summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2020-11-05 15:10:48 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2020-11-05 15:10:48 +0000
commit2580a960ccf78f76b716e1197531b3c124cd1c5e (patch)
tree9f6c751c13b19915853fb0b984ad19c5c0a8f96c
parentInitial commit. (diff)
downloadexim4-2580a960ccf78f76b716e1197531b3c124cd1c5e.tar.xz
exim4-2580a960ccf78f76b716e1197531b3c124cd1c5e.zip
Adding upstream version 4.94.upstream/4.94upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--.ctags2
-rw-r--r--.gitattributes1
-rw-r--r--.gitignore4
-rw-r--r--ABOUT9
-rw-r--r--ACKNOWLEDGMENTS475
-rw-r--r--CHANGES10
-rw-r--r--CONTRIBUTING56
-rw-r--r--LICENCE340
-rw-r--r--LICENSE.opendmarc29
-rw-r--r--Makefile113
-rw-r--r--NOTICE152
-rw-r--r--OS/Makefile-Base992
-rw-r--r--OS/Makefile-Darwin29
-rw-r--r--OS/Makefile-Default327
-rw-r--r--OS/Makefile-FreeBSD54
-rw-r--r--OS/Makefile-GNU30
-rw-r--r--OS/Makefile-Linux39
-rw-r--r--OS/Makefile-OpenBSD30
-rw-r--r--OS/Makefile-SunOS524
-rw-r--r--OS/eximon.conf-Default41
-rw-r--r--OS/os.Configuring215
-rw-r--r--OS/os.c-FreeBSD47
-rw-r--r--OS/os.c-GNU56
-rw-r--r--OS/os.c-Linux165
-rw-r--r--OS/os.c-SunOS516
-rw-r--r--OS/os.h-Darwin58
-rw-r--r--OS/os.h-FreeBSD71
-rw-r--r--OS/os.h-GNU28
-rw-r--r--OS/os.h-Linux94
-rw-r--r--OS/os.h-OpenBSD60
-rw-r--r--OS/os.h-SunOS551
-rw-r--r--OS/unsupported/Makefile-AIX28
-rw-r--r--OS/unsupported/Makefile-BSDI21
-rw-r--r--OS/unsupported/Makefile-CYGWIN113
-rw-r--r--OS/unsupported/Makefile-DGUX32
-rw-r--r--OS/unsupported/Makefile-DragonFly31
-rw-r--r--OS/unsupported/Makefile-GNUkFreeBSD29
-rw-r--r--OS/unsupported/Makefile-GNUkNetBSD29
-rw-r--r--OS/unsupported/Makefile-HI-OSF8
-rw-r--r--OS/unsupported/Makefile-HI-UX12
-rw-r--r--OS/unsupported/Makefile-HP-UX27
-rw-r--r--OS/unsupported/Makefile-HP-UX-915
-rw-r--r--OS/unsupported/Makefile-IRIX12
-rw-r--r--OS/unsupported/Makefile-IRIX613
-rw-r--r--OS/unsupported/Makefile-IRIX63216
-rw-r--r--OS/unsupported/Makefile-IRIX6516
-rw-r--r--OS/unsupported/Makefile-NetBSD27
-rw-r--r--OS/unsupported/Makefile-NetBSD-a.out24
-rw-r--r--OS/unsupported/Makefile-OSF110
-rw-r--r--OS/unsupported/Makefile-OpenUNIX17
-rw-r--r--OS/unsupported/Makefile-QNX30
-rw-r--r--OS/unsupported/Makefile-SCO28
-rw-r--r--OS/unsupported/Makefile-SCO_SV34
-rw-r--r--OS/unsupported/Makefile-SunOS416
-rw-r--r--OS/unsupported/Makefile-SunOS5-hal18
-rw-r--r--OS/unsupported/Makefile-ULTRIX18
-rw-r--r--OS/unsupported/Makefile-UNIX_SV24
-rw-r--r--OS/unsupported/Makefile-USG33
-rw-r--r--OS/unsupported/Makefile-Unixware732
-rw-r--r--OS/unsupported/Makefile-mips16
-rw-r--r--OS/unsupported/README14
-rw-r--r--OS/unsupported/os.c-BSDI19
-rw-r--r--OS/unsupported/os.c-HI-OSF35
-rw-r--r--OS/unsupported/os.c-HP-UX16
-rw-r--r--OS/unsupported/os.c-IRIX118
-rw-r--r--OS/unsupported/os.c-IRIX6118
-rw-r--r--OS/unsupported/os.c-IRIX632118
-rw-r--r--OS/unsupported/os.c-IRIX65118
-rw-r--r--OS/unsupported/os.c-OSF136
-rw-r--r--OS/unsupported/os.c-cygwin531
-rw-r--r--OS/unsupported/os.h-AIX27
-rw-r--r--OS/unsupported/os.h-BSDI15
-rw-r--r--OS/unsupported/os.h-DGUX28
-rw-r--r--OS/unsupported/os.h-DragonFly13
-rw-r--r--OS/unsupported/os.h-GNUkFreeBSD25
-rw-r--r--OS/unsupported/os.h-GNUkNetBSD25
-rw-r--r--OS/unsupported/os.h-HI-OSF12
-rw-r--r--OS/unsupported/os.h-HI-UX21
-rw-r--r--OS/unsupported/os.h-HP-UX34
-rw-r--r--OS/unsupported/os.h-HP-UX-923
-rw-r--r--OS/unsupported/os.h-IRIX17
-rw-r--r--OS/unsupported/os.h-IRIX616
-rw-r--r--OS/unsupported/os.h-IRIX63218
-rw-r--r--OS/unsupported/os.h-IRIX6516
-rw-r--r--OS/unsupported/os.h-NetBSD28
-rw-r--r--OS/unsupported/os.h-NetBSD-a.out5
-rw-r--r--OS/unsupported/os.h-OSF116
-rw-r--r--OS/unsupported/os.h-OpenUNIX19
-rw-r--r--OS/unsupported/os.h-QNX24
-rw-r--r--OS/unsupported/os.h-SCO21
-rw-r--r--OS/unsupported/os.h-SCO_SV19
-rw-r--r--OS/unsupported/os.h-SunOS439
-rw-r--r--OS/unsupported/os.h-SunOS5-hal14
-rw-r--r--OS/unsupported/os.h-ULTRIX18
-rw-r--r--OS/unsupported/os.h-UNIX_SV25
-rw-r--r--OS/unsupported/os.h-USG19
-rw-r--r--OS/unsupported/os.h-Unixware718
-rw-r--r--OS/unsupported/os.h-cygwin41
-rw-r--r--OS/unsupported/os.h-mips27
-rw-r--r--README350
-rw-r--r--README.DSN141
-rw-r--r--README.UPDATING867
-rw-r--r--conf2
-rw-r--r--doc/ChangeLog7790
-rw-r--r--doc/DANE-draft-notes11
-rw-r--r--doc/Exim3.upgrade671
-rw-r--r--doc/Exim4.upgrade1730
-rw-r--r--doc/GnuTLS-FAQ.txt414
-rw-r--r--doc/NewStuff1394
-rw-r--r--doc/OptionLists.txt1081
-rw-r--r--doc/README65
-rw-r--r--doc/README.SIEVE343
-rw-r--r--doc/cve-2016-966395
-rw-r--r--doc/cve-2019-1391746
-rw-r--r--doc/cve-2019-15846/cve.txt45
-rw-r--r--doc/cve-2019-15846/mitre.mbx84
-rw-r--r--doc/cve-2019-15846/posting-0.txt59
-rw-r--r--doc/cve-2019-15846/posting-1.txt59
-rw-r--r--doc/cve-2019-15846/posting-2.txt44
-rw-r--r--doc/cve-2019-15846/qualys.mbx175
-rw-r--r--doc/dbm.discuss.txt320
-rw-r--r--doc/exim.81730
-rw-r--r--doc/experimental-spec.txt866
-rw-r--r--doc/filter.txt1725
-rw-r--r--doc/openssl.txt165
-rw-r--r--doc/spec.txt38691
-rw-r--r--exim_monitor/EDITME179
-rw-r--r--exim_monitor/em_StripChart.c504
-rw-r--r--exim_monitor/em_TextPop.c767
-rw-r--r--exim_monitor/em_globals.c236
-rw-r--r--exim_monitor/em_hdr.h326
-rw-r--r--exim_monitor/em_init.c237
-rw-r--r--exim_monitor/em_log.c411
-rw-r--r--exim_monitor/em_main.c944
-rw-r--r--exim_monitor/em_menu.c994
-rw-r--r--exim_monitor/em_queue.c828
-rw-r--r--exim_monitor/em_strip.c266
-rw-r--r--exim_monitor/em_text.c73
-rw-r--r--exim_monitor/em_version.c54
-rw-r--r--exim_monitor/em_xs.c45
-rwxr-xr-xscripts/Configure10
-rwxr-xr-xscripts/Configure-Makefile340
-rwxr-xr-xscripts/Configure-config.h60
-rwxr-xr-xscripts/Configure-eximon51
-rwxr-xr-xscripts/Configure-os.c30
-rwxr-xr-xscripts/Configure-os.h51
-rwxr-xr-xscripts/MakeLinks133
-rwxr-xr-xscripts/arch-type74
-rwxr-xr-xscripts/exim_install472
-rwxr-xr-xscripts/lookups-Makefile197
-rwxr-xr-xscripts/newer21
-rwxr-xr-xscripts/os-type164
-rwxr-xr-xscripts/reversion127
-rw-r--r--scripts/source_checks52
-rw-r--r--src/EDITME1496
-rw-r--r--src/acl.c4580
-rw-r--r--src/aliases.default40
-rw-r--r--src/arc.c1878
-rw-r--r--src/auths/Makefile45
-rw-r--r--src/auths/README98
-rw-r--r--src/auths/auth-spa.c1524
-rw-r--r--src/auths/auth-spa.h92
-rw-r--r--src/auths/call_pam.c205
-rw-r--r--src/auths/call_pwcheck.c121
-rw-r--r--src/auths/call_radius.c233
-rw-r--r--src/auths/check_serv_cond.c124
-rw-r--r--src/auths/cram_md5.c360
-rw-r--r--src/auths/cram_md5.h31
-rw-r--r--src/auths/cyrus_sasl.c511
-rw-r--r--src/auths/cyrus_sasl.h35
-rw-r--r--src/auths/dovecot.c521
-rw-r--r--src/auths/dovecot.h30
-rw-r--r--src/auths/external.c155
-rw-r--r--src/auths/external.h32
-rw-r--r--src/auths/get_data.c253
-rw-r--r--src/auths/get_no64_data.c47
-rw-r--r--src/auths/gsasl_exim.c982
-rw-r--r--src/auths/gsasl_exim.h53
-rw-r--r--src/auths/heimdal_gssapi.c617
-rw-r--r--src/auths/heimdal_gssapi.h38
-rw-r--r--src/auths/plaintext.c179
-rw-r--r--src/auths/plaintext.h31
-rw-r--r--src/auths/pwcheck.c454
-rw-r--r--src/auths/pwcheck.h27
-rw-r--r--src/auths/spa.c376
-rw-r--r--src/auths/spa.h38
-rw-r--r--src/auths/tls.c94
-rw-r--r--src/auths/tls.h30
-rw-r--r--src/auths/xtextdecode.c57
-rw-r--r--src/auths/xtextencode.c57
-rw-r--r--src/base64.c296
-rw-r--r--src/blob.h15
-rw-r--r--src/bmi_spam.c473
-rw-r--r--src/bmi_spam.h22
-rw-r--r--src/buildconfig.c986
-rw-r--r--src/child.c539
-rw-r--r--src/cnumber.h1
-rw-r--r--src/config.h.defaults232
-rw-r--r--src/configure.default996
-rwxr-xr-xsrc/convert4r3.src1382
-rwxr-xr-xsrc/convert4r4.src2527
-rw-r--r--src/crypt16.c77
-rw-r--r--src/daemon.c2475
-rw-r--r--src/dane-openssl.c1719
-rw-r--r--src/dane.c48
-rw-r--r--src/danessl.h47
-rw-r--r--src/dbfn.c718
-rw-r--r--src/dbfunctions.h33
-rw-r--r--src/dbstuff.h823
-rw-r--r--src/dcc.c464
-rw-r--r--src/dcc.h16
-rw-r--r--src/debug.c398
-rw-r--r--src/deliver.c8655
-rw-r--r--src/directory.c92
-rw-r--r--src/dkim.c891
-rw-r--r--src/dkim.h32
-rw-r--r--src/dkim_transport.c411
-rw-r--r--src/dmarc.c640
-rw-r--r--src/dmarc.h61
-rw-r--r--src/dns.c1344
-rw-r--r--src/drtables.c818
-rw-r--r--src/dummies.c152
-rw-r--r--src/enq.c122
-rw-r--r--src/environment.c83
-rw-r--r--src/exicyclog.src350
-rw-r--r--src/exigrep.src376
-rw-r--r--src/exim.c5787
-rw-r--r--src/exim.h603
-rwxr-xr-xsrc/exim_checkaccess.src181
-rw-r--r--src/exim_dbmbuild.c548
-rw-r--r--src/exim_dbutil.c1377
-rw-r--r--src/exim_lock.c664
-rw-r--r--src/eximon.src221
-rw-r--r--src/eximstats.src4246
-rw-r--r--src/exinext.src262
-rw-r--r--src/exipick.src1841
-rw-r--r--src/exiqgrep.src211
-rw-r--r--src/exiqsumm.src178
-rw-r--r--src/exiwhat.src145
-rw-r--r--src/expand.c8689
-rw-r--r--src/filter.c2596
-rw-r--r--src/filtertest.c281
-rw-r--r--src/functions.h1185
-rw-r--r--src/globals.c1674
-rw-r--r--src/globals.h1088
-rw-r--r--src/hash.c844
-rw-r--r--src/hash.h83
-rw-r--r--src/header.c467
-rw-r--r--src/host.c3404
-rw-r--r--src/imap_utf7.c211
-rw-r--r--src/ip.c863
-rw-r--r--src/local_scan.c65
-rw-r--r--src/local_scan.h238
-rw-r--r--src/log.c1464
-rw-r--r--src/lookupapi.h62
-rw-r--r--src/lookups/Makefile74
-rw-r--r--src/lookups/README181
-rw-r--r--src/lookups/cdb.c502
-rw-r--r--src/lookups/dbmdb.c291
-rw-r--r--src/lookups/dnsdb.c605
-rw-r--r--src/lookups/dsearch.c196
-rw-r--r--src/lookups/ibase.c583
-rw-r--r--src/lookups/json.c195
-rw-r--r--src/lookups/ldap.c1626
-rw-r--r--src/lookups/ldap.h13
-rw-r--r--src/lookups/lf_check_file.c113
-rw-r--r--src/lookups/lf_functions.h20
-rw-r--r--src/lookups/lf_quote.c63
-rw-r--r--src/lookups/lf_sqlperform.c175
-rw-r--r--src/lookups/lmdb.c161
-rw-r--r--src/lookups/lsearch.c487
-rw-r--r--src/lookups/mysql.c502
-rw-r--r--src/lookups/nis.c140
-rw-r--r--src/lookups/nisplus.c294
-rw-r--r--src/lookups/oracle.c630
-rw-r--r--src/lookups/passwd.c92
-rw-r--r--src/lookups/pgsql.c510
-rw-r--r--src/lookups/readsock.c319
-rw-r--r--src/lookups/redis.c471
-rw-r--r--src/lookups/spf.c159
-rw-r--r--src/lookups/sqlite.c190
-rw-r--r--src/lookups/testdb.c105
-rw-r--r--src/lookups/whoson.c102
-rw-r--r--src/lss.c142
-rw-r--r--src/macro_predef.c322
-rw-r--r--src/macro_predef.h26
-rw-r--r--src/macros.h1108
-rw-r--r--src/malware.c2299
-rw-r--r--src/match.c1347
-rw-r--r--src/md5.c355
-rw-r--r--src/memcheck.h277
-rw-r--r--src/mime.c802
-rw-r--r--src/mime.h44
-rw-r--r--src/moan.c874
-rw-r--r--src/mytypes.h141
-rw-r--r--src/os.c968
-rw-r--r--src/osfunctions.h43
-rw-r--r--src/parse.c2257
-rw-r--r--src/pdkim/Makefile19
-rw-r--r--src/pdkim/README9
-rw-r--r--src/pdkim/config.h4
-rw-r--r--src/pdkim/crypt_ver.h33
-rw-r--r--src/pdkim/pdkim.c2118
-rw-r--r--src/pdkim/pdkim.h369
-rw-r--r--src/pdkim/pdkim_hash.h38
-rw-r--r--src/pdkim/signing.c899
-rw-r--r--src/pdkim/signing.h97
-rw-r--r--src/perl.c197
-rw-r--r--src/queue.c1572
-rw-r--r--src/rda.c994
-rw-r--r--src/readconf.c4483
-rw-r--r--src/receive.c4470
-rw-r--r--src/regex.c208
-rw-r--r--src/retry.c935
-rw-r--r--src/rewrite.c814
-rw-r--r--src/rfc2047.c345
-rw-r--r--src/route.c2053
-rw-r--r--src/routers/Makefile43
-rw-r--r--src/routers/README57
-rw-r--r--src/routers/accept.c142
-rw-r--r--src/routers/accept.h31
-rw-r--r--src/routers/dnslookup.c478
-rw-r--r--src/routers/dnslookup.h42
-rw-r--r--src/routers/ipliteral.c206
-rw-r--r--src/routers/ipliteral.h34
-rw-r--r--src/routers/iplookup.c422
-rw-r--r--src/routers/iplookup.h41
-rw-r--r--src/routers/manualroute.c493
-rw-r--r--src/routers/manualroute.h39
-rw-r--r--src/routers/queryprogram.c559
-rw-r--r--src/routers/queryprogram.h40
-rw-r--r--src/routers/redirect.c913
-rw-r--r--src/routers/redirect.h77
-rw-r--r--src/routers/rf_change_domain.c84
-rw-r--r--src/routers/rf_expand_data.c48
-rw-r--r--src/routers/rf_functions.h31
-rw-r--r--src/routers/rf_get_errors_address.c132
-rw-r--r--src/routers/rf_get_munge_headers.c122
-rw-r--r--src/routers/rf_get_transport.c96
-rw-r--r--src/routers/rf_get_ugid.c80
-rw-r--r--src/routers/rf_lookup_hostlist.c262
-rw-r--r--src/routers/rf_queue_add.c108
-rw-r--r--src/routers/rf_self_action.c123
-rw-r--r--src/routers/rf_set_ugid.c44
-rw-r--r--src/search.c861
-rw-r--r--src/setenv.c58
-rw-r--r--src/sha_ver.h47
-rw-r--r--src/sieve.c3649
-rw-r--r--src/smtp_in.c5954
-rw-r--r--src/smtp_out.c827
-rw-r--r--src/spam.c650
-rw-r--r--src/spam.h38
-rw-r--r--src/spf.c411
-rw-r--r--src/spf.h38
-rw-r--r--src/spool_in.c1000
-rw-r--r--src/spool_mbox.c246
-rw-r--r--src/spool_out.c548
-rw-r--r--src/srs.c233
-rw-r--r--src/srs.h29
-rw-r--r--src/std-crypto.c1022
-rw-r--r--src/store.c861
-rw-r--r--src/store.h65
-rw-r--r--src/string.c1814
-rw-r--r--src/structs.h941
-rw-r--r--src/tls-cipher-stdname.c393
-rw-r--r--src/tls-gnu.c3604
-rw-r--r--src/tls-openssl.c4128
-rw-r--r--src/tls.c483
-rw-r--r--src/tlscert-gnu.c481
-rw-r--r--src/tlscert-openssl.c531
-rw-r--r--src/tod.c239
-rw-r--r--src/transport-filter.src93
-rw-r--r--src/transport.c2298
-rw-r--r--src/transports/Makefile27
-rw-r--r--src/transports/README41
-rw-r--r--src/transports/appendfile.c3318
-rw-r--r--src/transports/appendfile.h99
-rw-r--r--src/transports/autoreply.c825
-rw-r--r--src/transports/autoreply.h45
-rw-r--r--src/transports/lmtp.c809
-rw-r--r--src/transports/lmtp.h32
-rw-r--r--src/transports/pipe.c1145
-rw-r--r--src/transports/pipe.h51
-rw-r--r--src/transports/queuefile.c278
-rw-r--r--src/transports/queuefile.h29
-rw-r--r--src/transports/smtp.c5502
-rw-r--r--src/transports/smtp.h209
-rw-r--r--src/transports/smtp_socks.c418
-rw-r--r--src/transports/tf_maildir.c584
-rw-r--r--src/transports/tf_maildir.h20
-rw-r--r--src/tree.c392
-rw-r--r--src/utf8.c271
-rw-r--r--src/valgrind.h4797
-rw-r--r--src/verify.c3924
-rw-r--r--src/version.c68
-rw-r--r--src/version.h7
-rw-r--r--src/version.sh3
-rw-r--r--util/.gitignore2
-rw-r--r--util/README40
-rwxr-xr-xutil/chunking_fixqueue_finalnewlines.pl160
-rwxr-xr-xutil/cramtest.pl60
-rw-r--r--util/gen_pkcs3.c266
-rwxr-xr-xutil/logargs.sh26
-rwxr-xr-xutil/mkcdb.pl93
-rwxr-xr-xutil/ocsp_fetch.pl84
-rw-r--r--util/proxy_protocol_client.pl251
-rw-r--r--util/ratelimit.pl159
-rwxr-xr-xutil/renew-opendmarc-tlds.sh128
-rwxr-xr-xutil/unknownuser.sh32
409 files changed, 255883 insertions, 0 deletions
diff --git a/.ctags b/.ctags
new file mode 100644
index 0000000..c764086
--- /dev/null
+++ b/.ctags
@@ -0,0 +1,2 @@
+--recurse
+--exclude=build-*
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..554385c
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+ACKNOWLEDGMENTS encoding=utf-8
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..8965c11
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+Local
+build-*
+tags
+cscope.*
diff --git a/ABOUT b/ABOUT
new file mode 100644
index 0000000..8d204b5
--- /dev/null
+++ b/ABOUT
@@ -0,0 +1,9 @@
+Exim repository: src
+--------------------
+
+This directory contains everything that is included in an Exim distribution
+tarball, with the exception of the doc directory and an empty Local directory.
+You can build Exim from the contents of this directory by adding a Local
+directory that contains appropriate configuration files.
+
+End
diff --git a/ACKNOWLEDGMENTS b/ACKNOWLEDGMENTS
new file mode 100644
index 0000000..22e9909
--- /dev/null
+++ b/ACKNOWLEDGMENTS
@@ -0,0 +1,475 @@
+EXIM ACKNOWLEDGEMENTS
+
+This file is divided into two parts. The first is the original list maintained
+by Exim's author, Philip Hazel, before he retired. That has two sub-lists of
+contributors. The second main part is an attempt to bring this up-to-date,
+using information from ChangeLog and git.
+
+Names may well occur more than once.
+
+There was a five year gap. It is unlikely that this file is complete.
+If you contributed and are not listed, then *please* let us know. Even if you
+don't much care, we want to acknowledge your help. A contribution isn't just
+code, it includes reporting real bugs, helping with tracking problems down,
+documentation fixes and more.
+
+(Note that we have patches from folks in various countries and Latin1 is not
+ sufficient to handle all of their names acceptably.
+ This file should be in UTF-8).
+
+-Phil Pennock, pp The Exim Maintainers.
+
+============================8< cut here >8==============================
+
+I have not been very good at keeping a proper record of all the people who have
+sent in patches and other contributions to Exim. I am going to try to do better
+in the future by keeping a record in this file. First, I'll put a list of all
+those I can recover from the past; then I'll create a new list to which I'll
+add new contributors in future. Some regular contributors may appear in both.
+
+I'm going to record people who send in actual patches or who help in detailed
+ways. I'm not going to list people who just make a suggestion or report a
+bug. I hope that is a reasonable approach.
+
+If you should be on one of these lists and are not, please accept my apologies,
+and let me know! Any omissions are solely due to my incompetence. In
+particular, the "past" list has certainly lost the names of people who sent in
+relatively small patches.
+
+Philip Hazel
+
+Lists created: 20 November 2002
+Last updated (by PH): 22 August 2007
+
+THE OLD LIST
+
+Alan Barratt First code for relay checking
+Malcolm Beattie Interface to embedded Perl
+Philip Blundell First support for IPv6
+Piete Brooks Running the first live version
+ Implementing multiple-system compilation
+Matthew Byng-Maddick First code for dsearch lookup
+Steve Campbell Extensions to eximstats
+ Steve is now the maintainer of eximstats
+Brian Candler LDAP support enhancement
+Petr Cech PostgreSQL interface
+Steve Clarke Best way to find the load average in Linux
+Energis Ltd Resources for the exim.org site
+Yann Golanski Numerical hash function
+Jason Gunthorpe IPv6 support (Linux)
+Michael Haardt LDAP support enhancement
+Steve Haslam First code for TLS
+Kjetil Torgrim Homme Suggested patch for macro extensions
+John Horne Proof-reading documentation (repeatedly)
+Pierre Humblet Cygwin support
+Paul Kelly MySQL interface
+ First code for Oracle interface
+Ian Kirk Radius support
+Stuart Levy Replacement for broken inet_ntoa() on IRIX
+Stuart Lynne First code for LDAP
+Nigel Metheringham Setting up the website and mailing list
+ Managing the website and mailing list
+ Interface to Berkeley DB
+ Support for cdb
+ Support for maildir
+Barry Pederson LDAP support enhancement
+Marc Prud'hommeaux SPA client authentication
+Alexander Sabourenkov pwcheck daemon support
+Peter Savitch LDAP support enhancement
+Robert Wal whoson lookup
+Joachim Wieland Researching strace and stolen subprocesses in Linux
+
+
+THE NEW LIST
+
+Alexander Alekseev Use of function attribute checks in gcc
+Justo Alonso Suggested patch for maildir++ maildirsize file support
+Anton Altaparmakov Patches to get cyrus_sasl fully working
+Simon Arlott Patch for $dnslist_matched.
+Claus Assmann Example code for OpenSSL CRL support
+Warren Baker Experimental Redis lookup.
+Robert Bannocks Patch for LDAP reference problem on Solaris
+Ian Bell Analysis of a bug and an infelicity in clock tick code
+ Patch for ${quote_local_part
+Peter Benie A number mistakes found by analysing the code
+Johannes Berg Suggested patch for authentication client $auth<n> support
+ Suggested patch for acl_not_smtp_start
+Matt Bernstein LMTP over socket
+ Suggested patch for dnslists '&' feature
+Mike Bethune Help with debugging an elusive ALRM signal bug
+Ard Biesheuvel Lookup code for accessing an Interbase database
+Richard Birkett Fix for empty -f address crash
+Dean Brooks Fix for ratelimit per_rcpt in acl_not_smtp.
+Nick Burrett Patch for CONFIGURE_FILE_USE_EUID in exicyclog
+Matthew Byng-Maddick Patch for qualify_domain in redirect router
+ Patch for ignore_target_hosts in ipliteral router
+ The cyrus_sasl authenticator
+Steve Campbell eximstats extensions and continued maintenance
+Brian Candler Use h_errno for gethostbyname()
+ Suggested patch for .ifdef etc
+ Several minor fixes and suggestions
+Pete Carah Patch for change to radiusclient API
+Oliver Cook Suggested patch for exigrep & rejected messages
+ Patch to add sender/host info to local_scan() rejects
+ Suggested patch to add queue time to "Completed"
+Ted Cooper Suggested patch for NOTQUIT ACL
+Jennifer Corley Designing the new Exim logo
+John Dalbec Patch for quota_warn_threshold bug
+Vivek Dasmohapatra Suggested patch for CRL support
+Dennis Davis Suggested server_condition for all authenticators
+Andrew Doran Patch for NetBSD configuration files
+ Patch for ifreq alignment and size problems
+Michael Deutschmann Suggested patch for treating bind() failure like connect()
+ Patch for $sender_data and $recipient_data
+ Suggested patch for null address match lookup bug
+ Suggested patch for verify = not_blind
+ Patch for alternate TXT lookup in DNS lists
+Oliver Eikemeier Patch to skip Received: if expansion is empty
+ Patch for "eqi"
+Nico Erfurth Fix for bug in ${readfile}
+ Patch for router_home_directory
+ Patch for ACL crash (try to test sender after ETRN)
+ Suggested patch for lookup search bug
+ Suggested patch for advertise_condition
+ Patch for missing HELO in checkaccess
+ Patch for raw headers
+ Patch for lsearch lookups tidying
+ Patch for .include_if_exists
+ Patch for partial- not recognized in host list
+ Lots more patches for bug fixes, enhancements, and
+ code refactorings - too many to record details!
