Version 4.50 ------------ 1. There is a new build-time option called CONFIGURE_GROUP which works like CONFIGURE_OWNER. It specifies one additional group that is permitted for the runtime configuration file when the group write permission is set. 2. The "control=submission" facility has a new option /sender_retain. This has the effect of setting local_sender_retain true and local_from_check false for the incoming message in which it is encountered. 3. $recipients is now available in the predata ACL (oversight). 4. The value of address_data from a sender verification is now available in $sender_address_data in subsequent conditions in the ACL statement. Note: this is just like $address_data. The value does not persist after the end of the current ACL statement. If you want to preserve it, you can use one of the ACL variables. 5. The redirect router has two new options: forbid_sieve_filter and forbid_exim_filter. When filtering is enabled by allow_filter, these options control which type(s) of filtering are permitted. By default, both Exim and Sieve filters are allowed. 6. A new option for callouts makes it possible to set a different (usually smaller) timeout for making the SMTP connection. The keyword is "connect". For example: verify = sender/callout=5s,connect=1s If not specified, it defaults to the general timeout value. 7. The new variables $sender_verify_failure and $recipient_verify_failure contain information about exactly what failed. In an ACL, after one of these failures, the relevant variable contains one of the following words: qualify the address was unqualified (no domain), and the message was neither local nor came from an exempted host; route routing failed; mail routing succeeded, and a callout was attempted; rejection occurred at or before the MAIL command (that is, on initial connection, HELO, or MAIL); recipient the RCPT command in a callout was rejected; postmaster the postmaster check in a callout was rejected. The main use of these variables is expected to be to distinguish between rejections of MAIL and rejections of RCPT. 8. The command line option -dd behaves exactly like -d except when used on a command that starts a daemon process. In that case, debugging is turned off for the subprocesses that the daemon creates. Thus, it is useful for monitoring the behaviour of the daemon without creating as much output as full debugging. 9. $host_address is now set to the target address during the checking of ignore_target_hosts. 10. There are four new variables called $spool_space, $log_space, $spool_inodes, and $log_inodes. The first two contain the amount of free space in the disk partitions where Exim has its spool directory and log directory, respectively. (When these are in the same partition, the values will, of course, be the same.) The second two variables contain the numbers of free inodes in the respective partitions. NOTE: Because disks can nowadays be very large, the values in the space variables are in kilobytes rather than in bytes. Thus, for example, to check in an ACL that there is at least 50M free on the spool, you would write: condition = ${if > {$spool_space}{50000}{yes}{no}} The values are recalculated whenever any of these variables is referenced. If the relevant file system does not have the concept of inodes, the value of those variables is -1. If the operating system does not have the ability to find the amount of free space (only true for experimental systems), the space value is -1. 11. It is now permitted to omit both strings after an "if" condition; if the condition is true, the result is the string "true". As before, when the second string is omitted, a false condition yields an empty string. This makes it less cumbersome to write custom ACL and router conditions. For example, instead of condition = ${if eq {$acl_m4}{1}{yes}{no}} or the shorter form condition = ${if eq {$acl_m4}{1}{yes}} (because the second string has always defaulted to ""), you can now write condition = ${if eq {$acl_m4}{1}} Previously this was a syntax error. 12. There is a new "record type" that can be specified in dnsdb lookups. It is "zns" (for "zone NS"). It performs a lookup for NS records on the given domain, but if none are found, it removes the first component of the domain name, and tries again. This process continues until NS records are found or there are no more components left (or there's a DNS error). In other words, it may return the name servers for a top-level domain, but it never returns the root name servers. If there are no NS records for the top-level domain, the lookup fails. For example, ${lookup dnsdb{zns=xxx.quercite.com}} returns the name servers for quercite.com, whereas ${lookup dnsdb{zns=xxx.edu}} returns the name servers for edu, assuming in each case that there are no NS records for the full domain name. You should be careful about how you use this lookup because, unless the top-level domain does not exist, the lookup will always return some host names. The sort of use to which this might be put is for seeing if the name servers for a given domain are on a blacklist. You can probably assume that the name servers for the high-level domains such as .com or .co.uk are not going to be on such a list. 13. Another new "record type" is "mxh"; this looks up MX records just as "mx" does, but it returns only the names of the hosts, omitting the priority values. 