summaryrefslogtreecommitdiff
path: root/doc/doc-txt
diff options
context:
space:
mode:
authorPhilip Hazel <ph10@hermes.cam.ac.uk>2004-10-07 15:04:35 +0000
committerPhilip Hazel <ph10@hermes.cam.ac.uk>2004-10-07 15:04:35 +0000
commit495ae4b01f36d0d8bb0e34a1d7263c2b8224aa4a (patch)
treefcfaa2c623d4f155eef907b50b950b602829a30b /doc/doc-txt
parent0756eb3cb50d73a77b486e47528f7cb1bffdb299 (diff)
Start
Diffstat (limited to 'doc/doc-txt')
-rw-r--r--doc/doc-txt/ChangeLog2058
-rw-r--r--doc/doc-txt/ChangeLog.02862
-rw-r--r--doc/doc-txt/Exim3.upgrade673
-rw-r--r--doc/doc-txt/Exim4.upgrade1732
-rw-r--r--doc/doc-txt/NewStuff605
-rw-r--r--doc/doc-txt/OptionLists.txt927
-rw-r--r--doc/doc-txt/README84
-rw-r--r--doc/doc-txt/README.SIEVE433
-rw-r--r--doc/doc-txt/dbm.discuss.txt322
-rw-r--r--doc/doc-txt/pcrepattern.txt1413
-rw-r--r--doc/doc-txt/pcretest.txt455
11 files changed, 11564 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
new file mode 100644
index 000000000..adeaba70d
--- /dev/null
+++ b/doc/doc-txt/ChangeLog
@@ -0,0 +1,2058 @@
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.1 2004/10/07 15:04:35 ph10 Exp $
+
+Change log file for Exim from version 4.21
+-------------------------------------------
+
+
+Exim version 4.44
+-----------------
+
+1. Minor wording change to the doc/README.SIEVE file.
+
+
+Exim version 4.43
+-----------------
+
+ 1. Fixed a longstanding but relatively impotent bug: a long time ago, before
+ PIPELINING, the function smtp_write_command() used to return TRUE or FALSE.
+ Now it returns an integer. A number of calls were still expecting a T/F
+ return. Fortuitously, in all cases, the tests worked in OK situations,
+ which is the norm. However, things would have gone wrong on any write
+ failures on the smtp file descriptor. This function is used when sending
+ messages over SMTP and also when doing verify callouts.
+
+ 2. When Exim is called to do synchronous delivery of a locally submitted
+ message (the -odf or -odi options), it no longer closes stderr before doing
+ the delivery.
+
+ 3. Implemented the mua_wrapper option.
+
+ 4. Implemented mx_fail_domains and srv_fail_domains for the dnslookup router.
+
+ 5. Implemented the functions header_remove(), header_testname(),
+ header_add_at_position(), and receive_remove_recipient(), and exported them
+ to local_scan().
+
+ 6. If an ACL "warn" statement specified the addition of headers, Exim already
+ inserted X-ACL-Warn: at the start if there was no header name. However, it
+ was not making this test for the second and subsequent header lines if
+ there were newlines in the string. This meant that an invalid header could
+ be inserted if Exim was badly configured.
+
+ 7. Allow an ACL "warn" statement to add header lines at the start or after all
+ the Received: headers, as well as at the end.
+
+ 8. Added the rcpt_4xx retry error code.
+
+ 9. Added postmaster_mailfrom=xxx to callout verification option.
+
+10. Added mailfrom=xxxx to the callout verification option, for verify=
+ header_sender only.
+
+11. ${substr_1_:xxxx} and ${substr__3:xxxx} are now diagnosed as syntax errors
+ (they previously behaved as ${substr_1_0:xxxx} and ${substr:_0_3:xxxx}).
+
+12. Inserted some casts to stop certain compilers warning when using pointer
+ differences as field lengths or precisions in printf-type calls (mostly
+ affecting debugging statements).
+
+13. Added optional readline() support for -be (dynamically loaded).
+
+14. Obscure bug fix: if a message error (e.g. 4xx to MAIL) happened within the
+ same clock tick as a message's arrival, so that its received time was the
+ same as the "first fail" time on the retry record, and that message
+ remained on the queue past the ultimate address timeout, every queue runner
+ would try a delivery (because it was past the ultimate address timeout) but
+ after another failure, the ultimate address timeout, which should have then
+ bounced the address, did not kick in. This was a "< instead of <=" error;
+ in most cases the first failure would have been in the next clock tick
+ after the received time, and all would be well.
+
+15. The special items beginning with @ in domain lists (e.g. @mx_any) were not
+ being recognized when the domain list was tested by the match_domain
+ condition in an expansion string.
+
+16. Added the ${str2b64: operator.
+
+17. Exim was always calling setrlimit() to set a large limit for the number of
+ processes, without checking whether the existing limit was already
+ adequate. (It did check for the limit on file descriptors.) Furthermore,
+ errors from getrlimit() and setrlimit() were being ignored. Now they are
+ logged to the main and panic logs, but Exim does carry on, to try to do its
+ job under whatever limits there are.
+
+18. Imported PCRE 5.0.
+
+19. Trivial typo in log message " temporarily refused connection" (the leading
+ space).
+
+20. If the log selector return_path_on_delivery was set and an address was
+ redirected to /dev/null, the delivery process crashed because it assumed
+ that a return path would always be set for a "successful" delivery. In this
+ case, the whole delivery is bypassed as an optimization, and therefore no
+ return path is set.
+
+21. Internal re-arrangement: the function for sending a challenge and reading
+ a response while authentication was assuming a zero-terminated challenge
+ string. It's now changed to take a pointer and a length, to allow for
+ binary data in such strings.
+
+22. Added the cyrus_sasl authenticator (code supplied by MBM).
+
+23. Exim was not respecting finduser_retries when seeking the login of the
+ uid under which it was called; it was always trying 10 times. (The default
+ setting of finduser_retries is zero.) Also, it was sleeping after the final
+ failure, which is pointless.
+
+24. Implemented tls_on_connect_ports.
+
+25. Implemented acl_smtp_predata.
+
+26. If the domain in control=submission is set empty, Exim assumes that the
+ authenticated id is a complete email address when it generates From: or
+ Sender: header lines.
+
+27. Added "#define SOCKLEN_T int" to OS/os.h-SCO and OS/os.h-SCO_SV. Also added
+ definitions to OS/Makefile-SCO and OS/Makefile-SCO_SV that put basename,
+ chown and chgrp in /bin and hostname in /usr/bin.
+
+28. Exim was keeping the "process log" file open after each use, just as it
+ does for the main log. This opens the possibility of it remaining open for
+ long periods when the USR1 signal hits a daemon. Occasional processlog
+ errors were reported, that could have been caused by this. Anyway, it seems
+ much more sensible not to leave this file open at all, so that is what now
+ happens.
+
+29. The long-running daemon process does not normally write to the log once it
+ has entered its main loop, and it closes the log before doing so. This is
+ so that log files can straightforwardly be renamed and moved. However,
+ there are a couple of unusual error situations where the daemon does write
+ log entries, and I had neglected to close the log afterwards.
+
+30. The text of an SMTP error response that was received during a remote
+ delivery was being truncated at 512 bytes. This is too short for some of
+ the long messages that one sometimes sees. I've increased the limit to
+ 1024.
+
+31. It is now possible to make retry rules that apply only when a message has a
+ specific sender, in particular, an empty sender.
+
+32. Added "control = enforce_sync" and "control = no_enforce_sync". This makes
+ it possible to be selective about when SMTP synchronization is enforced.
+
+33. Added "control = caseful_local_part" and "control = "caselower_local_part".
+
+32. Implemented hosts_connection_nolog.
+
+33. Added an ACL for QUIT.
+
+34. Setting "delay_warning=" to disable warnings was not working; it gave a
+ syntax error.
+
+35. Added mailbox_size and mailbox_filecount to appendfile.
+
+36. Added control = no_multiline_responses to ACLs.
+
+37. There was a bug in the logic of the code that waits for the clock to tick
+ in the case where the clock went backwards by a substantial amount such
+ that the microsecond fraction of "now" was more than the microsecond
+ fraction of "then" (but the whole seconds number was less).
+
+38. Added support for the libradius Radius client library this is found on
+ FreeBSD (previously only the radiusclient library was supported).
+
+
+Exim version 4.42
+-----------------
+
+ 1. When certain lookups returned multiple values in the form name=value, the
+ quoting of the values was not always being done properly. Specifically:
+ (a) If the value started with a double quote, but contained no whitespace,
+ it was not quoted.
+ (b) If the value contained whitespace other than a space character (i.e.
+ tabs or newlines or carriage returns) it was not quoted.
+ This fix has been applied to the mysql and pgsql lookups by writing a
+ separate quoting function and calling it from the lookup code. The fix
+ should probably also be applied to nisplus, ibase and oracle lookups, but
+ since I cannot test any of those, I have not disturbed their existing code.
+
+ 2. A hit in the callout cache for a specific address caused a log line with no
+ reason for rejecting RCPT. Now it says "Previous (cached) callout
+ verification failure".
+
+ 3. There was an off-by-one bug in the queryprogram router. An over-long
+ return line was truncated at 256 instead of 255 characters, thereby
+ overflowing its buffer with the terminating zero. As well as fixing this, I
+ have increased the buffer size to 1024 (and made a note to document this).
+
+ 4. If an interrupt, such as the USR1 signal that is send by exiwhat, arrives
+ when Exim is waiting for an SMTP response from a remote server, Exim
+ restarts its select() call on the socket, thereby resetting its timeout.
+ This is not a problem when such interrupts are rare. Somebody set up a cron
+ job to run exiwhat every 2 minutes, which is less than the normal select()
+ timeout (5 or 10 minutes). This meant that the select() timeout never
+ kicked in because it was always reset. I have fixed this by comparing the
+ time when an interrupt arrives with the time at the start of the first call
+ to select(). If more time than the timeout has elapsed, the interrupt is
+ treated as a timeout.
+
+ 5. Some internal re-factoring in preparation for the addition of Sieve
+ extensions (by MH). In particular, the "personal" test is moved to a
+ separate function, and given an option for scanning Cc: and Bcc: (which is
+ not set for Exim filters).
+
+ 6. When Exim created an email address using the login of the caller as the
+ local part (e.g. when creating a From: or Sender: header line), it was not
+ quoting the local part when it contained special characters such as @.
+
+ 7. Installed new OpenBSD configuration files.
+
+ 8. Reworded some messages for syntax errors in "and" and "or" conditions to
+ try to make them clearer.
+
+ 9. Callout options, other than the timeout value, were being ignored when
+ verifying sender addresses in header lines. For example, when using
+
+ verify = header_sender/callout=no_cache
+
+ the cache was (incorrectly) being used.
+
+10. Added a missing instance of ${EXE} to the exim_install script; this affects
+ only the Cygwin environment.
+
+11. When return_path_on_delivery was set as a log selector, if different remote
+ addresses in the same message used different return paths and parallel
+ remote delivery occurred, the wrong values would sometimes be logged.
+ (Whenever a remote delivery process finished, the return path value from
+ the most recently started remote delivery process was logged.)
+
+12. RFC 3848 specifies standard names for the "with" phrase in Received: header
+ lines when AUTH and/or TLS are in use. This is the "received protocol"
+ field. Exim used to use "asmtp" for authenticated SMTP, without any
+ indication (in the protocol name) for TLS use. Now it follows the RFC and
+ uses "esmtpa" if the connection is authenticated, "esmtps" if it is
+ encrypted, and "esmtpsa" if it is both encrypted and authenticated. These
+ names appear in log lines as well as in Received: header lines.
+
+13. Installed MH's patches for Sieve to add the "copy" and "vacation"
+ extensions, and comparison tests, and to fix some bugs.
+
+14. Changes to the "personal" filter test:
+
+ (1) The test was buggy in that it was just doing the equivalent of
+ "contains" tests on header lines. For example, if a user's address was
+ anne@some.where, the "personal" test would incorrectly be true for
+
+ To: susanne@some.where
+
+ This test is now done by extracting each address from the header in turn,
+ and checking the entire address. Other tests that are part of "personal"
+ are now done using regular expressions (for example, to check local parts
+ of addresses in From: header lines).
+
+ (2) The list of non-personal local parts in From: addresses has been
+ extended to include "listserv", "majordomo", "*-request", and "owner-*",
+ taken from the Sieve specification recommendations.
+
+ (3) If the message contains any header line starting with "List-" it is
+ treated as non-personal.
+
+ (4) The test for "circular" in the Subject: header line has been removed
+ because it now seems ill-conceived.
+
+15. Minor typos in src/EDITME comments corrected.
+
+16. Installed latest exipick from John Jetmore.
+
+17. If headers_add on a router specified a text string that was too long for
+ string_sprintf() - that is, longer than 8192 bytes - Exim panicked. The use
+ of string_sprintf() is now avoided.
+
+18. $message_body_size was not set (it was always zero) when running the DATA
+ ACL and the local_scan() function.
+
+19. For the "mail" command in an Exim filter, no default was being set for
+ the once_repeat time, causing a random time value to be used if "once" was
+ specified. (If the value happened to be <= 0, no repeat happened.) The
+ default is now 0s, meaning "never repeat". The "vacation" command was OK
+ (its default is 7d). It's somewhat surprising nobody ever noticed this bug
+ (I found it when inspecting the code).
+
+20. There is now an overall timeout for performing a callout verification. It
+ defaults to 4 times the callout timeout, which applies to individual SMTP
+ commands during the callout. The overall timeout applies when there is more
+ than one host that can be tried. The timeout is checked before trying the
+ next host. This prevents very long delays if there are a large number of
+ hosts and all are timing out (e.g. when the network connections are timing
+ out). The value of the overall timeout can be changed by specifying an
+ additional sub-option for "callout", called "maxwait". For example:
+
+ verify = sender/callout=5s,maxwait=20s
+
+21. Add O_APPEND to the open() call for maildirsize files (Exim already seeks
+ to the end before writing, but this should make it even safer).
+
+22. Exim was forgetting that it had advertised PIPELINING for the second and
+ subsequent messages on an SMTP connection. It was also not resetting its
+ memory on STARTTLS and an internal HELO.
+
+23. When Exim logs an SMTP synchronization error within a session, it now
+ records whether PIPELINING has been advertised or not.
+
+24. Added 3 instances of "(long int)" casts to time_t variables that were being
+ formatted using %ld, because on OpenBSD (and perhaps others), time_t is int
+ rather than long int.
+
+25. Installed the latest Cygwin configuration files from the Cygwin maintainer.
+
+26. Added the never_mail option to autoreply.
+
+
+Exim version 4.41
+-----------------
+
+ 1. A reorganization of the code in order to implement 4.40/8 caused a daemon
+ crash if the getsockname() call failed; this can happen if a connection is
+ closed very soon after it is established. The problem was simply in the
+ order in which certain operations were done, causing Exim to try to write
+ to the SMTP stream before it had set up the file descriptor. The bug has
+ been fixed by making things happen in the correct order.
+
+
+Exim version 4.40
+-----------------
+
+ 1. If "drop" was used in a DATA ACL, the SMTP output buffer was not flushed
+ before the connection was closed, thus losing the rejection response.
+
+ 2. Commented out the definition of SOCKLEN_T in os.h-SunOS5. It is needed for
+ some early Solaris releases, but causes trouble in current releases where
+ socklen_t is defined.
+
+ 3. When std{in,out,err} are closed, re-open them to /dev/null so that they
+ always exist.
+
+ 4. Minor refactoring of os.c-Linux to avoid compiler warning when IPv6 is not
+ configured.
+
+ 5. Refactoring in expand.c to improve memory usage. Pre-allocate a block so
+ that releasing the top of it at the end releases what was used for sub-
+ expansions (unless the block got too big). However, discard this block if
+ the first thing is a variable or header, so that we can use its block when
+ it is dynamic (useful for very large $message_headers, for example).
+
+ 6. Lookups now cache *every* query, not just the most recent. A new, separate
+ store pool is used for this. It can be recovered when all lookup caches are
+ flushed. Lookups now release memory at the end of their result strings.
+ This has involved some general refactoring of the lookup sources.
+
+ 7. Some code has been added to the store_xxx() functions to reduce the amount
+ of flapping under certain conditions.
+
+ 8. log_incoming_interface used to affect only the <= reception log lines. Now
+ it causes the local interface and port to be added to several more SMTP log
+ lines, for example "SMTP connection from", and rejection lines.
+
+ 9. The Sieve author supplied some patches for the doc/README.SIEVE file.
+
+10. Added a conditional definition of _BSD_SOCKLEN_T to os.h-Darwin.
+
+11. If $host_data was set by virtue of a hosts lookup in an ACL, its value
+ could be overwritten at the end of the current message (or the start of a
+ new message if it was set in a HELO ACL). The value is now preserved for
+ the duration of the SMTP connection.
+
+12. If a transport had a headers_rewrite setting, and a matching header line
+ contained an unqualified address, that address was qualified, even if it
+ did not match any rewriting rules. The underlying bug was that the values
+ of the flags that permit the existence of unqualified sender and recipient
+ addresses in header lines (set by {sender,recipient}_unqualified_hosts for
+ non-local messages, and by -bnq for local messages) were not being
+ preserved with the message after it was received.
+
+13. When Exim was logging an SMTP synchronization error, it could sometimes log
+ "next input=" as part of the text comprising the host identity instead of
+ the correct text. The code was using the same buffer for two different
+ strings. However, depending on which order the printing function evaluated
+ its arguments, the bug did not always show up. Under Linux, for example, my
+ test suite worked just fine.
+
+14. Exigrep contained a use of Perl's "our" scoping after change 4.31/70. This
+ doesn't work with some older versions of Perl. It has been changed to "my",
+ which in any case is probably the better facility to use.
+
+15. A really picky compiler found some instances of statements for creating
+ error messages that either had too many or two few arguments for the format
+ string.
+
+16. The size of the buffer for calls to the DNS resolver has been increased
+ from 1024 to 2048. A larger buffer is needed when performing PTR lookups
+ for addresses that have a lot of PTR records. This alleviates a problem; it
+ does not fully solve it.
+
+17. A dnsdb lookup for PTR records that receives more data than will fit in the
+ buffer now truncates the list and logs the incident, which is the same
+ action as happens when Exim is looking up a host name and its aliases.
+ Previously in this situation something unpredictable would happen;
+ sometimes it was "internal error: store_reset failed".
+
+18. If a server dropped the connection unexpectedly when an Exim client was
+ using GnuTLS and trying to read a response, the client delivery process
+ crashed while trying to generate an error log message.
+
+19. If a "warn" verb in an ACL added multiple headers to a message in a single
+ string, for example:
+
+ warn message = H1: something\nH2: something
+
+ the text was added as a single header line from Exim's point of view
+ though it ended up OK in the delivered message. However, searching for the
+ second and subsequent header lines using $h_h2: did not work. This has been
+ fixed. Similarly, if a system filter added multiple headers in this way,
+ the routers could not see them.
+
+20. Expanded the error message when iplsearch is called with an invalid key to
+ suggest using net-iplsearch in a host list.
+
+21. When running tests using -bh, any delays imposed by "delay" modifiers in
+ ACLs are no longer actually imposed (and a message to that effect is
+ output).
+
+22. If a "gecos" field in a passwd entry contained escaped characters, in
+ particular, if it contained a \" sequence, Exim got it wrong when building
+ a From: or a Sender: header from that name. A second bug also caused
+ incorrect handling when an unquoted " was present following a character
+ that needed quoting.
+
+23. "{crypt}" as a password encryption mechanism for a "crypteq" expansion item
+ was not being matched caselessly.
+
+24. Arranged for all hyphens in the exim.8 source to be escaped with
+ backslashes.
+
+25. Change 16 of 4.32, which reversed 71 or 4.31 didn't quite do the job
+ properly. Recipient callout cache records were still being keyed to include
+ the sender, even when use_sender was set false. This led to far more
+ callouts that were necessary. The sender is no longer included in the key
+ when use_sender is false.
+
+26. Added "control = submission" modifier to ACLs.
+
+27. Added the ${base62d: operator to decode base 62 numbers.
+
+28. dnsdb lookups can now access SRV records.
+
+29. CONFIGURE_OWNER can be set at build time to define an alternative owner for
+ the configuration file.
+
+30. The debug message "delivering xxxxxx-xxxxxx-xx" is now output in verbose
+ (-v) mode. This makes the output for a verbose queue run more intelligible.
+
+31. Added a use_postmaster feature to recipient callouts.
+
+32. Added the $body_zerocount variable, containing the number of binary zero
+ bytes in the message body.
+
+33. The time of last modification of the "new" subdirectory is now used as the
+ "mailbox time last read" when there is a quota error for a maildir
+ delivery.
+
+34. Added string comparison operators lt, lti, le, lei, gt, gti, ge, gei.
+
+35. Added +ignore_unknown as a special item in host lists.
+
+36. Code for decoding IPv6 addresses in host lists is now included, even if
+ IPv6 support is not being compiled. This fixes a bug in which an IPv6
+ address was recognized as an IP address, but was then not correctly decoded
+ into binary, causing unexpected and incorrect effects when compared with
+ another IP address.
+
+
+Exim version 4.34
+-----------------
+
+ 1. Very minor rewording of debugging text in manualroute to say "list of
+ hosts" instead of "hostlist".
+
+ 2. If verify=header_syntax was set, and a header line with an unqualified
+ address (no domain) and a large number of spaces between the end of the
+ name and the colon was received, the reception process suffered a buffer
+ overflow, and (when I tested it) crashed. This was caused by some obsolete
+ code that should have been removed. The fix is to remove it!
+
+ 3. When running in the test harness, delay a bit after writing a bounce
+ message to get a bit more predictability in the log output.
+
+ 4. Added a call to search_tidyup() just before forking a reception process. In
+ theory, someone could use a lookup in the expansion of smtp_accept_max_
+ per_host which, without the tidyup, could leave open a database connection.
+
+ 5. Added the variables $recipient_data and $sender_data which get set from a
+ lookup success in an ACL "recipients" or "senders" condition, or a router
+ "senders" option, similar to $domain_data and $local_part_data.
+
+ 6. Moved the writing of debug_print from before to after the "senders" test
+ for routers.
+
+ 7. Change 4.31/66 (moving the time when the Received: is generated) caused
+ problems for message scanning, either using a data ACL, or using
+ local_scan() because the Received: header was not generated till after they
+ were called (in order to set the time as the time of reception completion).
+ I have revised the way this works. The header is now generated after the
+ body is received, but before the ACL or local_scan() are called. After they
+ are run, the timestamp in the header is updated.
+
+
+Exim version 4.33
+-----------------
+
+ 1. Change 4.24/6 introduced a bug because the SIGALRM handler was disabled
+ before starting a queue runner without re-exec. This happened only when
+ deliver_drop_privilege was set or when the Exim user was set to root. The
+ effect of the bug was that timeouts during subsequent deliveries caused
+ crashes instead of being properly handled. The handler is now left at its
+ default (and expected) setting.
+
+ 2. The other case in which a daemon avoids a re-exec is to deliver an incoming
+ message, again when deliver_drop_privilege is set or Exim is run as root.
+ The bug described in (1) was not present in this case, but the tidying up
+ of the other signals was missing. I have made the two cases consistent.
+
+ 3. The ignore_target_hosts setting on a manualroute router was being ignored
+ for hosts that were looked up using the /MX notation.
+
+ 4. Added /ignore=<ip list> feature to @mx_any, @mx_primary, and @mx_secondary
+ in domain lists.
+
+ 5. Change 4.31/55 was buggy, and broke when there was a rewriting rule that
+ operated on the sender address. After changing the $sender_address to <>
+ for the sender address verify, Exim was re-instated it as the original
+ (before rewriting) address, but remembering that it had rewritten it, so it
+ wasn't rewriting it again. This bug also had the effect of breaking the
+ sender address verification caching when the sender address was rewritten.
+
+ 6. The ignore_target_hosts option was being ignored by the ipliteral router.
+ This has been changed so that if the ip literal address matches
+ ignore_target_hosts, the router declines.
+
+ 7. Added expansion conditions match_domain, match_address, and match_local_
+ part (NOT match_host).
+
+ 8. The placeholder for the Received: header didn't have a length field set.
+
+ 9. Added code to Exim itself and to exim_lock to test for a specific race
+ condition that could lead to file corruption when using MBX delivery. The
+ issue is with the lockfile that is created in /tmp. If this file is removed
+ after a process has opened it but before that process has acquired a lock,
+ there is the potential for a second process to recreate the file and also
+ acquire a lock. This could lead to two Exim processes writing to the file
+ at the same time. The added code performs the same test as UW imapd; it
+ checks after acquiring the lock that its file descriptor still refers to
+ the same named file.
+
+10. The buffer for building added header lines was of fixed size, 8192 bytes.
+ It is now parameterized by HEADER_ADD_BUFFER_SIZE and this can be adjusted
+ when Exim is built.
+
+11. Added the smtp_active_hostname option. If used, this will typically be made
+ to depend on the incoming interface address. Because $interface_address is
+ not set up until the daemon has forked a reception process, error responses
+ that can happen earlier (such as "too many connections") no longer contain
+ a host name.
+
+12. If an expansion in a condition on a "warn" statement fails because a lookup
+ defers, the "warn" statement is abandoned, and the next ACL statement is
+ processed. Previously this caused the whole ACL to be aborted.
+
+13. Added the iplsearch lookup type.
+
+14. Added ident_timeout as a log selector.
+
+15. Added tls_certificate_verified as a log selector.
+
+16. Added a global option tls_require_ciphers (compare the smtp transport
+ option of the same name). This controls incoming TLS connections.
+
+17. I finally figured out how to make tls_require_ciphers do a similar thing
+ in GNUtls to what it does in OpenSSL, that is, set up an appropriate list
+ before starting the TLS session.
+
+18. Tabs are now shown as \t in -bP output.
+
+19. If the log selector return_path_on_delivery was set, Exim crashed when
+ bouncing a message because it had too many Received: header lines.
+
+20. If two routers both had headers_remove settings, and the first one included
+ a superfluous trailing colon, the final name in the first list and the
+ first name in the second list were incorrectly joined into one item (with a
+ colon in the middle).
+
+
+Exim version 4.32
+-----------------
+
+ 1. Added -C and -D options to the exinext utility, mainly to make it easier
+ to include in the automated testing, but these could be helpful when
+ multiple configurations are in use.
+
+ 2. The exinext utility was not formatting the output nicely when there was
+ an alternate port involved in the retry record key, nor when there was a
+ message id as well (for retries that were specific to a specific message
+ and a specific host). It was also confused by IPv6 addresses, because of
+ the additional colons they contain. I have fixed the IPv4 problem, and
+ patched it up to do a reasonable job for IPv6.
+
+ 3. When there is an error after a MAIL, RCPT, or DATA SMTP command during
+ delivery, the log line now contains "pipelined" if PIPELINING was used.
+
+ 4. An SMTP transport process used to panic and die if the bind() call to set
+ an explicit outgoing interface failed. This has been changed; it is now
+ treated in the same way as a connect() failure.
+
+ 5. A reference to $sender_host_name in the part of a conditional expansion
+ that was being skipped was still causing a DNS lookup. This no longer
+ occurs.
+
+ 6. The def: expansion condition was not recognizing references to header lines
+ that used bh_ and bheader_.
+
+ 7. Added the _cache feature to named lists.
+
+ 8. The code for checking quota_filecount in the appendfile transport was
+ allowing one more file than it should have been.
+
+ 9. For compatibility with Sendmail, the command line option
+
+ -prval:sval
+
+ is equivalent to
+
+ -oMr rval -oMs sval
+
+ and sets the incoming protocol and host name (for trusted callers). The
+ host name and its colon can be omitted when only the protocol is to be set.
+ Note the Exim already has two private options, -pd and -ps, that refer to
+ embedded Perl. It is therefore impossible to set a protocol value of "d" or
+ "s", but I don't think that's a major issue.
+
+10. A number of refactoring changes to the code, none of which should affect
+ Exim's behaviour:
+
+ (a) The number of logging options was getting close to filling up the
+ 32-bit word that was used as a bit map. I have split them into two classes:
+ those that are passed in the argument to log_write(), and those that are
+ only ever tested independently outside of that function. These are now in
+ separate 32-bit words, so there is plenty of room for expansion again.
+ There is no change in the user interface or the logging behaviour.
+
+ (b) When building, for example, log lines, the code previously used a
+ macro that called string_cat() twice, in order to add two strings. This is
+ not really sufficiently general. Furthermore, there was one instance where
+ it was actually wrong because one of the argument was used twice, and in
+ one call a function was used. (As it happened, calling the function twice
+ did not affect the overall behaviour.) The macro has been replaced by a
+ function that can join an arbitrary number of extra strings onto a growing
+ string.
+
+ (c) The code for expansion conditions now uses a table and a binary chop
+ instead of a serial search (which was left over from when there were very
+ few conditions). Also, it now recognizes conditions like "pam" even when
+ the relevant support is not compiled in: a suitably worded error message is
+ given if an attempt is made to use such a condition.
+
+11. Added ${time_interval:xxxxx}.
+
+12. A bug was causing one of the ddress fields not to be passed back correctly
+ from remote delivery subprocesses. The field in question was not being
+ subsequently used, so this caused to problems in practice.
+
+13. Added new log selectors queue_time and deliver_time.
+
+14. Might have fixed a bug in maildirsizefile handling that threw up
+ "unexpected character" debug warnings, and recalculated the data
+ unnecessarily. In any case, I expanded the warning message to give more
+ information.
+
+15. Added the message "Restricted characters in address" to the statements in
+ the default ACL that block characters like @ and % in local parts.
+
+16. Change 71 for release 4.31 proved to be much less benign that I imagined.
+ Three changes have been made:
+
+ (a) There was a serious bug; a negative response to MAIL caused the whole
+ recipient domain to be cached as invalid, thereby blocking all messages
+ to all local parts at the same domain, from all senders. This bug has
+ been fixed. The domain is no longer cached after a negative response to
+ MAIL if the sender used is not empty.
+
+ (b) The default behaviour of using MAIL FROM:<> for recipient callouts has
+ been restored.
+
+ (c) A new callout option, "use_sender" has been added for people who want
+ the modified behaviour.
+
+
+Exim version 4.31
+-----------------
+
+ 1. Removed "EXTRALIBS=-lwrap" from OS/Makefile-Unixware7 on the advice of
+ Larry Rosenman.
+
+ 2. Removed "LIBS = -lresolv" from OS/Makefile-Darwin as it is not needed, and
+ indeed breaks things for older releases.
+
+ 3. Added additional logging to the case where there is a problem reading data
+ from a filter that is running in a subprocess using a pipe, in order to
+ try to track down a specific problem.
+
+ 4. Testing facility fudge: when running in the test harness and attempting
+ to connect to 10.x.x.x (expecting a connection timeout) I'm now sometimes
+ getting "No route to host". Convert this to a timeout.
+
+ 5. Define ICONV_ARG2_TYPE as "char **" for Unixware7 to avoid compiler
+ warning.
+
+ 6. Some OS don't have socklen_t but use size_t instead. This affects the
+ fifth argument of getsockopt() amongst other things. This is now
+ configurable by a macro called SOCKLEN_T which defaults to socklen_t, but
+ can be set for individual OS. I have set it for SunOS5, OSF1, and
+ Unixware7. Current versions of SunOS5 (aka Solaris) do have socklen_t, but
+ some earlier ones do not.
+
+ 7. Change 4.30/15 was not doing the test caselessly.
+
+ 8. The standard form for an IPv6 address literal was being rejected by address
+ parsing in, for example, MAIL and RCPT commands. An example of this kind of
+ address is [IPv6:2002:c1ed:8229:10:202:2dff:fe07:a42a]. Exim now accepts
+ this, as well as the form without the "IPv6" on the front (but only when
+ address literals are enabled, of course).
+
+ 9. Added some casts to avoid compiler warnings in OS/os.c-Linux.
+
+10. Exim crashed if a message with an empty sender address specified by -f
+ encountered a router with an errors_to setting. This could be provoked only
+ by a command such as
+
+ exim -f "" ...
+
+ where an empty string was supplied; "<>" did not hit this bug.
+
+11. Installed PCRE release 4.5.
+
+12. If EHLO/HELO was rejected by an ACL, the value of $sender_helo_name
+ remained set. It is now erased.
+
+13. exiqgrep wasn't working on MacOS X because it didn't correctly compute
+ times from message ids (which are base 36 rather than the normal 62).
+
+14. "Expected" SMTP protocol errors that can arise when PIPELINING is in use
+ were being counted as actual protocol errors, and logged if the log
+ selector +smtp_protocol_error was set. One cannot be perfect in this test,
+ but now, if PIPELINING has been advertised, RCPT following a rejected MAIL,
+ and DATA following a set of rejected RCPTs do not count as protocol errors.
+ In other words, Exim assumes they were pipelined, though this may not
+ actually be the case. Of course, in all cases the client gets an
+ appropriate error code.
+
+15. If a lookup fails in an ACL condition, a message about the failure may
+ be available; it is used if testing the ACL cannot continue, because most
+ such messages specify what the cause of the deferral is. However, some
+ messages (e.g. "MYSQL: no data found") do not cause a defer. There was bug
+ that caused an old message to be retained and used if a later statement
+ caused a defer, replacing the real cause of the deferral.
+
+16. If an IP address had so many PTR records that the DNS lookup buffer
+ was not large enough to hold them, Exim could crash while trying to process
+ the truncated data. It now detects and logs this case.
+
+17. Further to 4.21/58, another change has been made: if (and only if) the
+ first line of a message (the first header line) ends with CRLF, a bare LF
+ in a subsequent header line has a space inserted after it, so as not to
+ terminate the header.
+
+18. Refactoring: tidied an ugly bit of code in appendfile that copied data
+ unnecessarily, used atoi() instead of strtol(), and didn't check the
+ termination when getting file sizes from file names by regex.
+
+19. Completely re-implemented the support for maildirsize files, in the light
+ of a number of problems with the previous contributed implementation
+ (4.30/29). In particular:
+
+ . If the quota is zero, the maildirsize file is maintained, but no quota is
+ imposed.
+
+ . If the maildir directory does not exist, it is created before any attempt
+ to write a maildirsize file.
+
+ . The quota value in the file is just a cache; if the quota is changed in
+ the transport, the new value overrides.
+
+ . A regular expression is available for excluding directories from the
+ count.
+
+20. The autoreply transport checks the characters in options that define the
+ message's headers; it allows continued headers, but it was checking with
+ isspace() after an embedded newline instead of explicitly looking for a
+ space or a tab.
+
+21. If all the "regular" hosts to which an address was routed had passed their
+ expiry times, and had not reached their retry times, the address was
+ bounced, even if fallback hosts were defined. Now Exim should go on to try
+ the fallback hosts.
+
+22. Increased buffer sizes in the callout code from 1024 to 4096 to match the
+ equivalent code in the SMTP transport. Some hosts send humungous responses
+ to HELO/EHLO, more than 1024 it seems.
+
+23. Refactoring: code in filter.c used (void *) for "any old type" but this
+ gives compiler warnings in some environments. I've now done it "properly",
+ using a union.
+
+24. The replacement for inet_ntoa() that is used with gcc on IRIX systems
+ (because of problems with the built-in one) was declared to return uschar *
+ instead of char *, causing compiler failure.
+
+25. Fixed a file descriptor leak when processing alias/forward files.
+
+26. Fixed a minor format string issue in dbfn.c.
+
+27. Typo in exim.c: ("dmbnz" for "dbmnz").
+
+28. If a filter file refered to $h_xxx or $message_headers, and the headers
+ contained RFC 2047 "words", Exim's memory could, under certain conditions,
+ become corrupted.
+
+29. When a sender address is verified, it is cached, to save repeating the test
+ when there is more than one recipient in a message. However, when the
+ verification involves a callout, it is possible for different callout
+ options to be set for different recipients. It is too complicated to keep
+ track of this in the cache, so now Exim always runs a verification when a
+ callout is required, relying on the callout cache for the optimization.
+ The overhead is duplication of the address routing, but this should not be
+ too great.
+
+30. Fixed a bug in callout caching. If a RCPT command caused the sender address
+ to be verified with callout=postmaster, and the main callout worked but the
+ postmaster check failed, the verification correctly failed. However, if a
+ subsequent RCPT command asked for sender verification *without* the
+ postmaster check, incorrect caching caused this verification also to fail,
+ incorrectly.
+
+31. Exim caches DNS lookup failures so as to avoid multiple timeouts; however,
+ it was not caching the DNS options (qualify_single, search_parents) that
+ were used when the lookup failed. A subsequent lookup with different
+ options therefore always gave the same answer, though there were cases
+ where it should not have. (Example: a "domains = !$mx_any" option on a
+ dnslookup router: the "domains" option is always processed without any
+ widening, but the router might have qualify_single set.) Now Exim uses the
+ cached value only when the same options are set.
+
+32. Added John Jetmore's "exipick" utility to the distribution.
+
+33. GnuTLS: When an attempt to start a TLS session fails for any reason other
+ than a timeout (e.g. a certificate is required, and is not provided), an
+ Exim server now closes the connection immediately. Previously it waited for
+ the client to close - but if the client is SSL, it seems that they each
+ wait for each other, leading to a delay before one of them times out.
+
+34: GnuTLS: Updated the code to use the new GnuTLS 1.0.0 API. I have not
+ maintained 0.8.x compatibility because I don't think many are using it, and
+ it is clearly obsolete.
+
+35. Added TLS support for CRLs: a tls_crl global option and one for the smtp
+ transport.
+
+36. OpenSSL: $tls_certificate_verified was being set to 1 even if the
+ client certificate was expired. A simple patch fixes this, though I don't
+ understand the full logic of why the verify callback is called multiple
+ times.
+
+37. OpenSSL: a patch from Robert Roselius: "Enable client-bug workaround.
+ Versions of OpenSSL as of 0.9.6d include a 'CBC countermeasure' feature,
+ which causes problems with some clients (such as the Certicom SSL Plus
+ library used by Eudora). This option, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS,
+ disables the coutermeasure allowing Eudora to connect."
+
+38. Exim was not checking that a write() to a log file succeeded. This could
+ lead to Bad Things if a log got too big, in particular if it hit a file
+ size limit. Exim now panics and dies if it cannot write to a log file, just
+ as it does if it cannot open a log file.
+
+39. Modified OS/Makefile-Linux so that it now contains
+
+ CFLAGS=-O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+
+ The two -D definitions ensure that Exim is compiled with large file
+ support, which makes it possible to handle log files that are bigger than
+ 2^31.
+
+40. Fixed a subtle caching bug: if (in an ACL or a set of routers, for
+ instance) a domain was checked against a named list that involved a lookup,
+ causing $domain_data to be set, then another domain was checked against the
+ same list, then the first domain was re-checked, the value of $domain_data
+ after the final check could be wrong. In particular, if the second check
+ failed, it could be set empty. This bug probably also applied to
+ $localpart_data.
+
+41. The strip_trailing_dot option was not being applied to the address given
+ with the -f command-line option.
+
+42. The code for reading a message's header from the spool was incrementing
+ $received_count, but never initializing it. This meant that the value was
+ incorrect (doubled) while delivering a message in the same process in which
+ it was received. In the most common configuration of Exim, this never
+ happens - a fresh exec is done - but it can happen when
+ deliver_drop_privilege is set.
+
+43. When Exim logs an SMTP synchronization error - client data sent too soon -
+ it now includes up to 150 characters of the unexpected data in the log
+ line.
+
+44. The exim_dbmbuild utility uses fixed size buffers for reading input lines
+ and building data strings. The size of both of these buffers was 10 000
+ bytes - far larger than anybody would *ever* want, thought I. Needless to
+ say, somebody hit the limit. I have increased the maximum line length to
+ 20 000 and the maximum data length of concatenated lines to 100 000. I have
+ also fixed two bugs, because there was no checking on these buffers. Tsk,
+ tsk. Now exim_dbmbuild gives a message and exits with an error code if a
+ buffer is too small.
+
+45. The exim_dbmbuild utility did not support quoted keys, as Exim does in
+ lsearch lookups. Now it does.
+
+46. When parsing a route_list item in a manualroute router, a fixed-length
+ buffer was used for the list of hosts. I made this 1024 bytes long,
+ thinking that nobody would ever have a list of hosts that long. Wrong.
+ Somebody had a whole pile of complicated expansion conditions, and the
+ string was silently truncated, leading to an expansion error. It turns out
+ that it is easier to change to an unlimited length (owing to other changes
+ that have happened since this code was originally written) than to build
+ structure for giving a limitation error. The length of the item that
+ expands into the list of hosts is now unlimited.
+
+47. The lsearch lookup could not handle data where the length of text line was
+ more than 4095 characters. Such lines were truncated, leading to shortened
+ data being returned. It should now handle lines of any length.
+
+48. Minor wording revision: "cannot test xxx in yyy ACL" becomes "cannot test
+ xxx condition in yyy ACL" (e.g. "cannot test domains condition in DATA
+ ACL").
+
+49. Cosmetic tidy to scripts like exicyclog that are generated by globally
+ replacing strings such as BIN_DIRECTORY in a source file: the replacement
+ no longer happens in comment lines. A list of replacements is now placed
+ at the head of all of the source files, except those whose only change is
+ to replace PERL_COMMAND in the very first #! line.
+
+50. Replaced the slow insertion sort in queue.c, for sorting the list of
+ messages on the queue, with a bottom-up merge sort, using code contributed
+ by Michael Haardt. This should make operations like -bp somewhat faster on
+ large queues. It won't affect queue runners, except when queue_run_in_order
+ is set.
+
+51. Installed eximstats 1.31 in the distribution.
+
+52. Added support for SRV lookups to the dnslookup router.
+
+53. If an ACL referred to $message_body or $message_body_end, the value was not
+ reset for any messages that followed in the same SMTP session.
+
+54. The store-handling optimization for building very long strings was not
+ differentiating between the different store pools. I don't think this
+ actually made any difference in practice, but I've tidied it.
+
+55. While running the routers to verify a sender address, $sender_address
+ was still set to the sender address. This is wrong, because when routing to
+ send a bounce to the sender, it would be empty. Therefore, I have changed
+ it so that, while verifying a sender address, $sender_address is set to <>.
+ (There is no change to what happens when verifying a recipient address.)
+
+56. After finding MX (or SRV) records, Exim was doing a DNS lookup for the
+ target A or AAAA records (if not already returned) without resetting the
+ qualify_single or search_parents options of the DNS resolver. These are
+ inappropriate in this case because the targets of MX and SRV records must
+ be FQDNs. A broken DNS record could cause trouble if it happened to have a
+ target that, when qualified, matched something in the local domain. These
+ two options are now turned off when doing these lookups.
+
+57. It seems that at least some releases of Reiserfs (which does not have the
+ concept of a fixed number of inodes) returns zero and not -1 for the
+ number of available inodes. This interacted badly with check_spool_inodes,
+ which assumed that -1 was the "no such thing" setting. What I have done is
+ to check that the total number of inodes is greater than zero before doing
+ the test of how many are available.
+
+58. When a "warn" ACL statement has a log_message modifier, the message is
+ remembered, and not repeated. This is to avoid a lot of repetition when a
+ message has many recipients that cause the same warning to be written.
+ Howewer, Exim was preserving the list of already written lines for an
+ entire SMTP session, which doesn't seem right. The memory is now reset if a
+ new message is started.
+
+59. The "rewrite" debugging flag was not showing the result of rewriting in the
+ debugging output unless log_rewrite was also set.
+
+60. Avoid a compiler warning on 64-bit systems in dsearch.c by avoiding the use
+ of (int)(handle) when we know that handle contains (void *)(-1).
+
+61. The Exim daemon panic-logs an error return when it closes the incoming
+ connection. However "connection reset by peer" seems to be common, and
+ isn't really an error worthy of noting specially, so that particular error
+ is no long logged.
+
+62. When Exim is trying to find all the local interfaces, it used to panic and
+ die if the ioctl to get the interface flags failed. However, it seems that
+ on at least one OS (Solaris 9) it is possible to have an interface that is
+ included in the list of interfaces, but for which you get a failure error
+ for this call. This happens when the interface is not "plumbed" into a
+ protocol (i.e. neither IPv4 nor IPv6). I've changed the code so that a
+ failure of the "get flags" call assumes that the interface is down.
+
+63. Added a ${eval10: operator, which assumes all numbers are decimal. This
+ makes life easier for people who are doing arithmetic on fields extracted
+ from dates, where you often get leading zeros that should not be
+ interpreted as octal.
+
+64. Added qualify_domain to the redirect router, to override the global
+ setting.
+
+65. If a pathologically long header line contained very many addresses (the
+ report of this problem mentioned 10 000) and each of them was rewritten,
+ Exim could use up a very large amount of memory. (It kept on making new
+ copies of the header line as it rewrote, and never released the old ones.)
+ At the expense of a bit more processing, the header rewriting function has
+ been changed so that it no longer eats memory in this way.
+
+66. The generation of the Received: header has been moved from the time that a
+ message starts to be received, to the time that it finishes. The timestamp
+ in the Received: header should now be very close to that of the <= log
+ line. There are two side-effects of this change:
+
+ (a) If a message is rejected by a DATA or non-SMTP ACL or local_scan(), the
+ logged header lines no longer include the local Received: line, because
+ it has not yet been created. The same applies to a copy of the message
+ that is returned to a non-SMTP sender when a message is rejected.
+
+ (b) When a filter file is tested using -bf, no additional Received: header
+ is added to the test message. After some thought, I decided that this
+ is a bug fix.
+
+ This change does not affect the value of $received_for. It is still set
+ after address rewriting, but before local_scan() is called.
+
+67. Installed the latest Cygwin-specific files from the Cygwin maintainer.
+
+68. GnuTLS: If an empty file is specified for tls_verify_certificates, GnuTLS
+ gave an unhelpful panic error message, and a defer error. I have managed to
+ change this behaviour so that it now rejects any supplied certificate,
+ which seems right, as the list of acceptable certificates is empty.
+
+69. OpenSSL: If an empty file is specified for tls_verify_certificates, OpenSSL
+ gave an unhelpful defer error. I have not managed to make this reject any
+ supplied certificates, but the error message it gives is "no certificate
+ supplied", which is not helpful.
+
+70. exigrep's output now also includes lines that are not associated with any
+ message, but which match the given pattern. Implemented by a patch from
+ Martin Sluka, which also tidied up the Perl a bit.
+
+71. Recipient callout verification, like sender verification, was using <> in
+ the MAIL FROM command. This isn't really the right thing, since the actual
+ sender may affect whether the remote host accepts the recipient or not. I
+ have changed it to use the actual sender in the callout; this means that
+ the cache record is now keyed on a recipient/sender pair, not just the
+ recipient address. There doesn't seem to be a real danger of callout loops,
+ since a callout by the remote host to check the sender would use <>.
+ [SEE ABOVE: changed after hitting problems.]
+
+72. Exim treats illegal SMTP error codes that do not begin with 4 or 5 as
+ temporary errors. However, in the case of such a code being given after
+ the end of a data transmission (i.e. after ".") Exim was failing to write
+ a retry record for the message. (Yes, there was some broken host that was
+ actually sending 8xx at this point.)
+
+73. An unknown lookup type in a host list could cause Exim to panic-die when
+ the list was checked. (An example that provoked this was putting <; in the
+ middle of a list instead of at the start.) If this happened during a DATA
+ ACL check, a -D file could be left lying around. This kind of configuration
+ error no longer causes Exim to die; instead it causes a defer errror. The
+ incident is still logged to the main and panic logs.
+
+74. Buglet left over from Exim 3 conversion. The message "too many messages
+ in one connection" was written to the rejectlog but not the mainlog, except
+ when address rewriting (yes!) was being logged.
+
+75. Added write_rejectlog option.
+
+76. When a system filter was run not as root (that is, when system_filter_user
+ was set), the values of the $n variables were not being returned to the
+ main process; thus, they were not subsequently available in the $sn
+ variables.
+
+77. Added +return_path_on_delivery log selector.
+
+78. A connection timeout was being treated differently from recipients deferred
+ when testing hosts_max_try with a message that was older than the host's
+ retry timeout. (The host should not be counted, thus allowing all hosts to
+ be tried at least once before bouncing.) This may have been the cause of an
+ occasionally reported bug whereby a message would remain on the queue
+ longer than the retry timeout, but would be bounced if a delivery was
+ forced. I say "may" because I never totally pinned down the problem;
+ setting up timeout/retry tests is difficult. See also the next item.
+
+79. The ultimate address timeout was not being applied to errors that involved
+ a combination of host plus message (for example, a timeout on a MAIL
+ command). When an address resolved to a number of possible hosts, and they
+ were not all tried for each delivery (e.g. because of hosts_max_try), a
+ message could remain on the queue longer than the retry timeout.
+
+80. Sieve bug: "stop" inside "elsif" was broken. Applied a patch from Michael
+ Haardt.
+
+81. Fixed an obscure SMTP outgoing bug which required at least the following
+ conditions: (a) there was another message waiting for the same server;
+ (b) the server returned 5xx to all RCPT commands in the first message so
+ that the message was not completed; (c) the server dropped the connection
+ or gave a negative response to the RSET that Exim sends to abort the
+ transaction. The observed case was a dropped connection after DATA that had
+ been sent in pipelining mode. That is, the server had advertised PIPELINING
+ but was not implementing it correctly. The effect of the bug was incorrect
+ behaviour, such as trying another host, and this could lead to a crash.
+
+
+Exim version 4.30
+-----------------
+
+ 1. The 3rd arguments to getsockname(), getpeername(), and accept() in exim.c
+ and daemon.c were passed as pointers to ints; they should have been
+ pointers to socklen_t variables (which are typically unsigned ints).
+
+ 2. Some signed/unsigned type warnings in the os.c file for Linux have been
+ fixed.
+
+ 3. Fixed a really odd bug that affected only the testing scheme; patching a
+ certain fixed string in the binary changed the value of another string that
+ happened to be identical to the end of the original first string.
+
+ 4. When gethostbyname() (or equivalent) is passed an IP address as a "host
+ name", it returns that address as the IP address. On some operating
+ systems (e.g. Solaris), it also passes back the IP address string as the
+ "host name". However, on others (e.g. Linux), it passes back an empty
+ string. Exim wasn't checking for this, and was changing the host name to an
+ empty string, assuming it had been canonicized.
+
+ 5. Although rare, it is permitted to have more than one PTR record for a given
+ IP address. I thought that gethostbyaddr() or getipnodebyaddr() always gave
+ all the names associated with an address, because they do in Solaris.
+ However, it seems that they do not in Linux for data that comes from the
+ DNS. If an address in /etc/hosts has multiple names, they _are_ all given.
+ I found this out when I moved to a new Linux workstation and tried to run
+ the Exim test suite.
+
+ To get round this problem I have changed the code so that it now does its
+ own call to the DNS to look up PTR records when searching for a host name.
+ If nothing can be found in the DNS, it tries gethostbyaddr(), so that
+ addresses that are only in /etc/hosts are still found.
+
+ This behaviour is, however, controlled by an option called host_lookup_
+ order, which defaults to "bydns:byaddr". If people want to use the other
+ order, or indeed, just use one or the other means of lookup, they can
+ specify it in this variable.
+
+ 6. If a PTR record yields an empty name, Exim treats it as non-existent. In
+ some operating systems, this comes back from gethostbyaddr() as an empty
+ string, and this is what Exim used to test for. However, it seems that in
+ other systems, "." is yielded. Exim now tests for this case too.
+
+ 7. The values of check_spool_space and check_log_space are now held internally
+ as a number of kilobytes instead of an absolute number of bytes. If a
+ numbers is specified without 'K' or 'M', it is rounded up to the nearest
+ kilobyte. This means that much larger values can be stored.
+
+ 8. Exim monitor: an attempt to get the action menu when not actually pointing
+ at a message produces an empty menu entitled "No message selected". This
+ works on Solaris (OpenWindows). However, XFree86 does not like a menu with
+ no entries in it ("Shell widget menu has zero width and/or height"). So I
+ have added a single, blank menu entry in this case.
+
+ 9. Added ${quote_local_part.
+
+10. MIME decoding is now applied to the contents of Subject: header lines when
+ they are logged.
+
+11. Now that a reference to $sender_host_address automatically causes a reverse
+ lookup to occur if necessary (4.13/18), there is no need to arrange for a
+ host lookup before query-style lookups in lists that might use this
+ variable. This has therefore been abolished, and the "net-" prefix is no
+ longer necessary for query-style lookups.
+
+12. The Makefile for SCO_SV contained a setting of LDFLAGS. This appears to
+ have been a typo for LFLAGS, so it has been changed.
+
+13. The install script calls Exim with "-C /dev/null" in order to find the
+ version number. If ALT_CONFIG_PREFIX was set, this caused an error message
+ to be output. Howeve, since Exim outputs its version number before the
+ error, it didn't break the script. It just looked ugly. I fixed this by
+ always allowing "-C /dev/null" if the caller is root.
+
+14. Ignore overlarge ACL variable number when reading spool file - insurance
+ against a later release with more variables having written the file.
+
+15. The standard form for an IPv6 address literal was being rejected by EHLO.
+ Example: [IPv6:2002:c1ed:8229:10:202:2dff:fe07:a42a]. Exim now accepts
+ this, as well as the form without the "IPv6" on the front.
+
+16. Added CHOWN_COMMAND=/usr/sbin/chown and LIBS=-lresolv to the
+ OS/Makefile-Darwin file.
+
+17. Fixed typo in lookups/ldap.c: D_LOOKUP should be D_lookup. This applied
+ only to LDAP libraries that do not have LDAP_OPT_DEREF.
+
+18. After change 4.21/52, "%ld" was used to format the contents of the $inode
+ variable. However, some OS use ints for inodes. I've added cast to long int
+ to get rid of the compiler warning.
+
+19. I had forgotten to lock out "/../" in configuration file names when
+ ALT_CONFIG_PREFIX was set.
+
+20. Routers used for verification do not need to specify transports. However,
+ if such a router generated a host list, and callout was configured, Exim
+ crashed, because it could not find a port number from the (non-existent)
+ transport. It now assumes port 25 in this circumstance.
+
+21. Added the -t option to exigrep.
+
+22. If LOOKUP_LSEARCH is defined, all three linear search methods (lsearch,
+ wildlsearch, nwildlsearch) are compiled. LOOKUP_WILDLSEARCH and LOOKUP_
+ NWILDLSEARCH are now obsolete, but retained for compatibility. If either of
+ them is set, LOOKUP_LSEARCH is forced.
+
+23. "exim -bV" now outputs a list of lookups that are included in the binary.
+
+24. Added sender and host information to the "rejected by local_scan()" log
+ line; previously there was no indication of these.
+
+25. Added .include_if_exists.
+
+26. Change 3.952/11 added an explicit directory sync on top of a file sync for
+ Linux. It turns out that not all file systems support this. Apparently some
+ versions of NFS do not. (It's rare to put Exim's spool on NFS, but people
+ do it.) To cope with this, the error EINVAL, which means that sync-ing is
+ not supported on the file descriptor, is now ignored when Exim is trying to
+ sync a directory. This applies only to Linux.
+
+27. Added -DBIND_8_COMPAT to the CLFAGS setting for Darwin.
+
+28. In Darwin (MacOS X), the PAM headers are in /usr/include/pam and not in
+ /usr/include/security. There's now a flag in OS/os.h-Darwin to cope with
+ this.
+
+29. Added support for maildirsize files from supplied patch (modified a bit).
+
+30. The use of :fail: followed by an empty string could lead Exim to respond to
+ sender verification failures with (e.g.):
+
+ 550 Verification failed for <xxx>
+ 550 Sender verify failed
+
+ where the first response line was missing the '-' that indicates it is not
+ the final line of the response.
+
+31. The loop for finding the name of the user that called Exim had a hardwired
+ limit of 10; it now uses the value of finduser_retries, which is used for
+ all other user lookups.
+
+32. Added $received_count variable, available in data and not_smtp ACLs, and at
+ delivery time.
+
+33. Exim was neglecting to zero errno before one call of strtol() when
+ expanding a string and expecting an integer value. On some systems this
+ resulted in spurious "integer overflow" errors. Also, it was casting the
+ result into an int without checking.
+
+34. Testing for a connection timeout using "timeout_connect" in the retry rules
+ did not work. The code looks as if it has *never* worked, though it appears
+ to have been documented since at least releast 1.62. I have made it work.
+
+35. The "timeout_DNS" error in retry rules, also documented since at least
+ 1.62, also never worked. As it isn't clear exactly what this means, and
+ clearly it isn't a major issue, I have abolished the feature by treating it
+ as "timeout", and writing a warning to the main and panic logs.
+
+36. The display of retry rules for -brt wasn't always showing the error code
+ correctly.
+
+37. Added new error conditions to retry rules: timeout_A, timeout_MX,
+ timeout_connect_A, timeout_connect_MX.
+
+38. Rewriting the envelope sender at SMTP time did not allow it to be rewritten
+ to the empty sender.
+
+39. The daemon was not analysing the content of -oX till after it had closed
+ stderr and disconnected from the controlling terminal. This meant that any
+ syntax errors were only noted on the panic log, and the return code from
+ the command was 0. By re-arranging the code a little, I've made the
+ decoding happen first, so such errors now appear on stderr, and the return
+ code is 1. However, the actual setting up of the sockets still happens in
+ the disconnected process, so errors there are still only recorded on the
+ panic log.
+
+40. A daemon listener on a wildcard IPv6 socket that also accepts IPv4
+ connections (as happens on some IP stacks) was logged at start up time as
+ just listening for IPv6. It now logs "IPv6 with IPv4". This differentiates
+ it from "IPv6 and IPv4", which means that two separate sockets are being
+ used.
+
+41. The debug output for gethostbyname2() or getipnodebyname() failures now
+ says whether AF_INET or AF_INET6 was passed as an argument.
+
+42. Exiwhat output was messed up when time zones were included in log
+ timestamps.
+
+43. Exiwhat now gives more information about the daemon's listening ports,
+ and whether -tls-on-connect was used.
+
+44. The "port" option of the smtp transport is now expanded.
+
+45. A "message" modifier in a "warn" statement in a non-message ACL was being
+ silently ignored. Now an error message is written to the main and panic
+ logs.
+
+46. There's a new ACL modifier called "logwrite" which writes to a log file
+ as soon as it is encountered.
+
+47. Added $local_user_uid and $local_user_gid at routing time.
+
+48. Exim crashed when trying to verify a sender address that was being
+ rewritten to "<>".
+
+49. Exim was recognizing only a space character after ".include". It now also
+ recognizes a tab character.
+
+50. Fixed several bugs in the Perl script that creates the exim.8 man page by
+ extracting the relevant information from the specification. The man page no
+ longer contains scrambled data for the -d option, and I've added a section
+ at the front about calling Exim under different names.
+
+51. Added "extra_headers" argument to the "mail" command in filter files.
+
+52. Redirecting mail to an unqualified address in a Sieve filter caused Exim to
+ crash.
+
+53. Installed eximstats 1.29.
+
+54. Added transport_filter_timeout as a generic transport option.
+
+55. Exim no longer adds an empty Bcc: header to messages that have no To: or
+ Cc: header lines. This was required by RFC 822, but it not required by RFC
+ 2822.
+
+56. Exim used to add From:, Date:, and Message-Id: header lines to any
+ incoming messages that did not have them. Now it does so only if the
+ message originates locally, that is, if there is no associated remote host
+ address. When Resent- header lines are present, this applies to the Resent-
+ lines rather than the non-Resent- lines.
+
+57. Drop incoming SMTP connection after too many syntax or protocol errors. The
+ limit is controlled by smtp_max_synprot_errors, defaulting to 3.
+
+58. Messages for configuration errors now include the name of the main
+ configuration file - useful now that there may be more than one file in a
+ list (.included file names were always shown).