+Jochen Erwied Fix for BDB 4.1 API
+Stefan Esser Fix for DNS RR parsing bug
+Peter Evans Suggested using modification time of "new" for time
+ of "mailbox last read" for maildir
+Andrew Findlay Patch to close writing end of ${readsocket
+Michael Fischer
+ v. Mollard Suggested patch for exigrep -t option
+Kevin Fleming Callout cache code
+ Patch for authenticated_sender
+Tony Finch Expansion extensions
+ Timezone addition to log timestamps
+ A number of useful code criticisms
+ Timezone patch for exiwhat
+ Patch for more daemon exiwhat information
+ Patch for -dd
+ Patch for mxh lookup type in dnsdb
+ Patch for defer_foo in dndsb
+ Patch for ${dlfunc
+ Patch for $message_linecount
+ ... and many more
+Graeme Fowler Suggested patch for /noupdate with ratelimit
+Ian Freislich Patch for spamd timeout problem
+Giuliano Gavazzi Patches for OSX compilation
+Dominic Germain Patch for exiqgrep MacOS X bug
+Oliver Gorwits $load_average patch
+ Patch for additional syslog facilities
+James Grinter Suggested patches for header manipulation functions
+ and recipient remove for local_scan() use
+Lukasz Grochal Patch for saslauthd buglet
+Pavel Gulchouck Diagnosis of return_path_on_delivery crash
+Michael Haardt Tidies to make the code stricter
+ Refactoring to allow for other filter types
+ Suggested patch for appendfile "folder" extension
+ Module to support Sieve (RFC 3028) filters and
+ continued maintenance of same
+ Patch for faster sort algorithm in queue.c
+ Patch for LDAP timeout handling
+ ... and several more
+Thomas Hager Patch for saslauthd crash bug
+Richard Hall Fix for file descriptor leak in redirection
+ Fix for exiqsumm output corner case
+Jori Hamalainen Patch to add features to exiqsumm
+ Patch to speed up exigrep
+Steve Haslam Lots of stuff, including
+ HMAC computations
+ Better error messages for BDB
+Sheldon Hearn Suggested patch for smtp_accept_max_nonmail_hosts
+ Fix for compile error with OpenSSL 0.9.8e
+Bryan Henderson Patch to use RM_COMMAND everywhere during building
+Jakob Hirsch Patch for % operator
+ Patch for arbitrarily named ACL variables
+Magnus Holmgren Patch for filter_prepend_home
+ Patch for "h" flag in Domain Keys
+ Patch for $sending_ip_address/$sending_port
+ Patch for ${rfc2047d:
+ ... and several more
+ Lots of other maintenance support
+Kjetil Torgrim Homme Patch for require_files problem on NFS file systems
+Tom Hughes Suggested patch for $n bug in pipe command from filter
+Pierre Humblet Continued Cygwin support
+Peter Ilieve Suggested patch for lookup search bug
+John Jetmore Writing and maintaining the 'exipick' utility
+ Much helpful testing of the test suite & elsewhere
+ Patch for -Mset
+ Patch for TLS testing with -bh/-bhc/-bs
+ Patch for exigrep -v functionality
+Bob Johannessen Patch for Sieve envelope tests bug
+ Patch for negative uid/gid bug
+Brad Jorsch Patch for bitwise logical operators
+ Patch for using "message" on acceptance
+ Patch to add == and =& to dnslists
+Christian Kellner Patch for LDAP dereferencing
+Alex Kiernan Patches for libradius
+ Diagnosis of milliwait clock-backwards bug
+ Patch for BDB 4.3 API change
+Tom Kistner SPA server code
+ Writing and maintaining the content scanning
+ extension (exiscan)
+Jürgen Kreileder Fix for cyrus_sasl advertisement problem
+Friso Kuipers Patch for GDBM problem
+Matthias Lederhofer Diagnosing and patching obscure and subtle socket bug
+Chris Liddiard Fix for bug in exiqsumm
+Chris Lightfoot Patch for -restore-times in exim_lock
+Edgar Lovecraft Patch for ${str2b64:
+Torsten Luettgert Suggested patch for proper integer overflow detection
+Todd Lyons Patch to add DMARC support using OpenDMARC libs/tools
+David Madole Patch for SPA forced expansion failure bug
+Lars Mainka Patch for OpenSSL crl collections
+Andrey Malyshev Patch for $address_data after redirection bug
+Lionel Elie Mamane Patch for IPv4/IPv6 listen() problem on USAGI Linux
+ Patch for recognizing IPv6 "scoped addresses"
+ Patch for callout caching bug
+Everton da Silva Marques Suggested patch for SRV handling
+ Suggested patch for SRV/MX lookup retry option
+Nikos Mavrogiannopoulos GnuTLS proof of concept code
+ Update to RSA and D-H parameter caching code
+Komar Maxim Patch for check_rfc2047_length
+Andy Mell Fix for rejectlog regeneration bug
+Marc Merlin Many suggestions and patches for callouts and
+ SMTP error message features
+Andreas Metzler Patch for message_id_header_domain
+ Suggested patch for multi-config files in scripts bug
+ GnuTLS non-existent parameter file bug fix
+Alex Miller Suggested readline() patch
+ Patch for LDAP_RES_SEARCH_REFERENCE handling
+ Support for the DrWeb content scanner
+Arkadiusz Miskiewicz Patch to add timeout to reads in malware.c
+Martin Mrazik Patches for problems in the test suite
+Andreas Mueller Patch for logging uncompleted SMTP transactions
+Pete Naylor Patch for LDAP TCP connect timeout setting
+Alexander Newmann Diagnosing and patching obscure and subtle socket bug
+Matthew Newton Patch for exicyclog log location problem
+Marcin Owsiany Diagnosis of a tricky timeout failure bug
+Andrey Panin Dovecot authenticator
+Eric Parusel Patch for tls_remember_esmtp
+Gaige Paulsen Amended Darwin config files
+Richard Premdas Patch for PAM buglet
+Jason Pyeron Suggested patch for ignoring Sendmail's -O option
+Axel Rau Patch for Transport Post Delivery sql logging
+Mark Rigby-Jones Patch for race condition during MBX locking
+Robert Roselius Patch for OpenSSL workaround for bad clients
+Larry Rosenman OpenUNIX config files
+Alexander Sabourenkov Patch to add saslauthd daemon support
+ Patch for MySQL non-data queries
+David Saez Suggested patch for $sender_hostname lookup if needed
+ Support for the clamd virus scanner
+ Suggested patch for increased number of ACL variables
+Jonathan Sambrook Suggested patch for expanding uid and gid lists
+Peter Savitch Diagnosis of FPE bug when statvfs() fails on spool
+Harald Schueler Patch for dn_expand() failure on truncated data
+Heiko Schlichting Diagnosis of intermittent daemon crash bug
+Heiko Schlitterman Proposed patch for +pid
+Stephan Schulz Patch for $host_data caching error
+Lai Zit Seng Patch for radiusclient 0.4.9 interface bugs
+Tony Sheen Log files with datestamped names and auto rollover
+Martin Sluka Patch for exigrep to include non-message lines
+Adam Stephens Suggested patch for IGNOREQUOTA in LMTP
+Russell Stuart Diagnosis of obscure batch multiple delivery bug
+Tamas Tevesz Patch for crypt16() support
+Johan Thelmen Support for the F-Secure virus scanner
+William Thompson Suggested patch for acl_smtp_helo
+ Suggested patch for nested ACL "drop" bug
+ Suggested patch for continuation lines in file ACLs
+ Patch for != support in DNS lists
+Adam Thornton Patch for SMTP port expansion
+Daniel Tiefnig Much helpful testing of the test suite
+Rein Tollevik Patch to fix search cache missing tidyup
+Stefan Traby Threaded Perl support
+Samuli Tuomola OS files for QNX 6.2.0
+Dave Turner Suggested patch for sender rewriting brokenness
+Steve Usher Unbuffered I/O patch for Dovecot authentication
+Carlos Villegas Suggested patch for "headers" in filter files
+Matthias Waffenschmidt Patch for build-time Perl bug in configure script
+ Queue run abandon log message tidy up
+Norihisa Washitake Suggested patch for RFC 2047 header decoding
+Chris Webb Patch for support of an SPF lookup method.
+Florian Weimer Patch for minor format string issue
+ Noticing the unwanted (and time-wasting) GnuTLS
+ RSA_EXPORT code, and supplying a patch to remove it
+Joachim Wieland Patches for PostgreSQL socket support and other
+ PostgreSQL functionality
+ Patch for hosts_avoid_esmtp
+Stephen Wilcox Patch for ignore_enotdir problem
+Alain Williams Suggested patch for exicyclog options
+ PATCH for LDAP referrals option
+David Woodhouse SQLite support proof of concept code
+ control=freeze/no_tell basic code
+Erik ? patch to use select() instead of poll() on OS X
+****
+
+============================8< cut here >8==============================
+
+The Exim Maintainers Lists
+==========================
+
+We'll start with the Exim Maintainers, who are the people with commit
+access to the master git repository and a couple more folk; then we'll list
+known contributors since the lists above. Then we list the folks who work
+to make Exim available on various operating systems as porters/packagers.
+
+For the Maintainers, we may list primary focus area. All maintainers
+will have contributed to work outside those areas. The maintainers'
+contributions are initialled in ChangeLog. Changes from before maintainership
+should be listed as a contributor.
+
+For other contributors, we will attempt to track all contributions. Note that
+the entries per-person were added initially by scanning back through the
+ChangeLog and git, so are not in chronological order.
+
+[ With names from all over the world, we need one sort order. I've arbitrarily
+ decreed it to be "normal British address-book sort order, but based on family
+ name rather than whichever comes last and using whatever seems sanest for
+ sort order of characters which do not collate onto an English character",
+ which should handle the majority of cases. If it is not adequate for some
+ situation, we'll resolve it then.
+ We leave out titles and honourifics, just names and handles. ]
+
+
+Maintainers
+-----------
+Steve Campbell eximstats maintainer.
+Mike Cardwell Exim webmaster.
+Tony Finch Unbreaks lots of things. Ratelimit code.
+Graeme Fowler
+Michael Haardt Maintains Sieve support, works on DKIM.
+Jeremy Harris
+Philip Hazel Retired.
+ Originating architect and author of the Exim project.
+John Jetmore
+Tom Kistner DKIM. Content scanning. SPA.
+Todd Lyons
+Nigel Metheringham Transitioning out of Default Victim status.
+Phil Pennock Mostly idle; some security bits still.
+David Woodhouse Dynamic modules. Security.
+
+
+Contributors
+------------
+Andrew Aitchison Spotted cmdline AV scanner regression with -bmalware
+Simon Arlott Code for outbound SSL-on-connect
+ Patch implementing %M datestamping in log filenames
+ Patch restoring SIGPIPE handler for child_open_uid
+ Patch fixing NUL term/init of DKIM strings
+ Patch fixing dnsdb TXT record handling for DKIM
+ Patch speeding up DomainKeys signing
+Warren Baker Found crash with MIME ACLs in non-SMTP local injection
+Dmitry Banschikov Path to check for LDAP TLS initialisation errors
+René Berber Pointed out mistake in build instructions for QNX
+Johannes Berg Maintained dynamically loadable module code out-of-tree
+ Patch expanding spamd_address if contains $
+Jasen Betts Spotted lack of docs re bool{} on empty string
+ and typo fixes
+Wolfgang Breyha DCC integration; expandable spamd_address
+ Patch handling IPv6 addresses for SPF
+ Patch fixing DKIM verification when signature header
+ not prepended
+ Unbroke Cyrus SASL auth after incorrect SSF addition
+ Logging of 8bitmime reception
+David Brownlee Patch improving local interface IP address detection
+Eugene Bujak Security patch fixing buffer overflow in string_format
+Adam Ciarcinski Patch for TLS-enabled LDAP (alternative to ldaps)
+Dennis Davis Patches fixing compilation in older compilers
+ Reported dynlookup framework build issues on Solaris
+Serge Demonchaux Maintained dynamically loadable module code out-of-tree
+ Patch fixing sign/unsigned and UTF mismatches
+Uwe Doering Patch fixing DKIM multiple signature generation
+Maxim Dounin Patch portability of accept() len
+Frank Elsner Fixed build reliability by exporting LC_ALL=C
+Paul Fisher Diagnosed smtp_cmd_buffer_size affecting GSSAPI SASL
+ initial response, raised buffer size
+ Patch adjusting connection_max_messages wait-DB usage
+Oliver Fleischmann Patches fixing compilation in older compilers
+Julian Gilbey Helped improve userforward local_part_suffix docs
+Richard Godbee Patch fixing usage fprintf
+Steve Haslam Maintained dynamically loadable module code out-of-tree
+Oliver Heesakkers Debugged dynamic lookup build issues for LOOKUP_foo.
+Dmitry Isaikin Spotted short writes to local files
+ Patch for format string regression
+Alun Jones Patch for NULL dereference in localhost_number
+Brad Jorsch Patches fixing Resent-*: header handling
+John Hall Updated PCRE to 7.4 (when in-tree)
+Jeremy Harris Patch to log authentication information in reject log
+ Reported a ${extract error message typo
+Jakob Hirsch Patch implementing freeze_signal on pipe transports
+ Suggested X-Envelope-Sender: for content-scanning
+ Patch fixing Base64 decode bugs
+John Horne Patch adding $av_failed
+ Patch escaping log text after lookup expansion defer
+ Documentation fixes
+ Pointed out ClamAV ExtendedDetectionInfo compat issue
+Regid Ichira Documentation fixes
+Andreas M. Kirchwitz Let /dev/null have normal permissions (4.73 fallout)
+J. Nick Koston Patch adding force_command pipe transport option
+Roberto Lima Patch letting exicyclog rotate paniclog
+Todd Lyons Patch handling TAB in MAIL arguments
+Christof Meerwald Provided insight & suggested patch for GnuTLS update
+Andreas Metzler Patch upgrading PolarSSL (DKIM)
+ Reported delivery logging problems (4.73 fallout)
+ Patch to build without WITH_CONTENT_SCAN
+ Patches fixing docs for max_rcpts, relay hosts/domains
+ Documentation fixes
+Kirill Miazine Multiple patches improving Dovecot authenticator
+Robert Millan Wrote SPF Best Guess support
+Marcin Mirosław Running static analysis tools for us, catching issues
+Dirk Mueller Patch extending use of our printf() compiler checking
+Andrey Oktyabrski Patch fixing wide character breakage in rfc2047 coding
+ Patch keeping SQL errors from being returned over SMTP
+Phil Pennock Patch adding gnutls_compat_mode
+ Patches adding bool{} and later bool_lax{}
+ Patch for TLS library version reporting build/runtime
+ Patch letting EXPN work under TLS
+ More patches built up & applied when became maintainer
+Mark Daniel Reidel Patch adding f-protd malware scanner support
+Steven A Reisman Pointed out ${eval:x % 0} SIGFPE
+Todd Rinaldo Patch fixing transport filter timeout
+Dan Rosenberg Security notification & patch for hardlink attack on
+ sticky mail directory
+ Security notification of race condition in MBX locking
+Jay Rouman Kept our copyright claim in the 21st century, not 11th
+ Drew attention to SSL docs and epoch issue on 32bit
+Heiko Schlittermann Patch making maildir_use_size_file expand
+ Patch fixing maildir quota file races
+ Patch fixing make parallelisation
+ Updates to eximstats, exiwhat
+Janne Snabb TLS extensive debugging & failure root cause analysis
+ Added SPF record type support to dnsdb lookup
+Jan Srzednicki Patch improving Dovecot authenticator
+ Reported crash in Dovecot authenticator
+Samuel Thibault Patch fixing IPv6 interface address detection on Hurd
+Martin Tscholak Reported issue with TLS anonymous ciphersuites
+Stephen Usher Patch fixing use of Oracle's LDAP libraries on Solaris
+Jasper Wallace Patch for LibreSSL compatibility
+Holger Weiß Patch leting ${run} return more data than OS pipe
+ buffer size
+Moritz Wilhelmy Pointed out PCRE_PRERELEASE glitch
+Alain Williams Patch supporting MySQL stored procedures
+Mark Zealey Patch updating $message_linecount for maildir_tag
+ Patch improving spamd server selection
+ Patch to allow multiple TCP clamd servers
+
+
+Packagers
+---------
+Mark Baker Debian, through Exim 3
+Hilko Bengen Debian, Exim 4, current(*) maintenance
+Tim Cutts Debian, initial packaging
+Marc Haber Debian, Exim 4, current(*) maintenance
+Steve Haslam Debian, Exim 4
+Andreas Metzler Debian, current(*) maintenance
+Christian Perrier Debian, current(*) maintenance
+
+(*) Current as of our last information as of release: Exim 4.82
+
+
+# vim: set fileencoding=utf-8 expandtab :
diff --git a/CHANGES b/CHANGES
new file mode 100644
index 0000000..6f8fd3b
--- /dev/null
+++ b/CHANGES
@@ -0,0 +1,10 @@
+Change Information for Exim
+---------------------------
+
+Complete lists of all changes to the code, including bug fixes, are listed in
+doc/ChangeLog, and documentation for changes that have not yet made it
+into the manual is available in doc/NewStuff. The ftp site has a directory
+called ChangeLogs which contains individual ChangeLog and NewStuff files for
+each separate release.
+
+****
diff --git a/CONTRIBUTING b/CONTRIBUTING
new file mode 100644
index 0000000..a5f7809
--- /dev/null
+++ b/CONTRIBUTING
@@ -0,0 +1,56 @@
+CONTRIBUTING TO EXIM
+====================
+
+Exim is an open-source project licensed under the GNU General Public License.
+At time of writing, all the developers work on Exim on a volunteer basis.
+We welcome patches and contributions. There is no copyright assignment
+policy; if you offer a patch, it is assumed to be under the GPL, of whichever
+version the main developers see fit to use.
+
+Mistakes or inadequacies in the documentation are treated as bugs. The main
+documentation is called "The Exim Specification" for a reason. So if you
+can't code there are still places where your help will be very appreciated.
+
+General discussion, requests for help, and initial "is this a bug?" questions
+go to <exim-users@exim.org>. Many suspected bugs turn out to not be bugs, so
+asking first is appreciated.
+
+Our main website is at http://www.exim.org/ and contains links to our wiki,
+where many frequent setups are walked through. You will also find our
+bug-tracking system linked there.
+
+Development takes place in part on exim-users, when bugs or missing features
+are spotted based on feedback from people actually using the product. In
+large part, discussion takes place on <exim-dev@exim.org>. While you can use
+the bug-tracking system, everyone working on Exim, a mail transfer agent, is
+comfortable dealing with just email too, so you can use whichever you're most
+comfortable with.
+
+If you have an idea for a new feature, please do raise it on exim-users first.
+
+Our code is maintained in a Git repository. The master repository, together
+with some others, can be found on http://git.exim.org/ and we welcome patches,
+whether of documentation or of code. If you have a request for a new feature
+and can accompany it with working code, then it stands a much greater chance
+of being incorporated in a timely manner.
+
+If you're planning on working on a major new feature or redesign, please do
+talk to us first.
+
+We do not have a formal code-review process, but posted patches are subject to
+being reworked before being pulled in, or requests for modification made;
+we're a small enough pool of developers that we rely on the good judgement and
+discretion of the committer rather than formal process.
+
+We prefer new features to be accompanied by documentation patches, but if no
+new documentation is provided, we can write it and, in the process, perhaps
+uncover issues to work over with you. Note that the PDF form of the
+documentation is faster to build than the TXT form.
+
+We do have a test harness and appreciate it if new features can be accompanied
+by new tests; if this is awkward for you, please do include sufficient
+description to allow someone else to write the test.
+
+
+-The Exim Maintainers
+ July 7th, 2010
diff --git a/LICENCE b/LICENCE
new file mode 100644
index 0000000..31d076d
--- /dev/null
+++ b/LICENCE
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/LICENSE.opendmarc b/LICENSE.opendmarc
new file mode 100644
index 0000000..e2ba06b
--- /dev/null
+++ b/LICENSE.opendmarc
@@ -0,0 +1,29 @@
+Copyright (c) 2009, 2010, 2012, The Trusted Domain Project.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ * Neither the name of The Trusted Domain Project nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+Portions of this project are also covered by the Sendmail Open Source
+License, available in this distribution in the file "LICENSE.Sendmail".
+See the copyright notice(s) in each file to determine whether or not it is
+covered by both licenses.
+
+THIS SOFTWARE IS PROVIDED BY THE OPENDKIM PROJECT ''AS IS'' AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE OPENDKIM PROJECT BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..3aa3cc3
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,113 @@
+# Top-level makefile for Exim; handles creating a build directory with
+# appropriate links, and then creating and running the main makefile in that
+# directory.
+
+# Copyright (c) University of Cambridge, 1995 - 2018
+# See the file NOTICE for conditions of use and distribution.
+
+# IRIX make uses the shell that is in the SHELL variable, which often defaults
+# to csh, so put this in to make it use the Bourne shell. In systems where
+# /bin/sh is not a Bourne-compatible shell, this line will have to be edited,
+# or "make" must be called with a different SHELL= setting.
+
+SHELL=/bin/sh
+RM_COMMAND=/bin/rm
+
+# The buildname defaults to "<os-type>-<arch-type>". It can be
+# overridden by the "build" parameter when invoking make (e.g. make
+# build=xxx) This does not provide an override for the OS type and
+# architecture type used during the build process; they still have to be
+# used for the OS-specific files. To override them, you can set the
+# shell variables OSTYPE and ARCHTYPE when running make.
+#
+# EXIM_BUILD_SUFFIX gets appended to the buildname. (This enables
+# parallel builds on a file system shared among different Linux distros
+# (same os-type, same arch-type). The ../test/runtest script honours the
+# EXIM_BUILD_SUFFIX when searching the Exim binary.)
+
+buildname=$${build:-`$(SHELL) scripts/os-type`-`$(SHELL) scripts/arch-type`}$${EXIM_BUILD_SUFFIX:+.$$EXIM_BUILD_SUFFIX}
+
+# The default target checks for the existence of Local/Makefile, that the main
+# makefile is built and up-to-date, and then it runs it.
+# If Local/Makefile-<buildname> exists, it is read too.
+
+all: Local/Makefile configure
+ @cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS)
+
+# This pair for the convenience of of the Debian maintainers
+exim: Local/Makefile configure
+ @cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS) exim
+utils: Local/Makefile configure
+ @cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS) utils
+
+Local/Makefile:
+ @echo ""
+ @echo "*** Please create Local/Makefile by copying src/EDITME and making"
+ @echo "*** appropriate changes for your site."
+ @echo ""
+ @test ! -d Local && mkdir Local
+ @false
+
+# This is separated off so that "make build-directory" can be obeyed on
+# its own if necessary.
+
+build-directory:
+ @builddir=build-$(buildname); \
+ case "$$builddir" in *UnKnown*) exit 1;; esac; \
+ $(SHELL) -c "test -d $$builddir -a -r $$builddir/version.c || \
+ (mkdir $$builddir; cd $$builddir; $(SHELL) ../scripts/MakeLinks)";
+
+checks:
+ $(SHELL) scripts/source_checks
+
+# The "configure" target ensures that the build directory exists, then arranges
+# to build the main makefile from inside the build directory, by calling the
+# Configure-Makefile script. This does its own dependency checking because of
+# the optional files.
+
+configure: checks build-directory
+ @cd build-$(buildname); \
+ build=$(build) $(SHELL) ../scripts/Configure-Makefile
+
+# The "makefile" target forces a rebuild of the makefile (as opposed to
+# "configure", which doesn't force it).
+
+makefile: build-directory
+ @cd build-$(buildname); $(RM_COMMAND) -f Makefile; \
+ build=$(build) $(SHELL) ../scripts/Configure-Makefile
+
+# The installation commands are kept in a separate script, which expects
+# to be run from inside the build directory.
+
+install: all
+ @cd build-$(buildname); \
+ build=$(build) $(SHELL) ../scripts/exim_install $(INSTALL_ARG)
+
+# Tidy-up targets
+
+clean:; @echo ""; echo '*** "make clean" just removes all .o and .a files'
+ @echo '*** Use "make makefile" to force a rebuild of the makefile'
+ @echo ""
+ cd build-$(buildname); \
+ $(RM_COMMAND) -f *.o lookups/*.o lookups/*.a auths/*.o auths/*.a \
+ routers/*.o routers/*.a transports/*.o transports/*.a \
+ pdkim/*.o pdkim/*.a
+
+clean_exim:; cd build-$(buildname); \
+ $(RM_COMMAND) -f *.o lookups/*.o lookups/*.a auths/*.o auths/*.a \
+ routers/*.o routers/*.a transports/*.o transports/*.a lookups/*.so
+
+distclean:; $(RM_COMMAND) -rf build-* cscope*
+
+cscope.files: FRC
+ echo "-q" > $@
+ echo "-p3" >> $@
+ find src Local OS exim_monitor -name "*.[cshyl]" -print \
+ -o -name "os.[ch]*" -print \
+ -o -name "*akefile*" -print \
+ -o -name config.h.defaults -print \
+ -o -name EDITME -print >> $@
+
+FRC:
+
+# End of top-level makefile
diff --git a/NOTICE b/NOTICE
new file mode 100644
index 0000000..b4a5c40
--- /dev/null
+++ b/NOTICE
@@ -0,0 +1,152 @@
+THE EXIM MAIL TRANSFER AGENT
+----------------------------
+
+Copyright (c) 2004 University of Cambridge
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+In addition, for the avoidance of any doubt, permission is granted to
+link this program with OpenSSL or any other library package and to
+(re)distribute the binaries produced as the result of such linking.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+UNSOLICITED EMAIL
+-----------------
+
+The use, supply or promotion of Exim for the purpose of sending bulk,
+unsolicited electronic mail is incompatible with the basic aims of the program,
+which revolve around the free provision of a service that enhances the quality
+of personal communications. The author of Exim regards indiscriminate
+mass-mailing as an antisocial, irresponsible abuse of the Internet.
+
+
+INCORPORATED CODE
+-----------------
+
+A number of pieces of external code are included in the Exim distribution.
+
+ . Support for the cdb (Constant DataBase) lookup method is provided by code
+ contributed by Nigel Metheringham of Planet Online Ltd. which contains
+ the following statements:
+ _________________________________________________________________________
+
+ Copyright (c) 1998 Nigel Metheringham, Planet Online Ltd
+
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ This code implements Dan Bernstein's Constant DataBase (cdb) spec.
+ Information, the spec and sample code for cdb can be obtained from
+ http://www.pobox.com/~djb/cdb.html. This implementation borrows some code
+ from Dan Bernstein's implementation (which has no license restrictions
+ applied to it).
+ _________________________________________________________________________
+
+ The implementation is completely contained within the code of Exim. It
+ does not link against an external cdb library.
+
+ . Client support for Microsoft's "Secure Password Authentication" is pro-
+ vided by code contributed by Marc Prud'hommeaux. Server support was
+ contributed by Tom Kistner. This includes code taken from the Samba
+ project, which is released under the Gnu GPL.
+
+
+ . Support for calling the Cyrus "pwcheck" and "saslauthd" daemons is
+ provided by code taken from the Cyrus-SASL library and adapted by
+ Alexander S. Sabourenkov. The permission notice appears below, in
+ accordance with the conditions expressed therein.
+
+ _________________________________________________________________________
+
+ Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. The name 'Carnegie Mellon University' must not be used to endorse or
+ promote products derived from this software without prior written
+ permission. For permission or any other legal details, please
+ contact
+
+ Office of Technology Transfer
+ Carnegie Mellon University
+ 5000 Forbes Avenue
+ Pittsburgh, PA 15213-3890
+ (412) 268-4387, fax: (412) 268-7395
+ tech-transfer@andrew.cmu.edu
+
+ 4. Redistributions of any form whatsoever must retain the following
+ acknowledgment:
+ This product includes software developed by Computing Services at
+ Carnegie Mellon University (http://www.cmu.edu/computing/).
+
+ CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
+ SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY
+ SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
+ RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
+ CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ _________________________________________________________________________
+
+
+ . The Exim Monitor program, which is an X-Window application, includes
+ modified versions of the Athena StripChart and TextPop widgets. This code
+ is copyright by DEC and MIT, and their permission notice appears below,
+ in accordance with the conditions expressed therein.
+
+ _________________________________________________________________________
+
+ Copyright 1987, 1988 by Digital Equipment Corporation, Maynard,
+ Massachusetts, and the Massachusetts Institute of Technology, Cambridge,
+ Massachusetts.
+
+ All Rights Reserved
+
+ Permission to use, copy, modify, and distribute this software and its
+ documentation for any purpose and without fee is hereby granted, provided
+ that the above copyright notice appear in all copies and that both that
+ copyright notice and this permission notice appear in supporting documen-
+ tation, and that the names of Digital or MIT not be used in advertising
+ or publicity pertaining to distribution of the software without specific,
+ written prior permission.
+
+ DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
+ ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
+ DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
+ ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+ WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ SOFTWARE.
+ _________________________________________________________________________
+
+
+ . Some of the code to support the use of maildirsize files for maildir
+ deliveries is taken from the Courier Imapd source code. This code is
+ released under the GPL.
+ _________________________________________________________________________
+
+--
+Philip Hazel University of Cambridge Computing Service,
diff --git a/OS/Makefile-Base b/OS/Makefile-Base
new file mode 100644
index 0000000..9eed7b0
--- /dev/null
+++ b/OS/Makefile-Base
@@ -0,0 +1,992 @@
+# This file is the basis of the main makefile for Exim and friends. The
+# makefile at the top level arranges to build the main makefile by calling
+# scripts/Configure-Makefile from within the build directory. This
+# concatenates the configuration settings from Local/Makefile and other,
+# optional, Local/* files at the front of this file, to create Makefile in the
+# build directory.
+#
+# Copyright (c) The Exim Maintainers 1995 - 2018
+# Copyright (c) The Exim Maintainers 2020
+
+SHELL = $(MAKE_SHELL)
+SCRIPTS = ../scripts
+O = ../OS
+EDITME = ../Local/Makefile
+EXIMON_EDITME = ../Local/eximon.conf
+
+# The compiler used for linking is normally the same as the compiler used for
+# compiling. However, by giving it a different name, we can override it from
+# the command line, and this is helpful for certain types of testing.
+
+LNCC = $(CC)
+
+# The compile commands can be very long. To make the output look better,
+# they are not normally echoed in full. To get full echoing, the caller
+# must set FULLECHO='' on the command line and call make with -e. We default
+# FULLECHO to '@' to suppress the full echo. Then define an abbreviation.
+
+FULLECHO = @
+FE = $(FULLECHO)
+
+# The default target double-checks the existence of $(EDITME) and then arranges
+# to touch it if it exists and any of the optional configuration files, which
+# depend on the os or the architecture, have been altered. The same sub-target
+# does the same thing for the eximon configuration file if it exists. Then
+# there is a check that the Makefile (the one built from this file) is
+# up-to-date. Then the os-specific source files and the C configuration file
+# are set up, and finally it goes to the main Exim target.
+
+all: utils exim
+config: $(EDITME) checklocalmake Makefile os.c config.h version.h version.sh macro.c
+
+checklocalmake:
+ @if $(SHELL) $(SCRIPTS)/newer $(EDITME)-$(OSTYPE) $(EDITME) || \
+ $(SHELL) $(SCRIPTS)/newer $(EDITME)-$(ARCHTYPE) $(EDITME) || \
+ $(SHELL) $(SCRIPTS)/newer $(EDITME)-$(OSTYPE)-$(ARCHTYPE) $(EDITME); \
+ then \
+ touch $(EDITME); \
+ fi
+ @if $(SHELL) $(SCRIPTS)/newer $(EXIMON_EDITME)-$(OSTYPE) $(EXIMON_EDITME) || \
+ $(SHELL) $(SCRIPTS)/newer $(EXIMON_EDITME)-$(ARCHTYPE) $(EXIMON_EDITME) || \
+ $(SHELL) $(SCRIPTS)/newer $(EXIMON_EDITME)-$(OSTYPE)-$(ARCHTYPE) $(EXIMON_EDITME); \
+ then \
+ if [ -f $(EXIMON_EDITME) ]; then touch $(EXIMON_EDITME); fi \
+ fi
+
+$(EDITME):
+ @echo " "
+ @echo "*** Please create Local/Makefile by copying src/EDITME and making"
+ @echo "*** appropriate changes for your site."
+ @echo " "
+ @false
+
+$(EXIMON_EDITME):
+ @echo " "
+ @echo "*** Please create Local/eximon.conf by copying exim_monitor/EDITME and making"
+ @echo "*** appropriate changes for your site."
+ @echo " "
+ @test ! -d ../Local && mkdir ../Local
+ @false
+
+# Check that the local Makefile is up-to-date
+
+Makefile: ../OS/Makefile-Base ../OS/Makefile-Default \
+ $(SCRIPTS)/Configure $(SCRIPTS)/Configure-Makefile $(EDITME)
+ @echo " "
+ @echo "*** Makefile needs rebuilding"
+ @echo "*** Please run \"make makefile\" at top level"
+ @echo " "
+ @false
+
+# Build (link) the os.h file
+
+os.h: $(SCRIPTS)/Configure-os.h \
+ $(O)/os.h-Darwin \
+ $(O)/os.h-FreeBSD \
+ $(O)/os.h-GNU \
+ $(O)/os.h-Linux \
+ $(O)/os.h-OpenBSD \
+ $(O)/os.h-SunOS5
+ $(SHELL) $(SCRIPTS)/Configure-os.h
+
+# Build the os.c file
+
+os.c: ../src/os.c \
+ $(SCRIPTS)/Configure-os.c \
+ $(O)/os.c-FreeBSD \
+ $(O)/os.c-GNU \
+ $(O)/os.c-Linux \
+ $(O)/os.c-SunOS5
+ $(SHELL) $(SCRIPTS)/Configure-os.c
+
+# Build the config.h file.
