Change log file for Exim
------------------------


Version 0.53
------------

1. Exinext: output "usage" if no argument given.

2. Exicyclog: extraneous "/var/spool/exim/log" removed from two lines where it 
shouldn't have been.

3. Support for native calls to Berkeley db added.

4. When functions shared by utilities attempt to write the log (in error 
situations) the output is now directed to stderr.

5. Improved the error handling in exim_fixdb.

6. Introduced unions to get round compiler warnings when compiling on a 64-bit
system.

7. Introduced some long int casts as a result of some other 64-bit compiler 
warnings that can't be solved with unions.

8. Missing "#include <stdlib.h>" in exim_tidydb.c.

9. Missing "#include <string.h>" in regexp/regexp.c (not my code, but I put it 
in to get rid of a warning from some compilers).

10. New configuration option LIBIDENTCFLAGS to pass additional flags to the 
compiler when compiling the libident library. Default to -DHAVE_ANSIHEADERS, 
since most systems are expected to have them. This gets rid of some compiler 
warnings.

11. The OSF1 linker mutters somewhat alarmingly if any sections contain no
executable code. Added dummy functions to the two data modules to stop this.

12. Fixed store overwriting problem in pipe transport.

13. If an address was rewritten by a router (e.g. fully qualifying) and became 
a local address and was then expanded via a .forward file, the original address 
didn't get marked 'delivered' when all its derivatives were delivered. No harm, 
but the -bp and eximon listings were incorrect.

14. If a local part was turned into an identical local part by one director 
(say aliasfile) and then again turned into an identical local part by another 
director (say forwardfile), the address was incorrectly thought to be a 
duplicate.

15. Added the keep_malformed option.

16. Added the discard_failed_error_messages option.

17. If two domains resolve to the same set of hosts with the same MX values, 
round-robinning nameservers may cause hosts with the same MX value to appear in
a different order for each domain. Exim now treats such host lists as the same,
and makes a single SMTP call for both addresses. (Clearly it shouldn't do 
anything silly like sorting the list by host name, as that circumvents the 
round-robinning.)

18. Moved require_files test into the individual directors to (a) fix a problem 
when this is used with prefix/suffix, and (b) allow $home to be included in the 
file name for the localuser director.

19. Put "#ifndef bcopy" before bcopy definition in StripChart.c in the monitor, 
as in some X worlds it is already defined.

20. SMTP batching wasn't working when the remote host was specified in the 
transport rather than being attached to the address.

21. Added the "unseen" generic directors and routers qualifier.

22. Exicyclog was grumbling if there was no mainlog file. It now does nothing 
if mainlog does not exist.

23. Increased the default number of tries to lock a mailbox to 10, and improved 
the error information when locking fails.

24. The smtp transport wasn't always noticing the difference between 
message-specific and non-message-specific errors when attempting a delivery, 
which sometimes caused the remote host to be deemed down (and therefore not 
tried again until its retry time was up) when it wasn't. Generally reworked
and tidied up the SMTP delivery code.

25. Removed redundant repetition of address in failure logging messages.

26. If a delivery error message fails to deliver for longer than any retry
times, it gets cancelled. Previously, an error message was sent to mailmaster, 
but if this was timing out...

27. Rewriting rules compare domains independently of case.

28. The iplookup router was forgetting to close its socket.

29. The daemon was closing the wrong socket when spinning off a queue runner 
job, causing port 25 to remain bound while the queue was being processed.
If the daemon was HUPped during this time, it could fail to rebind to port 25, 
even after trying several times.



Version 0.52
------------

1. Change to different code for determining the maximum number of open file 
descriptors, since the previous code failed on FreeBSD & NetBSD. Also, 
explicitly close the unused end of the pipe when creating a child process
rather than relying on the general close (belt & braces).

2. It was pointed out that I had omitted to call fsync() when writing spool 
files. Shows up my inexperience in writing for Unix - assuming a file was safe 
after it had been closed. What a ridiculous idea. :-) Calls to fsync() are now
in place.

3. The value of the process_info string (which is what is output when SIGUSR1 
is received) is now written out as debugging information whenever it is set for 
debug levels >= 2.

