horok/exim4
1
0
Fork 0
Code Activity
exim4/debian/NEWS
Daniel Baumann b6ead8c0a5
Adding debian version 4.98.2-1. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-21 14:27:17 +02:00

562 lines
25 KiB
Text
Raw Permalink Blame History

exim4 (4.97-1) unstable; urgency=medium
exiqgrep now requires that at least one selection option or -c is
specified therefore "exiqgrep -i" to list all messages-ids
does not work anymore. Exim now offers a commandline switch (-bpi) to
accomplish this.
-- Andreas Metzler <ametzler@debian.org> Sat, 04 Nov 2023 18:28:43 +0100
exim4 (4.97~RC0-2) unstable; urgency=low
Changed format of the internal ID used for message identification.
- Upgrading should work seamlessly.
- Downgrading to 4.96 requires stopping the daemon and running
exim_id_update -d
before running the older daemon.
-- Andreas Metzler <ametzler@debian.org> Sun, 10 Sep 2023 14:04:49 +0200
exim4 (4.96-20) experimental; urgency=low
Drop support for configuring daemon startup by setting QUEUERUNNER in
/etc/default/exim4.
Also replace QFLAGS, QUEUEINTERVAL, COMMONOPTIONS, QUEUERUNNEROPTIONS and
SMTPLISTENEROPTIONS settings for init script/service file in
etc/default/exim4 with a combined EXIMSERVICE (for systemd) or
EXIMDAEMONOPTS (init script) directive.
Most of the previous functionality is available by different
means:
+ Disable running an exim daemon this way ('nodaemon'):
-> Use the native functionality of the init system you are using, e.g.
for systemd mask the service.
+ Start two separate daemon processes, one for listening on port 25 and
another for queue running ('separate')
-> Not supported anymore.
+ Run a daemon that both listens on port 25 and runs the queue.
-> default behavior ('-bdf -q30m' / '-bd -q30m')
+ Run a daemon that either listens on port 25 and runs the queue.
-> set to -bdf/-bd without -q30m or vice versa.
+ Only run queue when a ppp connection is made ('ppp'):
-> Disable queuerunner like noted above and remove the 'exit 0' from
the start of /etc/ppp/ip-up.d/exim4
-- Andreas Metzler <ametzler@debian.org> Wed, 16 Aug 2023 17:44:59 +0200
exim4 (4.96-1) unstable; urgency=low
The allow_insecure_tainted_data main config option and the "taint"
log_selector were removed. (See previous entry for exim4 4.94-18.)
Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects "pipe", "lmtp"
and "queryprogram" transport, transport-filter, and ETRN commands. The
${run} expansion is also affected: in "preexpand" mode no part of the
command line may be tainted, in default mode the executable name may not
be tainted.
Query-style lookups are now checked for quoting, if the query string is
built using untrusted data ("tainted"). For now lack of quoting is
merely logged; a future release will upgrade this to an error.
-- Andreas Metzler <ametzler@debian.org> Sun, 26 Jun 2022 14:11:00 +0200
exim4 (4.94-18) experimental; urgency=medium
Please consider exim 4.93/4.94 a *major* exim upgrade. It introduces the
concept of tainted data read from untrusted sources, like e.g. message
sender or recipient. This tainted data (e.g. $local_part or $domain)
cannot be used among other things as a file or directory name or command
name.
This WILL BREAK configurations which are not updated accordingly.
Old Debian exim configuration files also will not work unmodified, the new
configuration needs to be installed with local modifications merged in.
Typical nonworking examples include:
* Delivery to /var/mail/$local_part. Use $local_part_data in combination
with check_local_user.
* Using
data = ${lookup{$local_part}lsearch{/some/path/$domain/aliases}}
instead of
data = ${lookup{$local_part}lsearch{/some/path/$domain_data/aliases}}
for a virtual domain alias file.
The basic strategy for dealing with this change is to use the result of a
lookup in further processing instead of the original (remote provided)
value.
