summaryrefslogtreecommitdiff
path: root/mail/exim-html
AgeCommit message (Collapse)AuthorFilesLines
2020-06-01exim exim-html: updated to 4.94adam3-11/+8
Exim version 4.94 ----------------- JH/01 Avoid costly startup code when not strictly needed. This reduces time for some exim process initialisations. It does mean that the logging of TLS configuration problems is only done for the daemon startup. JH/02 Early-pipelining support code is now included unless disabled in Makefile. JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to RFC 8301. They can still be enabled, using the dkim_verify_hashes main option. JH/04 Support CHUNKING from an smtp transport using a transport_filter, when DKIM signing is being done. Previously a transport_filter would always disable CHUNKING, falling back to traditional DATA. JH/05 Regard command-line receipients as tainted. JH/06 Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM. JH/07 Bug 2489: Fix crash in the "pam" expansion condition. It seems that the PAM library frees one of the arguments given to it, despite the documentation. Therefore a plain malloc must be used. JH/08 Bug 2491: Use tainted buffers for the transport smtp context. Previously on-stack buffers were used, resulting in a taint trap when DSN information copied from a received message was written into the buffer. JH/09 Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix the ordering of its ARC headers. This caused a crash. JH/10 Bug 2492: Use tainted memory for retry record when needed. Previously when a new record was being constructed with information from the peer, a trap was taken. JH/11 Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive installation would get error messages from DMARC verify, when it hit the nonexistent file indicated by the default. Distros wanting DMARC enabled should both provide the file and set the option. Also enforce no DMARC verification for command-line sourced messages. JH/12 Fix an uninitialised flag in early-pipelining. Previously connections could, depending on the platform, hang at the STARTTLS response. JH/13 Bug 2498: Reset a counter used for ARC verify before handling another message on a connection. Previously if one message had ARC headers and the following one did not, a crash could result when adding an Authentication-Results: header. JH/14 Bug 2500: Rewind some of the common-coding in string handling between the Exim main code and Exim-related utities. The introduction of taint tracking also did many adjustments to string handling. Since then, eximon frequently terminated with an assert failure. JH/15 When PIPELINING, synch after every hundred or so RCPT commands sent and check for 452 responses. This slightly helps the inefficieny of doing a large alias-expansion into a recipient-limited target. The max_rcpt transport option still applies (and at the current default, will override the new feature). The check is done for either cause of synch, and forces a fast-retry of all 452'd recipients using a new MAIL FROM on the same connection. The new facility is not tunable at this time. JH/16 Fix the variables set by the gsasl authenticator. Previously a pointer to library live data was being used, so the results became garbage. Make copies while it is still usable. JH/17 Logging: when the deliver_time selector ise set, include the DT= field on delivery deferred (==) and failed (**) lines (if a delivery was attemtped). Previously it was only on completion (=>) lines. JH/18 Authentication: the gsasl driver not provides the $authN variables in time for the expansion of the server_scram_iter and server_scram_salt options. WB/01 SPF: DNS lookups for the obsolete SPF RR type done by the libspf2 library are now specifically given a NO_DATA response without hitting the system resolver. The library goes on to do the now-standard TXT lookup. Use of dnsdb lookups is not affected. JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure, only retrieve the errormessage once. Previously two calls to dlerror() were used, and the second one (for mainlog/paniclog) retrieved null information. JH/20 Taint checking: disallow use of tainted data for - the appendfile transport file and directory options - the pipe transport command - the autoreply transport file, log and once options - file names used by the redirect router (including filter files) - named-queue names - paths used by single-key lookups Previously this was permitted. JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it adjusted the size of a major service buffer; this failed because the buffer was in use at the time. Change to a compile-time increase in the buffer size, when this authenticator is compiled into exim. JH/22 Taint-checking: move to safe-mode taint checking on all platforms. The previous fast-mode was untenable in the face of glibs using mmap to support larger malloc requests. PP/01 Update the openssl_options possible values through OpenSSL 1.1.1c. New values supported, if defined on system where compiled: allow_no_dhe_kex, cryptopro_tlsext_bug, enable_middlebox_compat, no_anti_replay, no_encrypt_then_mac, prioritize_chacha, tlsext_padding JH/23 Performance improvement in the initial phase of a two-pass queue run. By running a limited number of proceses in parallel, a benefit is gained. The amount varies with the platform hardware and load. The use of the option queue_run_in_order means we cannot do this, as ordering becomes indeterminate. JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage. A previous fix had introduced a string-copy (for ensuring NUL-termination) which was not appropriate for that case, which can include embedded NUL bytes in the block of data. Investigation showed the copy to actually be needless, the data being length-specified. JH/25 Fix use of concurrent TLS connections under GnuTLS. When a callout was done during a receiving connection, and both used TLS, global info was used rather than per-connection info for tracking the state of data queued for transmission. This could result in a connection hang. JH/26 Fix use of the SIZE parameter on MAIL commands, on continued connections. Previously, when delivering serveral messages down a single connection only the first would provide a SIZE. This was due to the size information not being properly tracked. JH/27 Bug 2530: When operating in a timezone with sub-minute offset, such as TAI (at 37 seconds currently), pretend to be in UTC for time-related expansion and logging. Previously, spurious values such as a future minute could be seen. JH/28 Bug 2533: Fix expansion of ${tr } item. When called in some situations it could crash from a null-deref. This could also affect the ${addresses: } operator and ${readsock } item. JH/29 Bug 2537: Fix $mime_part_count. When a single connection had a non-mime message following a mime one, the variable was not reset. JH/30 When an pipelined-connect fails at the first response, assume incorrect cached capability (perhaps the peer reneged?) and immediately retry in non-pipelined mode. JH/31 Fix spurious detection of timeout while writing to transport filter. JH/32 Bug 2541: Fix segfault on bad cmdline -f (sender) argument. Previously an attempt to copy the string was made before checking it. JH/33 Fix the dsearch lookup to return an untainted result. Previously