[exim] New Stuff

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: exim-users
Subject: [exim] New Stuff
Sorry - I didn't read the whole list of links about the new stuff. BTW-
I've been running the snapshot and using the new sender verify commands
and this is a MUST HAVE release. Phil has made excellent improvements in it.

Version 4.50
------------

 1. There is a new build-time option called CONFIGURE_GROUP which works like
    CONFIGURE_OWNER. It specifies one additional group that is permitted for
    the runtime configuration file when the group write permission is set.


 2. The "control=submission" facility has a new option /sender_retain. This
    has the effect of setting local_sender_retain true and local_from_check
    false for the incoming message in which it is encountered.


3. $recipients is now available in the predata ACL (oversight).

 4. The value of address_data from a sender verification is now available in
    $sender_address_data in subsequent conditions in the ACL statement. Note:
    this is just like $address_data. The value does not persist after the end
    of the current ACL statement. If you want to preserve it, you can use one
    of the ACL variables.


 5. The redirect router has two new options: forbid_sieve_filter and
    forbid_exim_filter. When filtering is enabled by allow_filter, these
    options control which type(s) of filtering are permitted. By default, both
    Exim and Sieve filters are allowed.


 6. A new option for callouts makes it possible to set a different (usually
    smaller) timeout for making the SMTP connection. The keyword is "connect".
    For example:


       verify = sender/callout=5s,connect=1s


    If not specified, it defaults to the general timeout value.


 7. The new variables $sender_verify_failure and $recipient_verify_failure
    contain information about exactly what failed. In an ACL, after one of
    these failures, the relevant variable contains one of the following words:


      qualify       the address was unqualified (no domain), and the message
                    was neither local nor came from an exempted host;


      route         routing failed;


      mail          routing succeeded, and a callout was attempted; rejection
                    occurred at or before the MAIL command (that is, on initial
                    connection, HELO, or MAIL);


      recipient     the RCPT command in a callout was rejected;


      postmaster    the postmaster check in a callout was rejected.


    The main use of these variables is expected to be to distinguish between
    rejections of MAIL and rejections of RCPT.


 8. The command line option -dd behaves exactly like -d except when used on a
    command that starts a daemon process. In that case, debugging is turned off
    for the subprocesses that the daemon creates. Thus, it is useful for
    monitoring the behaviour of the daemon without creating as much output as
    full debugging.


 9. $host_address is now set to the target address during the checking of
    ignore_target_hosts.


10. There are four new variables called $spool_space, $log_space,
    $spool_inodes, and $log_inodes. The first two contain the amount of free
    space in the disk partitions where Exim has its spool directory and log
    directory, respectively. (When these are in the same partition, the values
    will, of course, be the same.) The second two variables contain the numbers
    of free inodes in the respective partitions.


    NOTE: Because disks can nowadays be very large, the values in the space
    variables are in kilobytes rather than in bytes. Thus, for example, to
    check in an ACL that there is at least 50M free on the spool, you would
    write:


       condition = ${if > {$spool_space}{50000}{yes}{no}}


    The values are recalculated whenever any of these variables is referenced.
    If the relevant file system does not have the concept of inodes, the value
    of those variables is -1. If the operating system does not have the ability
    to find the amount of free space (only true for experimental systems), the
    space value is -1.


11. It is now permitted to omit both strings after an "if" condition; if the
    condition is true, the result is the string "true". As before, when the
    second string is omitted, a false condition yields an empty string. This
    makes it less cumbersome to write custom ACL and router conditions. For
    example, instead of


      condition = ${if eq {$acl_m4}{1}{yes}{no}}


    or the shorter form


      condition = ${if eq {$acl_m4}{1}{yes}}


    (because the second string has always defaulted to ""), you can now write


      condition = ${if eq {$acl_m4}{1}}


    Previously this was a syntax error.


12. There is a new "record type" that can be specified in dnsdb lookups. It
    is "zns" (for "zone NS"). It performs a lookup for NS records on the given
    domain, but if none are found, it removes the first component of the domain
    name, and tries again. This process continues until NS records are found
    or there are no more components left (or there's a DNS error). In other
    words, it may return the name servers for a top-level domain, but it never
    returns the root name servers. If there are no NS records for the top-level
    domain, the lookup fails.


    For example, ${lookup dnsdb{zns=xxx.quercite.com}} returns the name
    servers for quercite.com, whereas ${lookup dnsdb{zns=xxx.edu}} returns
    the name servers for edu, assuming in each case that there are no NS
    records for the full domain name.


    You should be careful about how you use this lookup because, unless the
    top-level domain does not exist, the lookup will always return some host
    names. The sort of use to which this might be put is for seeing if the name
    servers for a given domain are on a blacklist. You can probably assume that
    the name servers for the high-level domains such as .com or .co.uk are not
    going to be on such a list.


13. Another new "record type" is "mxh"; this looks up MX records just as "mx"
    does, but it returns only the names of the hosts, omitting the priority
    values.