+
+config.h: Makefile buildconfig ../src/config.h.defaults $(EDITME)
+ $(SHELL) $(SCRIPTS)/Configure-config.h "$(MAKE)"
+
+# Build the builtin-macros data struct
+
+MACRO_HSRC = macro_predef.h os.h globals.h config.h macros.h \
+ routers/accept.h routers/dnslookup.h routers/ipliteral.h \
+ routers/iplookup.h routers/manualroute.h routers/queryprogram.h \
+ routers/redirect.h
+
+OBJ_MACRO = macro_predef.o \
+ macro-globals.o macro-readconf.o macro-route.o macro-transport.o macro-drtables.o \
+ macro-tls.o \
+ macro-appendfile.o macro-autoreply.o macro-lmtp.o macro-pipe.o macro-queuefile.o \
+ macro-smtp.o macro-accept.o macro-dnslookup.o macro-ipliteral.o macro-iplookup.o \
+ macro-manualroute.o macro-queryprogram.o macro-redirect.o \
+ macro-auth-spa.o macro-cram_md5.o macro-cyrus_sasl.o macro-dovecot.o macro-gsasl_exim.o \
+ macro-heimdal_gssapi.o macro-plaintext.o macro-spa.o macro-authtls.o macro-external.o \
+ macro-dkim.o macro-malware.o macro-signing.o
+
+$(OBJ_MACRO): $(MACRO_HSRC)
+
+macro_predef.o : macro_predef.c
+ @echo "$(CC) -DMACRO_PREDEF macro_predef.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ macro_predef.c
+macro-globals.o : globals.c
+ @echo "$(CC) -DMACRO_PREDEF globals.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ globals.c
+macro-readconf.o : readconf.c
+ @echo "$(CC) -DMACRO_PREDEF readconf.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ readconf.c
+macro-route.o : route.c
+ @echo "$(CC) -DMACRO_PREDEF route.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ route.c
+macro-transport.o: transport.c
+ @echo "$(CC) -DMACRO_PREDEF transport.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transport.c
+macro-drtables.o : drtables.c
+ @echo "$(CC) -DMACRO_PREDEF drtables.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ drtables.c
+macro-tls.o: tls.c tls-gnu.c tls-openssl.c
+ @echo "$(CC) -DMACRO_PREDEF tls.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ tls.c
+macro-appendfile.o : transports/appendfile.c
+ @echo "$(CC) -DMACRO_PREDEF transports/appendfile.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/appendfile.c
+macro-autoreply.o : transports/autoreply.c
+ @echo "$(CC) -DMACRO_PREDEF transports/autoreply.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/autoreply.c
+macro-lmtp.o: transports/lmtp.c
+ @echo "$(CC) -DMACRO_PREDEF transports/lmtp.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/lmtp.c
+macro-pipe.o : transports/pipe.c
+ @echo "$(CC) -DMACRO_PREDEF transports/pipe.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/pipe.c
+macro-queuefile.o : transports/queuefile.c
+ @echo "$(CC) -DMACRO_PREDEF transports/queuefile.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/queuefile.c
+macro-smtp.o : transports/smtp.c
+ @echo "$(CC) -DMACRO_PREDEF transports/smtp.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/smtp.c
+macro-accept.o : routers/accept.c
+ @echo "$(CC) -DMACRO_PREDEF routers/accept.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/accept.c
+macro-dnslookup.o : routers/dnslookup.c
+ @echo "$(CC) -DMACRO_PREDEF routers/dnslookup.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/dnslookup.c
+macro-ipliteral.o : routers/ipliteral.c
+ @echo "$(CC) -DMACRO_PREDEF routers/ipliteral.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/ipliteral.c
+macro-iplookup.o : routers/iplookup.c
+ @echo "$(CC) -DMACRO_PREDEF routers/iplookup.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/iplookup.c
+macro-manualroute.o : routers/manualroute.c
+ @echo "$(CC) -DMACRO_PREDEF routers/manualroute.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/manualroute.c
+macro-queryprogram.o : routers/queryprogram.c
+ @echo "$(CC) -DMACRO_PREDEF routers/queryprogram.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/queryprogram.c
+macro-redirect.o : routers/redirect.c
+ @echo "$(CC) -DMACRO_PREDEF routers/redirect.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/redirect.c
+macro-auth-spa.o : auths/auth-spa.c
+ @echo "$(CC) -DMACRO_PREDEF auths/auth-spa.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/auth-spa.c
+macro-cram_md5.o : auths/cram_md5.c
+ @echo "$(CC) -DMACRO_PREDEF auths/cram_md5.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/cram_md5.c
+macro-cyrus_sasl.o : auths/cyrus_sasl.c
+ @echo "$(CC) -DMACRO_PREDEF auths/cyrus_sasl.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/cyrus_sasl.c
+macro-dovecot.o: auths/dovecot.c
+ @echo "$(CC) -DMACRO_PREDEF auths/dovecot.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/dovecot.c
+macro-external.o: auths/external.c
+ @echo "$(CC) -DMACRO_PREDEF auths/external.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/external.c
+macro-gsasl_exim.o : auths/gsasl_exim.c
+ @echo "$(CC) -DMACRO_PREDEF auths/gsasl_exim.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/gsasl_exim.c
+macro-heimdal_gssapi.o: auths/heimdal_gssapi.c
+ @echo "$(CC) -DMACRO_PREDEF auths/heimdal_gssapi.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/heimdal_gssapi.c
+macro-plaintext.o : auths/plaintext.c
+ @echo "$(CC) -DMACRO_PREDEF auths/plaintext.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/plaintext.c
+macro-spa.o : auths/spa.c
+ @echo "$(CC) -DMACRO_PREDEF auths/spa.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/spa.c
+macro-authtls.o: auths/tls.c
+ @echo "$(CC) -DMACRO_PREDEF auths/tls.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/tls.c
+macro-dkim.o: dkim.c
+ @echo "$(CC) -DMACRO_PREDEF dkim.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ dkim.c
+macro-malware.o: malware.c
+ @echo "$(CC) -DMACRO_PREDEF malware.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ malware.c
+macro-signing.o: pdkim/signing.c
+ @echo "$(CC) -DMACRO_PREDEF pdkim/signing.c"
+ $(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ pdkim/signing.c
+
+macro_predef: $(OBJ_MACRO)
+ @echo "$(LNCC) -o $@"
+ $(FE)$(LNCC) -o $@ $(LFLAGS) $(OBJ_MACRO)
+
+macro.c: macro_predef
+ ./macro_predef > macro.c
+
+# This target is recognized specially by GNU make. It records those targets
+# that do not correspond to files that are being built and which should
+# therefore always be run, even if the files exist. This shouldn't in fact be a
+# problem, but it does no harm. Other make programs will just ignore this.
+
+.PHONY: all config utils \
+ buildauths buildlookups buildpdkim buildrouters \
+ buildtransports checklocalmake clean
+
+
+utils: $(EXIM_MONITOR) exicyclog exinext exiwhat \
+ exigrep eximstats exipick exiqgrep exiqsumm \
+ transport-filter.pl convert4r3 convert4r4 \
+ exim_checkaccess \
+ exim_dbmbuild exim_dumpdb exim_fixdb exim_tidydb exim_lock
+
+
+# Targets for special-purpose configuration header builders
+buildconfig: buildconfig.c
+ @echo "$(CC) buildconfig.c"
+ $(FE)$(CC) $(CFLAGS) $(INCLUDE) -o buildconfig buildconfig.c $(LIBS)
+
+
+# Target for the exicyclog utility script
+exicyclog: config ../src/exicyclog.src
+ @rm -f exicyclog
+ @. ./version.sh && sed \
+ -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+ -e "/^# /p" \
+ -e "/^# /d" \
+ -e "s?CONFIGURE_FILE_USE_NODE?$(CONFIGURE_FILE_USE_NODE)?" \
+ -e "s?CONFIGURE_FILE_USE_EUID?$(CONFIGURE_FILE_USE_EUID)?" \
+ -e "s?CONFIGURE_FILE?$(CONFIGURE_FILE)?" \
+ -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+ -e "s?EXICYCLOG_MAX?$(EXICYCLOG_MAX)?" \
+ -e "s?COMPRESS_COMMAND?$(COMPRESS_COMMAND)?" \
+ -e "s?COMPRESS_SUFFIX?$(COMPRESS_SUFFIX)?" \
+ -e "s?CHGRP_COMMAND?$(CHGRP_COMMAND)?" \
+ -e "s?CHMOD_COMMAND?$(CHMOD_COMMAND)?" \
+ -e "s?CHOWN_COMMAND?$(CHOWN_COMMAND)?" \
+ -e "s?MV_COMMAND?$(MV_COMMAND)?" \
+ -e "s?RM_COMMAND?$(RM_COMMAND)?" \
+ -e "s?TOUCH_COMMAND?$(TOUCH_COMMAND)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/exicyclog.src > exicyclog-t
+ @mv exicyclog-t exicyclog
+ @chmod a+x exicyclog
+ @echo ">>> exicyclog script built"
+
+# Target for the exinext utility script
+exinext: config ../src/exinext.src
+ @rm -f exinext
+ @. ./version.sh && sed \
+ -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+ -e "/^# /p" \
+ -e "/^# /d" \
+ -e "s?CONFIGURE_FILE_USE_NODE?$(CONFIGURE_FILE_USE_NODE)?" \
+ -e "s?CONFIGURE_FILE?$(CONFIGURE_FILE)?" \
+ -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/exinext.src > exinext-t
+ @mv exinext-t exinext
+ @chmod a+x exinext
+ @echo ">>> exinext script built"
+
+# Target for the exiwhat utility script
+exiwhat: config ../src/exiwhat.src
+ @rm -f exiwhat
+ @. ./version.sh && sed \
+ -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+ -e "/^# /p" \
+ -e "/^# /d" \
+ -e "s?CONFIGURE_FILE_USE_NODE?$(CONFIGURE_FILE_USE_NODE)?" \
+ -e "s?CONFIGURE_FILE?$(CONFIGURE_FILE)?" \
+ -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+ -e "s?EXIWHAT_PS_CMD?$(EXIWHAT_PS_CMD)?" \
+ -e "s?EXIWHAT_PS_ARG?$(EXIWHAT_PS_ARG)?" \
+ -e "s?EXIWHAT_KILL_SIGNAL?$(EXIWHAT_KILL_SIGNAL)?" \
+ -e "s?EXIWHAT_EGREP_ARG?$(EXIWHAT_EGREP_ARG)?" \
+ -e "s?EXIWHAT_MULTIKILL_CMD?$(EXIWHAT_MULTIKILL_CMD)?" \
+ -e "s?EXIWHAT_MULTIKILL_ARG?$(EXIWHAT_MULTIKILL_ARG)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ -e "s?RM_COMMAND?$(RM_COMMAND)?" \
+ ../src/exiwhat.src > exiwhat-t
+ @mv exiwhat-t exiwhat
+ @chmod a+x exiwhat
+ @echo ">>> exiwhat script built"
+
+# Target for the exim_checkaccess utility script
+exim_checkaccess: config ../src/exim_checkaccess.src
+ @rm -f exim_checkaccess
+ @. ./version.sh && sed \
+ -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+ -e "/^# /p" \
+ -e "/^# /d" \
+ -e "s?CONFIGURE_FILE_USE_NODE?$(CONFIGURE_FILE_USE_NODE)?" \
+ -e "s?CONFIGURE_FILE?$(CONFIGURE_FILE)?" \
+ -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+ -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/exim_checkaccess.src > exim_checkaccess-t
+ @mv exim_checkaccess-t exim_checkaccess
+ @chmod a+x exim_checkaccess
+ @echo ">>> exim_checkaccess script built"; echo ""
+
+# Target for the Exim monitor start-up script
+eximon: config ../src/eximon.src ../OS/eximon.conf-Default \
+ ../Local/eximon.conf
+ @rm -f eximon
+ $(SHELL) $(SCRIPTS)/Configure-eximon
+ @. ./version.sh && sed \
+ -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+ -e "/^# /p" \
+ -e "/^# /d" \
+ -e "s?CONFIGURE_FILE_USE_NODE?$(CONFIGURE_FILE_USE_NODE)?" \
+ -e "s?CONFIGURE_FILE?$(CONFIGURE_FILE)?" \
+ -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+ -e "s?BASENAME_COMMAND?$(BASENAME_COMMAND)?" \
+ -e "s?HOSTNAME_COMMAND?$(HOSTNAME_COMMAND)?" \
+ -e "s?X11_LD_LIBRARY?$(X11_LD_LIB)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/eximon.src >> eximon
+ @echo ">>> eximon script built"; echo ""
+
+# Targets for utilities; these are all Perl scripts that have to get the
+# location of Perl put in them. A few need other things as well.
+
+exigrep: config ../src/exigrep.src
+ @rm -f exigrep
+ @. ./version.sh && sed \
+ -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+ -e "/^# /p" \
+ -e "/^# /d" \
+ -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+ -e "s?ZCAT_COMMAND?$(ZCAT_COMMAND)?" \
+ -e "s?COMPRESS_SUFFIX?$(COMPRESS_SUFFIX)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/exigrep.src > exigrep-t
+ @mv exigrep-t exigrep
+ @chmod a+x exigrep
+ @echo ">>> exigrep script built"
+
+eximstats: config ../src/eximstats.src
+ @rm -f eximstats
+ @. ./version.sh && sed \
+ -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/eximstats.src > eximstats-t
+ @mv eximstats-t eximstats
+ @chmod a+x eximstats
+ @echo ">>> eximstats script built"
+
+exiqgrep: config ../src/exiqgrep.src
+ @rm -f exiqgrep
+ @. ./version.sh && sed \
+ -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+ -e "/^# /p" \
+ -e "/^# /d" \
+ -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+ -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/exiqgrep.src > exiqgrep-t
+ @mv exiqgrep-t exiqgrep
+ @chmod a+x exiqgrep
+ @echo ">>> exiqgrep script built"
+
+exiqsumm: config ../src/exiqsumm.src
+ @rm -f exiqsumm
+ @. ./version.sh && sed \
+ -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/exiqsumm.src > exiqsumm-t
+ @mv exiqsumm-t exiqsumm
+ @chmod a+x exiqsumm
+ @echo ">>> exiqsumm script built"
+
+exipick: config ../src/exipick.src
+ @rm -f exipick
+ @. ./version.sh && sed \
+ -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+ -e "s?SPOOL_DIRECTORY?$(SPOOL_DIRECTORY)?" \
+ -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/exipick.src > exipick-t
+ @mv exipick-t exipick
+ @chmod a+x exipick
+ @echo ">>> exipick script built"
+
+transport-filter.pl: config ../src/transport-filter.src
+ @rm -f transport-filter.pl
+ @. ./version.sh && sed \
+ -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/transport-filter.src > transport-filter.pl-t
+ @mv transport-filter.pl-t transport-filter.pl
+ @chmod a+x transport-filter.pl
+ @echo ">>> transport-filter.pl script built"
+
+convert4r3: config ../src/convert4r3.src
+ @rm -f convert4r3
+ @. ./version.sh && sed \
+ -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/convert4r3.src > convert4r3-t
+ @mv convert4r3-t convert4r3
+ @chmod a+x convert4r3
+ @echo ">>> convert4r3 script built"
+
+convert4r4: config ../src/convert4r4.src
+ @rm -f convert4r4
+ @. ./version.sh && sed \
+ -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+ -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+ -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+ ../src/convert4r4.src > convert4r4-t
+ @mv convert4r4-t convert4r4
+ @chmod a+x convert4r4
+ @echo ">>> convert4r4 script built"
+
+
+# These are objects of optional features. They are always compiled, but
+# if the corresponding #defines are not set, they wind up empty and
+# are thrown away by the linker.
+
+OBJ_WITH_CONTENT_SCAN = malware.o mime.o regex.o spam.o spool_mbox.o
+OBJ_EXPERIMENTAL = arc.o \
+ bmi_spam.o \
+ dane.o \
+ dcc.o \
+ dmarc.o \
+ imap_utf7.o \
+ spf.o \
+ srs.o \
+ utf8.o
+
+# Targets for final binaries; the main one has a build number which is
+# updated each time. We don't bother with that for the auxiliaries.
+
+OBJ_LOOKUPS = lookups/lf_quote.o lookups/lf_check_file.o lookups/lf_sqlperform.o
+
+OBJ_EXIM = acl.o base64.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \
+ directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \
+ filtertest.o globals.o dkim.o dkim_transport.o hash.o \
+ header.o host.o ip.o log.o lss.o match.o md5.o moan.o \
+ os.o parse.o queue.o \
+ rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \
+ route.o search.o sieve.o smtp_in.o smtp_out.o spool_in.o spool_out.o \
+ std-crypto.o store.o string.o tls.o tod.o transport.o tree.o verify.o \
+ environment.o macro.o \
+ $(OBJ_LOOKUPS) \
+ local_scan.o $(EXIM_PERL) $(OBJ_WITH_CONTENT_SCAN) \
+ $(OBJ_EXPERIMENTAL)
+
+exim: buildlookups buildauths pdkim/pdkim.a \
+ buildrouters buildtransports \
+ $(OBJ_EXIM) version.o
+ @echo "$(LNCC) -o exim"
+ $(FE)$(PURIFY) $(LNCC) -o exim $(LFLAGS) $(OBJ_EXIM) version.o \
+ routers/routers.a transports/transports.a lookups/lookups.a \
+ auths/auths.a pdkim/pdkim.a \
+ $(LIBRESOLV) $(LIBS) $(LIBS_EXIM) $(IPV6_LIBS) $(EXTRALIBS) \
+ $(EXTRALIBS_EXIM) $(DBMLIB) $(LOOKUP_LIBS) $(AUTH_LIBS) \
+ $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LDFLAGS)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim; \
+ $(STRIP_COMMAND) exim; \
+ fi
+ $(EXIM_CHMOD)
+ @echo " "
+ @echo ">>> exim binary built"
+ @echo " "
+
+# The utility for dumping the contents of an exim database
+
+OBJ_DUMPDB = exim_dumpdb.o util-os.o util-store.o
+
+exim_dumpdb: $(OBJ_DUMPDB)
+ @echo "$(LNCC) -o exim_dumpdb"
+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LFLAGS) $(OBJ_DUMPDB) \
+ $(LIBS) $(EXTRALIBS) $(DBMLIB)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim_dumpdb; \
+ $(STRIP_COMMAND) exim_dumpdb; \
+ fi
+ @echo ">>> exim_dumpdb utility built"
+ @echo " "
+
+# The utility for interrogating/fixing the contents of an exim database
+
+OBJ_FIXDB = exim_fixdb.o util-os.o util-store.o util-md5.o
+
+exim_fixdb: $(OBJ_FIXDB)
+ @echo "$(LNCC) -o exim_fixdb"
+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LFLAGS) $(OBJ_FIXDB) \
+ $(LIBS) $(EXTRALIBS) $(DBMLIB)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim_fixdb; \
+ $(STRIP_COMMAND) exim_fixdb; \
+ fi
+ @echo ">>> exim_fixdb utility built"
+ @echo " "
+
+# The utility for tidying the contents of an exim database
+
+OBJ_TIDYDB = exim_tidydb.o util-os.o util-store.o
+
+exim_tidydb: $(OBJ_TIDYDB)
+ @echo "$(LNCC) -o exim_tidydb"
+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LFLAGS) $(OBJ_TIDYDB) \
+ $(LIBS) $(EXTRALIBS) $(DBMLIB)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim_tidydb; \
+ $(STRIP_COMMAND) exim_tidydb; \
+ fi
+ @echo ">>> exim_tidydb utility built"
+ @echo " "
+
+# The utility for building dbm files
+
+exim_dbmbuild: exim_dbmbuild.o
+ @echo "$(LNCC) -o exim_dbmbuild"
+ $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \
+ $(LIBS) $(EXTRALIBS) $(DBMLIB)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim_dbmbuild; \
+ $(STRIP_COMMAND) exim_dbmbuild; \
+ fi
+ @echo ">>> exim_dbmbuild utility built"
+ @echo " "
+
+# The utility for locking a mailbox while messing around with it
+
+exim_lock: exim_lock.c os.h
+ @echo "$(CC) exim_lock.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c
+ @echo "$(LNCC) -o exim_lock"
+ $(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o \
+ $(LIBS) $(EXTRALIBS)
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) exim_lock; \
+ $(STRIP_COMMAND) exim_lock; \
+ fi
+ @echo ">>> exim_lock utility built"
+ @echo " "
+
+# The X-based Exim monitor program's binary part. There's a macro for cutting
+# out the modified TextPop module, because some antique link editors cannot
+# handle the fact that it is redefining things that are found later in the
+# Xaw library.
+
+# Object modules that are the unique Eximon modules
+
+MONBIN = em_StripChart.o $(EXIMON_TEXTPOP) em_globals.o em_init.o \
+ em_log.o em_main.o em_menu.o em_queue.o em_strip.o \
+ em_text.o em_xs.o
+
+# The complete modules list also includes some specially compiled versions of
+# code from the main Exim source tree.
+
+OBJ_MONBIN = util-spool_in.o \
+ util-store.o \
+ util-string.o \
+ util-queue.o \
+ util-tod.o \
+ util-tree.o \
+ $(MONBIN)
+
+eximon.bin: $(EXIMON_EDITME) eximon $(OBJ_MONBIN) ../exim_monitor/em_version.c \
+ mytypes.h store.h macros.h
+ @echo "$(CC) exim_monitor/em_version.c"
+ $(FE)$(CC) -o em_version.o -c \
+ $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c
+ @echo "$(LNCC) -o eximon.bin"
+ $(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LFLAGS) $(XLFLAGS) \
+ $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \
+ $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc
+ @if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+ echo $(STRIP_COMMAND) eximon.bin; \
+ $(STRIP_COMMAND) eximon.bin; \
+ fi
+ @echo ">>> exim monitor binary built"
+ @echo " "
+
+
+# Compile step for most of the exim modules. HDRS is a list of headers
+# which cause everything to be rebuilt. PHDRS is the same, for the use
+# of routers, transports, and authenticators. I can't find a way of doing this
+# in one. This list is overkill, but it doesn't really take much time to
+# rebuild Exim on a modern computer.
+
+HDRS = blob.h \
+ config.h \
+ dbfunctions.h \
+ dbstuff.h \
+ exim.h \
+ functions.h \
+ globals.h \
+ hash.h \
+ local_scan.h \
+ macros.h \
+ mytypes.h \
+ sha_ver.h \
+ structs.h \
+ os.h
+PHDRS = ../config.h \
+ ../dbfunctions.h \
+ ../dbstuff.h \
+ ../exim.h \
+ ../functions.h \
+ ../globals.h \
+ ../local_scan.h \
+ ../macros.h \
+ ../mytypes.h \
+ ../structs.h \
+ ../os.h
+
+.SUFFIXES: .o .c
+.c.o:; @echo "$(CC) $*.c"
+ $(FE)$(CC) -c $(CFLAGS) -I. $(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE) $*.c
+
+# Update Exim's version information and build the version object. The dependency
+# chain here avoids problems under parallel-make.
+
+version.sh:
+ @../scripts/reversion
+
+version.h: version.sh
+
+cnumber.h: version.h
+
+version.o: $(HDRS) cnumber.h version.h version.c
+
+# This is the dummy module for use by test compiles of individual modules. It
+# contains functions such as log_write() that may be called from bits of Exim
+# in the tested code.
+
+dummies.o: dummies.c
+
+# Compile instructions for perl.o for when EXIM_PERL is set
+
+perl.o: $(HDRS) perl.c
+ @echo "$(PERL_CC) perl.c"
+ $(FE)$(PERL_CC) $(PERL_CCOPTS) $(CFLAGS) $(INCLUDE) -c perl.c
+
+# Compile instructions for the database utility modules
+
+exim_dumpdb.o: $(HDRS) exim_dbutil.c
+ @echo "$(CC) -DEXIM_DUMPDB exim_dbutil.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) \
+ -DCOMPILE_UTILITY \
+ -DEXIM_DUMPDB \
+ -o exim_dumpdb.o exim_dbutil.c
+
+exim_fixdb.o: $(HDRS) exim_dbutil.c
+ @echo "$(CC) -DEXIM_FIXDB exim_dbutil.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) \
+ -DCOMPILE_UTILITY \
+ -DEXIM_FIXDB \
+ -o exim_fixdb.o exim_dbutil.c
+
+exim_tidydb.o: $(HDRS) exim_dbutil.c
+ @echo "$(CC) -DEXIM_TIDYDB exim_dbutil.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) \
+ -DCOMPILE_UTILITY \
+ -DEXIM_TIDYDB \
+ -o exim_tidydb.o exim_dbutil.c
+
+# Compile instructions for exim_dbmbuild
+
+exim_dbmbuild.o: $(HDRS) exim_dbmbuild.c
+ @echo "$(CC) exim_dbmbuild.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY \
+ -o exim_dbmbuild.o exim_dbmbuild.c
+
+# Utilities use special versions of some modules - typically with debugging
+# calls cut out.
+
+util-spool_in.o: $(HDRS) spool_in.c
+ @echo "$(CC) -DCOMPILE_UTILITY spool_in.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-spool_in.o spool_in.c
+
+util-store.o: $(HDRS) store.c
+ @echo "$(CC) -DCOMPILE_UTILITY store.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-store.o store.c
+
+util-string.o: $(HDRS) string.c
+ @echo "$(CC) -DCOMPILE_UTILITY string.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-string.o string.c
+
+util-md5.o: $(HDRS) md5.c
+ @echo "$(CC) -DCOMPILE_UTILITY queue.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-md5.o md5.c
+
+util-queue.o: $(HDRS) queue.c
+ @echo "$(CC) -DCOMPILE_UTILITY queue.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-queue.o queue.c
+
+util-tod.o: $(HDRS) tod.c
+ @echo "$(CC) -DCOMPILE_UTILITY tod.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-tod.o tod.c
+
+util-tree.o: $(HDRS) tree.c
+ @echo "$(CC) -DCOMPILE_UTILITY tree.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-tree.o tree.c
+
+util-os.o: $(HDRS) os.c
+ @echo "$(CC) -DCOMPILE_UTILITY os.c"
+ $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) \
+ -DCOMPILE_UTILITY \
+ -DOS_LOAD_AVERAGE \
+ -DFIND_RUNNING_INTERFACES \
+ -o util-os.o os.c
+
+# The local scan module depends only on its own special header, and is compiled
+# from a source whose location is set by configuration.
+
+local_scan.o: config local_scan.h ../$(LOCAL_SCAN_SOURCE)
+ @echo "$(CC) local_scan.c"
+ $(FE)$(CC) -DLOCAL_SCAN -c $(CFLAGS) -I. $(INCLUDE) -o local_scan.o ../$(LOCAL_SCAN_SOURCE)
+
+# Dependencies for the "ordinary" exim modules
+
+acl.o: $(HDRS) acl.c
+base64.o: $(HDRS) mime.h base64.c
+child.o: $(HDRS) child.c
+crypt16.o: $(HDRS) crypt16.c
+daemon.o: $(HDRS) daemon.c
+dbfn.o: $(HDRS) dbfn.c
+debug.o: $(HDRS) debug.c
+deliver.o: $(HDRS) transports/smtp.h deliver.c
+directory.o: $(HDRS) directory.c
+dns.o: $(HDRS) dns.c
+enq.o: $(HDRS) enq.c
+exim.o: $(HDRS) exim.c
+expand.o: $(HDRS) expand.c
+environment.o: $(HDRS) environment.c
+filter.o: $(HDRS) filter.c
+filtertest.o: $(HDRS) filtertest.c
+globals.o: $(HDRS) globals.c
+hash.o: $(HDRS) hash.c
+header.o: $(HDRS) header.c
+host.o: $(HDRS) host.c
+ip.o: $(HDRS) ip.c
+log.o: $(HDRS) log.c
+lss.o: $(HDRS) lss.c
+match.o: $(HDRS) match.c
+md5.o: $(HDRS) md5.c
+moan.o: $(HDRS) moan.c
+os.o: $(HDRS) $(OS_C_INCLUDES) os.c
+parse.o: $(HDRS) parse.c
+queue.o: $(HDRS) queue.c
+rda.o: $(HDRS) rda.c
+readconf.o: $(HDRS) readconf.c
+receive.o: $(HDRS) receive.c
+retry.o: $(HDRS) retry.c
+rewrite.o: $(HDRS) rewrite.c
+rfc2047.o: $(HDRS) rfc2047.c
+route.o: $(HDRS) route.c
+search.o: $(HDRS) search.c
+sieve.o: $(HDRS) sieve.c
+smtp_in.o: $(HDRS) smtp_in.c
+smtp_out.o: $(HDRS) smtp_out.c
+spool_in.o: $(HDRS) spool_in.c
+spool_out.o: $(HDRS) spool_out.c
+std-crypto.o: $(HDRS) std-crypto.c
+store.o: $(HDRS) store.c
+string.o: $(HDRS) string.c
+tls.o: $(HDRS) tls.c \
+ tls-gnu.c tlscert-gnu.c \
+ tls-openssl.c tlscert-openssl.c \
+ tls-cipher-stdname.c
+tod.o: $(HDRS) tod.c
+transport.o: $(HDRS) transport.c
+tree.o: $(HDRS) tree.c
+verify.o: $(HDRS) transports/smtp.h verify.c
+dkim.o: $(HDRS) pdkim/pdkim.h dkim.c
+dkim_transport.o: $(HDRS) dkim_transport.c
+
+# Dependencies for WITH_CONTENT_SCAN modules
+
+malware.o: $(HDRS) malware.c
+mime.o: $(HDRS) mime.h mime.c
+regex.o: $(HDRS) regex.c
+spam.o: $(HDRS) spam.c
+spool_mbox.o: $(HDRS) spool_mbox.c
+
+
+# Dependencies for EXPERIMENTAL_* modules
+
+arc.o: $(HDRS) pdkim/pdkim.h arc.c
+bmi_spam.o: $(HDRS) bmi_spam.c
+dane.o: $(HDRS) dane.c dane-openssl.c
+dcc.o: $(HDRS) dcc.h dcc.c
+dmarc.o: $(HDRS) pdkim/pdkim.h dmarc.h dmarc.c
+imap_utf7.o: $(HDRS) imap_utf7.c
+spf.o: $(HDRS) spf.h spf.c
+srs.o: $(HDRS) srs.h srs.c
+utf8.o: $(HDRS) utf8.c
+
+# The module containing tables of available lookups, routers, auths, and
+# transports must be rebuilt if any of them are. However, because the makefiles
+# for the drivers are always run, we don't actually put the dependencies here,
+# because if we do, some version of "make" (e.g. IRIX) insist on rebuilding
+# drtables.o even though the .a files haven't in fact been updated. Instead
+# it is arranged that the lower-level makefiles remove drtables.o when they
+# rebuild the .a files.