+
+59. Change 4.21/82 (run initgroups() when starting the daemon) causes problems
+ for those rare installations that do not start the daemon as root or run it
+ setuid root. I've cut out the call to initgroups() if the daemon is not
+ root at that time.
+
+60. The Exim user and group can now be bound into the binary as text strings
+ that are looked up at the start of Exim's processing.
+
+61. Applied a small patch for the Interbase code, supplied by Ard Biesheuvel.
+
+62. Added $mailstore_basename variable.
+
+63. Installed patch to sieve.c from Michael Haardt.
+
+64. When Exim failed to open the panic log after failing to open the main log,
+ the original message it was trying to log was written to stderr and debug
+ output, but if they were not available (the usual case in production), it
+ was lost. Now it is written to syslog before the two lines that record the
+ failures to open the logs.
+
+65. Users' Exim filters run in subprocesses under the user's uid. It is
+ possible for a "deliver" command or an alias in a "personal" command to
+ provoke an address rewrite. If logging of address rewriting is configured,
+ this fails because the process is not running as root or exim. There may be
+ a better way of dealing with this, but for the moment (because 4.30 needs
+ to be released), I have disabled address rewrite logging when running a
+ filter in a non-root, non-exim process.
+
+
+Exim version 4.24
+-----------------
+
+ 1. The buildconfig auxiliary program wasn't quoting the value set for
+ HEADERS_CHARSET. This caused a compilation error complaining that 'ISO' was
+ not defined. This bug was masked in 4.22 by the effect that was fixed in
+ change 4.23/1.
+
+ 2. Some messages that were rejected after a message id was allocated were
+ shown as "incomplete" by exigrep. It no longer does this for messages that
+ are rejected by local_scan() or the DATA or non-SMTP ACLs.
+
+ 3. If a Message-ID: header used a domain literal in the ID, and Exim did not
+ have allow_domain_literals set, the ID did not get logged in the <= line.
+ Domain literals are now always recognized in Message-ID: header lines.
+
+ 4. The first argument for a ${extract expansion item is the key name or field
+ number. Leading and trailing spaces in this item were not being ignored,
+ causing some misleading effects.
+
+ 5. When deliver_drop_privilege was set, single queue runner processes started
+ manually (i.e. by the command "exim -q") or by the daemon (which uses the
+ same command in the process it spins off) were not dropping privilege.
+
+ 6. When the daemon running as "exim" started a queue runner, it always
+ re-executed Exim in the spun-off process. This is a waste of effort when
+ deliver_drop_privilege is set. The new process now just calls the
+ queue-runner function directly.
+
+
+Exim version 4.23
+-----------------
+
+ 1. Typo in the src/EDITME file: it referred to HEADERS_DECODE_TO instead of
+ HEADERS_CHARSET.
+
+ 2. Change 4.21/73 introduced a bug. The pid file path set by -oP was being
+ ignored. Though the use of -oP was forcing the writing of a pid file, it
+ was always written to the default place.
+
+ 3. If the message "no IP address found for host xxxx" is generated during
+ incoming verification, it is now followed by identification of the incoming
+ connection (so you can more easily find what provoked it).
+
+ 4. Bug fix for Sieve filters: "stop" inside a block was not working properly.
+
+ 5. Added some features to "harden" Exim a bit more against certain attacks:
+
+ (a) There is now a build-time option called FIXED_NEVER_USERS that can
+ be put in Local/Makefile. This is like the never_users runtime option,
+ but it cannot be overridden. The default setting is "root".
+
+ (b) If ALT_CONFIG_PREFIX is defined in Local/Makefile, it specifies a
+ prefix string with which any file named in a -C command line option
+ must start.
+
+ (c) If ALT_CONFIG_ROOT_ONLY is defined in Local/Makefile, root privilege
+ is retained for -C and -D only if the caller of Exim is root. Without
+ it, the exim user may also use -C and -D and retain privilege.
+
+ (d) If DISABLE_D_OPTION is defined in Local/Makefile, the use of the -D
+ command line option is disabled.
+
+ 6. Macro names set by the -D option must start with an upper case letter, just
+ like macro names defined in the configuration file.
+
+ 7. Added "dereference=" facility to LDAP.
+
+ 8. Two instances of the typo "uknown" in the source files are fixed.
+
+ 9. If a PERL_COMMAND setting in Local/Makefile was not at the start of a line,
+ the Configure-Makefile script screwed up while processing it.
+
+10. Incorporated PCRE 4.4.
+
+11. The SMTP synchronization check was not operating right at the start of an
+ SMTP session. For example, it could not catch a HELO sent before the client
+ waited for the greeting. There is now a check for outstanding input at the
+ point when the greeting is written. Because of the duplex, asynchronous
+ nature of TCP/IP, it cannot be perfect - the incorrect input may be on its
+ way, but not yet received, when the check is performed.
+
+12. Added tcp_nodelay to make it possible to turn of the setting of TCP_NODELAY
+ on TCP/IP sockets, because this apparently causes some broken clients to
+ timeout.
+
+13. Installed revised OS/Makefile-CYGWIN and OS/os.c-cygwin (the .h file was
+ unchanged) from the Cygwin maintainer.
+
+14. The code for -bV that shows what is in the binary showed "mbx" when maildir
+ was supported instead of testing for mbx. Effectively a typo.
+
+15. The spa authenticator server code was not checking that the input it
+ received was valid base64.
+
+16. The debug output line for the "set" modifier in ACLs was not showing the
+ name of the variable that was being set.
+
+17. Code tidy: the variable type "vtype_string" was never used. Removed it.
+
+18. Previously, a reference to $sender_host_name did not cause a DNS reverse
+ lookup on its own. Something else was needed to trigger the lookup. For
+ example, a match in host_lookup or the need for a host name in a host list.
+ Now, if $sender_host_name is referenced and the host name has not yet been
+ looked up, a lookup is performed. If the lookup fails, the variable remains
+ empty, and $host_lookup_failed is set to "1".
+
+19. Added "eqi" as a case-independent comparison operator.
+
+20. The saslauthd authentication condition could segfault if neither service
+ nor realm was specified.
+
+21. If an overflowing value such as "2048M" was set for message_size_limit, the
+ error message that was logged was misleading, and incoming SMTP
+ connections were dropped. The message is now more accurate, and temporary
+ errors are given to SMTP connections.
+
+22. In some error situations (such as 21 above) Exim rejects all SMTP commands
+ (except RSET) with a 421 error, until QUIT is received. However, it was
+ failing to send a response to QUIT.
+
+23. The HELO ACL was being run before the code for helo_try_verify_hosts,
+ which made it impossible to use "verify = helo" in the HELO ACL. The HELO
+ ACL is now run after the helo_try_verify_hosts code.
+
+24. "{MD5}" and "{SHA1}" are now recognized as equivalent to "{md5"} and
+ "{sha1}" in the "crypteq" expansion condition (in fact the comparison is
+ case-independent, so other case variants are also recognized). Apparently
+ some systems use these upper case variants.
+
+25. If more than two messages were waiting for the same host, and a transport
+ filter was specified for the transport, Exim sent two messages over the
+ same TCP/IP connection, and then failed with "socket operation on non-
+ socket" when it tried to send the third.
+
+26. Added Exim::debug_write and Exim::log_write for embedded Perl use.
+
+27. The extern definition of crypt16() in expand.c was not being excluded when
+ the OS had its own crypt16() function.
+
+28. Added bounce_return_body as a new option, and bounce_return_size_limit
+ as a preferred synonym for return_size_limit, both as an option and as an
+ expansion variable.
+
+29. Added LIBS=-liconv to OS/Makefile-OSF1.
+
+30. Changed the default configuration ACL to relax the local part checking rule
+ for addresses that are not in any local domains. For these addresses,
+ slashes and pipe symbols are allowed within local parts, but the sequence
+ /../ is explicitly forbidden.
+
+31. SPA server authentication was not clearing the challenge buffer before
+ using it.
+
+32. log_message in a "warn" ACL statement was writing to the reject log as
+ well as to the main log, which contradicts the documentation and doesn't
+ seem right (because no rejection is happening). So I have stopped it.
+
+33. Added Ard Biesheuvel's lookup code for accessing an Interbase database.
+ However, I am unable to do any testing of this.
+
+34. Fixed an infelicity in the appendfile transport. When checking directories
+ for a mailbox, to see if any needed to be created, it was accidentally
+ using path names with one or more superfluous leading slashes; tracing
+ would show up entries such as stat("///home/ph10", 0xFFBEEA48).
+
+35. If log_message is set on a "discard" verb in a MAIL or RCPT ACL, its
+ contents are added to the log line that is written for every discarded
+ recipient. (Previously a log_message setting was ignored.)
+
+36. The ${quote: operator now quotes the string if it is empty.
+
+37. The install script runs exim in order to find its version number. If for
+ some reason other than non-existence or emptiness, which it checks, it
+ could not run './exim', it was installing it with an empty version number,
+ i.e. as "exim-". This error state is now caught, and the installation is
+ aborted.
+
+38. An argument was missing from the function that creates an error message
+ when Exim fails to connect to the socket for saslauthd authentication.
+ This could cause Exim to crash, or give a corrupted message.
+
+39. Added isip, isip4, and isip6 to ${if conditions.
+
+40. The ACL variables $acl_xx are now saved with the message, and can be
+ accessed later in routers, transports, and filters.
+
+41. The new lookup type nwildlsearch is like wildlsearch, except that the key
+ strings in the file are not string-expanded.
+
+42. If a MAIL command specified a SIZE value that was too large to fit into an
+ int variable, the check against message_size_limit failed. Such values are
+ now forced to INT_MAX, which is around 2Gb for a 32-bit variable. Maybe one
+ day this will have to be increased, but I don't think I want to be around
+ when emails are that large.
+
+
+
+Exim version 4.22
+-----------------
+
+ 1. Removed HAVE_ICONV=yes from OS/Makefile-FreeBSD, since it seems that
+ iconv() is not standard in FreeBSD.
+
+ 2. Change 4.21/17 was buggy and could cause stack overwriting on a system with
+ IPv6 enabled. The observed symptom was a segmentation fault on return from
+ the function os_common_find_running_interfaces() in src/os.c.
+
+ 3. In the check_special_case() function in daemon.c I had used "errno" as an
+ argument name, which causes warnings on some systems. This was basically a
+ typo, since it was named "eno" in the comments!
+
+ 4. The code that waits for the clock to tick (at a resolution of some fraction
+ of a second) so as to ensure message-id uniqueness was always waiting for
+ at least one whole tick, when it could have waited for less. [This is
+ almost certainly not relevant at current processor speeds, where it is
+ unlikely to ever wait at all. But we try to future-proof.]
+
+ 5. The function that sleeps for a time interval that includes fractions of a
+ second contained a race. It did not block SIGALRM between setting the
+ timer, and suspending (a couple of lines later). If the interval was short
+ and the sigsuspend() was delayed until after it had expired, the suspension
+ never ended. On busy systems this could lead to processes getting stuck for
+ ever.
+
+ 6. Some uncommon configurations may cause a lookup to happen in a queue runner
+ process, before it forks any delivery processes. The open lookup caching
+ mechanism meant that the open file or database connection was passed into
+ the delivery process. The problem was that delivery processes always tidy
+ up cached lookup data. This could cause a problem for the next delivery
+ process started by the queue runner, because the external queue runner
+ process does not know about the closure. So the next delivery process
+ still has data in the lookup cache. In the case of a file lookup, there was
+ no problem because closing a file descriptor in a subprocess doesn't affect
+ the parent. However, if the lookup was caching a connection to a database,
+ the connection was closed, and the second delivery process was likely to
+ see errors such as "PGSQL: query failed: server closed the connection
+ unexpectedly". The problem has been fixed by closing all cached lookups
+ in a queue runner before running a delivery process.
+
+ 7. Compiler warning on Linux for the second argument of iconv(), which doesn't
+ seem to have the "const" qualifier which it has on other OS. I've
+ parameterised it.
+
+ 8. Change 4.21/2 was too strict. It is only if there are two authenticators
+ *of the same type* (client or server) with the same public name that an
+ error should be diagnosed.
+
+ 9. When Exim looked up a host name for an IP address, but failed to find the
+ original IP address when looking up the host name (a safety check), it
+ output the message "<ip address> does not match any IP for NULL", which was
+ confusing, to say the least. The bug was that the host name should have
+ appeared instead of "NULL".
+
+10. Since release 3.03, if Exim is called by a uid other than root or the Exim
+ user that is built into the binary, and the -C or -D options is used, root
+ privilege is dropped before the configuration file is read. In addition,
+ logging is switched to stderr instead of the normal log files. If the
+ configuration then re-defines the Exim user, the unprivileged environment
+ is probably not what is expected, so Exim logs a panic warning message (but
+ proceeds).
+
+ However, if deliver_drop_privilege is set, the unprivileged state may well
+ be exactly what is intended, so the warning has been cut out in that case,
+ and Exim is allowed to try to write to its normal log files.
+
+
+Exim version 4.21
+-----------------
+
+ 1. smtp_return_error_details was not giving details for temporary sender
+ or receiver verification errors.
+
+ 2. Diagnose a configuration error if two authenticators have the same public
+ name.
+
+ 3. Exim used not to create the message log file for a message until the first
+ delivery attempt. This could be confusing when incoming messages were held
+ for policy or load reasons. The message log file is now created at the time
+ the message is received, and an initial "Received" line is written to it.
+
+ 4. The automatically generated man page for command line options had a minor
+ bug that caused no ill effects; however, a more serious problem was that
+ the procedure for building the man page automatically didn't always
+ operate. Consequently, release 4.20 contains an out-of-date version. This
+ shouldn't happen again.
+
+ 5. When building Exim with embedded Perl support, the script that builds the
+ Makefile was calling 'perl' to find its compile-time parameters, ignoring
+ any setting of PERL_COMMAND in Local/Makefile. This is now fixed.
+
+ 6. The freeze_tell option was not being used for messages that were frozen on
+ arrival, either by an ACL or by local_scan().
+
+ 7. Added the smtp_incomplete_transaction log selector.
+
+ 8. After STARTTLS, Exim was not forgetting that it had advertised AUTH, so it
+ was accepting AUTH without a new EHLO.
+
+ 9. Added tls_remember_esmtp to cope with YAEB. This allows AUTH and other
+ ESMTP extensions after STARTTLS without a new EHLO, in contravention of the
+ RFC.
+
+10. Logging of TCP/IP connections (when configured) now happens in the main
+ daemon process instead of the child process, so that the TCP/IP connection
+ count is more accurate (but it can never be perfect).
+
+11. The use of "drop" in a nested ACL was not being handled correctly in the
+ outer ACL. Now, if condition failure induced by the nested "drop" causes
+ the outer ACL verb to deny access ("accept" or "discard" after "endpass",
+ or "require"), the connection is dropped.
+
+12. Similarly, "discard" in a nested ACL wasn't being handled. A nested ACL
+ that yield "discard" can now be used with an "accept" or a "discard" verb,
+ but an error is generated for any others (because I can't see a useful way
+ to define what should happen).
+
+13. When an ACL is read dynamically from a file (or anywhere else), the lines
+ are now processed in the same way as lines in the Exim configuration file.
+ In particular, continuation lines are supported.
+
+14. Added the "dnslists = a.b.c!=n.n.n.n" feature.
+
+15. Added -ti meaning -t -i.
+
+16. Check for letters, digits, hyphens, and dots in the names of dnslist
+ domains, and warn by logging if others are found.
+
+17. At least on BSD, alignment is not guarenteed for the array of ifreq's
+ returned from GIFCONF when Exim is trying to find the list of interfaces on
+ a host. The code in os.c has been modified to copy each ifreq to an aligned
+ structure in all cases.
+
+ Also, in some cases, the returned ifreq's were being copied to a 'struct
+ ifreq' on the stack, which was subsequently passed to host_ntoa(). That
+ means the last couple of bytes of an IPv6 address could be chopped if the
+ ifreq contained only a normal sockaddr (14 bytes storage).
+
+18. Named domain lists were not supported in the hosts_treat_as_local option.
+ An entry such as +xxxx was not recognized, and was treated as a literal
+ domain name.
+
+19. Ensure that header lines added by a DATA ACL are included in the reject log
+ if the ACL subsequently rejects the message.
+
+20. Upgrade the cramtest.pl utility script to use Digest::MD5 instead of just
+ MD5 (which is deprecated).
+
+21. When testing a filter file using -bf, Exim was writing a message when it
+ took the sender from a "From " line in the message, but it was not doing so
+ when it took $return_path from a Return-Path: header line. It now does.
+
+22. If the contents of a "message" modifier for a "warn" ACL verb do not begin
+ with a valid header line field name (a series of printing characters
+ terminated by a colon, Exim now inserts X-ACL-Warn: at the beginning.
+
+23. Changed "disc" in the source to "disk" to conform to the documentation and
+ the book and for uniformity.
+
+24. Ignore Sendmail's -Ooption=value command line item.
+
+25. When execve() failed while trying to run a command in a pipe transport,
+ Exim was returning EX_UNAVAILBLE (69) from the subprocess. However, this
+ could be confused with a return value of 69 from the command itself. This
+ has been changed to 127, the value the shell returns if it is asked to run
+ a non-existent command. The wording for the related log line suggests a
+ non-existent command as the problem.
+
+26. If received_header_text expands to an empty string, do not add a Received:
+ header line to the message. (Well, it adds a token one on the spool, but
+ marks it "old" so that it doesn't get used or transmitted.)
+
+27. Installed eximstats 1.28 (addition of -nt option).
+
+28. There was no check for failure on the call to getsockname() in the daemon
+ code. This can fail if there is a shortage of resources on the system, with
+ ENOMEM, for example. A temporary error is now given on failure.
+
+29. Contrary to the C standard, it seems that in some environments, the
+ equivalent of setlocale(LC_ALL, "C") is not obeyed at the start of a C
+ program. Exim now does this explicitly; it affects the formatting of
+ timestamps using strftime().
+
+30. If exiqsumm was given junk data, it threw up some uninitialized variable
+ complaints. I've now initialized all the variables, to avoid this.
+
+32. Header lines added by a system filter were not being "seen" during
+ transport-time rewrites.
+
+33. The info_callback() function passed to OpenSSL is set up with type void
+ (*)(SSL *, int, int), as described somewhere. However, when calling the
+ function (actually a macro) that sets it up, the type void(*)() is
+ expected. I've put in a cast to prevent warnings from picky compilers.
+
+34. If a DNS black list lookup found a CNAME record, but there were no A
+ records associated with the domain it pointed at, Exim crashed.
+
+35. If a DNS black list lookup returned more than one A record, Exim ignored
+ all but the first. It now scans all returned addresses if a particular IP
+ value is being sought. In this situation, the contents of the
+ $dnslist_value variable are a list of all the addresses, separated by a
+ comma and a space.
+
+36. Tightened up the rules for host name lookups using reverse DNS. Exim used
+ to accept a host name and all its aliases if the forward lookup for any of
+ them yielded the IP address of the incoming connection. Now it accepts only
+ those names whose forward lookup yields the correct IP address. Any other
+ names are discarded. This closes a loophole whereby a rogue DNS
+ administrator could create reverse DNS records to break through a
+ wildcarded host restriction in an ACL.
+
+37. If a user filter or a system filter that ran in a subprocess used any of
+ the numerical variables ($1, $2 etc), or $thisaddress, in a pipe command,
+ the wrong values were passed to the pipe command ($thisaddress had the
+ value of $0, $0 had the value of $1, etc). This bug was introduced by
+ change 4.11/101, and not discovered because I wrote an inadequate test. :-(
+
+38. Improved the line breaking for long SMTP error messages from ACLs.
+ Previously, if there was no break point between 40 and 75 characters, Exim
+ left the rest of the message alone. Two changes have been made: (a) I've
+ reduced the minimum length to 35 characters; (b) if it can't find a break
+ point between 35 and 75 characters, it looks ahead and uses the first one
+ that it finds. This may give the occasional overlong line, but at least the
+ remaining text gets split now.
+
+39. Change 82 of 4.11 was unimaginative. It assumed the limit on the number of
+ file descriptors might be low, and that setting 1000 would always raise it.
+ It turns out that in some environments, the limit is already over 1000 and
+ that lowering it causes trouble. So now Exim takes care not to decrease it.
+
+40. When delivering a message, the value of $return_path is set to $sender_
+ address at the start of routing (routers may change the value). By an
+ oversight, this default was not being set up when an address was tested by
+ -bt or -bv, which affected the outcome if any router or filter referred to
+ $return_path.
+
+41. The idea of the "warn" ACL verb is that it adds a header or writes to the
+ log only when "message" or "log_message" are set. However, if one of the
+ conditions was an address verification, or a call to a nested ACL, the
+ messages generated by the underlying test were being passed through. This
+ no longer happens. The underlying message is available in $acl_verify_
+ message for both "message" and "log_message" expansions, so it can be
+ passed through if needed.
+
+42. Added RFC 2047 interpretation of header lines for $h_ expansions, with a
+ new expansion $bh_ to give the encoded byte string without charset
+ translation. Translation happens only if iconv() is available; HAVE_ICONV
+ indicates this at build time. HEADERS_CHARSET gives the charset to
+ translate to; headers_charset can change it in the configuration, and
+ "headers charset" can change it in an individual filter file.
+
+43. Now that we have a default RFC 2047 charset (see above), the code in Exim
+ that creates RFC 2047 encoded "words" labels them as that charset instead
+ of always using iso-8859-1. The cases are (i) the explicit ${rfc2047:
+ expansion operator; (ii) when Exim creates a From: line for a local
+ message; (iii) when a header line is rewritten to include a "phrase" part.
+
+44. Nasty bug in exiqsumm: the regex to skip already-delivered addresses was
+ buggy, causing it to skip the first lines of messages whose message ID
+ ended in 'D'. This would not have bitten before Exim release 4.14, because
+ message IDs were unlikely to end in 'D' before then. The effect was to have
+ incorrect size information for certain domains.
+
+45. #include "config.h" was missing at the start of the crypt16.c module. This
+ caused trouble on Tru64 (aka OSF1) systems, because HAVE_CRYPT16 was not
+ noticed.
+
+46. If there was a timeout during a "random" callout check, Exim treated it as
+ a failure of the random address, and carried on sending RSET and the real
+ address. If the delay was just some slowness somewhere, the response to the
+ original RCPT would be taken as a response to RSET and so on, causing
+ mayhem of various kinds.
+
+47. Change 50 for 4.20 was a heap of junk. I don't know what I was thinking
+ when I implemented it. It didn't allow for the fact that some option values
+ may legitimatetly be negative (e.g. size_addition), and it didn't even do
+ the right test for positive values.
+
+48. Domain names in DNS records are case-independent. Exim always looks them up
+ in lower case. Some resolvers return domain names in exactly the case they
+ appear in the zone file, that is, they may contain uppercase letters. Not
+ all resolvers do this - some return always lower case. Exim was treating a
+ change of case by a resolver as a change of domain, similar to a widening
+ of a domain abbreviation. This triggered its re-routing code and so it was
+ trying to route what was effectively the same domain again. This normally
+ caused routing to fail (because the router wouldn't handle the domain
+ twice). Now Exim checks for this case specially, and just changes the
+ casing of the domain that it ultimately uses when it transmits the message
+ envelope.
+
+49. Added Sieve (RFC 3028) support, courtesy of Michael Haardt's contributed
+ module.
+
+50. If a filter generated a file delivery with a non-absolute name (possible if
+ no home directory exists for the router), the forbid_file option was not
+ forbidding it.
+
+51. Added '&' feature to dnslists, to provide bit mask matching in addition to
+ the existing equality matching.
+
+52. Exim was using ints instead of ino_t variables in some places where it was
+ dealing with inode numbers.
+
+53. If TMPDIR is defined in Local/Makefile (default in src/EDITME is
+ TMPDIR="/tmp"), Exim checks for the presence of an environment variable
+ called TMPDIR, and if it finds it is different, it changes its value.
+
+54. The smtp_printf() function is now made available to local_scan() so
+ additional output lines can be written before returning. There is also an
+ smtp_fflush() function to enable the detection of a dropped connection.
+ The variables smtp_input and smtp_batched_input are exported to
+ local_scan().
+
+55. Changed the default runtime configuration: the message "Unknown user"
+ has been removed from the ACL, and instead placed on the localuser router,
+ using the cannot_route_message feature. This means that any verification
+ failures that generate their own messages won't get overridden. Similarly,
+ the "Unrouteable address" message that was in the ACL for unverifiable
+ relay addresses has also been removed.
+
+56. Added hosts_avoid_esmtp to the smtp transport.
+
+57. The exicyclog script was not checking for the esoteric option
+ CONFIGURE_FILE_USE_EUID in the Local/Makefile. It now does this, but it
+ will work only if exicyclog is run under the appropriate euid.
+
+58. Following a discussion on the list, the rules by which Exim recognises line
+ endings on incoming messages have been changed. The -dropcr and drop_cr
+ options are now no-ops, retained only for backwards compatibility. The
+ following line terminators are recognized: LF CRLF CR. However, special
+ processing applies to CR:
+
+ (i) The sequence CR . CR does *not* terminate an incoming SMTP message,
+ nor a local message in the state where . is a terminator.
+
+ (ii) If a bare CR is encountered in a header line, an extra space is added
+ after the line terminator so as not to end the header. The reasoning
+ behind this is that bare CRs in header lines are most likely either
+ to be mistakes, or people trying to play silly games.
+
+59. The size of a message, as listed by "-bp" or in the Exim monitor window,
+ was being incorrectly given as 18 bytes larger than it should have been.
+ This is a VOB (very old bug).
+
+60. This may never have affected anything current, but just in case it has:
+ When the local host is found other than at the start of a list of hosts,
+ the local host, those with the same MX, and any that follow, are discarded.
+ When the list in question was part of a longer list of hosts, the following
+ hosts (not currently being processed) were also being discarded. This no
+ longer happens. I'm not sure if this situation could ever has previously
+ arisen.
+
+61. Added the "/MX" feature to lists of hosts in the manualroute and query
+ program routers.
+
+62. Whenever Exim generates a new message, it now adds an Auto-Submitted:
+ header. This is something that is recommended in a new Internet Draft, and
+ is something that is documented as being done by Sendmail. There are two
+ possible values. For messages generated by the autoreply transport, Exim
+ adds:
+
+ Auto-Submitted: auto-replied
+
+ whereas for all other generated messages (e.g. bounces) it adds
+
+ Auto-Submitted: auto-generated
+
+63. The "personal" condition in filters now includes a test for the
+ Auto-Submitted: header. If it contains the string "auto-" the message it
+ not considered personal.
+
+64. Added rcpt_include_affixes as a generic transport option.
+
+65. Added queue_only_override (default true).
+
+66. Added the syslog_duplication option.
+
+67. If what should have been the first header line of a message consisted of
+ a space followed by a colon, Exim was mis-interpreting it as a header line.
+ It isn't of course - it is syntactically invalid and should therefore be
+ treated as the start of the message body. The misbehaviour could have
+ caused a number of strange effects, including loss of data in subsequent
+ header lines, and spool format errors.
+
+68. Formerly, the AUTH parameter on a MAIL command was trusted only if the
+ client host had authenticated. This control can now be exercised by an ACL
+ for more flexibility.
+
+69. By default, callouts do not happen when testing with -bh. There is now a
+ variant, -bhc, which does actually run the callout code, including
+ consulting and updating the callout cache.
+
+70. Added support for saslauthd authentication, courtesy of Alexander
+ Sabourenkov.
+
+71. If statvfs() failed on the spool or log directories while checking their
+ size for availability, Exim confusingly gave the error "space shortage".
+ Furthermore, in debugging mode it crashed with a floating point exception.
+ These checks are done if check_{spool,log}_{space,inodes} are set, and when
+ an SMTP message arrives with SIZE= on the MAIL command. As this is a really
+ serious problem, Exim now writes to the main and panic logs when this
+ happens, with details of the failure. It then refuses to accept the
+ incoming message, giving the message "spool directory problem" or "log
+ directory problem" with a 421 code for SMTP messages.
+
+72. When Exim is about to re-exec itself, it ensures that the file descriptors
+ 0, 1, and 2 exist, because some OS complain for execs without them (see
+ ChangeLog 4.05/30). If necessary, Exim opens /dev/null to use for these
+ descriptors. However, the code omitted to check that the open succeeded,
+ causing mysterious errors if for some reason the permissions on /dev/null
+ got screwed. Now Exim writes a message to the main and panic logs, and
+ bombs out if it can't open /dev/null.
+
+73. Re-vamped the way daemon_smtp_port, local_interfaces, and -oX work and
+ interact so that it is all more flexible. It is supposed to remain
+ backwards compatible. Also added extra_local_interfaces.
+
+74. Invalid data sent to a SPA (NTLM) server authenticator could cause the code
+ to bomb out with an assertion failure - to the client this appears as a
+ connection drop. This problem occurs in the part of the code that was taken
+ from the Samba project. Fortunately, the assertion is in a very simple
+ function, so I have fixed this by reproducing the function inline in the
+ one place where it is called, and arranging for authentication to fail
+ instead of killing the process with assert().
+
+75. The SPA client code was not working when the server requested OEM rather
+ than Unicode encoding.
+
+76. Added code to make require_files with a specific uid setting more usable in
+ the case where statting the file as root fails - usually a non-root-mounted
+ NFS file system. When this happens and the failure is EACCES, Exim now
+ forks a subprocess and does the per-uid checking as the relevant uid.
+
+77. Added process_log_path.
+
+78. If log_file_path was not explicitly set, a setting of check_log_space or
+ check_log_inodes was ignored.
+
+79. If a space check for the spool or log partitions fails, the incident is now
+ logged. Of course, in the latter case the data may get lost...
+
+80. Added the %p formatting code to string_format() so that it can be used to
+ print addresses in debug_print(). Adjusted all the address printing in the
+ debugging in store.c to use %p rather than %d.
+
+81. There was a concern that a line of code in smtp_in.c could overflow a
+ buffer if a HELO/EHLO command was given followed by 500 or so spaces. As
+ initially expressed, the concern was not well-founded, because trailing
+ spaces are removed early. However, if the trailing spaces were followed by
+ a NULL, they did not get removed, so the overflow was possible. Two fixes
+ were applied:
+
+ (a) I re-wrote the offending code in a cleaner fashion.
+ (b) If an incoming SMTP command contains a NULL character, it is rejected
+ as invalid.
+
+82. When Exim changes uid/gid to the Exim user at daemon start time, it now
+ runs initgroups(), so that if the Exim user is in any additional groups,
+ they will be used during message reception.
+
+
+Exim version 4.20
+-----------------
+
+The change log for 4.20 and earlier releases has been archived.
+
+****
diff --git a/doc/doc-txt/ChangeLog.0 b/doc/doc-txt/ChangeLog.0
new file mode 100644
index 000000000..a2377907c
--- /dev/null
+++ b/doc/doc-txt/ChangeLog.0
@@ -0,0 +1,2862 @@
+$Cambridge: exim/doc/doc-txt/ChangeLog.0,v 1.1 2004/10/07 15:04:35 ph10 Exp $
+
+Change log file for Exim from version 3.951 to 4.20
+---------------------------------------------------
+
+
+Exim version 4.20
+-----------------
+
+ 1. If data for an authentication interaction was just the string "=",
+ indicating an empty string, Exim was not setting up the numerical variable
+ correctly. In some situations, this could cause a crash - in others, it
+ might have passed unnoticed.
+
+ 2. Changed signal(SIGTERM, command_sigterm_handler) in smtp_in.c to use
+ os_non_restarting_signal() for tidiness; in practice this doesn't actually
+ matter because the handler terminates the process.
+
+ 3. Refactoring:
+
+ (a) In some (but not all) places where Exim applies timers using alarm(),
+ it was resetting the SIGALRM handler afterwards, but sometimes to
+ SIG_IGN and sometimes to SIG_DFL. In other words, it was a mess. In
+ fact, this reset is not necessary, because after alarm(0) there is no
+ possibility of receiving a SIGLARM signal. So I've just removed them
+ all.
+
+ (b) The daemon.c module had its own SIGALRM handler, which was unnecessary.
+ I changed it to use the handler that is used (almost) everywhere else.
+
+ (c) Almost all uses of SIGALRM use the same handler, but it was being set
+ by signal() all over the place. Now it is set at the start, and it
+ resets itself every time it is called, so it remains enabled
+ throughout. The few places that use a different handler reset to the
+ "standard" one afterwards.
+
+ (d) The setting of the SIGTERM handler while reading SMTP commands was done
+ somwhat untidily. I have re-arranged the code.
+
+ 4. If the building process was interrupted during the MakeLinks script, a
+ subsequent run of 'make' gave misleading errors. I've made it a bit more
+ robust against this case. If there appears to be a half-made set of links,
+ an error message suggests that the user should remove the build directory
+ and start again.
+
+ 5. For compatibility with other MTAs, -f "" is now accepted as synonymous with
+ -f "<>".
+
+ 6. Upgraded to PCRE 4.1.
+
+ 7. If a domain list contained @mx_any, or @mx_secondary, and the DNS contained
+ secondary MX records for a domain, but all the other MX (higher priority)
+ records pointed to non-existent hosts, Exim was behaving as if the domain
+ did not match the list item. This has been fixed.
+
+ 8. Upgraded eximstats to 1.27.
+
+ 9. It was reported that change 4.14/46(b) caused problems on some systems with
+ older libraries. There is now an option that can be set in Local/Makefile
+ (or in a operating system Makefile):
+
+ IPV6_USE_INET_PTON=yes
+
+ If this is done, Exim reverts to using inet_pton() to convert a textual
+ IPv6 address for actual use, instead of getaddrinfo(), as it did in
+ versions before 4.14. Of course, this means that the additional
+ functionality of getaddrinfo() - recognizing scoped addresses - is lost.
+
+10. Update for PostgreSQL to match 4.14/14: after an insert, delete, or update
+ command, the result is the number of rows affected.
+
+11. If smtp_banner expanded to an empty string, no greeting line was sent, thus
+ causing the client to time out. An empty 220 response is now sent.
+
+12. An empty argument was logged as a null string by the "arguments" log
+ selector. Now empty strings and arguments that contain whitespace are
+ surrounded by quotes.
+
+13. The "arguments" log selector now also logs the current working directory
+ when Exim is called.
+
+14. Added a couple more debugging calls to tls-openssl.
+
+15. Changed the name of the global variable ldap_version because some LDAP
+ library uses the same name, which causes a clash. It's now called
+ eldap_version. While I was at it, I changed the other two global variables,
+ ldap_default_servers and ldap_dn.
+
+16. If an address that is verified in an ACL is redirected to a single address,
+ Exim verifies the child (this is not new). However, the value of $address_
+ data that was being returned was the value from the parent. It is now the
+ value from the child.
+
+17. Re-arranged the code for rda_is_filter() to make it easier to add other
+ filter types in future.
+
+18. Removed the filter test function from filter.c and put it into its own
+ source file, again to make things easier for multiple filter types.
+
+19. To help those people who are maintaining a patch for dynamically loaded
+ local_scan() functions, I have added
+
+ #define LOCAL_SCAN_ABI_VERSION_MAJOR 1
+ #define LOCAL_SCAN_ABI_VERSION_MINOR 0
+
+ to the local_scan.h file.
+
+20. The variables $tls_certificate_verified, $tls_cipher, and $tls_peerdn now
+ exist even when Exim is not compiled with TLS support.
+
+21. If an empty user name was sent by a client for a LOGIN authentication, it
+ was not put into $1; instead, the password ended up in $1 (instead of in
+ $2).
+
+22. When creating a temporary file in the appendfile transport for a per-file
+ delivery not in maildir or mailstore format (that is, in the old Smail
+ format - I wonder if anyone uses this?), Exim was opening the file without
+ O_EXCL, which is a bit unsafe.
+
+23. The output from the ${stat: expansion operator was being formatted using %d
+ which expects an integer; in many (most) systems size_t is off_t, which
+ is actually a long or even a longlong, and in some cases this caused
+ incorrect data to be output. The formatting is now done using %ld, with the
+ values all explicitly cast to (long).
+
+24. Callout caching was failing to cache a negative response to a "random"
+ address check.
+
+25. If a daemon was started with -qsomething and not -bd, and deliver_drop_
+ privilege was set, and a pid file was specified with -oP, and the pid file
+ did not previously exist, it was created with owner exim instead of owner
+ root.
+
+26. verify=sender was not being allowed in a non-SMTP ACL.
+
+27. Under some error conditions, the socket used for ident calls could be left
+ open.
+
+28. Added acl_smtp_helo, because some people seem to want it.
+
+29. For hosts that match helo_verify_hosts, the error given when a MAIL command
+ is received without HELO or EHLO has been changed from 550 to 503 (which
+ means "bad sequence of commands").
+
+30. Installed PCRE 4.2.
+
+31. The quota_size_regex option for the appendfile transport was broken in that
+ a terminating zero was omitted from the string that was extracted for the
+ size. If it happened that digits followed in the memory to which it was
+ copied, an incorrect (too large) size was then used.
+
+32. Change 4.14/32 (iv) introduced a bug in the case when the "phrase" part of
+ a rewritten address did *not* contain any special characters. The
+ generated address was mangled.
+
+33. Several items of refactoring from Michael Haardt:
+
+ . Introduction of "const" in a number of places
+ . Use memcpy() instead of strncpy() in string_cat()
+ . Add HAVE_ICONV to Linux file, for external users (Exim doesn't use it)
+ [Later: From 4.21, Exim *does* use it.]
+ . Preparation for adding additional types of filter file
+
+34. Changed (incompatibly, but hopefully not so it affects anyone) the
+ appendfile transport in the case when it is called directly as a result of
+ a .forward or a filter file requesting a delivery to a file. Previously,
+ any settings of "file" or "directory" were ignored in this case. Now they
+ are used. The path received from the router is in $address_file (as
+ before) and can therefore be included in the expansion.
+
+35. If a "save" command in a filter specifies a non-absolute path, the value of
+ $home/ is pre-pended. This no longer happens if $home is unset or is an
+ empty string. It is expected that the transport will complete the path (see
+ 34 above). If there is an error before the path is complete, the local part
+ is logged as "save xxxx".
+
+36. If multiple "to file" deliveries are routed to the same transport, no
+ batching ever takes place, whatever the value of batch_max.
+
+37. If an address was redirected to an unqualified local part preceded by a
+ backslash, Exim was qualifying it with the qualify_domain, instead of with
+ the incoming domain.
+
+38. Minor rewording: header lines can be added by MAIL as well as RCPT: the
+ debug line mentioned only RCPT.
+
+39. DESTDIR is the more common variable that ROOT for use when installing
+ software under a different root filing system. The Exim install script now
+ recognizes DESTDIR first; if it is not set, ROOT is used.
+
+40. If DESTDIR is set when installing Exim, it no longer prepends its value to
+ the path of the system aliases file that appears in the default
+ configuration (when a default configuration is installed). If an aliases
+ file is actually created, its name *does* use the prefix.
+
+41. If an item in log_file_path was an empty string, Exim wrote the log to the
+ log directory in the spool directory. Now it takes notice of the
+ setting of LOG_FILE_PATH in Local/Makefile, and uses the first non-empty,
+ non-"syslog" item from that list. If there are none, it uses the ultimate
+ default of the spool directory.
+
+42. If there is a Reply-to: header line, but it is empty, $reply_address now
+ contains the From: address instead of being empty.
+
+43. Added -no-cpp-precomp to CFLAGS in OS/Makefile-Darwin. Without this, the
+ compiler provides a string for __DATE__ that does not conform to the
+ specification in the C standard. The option disables precompiled headers,
+ which should not have any bad effects, as pre-compiled headers are
+ supposedly just a performance enhancement at compile time.
+
+44. Refactoring: as there is now a flag that specifies whether or not a home
+ directory that is passed with an address is already expanded, we no longer
+ need the \N...\N fudge for home directories extracted from the password
+ data.
+
+45. Fixed an infelicity introduced by 4.14/71: The defaulting of the prefix,
+ suffix, and check string stuff in appendfile was happening when no
+ directory was supplied. Now it happens if no directory is supplied AND
+ maildir has not been specified.
+
+46. If expansion of the serverpassword in a spa authenticator or expansion of
+ server_condition in a plaintext authenticator is forced to fail,
+ authentication now fails (previously it gave a temporary error, which is
+ what happens for other expansion failures). This brings these
+ authenticators into line with cram_md5, where expansion of server_secret
+ has always behaved like this.
+
+46. Added new syslog facilities (courtesy Oliver Gorwits):
+
+ (i) SYSLOG_LOGS_PID and LONG_SYSLOG_LINES in src/EDITME.
+ (ii) syslog_facility and syslog_processname main options.
+
+47. Callout was using only the hosts from the router, ignoring the transport.
+ This has been changed. If (a) the router does not set up hosts (e.g. it's
+ an accept router) or (b) the smtp transport that is routed to has
+ hosts_override set, then the transport's hosts are used for callout
+ checking.
+
+48. When named lists were nested, and an inner list was resolved by a lookup
+ that saved data for, e.g. $domain_data, the data was associated with just
+ the outer list, though both were cached, so if a subsequent test was done
+ for the inner list, there was no domain data. Example:
+ domainlist A = lsearch;/a/b
+ domainlist B = lsearch;/c/d
+ domainlist C = +A : +B
+ A test on +C that matched, followed by a test on +A or +B would provoke
+ this bug. Now the data is saved with both the inner and the outer lists.
+
+49. When the log selector +address_rewrite is turned on, the log lines now
+ show where the rewritten address came from (which header line, envelope
+ field, or an SMTP command).
+
+50. If an integer or fixed point configuration value is too big to fit in
+ a 32-bit int, Exim now writes an error to the panic log and dies.
+
+51. Unknown SMTP commands are now assumed to be ones that need synchronization;
+ this means that a packet that contains more than one of them will cause the
+ connection to be dropped as soon as the first one is encountered.
+
+52. The "control" feature of ACLs was not permitted for the MAIL ACL (an
+ oversight). It now is allowed.
+
+53. Added the "discard" verb to ACLs.
+
+54. Fixed a theoretical bug observed by reading the code: if local_scan()
+ changed the number of recipients, output from the received_recipients log
+ selector would be incorrect.
+
+55. Added HAVE_ICONV to the os.h files for Linux, Solaris, HP-UX. This is for
+ use in the forthcoming Sieve addition to Exim.
+
+56. The behaviour of -t in the presence of Resent- headers has been changed,
+ for compability with Sendmail and other MTAs. Previously, Exim gave an
+ error, because it is not clear from RFC 2822 how this might be handled. It
+ turns out that MUAs don't seem to follow what RFC 2822 says, and any MUA
+ that uses -t with Resent- ensures that there is only one set of Resent-
+ header lines (usually by renaming others to X-Resent-xxx). So now Exim will
+ take recipients from all the Resent- header lines instead of the usual
+ ones.
+
+
+Exim version 4.14
+-----------------
+
+ 1. Found another case where SIGCHLD is being ignored (a child process for
+ handling a filter file) and so the wait() doesn't find the subprocess. This
+ came to light as a result of extra logging introduced as part of the
+ 4.12/14 fix. Now Exim is careful to set SIGCHLD handling to its default
+ (i.e. to be noticed) for this particular subprocess. (It already has this
+ code for other cases where it uses subprocesses.)
+
+ 2. If ${run appeared in part of a conditional item that was being skipped, the
+ actual running of the command was not being skipped.
+
+ 3. A bit of code tidying (refactoring): there were two functions that built
+ strings containing a host name and ident value for logging. There is now
+ only one. It is called in some additional places where previously just the
+ host name and address were given, so the wording of some log lines has
+ changed slightly.
+
+ 4. Added support for Unix domain socket connection to PostgreSQL.
+
+ 5. The number of unknown SMTP commands that Exim will accept before dropping
+ a connection can now be changed by smtp_max_unknown_commands. The default
+ value is 3. Previously, a fixed value of 5 was used. The final command is
+ now included in the log line.
+
+ 6. The standard place for chown and chgrp in Linux is /bin, not /usr/bin, as
+ assumed by the exicyclog script. I've implemented a "look for it" feature
+ that makes exicyclog look in /bin, /usr/bin, /usr/sbin, and /usr/etc for
+ the commands chown, chgrp, mv, and rm if configured, and turned on this
+ feature for Linux. This should cope with old Linuxes that use /usr/bin.
+
+ 7. Implemented .ifdef etc.
+
+ 8. Installed signal handlers for SIGSEGV, SIGILL, SIGFPE, and SIGBUS while
+ running local_scan(), so that crashes therein get caught. A temporary error
+ response is sent for an SMTP message, and the spool is cleaned up.
+ Previously, a -D file was left lying around if there was a crash in
+ local_scan().
+
+ 9. The ${quote: operator has been changed so that it turns newline and
+ carriage return characters into \n and \r, respectively.
+
+10. Added support for crypt16().
+
+11. Some restrictions on the use of "verify" in ACLs were too restrictive, and
+ have been relaxed. In particular, "verify = sender" is now permitted in the
+ ACL for the MAIL command, as well as those for RCPT and DATA.
+
+12. If local_scan() sets up recipient or errors_to addresses that are
+ unqualified (local parts without a domain) Exim now qualifies them using
+ the qualify_recipient domain.
+
+13. White space at the start of continuation lines in -be input was not being
+ ignored.
+
+14. Previously, if a MySQL query was issued that did not request any data (an
+ insert, update, or delete command), Exim gave a lookup error and deferred.
+ This case is now recognized, and the result of the lookup is now the number
+ of rows affected.
+
+15. A configuration error is given if tls_try_verify_hosts is set and
+ tls_verify_certificates is not set. (Exim already did this for
+ tls_verify_hosts.)
+
+16. Exim was trying to create a non-existent hints database even when it was
+ just opening it for reading. It called the creating function with the
+ O_RDONLY and O_CREAT flags. This works with many DB libraries, but it
+ not with DB 1.85, where a subsequent attempt to use the database gave the
+ error "Inappropriate file type or format". Exim now creates hints databases
+ only when it wants to open them for writing.
+
+17. If an ACL condition test set a default "message" value without a
+ "log_message" value, and there were no overriding messages in the ACL
+ itself, no message was logged. The user message is now logged.
+
+18. If callout made a connection, but it was dropped before the initial
+ welcome response was received, Exim logged "response to initial connection
+ was" with no further text. It now logs that the connection was dropped.
+ The wording of the logging for callout defers has been slightly changed so
+ as to reduce duplication.
+
+19. When multiple messages were sent using TLS over one connection, the
+ additional required EHLO that follows STARTTLS was being counted as a
+ nonmail command, and thus causing a problem if there were a lot of
+ messages. Similarly, a new AUTH that followed STARTTLS was being counted.
+ It is now possible to run with smtp_accept_max_nonmail set to zero in these
+ and other "normal" circumstances.
+
+20. During verify=sender, global rewriting rules are applied to the sender
+ address, and if it changes, $sender_address becomes the rewritten version.
+ Unfortunately, it was not getting updated until after the routers had been
+ run, so that if a router referred to $sender_address while verifying a
+ sender, the unrewritten value was used.
+
+21. The "random address" callout test was being done after the other tests.
+ This is silly, because if the host accepts all local parts, there isn't any
+ point in doing the other, more specific, tests. I changed things around so
+ that the "random" test (if configured) is done first.
+
+22. Expanded the wording for callout failures when MAIL FROM:<> or RCPT TO the
+ a postmaster address are rejected. Also include these words when a
+ rejection happens because of caching (when there isn't an actual SMTP
+ command/result to reflect).
+
+23. A new router condition called "address_test" (default true) can be used to
+ skip routers when testing addresses using -bt (compare no_verify). This can
+ be a convenience when your first router sends stuff to an external scanner.
+
+24. Testing for deliver_queue_load_max was happening inside the delivery
+ sub-process, when it could have happened outside, in the queue runner (thus
+ saving one process). This was a hangover from Exim 3, where there were
+ other load tests to be done. The code has been tidied.
+
+25. Code tidy: the driver_info generic structure contained a field that
+ might, on 64-bit systems, not have been compatible with the fields in the
+ structures of which it is supposed to be a subset. It turns out that this
+ field and another are not actually used generically, so removing them from
+ the structure solves the problem.
+
+26. Added server_advertise_condition to authenticators.
+
+27. The exim_checkaccess utility wasn't sending a HELO command; this matters
+ now that it's possible to have an ACL that checks HELO/EHLO.
+
+27. Added the ldap_version option to force a specific LDAP version.
+
+28. Renamed the variable verify_address in exim.c as verify_address_mode,
+ because it had the same name as the verify_address() function, which was
+ confusing.
+
+29. Added authenticated_sender to the smtp transport.
+
+30. When the skip_syntax_errors option is applied to a filter file, it covers
+ all filtering errors, some of which may not be strictly "syntax" (for
+ example, failure to open a log file). The wording of the message has been
+ changed to use "error" instead of "syntax error", to reduce confusion. Also
+ the subject of the message sent by syntax_errors_to is now "error(s) in
+ forwarding or filtering" instead of "syntax error(s) in address expansion".
+
+31. Added -restore-times to the exim_lock utility.
+
+32. Changes to the handling of the "phrase" parts of email addresses:
+
+ (i) Re-organized the code to use a supplied instead of an implied buffer,
+ and a length instead of expecting a terminated string.
+
+ (ii) Changed from using the macro mac_isprint() to an explicit test for
+ ASCII non-printing characters, because the macro pays attention to
+ print_topbitchars, which is not correct here.
+
+ (iii) If a rewritten address contained a "phrase" (whether or not the "w"
+ flag was present on the rewrite rule), but the actual address was
+ unqualified (had no domain) and was expected to be qualified by the
+ "Q" flag, Exim screwed up and created an illegal address.
+
+ (iv) When a header address is rewritten by a rule that includes the "w"
+ flag, the parts of the address outside <> are now encoded according
+ to RFC 2047 if necessary (assuming ISO-8859-1 encoding).
+
+33. Added the ${rfc2047 and ${from_utf8 expansion operators.
+
+34. The file names used for maildir deliveries have been changed, to accomodate
+ operating systems that may re-use a PID within one second. The file name
+ now include the microsecond time fraction, and the delivery process does
+ not exit until the clock is at least one microsecond after the time used in
+ the file name. The code copes with the clock going backwards (it waits
+ till time catches up).
+
+35. The rules for creating message ids have been changed to allow for the fact
+ that a PID may be re-used within one second. As part of this change, the
+ range of localhost_number has been reduced to 0-16 for most systems, and
+ 0-10 for those with case-insensitive file systems (Cygwin, Darwin).
+
+36. Code tidy: there was a local count of non-TCP/IP messages that duplicated
+ the global receive_messagecount (used for accept_queue_per_connection).
+
+37. verify = header_syntax was allowing unqualified addresses in all cases. Now
+ it allows them only for locally generated messages and from hosts that
+ match sender_unqualified_hosts or recipient_unqualified_hosts,
+ respectively.
+
+38. If PAM was called with an empty first string, it called the data function
+ to get the user name, thereby getting the second string by mistake. If this
+ was also null (empty passwords are permitted), there was an infinite loop.
+ An empty user name is not now passed to PAM; authentication is forcibly
+ failed instead. Also, if the end of the list of strings is reached, an
+ empty string is passed back just once; a subequent call for data provokes
+ an error response.
+
+39. If a reverse DNS lookup yields an empty string, treat it as if the lookup
+ failed. (Apparently such records have been seen. Sigh.)
+
+40. Added the -bnq command line option to suppress automatic qualification of
+ addresses in locally submitted messages.
+
+41. Header texts supplied by options to the autoreply transport may now contain
+ newlines that are followed by whitespace. (This was allowed from a filter,
+ but not from the transport.)
+
+42. Patch for < > problems in eximstats 1.23.
+
+43. Re-arranged the code to make it easier in future to add additional filter
+ types.
+
+44. Added support for changing the connection timeout in LDAP; this is
+ something that's available in Netscape SDK 4.1. Exim uses the given value
+ if LDAP_X_OPT_CONNECT_TIMEOUT is defined.
+
+45. When Exim was setting a daemon listener on multiple interfaces, including
+ listening on "all IPv6" and "all IPv4" interfaces, it was binding all the
+ sockets, and then calling listen() for each of them. On some IP stacks, a
+ listen for "all IPv4" fails after listening for "all IPv6" because a single
+ socket catches both kinds of call. Exim coped with this, but it turns out
+ that on a USAGI-patched Linux, this logic doesn't work unless the "listen",
+ as well as the "bind" has been done for the IPv6 socket first. The order of
+ the functions has now been changed. Instead of "bind, bind ... listen,
+ listen..." it now does "bind, listen, bind, listen, ...". Also, the failure
+ happens in the bind() rather than in the listen(), so there are now two
+ checks, which hopefully will handle all kinds of IP stack.
+
+46. IPv6 addresses have "scopes", and a host with multiple interfaces can, in
+ principle, have the same link-local addresses on different interfaces.
+ Thus, they need to be distinguished, and a convention of using a percent
+ sign followed by something (often the interface name) is being used, for
+ example: 3ffe:2101:12:1:a00:20ff:fe86:a061%eth0. Two changes have been made
+ to accommodate this:
+
+ (a) A percent sign followed by an arbitrary string is allowed at the end of
+ an IPv6 address.
+
+ (b) Exim calls getaddrinfo() instead of inet_pton() to convert a textual
+ IPv6 address for actual use. This function recognizes the percent
+ convention in some operating systems.
+
+47. Additional debugging inserted for the case of forced failure when expanding
+ an item in a list.
+
+48. A new debugging selector +expand has been added. This is not included in
+ the default set of selectors. It requests detailed debugging information
+ for string expansions.
+
+49. Failure to open the main log results in a panic-die, but the original line
+ that was being logged could be lost. It is now output to stderr if there is
+ a stderr file.
+
+50. When Exim starts, it checks for the existence of its spool directory, and
+ creates it if necessary. Unfortunately, it was doing this after the code
+ for logging arguments. Thus, if the spool did not exist, trouble ensued.
+
+51. The log line for an ACL warning after a sender verify callout failure was
+ not showing the details, unlike the log line for a deny. They are now shown
+ in a similar way.
+
+52. For reasons lost in the mists of time, when a pipe transport was run, the
+ environment variable MESSAGE_ID was set to the message ID preceded by 'E'
+ (the form used in Message-ID: header lines). The 'E' has been removed.
+
+53. Updated the QNX configuration files for QNX 6.2.0.
+
+54. The "*@" type partial matching for single-key lookups was broken in
+ releases after 4.10. Exim looked for *@xxx but, if that failed, it wasn't
+ going on to look for "*".
+
+55. Included eximstats 1.25 in the source tree.
+
+56. Changed log wording from "Authentication failed" to "<name> authenticator
+ failed", where <name> is the name of the authenticator.
+
+57. gcc 3.2.2 warned about a selection of places where string casts were
+ needed.
+
+58. Exim monitor: the use of one_time redirection could cause addresses to be
+ displayed with incorrect "parent" addresses after the one_time
+ re-arrangement had taken place. They should be shown with no parents,
+ because the parentage has been removed.
+
+59. Arranged to keep independent timestamps for postmaster and random checks in
+ callouts, and not to do unnecessary tests for postmaster when testing
+ individual addresses.
+
+60. Incorporated PCRE release 4.0.
+
+61. Added ${hex2b64: operator.
+
+62. Added $tod_zulu.
+
+63. Added ${strlen: operator.
+
+64. Added ${stat: operator.
+
+65. When Exim is receiving multiple messages on a single connection, and
+ spinning off delivery processess, it sets the SIGCHLD signal handling to
+ SIG_IGN, because it doesn't want to wait for these processes. However,
+ because on some OS this didn't work, it also has a paranoid call to
+ waitpid() in the loop to reap any children that have finished. Some
+ versions of Linux now complain (to the system log) about this "illogical"
+ call to waitpid(). I have therefore put it inside a conditional
+ compilation, and arranged for it to be omitted for Linux.
+
+66. Added settable variables $acl_c0 - $acl_c9 and $acl_m0 - $acl_m9 for use
+ during ACL processing.
+
+67. Added "defer" command to system filter.
+
+68. X options such as -bg or -geometry that were added to an eximon command
+ were being lost as a result of a bug introduced by 4.12/6.
+
+69. The "more" and "unseen" generic router options can now be expanded strings.
+
+70. The "once_repeat" option in the autoreply tranport is now an expanded
+ string.
+
+71. If maildir_format is set on an appendfile transport that is referenced from
+ an file_transport setting in a redirect router, it forces maildir delivery,
+ even if the path given in the filter does not end with '/'.
+
+72. Fixed three bugs in ${readsocket:
+ (i) If the operation failed, and a failure string was given, "}}" was
+ erroroneously added to it.
+ (ii) If the operation succeeded, but a failure string was present, "}" was
+ added to the expanded data.
+ (iii) The alarm for the timeout was set with signal() instead of with
+ os_non_restarting_signal(), which meant that it only worked on those
+ OS whose default is not to restart an interrupted system call.
+
+73. A complete host name (no wildcards) in a host list causes a forward lookup
+ for the IP address. If this failed, Exim was behaving as if the host didn't
+ match the list, instead of giving an error (as it does when a reverse
+ lookup fails).
+
+74. If router_home_directory was passed on as a home directory for a local
+ transport, it was being re-expanded in the transport. This has been changed
+ so that the expanded value is passed from the router to the transport, and
+ no re-expansion takes place.
+
+75. When a redirect router generated a pipe, file, or autoreply, the values of
+ $domain_data and $localpart_data were not being propagated to the
+ transport.
+
+76. The macros MESSAGE_ID_LENGTH and SPOOL_DATA_START_OFFSET are now defined in
+ local_scan.h so that they are available to local_scan() functions.
+
+77. Changes to the SMTP PIPELINING support:
+
+ (1) Exim used always to accept pipelined commands, even when it hadn't
+ advertised PIPELINING (i.e. when EHLO had not been received). Now it
+ objects unless PIPELINING has been advertised.
+
+ (2) Advertising PIPELINING to specific hosts can be disabled via the new
+ option pipelining_advertise_hosts.
+
+78. The acl_smtp_connect ACL was not being run for -bs input when no IP address
+ was supplied via -oMa.
+
+79. A "mail" command in a filter could cause a crash if the list of recipients
+ for the "to:" line was excessively long - this showed up in a reply to
+ a message with a ridiculously long Reply_to: header line.
+
+80. Added allow_utf8_domains.
+
+81. Added $rh_ and $rheader for "raw" header expansion.
+
+82. Added smtp_accept_max_nonmail_hosts.
+
+83. Extended ${stat (see 64 above) to add smode=symbolic mode.
+
+84. Added default logging for host and IP lookup failures, with a log selector
+ called host_lookup_failed to turn it off.
+
+85. Added header_maxsize and header_line_maxsize.
+
+86. If a RCPT ACL made use of "verify = sender" without callout, followed by
+ another use with callout, and the callout failed, the caching was broken
+ such that for a subsequent RCPT command, the first callout failed
+ incorrectly. The caching of sender verification has been fixed so that it
+ now remembers that the routing succeeded even when the callout fails.
+
+87. Added errno and strerror(errno) to the log line for a failure to lock the
+ -D file when receiving a message.
+
+88. If router with check_local_user set up a local delivery, and no user was
+ specified on the transport, and errors_to on the router specified an
+ address whose verification also invoked check_local_user, the wrong uid/gid
+ was used for the transport. It used the uid/gid of the errors_to address
+ instead of the uid/gid of the original local part.
+
+89. If log_file_path=:syslog was set, to use the default log path and also
+ syslog, and check_log_space was also set, Exim was confused, and refused to
+ accept messages, giving the error "cannot find slash in ".
+
+90. If a router stripped a prefix or a suffix from a local part, and then
+ routed that address to an smtp or lmtp transport, the address that was
+ sent in the RCPT command did not have the affixes stripped.
