./mail/exim-html, HTML documentation for the Exim mail transfer agent

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 4.96, Package name: exim-html-4.96, Maintainer: abs

HTML documentation for the Exim mail transfer agent.

Master sites:

Filesize: 553.465 KB

Version history: (Expand)

CVS history: (Expand)

   2022-07-02 11:24:34 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
exim exim-html: updated to 4.96

New stuff we've added since 4.95:

  - A new ACL condition: seen. Records/tests a timestamp against a key.
  - A variant of the "mask" expansion operator to give normalised IPv6.
  - UTC output option for exim_dumpdb, exim_fixdb.
  - An event for failing TLS connects to the daemon.
  - The ACL "debug" control gains options "stop", \ 
"pretrigger" and "trigger".
  - Query-style lookups are now checked for quoting, if the query string is
     built using untrusted data ("tainted").  For now lack of quoting \ 
is merely
     logged; a future release will upgrade this to an error.
  - The expansion conditions match_<list-type> and inlist now set $value for
     the expansion of the "true" result of the ${if}.  With a static \ 
list, this
     can be used for de-tainting.

Notable removals since 4.95:

   - the "allow_insecure_tainted_data" main config option and the
     "taint" log_selector.  These were deprecated in the 4.95 release.
   2021-11-14 21:19:08 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
exim exim-html: updated to 4.95

Version 4.95

 1. The fast-ramp two phase queue run support, previously experimental, is
    now supported by default.

 2. The native SRS support, previously experimental, is now supported. It is
    not built unless specified in the Local/Makefile.

 3. TLS resumption support, previously experimental, is now supported and
    included in default builds.

 4. Single-key LMDB lookups, previously experimental, are now supported.
    The support is not built unless specified in the Local/Makefile.

 5. Option "message_linelength_limit" on the smtp transport to enforce (by
    default) the RFC 998 character limit.

 6. An option to ignore the cache on a lookup.

 7. Quota checking during reception (i.e. at SMTP time) for appendfile-
    transport-managed quotas.

 8. Sqlite lookups accept a "file=<path>" option to specify a \ 
    db file, replacing the previous prefix to the SQL string (which had
    issues when the SQL used tainted values).

 9. Lsearch lookups accept a "ret=full" option, to return both the portion
    of the line matching the key, and the remainder.

10. A command-line option to have a daemon not create a notifier socket.

11. Faster TLS startup.  When various configuration options contain no
    expandable elements, the information can be preloaded and cached rather
    than the previous behaviour of always loading at startup time for every
    connection.  This helps particularly for the CA bundle.

12. Proxy Protocol Timeout is configurable via "proxy_protocol_timeout"
    main config option.

13. Option "smtp_accept_max_per_connection" is now expanded.

14. Log selector "queue_size_exclusive", enabled by default, to exclude the
    time taken for reception from QT log elements.

15. Main option "smtp_backlog_monitor", to set a level above which listen
    socket backlogs are logged.

16. Main option "hosts_require_helo", requiring HELO or EHLO before MAIL.

17. A main config option "allow_insecure_tainted_data" allows to turn

18. TLS ALPN handling.  By default, refuse TLS connections that try to specify
    a non-smtp (eg. http) use.  Options for customising.

19. Support for MacOS (darwin) has been dropped.
   2021-10-26 12:54:34 by Nia Alarie | Files touched by this commit (356)
Log message:
mail: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles were unfetchable (possibly fetched

./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
   2021-10-07 16:25:52 by Nia Alarie | Files touched by this commit (357)
Log message:
mail: Remove SHA1 hashes for distfiles
   2021-04-21 10:11:17 by Thomas Klausner | Files touched by this commit (7)
Log message:
*: remove dead master site
   2020-06-01 21:42:48 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
exim exim-html: updated to 4.94

Exim version 4.94

JH/01 Avoid costly startup code when not strictly needed.  This reduces time
      for some exim process initialisations.  It does mean that the logging
      of TLS configuration problems is only done for the daemon startup.

JH/02 Early-pipelining support code is now included unless disabled in Makefile.

JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to
      RFC 8301.  They can still be enabled, using the dkim_verify_hashes main

JH/04 Support CHUNKING from an smtp transport using a transport_filter, when
      DKIM signing is being done.  Previously a transport_filter would always
      disable CHUNKING, falling back to traditional DATA.

JH/05 Regard command-line receipients as tainted.

JH/06 Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM.

JH/07 Bug 2489: Fix crash in the "pam" expansion condition.  It seems \ 
that the
      PAM library frees one of the arguments given to it, despite the
      documentation.  Therefore a plain malloc must be used.

JH/08 Bug 2491: Use tainted buffers for the transport smtp context.  Previously
      on-stack buffers were used, resulting in a taint trap when DSN information
      copied from a received message was written into the buffer.

JH/09 Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix
      the ordering of its ARC headers.  This caused a crash.

JH/10 Bug 2492: Use tainted memory for retry record when needed.  Previously when
      a new record was being constructed with information from the peer, a trap
      was taken.

JH/11 Bug 2494: Unset the default for dmarc_tld_file.  Previously a naiive
      installation would get error messages from DMARC verify, when it hit the
      nonexistent file indicated by the default.  Distros wanting DMARC enabled
      should both provide the file and set the option.
      Also enforce no DMARC verification for command-line sourced messages.

JH/12 Fix an uninitialised flag in early-pipelining.  Previously connections
      could, depending on the platform, hang at the STARTTLS response.

JH/13 Bug 2498: Reset a counter used for ARC verify before handling another
      message on a connection.  Previously if one message had ARC headers and
      the following one did not, a crash could result when adding an
      Authentication-Results: header.

JH/14 Bug 2500: Rewind some of the common-coding in string handling between the
      Exim main code and Exim-related utities.  The introduction of taint
      tracking also did many adjustments to string handling.  Since then, eximon
      frequently terminated with an assert failure.

JH/15 When PIPELINING, synch after every hundred or so RCPT commands sent and
      check for 452 responses.  This slightly helps the inefficieny of doing
      a large alias-expansion into a recipient-limited target.  The max_rcpt
      transport option still applies (and at the current default, will override
      the new feature).  The check is done for either cause of synch, and forces
      a fast-retry of all 452'd recipients using a new MAIL FROM on the same
      connection.  The new facility is not tunable at this time.

JH/16 Fix the variables set by the gsasl authenticator.  Previously a pointer to
      library live data was being used, so the results became garbage.  Make
      copies while it is still usable.

JH/17 Logging: when the deliver_time selector ise set, include the DT= field
      on delivery deferred (==) and failed (**) lines (if a delivery was
      attemtped).  Previously it was only on completion (=>) lines.

JH/18 Authentication: the gsasl driver not provides the $authN variables in time
      for the expansion of the server_scram_iter and server_scram_salt options.

WB/01 SPF: DNS lookups for the obsolete SPF RR type done by the libspf2 library
      are now specifically given a NO_DATA response without hitting the system
      resolver.  The library goes on to do the now-standard TXT lookup.
      Use of dnsdb lookups is not affected.

JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure,
      only retrieve the errormessage once.  Previously two calls to dlerror()
      were used, and the second one (for mainlog/paniclog) retrieved null

JH/20 Taint checking: disallow use of tainted data for
      - the appendfile transport file and directory options
      - the pipe transport command
      - the autoreply transport file, log and once options
      - file names used by the redirect router (including filter files)
      - named-queue names
      - paths used by single-key lookups
      Previously this was permitted.

JH/21 Bug 2501: Fix init call in the heimdal authenticator.  Previously it
      adjusted the size of a major service buffer; this failed because the
      buffer was in use at the time.  Change to a compile-time increase in the
      buffer size, when this authenticator is compiled into exim.

JH/22 Taint-checking: move to safe-mode taint checking on all platforms.  The
      previous fast-mode was untenable in the face of glibs using mmap to
      support larger malloc requests.

