
        EHLO, HELO, and after starting up a TLS session. However, they still
        contain their values when the local_scan() function is run.

    These variables can be set by a new ACL modifier called "set". For example:

      accept hosts = whatever
             set acl_4 = some value

    Note that the leading $ is not used when naming a variable that is to be
    set. If you want to set a variable without taking any action, you can use a
    "warn" verb without any "message" or "log_message" modifiers.

    As their name suggests, these variables are set only during ACL processing.
    At all other times they are empty.

25. System filters can now contain "defer" commands as well as "freeze" and
    "fail". This defers delivery of the original recipients. Unseen deliveries
    added by the filter are not deferred.

26. The "more" and "unseen" generic router options can now be expanded strings.
    The values after expansion must be valid boolean values, i.e. "yes", "no",
    "true", or "false". Any other result causes an error, and delivery is
    deferred. If the expansion is forced to fail, the default value for the
    option is used. Other failure cause delivery to be deferred.

27. The "once_repeat" option in the autoreply tranport is now an expanded
    string.

28. If maildir_format is set on an appendfile transport that is referenced from
    a file_transport setting in a redirect router, it forces maildir delivery,
    even if the path given in the filter does not end with '/'. Previously,
    maildir_format was ignored for appendfile transports when the path name
    from outside did not end in '/'.

29. A new option called pipelining_advertise_hosts can be used to suppress the
    advertisement of PIPELINING to specific hosts (compare
    auth_advertise_hosts). The default value is "*".

30. Lots of arguments are going on about internationalized domain names. One
    camp is strongly in favour of just using UTF-8 characters, and it seems
    that at least two other MTAs permit this. In order to allow Exim users to
    experiment, if they wish, I have added allow_uit8_domains, defaulting
    false. If it is set true, Exim's domain parsing function will allow valid
    UTF-8 multicharacters to appear in domain name components, in addition to
    letters, digits, and hyphens. However, just setting this option isn't
    enough; if you want to look up these domain names in the DNS, you must also
    adjust the value of dns_check_names_pattern to match the extended form. A
    suitable pattern is

  (?i)^(?>(?(1)\.|())[a-z0-9\xc0-\xff](?>[-a-z0-9\x80-\xff]*[a-z0-9\x80-\xbf])?)+$

    Alternatively, you can just disable this feature by setting

      dns_check_names_pattern =

    (that is, set the option to an empty string so that no check is done.)

31. The expansion items $rh_ and $rheader_ are similar to $h_ and $header_
    except that they give you the "raw" header without the removal of leading
    and trailing white space. Also, for those headers that contain lists of
    addresses, if there are more than one header with the same name, a comma is
    not inserted between them in the "raw" case.

32. You can now control which hosts are subject to the smtp_max_nonmail (see
    4.11/29) check by setting smtp_accept_max_nonmail_hosts. The default value
    is "*" - i.e. by default it applies to all hosts. The idea is that you can
    exclude any specific badly-behaved hosts that you have to live with.

33. When a lookup of a host's IP addresses fails to find any addresses, or when
    a lookup of an IP address fails to find a host name, a log line is now
    written. These log lines can be suppressed by unsetting the log selector
    host_lookup_failed. This logging does not apply to direct DNS lookups when
    routing email addresses, but it does apply to 'byname' lookups.

34. There are two new options concerned with the size of headers. The option
    header_maxsize controls the overall maximum size of a message's header
    section. The default is HEADER_MAXSIZE, which is set in Local/Makefile; the
    default for that is 1M. This limit is not new; what is new is the ability
    to vary it at runtime. The second option, header_line_maxsize, is new. It
    limits the length of any individual header line, after all the
    continuations have been joined together. The default value is zero, meaning
    "no limit".

****