+
+drtables.o: $(HDRS) drtables.c
+
+# We depend upon object files built as part of building the lookups library
+# When using parallel make, we don't have the dependency to force building
+# in the sub-directory unless we force that dependency:
+
+$(OBJ_LOOKUPS): buildlookups
+
+# The exim monitor's private modules - the sources live in a private
+# subdirectory. The final binary combines the private modules with some
+# modules from the main exim binary.
+
+em_StripChart.o: ../exim_monitor/em_StripChart.c
+em_TextPop.o: ../exim_monitor/em_TextPop.c
+em_globals.o: ../exim_monitor/em_globals.c ../exim_monitor/em_hdr.h
+em_init.o: ../exim_monitor/em_init.c ../exim_monitor/em_hdr.h
+em_log.o: ../exim_monitor/em_log.c ../exim_monitor/em_hdr.h
+em_main.o: ../exim_monitor/em_main.c ../exim_monitor/em_hdr.h
+em_menu.o: ../exim_monitor/em_menu.c ../exim_monitor/em_hdr.h
+em_queue.o: ../exim_monitor/em_queue.c ../exim_monitor/em_hdr.h
+em_strip.o: ../exim_monitor/em_strip.c ../exim_monitor/em_hdr.h
+em_text.o: ../exim_monitor/em_text.c ../exim_monitor/em_hdr.h
+em_xs.o: ../exim_monitor/em_xs.c ../exim_monitor/em_hdr.h
+em_version.o: ../exim_monitor/em_version.c ../exim_monitor/em_hdr.h
+$(MONBIN): $(HDRS)
+ @echo "$(CC) exim_monitor/$(@:.o=.c)"
+ $(FE)$(CC) -o $@ -c $(CFLAGS) -DCOMPILE_UTILITY -I. -I../exim_monitor $(INCLUDE) $(XINCLUDE) \
+ ../exim_monitor/$(@:.o=.c)
+
+
+# Targets for the various libraries that Exim uses.
+
+# The lookups library.
+
+buildlookups: config
+ @cd lookups && $(MAKE) SHELL=$(SHELL) AR="$(AR)" $(MFLAGS) CC="$(CC)" CFLAGS="$(CFLAGS)" \
+ CFLAGS_DYNAMIC="$(CFLAGS_DYNAMIC)" HDRS="../version.h $(PHDRS)" \
+ FE="$(FE)" RANLIB="$(RANLIB)" RM_COMMAND="$(RM_COMMAND)" \
+ INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE) $(LOOKUP_INCLUDE)"
+ @echo " "
+
+# The routers library.
+
+buildrouters: config
+ @cd routers && $(MAKE) SHELL=$(SHELL) AR="$(AR)" $(MFLAGS) CC="$(CC)" CFLAGS="$(CFLAGS)" \
+ FE="$(FE)" RANLIB="$(RANLIB)" RM_COMMAND="$(RM_COMMAND)" HDRS="$(PHDRS)" \
+ INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE)"
+ @echo " "
+
+# The transports library.
+
+buildtransports: config
+ @cd transports && $(MAKE) SHELL=$(SHELL) AR="$(AR)" $(MFLAGS) CC="$(CC)" CFLAGS="$(CFLAGS)" \
+ FE="$(FE)" RANLIB="$(RANLIB)" RM_COMMAND="$(RM_COMMAND)" HDRS="$(PHDRS)" \
+ INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE)"
+ @echo " "
+
+# The library of authorization modules
+
+buildauths: config
+ @cd auths && $(MAKE) SHELL=$(SHELL) AR="$(AR)" $(MFLAGS) CC="$(CC)" CFLAGS="$(CFLAGS)" \
+ FE="$(FE)" RANLIB="$(RANLIB)" RM_COMMAND="$(RM_COMMAND)" HDRS="$(PHDRS)" \
+ INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE)"
+ @echo " "
+
+# The PDKIM library
+
+buildpdkim: pdkim/pdkim.a
+pdkim/pdkim.a: config
+ @cd pdkim && $(MAKE) SHELL=$(SHELL) AR="$(AR)" $(MFLAGS) CC="$(CC)" CFLAGS="$(CFLAGS)" \
+ FE="$(FE)" RANLIB="$(RANLIB)" RM_COMMAND="$(RM_COMMAND)" HDRS="$(PHDRS)" \
+ INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE)"
+ @echo " "
+
+# The "clean", "install", and "makefile" targets just pass themselves back to
+# the main Exim makefile. These targets will be obeyed only if "make" is obeyed
+# for them in the build directory.
+
+clean install makefile:; cd ..; $(MAKE) $(MFLAGS) build=$(build) $@
+
+# Targets for building stand-alone testing programs for basic testing of
+# some of the building blocks. These are not integrated with the makefile-
+# building targets. If you change something that is going to cause the
+# makefile to be rebuilt, you must run "make makefile" before running one
+# of these.
+
+# The testing programs use different versions of some modules - usually
+# with bits cut out that are not relevant to the test in hand. For those
+# that are used by several tests, we use a different name.
+
+sa-globals.o: $(HDRS) globals.c
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -o sa-globals.o globals.c
+
+sa-os.o: $(HDRS) os.c
+ $(CC) -c $(CFLAGS) $(INCLUDE) \
+ -DFIND_RUNNING_INTERFACES \
+ -o sa-os.o os.c
+
+# These are the test targets themselves
+
+test_dbfn: config.h dbfn.c dummies.o sa-globals.o sa-os.o store.o \
+ string.o tod.o version.o utf8.o
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY store.c
+ $(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \
+ dummies.o sa-globals.o sa-os.o store.o string.o \
+ tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS)
+ rm -f dbfn.o store.o
+
+test_host: config.h child.c host.c dns.c dummies.c sa-globals.o os.o \
+ store.o string.o tod.o tree.o
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST child.c
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST host.c
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dns.c
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dummies.c
+ $(LNCC) -o test_host $(LFLAGS) \
+ host.o child.o dns.o dummies.o sa-globals.o os.o store.o string.o \
+ tod.o tree.o $(LIBS) $(LIBRESOLV)
+ rm -f child.o dummies.o host.o dns.o
+
+test_os: os.h os.c dummies.o sa-globals.o store.o string.o tod.o utf8.o
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE os.c
+ $(LNCC) -o test_os $(LFLAGS) os.o dummies.o \
+ sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LDFLAGS)
+ rm -f os.o
+
+test_parse: config.h parse.c dummies.o sa-globals.o \
+ store.o string.o tod.o version.o utf8.o
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE parse.c
+ $(LNCC) -o test_parse $(LFLAGS) parse.o \
+ dummies.o sa-globals.o store.o string.o tod.o version.o \
+ utf8.o $(LDFLAGS)
+ rm -f parse.o
+
+test_string: config.h string.c dummies.o sa-globals.o store.o tod.o utf8.o
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE string.c
+ $(LNCC) -o test_string $(LFLAGS) -DSTAND_ALONE string.o \
+ dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LDFLAGS)
+ rm -f string.o
+
+# End
diff --git a/OS/Makefile-Darwin b/OS/Makefile-Darwin
new file mode 100644
index 0000000..be0d952
--- /dev/null
+++ b/OS/Makefile-Darwin
@@ -0,0 +1,29 @@
+# Exim: OS-specific make file for Darwin (Mac OS X).
+
+CC=cc
+
+BASENAME_COMMAND=look_for_it
+CHOWN_COMMAND=/usr/sbin/chown
+CHMOD_COMMAND=/bin/chmod
+
+HAVE_SA_LEN=YES
+
+# Removed -DBIND_8_COMPAT for 4.61
+# CFLAGS=-O -no-cpp-precomp -DBIND_8_COMPAT
+
+CFLAGS=-O -no-cpp-precomp
+LIBRESOLV=-lresolv
+
+USE_DB = yes
+DBMLIB =
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/Makefile-Default b/OS/Makefile-Default
new file mode 100644
index 0000000..41a4dbb
--- /dev/null
+++ b/OS/Makefile-Default
@@ -0,0 +1,327 @@
+##################################################
+# The Exim mail transport agent #
+##################################################
+
+# Generic default make file containing settings that relate to the OS or
+# to selectable features within the OS. The configuration options for Exim
+# itself live in Local/Makefile, which is constructed by editing src/EDITME.
+
+# These settings are basic defaults which may be overridden, either by the
+# generic OS-specific files, or by site-specific files. Do not edit this file.
+# Instead, edit or create suitable OS-specific and/or site specific files.
+# See the manual for details.
+
+
+# MAKE_SHELL contains the name of the shell to be used for executing commands
+# from the make files. Normally /bin/sh should be used.
+
+MAKE_SHELL=/bin/sh
+
+
+# BASENAME_COMMAND contains the path to the "basename" command, which varies
+# from OS to OS. This is used when building the Exim monitor script only. (See
+# also HOSTNAME_COMMAND.) If BASENAME_COMMAND is set to "look_for_it" then the
+# script checks for /usr/bin/basename and /bin/basename, and if neither is
+# found, it uses /usr/ucb/basename. This copes with Solaris 2 and Linux, both
+# of which come in different versions.
+
+BASENAME_COMMAND=/usr/bin/basename
+
+
+# If you set STRIP_COMMAND to the path of the "strip" command, it will be run
+# on every binary that is built. It is left unset by default, which leaves
+# the binaries unstripped.
+
+# STRIP_COMMAND=/usr/bin/strip
+
+
+# Some of the following commands live in different places in different OS. We
+# include them all here for generality.
+
+CHOWN_COMMAND=/usr/bin/chown
+CHGRP_COMMAND=/usr/bin/chgrp
+CHMOD_COMMAND=/usr/bin/chmod
+MV_COMMAND=/bin/mv
+RM_COMMAND=/bin/rm
+TOUCH_COMMAND=/usr/bin/touch
+
+
+# Some operating systems have different ways of building libraries of
+# functions. This macro defines the command to do this, defaulting to
+# the "ar" command with options "cq".
+
+AR=ar cq
+
+
+# Not all operating systems have the iconv() function. Those that do have
+#
+# HAVE_ICONV=yes
+#
+# in their OS-specific Makefiles. On those that don't it is possible to
+# install an independent implementation of iconv(). If you've done this,
+# add "HAVE_ICONV=yes" to your Local/Makefile.
+
+
+# Perl is not necessary for running Exim itself, except when EXIM_PERL
+# is set to cause Perl embedding. However, some Perl utilities are provided
+# for processing the logs. Perl 5 is assumed.
+
+PERL_COMMAND=/usr/bin/perl
+
+
+# CC contains the name of the C compiler to be used.
+
+CC=gcc
+
+
+# CFLAGS contains flags to be passed to the compiler. Nothing is defaulted
+# here; instead each OS-dependent Makefile contains a default setting.
+
+# CFLAGS=-O
+
+
+# LFLAGS contains flags to be passed to the link editor. Nothing is defaulted
+# here; instead each OS-dependent Makefile contains a default setting if one
+# is needed.
+
+# LFLAGS=
+
+
+# PCRE_LIBS contains the library to be linked for PCRE
+
+PCRE_LIBS=-lpcre
+
+
+# LIBS and EXTRALIBS contain library settings that are used on linking
+# commands to build binaries. The OS-dependent Makefile may contain a default
+# setting for LIBS, leaving EXTRALIBS available for adding further libraries
+# that are required for optional extras.
+
+# LIBS=
+# EXTRALIBS=
+
+
+# LIBS_EXIM and EXTRALIBS_EXIM contain library settings that are used
+# only when linking the Exim binary. They are not used for other binaries.
+# One possible use is for the TCP wrappers library.
+
+# LIBS_EXIM=
+# EXTRALIBS_EXIM=
+
+
+# LIBS_EXIMON and EXTRALIBS_EXIMON contain library settings that are
+# used only when linking the Exim monitor binary. They are not used for
+# other binaries.
+
+# LIBS_EXIMON=
+# EXTRALIBS_EXIMON=
+
+
+# The error name for quota exceeded varies among operating systems, and
+# even, unfortunately, in different versions of the same operating system.
+# EDQUOT was not in Sys V, but is in SPEC 1170, apparently. It was used
+# in SunOS4, but got taken out for SunOS5, where ENOSPC was given if a quota
+# was exceeded. However, it got put back into SunOS5 with a patch to 5.4 in
+# order to comply with SPEC 1170. Thus even different patch levels of the same
+# system (SunOS5) may use different numbers.
+#
+# If you don't have quotas or are not interested in handling quota errors
+# specially, just set this variable to 0. If it is not set, it defaults to
+# EDQUOT if that is defined for the OS; otherwise it defaults to ENOSPC.
+
+# ERRNO_QUOTA=EDQUOT
+
+
+# The exiwhat utility script finds all the processes running Exim, and sends
+# them a SIGUSR1 signal to get them to write their status to a file. There are
+# two ways in which this can be done:
+#
+# (1) If the OS has a command to find processes and signal them, that can be
+# used. Linux has "killall"; Solaris has "pkill". (Note: "killall" on Solaris
+# does something very different - and disastrous.) The following are set in the
+# OS-specific Makefiles for those OS where this can be done:
+
+# EXIWHAT_MULTIKILL_CMD=
+# EXIWHAT_MULTIKILL_ARG=
+
+# (2) For other operating systems, exiwhat calls the ps command and egreps the
+# output in order to find all the processes running Exim. The arguments for the
+# various commands needed to do this vary from OS to OS. These defaults work on
+# Solaris 2, HPUX, and IRIX. The OS-specific Makefiles have different versions
+# for other systems, and you can override with your own requirements in your
+# private Makefiles in the Local directory. The most commonly found
+# alternatives are -ax instead of -e for the ps argument, and / instead of a
+# blank before the name exim for the egrep argument on systems whose ps output
+# shows the full path name. The quotes for the egrep argument are specified
+# here so that leading white space can be used. This value should always be
+# given in single quotes.
+
+EXIWHAT_PS_CMD=/bin/ps
+EXIWHAT_PS_ARG=-e
+EXIWHAT_EGREP_ARG=' exim( |$$|-)'
+
+# For both kinds of exiwhat usage, the next setting specifies the signal that
+# is sent.
+
+EXIWHAT_KILL_SIGNAL=-USR1
+
+
+# IPv6 is gradually spreading more and more widely. Most operating systems seem
+# to support it nowadays. If you set this option, IPv6 support will be included
+# in the Exim binary. As well as the basic enabling option, there are
+# parameters for include and library directories that may be needed for IPv6 on
+# some systems, where the support is not yet in the standard library.
+
+# HAVE_IPV6=YES
+# IPV6_INCLUDE=-I /usr/ipv6/include
+# IPV6_LIBS=-L/usr/ipv6/libs -linet6
+
+# Exim uses the function getaddrinfo() for converting IPv6 addresses in text
+# form to binary. Apparently some operating systems do not support this, or not
+# correctly, and require the use of the function inet_pton() instead. The
+# following setting enables this. Note, however, the inet_pton() has reduced
+# functionality compared with getaddrinfo(). In particular, it does not
+# recognize the percent convention for identifying scopes (interfaces) that is
+# used by some operating systems.
+
+# IPV6_USE_INET_PTON=yes
+
+# HOSTNAME_COMMAND contains the path to the "hostname" command, which varies
+# from OS to OS. This is used when building the Exim monitor script only. (See
+# also BASENAME_COMMAND.) If HOSTNAME_COMMAND is set to "look_for_it" then the
+# script checks for /usr/bin/hostname and /bin/hostname, and if neither is
+# found, it uses /usr/ucb/basename. This copes with Solaris 2, which comes in
+# different versions.
+
+HOSTNAME_COMMAND=/bin/hostname
+
+
+# INCLUDE contains arbitrary include parameters that you may need to use
+# when building exim. It is added to every compile command.
+
+# INCLUDE=-I /some/special/include-directory
+
+
+# Some OS require a separate library to be quoted when linking programs that
+# call name resolver functions. This can be set in LIBRESOLV, which is left
+# unset here, but is set is some of the OS-specific Makefiles.
+
+# LIBRESOLV=
+
+
+# Additional libraries and include directories may be required for some
+# lookup styles, e.g. LDAP or SQL. LOOKUP_LIBS is included only on the
+# command for linking Exim itself, not on any auxiliary programs. You
+# don't need to set LOOKUP_INCLUDE if the relevant directories are already
+# specified in INCLUDE.
+
+# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/sql/include
+# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber
+
+
+# RANLIB should be set to something that does nothing on systems that do not
+# have the ranlib command or do not need to run it on library files.
+
+RANLIB=ranlib
+
+
+# EXIM_CHMOD is available to specify a command that is automatically applied
+# to the Exim binary immediately it is compiled. (I find this useful when
+# building test versions.)
+
+EXIM_CHMOD=@true
+
+
+# If you want to use local_scan() at all, the support code must be included
+# by uncommenting this line.
+
+# HAVE_LOCAL_SCAN=yes
+
+# LOCAL_SCAN_SOURCE defines the file in which the function local_scan() is
+# defined. This provides the administrator with a hook for including C code
+# for scanning incoming mails. The path that is defined must be relative to
+# the Exim distribution directory. For example
+
+# LOCAL_SCAN_SOURCE=Local/local_scan.c
+
+# A very simple example points to a template function that doesn't actually do
+# any scanning, but just accepts the message. A compilable file must be
+# included in the build even if HAVE_LOCAL_SCAN is not defined.
+
+LOCAL_SCAN_SOURCE=src/local_scan.c
+
+# If you want to specify options for your local_scan() that can be set from
+# the main Exim configuration file, you need to uncomment the following line,
+# and then provide a table of options in your local_scan() source, as described
+# in the reference manual.
+
+# LOCAL_SCAN_HAS_OPTIONS=yes
+
+
+#############################################################################
+# The following are all concerned with configuring the way Exim handles its
+# database (hints) and other dbm files.
+
+# Some systems require a separate library to be supplied when linking programs
+# that make use of DBM library calls. This can be set in DBMLIB, which is unset
+# by default, but is set in some of the OS-specific Makefiles. Setting it in
+# your Local/Makefile will override any other setting.
+
+# DBMLIB=
+
+
+# When Exim is attempting to lock one of its database (hints) files, it
+# applies a timeout which can be altered here.
+
+# EXIMDB_LOCK_TIMEOUT=60
+
+
+# By default, Exim uses traditional ndbm function calls to handle its indexed
+# hints databases. On systems that have Berkeley db installed, this still
+# works via the compatibility interface. However, by defining USE_DB you can
+# make it use native db function calls.
+
+# USE_DB=YES
+
+# Similarly, if you are using gdbm, Exim will by default use the ndbm
+# compatibility interface. However, by defining USE_GDBM you can make it
+# use the native gdbm function calls.
+
+# USE_GDBM=YES
+
+
+#############################################################################
+# The following definitions are relevant only when compiling the Exim monitor
+# program, which requires an X11 display. See the variable EXIM_MONITOR in
+# src/EDITME for how to suppress this compilation.
+
+# X11 contains the location of the X11 libraries and include files.
+
+X11=/usr/X11R6
+
+# XINCLUDE contains options for header inclusion when compiling functions
+# that call X11 functions.
+
+XINCLUDE=-I$(X11)/include
+
+# XLFLAGS contains flags to be passed to the linker when linking the monitor.
+
+XLFLAGS=-L$(X11)/lib
+
+# X11_LD_LIB contains the name of the X11 library that is to be added to
+# LD_LIBRARY_PATH when running the monitor program.
+
+X11_LD_LIB=$(X11)/lib
+
+# A modified version of the Athena TextPop module is supplied with Exim. The
+# modification is to remove the "replace" part of the "search and replace"
+# operation because it isn't wanted. TextPop is only one of a number of
+# modules that make up the Text widget. Some antique link editors cannot handle
+# the case of a replacement module for one of a set of modules. To allow
+# the monitor to be linked in such cases, set the value of EXIMON_TEXTPOP
+# to be empty. The search operations will then contain a useless "replace"
+# option, which is untidy, but does no harm.
+
+EXIMON_TEXTPOP=em_TextPop.o
+
+# End
diff --git a/OS/Makefile-FreeBSD b/OS/Makefile-FreeBSD
new file mode 100644
index 0000000..d550fb7
--- /dev/null
+++ b/OS/Makefile-FreeBSD
@@ -0,0 +1,54 @@
+# Exim: OS-specific make file for FreeBSD
+# Copyright (c) The Exim Maintainers 2020
+
+CHOWN_COMMAND=/usr/sbin/chown
+STRIP_COMMAND=/usr/bin/strip
+CHMOD_COMMAND=/bin/chmod
+
+
+# FreeBSD Ports no longer insert compatibility symlinks into /usr/bin for
+# scripting languages which traditionally have had them.
+PERL_COMMAND=/usr/local/bin/perl
+
+HAVE_SA_LEN=YES
+
+# crypt() is in a separate library
+LIBS=-lcrypt -lm -lutil
+
+# Dynamically loaded modules need to be built with -fPIC
+CFLAGS_DYNAMIC=-shared -rdynamic -fPIC
+
+# FreeBSD always ships with Berkeley DB
+USE_DB=yes
+
+# This code for building outside ports suggested by Richard Clayton
+.ifdef X11BASE
+X11=${X11BASE}
+.elifdef LOCALBASE
+X11=$(LOCALBASE)
+.else
+X11=/usr/local
+.endif
+
+# nb: FreeBSD is entirely elf; objformat was removed prior to FreeBSD 7
+# http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.bin/objformat/Attic/objformat.c
+# deleted Jan 2007.
+#
+# So if this fails, you're on an ancient unsupported FreeBSD release *and*
+# running GUI software, which seems both unusual and unwise.
+#
+# http://www.freebsd.org/doc/handbook/binary-formats.html suggests that the
+# switch to default to ELF came with FreeBSD 3. elf(5) claims ELF support
+# introduced in FreeBSD 2.2.6.
+#
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib -Wl,-rpath,${X11}/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD='killall -m'
+EXIWHAT_MULTIKILL_ARG='^exim($$|-[0-9.]+-[0-9]+$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/Makefile-GNU b/OS/Makefile-GNU
new file mode 100644
index 0000000..b49976f
--- /dev/null
+++ b/OS/Makefile-GNU
@@ -0,0 +1,30 @@
+# Exim: OS-specific make file for GNU and variants.
+# Copyright (c) The Exim Maintainers 2020
+
+HAVE_ICONV=yes
+
+BASENAME_COMMAND=look_for_it
+CHOWN_COMMAND=look_for_it
+CHGRP_COMMAND=look_for_it
+CHMOD_COMMAND=look_for_it
+
+CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+
+DBMLIB = -ldb
+USE_DB = yes
+
+LIBS = -lnsl -lcrypt -lm
+LIBRESOLV = -lresolv
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD=killall
+EXIWHAT_MULTIKILL_ARG=exim
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
new file mode 100644
index 0000000..dfb2fa8
--- /dev/null
+++ b/OS/Makefile-Linux
@@ -0,0 +1,39 @@
+# Exim: OS-specific make file for Linux. This is for modern Linuxes,
+# which use libc6.
+# Copyright (c) The Exim Maintainers 2020
+#
+# For Linux, we assume GNU Make; at time of writing, the only extension
+# used is ?= which is actually portable to other maintained Make variants,
+# just is not POSIX.
+
+HAVE_ICONV=yes
+
+BASENAME_COMMAND=look_for_it
+CHOWN_COMMAND=look_for_it
+CHGRP_COMMAND=look_for_it
+CHMOD_COMMAND=look_for_it
+
+# The system cc may be gcc or clang; do not force gcc
+CC=cc
+# Preserve CFLAGS and CFLAGS_DYNAMIC from the caller/environment
+CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+CFLAGS_DYNAMIC ?= -shared -rdynamic
+
+DBMLIB = -ldb
+USE_DB = yes
+
+LIBS = -lcrypt -lm
+LIBRESOLV = -lresolv
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD=killall
+EXIWHAT_MULTIKILL_ARG=exim
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/Makefile-OpenBSD b/OS/Makefile-OpenBSD
new file mode 100644
index 0000000..8f40879
--- /dev/null
+++ b/OS/Makefile-OpenBSD
@@ -0,0 +1,30 @@
+# Exim: OS-specific make file for OpenBSD
+# Copyright (c) The Exim Maintainers 2020
+
+CHOWN_COMMAND=/usr/sbin/chown
+CHGRP_COMMAND=/usr/sbin/chgrp
+CHMOD_COMMAND=/bin/chmod
+
+CC=cc
+CFLAGS=-O2 -Wall -Wno-parentheses -Wno-self-assign -Wno-logical-op-parentheses
+
+LIBS=-lm
+
+HAVE_SA_LEN=YES
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+
+EXIWHAT_MULTIKILL_CMD=pkill
+EXIWHAT_MULTIKILL_ARG='exim( |$$|-)'
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+HAVE_IPV6=YES
+
+# OpenBSD always ships with Berkeley DB
+USE_DB=yes
+
+# End
diff --git a/OS/Makefile-SunOS5 b/OS/Makefile-SunOS5
new file mode 100644
index 0000000..3b436f4
--- /dev/null
+++ b/OS/Makefile-SunOS5
@@ -0,0 +1,24 @@
+# Exim: OS-specific make file for SunOS5
+# Copyright (c) The Exim Maintainers 2020
+
+HAVE_ICONV=yes
+
+BASENAME_COMMAND=look_for_it
+HOSTNAME_COMMAND=look_for_it
+
+RANLIB=@true
+LIBS=-lsocket -lnsl -lkstat -lm
+LIBRESOLV=-lresolv
+
+EXIWHAT_MULTIKILL_CMD=pkill
+EXIWHAT_MULTIKILL_ARG='exim( |$$|-)'
+
+X11=/usr/openwin
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib -R$(X11)/lib
+X11LIB=$(X11)/lib
+
+OS_C_INCLUDES=setenv.c
+CFLAGS += -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D__EXTENSIONS__
+
+# End
diff --git a/OS/eximon.conf-Default b/OS/eximon.conf-Default
new file mode 100644
index 0000000..2f874ef
--- /dev/null
+++ b/OS/eximon.conf-Default
@@ -0,0 +1,41 @@
+# Exim: Default settings for the eximon script which fires up the Exim monitor.
+# These can be overridden by OS-specific scripts and local installation
+# scripts, and also at run time by shell variables.
+
+# The name of the eximon binary, usually the same as the eximon script,
+# with .bin stuck on the end.
+
+EXIMON_BINARY="${EXIMON_BINARY-$0.bin}"
+
+# The remaining parameters are values likely to be changed to suit the
+# user's taste. They are documented in the EDITME file.
+
+WINDOW_TITLE=${EXIMON_WINDOW_TITLE-'"${hostname} eximon"'}
+
+ACTION_OUTPUT=${EXIMON_ACTION_OUTPUT-no}
+ACTION_QUEUE_UPDATE=${EXIMON_ACTION_QUEUE_UPDATE-yes}
+BODY_MAX=${EXIMON_BODY_MAX-20000}
+LOG_DEPTH=${EXIMON_LOG_DEPTH-300}
+LOG_WIDTH=${EXIMON_LOG_WIDTH-${EXIMON_WIDTH-950}}
+LOG_BUFFER=${EXIMON_LOG_BUFFER-20K}
+LOG_FONT=${EXIMON_LOG_FONT--misc-fixed-medium-r-normal-*-14-140-*-*-*-*-iso8859-1}
+LOG_STRIPCHARTS='/ <= /in/
+ / => /out/
+ / => .+ R=local/local/
+ / => .+ T=[^ ]*smtp/smtp/'
+MENU_EVENT=${EXIMON_MENU_EVENT-'Shift<Btn1Down>'}
+MIN_HEIGHT=${EXIMON_MIN_HEIGHT-162}
+MIN_WIDTH=${EXIMON_MIN_WIDTH-103}
+QUEUE_DEPTH=${EXIMON_QUEUE_DEPTH-200}
+QUEUE_WIDTH=${EXIMON_QUEUE_WIDTH-${EXIMON_WIDTH-950}}
+QUEUE_FONT=${EXIMON_QUEUE_FONT-${LOG_FONT}}
+QUEUE_MAX_ADDRESSES=${EXIMON_QUEUE_MAX_ADDRESSES-10}
+QUEUE_INTERVAL=${EXIMON_QUEUE_INTERVAL-300}
+QUEUE_STRIPCHART_NAME=${EXIMON_QUEUE_STRIPCHART_NAME-queue}
+SIZE_STRIPCHART=${EXIMON_SIZE_STRIPCHART}
+SIZE_STRIPCHART_NAME=${EXIMON_SIZE_STRIPCHART_NAME}
+START_SMALL=${EXIMON_START_SMALL-no}
+STRIPCHART_INTERVAL=${EXIMON_STRIPCHART_INTERVAL-60}
+TEXT_DEPTH=${EXIMON_TEXT_DEPTH-200}
+
+# End
diff --git a/OS/os.Configuring b/OS/os.Configuring
new file mode 100644
index 0000000..465bc26
--- /dev/null
+++ b/OS/os.Configuring
@@ -0,0 +1,215 @@
+Configuring Exim for different Operating Systems
+------------------------------------------------
+
+These notes describe the way in which Exim is configured at the C program level
+for different operating systems. The normal configuration options that apply
+independently of the operating system are specified by creating files in the
+Local directory, as described in chapter 4 of the manual.
+
+These notes cover the os.* files in the OS directory, and contain information
+for people who want to port the program to some new OS, or to modify the
+configuration for an existing port. If you are just wanting to compile Exim on
+a system that it already knows about, you do not need to read further unless
+there are problems.
+
+The os.c-<ostype> files
+-----------------------
+
+There may be an os.c-<ostype> file for each operating system, but for many of
+them it is not necessary. No error occurs is there isn't one. There is a
+generic file called os.c which contains code that is common to two or more OS
+for setting a restarting or a non-restarting signal, for computing the load
+average, and for finding all the network interface addresses. A few OS have
+their own individual code for one or more of these. When they do, the code is
+put into an os.c-<ostype> file, which also defines a macro such as
+OS_RESTARTING_SIGNAL (for example) to cut out the common code in the generic
+os.c.
+
+The os.h-<ostype> files
+-----------------------
+
+For each OS that Exim knows about, there is an os.h-<ostype> file, where
+<ostype> is the OS name. The relevant file is included as a C header file for
+all Exim compilation by pointing a symbolic link called os.h at it from the
+build directory. The settings are as follows:
+
+The select() function
+---------------------
+
+There is a difference in the data type for the second argument to the select()
+function in some OS. The macro SELECT_ARG2_TYPE can be used to define the type.
+If it is not defined in os.h, then it is defaulted to fs_set in exim.h.
+
+The dn_expand() function
+------------------------
+
+There is a difference in the data type for the fourth argument to the
+dn_expand() function in some OS. The macro DN_EXPAND_ARG4_TYPE can be used to
+define the type. If it is not defined in os.h, then it is defaulted to char *
+in exim.h.