the taint of the lookup key was maintained; we now regard the presence in the filesystem as sufficient validation. JH/34 Fix the readsocket expansion to not segfault when an empty "options" argument is supplied. JH/35 The dsearch lookup now requires that the directory is an absolute path. Previously this was not checked, and nonempty relative paths made an access under Exim's current working directory. JH/36 Bug 2554: Fix msg:defer event for the hosts_max_try_hardlimit case. Previously no event was raised. JH/37 Bug 2552: Fix the check on spool space during reception to use the SIZE parameter supplied by the sender MAIL FROM command. Previously it was ignored, and only the check_spool_space option value for the required leeway checked. JH/38 Fix $dkim_key_length. This should, after a DKIM verification, present the size of the signing public-key. Previously it was instead giving the size of the signature hash. JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now the default. See the (new) dkim_verify_min_keysizes option. JH/40 Fix a memory-handling bug: when a connection carried multiple messages and an ACL use a lookup for checking either the local_part or domain, stale data could be accessed. Ensure that variable references are dropped between messages. JH/41 Bug 2571: Fix SPA authenticator. Running as a server, an offset supplied by the client was not checked as pointing within response data before being used. A malicious client could thus cause an out-of-bounds read and possibly gain authentication. Fix by adding the check. JH/42 Internationalisation: change the default for downconversion in the smtp transport to be "if needed". Previously it was "as previously set" for the message, which usually meant "if needed" for message-submission but "no" for everything else. However, MTAs have been seen using SMTPUTF8 even when the envelope addresses did not need it, resulting in forwarding failures to non-supporting MTAs. A downconvert in such cases will be a no-op on the addresses, merely dropping the use of SMTPUTF8 by the transport. The change does mean that addresses needing conversion will be converted when previously a delivery failure would occur. JH/43 Fix possible long line in DSN. Previously when a very long SMTP error response was received it would be used unchecked in a fail-DSN, violating standards on line-length limits. Truncate if needed. HS/01 Remove parameters of the link to www.open-spf.org. The linked form doesn't work. (Additionally add a new main config option to configure the spf_smtp_comment)
2020-01-26all: migrate homepages from http to httpsrillig1-2/+2
pkglint -r --network --only "migrate" As a side-effect of migrating the homepages, pkglint also fixed a few indentations in unrelated lines. These and the new homepages have been checked manually.
2019-12-09exim: updated to 4.93adam3-9/+14
Exim version 4.93 ----------------- JH/01 OpenSSL: With debug enabled output keying information sufficient, server side, to decode a TLS 1.3 packet capture. JH/02 OpenSSL: Suppress the sending of (stateful) TLS1.3 session tickets. Previously the default library behaviour applied, sending two, each in its own TCP segment. JH/03 Debug output for ACL now gives the config file name and line number for each verb. JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause. JH/05 DKIM: ensure that dkim_domain elements are lowercased before use. JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible buffer overrun for (non-chunking) other transports. JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under TLS1.3, means that a server rejecting a client certificate is not visible to the client until the first read of encrypted data (typically the response to EHLO). Add detection for that case and treat it as a failed TLS connection attempt, so that the normal retry-in-clear can work (if suitably configured). JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part and/or domain. Found and fixed by Jason Betts. JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid configuration). If a CNAME target was not a wellformed name pattern, a crash could result. JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when the OS reports them interleaved with other addresses. JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was used both for input and for a verify callout, both encrypted, SMTP responses being sent by the server could be lost. This resulted in dropped connections and sometimes bounces generated by a peer sending to this system. JH/11 Harden plaintext authenticator against a badly misconfigured client-send string. Previously it was possible to cause undefined behaviour in a library routine (usually a crash). Found by "zerons". JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no output. JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old API was removed, so update to use the newer ones. JH/14 Bug 1891: Close the log file if receiving a non-smtp message, without any timeout set, is taking a long time. Previously we would hang on to a rotated logfile "forever" if the input was arriving with long gaps (a previous attempt to fix addressed lack, for a long time, of initial input). HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. The length of the tempfile name is now 4 + 16 ("hdr.$message_exim_id") which might break on file systems which restrict the file name length to lower values. (It was "hdr.$pid".) HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it did for all versions <4.90). Notably -M, -m, --invert, -I may be affected. JH/15 Use unsigned when creating bitmasks in macros, to avoid build errors on some platforms for bit 31. JH/16 GnuTLS: rework ciphersuite strings under recent library versions. Thanks to changes apparently associated with TLS1.3 handling some of the APIs previously used were either nonfunctional or inappropriate. Strings like TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM__AEAD:256 and TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128 replace the previous TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 . This affects log line X= elements, the $tls_{in,out}_cipher variables, and the use of specific cipher names in the encrypted= ACL condition. JH/17 OpenSSL: the default openssl_options now disables ssl_v3. JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the verification result was not updated unless hosts_require_ocsp applied. JH/19 Bug 2398: fix listing of a named-queue. Previously, even with the option queue_list_requires_admin set to false, non-admin users were denied the facility. JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in directory-of-certs mode. Previously they were advertised despite the documentation. JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default. A single TCP connection by a client will now hold a TLS connection open for multiple message deliveries, by default. Previoud the default was to not do so. JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by default. If built with the facility, DANE will be used. The facility SUPPORT_DANE is now enabled in the prototype build Makefile "EDITME". JH/23 The build default is now for TLS to be included; the SUPPORT_TLS define is replaced with DISABLE_TLS. Either USE_GNUTLS or (the new) USE_OPENSSL must be defined