4. "make install" wasn't installing the exigrep and eximstats utilities from 
the util directory. It now does.

5. Remove the space after "Mail from:" and "Rcpt to:" in outgoing SMTP as it 
isn't in strict accordance with RFC 821.

6. Ensure that when Exim uses a pipe, it reads from fd[0] and writes to fd[1], 
since not all OS make each file descriptor bi-directional. This was wrong in 
the code in the pipe transport for catching output from the pipe command.

7. The aliasfile director was insisting on an absolute path name, even for NIS 
lookups.

8. Fixed a timing problem when attempting to deliver more than one message down
the same SMTP channel. (Symptom: it didn't always do it when it should.)


Version 0.51
------------

1. Minor improvement to scripts/os-type for tcsh users.

2. The list of things to install incorrectly included exigrep, which is in the 
util directory and so doesn't automatically get installed.

3. The facility in eximon to display the percentage fullness of a partition 
wasn't working at all. This was all the result of system-specific 
configurations to handle the statvfs() function. No OS had been configured to 
use it! Should now work in all OS except ULTRIX, which is weird.

4. Fix 2 of 0.50 still didn't quite go far enough! Changed it so that when a
message is failed because it has been on the queue longer than the final cutoff
time, the next retry time is set to "now". This means that subsequent messages
on the queue get tried straight away. (Otherwise, if there are a lot of such
messages, it can take a very long time for them to flush.) Despite this, 
messages could still remain on the queue for a long time if there were a great 
many of them and a trickle kept getting through. As a final big chopper, if a 
message gets deferred but has been on the queue for longer than any final
timeout in the retry configuration, it gets failed.

5. When a header containing an unqualified address was of the form

  To: unqualified-name (some comment)
  
then Exim was losing the comment when it qualified the name. 

6. Fixed wording of error message for malformed address in local message.

7. Set Exim's umask to 0 so that the modes it specifies for files actually 
work...

8. Security in the pipe transport was not all it might be when the command was 
an expanded string from a filter file. The way this works has now been changed. 
Commands specified to be run via pipes are no longer run under /bin/sh. 
Instead, Exim splits up the command into arguments itself and runs the command 
directly. If the command came from the transport's configuration, or from a 
user's filter file (but NOT from a traditional .forward file), then each 
separate argument is string-expanded, but remains as one argument. If a user 
wants to run /bin/sh, then this must be explicitly given.

9. Handle escaped characters in quoted pipe commands in .forward files.

10. Don't freeze, just defer, if opening a non-existent mailbox fails, or
if chdir to the user's home directory fails.

11. Detect format error in header portion of spool file, even when not actually 
reading headers (e.g. while generating -bp output), and display an error 
message for -bp and in the monitor.

12. Stick in some explicit casts to cut down on warnings from gcc on Linux.


Version 0.50
------------

1. Exinext utility: Improved output when host lookup times out; fixed layout 
infelicities and improved wording of output.

2. Fix 63 for version 0.43 didn't go far enough, as it applied only when retry 
data did not exist. In cases when some messages get through and some don't, 
after a success the next failure might be a recently-arrived message, creating 
a retry with a recent "first failed" time, even though some messages might have 
been on the queue for a very long time. The logic now is that, in all cases, if
a message is deferred and it has been on the queue longer than the final cutoff
time for the retry rule for any address, that address gets failed. The retry
calculations etc. for the address are not affected by this. Thus one rougue
message doesn't affect others, though it might get tried more often than one
might expect.

3. The sender_try_verify and receiver_try_verify options caused sender_verify 
and receiver_verify to appear to be set (even though the "try" options took 
precedence). This has been fixed.

4. Re-arranged code in the daemon so that the checking off of completed 
subprocesses is no longer done inside the SIGCHLD handler. It gets called each 
time round the loop, so happens even if SIGCHLD gets lost, and this also fixes 
a possible race problem - which might account for some reported funnies. I hope
this new code works in all the various OS.