+
+The h_errno variable
+--------------------
+
+If NEED_H_ERRNO is defined, then a definition of the form
+
+extern int h_errno
+
+is included in the compiled code of Exim.
+
+The strerror() function
+-----------------------
+
+Most systems provide the ANSI standard strerror() function; older systems may
+instead have an errlist[] variable in which to look up error texts. Defining
+STRERROR_FROM_ERRLIST causes Exim to build its own strerror() function that
+mimics the ANSI function by lookup up the error code in errlist.
+
+Truncating files
+----------------
+
+The fcntl() option for truncating the length of a file is called F_FREESP in
+most systems; in some, however, it is called O_TRUNC. Some os.h files define
+F_FREESP to be O_TRUNC for this reason.
+
+Finding local interfaces
+------------------------
+
+The SIOCGIFCONF ioctl for finding local interfaces behaves differently on BSD
+systems. It returns a vector of ifreq blocks containing sockaddr structures
+that can be longer than their sizeof definition, making the returned ifreq
+blocks longer than their sizeof definitions. BSD sockaddrs structures contain
+an sa_len field giving the actual size. To cope with difference, there is a
+macro called HAVE_SA_LEN. If it is defined, code that works on BSD systems is
+used. Otherwise, the objects returned by SIOCGIFCONF are assumed to be of
+length sizeof(struct ifreq).
+
+On some operating systems, the SIOCGIFCONF ioctl returns the IP addresses
+with the list of interfaces, and there is no need to call SIOCGIFADDR for each
+individual address. Mostly, making the second call does no harm, but on Linux
+when there are IP aliases, it causes things to go wrong. This also happens on
+BSDI and GNU Hurd. Therefore, there is now a macro to cut it out, called
+SIOCGIFCONF_GIVES_ADDR.
+
+Note that, if IPv6 support is configured, Exim cannot find the IPv6 addresses
+on local interfaces by itself. You need to set the local_interfaces option in
+this situation.
+
+Computing load averages
+-----------------------
+
+There are several different ways that load averages are computed. One-off code
+is put in the os.c-<ostype>, but several OS use similar methods, and these
+are coded in the generic os.c, using a number of parameters to make variations
+between OS.
+
+Sometimes the load average is not available to unprivileged callers. If
+LOAD_AVG_NEEDS_ROOT is set, Exim ensures that it is root before trying to
+obtain a load average value.
+
+(1) If HAVE_BSD_GETLOADAVG is defined, Exim uses a simple call to the
+getloadavg() function.
+
+(2) If HAVE_KSTAT is defined, Exim uses the kstat package as found in Solaris 2
+(but nowhere else as yet). It uses some supplementary definitions:
+
+ LOAD_AVG_KSTAT the kstat to use
+ LOAD_AVG_KSTAT_MODULE the module to access
+ LOAD_AVG_KSTAT_SYMBOL the symbol containing the value we want
+ LOAD_AVG_KSTAT_FIELD the field identity
+
+(3) If HAVE_DEV_KMEM is defined, Exim reads load average values from the
+/dev/kmem device. It uses some supplementary definitions:
+
+ LOAD_AVG_TYPE the data type
+ LOAD_AVG_SYMBOL the symbol to look up
+ KERNEL_PATH the name of the kernel
+ FSCALE a scaling factor
+
+Sometimes FSCALE is defined in system headers so need not be defined in the
+os.h-<ostype> file.
+
+Glibc systems and IP options
+----------------------------
+
+The code for inspecting IP options is the same in all OS except for systems
+using glibc (e.g. Linux), which uses a different structure to return data from
+getsockopt(). To handle this, there is a macro called
+
+ GLIBC_IP_OPTIONS
+
+which should be set for Linux (in os.h-Linux) and any other operating system
+that uses glibc.
+
+Options for statvfs()
+---------------------
+
+The following settings apply to the compilation of the Exim monitor as well as
+to the main Exim binary.
+
+#undefine HAVE_STATFS
+
+Exim has options for checking the amount of space in the spool partition
+before accepting a message, and the monitor has the ability to display a
+stripchart of the percentage fullness of a particular disc partition, usually
+/var/spool/mail. The standard way of finding out the data is to call the
+statvfs() function, but some operating systems use statfs() and some may not
+have the ability at all. The Exim code uses STATVFS() for this function and
+this gets defined appropriately. HAVE_STATFS is defined before including the
+os.h file; undefining it suppresses the code for checking a partition in the
+main binary, and for monitoring disc partition in the monitor.
+
+When HAVE_STATFS is defined, the distinction between statvfs() and statfs() is
+made by checking HAVE_SYS_STATVFS_H. If it is defined, then sys/statvfs.h is
+included. Otherwise, STATVFS() is defined as a macro for statfs(), and some
+further includes are done, according to the following definitions:
+
+#define HAVE_SYS_MOUNT_H
+#define HAVE_VFS_H
+
+Each of those definitions causes the inclusion of the corresponding system
+header file in the Exim monitor compilation. For example, the first one causes
+
+#include <sys/mount.h>
+
+to be obeyed. Different systems may require different combinations of these
+headers.
+
+The sys/resource.h header
+-------------------------
+
+One OS does not have the sys/resource.h header. If NO_SYS_RESOURCE_H is defined
+in an os.h-<ostype> file, then the #include for this header is skipped in
+exim.h.
+
+Support for login_cap functions
+-------------------------------
+
+Some of the BSD systems support functions for controlling the resources that
+user processes can use (e.g. login_getpwclass). If HAVE_SETCLASSRESOURCES is
+defined, Exim supports this feature for running pipe deliveries, using the
+setclassresources() function.
+
+The crypt_h header
+------------------
+
+Some OS require crypt.h to be included to get a prototype for the crypt()
+function. This is needed only when compiling with AUTH support. If CRYPT_H is
+defined, then this header is included.
+
+mmap() support
+--------------
+
+The CDB support includes the option of handling file operations by using
+mmap()/munmap(). This gives a reasonable performance increase which will
+probably scale over multiple processes (since the files are mapped read-only
+shared). The vast majority of modern operating systems will support mmap
+(certainly in the simplified way that it is being used here). For example any
+BSD 4.x derived or POSIX compliant system will support it, as will pretty much
+any system using dynamically shared link libraries.
+
+If the OS is believed to support mmap() then the symbol HAVE_MMAP is defined.
+Not all systems that support mmap will have had their config files updated to
+reflect this. Currently Linux, Sun, BSD and SGI/mips systems have been updated.
+
+*** End ***
diff --git a/OS/os.c-FreeBSD b/OS/os.c-FreeBSD
new file mode 100644
index 0000000..cb0b0bf
--- /dev/null
+++ b/OS/os.c-FreeBSD
@@ -0,0 +1,47 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) Jeremy Harris 1995 - 2020 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* FreeBSD-specific code. This is concatenated onto the generic
+src/os.c file. */
+
+
+/*************
+Sendfile shim
+*************/
+
+ssize_t
+os_sendfile(int out, int in, off_t * offp, size_t cnt)
+{
+off_t loff = *offp, written;
+
+if (sendfile(in, out, loff, cnt, NULL, &written, 0) < 0) return (ssize_t)-1;
+*offp = loff + written;
+return (ssize_t)written;
+}
+
+/*************************************************
+TCP Fast Open: check that the ioctl is accepted
+*************************************************/
+
+#ifndef COMPILE_UTILITY
+void
+tfo_probe(void)
+{
+# ifdef TCP_FASTOPEN
+int sock;
+
+if ( (sock = socket(AF_INET, SOCK_STREAM, 0)) >= 0
+ && setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &on, sizeof(on) >= 0)
+ )
+ f.tcp_fastopen_ok = TRUE;
+close(sock);
+# endif
+}
+#endif
+
+
+/* End of os.c-Linux */
diff --git a/OS/os.c-GNU b/OS/os.c-GNU
new file mode 100644
index 0000000..dbd0149
--- /dev/null
+++ b/OS/os.c-GNU
@@ -0,0 +1,56 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) The Exim Maintainers 2020 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* GNU-specific code. This is concatenated onto the generic src/os.c file.
+GNU/Hurd has approximately the same way to determine the load average as NeXT,
+so a variant of this could also be in the generic os.c file. See the GNU EMacs
+getloadavg.c file, from which this snippet was derived. getloadavg.c from Emacs
+is copyrighted by the FSF under the terms of the GPLv2 or any later version.
+Changes are hereby placed under the same license, as requested by the GPL. */
+
+#ifndef OS_LOAD_AVERAGE
+#define OS_LOAD_AVERAGE
+
+#include <mach.h>
+
+static processor_set_t default_set;
+static int getloadavg_initialized;
+
+int
+os_getloadavg (void)
+{
+host_t host;
+struct processor_set_basic_info info;
+unsigned info_count;
+
+if (!getloadavg_initialized)
+ {
+ if (processor_set_default (mach_host_self(), &default_set) == KERN_SUCCESS)
+ getloadavg_initialized = 1;
+ }
+
+if (getloadavg_initialized)
+ {
+ info_count = PROCESSOR_SET_BASIC_INFO_COUNT;
+ if (processor_set_info(default_set, PROCESSOR_SET_BASIC_INFO, &host,
+ (processor_set_info_t)&info, &info_count) != KERN_SUCCESS)
+ getloadavg_initialized = 0;
+ else
+ {
+ #if LOAD_SCALE == 1000
+ return info.load_average;
+ #else
+ return (int) (((double) info.load_average * 1000) / LOAD_SCALE));
+ #endif
+ }
+ }
+
+return -1;
+}
+#endif /* OS_LOAD_AVERAGE */
+
+/* End of os.c-GNU */
diff --git a/OS/os.c-Linux b/OS/os.c-Linux
new file mode 100644
index 0000000..59d81f8
--- /dev/null
+++ b/OS/os.c-Linux
@@ -0,0 +1,165 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 1997 - 2018 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Linux-specific code. This is concatenated onto the generic
+src/os.c file. */
+
+
+/*************************************************
+* Load average computation *
+*************************************************/
+
+/*Linux has an apparently unique way of getting the load average, so we provide
+a unique function here, and define OS_LOAD_AVERAGE to stop src/os.c trying to
+provide the function. However, when compiling os.c for utilities, we may not
+want this at all, so check that it isn't set first. */
+
+#if !defined(OS_LOAD_AVERAGE) && defined(__linux__)
+#define OS_LOAD_AVERAGE
+
+/* Linux has 2 ways of returning load average:
+
+ (1) Do a read on /proc/loadavg
+ (2) Use the sysinfo library function and syscall
+
+The latter is simpler but in Linux 2.0 - 2.2 (and probably later releases) is
+exceptionally slow - 10-50ms per call is not unusual and about 100x slow the
+first method. This cripples high performance mail servers by increasing CPU
+utilisation by 3-5x.
+
+In Exim's very early days, it used the 1st method. Later, it switched to the
+2nd method. Now it tries the 1st method and falls back to the 2nd if /proc is
+unavailable. */
+
+#include <sys/sysinfo.h>
+
+static int
+linux_slow_getloadavg(void)
+{
+struct sysinfo s;
+double avg;
+if (sysinfo(&s) < 0) return -1;
+avg = (double) (s.loads[0]) / (1<<SI_LOAD_SHIFT);
+return (int)(avg * 1000.0);
+}
+
+int
+os_getloadavg(void)
+{
+char buffer[40];
+double avg;
+int count;
+int fd = open ("/proc/loadavg", O_RDONLY);
+if (fd == -1) return linux_slow_getloadavg();
+count = read (fd, buffer, sizeof(buffer));
+(void)close (fd);
+if (count <= 0) return linux_slow_getloadavg();
+count = sscanf (buffer, "%lf", &avg);
+if (count < 1) return linux_slow_getloadavg();
+return (int)(avg * 1000.0);
+}
+#endif /* OS_LOAD_AVERAGE */
+
+
+
+
+
+/*************************************************
+* Finding interface addresses *
+*************************************************/
+
+/* This function is not required for utilities; we cut it out if
+FIND_RUNNING_INTERFACES is already defined. */
+
+#ifndef FIND_RUNNING_INTERFACES
+
+/* This code, contributed by Jason Gunthorpe, appears to be the current
+way of finding IPv6 interfaces in Linux. It first calls the common function in
+order to find IPv4 interfaces, then grobbles around to find the others. Jason
+said, "This is so horrible, don't look. Slightly ripped from net-tools
+ifconfig." It gets called by virtue of os_find_running_interfaces being defined
+as a macro for os_find_running_interfaces_linux in the os.h-Linux file. */
+
+ip_address_item *
+os_find_running_interfaces_linux(void)
+{
+ip_address_item *yield = NULL;
+
+#if HAVE_IPV6
+ip_address_item *last = NULL;
+ip_address_item *next;
+char addr6p[8][5];
+unsigned int plen, scope, dad_status, if_idx;
+char devname[20+1];
+FILE *f;
+#endif
+
+yield = os_common_find_running_interfaces();
+
+#if HAVE_IPV6
+
+/* Open the /proc file; give up if we can't. */
+
+if ((f = fopen("/proc/net/if_inet6", "r")) == NULL) return yield;
+
+/* Pick out the data from within the file, and add it on to the chain */
+
+last = yield;
+if (last != NULL) while (last->next != NULL) last = last->next;
+
+while (fscanf(f, "%4s%4s%4s%4s%4s%4s%4s%4s %02x %02x %02x %02x %20s\n",
+ addr6p[0], addr6p[1], addr6p[2], addr6p[3],
+ addr6p[4], addr6p[5], addr6p[6], addr6p[7],
+ &if_idx, &plen, &scope, &dad_status, devname) != EOF)
+ {
+ struct sockaddr_in6 addr;
+
+ /* This data has to survive for ever, so use malloc. */
+
+ next = store_malloc(sizeof(ip_address_item));
+ next->next = NULL;
+ next->port = 0;
+ sprintf(CS next->address, "%s:%s:%s:%s:%s:%s:%s:%s",
+ addr6p[0], addr6p[1], addr6p[2], addr6p[3],
+ addr6p[4], addr6p[5], addr6p[6], addr6p[7]);
+
+ /* Normalize the representation */
+
+ inet_pton(AF_INET6, CS next->address, &addr.sin6_addr);
+ inet_ntop(AF_INET6, &addr.sin6_addr, CS next->address, sizeof(next->address));
+
+ if (yield == NULL) yield = last = next; else
+ {
+ last->next = next;
+ last = next;
+ }
+
+ DEBUG(D_interface)
+ debug_printf("Actual local interface address is %s (%s)\n", last->address,
+ devname);
+ }
+fclose(f);
+#endif /* HAVE_IPV6 */
+
+return yield;
+}
+
+#endif /* FIND_RUNNING_INTERFACES */
+
+
+/*************
+* Sendfile *
+*************/
+#include <sys/sendfile.h>
+
+ssize_t
+os_sendfile(int out, int in, off_t * off, size_t cnt)
+{
+return sendfile(out, in, off, cnt);
+}
+
+/* End of os.c-Linux */
diff --git a/OS/os.c-SunOS5 b/OS/os.c-SunOS5
new file mode 100644
index 0000000..1624869
--- /dev/null
+++ b/OS/os.c-SunOS5
@@ -0,0 +1,16 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2016 */
+/* Copyright (c) Jeremy Harris 2016 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Solaris-specific code. This is concatenated onto the generic
+src/os.c file. */
+
+#if defined(MISSING_UNSETENV_3) && !defined(COMPILE_UTILITY)
+# include "setenv.c"
+#endif
+
+/* End of os.c-SunOS5 */
diff --git a/OS/os.h-Darwin b/OS/os.h-Darwin
new file mode 100644
index 0000000..7e3a67c
--- /dev/null
+++ b/OS/os.h-Darwin
@@ -0,0 +1,58 @@
+/* Exim: OS-specific C header file for Darwin (Mac OS X) */
+
+/* #define CRYPT_H */ /* Apparently this isn't needed */
+
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define PAM_H_IN_PAM
+#define SIOCGIFCONF_GIVES_ADDR
+
+
+#define F_FREESP O_TRUNC
+typedef struct flock flock_t;
+
+#define BASE_62 36 /* HFS+ aliases lower and upper cases in filenames.
+ Consider reducing MAX_LOCALHOST_NUMBER */
+
+#ifndef _BSD_SOCKLEN_T_
+# define _BSD_SOCKLEN_T_ int32_t /* socklen_t (duh) */
+#endif
+
+/* Settings for handling IP options. There's no netinet/ip_var.h. The IP
+option handling is in the style of the later GLIBCs but the GLIBC macros
+aren't set, so we invent a new one. */
+
+#define NO_IP_VAR_H
+#define DARWIN_IP_OPTIONS
+
+/* Need this for the DNS lookup code. Remember to remove if we get round to
+updating Exim to use the newer interface. */
+
+#define BIND_8_COMPAT
+
+/* It's not .so for dynamic libraries on Darwin. */
+#define DYNLIB_FN_EXT "dylib"
+
+/* We currently need some assistance getting OFF_T_FMT correct on MacOS */
+#ifdef OFF_T_FMT
+# undef OFF_T_FMT
+#endif
+#define OFF_T_FMT "%lld"
+#define LONGLONG_T long int
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* seems arpa/nameser.h does not define this */
+#define NS_MAXMSG 65535
+
+/* There may be very many supplementary groups for the user. See notes
+in "man 2 getgroups". */
+#define _DARWIN_UNLIMITED_GETGROUPS
+#define EXIM_GROUPLIST_SIZE 64
+
+/* TCP Fast Open: Darwin uses a connectx() call
+rather than a modified sendto() */
+#define EXIM_TFO_CONNECTX
+
+/* End */
diff --git a/OS/os.h-FreeBSD b/OS/os.h-FreeBSD
new file mode 100644
index 0000000..73d9976
--- /dev/null
+++ b/OS/os.h-FreeBSD
@@ -0,0 +1,71 @@
+/* Exim: OS-specific C header file for FreeBSD */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_SETCLASSRESOURCES
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+#define HAVE_SRANDOMDEV
+#define HAVE_ARC4RANDOM
+
+/* Applications should not call arc4random_stir() explicitly after
+ * FreeBSD r227520 (approximately 1000002).
+ * Set NOT_HAVE_ARC4RANDOM_STIR if the version released is past
+ * that point. */
+#if __FreeBSD_version >= 1000002
+# define NOT_HAVE_ARC4RANDOM_STIR
+#endif
+
+typedef struct flock flock_t;
+
+/* iconv arg2 type: libiconv in Ports uses "const char* * inbuf" and was
+ * traditionally the only approach available. The iconv functionality
+ * in libc is "char ** restrict src".
+ *
+ * <https://www.freebsd.org/doc/en/books/porters-handbook/using-iconv.html>
+ * says that libc has iconv since 2013, in 10-CURRENT. FreeBSD man-pages
+ * shows it included in 10.0-RELEASE. Writing this in 2017, 10.3 is the
+ * oldest supported release, so we should assume non-libiconv by default.
+ * (Actually, people still using old releases past EOL; we shouldn't support
+ * them but I don't want to deal with howls of complaints because we dare
+ * to not support the unsupported, so guard this on FreeBSD 10+)
+ *
+ * Thus we no longer override iconv.
+ *
+ * However, if libiconv is installed, and anything adds /usr/local/include
+ * to include-path (likely) then we'll get that. So define a variable
+ * which makes the libiconv try to not interfere with OS iconv.
+ */
+#if __FreeBSD__ >= 10
+# define LIBICONV_PLUG
+#endif
+/* for more specific version constraints, look at __FreeBSD_version
+ * from <sys/param.h> */
+
+/* When using DKIM, setting OS_SENDFILE can increase
+performance on outgoing mail a bit. */
+
+#define OS_SENDFILE
+extern ssize_t os_sendfile(int, int, off_t *, size_t);
+
+
+/*******************/
+
+#define EXIM_TFO_PROBE
+#define EXIM_TFO_FREEBSD
+
+
+/* for TCP state-variable values, for TFO logging */
+#include <netinet/tcp_fsm.h>
+#define TCP_SYN_RECV TCPS_SYN_RECEIVED
+
+/*******************/
+
+/* End */
diff --git a/OS/os.h-GNU b/OS/os.h-GNU
new file mode 100644
index 0000000..59130ef
--- /dev/null
+++ b/OS/os.h-GNU
@@ -0,0 +1,28 @@
+/* Exim: OS-specific C header file for GNU/Hurd */
+/* Copyright (c) The Exim Maintainers 2020 */
+
+#define CRYPT_H
+#define GLIBC_IP_OPTIONS
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_MMAP
+#define HAVE_SYS_VFS_H
+#define NO_IP_VAR_H
+#define SIG_IGN_WORKS
+#define SIOCGIFCONF_GIVES_ADDR
+
+#define F_FREESP O_TRUNC
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+/* Hurd-specific bits below */
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* setgroups(0, NULL) succeeds, and drops the gid group
+as well as any supplementary groups*/
+#define OS_SETGROUPS_ZERO_DROPS_ALL
+
+/* End */
diff --git a/OS/os.h-Linux b/OS/os.h-Linux
new file mode 100644
index 0000000..c705e5c
--- /dev/null
+++ b/OS/os.h-Linux
@@ -0,0 +1,94 @@
+/* Exim: OS-specific C header file for Linux */
+/* Copyright (c) University of Cambridge 1995 - 2020 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+
+/* Some old systems we've received bug-reports for have a <limits.h> which
+does not pull in <features.h>. Best to just pull it in now and have done
+with the issue. */
+
+#include <features.h>
+#include <sys/types.h>
+
+
+#define CRYPT_H
+#define GLIBC_IP_OPTIONS
+#define HAVE_MMAP
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_SYS_STATVFS_H
+#define NO_IP_VAR_H
+#define SIG_IGN_WORKS
+
+/* When using DKIM, setting OS_SENDFILE can increase
+performance on outgoing mail a bit. Note: With older glibc versions
+this setting will conflict with the _FILE_OFFSET_BITS=64 setting
+defined as part of the Linux CFLAGS. As of 2017 those are declared
+to be too old to build by default. */
+
+#define OS_SENDFILE
+extern ssize_t os_sendfile(int, int, off_t *, size_t);
+
+#define F_FREESP O_TRUNC
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+#if defined(__linux__) || defined(__FreeBSD_kernel__) || defined(__NetBSD_kernel__)
+# define SIOCGIFCONF_GIVES_ADDR
+# define HAVE_SYS_MOUNT_H
+#endif
+
+#if defined(__linux__)
+
+/* Some versions of Linux need explicit sync-ing of directories as well as
+files. This setting requests that. If the directory is on NFS, it may not
+be possible to sync it - in that case, Exim now should ignore the error. But
+if you have problems in that area, try undefining this. But be aware that you
+may be in a situation where files are not being properly "committed to stable
+storage" as quickly as Exim thinks they are. */
+
+#define NEED_SYNC_DIRECTORY
+
+#define os_find_running_interfaces os_find_running_interfaces_linux
+
+/* Need a prototype for the Linux-specific function. The structure hasn't
+been defined yet, so we need to pre-declare it. */
+
+struct ip_address_item;
+extern struct ip_address_item *os_find_running_interfaces_linux(void);
+
+#endif /* __linux__ */
+
+/* Some folks running "unusual" setups with very old libc environments have
+found that _GNU_SOURCE=1 before <features.h> is not sufficient to define some
+constants needed for 64-bit arithmetic. If you encounter build errors based
+on LLONG_MIN being undefined and various other escape hatches have not helped,
+then change the 0 to 1 in the next block. */
+
+#if 0
+# define LLONG_MIN LONG_LONG_MIN
+# define LLONG_MAX LONG_LONG_MAX
+#endif
+
+#if _POSIX_C_SOURCE >= 200809L || _ATFILE_SOUCE
+# define EXIM_HAVE_OPENAT
+#endif
+
+/* TCP Fast Open support */
+
+#include <netinet/tcp.h> /* for TCP_FASTOPEN */
+#include <sys/socket.h> /* for MSG_FASTOPEN */
+#if defined(TCP_FASTOPEN) && !defined(MSG_FASTOPEN)
+# define MSG_FASTOPEN 0x20000000
+#endif
+#define EXIM_HAVE_TCPI_UNACKED
+#ifndef TCPI_OPT_SYN_DATA
+# define TCPI_OPT_SYN_DATA 32
+#endif
+
+/* "Abstract" Unix-socket names */
+#define EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+
+
+/* End */
diff --git a/OS/os.h-OpenBSD b/OS/os.h-OpenBSD
new file mode 100644
index 0000000..dde779f
--- /dev/null
+++ b/OS/os.h-OpenBSD
@@ -0,0 +1,60 @@
+/* Exim: OS-specific C header file for OpenBSD */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+#define HAVE_ARC4RANDOM
+/* In May 2014, OpenBSD 5.5 was released which cleaned up the arc4random_* API
+ which removed the arc4random_stir() function. Set NOT_HAVE_ARC4RANDOM_STIR
+ if the version released is past that point. */
+#include <sys/param.h>
+#if OpenBSD >= 201405
+# define NOT_HAVE_ARC4RANDOM_STIR
+#endif
+
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+typedef struct __res_state *res_state;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+#ifndef EPROTO
+# define EPROTO 71
+#endif
+
+/* We need to force this; the automatic in buildconfig.c gets %ld */
+#ifdef OFF_T_FMT
+# undef OFF_T_FMT
+# undef LONGLONG_T
+#endif
+#define OFF_T_FMT "%lld"
+#define LONGLONG_T long long int
+
+#ifdef PID_T_FMT
+# undef PID_T_FMT
+#endif
+#define PID_T_FMT "%d"
+
+#ifdef INO_T_FMT
+# undef INO_T_FMT
+#endif
+#define INO_T_FMT "%llu"
+
+#ifdef TIME_T_FMT
+# undef TIME_T_FMT
+#endif
+#define TIME_T_FMT "%lld"
+
+/* seems arpa/nameser.h does not define this.
+Space-constrained devices could use much smaller; a few k. */
+#define NS_MAXMSG 65535
+
+/* End */
diff --git a/OS/os.h-SunOS5 b/OS/os.h-SunOS5
new file mode 100644
index 0000000..dfbd8f1
--- /dev/null
+++ b/OS/os.h-SunOS5
@@ -0,0 +1,51 @@
+/* Exim: OS-specific C header file for SunOS5 aka Solaris */
+
+#define CRYPT_H
+#define HAVE_MMAP
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL f_favail
+#define SIOCGIFCONF_GIVES_ADDR
+
+#define HAVE_GETIPNODEBYNAME 1
+#define HAVE_GETIPNODEBYADDR 1
+
+#define HAVE_KSTAT
+#define LOAD_AVG_KSTAT "system_misc"
+#define LOAD_AVG_KSTAT_MODULE "unix"
+#define LOAD_AVG_SYMBOL "avenrun_1min"
+#define LOAD_AVG_FIELD value.ui32
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+/* This is needed for some early Solaris releases, but causes trouble
+in the current ones, so it is out by default. */
+
+/* #define EXIM_SOCKLEN_T size_t */
+
+/* This is different from Linux and all other PAM implementations,
+it seems. */
+
+#define PAM_CONVERSE_ARG2_TYPE struct pam_message
+
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+#if _POSIX_C_SOURCE < 200112L
+# define MISSING_UNSETENV_3
+#endif
+
+
+/* SunOS5 doesn't accept getcwd(NULL, 0) to auto-allocate
+a buffer */
+
+#define OS_GETCWD
+
+
+#ifndef MIN
+# define MIN(a,b) (((a)<(b))?(a):(b))
+# define MAX(a,b) (((a)>(b))?(a):(b))
+#endif
+
+/* End */
diff --git a/OS/unsupported/Makefile-AIX b/OS/unsupported/Makefile-AIX
new file mode 100644
index 0000000..fc32aa2
--- /dev/null
+++ b/OS/unsupported/Makefile-AIX
@@ -0,0 +1,28 @@
+# Exim: OS-specific make file for AIX
+# Written by Nick Waterman (nick@cimio.co.uk)
+# Modified by PH following a message from Mike Meredith
+
+# Note that the output of uname -m is probably not what Philip expected,
+# so you might end up with more build-AIX-random_number directories than
+# you expected if you have too many AIX boxes, but it seems to work... I
+# blame IBM.
+
+# Note that nowadays you have to pay extra for a cc compiler with AIX!
+
+CC=gcc
+
+# This needs to be in here rather than os.h-AIX because of regexp stuff.
+# basically strchr is a #define, which means "extern char *strchr()"
+# ruins things. __STR31__ seems to get around this by magic. The AIX
+# include files are quite a confusing maze.
+# Mike M says this is not necessary any more; possibly this is related to
+# using gcc. Commented out by PH.
+#CFLAGS = -D__STR31__
+
+CFLAGS = -mcpu=power4 -maix64 -O3
+
+# Needed for vfork() and vfork() only?
+
+LIBS = -lbsd -lm
+
+# End
diff --git a/OS/unsupported/Makefile-BSDI b/OS/unsupported/Makefile-BSDI
new file mode 100644
index 0000000..d56aa9b
--- /dev/null
+++ b/OS/unsupported/Makefile-BSDI
@@ -0,0 +1,21 @@
+# Exim: OS-specific make file for BSDI aka BSD/OS. Its antique link editor
+# cannot handle the TextPop overriding.
+
+CFLAGS=-O
+CHOWN_COMMAND=/usr/sbin/chown
+
+HAVE_SA_LEN=YES
+
+X11=/usr/X11
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+LIBS_EXIMON=-lSM -lICE -lipc -lm
+EXIMON_TEXTPOP=
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/unsupported/Makefile-CYGWIN b/OS/unsupported/Makefile-CYGWIN
new file mode 100644
index 0000000..5e608fe
--- /dev/null
+++ b/OS/unsupported/Makefile-CYGWIN
@@ -0,0 +1,113 @@
+# OS-specific file for Cygwin.
+
+# This file provided by Pierre A. Humblet <Pierre.Humblet@ieee.org>
+
+HAVE_IPV6 = yes
+HAVE_ICONV = yes
+# Use c99 to have %z
+CFLAGS= -g -Wall -std=c99 -U __STRICT_ANSI__
+LIBS= -lcrypt -lresolv
+LIBS_EXIM= -liconv
+EXIWHAT_PS_ARG=-as
+EXIWHAT_KILL_SIGNAL=-USR1
+EXIWHAT_EGREP_ARG='/(EXIM|exim)[0-9. -]*$$'
+
+DBMLIB=-lgdbm
+USE_GDBM=YES
+
+# Some OS add a suffix to executables
+EXE = .exe
+
+# To add a resource file with an icon
+LIBS_EXIM +=../Local/exim_res.o
+
+# To produce a linker map
+#LIBS_EXIM+=-Wl,-Map,Exim.Map
+
+
+##################################################
+# The following is normally set in local/Makefile.