and you must still, unless you define DISABLE_TLS, manage the the include-dir and library-file requirements that go with that choice. Non-TLS builds are still supported. JH/24 Fix duplicated logging of peer name/address, on a transport connection- reject under TFO. JH/25 The smtp transport option "hosts_try_fastopen" now enables all hosts by default. If the platform supports and has the facility enabled, it will be requested on all coneections. JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now controlled by the build-time option SUPPORT_PIPE_CONNECT. PP/01 Unbreak heimdal_gssapi, broken in 4.92. JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for success-DSN messages. Previously the From: header was always the default one for these; the option was ignored. JH/28 Fix the timeout on smtp response to apply to the whole response. Previously it was reset for every read, so a teergrubing peer sending single bytes within the time limit could extend the connection for a long time. Credit to Qualsys Security Advisory Team for the discovery. JH/29 Fix DSN Final-Recipient: field. Previously it was the post-routing delivery address, which leaked information of the results of local forwarding. Change to the original envelope recipient address, per standards. JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is requested. Previously not bounce was generated and a log entry of error ignored was made. JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917) JH/32 Introduce a general tainting mechanism for values read from the input channel, and values derived from them. Refuse to expand any tainted values, to catch one form of exploit. JH/33 Bug 2413: Fix dkim_strict option. Previously the expansion result was unused and the unexpanded text used for the test. Found and fixed by Ruben Jenster. JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open, an attempt to use a TLS library read routine dereffed a nul pointer, causing a segfault. JH/35 Bug 2409: filter out-of-spec chars from callout response before using them in our smtp response. JH/36 Have the general router option retry_use_local_part default to true when any of the restrictive preconditions are set (to anything). Previously it was only for check_local user. The change removes one item of manual configuration which is required for proper retries when a remote router handles a subset of addresses for a domain. JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file link count into consideration. HS/04 Fix handling of very log lines in -H files. If a -<key> <value> line caused the extension of big_buffer, the following lines were ignored. JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in accordance with RFC 2308. Previously there was no expiry, so a longlived receive process (eg. due to ACL delays) versus a short SOA value could surprise. HS/05 Handle trailing backslash gracefully. (CVE-2019-15846) JH/39 Promote DMARC support to mainline. JH/40 Bug 2452: Add a References: header to DSNs. JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman parameters. The relevant library call is documented as "Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since 3.6.0, DH parameters are negotiated following RFC7919." HS/06 Change the default of dnssec_request_domains to "*" JH/42 Bug 2545: Fix CHUNKING for all RCPT commands rejected. Previously we carried on and emitted a BDAT command, even when PIPELINING was not active. JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted buffer was used for the filename, resulting in a trap when tainted arguments (eg. $domain) were used. JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below; recommended to avoid a possible server-load attack. The feature can be re-enabled via the openssl_options main cofiguration option. JH/45 local_scan API: documented the current smtp_printf() call. This changed for version 4.90 - adding a "more data" boolean to the arguments. Bumped the ABI version number also, this having been missed previously; release versions 4.90 to 4.92.3 inclusive were effectively broken in respect of usage of smtp_printf() by either local_scan code or libraries accessed via the ${dlfunc } expansion item. Both will need coding adjustment for any calls to smtp_printf() to match the new function signature; a FALSE value for the new argument is always safe. JH/46 FreeBSD: fix use of the sendfile() syscall. The shim was not updating the file-offset (which the Linux syscall does, and exim expects); this resulted in an indefinite loop. JH/47 ARC: fix crash in signing, triggered when a configuration error failed to do ARC verification. The Authentication-Results: header line added by the configuration then had no ARC item.
2019-09-30exim: update to 4.92.3wiedi3-8/+10
Fix for CVE-2019-16928
2019-09-06exim-html: updated to 4.92.2adam3-9/+12
keep up with exim
2019-02-24exim: updated to 4.92adam3-10/+13
4.92: New features include: - ${l_header:<name>} expansion - ${readsocket} now supports TLS - "utf8_downconvert" option (if built with SUPPORT_I18N) - "pipelining" log_selector - JSON variants for ${extract } expansion - "noutf8" debug option - TCP Fast Open support on MacOS
2018-04-23exim: updated to 4.91adam3-12/+9
Version 4.91 1. Dual-certificate stacks on servers now support OCSP stapling, under GnuTLS version 3.5.6 or later. 2. DANE is now supported under GnuTLS version 3.0.0 or later. Both GnuTLS and OpenSSL versions are moved to mainline support from Experimental. New SMTP transport option "dane_require_tls_ciphers". 3. Feature macros for the compiled-in set of malware scanner interfaces. 4. SPF support is promoted from Experimental to mainline status. The template src/EDITME makefile does not enable its inclusion. 5. Logging control for DKIM verification. The existing DKIM log line is controlled by a "dkim_verbose" selector which is _not_ enabled by default. A new tag "DKIM=<domain>" is added to <= lines by default, controlled by a "dkim" log_selector. 6. Receive duration on <= lines, under a new log_selector "receive_time". 7. Options "ipv4_only" and "ipv4_prefer" on the dnslookup router and on routing rules in the manualroute router. 8. Expansion item ${sha3:<string>} / ${sha3_<N>:<string>} now also supported under OpenSSL version 1.1.1 or later. 9. DKIM operations can now use the Ed25519 algorithm in addition to RSA, under GnuTLS 3.6.0 or OpenSSL 1.1.1 or later. 10. Builtin feature-macros _CRYPTO_HASH_SHA3 and _CRYPTO_SIGN_ED25519, library version dependent. 11. "exim -bP macro <name>" returns caller-usable status. 12. Expansion item ${authresults {<machine>}} for creating an Authentication-Results: header. 13. EXPERIMENTAL_ARC. See the experimental.spec file. See also new util/renew-opendmarc-tlds.sh script for use with DMARC/ARC. 14: A dane:fail event, intended to facilitate reporting. 15. "Lightweight" support for Redis Cluster. Requires redis_servers list to contain all the servers in the cluster, all of which must be reachable from the running exim instance. If the cluster has master/slave replication, the list must contain all the master and slave servers. 16. Add an option to the Avast scanner interface: "pass_unscanned". This allows to treat unscanned files as clean. Files may be unscanned for several reasons: decompression bombs, broken archives.