5. A syntax error in a .forward file no longer freezes, it just defers.

6. Very minor code tidy: unnecessary line of code removed from log.c.

7. As in incoming message-id is defined to be an addr-spec, if it contains
quotes it is permitted to contain any chars except " \ and CR. In particular,
it can contain newlines! Arrange that these are shown as \n when logged.

8. Eximstats: ignore lines not starting with a valid date/time, just in case
these get into a log file by mistake.

9. Exicyclog: explicitly reset the owner and group of all moved and compressed 
files to be the same as the mainlog. Some operating systems muck about with 
things.

10. Exicyclog: the path of the compression program, its suffix, and the number 
of old logs to keep are now set in the EDITME=>Local/Makefile configuration 
file rather than just being screwed into the script.

11. If message_size_limit was set, Exim was sending the SIZE option on an
ESMTP connection, but not accepting it on a subsequent MAIL FROM command. I had 
done only half the job...

12. If more than one message was received over an ESMTP connection, only the 
first was logged as "esmtp"; the remainder got logged as "smtp" in error.

13. Minor improvement in error checking in code for writing header spool files.

14. Add size of file to "format error in spool file" error message.

15. Remove the use of the "-a" flag with /bin/sh in the script that builds
config.h (scripts/Configure-config.h) because "-a" is not implemented in 
/bin/sh in the current release of FreeBSD. 

16. Remove an extraneous #include <ndbm.h> at the start of the autoreply.c
source; seems to have got there by accident.

17. Added config files for NetBSD, identical to those for FreeBSD.



Version 0.43
------------

1. New ChangeLog file started as the old one was getting pretty big, and the 
0.42 documentation was up-to-date. I have the old one archived if anybody wants 
it.

2. Bug in domainlist. If a host lookup returned several addresses, the lookup 
was done again for each address. This caused problems with MX-only lookups.

3. Missing dependency on os.o for exim_dbmbuild.

4. Make eximon script cope with the case when LD_LIBRARY_PATH does not have any 
initial value.

5. HP-UX configuration default changed to -lndbm as suggested (nobody on the 
list objected, or even said anything.)

6. A similar change has been made to the Linux configuration.

7. Removed unwanted debugging code from eximon that caused trouble with 
additional arguments.

8. Added autoreply transport, mainly for use in conjunction with the 
mailfiltering to be added to forwardfile, but also usable separately. Still to 
be documented.

9. Addition of exigrep utility, to pull out all log entries relevant to a 
message when any one of that message's log entries matches a given pattern.
The usage is: exigrep [-l] <pattern> [<log file>]...  where the -l flag 
means "literal", i.e. treat all characters in the pattern as standing for 
themselves.

10. Typo in an "unknown variable" error message in string expansion (semicolon 
for colon).

11. For use in filters, but generally available: the contents of header lines 
are accessible in expanded strings via the syntax $header_<chars>: for example
$header_from:  $header_reply-to:  and so on. It is necessary to have this 
slightly odd syntax since RFC822 header names can contain any printing 
characters except white space and colon. If the name is followed by white space 
in the expansion string, the colon can be omitted. Note that colon is the ONLY 
printing character that terminates; in particular, } does not. For those that 
don't like typing, "$h_" is a synonym for "$header_".

12. Addition of filtering capabilities, specifically, the "filter" and 
"forbid_mail" options added to forwardfile, and the -bf command line option 
added. To be documented in a separate guide for filter users. New debug level 
10 gives filter interpretation details.

13. Exim crashed if -f was not followed by anything, instead of giving an error 
message.

14. The option "-f <>" is no longer ignored if the caller is not trusted. It 
has the effect of causing any SMTP transmissions to be sent out with "MAIL 
FROM: <>", and local deliveries not to contain a "Return-path" header. The true
sender is still present in either the From: or Sender: header lines. The use of
-f with any other address is still ignored if the sender is not trusted. This
setting also affects filtering (mail cannot be generated from such a message),
and if the message cannot be delivered, it is frozen rather than causing a
delivery failure report.

15. The sender_ident variable is now set to the local caller for locally-
received messages. If looking up the uid by getpwuid() fails, the string 
"uid<n>" is used.