+# Makefile.cygwin provides defaults with which the
+# precompiled version is built
+##################################################
+
+BIN_DIRECTORY=/usr/bin
+CONFIGURE_FILE=/etc/exim.conf
+EXIM_USER=18 # This changes if user exim exists
+EXIM_GROUP=544 # Administrators
+SPOOL_DIRECTORY=/var/spool/exim
+LOG_FILE_PATH=/var/log/exim/exim_%s.log
+TIMEZONE_DEFAULT = ""
+
+AUTH_CRAM_MD5=yes
+AUTH_PLAINTEXT=yes
+AUTH_SPA=yes
+
+#DISABLE_TLS=yes
+TLS_LIBS=-lssl -lcrypto
+
+ROUTER_ACCEPT=yes
+ROUTER_DNSLOOKUP=yes
+ROUTER_IPLITERAL=yes
+ROUTER_MANUALROUTE=yes
+ROUTER_QUERYPROGRAM=yes
+ROUTER_REDIRECT=yes
+
+TRANSPORT_APPENDFILE=yes
+TRANSPORT_AUTOREPLY=yes
+TRANSPORT_PIPE=yes
+TRANSPORT_SMTP=yes
+
+SUPPORT_MAILDIR=yes
+SUPPORT_MAILSTORE=yes
+SUPPORT_MBX=yes
+
+LOOKUP_DBM=yes
+LOOKUP_LSEARCH=yes
+
+# LOOKUP_CDB=yes
+LOOKUP_DNSDB=yes
+LOOKUP_DSEARCH=yes
+LOOKUP_LDAP=yes
+# LOOKUP_MYSQL=yes
+# LOOKUP_NIS=yes
+# LOOKUP_NISPLUS=yes
+# LOOKUP_ORACLE=yes
+LOOKUP_PASSWD=yes
+# LOOKUP_PGSQL=yes
+# LOOKUP_WHOSON=yes
+
+LDAP_LIB_TYPE=OPENLDAP2
+LOOKUP_LIBS=-lldap -llber
+
+WITH_CONTENT_SCAN=yes
+
+# It is important to define these variables but the values are always overridden
+CONFIGURE_OWNER=18
+CONFIGURE_GROUP=544
+
+EXICYCLOG_MAX=10
+
+COMPRESS_COMMAND=/usr/bin/gzip
+COMPRESS_SUFFIX=gz
+ZCAT_COMMAND=/usr/bin/zcat
+
+# EXIM_PERL=perl.o
+
+# Comment the two lines below if you do not have PAM, e.g. from
+# ftp://ftp.uni-erlangen.de/pub/pc/gnuwin32/cygwin/porters/Humblet_Pierre_A
+SUPPORT_PAM=yes
+CFLAGS += -DINCLUDE_PAM -I ../pam -I ../../pam
+
+# All modes are in octal and must start with 0
+EXIMDB_DIRECTORY_MODE = 01777
+EXIMDB_MODE = 0666
+EXIMDB_LOCKFILE_MODE = 0666
+INPUT_DIRECTORY_MODE = 01777
+LOG_DIRECTORY_MODE = 01777
+LOG_MODE = 0666
+MSGLOG_DIRECTORY_MODE = 01777
+SPOOL_DIRECTORY_MODE = 01777
+SPOOL_MODE = 0600
+
+# End
diff --git a/OS/unsupported/Makefile-DGUX b/OS/unsupported/Makefile-DGUX
new file mode 100644
index 0000000..667c63f
--- /dev/null
+++ b/OS/unsupported/Makefile-DGUX
@@ -0,0 +1,32 @@
+# Exim: OS-specific make file for DGUX
+#
+# Written by Ken Bailey (K.Bailey@rbgkew.org.uk) Feb 1998
+# on dgux R4.11MU04 generic AViiON mc88100
+# with no X
+
+# Minor tidies to remove settings that are actually the default,
+# in line with the style of other system files - PH.
+
+BASENAME_COMMAND=/bin/basename
+CHOWN_COMMAND=/bin/chown
+CHGRP_COMMAND=/bin/chgrp
+CHMOD_COMMAND=/bin/chmod
+
+# PERL
+# Perl is not necessary for running Exim itself, but some Perl utilities
+# are provided for processing the logs. Perl 5 is assumed.
+# DG ship perl version 4.036 in /bin/perl so need to use locally installed perl
+
+PERL_COMMAND=/usr/local/bin/perl
+
+# dg's version of gcc likes O2
+
+CFLAGS=-O2
+
+RANLIB=@true
+LIBS=-lsocket -lnsl -lm
+LIBRESOLV=-lresolv
+DBMLIB=-ldbm
+
+# End
+
diff --git a/OS/unsupported/Makefile-DragonFly b/OS/unsupported/Makefile-DragonFly
new file mode 100644
index 0000000..c49c59f
--- /dev/null
+++ b/OS/unsupported/Makefile-DragonFly
@@ -0,0 +1,31 @@
+# Exim: OS-specific make file for DragonFly
+# There's no setting of CFLAGS here, to allow the system default
+# for "make" to be the default.
+
+CHOWN_COMMAND=/usr/sbin/chown
+CHMOD_COMMAND=/bin/chmod
+
+HAVE_SA_LEN=YES
+
+# crypt() is in a separate library
+LIBS=-lcrypt -lm
+
+# DragonFly always ships with Berkeley DB
+USE_DB=yes
+
+# X11 may be under /usr/pkg/xorg/ for example.
+# X11=/usr/X11R6
+X11=$(X11BASE)
+
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+XLFLAGS+=-Wl,-rpath,${X11BASE}/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD='killall -m'
+EXIWHAT_MULTIKILL_ARG='^exim($$|-[0-9.]+-[0-9]+$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/unsupported/Makefile-GNUkFreeBSD b/OS/unsupported/Makefile-GNUkFreeBSD
new file mode 100644
index 0000000..8019281
--- /dev/null
+++ b/OS/unsupported/Makefile-GNUkFreeBSD
@@ -0,0 +1,29 @@
+# Exim: OS-specific make file for GNU and variants.
+
+HAVE_ICONV=yes
+
+BASENAME_COMMAND=look_for_it
+CHOWN_COMMAND=look_for_it
+CHGRP_COMMAND=look_for_it
+CHMOD_COMMAND=look_for_it
+
+CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+
+DBMLIB = -ldb
+USE_DB = yes
+
+LIBS = -lnsl -lcrypt -lm
+LIBRESOLV = -lresolv
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD=killall
+EXIWHAT_MULTIKILL_ARG=exim4
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/unsupported/Makefile-GNUkNetBSD b/OS/unsupported/Makefile-GNUkNetBSD
new file mode 100644
index 0000000..8019281
--- /dev/null
+++ b/OS/unsupported/Makefile-GNUkNetBSD
@@ -0,0 +1,29 @@
+# Exim: OS-specific make file for GNU and variants.
+
+HAVE_ICONV=yes
+
+BASENAME_COMMAND=look_for_it
+CHOWN_COMMAND=look_for_it
+CHGRP_COMMAND=look_for_it
+CHMOD_COMMAND=look_for_it
+
+CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+
+DBMLIB = -ldb
+USE_DB = yes
+
+LIBS = -lnsl -lcrypt -lm
+LIBRESOLV = -lresolv
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD=killall
+EXIWHAT_MULTIKILL_ARG=exim4
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/unsupported/Makefile-HI-OSF b/OS/unsupported/Makefile-HI-OSF
new file mode 100644
index 0000000..da3d487
--- /dev/null
+++ b/OS/unsupported/Makefile-HI-OSF
@@ -0,0 +1,8 @@
+# Exim: OS-specific make file for HI-OSF/1-MJ and HI-UX/MPP
+
+CC=cc
+CFLAGS=-O
+RANLIB=@true
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+
+# End
diff --git a/OS/unsupported/Makefile-HI-UX b/OS/unsupported/Makefile-HI-UX
new file mode 100644
index 0000000..870ee84
--- /dev/null
+++ b/OS/unsupported/Makefile-HI-UX
@@ -0,0 +1,12 @@
+# Exim: OS-specific make file for HI-UX
+
+CC=cc -Aa -D_HIUX_SOURCE
+HAVE_SETRESUID=YES
+HAVE_SETEUID=NO
+XINCLUDE=-I/usr/include/X11R5
+XLFLAGS=-L/usr/lib/X11R5
+DBMLIB = -lndbm
+NEED_H_ERRNO=1
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-HP-UX b/OS/unsupported/Makefile-HP-UX
new file mode 100644
index 0000000..ea35144
--- /dev/null
+++ b/OS/unsupported/Makefile-HP-UX
@@ -0,0 +1,27 @@
+# Exim: OS-specific make file for HP-UX later than 9
+
+# HP ANSI C compiler
+#CC=cc
+#CFLAGS=+O2 +Onolimit -z -D_XOPEN_SOURCE_EXTENDED
+# Users of the A.06.00 compiler might need to use +O1 rather than +O2 as
+# there have been some problems reported with this compiler with +O2 set.
+
+# gcc
+CFLAGS=-O -D_XOPEN_SOURCE_EXTENDED
+LDFLAGS=-Wl,-z
+LIBS=-lm
+
+BASENAME_COMMAND=/bin/basename
+HAVE_ICONV=yes
+HAVE_SETRESUID=YES
+HAVE_SETEUID=NO
+XINCLUDE=-I/usr/include/X11R6 -I/usr/contrib/X11R6/include
+XLFLAGS=-L/usr/lib/X11R6 -L/usr/contrib/X11R6/lib
+X11_LD_LIB=/usr/contrib/X11R6/lib
+EXIMON_TEXTPOP=
+DBMLIB=-lndbm
+RANLIB=@true
+
+OS_C_INCLUDES=setenv.c
+
+# End
diff --git a/OS/unsupported/Makefile-HP-UX-9 b/OS/unsupported/Makefile-HP-UX-9
new file mode 100644
index 0000000..1530009
--- /dev/null
+++ b/OS/unsupported/Makefile-HP-UX-9
@@ -0,0 +1,15 @@
+# Exim: OS-specific make file for HP-UX 9
+
+CFLAGS=-O
+BASENAME_COMMAND=/bin/basename
+HAVE_ICONV=yes
+HAVE_SETRESUID=YES
+HAVE_SETEUID=NO
+XINCLUDE=-I/usr/include/X11R5
+XLFLAGS=-L/usr/lib/X11R5 -L/usr/contrib/X11R5/lib
+X11_LD_LIB=/usr/contrib/X11R5/lib
+EXIMON_TEXTPOP=
+DBMLIB=-lndbm
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-IRIX b/OS/unsupported/Makefile-IRIX
new file mode 100644
index 0000000..7b95783
--- /dev/null
+++ b/OS/unsupported/Makefile-IRIX
@@ -0,0 +1,12 @@
+# Exim: OS-specific make file for IRIX
+
+HAVE_ICONV=yes
+BASENAME_COMMAND=/sbin/basename
+HOSTNAME_COMMAND=/usr/bsd/hostname
+CFLAGS=-OPT:Olimit=1500
+LIBS=-lmld -lm
+XINCLUDE=-I/usr/include/X11
+vfork=fork
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-IRIX6 b/OS/unsupported/Makefile-IRIX6
new file mode 100644
index 0000000..be01138
--- /dev/null
+++ b/OS/unsupported/Makefile-IRIX6
@@ -0,0 +1,13 @@
+# Exim: OS-specific make file for IRIX6 on 64-bit systems
+
+HAVE_ICONV=yes
+HOSTNAME_COMMAND=/usr/bsd/hostname
+CFLAGS=-O2 -n32 -OPT:Olimit=4000
+LFLAGS=-n32
+LIBS=-lelf -lm
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=
+vfork=fork
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-IRIX632 b/OS/unsupported/Makefile-IRIX632
new file mode 100644
index 0000000..b567fc6
--- /dev/null
+++ b/OS/unsupported/Makefile-IRIX632
@@ -0,0 +1,16 @@
+# Exim: OS-specific make file for IRIX 6 on 32-bit systems.
+# There seems to be some variation. The commented settings show
+# some alternatives.
+
+HAVE_ICONV=yes
+HOSTNAME_COMMAND=/usr/bsd/hostname
+#CFLAGS=-OPT:Olimit=1500 -32 -mips2
+CFLAGS=-32
+LFLAGS=-32
+#LIBS=-lmld
+LIBS=-lelf -lm
+XINCLUDE=-I/usr/include/X11
+vfork=fork
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-IRIX65 b/OS/unsupported/Makefile-IRIX65
new file mode 100644
index 0000000..50e7745
--- /dev/null
+++ b/OS/unsupported/Makefile-IRIX65
@@ -0,0 +1,16 @@
+# Exim: OS-specific make file for IRIX 6.5
+
+HAVE_ICONV=yes
+HOSTNAME_COMMAND=/usr/bsd/hostname
+CC=cc
+CFLAGS=-O2 -OPT:Olimit=0
+# CFLAGS=-O2 # override with this (in your Local/Makefile) if using gcc
+LFLAGS=-Wl,-LD_MSG:off=85
+LFLAGS=
+# nlist has moved from libmld to libelf
+LIBS=-lelf -lm
+XINCLUDE=-I/usr/include/X11
+vfork=fork
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-NetBSD b/OS/unsupported/Makefile-NetBSD
new file mode 100644
index 0000000..35d03a2
--- /dev/null
+++ b/OS/unsupported/Makefile-NetBSD
@@ -0,0 +1,27 @@
+# Exim: OS-specific make file for NetBSD (ELF object format)
+
+CHOWN_COMMAND=/usr/sbin/chown
+CHMOD_COMMAND=/bin/chmod
+
+CFLAGS ?= -O2
+
+HAVE_SA_LEN=YES
+HAVE_IPV6=YES
+LIBS=-lcrypt -lm
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# NetBSD always ships with Berkeley DB
+USE_DB=yes
+
+# NetBSD ELF linker needs a -R flag.
+XLFLAGS+=-Wl,-R$(X11)/lib/
+
+# End
diff --git a/OS/unsupported/Makefile-NetBSD-a.out b/OS/unsupported/Makefile-NetBSD-a.out
new file mode 100644
index 0000000..e210efd
--- /dev/null
+++ b/OS/unsupported/Makefile-NetBSD-a.out
@@ -0,0 +1,24 @@
+# Exim: OS-specific make file for NetBSD (a.out/COFF object format)
+
+CHOWN_COMMAND=/usr/sbin/chown
+CHMOD_COMMAND=/bin/chmod
+
+CFLAGS ?= -O2
+
+HAVE_SA_LEN=YES
+HAVE_IPV6=YES
+LIBS=-lcrypt -lm
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# NetBSD always ships with Berkeley DB
+USE_DB=yes
+
+# End
diff --git a/OS/unsupported/Makefile-OSF1 b/OS/unsupported/Makefile-OSF1
new file mode 100644
index 0000000..811ca07
--- /dev/null
+++ b/OS/unsupported/Makefile-OSF1
@@ -0,0 +1,10 @@
+# Exim: OS-specific make file for OSF1
+
+CFLAGS=-O
+LIBS=-liconv -lm
+HAVE_CRYPT16=yes
+HAVE_ICONV=yes
+HOSTNAME_COMMAND=/usr/bin/hostname
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+
+# End
diff --git a/OS/unsupported/Makefile-OpenUNIX b/OS/unsupported/Makefile-OpenUNIX
new file mode 100644
index 0000000..e4d7261
--- /dev/null
+++ b/OS/unsupported/Makefile-OpenUNIX
@@ -0,0 +1,17 @@
+# Exim: OS-specific make file for OpenUNIX
+
+CC=/usr/bin/cc
+CFLAGS=-O -I/usr/local/include
+LFLAGS=-L/usr/local/lib
+
+LIBS=-lsocket -lnsl -lelf -lgen -lresolv -lm
+EXTRALIBS_EXIMON=-lICE -lSM
+
+RANLIB=@true
+ERRNO_QUOTA=0
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-QNX b/OS/unsupported/Makefile-QNX
new file mode 100644
index 0000000..3cf81c4
--- /dev/null
+++ b/OS/unsupported/Makefile-QNX
@@ -0,0 +1,30 @@
+# Exim: OS-specific makefile for QNX
+
+BASENAME_COMMAND=/bin/basename
+MAKE_SHELL=/usr/bin/bash
+
+CHOWN_COMMAND=/bin/chown
+CHGRP_COMMAND=/bin/chgrp
+CHMOD_COMMAND=/bin/chmod
+HOSTNAME_COMMAND=/bin/hostname
+MV_COMMAND=/bin/mv
+PERL_COMMAND=/usr/bin/perl
+RM_COMMAND=/bin/rm
+
+AR=ar -rc
+
+CC=cc
+CFLAGS=-Otax
+LIBIDENTCFLAGS=
+
+RANLIB=@true
+DBMLIB=-ldb
+USE_DB=yes
+LIBS=-lsocket -lm
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-SCO b/OS/unsupported/Makefile-SCO
new file mode 100644
index 0000000..baa61d8
--- /dev/null
+++ b/OS/unsupported/Makefile-SCO
@@ -0,0 +1,28 @@
+# Exim: OS-specific make file for SCO
+
+# It was reported that some versions of gcc (e.g. 2.8.1) require this to be
+# CFLAGS=-melf
+
+CFLAGS=-b elf
+
+RANLIB=@true
+DBMLIB=-lndbm
+ERRNO_QUOTA=0
+LIBS=-lsocket -lm
+HAVE_ICONV=yes
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+# Changes from Frank Bernhardt (30/09/04)
+
+BASENAME_COMMAND=/bin/basename
+CHOWN_COMMAND=/bin/chown
+CHGRP_COMMAND=/bin/chgrp
+CHMOD_COMMAND=/bin/chmod
+HOSTNAME_COMMAND=/usr/bin/hostname
+TOUCH_COMMAND=/bin/touch
+
+# End
diff --git a/OS/unsupported/Makefile-SCO_SV b/OS/unsupported/Makefile-SCO_SV
new file mode 100644
index 0000000..249b81a
--- /dev/null
+++ b/OS/unsupported/Makefile-SCO_SV
@@ -0,0 +1,34 @@
+# Exim: OS-specific make file for SCO_SV release 5 (tested on 5.0.5 & 5.0.5)
+# (see the UNIX_SV files for SCO 4.2)
+# Supplied by: Tony Earnshaw <tonye@ilion.nl>
+
+# Note that 'gcc -melf -m486' applies to gcc 2.7.2 and higher;
+# 2.7.1 and SCO's SDK need '-belf'.
+
+# Removed -lwrap (PH 27/7/00) because not all systems have it
+
+CFLAGS=-melf -O3 -m486
+LFLAGS=-L/lib -L/usr/lib -L/usr/local/lib
+LIBS=-ltinfo -lsocket -lm
+
+HAVE_ICONV=yes
+
+RANLIB=@true
+DBMLIB=-lndbm
+ERRNO_QUOTA=0
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+# Changes from Frank Bernhardt (30/9/04)
+
+BASENAME_COMMAND=/bin/basename
+CHOWN_COMMAND=/bin/chown
+CHGRP_COMMAND=/bin/chgrp
+CHMOD_COMMAND=/bin/chmod
+HOSTNAME_COMMAND=/usr/bin/hostname
+TOUCH_COMMAND=/bin/touch
+
+# End
diff --git a/OS/unsupported/Makefile-SunOS4 b/OS/unsupported/Makefile-SunOS4
new file mode 100644
index 0000000..c876998
--- /dev/null
+++ b/OS/unsupported/Makefile-SunOS4
@@ -0,0 +1,16 @@
+# Exim: OS-specific make file for SunOS4
+
+CFLAGS=-O
+
+CHOWN_COMMAND=/usr/etc/chown
+HOSTNAME_COMMAND=/usr/bin/hostname
+EXIT_FAILURE=1
+EXIT_SUCCESS=0
+LIBRESOLV=-lresolv
+XINCLUDE=-I/usr/include/X11
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-30
+
+# End
diff --git a/OS/unsupported/Makefile-SunOS5-hal b/OS/unsupported/Makefile-SunOS5-hal
new file mode 100644
index 0000000..05ea893
--- /dev/null
+++ b/OS/unsupported/Makefile-SunOS5-hal
@@ -0,0 +1,18 @@
+# Exim: OS-specific make file for SunOS5 on a HAL
+
+# Note: The HAL runs a standard SunOS5 except that it has a 64 bit C
+# compiler called hcc. To make things work pass the -KV7 flag to force
+# 32bit compilation - this is necessary to interwork with some libraries.
+
+CC=hcc
+CFLAGS=-O -KV7
+LIBIDENTCFLAGS="-KV7 -O -DHAVE_ANSIHEADERS"
+LIBIDENTNAME=sunos5
+RANLIB=@true
+LIBS=-lsocket -lnsl -lkstat -lm
+LIBRESOLV=-lresolv
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib -R$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-ULTRIX b/OS/unsupported/Makefile-ULTRIX
new file mode 100644
index 0000000..9e912b3
--- /dev/null
+++ b/OS/unsupported/Makefile-ULTRIX
@@ -0,0 +1,18 @@
+# Exim: OS-specific make file for Ultrix
+
+MAKE_SHELL=/usr/bin/sh5
+
+CFLAGS=-O
+
+# This can either be /usr/include/X11 or /usr/include/mit depending on
+# the particular version of ULTRIX.
+
+XINCLUDE=-I/usr/include/X11 -I/usr/include/mit
+
+DBMLIB=-lgdbm
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/unsupported/Makefile-UNIX_SV b/OS/unsupported/Makefile-UNIX_SV
new file mode 100644
index 0000000..bfcfae1
--- /dev/null
+++ b/OS/unsupported/Makefile-UNIX_SV
@@ -0,0 +1,24 @@
+# Exim: OS-specific make file for SCO SVR4.2MP (and maybe Unixware)
+#
+# *** Note that for SCO 5 the configuration file is called SCO_SV,
+# *** and that Unixware7 has its own configuration. This is an old
+# *** file that is retained for compatibility.
+#
+# Note that SCO does not include dbm/ndbm with their standard compiler
+# (it is available with /usr/ucb/cc, but that has bugs of its own). You
+# should install gcc and gdbm, then execute 'make install-compat' in the
+# gdbm source directory.
+
+CC=gcc -I/usr/local/include
+CFLAGS=-O
+
+RANLIB=@true
+DBMLIB=-lgdbm -L/usr/local/lib
+ERRNO_QUOTA=0
+LIBS=-lsocket -lelf -lgen -lnsl -lresolv -lm
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-USG b/OS/unsupported/Makefile-USG
new file mode 100644
index 0000000..753a2d7
--- /dev/null
+++ b/OS/unsupported/Makefile-USG
@@ -0,0 +1,33 @@
+# Exim: OS-specific make file for Unixware 2.x
+#
+# Note that Unixware does not include db/dbm/ndbm with their standard compiler
+# (it is available with /usr/ucb/cc, but that has bugs of its own). You
+# should install gcc and Berkeley DB (or another dbm library if you really
+# insist). If you use a different dbm library you will need to override
+# DBMLIB below.
+#
+# DB 1.85 and 2.x can be found at http://www.sleepycat.com/.
+# They have different characteristics. See the discussion of dbm libraries
+# in doc/dbm.discuss.txt in the Exim distribution.
+#
+# DB needs to be compiled with gcc and you need a 'cc' in your path
+# before the Unixware CC to compile it.
+#
+# Don't bother even starting to install exim on Unixware unless
+# you have installed gcc and use it for everything.
+
+CC=gcc -I/usr/local/include
+CFLAGS=-O
+
+RANLIB=@true
+DBMLIB=-ldb -L/usr/local/lib
+USE_DB=YES
+ERRNO_QUOTA=0
+LIBS=-lsocket -lelf -lgen -lnsl -lresolv -lm
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-Unixware7 b/OS/unsupported/Makefile-Unixware7
new file mode 100644
index 0000000..88a8838
--- /dev/null
+++ b/OS/unsupported/Makefile-Unixware7
@@ -0,0 +1,32 @@
+# Exim: OS-specific make file for Unixware7
+# Based on information from James FitzGibbon <james@ehlo.com>
+
+# If you want to use libbind, you need to
+# add -I/usr/local/bind/include to CFLAGS
+# add -L/usr/local/bind/lib to LFLAGS
+# remove -lresolv from LIBS
+# add LOOKUP_LIBS=-lbind
+# The new settings should go in your Local/Makefile rather than here; then
+# they will be usable for subsequent Exim releases.
+
+CC=/usr/bin/cc
+CFLAGS=-O -I/usr/local/include
+LFLAGS=-L/usr/local/lib
+
+HAVE_ICONV=yes
+
+LIBS=-lsocket -lnsl -lelf -lgen -lresolv -lm
+
+# Removed on the advice of Larry Rosenman
+# EXTRALIBS=-lwrap
+
+EXTRALIBS_EXIMON=-lICE -lSM
+
+RANLIB=@true
+ERRNO_QUOTA=0
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-mips b/OS/unsupported/Makefile-mips
new file mode 100644
index 0000000..ff33139
--- /dev/null
+++ b/OS/unsupported/Makefile-mips
@@ -0,0 +1,16 @@
+# Exim: OS-specific make file for RiscOS4bsd
+
+HOSTNAME_COMMAND=/usr/ucb/hostname
+EXIT_FAILURE=1
+EXIT_SUCCESS=0
+LIBRESOLV=-lresolv
+LIBS=-liberty -lm
+XINCLUDE=-I/usr/X11R6/include
+
+CFLAGS=-O
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-30
+
+# End
diff --git a/OS/unsupported/README b/OS/unsupported/README
new file mode 100644
index 0000000..73790ae
--- /dev/null
+++ b/OS/unsupported/README
@@ -0,0 +1,14 @@
+Files in this directory are historical. They may have worked once but the
+project has no assurance that they still do.
+
+If you need to use one for a build for your platform, copy it up one directory
+level first. We'll reinstate it given a current version and evidence of testing.
+For the latter please look into the project regression testsuite, and please
+consider operating a buildfarm animal in the long term (it runs the testsuite).
+
+The buildfarm status page is:
+ https://buildfarm.exim.org/cgi-bin/show_status.pl
+There's a "register" link there with a link to how-to instructions. Please do
+monitor the status of your animal on an ongoing basis. The exim-users or
+exim-dev mailinglist are good places to ask for help and to discuss any regressions
+seen in test runs. There is also the #exim IRC channel on Freenode.
diff --git a/OS/unsupported/os.c-BSDI b/OS/unsupported/os.c-BSDI
new file mode 100644
index 0000000..03a7a1c
--- /dev/null
+++ b/OS/unsupported/os.c-BSDI
@@ -0,0 +1,19 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) 2016 Heiko Schlittermann <hs@schlittermann.de> */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* BSDI-specific code. This is concatenated onto the generic
+src/os.c file. */
+
+#ifndef OS_UNSETENV
+#define OS_UNSETENV
+
+int
+os_unsetenv(const uschar * name)
+{
+unsetenv(CS name);
+return 0;
+}
diff --git a/OS/unsupported/os.c-HI-OSF b/OS/unsupported/os.c-HI-OSF
new file mode 100644
index 0000000..5e3d336
--- /dev/null
+++ b/OS/unsupported/os.c-HI-OSF
@@ -0,0 +1,35 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* HI-OSF-specific code. This is concatenated onto the generic
+src/os.c file. OSF has an apparently unique way of getting the
+load average, so we provide a unique function here, and define
+OS_LOAD_AVERAGE to stop src/os.c trying to provide the function. */
+
+#ifndef OS_LOAD_AVERAGE
+#define OS_LOAD_AVERAGE
+
+#include <sys/table.h>
+
+int
+os_getloadavg(void)
+{
+double avg;
+struct tbl_loadavg load_avg;
+
+table (TBL_LOADAVG, 0, &load_avg, 1, sizeof (load_avg));
+
+avg = (load_avg.tl_lscale == 0)?
+ load_avg.tl_avenrun.d[0] :
+ (load_avg.tl_avenrun.l[0] / (double)load_avg.tl_lscale);
+
+return (int)(avg * 1000.0);
+}
+
+#endif /* OS_LOAD_AVERAGE */
+
+/* End of os.c-HI-OSF */
diff --git a/OS/unsupported/os.c-HP-UX b/OS/unsupported/os.c-HP-UX
new file mode 100644
index 0000000..fdd8708
--- /dev/null
+++ b/OS/unsupported/os.c-HP-UX
@@ -0,0 +1,16 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2016 */
+/* Copyright (c) Jeremy Harris 2016 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* HP-UX-specific code. This is concatenated onto the generic
+src/os.c file. */
+
+#ifndef COMPILE_UTILITY
+# include "setenv.c"
+#endif
+
+/* End of os.c-SunHP-UX */
diff --git a/OS/unsupported/os.c-IRIX b/OS/unsupported/os.c-IRIX
new file mode 100644
index 0000000..c1539cb
--- /dev/null
+++ b/OS/unsupported/os.c-IRIX
@@ -0,0 +1,118 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Irix-specific code. This is concatenated onto the generic src/os.c file.
+Irix has a unique way of finding all the network interfaces, so we provide a
+unique function here, and define FIND_RUNNING_INTERFACES to stop src/os.c
+trying to provide the function. The macro may be set initially anyway, when
+compiling os. for utilities that don't want this function. */
+
+#ifndef FIND_RUNNING_INTERFACES
+#define FIND_RUNNING_INTERFACES
+
+/* This is the special form of the function using sysctl() which is the only
+form that returns all the aliases on IRIX systems. This code has its origins
+in a sample program that came from within SGI. */
+
+#include <sys/sysctl.h>
+#include <net/if_dl.h>
+#include <net/if_types.h>
+#include <net/soioctl.h>
+#include <net/route.h>
+
+#define ROUNDUP(a) ((a) > 0 ? (1 + (((a) - 1) | (sizeof(__uint64_t) -1))) \
+ : sizeof(__uint64_t))
+#ifdef _HAVE_SA_LEN
+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
+#else
+#define ADVANCE(x, n) (x += ROUNDUP(_FAKE_SA_LEN_DST(n)))
+#endif
+
+
+ip_address_item *
+os_find_running_interfaces(void)
+{
+ip_address_item *yield = NULL;
+ip_address_item *last = NULL;
+ip_address_item *next;
+
+size_t needed;
+int mib[6];
+char *buf, *nextaddr, *lim;
+register struct if_msghdr *ifm;
+
+mib[0] = CTL_NET;
+mib[1] = PF_ROUTE;
+mib[2] = 0;
+mib[3] = 0;
+mib[4] = NET_RT_IFLIST;
+mib[5] = 0;
+
+/* Get an estimate of the amount of store needed, then get the store and
+get the data into it. Any error causes a panic death. */
+
+if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
+ log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
+ strerror(errno));
+
+buf = store_get(needed, FALSE);
+
+if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
+ log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",
+ strerror(errno));
+
+/* Now fish out the data for each interface */
+
+lim = buf + needed;
+for (nextaddr = buf; nextaddr < lim; nextaddr += ifm->ifm_msglen)
+ {
+ ifm = (struct if_msghdr *)nextaddr;
+
+ if (ifm->ifm_type != RTM_IFINFO)
+ {
+ struct ifa_msghdr *ifam = (struct ifa_msghdr *)ifm;
+ struct sockaddr_in *mask = NULL, *addr = NULL;
+
+ if ((ifam->ifam_addrs & RTA_NETMASK) != 0)
+ mask = (struct sockaddr_in *)(ifam + 1);
+
+ if ((ifam->ifam_addrs & RTA_IFA) != 0)
+ {
+ char *cp = CS mask;
+ struct sockaddr *sa = (struct sockaddr *)mask;
+ ADVANCE(cp, sa);
+ addr = (struct sockaddr_in *)cp;
+ }
+
+ /* Create a data block for the address, fill in the data, and put it on
+ the chain. This data has to survive for ever, so use malloc. */
+
+ if (addr != NULL)
+ {
+ next = store_malloc(sizeof(ip_address_item));
+ next->next = NULL;
+ next->port = 0;
+ (void)host_ntoa(-1, addr, next->address, NULL);
+
+ if (yield == NULL) yield = last = next; else
+ {
+ last->next = next;
+ last = next;
+ }
+
+ DEBUG(D_interface) debug_printf("Actual local interface address is %s\n",
+ last->address);
+ }
+ }
+ }
+
+return yield;
+}
+
+#endif /* FIND_RUNNING_INTERFACES */
+
+/* End of os.c-IRIX */
diff --git a/OS/unsupported/os.c-IRIX6 b/OS/unsupported/os.c-IRIX6
new file mode 100644
index 0000000..c1539cb
--- /dev/null
+++ b/OS/unsupported/os.c-IRIX6
@@ -0,0 +1,118 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Irix-specific code. This is concatenated onto the generic src/os.c file.