2018-03-07exim: updated to 4.90.1adam3-9/+12
Exim version 4.90.1 JH/03 Fix pgsql lookup for multiple result-tuples with a single column. Previously only the last row was returned. JH/04 Bug 2217: Tighten up the parsing of DKIM signature headers. Previously we assumed that tags in the header were well-formed, and parsed the element content after inspecting only the first char of the tag. Assumptions at that stage could crash the receive process on malformed input. JH/05 Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL. While running the DKIM ACL we operate on the Permanent memory pool so that variables created with "set" persist to the DATA ACL. Also (at any time) DNS lookups that fail create cache records using the Permanent pool. But expansions release any allocations made on the current pool - so a dnsdb lookup expansion done in the DKIM ACL releases the memory used for the DNS negative-cache, and bad things result. Solution is to switch to the Main pool for expansions. While we're in that code, add checks on the DNS cache during store_reset, active in the testsuite. Problem spotted, and debugging aided, by Wolfgang Breyha. JH/06 Fix issue with continued-connections when the DNS shifts unreliably. When none of the hosts presented to a transport match an already-open connection, close it and proceed with the list. Previously we would queue the message. Spotted by Lena with Yahoo, probably involving round-robin DNS. JH/07 Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL. Previously a spurious "250 OK id=" response was appended to the proper failure response. JH/10 Bug 2223: Fix mysql lookup returns for the no-data case (when the number of rows affected is given instead). JH/12 Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating SMTP connection. Previously, when one had more receipients than the first, an abortive onward connection was made. Move to full support for multiple onward connections in sequence, handling cutthrough connection for all multi-message initiating connections. JH/13 Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by routers. Previously, a multi-recipient message would fail to match the onward-connection opened for the first recipient, and cause its closure. JH/14 Bug 2174: A timeout on connect for a callout was also erroneously seen as a timeout on read on a GnuTLS initiating connection, resulting in the initiating connection being dropped. This mattered most when the callout was marked defer_ok. Fix to keep the two timeout-detection methods separate. HS/01 Fix Buffer overflow in base64d() (CVE-2018-6789) JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc metadata, resulting in a crash in free(). PP/01 Fix broken Heimdal GSSAPI authenticator integration. Broken in f2ed27cf5, missing an equals sign for specified-initialisers. Broken also in d185889f4, with init system revamp.
2017-03-18Version 4.89adam3-8/+9
------------ 1. Allow relative config file names for ".include" 2. A main-section config option "debug_store" to control the checks on variable locations during store-reset. Normally false but can be enabled when a memory corrution issue is suspected on a production system.
2017-01-19Convert all occurrences (353 by my count) ofagc1-3/+3
MASTER_SITES= site1 \ site2 style continuation lines to be simple repeated MASTER_SITES+= site1 MASTER_SITES+= site2 lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint accordingly.
2016-04-24Remove non-working mirror.wiz1-3/+2
2016-04-09Version 4.87adam3-8/+15
1. The ACL conditions regex and mime_regex now capture substrings into numeric variables $regex1 to 9, like the "match" expansion condition. 2. New $callout_address variable records the address used for a spam=, malware= or verify= callout. 3. Transports now take a "max_parallel" option, to limit concurrency. 4. Expansion operators ${ipv6norm:<string>} and ${ipv6denorm:<string>}. The latter expands to a 8-element colon-sep set of hex digits including leading zeroes. A trailing ipv4-style dotted-decimal set is converted to hex. Pure ipv4 addresses are converted to IPv4-mapped IPv6. The former operator strips leading zeroes and collapses the longest set of 0-groups to a double-colon. 5. New "-bP config" support, to dump the effective configuration. 6. New $dkim_key_length variable. 7. New base64d and base64 expansion items (the existing str2b64 being a synonym of the latter). Add support in base64 for certificates. 8. New main configuration option "bounce_return_linesize_limit" to avoid oversize bodies in bounces. The dafault value matches RFC limits. 9. New $initial_cwd expansion variable.
2016-03-02Update mail/exim and mail/exim-html to 4.86.2wiedi2-7/+7
Exim version 4.86.2 ------------------- Portability relase of 4.86.1 Exim version 4.86.1 ------------------- HS/04 Add support for keep_environment and add_environment options. This fixes CVE-2016-1531. All installations having Exim set-uid root and using 'perl_startup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (and this is normally *any* user) can gain root privileges. If you do not use 'perl_startup' you *should* be safe. New options ----------- We had to introduce two new configuration options: keep_environment = add_environment = Both options are empty per default. That is, Exim cleans the complete environment on startup. This affects Exim itself and any subprocesses, as transports, that may call other programs via some alias mechanisms, as routers (queryprogram), lookups, and so on. This may affect used libraries (e.g. LDAP). ** THIS MAY BREAK your existing installation ** If both options are not used in the configuration, Exim issues a warning on startup. This warning disappears if at least one of these options is used (even if set to an empty value). keep_environment should contain a list of trusted environment variables. (Do you trust PATH?). This may be a list of names and REs. keep_environment = ^LDAP_ : FOO_PATH To add (or override) variables, you can use add_environment: add_environment = <; PATH=/sbin:/usr/sbin New behaviour ------------- Now Exim changes it's working directory to / right after startup, even before reading it's configuration. (Later Exim changes it's working directory to $spool_directory, as usual.) Exim only accepts an absolute configuration file path now, when using the -C option.