+
+91. For BSMTP delivery by appendfile or pipe, the address given in the RCPT
+ command did not preserve the case of the envelope address, as it is
+ supposed to.
+
+
+Exim version 4.13
+-----------------
+
+There was no 4.13. I accidentally put out a fixed version of 4.12 (a typo was
+discovered very soon after release) that verified itself as 4.13. This too was
+hastily fixed, but it seems best not to use the number, to avoid confusion.
+
+
+Exim version 4.12
+-----------------
+
+ 1. Update to change 4.11/82: for the max number of processes, set
+ RLIM_INFINITY if it is defined.
+
+ 2. An expansion ${run{xxx}} where xxx was a successful command that produced
+ no output caused Exim to crash.
+
+ 3. Some artificial delays of 1 second existed when running in the test
+ harness, to ensure repeatability of debugging output. Now that we have
+ the millisleep() function, these can be shorter.
+
+ 4. Change 4.11/30 below overlooked the case when an address gets a 4xx
+ response from a server. Because this isn't a host problem, the host does
+ not get delayed, and it gets tried every time the address is OK'd for
+ routing, with the same reponse. However, if hosts_max_try is set, because
+ not all the hosts were tried, the address does not time out. I've changed
+ things so that if there is a 4xx response to a RCPT command, the host in
+ question does not count towards hosts_max_try if the message is older than
+ the host's maximum retry time. This means that other hosts are always tried
+ in this circumstance; if the address gets 4xx errors from all of them, it
+ will eventually time out.
+
+ 5. If a retry rule for a host had no actual retry times specified, it could
+ cause a crash when checking the ultimate address timeout. (Very old bug,
+ spotted in passing, so probably never bothered anybody.)
+
+ 6. Change 135 below broke the following scripts when a list of configuration
+ files was given: exicyclog, exim_checkaccess, eximon, exinext, and exiwhat.
+ In practice, if exim_path was not specified in the configuration file (a
+ common case), things would probably work OK. However, the use of
+ CONFIGURE_FILE_USE_NODE definitely did not work. These scripts have now
+ been updated to fix this problem. They now search for the configuration
+ file in the same way Exim itself does: for each name in the list, the
+ "noded" file is tried first, then the unsuffixed file.
+
+ 7. If a WARN verb in an ACL did not specify an explicit "message" modifier,
+ and was triggered by a failing sender or recipient verification, the
+ response that would have been sent as an SMTP message for a DENY verb was
+ incorrectly being added to the message's headers.
+
+ 8. I screwed up change 4.11/155. For lookup types whose names were prefixes of
+ other lookup types (e.g. nis and nisplus, dbm and dbmnz), the new search
+ function didn't do the correct comparison, meaning that the wrong lookup
+ type could be found.
+
+ 9. Solaris seems to be one of the LDAPs that doesn't have the lud_scheme
+ member of the LDAPURLDesc structure. Since the check that is made on it
+ is only to double check that a path is given for ldapi, I've just removed
+ the test in the Solaris case.
+
+10. The modified TextPop.c source in the Exim monitor had declarations of errno
+ and sys_nerr which never were actually referenced. The second of these
+ caused trouble on Darwin, so I've removed both of them. Why were they
+ there? Who knows? This is ancient X code...
+
+11. The DEFER ACL verb crashed if no "message" modifier was set.
+
+12. The check on incoming messages that gives the error "too many non-mail
+ commands" was too strict. In the case of Exim sending to Exim, when the
+ client has queued messages for the server and is using TLS, it will close
+ and re-initialize TLS between messages (because the client has to hand the
+ SMTP connection to a new process). STARTTLS was being counted as a non-mail
+ command, and therefore could cause the limit to be hit. The revised code
+ now allows for one RSET, one HELO or EHLO, and one STARTTLS between each
+ message without counting them as non-mail commands. (One RSET was
+ previously allowed - I *had* spotted that case.)
+
+13. Some log lines for rejections by ACL were putting ident values in
+ parentheses instead of using U= after H=. (There are some other lines that
+ do use parens, typically when the host name appears without H= within a
+ message. This whole area could perhaps do with tidying up.)
+
+14. When processing a redirection file happens in a subprocess (typically so
+ that a .forward file is processed as the user), Exim was assuming that a
+ call to wait() would always reap the subprocess, and it was failing to
+ check the result. In theory, a signal of some sort occurring at the wrong
+ time could break this assumption - the process was then left unreaped, and
+ could possibly be picked up later during deliveries, thus confusing that
+ code ("processes got out of step"). This is conjecture - I haven't got a
+ definite test of this. However, I have fixed the code to repeat the wait
+ after a signal.
+
+15. When Exim was waiting for a remote delivery subprocess, and the waitpid()
+ call found a process that was not in the list of remote delivery processes,
+ Exim gave up waiting for remote processes. It is probably better just to
+ ignore the unexpected process (though, of course, write to the main and
+ panic logs) and to wait for another process, and so that is what now
+ happens. If the error situation is caused by failed waiting logic for
+ routing or local delivery processes, this approach will minimize bad
+ behaviour, I hope.
+
+
+Exim version 4.11
+-----------------
+
+ 1. Ignore trailing spaces after numbers in expansion comparisons such as
+ ${if > { 5 } { 4 } ... (leading spaces were already ignored).
+
+ 2. Two variables, $warnmsg_delay, and $warnmsg_recipients, had got left with
+ their old Exim 3 names, when I meant to change to "warn_message", along
+ with the warn_message_file option. They have now been changed. The old
+ names remain as synonyms, but will be undocumented in due course.
+
+ 3. The message "This message was created automatically by mail delivery
+ software (Exim)." still confuses people. If they are sufficiently Internet-
+ ignorant, they think the message has come from exim.org. At first, I
+ changed thw wording to "This message was created automatically by mail
+ delivery software (Exim) running on a mail server handling mail for <the
+ qualify domain>." in the hope that that might be better. However, in
+ testing that still proved confusing on servers handling multiple domains.
+ The message has now reverted to the original, simple wording: "This message
+ was created automatically by mail delivery software."
+
+ 4. It has been discovered that, under Linux, when a process and its children
+ are being traced by "strace -f", the children are stolen from the parent
+ while they are being traced. A call to waitpid(-1,&x,NOHANG), which Exim
+ uses to test for the completion of "any of my children" in a non-blocking
+ manner, returns as if there are no children in existence. Exim used treat
+ this as a serious unexpected error state. What it does now is to use
+ kill(pid,0) to check explicitly for the continued existence of any of its
+ children. If it finds any, it assumes it is being traced, and proceeds as
+ if the return from waitpid() had been "none of your children have finished
+ yet". If it can't find any children, it gives the error as before.
+
+ 5. When Exim creates hints databases and their lock files as root, it needs to
+ change their ownership to exim. In Exim 3, the function to open a hints
+ database wasn't called as root very often, and the check "are we running as
+ root?" would usually fail. However, because Exim 4 eschews the use of
+ seteuid(), it runs all its routing as root, and this always calls the hints
+ database opening function. It wasn't noticing when it was actually creating
+ the database, and so it was running chmod() on all the files in the db
+ directory every time. This does no harm, of course, but wastes resources.
+ Exim now detects when the database was already in existence by opening
+ without O_CREAT at first. If this succeeds, it doesn't do the root test.
+
+ 6. The line in MakeLinks that creates a link for direct.c had been
+ accidentally left in (cf 4.03/6).
+
+ 7. The value of $0 in the replacement in a rewriting rule was being corrupted,
+ leading to incorrect results or error diagnostics.
+
+ 8. Added support for ldapi:// URLs to the LDAP lookups (OpenLDAP only). Also,
+ re-organized the code to use ldap_initialize() with OpenLDAP in all cases
+ (it seems to be preferred).
+
+ 9. With OpenLDAP 2.0.25, ldaps:// doesn't seem to work unless the LDAP
+ protocol level is set to 3. This is now standard in the Exim code, as v3
+ has been around for 5 years now. Testing ldaps:// is now included in the
+ Exim test suite. Although earlier versions claimed to support it, I rather
+ suspect that it never worked.
+
+10. Inserted some checking of the syntax of the IP address given as the first
+ argument to the exim_checkaccess utility. This gives a better error
+ message, especially in the case when somebody gets the arguments in the
+ wrong order.
+
+11. Improved the panic log entry if an unsupported format type is passed to
+ string_vformat() (now gives the whole format string, not just the little
+ bit that's wrong).
+
+12. Ever since its early days, Exim has checked the syntax of non-SMTP
+ addresses according to RFC [2]822 rules, rather than the stricter RFC
+ [2]821 rules that it uses for SMTP. This allows for a wider set of
+ characters in domains. This has now caused a problem, because I forgot
+ about it when making some changes to the format of spool files (see
+ 3.953/44, 4.03/10, and 4.04/1). I can't believe that anybody actually makes
+ use of this feature (which isn't documented), so I have removed it. All
+ domains must now conform to RFC [2]821 rules. A non-SMTP message with a
+ domain that would previously have been accepted will now be bounced.
+
+13. If widening a domain in a dnslookup router made it syntactically invalid,
+ the error message quoted the original domains instead of the widened
+ domain.
+
+14. During a queue run initiated by -R or -S (or by -i when the use of message
+ logs is disabled), if Exim encountered a message with certain
+ characteristics (including text for $local_scan_data, and the setting of
+ the "manually thawed" flag), this data was not correctly reset for
+ subsequent messages. So if they didn't have those settings themselves,
+ strange things could occur.
+
+15. With the "percent hack" enabled for percenthack.domain, if a message had
+ two addresses such as X%some.domain@percenthack.domain and X@some.domain,
+ Exim was not recognizing the duplication, and was making two deliveries
+ instead of one.
+
+16. The output from verification (for -bv and VRFY) used to list a child
+ address when verification was applied to children (this happens, for
+ example, for aliases that generate just a single child). Now it lists only
+ the original address.
+
+17. Changes 34 and 35 of 4.10 did not wholly solve problems with widened
+ domains. The following bug still existed:
+
+ . A recipient address was abbreviated (e.g. one component).
+ . A dnslookup router caused it to be widened.
+ . The new domain was a local domain.
+ . The address was redirected to itself.
+
+ At this point, Exim thought it was a duplicate, and discarded it.
+
+ This whole thing turned out to be a large can of worms, so I have reworked
+ the address widening code. This should get rid of all these problems.
+ Widening now appears similar to redirection, with the unwidened address
+ becoming a proper parent address. As part of this, there has been some
+ general re-organization of the way addresses are handled.
+
+18. When a filter generated only "unseen" deliveries, the normal delivery that
+ happened subsequently lost any value of address_data that was previously
+ set. The handling of values like that that are propagated from parents to
+ children has been reworked.
+
+19. Added smtp_return_error_details and the check_postmaster option for address
+ verification callouts.
+
+20. Long SMTP responses (from ACL messages or wherever) are now automatically
+ split up into multi-line responses if possible. The split happens at an
+ occurrence of ": " if present after 40 characters. Otherwise it happens at
+ the last space before 75 characters. Existing newlines in the message are
+ taken into account.
+
+21. When verify = header_sender is set, a different error message is now given
+ if a syntax is detected, as opposed to failure to verify.
+
+22. Extended the general mechanism for ${quote_lookuptype:...} expansions by
+ allowing for an option to be given after the lookup name, for example
+ ${quote_ldap_dn:...}. Unrecognized options cause errors.
+
+23. Re-worked the quote_ldap expansion items to provide two different kinds of
+ quoting, since the requirements of filter strings and DNs are different.
+ Sigh. Arranged for the DN given in the USER= setting to be de-URL-quoted
+ because not all libraries do it themselves.
+
+24. The handling of responses from LDAP searches wasn't right. It was detecting
+ situations of the form "ldap_result failed internally or couldn't provide
+ you with a message" but not "the server has reported a problem with your
+ search". This has now been tidied up (thanks, Brian). Problems of the
+ latter kind are now handled as follows:
+
+ (1) For LDAP_SIZELIMIT_EXCEEDED, the truncated list of results is
+ returned. This is what happened before.
+
+ (2) For a small set of errors that, in effect, mean "that object does
+ not, or cannot, exist in the database", the lookup fails. This is
+ also as before.
+
+ (3) For other problems, the lookup defers, giving the LDAP error.
+
+25. Added $ldap_dn to hold the DN of the last entry retrieved in the most
+ recent LDAP lookup.
+
+26. Exim was not checking for the LDAP_INVALID_CREDENTIALS error when
+ ldap_bind() failed during an ldapauth call. With (at least) OpenLDAP2, the
+ connection to the server doesn't happen until ldap_bind(), so failures to
+ connect were being treated as authentication failures, and given hard
+ errors. Now, all errors other than LDAP_INVALID_CREDENTIALS are treated the
+ same way for all calls to ldap_bind(), whether ldaputh or otherwise. They
+ lead to temporary errors - if there are more servers, they will be tried.
+
+27. If there was a reference to a non-existent named list, for example, a
+ setting such as "senders = +something", but no lists of that type were
+ actually defined, Exim misbehaved. For an address list, it treated the name
+ as a domain list. For a domain list, it just didn't match. Now it gives a
+ panic error about a non-existent named list (as it always did if there were
+ named lists of the appropriate type). The error now tells you what type of
+ list it thought it was looking for.
+
+28. When -bt or -bv is used by a non-admin user, and there is some kind of
+ DEFER (e.g. database unreachable), details of the failure are no longer
+ given, because they may include private data such as the password for an
+ LDAP lookup.
+
+29. The logic for using a remote host name as a key for looking up retry rules
+ in preference to the domain of the email address was broken. It wouldn't
+ find such retry rules.
+
+30. There were some problems with the action of hosts_max_try in the smtp
+ transport where there were indeed more hosts available than the limit.
+
+ (a) Exim used to time out an address out if all the hosts that were tried
+ were past their retry limits, ignoring the state of any hosts that were
+ not tried because the hosts_max_try limit was reached. Now it won't
+ time out an address unless all its hosts are actually considered and
+ are past their retry limits.
+
+ (b) Hosts that are past their retry limits are no longer counted for
+ hosts_max_try. This means that when some hosts are in this state, a
+ greater number of hosts are tried than before, but this is the only way
+ to ensure that all hosts are considered before timing out an address.
+
+ (c) When the hosts_max_try limit is reached, Exim now looks down the host
+ list to see if there is a subsequent host with a different MX. If there
+ is, that host is used next, and the current host is not counted. More
+ details in NewStuff.
+
+31. The source for spa authentication (taken from the Samba project) used the
+ type "int16". This has caused compilation problems in some systems that
+ happen to have a different definition of it. (Naughty, naughty, non-
+ standard.) I've renamed all the defined types by adding "x" on the end.
+
+32. When a delivery that used authentication was run with -v (which an
+ unprivileged user can use) it included the authentication data when it
+ showed the SMTP transaction. Such data is now replaced by asterisks in any
+ reflection of the SMTP commands. This also applies if the command is logged
+ as a result of an error response.
+
+33. Some little problems in queue runs:
+
+ (a) The reading end of the synchronising pipe was being left open in the
+ delivery subprocess. This caused no harm, but used up a file
+ descriptor till that series of deliveries was done.
+
+ (b) If the load level got high enough to abandon a queue run, the
+ synchronizing pipe was accidentally not closed. Normally, this wouldn't
+ matter, because the queue runner process would finish any way, but...
+
+ (c) If split_spool_directory was set without queue_run_in_order, the code
+ for abandoning a queue run because of too high load didn't stop
+ cleanly. Instead, it went on to look at the remaining subdirectories.
+ Each one would then notice the high load, and abort. Not only was this
+ a waste of time, but because of (b) above, it used up one file
+ descriptor per subdirectory. With up to 62 subdirectories, this could
+ hit the limit of file descriptors if it was as low as 64 (which it
+ sometimes is).
+
+34. Added SYSTEM_ALIASES_FILE to the build-time configuration, and the ability
+ to set ROOT= when installing. Removed installation instructions for the
+ info version of the overview document, because that document no longer
+ exists for Exim 4.
+
+35. Added a total line to exiqsumm.
+
+36. convert4r4 can now handle "optional" for single-key lookups in aliasfile
+ directors.
+
+37. Change 4.03/25 (making convert4r4 double colons in require_files lists) was
+ incomplete. It worked for routers, but not for directors.
+
+38. After verify=recipient in an ACL, the value of $address_data is the last
+ value that was set while routing the address.
+
+39. Included eximstats 1.22.
+
+40. If a delivery of another message over an existing SMTP connection yields
+ DEFER, we do NOT set up retry data for the host. This covers the case when
+ there are delays in routing the addresses in the second message that are so
+ long that the server times out. This is alleviated by not routing addresses
+ that previously had routing defers when handling an existing connection,
+ but even so, this case may occur (e.g. if a previously happily routed
+ address starts giving routing defers). If the host is genuinely down,
+ another non-continued message delivery will notice it soon enough.
+
+41. Added quota_directory to appendfile.
+
+42. Changed the order of processing configuration input lines. Previously, it
+ was comment, .include, continuation, macro expansion, comment again (in
+ case a macro turned a logical line into a comment). This meant that macros
+ could not be used in .include lines. The order is now macro, comment,
+ .include, continuation. That is, macro expansion is done on physical lines,
+ not on logical lines.
+
+43. Improved the error message if an option-setting line in the configuration
+ does not start with a letter. (It used to say 'option "" unknown'.)
+
+44. Allow -D to set a macro to the empty string. Previously it would have
+ moved on to the next commandline item. This seems pointless. Either -DXX or
+ -DXX= sets an empty string.
+
+45. Changed OS/Makefile-FreeBSD thus:
+
+ EXIWHAT_MULTIKILL_CMD='killall -m'
+ EXIWHAT_MULTIKILL_ARG='^exim($$|-[0-9.]+-[0-9]+$$)'
+
+ This is because, with the Exim standard installation using a symbolic link,
+ the name of the running program is not "exim" but (e.g.) "exim-4.10-1".
+
+46. An Exim server now accepts AUTH or STARTTLS commands only if their
+ availability has been advertised in response to EHLO.
+
+47. A few source changes to avoid warnings from very picky compilers that don't
+ complain about unset variables when the only setting is by passing the
+ address to another function.
+
+48. Added -d+pid to force the adding of the pid to all debug lines. Default it
+ on when the daemon is run with any debugging turned on. (Pids are still
+ automatically added when multiple deliveries are run in parallel.)
+
+49. Included Matt Hubbard's exiqgrep utility.
+
+50. Give error for two routers, transports, or authenticators with the same
+ name. (It already caught duplicate ACLs.)
+
+51. If a host has more than MAX_INTERFACES interfaces (common for hosts with a
+ slew of virtual interfaces), and Exim had to find the list of local
+ interfaces, it ran off the end of the list that the ioctl returned. I had
+ assumed the length would be set to correspond to the amount of data
+ returned - but in at least one OS it is set to the actual number of
+ interfaces, even if they don't all fit in the buffer.
+
+52. Nit-picking changes to store.c. It was assuming the length of the
+ storeblock structure would be a multiple of the alignment, which is almost
+ certainly "always" true. However, just in case it might not be it is now
+ rounded up. For some long-forgotten reason, Exim was getting blocks of
+ store of the size (8192 - alignment), which seems strange. I've changed it
+ to plain 8192.
+
+53. Added functions to compute SHA-1 digests, added the ${sha1: expansion
+ operator, added support for {sha1} to crypteq.
+
+54. When local_scan() times out, include the message size in the log line.
+
+55. If a pipe transport had no command specified, and the address also had
+ no command associated with it, the transport process crashed. Now it defers
+ with a suitable message.
+
+56. An Exim server output mangled junk if it received a HELP command on an
+ TLS-encrypted session.
+
+57. The output from -bV (and at the start of debugging) now lists the optional
+ items included in the binary (which routers, etc). The debugging output now
+ includes the name of the configuration file at its start.
+
+58. Added support for GnuTLS as an alternative to OpenSSL.
+
+59. Give a configuration error if tls_verify_hosts is set, but tls_verify_
+ certificates is not set. It doesn't make sense to require some hosts to
+ verify if there's nothing to verify against.
+
+60. A pipe transport may now have temp_errors = * to specify that all errors
+ are to be treated as temporary.
+
+61. The lmtp transport can now handle delivery to Unix domain sockets.
+
+62. Added support for flock() to appendfile, for those operating situations
+ that need it. Not all OS support flock().
+
+63. It seems that host lists obtained from MX records often turn out to have
+ duplicate IP addresses, especially for large sites with many MXs and many
+ hosts. Exim now removes duplicate IP addresses. (Previously, it removed
+ only duplicate names.)
+
+64. If ${readfile was inside a substring that was not part of the final
+ expansion value (because its condition wasn't met), Exim still tried to
+ read the file. This made an "exists" test for the file useless.
+
+65. Added ${readsocket to the expansion facilities.
+
+66. It is now possible to set errors_to to the empty string in routers.
+
+67. Added disable_logging as a generic transport and a generic router option.
+
+68. Applied Stefan Traby's patch to support threaded Perl. As I don't have a
+ threaded Perl, I can't test that this fixed the problem, but it doesn't
+ appear to break the non-threaded case.
+
+69. For SPA (NTLM) client authentication, the options are now expanded.
+
+70. Added support for SPA server authentication, courtesy of Tom Kistner.
+
+71. Latest versions of TCPwrappers use the macro HAVE_IPV6 inside the tcpd.h
+ header, it appears, and this clashes with Exim's use of that macro.
+ Renaming it for Exim is an incompatible change, so instead I've just
+ arranged that HAVE_IPV6 is undefined while including the tcpd.h header.
+
+72. Mac OS 10.2 (Darwin) has IP option support that looks like the later
+ versions of glibc, but without the __GLIBC__ macro setting. I've added a
+ new macro called DARWIN_IP_OPTIONS, and tidied up the code in smtp_in.c to
+ simplify the handling of the three different ways of doing this.
+
+73. If no "subject" keyword is given for a "vacation" command in a filter, the
+ subject now defaults to "On vacation".
+
+74. Exim now counts the number of "non-mail" commands in an SMTP session, and
+ drops the connection if there are too many. The new option
+ smtp_accept_max_nonmail option defines "too many". This catches some DoS
+ attempts and things like repeated failing AUTHs.
+
+75. Installed configuration files for OpenUNIX.
+
+76. When a TLS session was started over a TCP/IP connection for LMTP, Exim was
+ sending EHLO instead of LHLO after the encrypted channel was established.
+
+77. When an address that was being verified routed to an smtp transport whose
+ protocol was set to LMTP, the SMTP callout used EHLO instead of LHLO.
+
+78. Installed eximstats 1.23 in the distribution.
+
+79. Installed a new set of Cygwin-specific files from Pierre Humblet.
+
+80. Added caching for callout verification.
+
+81. Added datestamped logs and $tod_logfile.
+
+82. When Exim starts up with root privilege, set a high limit (1000) for the
+ number of files that can be open and the number of processes that can be
+ created (on systems where this is possible), in case Exim is called from a
+ restricted environment.
+
+83. Minor bugfix in appendfile: when renaming failed for a file whose name was
+ extended with a tag, the untagged name was shown in the error message.
+
+84. If Exim's retry configuration was changed so as to bounce a certain
+ delivery failure immediately, for example to bounce quota errors:
+
+ * quota
+
+ and there were messages on the queue that had previously been deferred
+ because of this error, Exim crashed when trying to deliver them in a queue
+ run. Now it will make one more delivery attempt and bounce on failure.
+
+85. Fixed an obscure problem that arose when (a) an address was redirected
+ to itself, AND (b) the message was not delivered at the first attempt, AND
+ (c) the pattern of redirection was changed at the next delivery attempt.
+ When an address is redirected to the same address, Exim labels the new
+ address as "2nd generation", and so on, in order to distinguish these
+ homonym addresses from each other. Previously, it recorded the delivery of
+ a homonym address as a delivery of the appropriate generation. This does
+ not work if the generation numbers change at the next delivery attempt. The
+ symptoms can be either duplicated deliveries, or missing deliveries,
+ depending on the configuration.
+
+ A real-life example is a configuration that takes "unseen" copies of
+ messages at certain times only, because an "unseen" router in effect does a
+ redirection to a modified address (the unseen delivery) and to the original
+ address (for normal delivery). Thus the normal delivery can be either the
+ 1st or 2nd generation, depending on whether or not the unseen router is
+ triggered at the time of delivery.
+
+ The fix is not to record a delivery to a homonym address as such, but
+ instead to record a delivery to the original address by the final
+ transport. If the same address is subsequently routed to the same transport
+ (whichever generation it now is), the delivery is discarded because it has
+ already happened. Homonym addresses that are themselves redirected are now
+ never recorded as "done", but non-homonym addresses are unaffected, so they
+ are marked when all their children are complete (as before), thus saving
+ an unnecessary subsequent expansion.
+
+ The fix causes more routing processing to be done when homonyms are in use
+ and a message is not delivered at the first attempt, but this is not
+ expected to be very common, and the extra processing isn't all that much.
+
+86. Make sure Exim doesn't overrun the buffer if an oversize packet is received
+ from a nameserver.
+
+87. Added argument-expanding versions of hash, length, nhash, and substr
+ expansions.
+
+88. The API for Berkeley DB changed at release 4.1. Exim now supports this
+ release.
+
+89. When a host was looked up using gethostbyname() (or the more recent
+ getipnodebyname() on IPv6 systems), Exim was not inspecting the error code
+ on failure. Thus, any failure was treated as "host not found". Exim now
+ checks for temporary errors, so the behaviour of "byname" and "bydns"
+ lookups in this respect should be the same. However, on some OS it has been
+ observed that getipnodebyname() gives HOST_NOT_FOUND for names for which a
+ DNS lookup gives TRY_AGAIN. See also change 125 below.
+
+90. Minor rewording of ACL error for attemted header check after RCPT.
+
+91. When USE_GDBM was set, exim_dbmbuild wasn't working properly (still assumed
+ NDBM compatibilify interface); similarly in dbmdb lookups when ownership
+ was being tested.
+
+92. If a Reply-To: header contained newlines and was used to generate
+ recipients for an autoreply, the log line for the autoreply "delivery" had
+ unwanted newlines. Such newlines are now turned into spaces.
+
+93. When a redirect router that has the "file" option set discovers that the
+ file does not exist (the ENOENT error), it tries to stat() the parent
+ directory, as a check against unmounted NFS directories. If the parent
+ can't be statted, delivery is deferred. However, it seems wrong to do this
+ check if ignore_enotdir is set, because that option tells Exim to ignore
+ the error "something on the path is not a directory" (the ENOTDIR error).
+ In fact, it seems that some operating systems give ENOENT where others give
+ ENOTDIR, so this is a confusing area.
+
+94. When the rejectlog was cycled, an existing Exim process was not noticing,
+ and was therefore not opening a new file.
+
+95. If expansion of an address_data setting was forced to fail, and debugging
+ was enabled, a debugging statement tried to print an undefined value
+ instead of the string that was being expanded. This could cause a crash.
+
+96. When Berkeley DB version 3 or higher is in use, a callback function is now
+ set up to log DB error messages that are passed back.
+
+97. The conditions in the Makefile for rebuilding the exim_dbmbuild utility
+ were wrong, leading to failures to rebuild when it should have done.
+
+98. Added -no_chown and -no_symlink options to the exim_install script. Also
+ arranged for the environment variable INSTALL_ARG to be passed over
+ from "make install".
+
+99. Exim sets the IPV6_V6ONLY option on IPv6 listening sockets on operating
+ systems that support it. The call to setsockopt() to do this had SOL_SOCKET
+ instead of IPPROTO_IPV6 as its second argument (and so wouldn't work).
+
+100. When a frozen message was timed out by timeout_frozen_after, the system
+ filter was incorrectly being run for the message before it was thrown
+ away.
+
+101. If a filter used $thisaddress in an argument to a pipe command, its value
+ was not inserted where expected, because the expansion of a pipe command
+ does not happen till transport time, and $thisaddress was not being saved.
+ It is now saved (along with $1, $2, etc, which were already being saved),
+ and reinstated at transport time.
+
+102. Added host grouping for randomizing to manualroute and smtp. A host list
+ that is randomized by manualroute is never re-randomized by smtp. Two
+ host lists that are randomized by manualroute are now treated as "the
+ same" when checking for possible multiple deliveries in one SMTP
+ transaction (this was always true for MX'd host lists).
+
+103. Added "randomize" and "no_randomize" options to manualroute.
+
+104. Added ${hmac expansion item.
+
+105. When compiling with gcc, make use of its facility for checking printf-like
+ function calls (debug_printf and smtp_printf). This would have found the
+ problem in 95 above. It actually found a number of missing casts to (int)
+ in debug lines, and one spurious additional argument.
+
+106. Created an ACKNOWLEDGEMENTS file, which I will endeavour to update in
+ future.
+
+107. Minor modification to Makefile: when a command that starts off "cd xxx;"
+ is followed by another command (on the next line), put the first one in
+ parentheses so that if a "clever" make program amalgamates them, the
+ change of directory is turned off when it should be.
+
+108. If log_timezone is set true, the timestamps in log files now include the
+ timezone offset. A new variable $tod_zone contains the offset. The exigrep
+ utility has been updated to handle timestamps with offsets. The eximstats
+ version included with this release (1.23) has been patched to handle
+ timestamps with offsets. There is also a new -utc option that specifies
+ the timestamps are in UTC. The Exim monitor has been modified so that it
+ omits the zone offset from its display.
+
+109. If the expansion of an errors_to option is forced to fail, the option is
+ ignored.
+
+110. Added $load_average.
+
+111. Added router_home_directory generic router option.
+
+112. Exim crashed on an attempt to check senders or sender domains in an ACL
+ other than after RCPT or DATA. It's now a temporary error.
+
+113. \r was omitted before \n in the SMTP failure response for EHLO/HELO
+ argument checking.
+
+114. On receiving EHLO or HELO, Exim was resetting its state before checking
+ the validity of the command. However, RFC 2821 says that the state should
+ not be changed if an invalid EHLO/HELO is received, so Exim has been
+ changed to conform. This applies mainly when there is more than one
+ EHLO/HELO command in a session.
+
+115. When an Exim root process wrote to a log file, and the log file did not
+ already exist, Exim used to create it as root, and then change its
+ ownership to exim:exim. This could lead to a race condition if several
+ processes were trying to log things at the same time; this happens
+ especially when the exiwhat utility is used. I've changed things so that,
+ if an Exim root process needs to create a log file, it does so in a
+ subprocess that is running as exim:exim.
+
+116. When running filter tests (-bf and -bF) Exim now changes the current
+ directory to "/" so that any assumptions about a particular current
+ directory are false.
+
+117. The appendfile transport was doing the quota_threshold check before
+ actually writing the message. However, the act of writing the message
+ could make it longer by the addition of prefix, suffix, or additional
+ headers. This meant that quota warning could be missed if the basic length
+ of a message kept the mailbox below the threshold, but the transport
+ additions took it over. The warning threshold check is now done after
+ writing the message, when an accurate size is known.
+
+118. If all verifications for verify = header_sender deferred, the log was
+ "temporarily rejected after DATA", without saying why. Now it adds "all
+ attempts to verify a sender in a header line deferred".
+
+119. Added message_id_header_domain option.
+
+120. Ignore message_id_header_text forced expansion failure.
+
+121. Typos: "uknown" in acl.c; missing NULL initialized in drtables.c.
+
+122. When return_size_limit was set greater than zero but smaller than an Exim
+ transport buffer size (so that only one buffer would be written), a
+ message that was longer than the limit could be omitted from the bounce
+ entirely under some circumstances. In other cases, the final buffer full
+ before truncation could be omitted.
+
+123. The inode variables in log.c were of type int with -1 for unset; they
+ have been changed to ino_t with 0 for unset.
+
+124. There are two Makefiles for NetBSD (for different object formats). They
+ were originally supplied in a format where one .included the other. The
+ problem with this has finally surfaced: when processing the Makefile to
+ build config.h, the inclusion isn't seen. The easy way out has been taken:
+ there are now two fully independent files. At the same time, HAVE_IPV6 has
+ been added to both of them.
+
+125. Changed the default way of finding an IP address in both the manualroute
+ and queryprogram routers. Exim now does a DNS lookup; if that yields
+ HOST_NOT_FOUND, it tries calling getipnodebyname() (or gethostbyname()).
+ See also change 89 above.
+
+126. Fixed a race bug in the loop that waits for a delivery subprocess to
+ complete. After reading all the data from, and then closing, the pipe, it
+ assumed that a call to waitpid() for the known pid would always return
+ status for that process. An unfortunately timed signal (e.g. SIGUSR1 from
+ exiwhat) could cause waitpid() to return -1/EINTR instead. The effect of
+ this was to remain in the loop and call FD_SET() with an argument of -1.
+ On Solaris it caused a crash; on other systems it might have looped.
+
+127. If an ACL that was read from a file was used in more than one message in a
+ single SMTP transaction, Exim could crash or misbehave in arbitrary ways.
+ The problem was that the ACL was remembered in memory that was thrown away
+ at the end of the first message. In fixing this, I've done a bit of
+ refactoring of the way memory allocation works, to provide a non-malloc
+ allocator for small blocks of data that must be kept for the life of the
+ process. There's a new function store_get_perm() and I've reintroduced a
+ second storage pool (previously dropped on the 3->4 conversion). A number
+ of instances of malloc calls for small amounts of memory have been changed
+ to use this instead. It might be a tad more efficient. Then again, it
+ might not...
+
+128. A similar problem to 127: memory corruption could occur for multiple
+ messages in one SMTP connection if the data from DNS black list lookups
+ was being used in log or user messages, e.g. references to $dnslists_text.
+
+129. Blanks lines and comments are now ignored in ACLs that are read from
+ files.
+
+130. Two instances of missing \n in debug output.
+
+131. The new debugging tag +timestamp causes a timestamp to be added to each
+ debug output line.
+
+132. Some debug information is written in multiple calls to debug_printf(),
+ with a newline only on the last one. When debugging multiple simultaneous
+ processes, the pid was added to each debug text, and for this reason, a
+ newline was always forced. Now Exim buffers up debug output until the
+ newline is reached, which makes things look much tidier. Also, if there
+ are internal newlines and prefix data such as a pid or timestamp are being
+ added, the prefix is inserted at the internal newlines.
+
+133. When running in the test harness, arrange to overwrite all memory that
+ is released or freed, so that bugs are more easily found. This picked up
+ the following bug:
+
+134. Expansion error messages were left in released store, so could have been
+ overwritten - but in fact most are used immediately, before this happened.
+
+135. A list of configuration files can be given; the first one that exists is
+ used.
+
+136. Moved the code that ensures that newly-created hints databases and their
+ lockfiles are owned by exim:exim so that it runs before the test for
+ successful opening, because a case was reported where the file itself was
+ created, but the DBM library returned an opening error.
+
+137. If an address is redirected to just one child address, verification
+ continues with the child address. However, if verification of the child
+ failed because of (for example) a :fail: redirection, the error message
+ did not get passed back as it would have been had the original address
+ failed. The error information is now passed back for both fail and defer
+ responses.
+
+138. Added $rcpt_defer_count and $rcpt_fail_count.
+
+139. Added "rejected_header" log selector.
+
+140. Added the cannot_route_message generic router option.
+
+141. Change 87 above introduced a bug in the expansion of substrings when the
+ offset was greater than the length of the string, for example
+ ${substr_1:}. Exim crashed instead of returning an empty string.
+
+142. Added extra features to ACLs: the "drop" and "defer" verbs, and the
+ "delay" and "control" modifiers (the latter with "freeze" and
+ "queue_only").
+
+143. If Exim failed to create a log file, it used to try to create the superior
+ directories only if the logs were being written in the spool directory.
+ Now it tries in all cases, but always from a process running as the exim
+ user.
+
+144. Added $authentication_failed.
+
+145. Added $host_data for use in ACLs.
+
+146. Added new ACLs for non-SMTP messages, SMTP connection, MAIL, and STARTTLS.
+
+147. Added a number of new features to the local_scan() API:
+ Access to debug_printf() and the local_scan debug selector
+ Direct access to the message_id variable
+ LOCAL_SCAN_REJECT_NOLOGHDR and LOCAL_SCAN_TEMPREJECT_NOLOGHDR
+ Access to store_get_perm() and store_pool (see 127 above)
+ Access to expand_string_message
+ Option settings in the main configuration file
+ LOCAL_SCAN_ACCEPT_FREEZE and LOCAL_SCAN_ACCEPT_QUEUE
+ LOG_PANIC to write to the panic log
+ Access to host_checking
+ Supporting functions lss_match_xxx() for matching lists
+
+148. Minor security problem involving pid_file_path (admin user could get root)
+ has been fixed.
+
+149. When an ACL contained a sender_domains condition with a reference to a
+ named domain list, the result of the check was not being cached (an
+ oversight).
+
+150. Allowed for quoted keys in lsearch lookups; this makes it possible to have
+ whitespace and colons in keys.
+
+151. Added wildlsearch lookup.
+
+152. Yet another new set of configuration files for Cygwin from Pierre Humblet.
+
+153. Ensure that log_file_path contains at most one instance of %s and one
+ instance of %D and no other % characters.
+
+154. Added $tls_certificate_verified.
+
+155. Now that the list of lookup types has got so long (and more are in
+ prospect) arrange to search it by binary chop instead of linear search.
+
+156. Added passwd lookup.
+
+157. Added simple arithmetic in expansion strings.
+
+158. Added the ability to vary what is appended for partial lookups.
+
+159. Made base 64 encode/decode functions available to local_scan.
+
+
+Exim version 4.10
+-----------------
+
+ 1. Added HAVE_SA_LEN=YES to the OS/Makefile-Darwin file, because it needs it
+ (unsurprising, as it's based on FreeBSD).
+
+ 2. Removed the HTML versions of the PCRE and pcretest documentation from the
+ distribution tarbundle, and instead included them in the HTML tarbundle,
+ linked to the overall index file.
+
+ 3. The code for computing load averages was broken in 64-bit Solaris.
+
+ 4. Make the default ACL refuse local parts that start with a dot.
+
+ 5. LDAP binds with an empty password are considered anonymous regardless of
+ the username and will succeed in most configurations. Exim has been changed
+ so that the LDAP authentication (the ${if ldapauth... condition) always
+ fails when an empty password is used.
+
+ 6. Remove quoting from rbl_domains when used in an ACL by the convert4r4
+ script.
+
+ 7. A lookup entry in a list that had spaces after the lookup type, e.g.
+ "lsearch; /etc/relaydomains" was including the space as part of the file
+ name.
+
+ 8. Give an error if EXIM_USER or EXIM_GROUP contains control characters (it
+ happened when somebody had CRLF terminations in Local/Makefile, which
+ messed up the "unknown user" error message).
+
+ 9. Ensure recipient address appears in log line for internal pipe problems
+ during redirection.
+
+10. Tidies to code for calls to fork(): (a) 3 typos of "<=" that should have
+ been "<" (but would have no actual effect). (b) 2 cases of fork() failures
+ not being logged: during -M for multiple messages, and for auto-delivery
+ of incoming messages.
+
+11. A reference to any header line that contains addresses (e.g. $h_to:) caused
+ a crash if the header was empty. Change 46 for 4.05 introduced this bug.
+
+12. If a system filter file was defined as a non-absolute path, but system_
+ filter_user was undefined, Exim's behaviour was undefined. It could, for
+ example, discard all deliveries, thinking the system filter had overridden
+ them all. Delivery is now deferred, with a message written to the panic
+ log.
+
+13. If a redirection file (or system filter file when system_filter_user was
+ set) was defined as a non-absolute path containing no slash characters,
+ Exim crashed.
+
+14. Added $rcpt_count, containing the number of RCPT commands received during
+ an SMTP transaction. This differs from $recipients_count when some of the
+ RCPTs are rejected.
+
+15. Added $pid, containing the pid of the current process.
+
+16. Fixed uninitialized variable warning in eximstats for relayed messages when
+ there was no sending host name (logged as H=[n.n.n.n]). There's no change
+ of output.
+
+17. The exiqusumm script failed horribly if it encountered a message that had
+ been on the queue for 100 days or more.
+
+18. Added the message_logs option for suppressing the writing of message logs.
+
+19. Allow local_scan() to change the errors_to setting on recipient addresses.
+ (This was made trivially possible because of change 10 in 4.03.)
+
+20. Convert4r4 changed: if forbid_pipe is set on a forwardfile director, also
+ set forbid_filter_run on the generated redirect router.
+
+21. In the Makefile, $(INCLUDE) was preceding the -I. item that refers to
+ Exim's own include files. This caused a conflict with an external library
+ that also happened to have a config.h file. Exim saw the wrong file, and
+ chaos ensued. I've moved the -I. item in the relevant lines so that it
+ comes before $(INCLUDE).
+
+22. Added $acl_verify_message to contain any existing user message when
+ expanding the "message" modifier in an ACL.
+
+23. Changed the default argument for egrep when called in exiwhat to find
+ Exim processes. It is now ' exim( |$$|-)' instead of ' exim( |$$)' so that
+ it works on OS where the true file name appears.
+
+24. In the plaintext authenticator, server_prompts was not being expanded, as
+ documented. It now is.
+
+25. The exinext script was outputting in an incorrect format for routing
+ delays. It said "deliver" when it should have said "route", and the layout
+ of the text was screwed up. In fact, "deliver" is not the right word
+ anyway. I've changed it to "transport". Also removed redundant code for
+ "directing" delays, because these can't occur in Exim 4.
+
+26. Fixed some problems concerned with retrying address errors in remote
+ deliveries:
+
+ (a) I'd overlooked temporary address errors, and assumed that all the
+ retry items would be for host errors, and therefore on the first
+ address when multiple RCPTs were involved. Consequently, no retry
+ record was written for second and subsequent addresses if they
+ received a 4xx error. Thus, these addresses wouldn't be delayed
+ after such a delivery failure.
+
+ (b) A temporary address error causes a routing delay; when the address
+ is eventually tried again, and routing succeeds, the retry record is
+ flagged for deletion. If the address gets another temporary error,
+ the retry record got updated, and then deleted. Thus, temporary
+ address errors were not being delayed and would be tried on every
+ queue run.
+
+27. A minor code tidy for the CRAM-MD5 authenticator.
+
+28. Some OS have a command to select processes by the name of the command they
+ are running, and send a signal to them. Linux and FreeBSD have "killall";
+ Solaris has "pkill" (it also has "killall", but that does something
+ disastrously different). Using such a command makes "exiwhat" more
+ efficient, and reduces the chances of it trying to signal a non-existent
+ process. There are now two build-time parameters, EXIWHAT_MULTIKILL_CMD and
+ EXIWHAT_MULTIKILL_ARG, which can be set to enable this feature to be used.
+ They are defined in the OS-specific files for Linux, FreeBSD, and Solaris.
+ See OS/Makefile-Default for more details.
+
+29. As part of tidying up for 28, changed the name of the build-time parameter
+ EXIWHAT_KILL_ARG to EXIWHAT_KILL_SIGNAL so that its name makes more sense
+ when used in both kinds of exiwhat processing.
+
+30. By default, the daemon doesn't write a pid file if -bd is not used (i.e. if
+ only -q is used). The -oP didn't override this - it was ignored. It now
+ overrides the default and causes a pid file to be written.
+
+31. The values of $local_part, $domain, etc. were not being set during the
+ expansion of shadow_condition in a local transport.
+
+32. The convert4r4 script failed when macros that had continuation lines were
+ present in the Exim 3 configuration file. It inserted junk lines into the
+ output and gave uninitialized variable errors.
+
+33. The convert4r4 script discards (with a comment) a setting of "rewrite" on
+ a smartuser director that has no setting of new_address when it turns it
+ into an "accept" router.
+
+34. When an alias generated an address with a single-component domain, and
+ routing that domain caused it to be widened, Exim remembered only that it
+ had delivered to the widened domain. If any other addresses were deferred,
+ so that another delivery attempt happened later, Exim re-delivered to the
+ widened address, because it checked only the original address. When this
+ kind of widening happens, Exim now checks for previous delivery.
+
+35. A delivery was silently discarded under the following specific
+ circumstances:
+ . The original address is x@a.b.c, where a.b.c is the local host;
+ . a.b.c is recognized as a local domain, and the address is redirected
+ to x@a;
+ . a is not recognized as a local domain, causing the address to be
+ processed by a dnslookup router;
+ . the router widens the address to a.b.c, routes it, and discovers it
+ is the local host.
+ Exim realized that because the domain had been widened, it might have
+ become a local domain, so it arranged to re-route from scratch, using the
+ new domain. However, because the original address was the same address,
+ it thought it had already dealt with it.
+
+36. A space at the start of an LDAP query in an expansion (after the opening
+ curly) was provoking a syntax error.
+
+37. A syntax error in the data of an ldapauth expansion caused the condition to
+ be false without an LDAP query even being tried. Now it causes the
+ expansion to fail.
+
+38. Ensure that an incomplete config.h is removed when the buildconfig program
+ gives an error. Otherwise, if the error is a non-existent Exim user, and
+ the admin fixes this by creating the user (and not modifying any files),
+ Exim will try to use the broken config.h next time.
+
+39. A call with an argument of the form "-D=xxxx" (i.e. omitting the macro
+ name) caused Exim to loop. It now reports an error.
+
+40. If an ACL tested an address for being in a named domain list (e.g.
+ +relay_domains) and then called for recipient verification, and the
+ recipient was rewritten, the cache for remembering matching domain lists
+ was not being cleared after the rewrite, leading to potential routing (and
+ therefore verification) errors. Furthermore, the rewritten address would
+ (incorrectly) have been used for any subsequent address checking within
+ the ACL.
+
+41. If an address such as a%b@c was processed using the "percent hack" and then
+ transmitted over SMTP, Exim was sending "RCPT TO:<a%b@c>" instead of
+ "RCPT TO:<a@b>".
+
+42. A revised Makefile-CYGWIN file from Pierre Humblet.
+
+43. If local_scan() rejected a -bS message, it wasn't handling the error in the
+ way -bS errors should be handled.
+
+
+Exim version 4.05
+-----------------
+
+ 1. In the log display in Eximon, put the insert point (caret) at the start of
+ the last line instead of at the end, because this stops unwanted horizontal
+ scrolling when certain X libraries are used.
+
+ 2. A malformed spool file with an incorrect number of recipients (which
+ should never occur, of course) could cause eximon (and probably exim) to
+ crash.
+
+ 3. Updated Cygwin Makefile and os.h (minor tweaks).
+
+ 4. Setting allow_domain_literals=true was not allowing domain literal
+ addresses in the -f command line option.
+
+ 5. Added debugging output for removing and adding header lines at transport
+ time.
+
+ 6. On systems where SA_NOCLDWAIT is defined, changed from using signal(
+ SIGCHLD, SIG_DFL) to using sigaction(), with flags explicitly set zero, to
+ ensure that SA_NOCLDWAIT is definitely off. This fixes a bug in AIX where
+ subprocesses were disappearing without being turned into zombies for Exim
+ to reap. There was a previous report of the error "remote delivery process
+ count got out of step" on a Linux box that was never resolved. It is
+ possible that this change fixes that too.
+
+ 7. Other applications that support IPv6 have been coded to choose IPv6
+ addresses in preference to IPv4 addresses where possible. This is
+ encouraged, in order to speed up the use of IPv6. Exim has now been changed
+ to do likewise when it looks up IP addresses from host names. This applies
+ both to hosts that have more than one IP address, and to MX records with
+ equal preference values when the hosts they point to have both IPv4 and
+ IPv6 addresses. Within one preference value, Exim will try all the IPv6
+ addresses before any IPv4 addresses, even when some of the IPv4 addresses
+ belong to hosts that also have IPv6 addresses.
+
+ 8. When Exim sent HELO after EHLO was rejected, or when it sent a second EHLO
+ after starting a TLS session, it used the primary host name as the
+ argument, instead of the expansion of the helo_data option.
+
+ 9. Exim was failing to batch addresses for local delivery when errors_to was
+ set on the router to the same string for each address, in the case when the
+ string involved some kind of expansion (that ended up with the same value
+ each time). If the string was fixed (i.e. no expansion) the batching was
+ not blocked. In other words, I was testing the addresses of the strings but
+ forgetting to compare the content. The same problem was not present for
+ remote deliveries, but the code was written out instead of using a
+ subroutine that now exists for this purpose, so I tidied that code.
+
+10. When Exim passes a connected TCP/IP socket to a new Exim process in order
+ to deliver another message on the same connection, it closes down TLS,
+ because it can't pass on the state information that is required by the
+ OpenSSL package. The new process then tries to start up TLS again.
+ Unfortunately, not all servers handle this - and, it has to be said, it is
+ a bit of a dubious interpretation of the RFC. (Exim as a server copes OK,
+ needless to say.) The problem is that the server may just die or give an
+ invalid response, causing a retry delay to occur. The option
+ hosts_nopass_tls was invented to help with this, but an automatic way of
+ testing has been invented. What now happens is that Exim sends a new EHLO
+ after shutting down TLS, before passing the socket on. This in itself
+ reduces the dubiousness of the procedure. If there isn't an OK response,
+ Exim doesn't try to pass the socket on.
+
+11. There was inconsistency in the way failures to set up TLS sessions in the
+ smtp transport were handled when the host was not in hosts_require_tls.
+ It deferred for 4xx responses to STARTTLS, but tried in clear if the actual
+ TLS negotiation failed. It now does the same thing in both cases, and what
+ this is can be controlled by the new option tls_tempfail_tryclear. This
+ defaults true, causing a retry in clear to occur. If it is set false, these
+ kinds of temporary failure cause a defer (for that host; if there are
+ other hosts, they are tried).
+
+12. Tidying. When starting up a new delivery process to deliver another message
+ over an existing SMTP connection, pass over the IP address as well as the
+ host name. This saves having to get the IP address from the socket.
+
+13. Added "#define base_62 36" to OS/os.h-Darwin because the MacOS X operating
+ system has case-insensitive file names.
+
+14. Tidies to rewriting code: (1) It was getting an unnecessarily large block
+ of memory for a rewritten header. (2) Removed some unnecessary debugging
+ code that just duplicated log output.
+
+15. In an expansion like "${if <condition> {${mask:xxxx}}{yyyy}}" Exim still
+ tried to perform the masking operation even when the condition was false
+ and the yield was "yyyy". This could fail when "xxxx" wasn't a valid string
+ for the masking operation. Some other operators (e.g. base62) could fail in
+ a similar way. All string operations are now skipped when processing the
+ unused substring of a condition.
+
+16. If a verification of a sender address in a header (caused by verify =
+ header_sender in an ACL) caused the address in the header to be rewritten
+ (typically because a DNS lookup had widened the domain), the newline at the
+ end of the header got lost, thereby causing two headers to be run together.
+ Sometimes, but not always, this caused a "spool format error".
+
+17. A user wanted to use "save" in a filter file with a non-absolute path, and
+ to set file_transport to a non-appendfile transport that made use of
+ $address_file for its own purposes. This didn't work because Exim was
+ distinguishing between file and autoreplies by the leading '/' of the
+ former. It now checks for the leading '>' of the latter instead.
+
+18. The "accept" router was forcing log_as_local instead of just defaulting it.
+
+19. Exim crashed while verifying a recipient in an ACL if the address was
+ verified by a dnslookup router that widened the domain.
+
+20. When checking the parameters returned from an ident call, Exim was assuming
+ that the format would be textually identical to the values it sent,
+ including the white space. This is not always the case, causing Exim to
+ discard returned ident data that it should have been accepting.
+
+21. Typo (space missing) in "failed to expand condition" error message.
+
+22. The option of specifying an individual transport in a route_data or
+ route_list option of the manualroute router wasn't working. Such settings
+ were being completely ignored.
+
+23. The memory management was poor when building up a string from a lookup that
+ retrieved a large number of data items that had to be concatenated, for
+ example, an alias lookup in a database that returned thousands of
+ addresses. In extreme cases, this could grind the host to a halt. (Compare
+ change 8 for 4.00, which was a similar effect.) Two changes have been made
+ to improve matters: (a) For longer strings, it extends them in bigger
+ chunks, thus requiring fewer extensions. (b) It is now able to release some
+ unwanted memory when a string is copied out of it into a larger block.
+
+24. There was a small error in the memory sizes quoted when -d+memory was used
+ and emptied memory blocks were released.
+
+25. When helo[_try]_verify was set, Exim crashed if the reverse DNS lookup gave
+ a temporary error when trying to look up the host name. It now tries to
+ check with a forward DNS lookup (as it does when the reverse lookup can't
+ find a name). For helo_verify, a temporary error is now given if
+ verification failed, but the host name lookup gave a temporary error. (As
+ before, a permanent error is given if there is no host name available.)
+
+26. When checking quotes for maildir++ format, if the directory name was given
+ with a trailing slash in the "directory" option of the appendfile
+ transport, Exim got the quota calculation wrong because it scanned the
+ final directory instead of the parent directory.
+
+27. The "quota_xxx" error facility for retry rules was broken in Exim 4 if
+ the mailbox had not been read for more than approximately 10 hours.
+
+28. If a router with "unseen" had a setting of address_data, the value was not
+ passed on to subsequent routers for the continuing processing of the
+ address. It now is.
+
+29. If a daemon was started with (e.g.) -qff15m, it omitted the second 'f' when
+ starting queue runners. Likewise, if the flags included 'i', this was
+ omitted.
+
+30. Some operating systems log warnings if exec() happens without the standard
+ input, output, and error file descriptors existing. The worry is that the
+ called program will open some file which will be allocated one of these
+ fds. Another bit of code might assume it can write an error message to
+ stderr, or whatever. Exim was calling itself to regain privilege for
+ delivery without these fds set, thus provoking the warning. Of course, it
+ didn't make use of them itself, but the exposure was there for libraries it
+ might be using. The code has been changed to ensure that, if any of the
+ file descriptors 0, 1, or 2 does not exist at the time of a call to exec(),
+ they are opened to /dev/null.
+
+31. A delivery process could loop under the unusual combination of the
+ following circumstances:
+ (1) A delivery process had envelope_to_add set for its transport.
+ (2) The delivery was for a child address of an envelope address that
+ also had another child.
+ (3) This other child had been discarded because it was a duplicate of a
+ second envelope address.
+ (4) The second envelope address had generated a child that was discarded
+ because it was a duplicate of the first envelope address.
+
+32. The -bp option was failing to notice delivered addresses that were in the
+ -J file but had not yet made it into the -H file. (This got broken between
+ Exim 3 and Exim 4.)
+
+33. If "query" or "queries" in aliasfile director, or "route_query" or
+ "route_queries" in a domainlist router were enclosed in quotes, the
+ convert4r4 script was not removing the quotes before inserting the query
+ into an expansion string, leading to invalid queries within the string.
+
+34. If more than two addresses were being delivered in a batch (either local or
+ remote deliveries), and they all had the same, non-empty value for
+ $self_hostname, but had different domains, Exim crashed. (This is rare,
+ because the use of "self=pass", which is the only way $self_hostname gets
+ set, is rare.)
+
+35. If $message_headers was used in a context where there were no headers (e.g.
+ while verifying an address before receiving a message), it caused an
+ "unknown variable" error. Now it just returns an empty string.
+
+36. Exim was not diagnosing missing time units letters in times on retry
+ rules. It was treating such malformed times as "-1", which caused the rules
+ to misbehave.
+
+37. Added some debugging output to the CRAM-MD5 server code.
+
+38. In the appendfile transport, check for a file name supplied by redirection
+ by checking for "not pipe and not autoreply" instead of looking for a
+ leading '/' in the "address".
+
+39. The os.h file for Darwin defined CRYPT_H, which apparently is wrong.
+
+40. The "condition" condition in ACLs has been tightened up. Formerly, anything
+ other than an empty string, "0", "no" or "false" was treated as "true". Now
+ it insists on "yes", "true", or a non-zero number.
+
+41. Change 22 of 4.02 has been improved; somebody mailed me the correct code
+ to get an error message when ldap_result() doesn't set a result.
+
+42. Update convert4r4 to recognize "ldap:" in require_files, and double the
+ colon.
+
+43. Added "protocol violation" to the "SMTP synchronization" error message, to
+ make it clearer what it is complaining about.
+
+44. Change 26 of 4.03 was incomplete. The same problem could arise if a lookup
+ failed while checking the pre-conditions of a router that was subsequently
+ run. This can happen for negated conditions such as "domains = !<lookup>".
+
+45. Somebody managed to set up a configuration that crashed buildconfig such
+ that it left a half-built config.h but did not stop the build process. I
+ can't reproduce it, but I have added a check after building config.h to
+ test for the presence of its last line ("/* End of config.h */").
+
+46. Added a .PHONY target to the Makefile to be tidy for GNU make. (It should
+ be ignored by other versions).
+
+45. When Exim uses Berkeley DB version 3 or 4 to create a DBM file, it creates
+ it in hashed format. Previously, it opened these files for reading in the
+ same format. Now it opens them as "unknown", which means that other formats
+ can be accommodated when using DB files for auxiliary data.
+
+46. When concatenating header lines that may contain lists of addresses (From:,
+ To:, etc.) as a result of references to $h_from: etc., a comma is now
+ inserted at the concatenation point. Without it, the use of "if
+ foranyaddress" fails on such headers, which is dangerous.
+
+47. The code for ratelimiting MAIL commands was triggering on the count of
+ messages received, instead of the number of MAIL commands (which is not the
+ same thing if no message is accepted in a transaction). The smtp_accept_
+ max_per_connection limit has also been changed to use the count of MAIL
+ commands instead of the count of messages accepted.
+
+48. There was a typo in the exiwhat script which broke it if the esoteric
+ CONFIGURE_FILE_USE_NODE option was in use.
+
+
+Exim version 4.04
+-----------------
+
+ 1. Fix 10 for 4.03 had a bug in it, which could cause problems when converting
+ from an earlier 4.xx release with delayed "one_time" messages on the spool.
+ 4.03 incorrectly complains about spool format errors (and refuses to
+ process these messages).
+
+ 2. Changed the status of the text widgets in the monitor from Append to Edit,
+ because this matters on some versions of X.
+
+ 3. Change 22 for 4.03 turns out to be misguided. Luckily it is controlled by
+ a compile-time macro. I have removed the settings from OS/os.h-Linux that
+ made it try to use these functions.
+
+
+Exim version 4.03
+-----------------
+
+ 1. Change 12 for 4.02 overlooked one case where 256 should have been replaced
+ by MAX_LOCALHOST_NUMBER.
+
+ 2. Timeouts (etc) in dnslist lookups were not behaving as documented; they
+ were deferring (causing 4xx errors) instead of behaving as if the host was
+ not in the list. This has been fixed. In addition, some new special items
+ may appear in dns lists, to control what happens in this case. The items
+ are +include_unknown, +exclude_unknown, and +defer_unknown.
+
+ 3. Added #include <unix.h> to OS/os.h-QNX because it was reported that this
+ was needed, in order to get O_NDELAY.
+
+ 4. Added #define BASE_62 36 to OS/os.h-Cygwin.
+
+ 5. Change 8 for 4.02 overlooked the fact that "directory" need not be set if
+ the directory name is coming from a filter or forwarding file. The check
+ has now been moved from initialization time to run time. Thus, it happens
+ later, but it still helps to diagnose the problem.
+
+ 6. The file direct.c had been accidentally left in the distribution.
+
+ 7. When a new process was forked to deliver another message down an existing
+ SMTP connection, a pipe file descriptor was accidentally left open. This
+ meant that if there was a long chain of such processes, the number of open
+ file descriptors increased by one for each process, and if there were
+ sufficent, the limit of open descriptors could be reached, causing various
+ problems.
+
+ 8. When an address was being checked with -bt and the routing involved an
+ errors_to setting whose address verification also involved an errors_to
+ setting, Exim got into a verifying loop. It shouldn't verify an errors_to
+ setting when already verifying, but got this wrong if it started from -bt.
+
+ 9. Tidied up some compiler warnings when compiling with TCP wrappers.
