Update exim-exiscan to 4.43_28 from 4.42_27
Update exim-html to 4.40 from 4.30
exim-exiscan:
28 - Added F-Secure support, thanks to Johan Thelmen <jth@home.se>.
- Upgraded SRS support to libsrs_alt 0.5 via Miles
Wilton's patch.
- REMOVED exiscan-acl implementation of custom header
placement in favor of Philip Hazel's native implementation.
However, a new option option was added for it to
mimic the behaviour of the old header_pos_middle option.
Read section 10 of exiscan-acl-spec.txt.
exim:
1. Fixed a longstanding but relatively impotent bug: a long time ago, before
PIPELINING, the function smtp_write_command() used to return TRUE or FALSE.
Now it returns an integer. A number of calls were still expecting a T/F
return. Fortuitously, in all cases, the tests worked in OK situations,
which is the norm. However, things would have gone wrong on any write
failures on the smtp file descriptor. This function is used when sending
messages over SMTP and also when doing verify callouts.
2. When Exim is called to do synchronous delivery of a locally submitted
message (the -odf or -odi options), it no longer closes stderr before doing
the delivery.
3. Implemented the mua_wrapper option.
4. Implemented mx_fail_domains and srv_fail_domains for the dnslookup router.
5. Implemented the functions header_remove(), header_testname(),
header_add_at_position(), and receive_remove_recipient(), and exported them
to local_scan().
6. If an ACL "warn" statement specified the addition of headers, Exim already
inserted X-ACL-Warn: at the start if there was no header name. However, it
was not making this test for the second and subsequent header lines if
there were newlines in the string. This meant that an invalid header could
be inserted if Exim was badly configured.
7. Allow an ACL "warn" statement to add header lines at the start or after all
the Received: headers, as well as at the end.
8. Added the rcpt_4xx retry error code.
9. Added postmaster_mailfrom=xxx to callout verification option.
10. Added mailfrom=xxxx to the callout verification option, for verify=
header_sender only.
11. ${substr_1_:xxxx} and ${substr__3:xxxx} are now diagnosed as syntax errors
(they previously behaved as ${substr_1_0:xxxx} and ${substr:_0_3:xxxx}).
12. Inserted some casts to stop certain compilers warning when using pointer
differences as field lengths or precisions in printf-type calls (mostly
affecting debugging statements).
13. Added optional readline() support for -be (dynamically loaded).
14. Obscure bug fix: if a message error (e.g. 4xx to MAIL) happened within the
same clock tick as a message's arrival, so that its received time was the
same as the "first fail" time on the retry record, and that message
remained on the queue past the ultimate address timeout, every queue runner
would try a delivery (because it was past the ultimate address timeout) but
after another failure, the ultimate address timeout, which should have then
bounced the address, did not kick in. This was a "< instead of <=" error;
in most cases the first failure would have been in the next clock tick
after the received time, and all would be well.
15. The special items beginning with @ in domain lists (e.g. @mx_any) were not
being recognized when the domain list was tested by the match_domain
condition in an expansion string.
16. Added the ${str2b64: operator.
17. Exim was always calling setrlimit() to set a large limit for the number of
processes, without checking whether the existing limit was already
adequate. (It did check for the limit on file descriptors.) Furthermore,
18. Imported PCRE 5.0.
19. Trivial typo in log message " temporarily refused connection" (the leading
space).
20. If the log selector return_path_on_delivery was set and an address was
redirected to /dev/null, the delivery process crashed because it assumed
that a return path would always be set for a "successful" delivery. In this
case, the whole delivery is bypassed as an optimization, and therefore no
return path is set.
21. Internal re-arrangement: the function for sending a challenge and reading
a response while authentication was assuming a zero-terminated challenge
string. It's now changed to take a pointer and a length, to allow for
binary data in such strings.
22. Added the cyrus_sasl authenticator (code supplied by MBM).
23. Exim was not respecting finduser_retries when seeking the login of the
uid under which it was called; it was always trying 10 times. (The default
setting of finduser_retries is zero.) Also, it was sleeping after the final
failure, which is pointless.
24. Implemented tls_on_connect_ports.
25. Implemented acl_smtp_predata.
26. If the domain in control=submission is set empty, Exim assumes that the
authenticated id is a complete email address when it generates From: or
Sender: header lines.
27. Added "#define SOCKLEN_T int" to OS/os.h-SCO and OS/os.h-SCO_SV. Also added
definitions to OS/Makefile-SCO and OS/Makefile-SCO_SV that put basename,
chown and chgrp in /bin and hostname in /usr/bin.
28. Exim was keeping the "process log" file open after each use, just as it
does for the main log. This opens the possibility of it remaining open for
long periods when the USR1 signal hits a daemon. Occasional processlog
errors were reported, that could have been caused by this. Anyway, it seems
much more sensible not to leave this file open at all, so that is what now
happens.