+Irix has a unique way of finding all the network interfaces, so we provide a
+unique function here, and define FIND_RUNNING_INTERFACES to stop src/os.c
+trying to provide the function. The macro may be set initially anyway, when
+compiling os. for utilities that don't want this function. */
+
+#ifndef FIND_RUNNING_INTERFACES
+#define FIND_RUNNING_INTERFACES
+
+/* This is the special form of the function using sysctl() which is the only
+form that returns all the aliases on IRIX systems. This code has its origins
+in a sample program that came from within SGI. */
+
+#include <sys/sysctl.h>
+#include <net/if_dl.h>
+#include <net/if_types.h>
+#include <net/soioctl.h>
+#include <net/route.h>
+
+#define ROUNDUP(a) ((a) > 0 ? (1 + (((a) - 1) | (sizeof(__uint64_t) -1))) \
+ : sizeof(__uint64_t))
+#ifdef _HAVE_SA_LEN
+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
+#else
+#define ADVANCE(x, n) (x += ROUNDUP(_FAKE_SA_LEN_DST(n)))
+#endif
+
+
+ip_address_item *
+os_find_running_interfaces(void)
+{
+ip_address_item *yield = NULL;
+ip_address_item *last = NULL;
+ip_address_item *next;
+
+size_t needed;
+int mib[6];
+char *buf, *nextaddr, *lim;
+register struct if_msghdr *ifm;
+
+mib[0] = CTL_NET;
+mib[1] = PF_ROUTE;
+mib[2] = 0;
+mib[3] = 0;
+mib[4] = NET_RT_IFLIST;
+mib[5] = 0;
+
+/* Get an estimate of the amount of store needed, then get the store and
+get the data into it. Any error causes a panic death. */
+
+if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
+ log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
+ strerror(errno));
+
+buf = store_get(needed, FALSE);
+
+if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
+ log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",
+ strerror(errno));
+
+/* Now fish out the data for each interface */
+
+lim = buf + needed;
+for (nextaddr = buf; nextaddr < lim; nextaddr += ifm->ifm_msglen)
+ {
+ ifm = (struct if_msghdr *)nextaddr;
+
+ if (ifm->ifm_type != RTM_IFINFO)
+ {
+ struct ifa_msghdr *ifam = (struct ifa_msghdr *)ifm;
+ struct sockaddr_in *mask = NULL, *addr = NULL;
+
+ if ((ifam->ifam_addrs & RTA_NETMASK) != 0)
+ mask = (struct sockaddr_in *)(ifam + 1);
+
+ if ((ifam->ifam_addrs & RTA_IFA) != 0)
+ {
+ char *cp = CS mask;
+ struct sockaddr *sa = (struct sockaddr *)mask;
+ ADVANCE(cp, sa);
+ addr = (struct sockaddr_in *)cp;
+ }
+
+ /* Create a data block for the address, fill in the data, and put it on
+ the chain. This data has to survive for ever, so use malloc. */
+
+ if (addr != NULL)
+ {
+ next = store_malloc(sizeof(ip_address_item));
+ next->next = NULL;
+ next->port = 0;
+ (void)host_ntoa(-1, addr, next->address, NULL);
+
+ if (yield == NULL) yield = last = next; else
+ {
+ last->next = next;
+ last = next;
+ }
+
+ DEBUG(D_interface) debug_printf("Actual local interface address is %s\n",
+ last->address);
+ }
+ }
+ }
+
+return yield;
+}
+
+#endif /* FIND_RUNNING_INTERFACES */
+
+/* End of os.c-IRIX */
diff --git a/OS/unsupported/os.c-IRIX632 b/OS/unsupported/os.c-IRIX632
new file mode 100644
index 0000000..c1539cb
--- /dev/null
+++ b/OS/unsupported/os.c-IRIX632
@@ -0,0 +1,118 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Irix-specific code. This is concatenated onto the generic src/os.c file.
+Irix has a unique way of finding all the network interfaces, so we provide a
+unique function here, and define FIND_RUNNING_INTERFACES to stop src/os.c
+trying to provide the function. The macro may be set initially anyway, when
+compiling os. for utilities that don't want this function. */
+
+#ifndef FIND_RUNNING_INTERFACES
+#define FIND_RUNNING_INTERFACES
+
+/* This is the special form of the function using sysctl() which is the only
+form that returns all the aliases on IRIX systems. This code has its origins
+in a sample program that came from within SGI. */
+
+#include <sys/sysctl.h>
+#include <net/if_dl.h>
+#include <net/if_types.h>
+#include <net/soioctl.h>
+#include <net/route.h>
+
+#define ROUNDUP(a) ((a) > 0 ? (1 + (((a) - 1) | (sizeof(__uint64_t) -1))) \
+ : sizeof(__uint64_t))
+#ifdef _HAVE_SA_LEN
+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
+#else
+#define ADVANCE(x, n) (x += ROUNDUP(_FAKE_SA_LEN_DST(n)))
+#endif
+
+
+ip_address_item *
+os_find_running_interfaces(void)
+{
+ip_address_item *yield = NULL;
+ip_address_item *last = NULL;
+ip_address_item *next;
+
+size_t needed;
+int mib[6];
+char *buf, *nextaddr, *lim;
+register struct if_msghdr *ifm;
+
+mib[0] = CTL_NET;
+mib[1] = PF_ROUTE;
+mib[2] = 0;
+mib[3] = 0;
+mib[4] = NET_RT_IFLIST;
+mib[5] = 0;
+
+/* Get an estimate of the amount of store needed, then get the store and
+get the data into it. Any error causes a panic death. */
+
+if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
+ log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
+ strerror(errno));
+
+buf = store_get(needed, FALSE);
+
+if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
+ log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",
+ strerror(errno));
+
+/* Now fish out the data for each interface */
+
+lim = buf + needed;
+for (nextaddr = buf; nextaddr < lim; nextaddr += ifm->ifm_msglen)
+ {
+ ifm = (struct if_msghdr *)nextaddr;
+
+ if (ifm->ifm_type != RTM_IFINFO)
+ {
+ struct ifa_msghdr *ifam = (struct ifa_msghdr *)ifm;
+ struct sockaddr_in *mask = NULL, *addr = NULL;
+
+ if ((ifam->ifam_addrs & RTA_NETMASK) != 0)
+ mask = (struct sockaddr_in *)(ifam + 1);
+
+ if ((ifam->ifam_addrs & RTA_IFA) != 0)
+ {
+ char *cp = CS mask;
+ struct sockaddr *sa = (struct sockaddr *)mask;
+ ADVANCE(cp, sa);
+ addr = (struct sockaddr_in *)cp;
+ }
+
+ /* Create a data block for the address, fill in the data, and put it on
+ the chain. This data has to survive for ever, so use malloc. */
+
+ if (addr != NULL)
+ {
+ next = store_malloc(sizeof(ip_address_item));
+ next->next = NULL;
+ next->port = 0;
+ (void)host_ntoa(-1, addr, next->address, NULL);
+
+ if (yield == NULL) yield = last = next; else
+ {
+ last->next = next;
+ last = next;
+ }
+
+ DEBUG(D_interface) debug_printf("Actual local interface address is %s\n",
+ last->address);
+ }
+ }
+ }
+
+return yield;
+}
+
+#endif /* FIND_RUNNING_INTERFACES */
+
+/* End of os.c-IRIX */
diff --git a/OS/unsupported/os.c-IRIX65 b/OS/unsupported/os.c-IRIX65
new file mode 100644
index 0000000..c1539cb
--- /dev/null
+++ b/OS/unsupported/os.c-IRIX65
@@ -0,0 +1,118 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Irix-specific code. This is concatenated onto the generic src/os.c file.
+Irix has a unique way of finding all the network interfaces, so we provide a
+unique function here, and define FIND_RUNNING_INTERFACES to stop src/os.c
+trying to provide the function. The macro may be set initially anyway, when
+compiling os. for utilities that don't want this function. */
+
+#ifndef FIND_RUNNING_INTERFACES
+#define FIND_RUNNING_INTERFACES
+
+/* This is the special form of the function using sysctl() which is the only
+form that returns all the aliases on IRIX systems. This code has its origins
+in a sample program that came from within SGI. */
+
+#include <sys/sysctl.h>
+#include <net/if_dl.h>
+#include <net/if_types.h>
+#include <net/soioctl.h>
+#include <net/route.h>
+
+#define ROUNDUP(a) ((a) > 0 ? (1 + (((a) - 1) | (sizeof(__uint64_t) -1))) \
+ : sizeof(__uint64_t))
+#ifdef _HAVE_SA_LEN
+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
+#else
+#define ADVANCE(x, n) (x += ROUNDUP(_FAKE_SA_LEN_DST(n)))
+#endif
+
+
+ip_address_item *
+os_find_running_interfaces(void)
+{
+ip_address_item *yield = NULL;
+ip_address_item *last = NULL;
+ip_address_item *next;
+
+size_t needed;
+int mib[6];
+char *buf, *nextaddr, *lim;
+register struct if_msghdr *ifm;
+
+mib[0] = CTL_NET;
+mib[1] = PF_ROUTE;
+mib[2] = 0;
+mib[3] = 0;
+mib[4] = NET_RT_IFLIST;
+mib[5] = 0;
+
+/* Get an estimate of the amount of store needed, then get the store and
+get the data into it. Any error causes a panic death. */
+
+if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
+ log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
+ strerror(errno));
+
+buf = store_get(needed, FALSE);
+
+if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
+ log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",
+ strerror(errno));
+
+/* Now fish out the data for each interface */
+
+lim = buf + needed;
+for (nextaddr = buf; nextaddr < lim; nextaddr += ifm->ifm_msglen)
+ {
+ ifm = (struct if_msghdr *)nextaddr;
+
+ if (ifm->ifm_type != RTM_IFINFO)
+ {
+ struct ifa_msghdr *ifam = (struct ifa_msghdr *)ifm;
+ struct sockaddr_in *mask = NULL, *addr = NULL;
+
+ if ((ifam->ifam_addrs & RTA_NETMASK) != 0)
+ mask = (struct sockaddr_in *)(ifam + 1);
+
+ if ((ifam->ifam_addrs & RTA_IFA) != 0)
+ {
+ char *cp = CS mask;
+ struct sockaddr *sa = (struct sockaddr *)mask;
+ ADVANCE(cp, sa);
+ addr = (struct sockaddr_in *)cp;
+ }
+
+ /* Create a data block for the address, fill in the data, and put it on
+ the chain. This data has to survive for ever, so use malloc. */
+
+ if (addr != NULL)
+ {
+ next = store_malloc(sizeof(ip_address_item));
+ next->next = NULL;
+ next->port = 0;
+ (void)host_ntoa(-1, addr, next->address, NULL);
+
+ if (yield == NULL) yield = last = next; else
+ {
+ last->next = next;
+ last = next;
+ }
+
+ DEBUG(D_interface) debug_printf("Actual local interface address is %s\n",
+ last->address);
+ }
+ }
+ }
+
+return yield;
+}
+
+#endif /* FIND_RUNNING_INTERFACES */
+
+/* End of os.c-IRIX */
diff --git a/OS/unsupported/os.c-OSF1 b/OS/unsupported/os.c-OSF1
new file mode 100644
index 0000000..ad91b63
--- /dev/null
+++ b/OS/unsupported/os.c-OSF1
@@ -0,0 +1,36 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* OSF1-specific code. This is concatenated onto the generic src/os.c file.
+OSF1 has an apparently unique way of getting the load average, so we provide a
+unique function here, and define OS_LOAD_AVERAGE to stop src/os.c trying to
+provide the function. The macro may be set initially anyway, when compiling os.
+for utilities that don't want this function. */
+
+#ifndef OS_LOAD_AVERAGE
+#define OS_LOAD_AVERAGE
+
+#include <sys/table.h>
+
+int
+os_getloadavg(void)
+{
+double avg;
+struct tbl_loadavg load_avg;
+
+table (TBL_LOADAVG, 0, &load_avg, 1, sizeof (load_avg));
+
+avg = (load_avg.tl_lscale == 0)?
+ load_avg.tl_avenrun.d[0] :
+ (load_avg.tl_avenrun.l[0] / (double)load_avg.tl_lscale);
+
+return (int)(avg * 1000.0);
+}
+
+#endif /* OS_LOAD_AVERAGE */
+
+/* End of os.c-OSF1 */
diff --git a/OS/unsupported/os.c-cygwin b/OS/unsupported/os.c-cygwin
new file mode 100644
index 0000000..5ca05a8
--- /dev/null
+++ b/OS/unsupported/os.c-cygwin
@@ -0,0 +1,531 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Cygwin-specific code. December 2002. Updated Jan 2015.
+ This is prefixed to the src/os.c file.
+
+ This code was supplied by Pierre A. Humblet <Pierre.Humblet@ieee.org>
+*/
+
+/* We need a special mkdir that
+ allows names starting with // */
+#undef mkdir
+int cygwin_mkdir( const char *path, mode_t mode )
+{
+ const char * p = path;
+ if (*p == '/') while(*(p+1) == '/') p++;
+ return mkdir(p, mode);
+}
+
+#ifndef COMPILE_UTILITY /* Utilities don't need special code */
+
+#ifdef INCLUDE_PAM
+#include "../pam/pam.c"
+#endif
+#include <alloca.h>
+
+unsigned int cygwin_WinVersion;
+
+/* Conflict between Windows definitions and others */
+#ifdef NOERROR
+#undef NOERROR
+#endif
+#ifdef DELETE
+#undef DELETE
+#endif
+
+#include <windows.h>
+#include <ntstatus.h>
+#include <lmcons.h>
+
+#define EqualLuid(Luid1, Luid2) \
+ ((Luid1.LowPart == Luid2.LowPart) && (Luid1.HighPart == Luid2.HighPart))
+#include <sys/cygwin.h>
+
+/* Special static variables */
+static BOOL cygwin_debug = FALSE;
+static int fakesetugid = 1; /* when not privileged, setugid = noop */
+
+#undef setuid
+int cygwin_setuid(uid_t uid )
+{
+ int res = 0;
+ if (fakesetugid == 0) {
+ res = setuid(uid);
+ if (cygwin_debug)
+ fprintf(stderr, "setuid %u %u %d pid: %d\n",
+ uid, getuid(),res, getpid());
+ }
+ return res;
+}
+
+#undef setgid
+int cygwin_setgid(gid_t gid )
+{
+ int res = 0;
+ if (fakesetugid == 0) {
+ res = setgid(gid);
+ if (cygwin_debug)
+ fprintf(stderr, "setgid %u %u %d pid: %d\n",
+ gid, getgid(), res, getpid());
+ }
+ return res;
+}
+
+/* Background processes run at lower priority */
+static void cygwin_setpriority()
+{
+ if (!SetPriorityClass(GetCurrentProcess(), BELOW_NORMAL_PRIORITY_CLASS))
+ SetPriorityClass(GetCurrentProcess(), IDLE_PRIORITY_CLASS);
+ return;
+}
+
+
+/* GetVersion()
+ MSB: 1 for 95/98/ME; Next 7: build number, except for 95/98/ME
+ Next byte: 0
+ Next byte: minor version of OS
+ Low byte: major version of OS (3 or 4 for for NT, 5 for 2000 and XP) */
+//#define VERSION_IS_58M(x) (x & 0x80000000) /* 95, 98, Me */
+//#define VERSION_IS_NT(x) ((x & 0XFF) < 5) /* NT 4 or 3.51 */
+
+/*
+ Routine to find if process or thread is privileged
+*/
+
+enum {
+ CREATE_BIT = 1,
+};
+
+static DWORD get_privileges ()
+{
+ char buffer[1024];
+ DWORD i, length;
+ HANDLE hToken = NULL;
+ PTOKEN_PRIVILEGES privs;
+ LUID cluid, rluid;
+ DWORD ret = 0;
+
+ privs = (PTOKEN_PRIVILEGES) buffer;
+
+ if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken)
+ && LookupPrivilegeValue (NULL, SE_CREATE_TOKEN_NAME, &cluid)
+ && LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &rluid)
+ && (GetTokenInformation( hToken, TokenPrivileges,
+ privs, sizeof (buffer), &length)
+ || (GetLastError () == ERROR_INSUFFICIENT_BUFFER
+ && (privs = (PTOKEN_PRIVILEGES) alloca (length))
+ && GetTokenInformation(hToken, TokenPrivileges,
+ privs, length, &length)))) {
+ for (i = 0; i < privs->PrivilegeCount; i++) {
+ if (EqualLuid(privs->Privileges[i].Luid, cluid))
+ ret |= CREATE_BIT;
+ if (ret == (CREATE_BIT))
+ break;
+ }
+ }
+ else
+ fprintf(stderr, "has_create_token_privilege %u\n", GetLastError());
+
+ if (hToken)
+ CloseHandle(hToken);
+
+ return ret;
+}
+
+/*
+ We use cygwin_premain to fake a few things
+ and to provide some debug info
+*/
+void cygwin_premain2(int argc, char ** argv, struct per_process * ptr)
+{
+ int i, res, is_daemon = 0, is_spoolwritable, is_privileged, is_eximuser;
+ uid_t myuid, systemuid;
+ gid_t mygid, adminsgid;
+ struct passwd * pwp = NULL;
+ struct stat buf;
+ char *cygenv;
+ SID(1, SystemSid, SECURITY_LOCAL_SYSTEM_RID);
+ SID(2, AdminsSid, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS);
+ DWORD priv_flags;
+
+ myuid = getuid();
+ mygid = getgid();
+ cygwin_WinVersion = GetVersion();
+ if ((cygenv = getenv("CYGWIN")) == NULL) cygenv = "";
+ /* Produce some debugging on stderr,
+ cannot yet use exim's debug functions.
+ Exim does not use -c and ignores -n.
+ Set lower priority for daemons */
+ for (i = 1; i < argc; i++) {
+ if (argv[i][0] == '-') {
+ if (argv[i][1] == 'c') {
+ ssize_t size;
+ wchar_t *win32_path;
+ argv[i][1] = 'n'; /* Replace -c by -n */
+ cygwin_debug = TRUE;
+ fprintf(stderr, "CYGWIN = \"%s\".\n", cygenv);
+ if (((size = cygwin_conv_path(CCP_POSIX_TO_WIN_W,"/", win32_path, 0)) > 0)
+ && ((win32_path = store_malloc(size)) != NULL)
+ && (cygwin_conv_path(CCP_POSIX_TO_WIN_W,"/", win32_path, size) == 0)) {
+ fprintf(stderr, " Root / mapped to %ls.\n", win32_path);
+ store_free(win32_path);
+ }
+ }
+ else if (argv[i][1] == 'b' && argv[i][2] == 'd') {
+ is_daemon = 1;
+ cygwin_setpriority();
+ }
+ }
+ }
+
+ /* Nt/2000/XP
+ We initially set the exim uid & gid to those of the "exim user",
+ or to the root uid (SYSTEM) and exim gid (ADMINS),
+ If privileged, we setuid to those.
+ We always set the configure uid to the system uid.
+ We always set the root uid to the real uid
+ to allow exim imposed restrictions (bypassable by recompiling)
+ and to avoid exec that cause loss of privilege
+ If not privileged and unable to chown,
+ we set the exim uid to our uid.
+ If unprivileged and /var/spool/exim is writable and not running as listening daemon,
+ we fake all subsequent setuid. */
+
+ /* Get the system and admins uid from their sids */
+ if ((systemuid = cygwin_internal(CW_GET_UID_FROM_SID, & SystemSid)) == -1) {
+ fprintf(stderr, "Cannot map System sid. Aborting\n");
+ exit(1);
+ }
+ if ((adminsgid = cygwin_internal(CW_GET_GID_FROM_SID, & AdminsSid)) == -1) {
+ fprintf(stderr, "Cannot map Admins sid. Aborting\n");
+ exit(1);
+ }
+
+ priv_flags = get_privileges ();
+ is_privileged = !!(priv_flags & CREATE_BIT);
+
+ /* Call getpwnam for account exim after getting the local exim name */
+ char exim_username[DNLEN + UNLEN + 2];
+ if (cygwin_internal(CW_CYGNAME_FROM_WINNAME, "exim", exim_username, sizeof exim_username) != 0)
+ pwp = getpwnam (exim_username);
+
+ /* If cannot setuid to exim or and is not the daemon (which is assumed to be
+ able to chown or to be the exim user) set the exim ugid to our ugid to avoid
+ chown failures after creating files and to be able to setuid to exim in
+ exim.c ( "privilege not needed" ). */
+ if ((is_privileged == 0) && (!is_daemon)) {
+ exim_uid = myuid;
+ exim_gid = mygid;
+ }
+ else if (pwp != NULL) {
+ exim_uid = pwp->pw_uid; /* Set it according to passwd */
+ exim_gid = pwp->pw_gid;
+ is_eximuser = 1;
+ }
+ else {
+ exim_uid = systemuid;
+ exim_gid = adminsgid;
+ is_eximuser = 0;
+ }
+
+ res = stat("/var/spool/exim", &buf);
+ /* Check if writable (and can be stat) */
+ is_spoolwritable = ((res == 0) && ((buf.st_mode & S_IWOTH) != 0));
+
+ fakesetugid = (is_privileged == 0) && (is_daemon == 0) && (is_spoolwritable == 1);
+
+ if (is_privileged) { /* Can setuid */
+ if (cygwin_setgid(exim_gid) /* Setuid to exim */
+ || cygwin_setuid(exim_uid)) {
+ fprintf(stderr, "Unable to setuid/gid to exim. priv_flags: %x\n", priv_flags);
+ exit(0); /* Problem... Perhaps not in 544 */
+ }
+ }
+
+ /* Set the configuration file uid and gid to the system uid and admins gid. */
+ config_uid = systemuid;
+ config_gid = adminsgid;
+
+ /* Pretend we are root to avoid useless exec
+ and avoid exim set limitations.
+ We are limited by file access rights */
+ root_uid = getuid ();
+
+ if (cygwin_debug) {
+ fprintf(stderr, "Starting uid %u, gid %u, priv_flags %x, is_privileged %d, is_daemon %d, is_spoolwritable %d.\n",
+ myuid, mygid, priv_flags, is_privileged, is_daemon, is_spoolwritable);
+ fprintf(stderr, "root_uid %u, exim_uid %u, exim_gid %u, config_uid %u, config_gid %u, is_eximuser %d.\n",
+ root_uid, exim_uid, exim_gid, config_uid, config_gid, is_eximuser);
+ }
+ return;
+}
+
+#ifndef OS_LOAD_AVERAGE /* Can be set on command line */
+#define OS_LOAD_AVERAGE /* src/os.c need not provide it */
+
+/*****************************************************************
+ Functions for average load measurements
+
+ Uses NtQuerySystemInformation.
+ This requires definitions that are not part of
+ standard include files.
+
+ This is discouraged starting with WinXP.
+
+*************************************************************/
+/* Structure to compute the load average efficiently */
+typedef struct {
+ DWORD Lock;
+ unsigned long long Time100ns; /* Last measurement time */
+ unsigned long long IdleCount; /* Latest cumulative idle time */
+ unsigned long long LastCounter; /* Last measurement counter */
+ unsigned long long PerfFreq; /* Perf counter frequency */
+ int LastLoad; /* Last reported load, or -1 */
+} cygwin_perf_t;
+
+static struct {
+ HANDLE handle;
+ pid_t pid;
+ cygwin_perf_t *perf;
+} cygwin_load = {NULL, 0, NULL};
+
+#include <ntdef.h>
+
+typedef enum _SYSTEM_INFORMATION_CLASS
+{
+ SystemBasicInformation = 0,
+ SystemPerformanceInformation = 2,
+ SystemTimeOfDayInformation = 3,
+ SystemProcessesAndThreadsInformation = 5,
+ SystemProcessorTimes = 8,
+ SystemPagefileInformation = 18,
+ /* There are a lot more of these... */
+} SYSTEM_INFORMATION_CLASS;
+
+typedef struct _SYSTEM_BASIC_INFORMATION
+{
+ ULONG Unknown;
+ ULONG MaximumIncrement;
+ ULONG PhysicalPageSize;
+ ULONG NumberOfPhysicalPages;
+ ULONG LowestPhysicalPage;
+ ULONG HighestPhysicalPage;
+ ULONG AllocationGranularity;
+ ULONG LowestUserAddress;
+ ULONG HighestUserAddress;
+ ULONG ActiveProcessors;
+ UCHAR NumberProcessors;
+} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
+
+typedef struct __attribute__ ((aligned (8))) _SYSTEM_PROCESSOR_TIMES
+{
+ LARGE_INTEGER IdleTime;
+ LARGE_INTEGER KernelTime;
+ LARGE_INTEGER UserTime;
+ LARGE_INTEGER DpcTime;
+ LARGE_INTEGER InterruptTime;
+ ULONG InterruptCount;
+} SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
+
+typedef NTSTATUS NTAPI (*NtQuerySystemInformation_t) (SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
+typedef ULONG NTAPI (*RtlNtStatusToDosError_t) (NTSTATUS);
+
+static NtQuerySystemInformation_t NtQuerySystemInformation;
+static RtlNtStatusToDosError_t RtlNtStatusToDosError;
+
+/*****************************************************************
+ *
+ LoadNtdll()
+ Load special functions from the NTDLL
+ Return TRUE if success.
+
+ *****************************************************************/
+
+static BOOL LoadNtdll()
+{
+ HINSTANCE hinstLib;
+
+ if ((hinstLib = LoadLibrary("NTDLL.DLL"))
+ && (NtQuerySystemInformation =
+ (NtQuerySystemInformation_t) GetProcAddress(hinstLib,
+ "NtQuerySystemInformation"))
+ && (RtlNtStatusToDosError =
+ (RtlNtStatusToDosError_t) GetProcAddress(hinstLib,
+ "RtlNtStatusToDosError")))
+ return TRUE;
+
+ DEBUG(D_load)
+ debug_printf("perf: load: %u (Windows)\n", GetLastError());
+ return FALSE;
+}
+/*****************************************************************
+ *
+ ReadStat()
+ Measures current Time100ns and IdleCount
+ Return TRUE if success.
+
+ *****************************************************************/
+
+static BOOL ReadStat(unsigned long long int *Time100nsPtr,
+ unsigned long long int *IdleCountPtr)
+{
+ NTSTATUS ret;
+ SYSTEM_BASIC_INFORMATION sbi;
+ PSYSTEM_PROCESSOR_TIMES spt;
+
+ *Time100nsPtr = *IdleCountPtr = 0;
+
+ if ((ret = NtQuerySystemInformation(SystemBasicInformation,
+ (PVOID) &sbi, sizeof sbi, NULL))
+ != STATUS_SUCCESS) {
+ DEBUG(D_load)
+ debug_printf("Perf: NtQuerySystemInformation: %u (Windows)\n",
+ RtlNtStatusToDosError(ret));
+ }
+ else if (!(spt = (PSYSTEM_PROCESSOR_TIMES) alloca(sizeof(spt[0]) * sbi.NumberProcessors))) {
+ DEBUG(D_load)
+ debug_printf("Perf: alloca: errno %d (%s)\n", errno, strerror(errno));
+ }
+ else if ((ret = NtQuerySystemInformation(SystemProcessorTimes, (PVOID) spt,
+ sizeof spt[0] * sbi.NumberProcessors, NULL))
+ != STATUS_SUCCESS) {
+ DEBUG(D_load)
+ debug_printf("Perf: NtQuerySystemInformation: %u (Windows)\n",
+ RtlNtStatusToDosError(ret));
+ }
+ else {
+ int i;
+ for (i = 0; i < sbi.NumberProcessors; i++) {
+ *Time100nsPtr += spt[i].KernelTime.QuadPart;;
+ *Time100nsPtr += spt[i].UserTime.QuadPart;
+ *IdleCountPtr += spt[i].IdleTime.QuadPart;
+ }
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/*****************************************************************
+ *
+ InitLoadAvg()
+ Initialize the cygwin_load.perf structure.
+ and set cygwin_load.perf->Flag to TRUE if successful.
+ This is called the first time os_getloadavg is called
+ *****************************************************************/
+static void InitLoadAvg(cygwin_perf_t *this)
+{
+ BOOL success = TRUE;
+
+ /* Get perf frequency and counter */
+ QueryPerformanceFrequency((LARGE_INTEGER *)& this->PerfFreq);
+ QueryPerformanceCounter((LARGE_INTEGER *)& this->LastCounter);
+
+ /* Get initial values for Time100ns and IdleCount */
+ success = success
+ && ReadStat( & this->Time100ns,
+ & this->IdleCount);
+ /* If success, set the Load to 0, else to -1 */
+ if (success) this->LastLoad = 0;
+ else {
+ log_write(0, LOG_MAIN, "Cannot obtain Load Average");
+ this->LastLoad = -1;
+ }
+}
+
+
+/*****************************************************************
+ *
+ os_getloadavg()
+
+ Return -1 if not available;
+ Return the previous value if less than AVERAGING sec old.
+ else return the processor load on a [0 - 1000] scale.
+
+ The first time we are called we initialize the counts
+ and return 0 or -1.
+ The initial load cannot be measured as we use the processor 100%
+*****************************************************************/
+static SECURITY_ATTRIBUTES sa = {sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};
+#define AVERAGING 10
+
+int os_getloadavg()
+{
+ unsigned long long Time100ns, IdleCount, CurrCounter;
+ int value;
+ pid_t newpid;
+
+ /* New process.
