Version 4.68 ------------ 1. The body_linecount and body_zerocount C variables are now exported in the local_scan API. 2. When a dnslists lookup succeeds, the key that was looked up is now placed in $dnslist_matched. When the key is an IP address, it is not reversed in this variable (though it is, of course, in the actual lookup). In simple cases, for example: deny dnslists = spamhaus.example the key is also available in another variable (in this case, $sender_host_address). In more complicated cases, however, this is not true. For example, using a data lookup might generate a dnslists lookup like this: deny dnslists = spamhaus.example/<|192.168.1.2|192.168.6.7|... If this condition succeeds, the value in $dnslist_matched might be 192.168.6.7 (for example). 3. Authenticators now have a client_condition option. When Exim is running as a client, it skips an authenticator whose client_condition expansion yields "0", "no", or "false". This can be used, for example, to skip plain text authenticators when the connection is not encrypted by a setting such as: client_condition = ${if !eq{$tls_cipher}{}} Note that the 4.67 documentation states that $tls_cipher contains the cipher used for incoming messages. In fact, during SMTP delivery, it contains the cipher used for the delivery. The same is true for $tls_peerdn. 4. There is now a -Mvc option, which outputs a copy of the message to the standard output, in RFC 2822 format. The option can be used only by an admin user. 5. There is now a /noupdate option for the ratelimit ACL condition. It computes the rate and checks the limit as normal, but it does not update the saved data. This means that, in relevant ACLs, it is possible to lookup the existence of a specified (or auto-generated) ratelimit key without incrementing the ratelimit counter for that key. In order for this to be useful, another ACL entry must set the rate for the same key somewhere (otherwise it will always be zero). Example: acl_check_connect: # Read the rate; if it doesn't exist or is below the maximum # we update it below deny ratelimit = 100 / 5m / strict / noupdate log_message = RATE: $sender_rate / $sender_rate_period \ (max $sender_rate_limit) [... some other logic and tests...] warn ratelimit = 100 / 5m / strict / per_cmd log_message = RATE UPDATE: $sender_rate / $sender_rate_period \ (max $sender_rate_limit) condition = ${if le{$sender_rate}{$sender_rate_limit}} accept 6. The variable $max_received_linelength contains the number of bytes in the longest line that was received as part of the message, not counting the line termination character(s). 7. Host lists can now include +ignore_defer and +include_defer, analagous to +ignore_unknown and +include_unknown. These options should be used with care, probably only in non-critical host lists such as whitelists. 8. There's a new option called queue_only_load_latch, which defaults true. If set false when queue_only_load is greater than zero, Exim re-evaluates the load for each incoming message in an SMTP session. Otherwise, once one message is queued, the remainder are also. 9. There is a new ACL, specified by smtp_notquit_acl, which is run in most cases when an SMTP session ends without sending QUIT. However, when Exim itself is is bad trouble, such as being unable to write to its log files, this ACL is not run, because it might try to do things (such as write to log files) that make the situation even worse. Like the QUIT ACL, this new ACL is provided to make it possible to gather statistics. Whatever it returns (accept or deny) is immaterial. The "delay" modifier is forbidden in this ACL. When the NOTQUIT ACL is running, the variable $smtp_notquit_reason is set to a string that indicates the reason for the termination of the SMTP connection. The possible values are: acl-drop Another ACL issued a "drop" command bad-commands Too many unknown or non-mail commands command-timeout Timeout while reading SMTP commands connection-lost The SMTP connection has been lost data-timeout Timeout while reading message data local-scan-error The local_scan() function crashed local-scan-timeout The local_scan() function timed out signal-exit SIGTERM or SIGINT synchronization-error SMTP synchronization error tls-failed TLS failed to start In most cases when an SMTP connection is closed without having received QUIT, Exim sends an SMTP response message before actually closing the connection. With the exception of acl-drop, the default message can be overridden by the "message" modifier in the NOTQUIT ACL. In the case of a "drop" verb in another ACL, it is the message from the other ACL that is used. 10. For MySQL and PostgreSQL lookups, it is now possible to specify a list of servers with individual queries. This is done by starting the query with "servers=x:y:z;", where each item in the list may take one of two forms: (1) If it is just a host name, the appropriate global option (mysql_servers or pgsql_servers) is searched for a host of the same name, and the remaining parameters (database, user, password) are taken from there. (2) If it contains any slashes, it is taken as a complete parameter set. The list of servers is used in exactly the same was as the global list. Once a connection to a server has happened and a query has been successfully executed, processing of the lookup ceases. This feature is intended for use in master/slave situations where updates are occurring, and one wants to update a master rather than a slave. If the masters are in the list for reading, you might have: mysql_servers = slave1/db/name/pw:slave2/db/name/pw:master/db/name/pw In an updating lookup, you could then write ${lookup mysql{servers=master; UPDATE ...} If, on the other hand, the master is not to be used for reading lookups: pgsql_servers = slave1/db/name/pw:slave2/db/name/pw you can still update the master by ${lookup pgsql{servers=master/db/name/pw; UPDATE ...} 11. The message_body_newlines option (default FALSE, for backwards compatibility) can be used to control whether newlines are present in $message_body and $message_body_end. If it is FALSE, they are replaced by spaces. ****