2016-01-11Match mail/exim versionadam3-8/+10
2015-11-03Add SHA512 digests for distfiles for mail categoryagc1-1/+2
Problems found locating distfiles: Package mutt: missing distfile patch-1.5.24.rr.compressed.gz Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz Package pine: missing distfile fancy.patch.gz Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch Package qmail: missing distfile badrcptto.patch Package qmail: missing distfile outgoingip.patch Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
2015-02-14Exim version 4.85adam2-6/+6
----------------- TL/01 When running the test suite, the README says that variables such as no_msglog_check are global and can be placed anywhere in a specific test's script, however it was observed that placement needed to be near the beginning for it to behave that way. Changed the runtest perl script to read through the entire script once to detect and set these variables, reset to the beginning of the script, and then run through the script parsing/test process like normal. TL/02 The BSD's have an arc4random API. One of the functions to induce adding randomness was arc4random_stir(), but it has been removed in OpenBSD 5.5. Detect this OpenBSD version and skip calling this function when detected. JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now cause callback expansion. TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that syntax errors in an expansion can be treated as a string instead of logging or causing an error, due to the internal use of bool_lax instead of bool when processing it. JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for server certificates when making smtp deliveries. JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups. JH/04 Add ${sort {list}{condition}{extractor}} expansion item. TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep. TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups. Merged patch from Sebastian Wiedenroth. JH/05 Fix results-pipe from transport process. Several recipients, combined with certificate use, exposed issues where response data items split over buffer boundaries were not parsed properly. This eventually resulted in duplicates being sent. This issue only became common enough to notice due to the introduction of conection certificate information, the item size being so much larger. Found and fixed by Wolfgang Breyha. JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed size buffer was used, resulting in syntax errors when an expansion exceeded it. JH/07 Add support for directories of certificates when compiled with a GnuTLS version 3.3.6 or later. JH/08 Rename the TPDA expermimental facility to Event Actions. The #ifdef is EXPERIMENTAL_EVENT, the main-configuration and transport options both become "event_action", the variables become $event_name, $event_data and $event_defer_errno. There is a new variable $verify_mode, usable in routers, transports and related events. The tls:cert event is now also raised for inbound connections, if the main configuration event_action option is defined. TL/06 In test suite, disable OCSP for old versions of openssl which contained early OCSP support, but no stapling (appears to be less than 1.0.0). JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on server certificate names available under the smtp transport option "tls_verify_cert_hostname" now do not permit multi-component wildcard matches. JH/10 Time-related extraction expansions from certificates now use the main option "timezone" setting for output formatting, and are consistent between OpenSSL and GnuTLS compilations. Bug 1541. JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047- encoded parameter in the incoming message. Bug 1558. JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now include certificate info, eximon was claiming there were spoolfile syntax errors. JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return. JH/14 Log delivery-related information more consistently, using the sequence "H=<name> [<ip>]" wherever possible. TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which are problematic for Debian distribution, omit them from the release tarball. JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature. JH/16 Fix string representation of time values on 64bit time_t anchitectures. Bug 1561. JH/17 Fix a null-indirection in certextract expansions when a nondefault output list separator was used.
2014-08-17Changes 4.84:adam2-6/+6
TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static checkers that were complaining about end of non-void function with no return. JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers. This was a regression intruduced in 4.83 by another bugfix. JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled. TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when EXPERIMENTAL_DNS is enabled.
2014-07-23Changes 4.83:adam2-6/+6
1. If built with the EXPERIMENTAL_PROXY feature enabled, Exim can be configured to expect an initial header from a proxy that will make the actual external source IP:host be used in exim instead of the IP of the proxy that is connecting to it. 2. New verify option header_names_ascii, which will check to make sure there are no non-ASCII characters in header names. Exim itself handles those non-ASCII characters, but downstream apps may not, so Exim can detect and reject if those characters are present. 3. New expansion operator ${utf8clean:string} to replace malformed UTF8 codepoints with valid ones. 4. New malware type "sock". Talks over a Unix or TCP socket, sending one command line and matching a regex against the return data for trigger and a second regex to extract malware_name. The mail spoofile name can be included in the command line. 5. The smtp transport now supports options "tls_verify_hosts" and "tls_try_verify_hosts". If either is set the certificate verification is split from the encryption operation. The default remains that a failed verification cancels the encryption. 6. New SERVERS override of default ldap server list. In the ACLs, an ldap lookup can now set a list of servers to use that is different from the default list. 7. New command-line option -C for exiqgrep to specify alternate exim.conf file when searching the queue. 8. OCSP now supports GnuTLS also, if you have version 3.1.3 or later of that. 9. Support for DNSSEC on outbound connections. 10. New variables "tls_(in,out)_(our,peer)cert" and expansion item "certextract" to extract fields from them. Hash operators md5 and sha1 work over them for generating fingerprints, and a new sha256 operator for them added. 11. PRDR is now supported dy default. 12. OCSP stapling is now supported by default. 13. If built with the EXPERIMENTAL_DSN feature enabled, Exim will output Delivery Status Notification messages in MIME format, and negociate DSN features per RFC 3461.