+
+10. When a child address was promoted to a toplevel address by "one_time" after
+ a deferred delivery, it was not remembering any "errors_to" address that
+ was set by the routers that processed the original address. Consequently,
+ the subsequent delivery had (incorrectly) the original sender address in
+ the envelope. Exim now remembers the "errors_to" address with the new
+ toplevel address and reinstates it for the next delivery.
+
+11. When Exim received a message other than from the daemon, there were two
+ situations in which it did not re-exec itself for delivery: when it was
+ running as root, or when it was running in an unprivileged mode. This was
+ an attempt to save some resources (very early Exims ran as root more often)
+ but has turned out to be pretty rare. A bug has been discovered in this
+ case: if the incoming message was on a TLS session (from inetd, for
+ example), but the outgoing delivery was on an unencrypted SMTP connection,
+ Exim got confused. The effect was minimal: it sent two EHLO commands, but
+ otherwise worked. Multiple EHLOs are not an error, according to the RFCs,
+ but there was at least one broken MTA that objected. This error would have
+ occurred only when synchronous delivery (-odi or -odf) was specified.
+
+ While sorting this out, I have abandoned the logic that did a delivery
+ without forking in the interests of simplicity. This was an even rarer
+ case: it only happened when Exim was running as root or in an unprivileged
+ mode AND synchronous delivery was specified.
+
+12. Change references to /bin/rm in the Makefile to plain rm.
+
+13. If EXIM_PERL was set in Local/Makefile, but PERL_COMMAND was set to a
+ command that was not a file, or if it was set to a non-existent file,
+ the build process carried on trying to build Perl support, but without the
+ relevant variables for the Perl libraries, etc., which is disastrous. In
+ fact, the build process shouldn't have been using PERL_COMMAND; that is a
+ value for screwing into utility scripts. The build process assumes a
+ suitable PATH for things like rm, mv, etc., which have xxx_COMMAND
+ variables for scripts. So I've changed it to use just "perl". It now bombs
+ out if "perl --version" doesn't produce some output.
+
+14. Changed the #includes in perl.c for the Perl headers to use <> instead of
+ "" because this is apparently better usage.
+
+15. Added local_scan_timeout to apply a timeout to local_scan().
+
+16. Recognize IPv6 addresses as IP addresses, even when Exim is not compiled
+ with IPv6 support.
+
+17. When verifying a HELO/EHLO name, Exim was not checking the alias host names
+ it obtained from calling gethostbyaddr(). In many cases, this didn't cause
+ any unwanted rejections because as a last resort Exim does a forward lookup
+ on the HELO name to see if any of its IP addresses matches. But it fixing
+ the bug saves the unnecessary additional lookup.
+
+18. Added "domains = ! +local_domains" to the commented-out ipliteral router in
+ the default configuration.
+
+19. Default sender_host_aliases to an empty alias list, instead of NULL. This
+ is just for tidiness; the way it was coded, it didn't cause any problems.
+
+20. Added -tls-on-connect, which starts a TLS session without waiting for
+ STARTTLS. This supports older clients that used a different port.
+
+21. Added support for the Cyrus pwcheck daemon.
+
+22. Arranged to use getipnodebyaddr() instead of gethostbyaddr() in systems
+ with IPv6 support that have this function, because gethostbyaddr() doesn't
+ work for IPv6 addresses on all systems (it does on some).
+
+23. Header lines added by "warn" statements in the ACL for RCPT are saved up to
+ be added after the message's header has been received. Previously, Exim was
+ saving up all added headers, from both RCPT and DATA, until the very end.
+ Now it adds those from RCPT before the DATA ACL is obeyed, so that they can
+ be accessed from within the DATA ACL.
+
+24. Changed TLS initialization to use SSL_CTX_use_certificate_chain_file()
+ instead of SSL_CTX_use_certificate_file(). This means that the file can
+ contain the whole chain of certificates that authenticate the server.
+
+25. Updated convert4r4 to check for colons that look as if they are part of
+ expansion items in require_files lists (e.g. ${lc:xxxx}). In Exim 3, the
+ whole list was expanded before splitting up, but in Exim 4, the splitting
+ happens first, so such colons must be doubled. The conversion script now
+ doubles such colons, and outputs a warning message. The test for one of
+ these colons is a match against "\$\{\w+:".
+
+26. If, while verifying a recipient address, a router was skipped because a
+ lookup did not succeed, and the following router suffered a temporary
+ failure (e.g. a timeout), the log line for the temporary rejection showed
+ the error from the first router instead of from the second.
+
+27. Exim crashed if a dnslists test was obeyed in an ACL for an SMTP message
+ from the local host. Now it just fails to match the list.
+
+
+Exim version 4.02
+-----------------
+
+ 1. Bug in string expansion: if a "fail" substring of a conditional contained
+ another conditional that used the "fail" facility, Exim didn't swallow the
+ right number of closing parentheses in the case when the original condition
+ succeeded (i.e. when the condition containing the "fail" should be
+ skipped).
+
+ 2. helo_verify_hosts wasn't working when comparing host names.
+
+ 3. When delivering down an existing SMTP connection, the error "Unexpectedly
+ no free subprocess slot" was sometimes given for other addresses in the
+ message.
+
+ 4. Binary zeroes in the message body are now turned into spaces in the
+ contents of $message_body and $message_body_end.
+
+ 5. If the value of a field in a MySQL result was SQL NULL, and more than one
+ field was selected, Exim crashed.
+
+ 6. It seems that many OS treat 0.0.0.0 as meaning the local host, typically
+ making it behave like 127.0.0.1. Since there have been incidents where this
+ was found in the DNS, two changes have been made:
+ (a) Added 0.0.0.0 to the ignore_target_hosts setting in the default
+ configuration.
+ (b) Unconditionally recognize 0.0.0.0 as the local host while routing.
+
+ 7. Added helo_allow_chars so people can let in underscores if they really
+ have to. Sigh.
+
+ 8. Give configuration error if "maildir_format" or "mailstore_format" is
+ specified for appendfile without specifying "directory".
+
+ 9. When return_path was expanded in an smtp transport, the values of
+ $local_part and $domain were not set up.
+
+10. The optimization for sending multiple copies of a single message over one
+ SMTP connection when there are lots of recipients (but too many for one
+ copy of the message) was messing up in the case when max_rcpt was set to 1
+ (for VERP). It would send lots of copies with one RCPT each, correctly, but
+ because the transport was passed more than one address, $local_part and
+ $domain weren't set. Since setting max_rcpt to 1 is almost always
+ associated with VERP (or at least, you do it because you want to use
+ $domain or $local_part), I've made that a special case where the
+ optimization is disabled.
+
+11. Cygwin has case-insensitive file names. Therefore, we can't use base 62
+ numbers for Exim's identifiers. We have to use base 36 instead. Luckily 6
+ base 36 digits are still plenty enough to hold the time for some years to
+ come. There's now a macro that is set either to 62 or 36, but the names and
+ documentation still talk about "base 62".
+
+12. Added build-time variable MAX_LOCALHOST_NUMBER (default 256) to allow the
+ localhost number to be traded off against the maximum number of messages
+ one process can receive in one second. This is relevant only when
+ localhost_number is set. It may be useful for Cygwin, where the maximum
+ sequence number is much less when up to 256 hosts are allowed.
+
+13. Extended MySQL server data to allow for the specification of an alternate
+ Unix domain socket.
+
+14. Give error if too many slashes in mysql_servers or pgsql_servers item.
+
+15. Changed the wording "debug string overflowed buffer" to "debug string too
+ long - truncated" to make it clearer that it's not a big disaster.
+
+16. Now that I finally understand the difference between the resolver's returns
+ HOST_NOT_FOUND and NO_DATA, I've optimized Exim's DNS lookup so that if an
+ MX lookup gets HOST_NOT_FOUND, it doesn't bother to try to look up an
+ address record. Only if it gets NO_DATA does it do that.
+
+17. The contents of Envelope-To: were not correct in cases when more than one
+ envelope address was redirected to a single delivery address via an
+ intermediate address, because the duplication was detected at the
+ intermediate stage, but the checking for Envelope-To: only looked at
+ duplicates of the final address.
+
+18. If a message with the -N flag was on the spool, and was selected during a
+ queue run by -R or -S, the -N flag was incorrectly passed on to all
+ subsequent messages, leading to their being thrown away.
+
+19. Remove unnecessary check for the local host when looking up host names in
+ host lists.
+
+20. If tls_certificate is supplied, but tls_privatekey is not, assume that both
+ are in the tls_certificate file.
+
+21. If a router set transport_current_directory or transport_home_directory
+ to something that involved an LDAP lookup, and there was more than one
+ local delivery to be done for a single message, all but the first got
+ deferred because the LDAP connection for those variables got opened in the
+ superior process, but closed in the first subprocess. The second subprocess
+ then assumed it was still open. We now ensure that each subprocess starts
+ with a clean slate (everything closed down) so that it can open and close
+ its own connections as needed.
+
+22. After a failure of ldap_result(), Exim was calling ldap_result2error() in
+ order to get an error message. However, it appears that it shouldn't do
+ this if the value of result variable is NULL. As I can't find any way of
+ getting an error message out of LDAP in this circumstance, Exim now just
+ gives says "ldap_result failed and result is NULL".
+
+23. If a message arrives over a TLS connection via inetd, close down the SSL
+ library in the subprocess for message delivery (but don't molest the
+ parent's SSL connection).
+
+
+Exim version 4.01
+-----------------
+
+ 1. When setting TCP_NODELAY, the call to setsockopt() was using SOL_SOCKET
+ instead of IPPROTO_TCP, which caused excessive logging on some systems.
+
+ 2. Changed the Makefile for Cygwin to set EXIM_USER and EXIM_GROUP to 0.
+
+ 3. The SMTP rewriting facility was broken.
+
+ 4. There was some malformatting in the spec.txt file (the other formats were
+ OK).
+
+ 5. Made convert4r4 change "bydns_a" into "bydns" in route_list options, and
+ to do the same for "bydns_mx", but in this case to comment that it won't
+ work the same (and to suggest a workaround).
+
+ 6. Removed redundant code in deliver.c for indicating when a reused SMTP
+ connection had been closed in a subprocess - this was being done twice.
+
+ 7. Change 2 of 3.164 removed Exim's explicit checking that a reverse DNS
+ lookup yielded a name whose forwarded lookup gave the original IP address,
+ because I thought that gethostbyaddr() did this automatically (it seems to
+ on some systems). There is hard evidence that I was wrong, so this test has
+ been put back, and in a better form, because it now checks alias names.
+ This means that the verify=reverse_host_lookup condition in an ACL reduces
+ to requiring that the host name has been looked up, since the checks it
+ previously did are not always applied.
+
+ 8. When sender verification fails, the error associated with it is given by
+ default before the 550 error for the first RCPT command. Not everybody
+ wants to see this. There is now an option (no_details) that suppresses it.
+
+ 9. The patterns in rewriting rules with the 'S' flag were not being expanded.
+ For consistency with other patterns (and the documentation), this has been
+ changed.
+
+10. "domainlist", "hostlist", and "addresslist" weren't recognized if the
+ immediately following character was a tab rather than a space.
+
+11. The rules for writing daemon pid files have changed. A new option -oP has
+ been added to provide a way of specifying a pid file path on the command
+ line. Exim now writes a pid file when -bd is used, unless -oX is specified
+ without -oP.
+
+12. The version number of OpenSSL was included in the response to the STARTTLS
+ command - a legacy from the original contributed code that doesn't seem
+ sensible. It no longer appears, and I took it out of the debug output as
+ well because that was the only place left, and the code to compute it was
+ "mysterious magic" that didn't seem worth keeping.
+
+13. When another message was processed in order to send it down an existing
+ SMTP connection, Exim was doing the routing for all the addresses. Even if
+ called from a delivery from a queue runner, this doesn't count as "in a
+ queue run", so retry times were not being inspected. If the message had a
+ large number of recipients, and several of them timed out while routing,
+ the delay could be so large that the server at the other end of the SMTP
+ connection would time out. To avoid this happening, Exim now skips routing
+ for any addresses that have a domain retry time set for routing, whether or
+ not that retry time has arrived, when dealing with a pre-existing SMTP
+ connection. This will be "right" pretty well all of the time, and even
+ when it is "wrong", the only consequence will be some delay. (This doesn't
+ apply to "address" retry times, because those are usually the result of 4xx
+ errors, not timeouts.)
+
+14. Added words to the initial output from -bh pointing out that no ident
+ callback is done.
+
+15. The convert4r4 script wasn't getting it quite right with an aliasfile
+ director that had a "transport" setting. It was missing the "yes/no" in the
+ "condition" setting.
+
+
+Exim version 4.00
+-----------------
+
+ 1. Changed the name of debug_print for authenticators (3.953/38) to
+ server_debug_print because it applies only when the authenticator is
+ running as a server.
+
+ 2. Forgot to change DB_ to EXIMDB_ in the Cygwin Makefile.
+
+ 3. There were still a couple of uses of vfork() when passing a socket to a
+ new delivery process. The use of vfork() is not recommended these days,
+ so I changed them to fork().
+
+ 4. Added the spa authentication mechanism, using the code contributed by Marc
+ Prud'hommeaux (and mostly taken from the Samba project). This supports
+ Microsoft's "Secure Password Authentication", but only as a client.
+
+ 5. queryprogram had current_directory unset, but used "/" when it was unset.
+ It is tidier just to make the default "/" and have done with it.
+
+ 6. When a delivery is run with -v, the -v flag is no longer passed on to new
+ processes that are started in order to send other messages on existing
+ SMTP connections. This prevents non-admin users from seeing these other
+ deliveries. Admin users can specify a higher level of debugging, and when
+ this is done, the debugging selection is passed on.
+
+ 7. Increased the increment for dynamic strings from 50 to 100.
+
+ 8. When Exim was building a dynamic string for $header_xxx from a number of
+ headers of the same name, or for $message_headers, it was using the dynamic
+ string function which is designed for use with relatively short strings. If
+ a pathological message had an enormous header, it chewed up memory at a
+ ridiculous rate. The code has been rewritten so that it does not do this.
+ With a 64K header string (there's a limit set at 64K) it now just gets one
+ 64K buffer. Previously it used a large number of megabytes to build such a
+ string, and some system filter processing ran machines into the ground on
+ messages with huge headers.
+
+ 9. The work for 8 involved a small amount of other "refactoring" in the
+ expansion functions.
+
+10. If "headers add" or "headers remove" were used in a system filter, the
+ headers didn't actually get changed when testing with -bF. This could
+ affect later commands in the filter that referred to the headers.
+
+11. Two system filter bugs: (a) The system filter was always being run as root,
+ even if system_filter_user was set. (b) When the system filter was not run
+ as root, changes to the header lines by "headers add" or "headers remove"
+ were being lost. Because of (a), (b) would never have bitten.
+
+12. Some "refactoring" in the daemon:
+ (a) Removed redundant statement smtp_in=NULL.
+ (b) The test for fork failure for a delivery process was not quite in the
+ right place.
+ (c) Added main and panic logging for receive and delivery fork failures.
+ (d) Check for fdopen() failure, and don't try to continue, but ensure
+ the sockets get closed.
+ (e) Log fclose() failures.
+
+13. Added the "/data" facility to ACL dnslists so as to make it easy to use,
+ for example, the domain lookup of rfc-ignorant.org.
+
+14. Refactored the code in the daemon to use a vector of structures instead of
+ two separate vectors for storing the pid of a spawned accepting process and
+ the corresponding IP address of the client. (This is to make it easier to
+ add other things.)
+
+15. If EXIM_USER or EXIM_GROUP were set to the empty string in Local/Makefile,
+ the uid or gid were set to zero, which is unsafe. These settings now cause
+ an error message at build time.
+
+16. check_ancestor was doing its check case-sensitively, which meant that it
+ did not work with some configurations when redirecting changed the case of
+ the local part. Now check_ancestor respects the setting of
+ caseful_local_part on the router which routed the ancestor address.
+
+17. The check for router looping (whether the current router had previously
+ routed the same address) was always being done case-insensitively. It
+ should do the local part check case-sensitively when caseful_local_part is
+ set for that router.
+
+18. Added helo_try_verify_hosts, which is like helo_verify_hosts except that
+ it doesn't reject failing HELO/EHLO. Instead the verification state can be
+ testing in an ACL by verify=helo.
+
+19. When echoing log writes from a parallel remote delivery process to the
+ debug output, the pid of the parallel process was being omitted.
+
+20. In an ACL run for a RCPT command, the values of $domain and $local_part
+ were becoming unset after a sender or recipient verification.
+
+21. Exim crashed if called with -C followed by a ridiculously long string.
+
+22. Some other potential points of trouble caused by pathological input data
+ have been defended.
+
+23. If hosts_randomize was set on an smtp transport, the randomizing code had
+ a bug which could put the delivery process into a tight loop.
+
+
+
+Exim version 3.953
+------------------
+
+ 1. Exim was not terminating the names of named lists in memory. It got away
+ with this on systems where newly malloc()d store is zeroed (always a bad
+ practice). When running in its test harness, Exim now ensures that all
+ new memory from malloc is filled with a non-zero value. This will help
+ pick up bugs like this in future. (I haven't made it do it always, for
+ performance reasons.)
+
+ 2. When skip_syntax_errors was set on a redirect router, and a forward file
+ (NOT a filter file) contained only invalid addresses, the message was
+ discarded. The router now declines, as it does for invalid filter files.
+ Thus, the address is passed on unless no_more is set.
+
+ 3. When an address containing upper case letters in the local part was
+ deferred, eximon showed the lowercased version with the caseful version
+ as a "parent", as well as the original caseful version in its queue list.
+
+ 4. When hide_child_in_errmsg was set on a redirect router, bounce messages
+ still showed the failed addresses in the X-Failed-Recipients: header line.
+
+ 5. Change 6 for 3.952 should also have included SIGTERM.
+
+ 6. exim -bP +something was searching only the domain lists. It now searches
+ all lists for a matching name.
+
+ 7. If Local/Makefile contains more than one of USE_DB, USE_GDBM, or USE_TDB,
+ give a build-time error. When it does contain one of them, arrange for any
+ OS default for any other one to be overridden. (The code expects at most
+ one of these to be defined.)
+
+ 8. When a value for transport_home_directory is taken from the password
+ information, wrap it in \N...\N so that it isn't expanded in the transport.
+ This affects Cygwin, where home directories may contain $ characters.
+
+ 9. Fixed an occasional crash when autoreply was sending a message created by
+ a user's filter file. It was referencing uninitialized memory. (The
+ prophylactic mentioned in 1 above made it a hard error.)
+
+10. The "run" and "readfile" expansion items could sometimes return extra junk
+ characters (yet another uninitialized memory bug).
+
+11. The lockout options forbid_filter_existstest etc. were not propagating to
+ the expansion of files sent as part of "mail" messages from users' filter
+ files.
+
+12. Another unterminated string bug: when an ACL was read from a file
+ dynamically it wasn't properly terminated.
+
+13. Cached pgsql connections weren't being re-used, leading to a potential
+ build-up of open connections.
+
+14. $message_headers is supposed to be limited to 64K in length, but it wasn't
+ so limited if an individual header line was longer than 64K.
+
+15. An individual header line, or concatenation of multiple identically-
+ named header lines, inserted by $h_xxxx is supposed to be limited to 64K in
+ length, but it wasn't so limited if the only header line was longer than
+ 64K.
+
+16. A syntactically incorrect setting of -d... is now treated as a command line
+ syntax error (message to stderr, return code 1), without any entry on the
+ log.
+
+17. Modifications to the exim_install script:
+ (a) Scan the combined Makefile in the build directory instead of messing
+ around scanning its individual constituent files.
+ (b) Use sed instead of a pipe of grep, tail and cuts. This allows better
+ control, but has to be very simple sed in order to work on Solaris.
+ (c) Allow for the setting of EXE to add a subscript to executables for
+ the benefit of Cygwin.
+ (d) Use -c instead of -b with "cut" because the "cut" in BSD/OS doesn't
+ grok -b.
+
+18. Changes for Cygwin:
+ (a) Update scripts/os-type to recognize CYGWIN.
+ (b) Arrange (via the Uopen() macro) for all calls to open() to have
+ the O_BINARY flag, to avoid CRLF problems.
+ (c) If OS_INIT is defined, call it at the very start of Exim's execution.
+ (d) When resolver debugging is enabled, set _res.options |= RES_DEBUG
+ before calling res_init() as well as after, because that generates
+ some debugging info during initialization.
+
+19. Make the initial call to os_getloadavg() in exim.c conditional on
+ LOAD_AVG_NEEDS_ROOT because it is done just to initialize os_getloadavg()
+ on systems that require the first call to be done as root. It should be
+ called only when messages are being received; it was being called
+ unnecessarily in some cases.
+
+20. If Exim failed to open its retry hints database at routing time, it crashed
+ during a subsequent local delivery.
+
+21. If Exim is neither setuid root nor called by root, there is no need to
+ attempt to drop root privilege when it is not needed.
+
+22. I'd forgotten to remove the check for the presence of %s in pid_file_path
+ when it was set at run time.
+
+23. If a transport filter crashed, or yielded a non-zero return code during an
+ SMTP delivery, Exim was not aborting the delivery. This led to multiple
+ partial deliveries of the message until the transport filter was fixed.
+
+24. Do not try alternate hosts if a transport filter crashes or yields a
+ non-zero return during an SMTP delivery.
+
+25. When exim -be is reading input lines from stdin, backslash can now be used
+ for continuations. This makes it easier to test expansions from a
+ configuration file by cut and paste, and long expansions in general.
+
+26. The file src/auths/xtextdecode.c was incorrectly named xtestdecode.c, but
+ because the MakeLinks script built a symbolic link that worked, this
+ mistake didn't actually show up.
+
+27. When Exim is delivering another message down an existing connection,
+ remote_max_parallel should be forced to 1; this wasn't happening, though
+ it would have caused a problem only if a message had more than 100
+ recipients routed to the host.
+
+28. When there was a problem while delivering down an existing connection, such
+ that the transport process closed the connection, this fact wasn't getting
+ communicated to the calling delivery process, which might have tried to do
+ more deliveries on the same connection. This would only have caused a
+ problem if there were more than 100 recipients to the same host.
+
+29. The ${extract} action, with a negative field number that selected the first
+ field in a string, could return junk characters at the start of the
+ extracted field.
+
+30. When Exim is acting as a client, if an attempt to start a TLS session fails
+ during the TLS negotiation phase (i.e. STARTTLS is accepted, but there's a
+ problem such as an unrecognized certificate during TLS session startup),
+ Exim used always to defer delivery. Now, unless the host is in
+ hosts_require_tls, Exim makes a new connection to the host and attempts to
+ send the message unencrypted. This avoids stuck messages for servers that
+ advertise STARTTLS but don't actually support it properly.
+
+31. Added ${address:xxx} to go with ${domain:xxx} and ${local_part:xxx} which
+ extract from RFC 2822 addresses.
+
+32. The rules for recognizing when Exim is being called from inetd have
+ changed. Previously Exim required SMTP input, stdin to be a TCP/IP socket,
+ and the caller to be root or the Exim user. This left a gaping hole if the
+ caller was not root or the Exim user, because then it wouldn't do the
+ policy checking for a remote host, because it didn't realize it was being
+ called from inetd. (This was seen on Debian configurations). Exim now
+ behaves as follows: if the input is SMTP and stdin is a TCP/IP socket, a
+ call from inetd is assumed. This is allowed to proceed either if the caller
+ is root or the Exim user, or if the port used is privileged (less than
+ 1024). Otherwise (a different user passing an unprivileged port) Exim gives
+ a "Permission denied" error.
+
+33. Removed $compile_number from the default SMTP banner line (after discussion
+ on the mailing list). Also removed it from the default $Received: header.
+
+34. # is documented as a comment character in the run time configuration only
+ when it appears at the start of a line. In the case of boolean values,
+ extra characters after "= true" or "= false" were being ignored, leading to
+ a false impression that comments could appear there. This is now diagnosed
+ as an error.
+
+35. If a boolean option without a following "=" was followed by # (in the
+ mistaken belief that this would be a comment), the error was "missing =",
+ which was confusing. Exim now complains about extra characters.
+
+36. When Exim complains about extra characters following an option setting, it
+ now adds a comment about comments if the first extra character is #.
+
+37. Output debug_print strings when testing a host using -bh.
+
+38. Added server_debug_print to authenticators (compare routers and
+ transports). This outputs when an authenticator is called as a server. It
+ can be helpful while testing with -bh.
+
+39. Added debugging output to the crypteq condition.
+
+40. If a named domain or local part list used in a "domains" or "local_parts"
+ option on a router matched by means of a lookup, the $domain_data and
+ $local_part_data variables were set for the first router that did this, but
+ were not set for any subsequent routers that used the same named list. The
+ same was true for multiple tests of named domain or local parts lists in an
+ ACL.
+
+41. If the variable "build" is set when the top-level Makefile is run, the
+ variable now propagates from the top-level Makefile to subsidiary ones.
+ In addition, Local/Makefile-$(build) is added to the list of concatenated
+ files that go at the start of the Makefile in the build directory.
+
+42. If NO_SYMLINK is defined in Local/Makefile, the exim_install script just
+ copies the Exim binary in with its unique name, without moving the "exim"
+ symbolic link to it.
+
+43. Added BSDI 4.2 as a BSDI variant in scripts/os-type.
+
+44. The spool file format for remembering a "one_time" redirection has changed;
+ I had forgotten to make Exim 4 capable of reading Exim 3 spool files.
+
+45. Address lists are now permitted to include items of the form *@+name where
+ "name" is a named domain list. (Note that an item of the form +name is
+ taken as a named _address_ list.)
+
+46. When Exim gives up privilege and reverts to the calling user because it was
+ called with the -C, -D, -be, or -bi options, it now reinstates the
+ supplementary group list as well as the uid and gid.
+
+47. The crypteq condition has been extended. When the encrypted string begins
+ with "{md5}" Exim used to assume that the digest was encoded as a base64
+ string. Now it assumes this only if its length is 24 bytes. If the length
+ is 32 bytes, Exim assumes a digest expressed in hex characters. If the
+ length is neither 24 nor 32, the comparison always fails.
+
+48. Updated the convert4r4 script:
+
+ (a) Some typos in the comments.
+ (b) Remove kill_ip_options, log_ip_options, and refuse_ip_options, which
+ no longer exist.
+ (c) Move all macro definitions to the top of the output, to ensure that
+ they precede any references to them.
+ (d) If tls_verify_ciphers was set without tls_verify_hosts, the generated
+ new configuration insisted on encryption ("these ciphers must be
+ used for all connections") instead of just checking the cipher when
+ encryption happened ("if encrypted, these ciphers must be used").
+ (e) Address lists are now checked to see if they contain any bare lookup
+ items and if they do, these are converted to two items, the first
+ preceded by "*@" and the second with "partial-" removed. This makes
+ Exim 4 behave in the way that Exim 3 used to. An explanatory comment
+ is output.
+ (f) Put more explanation in above the "hosts = :" test.
+
+49. Write a main and panic log entry when "partial-" is ignored in a lookup
+ that is part of an address list. (Applies when the item is a lookup for
+ which the whole address is the key.)
+
+50. Two changes to the way $original_local_part and $parent_local_part work:
+
+ (a) When an address that had a prefix or suffix was redirected to another
+ address, the value of $original_local_part and $parent_local_part
+ had the prefix or suffix stripped when referred to during the
+ processing of the child address. This doesn't seem right, so it has
+ been changed.
+ (b) When an address that had a prefix or suffix was being processed,
+ $local_part had the affix stripped, and if it was a top-level
+ address, $original_local_part also has the affix stripped. This has
+ been changed. Now $original_local_part contains the same value at all
+ levels. ($parent_local_part remains empty at top level.)
+
+51. A number of macros in the Exim source began with "DB_". When compiling
+ with Berkeley DB version 4, DB_LOCK_TIMEOUT clashed with a macro set by
+ that package. The Exim macros now all start with "EXIMDB_", and Exim
+ therefore now supports DB version 4.
+
+52. Newlines in a "freeze" text from a system filter were being sent as \n
+ in messages created by the "freeze_tell" option. They are now converted
+ back to newlines (in the log line they continue to appear as \n).
+
+53. Added a new ACL condition "verify = reverse_host_lookup". This does a
+ reverse lookup of the client host's IP address, then does a forward lookup
+ for all the names it receives, and checks that at least one of the IP
+ addresses obtained from the forward lookup matches the incoming IP address.
+ The lookups are done with gethostbyaddr() and gethostbyname(),
+ respectively.
+
+54. A small fix to eximstats reduces its store usage substantially when it is
+ processing very large log files: when a message's "completed" line is
+ reached, discard the memory of the message's size.
+
+55. If an address was redirected to itself more than once (e.g. by two
+ different "redirect" routers, or because of the use of "unseen", it was
+ incorrectly discarded as a duplicate address.
+
+56. For a rewrite pattern of the form *@something, if an actual address
+ contained @ in the local part (e.g. "a@b"@x.y), the value of $1 was set
+ incorrectly during expansion of the replacement address (it stopped at the
+ first @ instead of at the last one).
+
+57. Added hosts_nopass_tls to the smtp transport. For any host that matches
+ this list, a connection on which a TLS session has been started will not be
+ passed to a new delivery process for sending another message on the same
+ connection.
+
+58. The -dropcr command line option now turns CRLF into LF, while leaving
+ isolated CR characters alone. (Previously it removed _all_ CR characters.)
+ There is now also a drop_cr main option which has the effect of -dropcr for
+ all incoming non-SMTP messages.
+
+59. If a configuration file macro expanded into a boolean option which was not
+ followed by = and a value, Exim gave a spurious error for an "unknown"
+ value for the option (typically a string from the previous line).
+
+
+Exim version 3.952
+------------------
+
+ 1. convert4r4 had an incorrect file name in its comment output.
+
+ 2. convert4r4 was looking up $local_part instead of $domain in its generated
+ manualroute output.
+
+ 3. There was no check that getpeername() was giving a socket address when
+ called on stdin passed from a previous delivery.
+
+ 4. Fixed an old bug whereby Exim could segfault if debugging was turned on and
+ a DNS lookup found MX records for hosts whose A records had to be looked up
+ separately, and some of them pointed to the local host (pretty rare).
+
+ 5. The debugging output for log writes now shows the names of any log selectors
+ instead of the hex value of the selector word.
+
+ 6. If a delivery subprocess is terminated by SIGKILL or SIGQUIT, do not freeze
+ the message. This can happen during system shutdown. Other kinds of process
+ failure indicate problems.
+
+ 7. If a sender verification did not complete (e.g. DNS lookup timed out), the
+ log line for the temporary RCPT rejection did not always say why (it lost
+ the message if there had been a previous call to any lookup).
+
+ 8. The special message about MX records that point to IP addresses instead of
+ host names was not getting returned in the SMTP response when a
+ verification failed. This has been fixed, and the message that is logged in
+ this circumstance has been made less verbose.
+
+ 9. When an SMTP callout is done, Exim tries to use the interface and port
+ number from the transport that the address was routed to during the prior
+ verification. If it wasn't routed to a remote transport, or if there's a
+ problem expanding the relevant options, Exim does not use a specific
+ interface, and it connects to port 25.
+
+10. If the string "syslog" happened to occur in the log file path, eximon was
+ failing to extract the name of the main log file correctly.
+
+11. Unlike other operating systems, Linux does not sync a directory after a
+ rename. However, we need this to happen to be sure an incoming message has
+ been safely recorded after it has been received. I have therefore added a
+ macro called NEED_SYNC_DIRECTORY (which is set in OS/os.h_Linux) to request
+ Exim to do an explicit sync on the directory after the rename. If
+ O_DIRECTORY is defined, it is used when opening the directory.
+
+12. When a system filter creates any new deliveries, they are given a fake
+ "parent" address which appears on the logs, and is necessary for pipes,
+ files, and autoreplies, which cannot be toplevel addresses. This fake was
+ set up with the text "system filter". It's been changed to "system-filter"
+ because the space in the previous text could cause trouble.
+
+13. The new option local_sender_retain suppresses the removal of Sender: header
+ lines in locally-submited (non-TCP/IP) messages from untrusted users. It is
+ required that no_local_from_check be set with local_sender_retain.
+
+14. In a file interpolated into an address list, if a local part contained a
+ # character and there was also a following comment (introduced by a #
+ preceded by white space), the comment was not recognized.
+
+15. Local part lists are now handled as address lists as far as recognition of
+ comments in interpolated files and the processing of +caseful at the top
+ level are concerned. In the local_parts option of a router, +caseful will
+ restore case-sensitive matching, even when the router does not have
+ caseful_local_part set (the default).
+
+16. The key used for a dsearch lookup may not contain '/'. If it does, the
+ lookup defers.
+
+17. When starting a delivery process after receiving a message locally, discard
+ the controlling terminal unless debugging is turned on.
+
+18. The exim group was automatically trusted; this was not correct because it
+ meant that admin users who were in the exim group were automatically
+ trusted. If you want the exim group to be trusted, it must now be
+ explicitly configured.
+
+19. The default configuration mentioned "dns_lists" instead of "dnslists" in a
+ comment.
+
+20. Minor corrections and changes to the Exim4.upgrade document and to the
+ OptionLists.txt document.
+
+21. If a local part beginning with a pipe symbol was routed to a pipe
+ transport, the transport got confused as to which command it should run.
+ This could be a security exposure if unchecked local parts are routed to
+ pipe transports.
+
+22. When logging SMTP connections to the daemon from other hosts, include the
+ connection count in the log line. Tidied up the identification of SMTP
+ sources in logging lines.
+
+23. Added "sender_domains" as a new ACL condition so that the Exim 3 setting
+ of sender_verify_callback_domains can easily be replicated. Corrected
+ convert4r4, which was incorrectly converting this to a "domains" setting.
+
+24. The code for reading ident values was not discarding leading spaces, which
+ some hosts seem to send.
+
+25. The building process was still insisting that PID_FILE_PATH contained %s,
+ but this is not required for Exim 4.
+
+26. The logging of ETRN commands had got lost. It has been restored, and the
+ log selector "etrn" (on by default) added to control it.
+
+27. IPv6 reverse DNS lookups were originally specified as happening in the
+ ip6.int domain, but this is being changed to ip6.arpa (and they've changed
+ the meaning of "arpa" to "Address and Routing Parameters Area"). The only
+ time Exim does reverse lookups directly (as opposed to calling
+ gethostbyaddress()) is in the code for the dnsdb lookup type. This has been
+ changed to use ip6.arpa.
+
+28. Made the test programs (test_dbfn for testing DBM files, and some others)
+ compile! Updated the help output from test_dbfn.
+
+29. Changed all occurrences of "r" and "w" in fopen() fdopen() calls to "rb"
+ and "wb". This makes no difference in Unix systems, but is apparently
+ necessary for running Exim under Cygwin.
+
+30. Three changes that make virtually no difference when Exim is run on a real
+ Unix system, but which were asked for to make life easier when porting it
+ to run under Cygwin:
+
+ (a) Changed the logic for locking a message when an Exim process is
+ handling it. Previously, the entire -D file was locked to indicate
+ this. Now Exim locks only the first line, which contains the name of
+ the file. Apparently, in the Cygwin environment, a subprocess cannot
+ read locked parts of a file, even when it is passed an open file
+ descriptor to that file from the process that did the locking. By
+ locking only the first line, which the subprocess does not want to read
+ (it just needs to read the data that follows), we can get round this
+ restriction with minimal effort.
+
+ (b) Added support for native gdbm function calls. GDBM is apparently the
+ only DBM library that is currently available Cygwin, and only with its
+ native API.
+
+ (c) The default modes for files, directories, and lock files in the
+ appendfile transport can now be set in Local/Makefile at build time.
+
+31. When transmitting a message using SMTP with PIPELINING, if the server gave
+ a malformed SMTP response, the message logged by Exim didn't associate it
+ with the pipelined SMTP command to which it referred. For example it logged
+ "after DATA" if all the recipients had been sent. Also, if the response
+ was an empty line (illegal), it didn't show up very clearly. The error
+ messages are now more accurate, and point out empty lines.
+
+32. Minor corrections and changes to src/configure.default.
+
+33. When a host list in a route_list item that was enclosed in double quotes
+ contained single quotes within it, the quoting was incorrectly terminated.
+ Both the pattern and the host list in route_list items are now handled by
+ the standard quote-processing function.
+
+34. Corrected the EDITME file for eximon so that the default stripchart
+ patterns work with the default runtime configuration for local deliveries.
+ (Previously it matched a delivery via a director - not possible in Exim 4.)
+
+
+Exim version 3.951
+------------------
+
+Exim 3.951 is the first alpha testing release for Exim 4. A list the many
+individual changes to the code made between Exim 3.33 and Exim 3.951 was not
+kept. The functional changes are listed in the Exim4.upgrade file.
+
+****
diff --git a/doc/doc-txt/Exim3.upgrade b/doc/doc-txt/Exim3.upgrade
new file mode 100644
index 000000000..ee68ed136
--- /dev/null
+++ b/doc/doc-txt/Exim3.upgrade
@@ -0,0 +1,673 @@
+$Cambridge: exim/doc/doc-txt/Exim3.upgrade,v 1.1 2004/10/07 15:04:35 ph10 Exp $
+
+This document contains information about upgrading Exim to the last of the 3.xx
+releases. It is provided to help anybody who is upgrading to release 4.xx from
+a release that is earlier than 3.33. It goes back as far as release 2.12. If
+you are upgrading to release 4.xx from an even earlier release, it is probably
+best to start again from the default configuration.
+
+
+Upgrading from release 3.16
+---------------------------
+
+1. The way LDAP returns values for multiple attributes has been changed to be
+the same as the NIS+ lookup.
+
+If you specify multiple attributes, they are returned as space-separated
+strings, quoted if necessary.
+
+e.g. ldap:///o=base?attr1,attr2?sub?(uid=fred)
+
+ used to give: attr1=value one, attr2=value2
+ now gives: attr1="value one" attr2=value2
+
+If you don't specify any attributes in the search, you now get them in
+the tagged format as well.
+
+e.g. ldap:///o=base??sub?(uid=fred)
+
+ used to give: top, value one, value2
+ now gives: objectClass=top attr1="value one" attr2=value2
+
+The reason for these changes is so that the results can be safely parsed -
+in fact, the existing ${extract{key}{val}} function does this nicely.
+This in turn allows a single LDAP query to be reused - one query can return
+the destination delivery address, the quota, and so forth.
+
+This is NOT a backwards compatible change, so there is a compile-time option
+to reverse it in the src/lookups/ldap.c module, for use in emergency. But it is
+not thought that the old behaviour was particularly useful as it stood, because
+a field that contained ',' or '=' would make the result unparseable.
+
+In the common case where you explicitly ask for a single attribute in your
+LDAP query, the behaviour is unchanged - the result is not quoted, and if there
+are multiple values they are comma-separated.
+
+2. The hosts_max_try option in the smtp transport limits the number of IP
+addresses that will actually be tried during one delivery attempt. The default
+is 5. Previously, all available addresses were tried.
+
+3. The extension of the "extract" expansion item has resulted in a change to
+the way Exim decides between the keyed form and the numeric form. If the first
+argument consists entirely of digits, the numeric form is assumed. This means
+that it is impossible to have keys that are digit strings, without manipulating
+the data first (e.g. by using ${sg} to add a letter to each key).
+
+
+Upgrading from release 3.15
+---------------------------
+
+1. The handling of "freeze" and "fail" in system filter files has changed.
+Previously, any deliveries set up by a filter that ended with "freeze" or
+"fail" were discarded. This no longer happens; such deliveries are honoured.
+A consequence of this is that first_delivery becomes false after freezing in a
+system filter; previously it remained true until a real delivery attempt
+happened.
+
+
+Upgrading from release 3.13
+---------------------------
+
+1. The handling of maildir_tag has been changed (see NewStuff). There are two
+small incompatibilities: (a) Exim now inserts a leading colon only if the
+string begins with an alphanumeric character. So if you were using a string
+starting with a special character, you will have to add the leading colon to
+it to remain compatible. (b) The expansion of maildir_tag now happens after the
+file has been written, and $message_size is updated to the correct file size
+before the expansion. The tag is not used on the temporary file (it was
+previously).
+
+2. The handling of Exim's configuration has changed in two ways:
+
+ (a) Any line may be continued by ending it with a backslash. Trailing white
+ space after the backslash, and leading white space on continuation lines is
+ ignored. This means that quotes are no longer needed just to make it possible
+ to continue an option setting. The difference between quoted and non-quoted
+ strings is that quoted strings are processed for internal backslashed items
+ such as \n. The only possible incompatibility of this change is if any
+ existing configuration has a non-quoted line ended in backslash, which seems
+ a very remote possibility.
+
+ (b) All lists, with the exception of log_file_path, can now use a different
+ character to colon as the separator. This is specified by starting the list
+ with <x where x is any punctuation character. For example:
+
+ local_interfaces = <; 127.0.0.1 ; ::1
+
+ The new feature is provided to make life easier with IPv6 addresses. It is
+ recommended that its use be confined to circumstances where it really is
+ needed, and that colon be used in most cases. I don't believe this change
+ is incompatible, because I don't think any list item can legitimately begin
+ with a '<' character.
+
+3. Previously, Exim took no action to ensure that the timestamps in its log
+files were "wall clock time". If the TZ environment variable was set when Exim
+was called, it could cause strange times to be logged. For the majority of
+operating systems, I have been able to fix this problem by deleting the entire
+environment. However, this doesn't work in some systems, and a macro called
+HANDS_OFF_ENVIRONMENT is defined in their OS/os.h files to suppress the action.
+These OS are: AIX, DGUX, HP-UX, IRIX, and SCO, and their behaviour should be
+unchanged from previous releases. On any other OS, if you find you are getting
+weird timestamps, it may be that your OS needs HANDS_OFF_ENVIRONMENT.
+
+4. As a result of the change described in 3, there may be some cases where Exim
+runs an external program that previously got passed the environment, and now do
+not. This does *not* apply to the pipe transport, where the environment has
+always been set up specifically, as described in the manual.
+
+5. The way in which Exim scans its queue when split_spool_directory is set has
+changed, but this shouldn't make any noticeable difference. See doc/NewStuff
+for defails.
+
+
+Upgrading from release 3.03
+---------------------------
+
+The from_hack option in the appendfile and pipe transports has been replace by
+two string options, check_string and escape_string. If your configuration
+contains any references to from_hack they should be replaced. Exim continues to
+recognize from_hack as a transitional measure. If no_from_hack is specified in
+an appendfile transport, the two new options are forced to be unset. Otherwise
+the setting of from_hack is ignored.
+
+
+Upgrading from release 3.02
+---------------------------
+
+The exim_dbmbuild utility has been changed to write a warning to stderr on
+encountering a duplicate key, and to return a value of 1. Formerly, it ignored
+all but the last of a set of duplicates; now it ignores all but the first, to
+make dbm-searched files behave the same way as lsearch-searched files. However,
+there is an option -lastdup which makes it behave as before. The -nowarn option
+suppresses the individual warnings, but the number of duplicates is always
+listed on stdout at the end.
+
+
+Updating from a release prior to 3.00
+-------------------------------------
+
+Prior to release 3.00 a lot of options which contained lists of various kinds
+came in groups such as sender_accept, sender_reject, sender_reject_except. This
+style of configuration has been abolished. Instead, it is now possible to put
+negative entries in such lists, so that a single option is all that is
+required. In addition to this, net lists have been abolished, and instead,
+host lists can now contain items that specify networks as well as hosts. The
+names of some of these options have also been changed.
+
+As a result of these changes, most configuration files used for earlier
+versions of Exim need to be changed. The opportunity has therefore been taken
+to remove a number of other obsolete features and options.
+
+A Perl script is built in the file util/convert4r3 to assist in updating Exim
+configuration files. It reads a configuration file on the standard input,
+writes a modified file on the standard output, and writes comments about what
+it has done to the standard error file. It assumes that the input is a valid
+Exim configuration file. A typical call to the conversion script might be
+
+ util/convert4r3 </opt/exim/configure >/opt/exim/configure.new
+
+The way the script merges an accept/reject/reject_except triple into a single
+accept option is to put the reject_except list first, followed by the reject
+list with every item negated, followed by the accept list. For example, if an
+old configuration file contains
+
+ sender_host_accept_relay = *.c.d : e.f.g
+ sender_host_reject_relay = *.b.c.d
+ sender_host_reject_relay_except = a.b.c.d
+
+the new configuration will contain
+
+ host_accept_relay = a.b.c.d : ! *.b.c.d : *.c.d : e.f.g
+
+The same ordering is used to merge a triple into a reject option, but this time
+the first and third sublists are negated. For example, if an old configuration
+file contains
+
+ sender_host_accept = *.c.d : e.f.g
+ sender_host_reject = *.b.c.d
+ sender_host_reject_except = a.b.c.d
+
+the new configuration file will contain
+
+ host_reject = ! a.b.c.d : *.b.c.d : ! *.c.d : ! e.f.g : *
+
+The output file should be checked before trying to use it. Each option change
+is preceded by an identifying comment. There are several specific things that
+you should look out for when checking:
+
+(1) If you are using macros to contain lists of items, and these have to be
+ negated in the new world, convert4r3 won't get it right. For example, if
+ the old configuration contains
+
+ ACCEPTHOSTS = *.c.d : e.f.g
+ sender_host_reject = ACCEPTHOSTS
+
+ then the rewritten configuration will be
+
+ ACCEPTHOSTS = *.c.d : e.f.g
+ host_reject = !ACCEPTHOSTS
+
+ but because this is just textual macro handling, that is equivalent to
+
+ host_reject = !*.c.d : e.f.g
+
+ which is not the correct translation, because the second item is not
+ negated. There is unfortunately no easy way to use a macro to provide a
+ list of things that are sometimes negated.
+
+(2) The conversion adds some settings of file_transport, pipe_transport, and
+ reply_transport to aliasfile and forwardfile directors. This is done
+ because the global implicit defaults for these options have been removed.
+ The default configuration now contains explicit settings, so convert4r3
+ makes these additions to be compatible with that. If your aliasfile and
+ forwardfile directors do not make use of the pipe, file, or autoreply
+ facilities, you can remove these new settings.
+
+(3) If you are using +allow_unknown in a host list which also has an exception
+ list, you may need to move +allow_unknown in the new configuration. For
+ example, if the old configuration contains
+
+ sender_host_reject = +allow_unknown : *.b.c
+ sender_host_reject_except = *.a.b.c
+
+ then the rewritten configuration will be
+
+ host_reject = ! *.a.b.c : +allow_unknown : *.b.c
+
+ Because the negated item contains a wild card, the reverse lookup for the
+ host name will occur before +allow_unknown is encountered, and therefore
+ +allow_unknown will have no effect. It should be moved to the start of the
+ list.
+
+One way of upgrading Exim from a pre-3.00 release to a post-3.00 release is as
+follows:
+
+1. Suppose your configuration file is called /opt/exim/configure, and you want
+ to continue with this name after upgrading. The first thing to do is to make
+ another copy of this file called, say, /opt/exim/configure.pre-3.00.
+
+2. Rebuild your existing Exim to use the copy of the configuration file instead
+ of the standard file. Install this version of Exim under a special name such
+ as exim-2.12, and point a symbolic link called "exim" at it. Then HUP your
+ daemon. You can check on the name of the configuration file by running
+
+ exim -bP configure_file
+
+ Ensure that everything is running smoothly.
+
+3. Build the new release, configured to use the standard configuration file.
+
+4. Use the convert4r3 utility to upgrade your configuration file for the new
+ release. After running it, check the file by hand.
+
+5. If any of the options that convert4r3 rewrote contained regular expressions
+ that had backslashes in them, and were not previously in quotes, they will
+ need modification if convert4r3 has put them into quotes. Either re-arrange
+ the option to remove the quoting, or escape each backslash. For example, if
+ you had
+
+ sender_reject_recipients = ^\d{8}@
+ sender_reject_except = ^\d{8}@x.y.z
+
+ convert4r3 will have combined the two settings into
+
+ sender_reject_recipients = "! ^\d{8}@x.y.z : \
+ ^\d{8}@"
+
+ This must be changed to
+
+ sender_reject_recipients = ! ^\d{8}@x.y.z : ^\d{8}@
+ or
+ sender_reject_recipients = "! ^\\d{8}@x.y.z : ^\\d{8}@"
+
+ In the second case, the quoted string could of course still be split
+ over several lines.
+
+6. If your configuration refers to any external lists of networks, check them
+ to ensure that all the masks are in the single-number form, because Exim no
+ longer recognizes the dotted quad form of mask. For example, if an item in
+ a netlist file is
+
+ 131.111.8.0/255.255.255.0
+
+ you must change it to
+
+ 131.111.8.0/24
+
+ Otherwise Exim will not recognize it as a masked IP address, and will treat
+ it as a host name. The convert4r3 utility makes this conversion for networks
+ that are mentioned inline in the configuration, but it does not handle
+ referenced files.
+
+7. Check the newly-built Exim as much as possible without installing; you can,
+ for example, use a command such as
+
+ ./exim -bV
+
+ in the build directory to test that it successfully reads the new
+ configuration file. You can also do tests using -bt and -bh.
+
+8. Install the new release under a special name such as exim-3.00.
+
+9. You can then easily change between the new and old releases simply by moving
+ the symbolic link and HUPping your daemon.
+
+
+Details of syntax changes at 3.00
+=================================
+
+1. A bare file name without a preceding search type may appear in a domain
+list; this causes each line of the file to be read and processed as if it were
+an item in the list, except that it cannot itself be a bare file name (that is,
+this facility cannot be used recursively). Wild cards and regular expressions
+may be used in the lines of the file just as in the main list.
+For example, if
+
+ local_domains = /etc/local-domains
+
+then the file could contain lines like
+
+ *.mydomain.com
+
+This is different to an lsearch file, which operates like any other lookup type
+and does an exact search for the key. If a # character appears anywhere in a
+line of the file, it and all following characters are ignored. Blank lines are
+also ignored.
+
+2. Any item in a domain list (including a bare file name) can be preceded by an
+exclamation mark character, to indicate negation. White space after the ! is
+ignored. If the domain matches the rest of the item, it is *not* in the set of
+domains that the option is defining. If the end of the list is reached, the
+domain is accepted if the last item was a negative one, but not if it was a
+positive one. If ! precedes a bare file name, then all items in the file are
+negated, unless they are preceded by another exclamation mark. For example:
+
+ relay_domains = !a.b.c : *.b.c
+
+sets up a.b.c as an exception to the more general item *.b.c, because lists are
+processed from left to right. If the domain that is being checked matches
+neither a.b.c nor *.b.c, then it is not accepted as a relay domain, because the
+last item in the list is a positive item. However, if the option were just
+
+ relay_domains = !a.b.c
+
+then all domains other than a.b.c would be relay domains, because the last item
+in the list is a negative item. In effect, a list that ends with a negative
+item has ": *" appended to it.
+
+3. Negation and bare file names are available as above in lists of local parts
+(e.g. in local_parts options) and complete addresses (address lists). For the
+special "@@" lookup form in address lists, negation also can be used in the
+list of local parts that is looked up for the domain. For example, with
+
+ sender_reject_recipients = @@dbm;/etc/reject-by-domain
+
+the file could contain lines like this:
+
+ baddomain.com: !postmaster : !hostmaster : *
+
+If a local part that actually begins with ! is required, it has to be specified
+using a regular expression. Because local parts may legitimately contain #
+characters, a comment in the file is recognized only if # is followed by white
+space or the end of the line.
+
+4. Host lists may now contain network items, as in the former net list options,
+which have all been abolished. The only form of network masking is the /n
+variety. Negation and bare file names can appear in host lists, and there is a
+new type of item which allows masked network numbers to be used as keys in
+lookups, thus making it possible to used DBM files for faster checking when the
+list of networks is large.
+
+The complete list of types of item which can now appear in a host list is:
+
+. An item may be a bare file name; each line of the file may take the form of
+ any of the items below, but it may not itself be another bare file name. If
+ the file name is preceded by ! then all items in the file are negated, unless
+ they are preceded by another exclamation mark. Comments in the file are
+ introduced by # and blank lines are ignored.
+
+. If the entire item is "*" it matches any host.
+
+. If the item is in the form of an IP address, it is matched against the IP
+ address of the incoming call.
+
+. If the item is in the form of an IP address followed by a slash and a mask
+ length (e.g. 131.111.0.0/16) then it is matched against the IP address of the
+ incoming call, subject to the mask.
+
+. If the item is of the form "net<number>-<search-type>;<search-data>", for
+ example:
+
+ net24-dbm;/networks.db
+
+ then the IP address of the incoming call is masked using <number> as the mask
+ length; a textual string is then constructed from the masked value, followed
+ by the mask, and this is then used as the key for the lookup. For example, if
+ the incoming IP address is 192.152.34.6 then the key that is looked up for
+ the above example is "192.152.34.0/24".
+
+. If the entire item is "@" the primary host name is used as the the match
+ item, and the following applies:
+
+. If the item is a plain domain name, then a forward DNS lookup is done on that
+ name to find its IP address(es), and the result is compared with the IP
+ address of the incoming call.
+
+The remaining items require the host name to be obtained by a reverse DNS
+lookup. If the lookup fails, Exim takes a hard line by default and access is
+not permitted. If the list is an "accept" list, Exim behaves as if the current
+host is not in the set defined by the list, whereas if it is a "reject" list,
+it behaves as if it is.
+
+To change this behaviour, the special item "+allow_unknown" may appear in the
+list (at top level - it is not recognized in an indirected file); if any
+subsequent items require a host name, and the reverse DNS lookup fails, Exim
+permits the access, that is, its behaviour is the opposite to the default.
+
+. If the item starts with "*" then the remainder of the item must match the end
+ of the host name. For example, *.b.c matches all hosts whose names end in
+ .b.c. This special simple form is provided because this is a very common
+ requirement. Other kinds of wildcarding require the use of a regular
+ expression.
+
+. If the item starts with "^" then it is taken to be a regular expression which
+ is matched against the host name. For example, ^(a|b)\.c\.d$ matches either
+ of the two hosts a.c.d or b.c.d. If the option string in which this occurs is
+ given in quotes, then the backslash characters must be doubled, because they
+ are significant in quoted strings. The following two settings are exactly
+ equivalent:
+
+ host_accept = ^(a|b)\.c\.d$
+ host_accept = "^(a|b)\\.c\\.d$"
+
+. If the item is of the form <search-type>;<filename or query>, for example
+
+ dbm;/host/accept/list
+
+ then the host name is looked up using the search type and file name or query
+ (as appropriate). The actual data that is looked up is not used.
+
+5. Early versions of Exim required commas and semicolons to terminate option
+settings in drivers. This hasn't been the case for quite some time. The code to
+handle them has now been removed.
+
+
+Details of option changes at 3.00
+=================================
+
+Main options
+------------
+
+ * address_directory_transport, address_directory2_transport,
+ address_file_transport, address_pipe_transport, and address_reply_transport
+ have been abolished as obsolete. The aliasfile and forwardfile directors
+ have been able for some time to set the transports they want to use for
+ these special kinds of delivery; there seems little need for global
+ defaults. The default configuration has been altered to add settings for
+ file_transport and pipe_transport to the aliasfile and forwardfile
+ directors, and to add reply_transport to forwardfile.
+
+ * check_dns_names, a deprecated synonym for dns_check_names, has been
+ abolished.
+
+ * helo_accept_junk_nets is abolished; nets can now appear in
+ helo_accept_junk_hosts.
+
+ * helo_verify_except_hosts and helo_verify_except_nets have been abolished,
+ and helo_verify has been changed from a boolean to a host list, listing
+ those hosts for which HELO verification is required.
+
+ * the obsolete option helo_verify_nets (a synonym for host_lookup_nets) has
+ been abolished. Note that host_lookup_nets itself has been replaced by
+ host_lookup.
+
+ * hold_domains_except has been abolished. Use negated items in hold_domains.
+
+ * host_lookup_nets has been replaced by host_lookup, which can contain hosts
+ and nets.
+
+ * ignore_fromline_nets has been replaced by ignore_fromline_hosts.
+
+ * If message_filter is set and the filter generates any deliveries to files,
+ pipes, or any autoreplies, then the appropriate message_filter_*_transport
+ options must be set to define the transports, following the abolition of
+ the global defaults (see above).
+
+ * queue_remote and queue_remote_except have been abolished and replaced by
+ queue_remote_domains, which lists those domains that should be queued. The
+ effect of queue_remote=true is now obtained by queue_remote_domains=*.
+
+ * queue_smtp and queue_smtp_except have been abolished and replaced by
+ queue_smtp_domains, which lists those domains that should be queued after
+ routing. The effect of queue_smtp=true is now obtained by
+ queue_smtp_domains=*.
+
+ * rbl_except_nets has been abolished and replaced by rbl_hosts, which can
+ contain hosts and nets. This defaults to "*" and defines the set of hosts
+ for which RBL checking is done.
+
+ * receiver_unqualified_nets is abolished; nets can now appear in
+ receiver_unqualified_hosts.
+
+ * receiver_verify_except_hosts and receiver_verify_except_nets have been
+ abolished and replaced by receiver_verify_hosts, which defaults to "*".
+ This is used, however, only when receiver_verify is set - together with the
+ other conditions (receiver_verify_addresses, receiver_verify_senders).
+
+ * receiver_verify_senders_except has been abolished; the functionality is now
+ available by using negation in receiver_verify_senders.
+
+ * rfc1413_except_hosts and rfc1413_except_nets have been abolished, and
+ replaced by rfc1413_hosts, which defaults to "*".
+
+ * sender_accept, sender_accept_recipients and sender_reject_except have
+ been abolished; the functionality is now available via sender_reject and
+ sender_reject_recipients.
+
+ * sender_host_accept, sender_net_accept, sender_host_reject,
+ sender_net_reject, sender_host_reject_except, sender_net_reject_except,
+ sender_host_reject_recipients and sender_net_reject_recipients
+ have all been abolished, and replaced by the options host_reject and
+ host_reject_recipients.
+
+ * sender_host_accept_relay, sender_net_accept_relay,
+ sender_host_reject_relay, sender_host_reject_relay_except,
+ sender_net_reject_relay, and sender_net_reject_relay_except are abolished,
+ and replaced by host_accept_relay. This defaults unset, and this means that
+ all relaying is now by default locked out in the Exim binary. Previously,
+ if no relaying options were set, relaying was permitted.
+
+ * sender_unqualified_nets has been abolished; nets can now appear in
+ sender_unqualified_hosts.
+
+ * sender_verify_except_hosts and sender_verify_except_nets have been
+ abolished and replaced by sender_verify_hosts, which defaults to "*". This
+ is used, however, only when sender_verify is set (to make it similar to
+ receiver_verify, even though there aren't at present any other conditions.)
+
+ * sender_verify_log_details has been abolished. This was a little-used
+ debugging option.
+
+ * smtp_etrn_nets has been abolished; nets can now appear in smtp_etrn_hosts.
+
+ * smtp_expn_nets has been abolished; nets can now appear in smtp_expn_hosts.
+
+ * smtp_log_connections, a deprecated synonym for log_smtp_connections, has
+ been abolished.
+
+ * smtp_reserve_nets is abolished; nets can now appear in smtp_reserve_hosts.
+
+Generic director and router options
+-----------------------------------
+
+ * except_domains, except_local_parts, and except_senders have been abolished.
+ Use negated items in domains, local_parts, and senders instead, for
+ example, replace
+
+ except_domains = a.b.c
+
+ with
+
+ domains = !a.b.c
+
+ If you already have a domains setting, add any negative items to the front
+ of it.
+
+The aliasfile director
+----------------------
+
+ * The option "directory", an obsolete synonym for home_directory, has been
+ abolished.
+
+The forwardfile director
+------------------------
+
+ * The option "directory", an obsolete synonym for file_directory, has been
+ abolished.