To ease upgrading there is a new main configuration option to temporarily
downgrade taint errors to warnings, letting the old configuration work with
the newer exim. To make use of this feature add
.ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
allow_insecure_tainted_data = yes
.endif
to the exim configuration (e.g. to /etc/exim4/exim4.conf.localmacros)
*before* upgrading to exim 4.93/4.94 and check the logfile for taint
warnings. This is a temporary workaround which is already marked for
removal on introduction.
-- Andreas Metzler <ametzler@debian.org> Sun, 25 Apr 2021 07:42:26 +0200
exim4 (4.94-16) unstable; urgency=medium
The configuration now enforces certificate verification against the
system trust store on encrypted connections using the
remote_smtp_smarthost transport (smarthost and satellite setups).
Delivery will therefore fail if the host certificates are not verifyable
and non TLS delivery is not available (e.g. because AUTH PLAIN is used).
-- Andreas Metzler <ametzler@debian.org> Wed, 17 Mar 2021 13:50:44 +0100
exim4 (4.87-3) unstable; urgency=medium
Starting with 4.87~RC1-1 exim will not accept or send out messages with
physical lines longer than 998 characters by SMTP DATA. Delivery of such
RFC-violating message might fail and subsequently cause routing errors and
loss of legitimate mail. See <https://bugs.exim.org/show_bug.cgi?id=1684>.
This limit can be disabled by setting the macro
IGNORE_SMTP_LINE_LENGTH_LIMIT.
-- Andreas Metzler <ametzler@debian.org> Sun, 08 May 2016 14:03:10 +0200
exim4 (4.87-2) unstable; urgency=medium
exim4-daemon heavy does not support the "demime" ACL condition
(WITH_OLD_DEMIME) anymore. It was superceded by the acl_smtp_mime ACL and
will not be part of the next upstream release.
-- Andreas Metzler <ametzler@debian.org> Sat, 30 Apr 2016 13:38:29 +0200
exim4 (4.87~RC6-3) unstable; urgency=medium
As part of the fix for CVE-2016-1531 updated Exim versions clean
the complete execution environment by default, affecting Exim and
subprocesses such as routers calling other programs, and thus may break
existing installations. New configuration options (keep_environment,
add_environment) were introduced to adjust this behavior. Because of the
possible breakage Exim will show a runtime warning if keep_environment is
not set.
The Debian exim4 configuration does not rely on specific environment
variables and therefore sets 'keep_environment =' (i.e confirm empty
environment).
Users of custom Exim configurations will need to check whether their setup
continues to work with the abovementioned upstream change and modify the
Exim environment as needed otherwise. If the setup works fine with empty
environment it is still necessary to set the main configuration option
"keep_environment =" to quiet the runtime warning.
See <https://exim.org/static/doc/CVE-2016-1531.txt> for details.
-- Andreas Metzler <ametzler@debian.org> Wed, 23 Mar 2016 18:44:22 +0100
exim4 (4.80~rc6-1) experimental; urgency=low
Upstream's handling of GnuTLS DH parameters has changed, hardcoded
parameters (from RFCs are used by default. See
/usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping
/usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl
and /var/spool/exim4/gnutls-params-2236.
-- Andreas Metzler <ametzler@debian.org> Sun, 27 May 2012 18:46:48 +0200
exim4 (4.80~rc2-1) experimental; urgency=low
Ldap lookups returning multi-valued attributes now separate the attributes
with only a comma, not a comma-space sequence.
The GnuTLS support has been mostly rewritten. exim main configuration
options gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols,
are no longer supported. (They are ignored if present now, but will trigger
an error in later releases.) Their functionality is entirely subsumed into
tls_require_ciphers. In turn, tls_require_ciphers is no longer an Exim list
and is not parsed by Exim, but is instead given to gnutls_priority_init(3).
See /exim4-base/usr/share/doc/exim4-base/README.UPDATING.gz for details.