29. The long-running daemon process does not normally write to the log once it
has entered its main loop, and it closes the log before doing so. This is
so that log files can straightforwardly be renamed and moved. However,
there are a couple of unusual error situations where the daemon does write
log entries, and I had neglected to close the log afterwards.
30. The text of an SMTP error response that was received during a remote
delivery was being truncated at 512 bytes. This is too short for some of
the long messages that one sometimes sees. I've increased the limit to
1024.
31. It is now possible to make retry rules that apply only when a message has a
specific sender, in particular, an empty sender.
32. Added "control = enforce_sync" and "control = no_enforce_sync". This makes
it possible to be selective about when SMTP synchronization is enforced.
33. Added "control = caseful_local_part" and "control = "caselower_local_part".
32. Implemented hosts_connection_nolog.
33. Added an ACL for QUIT.
34. Setting "delay_warning=" to disable warnings was not working; it gave a
syntax error.
35. Added mailbox_size and mailbox_filecount to appendfile.
36. Added control = no_multiline_responses to ACLs.
37. There was a bug in the logic of the code that waits for the clock to tick
in the case where the clock went backwards by a substantial amount such
that the microsecond fraction of "now" was more than the microsecond
fraction of "then" (but the whole seconds number was less).
38. Added support for the libradius Radius client library this is found on
FreeBSD (previously only the radiusclient library was supported).
Feature changes in exim since 4.34 (bugfixes not listed):
Version 4.42
------------
1. The "personal" filter test is brought up-to-date with
recommendations from the Sieve specification: (a) The list
of non-personal From: addresses now includes "listserv",
"majordomo", and "*-request"; (b) If the message contains
any header line starting with "List=-" it is treated as
non-personal.
2. The Sieve functionality has been extended to support the
"copy" and "vacation" extensions, and comparison tests.
3. There is now an overall timeout for performing a callout
verification. It defaults to 4 times the callout timeout,
which applies to individual SMTP commands during the callout.
The overall timeout applies when there is more than one
host that can be tried. The timeout is checked before trying
the next host. This prevents very long delays if there are
a large number of hosts and all are timing out (e.g. when
the network connections are timing out). The value of the
overall timeout can be changed by specifying an additional
sub-option for "callout", called "maxwait". For example:
verify = sender/callout=5s,maxwait=20s
4. Changes to the "personal" filter test:
(1) The list of non-personal local parts in From: addresses
has been extended to include "listserv", "majordomo",
"*-request", and "owner-*", taken from the Sieve specification
recommendations.
(2) If the message contains any header line starting with
"List-" it is treated as non-personal.
(3) The test for "circular" in the Subject: header line
has been removed because it now seems ill-conceived.
5. The autoreply transport has a new option called never_mail.
This is an address list. If any run of the transport
creates a message with a recipient that matches any item
in the list, that recipient is quietly discarded. If all
recipients are discarded, no message is created.
Version 4.40
------------
The documentation is up-to-date for the 4.40 release. What
follows here is a brief list of the new features that have been
added since 4.30.
1. log_incoming_interface affects more log lines.
2. New ACL modifier "control = submission".
3. CONFIGURE_OWNER can be set at build time to define an
alternative owner for the configuration file, in addition
to root and exim.
4. Added expansion variables $body_zerocount, $recipient_data,
and $sender_data.
5. The time of last modification of the "new" subdirectory is
now used as the "mailbox time last read" when there is a
quota error for a maildir delivery.
6. The special item "+ignore_unknown" may now appear in host
lists.
7. The special domain-matching patterns @mx_any, @mx_primary,
and @mx_secondary can now be followed by "/ignore=<ip list>".
8. New expansion conditions: match_domain, match_address,
match_local_part, lt, lti, le, lei, gt, gti, ge, and new
expansion operators time_interval, eval10, and base62d.
9. New lookup type called "iplsearch".
10. New log selectors ident_timeout, tls_certificate_verified,
queue_time, deliver_time, outgoing_port, return_path_on_delivery.
11. New global options smtp_active_hostname and tls_require_ciphers.
12. Exinext has -C and -D options.
13. "domainlist_cache" forces caching of an apparently variable
list.
14. For compatibility with Sendmail, the command line option
-prval:sval is equivalent to -oMr rval -oMs sval.
15. New callout options use_sender and use_postmaster for use
when verifying recipients.
16. John Jetmore's "exipick" utility has been added to the
distribution.
17. The TLS code now supports CRLs.
18. The dnslookup router and the dnsdb lookup type now support
the use of SRV records.
19. The redirect router has a new option called qualify_domain.
20. exigrep's output now also includes lines that are not
related to any particular message, but which do match the
pattern.
21. New global option write_rejectlog. If it is set false, Exim
no longer writes anything to the reject log.
Changes in exim-exiscan since 4.34_22
27 - Changed algorithm of header_pos_middle to add headers
before the first header which is NOT Received: or
Resent-*:.
exim 4.42 ---------------------------------------------------
26 - Fixed header corruption when using header_pos_top.
(Thanks to Michael Deutschmann).