2014-05-29Updated mail/exim[-html] to 4.82.1adam2-6/+6
2013-10-30Version 4.82adam3-7/+82
1. New command-line option -bI:sieve will list all supported sieve extensions of this Exim build on standard output, one per line. ManageSieve (RFC 5804) providers managing scripts for use by Exim should query this to establish the correct list to include in the protocol's SIEVE capability line. 2. If the -n option is combined with the -bP option, then the name of an emitted option is not output, only the value (if visible to you). For instance, "exim -n -bP pid_file_path" should just emit a pathname followed by a newline, and no other text. 3. When built with SUPPORT_TLS and USE_GNUTLS, the SMTP transport driver now has a "tls_dh_min_bits" option, to set the minimum acceptable number of bits in the Diffie-Hellman prime offered by a server (in DH ciphersuites) acceptable for security. (Option accepted but ignored if using OpenSSL). Defaults to 1024, the old value. May be lowered only to 512, or raised as far as you like. Raising this may hinder TLS interoperability with other sites and is not currently recommended. Lowering this will permit you to establish a TLS session which is not as secure as you might like. Unless you really know what you are doing, leave it alone. 4. If not built with DISABLE_DNSSEC, Exim now has the main option dns_dnssec_ok; if set to 1 then Exim will initialise the resolver library to send the DO flag to your recursive resolver. If you have a recursive resolver, which can set the Authenticated Data (AD) flag in results, Exim can now detect this. Exim does not perform validation itself, instead relying upon a trusted path to the resolver. Current status: work-in-progress; $sender_host_dnssec variable added. 5. DSCP support for outbound connections: on a transport using the smtp driver, set "dscp = ef", for instance, to cause the connections to have the relevant DSCP (IPv4 TOS or IPv6 TCLASS) value in the header. Similarly for inbound connections, there is a new control modifier, dscp, so "warn control = dscp/ef" in the connect ACL, or after authentication. Supported values depend upon system libraries. "exim -bI:dscp" to list the ones Exim knows of. You can also set a raw number 0..0x3F. 6. The -G command-line flag is no longer ignored; it is now equivalent to an ACL setting "control = suppress_local_fixups". The -L command-line flag is now accepted and forces use of syslog, with the provided tag as the process name. A few other flags used by Sendmail are now accepted and ignored. 7. New cutthrough routing feature. Requested by a "control = cutthrough_delivery" ACL modifier; works for single-recipient mails which are recieved on and deliverable via SMTP. Using the connection made for a recipient verify, if requested before the verify, or a new one made for the purpose while the inbound connection is still active. The bulk of the mail item is copied direct from the inbound socket to the outbound (as well as the spool file). When the source notifies the end of data, the data acceptance by the destination is negociated before the acceptance is sent to the source. If the destination does not accept the mail item, for example due to content-scanning, the item is not accepted from the source and therefore there is no need to generate a bounce mail. This is of benefit when providing a secondary-MX service. The downside is that delays are under the control of the ultimate destination system not your own. The Recieved-by: header on items delivered by cutthrough is generated early in reception rather than at the end; this will affect any timestamp included. The log line showing delivery is recorded before that showing reception; it uses a new ">>" tag instead of "=>". To support the feature, verify-callout connections can now use ESMTP and TLS. The usual smtp transport options are honoured, plus a (new, default everything) hosts_verify_avoid_tls. New variable families named tls_in_cipher, tls_out_cipher etc. are introduced for specific access to the information for each connection. The old names are present for now but deprecated. Not yet supported: IGNOREQUOTA, SIZE, PIPELINING. 8. New expansion operators ${listnamed:name} to get the content of a named list and ${listcount:string} to count the items in a list. 9. New global option "gnutls_allow_auto_pkcs11", defaults false. The GnuTLS rewrite in 4.80 combines with GnuTLS 2.12.0 or later, to autoload PKCS11 modules. For some situations this is desirable, but we expect admin in those situations to know they want the feature. More commonly, it means that GUI user modules get loaded and are broken by the setuid Exim being unable to access files specified in environment variables and passed through, thus breakage. So we explicitly inhibit the PKCS11 initialisation unless this new option is set. Some older OS's with earlier versions of GnuTLS might not have pkcs11 ability, so have also added a build option which can be used to build Exim with GnuTLS but without trying to use any kind of PKCS11 support. Uncomment this in the Local/Makefile: AVOID_GNUTLS_PKCS11=yes 10. The "acl = name" condition on an ACL now supports optional arguments. New expansion item "${acl {name}{arg}...}" and expansion condition "acl {{name}{arg}...}" are added. In all cases up to nine arguments can be used, appearing in $acl_arg1 to $acl_arg9 for the called ACL. Variable $acl_narg contains the number of arguments. If the ACL sets a "message =" value this becomes the result of the expansion item, or the value of $value for the expansion condition. If the ACL returns accept the expansion condition is true; if reject, false. A defer return results in a forced fail. 11. Routers and transports can now have multiple headers_add and headers_remove option lines. The concatenated list is used. 12. New ACL modifier "remove_header" can remove headers before message gets handled by routers/transports. 13. New dnsdb lookup pseudo-type "a+". A sequence of "a6" (if configured), "aaaa" and "a" lookups is done and the full set of results returned. 14. New expansion variable $headers_added with content from ACL add_header modifier (but not yet added to messsage). 15. New 8bitmime status logging option for received messages. Log field "M8S". 16. New authenticated_sender logging option, adding to log field "A". 17. New expansion variables $router_name and $transport_name. Useful particularly for debug_print as -bt commandline option does not require privilege whereas -d does. 18. If built with EXPERIMENTAL_PRDR, per-recipient data responses per a proposed extension to SMTP from Eric Hall. 19. The pipe transport has gained the force_command option, to allow decorating commands from user .forward pipe aliases with prefix wrappers, for instance. 20. Callout connections can now AUTH; the same controls as normal delivery connections apply. 21. Support for DMARC, using opendmarc libs, can be enabled. It adds new options: dmarc_forensic_sender, dmarc_history_file, and dmarc_tld_file. It adds new expansion variables $dmarc_ar_header, $dmarc_status, $dmarc_status_text, and $dmarc_used_domain. It adds a new acl modifier dmarc_status. It adds new control flags dmarc_disable_verify and dmarc_enable_forensic. 22. Add expansion variable $authenticated_fail_id, which is the username provided to the authentication method which failed. It is available for use in subsequent ACL processing (typically quit or notquit ACLs). 23. New ACL modifer "udpsend" can construct a UDP packet to send to a given UDP host and port. 24. New ${hexquote:..string..} expansion operator converts non-printable characters in the string to \xNN form. 25. Experimental TPDA (Transport Post Delivery Action) function added. Patch provided by Axel Rau. 26. Experimental Redis lookup added. Patch provided by Warren Baker.