+
+ * The option forbid_filter_log, an obsolete synonym for
+ forbid_filter_logwrite, has been abolished.
+
+The localuser director
+----------------------
+
+ * The option "directory", an obsolete synonym for match_directory, has been
+ abolished.
+
+The lookuphost router
+---------------------
+
+ * mx_domains_except and its obsolete old name non_mx_domains have been
+ abolished. Use negated items in mx_domains.
+
+The pipe transport
+------------------
+
+ * The option "directory", an obsolete synonym for home_directory, has been
+ abolished.
+
+The smtp transport
+------------------
+
+ * mx_domains_except and its obsolete old name non_mx_domains have been
+ abolished. Use negated items in mx_domains.
+
+ * serialize_nets has been abolished; nets may now appear in serialize_hosts.
+
+
+Other items relevant to upgrading from Exim 2.12
+================================================
+
+1. RFC 2505 (Anti-Spam Recommendations for SMTP MTAs) recommends that the
+checking of addresses for spam blocks should be done entirely caselessly.
+Previously, although Exim retained the case of the local part, in accordance
+with the RFC 821 rule that local parts are case sensitive, some of the string
+comparisons were nevertheless done caselessly, but file lookups used the
+unmodified address.
+
+The way addresses are compared with options whose values are address lists has
+been changed. At the start of the comparison, both the local part and the
+domain are now forced to lower case, and any comparisons that are done with
+in-line strings are done caselessly. For example,
+
+ sender_reject = A@b.c
+
+rejects both A@b.c and a@b.c. Any lookups that occur use lowercased strings as
+their keys. If the @@ lookup facility is used, the lookup is done on the lower
+cased domain name, but any subsequent string comparisons on local parts are
+done caselessly.
+
+To retain possibility of caseful matching, the pseudo-item "+caseful" can
+appear in an address list. It causes any subsequent items to do caseful matches
+on local parts. The domain, however, remains lower cased.
+
+2. The handling of incoming batched SMTP has been re-worked so as to behave in
+a more useful way in cases of error:
+
+ (i) The option sender_verify_batch now defaults false.
+ (ii) EOF is no longer interpreted as end-of-message; the "." line must be
+ present.
+ (iii) Exim stops immediately in cases of error, writing information to stdout
+ and stderr, and setting the return code to 1 if some messages have been
+ accepted, and 2 otherwise.
+
+3. The first message delivered by -R, and all messages delivered by -Rf and -qf
+are "forced" in the sense that retry information is over-ridden. Previously,
+Exim also forcibly thawed any of these messages that was frozen. This no longer
+happens. Additional options -Rff and -qff have been implemented to force
+thawing as well as delivery.
+
+4. When recipients are being rejected because the sending host is in an RBL
+list, Exim used just to show the RBL text, if any, as part of the rejection
+response. Now, if prohibition_message is set, it expands that string instead,
+with the RBL message available in $rbl_text, and $prohibition_reason set to
+"rbl_reject".
+
+5. When a trusted caller passed a message to Exim, it used to check the From:
+header against the caller's login (even though the caller was trusted) unless
+the -f option had been used to supply a different sender. This has been changed
+so that From: is never checked if the caller is trusted.
+
+Philip Hazel
+May 1999
+
diff --git a/doc/doc-txt/Exim4.upgrade b/doc/doc-txt/Exim4.upgrade
new file mode 100644
index 000000000..db20d5dd6
--- /dev/null
+++ b/doc/doc-txt/Exim4.upgrade
@@ -0,0 +1,1732 @@
+$Cambridge: exim/doc/doc-txt/Exim4.upgrade,v 1.1 2004/10/07 15:04:35 ph10 Exp $
+
+Upgrading Exim from Release 3.33 to 4.xx
+----------------------------------------
+
+Exim 4.00 represents the largest upheaval in Exim's history. There are a lot of
+changes to the way some parts of Exim work, and a lot of incompatible changes
+to the run time configuration file.
+
+This document is in two parts. The first part contains instructions and
+suggestions for how you might go about performing the upgrade. The second part
+is a brief list of all the changes that have taken place. For full details of
+all the new features, please consult the current version of the reference
+manual.
+
+
+HOW TO UPGRADE YOUR EXIM
+------------------------
+
+When you compile Exim 4, a Perl script called convert4r4 is built in the build
+directory. It is not installed by the install script, because it is likely that
+you will run it only once.
+
+This script is provided to assist in updating Exim configuration files. It
+reads an Exim 3 configuration file on the standard input, and writes a modified
+file on the standard output. It also writes comments about what it has done to
+the standard error file. It assumes that the input is a valid Exim 3
+configuration file. A typical call to the conversion script might be
+
+ ./convert4r4 </etc/exim/configure >/etc/exim/configure.new
+
+The output file MUST be checked and tested before trying to use it on a live
+system. The conversion script is just an aid which does a lot of the "grunt
+work". It does not guarantee to produce an Exim 4 configuration that behaves
+exactly the same as the Exim 3 configuration it reads.
+
+Each option change in the new file is preceded by an identifying comment. In
+fact, the conversion script tends to make quite a mess of your configuration,
+and you should expect to go through it afterwards and tidy it up by hand.
+
+Unless you are running a very straightforward configuration, the automatic
+conversion is likely to generate a non-optimal configuration. You should not
+only check it thoroughly, but also run as many tests as you can, to ensure that
+it is working as you expect. In particular, you should test address routing,
+using -bt and -bv, and the policy controls, using -bh. If possible, you should
+also do some live tests (i.e. send and receive some messages) before putting
+Exim 4 into service.
+
+If you have a very complicated configuration, it is possible that convert4r4
+will break it in some situations, which is why thorough testing is strongly
+recommended.
+
+ *********************************
+ ***** You Have Been Warned ******
+ *********************************
+
+
+HOW TO MOVE FROM AN EXIM 3 RELEASE TO AN EXIM 4 RELEASE
+-------------------------------------------------------
+
+One way of upgrading to Exim 4 from a version 3 release is as follows:
+
+1. Suppose your run time configuration file is called /usr/exim/configure, and
+ you want to continue with this name after upgrading. The first thing to do
+ is to make another copy of this file called, say, /usr/exim/configure.r3.
+
+2. Rebuild your existing Exim to use the copy of the run time configuration
+ file instead of the standard file. Install this version of Exim and HUP your
+ daemon. You can check on the name of the configuration file by running
+
+ exim -bP configure_file
+
+ Ensure that everything is running smoothly. You now have something you can
+ fall back to. IMPORTANT: when you do this re-install, you should also
+ re-install the utilities because four of them (exicyclog, eximon, exinext,
+ and exiwhat) also refer to the configuration file.
+
+3. Build the new release, configured to use the standard configuration file.
+
+4. Use the convert4r4 utility to upgrade your configuration file for the new
+ release. After running the conversion utility, check the file by hand, and
+ tidy it up.
+
+5. Test, test, test! And test some more!
+
+6. You can run complete tests, including actual deliveries, from an uninstalled
+ binary, but you have to tell it where it is, so that any re-executions can
+ be done. You can do this by temporarily inserting a setting such as
+
+ exim_path = /source/exim/exim-4.00/build-SunOS5-5.8-sparc/exim
+
+ into the run time configuration. If you want to, you can also insert
+ settings for spool_directory and log_file_path to divert those away from
+ their normal places. Remember to remove these temporary settings when you
+ eventually install the binary for real.
+
+7. The new installation script installs the new release as exim-4.00-1, and
+ set a symbolic link called "exim" to point to it. The old version of Exim
+ will be renamed to something like exim-3.33-1.
+
+8. You can now easily change between the new and old releases simply by moving
+ the symbolic link and HUPping your daemon. The format of message files on
+ Exim's spool has _not_ changed, so there should be no problem in changing
+ between releases while there are messages on the queue.
+
+9. HOWEVER: If you do change back and forth between releases, you must also
+ change the utilities exicyclog, eximon, exinext, and exiwhat if you are
+ going to use them. Installing Exim 4 will have left the old versions with a
+ .O suffix. It might be helpful to rename these so that you don't lose them.
+
+
+WHAT HAS NOT CHANGED IN EXIM 4.00
+---------------------------------
+
+The basic overall philosophy, design, and process structure has not changed.
+The format of spool files is the same. The transports have had only minor
+modifications. The command line options remain the same, with a couple of
+additions.
+
+The general run time configuration approach has not changed, but the actual
+details of the configuration file are different.
+
+The Exim monitor has not changed, and there have been only very minor changes
+to other Exim utilities.
+
+
+WHAT HAS CHANGED IN EXIM 4.00
+-----------------------------
+
+The rest of this document lists the very many changes that have taken place.
+I'm going to give only brief details here, because this part of the document is
+intended as a way of alerting you to areas of difference. The reference manual
+describes how the new features work in detail.
+
+
+Named domain, host, address, and local part lists
+-------------------------------------------------
+
+A new feature makes it possible to give names to lists of domains, hosts,
+addresses, and local parts. The syntax used is
+
+ domainlist <name> = <a domain list>
+ hostlist <name> = <a host list>
+ addresslist <name> = <an address list>
+ localpartlist <name> = <a list of local parts>
+
+For example:
+
+ domainlist local_domains = *.my.domain
+ addresslist bad_senders = cdb;/etc/badsenders
+
+These lists are referenced in options by giving the name preceded by a + sign.
+For example, in a router you might have
+
+ domains = +local_domains
+
+At first sight, these lists might seem to be the same as macros, but they are
+not. Macros are just textual substitutions. If you write
+
+ ALIST = host1 : host2
+ auth_advertise_hosts = !ALIST
+
+it probably won't do what you want, because that is exactly the same as
+
+ auth_advertise_hosts = !host1 : host2
+
+Notice that the second host name is not negated. However, if you use a host
+list, and write
+
+ hostlist alist = host1 : host2
+ auth_advertise_hosts = ! +alist
+
+the negation applies to the whole list, and so that is equivalent to
+
+ auth_advertise_hosts = !host1 : !host2
+
+These named lists also have a performance advantage. When Exim is routing an
+address or checking an incoming message, it caches the result of tests on the
+lists. So, if you have a setting such as
+
+ domains = +local_domains
+
+on several of your routers, the actual test is done only for the first one.
+However, this caching works only if there are no expansions within the list
+itself or any sublists that it references. In other words, caching happens only
+if the list is known to be the same each time it is referenced.
+
+By default, there may be up to 16 named lists of each type. This limit can be
+extended by changing a compile-time variable.
+
+The use of domain and host lists is recommended for concepts such as local
+domains, relay domains, and relay hosts. The default configuration is set up
+like this.
+
+
+Processing of domain, host, local part, and address lists
+---------------------------------------------------------
+
+The handling of these lists is now more uniform. Every list is expanded as a
+single string before it is used. (In Exim 3, some options were expanded and
+some weren't, and query-style lookup items were then re-expanded.)
+
+If an expansion is forced to fail, Exim behaves as if the item has not been
+found in the list.
+
+The confusing $key variable has been abolished. When processing a domain list,
+$domain contains the relevant domain and can be used in generating database
+queries. Other appropriate variables are set when processing other kinds of
+list; $sender_host and $sender_host_address for checking incoming hosts and
+$host and $host_address for checking outgoing hosts.
+
+Note that this means that any \ and $ characters in regular expressions must be
+escaped if they appear in one of these lists. The new expansion feature to turn
+off expansion (\N ... \N) which is described below can be helpful here.
+
+IMPORTANT: The details of the processing of address lists has been revised. In
+particular, the handling of the case of an item that is a single-key lookup has
+changed. It no longer looks up the domain on its own before looking up the
+complete address. You need to supply an explicit "*@" before the lookup if you
+want just the domain to be looked up. Please check the manual for full details.
+
+If an item in a host list is the empty string, it matches only when no host is
+defined. If used when checking an incoming message, it matches only when the
+message is arriving by SMTP on the standard input from a local process (using
+-bs). This provides a way of distinguishing between SMTP mail from local
+processes and from remote hosts.
+
+The +allow_unknown and +warn_unknown settings for host lists have been replaced
+by a single item, +include_unknown. By default, failure to find a host name
+when needed causes Exim to behave as if the host does not match the list, but
+if +include_unknown is set, the opposite behaviour happens. Whenever
++include_unknown is invoked, the incident is logged.
+
+
+Merge of Directors and Routers
+------------------------------
+
+There are no longer any directors in Exim 4. There are just routers. All
+addresses are passed to a single list of routers which typically makes use of
+the "domains" option to choose which way to handle specific groups of domains.
+
+A consequence of this is that the code no longer contains any concept of "local
+domains". However, a typical configuration will probably define a named domain
+list (see above) called local_domains, and use it to control routing something
+like this:
+
+ route_remote:
+ driver = dnslookup
+ domains = ! +local_domains
+ transport = remote_smtp
+ no_more
+
+ system_aliases:
+ ....
+
+The first router does DNS routing for all domains that are not in the named
+list of local domains, and no_more ensures that it is the last router for those
+domains. All other domains fall through to the system_aliases and subsequent
+routers. For a complete configuration example, look at the default
+configuration file in src/configure.default.
+
+
+Router Actions
+--------------
+
+The concept of how the routers work is as follows:
+
+A number of pre-conditions are tested (details below). If any of them fails,
+control is passed to the next router. We say "the router is skipped". Otherwise
+the router is run, and can yield one of several different results:
+
+. accept: The router accepts the address, and either queues it for a transport,
+or generates one or more "child" addresses. Processing the original address
+ceases, unless "unseen" is set on the router, in which case the address is
+passed to the next router. Processing of any child addresses starts with the
+first router by default, or at the router defined by redirect_router if it is
+set. This may be any router in the list.
+
+. decline: The router declines to accept the address because it does not
+recognize it at all. The address is passed to the next router, unless no_more
+is set, in which case the address fails.
+
+. pass: The router recognizes the address, but cannot handle it itself. It
+requests that the address be passed to another router. This overrides no_more.
+By default the address is passed to the next router, but this can be changed by
+setting pass_router. However, in this case (unlike redirect_router) the named
+router must be below the current router (to avoid loops).
+
+. fail: The router determines that the address should fail, and queues it for
+the generation of a bounce message. There is no further processing of the
+original address, unless "unseen" is set.
+
+. defer: The router cannot handle the address at the present time. (For
+example, a database may be offline.) No further processing of the address
+happens in this delivery attempt. It is tried again next time.
+
+. error: There is some error in the router (for example, a syntax error in
+its configuration). The action is as for defer.
+
+
+Router pre-conditions
+---------------------
+
+In Exim 3 there are some strange interactions between the generic options that
+test things before running a director or router and the no_more test that
+happens afterwards.
+
+In Exim 4 it is all more straightforward. If any of the pre-condition tests
+fail, the router is skipped and control passes to the next router. The no_more
+option has an effect only if the router is actually run - that is, if all the
+pre-condition tests succeed. The order in which these tests are run is:
+
+ verify status, expn status, domains, local_parts, check_local_user
+
+If all those match, the debug_print string is output when debugging. Exim then
+goes on to test
+
+ senders, require_files, condition
+
+Note that require_files comes near the end of the list, so you cannot use it to
+check for the existence of a file in which to lookup up a domain, local part,
+or sender. However, as these options are all expanded, you can use the "exists"
+expansion condition to make such tests. The require_files option is intended
+for checking files that the router may be going to use internally, or which are
+needed by a specific transport (e.g. .procmailrc).
+
+In Exim 4, local part prefixes and suffixes are recognized and removed before
+any of the other pre-condition tests are done (in Exim 3 they were removed
+afterwards). Note that this means that the local_parts option now tests the
+local part without its prefix or suffix.
+
+If you want to use local parts that include any affixes in a pre-condition
+test, you can do so by using a "condition" option that uses the variables
+$local_part, $local_part_prefix, and $local_part_suffix as necessary.
+
+
+A New Set of Routers
+--------------------
+
+The two sets of routers and directors of Exim 3 have been replaced by a single
+set of routers for Exim 4. These are as follows:
+
+. accept Always accepts an address. It has no private options.
+
+. dnslookup Routes by DNS lookup (descended from lookuphost).
+
+. ipliteral Routes IP literal addresses (unchanged).
+
+. iplookup Special-purpose lookup router (unchanged).
+
+. manualroute Routes domains from explicit data (descended from domainlist).
+
+. queryprogram Routes addresses by running a program (detail changed).
+
+. redirect Redirects addresses; handles all the functions previously
+ supported by aliasfile, forwardfile, and smartuser without
+ a transport.
+
+
+Saving duplication of effort while routing
+------------------------------------------
+
+Early versions of Exim used to copy the routing of one address for all other
+addresses in the same domain, thereby possibly saving some repeated DNS
+lookups. This feature was removed for release 2.12, after the possibility of
+varying the router actions according to the local part (the local_parts option)
+was added. (In fact, the use of $local_part could have broken it earlier.)
+
+For Exim 4, I have added an option called same_domain_copy_routing to the
+dnslookup and manualroute routers. When one of these routers routes an address
+to a remote transport and this option is set, any other addresses in the
+message that have the same domain are automatically given the same routing, but
+only if the router does not set headers_add or headers_remove, and does not
+`widen' the domain during the routing.
+
+
+Generic Router Options
+----------------------
+
+. The global locally_caseless option is replaced by a generic router option
+ called caseful_local_part. By default, routers handle local parts caselessly.
+
+. check_local_user is now a generic option that is needed to check for a local
+ account. Typically used on redirect (for user's forward files) and on accept
+ (for local deliveries).
+
+. The setting self=local has been removed (since there's no concept of local
+ domains in the code). The same kind of effect can be achieved by using
+ self=reroute or self=pass.
+
+. expn is now a generic router option.
+
+. local_part_prefix and local_part_suffix are now generic router options,
+ replacing prefix and suffix on directors.
+
+. Exim 3 has two logging styles for delivery, depending on whether the domain
+ is a local domain or not. For local domains, the address is given just as the
+ local part - this makes these deliveries easier to spot in the log. In Exim 4
+ there's no concept of local domains, so this functionality cannot be
+ automatic. Instead, there's a generic router option called log_as_local which
+ requests "local-style" logging. This option defaults on for the "accept"
+ router, and off for all the others.
+
+. There's an option called retry_use_local_part which is the default for any
+ router that has check_local_user set, and it applies to routing delays. (The
+ same option for transports applies to transport delays.)
+
+. transport_home_directory and transport_current_directory are new generic
+ options on all routers. They set up default values for home_directory and
+ current_directory on the transport to which they route an address. Any
+ settings in the transport override.
+
+. If transport_home_directory is not set, but check_local_user is set, the
+ user's home directory is used as a default value.
+
+. The special fudge that exists in Exim 3 for handling home_directory settings
+ in forwardfile directors is not needed in Exim 4. It has therefore been
+ removed.
+
+. The new_director option in Exim 3 allows the direction of redirected
+ addresses to start at a given director, instead of the first one. In Exim 4,
+ this option is now called redirect_router. The option is used when a redirect
+ router succeeds, and when a queryprogram router returns a "redirect"
+ response.
+
+. There is a new option called pass_router, which specifies the router to go to
+ when a router "passes" on an address. The named router must follow the
+ current router (to avoid routing loops). Note: if a router declines, control
+ always passes to the next router, unless no_more is set.
+
+. There is a new router option called address_data. This is set to a string
+ which is expanded just before the router is run, that is, after all the
+ pre-tests have succeeded. If the expansion is forced to fail, the router
+ declines. Other expansion failures cause delivery of the address to be
+ deferred.
+
+ When the expansion succeeds, the value is retained with the address, and can
+ be accessed using the variable $address_data. Even if the router declines or
+ passes, the value remains with the address, though it can be changed by
+ another address_data setting on a subsequent router. If a router generates
+ child addresses, the value of $address_data propagates to them.
+
+ The idea of address_data is that you can use it to look up a lot of data for
+ the address once, then then pick out parts of the data later. For example,
+ you could use an LDAP lookup to return a string of the form
+
+ uid=1234 gid=5678 mailbox=/mail/xyz forward=/home/xyz/.forward
+
+ In the transport you could then pick out the mailbox by a setting such as
+
+ file = ${extract{mailbox}{$address_data}}
+
+ This makes the configuration file less messy, and also reduces the number of
+ lookups. (Exim does cache the most recent lookup, but there may be several
+ addresses with different lookups.)
+
+. When a transport is run for several addresses simultaneously, the values of
+ $address_data, $local_part_data, and $domain_data are taken from the first
+ address that the transport handles. However, the order in which multiple
+ addresses are processed is not defined. You therefore need to be careful if
+ you want to use these variables with multiple addresses. The smtp transport
+ is the only one which by default handles multiple addresses.
+
+. When an address is routed by a router with the "unseen" option set, a "clone"
+ address is created, and it starts being routed at the next router. (This is
+ what people expect. In Exim 3 it starts at the top - in simple cases that has
+ the same effect because of the anti-looping rule, but if aliases are involved
+ it sometimes doesn't do what you want.)
+
+. The way that require_files works has been changed. Each item in the list is
+ now separately expanded as the test proceeds. The use of leading ! and +
+ characters is unchanged. However, user and group checking is done differently.
+ Previously, seteuid() was used, but seteuid() is no longer used in Exim (see
+ "Security" below). Instead, Exim now scans along the components of the file
+ path and checks the access for the given uid and gid. It expects "x" access
+ on directories and "r" on the final file. This means that file access control
+ lists (on those operating systems that have them) are ignored.
+
+
+Other Consequences of the Director/Router Merge
+-----------------------------------------------
+
+. The -odqr option is abolished, as there is no inbuilt concept of remote
+ domains.
+
+. The -odqs option is equivalent to queue_smtp_domains = *.
+
+. queue_remote_domains is renamed queue_domains, and applies to any domain.
+
+. The -ql option now suppresses remote delivery; routing always happens.
+
+. The "remote" facility of queue_only_file has been removed.
+
+. The match_directory option for forwardfile and localuser has been entirely
+ abolished. Its function can be achieved using the "condition" option in
+ conjunction with check_local_user.
+
+. When an address is being verified, if it is redirected to a single new
+ address, verification continues with that address. If it is redirected to
+ more than one address, verification ceases with a success result. (In Exim 3,
+ this applied only to aliasing, not to forwarding.)
+
+
+The dnslookup router
+--------------------
+
+This router replaces the lookuphost router of Exim 3. It is much the same,
+except that the "gethostbyname" option has been removed. It now does only DNS
+routing - hence the change of name. Routing using gethostbyname() can be done
+by the manualroute router.
+
+
+The manualroute router
+----------------------
+
+This is the new name for the domainlist router, supposedly to make its function
+clearer and to avoid confusion with the "domainlist" that is used to set up
+named domain lists. Several things have been removed and reorganized.
+
+. The old search mechanism (route_file, route_query, route_queries,
+ search_type) have been removed. Instead there is a new option called
+ route_data, which is an expanded string. It should expand to a single routing
+ entry. If the expansion ends up empty (or is forced to fail), the router
+ declines. The route_list option still exists, for convenient listing of a few
+ inline routes.
+
+. There is no longer any MX processing function in this router. The keywords
+ bydns_mx and bydns_a have been removed, leaving just
+
+ bydns => find IP addresses from address records in the DNS
+ byname => find IP addresses by calling gethostbyname()
+
+ The default lookup type is "byname", and this can be omitted from a route
+ data line. If an IP address is given, both "byname" and "bydns" are ignored
+ (so typically you omit this field).
+
+. The qualify_single and search_parents options have also been removed.
+
+. A transport is always required to be set, unless verify_only is set.
+
+. The host_find_failed option can be set to "decline", to cause the router to
+ decline if it can't find an IP address for a listed host.
+
+. If manualroute routes to a local transport, there is no need to specify
+ byname or bydns in the routing data. Any supplied host list is passed as a
+ string in $host, but $host_address is unset.
+
+
+The queryprogram router
+-----------------------
+
+This router has been re-designed:
+
+. You must now specify a user and group for the program to be run using
+ command_user and (if necessary) command_group. It no longer defaults to
+ "nobody". These options are expanded.
+
+. The command is now split up and each argument expanded separately, as happens
+ for the pipe transport. The command name is also expanded.
+
+. The return value "forcefail" has been renamed "fail", and it causes delivery
+ to fail. (The original usage of "fail" meaning "decline" has finally been
+ removed.)
+
+. The $route_option variable, which queryprogram used to be able to set has
+ been abolished. A facility to set the new $address_data variable replaces it.
+
+. The string returned from queryprogram must now be one of:
+
+ DECLINE
+ FAIL text
+ DEFER text
+ PASS
+ FREEZE text
+ REDIRECT text
+ ACCEPT TRANSPORT=transport HOSTS=host list LOOKUP=byname|bydns DATA=text
+
+The text returned for "redirect" is a list of new addresses. The text for FAIL
+is returned in the SMTP dialogue when the router is run as part of address
+verification. It is also logged. The text for DEFER and FREEZE is just logged.
+
+The data items in the "accept" return can be given in any order, and all are
+optional. If no transport is included in the "accept" return, the router's
+default transport is used. The host list and lookup type are needed only if the
+transport is an smtp transport that does not itself have a host list. The
+default lookup type is "byname". If the "data" field is set, its value is
+placed in the $address_data variable.
+
+
+The redirect router
+-------------------
+
+This router replaces forwardfile, appendfile, and the use of smartuser without
+a transport. It has two mutually exclusive options for specifying the data that
+it uses. If "file" is set, the data is taken from a file. Otherwise "data" must
+be set, and the data is the expanded value of that option.
+
+The data may be an alias list, possibly including special entries such as
+:fail:, or it may be a list of filtering instructions.
+
+If "file" is set, but the file does not exist or is empty, or its contents have
+no effect (entirely comments, or a filter that does nothing), the router
+declines. This also happens if the expansion of "file" is forced to fail. Any
+other expansion failure causes the router to defer.
+
+Ownership of the file is checked if check_local_user is set or if owners is
+set, unless check_owner is explicitly set false.
+
+Likewise, the group is checked if owngroups is set, or if check_local_user is
+set and a modemask not containing 020 is set, unless check_group is explicitly
+set false.
+
+If "data" is set, a forced expansion causes the router to decline. This also
+happens if "data" is an empty string or a string that causes nothing to be
+generated and no action to be taken.
+
+Because "data" is now used for traditional /etc/aliases lookups, an empty alias
+no longer gives an error. It behaves in the same way as :unknown: (which is
+still recognized, but ignored).
+
+. If no_repeat_use is set, the router is skipped if _any_ ancestor of the
+ current address was routed by this router. This pre-test happens before any
+ of the others. (Contrast the default loop avoidance logic, which skips a
+ router if an ancestor with the same local part was routed by the router.)
+
+. If include_directory is set, :include: files are constrained to this
+ directory.
+
+. When an address is redirected to a file or a pipe, $address_file or
+ $address_pipe (as appropriate) is set when expanding the value of
+ file_transport or directory_transport.
+
+. There are new options forbid_filter_readfile and forbid_filter_run to lock
+ out the use of the new ${readfile and ${run expansion items in filters.
+
+. If one_time is set, forbid_pipe, forbid_file, and forbid_filter_reply are
+ forced to be true, and headers_add and headers_remove are forbidden.
+
+
+Generic transport options
+-------------------------
+
+. All remote deliveries are now done in subprocesses running with specified
+ UIDs and GIDs. (Formerly, only remote parallel deliveries were done in
+ subprocesses.) As a result, user and group are now generic options that can
+ be used on all transports. The default for both local and remote transports
+ is to run as the Exim user and group. For remote transports, this should not
+ normally be changed, but if it is, the user or group should be able to access
+ the hints databases, though failure to open a hints database is always
+ ignored.
+
+ If it turns out that a transport user is in the never_users list, Exim now
+ defers delivery and writes to the panic log. (Previously it just ran the
+ delivery as "nobody".) Because subprocesses (usually running as "exim")
+ are now always used for remote deliveries, you should *not* include "exim" in
+ the never_users list.
+
+. initgroups is now also a generic transport option.
+
+. home_directory and current_directory are generic options on all transports,
+ though some transports (e.g. smtp) make no use of them. If they are unset,
+ values supplied by the router are used.
+
+. The message_size_limit option is now expanded, which makes it possible to
+ have different limits for different hosts, for example.
+
+
+Multiple (batch) deliveries in the appendfile, lmtp, and pipe transports
+------------------------------------------------------------------------
+
+The options controlling batch deliveries, including BSMTP, were a mess, and
+have been reworked.
+
+. The batch option has been removed from all three transports, and the bsmtp
+ and bsmtp_helo options have been removed from appendfile and pipe.
+
+. The batch_max option defaults to 1 in all three transports.
+
+. A new option called use_bsmtp has been added to appendfile and pipe. When
+ set, the message is delivered in BSMTP format. If you want to have a HELO
+ line at the start of the message, you can configure this by making use of the
+ message_prefix option. You must include the terminating newline.
+
+. A new option called batch_id has been added to all three transports.
+
+Batching is now achieved by setting batch_max to a value greater than 1. This
+is recommended for lmtp. When multiple addresses are routed to the same
+transport that has a batch_max value greater than one, the addresses are
+delivered in a batch, subject to certain conditions:
+
+. If any of the transport's options contain a reference to "$local_part", no
+ batching is possible.
+
+. If any of the transport's options contain a reference to "$domain", only
+ addresses with the same domain are batched.
+
+. If batch_id is set, it is expanded for each address, and only those addresses
+ with the same expanded value are batched.
+
+. Batched addresses must also have the same errors address (where to send
+ delivery errors), the same header additions and removals, the same user and
+ group for the transport, and if a host list is present, the first host must
+ be the same.
+
+
+The appendfile transport
+------------------------
+
+. The prefix and suffix options have been renamed message_prefix and
+ message_suffix to avoid confusion with address affixes. The default values,
+ which are suitable for mbox deliveries, now apply only if "file" is set and
+ use_bsmtp is not set. Otherwise, the default values for these options are
+ unset. They can, of course, always be overridden.
+
+. If "directory" is set (which means that "file" is not set), the check_string
+ and escape_string options now default unset.
+
+. The require_lockfile options has been abolished. If use_lockfile is set, a
+ lock file is always required.
+
+. The quota_filecount option is now expanded.
+
+. The create_file option now also applies when delivering into an individual
+ file in a given directory, as well as when appending to a single file. In the
+ case of maildir delivery, the restriction applies to the top directory of the
+ maildir folder.
+
+. There's a new option called directory_file which is expanded to form the
+ final leaf name of files when "directory" is set, but neither maildir nor
+ mailstore is set. The default is "q${base62:$tod_epoch}-$inode", which
+ reproduces the old fixed value. The variable $inode is available only when
+ expanding this new option.
+
+
+The pipe transport
+------------------
+
+. The prefix and suffix options have been renamed message_prefix and
+ message_suffix to avoid confusion with address affixes. The default values
+ that are suitable for vacation deliveries now apply only if use_bsmtp is not
+ set. Otherwise the default values for these options are unset. They can, of
+ course, always be overridden.
+
+
+The smtp transport
+------------------
+
+. The badly-named batch_max option is now called connection_max_messages.
+
+. If hosts_randomize is set, it now affects host lists that come from a router
+ as well as the contents of the "hosts" option, but only if the hosts were not
+ obtained from MX records. Typically, such lists come from the manualroute
+ router. This change means that the router can provide the same host list for
+ multiple addresses - causing them all to be sent to the transport at once.
+ Randomizing is then done each time the transport is called. (If you set
+ hosts_randomize on the router, the randomizing happens for each address.)
+
+. The way that smtp operates when there are multiple addresses to be sent to
+ the same host is now different. Previously, the transport was called many
+ times, with a maximum of max_rcpt addresses per call. Each call made a new
+ connection to the host. When remote_max_parallel = 1, all the addresses are
+ now passed to the transport at once. It makes a single TCP/IP call, but may
+ send multiple copies of the message, each with no more than max_rcpt
+ recipients.
+
+ When remote_max_parallel is greater than 1, a heuristic is used. The number
+ of addresses passed to a single call of the transport is limited to
+
+ (the total number of recipients) / (the value of remote_max_parallel)
+
+ so, for example, if there are 100 recipients and remote_max_parallel is 2, no
+ more than 50 are passed in one call, even if max_rcpt is 100. (The idea is
+ that the other 50 will be passed to another call running in parallel.)
+
+ There is an option of the smtp transport called connection_max_messages
+ which limits the number of messages, or copies of a message, that Exim sends
+ down a single TCP/IP connection. This applies both to this mechanism for
+ multiple copies of a single message, and the re-use of a TCP/IP connection
+ for sending other messages destined for the same host, after a delivery
+ delay. The default value is 500.
+
+. The "interface" option is now expanded. If the result is a forced failure or
+ an empty string, it is ignored. Otherwise, the result must be a list of IP
+ addresses. The first one of the correct type (IPv4 or IPv6) for the outgoing
+ connection is used. If there isn't one of the correct type, the option is
+ ignored.
+
+. At the start of running the transport, the value of $host is taken from the
+ first host in a multi-host list. However, just before the transport connects
+ to a host, the value is changed to refer to that particular host. (This
+ applies to $host_address as well.) This means that options such as helo_data
+ and the tls_options can be made host-specific.
+
+. The tls_verify_ciphers option has been renamed tls_require_ciphers, in order
+ to leave the word "verify" as something that refers to the verification of
+ certificates.
+
+. The resolution of hosts and fallback_hosts used to look up MX records. This
+ was some kind of ancient silliness that I recently noticed. These are
+ definitely hosts, not mail domains. Exim 4 just looks up address records.
+ As a consequence of this, the mx_domains option of the smtp transport is
+ removed.
+
+. The authenticate_hosts option has been renamed as hosts_try_auth. A new
+ option called hosts_require_auth has been added; if authentication fails for
+ one of these hosts, Exim does _not_ try to send unauthenticated. It defers
+ instead. The deferal error is detectable in the retry rules, so this can be
+ turned into a hard failure if required.
+
+
+The System Filter
+-----------------
+
+. The system filter options that were called message_filter_xxx have all been
+ renamed as system_filter_xxx.
+
+. The value of system_filter is expanded.
+
+. message_filter_directory_transport and message_filter_file_transport are now
+ both expanded before use. If the filter set up any file or pipe deliveries,
+ $address_file and $address_pipe are set as appropriate while doing the
+ expansions.
+
+. message_filter_directory2_transport has been removed. The effect of using
+ different directory-style transports can be achieved by specifying a suitable
+ expansion string to system_filter_directory_transport.
+
+. When a system filter added recipients to a message, Exim 3 added an
+ X-Envelope-To: header, listing the real recipients (up to 100). This has been
+ abolished because you can do this kind of thing using "headers_add" nowadays.
+
+. The "fail" command has been extended to allow for two different messages, one
+ for Exim's log and the other to be returned to the sender. The syntax is
+
+ fail "<<log message>>user message"
+
+ That is, if the first two characters of the message are "<<" the following
+ text, up to ">>", is written to the log, and the remainder is returned to the
+ user. If there is no log message, the user message is logged. The motivation
+ for this feature was to reduce the amount of text logged, while being able to
+ send quite long (maybe even multi-line) messages back to the sender.
+
+
+Changes to Lookups
+------------------
+
+. Oracle support is available. It works like the mysql and pgsql support,
+ except that there is no "database name" involved, and the "host name" field
+ is used for what is called "service name" in Oracle. This often looks like a
+ host name. Also, semicolons are not used at the end of an SQL query for
+ Oracle.
+
+. There's a new single-key lookup type called dsearch. It searches a directory
+ for a file whose name matches the key. The result of a successful search is
+ the key. One possible use of this could be for recognizing virtual domains.
+ If each domain is represented by a file whose name is the domain name, you
+ needn't make a separate list of the domains. You could test for them in an
+ ACL (see below), for example, by a line like this
+
+ accept domains = dsearch;/etc/virtual/domains
+
+. The format of LDAP output has been changed for cases where multiple
+ attributes are requested. The data for each attribute is now always quoted.
+ Within the quotes, the quote character, backslash, and newline are escaped
+ with backslashes and commas are used to separate multiple values for the
+ attribute. Thus, the string in quotes takes the same form as the output when
+ a single attribute is requested. If multiple entries are found, their data is
+ still separated by a newline.
+
+. There's a new expansion condition called ldapauth which exists so that the
+ LDAP authentication mechanism can be used for user authentication. It is
+ described under "string expansion" below.
+
+. Exim now supports ldaps:// URLs as well as ldap:// URLs. The former do LDAP
+ over TLS (i.e. encrypted) connections.
+
+. There is now support for the "whoson" mechanism for doing "POP-before-SMTP"
+ authentication. This is provided by new query-style lookup type called
+ "whoson", with queries that consist of IP addresses. For example, in an ACL
+ you can write
+
+ require condition = ${lookup whoson {$sender_host_address}{yes}{no}}
+
+
+Special items in domain and host lists
+--------------------------------------
+
+. In a domain list, the special item @ matches the primary host name, and the
+ special item @[] matches any local interface address enclosed in square
+ brackets (as in domain literal email addresses). The special item @mx_any
+ matches any domain that has an MX record pointing to the local host. The
+ special items @mx_primary and @mx_secondary are similar, except that the
+ first matches only when the primary MX is to the local host, and the second
+ only when the primary MX is not the local host, but a secondary MX is.
+
+. In a host list, the special item @ matches the primary host name, and the
+ special item @[] matches any local interface address (not in brackets).
+
+
+Access Control Lists (ACLs)
+---------------------------
+
+All the policy control options for incoming messages have been replaced by
+Access Control Lists (ACLs). These give more flexibility to the sysadmin, and
+allow the order of testing to be specified. For example, using an ACL, it is
+possible to specify "accept if authenticated, even if from an RBL host, but
+otherwise deny if from an RBL host", which is not possible in Exim 3.
+
+ACLs are defined in a new part of the configuration file, and given names.
+Which ones to run are controlled by a new set of options that are placed in the
+main part of the configuration.
+
+ acl_smtp_auth specifies the ACL to run when AUTH is received
+ acl_smtp_data specifies the ACL to run after a message has been received
+ acl_smtp_etrn specifies the ACL to run when ETRN is received
+ acl_smtp_expn specifies the ACL to run when EXPN is received
+ acl_smtp_rcpt specifies the ACL to run when RCPT is received
+ acl_smtp_vrfy specifies the ACL to run when VRFY is received
+
+The default actions vary. If acl_smtp_auth is not defined, AUTH is always
+accepted (and an attempt is made to authenticate the session). If acl_smtp_data
+is not defined, no checks are done after a message has been received, and it is
+always accepted at that point.
+
+However, if any of the others are not defined, the relevant SMTP command is
+rejected. In particular, this means that acl_smtp_rcpt must be defined in order
+to receive any messages over an SMTP connection. The default configuration file
+contains a suitable default for this.
+
+ACLs can be provided in line, or in files, or looked up from databases. One ACL
+can call another in a subroutine-like manner. String expansion is used, and
+which ACL to run can be varied according to sender host or any other criterion
+that a string expansion can test.
+
+This is not the place to give a full specification of ACLs, but here is a
+typical example for checking RCPT commands, taken from the default
+configuration. The tests are performed in order.
+
+acl_check_rcpt:
+ # Accept if source is local SMTP (i.e. not over TCP/IP - undefined host)
+ accept hosts = :
+
+ # Deny if the local part contains @ or % or /
+ deny local_parts = ^.*[@%/]
+
+ # Accept mail to postmaster in any local domain, regardless of the source,
+ # and without verifying the sender.
+ accept domains = +local_domains
+ local_parts = postmaster
+
+ # Deny unless the sender address can be verified.
+ require verify = sender
+
+ # Accept if the address is in a local domain, but only if the recipient can
+ # be verified. Otherwise deny. The "endpass" line is the border between
+ # passing on to the next ACL statement (if tests above it fail) or denying
+ # access (if tests below it fail).
+ accept domains = +local_domains
+ endpass
+ message = unknown user
+ verify = recipient
+
+ # We get here only for non-local domains. Accept if the message arrived over
+ # an authenticated connection, from any host. These messages are usually from
+ # MUAs, so recipient verification is omitted.
+ accept authenticated = *
+
+ # Reaching the end of the ACL causes a "deny", but we might as well give
+ # an explicit message.
+ deny message = relay not permitted
+
+The following options have been abolished as a consequence of the introduction
+of ACLs:
+
+auth_hosts, auth_over_tls_hosts, headers_checks_fail, headers_check_syntax,
+headers_sender_verify, headers_sender_verify_errmsg, host_accept_relay,
+host_auth_accept_relay, host_reject_recipients, prohibition_message,
+rbl_domains, rbl_hosts, rbl_log_headers, rbl_log_rcpt_count,
+rbl_reject_recipients, rbl_warn_header, receiver_try_verify, receiver_verify,
+receiver_verify_addresses, receiver_verify_hosts, receiver_verify_senders,
+recipients_reject_except, recipients_reject_except_senders, relay_domains,
+relay_domains_include_local_mx, relay_match_host_or_sender,
+sender_address_relay, sender_address_relay_hosts, sender_reject,
+sender_reject_recipients, sender_try_verify, sender_verify,
+sender_verify_batch, sender_verify_hosts, sender_verify_fixup,
+sender_verify_hosts_callback, sender_verify_callback_domains,
+sender_verify_callback_timeout, sender_verify_max_retry_rate,
+sender_verify_reject, smtp_etrn_hosts, smtp_expn_hosts. smtp_verify, tls_hosts.
+
+The variable $prohibition_reason has been abolished.
+
+The host_reject option has been retained, but with its name changed to
+host_reject_connection, to emphasize that it causes a rejection at connection
+time. I've left it available just in case it is needed - but its use is not
+recommended in normal circumstances.
+
+
+Other Incoming SMTP Session Controls
+------------------------------------
+
+. The option smtp_accept_max_per_connection (default 1000) limits the number of
+ messages accepted over a single SMTP connection. This is a safety catch in
+ case some sender goes mad (incidents of this kind have been seen). After the
+ limit is reached, a 421 response is given to MAIL commands.
+
+. Some sites find it helpful to be able to limit the rate at which certain
+ hosts can send them messages, and the rate at which an individual message can
+ specify recipients. There are now options for controlling these two different
+ rates.
+
+ Rate limiting applies only to those hosts that match smtp_ratelimit_hosts,
+ whose value is a host list. When a host matches, one or both of the options
+ smtp_ratelimit_mail and smtp_ratelimit_rcpt may be set. They apply to the
+ rate of acceptance of MAIL and RCPT commands in a single SMTP session,
+ respectively.
+
+ The value of each option is a set of four comma-separated values:
+
+ 1. A threshold, before which there is no rate limiting.
+ 2. An initial time delay. Unlike other times in Exim, fractions are allowed
+ here.
+ 3. A factor by which to increase the delay each time.
+ 4. A maximum value for the delay.
+
+ For example, these settings have been used successfully at the site which
+ first suggested this feature, for controlling mail from their customers:
+
+ smtp_ratelimit_mail = 2, 0.5s, 1.05, 4m
+ smtp_ratelimit_rcpt = 4, 0.25s, 1.015, 4m
+
+. The default value for smtp_connect_backlog has been increased to 20.
+
+. The SMTP protocol specification requires the client to wait for a response
+ from the server at certain points in the dialogue. (Without PIPELINING these
+ are after every command; with PIPELINING they are fewer, but still exist.)
+ Some spamming sites send out a complete set of SMTP commands without waiting
+ for any response. Exim 4 protects against this by rejecting messages if the
+ client has sent further input when it should not have. The error response
+ "554 SMTP synchronization error" is sent, and the connection is dropped.
+
+ This check is controlled by smtp_enforce_sync, which is true by default.
+
+. helo_strict_syntax has been abolished. The default is now to enforce strict
+ domain syntax for HELO/EHLO arguments. You can use helo_accept_junk_hosts if
+ you want to avoid this.
+
+. There's a new option called helo_lookup_domains. If the domain given in a
+ HELO or EHLO command matches this list, a reverse lookup is done in order to
+ establish the host's true name. The default setting is
+
+ helo_lookup_domains = @ : @[]
+
+ That is, a lookup is forced if the client host gives the server's name or
+ [one of its IP addresses] in HELO or EHLO. (In Exim 3 this happened
+ automatically and was not configurable.)
+
+. The value of the global message_size_limit option is now expanded. For
+ locally submitted messages this happens at the start of message reception.
+ For messages from remote hosts, the expansion is done just after the host
+ connects, so that the value can depend on the host.
+
+
+Handling of Resent- Fields
+--------------------------
+
+RFC 2822 makes it clear that Resent- fields are purely informational. Exim used
+to make use of Resent-Reply-To: which does not actually exist, and it also used
+to use the last set of resent- fields for all the address fields it recognized.
+
+In Exim 4, resent- headers are dealt with as follows:
+
+. A Resent-From: header that just contains the login id as the address is
+ automatically rewritten in the same way as From: is (using qualify domain,
+ and user name from the passwd data).
+
+. If there's a rewrite rule for a header, it is also applied to resent- headers
+ of the same type. For example, a rule that rewrites From: headers also
+ rewrites Resent-From: headers.
+
+. For local messages, if Sender: is being removed on input, Resent-Sender: is
+ also removed.
+
+. If there are any resent- headers but no Resent-Date: or Resent-From: they are
+ added.
+
+. The logic for adding Sender: is now duplicated for Resent-Sender.
+
+. If there's no Resent-Message-Id: one is created, and it is the
+ Resent-Message-Id: which is included in the log line.
+
+
+Authentication
+--------------
+
+. The auth_hosts option has been abolished; this functionality is now
+ controlled by ACLs.
+
+. The auth_always_advertise option has been abolished because it depended on
+ auth_hosts and and host_auth_accept_relay, both of which are no more. In its
+ place there is a new option called auth_advertise_hosts, whose default value
+ is *, meaning "advertise AUTH to all".
+
+. The value of server_setid is now used when logging failed authentication
+ attempts.
+
+. The -oMaa option allows trusted users to set the value of
+ $sender_host_authenticated (the authenticator name). This is normally used in
+ conjunction with -oMa.
+
+
+Encryption
+----------
+
+. Because tls_hosts is no more, tls_advertise_hosts is now the only means of
+ controlling the advertisement of STARTTLS (previously, tls_hosts overrode).
+
+. The global option tls_verify_ciphers has been abolished. There are now
+ facilities for checking which cipher is in use in ACLs.
+
+. There's a new option called tls_try_verify_hosts. Like tls_verify_hosts, this
+ causes the server to request a certificate from a client, and it verifies the
+ certificate that it receives. However, unlike tls_verify_hosts, Exim
+ continues with the SMTP connection (encrypted) if a client certificate is not
+ received, or if the certificate does not verify. This state can be detected
+ in an ACL, which makes it possible to implement policies such as "accept for
+ relay only if a verified certificate has been received but accept for local
+ delivery if encrypted, even without a verified certificate".
+
+ A match in tls_verify_hosts overrides tls_try_verify_hosts.
+
+
+The Daemon
+----------
+
+. local_interfaces can now specify a port number with each address, thus
+ allowing a single Exim daemon to listen on multiple ports. The format of each
+ address is either [aaaa]:ppp or aaaa.ppp where aaaa is an IP address and ppp
+ is a port number. For example:
+
+ local_interfaces = 192.168.3.4.25 : 192.168.3.4.26
+
+ If an address is listed without a port, the setting of daemon_smtp_port, or
+ the value of the -oX option, is the default.
+
+. The -oX option can now override local_interfaces. That is, it can supply IP
+ addresses as well as just a port. It is interpreted in this way if its value
+ contains any of the characters . : or []. For example:
+
+ exim -bd -oX 10.9.8.7:10.11.12.13.2525
+
+ The format of the string is identical to the format recognized by the
+ local_interfaces option.
+
+. The way the daemon wrote PID files was overly complicated and messy. It no
+ longer tries to be clever. A PID file is written if, and only if, -bd is used
+ and -oX is _not_ used. In other words, only if the daemon is started with its
+ standard options. There is only one PID file. If pid_file_path is unset, it
+ is exim-daemon.pid in Exim's spool directory. Otherwise the value of
+ pid_file_path is used. For backwards compatibility, "%s" in this value is
+ replaced by an empty string.
+
+
+Logging
+-------
+
+The log_level option and all the various independent logging control options
+have been abolished. In their place there is a single option called
+log_selector. It takes a string argument composed of names preceded by + or -
+characters. These turn on or off the logging of different things. For example:
+
+ log_selector = +arguments -retry_defer
+
+The optional logging items (defaults marked *) are:
+
+ address_rewrite address rewriting
+ all_parents all parents in => lines
+ arguments exim arguments
+ *connection_reject connection rejections
+ *delay_delivery immediate delivery delayed (message queued)
+ delivery_size add S=nnn to delivery lines
+ *dnslist_defer defers of DNS list (aka RBL) lookups
+ incoming_interface incoming interface on <= lines
+ incoming_port incoming port on <= lines
+ *lost_incoming_connection as it says (includes timeouts)
+ *queue_run start and end queue runs
+ received_sender sender on <= lines
+ received_recipients recipients on <= lines
+ *retry_defer "retry time not reached"
+ sender_on_delivery add sender to => lines
+ *size_reject rejection because too big
+ *skip_delivery "message is frozen"
+ smtp_confirmation SMTP confirmation on <= lines
+ smtp_connection SMTP connections
+ smtp_protocol_error SMTP protocol errors
+ smtp_syntax_error SMTP syntax errors
+ subject contents of Subject: on <= lines
+ *tls_cipher TLS cipher on <= lines
+ tls_peerdn TLS peer DN on <= lines
+
+ all all of the above
+
+"retry time not reached" is always omitted from individual message logs after
+the first delivery attempt.
+
+The log line "error message sent to" has been abolished, because the R= item on
+the incoming message line gives the relationship between the original message
+and the bounce.
+
+The logging options that have been abolished are: log_all_parents,
+log_arguments, log_incoming_port, log_interface, log_ip_options,
+log_level, log_queue_run_level, log_received_sender, log_received_rceipients,
+log_rewrites, log_sender_on_delivery, log_smtp_confirmation,
+log_smtp_connections, log_smtp_syntax_errors, log_subject, tls_log_cipher,
+tls_log_peerdn.
+
+
+Debugging
+---------
+
+The debug_level option has been removed. The -dm option has been removed. The
+-df option has also be removed, along with its related build-time option
+STDERR_FILE. (To debug inetd usage, an auxiliary script should be used.)
+
+The -d option has been reworked. It no longer takes a debug level number
+argument, but instead takes a list of debugging names, each preceded by + or -
+to turn on or off individual sets of debugging messages.
+
+. The -v option now shows just the SMTP dialog and any log lines.
+
+. -d with no argument gives a lot of standard debugging data. This is in effect
+ the equivalent of the old -d9, the thing you ask people to set for an initial
+ debugging test.
+
+. -d+x adds debugging option x to the default set
+ -d-x removes debugging option x from the default set
+ -d-all+x leaves only debugging option x
+
+The available debugging names are:
+
+ acl ACL interpretation
+ auth authenticators
+ deliver general delivery logic
+ dns DNS lookups (see also resolver)
+ dnsbl DNS black list (aka RBL) code
+ exec arguments for execv() calls
+ filter filter handling
+ hints_lookup hints data lookups
+ host_lookup all types of name->IP address handling
+ ident ident lookup
+ interface lists of local interfaces
+ lists matching things in lists
+ load system load checks
+ lookup general lookup code and all lookups
+ memory memory handling (replaces the old -dm)
+ process_info setting info for the process log
+ queue_run queue runs
+ receive general message reception logic
+ resolver turn on the DNS resolver's debugging output; goes to stdout
+ retry retry handling
+ rewrite rewriting
+ route address routing
+ tls TLS logic
+ transport transports
+ uid changes of uid/gid and looking up uid/gid
+ verify address verification logic
+
+ all all of the above, and also -v
+
+The default (-d with no argument) includes all of the above, plus -v, with the
+exception of filter, interface, load, memory, and resolver. Some debugging
+output always happens unconditionally whenever any debugging is selected. This
+includes some initial output and every log line.
+
+-d without any value was previously allowed for non-admin users because it used
+to be synonymous with -v. In Exim 4, non-admin users may use -v, but not -d.
+
+If the debug_print option is set in any driver, it produces output whenever any
+debugging is selected, or if -v is used.
+
+
+Local Scan Function
+-------------------
+
+For customized message scanning, you can now supply a C function that is linked
+into the Exim binary. The function is called local_scan(), and it is called
+when Exim has received a message, but has not yet sent a final
+acknowledgement to the sender. This applies to all messages, whether local or
+remote, SMTP or not.
+
+From within your function you can inspect the message, change the recipients,
+add or remove headers, and tell Exim whether to accept or reject the message.
+
+The manual contains the specification of the API for this function.
+
+
+String Expansion
+----------------
+
+. The lookup feature that allowed for subkeys using the syntax
+
+ ${lookup {key:subkey} type {data...
+
+ has been abolished (a) because the effect can be achieved using ${extract,
+ and (b) because in non-lsearch lookups, a colon can be a valid character in a
+ key.
+
+. When a string key is used in a ${extract expansion item, it is now handled
+ case-insensitively.
+
+. A new expansion variable called $tod_epoch gives the time as a single decimal
+ number representing the number of seconds from the start of the Unix epoch.
+
+. There's a new expansion operator that can turn numbers into base 62, for
+ example, ${base62:$tod_epoch}.
+
+. ${extract{number} now recognizes a negative number as a request to count
+ fields from the right.
+
+. There's a new expansion feature for reading files:
+
+ ${readfile{/some/file}{eolstring}}
+
+ The contents of the file replace the item. If {eolstring} is present (it's
+ optional) any newlines in the file are replaced by that string.
+
+. There's a new expansion feature for running commands:
+
+ ${run{comand args}{yes}{no}}
+
+ Like all the other conditional items, the {yes} and {no} strings are
+ optional. Omitting both is equivalent to {$value}. The standard output of the
+ command is put into $value if the command succeeds (returns a zero code). The
+ value of the code itself is put into $runrc, and this remains set afterwards,
+ so in a filter file you can do things like
+
+ if "${run{x y z}{}}$runrc" is 1 then ...
+ elsif $runrc is 2 then ...
+
+ As in other command executions from Exim, a shell is not used by default.
+ If you want a shell, you must explicitly code it.
+
+. The redirect router has options for forbidding ${readfile and ${run in
+ filters.
+
+. A feature is provided to suppress expansion of part of a string. Any
+ characters between two occurrences of \N are copied to the output string
+ verbatim. This is particularly useful for protecting regular expressions from
+ unwanted expansion effects. For example:
+
+ queue_smtp_domains = ! \N^ten-\d+\.testing\.com$\N
+
+ Without \N the \ and $ characters in the regex would have to be escaped.
+
+. Radius authentication is supported in a similar way to PAM. You must set
+ RADIUS_CONFIG_FILE in Local/Makefile to specify the location of the Radius
+ client configuration file. Then you can use expansions such as
+
+ server_condition = ${if radius{arguments}{yes}{no}}
+
+. User authentication can now also be done by attempting to bind to an LDAP
+ server. The syntax is again similar to PAM and Radius.
+
+ server_condition = ${if ldapauth{ldap query}{yes}{no}}
+
+ A user and password are required to be supplied with the query. No actual
+ data is looked up; Exim just does a bind to the LDAP server and sets the
+ condition according to the result. Here's an example of an SMTP
+ authenticator:
+
+ login:
+ driver = plaintext
+ public_name = LOGIN
+ server_prompts = "Username:: : Password::"
+ server_condition = ${if ldapauth \
+ {user="uid=${quote_ldap:$1},ou=people,o=example.org" pass="$2" \
+ ldap://ldap.example.org/}{yes}{no}}
+ server_set_id = uid=$1,ou=people,o=example.org
+
+
+
+Security
+--------
+
+Exim 3 could be run in a variety of ways as far as security was concerned. This
+has all been simplified in Exim 4. The security-conscious might like to know
+that it no longer makes any use of the seteuid() function.
+
+. A UID and GID are required to be specified when Exim is compiled. They can be
+ now specified by name as well as by number, so the relevant options are now
+ called EXIM_USER and EXIM_GROUP. If you really feel you have to run Exim as
+ root, you can specify root here, but it is not recommended.
+
+. The "security" option has been abolished. Exim always releases its root
+ privilege when it can. In a conventional configuration, that means when it is
+ receiving a message, when it is delivering a message, when it is running a
+ queryprogram router, and when it is obeying users' filter files (and system
+ filters if it has been given a user for that purpose).
+
+. One important change is that Exim 4 runs as root while routing addresses for
+ delivery. Exim 3 used seteuid() to give up privilege temporarily while
+ routing. Apart from the unliked use of seteuid(), this sometimes gave rise to
+ permissions problems on configuration files.
+
+. However, Exim still runs as the Exim user while receiving messages, and
+ therefore while using the routing logic for verifying at SMTP time.
+
+. There is a new option called deliver_drop_privilege. If this is set, Exim
+ gives up its privilege right at the start of a delivery process, and runs the
+ entire delivery as the Exim user. This is the same action that used to be
+ requested by setting security=unprivileged.
+
+
+Hints Databases
+---------------
+
+. A single "misc" hints database is now used for ETRN and host serialization.
+ There have been appropriate consequential changes to the utilities for
+ managing the hints.
+
+. The exim_tidydb -f option has been abolished. A full tidy is now always done
+ (it hasn't proved to be very expensive).
+
+
+The run time Configuration File
+------------------------------
+
+. The format of the configuration file has changed. Instead of using "end" to
+ terminate sections, it now uses "begin <name>" to start sections. This means
+ that the sections, apart from the first, may appear in any order.
+
+. You can now include other files inside Exim run time configuration files, by
+ using this syntax:
+
+ .include <file name>
+
+. Quotes round the file name are optional. Includes may be nested to any depth,
+ but remember that Exim reads its configuration file often. The processing of
+ .include happens early, at a physical line level, so, like comment lines, it
+ can be used in the middle of an options setting, for example:
+
+ hosts_lookup = a.b.c \
+ .include /some/file
+
+ Include processing happens _before_ macro processing. Its effect is simply to
+ process the lines of the file as if they occurred inline where the .include
+ appears.
+
+. A macro at the start of a configuration line can now turn the line into an
+ empty line or a comment line. This applies to _logical_ input lines, that is,
+ after any concatenations have been done.
+
+
+Format of spool files
+---------------------
+
+. -local_scan is used in spool files to record the value of $local_scan_data,
+ the string returned from the locally-provided local_scan() function.
+
+
+Renamed Options
+---------------
+
+Some options have been renamed, to make their function clearer, or for
+consistency.
+
+. receiver_unqualified_hosts has been renamed as recipient_unqualified_hosts.
+ I'm going to use "recipient" everywhere in future.
+
+. helo_verify has become helo_verify_hosts.
+
+. remote_sort has become remote_sort_domains.
+
+. In the appendfile and pipe transports, "prefix" and "suffix" have become
+ "message_prefix" and "message_suffix". In the generic router options,
+ "prefix" and "suffix" have become "local_part_prefix" and "local_part_suffix".
+
+
+Miscellaneous
+-------------
+
+. ETRN serialization now uses a double fork, so that an Exim process (detached
+ from the original input process) can wait for the command to finish. This
+ means that it works whatever command ETRN causes to run. (Previously it
+ worked only if ETRN ran "exim -Rxxx".)
+
+. For incoming messages, the server's port number is preserved, and is
+ available in $interface_port. The privileged option -oMi can be used to
+ set this value.
+
+. The -Mmd option (to mark addresses delivered) now operates in a
+ case-sensitive manner.
+
+. Checks for duplicate deliveries are now case-sensitive in the local part.
+
+. The number of situations where Exim panics has been reduced. For example,
+ expansion failures for the "domains" or "local_parts" options in a router now
+ cause deferral instead of a panic.