-- Andreas Metzler <ametzler@debian.org> Sat, 22 Oct 2011 19:16:58 +0200
exim4 (4.77~rc4-1) experimental; urgency=low
Exim no longer performs string expansion on the second string of
the match_* expansion conditions: "match_address", "match_domain",
"match_ip" & "match_local_part". Named lists can still be used.
The previous behavior made it too easy to create (remotely) vulnerable
configurations. A more detailed rationale and explanation can be found on
https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html
-- Andreas Metzler <ametzler@debian.org> Thu, 05 Oct 2011 19:22:52 +0200
exim4 (4.72-3) unstable; urgency=low
Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345.
This is a privilege escalation issue that allows the exim user to gain
root privileges by specifying an alternate configuration file using the -C
option. The macro override facility (-D) might also be misused for this
purpose.
In reaction to this security vulnerability upstream has made a number of
user visible changes. This package includes these changes.
---------------------------------------------------------
If exim is invoked with the -C or -D option the daemon will not regain
root privileges though re-execution. This is usually necessary for local
delivery, though. Therefore it is generally not possible anymore to run an
exim daemon with -D or -C options.
However this version of exim has been built with
TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST
defines a list of configuration files which are trusted; if a config file
is owned by root and matches a pathname in the list, then it may be
invoked by the Exim build-time user without Exim relinquishing root
privileges.
As a hotfix to not break existing installations of mailscanner we have
also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start
exim with -DOUTGOING while being able to do local deliveries.
If you previously were using -D switches you will need to change your
setup to use a separate configuration file. The ".include" mechanism
makes this easy.
---------------------------------------------------------
The system filter is run as exim_user instead of root by default. If your
setup requies root privileges when running the system filter you will
need to set the system_filter_user exim main configuration option.
---------------------------------------------------------
-- Andreas Metzler <ametzler@debian.org> Sat, 18 Dec 2010 18:57:16 +0100
exim4 (4.69-4) unstable; urgency=low
In reaction to #475194, the size of the Diffie-Hellman parameters
used by exim was increased to 2048, which is GnuTLS's default.
Since periodically regenerating the Diffie-Hellman parameters
doesn't increase security that much (they're sent in clear text in the
TLS handshake, and some protocols even have hardcoded them in the
standard document), and automatically generating 2048 bits
Diffie-Hellman parameters can take a long time, this has been disabled
in the Exim4 packages starting with 4.69-4. All exim installations
will thus run with the Diffie-Hellman parameters shipped in the
package by default.
Really, really paranoid people with sufficiently fast machines will
want to set up a cron job calling
/usr/share/exim4/exim4_refresh_gnutls-params manually - suggested
interval is weekly or monthly.
-- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 27 Apr 2008 09:14:32 +0200
exim4 (4.68-1) unstable; urgency=low
In order to fix #420217, the handling of incoming messages to
system accounts has been changed once again. To allow system
account mail addresses to be redirected via traditional
/etc/aliases, system accounts are now processed later in the
router chain.
This has made it necessary to change the default behavior of the
real- prefix. real-foo is now only accessible for locally
generated messages, such as the error message generated by the
userforward router. If you need the old behavior back, set the
macro COND_LOCAL_SUBMITTER=true. As a side-effect, you can
entirely switch off the real- processing by setting
COND_LOCAL_SUBMITTER=false.
-- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 04 Oct 2007 22:34:01 +0200
exim4 (4.67-6) unstable; urgency=low
acl_whitelist_local_deny was renamed to acl_local_deny_exceptions
to avoid confusion. This means changes to ACLs, file names in
/etc/exim4/conf.d/acl and the exception list file names themselves.
CONFDIR/local_host_whitelist and CONFDIR/local_sender_whitelist
have been renamed to CONFDIR/host_local_deny_exceptions and
CONFDIR/sender_local_deny_exceptions. The old files will continue
to be honored for a transition period.