14. It is now possible to specify a list of domains or IP addresses to be looked up in a dnsdb lookup. The list is specified in the normal Exim way, with colon as the default separator, but with the ability to change this. For example: ${lookup dnsdb{one.domain.com:two.domain.com}} ${lookup dnsdb{a=one.host.com:two.host.com}} ${lookup dnsdb{ptr = <; 1.2.3.4 ; 4.5.6.8}} In order to retain backwards compatibility, there is one special case: if the lookup type is PTR and no change of separator is specified, Exim looks to see if the rest of the string is precisely one IPv6 address. In this case, it does not treat it as a list. The data from each lookup is concatenated, with newline separators (by default - see 14 below), in the same way that multiple DNS records for a single item are handled. The dnsdb lookup fails only if all the DNS lookups fail. If there is a temporary DNS error for any of them, the behaviour is controlled by an optional keyword followed by a comma that may appear before the record type. The possible keywords are "defer_strict", "defer_never", and "defer_lax". With "strict" behaviour, any temporary DNS error causes the whole lookup to defer. With "never" behaviour, a temporary DNS error is ignored, and the behaviour is as if the DNS lookup failed to find anything. With "lax" behaviour, all the queries are attempted, but a temporary DNS error causes the whole lookup to defer only if none of the other lookups succeed. The default is "lax", so the following lookups are equivalent: ${lookup dnsdb{defer_lax,a=one.host.com:two.host.com}} ${lookup dnsdb{a=one.host.com:two.host.com}} Thus, in the default case, as long as at least one of the DNS lookups yields some data, the dnsdb lookup succeeds. 15. It is now possible to specify the character to be used as a separator when a dnsdb lookup returns data from more than one DNS record. The default is a newline. To specify a different character, put '>' followed by the new character at the start of the query. For example: ${lookup dnsdb{>: a=h1.test.ex:h2.test.ex}} ${lookup dnsdb{>| mxh=<;m1.test.ex;m2.test.ex}} It is permitted to specify a space as the separator character. Note that more than one DNS record can be found for a single lookup item; this feature is relevant even when you do not specify a list. The same effect could be achieved by wrapping the lookup in ${tr...}; this feature is just a syntactic simplification. 16. It is now possible to supply a list of domains and/or IP addresses to be lookup up in a DNS blacklist. Previously, only a single domain name could be given, for example: dnslists = black.list.tld/$sender_host_name What follows the slash can now be a list. As with all lists, the default separator is a colon. However, because this is a sublist within the list of DNS blacklist domains, it is necessary either to double the separators like this: dnslists = black.list.tld/name.1::name.2 or to change the separator character, like this: dnslists = black.list.tld/<;name.1;name.2 If an item in the list is an IP address, it is inverted before the DNS blacklist domain is appended. If it is not an IP address, no inversion occurs. Consider this condition: dnslists = black.list.tls/<;192.168.1.2;a.domain The DNS lookups that occur are for 2.1.168.192.black.list.tld and a.domain.black.list.tld Once a DNS record has been found (that matches a specific IP return address, if specified), no further lookups are done. If there is a temporary DNS error, the rest of the sublist of domains or IP addresses is tried. The dnslists item itself defers only if none of the other DNS lookups in this sublist succeeds. In other words, a successful lookup for any of the items in the sublist overrides a defer for a previous item. 17. The log selector queue_time_overall causes Exim to output the time spent on the queue as an addition to the "Completed" message. Like queue_time (which puts the queue time on individual delivery lines), the time is tagged with "QT=", and it is measured from the time that the message starts to be received, so it includes the reception time. 18. It is now possible to use both -bF and -bf on the same command, in order to test a system filter and a user filter in the same run. For example: exim -bF /system/filter -bf /user/filter