+
+. EXPN no longer attempts to distinguish local and remote addresses (but you
+ can cause it to be rejected for certain arguments in the ACL).
+
+. accept_timeout has been renamed as receive_timeout, to match
+ smtp_receive_timeout.
+
+. The ability to check an ident value as part of an item in a host list has
+ been removed.
+
+. The reject log shows a message's headers only if the rejection happens after
+ the SMTP DATA command (because they aren't available for earlier checks). The
+ sender, and up to five recipients are listed in Envelope-from: and
+ Envelope-to: header lines. After the headers, a line of separator characters
+ is output. Separators are no longer used for other reject log entries.
+
+. Because header checks are now done as part of ACLs, they now apply only to
+ SMTP input.
+
+. The port number on SMTP connections is now logged in the format [aaaa]:ppp
+ where aaaa is an IP address and ppp is a port, instead of in the format
+ [aaaa.ppp] because the former format causes some software to complain about
+ bad IP addresses.
+
+. The -oMa and -oMi options can now use the [aaaa]:ppp notation to set a port
+ number, but they still also recognize the aaaa.ppp notation.
+
+. The build-time option HAVE_AUTH is abolished. Exim automatically includes
+ authentication code if any authenticators are configured.
+
+. The nobody_user and nobody_group options have been abolished.
+
+. The $message_precedence variable has been abolished. The value is now
+ available as $h_precedence:.
+
+. There's a new utility script called exim_checkaccess which packages up a call
+ to Exim with the -bh option, for access control checking. The syntax is
+
+ exim_checkaccess <IP address> <email address> [exim options]
+
+ It runs "exim -bh <IP address>", does the SMTP dialogue, tests the result and
+ outputs either "accepted" or "Rejected" and the SMTP response to the RCPT TO
+ command. The sender is <> by default, but can be changed by the use of the
+ -f option.
+
+. The default state of Exim is now to forbid domain literals. For this reason,
+ the option that changes this has been renamed as allow_domain_literals.
+
+. The dns_check_names boolean option has been abolished. Checking is now turned
+ off by unsetting dns_check_names_pattern.
+
+. The errors_address and freeze_tell_mailmaster options have been abolished. In
+ their place there is a new option called freeze_tell, which can be set to a
+ list of addresses. A message is sent to these addresses whenever a message is
+ frozen - with the exception of failed bounce messages (this is not changed).
+
+. The message_size_limit_count_recipients option has been abolished on the
+ grounds that it was a failed experiment.
+
+. The very-special-purpose X rewrite flag has been abolished. The facility it
+ provided can now be done using the features of ACLs.
+
+. The timestamps_utc option has been abolished. The facility is now provided by
+ setting timezone = utc.
+
+. The value of remote_max_parallel now defaults to 2.
+
+. ignore_errmsg_errors has been abolished. The effect can be achieved by
+ setting ignore_bounce_errors_after = 0s. This option has been renamed from
+ ignore_errmsg_errors_after to make its function clearer. The default value
+ for ignore_bounce_errors_after is now 10w (10 weeks - i.e. likely to be
+ longer than any other timeouts, thereby disabling the facility).
+
+. The default for message_size_limit is now 50M as a guard against DoS attacks.
+
+. The -qi option does only initial (first time) deliveries. This can be helpful
+ if you are injecting message onto the queue using -odq and want a queue
+ runner just to process new messages. You can also use -qqi if you want.
+
+. Rewriting and retry patterns are now anything that can be single address list
+ items. They are processed by the same code, and are therefore expanded before
+ the matching takes place. Regular expressions must be suitably quoted. These
+ patterns may now be enclosed in double quotes so that white space may be
+ included. Normal quote processing applies.
+
+. Some scripts were built in the util directory, which was a mistake, because
+ they might be different for different platforms. Everything that is built is
+ now built in the build directory. The util directory just contains a couple
+ of scripts that are not modified at build time.
+
+. The installation script now installs the Exim binary as exim-v.vv-bb (where
+ v.vv is the version number and bb is the build number), and points a symbolic
+ link called "exim" to this binary. It does this in an atomic way so that
+ there is no time when "exim" is non-existent. The script is clever enough to
+ cope with an existing non-symbolic-link binary, converting it to the new
+ scheme automatically (and atomically).
+
+. When installing utilities, Exim now uses cp instead of mv to add .O to the
+ old ones, in order to preserve the permissions.
+
+. If the installation script is installing the default configuration, and
+ /etc/aliases does not exist, the script installs a default version. This does
+ not actually contain any aliases, but it does contain comments about ones
+ that should be created. A warning is output to the user.
+
+. A delay warning message is not sent if all the addresses in a message get a
+ "retry time not reached" error. Exim waits until a delivery is actually
+ attempted, so as to be able to give a more informative message.
+
+. The existence of the three options deliver_load_max, queue_only_load, and
+ deliver_queue_load_max was confusing, because their function overlapped. The
+ first of them has been abolished. We are left with
+
+ queue_only_load no immediate delivery if load is high when
+ message arrives
+ deliver_queue_load_max no queued delivery if load is too high
+
+. The ability to edit message bodies (-Meb and the Eximon menu item) has been
+ removed, on the grounds that it is bad practice to do this.
+
+. Eximstats is now Steve Campbell's patched version, which displays sizes in K
+ and M and G, and can optionally generate HTML.
+
+. If bounce_sender_authentication is set to an email address, this address is
+ used in an AUTH option of the MAIL command when sending bounce messages, if
+ authentication is being used. For example, if you set
+
+ bounce_sender_authentication = mailer-daemon@your.domain
+
+ a bounce message will be sent over an authenticated connection using
+
+ MAIL FROM:<> AUTH=mailer-daemon@your.domain
+
+. untrusted_set_sender has changed from a boolean to an address pattern. It
+ permits untrusted users to set sender addresses that match the pattern. Like
+ all address patterns, it is expanded. The identity of the user is in
+ $sender_ident, so you can, for example, restrict users to setting senders
+ that start with their login ids by setting
+
+ untrusted_set_sender = ^$sender_ident-
+
+ The effect of the previous boolean can be achieved by setting the value to *.
+ This option applies to all forms of local input.
+
+. The always_bcc option has been abolished. If an incoming message has no To:
+ or Cc: headers, Exim now always adds an empty Bcc: line. This makes the
+ message valid for RFC 822 (sic). In time, this can be removed, because RFC
+ 2822 does not require there to be a recipient header.
+
+. ACTION_OUTPUT=no is now the default in the Exim monitor.
+
+. dns_ipv4_lookup has changed from a boolean into a domain list, and it now
+ applies only to those domains. Setting this option does not stop Exim from
+ making IPv6 calls: if an MX lookup returns AAAA records, Exim will use them.
+ What it does is to stop Exim looking for AAAA records explicitly.
+
+. The -G option is ignored (another Sendmail thing).
+
+. If no_bounce_return_message is set, the original message is not included in
+ bounce messages. If you want to include additional information in the bounce
+ message itself, you can use the existing errmsg_file and errmsg_text
+ facilities.
+
+. -bdf runs the daemon in the foreground (i.e. not detached from the terminal),
+ even when no debugging is requested.
+
+. Options for changing Exim's behaviour on receiving IPv4 options have been
+ abolished. Exim now always refuses calls that set these options, and logs the
+ incident. The abolished options are kill_ip_options, log_ip_options, and
+ refuse_ip_options.
+
+. The pattern for each errors_copy entry is now matched as an item in an
+ address list.
+
+. A number of options and variables that used the word "errmsg" have been
+ changed to use "bounce" instead, because it seems that "bounce message" is
+ now a reasonably well-understood term. I used it in the book and am now using
+ it in the manual; it's a lot less cumbersome than "delivery error
+ notification message". The changes are:
+
+ $errmsg_recipient => $bounce_recipient
+ errmsg_file => bounce_message_file
+ errmsg_text => bounce_message_text
+ ignore_errmsg_errors_after => ignore_bounce_errors_after
+
+ For consistency, warnmsg_file has been changed to warn_message_file. However,
+ the two variables $warnmsg_delay and $warnmsg_recipients are unchanged.
+
+ The hide_child_in_errmsg option has not changed, because it applies to both
+ bounce and delay warning messages.
+
+. smtp_accept_max_per_host is now an expanded string, so it can be varied on
+ a per-host basis. However, because this test happens in the daemon before it
+ forks, the expansion should be kept as simple as possible (e.g. just inline
+ tests of $sender_host_address).
+
+. The retry rules can now recognize the error "auth_failed", which happens when
+ authentication is required, but cannot be done.
+
+. There's a new option called local_sender_retain which can be set if
+ no_local_from_check is set. It causes Sender: headers to be retained in
+ locally-submitted messages.
+
+. The -dropcr command line option now turns CRLF into LF, and leaves isolated
+ CRs alone. Previously it simply dropped _all_ CR characters. There is now
+ also a drop_cr main option which, if turned on, assumes -dropcr for all
+ non-SMTP input.
+
+
+Removal of Obsolete Things
+--------------------------
+
+. The obsolete values "fail_soft" and "fail_hard" for the "self" option have
+ been removed.
+
+. The obsolete "log" command has been removed from the filter language.
+
+. "service" was an obsolete synonym for "port" when specifying IP port numbers.
+ It has been removed.
+
+. The obsolete option collapse_source_routes has been removed. It has done
+ nothing since release 3.10.
+
+. The obsolete from_hack option in appendfile and pipe transports has been
+ removed.
+
+. The obsolete ipv4_address_lookup has been abolished (dns_ipv4_lookup has been
+ a synonym for some time, but it's changed - see above).
+
+. The obsolete generic transport options add_headers and remove_headers have
+ been abolished. The new names, headers_add and headers_remove, have been
+ available for some time.
+
+Philip Hazel
+February 2002
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
new file mode 100644
index 000000000..dfcc5e711
--- /dev/null
+++ b/doc/doc-txt/NewStuff
@@ -0,0 +1,605 @@
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.1 2004/10/07 15:04:35 ph10 Exp $
+
+New Features in Exim
+--------------------
+
+This file contains descriptions of new features that have been added to Exim,
+but have not yet made it into the main manual (which is most conveniently
+updated when there is a relatively large batch of changes). The doc/ChangeLog
+file contains a listing of all changes, including bug fixes.
+
+
+Version 4.43
+------------
+
+ 1. There is a new Boolean global option called mua_wrapper, defaulting false.
+ This causes Exim to run an a restricted mode, in order to provide a very
+ specific service.
+
+ Background: On a personal computer, it is a common requirement for all
+ email to be sent to a smarthost. There are plenty of MUAs that can be
+ configured to operate that way, for all the popular operating systems.
+ However, there are MUAs for Unix-like systems that cannot be so configured:
+ they submit messages using the command line interface of
+ /usr/sbin/sendmail. In addition, utility programs such as cron submit
+ messages this way.
+
+ Requirement: The requirement is for something that can provide the
+ /usr/sbin/sendmail interface and deliver messages to a smarthost, but not
+ provide any queueing or retrying facilities. Furthermore, the delivery to
+ the smarthost should be synchronous, so that if it fails, the sending MUA
+ is immediately informed. In other words, we want something that in effect
+ converts a command-line MUA into a TCP/SMTP MUA.
+
+ Solutions: There are a number of applications (for example, ssmtp) that do
+ this job. However, people have found them to be lacking in various ways.
+ For instance, some sites want to allow aliasing and forwarding before
+ sending to the smarthost.
+
+ Using Exim: Exim already had the necessary infrastructure for doing this
+ job. Just a few tweaks were needed to make it behave as required, though it
+ is somewhat of an overkill to use a fully-featured MTA for this purpose.
+
+ Setting mua_wrapper=true causes Exim to run in a special mode where it
+ assumes that it is being used to "wrap" a command-line MUA in the manner
+ just described.
+
+ If you set mua_wrapper=true, you also need to provide a compatible router
+ and transport configuration. Typically there will be just one router and
+ one transport, sending everything to a smarthost.
+
+ When run in MUA wrapping mode, the behaviour of Exim changes in the
+ following ways:
+
+ (a) A daemon cannot be run, nor will Exim accept incoming messages from
+ inetd. In other words, the only way to submit messages is via the
+ command line.
+
+ (b) Each message is synchonously delivered as soon as it is received (-odi
+ is assumed). All queueing options (queue_only, queue_smtp_domains,
+ control=queue, control=freeze in an ACL etc.) are quietly ignored. The
+ Exim reception process does not finish until the delivery attempt is
+ complete. If the delivery was successful, a zero return code is given.
+
+ (c) Address redirection is permitted, but the final routing for all
+ addresses must be to the same remote transport, and to the same list of
+ hosts. Furthermore, the return_address must be the same for all
+ recipients, as must any added or deleted header lines. In other words,
+ it must be possible to deliver the message in a single SMTP
+ transaction, however many recipients there are.
+
+ (d) If the conditions in (c) are not met, or if routing any address results
+ in a failure or defer status, or if Exim is unable to deliver all the
+ recipients successfully to one of the hosts immediately, delivery of
+ the entire message fails.
+
+ (e) Because no queueing is allowed, all failures are treated as permanent;
+ there is no distinction between 4xx and 5xx SMTP response codes from
+ the smarthost. Furthermore, because only a single yes/no response can
+ be given to the caller, it is not possible to deliver to some
+ recipients and not others. If there is an error (temporary or
+ permanent) for any recipient, all are failed.
+
+ (f) If more than one host is listed, Exim will try another host after a
+ connection failure or a timeout, in the normal way. However, if this
+ kind of failure happens for all the hosts, the delivery fails.
+
+ (g) When delivery fails, an error message is written to the standard error
+ stream (as well as to Exim's log), and Exim exits to the caller with a
+ return code value 1. The message is expunged from Exim's spool files.
+ No bounce messages are ever generated.
+
+ (h) No retry data is maintained, and any retry rules are ignored.
+
+ (i) A number of Exim options are overridden: deliver_drop_privilege is
+ forced true, max_rcpt in the smtp transport is forced to "unlimited",
+ remote_max_parallel is forced to one, and fallback hosts are ignored.
+
+ The overall effect is that Exim makes a single synchronous attempt to
+ deliver the message, failing if there is any kind of problem. Because no
+ local deliveries are done and no daemon can be run, Exim does not need root
+ privilege. It should be possible to run it setuid=exim instead of
+ setuid=root. See section 48.3 in the 4.40 manual for a general discussion
+ about the advantages and disadvantages of running without root privilege.
+
+ 2. There have been problems with DNS servers when SRV records are looked up.
+ Some mis-behaving servers return a DNS error or timeout when a non-existent
+ SRV record is sought. Similar problems have in the past been reported for
+ MX records. The global dns_again_means_nonexist option can help with this
+ problem, but it is heavy-handed because it is a global option. There are
+ now two new options for the dnslookup router. They are called
+ srv_fail_domains and mx_fail_domains. In each case, the value is a domain
+ list. If an attempt to look up an SRV or MX record results in a DNS failure
+ or "try again" response, and the domain matches the relevant list, Exim
+ behaves as if the DNS had responded "no such record". In the case of an SRV
+ lookup, this means that the router proceeds to look for MX records; in the
+ case of an MX lookup, it proceeds to look for A or AAAA records, unless the
+ domain matches mx_domains.
+
+ 3. The following functions are now available in the local_scan() API:
+
+ (a) void header_remove(int occurrence, uschar *name)
+
+ This function removes header lines. If "occurrence" is zero or negative,
+ all occurrences of the header are removed. If occurrence is greater
+ than zero, that particular instance of the header is removed. If no
+ header(s) can be found that match the specification, the function does
+ nothing.
+
+ (b) BOOL header_testname(header_line *hdr, uschar *name, int length,
+ BOOL notdel)
+
+ This function tests whether the given header has the given name. It
+ is not just a string comparison, because whitespace is permitted
+ between the name and the colon. If the "notdel" argument is TRUE, a
+ FALSE return is forced for all "deleted" headers; otherwise they are
+ not treated specially. For example:
+
+ if (header_testname(h, US"X-Spam", 6, TRUE)) ...
+
+ (c) void header_add_at_position(BOOL after, uschar *name, BOOL topnot,
+ int type, char *format, ...)
+
+ This function adds a new header line at a specified point in the header
+ chain. If "name" is NULL, the new header is added at the end of the
+ chain if "after" is TRUE, or at the start if "after" is FALSE. If
+ "name" is not NULL, the headers are searched for the first non-deleted
+ header that matches the name. If one is found, the new header is added
+ before it if "after" is FALSE. If "after" is true, the new header is
+ added after the found header and any adjacent subsequent ones with the
+ same name (even if marked "deleted"). If no matching non-deleted header
+ is found, the "topnot" option controls where the header is added. If it
+ is TRUE, addition is at the top; otherwise at the bottom. Thus, to add
+ a header after all the Received: headers, or at the top if there are no
+ Received: headers, you could use
+
+ header_add_at_position(TRUE, US"Received", TRUE, ' ', "X-xxx: ...");
+
+ Normally, there is always at least one non-deleted Received: header,
+ but there may not be if received_header_text expands to an empty
+ string.
+
+ (d) BOOL receive_remove_recipient(uschar *recipient)
+
+ This is a convenience function to remove a named recipient from the
+ list of recipients. It returns TRUE if a recipient was removed, and
+ FALSE if no matching recipient could be found. The argument must be a
+ complete email address.
+
+ 4. When an ACL "warn" statement adds one or more header lines to a message,
+ they are added at the end of the existing header lines by default. It is
+ now possible to specify that any particular header line should be added
+ right at the start (before all the Received: lines) or immediately after
+ the first block of Received: lines in the message. This is done by
+ specifying :at_start: or :after_received: (or, for completeness, :at_end:)
+ before the text of the header line. (Header text cannot start with a colon,
+ as there has to be a header name first.) For example:
+
+ warn message = :after_received:X-My-Header: something or other...
+
+ If more than one header is supplied in a single warn statement, each one is
+ treated independently and can therefore be placed differently. If you add
+ more than one line at the start, or after the Received: block, they will
+ end up in reverse order.
+
+ Warning: This facility currently applies only to header lines that are
+ added in an ACL. It does NOT work for header lines that are added in a
+ system filter or in a router or transport.
+
+ 5. There is now a new error code that can be used in retry rules. Its name is
+ "rcpt_4xx", and there are three forms. A literal "rcpt_4xx" matches any 4xx
+ error received for an outgoing SMTP RCPT command; alternatively, either the
+ first or both of the x's can be given as digits, for example: "rcpt_45x" or
+ "rcpt_436". If you want (say) to recognize 452 errors given to RCPT
+ commands by a particular host, and have only a one-hour retry for them, you
+ can set up a retry rule of this form:
+
+ the.host.name rcpt_452 F,1h,10m
+
+ Naturally, this rule must come before any others that would match.
+
+ These new errors apply to both outgoing SMTP (the smtp transport) and
+ outgoing LMTP (either the lmtp transport, or the smtp transport in LMTP
+ mode). Note, however, that they apply only to responses to RCPT commands.
+
+ 6. The "postmaster" option of the callout feature of address verification has
+ been extended to make it possible to use a non-empty MAIL FROM address when
+ checking a postmaster address. The new suboption is called "postmaster_
+ mailfrom", and you use it like this:
+
+ require verify = sender/callout=postmaster_mailfrom=abc@x.y.z
+
+ Providing this suboption causes the postmaster check to be done using the
+ given address. The original "postmaster" option is equivalent to
+
+ require verify = sender/callout=postmaster_mailfrom=
+
+ If both suboptions are present, the rightmost one overrides.
+
+ Important notes:
+
+ (1) If you use a non-empty sender address for postmaster checking, there is
+ the likelihood that the remote host will itself initiate a callout
+ check back to your host to check that address. As this is a "normal"
+ callout check, the sender will most probably be empty, thus avoiding
+ possible callout loops. However, to be on the safe side it would be
+ best to set up your own ACLs so that they do not do sender verification
+ checks when the recipient is the address you use for postmaster callout
+ checking.
+
+ (2) The caching arrangements for postmaster checking do NOT take account of
+ the sender address. It is assumed that either the empty address, or a
+ fixed non-empty address will be used. All that Exim remembers is that
+ the postmaster check for the domain succeeded or failed.
+
+ 7. When verifying addresses in header lines using the verify=header_sender
+ option, Exim behaves by default as if the addresses are envelope sender
+ addresses from a message. Callout verification therefore tests to see
+ whether a bounce message could be delivered, by using an empty address in
+ the MAIL FROM command. However, it is arguable that these addresses might
+ never be used as envelope senders, and could therefore justifiably reject
+ bounce messages (empty senders). There is now an additional callout option
+ for verify=header_sender that allows you to specify what address to use in
+ the MAIL FROM command. You use it as in this example:
+
+ require verify = header_sender/callout=mailfrom=abcd@x.y.z
+
+ Important notes:
+
+ (1) As in the case of postmaster_mailfrom (see above), you should think
+ about possible loops.
+
+ (2) In this case, as in the case of recipient callouts with non-empty
+ senders (the use_sender option), caching is done on the basis of a
+ recipient/sender pair.
+
+ 8. If you build Exim with USE_READLINE=yes in Local/Makefile, it will try to
+ load libreadline dynamically whenever the -be (test expansion) option is
+ used without command line arguments. If successful, it will then use
+ readline() for reading the test data. A line history is supported. By the
+ time Exim does this, it is running as the calling user, so this should not
+ cause any security problems. Security is the reason why this is NOT
+ supported for -bt or -bv, when Exim is running as root or exim,
+ respectively. Note that this option adds to the size of the Exim binary,
+ because the dynamic loading library is not otherwise included. On my
+ desktop it adds about 2.5K. You may need to add -ldl to EXTRA_LIBS when you
+ set USE_READLINE=yes.
+
+ 9. Added ${str2b64:<string>} to the expansion operators. This operator
+ converts an arbitrary string into one that is base64 encoded.
+
+10. A new authenticator, called cyrus_sasl, has been added. This requires
+ the presence of the Cyrus SASL library; it authenticates by calling this
+ library, which supports a number of authentication mechanisms, including
+ PLAIN and LOGIN, but also several others that Exim does not support
+ directly. The code for this authenticator was provided by Matthew
+ Byng-Maddick of A L Digital Ltd (http://www.aldigital.co.uk). Here follows
+ draft documentation:
+
+ xx. THE CYRUS_SASL AUTHENTICATOR
+
+ The cyrus_sasl authenticator provides server support for the Cyrus library
+ Implementation of the RFC 2222 "Simple Authentication and Security Layer".
+ It provides a gatewaying mechanism directly to the Cyrus interface, so if
+ your Cyrus library can do, for example, CRAM-MD5, then so can the
+ cyrus_sasl authenticator. By default it uses the public name of the driver
+ to determine which mechanism to support.
+
+ Where access to some kind of secret file is required, for example in GSSAPI
+ or CRAM-MD5, it is worth noting that the authenticator runs as the exim
+ user, and that the Cyrus SASL library has no way of escalating privileges
+ by default. You may also find you need to set environment variables,
+ depending on the driver you are using.
+
+ xx.1 Using cyrus_sasl as a server
+
+ The cyrus_sasl authenticator has four private options. It puts the username
+ (on a successful authentication) into $1.
+
+ server_hostname Type: string* Default: $primary_hostname
+
+ This option selects the hostname that is used when communicating with
+ the library. It is up to the underlying SASL plug-in what it does with
+ this data.
+
+ server_mech Type: string Default: public_name
+
+ This option selects the authentication mechanism this driver should
+ use. It allows you to use a different underlying mechanism from the
+ advertised name. For example:
+
+ sasl:
+ driver = cyrus_sasl
+ public_name = X-ANYTHING
+ server_mech = CRAM-MD5
+ server_set_id = $1
+
+ server_realm Type: string Default: unset
+
+ This is the SASL realm that the server is claiming to be in.
+
+ server_service Type: string Default: "smtp"
+
+ This is the SASL service that the server claims to implement.
+
+ For straigthforward cases, you do not need to set any of the
+ authenticator's private options. All you need to do is to specify an
+ appropriate mechanism as the public name. Thus, if you have a SASL library
+ that supports CRAM-MD5 and PLAIN, you might have two authenticators as
+ follows:
+
+ sasl_cram_md5:
+ driver = cyrus_sasl
+ public_name = CRAM-MD5
+ server_set_id = $1
+
+ sasl_plain:
+ driver = cyrus_sasl
+ public_name = PLAIN
+ server_set_id = $1
+
+11. There is a new global option called tls_on_connect_ports. Its value must be
+ a list of port numbers; the most common use is expected to be
+
+ tls_on_connect_ports = 465
+
+ Setting this option has the same effect as -tls-on-connect on the command
+ line, but only for the specified ports. It applies to all connections, both
+ via the daemon and via inetd. You still need to specify all the ports for
+ the daemon (using daemon_smtp_ports or local_interfaces or the -X command
+ line option) because this option does not add an extra port -- rather, it
+ specifies different behaviour on a port that is defined elsewhere. The
+ -tls-on-connect command line option overrides tls_on_connect_ports, and
+ forces tls-on-connect for all ports.
+
+12. There is a new ACL that is run when a DATA command is received, before the
+ data itself is received. The ACL is defined by acl_smtp_predata. (Compare
+ acl_smtp_data, which is run after the data has been received.)
+ This new ACL allows a negative response to be given to the DATA command
+ itself. Header lines added by MAIL or RCPT ACLs are not visible at this
+ time, but any that are defined here are visible when the acl_smtp_data ACL
+ is run.
+
+13. The "control=submission" ACL modifier has an option "/domain=xxx" which
+ specifies the domain to be used when creating From: or Sender: lines using
+ the authenticated id as a local part. If the option is supplied with an
+ empty domain, that is, just "/domain=", Exim assumes that the authenticated
+ id is a complete email address, and it uses it as is when creating From:
+ or Sender: lines.
+
+14. It is now possible to make retry rules that apply only when the failing
+ message has a specific sender. In particular, this can be used to define
+ retry rules that apply only to bounce messages. The syntax is to add a new
+ third item to a retry rule, of the form "senders=<address list>". The retry
+ timings themselves then become the fourth item. For example:
+
+ * * senders=: F,1h,30m
+
+ would match all bounce messages. If the address list contains white space,
+ it must be enclosed in quotes. For example:
+
+ a.domain timeout senders="x@b.dom : y@c.dom" G,8h,10m,1.5
+
+ When testing retry rules using -brt, you can supply a sender using the -f
+ command line option, like this:
+
+ exim -f "" -brt user@dom.ain
+
+ If you do not set -f with -brt, a retry rule that contains a senders list
+ will never be matched.
+
+15. Two new control modifiers have been added to ACLs: "control = enforce_sync"
+ and "control = no_enforce_sync". This makes it possible to be selective
+ about when SMTP synchronization is enforced. The global option
+ smtp_enforce_sync now specifies the default state of the switch. These
+ controls can appear in any ACL, but the most obvious place to put them is
+ in the ACL defined by acl_smtp_connect, which is run at the start of an
+ incoming SMTP connection, before the first synchronization check.
+
+16. Another two new control modifiers are "control = caseful_local_part" and
+ "control = caselower_local_part". These are permitted only in the ACL
+ specified by acl_smtp_rcpt (i.e. during RCPT processing). By default, the
+ contents of $local_part are lower cased before ACL processing.
+ After "control = caseful_local_part", any uppercase letters in the original
+ local part are restored in $local_part for the rest of the ACL, or until
+ "control = caselower_local_part" is encountered. However, this applies only
+ to local part handling that takes place directly in the ACL (for example,
+ as a key in lookups). If a "verify = recipient" test is obeyed, the
+ case-related handling of the local part during the verification is
+ controlled by the router configuration (see the caseful_local_part generic
+ router option).
+
+ This facility could be used, for example, to add a spam score to local
+ parts containing upper case letters. For example, using $acl_m4 to
+ accumulate the spam score:
+
+ warn control = caseful_local_part
+ set acl_m4 = ${eval:\
+ $acl_m4 + \
+ ${if match{$local_part}{[A-Z]}{1}{0}}\
+ }
+ control = caselower_local_part
+
+ Notice that we put back the lower cased version afterwards, assuming that
+ is what is wanted for subsequent tests.
+
+17. The option hosts_connection_nolog is provided so that certain hosts can be
+ excepted from logging when the +smtp_connection log selector is set. For
+ example, you might want not to log SMTP connections from local processes,
+ or from 127.0.0.1, or from your local LAN. The option is a host list with
+ an unset default. Because it is consulted in the main loop of the daemon,
+ you should strive to restrict its value to a short inline list of IP
+ addresses and networks. To disable logging SMTP connections from local
+ processes, you must create a host list with an empty item. For example:
+
+ hosts_connection_nolog = :
+
+ If the +smtp_connection log selector is not set, this option has no effect.
+
+18. There is now an acl called acl_smtp_quit, which is run for the QUIT
+ command. The outcome of the ACL does not affect the response code to QUIT,
+ which is always 221. Thus, the ACL does not in fact control any access.
+ For this reason, the only verbs that are permitted are "accept" and "warn".
+
+ The ACL can be used for tasks such as custom logging at the end of an SMTP
+ session. For example, you can use ACL variables in other ACLs to count
+ messages, recipients, etc., and log the totals at QUIT time using one or
+ more "logwrite" modifiers on a "warn" command.
+
+ You do not need to have a final "accept", but if you do, you can use a
+ "message" modifier to specify custom text that is sent as part of the 221
+ response.
+
+ This ACL is run only for a "normal" QUIT. For certain kinds of disastrous
+ failure (for example, failure to open a log file, or when Exim is bombing
+ out because it has detected an unrecoverable error), all SMTP commands
+ from the client are given temporary error responses until QUIT is received
+ or the connection is closed. In these special cases, the ACL is not run.
+
+19. The appendfile transport has two new options, mailbox_size and mailbox_
+ filecount. If either these options are set, it is expanded, and the result
+ is taken as the current size of the mailbox or the number of files in the
+ mailbox, respectively. This makes it possible to use some external means of
+ maintaining the data about the size of a mailbox for enforcing quota
+ limits. The result of expanding these option values must be a decimal
+ number, optionally followed by "K" or "M".
+
+20. It seems that there are broken clients in use that cannot handle multiline
+ SMTP responses. Can't people who implement these braindead programs read?
+ RFC 821 mentions multiline responses, and it is over 20 years old. They
+ must handle multiline responses for EHLO, or do they still use HELO?
+ Anyway, here is YAWFAB (yet another workaround for asinine brokenness).
+ There's a new ACL switch that can be set by
+
+ control = no_multiline_responses
+
+ If this is set, it suppresses multiline SMTP responses from ACL rejections.
+ One way of doing this would have been just to put out these responses as
+ one long line. However, RFC 2821 specifies a maximum of 512 bytes per
+ response ("use multiline responses for more" it says), and some of the
+ responses might get close to that. So I have implemented this by doing two
+ very easy things:
+
+ (1) Extra information that is normally output as part of a rejection
+ caused by sender verification failure is omitted. Only the final line
+ (typically "sender verification failed") is now sent.
+
+ (2) If a "message" modifier supplies a multiline response, only the first
+ line is output.
+
+ The setting of the switch can, of course, be made conditional on the
+ calling host.
+
+21. There is now support for the libradius library that comes with FreeBSD.
+ This is an alternative to the radiusclient library that Exim already
+ supports. To use the FreeBSD library, you need to set
+
+ RADIUS_LIB_TYPE=RADLIB
+
+ in Local/Makefile, in addition to RADIUS_CONFIGURE_FILE, and you probably
+ also need -libradius in EXTRALIBS.
+
+
+Version 4.42
+------------
+
+ 1. The "personal" filter test is brought up-to-date with recommendations from
+ the Sieve specification: (a) The list of non-personal From: addresses now
+ includes "listserv", "majordomo", and "*-request"; (b) If the message
+ contains any header line starting with "List=-" it is treated as
+ non-personal.
+
+ 2. The Sieve functionality has been extended to support the "copy" and
+ "vacation" extensions, and comparison tests.
+
+ 3. There is now an overall timeout for performing a callout verification. It
+ defaults to 4 times the callout timeout, which applies to individual SMTP
+ commands during the callout. The overall timeout applies when there is more
+ than one host that can be tried. The timeout is checked before trying the
+ next host. This prevents very long delays if there are a large number of
+ hosts and all are timing out (e.g. when the network connections are timing
+ out). The value of the overall timeout can be changed by specifying an
+ additional sub-option for "callout", called "maxwait". For example:
+
+ verify = sender/callout=5s,maxwait=20s
+
+ 4. Changes to the "personal" filter test:
+
+ (1) The list of non-personal local parts in From: addresses has been
+ extended to include "listserv", "majordomo", "*-request", and "owner-*",
+ taken from the Sieve specification recommendations.
+
+ (2) If the message contains any header line starting with "List-" it is
+ treated as non-personal.
+
+ (3) The test for "circular" in the Subject: header line has been removed
+ because it now seems ill-conceived.
+
+ 5. The autoreply transport has a new option called never_mail. This is an
+ address list. If any run of the transport creates a message with a
+ recipient that matches any item in the list, that recipient is quietly
+ discarded. If all recipients are discarded, no message is created.
+
+
+Version 4.40
+------------
+
+The documentation is up-to-date for the 4.40 release. What follows here is a
+brief list of the new features that have been added since 4.30.
+
+ 1. log_incoming_interface affects more log lines.
+
+ 2. New ACL modifier "control = submission".
+
+ 3. CONFIGURE_OWNER can be set at build time to define an alternative owner for
+ the configuration file, in addition to root and exim.
+
+ 4. Added expansion variables $body_zerocount, $recipient_data, and
+ $sender_data.
+
+ 5. The time of last modification of the "new" subdirectory is now used as the
+ "mailbox time last read" when there is a quota error for a maildir
+ delivery.
+
+ 6. The special item "+ignore_unknown" may now appear in host lists.
+
+ 7. The special domain-matching patterns @mx_any, @mx_primary, and
+ @mx_secondary can now be followed by "/ignore=<ip list>".
+
+ 8. New expansion conditions: match_domain, match_address, match_local_part,
+ lt, lti, le, lei, gt, gti, ge, and new expansion operators time_interval,
+ eval10, and base62d.
+
+ 9. New lookup type called "iplsearch".
+
+10. New log selectors ident_timeout, tls_certificate_verified, queue_time,
+ deliver_time, outgoing_port, return_path_on_delivery.
+
+11. New global options smtp_active_hostname and tls_require_ciphers.
+
+12. Exinext has -C and -D options.
+
+13. "domainlist_cache" forces caching of an apparently variable list.
+
+14. For compatibility with Sendmail, the command line option -prval:sval
+ is equivalent to -oMr rval -oMs sval.
+
+15. New callout options use_sender and use_postmaster for use when verifying
+ recipients.
+
+16. John Jetmore's "exipick" utility has been added to the distribution.
+
+17. The TLS code now supports CRLs.
+
+18. The dnslookup router and the dnsdb lookup type now support the use of SRV
+ records.
+
+19. The redirect router has a new option called qualify_domain.
+
+20. exigrep's output now also includes lines that are not related to any
+ particular message, but which do match the pattern.
+
+21. New global option write_rejectlog. If it is set false, Exim no longer
+ writes anything to the reject log.
+
+****
diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt
new file mode 100644
index 000000000..2437abfa8
--- /dev/null
+++ b/doc/doc-txt/OptionLists.txt
@@ -0,0 +1,927 @@
+$Cambridge: exim/doc/doc-txt/OptionLists.txt,v 1.1 2004/10/07 15:04:35 ph10 Exp $
+
+LISTS OF EXIM OPTIONS
+---------------------
+
+This file contains complete lists of three kinds of Exim option:
+
+ 1. Those that can appear in the run time configuration file;
+ 2. Those that can be used on the command line;
+ 3. Those that can appear in the build time configuration (Local/Makefile);
+ 4. Those that can appear in the build time configuration for the Exim monitor
+ (Local/eximon.conf).
+
+This file was last updated for Exim release 4.40.
+
+
+1. RUN TIME OPTIONS
+-------------------
+
+As Exim has developed, new options have been added at each major release. For
+the most part, backwards compatibility has been maintained, and obsolete
+options continue to be recognized. However, incompatible changes took place at
+releases 3.00, and 4.00. In both cases, several groups of options were
+amalgamated into new, extended options, and obsolete options were removed.
+
+The table below contains a complete list of all Exim's current options, along
+with their types, default values, and where they can be used. String options
+that are expanded before use are marked with *. Host lists, domain lists, and
+address lists are always expanded. In some cases the defaults are not fixed
+values, or not short enough to fit in the table. These are indicated by +. Some
+other default values are determined when the Exim binary is compiled; these are
+indicated by ++.
+
+For options that are specific to a particular driver, the fourth column
+contains the driver name, for example, appendfile. Otherwise, it contains
+
+ . `main' for options that appear in the main section of Exim's configuration
+ file;
+
+ . `authenticators' for generic options that apply to any authenticator;
+
+ . `routers' for generic options that apply to any router;
+
+ . `transports' for generic options that apply to any transport.
+
+The fifth column contains the version of Exim in which the option was added, or
+substantially changed. Where no number is given, the option has been in Exim
+since the very early releases. The routers were completely reorganised for
+release 4.00, and so no router options are shown as earlier than 4.00, though
+in fact some of them were inherited from earlier versions.
+
+-----------------------------------------------------------------------------------------
+accept_8bitmime boolean false main 1.60
+acl_not_smtp string* unset main 4.11
+acl_smtp_auth string* unset main 4.00
+acl_smtp_connect string* unset main 4.11
+acl_smtp_data string* unset main 4.00
+acl_smtp_etrn string* unset main 4.00
+acl_smtp_expn string* unset main 4.00
+acl_smtp_helo string* unset main 4.20
+acl_smtp_mail string* unset main 4.11
+acl_smtp_mailauth string* unset main 4.21
+acl_smtp_predata string* unset main 4.43
+acl_smtp_quit string* unset main 4.43
+acl_smtp_rcpt string* unset main 4.00
+acl_smtp_starttls string* unset main 4.11
+acl_smtp_vrfy string* unset main 4.00
+address_data string* unset routers 4.00
+address_test boolean true routers 4.14
+admin_groups string list unset main 3.02
+allow_domain_literals boolean false main 4.00 replacing forbid_domain_literals
+allow_commands string list* unset pipe 1.89
+allow_defer boolean false redirect 4.00
+allow_fail boolean false redirect 4.00
+allow_filter boolean false redirect 4.00
+allow_freeze boolean false redirect 4.00
+allow_fifo boolean false appendfile 3.13
+allow_localhost boolean false smtp 1.73
+allow_mx_to_ip boolean false main 3.14
+allow_symlink boolean false appendfile
+allow_utf8_domains boolean false main 4.14
+auth_advertise_hosts host list "*" main 4.00
+authenticated_sender string* unset smtp 4.14
+authenticate_hosts host list unset smtp 3.13
+auto_thaw time 0s main
+batch_id string unset appendfile 4.00
+ unset lmtp 4.00
+ unset pipe 4.00
+batch_max integer 100 appendfile
+ 100 lmtp 3.20
+ 100 pipe
+bcc string* unset autoreply
+bi_command string unset main
+body_only boolean false transports 2.05
+bounce_message_file string unset main 4.00
+bounce_message_text string unset main 4.00
+bounce_return_body boolean true main 4.23
+bounce_return_message boolean true main 4.00
+bounce_return_size_limit int 100K main 4.23 better name for return_size_limit
+bounce_sender_authentication string unset main 4.00
+callout_domain_negative_expire time 3h main 4.11
+callout_domain_positive_expire time 7d main 4.11
+callout_negative_expire time 2h main 4.11
+callout_positive_expire time 24h main 4.11
+callout_random_local_part string* + main 4.11
+cannot_route_message string* unset routers 4.11
+caseful_local_part boolean false routers 4.00
+cc string* unset autoreply
+check_ancestor boolean false redirect 4.00
+check_group boolean false appendfile
+ + redirect 4.00
+check_local_user boolean false routers 4.00
+check_log_inodes integer 0 main
+check_log_space integer 0 main
+check_owner boolean true appendfile 3.14
+ + redirect 4.00
+check_secondary_mx boolean false dnslookup 4.00
+check_spool_inodes integer 0 main
+check_spool_space integer 0 main
+check_string string "From " appendfile 3.03
+ unset pipe 3.03
+check_srv string* unset dnslookup 4.31
+client_name string* + cram_md5 3.10
+client_secret string* unset cram_md5 3.10
+client_send string* unset plaintext 3.10
+command string* unset lmtp 3.20
+ unset pipe
+ unset queryprogram 4.00
+command_group string unset queryprogram 4.00
+command_timeout time 5m smtp
+command_user string unset queryprogram 4.00
+condition string* unset routers 4.00
+connect_timeout time 0s smtp 1.60
+connection_max_messages integer 500 smtp 4.00 replaces batch_max
+create_directory boolean true appendfile
+create_file string "anywhere" appendfile
+current_directory string unset transports 4.00
+ unset queryprogram 4.00
+daemon_smtp_ports string unset main 1.75 pluralised in 4.21
+data string unset redirect 4.00
+data_timeout time 5m smtp
+debug_print string* unset authenticators 4.00
+ unset routers 4.00
+ unset transports 2.00
+delay_after_cutoff boolean true smtp
+delay_warning time list 24h main
+delay_warning_condition string* + main 1.73
+deliver_drop_privilege boolean false main 4.00
+deliver_queue_load_max fixed-point unset main 1.70
+delivery_date_add boolean false transports
+delivery_date_remove boolean true main
+directory string* unset appendfile
+directory_mode octal-integer 0700 appendfile
+directory_transport string* unset redirect 4.00
+disable_logging boolean false routers 4.11
+disable_logging boolean false transports 4.11
+dns_again_means_nonexist domain list unset main 1.89
+dns_check_names_pattern string + main 2.11
+dns_ipv4_lookup boolean false main 3.20
+dns_qualify_single boolean true smtp
+dns_retrans time 0s main 1.60
+dns_retry integer 0 main 1.60
+dns_search_parents boolean false smtp
+domains domain list unset routers 4.00
+driver string unset authenticators
+ unset routers 4.00
+ unset transports
+drop_cr boolean false main 4.00 became a no-op in 4.21
+envelope_to_add boolean false transports
+envelope_to_remove boolean true main
+environment string* unset pipe 2.95
+errors_copy string list* unset main
+errors_reply_to string unset main
+errors_to string* unset routers 4.00
+escape_string string ">From " appendfile 3.03
+ unset pipe 3.03
+exim_group string ++ main
+exim_path string ++ main
+exim_user string ++ main
+expn boolean true routers
+extra_local_interfaces string unset main 4.21
+extract_addresses_remove_arguments boolean true main 1.92
+fail_verify boolean false routers
+fail_verify_recipient boolean false routers 4.00
+fail_verify_sender boolean false routers 4.00
+fallback_hosts string list unset routers 4.00
+ unset smtp
+file string* unset appendfile
+ unset autoreply
+ unset redirect 4.00
+file_expand boolean false autoreply
+file_format string unset appendfile 3.03
+file_must_exist boolean false appendfile
+file_optional boolean false autoreply
+file_transport string* unset redirect 4.00
+final_timeout time 10m smtp
+finduser_retries integer 0 main
+forbid_blackhole boolean false redirect 4.00
+forbid_fail boolean false redirect 4.00
+forbid_file boolean false redirect 4.00
+forbid_filter_existstest boolean false redirect 4.00
+forbid_filter_logwrite boolean false redirect 4.00
+forbid_filter_lookup boolean false redirect 4.00
+forbid_filter_perl boolean false redirect 4.00
+forbid_filter_readfile boolean false redirect 4.00
+forbid_filter_readsocket boolean false redirect 4.11
+forbid_filter_reply boolean false redirect 4.00
+forbid_filter_run boolean false redirect 4.00
+forbid_include boolean false redirect 4.00
+forbid_pipe boolean false redirect 4.00
+freeze_exec_fail boolean false pipe 1.89
+freeze_tell boolean false main 4.00 replaces freeze_tell_mailmaster
+from string* unset autoreply
+gecos_name string* unset main
+gecos_pattern string unset main
+gethostbyname boolean false smtp
+group string + routers 4.00
+ unset transports 4.00 replaces local option in some transports
+header_line_maxsize integer 0 (unset) main 4.14
+header_maxsize integer 1M main 4.14
+headers string* unset autoreply
+headers_add string* unset routers 4.00
+ unset transports
+headers_charset string ++ main 4.21
+headers_only boolean false transports 2.05
+headers_remove string* unset routers 4.00
+ unset transports
+headers_rewrite string unset transports 3.20
+helo_accept_junk_hosts host list unset main 3.00
+helo_allow_chars string "" main 4.02
+helo_lookup_domains domain list unset main 4.00
+helo_data string* "$primary_hostname" smtp 3.21
+helo_try_verify_hosts host list unset main 4.00
+helo_verify_hosts host list unset main 1.73
+hide_child_in_errmsg false redirect 4.00
+hold_domains domain list unset main 1.70
+home_directory string* unset transports 4.00 replaces individual options
+host_find_failed string "freeze" manualroute 4.00
+host_lookup host list unset main 3.00
+host_lookup_order string list "bydns:byaddr" main 4.30
+host_reject_connection host list unset main 4.00
+hosts string unset iplookup 4.00
+ string list* unset smtp
+hosts_avoid_esmtp host list unset smtp 4.21
+hosts_avoid_tls host list unset smtp 3.20
+hosts_connection_nolog host list unset main 4.43
+hosts_max_try integer 5 smtp 3.20
+hosts_nopass_tls host list unset smtp 4.00
+hosts_override boolean false smtp 2.11
+hosts_randomize boolean false manualroute 4.00
+ false smtp 3.14
+hosts_require_auth host list unset smtp 4.00
+hosts_require_tls host list unset smtp 3.20
+hosts_treat_as_local domain list unset main 1.95
+hosts_try_auth host list unset smtp 4.00
+ignore_bounce_errors_after time 0s main 4.00
+ignore_eacces boolean false redirect 4.00
+ignore_enotdir boolean false redirect 4.00
+ignore_fromline_hosts host list unset main
+ignore_fromline_local boolean false main 2.05
+ignore_status boolean false pipe
+ignore_target_hosts host list unset routers 4.00
+include_directory string unset redirect 4.00
+initgroups false routers 4.00
+interface string list unset smtp 1.70
+keep_malformed time 4d main
+keepalive boolean true smtp 2.05
+ldap_default_servers string list unset main 3.02
+ldap_version int 2 or 3 main 4.14
+local_from_check boolean true main 3.14
+local_from_prefix string unset main 3.14
+local_from_suffix string unset main 3.14
+local_interfaces string list unset main 1.60
+local_part_prefix string unset routers 4.00 replaces prefix
+local_part_prefix_optional boolean unset routers 4.00 replaces prefix_optional
+local_part_suffix string unset routers 4.00 replaces suffix
+local_part_suffix_optional boolean unset routers 4.00 replaces suffix_optional
+local_parts string list* unset routers 4.00
+local_scan_timeout time 5m main 4.03
+local_sender_retain boolean false main 4.00
+localhost_number string unset main
+lock_fcntl_timeout time 0s appendfile 3.14
+lock_flock_timeout time 0s appendfile 4.11
+lock_interval time 3s appendfile
+lock_retries integer 10 appendfile
+lockfile_mode octal-integer 0600 appendfile
+lockfile_timeout time 30m appendfile
+log string* unset autoreply
+log_as_local boolean + routers 4.00
+log_file_path string list ++ main
+log_defer_output boolean false pipe 1.89
+log_fail_output boolean false pipe 1.60
+log_output boolean false pipe 1.60
+log_selector string unset main 4.00
+log_timezone boolean false main 4.11
+lookup_open_max integer 25 main 2.05
+mailbox_filecount string* unset appendfile 4.43
+mailbox_size string* unset appendfile 4.43
+maildir_format boolean false appendfile 1.70
+maildir_retries integer 10 appendfile 1.70
+maildir_tag string* unset appendfile 1.92
+maildir_use_size_file boolean false appendfile 4.30
+mailstore_format boolean false appendfile 2.00
+mailstore_prefix string* unset appendfile 2.00
+mailstore_suffix string* unset appendfile 2.00
+match_directory string* unset localuser
+max_output integer 20K pipe
+max_rcpt integer 100 smtp 1.60
+max_user_name_length integer 0 main
+mbx_format boolean false appendfile 2.10
+message_body_visible integer 500 main
+message_id_header_domain string* unset main 4.11
+message_id_header_text string* unset main
+message_logs boolean true main 4.10
+message_prefix string* + appendfile 4.00 replaces prefix
+ string* unset pipe 4.00 replaces prefix
+message_size_limit integer 0 main
+ 0 transports 2.05
+message_suffix string* + appendfile 4.00 replaces suffix
+ string* unset pipe 4.00 replaces suffix
+mode octal-integer 0600 appendfile
+ 0600 autoreply
+mode_fail_narrower boolean true appendfile 1.70
+modemask octal-integer 022 redirect 4.00
+more boolean true routers 4.00
+move_frozen_messages boolean false main 3.09
+multi_domain boolean true smtp
+mx_domains domain list unset dnslookup 4.00
+mx_fail_domains domain list unset dnslookup 4.43
+mysql_servers string list unset main 3.03
+never_users string list unset main
+notify_comsat boolean false appendfile
+once string* unset autoreply
+once_file_size integer 0 autoreply 3.20
+once_repeat time 0s autoreply 2.95
+one_time boolean false redirect 4.00
+optional boolean false iplookup 4.00
+oracle_servers string unset main 4.00
+owners string list unset redirect 4.00
+owngroups string list unset redirect 4.00
+pass_on_timeout boolean false routers 4.00
+pass_router string unset routers 4.00
+path string "/usr/bin" pipe
+percent_hack_domains domain list unset main
+perl_at_start boolean false main 2.10
+perl_startup string unset main 2.10
+pgsql_servers string list unset main 3.14
+pid_file_path string ++ main
+pipe_as_creator boolean false pipe
+pipe_transport string* unset redirect 4.00
+pipelining_advertise_hosts host list "*" main 4.14
+port integer 0 iplookup 4.00
+ string "smtp" smtp
+preserve_message_logs boolean false main
+primary_hostname string + main
+print_topbitchars boolean false main 1.89
+process_log_path string unset main 4.21
+prod_requires_admin boolean true main 1.70
+protocol string "udp" iplookup 4.00
+ string "smtp" smtp 3.20
+public_name string unset authenticators 3.10
+qualify_domain string + main
+ string* unset redirect 4.31
+qualify_preserve_domain boolean false redirect 4.00
+qualify_recipient string + main
+qualify_single boolean true dnslookup 4.00
+query string* + iplookup 4.00
+queue_domains domain list unset main 4.00
+queue_list_requires_admin boolean true main 1.95
+queue_only boolean false main
+queue_only_file string unset main 2.05
+queue_only_load fixed-point unset main
+queue_only_override boolean true main 4.21
+queue_run_in_order boolean false main 1.70
+queue_run_max integer 5 main
+queue_smtp_domains domain list unset main
+quota string* unset appendfile 1.60
+quota_directory string* unset appendfile 4.11
+quota_filecount integer 0 appendfile 2.05
+quota_is_inclusive boolean true appendfile 3.20
+quota_size_regex string unset appendfile 3.14
+quota_warn_message string* + appendfile 2.10
+quota_warn_threshold string* 0 appendfile 2.10
+rcpt_include_affixes boolean false transports 4.21
+receive_timeout time 0s main 4.00 replacing accept_timeout
+received_header_text string* + main
+received_headers_max integer 30 main
+recipient_unqualified_hosts host list unset main 4.00 replacing receiver_unqualified_hosts
+recipients_max integer 0 main 1.60
+recipients_max_reject boolean false main 1.70
+redirect_router string unset routers 4.00
+remote_max_parallel integer 1 main
+remote_sort_domains domain list unset main 4.00 replacing remote_sort
+repeat_use boolean true redirect 4.00
+reply_to string* unset autoreply 2.05
+reply_transport string* unset redirect 4.00
+require_files string list* unset routers 4.00
+reroute string* unset iplookup 4.00
+response_pattern string unset iplookup 4.00
+restrict_to_path boolean false pipe
+retry_data_expire time 7d main 3.03
+retry_include_ip_address boolean true smtp 1.92
+retry_interval_max time 24h main
+retry_use_local_part boolean + routers 4.00
+ + transports 4.00 replacing individual options
+return_fail_output boolean false pipe 1.60
+return_message boolean false autoreply
+return_output boolean false pipe
+return_path string* unset transports 2.05
+return_path_add boolean false transports
+return_path_remove boolean true main
+return_size_limit integer 100K main renamed bounce_return_size_limit in 4.23
+rewrite boolean true redirect 4.00
+rewrite_headers boolean true dnslookup 4.00
+rfc1413_hosts host list * main
+rfc1413_query_timeout time 30s main
+router_home_directory string* unset routers 4.11
+route_data string* unset manualroute 4.00
+route_list string list unset manualroute 4.00
+same_domain_copy_routing boolean false dnslookup 4.00
+search_parents boolean false dnslookup 4.00
+self string "freeze" routers 4.00
+sender_unqualified_hosts host list unset main
+senders address list unset routers 4.00
+serialize_hosts host list unset smtp 1.60
+server_advertise_condition string* unset authenticators 4.14
+server_condition string* unset plaintext 3.10
+server_hostname string* "$primary_hostname" cyrus_sasl 4.43
+server_mail_auth_condition string* unset authenticators 3.22
+server_mech string public_name cyrus_sasl 4.43
+server_prompts string* unset plaintext 3.10
+server_realm string unset cyrus_sasl 4.43
+server_secret string* unset cram_md5 3.10
+server_service string "smtp" cyrus_sasl 4.43
+server_set_id string* unset authenticators 3.10
+shadow_condition string* unset transports
+shadow_transport string unset transports
+size_addition integer 1024 smtp 1.91
+skip_syntax_errors boolean false redirect 4.00
+smtp_accept_keepalive boolean true main
+smtp_accept_max integer 20 main
+smtp_accept_max_nonmail integer 10 main 4.11
+smtp_accept_max_nonmail_hosts host list * main 4.14
+smtp_accept_max_per_connection integer 1000 main 4.00
+smtp_accept_max_per_host integer 0 main 2.05
+smtp_accept_queue integer 0 main
+smtp_accept_queue_per_connection integer 10 main 2.03
+smtp_accept_reserve integer 0 main
+smtp_active_hostname string* unset main 4.33
+smtp_banner string* + main
+smtp_check_spool_space boolean true main 2.10
+smtp_connect_backlog integer 5 main
+smtp_enforce_sync boolean true main 4.00
+smtp_etrn_command string* unset main 1.92
+smtp_etrn_serialize boolean true main 1.89
+smtp_load_reserve fixed-point unset main
+smtp_max_synprot_errors integer 3 main 4.30
+smtp_max_unknown_commands integer 3 main 4.14
+smtp_ratelimit_hosts host list unset main 4.00
+smtp_ratelimit_mail string unset main 4.00
+smtp_ratelimit_rcpt string unset main 4.00
+smtp_receive_timeout time 5m main
+smtp_reserve_hosts host list unset main
+smtp_return_error_details boolean false main 4.11
+socket string* unset lmtp 4.11
+split_spool_directory boolean false main 1.70
+spool_directory string ++ main
+srv_fail_domains domain list unset dnslookup 4.43
+strip_excess_angle_brackets boolean false main
+strip_trailing_dot boolean false main
+subject string* unset autoreply
+syntax_errors_text string* unset redirect 4.00
+syntax_errors_to string unset redirect 4.00
+syslog_duplication boolean true main 4.21
+syslog_facility string unset main 4.20
+syslog_processname string "exim" main 4.20
+syslog_timestamp boolean true main 4.00
+system_filter string unset main 4.00 replacing message_filter
+system_filter_directory_transport string unset main 4.00 replacing message_filter
+system_filter_file_transport string unset main 4.00 replacing message_filter
+system_filter_group string unset main 4.00 replacing message_filter
+system_filter_pipe_transport string unset main 4.00 replacing message_filter
+system_filter_reply_transport string unset main 4.00 replacing message_filter
+system_filter_user string unset main 4.00 replacing message_filter
+tcp_nodelay boolean true main 4.23
+ true smtp 4.23
+temp_errors string list + pipe 1.95
+text string* unset autoreply
+timeout time 5m lmtp 3.20
+ 1h pipe
+ 1h queryprogram 4.00
+ 5s iplookup 4.00
+timeout_frozen_after time 0s main 3.20
+timezone string + main 3.15
+tls_advertise_hosts host list * main 3.20
+tls_certificate string* unset main 3.20
+ unset smtp 3.20
+tls_dhparam string* unset main 3.20
+tls_on_connect_ports string unset main 4.43
+tls_privatekey string* unset main 3.20
+ unset smtp 3.20
+tls_remember_emstp boolean false main 4.21
+tls_require_ciphers string* unset smtp 4.00 replaces tls_verify_ciphers
+ string* unset main 4.33
+tls_tempfail_tryclear boolean true smtp 4.05
+tls_try_verify_hosts host list unset main 4.00
+tls_verify_certificates string* unset main 3.20
+ unset smtp 3.20
+tls_verify_hosts host list unset main 3.20
+to string* unset autoreply
+translate_ip_address string unset routers 4.00
+transport string* unset routers 4.00
+transport_current_directory string unset routers 4.00
+transport_home_directory string unset routers 4.00
+transport_filter string unset transports
+transport_filter_timeout time 5m transports 4.30
+trusted_groups string list unset main
+trusted_users string list unset main
+umask octal-integer 022 pipe
+unknown_login string unset main
+unknown_username string unset main
+unseen boolean false routers 4.00
+untrusted_set_sender boolean false main 3.20
+use_bsmtp boolean false appendfile 4.00
+ false pipe 4.00
+use_crlf boolean false appendfile 1.89
+ false pipe 1.89
+use_fcntl_lock boolean + appendfile 1.70
+use_flock_lock boolean + appendfile 4.11
+use_lockfile boolean + appendfile
+use_mbx_lock boolean + appendfile 2.10
+use_shell boolean false pipe 1.70
+user string + routers 4.00
+ unset transports 4.00 replaces individual options
+uucp_from_pattern string + main 1.75
+uucp_from_sender string* "$1" main 1.75
+verify boolean true routers 4.00
+verify_only boolean false routers 4.00
+verify_recipient boolean true routers 4.00
+verify_sender boolean true routers 4.00
+warn_message_file string unset main 4.00
+widen_domains string list unset dnslookup 4.00
+write_rejectlog boolean true main 4.31
+
+
+
+2. COMMAND LINE OPTIONS
+-----------------------
+
+The table below contains a complete list of all Exim's command line options.
+Those marked with # are available only to trusted users, those marked with +
+are available only to admin users, and those marked with * exist only to
+provide compatibility with Sendmail.
