Exim version 4.33 ----------------- 1. Change 4.24/6 introduced a bug because the SIGALRM handler was disabled before starting a queue runner without re-exec. This happened only when deliver_drop_privilege was set or when the Exim user was set to root. The effect of the bug was that timeouts during subsequent deliveries caused crashes instead of being properly handled. The handler is now left at its default (and expected) setting. 2. The other case in which a daemon avoids a re-exec is to deliver an incoming message, again when deliver_drop_privilege is set or Exim is run as root. The bug described in (1) was not present in this case, but the tidying up of the other signals was missing. I have made the two cases consistent. 3. The ignore_target_hosts setting on a manualroute router was being ignored for hosts that were looked up using the /MX notation. 4. Added /ignore= feature to @mx_any, @mx_primary, and @mx_secondary in domain lists. 5. Change 4.31/55 was buggy, and broke when there was a rewriting rule that operated on the sender address. After changing the $sender_address to <> for the sender address verify, Exim was re-instated it as the original (before rewriting) address, but remembering that it had rewritten it, so it wasn't rewriting it again. This bug also had the effect of breaking the sender address verification caching when the sender address was rewritten. 6. The ignore_target_hosts option was being ignored by the ipliteral router. This has been changed so that if the ip literal address matches ignore_target_hosts, the router declines. 7. Added expansion conditions match_domain, match_address, and match_local_ part (NOT match_host). 8. The placeholder for the Received: header didn't have a length field set. 9. Added code to Exim itself and to exim_lock to test for a specific race condition that could lead to file corruption when using MBX delivery. The issue is with the lockfile that is created in /tmp. If this file is removed after a process has opened it but before that process has acquired a lock, there is the potential for a second process to recreate the file and also acquire a lock. This could lead to two Exim processes writing to the file at the same time. The added code performs the same test as UW imapd; it checks after acquiring the lock that its file descriptor still refers to the same named file. 10. The buffer for building added header lines was of fixed size, 8192 bytes. It is now parameterized by HEADER_ADD_BUFFER_SIZE and this can be adjusted when Exim is built. 11. Added the smtp_active_hostname option. If used, this will typically be made to depend on the incoming interface address. Because $interface_address is not set up until the daemon has forked a reception process, error responses that can happen earlier (such as "too many connections") no longer contain a host name. 12. If an expansion in a condition on a "warn" statement fails because a lookup defers, the "warn" statement is abandoned, and the next ACL statement is processed. Previously this caused the whole ACL to be aborted. 13. Added the iplsearch lookup type. 14. Added ident_timeout as a log selector. 15. Added tls_certificate_verified as a log selector. 16. Added a global option tls_require_ciphers (compare the smtp transport option of the same name). This controls incoming TLS connections. 17. I finally figured out how to make tls_require_ciphers do a similar thing in GNUtls to what it does in OpenSSL, that is, set up an appropriate list before starting the TLS session. 18. Tabs are now shown as \t in -bP output. 19. If the log selector return_path_on_delivery was set, Exim crashed when bouncing a message because it had too many Received: header lines. 20. If two routers both had headers_remove settings, and the first one included a superfluous trailing colon, the final name in the first list and the first name in the second list were incorrectly joined into one item (with a colon in the middle). ****