14. It is now possible to specify a list of domains or IP addresses to be
    looked up in a dnsdb lookup. The list is specified in the normal Exim way,
    with colon as the default separator, but with the ability to change this.
    For example:


      ${lookup dnsdb{one.domain.com:two.domain.com}}
      ${lookup dnsdb{a=one.host.com:two.host.com}}
      ${lookup dnsdb{ptr = <; 1.2.3.4 ; 4.5.6.8}}


    In order to retain backwards compatibility, there is one special case: if
    the lookup type is PTR and no change of separator is specified, Exim looks
    to see if the rest of the string is precisely one IPv6 address. In this
    case, it does not treat it as a list.


    The data from each lookup is concatenated, with newline separators (by
    default - see 14 below), in the same way that multiple DNS records for a
    single item are handled.


    The dnsdb lookup fails only if all the DNS lookups fail. If there is a
    temporary DNS error for any of them, the behaviour is controlled by
    an optional keyword followed by a comma that may appear before the record
    type. The possible keywords are "defer_strict", "defer_never", and
    "defer_lax". With "strict" behaviour, any temporary DNS error causes the
    whole lookup to defer. With "never" behaviour, a temporary DNS error is
    ignored, and the behaviour is as if the DNS lookup failed to find anything.
    With "lax" behaviour, all the queries are attempted, but a temporary DNS
    error causes the whole lookup to defer only if none of the other lookups
    succeed. The default is "lax", so the following lookups are equivalent:


      ${lookup dnsdb{defer_lax,a=one.host.com:two.host.com}}
      ${lookup dnsdb{a=one.host.com:two.host.com}}


    Thus, in the default case, as long as at least one of the DNS lookups
    yields some data, the dnsdb lookup succeeds.


15. It is now possible to specify the character to be used as a separator when
    a dnsdb lookup returns data from more than one DNS record. The default is a
    newline. To specify a different character, put '>' followed by the new
    character at the start of the query. For example:


      ${lookup dnsdb{>: a=h1.test.ex:h2.test.ex}}
      ${lookup dnsdb{>| mxh=<;m1.test.ex;m2.test.ex}}


    It is permitted to specify a space as the separator character. Note that
    more than one DNS record can be found for a single lookup item; this
    feature is relevant even when you do not specify a list.


    The same effect could be achieved by wrapping the lookup in ${tr...}; this
    feature is just a syntactic simplification.


16. It is now possible to supply a list of domains and/or IP addresses to be
    lookup up in a DNS blacklist. Previously, only a single domain name could
    be given, for example:


      dnslists = black.list.tld/$sender_host_name


    What follows the slash can now be a list. As with all lists, the default
    separator is a colon. However, because this is a sublist within the list of
    DNS blacklist domains, it is necessary either to double the separators like
    this:


      dnslists = black.list.tld/name.1::name.2


    or to change the separator character, like this:


      dnslists = black.list.tld/<;name.1;name.2


    If an item in the list is an IP address, it is inverted before the DNS
    blacklist domain is appended. If it is not an IP address, no inversion
    occurs. Consider this condition:


       dnslists = black.list.tls/<;192.168.1.2;a.domain


    The DNS lookups that occur are for


       2.1.168.192.black.list.tld  and  a.domain.black.list.tld


    Once a DNS record has been found (that matches a specific IP return
    address, if specified), no further lookups are done. If there is a
    temporary DNS error, the rest of the sublist of domains or IP addresses is
    tried. The dnslists item itself defers only if none of the other DNS
    lookups in this sublist succeeds. In other words, a successful lookup for
    any of the items in the sublist overrides a defer for a previous item.


17. The log selector queue_time_overall causes Exim to output the time spent on
    the queue as an addition to the "Completed" message. Like queue_time (which
    puts the queue time on individual delivery lines), the time is tagged with
    "QT=", and it is measured from the time that the message starts to be
    received, so it includes the reception time.


18. It is now possible to use both -bF and -bf on the same command, in order to
    test a system filter and a user filter in the same run. For example:


      exim -bF /system/filter -bf /user/filter </test/message


    This is helpful when the system filter adds header lines or sets filter
    variables that are used by the user filter.


19. The Exiscan patch is now merged into the main source. See src/EDITME for
    parameters for the build.


20. If the key for a dnsdb PTR lookup is not an IP address, it is used
    verbatim, without component reversal and without the addition of
    in-addr.arpa or ip6.arpa.


21. Two changes related to the smtp_active_hostname option:

      (1) $smtp_active_hostname is now available as a variable. Its value
          sticks with the message and is therefore available in routers and
          transports at delivery time.


      (2) The default for smtp_banner uses $smtp_active_hostname instead
          of $primary_hostname.


22. The hosts_max_try_hardlimit option (default 50) is added to the smtp
    transport. Exim will never try more than this number of IP addresses; if it
    hits this limit and they are all timed out, the message is bounced, even
    though not all IP addresses may have been tried. Compare hosts_max_try,
    which is a "soft" limit, because Exim will exceed it when hosts time out.
    The new limit is a protection against lunatic DNS configurations with
    hundreds of IP addresses.



****


--
Marc Perkel - marc@???

Spam Filter: http://www.junkemailfilter.com
    My Blog: http://marc.perkel.com
My Religion: http://www.churchofreality.org
~ "If it's real - we believe in it!" ~