16. Default Received: string changed to include identity information when 
available from the local host as well as from remote hosts.

17. -d0 now does nothing; -dn where n>0 verifies the setting.

18. The variable return_path is now set while routing and directing.

19. Expanded messages for file/pipe/autoreply forbidden.

20. The variables $caller_uid and $caller_gid are now available in expansion
strings. They are set to the real uid and gid that are current when Exim is
called.

21. By default, if the uid of the caller of Exim cannot be looked up using
getpwuid(), Exim gives up. There is now a configuration variable called
unknown_login, which can be used to set a login name to be used in this
circumstance. It is expanded, so values like "user$caller_uid" can be set. When
unknown_login is used, the value of unknown_username is used for the user's
name (gecos field), unless this has been set by the -F option. This is a
somewhat specialized feature for use in unusual configurations.

22. Added a new expansion operator to take just the first n characters of a
string - a general feature, but intended for use with message_body. The syntax
is, for example, ${length_25:$message_body}; "length" can be abbreviated to
"l".

23. Added compile-time variables CONFIGURE_FILE_USE_{EUID,NODE} to control
whether Exim looks for alternative configuration files or not (thus saving time
in the default case, when these are not set).

24. Added receiver_try_verify - same as receiver_verify, except that it accepts
the address if verification can't be done immediately, rather than giving a
soft error. When receiver_try_verify is set, receiver_verify is automatically 
set. Also added the same things for sender_try_verify.

25. Added the Delivery-date: header, which works in exactly the same way as
Return-path: and has similarly named options.

26. If the result of routing or directing while verifying an address is ERROR,
it means there has been some cock-up in the directors or routers. This doesn't
really mean the address is unverifyable - which is how it was previously
treated. Change Exim to treat it the same as DEFER.

27. Messages are no longer frozen, but are instead just deferred, for the
following errors: bad {mode, owner, group} for .forward file, or an error while
reading a .forward file.

28. Added the file_must_exist option (=> file must pre-exist) to appendfile.

29. Added the create_file option to appendfile.

30. Added the restrict_to_path option to pipe. This requires a command
containing no slashes, and it does not run it under a shell.

31. Exit 75 from a pipe means "defer". This choice is based on a value in
sysexits.h on Solaris 2 (& others).

32. Rewrote code for handling data written to stdout by pipe deliveries.
Instead of passing an open file fd to the subprocess, it now passes an open
pipe fd and forks a subprocess to read it. The number of bytes written is
counted, and if it exceeds a configurable limit, the subprocess is killed and
no more data is read from the pipe. This is intended to catch runaway
subprocesses. If return_output is set on the transport, the data read from the
pipe is written to the file; otherwise it is quietly discarded.

33. Bug Fix: If an address was deferred because it could not be directed
(typical case: missing include file for aliasfile with no_freeze_missing_
include set) and subsequently succeeded, causing new addresses to be generated,
the retry item for the original address was never removed, causing mail for it
ultimately to fail. Exim was processing requests to update the retry database
only for end addresses. It now deals with all the parents as well.

34. Ensure that each local address is directed at least once, even after a
long-term directing failure. This brings this into line with the delivery code.
Similarly, it seems sensible to try routing for non-local addresses at least
once.

35. Added commented-out trusted_users=exim setting to the default config.

36. Freeze rather than generating a message for delivery errors if the sender's
address is "<>". Previously it didn't if there was an errors_address set, but
this can lead to infinite loops.

37. Don't generate "apparently-from" for non-local messages with no from:
lines. Instead, generate a "from" header.

38. Don't generate "apparently-to" for messages with no to: or bcc: headers.
(This could disclose bcc addressees in advertently.) The rules now are: if
addressees came from "-t", or if the message came in via SMTP, add an empty
"bcc:" header; otherwise add a "to:" header.

39. Allow command-line arguments to Exim to contain multiple, comma-separated
addresses.

40. The parameter START_DEPTH, set in exim_monitor/EDITME, was not in fact
used, so it's been removed.

41. Exim monitor now scrolls to the bottom of the window containing debugging
output when delivering a message as a result of a menu operation.