- Fixed headers being added before any Received-SPF:
header when using header_pos_middle (Thanks to
Michael Deutschmann).
- DrWeb malware support: Add flag to treat .eml file
as plain mail (Thanks to Alex Miller).
25 - Fixed include location of libspf2 headers.
- Added support for Kaspersky AV Version 5 (aveserver).
- Added expansion of av_scanner global variable
when it starts with a dollar sign. This is useful
for implementing multiple malware scanners.
- Added support for adding ACL headers at the beginning
and in the "middle" of the message header block.
(This is a preliminary solution, see comment in SPF
section of exiscan-acl-spec).
24 - Changed documentation to reflect libspf_alt->libspf2
name change.
- Upgraded included SRS patch to 0.3 (author Miles Wilton).
Also added a small doc chapter for SRS.
- Brightmail: put notes for users of new 6.x version in the
docs (search for "BMI6.x").
BMI Version 6 should work OK, an upgraded SDK is now on
Brightmail's download site.
exim 4.41 ----------------------------------------------------
23 - Added patch to support SRS in the redirect router, done
by Miles Wilton. Please check http://srs.mirtol.com/
for more information.
- Fixed the negation operator for SPF support. Thanks
to Michael Haardt for sending a patch.
- Increased buffer size for large SA reports (when using
custom SA rulesets).
- Increased buffer size for large BMI verdicts. Should now
handle large number of recipients gracefully.
Exim changes in 4.34
1. Very minor rewording of debugging text in manualroute to say "list of
hosts" instead of "hostlist".
2. If verify=header_syntax was set, and a header line with an unqualified
address (no domain) and a large number of spaces between the end of the
name and the colon was received, the reception process suffered a buffer
overflow, and (when I tested it) crashed. This was caused by some obsolete
code that should have been removed. The fix is to remove it!
3. When running in the test harness, delay a bit after writing a bounce
message to get a bit more predictability in the log output.
4. Added a call to search_tidyup() just before forking a reception process. In
theory, someone could use a lookup in the expansion of smtp_accept_max_
per_host which, without the tidyup, could leave open a database connection.
5. Added the variables $recipient_data and $sender_data which get set from a
lookup success in an ACL "recipients" or "senders" condition, or a router
"senders" option, similar to $domain_data and $local_part_data.
6. Moved the writing of debug_print from before to after the "senders" test
for routers.
7. Change 4.31/66 (moving the time when the Received: is generated) caused
problems for message scanning, either using a data ACL, or using
local_scan() because the Received: header was not generated till after they
were called (in order to set the time as the time of reception completion).
I have revised the way this works. The header is now generated after the
body is received, but before the ACL or local_scan() are called. After they
are run, the timestamp in the header is updated.
Exim-exiscan version 4.34
22 - added SPF support via libspf_alt. Please read the
docs.
21 - Fix missing fclose() in regex.c. This was causing
scan directories not to be deleted on NFS spools.
- Remove "shutdown socket for writing" from clamd malware
code. It seems to cause problems with the latest
clamd 0.70 release.
- Fix allow tables in acl.c to disallow exiscan conditions
in the RCPT ACL.
- adapted patch to exim 4.34
This modifies Makefile.common to add "-Wl,${RPATH_FLAG}" to the location
of the chosen library (DB implementation). For example:
-Wl,${RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.db2}
Also bump PKGREVISIONs for this.
use native (since it is the first BDB_ACCEPTED choice). So under
NetBSD this does not change anything.
It can be set to "gdbm" if desiring gdbm as the DB method used.
Else it will use the mk/bdb.buildlink3.mk method.
For example, to choose a specific Berkeley DB implementation
(like DB hash version 7), then do: "make BDB_DEFAULT=db3"
(when EXIM_DB is unset or not set to "gdbm").
Please note that if you change the method, exim may complain
about DB problems. This is okay. You can delete the db files
and regenerate. (exim provides some db management tools too.)
This fixes the problem where exim will not build when
the system's db is not available or correct.
This will close my old PR pkg/19277.
This was discussed with maintainer, David Brownlee.
- Emergency fix: When you were using 'discard', and it was the last verb
affecting a message, the mbox spool files in the scan directory were not
cleaned up. This is fixed now.
Update exim-exiscan to 4.22-11nb1
Include exiqgrep in PLIST, and commit distinfo from previous exim-exiscan
change. Whole exim update was overly hurried due to security announcement.
11 - Fixed "permits" table in acl.c, so you can't "use"
exiscans conditions in the RCPT ACL any more. This
was causing a crash, not you get a proper warning.
- Fixed recursive unpacking when the MIME boundary of
the "parent" message contains spaces.
- Put in a fix for tnef.c that allows clean compile
on AIX. Thanks to David Kreindler
<david@govnet.state.vt.us>.
- Added some proper prototypes for some functions,
beautifying the compiler output with -Wall.
- Added exiscan patch version output to 'exim -bV'.
- Removed demime errors from the panic log.