2012-10-08Drop PKG_DESTDIR_SUPPORT setting, "user-destdir" is default these days.asau1-3/+1
2011-10-10Match exim versionadam2-6/+6
2011-05-11Updated docs for Exim 4.76adam2-6/+6
2011-03-22Updated documentation for Exim 4.75adam2-6/+6
2011-01-27Changes 4.74:adam2-6/+6
* Failure to get a lock on a hints database can have serious consequences so log it to the panic log. * Log LMTP confirmation messages in the same way as SMTP, controlled using the smtp_confirmation log selector. * Include the error message when we fail to unlink a spool file. * Bugzilla 139: Support dynamically loaded lookups as modules. * Bugzilla 139: Documentation and portability issues. Avoid GNU Makefile-isms, let Exim continue to build on BSD. Handle per-OS dynamic-module compilation flags. * Let /dev/null have normal permissions. The 4.73 fixes were a little too stringent and complained about the permissions on /dev/null. Exempt it from some checks. * Report version information for many libraries, including Exim version information for dynamically loaded libraries. Created version.h, now support a version extension string for distributors who patch heavily. Dynamic module ABI change. * CVE-2011-0017 - check return value of setuid/setgid. This is a privilege escalation vulnerability whereby the Exim run-time user can cause root to append content of the attacker's choosing to arbitrary files. * Bugzilla 1041: merged DCC maintainer's fixes for return code. * Bugzilla 1071: fix delivery logging with untrusted macros. If dropping privileges for untrusted macros, we disabled normal logging on the basis that it would fail; for the Exim run-time user, this is not the case, and it resulted in successful deliveries going unlogged.
2011-01-12Documentation updated for Exim 4.73.adam3-12/+16
2010-11-08Updated documentation to Exim 4.72adam3-9/+9
2009-06-14Remove @dirrm entries from PLISTsjoerg1-3/+1
2008-05-25Explicitly add pax dependency in those Makefiles that use it (or havejoerg1-1/+3
patches to add it). Drop pax from the default USE_TOOLS list. Make bsdtar the default for those places that wanted gtar to extract long links etc, as bsdtar can be built of the tree.
2008-03-04Mechanical changes to add DESTDIR support to packages that installjlam1-3/+6
their files via a custom do-install target.
2008-01-14Changes 4.69:adam3-9/+9
* Add preliminary DKIM support. * Bugzilla 592: --help option is handled incorrectly if exim is invoked as mailq or other aliases. Changed the --help handling significantly to do whats expected. exim_usage() emits usage/help information. * Added the -bylocaldomain option to eximstats. * Bugzilla 619: Defended against bad data coming back from gethostbyaddr * Bugzilla 613: Documentation fix for acl_not_smtp * Bugzilla 628: PCRE update to 7.4 (work done by John Hall)
2007-10-23Documentation updated to match exim 4.68adam2-6/+6
2007-09-05Updated the exim documentation to 4.67.rillig3-154/+71
2007-02-22Whitespace cleanup, courtesy of pkglint.wiz1-2/+2
Patch provided by Sergey Svishchev in private mail.
2005-12-05Fixed pkglint warnings. The warnings are mostly quoting issues, forrillig1-3/+3
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some other changes are outlined in http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
2005-05-17Update exim from 4.44 to 4.51.abs4-17/+15
The main change is the incorporation of the content scanning from the exiscan patch. (There are over 650 lines of Changes) Retire exim-exiscan Update exim-html from 4.40 to 4.50
2005-02-24Add RMD160 digests.agc1-1/+2
2004-10-07Update exim to 4.43 from 4.42abs3-7/+9
Update exim-exiscan to 4.43_28 from 4.42_27 Update exim-html to 4.40 from 4.30 exim-exiscan: 28 - Added F-Secure support, thanks to Johan Thelmen <jth@home.se>. - Upgraded SRS support to libsrs_alt 0.5 via Miles Wilton's patch. - REMOVED exiscan-acl implementation of custom header placement in favor of Philip Hazel's native implementation. However, a new option option was added for it to mimic the behaviour of the old header_pos_middle option. Read section 10 of exiscan-acl-spec.txt. exim: 1. Fixed a longstanding but relatively impotent bug: a long time ago, before PIPELINING, the function smtp_write_command() used to return TRUE or FALSE. Now it returns an integer. A number of calls were still expecting a T/F return. Fortuitously, in all cases, the tests worked in OK situations, which is the norm. However, things would have gone wrong on any write failures on the smtp file descriptor. This function is used when sending messages over SMTP and also when doing verify callouts. 2. When Exim is called to do synchronous delivery of a locally submitted message (the -odf or -odi options), it no longer closes stderr before doing the delivery. 3. Implemented the mua_wrapper option. 4. Implemented mx_fail_domains and srv_fail_domains for the dnslookup router. 5. Implemented the functions header_remove(), header_testname(), header_add_at_position(), and receive_remove_recipient(), and exported them to local_scan(). 6. If an ACL "warn" statement specified the addition of headers, Exim already inserted X-ACL-Warn: at the start if there was no header name. However, it was not making this test for the second and subsequent header lines if there were newlines in the string. This meant that an invalid header could be inserted if Exim was badly configured. 7. Allow an ACL "warn" statement to add header lines at the start or after all the Received: headers, as well as at the end. 8. Added the rcpt_4xx retry error code. 9. Added postmaster_mailfrom=xxx to callout verification option. 10. Added mailfrom=xxxx to the callout verification option, for verify= header_sender only. 11. ${substr_1_:xxxx} and ${substr__3:xxxx} are now diagnosed as syntax errors (they previously behaved as ${substr_1_0:xxxx} and ${substr:_0_3:xxxx}). 12. Inserted some casts to stop certain compilers warning when using pointer differences as field lengths or precisions in printf-type calls (mostly affecting debugging statements). 13. Added optional readline() support for -be (dynamically loaded). 