42. Pass CFLAGS to libident make.

43. Complain if any of the SMTP transport timeouts are set to zero.

44. Added a call to setsid() in the daemon, to get rid of the controlling
terminal. All Unixes to which Exim has been ported seem to have this system
call, which is required by POSIX. If there's any system that doesn't, it can be
#defined to something else. Also, closed all open file descriptors before
calling setsid().

45. If a call to uname() produces an unqualified host name, feed it to
gethostbyname() in order to get the fully qualified name.

46. Debug level 10 gets out details from the filter code; debug level 11 turns
on the DNS debugging output (formerly done by level 10).

47. Exim crashed if a key longer than 255 characters was looked up in a DBM 
file.

48. Dbmbuild crashed if given a key longer than 255 characters. It now 
complains and gives up.

49. Applied Lee McLoughlin's patch to transports/smtp.c to use select() with a 
timeout instead of alarm() for timing out the recv() call that reads responses 
to SMTP command lines. This now works on SunOS4 as well as other systems (well, 
I've tested SunOS5).

50. Did the same thing to the iplookup router, which also uses recv().

51. Removed the timezone offset from the time in tod_bsdinbox, which therefore
affects the From_ line in locally delivered messages, because it upsets some 
MUAs; the only documentation (examples in RFC 976) doesn't have it.

52. Added code to make Exim robust against truncated spool header files and 
files that have blocks of nulls on the end (can happen if there's a crash while 
writing). These now all give format errors when Exim tries to read them. Also 
improved some of the associated error messages.

53. Allow Sender: headers to participate in rewriting. This means that 
unqualified Sender: headers will get qualified with the local qualify domain, 
in the same way as other address-containing headers. Provided this is 
configured in, of course. The rewrite rules now have the option "s" for
specifying Sender:, and sender does participate in the default and in the
"h" option.

54. If binding the socket for the SMTP listener fails, wait 30 seconds and try
again, up to 10 times.

55. Log more detail when a connection is rejected by sender_reject or 
sender_accept.

56. exim -bv -v no longer gives full detail - just what "the ordinary user"
might be interested in; use -d2 to get more.

57. Before writing to the main log file, if it is already open, it is statted 
to see if its inode has changed. If it has, the file is closed and reopened. 
This prevents very long-running deliveries from writing to old log files ages 
after they have been renamed, though the files may remain open for some time.

58. Add configuration option rfc1413_query_timeout. Setting the time to 0s
turns off all RFC 1413 queries.

59. Added configuration options rfc1413_except_hosts and rfc1413_except_nets to 
enable RFC 1413 calls to be turned off for specific hosts or networks.

60. Added auto_thaw option. An attempt to deliver a frozen message will 
automatically thaw it first if the time since last freezing is greater than 
auto_thaw, provided auto_thaw is greater than 0s.

61. Changed licensing conditions to use the GNU GPL.

62. If message is frozen because sender is <> or "-f <>" was given, say so in 
the log messages.

63. Patched up a problem in the retry logic when *some* messages to an address
get through and others don't. (Example: a user is close to quota - short 
messages get delivered, but long ones fail.) A successful delivery wipes out 
the retry data, so the failing messages were continuing to try for ever. A 
simple fudge cures this: if a delivery fails, Exim sets up retry data, which 
includes the time of first failure of this address. Normally this is set to 
"now". However, if the failing message has been on the queue for more than 12 
hours, the time of first failure is set to the time the message arrived on the 
queue. This will eventually cause it to get bounced.

64. The iplookup router: set up ${0} even if no pattern.

65. Give more info when forwardfile fails to expand.

66. Fix scripts/os-type so that it works when tcsh sets OSTYPE=solaris.

67. Allow new_address option in smartuser director not to contain an explicit
'@' provided it is going to be expanded - then check for the '@' after 
expansion.

68. Expand the "hosts" option in the smtp transport each time it is called, if
the string contains any $ characters.

69. When a remote transport is being run, if *all* the addresses that are 
handed to it in one go have the same domain, then the $domain expansion 
variable is set to that domain. Otherwise it is null.

