This file contains a brief list of specification changes to Exim that apply
to the release with which it is distributed, and sometimes also for previous
releases if there have been several releases fairly close together. Complete
lists of all changes to the code, including bug fixes, are listed in
doc/ChangeLog, and fuller documentation for changes that have not yet made it
into the manual is available in doc/NewStuff.


Specification changes since release 3.10
----------------------------------------

<none>


Specification changes since release 3.03
----------------------------------------

. The option log_queue_run_level specifies the log level for the messages
  "Start queue run" and "End queue run". The default is 0.

. Addition of forbid_lookup, forbid_existstest and forbid_perl to the
  forwardfile director.

. All directors except smartuser had current_directory and home_directory
  options, to set values used at transport time. These options have now been
  made generic, so now apply to all directors.

. If SUPPORT_MOVE_FROZEN_MESSAGES is set at compile time, the new option
  move_frozen_messages causes frozen messages and their message logs to be moved
  from the input and msglog directories on the spool to Finput and Fmsglog.
  There is currently no support in Exim or the standard utilities for handling
  such moved messages and they won't show up in lists generated by -bp or
  eximon.

. If no transport is specified for a smartuser director, the new_address field
  may now specify a comma-separated list of new addresses, and :blackhole:,
  :defer: and :fail: can also be used there. In otherwords, new_address is like
  a line from an alias file (except that :include: is not supported).

. The exigrep utility now automatically zcats any log file whose name ends in
  COMPRESS_SUFFIX, using ZCAT_COMMAND, as defined in Local/Makefile.

. The expansion condition first_delivery is true for the first delivery
  attempt on a message; queue_running is true when a delivery attempt is caused
  by a queue runner.

. When log_refused_recipients is set, each log line now has a reason for
  refusal such as "(RBL)" or "(sender_reject_recipients)".

. The magic string "+warn_unknown" behaves like "+allow_unknown", but it
  writes a log line every time it lets through a host whose name can't be
  looked up.

. If EXIMON_LOG_FILE_PATH is set in the environment when eximon starts up, it
  overrides the configuration setting. This makes it possible to have eximon
  tailing log data that is written to syslog, provided that MAIL.INFO messages
  are routed to a separate file.

. Policy rejections of recipients can now be overridden for certain senders
  by setting recipients_reject_except_senders.

. When all deferred addresses have the same domain, it is set in $domain
  during the expansion of delay_warning_condition. For pipes, files, or
  autoreplies, this is the domain of the parent.

. -Rr (and -Rrf, -Rrff) treat the string as a regular expression.

. Added -S (with all variations), which works like -R except that it checks
  the message's sender instead of the undelivered recipients. If both -R and -S
  are given, both conditions must be satisfied.

. The new expansion variable $message_age contains the length of time since
  the message was received as a number of seconds.

. The syntax of LDAP queries has been extended to allow the passing of more
  information than is available in the LDAP URL. An LDAP query may now consist
  of a URL preceded by any number of "name=value" settings, separated by
  spaces. If a value contains spaces it must be enclosed in double quotes, and
  when double quotes are used, backslash is interpreted in the usual way inside
  them. The following names are recognized:

  USER     set the DN       ) for authenticating the LDAP bind
  PASS     set the password )
  SIZE     set the limit for the number of entries returned
  TIME     set the maximum waiting time for a query

. Callers whose gid is Exim's gid are now automatically trusted (only the uid
  was looked at previously).

. There's a new option called admin_groups. If the current or any of the
  supplementary groups of the caller is in this list, the caller has admin user
  privileges.

. There is now support for PAM (Pluggable Authentication Modules), a facility
  which is available in the latest releases of Solaris and in some GNU/Linux
  distributions (see http://ftp.at.kernel.org/pub/linux/libs/pam/).

. The file that the exiwhat mechanism uses for process status information is
  no longer bundled with the log files. Instead, "exim-process.info" in the
  spool directory is used.

. Exim can now be configured to log to syslog as well as or instead of to
  local log files.

. There's a new expansion operator called "mask" which converts an IP address
  to binary, masks off the least significant bits, and converts the result back
  to text, with mask appended. For example: ${mask:10.111.131.206/28} returns
  the string "10.111.131.192/28".