PP/01 Update the openssl_options possible values through OpenSSL 1.1.1c.
      New values supported, if defined on system where compiled:
      allow_no_dhe_kex, cryptopro_tlsext_bug, enable_middlebox_compat,
      no_anti_replay, no_encrypt_then_mac, prioritize_chacha, tlsext_padding

JH/23 Performance improvement in the initial phase of a two-pass queue run.  By
      running a limited number of proceses in parallel, a benefit is gained. The
      amount varies with the platform hardware and load.  The use of the option
      queue_run_in_order means we cannot do this, as ordering becomes

JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage.  A previous fix
      had introduced a string-copy (for ensuring NUL-termination) which was not
      appropriate for that case, which can include embedded NUL bytes in the
      block of data.  Investigation showed the copy to actually be needless, the
      data being length-specified.

JH/25 Fix use of concurrent TLS connections under GnuTLS.  When a callout was
      done during a receiving connection, and both used TLS, global info was
      used rather than per-connection info for tracking the state of data
      queued for transmission.  This could result in a connection hang.

JH/26 Fix use of the SIZE parameter on MAIL commands, on continued connections.
      Previously, when delivering serveral messages down a single connection
      only the first would provide a SIZE.  This was due to the size information
      not being properly tracked.

JH/27 Bug 2530: When operating in a timezone with sub-minute offset, such as
      TAI (at 37 seconds currently), pretend to be in UTC for time-related
      expansion and logging.  Previously, spurious values such as a future
      minute could be seen.

JH/28 Bug 2533: Fix expansion of ${tr } item.  When called in some situations
      it could crash from a null-deref.  This could also affect the
      ${addresses: } operator and ${readsock } item.

JH/29 Bug 2537: Fix $mime_part_count.  When a single connection had a non-mime
      message following a mime one, the variable was not reset.

JH/30 When an pipelined-connect fails at the first response, assume incorrect
      cached capability (perhaps the peer reneged?) and immediately retry in
      non-pipelined mode.

JH/31 Fix spurious detection of timeout while writing to transport filter.

JH/32 Bug 2541: Fix segfault on bad cmdline -f (sender) argument.  Previously
      an attempt to copy the string was made before checking it.

JH/33 Fix the dsearch lookup to return an untainted result.  Previously the
      taint of the lookup key was maintained; we now regard the presence in the
      filesystem as sufficient validation.

JH/34 Fix the readsocket expansion to not segfault when an empty "options"
      argument is supplied.

JH/35 The dsearch lookup now requires that the directory is an absolute path.
      Previously this was not checked, and nonempty relative paths made an
      access under Exim's current working directory.

JH/36 Bug 2554: Fix msg:defer event for the hosts_max_try_hardlimit case.
      Previously no event was raised.

JH/37 Bug 2552: Fix the check on spool space during reception to use the SIZE
      parameter supplied by the sender MAIL FROM command.  Previously it was
      ignored, and only the check_spool_space option value for the required
      leeway checked.

JH/38 Fix $dkim_key_length.  This should, after a DKIM verification, present
      the size of the signing public-key.  Previously it was instead giving
      the size of the signature hash.

JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now
      the default.  See the (new) dkim_verify_min_keysizes option.

JH/40 Fix a memory-handling bug: when a connection carried multiple messages
      and an ACL use a lookup for checking either the local_part or domain,
      stale data could be accessed.  Ensure that variable references are
      dropped between messages.

JH/41 Bug 2571: Fix SPA authenticator.  Running as a server, an offset supplied
      by the client was not checked as pointing within response data before
      being used.  A malicious client could thus cause an out-of-bounds read and
      possibly gain authentication.  Fix by adding the check.

JH/42 Internationalisation: change the default for downconversion in the smtp
      transport to be "if needed".  Previously it was "as \ 
previously set" for
      the message, which usually meant "if needed" for \ 
message-submission but
      "no" for everything else.  However, MTAs have been seen using \ 
      even when the envelope addresses did not need it, resulting in forwarding
      failures to non-supporting MTAs.  A downconvert in such cases will be
      a no-op on the addresses, merely dropping the use of SMTPUTF8 by the
      transport.  The change does mean that addresses needing conversion will
      be converted when previously a delivery failure would occur.

JH/43 Fix possible long line in DSN.  Previously when a very long SMTP error
      response was received it would be used unchecked in a fail-DSN, violating
      standards on line-length limits.  Truncate if needed.