70. Added the "multi_domain" option to the smtp transport. The default is on, 
which means smtp can handle a mixture of different domains if they all resolve 
to the same list of hosts. Turning the option off restricts the transport to 
handling only one domain at once. Useful if you want to use $domain in an 
expansion for the transport.

71. Changed default settings for Exim monitor parameters to things like
LOG_DEPTH=${EXIMON_LOG_DEPTH-300} so that they can be overridden by setting 
environment variables.

72. When more than one message is sent down the same SMTP connection, the log 
now indicates the second and subsequent ones by putting * after the IP address.

73. The dbmbuild utility now reads from stdin if the first argument is "-".

74. Added the self_mx option to the lookuphost router to change what happens 
when the lowest-number MX points to the local host. Various options - see 
manual.

75. White space allowed before '#' in comment lines in configure, and before 
"end".

76. Boolean options can now be set by the prefix "not_" as well as "no_". They 
can also be set by the forms x=true, x=false, x=yes, x=no as another syntactic 
alternative.

77. New configuration display options: "routers", "directors", and "transports" 
show all the respective drivers plus their options; "route_list", 
"director_list" and "transport_list" just give a list of the names.

78. The exim_dbmbuild utility should now be able to cope with systems that use 
the db rather than the ndbm package. It assumes that db creates a single file
with the extension ".db" rather than two files with the extensions ".dir" and 
".pag". Having opened a temporary DBM file, it looks to see which extensions 
have been used, and adjusts its renaming code accordingly.

79. Some simple support for NIS has been added. I cannot do serious testing of 
this myself, though I have checked that simple things seem to work. There are
now two additional values for search types in addition to "lsearch" and "dbm". 
They are "nis" and "nis0". The difference is that for the latter, the zero that
terminates the key string is included in the length when NIS is called.
According to the source of smail this is needed for alias file lookups on Suns.
The lookups always happen in the default NIS domain. The code for calling NIS
is included in the binary only when HAVE_NIS=YES in the build-time
configuration. I have made this the default, but turned it off for BSDI and
FreeBSD.

80. HP-UX uses a formatted string in the gecos field of passwd entries. To 
enable the user name to be extracted from such formatted fields, two new 
options are provided: gecos_pattern is a regular expression that must match the 
field, and if it does, gecos_name is expanded to form the user name.

81. The configuration option "message_id_header_text" now exists. If it is set,
the string is expanded and used to create the text following the "@" in a
"message-id" header if an incoming message does not have one. The default is
equivalent to
  message_id_header_text = ${primary_hostname}
Compare "received_header_text". The text following the @ is constrained by RFC 
822 to be a "domain" and in order to ensure this, any illegal characters are 
automatically converted into ".". This means that constructions like 
${tod_full} can be used.

82. The -N option is a debugging option that inhibits delivery of a message at 
the transport level. It implies -d1. Exim goes through many of the motions of 
delivery - it just doesn't actually transport the message, but instead behaves 
as if it had successfully done so. The log, for example, will contain entries
as if the message had been delivered. Only root or the exim user are allowed to 
use -N with -bd, -q, or -M. In other words, an ordinary user can use it only 
when supplying an incoming message, in which case it applies to that message 
only.

83. There is a new expansion condition that tests for the existence of a file, 
for example ${if exists{/etc/passwd}{yes}{no}}. The substring is first 
expanded. The test is simply on success or failure of a call to stat().

84. Eximon wasn't noticing successful deliveries if the domain name contained 
any upper case letters.

85. Exim wasn't paying attention to any retry information for pipes or files. 
This didn't matter too much, but it left data in the retry file.

86. The file for catching output from a pipe wasn't being deleted when the pipe
address got deferred.

87. Don't add an empty Bcc: header if Cc: exists - my misunderstanding of 
RFC822.

88. Add primary host name to hitching post name for creating lock files - to be 
even more sure of uniqueness.

89. Increase MAXINTERFACES in host.c from 32 to 250 after report that this 
causes problems. Pity that only Solaris 2 appears to have a call to find out 
the actual number.

****