. There exist some rare networking situations (for example, packet radio)
  where it is helpful to be able to translate IP addresses generated by normal
  routing mechanisms into other IP addresses, thus performing a kind of manual
  IP routing. This should be done only if the normal IP routing of the TCP/IP
  stack is inadequate or broken. Exim now has this capability.

. A new option called retry_data_expire (default 7d) specifies that retry data
  older than this should be ignored. This means that if, for example, a host
  hasn't been tried for 7 days, Exim will behave as if it had no knowledge of
  past failures.

. To help with formulating lookup queries, there is a new expansion operator

  ${quote_<lookup-type>:<string>}

  which quotes the characters of the string in a lookup-specific way. For
  example, the safest way to write a NIS+ query is

  [name="${quote_nisplus:$local_part}"]

. The from_hack option in the appendfile and pipe transports has been replaced
  by two string options, check_string and escape_string. When set, the start of
  each line is tested for matching check_string, and if it does, those
  characters are replaced by the contents of escape_string.

. The appendfile transport has a new option called file_format, defaulting
  unset. If set, it requests the transport to check the format of an existing
  file before adding to it.

. There is a new expansion condition called crypteq, which is automatically
  available if Exim is built to support any authentication mechanisms.
  Otherwise, it is necessary to define SUPPORT_CRYPTEQ to get it included in
  the binary. The crypteq condition has two arguments. The first is encrypted
  and compared against the second, which is already encrypted. Two encryption
  types are currently supported:

  . md5 first computes the MD5 digest of the string, and then expresses this
    as printable characters by means of the base64 encoding.

  . crypt calls the crypt() function as used for encrypting login passwords.

. There is now support for the AUTH extension to SMTP (RFC 2554), both as a
  client and as a server.

. The -bv option now runs interactively, like -bt, if no addresses are given
  on the command line.

. There is a new option called -be which is for testing string expansion. If
  no arguments are given it runs interactively. It simply does a string
  expansion on arguments (or data lines) and outputs the result.

. The GNU/Hurd operating system is now supported.

. If quota is specified on an appendfile transport, then quota_warn_threshold
  may optionally be specified as a percentage.

. There's an alternative hashing function for expanded strings, called "nhash"
  for "numeric hash". An item of the form  ${nhash_<n>:string}  produces a
  number in the range 0-n, while an item of the form ${nhash_<n>_<m>:string}
 produces two numbers, separated by a '/', in the ranges 0-n and 0-m
 respectively, using a div/mod hash.

. The expansion variable $host_lookup_failed contains "1" if there has been an
  attempt to look up the sending host's name from its IP address, and this has
  failed to find the name. Otherwise $host_lookup_failed contains "0".

. The exim_dbmbuild utility now warns if it encounters a duplicate key. By
  default, only the first of a set of duplicates is used - this is a change
  from the previous state, but it does make it compatible with lsearch lookups.
  There is an option -lastdup which causes it to use the last instead, which is
  compatible with what it did before. There is also an option -nowarn, which
  stops it listing duplicate keys to stderr. If any duplicates are encountered,
  the return code is 1. For other errors, where it doesn't actually make a new
  file, the return code is 2.

. There is a new option called ldap_default_servers which can be used to
  supply a colon-separated list of replicated LDAP servers. If an LDAP lookup
  has no server mentioned in the URL, that is, the URL begins "ldap:///...",
  and ldap_default_servers is set, then the query is passed to each of the
  listed servers in turn.

. There is now a variant of the dbm lookup type called dbmnz, which does not
  include a trailing binary zero in the keystring that is looked up.

. Support for MYSQL is now available when LOOKUP_MYSQL is defined.

. In a system filter file (but not in a user filter) a "deliver" command may
  now be followed by "errors_to <some address>" in order to change the envelope
  sender (and hence the error reporting) for that delivery.

. The number can now be omitted from host list net searches, in which case
  the IP address is looked up without masking and without any additional text.
  For example, if an item in a host list is net-lsearch;/some/file and the
  calling host has IP address 10.9.8.7 then the key that is used in the
  lookup is "10.9.8.7".

. When IPv6 addresses are used in net lookups, the separator between the
  components is "." rather than the conventional ":" because colon is the key
  terminator in lsearch files. The full, unabbreviated IPv6 address is always
  used.

****