HS/01 Remove parameters of the link to www.open-spf.org. The linked form
      doesn't work. (Additionally add a new main config option to configure the
   2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981)
Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
   2019-12-09 19:46:01 by Adam Ciarcinski | Files touched by this commit (7) | Package updated
Log message:
exim: updated to 4.93

Exim version 4.93

JH/01 OpenSSL: With debug enabled output keying information sufficient, server
      side, to decode a TLS 1.3 packet capture.

JH/02 OpenSSL: Suppress the sending of (stateful) TLS1.3 session tickets.
      Previously the default library behaviour applied, sending two, each in
      its own TCP segment.

JH/03 Debug output for ACL now gives the config file name and line number for
      each verb.

JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause.

JH/05 DKIM: ensure that dkim_domain elements are lowercased before use.

JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible
      buffer overrun for (non-chunking) other transports.

JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
      TLS1.3, means that a server rejecting a client certificate is not visible
      to the client until the first read of encrypted data (typically the
      response to EHLO).  Add detection for that case and treat it as a failed
      TLS connection attempt, so that the normal retry-in-clear can work (if
      suitably configured).

JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part
      and/or domain.  Found and fixed by Jason Betts.

JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid
      configuration).  If a CNAME target was not a wellformed name pattern, a
      crash could result.

JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when
      the OS reports them interleaved with other addresses.

JH/10 OpenSSL: Fix aggregation of messages.  Previously, when PIPELINING was
      used both for input and for a verify callout, both encrypted, SMTP
      responses being sent by the server could be lost.  This resulted in
      dropped connections and sometimes bounces generated by a peer sending
      to this system.

JH/11 Harden plaintext authenticator against a badly misconfigured client-send
      string.  Previously it was possible to cause undefined behaviour in a
      library routine (usually a crash).  Found by "zerons".

JH/12 Bug 2384: fix "-bP smtp_receive_timeout".  Previously it returned no

JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward.  Some old
      API was removed, so update to use the newer ones.

JH/14 Bug 1891: Close the log file if receiving a non-smtp message, without
      any timeout set, is taking a long time.  Previously we would hang on to a
      rotated logfile "forever" if the input was arriving with long gaps
      (a previous attempt to fix addressed lack, for a long time, of initial

HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a
      shared (NFS) environment. The length of the tempfile name is now
      4 + 16 ("hdr.$message_exim_id") which might break on file
      systems which restrict the file name length to lower values.
      (It was "hdr.$pid".)

HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a
      shared (NFS) environment.

HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it
      did for all versions <4.90). Notably -M, -m, --invert, -I may be

JH/15 Use unsigned when creating bitmasks in macros, to avoid build errors
      on some platforms for bit 31.

JH/16 GnuTLS: rework ciphersuite strings under recent library versions.  Thanks
      to changes apparently associated with TLS1.3 handling some of the APIs
      previously used were either nonfunctional or inappropriate.  Strings
      like TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM__AEAD:256
      and TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128 replace
      the previous TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 .
      This affects log line X= elements, the $tls_{in,out}_cipher variables,
      and the use of specific cipher names in the encrypted= ACL condition.

JH/17 OpenSSL: the default openssl_options now disables ssl_v3.

JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the
      verification result was not updated unless hosts_require_ocsp applied.

JH/19 Bug 2398: fix listing of a named-queue.  Previously, even with the option
      queue_list_requires_admin set to false, non-admin users were denied the

JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
      directory-of-certs mode.  Previously they were advertised despite the

JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by \ 
      A single TCP connection by a client will now hold a TLS connection open
      for multiple message deliveries, by default.  Previoud the default was to
      not do so.

JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by
      default.  If built with the facility, DANE will be used.  The facility
      SUPPORT_DANE is now enabled in the prototype build Makefile "EDITME".

JH/23 The build default is now for TLS to be included; the SUPPORT_TLS define
      is replaced with DISABLE_TLS.  Either USE_GNUTLS or (the new) USE_OPENSSL
      must be defined and you must still, unless you define DISABLE_TLS, manage
      the the include-dir and library-file requirements that go with that
      choice.  Non-TLS builds are still supported.