The old file conf.d/acl/20_exim4-config_whitelist_local_deny will
get a .dpkg-bak suffix if it had local changes, and it will be
removed if there were no local changes. In the case of local changes,
you'll need to repeat these changes in the new file
conf.d/acl/20_exim4-config_local_deny_exceptions.
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 05 Sep 2007 21:22:22 +0200
exim4 (4.67-5) unstable; urgency=low
The macro generation in update-exim4.conf has been changed once
more. update-exim4.conf now looks for the (non-commented!)
definition of the exim configuration macro UPEX4CmacrosUPEX4C to
an arbitrary, non-empty value, and inserts the generated macro
definitions right after this line, without changing it.
update-exim4.conf looks for commented UPEX4CmacrosUPEX4C (which
used to be the place marker in earlier 4.67-x versions) and barfs
if it finds them anywhere in /etc/exim4/exim4.conf.template or
recursively /etc/exim4/conf.d. This check - as a feature - also
includes files that would normally be excluded by
update-exim4.conf, such as .dpkg-old and .dpkg-dist files.
If you insist on having a commented UPEX4CmacrosUPEX4C in your
exim configuration and don't want update-exim4.conf to barf, set
the exim macro UPEX4CmacrosOK_config_adapted to a non-empty value.
-- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 28 Jun 2007 08:29:36 +0200
exim4 (4.67-4) unstable; urgency=low
Since a lot of users did not read the docs while upgrading and
filed bug reports about exim4-config failing to install due to a
"malformed macro definition", update-exim4.conf.conf now checks
for DEBCONFsomethingDEBCONF strings anywhere in
/etc/exim4/exim4.conf.template or recursively /etc/exim4/conf.d
and barfs if such strings are found. This check - as a feature - also
includes files that would normally be excluded by
update-exim4.conf.
It _is_ necessary to either accept the offered configuration file
change _or_ to manually check a manually changed exim config. Exim
will _NOT_ run if a configuration file of an older version is
being used with a more recent exim4-config.
If you insist on having DEBCONFsomethingDEBCONF strings in your
exim configuration and don't want update-exim4.conf to barf, set
the exim macro DEBCONFstringOK_config_adapted to a non-empty
value.
-- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 22 Jun 2007 12:50:38 +0200
exim4 (4.67-2) experimental; urgency=low
The symlink /etc/exim4/email-addresses caused data loss for people
who had a local file named /etc/exim4/email-addresses. The Debian
tools do not handle symlinks in /etc which are contained in
packages very well, so we decided to simply remove it. Please
submit a tested patch if you think that it would be a more elegant
way to handle the transition from /etc/exim4/email-addresses to
/etc/email-addresses.
There is now a possibility to modify handling of incoming messages
to system accounts, identified by their UID (see
conf.d/router/250_exim4-config_lowuid). If you want this, set the
macro FIRST_USER_ACCOUNT_UID (which defaults to 0) to the UID of
your first "real" user account. Incoming messages for an account
with an UID below that value get routed according to the extra
alias file /etc/exim4/lowuid-aliases. If an account does not have
an alias there, it gets routed to the value of the macro
DEFAULT_SYSTEM_ACCOUNT_ALIAS, which defaults to ":fail: no mail to
system accounts" and gets the message rejected. You can use this
mechanism to route all messages for system accounts to a single
address, with exceptions. Locally generated messages are not
processed by this facility.
Generation of the final exim configuration has changed. The
configuration no longer has the DEBCONFsomethingDEBCONF
placeholders. All data from Debconf are put into exim
configuration macros by update-exim4.conf, which are then
appropriately picked up by the configuration itself. There should
be no visible change to people who have not modified their
configuration, but customized configurations need to adapt.
We now do basic sanitizing of input read from
update-exim4.conf.conf. If your update-exim4.conf complains about
non-ascii values, you have found a bug. Please report it.
-- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 11 Jun 2007 14:09:24 +0200
exim4 (4.62-7) unstable; urgency=low
Bug #392993 says that 4.63-5 and -6 have overwritten manual
setting of dc_local_delivery with one of the default versions if
you have set dc_local_delivery to a value that is not either
mail_spool or maildir_home. Please verify that your
dc_local_delivery does still point to the transport you have
chosen.
Please note that the debconf configuration only supports plain
lists. Advanced features like "dsearch;" entered there may work
today, but are not guaranteed to continue working in the future.
If you want to use such features, please use the macros made
available for use in the configuration or edit the configuration
itself.
This allows us to use semicolons as list delimiters consistently
while still being backwards compatible to colon-separated lists
without driving code complexity up too high.
Starting with this version, update-exim4.conf will print a warning
if a dsearch lookup is found in the list of local domains,
dc_local_domains since there is a HOWTO on the Internet that
recommends doing this kind of things and this will _not_ work any
more.
-- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 15 Oct 2006 10:00:15 +0000
exim4 (4.62-4) unstable; urgency=low
exim4-config has had its debconf templates re-worked. Basic
functionality is unchanged, so you shouldn't expect a real
difference. The priority of most questions has been lowered to
medium, so that the Installer can install exim4 with no questions
being asked. The default is local delivery only. Mail messages for
root and postmaster are delivered to an mbox file in
/var/mail/mail, make sure to read them.
You can do the full exim4 configuration by calling
dpkg-reconfigure exim4-config as root.
It is now finally possible to configure exim4 to deliver outgoing
mail to a smarthost on a port number different from 25 via debconf.
-- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 9 Oct 2006 14:12:25 +0000
exim4 (4.62-3) unstable; urgency=low
A template for SPF support is now provided. It is disabled by
default, and relies on external calls to spfquery(1) from the
libmail-spf-query-perl package. For details, check README.Debian,
and conf.d/acl/30_exim4-config_check_rcpt.
-- Robert Millan <rmh@aybabtu.com> Fri, 28 Jul 2006 22:43:56 +0200
exim4 (4.62-1) unstable; urgency=low
Please note that the handling of update-exim4.conf.conf has
changed with regard to dc_local_interfaces and dc_relay_nets: If
the strings given there contain a semicolon, the string "<;" is
now prepended to the value written to the configuration file to
consider ; a list separator. This significantly helps writing down
IPv6 addresses, but means that if you use complex things like
lookups in update-exim4.conf.conf, you'll have to change your
configuration to use the macros that directly interfere with the
configuration.
127.0.0.1 and ::1 have been removed from the default hostlist
relay_from_hosts - these addresses are now added by
update-exim4.conf with the appropriate separator. If you set
MAIN_RELAY_NETS manually, you'll need to add these two addresses
to your local host list.
-- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 29 Apr 2006 22:36:31 +0000
exim4 (4.60-2) unstable; urgency=low
The exim4 daemon packages now include a symlink from
/usr/sbin/exim4 to /usr/sbin/exim. This can break exim 3 cron and
init scripts if the last exim 3 you had installed was any earlier
than 3.36-5 and the conffiles from your exim 3 package are still
around. Be sure to have any exim 4 earlier than 3.36-5 _purged_
(not removed) before installing this package.
-- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 24 Jan 2006 14:58:08 +0100
exim4 (4.50-5) unstable; urgency=low
mailname, the local name of the system used to qualify senders and
recipients is no longer a local domain by default. Having local
delivery for that host name used to break satellite and smarthost
setups where no local delivery was expected.
/etc/exim4/update-exim4.conf.conf is modified automatically on
upgrade from the appropriate earlier versions, so if you don't do any
funky things with /etc/exim4/update-exim4.conf.conf, you should be fine.
-- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 2 Apr 2005 20:31:27 +0200
exim4 (4.43-3) unstable; urgency=low
/etc/exim4/email-addresses is ignored now, please use /etc/email-addresses!