+
+-- Terminate options
+--help Give a little help (not a lot)
+-B * Ignored
+-bd + Start daemon
+-bdf + Start daemon and run it in the foreground
+-be Test string expansion
+-bF Test system filter file
+-bf Test user filter file
+-bfd Set domain for filter testing
+-bfl Set local part for filter testing
+-bfp Set local part prefix for filter testing
+-bfs Set local part suffix for filter testing
+-bh Test incoming SMTP call, omitting callouts
+-bhc Test incoming SMTP call, with callouts
+-bi * Run <command>bi_command</command>
+-bm Accept message on standard input
+-bnq Don't qualify addresses in locally submitted messages
+-bP Show configuration option settings
+-bp + List the queue
+-bpa + ... with generated addresses as well
+-bpc + ... but just show a count of messages
+-bpr + ... do not sort
+-bpra + ... with generated addresses, unsorted
+-bpru + ... only undelivered addresses, unsorted
+-bpu + ... only undelivered addresses
+-brt Test retry rules
+-brw Test rewriting rules
+-bS Read batch SMTP on standard input
+-bs Run SMTP on standard input and output
+-bt Test address directing and routing
+-bV Verify version number
+-bv Test recipient address verification
+-bvs Test sender address verification
+-C + Use alternate configuration file
+-D + Define macro for configuration file
+-d Turn on debugging output
+-dropcr Remove CR character in input: became a no-op in 4.21
+-E Internal use only
+-ex * Synonym for -oex (for several different x)
+-F Set calling user name
+-f # Set calling user address
+-G * Ignored
+-h * Ignored
+-i Dot does not terminate message
+-M + Force deliver specific message
+-Mar + Add recipient to message
+-MC Internal use only
+-MCA Internal use only
+-MCP Internal use only
+-MCQ Internal use only
+-MCS Internal use only
+-MCT Internal use only
+-Mc + Deliver specific message
+-Mes + Edit message sender
+-Mf + Freeze message(s)
+-Mg + Give up (bounce) message(s)
+-Mmad + Mark all recipients delivered
+-Mmd + Mark one recipient delivered
+-Mrm + Remove message(s) (no bounce)
+-Mt + Thaw message(s)
+-Mvb + View message body
+-Mvh + View message header
+-Mvl + View message log
+-m * Ignored
+-N + Deliver without transporting
+-n * Ignored
+-O * Ignored
+-oA * Supply argument for <option>-bi</option>
+-oB Set max messages down one connection
+-odb Background delivery
+-odf Foreground delivery
+-odi Foreground delivery
+-odq Queue message; do not deliver
+-odqs ... do not do SMTP deliveries
+-oee Error sent by mail; zero return code
+-oem Error sent by mail; non-zero return code
+-oep Error written to standard error stream
+-oeq * Error written to standard error stream
+-oew * Error sent by mail; non-zero return code
+-oi Dot does not terminate message
+-oitrue * Dot does not terminate message
+-oMa # Supply host address
+-oMaa # Supply authenticator name
+-oMai # Supply authenticated id
+-oMas # Supply authenticated sender
+-oMi # Supply interface address
+-oMr # Supply protocol name
+-oMs # Supply host name
+-oMt # Supply ident string
+-om * Ignored
+-oo * Ignored
+-oP * Specify path for daemon's pid file
+-or Timeout non-SMTP messages
+-os Timeout for SMTP messages
+-ov * Verbose; same as -v
+-oX Alternative port for daemon
+-pd Delay Perl interpreter start
+-ps Do not delay Perl interpreter start
+-p<r>:<s> * Same as -oMr <r> -oMs <s>
+-q + Run the queue )
+-qf + ... force delivery ) Other combinations are
+-qff + ... and include frozen messages ) possible. The syntax is
+-qi + ... initial deliveries only )
+-ql + ... local deliveries only ) -q[q][f][f][i|l][time]
+-qq + Two-stage queue run )
+-qR * Same as -R
+-qS * Same as -S
+-R Select by recipient in queue run
+-Rf ... with forcing
+-Rff ... and frozen messages
+-Rr ... using regular expression
+-Rrf ... with forcing
+-Rrff ... and frozen messages
+-r * Synonym for -f
+-S Select by sender in queue run
+-Sf ... with forcing
+-Sff ... and frozen messages
+-Sr ... using regular expression
+-Srf ... with forcing
+-Srff ... and frozen messages
+-Tqt * Used by Exim test suite; not recognized in normal use
+-t Take recipients from header lines
+-ti * Same as -t -i
+-tls-on-connect Do TLS on startup (for legacy clients)
+-U * Ignored
+-v Verbose - shows SMTP dialogue and other delivery info
+-x Ignored (AIX compatibility)
+
+
+3. BUILD TIME OPTIONS FOR EXIM
+------------------------------
+
+The table below contains a complete list of options that can be set in
+Local/Makefile when building Exim. More information about individual options
+can be found in src/EDITME and OS/Makefile-Default.
+
+The second column below gives the type of option:
+
+ . `system' means the option is concerned with the operating system;
+
+ . `driver' means the option selects a driver to be included in the binary;
+
+ . `lookup' means the option selects a lookuptype to be included in the binary;
+
+ . `mandatory' means the option is required to be supplied;
+
+ . `recommended' means the option is recommended to be supplied;
+
+ . `optional' means what it says;
+
+Those marked with * are specialized and are unlikely to be required in most
+installations. Those that are marked with ** are commonly set in OS-specific
+Makefiles. If you use any of these in your Local/Makefile, you may need to
+reproduce some of the OS-specific settings. For example, in the Makefile for
+Solaris (which is actually called OS/Makefile-SunOS5), there is
+
+ LIBS=-lsocket -lnsl -lkstat
+
+If you use LIBS to add extra libraries, you must also include the OS ones in
+your setting. It is better, in this particular case, to use EXTRALIBS, which is
+empty by default, and is provided for just this reason. Of course, if you do
+actually want to modify a setting from the OS-specific file, there is nothing
+to stop you overriding it in your Local/Makefile.
+
+Option Type Description
+------------------------------------------------------------------------------
+
+ALT_CONFIG_PREFIX optional restricts location of -C files
+ALT_CONFIG_ROOT_ONLY optional* privileged -C needs root (not exim)
+APPENDFILE_MODE optional*
+APPENDFILE_DIRECTORY_MODE optional*
+APPENDFILE_LOCKFILE_MODE optional*
+AR system command to build a library
+AUTH_CRAM_MD5 driver include cram_md5 authenticator
+AUTH_PLAINTEXT driver include plaintext authenticator
+AUTH_SPA driver include SPA (NTLM) authenticator
+BASENAME_COMMAND system** path to basename
+BASE_62=62 optional* not normally changed for Unix
+BIN_DIRECTORY mandatory Exim binary directory
+CC system** C compiler
+CFLAGS system** flags for C compiler
+CHGRP_COMMAND system** path to chgrp
+CHOWN_COMMAND system** path to chown
+COMPRESS_COMMAND system path to a compress command
+COMPRESS_SUFFIX system suffix added to compressed files
+CONFIGURE_FILE mandatory Exim runtime configuration file
+CONFIGURE_FILE_USE_EUID optional*
+CONFIGURE_FILE_USE_NODE optional*
+CONFIGURE_OWNER optional* alternate owner for configuration file
+CYRUS_PWCHECK_SOCKET optional socket for pwcheck daemon
+DBMLIB optional** location of DBM library
+DB_DIRECTORY_MODE optional* mode for hints directory
+DB_LOCKFILE_MODE optional* mode for hints lock files
+DB_LOCK_TIMEOUT optional* timeout for hints lock files
+DB_MODE optional* mode for hints files
+DEFAULT_CRYPT optional use crypt16() as default
+DELIVER_IN_BUFFER_SIZE optional*
+DELIVER_OUT_BUFFER_SIZE optional*
+DISABLE_D_OPTION optional disables -D option
+ERRNO_QUOTA optional* error code for system quota failures
+EXICYCLOG_MAX optional number of old log files to keep
+EXIMDB_DIRECTORY_MODE optional* for hints database directory
+EXIMDB_LOCKFILE_MODE optional* for hints lock files
+EXIMDB_MODE optional* mode for hints files
+EXIMON_TEXTPOP system**
+EXIM_CHMOD optional*
+EXIM_GROUP mandatory group to use for Exim
+EXIM_MONITOR optional set to eximon.bin to compile
+EXIM_PERL optional
+EXIM_USER mandatory user to use for Exim
+EXIWHAT_EGREP_ARG system** to find Exim processes from ps
+EXIWHAT_KILL_SIGNAL system** -SIGUSER1 or numerical equivalent
+EXIWHAT_MULTIKILL_CMD system**
+EXIWHAT_MULTIKILL_ARG system**
+EXIWHAT_PS_ARG system** to list all processes
+EXIWHAT_PS_CMD system** path to ps command
+EXTRALIBS system additional libraries
+EXTRALIBS_EXIM system additional libraries for Exim only
+EXTRALIBS_EXIMON system additional libraries for the monitor
+FIXED_NEVER_USERS optional can't override at runtime
+HAVE_ICONV system the iconv() function is available
+HAVE_IPV6 system include IPv6 support
+HEADERS_CHARSET optional charset for decoded header lines
+HEADER_ADD_BUFFER_SIZE optional* buffer for header_add()
+HEADER_MAXSIZE optional* max memory for message header
+HOSTNAME_COMMAND system** path to hostname command
+INCLUDE system path to include files
+INFO_DIRECTORY optional directory for Info documentation
+INPUT_DIRECTORY_MODE optional mode for input directory
+IPV6_INCLUDE system additional includes for IPv6
+IPV6_LIBS system additional libraries for IPv6
+LDAP_LIB_TYPE optional type of LDAP library
+LFLAGS system** link editor flags
+LIBIDENTCFLAGS system C flags when compiling libident
+LIBIDENTNAME system name for libident library
+LIBRESOLV system** library for DNS resolver
+LIBS system** additional libraries
+LIBS_EXIM system** additional libraries for Exim ony
+LIBS_EXIMON system** additional libraries for monitor
+LOCAL_SCAN_SOURCE optional location of local_scan() source
+LOG_DIRECTORY_MODE optional mode for log directory
+LOG_FILE_PATH optional path to log files
+LOG_MODE optional mode for log files
+LOOKUP_CDB lookup include cdb lookup
+LOOKUP_DBM lookup include dbm lookup
+LOOKUP_DNSDB lookup include dnsdb lookup
+LOOKUP_DSEARCH lookup include dsearch lookup
+LOOKUP_INCLUDE lookup include files for lookups
+LOOKUP_LDAP lookup include ldap lookup
+LOOKUP_LIBS lookup include libraries for lookups
+LOOKUP_LSEARCH lookup include all lsearch lookups
+LOOKUP_MYSQL lookup include mysql lookup
+LOOKUP_NIS lookup include nis lookup
+LOOKUP_NISPLUS lookup include nisplus lookup
+LOOKUP_ORACLE lookup include oracle lookup
+LOOKUP_PGSQL lookup include pgsql lookup
+LOOKUP_TESTDB lookup*
+LOOKUP_WHOSON lookup include whoson lookup
+MAKE_SHELL optional* shell to use for make
+MAX_FILTER_SIZE optional* max file size for filter files
+MAX_INCLUDE_SIZE optional* max file size for :include: files
+MAX_LOCALHOST_NUMBER=256 optional* for when localhost_number is set
+MAX_NAMED_LIST optional* max named lists of a given type
+MAX_INTERFACES system maximum network interfaces
+MSGLOG_DIRECTORY_MODE optional* mode for message log directory
+MV_COMMAND system path to mv command
+NO_SYMLINK optional install doesn't make 'exim" symlink
+PCRE_CFLAGS system compile flags for PCRE library
+PERL_CC system* compiler for Perl interface code
+PERL_CCOPTS system* flags for same
+PERL_COMMAND system path to Perl
+PERL_LIBS system* library for compiling Perl interface
+PID_FILE_PATH optional path to daemon's pid file
+RADIUS_CONFIG_FILE optional path to Radius config file
+RADIUS_LIB_TYPE optional type of RADIUS library
+RANLIB system** path to ranlib command
+RM_COMMAND system path to rm command
+ROUTER_ACCEPT driver include accept router
+ROUTER_DNSLOOKUP driver include dnslookup router
+ROUTER_MANUALROUTE driver include manualroute router
+ROUTER_IPLITERAL driver include ipliteral router
+ROUTER_IPLOOKUP driver include iplookup router
+ROUTER_REDIRECT driver include redirect router
+ROUTER_QUERYPROGRAM driver include queryprogram router
+SPOOL_DIRECTORY recommended path to spool directory
+SPOOL_DIRECTORY_MODE optional mode of spool directory
+SPOOL_MODE optional mode of spool files
+STRING_SPRINTF_BUFFER_SIZE optional* buffer for string_sprintf()
+STRIP_COMMAND optional* can be used to strp binaries
+SUPPORT_A6 optional* support A6 DNS records
+SUPPORT_CRYPTEQ optional support crypteq (if no auths)
+SUPPORT_MAILDIR optional support for maildir delivery
+SUPPORT_MAILSTORE optional support for mailstore delivery
+SUPPORT_MBX optional support for MBX delivery
+SUPPORT_MOVE_FROZEN_MESSAGES optional* support for frozen message moving
+SUPPORT_PAM optional support for PAM authentication
+SUPPORT_TLS optional support for TLS encryption over SMTP
+SUPPORT_TRANSLATE_IP_ADDRESS optional* support for address translation
+SYSLOG_LOG_PID optional add pid to syslog lines
+SYSLOG_LONG_LINES optional do not split long syslog lines
+SYSTEM_ALIASES_FILE optional defaults to /etc/aliases
+TIMEZONE_DEFAULT optional default for timezone option
+TLS_INCLUDE optional path to include files for TLS
+TLS_LIBS optional additional libraries for TLS
+TMPDIR system value for TMPDIR environment variable
+TRANSPORT_APPENDFILE driver include appendfile transport
+TRANSPORT_AUTOREPLY driver include autoreply transport
+TRANSPORT_LMTP driver include lmtp transport
+TRANSPORT_PIPE driver include pipe transport
+TRANSPORT_SMTP driver include smtp transport
+USE_DB system** use native DB interface
+USE_GNUTLS optional use GnuTLS instead of OpenSSL
+USE_READLINE optional try to load libreadline for -be
+USE_TCP_WRAPPERS system link with tcpwrappers
+USE_TDB optional use the tdb DB interface
+X11 system** X11 base directory
+X11_LD_LIB system** X11 link library
+XINCLUDE system** X11 include directory
+XLFLAGS system** X11 link time flags
+ZCAT_COMMAND system path to zcat command
+
+
+4. BUILD TIME OPTIONS FOR EXIMON
+--------------------------------
+
+The table below contains a complete list of options that can be set in
+Local/eximon.conf when building the Exim monitor. Where the default is shown as
+** it means that the text string is too long to fit in the table and is instead
+given below. A blank default means that there is no default value.
+
+ACTION_OUTPUT=no show output for every action
+ACTION_QUEUE_UPDATE=yes update queue display after actions
+BODY_MAX=20000 maximum body display
+DOMAIN= domain to strip from window title
+LOG_BUFFER=20K buffer for log tail
+LOG_DEPTH=300 depth of log subwindow
+LOG_FONT=** font for log display
+LOG_STRIPCHARTS=** patterns for stripcharts
+LOG_WIDTH=950 width of log subwindow
+MENU_EVENT='Shift<Btn1Down>' keypress for menu
+MIN_HEIGHT=162 minimum window height
+MIN_WIDTH=103 minimum window width
+QUALIFY_DOMAIN= local domain to strip from addresses
+QUEUE_DEPTH=200 depth of queue subwindow
+QUEUE_FONT=$LOG_FONT font for queue display
+QUEUE_INTERVAL=300 queue refresh interval
+QUEUE_MAX_ADDRESSES=10 max addresses to show in queue
+QUEUE_STRIPCHART_NAME=queue name for queue stripchart
+QUEUE_WIDTH=950 width of queue subwindow
+SIZE_STRIPCHART= request partition size stripchart
+SIZE_STRIPCHART_NAME=space name for size stripchart
+START_SMALL=no if yes, start with small window
+STRIPCHART_INTERVAL=60 stripchart refresh interval
+TEXT_DEPTH=200 depth of text windows
+WINDOW_TITLE="${hostname} eximon" window title
+
+The default for LOG_FONT is
+
+ LOG_FONT=-misc-fixed-medium-r-normal-*-14-140-*-*-*-*-iso8859-1
+
+and the default for LOG_STRIPCHARTS is
+
+ LOG_STRIPCHARTS='/ <= /in/
+ / => /out/
+ / => .+ R=local/local/
+ / => .+ T=[^ ]*smtp/smtp/'
+
+That is, there are four stripcharts, named in, out, local, and smtp. The first
+counts message arrivals, the second counts all deliveries, the third counts
+deliveries where the router's name starts with "local", and the fourth counts
+deliveries where the transport name contains "smtp".
+
+**** End of OptionLists ****
diff --git a/doc/doc-txt/README b/doc/doc-txt/README
new file mode 100644
index 000000000..996f89274
--- /dev/null
+++ b/doc/doc-txt/README
@@ -0,0 +1,84 @@
+$Cambridge: exim/doc/doc-txt/README,v 1.1 2004/10/07 15:04:35 ph10 Exp $
+
+Exim Documentation
+------------------
+
+This directory should contain the following files:
+
+ ChangeLog most recent log of all changes to Exim
+ NewStuff features that haven't made it to the manual yet,
+ and/or a list of newly-added functionality
+ OptionLists.txt lists of all Exim's options
+ README this document
+ README.SIEVE notes on the Sieve support
+ Exim3.upgrade information about upgrading from release 2.12 to 3.00
+ Exim4.upgrade information about upgrading from release 3.33 to 4.00
+ dbm.discuss.txt discussion of DBM libraries
+ filter.txt specification of filter file contents
+ pcre.txt specification of PCRE regular expression library
+ pcretest.txt specification of the PCRE test program
+ spec.txt main specification of Exim
+
+The .txt files are straight ASCII text; spec.txt and filter.txt have change
+bars on the right for changes from the previous editions.
+
+
+PostScript
+----------
+
+The Exim specifications are also available in PostScript. This is not included
+in the main distribution because not everyone wants it and it doesn't diff
+well, causing patches to be very much larger than necessary.
+
+Wherever you got this distribution from should also have carried another file
+called exim-postscript-<version>.tar.gz which contains the PostScript
+documentation. When de-tarred it creates a directory called
+exim-postscript-<version> into which it places the files doc/filter.ps and
+doc/spec.ps.
+
+
+HTML
+----
+
+A special conversion from the original sources via Texinfo into HTML is done to
+create the online documentation at http://www.exim.org. This set of files is
+also available for installation on other servers. Wherever you got this
+distribution from should also have carried another file called
+exim-html-<version>.tar.gz which contains the HTML documentation. When
+de-tarred it creates a directory called exim-html-<version> into which it
+places a directory called doc/html containing the set of HTML files. The kick
+off points are:
+
+ html/spec.html - specification (framed)
+ html/filter_toc.html - filter docs
+
+
+PDF
+---
+
+The Exim specifications are available in Portable Document Format. Wherever you
+got this distribution from should also have carried another file called
+exim-pdf-<version>.tar.gz which contains the PDF documentation. When de-tarred
+it creates a directory called exim-pdf-<version> into which it places the files
+doc/filter.pdf and doc/spec.pdf.
+
+
+TeXinfo
+-------
+
+A version of the documentation that has been converted to TeXinfo format is
+available in the distribution file exim-texinfo-<version>.gz. When de-tarred it
+creates a directory called exim-texinfo-<version> into which it places the
+files doc/filter.texinfo and doc/spec.texinfo.
+
+The conversion process is automatic (a Perl script) so the result isn't as nice
+as hand-maintained TeXinfo files would be, and some information is lost;
+for example, TeXinfo does not support the use of change bars.
+
+There is cgi-bin perl script called info2www which converts info files to
+html on the fly so that the same info files can be read using the "info"
+program, or from emacs, or from your favourite browser. This is available from
+
+http://www.ericsson.nl/info2www/info2www.html
+
+-- End --
diff --git a/doc/doc-txt/README.SIEVE b/doc/doc-txt/README.SIEVE
new file mode 100644
index 000000000..4d04851e1
--- /dev/null
+++ b/doc/doc-txt/README.SIEVE
@@ -0,0 +1,433 @@
+$Cambridge: exim/doc/doc-txt/README.SIEVE,v 1.1 2004/10/07 15:04:35 ph10 Exp $
+
+ Notes on the Sieve implementation for Exim
+
+Exim Filter Versus Sieve Filter
+
+Exim supports two incompatible filters: The traditional Exim filter and
+the Sieve filter. Since Sieve is a extensible language, it is important
+to understand "Sieve" in this context as "the specific implementation
+of Sieve for Exim".
+
+The Exim filter contains more features, such as variable expansion, and
+better integration with the host environment, like external processes
+and pipes.
+
+Sieve is a standard for interoperable filters, defined in RFC 3028,
+with multiple implementations around. If interoperability is important,
+then there is no way around it.
+
+
+Exim Implementation
+
+The Exim Sieve implementation offers the core as defined by RFC 3028, the
+"envelope" (RFC 3028), the "fileinto" (RFC 3028), the "copy" (RFC 3894)
+and the "vacation" (draft-showalter-sieve-vacation-05.txt) extension,
+the "i;ascii-numeric" comparator, but not the "reject" extension.
+Exim does not support MDMs, so adding it just to the sieve filter makes
+little sense.
+
+The Sieve filter is integrated in Exim and works very similar to the
+Exim filter: Sieve scripts are recognized by the first line containing
+"# sieve filter". When using "keep" or "fileinto" to save a mail into a
+folder, the resulting string is available as the variable $address_file
+in the transport that stores it. A suitable transport could be:
+
+localuser:
+ driver = appendfile
+ file = ${if eq{$address_file}{inbox} \
+ {/var/mail/$local_part} \
+ {${if eq{${substr_0_1:$address_file}}{/} \
+ {$address_file} \
+ {$home/$address_file} \
+ }} \
+ }
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+ mode = 0600
+
+Absolute files are stored where specified, relative files are stored
+relative to $home and "inbox" goes to the standard mailbox location.
+
+To enable "vacation", set sieve_vacation_directory for the router to
+the directory where vacation databases are held (don't put anything
+else in that directory) and point reply_transport to an autoreply
+transport.
+
+
+RFC Compliance
+
+Exim requires the first line to be "# sieve filter". Of course the RFC
+does not enforce that line. Don't expect examples to work without adding
+it, though.
+
+RFC 3028 requires using CRLF to terminate the end of a line.
+The rationale was that CRLF is universally used in network protocols
+to mark the end of the line. This implementation does not embed Sieve
+in a network protocol, but uses Sieve scripts as part of the Exim MTA.
+Since all parts of Exim use \n as newline character, this implementation
+does, too. You can change this by defining the macro RFC_EOL at compile
+time to enforce CRLF being used.
+
+Exim violates RFC 2822, section 3.6.8, by accepting 8-bit header names, so
+this implementation repeats this violation to stay consistent with Exim.
+This is in preparation to UTF-8 data.
+
+Sieve scripts can not contain NUL characters in strings, but mail
+headers could contain MIME encoded NUL characters, which could never
+be matched by Sieve scripts using exact comparisons. For that reason,
+this implementation extends the Sieve quoted string syntax with \0
+to describe a NUL character, violating \0 being the same as 0 in
+RFC 3028. Even without using \0, the following tests are all true in
+this implementation. Implementations that use C-style strings will only
+evaulate the first test as true.
+
+Subject: =?iso-8859-1?q?abc=00def
+
+header :contains "Subject" ["abc"]
+header :contains "Subject" ["def"]
+header :matches "Subject" ["abc?def"]
+
+Note that by considering Sieve to be a MUA, RFC 2047 can be interpreted
+in a way that NUL characters truncating strings is allowed for Sieve
+implementations, although not recommended. It is further allowed to use
+encoded NUL characters in headers, but that's not recommended either.
+The above example shows why. Good code should still be able to deal
+with it.
+
+RFC 3028 states that if an implementation fails to convert a character
+set to UTF-8, two strings can not be equal if one contains octects greater
+than 127. Assuming that all unknown character sets are one-byte character
+sets with the lower 128 octects being US-ASCII is not sound, so this
+implementation violates RFC 3028 and treats such MIME words literally.
+That way at least something could be matched.
+
+The folder specified by "fileinto" must not contain the character
+sequence ".." to avoid security problems. RFC 3028 does not specifiy the
+syntax of folders apart from keep being equivalent to fileinto "INBOX".
+This implementation uses "inbox" instead.
+
+Sieve script errors currently cause that messages are silently filed into
+"inbox". RFC 3028 requires that the user is notified of that condition.
+This may be implemented in future by adding a header line to mails that
+are filed into "inbox" due to an error in the filter.
+
+
+Strings Containing Header Names
+
+RFC 3028 does not specify what happens if a string denoting a header
+field does not contain a valid header name, e.g. it contains a colon.
+This implementation generates an error instead of ignoring the header
+field in order to ease script debugging, which fits in the common
+picture of Sieve.
+
+
+Header Test With Invalid MIME Encoding In Header
+
+Some MUAs process invalid base64 encoded data, generating junk.
+Others ignore junk after seeing an equal sign in base64 encoded data.
+RFC 2047 does not specify how to react in this case, other than stating
+that a client must not forbid to process a message for that reason.
+RFC 2045 specifies that invalid data should be ignored (appearantly
+looking at end of line characters). It also specifies that invalid data
+may lead to rejecting messages containing them (and there it appears to
+talk about true encoding violations), which is a clear contradiction to
+ignoring them.
+
+RFC 3028 does not specify how to process incorrect MIME words.
+This implementation treats them literally, as it does if the word is
+correct, but its character set can not be converted to UTF-8.
+
+
+Address Test For Multiple Addresses Per Header
+
+A header may contain multiple addresses. RFC 3028 does not explicitly
+specify how to deal with them, but since the "address" test checks if
+anything matches anything else, matching one address suffices to
+satify the condition. That makes it impossible to test if a header
+contains a certain set of addresses and no more, but it is more logical
+than letting the test fail if the header contains an additional address
+besides the one the test checks for.
+
+
+Semantics Of Keep
+
+The keep command is equivalent to fileinto "inbox": It saves the
+message and resets the implicit keep flag. It does not set the
+implicit keep flag; there is no command to set it once it has
+been reset.
+
+
+Semantics of Fileinto
+
+RFC 3028 does not specify if "fileinto" tries to create a mail folder,
+in case it does not exist. This implementation allows to configure
+that aspect using the appendfile transport options "create_directory",
+"create_file" and "file_must_exist". See the appendfile transport in
+the Exim specification for details.
+
+
+Semantics of Redirect
+
+Sieve scripts are supposed to be interoperable between servers, so this
+implementation does not allow redirecting mail to unqualified addresses,
+because the domain would depend on the used system and on systems with
+virtual mail domains it is probably not what the user expects it to be.
+
+
+String Arguments
+
+There has been confusion if the string arguments to "require" are to be
+matched case-sensitive or not. This implementation matches them with
+the match type ":is" (default, see section 2.7.1) and the comparator
+"i;ascii-casemap" (default, see section 2.7.3). The RFC defines the
+command defaults clearly, so any different implementations violate RFC
+3028. The same is valid for comparator names, also specified as strings.
+
+
+Number Units
+
+There is a mistake in RFC 3028: The suffix G denotes gibi-, not tebibyte.
+The mistake os obvious, because RFC 3028 specifies G to denote 2^30
+(which is gibi, not tebi), and that's what this implementation uses as
+scaling factor for the suffix G.
+
+
+Sieve Syntax and Semantics
+
+RFC 3028 confuses syntax and semantics sometimes. It uses a generic
+grammar as syntax for actions and tests and performs many checks during
+semantic analysis. Syntax is specified as grammar rule, semantics
+with natural language, despire the latter often talking about syntax.
+The intention was to provide a framework for the syntax that describes
+current commands as well as future extensions, and describing commands
+by semantics. Since the semantic analysis is not specified by formal
+rules, it is easy to get that phase wrong, as demonstrated by the mistake
+in RFC 3028 to forbid "elsif" being followed by "elsif" (which is allowed
+in Sieve, it's just not specified correctly).
+
+RFC 3028 does not define if semantic checks are strict (always treat
+unknown extensions as errors) or lazy (treat unknown extensions as error,
+if they are executed), and since it employs a very generic grammar,
+it is not unreasonable for an implementation using a parser for the
+generic grammar to indeed process scripts that contain unknown commands
+in dead code. It is just required to treat disabled but known extensions
+the same as unknown extensions.
+
+The following suggestion for section 8.2 gives two grammars, one for
+the framework, and one for specific commands, thus removing most of the
+semantic analysis. Since the parser can not parse unsupported extensions,
+the result is strict error checking. As required in section 2.10.5, known
+but not enabled extensions must behave the same as unknown extensions,
+so those also result strictly in errors (though at the thin semantic
+layer), even if they can be parsed fine.
+
+8.2. Grammar
+
+The atoms of the grammar are lexical tokens. White space or comments may
+appear anywhere between lexical tokens, they are not part of the grammar.
+The grammar is specified in ABNF with two extensions to describe tagged
+arguments that can be reordered and grammar extensions: { } denotes a
+sequence of symbols that may appear in any order. Example:
+
+ start = { a b c }
+
+is equivalent to:
+
+ start = ( a b c ) / ( a c b ) / ( b a c ) / ( b c a ) / ( c a b ) / ( c b a )
+
+The symbol =) is used to append to a rule:
+
+ start = a
+ start =) b
+
+is equivalent to
+
+ start = a b
+
+All Sieve commands, including extensions, MUST be words of the following
+generic grammar with the start symbol "start". They SHOULD be specified
+using a specific grammar, though.
+
+ argument = string-list / number / tag
+ arguments = *argument [test / test-list]
+ block = "{" commands "}"
+ commands = *command
+ string = quoted-string / multi-line
+ string-list = "[" string *("," string) "]" / string
+ test = identifier arguments
+ test-list = "(" test *("," test) ")"
+ command = identifier arguments ( ";" / block )
+ start = command
+
+The basic Sieve commands are specified using the following grammar, which
+language is a subset of the generic grammar above. The start symbol is
+"start".
+
+ address-part = ":localpart" / ":domain" / ":all"
+ comparator = ":comparator" string
+ match-type = ":is" / ":contains" / ":matches"
+ string = quoted-string / multi-line
+ string-list = "[" string *("," string) "]" / string
+ address-test = "address" { [address-part] [comparator] [match-type] }
+ string-list string-list
+ test-list = "(" test *("," test) ")"
+ allof-test = "allof" test-list
+ anyof-test = "anyof" test-list
+ exists-test = "exists" string-list
+ false-test = "false"
+ true=test = "true"
+ header-test = "header" { [comparator] [match-type] }
+ string-list string-list
+ not-test = "not" test
+ relop = ":over" / ":under"
+ size-test = "size" relop number
+ block = "{" commands "}"
+ if-command = "if" test block *( "elsif" test block ) [ "else" block ]
+ stop-command = "stop" { stop-options } ";"
+ stop-options =
+ keep-command = "keep" { keep-options } ";"
+ keep-options =
+ discard-command = "discard" { discard-options } ";"
+ discard-options =
+ redirect-command = "redirect" { redirect-options } string ";"
+ redirect-options =
+ require-command = "require" { require-options } string-list ";"
+ require-options =
+ test = address-test / allof-test / anyof-test / exists-test
+ / false-test / true-test / header-test / not-test
+ / size-test
+ command = if-command / stop-command / keep-command
+ / discard-command / redirect-command
+ commands = *command
+ start = *require-command commands
+
+The extensions "envelope" and "fileinto" are specified using the following
+grammar extension.
+
+ envelope-test = "envelope" { [comparator] [address-part] [match-type] }
+ string-list string-list
+ test =/ envelope-test
+
+ fileinto-command = "fileinto" { fileinto-options } string ";"
+ fileinto-options =
+ command =/ fileinto-command
+
+The extension "copy" is specified as:
+
+ fileinto-options =) ":copy"
+ redirect-options =) ":copy"
+
+
+The i;ascii-numeric Comparator
+
+RFC 2244 describes this comparator and specifies that non-numeric strings
+are considered equal with an ordinal value higher than any numeric string.
+Although not stated explicitly, this includes the empty string. A range
+of at least 2^31 is required. This implementation does not limit the
+range, because it does not convert numbers to binary representation
+before comparing them.
+
+
+The vacation extension
+
+The extension "vacation" is specified using the following grammar
+extension.
+
+ vacation-command = "vacation" { vacation-options } <reason: string>
+ vacation-options = [":days" number]
+ [":addresses" string-list]
+ [":subject" string]
+ [":mime"]
+ command =/ vacation-command
+
+
+Semantics Of ":mime"
+
+RFC 3028 does not specify how strings using MIME parts are used to compose
+messages. The vacation draft refers to RFC 3028 and does not specify it
+either. As a result, different implementations generate different mails.
+The Exim Sieve implementation splits the reason into header and body.
+It adds the header to the mail header and uses the body as mail body.
+Be aware, that other imlementations compose a multipart structure with
+the reason as only part. Both conform to the specification (or lack
+thereof).
+
+
+Semantics Of Not Using ":mime"
+
+Sieve scripts are written in UTF-8, so is the reason string in this
+case. This implementation adds MIME headers to indicate that. This
+is not required by the vacation draft, which does not specify how
+the UTF-8 reason is processed to compose the resulting message.
+
+
+Envelope Sender
+
+The vacation draft does not specify the envelope sender. This
+implementation uses the empty envelope sender to prevent mail loops.
+
+
+Default Subject
+
+The draft specifies that the default message subject is "Re: "
+plus the old subject, stripped by any leading "Re: " strings.
+This string is to be taken literally, unlike some software which
+matches a regular expression like "[rR][eE]: *". Using this
+subject is dangerous, because many mailing lists verify addresses
+by sending a secret key in the subject of a message, asking to
+reply to the message for confirmation. Using the default vacation
+subject confirms any subscription request of this kind, allowing
+to subscribe a third party to any mailing list, either to annoy
+the user or to declare spam as legitimate mail by proving to
+use opt-in. The draft specifies to use "Re: " in front of the
+subject, but this implementation uses "Auto: ", as suggested in
+the current draft concerning automatic mail responses.
+
+
+Rate Limiting Responses
+
+The draft says:
+
+ Vacation responses are not just per address, but are per address
+ per vacation command.
+
+This is badly worded, because commands are not enumerated. It meant
+to say:
+
+ Vacation responses are not just per address, but are per address
+ per reason string and per specified subject and ":mime" option.
+
+Existing implementations work that way and it makes more sense, too.
+Including the ":mime" option is mostly for correctness, as the reason
+strings with and without this option are rarely equal.
+
+This implementation hashes the reason, specified subject and ":mime"
+option and uses the hex string representation as filename within the
+"sieve_vacation_directory" to store the recipient addresses for this
+vacation parameter set.
+
+The draft specifies that sites may define a minimum ":days" value than 1.
+This implementation uses 1. The maximum value MUST greater than 7,
+and SHOULD be greater than 30. This implementation uses a maximum of 31.
+
+Vacation recipient address databases older than 31 days are automatically
+removed. Users do not have to remove them manually when modifying their
+scripts. Don't put anything but vacation databases in that directory
+or you risk that it will be removed, too!
+
+
+Global Reply Address Blacklist
+
+The draft requires that each implementation offers a global black list
+of addresses that will never be replied to. Exim offers this as option
+"never_mail" in the autoreply transport.
+
+
+Interaction With Other Sieve Elements
+
+The draft describes the interaction with vacation, discard, keep,
+fileinto and redirect. It MUST describe compatibility with other
+actions, but doesn't. In this implementation, vacation is compatible
+with any other action.
diff --git a/doc/doc-txt/dbm.discuss.txt b/doc/doc-txt/dbm.discuss.txt
new file mode 100644
index 000000000..7517c4b88
--- /dev/null
+++ b/doc/doc-txt/dbm.discuss.txt
@@ -0,0 +1,322 @@
+$Cambridge: exim/doc/doc-txt/dbm.discuss.txt,v 1.1 2004/10/07 15:04:35 ph10 Exp $
+
+DBM Libraries for use with Exim
+-------------------------------
+
+Background
+----------
+
+Exim uses direct-access (so-called "dbm") files for a number of different
+purposes. These are files arranged so that the data they contain is indexed and
+can quickly be looked up by quoting an appropriate key. They are used as
+follows:
+
+1. Exim keeps its "hints" databases in dbm files.
+
+2. The configuration can specify that certain things (e.g. aliases) be looked
+ up in dbm files.
+
+3. The configuration can contain expansion strings that involve lookups in dbm
+ files.
+
+4. The filter commands "mail" and "vacation" have a facility for replying only
+ once to each incoming address. The record of which addresses have already
+ received replies may be kept in a dbm file, depending on the configuration
+ option once_file_size.
+
+The runtime configuration can be set up without specifying 2 or 3, but Exim
+always requires the availability of a dbm library, for 1 (and 4 if configured
+that way).
+
+
+DBM Libraries
+-------------
+
+The original library that provided the dbm facility in Unix was called "dbm".
+This seems to have been superseded quite some time ago by a new version called
+"ndbm" which permits several dbm files to be open at once. Several operating
+systems, including those from Sun, contain ndbm as standard.
+
+A number of alternative libraries also exist, the most common of which seems to
+be Berkeley DB (just called DB hereinafter). Release 1.85 was around for
+some time, and various releases 2.x began to appear towards the end of 1997. In
+November 1999, version 3.0 was released, and the ending of support for 2.7.7,
+the last 2.x release, was announced for November 2000. (Support for 1.85 has
+already ceased.) There were further 3.x releases, but by the end of 2001, the
+current release was 4.0.14.
+
+There are major differences in implementation and interface between the DB 1.x
+and 2.x/3.x/4.x releases, and they are best considered as two independent dbm
+libraries. Changes to the API were made for 3.0 and again for 3.1.
+
+Another DBM library is the GNU library, gdbm, though this does not seem to be
+very widespread.
+
+Yet another dbm library is tdb (Trivial Data Base) which has come out of the
+Samba project. The first releases seem to have been in mid-2000.
+
+Some older Linux releases contain gdbm as standard, while others contain no dbm
+library. More recent releases contain DB 1.85 or 2.x or later, and presumably
+will track the development of the DB library. Some BSD versions of Unix include
+DB 1.85 or later. All of the non-ndbm libraries except tdb contain
+compatibility interfaces so that programs written to call the ndbm functions
+should, in theory, work with them, but there are some potential pitfalls which
+have caught out Exim users in the past.
+
+Exim has been tested with ndbm, gdbm, DB 1.85, DB 2.x, DB 3.1, DB 4.0.14, and
+tdb 1.0.2, in various different modes in some cases, and is believed to work
+with all of them if it and they are properly configured.
+
+I have considered the possibility of calling different dbm libraries for
+different functions from a single Exim binary. However, because all bar one of
+the libraries provide ndbm compatibility interfaces (and therefore the same
+function names) it would require a lot of complicated, error-prone trickery to
+achieve this. Exim therefore uses a single library for all its dbm activities.
+
+However, Exim does also support cdb (Constant Data Base), an efficient file
+arrangement for indexed data that does not change incrementally (for example,
+alias files). This is independent of any dbm library and can be used alongside
+any of them.
+
+
+Locking
+-------
+
+The configuration option EXIMDB_LOCK_TIMEOUT controls how long Exim waits to
+get a lock on a hints database. From version 1.80 onwards, Exim does not
+attempt to take out a lock on an actual database file (this caused problems in
+the past). Instead, it takes out an fcntl() lock on a separate file whose name
+ends in ".lockfile". This ensures that Exim has exclusive access to the
+database before even attempting to open it. Exim creates the lock file the
+first time it needs it. It should never be removed.
+
+
+Main Pitfall
+------------
+
+The OS-specific configuration files that are used to build Exim specify the use
+of Berkeley DB on those systems where it is known to be standard. In the
+absence of any special configuration options, Exim uses the ndbm set of
+functions to control its dbm databases. This should work with any of the dbm
+libraries because those that are not ndbm have compatibility interfaces.
+However, there is one awful pitfall:
+
+Exim #includes a header file called ndbm.h which defines the functions and the
+interface data block; gdbm and DB 1.x provide their own versions of this header
+file, later DB versions do not. If it should happen that the wrong version of
+nbdm.h is seen by Exim, it may compile without error, but fail to operate
+correctly at runtime.
+
+This situation can easily arise when more than one dbm library is installed on
+a single host. For example, if you decide to use DB 1.x on a system where gdbm
+is the standard library, unless you are careful in setting up the include
+directories for Exim, it may see gdbm's ndbm.h file instead of DB's. The
+situation is even worse with later versions of DB, which do not provide an
+ndbm.h file at all.
+
+One way out of this for gdbm and any of the versions of DB is to configure Exim
+to call the DBM library in its native mode instead of via the ndbm
+compatibility interface, thus avoiding the use of ndbm.h. This is done by
+setting the USE_DB configuration option if you are using Berkeley DB, or
+USE_GDBM if you are using gdbm. This is the recommended approach.
+
+
+NDBM
+----
+
+The ndbm library holds its data in two files, with extensions .dir and .pag.
+This makes atomic updating of, for example, alias files, difficult, because
+simple renaming cannot be used without some risk. However, if your system has
+ndbm installed, Exim should compile and run without any problems.
+
+
+GDBM
+----
+
+The gdbm library, when called via the ndbm compatibility interface, makes two
+hard links to a single file, with extensions .dir and .pag. As mentioned above,
+gdbm provides its own version of the ndbm.h header, and you must ensure that
+this is seen by Exim rather than any other version. This is not likely to be a
+problem if gdbm is the only dbm library on your system.
+
+If gdbm is called via the native interface (by setting USE_GDBM in your
+Local/Makefile), it uses a single file, with no extension on the name, and the
+ndbm.h header is not required.
+
+The gdbm library does its own locking of the single file that it uses. From
+version 1.80 onwards, Exim locks on an entirely separate file before accessing
+a hints database, so gdbm's locking should always succeed.
+
+
+Berkeley DB 1.8x
+----------------
+
+1.85 was the most widespread DB 1.x release; there is also a 1.86 bug-fix
+release, but the belief is that the bugs it fixes will not affect Exim.
+However, maintenance for 1.x releases has been phased out.
+
+This dbm library can be called by Exim in one of two ways: via the ndbm
+compatibility interface, or via its own native interface. There are two
+advantages to doing the latter: (1) you don't run the risk of Exim's seeing the
+"wrong" version of the ndbm.h header, as described above, and (2) the
+performace is better. It is therefore recommended that you set USE_DB=yes in an
+appropriate Local/Makefile-xxx file. (If you are compiling for just one OS, it
+can go in Local/Makefile itself.)
+
+When called via the compatibility interface, DB 1.x creates a single file with
+a .db extension. When called via its native interface, no extension is added to
+the file name handed to it.
+
+DB 1.x does not do any locking of its own.
+
+
+Berkeley DB 2.x
+---------------
+
+DB 2.x was released in 1997. It is a major re-implementation and its native
+interface is incompatible with DB 1.x, though a compatibility interface was
+introduced in DB 2.1.0, and there is also an ndbm.h compatibility interface.
+
+Like 1.x, it can be called from Exim via the ndbm compatibility interface or
+via its native interface, and once again setting USE_DB in order to get the
+native interface is recommended. If USE_DB is *not* set, then you will have to
+provide a suitable version of ndbm.h, because one does not come with the DB 2.x
+distribution. A suitable version is:
+
+ /*************************************************
+ * ndbm.h header for DB 2.x *
+ *************************************************/
+
+ /* This header should replace any other version of ndbm.h when Berkeley DB
+ version 2.x is in use via the ndbm compatibility interface. Otherwise, any
+ extant version of ndbm.h may cause programs to misbehave. There doesn't seem
+ to be a version of ndbm.h supplied with DB 2.x, so I made this for myself.
+
+ Philip Hazel 12/Jun/97
+ */
+
+ #define DB_DBM_HSEARCH
+ #include <db.h>
+
+ /* End */
+
+When called via the compatibility interface, DB 2.x creates a single file with
+a .db extension. When called via its native interface, no extension is added to
+the file name handed to it.
+
+DB 2.x does not do any automatic locking of its own; it does have a set of
+functions for various forms of locking, but Exim does not use them.
+
+
+Berkeley DB 3.x
+---------------
+
+DB 3.0 was released in November 1999 and 3.1 in June 2000. The 3.x series is a
+development of the 2.x series and the above comments apply. Exim can
+automatically distinguish between the different versions, so it copes with the
+changes to the API without needing any special configuration.
+
+When Exim creates a DBM file using DB 3.x (e.g. when creating one of its hints
+databases), it specified the "hash" format. However, when it opens a DB 3 file
+for reading only, it specifies "unknown". This means that it can read DB 3
+files in other formats that are created by other programs.
+
+
+Berkeley DB 4.x
+---------------
+
+The 4.x series is a developement of the 2.x and 3.x series, and the above
+comments apply.
+
+
+tdb
+---
+
+tdb 1.0.2 was released in September 2000. Its origin is the database functions
+that are used by the Samba project.
+
+
+
+Testing Exim's dbm handling
+---------------------------
+
+Because there have been problems with dbm file locking in the past, I built
+some testing code for Exim's dbm functions. This is very much a lash-up, but it
+is documented here so that anybody who wants to check that their configuration
+is locking properly can do so. Now that Exim does the locking on an entirely
+separate file, locking problems are much less likely, but this code still
+exists, just in case. Proceed as follows:
+
+. Build Exim in the normal way. This ensures that all the makesfiles etc. get
+ set up.
+
+. From within the build directory, obey "make test_dbfn". This makes a binary
+ file called test_dbfn. If you are experimenting with different configurations
+ you *must* do "make makefile" after changing anything, before obeying "make
+ test_dbfn" again, because the make target for test_dbfn isn't integrated
+ with the making of the makefile.
+
+. Identify a scratch directory where you have write access. Create a sub-
+ directory called "db" in the scratch directory.
+
+. Type the command "test_dbfn <scratch-directory>". This will output some
+ general information such as
+
+ Exim's db functions tester: interface type is db (v2)
+ DBM library: Berkeley DB: Sleepycat Software: DB 2.1.0: (6/13/97)
+ USE_DB is defined
+
+ It then says
+
+ Test the functions
+ >
+
+. At this point you can type commands to open a dbm file and read and write
+ data in it. First type the command "open <name>", e.g. "open junk". The
+ response should look like this
+
+ opened DB file <scratch-directory>/db/junk: flags=102
+ Locked
+ opened 0
+ >
+
+ The tester will have created a dbm file within the db directory of the
+ scratch directory. It will also have created a file with the extension
+ ".lockfile" in the same directory. Unlike Exim itself, it will not create
+ the db directory for itself if it does not exist.
+
+. To test the locking, don't type anything more for the moment. You now need to
+ set up another process running the same test_dbfn command, e.g. from a
+ different logon to the same host. This time, when you attempt to open the
+ file it should fail after a minute with a timeout error because it is
+ already in use.
+
+. If the second process doesn't produce any error message, but gets back to the
+ > prompt, then the locking is not working properly.
+
+. You can check that the second process gets the lock when the first process
+ releases it by exiting from the first process with ^D, q, or quit; or by
+ typing the command "close".
+
+. There are some other commands available that are not related to locking:
+
+ write <key> <data>
+ e.g.
+ write abcde the quick brown fox
+
+ writes a record to the database,
+
+ read <key>
+ delete <key>
+
+ read and delete a record, respectively, and
+
+ scan
+
+ scans the entire database. Note that the database is purely for testing the
+ dbm functions. It is *not* one of Exim's regular databases, and you should
+ not try running this testing program on any of Exim's real database
+ files.
+
+Philip Hazel
+Last update: June 2002
diff --git a/doc/doc-txt/pcrepattern.txt b/doc/doc-txt/pcrepattern.txt
new file mode 100644
index 000000000..1dc800af4
--- /dev/null
+++ b/doc/doc-txt/pcrepattern.txt
@@ -0,0 +1,1413 @@
+This file contains the PCRE man page that describes the regular expressions
+supported by PCRE version 5.0. Note that not all of the features are relevant
+in the context of Exim. In particular, the version of PCRE that is compiled
+with Exim does not include UTF-8 support, there is no mechanism for changing
+the options with which the PCRE functions are called, and features such as
+callout are not accessible.
+-----------------------------------------------------------------------------
+
+PCRE(3) PCRE(3)
+
+
+
+NAME
+ PCRE - Perl-compatible regular expressions
+
+PCRE REGULAR EXPRESSION DETAILS
+
+ The syntax and semantics of the regular expressions supported by PCRE
+ are described below. Regular expressions are also described in the Perl
+ documentation and in a number of books, some of which have copious
+ examples. Jeffrey Friedl's "Mastering Regular Expressions", published
+ by O'Reilly, covers regular expressions in great detail. This descrip-
+ tion of PCRE's regular expressions is intended as reference material.
+
+ The original operation of PCRE was on strings of one-byte characters.
+ However, there is now also support for UTF-8 character strings. To use
+ this, you must build PCRE to include UTF-8 support, and then call
+ pcre_compile() with the PCRE_UTF8 option. How this affects pattern
+ matching is mentioned in several places below. There is also a summary
+ of UTF-8 features in the section on UTF-8 support in the main pcre
+ page.
+
+ A regular expression is a pattern that is matched against a subject
+ string from left to right. Most characters stand for themselves in a
+ pattern, and match the corresponding characters in the subject. As a
+ trivial example, the pattern
+
+ The quick brown fox
+
+ matches a portion of a subject string that is identical to itself. The
+ power of regular expressions comes from the ability to include alterna-
+ tives and repetitions in the pattern. These are encoded in the pattern
+ by the use of metacharacters, which do not stand for themselves but
+ instead are interpreted in some special way.
+
+ There are two different sets of metacharacters: those that are recog-
+ nized anywhere in the pattern except within square brackets, and those
+ that are recognized in square brackets. Outside square brackets, the
+ metacharacters are as follows:
+
+ \ general escape character with several uses
+ ^ assert start of string (or line, in multiline mode)
+ $ assert end of string (or line, in multiline mode)
+ . match any character except newline (by default)
+ [ start character class definition
+ | start of alternative branch
+ ( start subpattern
+ ) end subpattern
+ ? extends the meaning of (
+ also 0 or 1 quantifier
+ also quantifier minimizer
+ * 0 or more quantifier
+ + 1 or more quantifier
+ also "possessive quantifier"
+ { start min/max quantifier
+
+ Part of a pattern that is in square brackets is called a "character
+ class". In a character class the only metacharacters are:
+
+ \ general escape character
+ ^ negate the class, but only if the first character
+ - indicates character range
+ [ POSIX character class (only if followed by POSIX
+ syntax)
+ ] terminates the character class
+
+ The following sections describe the use of each of the metacharacters.
+
+
+BACKSLASH
+
+ The backslash character has several uses. Firstly, if it is followed by
+ a non-alphanumeric character, it takes away any special meaning that
+ character may have. This use of backslash as an escape character
+ applies both inside and outside character classes.
+
+ For example, if you want to match a * character, you write \* in the
+ pattern. This escaping action applies whether or not the following
+ character would otherwise be interpreted as a metacharacter, so it is
+ always safe to precede a non-alphanumeric with backslash to specify
+ that it stands for itself. In particular, if you want to match a back-
+ slash, you write \\.
+
+ If a pattern is compiled with the PCRE_EXTENDED option, whitespace in
+ the pattern (other than in a character class) and characters between a
+ # outside a character class and the next newline character are ignored.
+ An escaping backslash can be used to include a whitespace or # charac-
+ ter as part of the pattern.
+
+ If you want to remove the special meaning from a sequence of charac-
+ ters, you can do so by putting them between \Q and \E. This is differ-
+ ent from Perl in that $ and @ are handled as literals in \Q...\E
+ sequences in PCRE, whereas in Perl, $ and @ cause variable interpola-
+ tion. Note the following examples:
+
+ Pattern PCRE matches Perl matches
+
+ \Qabc$xyz\E abc$xyz abc followed by the
+ contents of $xyz
+ \Qabc\$xyz\E abc\$xyz abc\$xyz
+ \Qabc\E\$\Qxyz\E abc$xyz abc$xyz
+
+ The \Q...\E sequence is recognized both inside and outside character
+ classes.
+
+ Non-printing characters
+
+ A second use of backslash provides a way of encoding non-printing char-
+ acters in patterns in a visible manner. There is no restriction on the
+ appearance of non-printing characters, apart from the binary zero that
+ terminates a pattern, but when a pattern is being prepared by text
+ editing, it is usually easier to use one of the following escape
+ sequences than the binary character it represents:
+
+ \a alarm, that is, the BEL character (hex 07)
+ \cx "control-x", where x is any character
+ \e escape (hex 1B)
+ \f formfeed (hex 0C)
+ \n newline (hex 0A)
+ \r carriage return (hex 0D)
+ \t tab (hex 09)
+ \ddd character with octal code ddd, or backreference
+ \xhh character with hex code hh
+ \x{hhh..} character with hex code hhh... (UTF-8 mode only)
+
+ The precise effect of \cx is as follows: if x is a lower case letter,
+ it is converted to upper case. Then bit 6 of the character (hex 40) is
+ inverted. Thus \cz becomes hex 1A, but \c{ becomes hex 3B, while \c;
+ becomes hex 7B.
+
+ After \x, from zero to two hexadecimal digits are read (letters can be
+ in upper or lower case). In UTF-8 mode, any number of hexadecimal dig-
+ its may appear between \x{ and }, but the value of the character code
+ must be less than 2**31 (that is, the maximum hexadecimal value is
+ 7FFFFFFF). If characters other than hexadecimal digits appear between
+ \x{ and }, or if there is no terminating }, this form of escape is not
+ recognized. Instead, the initial \x will be interpreted as a basic hex-
+ adecimal escape, with no following digits, giving a character whose
+ value is zero.
+
+ Characters whose value is less than 256 can be defined by either of the
+ two syntaxes for \x when PCRE is in UTF-8 mode. There is no difference
+ in the way they are handled. For example, \xdc is exactly the same as
+ \x{dc}.
+
+ After \0 up to two further octal digits are read. In both cases, if
+ there are fewer than two digits, just those that are present are used.
+ Thus the sequence \0\x\07 specifies two binary zeros followed by a BEL
+ character (code value 7). Make sure you supply two digits after the
+ initial zero if the pattern character that follows is itself an octal
+ digit.
+
+ The handling of a backslash followed by a digit other than 0 is compli-
+ cated. Outside a character class, PCRE reads it and any following dig-
+ its as a decimal number. If the number is less than 10, or if there
+ have been at least that many previous capturing left parentheses in the
+ expression, the entire sequence is taken as a back reference. A
+ description of how this works is given later, following the discussion
+ of parenthesized subpatterns.
+
+ Inside a character class, or if the decimal number is greater than 9
+ and there have not been that many capturing subpatterns, PCRE re-reads
+ up to three octal digits following the backslash, and generates a sin-
+ gle byte from the least significant 8 bits of the value. Any subsequent
+ digits stand for themselves. For example:
+
+ \040 is another way of writing a space
+ \40 is the same, provided there are fewer than 40
+ previous capturing subpatterns
+ \7 is always a back reference
+ \11 might be a back reference, or another way of
+ writing a tab
+ \011 is always a tab
+ \0113 is a tab followed by the character "3"
+ \113 might be a back reference, otherwise the
+ character with octal code 113
+ \377 might be a back reference, otherwise
+ the byte consisting entirely of 1 bits
+ \81 is either a back reference, or a binary zero
+ followed by the two characters "8" and "1"
+
+ Note that octal values of 100 or greater must not be introduced by a
+ leading zero, because no more than three octal digits are ever read.
+
+ All the sequences that define a single byte value or a single UTF-8
+ character (in UTF-8 mode) can be used both inside and outside character
+ classes. In addition, inside a character class, the sequence \b is
+ interpreted as the backspace character (hex 08), and the sequence \X is
+ interpreted as the character "X". Outside a character class, these
+ sequences have different meanings (see below).
+
+ Generic character types
+
+ The third use of backslash is for specifying generic character types.
+ The following are always recognized:
+
+ \d any decimal digit
+ \D any character that is not a decimal digit
+ \s any whitespace character
+ \S any character that is not a whitespace character
+ \w any "word" character
+ \W any "non-word" character
+
+ Each pair of escape sequences partitions the complete set of characters
+ into two disjoint sets. Any given character matches one, and only one,
+ of each pair.
+
+ These character type sequences can appear both inside and outside char-
+ acter classes. They each match one character of the appropriate type.
+ If the current matching point is at the end of the subject string, all
+ of them fail, since there is no character to match.
+
+ For compatibility with Perl, \s does not match the VT character (code
+ 11). This makes it different from the the POSIX "space" class. The \s
+ characters are HT (9), LF (10), FF (12), CR (13), and space (32).
+
+ A "word" character is an underscore or any character less than 256 that
+ is a letter or digit. The definition of letters and digits is con-
+ trolled by PCRE's low-valued character tables, and may vary if locale-
+ specific matching is taking place (see "Locale support" in the pcreapi
+ page). For example, in the "fr_FR" (French) locale, some character
+ codes greater than 128 are used for accented letters, and these are
+ matched by \w.
+
+ In UTF-8 mode, characters with values greater than 128 never match \d,
+ \s, or \w, and always match \D, \S, and \W. This is true even when Uni-
+ code character property support is available.
+
+ Unicode character properties
+
+ When PCRE is built with Unicode character property support, three addi-
+ tional escape sequences to match generic character types are available
+ when UTF-8 mode is selected. They are:
+
+ \p{xx} a character with the xx property
+ \P{xx} a character without the xx property
+ \X an extended Unicode sequence
+
+ The property names represented by xx above are limited to the Unicode
+ general category properties. Each character has exactly one such prop-
+ erty, specified by a two-letter abbreviation. For compatibility with
+ Perl, negation can be specified by including a circumflex between the
+ opening brace and the property name. For example, \p{^Lu} is the same
+ as \P{Lu}.
+
+ If only one letter is specified with \p or \P, it includes all the
+ properties that start with that letter. In this case, in the absence of
+ negation, the curly brackets in the escape sequence are optional; these
+ two examples have the same effect:
+
+ \p{L}
+ \pL
+
+ The following property codes are supported:
+
+ C Other
+ Cc Control
+ Cf Format
+ Cn Unassigned
+ Co Private use
+ Cs Surrogate
+
+ L Letter
+ Ll Lower case letter
+ Lm Modifier letter
+ Lo Other letter
+ Lt Title case letter
+ Lu Upper case letter
+
+ M Mark
+ Mc Spacing mark
+ Me Enclosing mark
+ Mn Non-spacing mark
+
+ N Number
+ Nd Decimal number
+ Nl Letter number
+ No Other number
+
+ P Punctuation
+ Pc Connector punctuation
+ Pd Dash punctuation
+ Pe Close punctuation
+ Pf Final punctuation
+ Pi Initial punctuation
+ Po Other punctuation
+ Ps Open punctuation
+
+ S Symbol
+ Sc Currency symbol
+ Sk Modifier symbol
+ Sm Mathematical symbol
+ So Other symbol
+
+ Z Separator
+ Zl Line separator
+ Zp Paragraph separator
+ Zs Space separator
+
+ Extended properties such as "Greek" or "InMusicalSymbols" are not sup-
+ ported by PCRE.
+
+ Specifying caseless matching does not affect these escape sequences.
+ For example, \p{Lu} always matches only upper case letters.
+
+ The \X escape matches any number of Unicode characters that form an
+ extended Unicode sequence. \X is equivalent to
+
+ (?>\PM\pM*)
+
+ That is, it matches a character without the "mark" property, followed
+ by zero or more characters with the "mark" property, and treats the
+ sequence as an atomic group (see below). Characters with the "mark"
+ property are typically accents that affect the preceding character.
+
+ Matching characters by Unicode property is not fast, because PCRE has
+ to search a structure that contains data for over fifteen thousand
+ characters. That is why the traditional escape sequences such as \d and
+ \w do not use Unicode properties in PCRE.
+
+ Simple assertions
+
+ The fourth use of backslash is for certain simple assertions. An asser-
+ tion specifies a condition that has to be met at a particular point in
+ a match, without consuming any characters from the subject string. The
+ use of subpatterns for more complicated assertions is described below.
+ The backslashed assertions are:
+
+ \b matches at a word boundary
+ \B matches when not at a word boundary
+ \A matches at start of subject
+ \Z matches at end of subject or before newline at end
+ \z matches at end of subject
+ \G matches at first matching position in subject
+
+ These assertions may not appear in character classes (but note that \b
+ has a different meaning, namely the backspace character, inside a char-
+ acter class).
+
+ A word boundary is a position in the subject string where the current
+ character and the previous character do not both match \w or \W (i.e.