JH/24 Fix duplicated logging of peer name/address, on a transport connection-
      reject under TFO.

JH/25 The smtp transport option "hosts_try_fastopen" now enables all \ 
hosts by
      default.  If the platform supports and has the facility enabled, it will
      be requested on all coneections.

JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now
      controlled by the build-time option SUPPORT_PIPE_CONNECT.

PP/01 Unbreak heimdal_gssapi, broken in 4.92.

JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for
      success-DSN messages.  Previously the From: header was always the default
      one for these; the option was ignored.

JH/28 Fix the timeout on smtp response to apply to the whole response.
      Previously it was reset for every read, so a teergrubing peer sending
      single bytes within the time limit could extend the connection for a
      long time.  Credit to Qualsys Security Advisory Team for the discovery.

JH/29 Fix DSN Final-Recipient: field.  Previously it was the post-routing
      delivery address, which leaked information of the results of local
      forwarding.  Change to the original envelope recipient address, per

JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is
      requested.  Previously not bounce was generated and a log entry of
      error ignored was made.

JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917)

JH/32 Introduce a general tainting mechanism for values read from the input
      channel, and values derived from them.  Refuse to expand any tainted
      values, to catch one form of exploit.

JH/33 Bug 2413: Fix dkim_strict option.  Previously the expansion result
      was unused and the unexpanded text used for the test.  Found and
      fixed by Ruben Jenster.

JH/34 Fix crash after TLS shutdown.  When the TCP/SMTP channel was left open,
      an attempt to use a TLS library read routine dereffed a nul pointer,
      causing a segfault.

JH/35 Bug 2409: filter out-of-spec chars from callout response before using
      them in our smtp response.

JH/36 Have the general router option retry_use_local_part default to true when
      any of the restrictive preconditions are set (to anything).  Previously it
      was only for check_local user.  The change removes one item of manual
      configuration which is required for proper retries when a remote router
      handles a subset of addresses for a domain.

JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file
      link count into consideration.

HS/04 Fix handling of very log lines in -H files. If a -<key> \ 
<value> line
      caused the extension of big_buffer, the following lines were ignored.

JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in
      accordance with RFC 2308.  Previously there was no expiry, so a longlived
      receive process (eg. due to ACL delays) versus a short SOA value could

HS/05 Handle trailing backslash gracefully. (CVE-2019-15846)

JH/39 Promote DMARC support to mainline.

JH/40 Bug 2452: Add a References: header to DSNs.

JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman
      parameters.  The relevant library call is documented as "Deprecated: This
      function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since
      3.6.0, DH parameters are negotiated following RFC7919."

HS/06 Change the default of dnssec_request_domains to "*"

JH/42 Bug 2545: Fix CHUNKING for all RCPT commands rejected.  Previously we
      carried on and emitted a BDAT command, even when PIPELINING was not

JH/43 Bug 2465: Fix taint-handling in dsearch lookup.  Previously a nontainted
      buffer was used for the filename, resulting in a trap when tainted
      arguments (eg. $domain) were used.

JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below;
      recommended to avoid a possible server-load attack.  The feature can be
      re-enabled via the openssl_options main cofiguration option.

JH/45 local_scan API: documented the current smtp_printf() call. This changed
      for version 4.90 - adding a "more data" boolean to the arguments.
      Bumped the ABI version number also, this having been missed previously;
      release versions 4.90 to 4.92.3 inclusive were effectively broken in
      respect of usage of smtp_printf() by either local_scan code or libraries
      accessed via the ${dlfunc } expansion item.  Both will need coding
      adjustment for any calls to smtp_printf() to match the new function
      signature; a FALSE value for the new argument is always safe.

JH/46 FreeBSD: fix use of the sendfile() syscall.  The shim was not updating
      the file-offset (which the Linux syscall does, and exim expects); this
      resulted in an indefinite loop.

JH/47 ARC: fix crash in signing, triggered when a configuration error failed
      to do ARC verification.  The Authentication-Results: header line added
      by the configuration then had no ARC item.