14. Obscure bug fix: if a message error (e.g. 4xx to MAIL) happened within the same clock tick as a message's arrival, so that its received time was the same as the "first fail" time on the retry record, and that message remained on the queue past the ultimate address timeout, every queue runner would try a delivery (because it was past the ultimate address timeout) but after another failure, the ultimate address timeout, which should have then bounced the address, did not kick in. This was a "< instead of <=" error; in most cases the first failure would have been in the next clock tick after the received time, and all would be well. 15. The special items beginning with @ in domain lists (e.g. @mx_any) were not being recognized when the domain list was tested by the match_domain condition in an expansion string. 16. Added the ${str2b64: operator. 17. Exim was always calling setrlimit() to set a large limit for the number of processes, without checking whether the existing limit was already adequate. (It did check for the limit on file descriptors.) Furthermore, 18. Imported PCRE 5.0. 19. Trivial typo in log message " temporarily refused connection" (the leading space). 20. If the log selector return_path_on_delivery was set and an address was redirected to /dev/null, the delivery process crashed because it assumed that a return path would always be set for a "successful" delivery. In this case, the whole delivery is bypassed as an optimization, and therefore no return path is set. 21. Internal re-arrangement: the function for sending a challenge and reading a response while authentication was assuming a zero-terminated challenge string. It's now changed to take a pointer and a length, to allow for binary data in such strings. 22. Added the cyrus_sasl authenticator (code supplied by MBM). 23. Exim was not respecting finduser_retries when seeking the login of the uid under which it was called; it was always trying 10 times. (The default setting of finduser_retries is zero.) Also, it was sleeping after the final failure, which is pointless. 24. Implemented tls_on_connect_ports. 25. Implemented acl_smtp_predata. 26. If the domain in control=submission is set empty, Exim assumes that the authenticated id is a complete email address when it generates From: or Sender: header lines. 27. Added "#define SOCKLEN_T int" to OS/os.h-SCO and OS/os.h-SCO_SV. Also added definitions to OS/Makefile-SCO and OS/Makefile-SCO_SV that put basename, chown and chgrp in /bin and hostname in /usr/bin. 28. Exim was keeping the "process log" file open after each use, just as it does for the main log. This opens the possibility of it remaining open for long periods when the USR1 signal hits a daemon. Occasional processlog errors were reported, that could have been caused by this. Anyway, it seems much more sensible not to leave this file open at all, so that is what now happens. 29. The long-running daemon process does not normally write to the log once it has entered its main loop, and it closes the log before doing so. This is so that log files can straightforwardly be renamed and moved. However, there are a couple of unusual error situations where the daemon does write log entries, and I had neglected to close the log afterwards. 30. The text of an SMTP error response that was received during a remote delivery was being truncated at 512 bytes. This is too short for some of the long messages that one sometimes sees. I've increased the limit to 1024. 31. It is now possible to make retry rules that apply only when a message has a specific sender, in particular, an empty sender. 32. Added "control = enforce_sync" and "control = no_enforce_sync". This makes it possible to be selective about when SMTP synchronization is enforced. 33. Added "control = caseful_local_part" and "control = "caselower_local_part". 32. Implemented hosts_connection_nolog. 33. Added an ACL for QUIT. 34. Setting "delay_warning=" to disable warnings was not working; it gave a syntax error. 35. Added mailbox_size and mailbox_filecount to appendfile. 36. Added control = no_multiline_responses to ACLs. 37. There was a bug in the logic of the code that waits for the clock to tick in the case where the clock went backwards by a substantial amount such that the microsecond fraction of "now" was more than the microsecond fraction of "then" (but the whole seconds number was less). 38. Added support for the libradius Radius client library this is found on FreeBSD (previously only the radiusclient library was supported).
2004-05-07"Milli Vanilli told you to blame it on on the rain..."abs1-2/+2
I'll take over ownership of these
2004-05-07Commit PLIST missed in 4.20 -> 4.30 changeabs1-32/+6
2004-05-07Update exim3 to exim-3.36nb2abs2-5/+5
- Fix buffer overflows listed at http://www.guninski.com/exim1.html Update exim to exim-4.33nb1 (from 4.22nb5) - Fix buffer overflow listed at http://www.guninski.com/exim1.html - Leave nb1 to indicate we have a local change from stock 4.33 - 1086 lines of changes - http://www.exim.org/ftp/ChangeLogs/ChangeLog-4.33 - Remove dependancy on exim-user - now looks up EXIM_{USER,GROUP} at runtime Update exim-exiscan to 4.33_20nb1 (from 4.22-12) - Fix buffer overflow listed at http://www.guninski.com/exim1.html - Leave nb1 to indicate we have a local change from stock 4.33_20 - Same exim changes - http://www.exim.org/ftp/ChangeLogs/ChangeLog-4.33 - Changes (http://duncanthrax.net/exiscan-acl/CHANGELOG) include - added option to use multiple spamd servers - many mime changes - Added Brightmail Antispam support - clamd fixes Update exim-html to 4.30 (from 4.20) - Update to latest docs Delete exim-user - No longer required - exim now looks up EXIM_{USER,GROUP} at runtime
2004-05-07Reset maintainer to tech-pkg@ (from ad@, since he is not working on themwiz1-2/+2
any longer).
2003-09-02Update exim-html to 4.20 (latest copy of exim html docs)abs3-7/+13
2003-07-17s/netbsd.org/NetBSD.org/grant1-2/+2
2002-12-09Update to exim-html-4.10. Provied by dawszy at arhea.net in pkg/19231.ad3-6/+11
2002-06-19Update exim-html to 4.0, to match exim.ad3-26/+75
2001-11-01Move pkg/ files into package's toplevel directoryzuntum2-1/+1
2001-07-11Add RCS ID to patch.ad2-2/+4
2001-07-11HTML documentation for the exim MTA.ad5-0/+135