+ one matches \w and the other matches \W), or the start or end of the
+ string if the first or last character matches \w, respectively.
+
+ The \A, \Z, and \z assertions differ from the traditional circumflex
+ and dollar (described in the next section) in that they only ever match
+ at the very start and end of the subject string, whatever options are
+ set. Thus, they are independent of multiline mode. These three asser-
+ tions are not affected by the PCRE_NOTBOL or PCRE_NOTEOL options, which
+ affect only the behaviour of the circumflex and dollar metacharacters.
+ However, if the startoffset argument of pcre_exec() is non-zero, indi-
+ cating that matching is to start at a point other than the beginning of
+ the subject, \A can never match. The difference between \Z and \z is
+ that \Z matches before a newline that is the last character of the
+ string as well as at the end of the string, whereas \z matches only at
+ the end.
+
+ The \G assertion is true only when the current matching position is at
+ the start point of the match, as specified by the startoffset argument
+ of pcre_exec(). It differs from \A when the value of startoffset is
+ non-zero. By calling pcre_exec() multiple times with appropriate argu-
+ ments, you can mimic Perl's /g option, and it is in this kind of imple-
+ mentation where \G can be useful.
+
+ Note, however, that PCRE's interpretation of \G, as the start of the
+ current match, is subtly different from Perl's, which defines it as the
+ end of the previous match. In Perl, these can be different when the
+ previously matched string was empty. Because PCRE does just one match
+ at a time, it cannot reproduce this behaviour.
+
+ If all the alternatives of a pattern begin with \G, the expression is
+ anchored to the starting match position, and the "anchored" flag is set
+ in the compiled regular expression.
+
+
+CIRCUMFLEX AND DOLLAR
+
+ Outside a character class, in the default matching mode, the circumflex
+ character is an assertion that is true only if the current matching
+ point is at the start of the subject string. If the startoffset argu-
+ ment of pcre_exec() is non-zero, circumflex can never match if the
+ PCRE_MULTILINE option is unset. Inside a character class, circumflex
+ has an entirely different meaning (see below).
+
+ Circumflex need not be the first character of the pattern if a number
+ of alternatives are involved, but it should be the first thing in each
+ alternative in which it appears if the pattern is ever to match that
+ branch. If all possible alternatives start with a circumflex, that is,
+ if the pattern is constrained to match only at the start of the sub-
+ ject, it is said to be an "anchored" pattern. (There are also other
+ constructs that can cause a pattern to be anchored.)
+
+ A dollar character is an assertion that is true only if the current
+ matching point is at the end of the subject string, or immediately
+ before a newline character that is the last character in the string (by
+ default). Dollar need not be the last character of the pattern if a
+ number of alternatives are involved, but it should be the last item in
+ any branch in which it appears. Dollar has no special meaning in a
+ character class.
+
+ The meaning of dollar can be changed so that it matches only at the
+ very end of the string, by setting the PCRE_DOLLAR_ENDONLY option at
+ compile time. This does not affect the \Z assertion.
+
+ The meanings of the circumflex and dollar characters are changed if the
+ PCRE_MULTILINE option is set. When this is the case, they match immedi-
+ ately after and immediately before an internal newline character,
+ respectively, in addition to matching at the start and end of the sub-
+ ject string. For example, the pattern /^abc$/ matches the subject
+ string "def\nabc" (where \n represents a newline character) in multi-
+ line mode, but not otherwise. Consequently, patterns that are anchored
+ in single line mode because all branches start with ^ are not anchored
+ in multiline mode, and a match for circumflex is possible when the
+ startoffset argument of pcre_exec() is non-zero. The PCRE_DOL-
+ LAR_ENDONLY option is ignored if PCRE_MULTILINE is set.
+
+ Note that the sequences \A, \Z, and \z can be used to match the start
+ and end of the subject in both modes, and if all branches of a pattern
+ start with \A it is always anchored, whether PCRE_MULTILINE is set or
+ not.
+
+
+FULL STOP (PERIOD, DOT)
+
+ Outside a character class, a dot in the pattern matches any one charac-
+ ter in the subject, including a non-printing character, but not (by
+ default) newline. In UTF-8 mode, a dot matches any UTF-8 character,
+ which might be more than one byte long, except (by default) newline. If
+ the PCRE_DOTALL option is set, dots match newlines as well. The han-
+ dling of dot is entirely independent of the handling of circumflex and
+ dollar, the only relationship being that they both involve newline
+ characters. Dot has no special meaning in a character class.
+
+
+MATCHING A SINGLE BYTE
+
+ Outside a character class, the escape sequence \C matches any one byte,
+ both in and out of UTF-8 mode. Unlike a dot, it can match a newline.
+ The feature is provided in Perl in order to match individual bytes in
+ UTF-8 mode. Because it breaks up UTF-8 characters into individual
+ bytes, what remains in the string may be a malformed UTF-8 string. For
+ this reason, the \C escape sequence is best avoided.
+
+ PCRE does not allow \C to appear in lookbehind assertions (described
+ below), because in UTF-8 mode this would make it impossible to calcu-
+ late the length of the lookbehind.
+
+
+SQUARE BRACKETS AND CHARACTER CLASSES
+
+ An opening square bracket introduces a character class, terminated by a
+ closing square bracket. A closing square bracket on its own is not spe-
+ cial. If a closing square bracket is required as a member of the class,
+ it should be the first data character in the class (after an initial
+ circumflex, if present) or escaped with a backslash.
+
+ A character class matches a single character in the subject. In UTF-8
+ mode, the character may occupy more than one byte. A matched character
+ must be in the set of characters defined by the class, unless the first
+ character in the class definition is a circumflex, in which case the
+ subject character must not be in the set defined by the class. If a
+ circumflex is actually required as a member of the class, ensure it is
+ not the first character, or escape it with a backslash.
+
+ For example, the character class [aeiou] matches any lower case vowel,
+ while [^aeiou] matches any character that is not a lower case vowel.
+ Note that a circumflex is just a convenient notation for specifying the
+ characters that are in the class by enumerating those that are not. A
+ class that starts with a circumflex is not an assertion: it still con-
+ sumes a character from the subject string, and therefore it fails if
+ the current pointer is at the end of the string.
+
+ In UTF-8 mode, characters with values greater than 255 can be included
+ in a class as a literal string of bytes, or by using the \x{ escaping
+ mechanism.
+
+ When caseless matching is set, any letters in a class represent both
+ their upper case and lower case versions, so for example, a caseless
+ [aeiou] matches "A" as well as "a", and a caseless [^aeiou] does not
+ match "A", whereas a caseful version would. When running in UTF-8 mode,
+ PCRE supports the concept of case for characters with values greater
+ than 128 only when it is compiled with Unicode property support.
+
+ The newline character is never treated in any special way in character
+ classes, whatever the setting of the PCRE_DOTALL or PCRE_MULTILINE
+ options is. A class such as [^a] will always match a newline.
+
+ The minus (hyphen) character can be used to specify a range of charac-
+ ters in a character class. For example, [d-m] matches any letter
+ between d and m, inclusive. If a minus character is required in a
+ class, it must be escaped with a backslash or appear in a position
+ where it cannot be interpreted as indicating a range, typically as the
+ first or last character in the class.
+
+ It is not possible to have the literal character "]" as the end charac-
+ ter of a range. A pattern such as [W-]46] is interpreted as a class of
+ two characters ("W" and "-") followed by a literal string "46]", so it
+ would match "W46]" or "-46]". However, if the "]" is escaped with a
+ backslash it is interpreted as the end of range, so [W-\]46] is inter-
+ preted as a class containing a range followed by two other characters.
+ The octal or hexadecimal representation of "]" can also be used to end
+ a range.
+
+ Ranges operate in the collating sequence of character values. They can
+ also be used for characters specified numerically, for example
+ [\000-\037]. In UTF-8 mode, ranges can include characters whose values
+ are greater than 255, for example [\x{100}-\x{2ff}].
+
+ If a range that includes letters is used when caseless matching is set,
+ it matches the letters in either case. For example, [W-c] is equivalent
+ to [][\\^_`wxyzabc], matched caselessly, and in non-UTF-8 mode, if
+ character tables for the "fr_FR" locale are in use, [\xc8-\xcb] matches
+ accented E characters in both cases. In UTF-8 mode, PCRE supports the
+ concept of case for characters with values greater than 128 only when
+ it is compiled with Unicode property support.
+
+ The character types \d, \D, \p, \P, \s, \S, \w, and \W may also appear
+ in a character class, and add the characters that they match to the
+ class. For example, [\dABCDEF] matches any hexadecimal digit. A circum-
+ flex can conveniently be used with the upper case character types to
+ specify a more restricted set of characters than the matching lower
+ case type. For example, the class [^\W_] matches any letter or digit,
+ but not underscore.
+
+ The only metacharacters that are recognized in character classes are
+ backslash, hyphen (only where it can be interpreted as specifying a
+ range), circumflex (only at the start), opening square bracket (only
+ when it can be interpreted as introducing a POSIX class name - see the
+ next section), and the terminating closing square bracket. However,
+ escaping other non-alphanumeric characters does no harm.
+
+
+POSIX CHARACTER CLASSES
+
+ Perl supports the POSIX notation for character classes. This uses names
+ enclosed by [: and :] within the enclosing square brackets. PCRE also
+ supports this notation. For example,
+
+ [01[:alpha:]%]
+
+ matches "0", "1", any alphabetic character, or "%". The supported class
+ names are
+
+ alnum letters and digits
+ alpha letters
+ ascii character codes 0 - 127
+ blank space or tab only
+ cntrl control characters
+ digit decimal digits (same as \d)
+ graph printing characters, excluding space
+ lower lower case letters
+ print printing characters, including space
+ punct printing characters, excluding letters and digits
+ space white space (not quite the same as \s)
+ upper upper case letters
+ word "word" characters (same as \w)
+ xdigit hexadecimal digits
+
+ The "space" characters are HT (9), LF (10), VT (11), FF (12), CR (13),
+ and space (32). Notice that this list includes the VT character (code
+ 11). This makes "space" different to \s, which does not include VT (for
+ Perl compatibility).
+
+ The name "word" is a Perl extension, and "blank" is a GNU extension
+ from Perl 5.8. Another Perl extension is negation, which is indicated
+ by a ^ character after the colon. For example,
+
+ [12[:^digit:]]
+
+ matches "1", "2", or any non-digit. PCRE (and Perl) also recognize the
+ POSIX syntax [.ch.] and [=ch=] where "ch" is a "collating element", but
+ these are not supported, and an error is given if they are encountered.
+
+ In UTF-8 mode, characters with values greater than 128 do not match any
+ of the POSIX character classes.
+
+
+VERTICAL BAR
+
+ Vertical bar characters are used to separate alternative patterns. For
+ example, the pattern
+
+ gilbert|sullivan
+
+ matches either "gilbert" or "sullivan". Any number of alternatives may
+ appear, and an empty alternative is permitted (matching the empty
+ string). The matching process tries each alternative in turn, from
+ left to right, and the first one that succeeds is used. If the alterna-
+ tives are within a subpattern (defined below), "succeeds" means match-
+ ing the rest of the main pattern as well as the alternative in the sub-
+ pattern.
+
+
+INTERNAL OPTION SETTING
+
+ The settings of the PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, and
+ PCRE_EXTENDED options can be changed from within the pattern by a
+ sequence of Perl option letters enclosed between "(?" and ")". The
+ option letters are
+
+ i for PCRE_CASELESS
+ m for PCRE_MULTILINE
+ s for PCRE_DOTALL
+ x for PCRE_EXTENDED
+
+ For example, (?im) sets caseless, multiline matching. It is also possi-
+ ble to unset these options by preceding the letter with a hyphen, and a
+ combined setting and unsetting such as (?im-sx), which sets PCRE_CASE-
+ LESS and PCRE_MULTILINE while unsetting PCRE_DOTALL and PCRE_EXTENDED,
+ is also permitted. If a letter appears both before and after the
+ hyphen, the option is unset.
+
+ When an option change occurs at top level (that is, not inside subpat-
+ tern parentheses), the change applies to the remainder of the pattern
+ that follows. If the change is placed right at the start of a pattern,
+ PCRE extracts it into the global options (and it will therefore show up
+ in data extracted by the pcre_fullinfo() function).
+
+ An option change within a subpattern affects only that part of the cur-
+ rent pattern that follows it, so
+
+ (a(?i)b)c
+
+ matches abc and aBc and no other strings (assuming PCRE_CASELESS is not
+ used). By this means, options can be made to have different settings
+ in different parts of the pattern. Any changes made in one alternative
+ do carry on into subsequent branches within the same subpattern. For
+ example,
+
+ (a(?i)b|c)
+
+ matches "ab", "aB", "c", and "C", even though when matching "C" the
+ first branch is abandoned before the option setting. This is because
+ the effects of option settings happen at compile time. There would be
+ some very weird behaviour otherwise.
+
+ The PCRE-specific options PCRE_UNGREEDY and PCRE_EXTRA can be changed
+ in the same way as the Perl-compatible options by using the characters
+ U and X respectively. The (?X) flag setting is special in that it must
+ always occur earlier in the pattern than any of the additional features
+ it turns on, even when it is at top level. It is best to put it at the
+ start.
+
+
+SUBPATTERNS
+
+ Subpatterns are delimited by parentheses (round brackets), which can be
+ nested. Turning part of a pattern into a subpattern does two things:
+
+ 1. It localizes a set of alternatives. For example, the pattern
+
+ cat(aract|erpillar|)
+
+ matches one of the words "cat", "cataract", or "caterpillar". Without
+ the parentheses, it would match "cataract", "erpillar" or the empty
+ string.
+
+ 2. It sets up the subpattern as a capturing subpattern. This means
+ that, when the whole pattern matches, that portion of the subject
+ string that matched the subpattern is passed back to the caller via the
+ ovector argument of pcre_exec(). Opening parentheses are counted from
+ left to right (starting from 1) to obtain numbers for the capturing
+ subpatterns.
+
+ For example, if the string "the red king" is matched against the pat-
+ tern
+
+ the ((red|white) (king|queen))
+
+ the captured substrings are "red king", "red", and "king", and are num-
+ bered 1, 2, and 3, respectively.
+
+ The fact that plain parentheses fulfil two functions is not always
+ helpful. There are often times when a grouping subpattern is required
+ without a capturing requirement. If an opening parenthesis is followed
+ by a question mark and a colon, the subpattern does not do any captur-
+ ing, and is not counted when computing the number of any subsequent
+ capturing subpatterns. For example, if the string "the white queen" is
+ matched against the pattern
+
+ the ((?:red|white) (king|queen))
+
+ the captured substrings are "white queen" and "queen", and are numbered
+ 1 and 2. The maximum number of capturing subpatterns is 65535, and the
+ maximum depth of nesting of all subpatterns, both capturing and non-
+ capturing, is 200.
+
+ As a convenient shorthand, if any option settings are required at the
+ start of a non-capturing subpattern, the option letters may appear
+ between the "?" and the ":". Thus the two patterns
+
+ (?i:saturday|sunday)
+ (?:(?i)saturday|sunday)
+
+ match exactly the same set of strings. Because alternative branches are
+ tried from left to right, and options are not reset until the end of
+ the subpattern is reached, an option setting in one branch does affect
+ subsequent branches, so the above patterns match "SUNDAY" as well as
+ "Saturday".
+
+
+NAMED SUBPATTERNS
+
+ Identifying capturing parentheses by number is simple, but it can be
+ very hard to keep track of the numbers in complicated regular expres-
+ sions. Furthermore, if an expression is modified, the numbers may
+ change. To help with this difficulty, PCRE supports the naming of sub-
+ patterns, something that Perl does not provide. The Python syntax
+ (?P<name>...) is used. Names consist of alphanumeric characters and
+ underscores, and must be unique within a pattern.
+
+ Named capturing parentheses are still allocated numbers as well as
+ names. The PCRE API provides function calls for extracting the name-to-
+ number translation table from a compiled pattern. There is also a con-
+ venience function for extracting a captured substring by name. For fur-
+ ther details see the pcreapi documentation.
+
+
+REPETITION
+
+ Repetition is specified by quantifiers, which can follow any of the
+ following items:
+
+ a literal data character
+ the . metacharacter
+ the \C escape sequence
+ the \X escape sequence (in UTF-8 mode with Unicode properties)
+ an escape such as \d that matches a single character
+ a character class
+ a back reference (see next section)
+ a parenthesized subpattern (unless it is an assertion)
+
+ The general repetition quantifier specifies a minimum and maximum num-
+ ber of permitted matches, by giving the two numbers in curly brackets
+ (braces), separated by a comma. The numbers must be less than 65536,
+ and the first must be less than or equal to the second. For example:
+
+ z{2,4}
+
+ matches "zz", "zzz", or "zzzz". A closing brace on its own is not a
+ special character. If the second number is omitted, but the comma is
+ present, there is no upper limit; if the second number and the comma
+ are both omitted, the quantifier specifies an exact number of required
+ matches. Thus
+
+ [aeiou]{3,}
+
+ matches at least 3 successive vowels, but may match many more, while
+
+ \d{8}
+
+ matches exactly 8 digits. An opening curly bracket that appears in a
+ position where a quantifier is not allowed, or one that does not match
+ the syntax of a quantifier, is taken as a literal character. For exam-
+ ple, {,6} is not a quantifier, but a literal string of four characters.
+
+ In UTF-8 mode, quantifiers apply to UTF-8 characters rather than to
+ individual bytes. Thus, for example, \x{100}{2} matches two UTF-8 char-
+ acters, each of which is represented by a two-byte sequence. Similarly,
+ when Unicode property support is available, \X{3} matches three Unicode
+ extended sequences, each of which may be several bytes long (and they
+ may be of different lengths).
+
+ The quantifier {0} is permitted, causing the expression to behave as if
+ the previous item and the quantifier were not present.
+
+ For convenience (and historical compatibility) the three most common
+ quantifiers have single-character abbreviations:
+
+ * is equivalent to {0,}
+ + is equivalent to {1,}
+ ? is equivalent to {0,1}
+
+ It is possible to construct infinite loops by following a subpattern
+ that can match no characters with a quantifier that has no upper limit,
+ for example:
+
+ (a?)*
+
+ Earlier versions of Perl and PCRE used to give an error at compile time
+ for such patterns. However, because there are cases where this can be
+ useful, such patterns are now accepted, but if any repetition of the
+ subpattern does in fact match no characters, the loop is forcibly bro-
+ ken.
+
+ By default, the quantifiers are "greedy", that is, they match as much
+ as possible (up to the maximum number of permitted times), without
+ causing the rest of the pattern to fail. The classic example of where
+ this gives problems is in trying to match comments in C programs. These
+ appear between /* and */ and within the comment, individual * and /
+ characters may appear. An attempt to match C comments by applying the
+ pattern
+
+ /\*.*\*/
+
+ to the string
+
+ /* first comment */ not comment /* second comment */
+
+ fails, because it matches the entire string owing to the greediness of
+ the .* item.
+
+ However, if a quantifier is followed by a question mark, it ceases to
+ be greedy, and instead matches the minimum number of times possible, so
+ the pattern
+
+ /\*.*?\*/
+
+ does the right thing with the C comments. The meaning of the various
+ quantifiers is not otherwise changed, just the preferred number of
+ matches. Do not confuse this use of question mark with its use as a
+ quantifier in its own right. Because it has two uses, it can sometimes
+ appear doubled, as in
+
+ \d??\d
+
+ which matches one digit by preference, but can match two if that is the
+ only way the rest of the pattern matches.
+
+ If the PCRE_UNGREEDY option is set (an option which is not available in
+ Perl), the quantifiers are not greedy by default, but individual ones
+ can be made greedy by following them with a question mark. In other
+ words, it inverts the default behaviour.
+
+ When a parenthesized subpattern is quantified with a minimum repeat
+ count that is greater than 1 or with a limited maximum, more memory is
+ required for the compiled pattern, in proportion to the size of the
+ minimum or maximum.
+
+ If a pattern starts with .* or .{0,} and the PCRE_DOTALL option (equiv-
+ alent to Perl's /s) is set, thus allowing the . to match newlines, the
+ pattern is implicitly anchored, because whatever follows will be tried
+ against every character position in the subject string, so there is no
+ point in retrying the overall match at any position after the first.
+ PCRE normally treats such a pattern as though it were preceded by \A.
+
+ In cases where it is known that the subject string contains no new-
+ lines, it is worth setting PCRE_DOTALL in order to obtain this opti-
+ mization, or alternatively using ^ to indicate anchoring explicitly.
+
+ However, there is one situation where the optimization cannot be used.
+ When .* is inside capturing parentheses that are the subject of a
+ backreference elsewhere in the pattern, a match at the start may fail,
+ and a later one succeed. Consider, for example:
+
+ (.*)abc\1
+
+ If the subject is "xyz123abc123" the match point is the fourth charac-
+ ter. For this reason, such a pattern is not implicitly anchored.
+
+ When a capturing subpattern is repeated, the value captured is the sub-
+ string that matched the final iteration. For example, after
+
+ (tweedle[dume]{3}\s*)+
+
+ has matched "tweedledum tweedledee" the value of the captured substring
+ is "tweedledee". However, if there are nested capturing subpatterns,
+ the corresponding captured values may have been set in previous itera-
+ tions. For example, after
+
+ /(a|(b))+/
+
+ matches "aba" the value of the second captured substring is "b".
+
+
+ATOMIC GROUPING AND POSSESSIVE QUANTIFIERS
+
+ With both maximizing and minimizing repetition, failure of what follows
+ normally causes the repeated item to be re-evaluated to see if a dif-
+ ferent number of repeats allows the rest of the pattern to match. Some-
+ times it is useful to prevent this, either to change the nature of the
+ match, or to cause it fail earlier than it otherwise might, when the
+ author of the pattern knows there is no point in carrying on.
+
+ Consider, for example, the pattern \d+foo when applied to the subject
+ line
+
+ 123456bar
+
+ After matching all 6 digits and then failing to match "foo", the normal
+ action of the matcher is to try again with only 5 digits matching the
+ \d+ item, and then with 4, and so on, before ultimately failing.
+ "Atomic grouping" (a term taken from Jeffrey Friedl's book) provides
+ the means for specifying that once a subpattern has matched, it is not
+ to be re-evaluated in this way.
+
+ If we use atomic grouping for the previous example, the matcher would
+ give up immediately on failing to match "foo" the first time. The nota-
+ tion is a kind of special parenthesis, starting with (?> as in this
+ example:
+
+ (?>\d+)foo
+
+ This kind of parenthesis "locks up" the part of the pattern it con-
+ tains once it has matched, and a failure further into the pattern is
+ prevented from backtracking into it. Backtracking past it to previous
+ items, however, works as normal.
+
+ An alternative description is that a subpattern of this type matches
+ the string of characters that an identical standalone pattern would
+ match, if anchored at the current point in the subject string.
+
+ Atomic grouping subpatterns are not capturing subpatterns. Simple cases
+ such as the above example can be thought of as a maximizing repeat that
+ must swallow everything it can. So, while both \d+ and \d+? are pre-
+ pared to adjust the number of digits they match in order to make the
+ rest of the pattern match, (?>\d+) can only match an entire sequence of
+ digits.
+
+ Atomic groups in general can of course contain arbitrarily complicated
+ subpatterns, and can be nested. However, when the subpattern for an
+ atomic group is just a single repeated item, as in the example above, a
+ simpler notation, called a "possessive quantifier" can be used. This
+ consists of an additional + character following a quantifier. Using
+ this notation, the previous example can be rewritten as
+
+ \d++foo
+
+ Possessive quantifiers are always greedy; the setting of the
+ PCRE_UNGREEDY option is ignored. They are a convenient notation for the
+ simpler forms of atomic group. However, there is no difference in the
+ meaning or processing of a possessive quantifier and the equivalent
+ atomic group.
+
+ The possessive quantifier syntax is an extension to the Perl syntax. It
+ originates in Sun's Java package.
+
+ When a pattern contains an unlimited repeat inside a subpattern that
+ can itself be repeated an unlimited number of times, the use of an
+ atomic group is the only way to avoid some failing matches taking a
+ very long time indeed. The pattern
+
+ (\D+|<\d+>)*[!?]
+
+ matches an unlimited number of substrings that either consist of non-
+ digits, or digits enclosed in <>, followed by either ! or ?. When it
+ matches, it runs quickly. However, if it is applied to
+
+ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+
+ it takes a long time before reporting failure. This is because the
+ string can be divided between the internal \D+ repeat and the external
+ * repeat in a large number of ways, and all have to be tried. (The
+ example uses [!?] rather than a single character at the end, because
+ both PCRE and Perl have an optimization that allows for fast failure
+ when a single character is used. They remember the last single charac-
+ ter that is required for a match, and fail early if it is not present
+ in the string.) If the pattern is changed so that it uses an atomic
+ group, like this:
+
+ ((?>\D+)|<\d+>)*[!?]
+
+ sequences of non-digits cannot be broken, and failure happens quickly.
+
+
+BACK REFERENCES
+
+ Outside a character class, a backslash followed by a digit greater than
+ 0 (and possibly further digits) is a back reference to a capturing sub-
+ pattern earlier (that is, to its left) in the pattern, provided there
+ have been that many previous capturing left parentheses.
+
+ However, if the decimal number following the backslash is less than 10,
+ it is always taken as a back reference, and causes an error only if
+ there are not that many capturing left parentheses in the entire pat-
+ tern. In other words, the parentheses that are referenced need not be
+ to the left of the reference for numbers less than 10. See the subsec-
+ tion entitled "Non-printing characters" above for further details of
+ the handling of digits following a backslash.
+
+ A back reference matches whatever actually matched the capturing sub-
+ pattern in the current subject string, rather than anything matching
+ the subpattern itself (see "Subpatterns as subroutines" below for a way
+ of doing that). So the pattern
+
+ (sens|respons)e and \1ibility
+
+ matches "sense and sensibility" and "response and responsibility", but
+ not "sense and responsibility". If caseful matching is in force at the
+ time of the back reference, the case of letters is relevant. For exam-
+ ple,
+
+ ((?i)rah)\s+\1
+
+ matches "rah rah" and "RAH RAH", but not "RAH rah", even though the
+ original capturing subpattern is matched caselessly.
+
+ Back references to named subpatterns use the Python syntax (?P=name).
+ We could rewrite the above example as follows:
+
+ (?<p1>(?i)rah)\s+(?P=p1)
+
+ There may be more than one back reference to the same subpattern. If a
+ subpattern has not actually been used in a particular match, any back
+ references to it always fail. For example, the pattern
+
+ (a|(bc))\2
+
+ always fails if it starts to match "a" rather than "bc". Because there
+ may be many capturing parentheses in a pattern, all digits following
+ the backslash are taken as part of a potential back reference number.
+ If the pattern continues with a digit character, some delimiter must be
+ used to terminate the back reference. If the PCRE_EXTENDED option is
+ set, this can be whitespace. Otherwise an empty comment (see "Com-
+ ments" below) can be used.
+
+ A back reference that occurs inside the parentheses to which it refers
+ fails when the subpattern is first used, so, for example, (a\1) never
+ matches. However, such references can be useful inside repeated sub-
+ patterns. For example, the pattern
+
+ (a|b\1)+
+
+ matches any number of "a"s and also "aba", "ababbaa" etc. At each iter-
+ ation of the subpattern, the back reference matches the character
+ string corresponding to the previous iteration. In order for this to
+ work, the pattern must be such that the first iteration does not need
+ to match the back reference. This can be done using alternation, as in
+ the example above, or by a quantifier with a minimum of zero.
+
+
+ASSERTIONS
+
+ An assertion is a test on the characters following or preceding the
+ current matching point that does not actually consume any characters.
+ The simple assertions coded as \b, \B, \A, \G, \Z, \z, ^ and $ are
+ described above.
+
+ More complicated assertions are coded as subpatterns. There are two
+ kinds: those that look ahead of the current position in the subject
+ string, and those that look behind it. An assertion subpattern is
+ matched in the normal way, except that it does not cause the current
+ matching position to be changed.
+
+ Assertion subpatterns are not capturing subpatterns, and may not be
+ repeated, because it makes no sense to assert the same thing several
+ times. If any kind of assertion contains capturing subpatterns within
+ it, these are counted for the purposes of numbering the capturing sub-
+ patterns in the whole pattern. However, substring capturing is carried
+ out only for positive assertions, because it does not make sense for
+ negative assertions.
+
+ Lookahead assertions
+
+ Lookahead assertions start with (?= for positive assertions and (?! for
+ negative assertions. For example,
+
+ \w+(?=;)
+
+ matches a word followed by a semicolon, but does not include the semi-
+ colon in the match, and
+
+ foo(?!bar)
+
+ matches any occurrence of "foo" that is not followed by "bar". Note
+ that the apparently similar pattern
+
+ (?!foo)bar
+
+ does not find an occurrence of "bar" that is preceded by something
+ other than "foo"; it finds any occurrence of "bar" whatsoever, because
+ the assertion (?!foo) is always true when the next three characters are
+ "bar". A lookbehind assertion is needed to achieve the other effect.
+
+ If you want to force a matching failure at some point in a pattern, the
+ most convenient way to do it is with (?!) because an empty string
+ always matches, so an assertion that requires there not to be an empty
+ string must always fail.
+
+ Lookbehind assertions
+
+ Lookbehind assertions start with (?<= for positive assertions and (?<!
+ for negative assertions. For example,
+
+ (?<!foo)bar
+
+ does find an occurrence of "bar" that is not preceded by "foo". The
+ contents of a lookbehind assertion are restricted such that all the
+ strings it matches must have a fixed length. However, if there are sev-
+ eral alternatives, they do not all have to have the same fixed length.
+ Thus
+
+ (?<=bullock|donkey)
+
+ is permitted, but
+
+ (?<!dogs?|cats?)
+
+ causes an error at compile time. Branches that match different length
+ strings are permitted only at the top level of a lookbehind assertion.
+ This is an extension compared with Perl (at least for 5.8), which
+ requires all branches to match the same length of string. An assertion
+ such as
+
+ (?<=ab(c|de))
+
+ is not permitted, because its single top-level branch can match two
+ different lengths, but it is acceptable if rewritten to use two top-
+ level branches:
+
+ (?<=abc|abde)
+
+ The implementation of lookbehind assertions is, for each alternative,
+ to temporarily move the current position back by the fixed width and
+ then try to match. If there are insufficient characters before the cur-
+ rent position, the match is deemed to fail.
+
+ PCRE does not allow the \C escape (which matches a single byte in UTF-8
+ mode) to appear in lookbehind assertions, because it makes it impossi-
+ ble to calculate the length of the lookbehind. The \X escape, which can
+ match different numbers of bytes, is also not permitted.
+
+ Atomic groups can be used in conjunction with lookbehind assertions to
+ specify efficient matching at the end of the subject string. Consider a
+ simple pattern such as
+
+ abcd$
+
+ when applied to a long string that does not match. Because matching
+ proceeds from left to right, PCRE will look for each "a" in the subject
+ and then see if what follows matches the rest of the pattern. If the
+ pattern is specified as
+
+ ^.*abcd$
+
+ the initial .* matches the entire string at first, but when this fails
+ (because there is no following "a"), it backtracks to match all but the
+ last character, then all but the last two characters, and so on. Once
+ again the search for "a" covers the entire string, from right to left,
+ so we are no better off. However, if the pattern is written as
+
+ ^(?>.*)(?<=abcd)
+
+ or, equivalently, using the possessive quantifier syntax,
+
+ ^.*+(?<=abcd)
+
+ there can be no backtracking for the .* item; it can match only the
+ entire string. The subsequent lookbehind assertion does a single test
+ on the last four characters. If it fails, the match fails immediately.
+ For long strings, this approach makes a significant difference to the
+ processing time.
+
+ Using multiple assertions
+
+ Several assertions (of any sort) may occur in succession. For example,
+
+ (?<=\d{3})(?<!999)foo
+
+ matches "foo" preceded by three digits that are not "999". Notice that
+ each of the assertions is applied independently at the same point in
+ the subject string. First there is a check that the previous three
+ characters are all digits, and then there is a check that the same
+ three characters are not "999". This pattern does not match "foo" pre-
+ ceded by six characters, the first of which are digits and the last
+ three of which are not "999". For example, it doesn't match "123abc-
+ foo". A pattern to do that is
+
+ (?<=\d{3}...)(?<!999)foo
+
+ This time the first assertion looks at the preceding six characters,
+ checking that the first three are digits, and then the second assertion
+ checks that the preceding three characters are not "999".
+
+ Assertions can be nested in any combination. For example,
+
+ (?<=(?<!foo)bar)baz
+
+ matches an occurrence of "baz" that is preceded by "bar" which in turn
+ is not preceded by "foo", while
+
+ (?<=\d{3}(?!999)...)foo
+
+ is another pattern that matches "foo" preceded by three digits and any
+ three characters that are not "999".
+
+
+CONDITIONAL SUBPATTERNS
+
+ It is possible to cause the matching process to obey a subpattern con-
+ ditionally or to choose between two alternative subpatterns, depending
+ on the result of an assertion, or whether a previous capturing subpat-
+ tern matched or not. The two possible forms of conditional subpattern
+ are
+
+ (?(condition)yes-pattern)
+ (?(condition)yes-pattern|no-pattern)
+
+ If the condition is satisfied, the yes-pattern is used; otherwise the
+ no-pattern (if present) is used. If there are more than two alterna-
+ tives in the subpattern, a compile-time error occurs.
+
+ There are three kinds of condition. If the text between the parentheses
+ consists of a sequence of digits, the condition is satisfied if the
+ capturing subpattern of that number has previously matched. The number
+ must be greater than zero. Consider the following pattern, which con-
+ tains non-significant white space to make it more readable (assume the
+ PCRE_EXTENDED option) and to divide it into three parts for ease of
+ discussion:
+
+ ( \( )? [^()]+ (?(1) \) )
+
+ The first part matches an optional opening parenthesis, and if that
+ character is present, sets it as the first captured substring. The sec-
+ ond part matches one or more characters that are not parentheses. The
+ third part is a conditional subpattern that tests whether the first set
+ of parentheses matched or not. If they did, that is, if subject started
+ with an opening parenthesis, the condition is true, and so the yes-pat-
+ tern is executed and a closing parenthesis is required. Otherwise,
+ since no-pattern is not present, the subpattern matches nothing. In
+ other words, this pattern matches a sequence of non-parentheses,
+ optionally enclosed in parentheses.
+
+ If the condition is the string (R), it is satisfied if a recursive call
+ to the pattern or subpattern has been made. At "top level", the condi-
+ tion is false. This is a PCRE extension. Recursive patterns are
+ described in the next section.
+
+ If the condition is not a sequence of digits or (R), it must be an
+ assertion. This may be a positive or negative lookahead or lookbehind
+ assertion. Consider this pattern, again containing non-significant
+ white space, and with the two alternatives on the second line:
+
+ (?(?=[^a-z]*[a-z])
+ \d{2}-[a-z]{3}-\d{2} | \d{2}-\d{2}-\d{2} )
+
+ The condition is a positive lookahead assertion that matches an
+ optional sequence of non-letters followed by a letter. In other words,
+ it tests for the presence of at least one letter in the subject. If a
+ letter is found, the subject is matched against the first alternative;
+ otherwise it is matched against the second. This pattern matches
+ strings in one of the two forms dd-aaa-dd or dd-dd-dd, where aaa are
+ letters and dd are digits.
+
+
+COMMENTS
+
+ The sequence (?# marks the start of a comment that continues up to the
+ next closing parenthesis. Nested parentheses are not permitted. The
+ characters that make up a comment play no part in the pattern matching
+ at all.
+
+ If the PCRE_EXTENDED option is set, an unescaped # character outside a
+ character class introduces a comment that continues up to the next new-
+ line character in the pattern.
+
+
+RECURSIVE PATTERNS
+
+ Consider the problem of matching a string in parentheses, allowing for
+ unlimited nested parentheses. Without the use of recursion, the best
+ that can be done is to use a pattern that matches up to some fixed
+ depth of nesting. It is not possible to handle an arbitrary nesting
+ depth. Perl provides a facility that allows regular expressions to
+ recurse (amongst other things). It does this by interpolating Perl code
+ in the expression at run time, and the code can refer to the expression
+ itself. A Perl pattern to solve the parentheses problem can be created
+ like this:
+
+ $re = qr{\( (?: (?>[^()]+) | (?p{$re}) )* \)}x;
+
+ The (?p{...}) item interpolates Perl code at run time, and in this case
+ refers recursively to the pattern in which it appears. Obviously, PCRE
+ cannot support the interpolation of Perl code. Instead, it supports
+ some special syntax for recursion of the entire pattern, and also for
+ individual subpattern recursion.
+
+ The special item that consists of (? followed by a number greater than
+ zero and a closing parenthesis is a recursive call of the subpattern of
+ the given number, provided that it occurs inside that subpattern. (If
+ not, it is a "subroutine" call, which is described in the next sec-
+ tion.) The special item (?R) is a recursive call of the entire regular
+ expression.
+
+ For example, this PCRE pattern solves the nested parentheses problem
+ (assume the PCRE_EXTENDED option is set so that white space is
+ ignored):
+
+ \( ( (?>[^()]+) | (?R) )* \)
+
+ First it matches an opening parenthesis. Then it matches any number of
+ substrings which can either be a sequence of non-parentheses, or a
+ recursive match of the pattern itself (that is a correctly parenthe-
+ sized substring). Finally there is a closing parenthesis.
+
+ If this were part of a larger pattern, you would not want to recurse
+ the entire pattern, so instead you could use this:
+
+ ( \( ( (?>[^()]+) | (?1) )* \) )
+
+ We have put the pattern into parentheses, and caused the recursion to
+ refer to them instead of the whole pattern. In a larger pattern, keep-
+ ing track of parenthesis numbers can be tricky. It may be more conve-
+ nient to use named parentheses instead. For this, PCRE uses (?P>name),
+ which is an extension to the Python syntax that PCRE uses for named
+ parentheses (Perl does not provide named parentheses). We could rewrite
+ the above example as follows:
+
+ (?P<pn> \( ( (?>[^()]+) | (?P>pn) )* \) )
+
+ This particular example pattern contains nested unlimited repeats, and
+ so the use of atomic grouping for matching strings of non-parentheses
+ is important when applying the pattern to strings that do not match.
+ For example, when this pattern is applied to
+
+ (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa()
+
+ it yields "no match" quickly. However, if atomic grouping is not used,
+ the match runs for a very long time indeed because there are so many
+ different ways the + and * repeats can carve up the subject, and all
+ have to be tested before failure can be reported.
+
+ At the end of a match, the values set for any capturing subpatterns are
+ those from the outermost level of the recursion at which the subpattern
+ value is set. If you want to obtain intermediate values, a callout
+ function can be used (see the next section and the pcrecallout documen-
+ tation). If the pattern above is matched against
+
+ (ab(cd)ef)
+
+ the value for the capturing parentheses is "ef", which is the last
+ value taken on at the top level. If additional parentheses are added,
+ giving
+
+ \( ( ( (?>[^()]+) | (?R) )* ) \)
+ ^ ^
+ ^ ^
+
+ the string they capture is "ab(cd)ef", the contents of the top level
+ parentheses. If there are more than 15 capturing parentheses in a pat-
+ tern, PCRE has to obtain extra memory to store data during a recursion,
+ which it does by using pcre_malloc, freeing it via pcre_free after-
+ wards. If no memory can be obtained, the match fails with the
+ PCRE_ERROR_NOMEMORY error.
+
+ Do not confuse the (?R) item with the condition (R), which tests for
+ recursion. Consider this pattern, which matches text in angle brack-
+ ets, allowing for arbitrary nesting. Only digits are allowed in nested
+ brackets (that is, when recursing), whereas any characters are permit-
+ ted at the outer level.
+
+ < (?: (?(R) \d++ | [^<>]*+) | (?R)) * >
+
+ In this pattern, (?(R) is the start of a conditional subpattern, with
+ two different alternatives for the recursive and non-recursive cases.
+ The (?R) item is the actual recursive call.
+
+
+SUBPATTERNS AS SUBROUTINES
+
+ If the syntax for a recursive subpattern reference (either by number or
+ by name) is used outside the parentheses to which it refers, it oper-
+ ates like a subroutine in a programming language. An earlier example
+ pointed out that the pattern
+
+ (sens|respons)e and \1ibility
+
+ matches "sense and sensibility" and "response and responsibility", but
+ not "sense and responsibility". If instead the pattern
+
+ (sens|respons)e and (?1)ibility
+
+ is used, it does match "sense and responsibility" as well as the other
+ two strings. Such references must, however, follow the subpattern to
+ which they refer.
+
+
+CALLOUTS
+
+ Perl has a feature whereby using the sequence (?{...}) causes arbitrary
+ Perl code to be obeyed in the middle of matching a regular expression.
+ This makes it possible, amongst other things, to extract different sub-
+ strings that match the same pair of parentheses when there is a repeti-
+ tion.
+
+ PCRE provides a similar feature, but of course it cannot obey arbitrary
+ Perl code. The feature is called "callout". The caller of PCRE provides
+ an external function by putting its entry point in the global variable
+ pcre_callout. By default, this variable contains NULL, which disables
+ all calling out.
+
+ Within a regular expression, (?C) indicates the points at which the
+ external function is to be called. If you want to identify different
+ callout points, you can put a number less than 256 after the letter C.
+ The default value is zero. For example, this pattern has two callout
+ points:
+
+ (?C1)abc(?C2)def
+
+ If the PCRE_AUTO_CALLOUT flag is passed to pcre_compile(), callouts are
+ automatically installed before each item in the pattern. They are all
+ numbered 255.
+
+ During matching, when PCRE reaches a callout point (and pcre_callout is
+ set), the external function is called. It is provided with the number
+ of the callout, the position in the pattern, and, optionally, one item
+ of data originally supplied by the caller of pcre_exec(). The callout
+ function may cause matching to proceed, to backtrack, or to fail alto-
+ gether. A complete description of the interface to the callout function
+ is given in the pcrecallout documentation.
+
+Last updated: 09 September 2004
+Copyright (c) 1997-2004 University of Cambridge.
diff --git a/doc/doc-txt/pcretest.txt b/doc/doc-txt/pcretest.txt
new file mode 100644
index 000000000..9e9b70ef4
--- /dev/null
+++ b/doc/doc-txt/pcretest.txt
@@ -0,0 +1,455 @@
+This file contains the PCRE man page that described the pcretest program. Note
+that not all of the features of PCRE are available in the limited version that
+is built with Exim.
+-------------------------------------------------------------------------------
+
+PCRETEST(1) PCRETEST(1)
+
+
+
+NAME
+ pcretest - a program for testing Perl-compatible regular expressions.
+
+SYNOPSIS
+
+ pcretest [-C] [-d] [-i] [-m] [-o osize] [-p] [-t] [source]
+ [destination]
+
+ pcretest was written as a test program for the PCRE regular expression
+ library itself, but it can also be used for experimenting with regular
+ expressions. This document describes the features of the test program;
+ for details of the regular expressions themselves, see the pcrepattern
+ documentation. For details of the PCRE library function calls and their
+ options, see the pcreapi documentation.
+
+
+OPTIONS
+
+ -C Output the version number of the PCRE library, and all avail-
+ able information about the optional features that are
+ included, and then exit.
+
+ -d Behave as if each regex had the /D (debug) modifier; the
+ internal form is output after compilation.
+
+ -i Behave as if each regex had the /I modifier; information
+ about the compiled pattern is given after compilation.
+
+ -m Output the size of each compiled pattern after it has been
+ compiled. This is equivalent to adding /M to each regular
+ expression. For compatibility with earlier versions of
+ pcretest, -s is a synonym for -m.
+
+ -o osize Set the number of elements in the output vector that is used
+ when calling pcre_exec() to be osize. The default value is
+ 45, which is enough for 14 capturing subexpressions. The vec-
+ tor size can be changed for individual matching calls by
+ including \O in the data line (see below).
+
+ -p Behave as if each regex has /P modifier; the POSIX wrapper
+ API is used to call PCRE. None of the other options has any
+ effect when -p is set.
+
+ -t Run each compile, study, and match many times with a timer,
+ and output resulting time per compile or match (in millisec-
+ onds). Do not set -m with -t, because you will then get the
+ size output a zillion times, and the timing will be dis-
+ torted.
+
+
+DESCRIPTION
+
+ If pcretest is given two filename arguments, it reads from the first
+ and writes to the second. If it is given only one filename argument, it
+ reads from that file and writes to stdout. Otherwise, it reads from
+ stdin and writes to stdout, and prompts for each line of input, using
+ "re>" to prompt for regular expressions, and "data>" to prompt for data
+ lines.
+
+ The program handles any number of sets of input on a single input file.
+ Each set starts with a regular expression, and continues with any num-
+ ber of data lines to be matched against the pattern.
+
+ Each data line is matched separately and independently. If you want to
+ do multiple-line matches, you have to use the \n escape sequence in a
+ single line of input to encode the newline characters. The maximum
+ length of data line is 30,000 characters.
+
+ An empty line signals the end of the data lines, at which point a new
+ regular expression is read. The regular expressions are given enclosed
+ in any non-alphanumeric delimiters other than backslash, for example
+
+ /(a|bc)x+yz/
+
+ White space before the initial delimiter is ignored. A regular expres-
+ sion may be continued over several input lines, in which case the new-
+ line characters are included within it. It is possible to include the
+ delimiter within the pattern by escaping it, for example
+
+ /abc\/def/
+
+ If you do so, the escape and the delimiter form part of the pattern,
+ but since delimiters are always non-alphanumeric, this does not affect
+ its interpretation. If the terminating delimiter is immediately fol-
+ lowed by a backslash, for example,
+
+ /abc/\
+
+ then a backslash is added to the end of the pattern. This is done to
+ provide a way of testing the error condition that arises if a pattern
+ finishes with a backslash, because
+
+ /abc\/
+
+ is interpreted as the first line of a pattern that starts with "abc/",
+ causing pcretest to read the next line as a continuation of the regular
+ expression.
+
+
+PATTERN MODIFIERS
+
+ A pattern may be followed by any number of modifiers, which are mostly
+ single characters. Following Perl usage, these are referred to below
+ as, for example, "the /i modifier", even though the delimiter of the
+ pattern need not always be a slash, and no slash is used when writing
+ modifiers. Whitespace may appear between the final pattern delimiter
+ and the first modifier, and between the modifiers themselves.
+
+ The /i, /m, /s, and /x modifiers set the PCRE_CASELESS, PCRE_MULTILINE,
+ PCRE_DOTALL, or PCRE_EXTENDED options, respectively, when pcre_com-
+ pile() is called. These four modifier letters have the same effect as
+ they do in Perl. For example:
+
+ /caseless/i
+
+ The following table shows additional modifiers for setting PCRE options
+ that do not correspond to anything in Perl:
+
+ /A PCRE_ANCHORED
+ /C PCRE_AUTO_CALLOUT
+ /E PCRE_DOLLAR_ENDONLY
+ /N PCRE_NO_AUTO_CAPTURE
+ /U PCRE_UNGREEDY
+ /X PCRE_EXTRA
+
+ Searching for all possible matches within each subject string can be
+ requested by the /g or /G modifier. After finding a match, PCRE is
+ called again to search the remainder of the subject string. The differ-
+ ence between /g and /G is that the former uses the startoffset argument
+ to pcre_exec() to start searching at a new point within the entire
+ string (which is in effect what Perl does), whereas the latter passes
+ over a shortened substring. This makes a difference to the matching
+ process if the pattern begins with a lookbehind assertion (including \b
+ or \B).
+
+ If any call to pcre_exec() in a /g or /G sequence matches an empty
+ string, the next call is done with the PCRE_NOTEMPTY and PCRE_ANCHORED
+ flags set in order to search for another, non-empty, match at the same
+ point. If this second match fails, the start offset is advanced by
+ one, and the normal match is retried. This imitates the way Perl han-
+ dles such cases when using the /g modifier or the split() function.
+
+ There are yet more modifiers for controlling the way pcretest operates.
+
+ The /+ modifier requests that as well as outputting the substring that
+ matched the entire pattern, pcretest should in addition output the
+ remainder of the subject string. This is useful for tests where the
+ subject contains multiple copies of the same substring.
+
+ The /L modifier must be followed directly by the name of a locale, for
+ example,
+
+ /pattern/Lfr_FR
+
+ For this reason, it must be the last modifier. The given locale is set,
+ pcre_maketables() is called to build a set of character tables for the
+ locale, and this is then passed to pcre_compile() when compiling the
+ regular expression. Without an /L modifier, NULL is passed as the
+ tables pointer; that is, /L applies only to the expression on which it
+ appears.
+
+ The /I modifier requests that pcretest output information about the
+ compiled pattern (whether it is anchored, has a fixed first character,
+ and so on). It does this by calling pcre_fullinfo() after compiling a
+ pattern. If the pattern is studied, the results of that are also out-
+ put.
+
+ The /D modifier is a PCRE debugging feature, which also assumes /I. It
+ causes the internal form of compiled regular expressions to be output
+ after compilation. If the pattern was studied, the information returned
+ is also output.
+
+ The /F modifier causes pcretest to flip the byte order of the fields in
+ the compiled pattern that contain 2-byte and 4-byte numbers. This
+ facility is for testing the feature in PCRE that allows it to execute
+ patterns that were compiled on a host with a different endianness. This
+ feature is not available when the POSIX interface to PCRE is being
+ used, that is, when the /P pattern modifier is specified. See also the
+ section about saving and reloading compiled patterns below.
+
+ The /S modifier causes pcre_study() to be called after the expression
+ has been compiled, and the results used when the expression is matched.
+
+ The /M modifier causes the size of memory block used to hold the com-
+ piled pattern to be output.
+
+ The /P modifier causes pcretest to call PCRE via the POSIX wrapper API
+ rather than its native API. When this is done, all other modifiers
+ except /i, /m, and /+ are ignored. REG_ICASE is set if /i is present,
+ and REG_NEWLINE is set if /m is present. The wrapper functions force
+ PCRE_DOLLAR_ENDONLY always, and PCRE_DOTALL unless REG_NEWLINE is set.
+
+ The /8 modifier causes pcretest to call PCRE with the PCRE_UTF8 option
+ set. This turns on support for UTF-8 character handling in PCRE, pro-
+ vided that it was compiled with this support enabled. This modifier
+ also causes any non-printing characters in output strings to be printed
+ using the \x{hh...} notation if they are valid UTF-8 sequences.
+
+ If the /? modifier is used with /8, it causes pcretest to call
+ pcre_compile() with the PCRE_NO_UTF8_CHECK option, to suppress the
+ checking of the string for UTF-8 validity.
+
+
+DATA LINES
+
+ Before each data line is passed to pcre_exec(), leading and trailing
+ whitespace is removed, and it is then scanned for \ escapes. Some of
+ these are pretty esoteric features, intended for checking out some of
+ the more complicated features of PCRE. If you are just testing "ordi-
+ nary" regular expressions, you probably don't need any of these. The
+ following escapes are recognized:
+
+ \a alarm (= BEL)
+ \b backspace
+ \e escape
+ \f formfeed
+ \n newline
+ \r carriage return
+ \t tab
+ \v vertical tab
+ \nnn octal character (up to 3 octal digits)
+ \xhh hexadecimal character (up to 2 hex digits)
+ \x{hh...} hexadecimal character, any number of digits
+ in UTF-8 mode
+ \A pass the PCRE_ANCHORED option to pcre_exec()
+ \B pass the PCRE_NOTBOL option to pcre_exec()
+ \Cdd call pcre_copy_substring() for substring dd
+ after a successful match (number less than 32)
+ \Cname call pcre_copy_named_substring() for substring
+ "name" after a successful match (name termin-
+ ated by next non alphanumeric character)
+ \C+ show the current captured substrings at callout
+ time
+ \C- do not supply a callout function
+ \C!n return 1 instead of 0 when callout number n is
+ reached
+ \C!n!m return 1 instead of 0 when callout number n is
+ reached for the nth time
+ \C*n pass the number n (may be negative) as callout
+ data; this is used as the callout return value
+ \Gdd call pcre_get_substring() for substring dd
+ after a successful match (number less than 32)
+ \Gname call pcre_get_named_substring() for substring
+ "name" after a successful match (name termin-
+ ated by next non-alphanumeric character)
+ \L call pcre_get_substringlist() after a
+ successful match
+ \M discover the minimum MATCH_LIMIT setting
+ \N pass the PCRE_NOTEMPTY option to pcre_exec()
+ \Odd set the size of the output vector passed to
+ pcre_exec() to dd (any number of digits)
+ \P pass the PCRE_PARTIAL option to pcre_exec()
+ \S output details of memory get/free calls during matching
+ \Z pass the PCRE_NOTEOL option to pcre_exec()
+ \? pass the PCRE_NO_UTF8_CHECK option to
+ pcre_exec()
+ \>dd start the match at offset dd (any number of digits);
+ this sets the startoffset argument for pcre_exec()
+
+ A backslash followed by anything else just escapes the anything else.
+ If the very last character is a backslash, it is ignored. This gives a
+ way of passing an empty line as data, since a real empty line termi-
+ nates the data input.
+
+ If \M is present, pcretest calls pcre_exec() several times, with dif-
+ ferent values in the match_limit field of the pcre_extra data struc-
+ ture, until it finds the minimum number that is needed for pcre_exec()
+ to complete. This number is a measure of the amount of recursion and
+ backtracking that takes place, and checking it out can be instructive.
+ For most simple matches, the number is quite small, but for patterns
+ with very large numbers of matching possibilities, it can become large
+ very quickly with increasing length of subject string.
+
+ When \O is used, the value specified may be higher or lower than the
+ size set by the -O command line option (or defaulted to 45); \O applies
+ only to the call of pcre_exec() for the line in which it appears.
+
+ If the /P modifier was present on the pattern, causing the POSIX wrap-
+ per API to be used, only \B and \Z have any effect, causing REG_NOTBOL
+ and REG_NOTEOL to be passed to regexec() respectively.
+
+ The use of \x{hh...} to represent UTF-8 characters is not dependent on
+ the use of the /8 modifier on the pattern. It is recognized always.
+ There may be any number of hexadecimal digits inside the braces. The
+ result is from one to six bytes, encoded according to the UTF-8 rules.
+
+
+OUTPUT FROM PCRETEST
+
+ When a match succeeds, pcretest outputs the list of captured substrings
+ that pcre_exec() returns, starting with number 0 for the string that
+ matched the whole pattern. Otherwise, it outputs "No match" or "Partial
+ match" when pcre_exec() returns PCRE_ERROR_NOMATCH or PCRE_ERROR_PAR-
+ TIAL, respectively, and otherwise the PCRE negative error number. Here
+ is an example of an interactive pcretest run.
+
+ $ pcretest
+ PCRE version 5.00 07-Sep-2004
+
+ re> /^abc(\d+)/
+ data> abc123
+ 0: abc123
+ 1: 123
+ data> xyz
+ No match
+
+ If the strings contain any non-printing characters, they are output as
+ \0x escapes, or as \x{...} escapes if the /8 modifier was present on
+ the pattern. If the pattern has the /+ modifier, the output for sub-
+ string 0 is followed by the the rest of the subject string, identified
+ by "0+" like this:
+
+ re> /cat/+
+ data> cataract
+ 0: cat
+ 0+ aract
+
+ If the pattern has the /g or /G modifier, the results of successive
+ matching attempts are output in sequence, like this:
+
+ re> /\Bi(\w\w)/g
+ data> Mississippi
+ 0: iss
+ 1: ss
+ 0: iss
+ 1: ss
+ 0: ipp
+ 1: pp
+
+ "No match" is output only if the first match attempt fails.
+
+ If any of the sequences \C, \G, or \L are present in a data line that
+ is successfully matched, the substrings extracted by the convenience
+ functions are output with C, G, or L after the string number instead of
+ a colon. This is in addition to the normal full list. The string length
+ (that is, the return from the extraction function) is given in paren-
+ theses after each string for \C and \G.
+
+ Note that while patterns can be continued over several lines (a plain
+ ">" prompt is used for continuations), data lines may not. However new-
+ lines can be included in data by means of the \n escape.
+
+
+CALLOUTS
+
+ If the pattern contains any callout requests, pcretest's callout func-
+ tion is called during matching. By default, it displays the callout
+ number, the start and current positions in the text at the callout
+ time, and the next pattern item to be tested. For example, the output
+
+ --->pqrabcdef
+ 0 ^ ^ \d
+
+ indicates that callout number 0 occurred for a match attempt starting
+ at the fourth character of the subject string, when the pointer was at
+ the seventh character of the data, and when the next pattern item was
+ \d. Just one circumflex is output if the start and current positions
+ are the same.
+
+ Callouts numbered 255 are assumed to be automatic callouts, inserted as
+ a result of the /C pattern modifier. In this case, instead of showing
+ the callout number, the offset in the pattern, preceded by a plus, is
+ output. For example:
+
+ re> /\d?[A-E]\*/C
+ data> E*
+ --->E*
+ +0 ^ \d?
+ +3 ^ [A-E]
+ +8 ^^ \*
+ +10 ^ ^
+ 0: E*
+
+ The callout function in pcretest returns zero (carry on matching) by
+ default, but you can use an \C item in a data line (as described above)
+ to change this.
+
+ Inserting callouts can be helpful when using pcretest to check compli-
+ cated regular expressions. For further information about callouts, see
+ the pcrecallout documentation.
+
+
+SAVING AND RELOADING COMPILED PATTERNS
+
+ The facilities described in this section are not available when the
+ POSIX inteface to PCRE is being used, that is, when the /P pattern mod-
+ ifier is specified.
+
+ When the POSIX interface is not in use, you can cause pcretest to write
+ a compiled pattern to a file, by following the modifiers with > and a
+ file name. For example:
+
+ /pattern/im >/some/file
+
+ See the pcreprecompile documentation for a discussion about saving and
+ re-using compiled patterns.
+
+ The data that is written is binary. The first eight bytes are the
+ length of the compiled pattern data followed by the length of the
+ optional study data, each written as four bytes in big-endian order
+ (most significant byte first). If there is no study data (either the
+ pattern was not studied, or studying did not return any data), the sec-
+ ond length is zero. The lengths are followed by an exact copy of the
+ compiled pattern. If there is additional study data, this follows imme-
+ diately after the compiled pattern. After writing the file, pcretest
+ expects to read a new pattern.
+
+ A saved pattern can be reloaded into pcretest by specifing < and a file
+ name instead of a pattern. The name of the file must not contain a <
+ character, as otherwise pcretest will interpret the line as a pattern
+ delimited by < characters. For example:
+
+ re> </some/file
+ Compiled regex loaded from /some/file
+ No study data
+
+ When the pattern has been loaded, pcretest proceeds to read data lines
+ in the usual way.
+
+ You can copy a file written by pcretest to a different host and reload
+ it there, even if the new host has opposite endianness to the one on
+ which the pattern was compiled. For example, you can compile on an i86
+ machine and run on a SPARC machine.
+
+ File names for saving and reloading can be absolute or relative, but
+ note that the shell facility of expanding a file name that starts with
+ a tilde (~) is not available.
+
+ The ability to save and reload files in pcretest is intended for test-
+ ing and experimentation. It is not intended for production use because
+ only a single pattern can be written to a file. Furthermore, there is
+ no facility for supplying custom character tables for use with a
+ reloaded pattern. If the original pattern was compiled with custom
+ tables, an attempt to match a subject string using a reloaded pattern
+ is likely to cause pcretest to crash. Finally, if you attempt to load
+ a file that is not in the correct format, the result is undefined.
+
+
+AUTHOR
+
+ Philip Hazel <ph10@cam.ac.uk>
+ University Computing Service,
+ Cambridge CB2 3QG, England.
+
+Last updated: 10 September 2004
+Copyright (c) 1997-2004 University of Cambridge.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 16:16:14 +0000