The last version of exim4 that shipped this file was uploaded on the
19th of May 2003, and I really do not want to start sarge with cruft like
that.
-- Andreas Metzler <ametzler@debian.org> Mon, 10 Jan 2004 10:05:34 +0100
exim4 (4.34-1) unstable; urgency=low
Debconf will not ask for relay_domains if configuring smarthost or
satellite-type systems. - This functionality was untested and could
generate mail-loops.
-- Andreas Metzler <ametzler@debian.org> Wed, 12 May 2004 13:42:23 +0200
exim4 (4.31-2) unstable; urgency=low
The local_scan perl-plugin has been removed because upstream
development has stopped. (am)
-- Andreas Metzler <ametzler@debian.org> Mon, 5 Apr 2004 15:55:12 +0200
exim4 (4.30-5) unstable; urgency=low
(Re)introduce /etc/exim4/exim4.conf.template as alternative to the
multiple small files in /etc/exim4/conf.d/ and make it the default choice
for fresh installations. This trades in a loss of comfort (you will again
need to merge in each small change manually) for increased stability.
-- Andreas Metzler <ametzler@debian.org> Sun, 11 Jan 2004 13:03:43 +0100
exim4 (4.30-1) unstable; urgency=low
* Exim now runs under its own uid (Debian-exim) instead of using mail:mail.
WARNING: You cannot downgrade this version to an older one without
manual chown|chrgrp all files owned by Debian-exim to mail.
Securitywise this is a tradeoff:
- if exim is SUID root and runs without deliver_drop_privilege you win:
exim's internal data in /var/spool/exim4 is not open to attacks by
bugs in programs SGID mail (mail delivery agents like deliver or
procmail, or MUAs like pine) anymore. This is Debian's default setup.
- OTOH if you need to be able to make local deliveries to /var/mail and
want to run exim with reduced priviledge you have some additional work
to do:
* Use an SGID MDA for the actual delivery (I suggest maildrop.)
* Make changes to run exim4 under group mail:
- exim_group=mail.
- Hack: make Debian-exim a group with gid=8, i.e. an alias for
the mail group, _before_ you make the upgrade. (groupadd -o -g 8
Debian-exim)
-- Andreas Metzler <ametzler@debian.org> Sun, 7 Dec 2003 13:59:46 +0100
exim4 (4.24-1) unstable; urgency=low
* This version of exim cannot run deliveries as root anymore, see change
5a for exim 4.23 in /usr/share/doc/exim4-base/changelog.gz. If you
don't redirect mail for root via /etc/aliases to a nonpriviledged
account the mail will be delivered to /var/mail/mail with permissions
0600 and owner mail:mail.
-- Andreas Metzler <ametzler@debian.org> Fri, 3 Oct 2003 18:11:17 +0200
exim4 (4.22-2) unstable; urgency=low
Include exiscan-acl patch http://duncanthrax.net/exiscan-acl/ in
-heavy and -custom for easy integration of content-scanning and
invoking spamassassin at SMTP time.
-- Andreas Metzler <ametzler@debian.org> Wed, 27 Aug 2003 12:50:59 +0200
exim4 (4.22-1) unstable; urgency=low
* The way that the $h_ (and $header_) expansions work has been changed
by the addition of RFC 2047 decoding. See the main documentation (the
NewStuff file until release 4.30, then the manual) for full details.
Exim shipped with Debian defaults to HEADER_DECODE_TO="UTF-8"
-- Andreas Metzler <ametzler@debian.org> Mon, 18 Aug 2003 16:51:47 +0200
exim4 (4.20-2) unstable; urgency=low
Rewriting now uses /etc/email-addresses instead of
/etc/exim4/email-addresses like exim v3 did. Please move the contents to
the new file and delete the old one, when you have time to spare.
-- Andreas Metzler <ametzler@debian.org> Tue, 15 Jul 2003 10:20:15 +0200
View git blame Copy permalink