+ Reload the dlls and the file mapping */
+ if ((newpid = getpid()) != cygwin_load.pid) {
+ BOOL new;
+ cygwin_load.pid = newpid;
+
+ if (!LoadNtdll()) {
+ log_write(0, LOG_MAIN, "Cannot obtain Load Average");
+ cygwin_load.perf = NULL;
+ return -1;
+ }
+
+ if ((new = !cygwin_load.handle)) {
+ cygwin_load.handle = CreateFileMapping (INVALID_HANDLE_VALUE, &sa, PAGE_READWRITE,
+ 0, sizeof(cygwin_perf_t), NULL);
+ DEBUG(D_load)
+ debug_printf("Perf: CreateFileMapping: handle %p\n", (void *) cygwin_load.handle);
+ }
+ cygwin_load.perf = (cygwin_perf_t *) MapViewOfFile (cygwin_load.handle,
+ FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
+ DEBUG(D_load)
+ debug_printf("Perf: MapViewOfFile: addr %p\n", (void *) cygwin_load.perf);
+ if (new && cygwin_load.perf)
+ InitLoadAvg(cygwin_load.perf);
+ }
+
+ /* Check if initialized OK */
+ if (!cygwin_load.perf || cygwin_load.perf->LastLoad < 0)
+ return -1;
+
+ /* If we cannot get the lock, we return 0.
+ This is to prevent any lock-up possibility.
+ Finding a lock busy is unlikely, and giving up only
+ results in an immediate delivery .*/
+
+ if (InterlockedCompareExchange(&cygwin_load.perf->Lock, 1, 0)) {
+ DEBUG(D_load)
+ debug_printf("Perf: Lock busy\n");
+ return 0;
+ }
+
+ /* Get the current time (PerfCounter) */
+ QueryPerformanceCounter((LARGE_INTEGER *)& CurrCounter);
+ /* Calls closer than AVERAGING sec apart use the previous value */
+ if (CurrCounter - cygwin_load.perf->LastCounter >
+ AVERAGING * cygwin_load.perf->PerfFreq) {
+ /* Get Time100ns and IdleCount */
+ if (ReadStat( & Time100ns, & IdleCount)) { /* Success */
+ /* Return processor load on 1000 scale */
+ value = 1000 - ((1000 * (IdleCount - cygwin_load.perf->IdleCount)) /
+ (Time100ns - cygwin_load.perf->Time100ns));
+ cygwin_load.perf->Time100ns = Time100ns;
+ cygwin_load.perf->IdleCount = IdleCount;
+ cygwin_load.perf->LastCounter = CurrCounter;
+ cygwin_load.perf->LastLoad = value;
+ DEBUG(D_load)
+ debug_printf("Perf: New load average %d\n", value);
+ }
+ else { /* Something bad happened.
+ Refuse to measure the load anymore
+ but don't bother releasing the buffer */
+ log_write(0, LOG_MAIN, "Cannot obtain Load Average");
+ cygwin_load.perf->LastLoad = -1;
+ }
+ }
+ else
+ DEBUG(D_load)
+ debug_printf("Perf: Old load average %d\n", cygwin_load.perf->LastLoad);
+ cygwin_load.perf->Lock = 0;
+ return cygwin_load.perf->LastLoad;
+}
+#endif /* OS_LOAD_AVERAGE */
+#endif /* COMPILE_UTILITY */
diff --git a/OS/unsupported/os.h-AIX b/OS/unsupported/os.h-AIX
new file mode 100644
index 0000000..5cd4501
--- /dev/null
+++ b/OS/unsupported/os.h-AIX
@@ -0,0 +1,27 @@
+/* Exim: OS-specific C header file for AIX */
+/* Written by Nick Waterman <nick@cimio.co.uk> */
+/* Modified by Philip Hazel with data from
+ Niels Provos <provos@wserver.physnet.uni-hamburg.de>
+ Juozas Simkevicius <juozas@omnitel.net> for load averages
+*/
+
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/unix"
+#define LOAD_AVG_TYPE int
+#define FSCALE 65536.0
+
+#define HAVE_SYS_VFS_H
+#define HAVE_SYS_STATFS_H
+
+/* Now tell AIX to emulate BSD as badly as it can. */
+
+#define _BSD 44
+
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+
+/* End */
diff --git a/OS/unsupported/os.h-BSDI b/OS/unsupported/os.h-BSDI
new file mode 100644
index 0000000..a1705ec
--- /dev/null
+++ b/OS/unsupported/os.h-BSDI
@@ -0,0 +1,15 @@
+/* Exim: OS-specific C header file for BSDI */
+
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_SETCLASSRESOURCES
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+#define OS_UNSETENV
+
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-DGUX b/OS/unsupported/os.h-DGUX
new file mode 100644
index 0000000..9040f0e
--- /dev/null
+++ b/OS/unsupported/os.h-DGUX
@@ -0,0 +1,28 @@
+/* Exim: OS-specific C header file for DGUX */
+
+/* Written by Ken Bailey (K.Bailey@rbgkew.org.uk) Feb 1998 */
+/* on dgux R4.11MU04 generic AViiON mc88100 */
+/* Modified Dec 1998 by PH after message from Ken. */
+
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL f_favail
+
+#define NO_SYSEXITS /* DGUX doesn't ship sysexits.h */
+#define NO_IP_VAR_H /* DGUX has no netinet/ip_var.h */
+
+#define os_strsignal dg_strsignal
+#define OS_STRSIGNAL
+
+#define HAVE_MMAP
+
+/* The definition of ipoptions in netinet/in.h (masquerading as ip_opts) used
+in smtp_in.c is for Intel DG _IX86_ABI only. You may be able to get this to
+work on Intel DG but it's certainly easier to skip it on M88k. This means we
+forego the detection of some source-routing based IP attacks. */
+
+#define NO_IP_OPTIONS
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-DragonFly b/OS/unsupported/os.h-DragonFly
new file mode 100644
index 0000000..4c2f1d5
--- /dev/null
+++ b/OS/unsupported/os.h-DragonFly
@@ -0,0 +1,13 @@
+/* Exim: OS-specific C header file for DragonFly */
+
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-GNUkFreeBSD b/OS/unsupported/os.h-GNUkFreeBSD
new file mode 100644
index 0000000..ab35031
--- /dev/null
+++ b/OS/unsupported/os.h-GNUkFreeBSD
@@ -0,0 +1,25 @@
+/* Exim: OS-specific C header file for GNU/kFreeBSD */
+
+#define CRYPT_H
+#define GLIBC_IP_OPTIONS
+#define HAVE_MMAP
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_SYS_VFS_H
+#define NO_IP_VAR_H
+#define SIG_IGN_WORKS
+
+#define F_FREESP O_TRUNC
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+/* kFreeBSD-specific bits below */
+
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-GNUkNetBSD b/OS/unsupported/os.h-GNUkNetBSD
new file mode 100644
index 0000000..bc3bc25
--- /dev/null
+++ b/OS/unsupported/os.h-GNUkNetBSD
@@ -0,0 +1,25 @@
+/* Exim: OS-specific C header file for GNU/kNetBSD */
+
+#define CRYPT_H
+#define GLIBC_IP_OPTIONS
+#define HAVE_MMAP
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_SYS_VFS_H
+#define NO_IP_VAR_H
+#define SIG_IGN_WORKS
+
+#define F_FREESP O_TRUNC
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+/* kNetBSD-specific bits below */
+
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-HI-OSF b/OS/unsupported/os.h-HI-OSF
new file mode 100644
index 0000000..0f50fb6
--- /dev/null
+++ b/OS/unsupported/os.h-HI-OSF
@@ -0,0 +1,12 @@
+/* Exim: OS-specific C header file for HI-OSF/1-MJ and HI-UX/MPP */
+
+#define HAVE_SYS_MOUNT_H
+
+typedef struct flock flock_t;
+#define F_FREESP O_TRUNC
+#define DN_EXPAND_ARG4_TYPE u_char *
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-HI-UX b/OS/unsupported/os.h-HI-UX
new file mode 100644
index 0000000..f3df963
--- /dev/null
+++ b/OS/unsupported/os.h-HI-UX
@@ -0,0 +1,21 @@
+/* Exim: OS-specific C header file for HI-UX */
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE double
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/HI-UX"
+#define FSCALE 1.0
+
+#define HAVE_SYS_VFS_H
+
+#define SELECT_ARG2_TYPE int
+#define F_FREESP O_TRUNC
+#define NEED_H_ERRNO 1
+
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-HP-UX b/OS/unsupported/os.h-HP-UX
new file mode 100644
index 0000000..4998734
--- /dev/null
+++ b/OS/unsupported/os.h-HP-UX
@@ -0,0 +1,34 @@
+/* Exim: OS-specific C header file for HP-UX versions greater than 9 */
+
+#define EXIM_SOCKLEN_T size_t
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE double
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/stand/vmunix"
+#define FSCALE 1.0
+
+#define HAVE_SYS_STATVFS_H
+
+#define F_FREESP O_TRUNC
+#define NEED_H_ERRNO 1
+
+typedef struct flock flock_t;
+
+typedef struct __res_state *res_state;
+
+#define LLONG_MIN LONG_LONG_MIN
+#define LLONG_MAX LONG_LONG_MAX
+
+#define strtoll(a,b,c) strtoimax(a,b,c)
+
+/* Determined by sockaddr_un */
+
+struct sockaddr_storage
+{
+ short ss_family;
+ char __ss_padding[92];
+};
+
+/* End */
diff --git a/OS/unsupported/os.h-HP-UX-9 b/OS/unsupported/os.h-HP-UX-9
new file mode 100644
index 0000000..5a260d6
--- /dev/null
+++ b/OS/unsupported/os.h-HP-UX-9
@@ -0,0 +1,23 @@
+/* Exim: OS-specific C header file for HP-UX version 9 */
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE double
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/hp-ux"
+#define FSCALE 1.0
+
+#define HAVE_SYS_VFS_H
+
+#define SELECT_ARG2_TYPE int
+#define F_FREESP O_TRUNC
+#define NEED_H_ERRNO 1
+
+#define killpg(pgid,sig) kill(-(pgid),sig)
+
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-IRIX b/OS/unsupported/os.h-IRIX
new file mode 100644
index 0000000..1d4bf46
--- /dev/null
+++ b/OS/unsupported/os.h-IRIX
@@ -0,0 +1,17 @@
+/* Exim: OS-specific C header file for IRIX */
+
+#define DN_EXPAND_ARG4_TYPE u_char *
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE long
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/unix"
+#define FSCALE 1000.0
+
+#define HAVE_MMAP
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL f_favail
+#define vfork fork
+
+/* End */
diff --git a/OS/unsupported/os.h-IRIX6 b/OS/unsupported/os.h-IRIX6
new file mode 100644
index 0000000..bf30767
--- /dev/null
+++ b/OS/unsupported/os.h-IRIX6
@@ -0,0 +1,16 @@
+/* Exim: OS-specific C header file for IRIX */
+
+#define CRYPT_H
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE long
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/unix"
+#define FSCALE 1000.0
+
+#define HAVE_MMAP
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL f_favail
+#define vfork fork
+
+/* End */
diff --git a/OS/unsupported/os.h-IRIX632 b/OS/unsupported/os.h-IRIX632
new file mode 100644
index 0000000..90f1c58
--- /dev/null
+++ b/OS/unsupported/os.h-IRIX632
@@ -0,0 +1,18 @@
+/* Exim: OS-specific C header file for IRIX */
+
+#define CRYPT_H
+#define DN_EXPAND_ARG4_TYPE u_char *
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE long
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/unix"
+#define FSCALE 1000.0
+
+#define HAVE_MMAP
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL f_favail
+#define vfork fork
+
+/* End */
diff --git a/OS/unsupported/os.h-IRIX65 b/OS/unsupported/os.h-IRIX65
new file mode 100644
index 0000000..4b248fe
--- /dev/null
+++ b/OS/unsupported/os.h-IRIX65
@@ -0,0 +1,16 @@
+/* Exim: OS-specific C header file for IRIX 6.5 */
+
+#define CRYPT_H
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE long
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/unix"
+#define FSCALE 1000.0
+
+#define HAVE_MMAP
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL f_favail
+#define vfork fork
+
+/* End */
diff --git a/OS/unsupported/os.h-NetBSD b/OS/unsupported/os.h-NetBSD
new file mode 100644
index 0000000..d2d3e0d
--- /dev/null
+++ b/OS/unsupported/os.h-NetBSD
@@ -0,0 +1,28 @@
+/* Exim: OS-specific C header file for NetBSD */
+
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_GETIFADDRS
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+#define HAVE_ARC4RANDOM
+
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+#define os_get_dns_resolver_res __res_get_state
+#define os_put_dns_resolver_res(RP) __res_put_state(RP)
+#define OS_GET_DNS_RESOLVER_RES
+
+#include <sys/param.h>
+
+#if __NetBSD_Version__ >= 299000900
+#define HAVE_SYS_STATVFS_H
+#endif
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-NetBSD-a.out b/OS/unsupported/os.h-NetBSD-a.out
new file mode 100644
index 0000000..29a8fee
--- /dev/null
+++ b/OS/unsupported/os.h-NetBSD-a.out
@@ -0,0 +1,5 @@
+/* Exim: OS-specific C header file for NetBSD (a.out binary format) */
+
+#include "../OS/os.h-NetBSD" /* Same as for ELF format */
+
+/* End */
diff --git a/OS/unsupported/os.h-OSF1 b/OS/unsupported/os.h-OSF1
new file mode 100644
index 0000000..6b5fa49
--- /dev/null
+++ b/OS/unsupported/os.h-OSF1
@@ -0,0 +1,16 @@
+/* Exim: OS-specific C header file for OSF1 */
+
+#define HAVE_SYS_MOUNT_H
+#define HAVE_GETIPNODEBYNAME 1
+
+typedef struct flock flock_t;
+#define F_FREESP O_TRUNC
+
+/* This was here for some time, but it seems that now (June 2005) things have
+changed. */
+/* #define EXIM_SOCKLEN_T size_t */
+
+/* Still not "socklen_t", which is the most common setting */
+#define EXIM_SOCKLEN_T int
+
+/* End */
diff --git a/OS/unsupported/os.h-OpenUNIX b/OS/unsupported/os.h-OpenUNIX
new file mode 100644
index 0000000..67d1063
--- /dev/null
+++ b/OS/unsupported/os.h-OpenUNIX
@@ -0,0 +1,19 @@
+/* Exim: OS-specific C header file for OpenUNIX */
+
+#define NO_SYSEXITS
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/stand/unix"
+#define FSCALE 256
+
+#define HAVE_SYS_STATVFS_H
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-QNX b/OS/unsupported/os.h-QNX
new file mode 100644
index 0000000..798f799
--- /dev/null
+++ b/OS/unsupported/os.h-QNX
@@ -0,0 +1,24 @@
+/* Exim: OS-specific C header file for QNX */
+/* Modified for QNX 6.2.0 with diffs from Samuli Tuomola. */
+
+#include <sys/select.h>
+
+/* This include is wrapped in an ifdef so as to be skipped for QNXRTP, which
+doesn't have/need this header file. From Karsten P. Hoffmann. */
+
+#ifdef __QNX__
+#include <unix.h>
+#endif
+
+#undef HAVE_STATFS
+#undef HAVE_VFS_H
+#undef HAVE_SYS_MOUNT_H
+
+#define NO_SYSEXITS
+
+extern int h_errno;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-SCO b/OS/unsupported/os.h-SCO
new file mode 100644
index 0000000..e5e915e
--- /dev/null
+++ b/OS/unsupported/os.h-SCO
@@ -0,0 +1,21 @@
+/* Exim: OS-specific C header file for SCO */
+
+#define DN_EXPAND_ARG4_TYPE u_char *
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/unix"
+#define FSCALE 256
+#define EXIM_SOCKLEN_T int
+
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL f_favail
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-SCO_SV b/OS/unsupported/os.h-SCO_SV
new file mode 100644
index 0000000..0ca29f7
--- /dev/null
+++ b/OS/unsupported/os.h-SCO_SV
@@ -0,0 +1,19 @@
+/* Exim: OS-specific C header file for SCO_SV */
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/unix"
+#define FSCALE 256
+#define EXIM_SOCKLEN_T int
+
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL f_favail
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-SunOS4 b/OS/unsupported/os.h-SunOS4
new file mode 100644
index 0000000..6555620
--- /dev/null
+++ b/OS/unsupported/os.h-SunOS4
@@ -0,0 +1,39 @@
+/* Exim: OS-specific C header file for SunOS4 */
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE long
+#define LOAD_AVG_SYMBOL "_avenrun"
+#define KERNEL_PATH "/vmunix"
+
+#define HAVE_MMAP
+#define HAVE_SYS_VFS_H
+
+#define F_FREESP O_TRUNC
+#define EXIT_FAILURE 1
+#define EXIT_SUCCESS 0
+typedef struct flock flock_t;
+
+#define STRERROR_FROM_ERRLIST
+#define memmove(a, b, c) bcopy(b, a, c)
+#define strtoul(str, ptr, base) ((unsigned int)strtol((str),(ptr),(base)))
+
+extern char *strerror(int);
+extern int sys_nerr;
+extern char *sys_errlist[];
+
+/* In ANSI C strtod() is defined in stdlib.h, but in SunOS4 it is defined in
+floatingpoint.h which is called from math.h, which Exim doesn't include. */
+
+extern double strtod(const char *, char **);
+
+/* SunOS4 seems to define getc, ungetc, feof and ferror as macros only, not
+as functions. We need to have them as assignable functions. Setting this
+flag causes this to get done in exim.h. */
+
+#define FUDGE_GETC_AND_FRIENDS
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-SunOS5-hal b/OS/unsupported/os.h-SunOS5-hal
new file mode 100644
index 0000000..cd9e877
--- /dev/null
+++ b/OS/unsupported/os.h-SunOS5-hal
@@ -0,0 +1,14 @@
+/* Exim: OS-specific C header file for SunOS5 on HAL */
+
+#define HAVE_MMAP
+
+#define HAVE_KSTAT
+#define LOAD_AVG_KSTAT "system_misc"
+#define LOAD_AVG_KSTAT_MODULE "unix"
+#define LOAD_AVG_SYMBOL "avenrun_1min"
+#define LOAD_AVG_FIELD value.ul
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-ULTRIX b/OS/unsupported/os.h-ULTRIX
new file mode 100644
index 0000000..08db5ae
--- /dev/null
+++ b/OS/unsupported/os.h-ULTRIX
@@ -0,0 +1,18 @@
+/* Exim: OS-specific C header file for Ultrix */
+
+/* Well, it *does* have statfs(), but its structure is called something
+different, all the members have different names, and the function returns
+1 on success rather than 0. As this is for a minority function, and I think
+a minority operating system, easiest just to say "no" until someone asks. */
+
+#undef HAVE_STATFS
+
+#define F_FREESP O_TRUNC
+#define NEED_H_ERRNO
+#define NO_OPENLOG
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-UNIX_SV b/OS/unsupported/os.h-UNIX_SV
new file mode 100644
index 0000000..4943a07
--- /dev/null
+++ b/OS/unsupported/os.h-UNIX_SV
@@ -0,0 +1,25 @@
+/* Exim: OS-specific C header file for SCO SVR4.2 (and maybe Unixware) */
+
+/**
+*** Note that for SCO 5 the configuration file is called SCO_SV,
+*** and that Unixware7 has its own configuration. This is an old
+*** file that is retained for compatibility.
+**/
+
+#define NO_SYSEXITS
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/stand/unix"
+#define FSCALE 256
+
+#define HAVE_SYS_STATVFS_H
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-USG b/OS/unsupported/os.h-USG
new file mode 100644
index 0000000..e769220
--- /dev/null
+++ b/OS/unsupported/os.h-USG
@@ -0,0 +1,19 @@
+/* Exim: OS-specific C header file for Unixware 2.x */
+
+#define NO_SYSEXITS
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/stand/unix"
+#define FSCALE 256
+
+#define HAVE_SYS_STATVFS_H
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-Unixware7 b/OS/unsupported/os.h-Unixware7
new file mode 100644
index 0000000..4d3ed42
--- /dev/null
+++ b/OS/unsupported/os.h-Unixware7
@@ -0,0 +1,18 @@
+/* Exim: OS-specific C header file for Unixware 7 */
+
+#define NO_SYSEXITS
+
+#define EXIM_SOCKLEN_T size_t
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH "/stand/unix"
+#define FSCALE 256
+
+#define HAVE_SYS_STATVFS_H
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* End */
diff --git a/OS/unsupported/os.h-cygwin b/OS/unsupported/os.h-cygwin
new file mode 100644
index 0000000..6ef59e0
--- /dev/null
+++ b/OS/unsupported/os.h-cygwin
@@ -0,0 +1,41 @@
+/* Exim: OS-specific C header file for Cygwin */
+
+/* This code was supplied by Pierre A. Humblet <Pierre.Humblet@ieee.org>
+ December 2002. Updated Jan 2015. */
+
+/* Redefine the set*id calls to run when faking root */
+#include <unistd.h> /* Do not redefine in unitsd.h */
+int cygwin_setuid(uid_t uid );
+int cygwin_setgid(gid_t gid );
+#define setuid cygwin_setuid
+#define setgid cygwin_setgid
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+#define BASE_62 36 /* Windows aliases lower and upper cases in filenames.
+ Consider reducing MAX_LOCALHOST_NUMBER */
+#define CRYPT_H
+#define HAVE_MMAP
+#define HAVE_SYS_VFS_H
+#define NO_IP_VAR_H
+#define NO_IP_OPTIONS
+/* Defining LOAD_AVG_NEEDS_ROOT causes an initial
+ call to os_getloadavg. In our case this is beneficial
+ because it initializes the counts */
+#define LOAD_AVG_NEEDS_ROOT
+
+typedef struct flock flock_t;
+
+/* Macro to define variable length SID structures */
+#define SID(n, name, sid...) \
+struct { \
+ BYTE Revision; \
+ BYTE SubAuthorityCount; \
+ SID_IDENTIFIER_AUTHORITY IdentifierAuthority; \
+ DWORD SubAuthority[n]; \
+} name = { SID_REVISION, n, {SECURITY_NT_AUTHORITY}, {sid}}
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-mips b/OS/unsupported/os.h-mips
new file mode 100644
index 0000000..325e3a1
--- /dev/null
+++ b/OS/unsupported/os.h-mips
@@ -0,0 +1,27 @@
+/* Exim: OS-specific C header file for RiscOS4bsd */
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE long
+#define LOAD_AVG_SYMBOL "_avenrun"
+#define KERNEL_PATH "/unix"
+
+#define HAVE_MMAP
+#define HAVE_SYS_VFS_H
+
+#define F_FREESP O_TRUNC
+#define EXIT_FAILURE 1
+#define EXIT_SUCCESS 0
+typedef struct flock flock_t;
+
+#define STRERROR_FROM_ERRLIST
+#define memmove(a, b, c) bcopy(b, a, c)
+
+extern char *strerror(int);
+extern int sys_nerr;
+extern char *sys_errlist[];
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/README b/README
new file mode 100644
index 0000000..d9379f7
--- /dev/null
+++ b/README
@@ -0,0 +1,350 @@
+THE EXIM MAIL TRANSFER AGENT VERSION 4
+--------------------------------------
+
+Copyright (c) 1995 - 2018 University of Cambridge.
+See the file NOTICE for conditions of use and distribution.
+
+There is a book about Exim by Philip Hazel called "The Exim SMTP Mail Server",
+published by UIT Cambridge in May 2003. This is the official guide for Exim 4.
+The current edition covers release 4.10 and a few later extensions.
+
+The O'Reilly book about Exim ("Exim The Mail Transfer Agent" by Philip Hazel)
+covers Exim 3, which is now deprecated. Exim 4 has a large number of changes
+from Exim 3, though the basic structure and philosophy remains the same. The
+older book may be helpful for the background, but a lot of the detail has
+changed, so it is likely to be confusing to newcomers.
+
+There is a website at https://www.exim.org; this contains details of the
+mailing list exim-users@exim.org.
+
+A copy of the Exim FAQ should be available from the same source that you used
+to obtain the Exim distribution. Additional formats for the documentation
+(PostScript, PDF, Texinfo, and HTML) should also be available there.
+
+
+EXIM DISTRIBUTION
+-----------------
+
+Unpacking the tar file should produce a single directory called exim-<version>,
+containing the following files and directories:
+
+ACKNOWLEDGMENTS some acknowledgments
+CHANGES a conventional file name; it indirects to some files in doc/
+LICENCE the GNU General Public Licence
+Local/ an empty directory for local configuration files
+Makefile top level Makefile
+NOTICE notice about conditions of use
+OS/ directory containing OS-specific files
+README this file
+README.UPDATING special notes about updating from previous versions
+doc/ directory of documentation files
+exim_monitor/ directory of source files for the Exim monitor
+scripts/ directory of scripts used in the build process
+src/ directory of source files
+util/ directory of independent utilities
+
+Please see the documentation files for full instructions on how to build,
+install, and run Exim. For straightforward installations on operating systems
+to which Exim has already been ported, the building process is as follows:
+
+. Ensure that the top-level Exim directory (e.g. exim-4.80) is the current
+ directory (containing the files and directories listed above).
+
+. Edit the file called src/EDITME and put the result in a new file called
+ Local/Makefile. There are comments in src/EDITME telling you what the various
+ parameters are. You must at least provide values for BIN_DIRECTORY,
+ CONFIGURE_FILE, EXIM_USER and EXIM_GROUP (if EXIM_USER is numeric), and it is
+ recommended that SPOOL_DIRECTORY also be defined here if it is a fixed path.
+
+. There are a number of additional parameters whose defaults can also be
+ overridden by additions to Local/Makefile. The basic defaults are in
+ OS/Makefile-Default, but these settings are overridden for some operating
+ systems by values on OS/Makefile-<osname>. The most commonly-required change
+ is probably the setting of CC, which defines the command to run the C
+ compiler, and which defaults to gcc. To change it to cc, add the following
+ line to Local/Makefile:
+
+ CC=cc
+
+ If you are running the Berkeley DB package as your dbm library, then it is
+ worth putting USE_DB=yes in Local/Makefile, to get Exim to use the native
+ interface. This is the default for some operating systems. See
+ doc/dbm.discuss.txt for discussion on dbm libraries.
+
+. If you want to compile the Exim monitor, edit the file called
+ exim_monitor/EDITME and put the result in a file called Local/eximon.conf.
+ If you are not going to compile the Exim monitor, you should have commented
+ out the line starting EXIM_MONITOR= when creating Local/Makefile. There are
+ comments in exim_monitor/EDITME about the values set therein, but in this
+ case everything can be defaulted if you wish.
+
+. If your system is not POSIX compliant by default, then you might experience
+ fewer problems if you help point the build tools to the POSIX variants. For
+ instance, on Solaris:
+
+ PATH=/usr/xpg4/bin:$PATH make SHELL=/usr/xpg4/bin/sh
+
+. Type "make". This will determine what your machine's architecture and
+ operating system are, and create a build directory from those names (e.g.
+ "build-SunOS5-sparc"). Symbolic links are created from the build directory
+ to the source directory. A configured make file called <build-dir>/makefile
+ is then created, and "make" then goes on to use this to build various
+ binaries and scripts inside the build directory.
+
+. Type "make install", while running as root, to install the binaries,
+ scripts, and a default configuration file. To see what this command is
+ going to do before risking it, run "../scripts/exim_install -n" (not as
+ root) from within the build directory.
+
+. When you are ready to try running Exim, see the section entitled "Testing"
+ in the chapter called "Building and Installing Exim" in doc/spec.txt, or in
+ one of the other forms of the documentation.
+
+. Running the install script does NOT replace /usr/sbin/sendmail or
+ /usr/lib/sendmail with a link to Exim. That step you must perform by hand
+ when you are satisfied that Exim is running correctly.
+
+. Note that the default configuration refers to an alias file called
+ /etc/aliases. It used to be the case that every Unix had that file, because
+ it was the Sendmail default. These days, there are systems that don't have
+ /etc/aliases, so you might need to set it up. Your aliases should at least
+ include an alias for "postmaster".
+
+. Consider notifying users of the change of MTA. Exim has different
+ capabilities, and there are various operational differences, such as stricter
+ adherence to the RFCs than some MTAs, and differences in the text of
+ messages produced by various command-line options.
+
+. The default configuration file will use your host's fully qualified name (as
+ obtained from the uname() function) as the only local mail domain and as the
+ domain which is used to qualify unqualified local mail addresses. See the
+ comments in the default configuration file if you want to change these.
+
+The operating systems currently supported are: AIX, BSD/OS (aka BSDI), Darwin
+(Mac OS X), DGUX, FreeBSD, GNU/Hurd, GNU/Linux, HI-OSF (Hitachi), HP-UX, IRIX,
+MIPS RISCOS, NetBSD, OpenBSD, QNX, SCO, SCO SVR4.2 (aka UNIX-SV), Solaris (aka
+SunOS5), SunOS4, Tru64-Unix (formerly Digital Unix, formerly DEC-OSF1), Ultrix,
+and Unixware. However, code is not available for determining system load
+averages on Ultrix. There are also configuration files for compiling Exim in
+the Cygwin environment that can be installed on systems running Windows.
+However, the documentation supplied with the distribution does not contain any
+information about running Exim in the Cygwin environment.
+
+
+******* Modifying the building process ******
+
+Instructions for overriding the build-time options for Exim are given in the
+manual. You should never have to modify any of the supplied files; it should be
+possible to override everything that is necessary by creating suitable files in
+the Local directory. This means that you won't need to redo your modifications
+for the next release of Exim. If you find you can't avoid changing some other
+file, let me know and I'll see if I can find a way of making that unnecessary.
+
+Briefly, the building process concatenates a number of files in order to
+construct its working makefile. If <ostype> and <archtype> are the operating
+system and architecture types respectively, the files used are:
+
+ OS/Makefile-Default
+ OS/Makefile-<ostype>
+ Local/Makefile
+ Local/Makefile-<ostype>
+ Local/Makefile-<archtype>
+ Local/Makefile-<ostype>-<archtype>
+ Local/Makefile-<buildname>
+ OS/Makefile-Base
+
+Of the Local/* files, only Local/Makefile is required to exist; the rest are
+optional. Because of the way "make" works, values set in later files override
+values set in earlier ones. Thus you can set up general options that are
+overridden for specify operating systems and/or architectures if you wish.
+
+
+******* IMPORTANT FOR GNU/LINUX USERS *******
+
+Exim 4 won't work with some versions of Linux if you put its spool directory on
+an NFS partition. You get an error about "directory sync failed". This is
+because of a bug in Linux NFS. A fix has been promised in due course. It is in
+any case much better to put Exim's spool directory on local disc.
+
+If you get an error complaining about the lack of functions such as dbm_open()
+when building Exim, the problem is that it hasn't been able to find a DBM
+library. See the file doc/dbm.discuss.txt for a discussion about the various
+DBM libraries.
+
+Different versions of Linux come with different DBM libraries, stored in
+different places. As well as setting USE_DB=yes in Local/Makefile if Berkeley
+DB is in use, it may also be necessary to set a value in DBMLIB to specify the
+inclusion of the DBM library, for example: DBMLIB=-ldb or DBMLIB=-lgdbm.
+
+If you are using RedHat 7.0, which has DB3 as its DBM library, you need to
+install the db-devel package before building Exim. This will have a name like
+db3-devel-3.1.14-16.i386.rpm (but check which release of DB3 you have).
+
+The building scripts now distinguish between versions of Linux with the older
+libc5 and the more recent ones that use libc6. In the latter case, USE_DB and
+-ldb are the default settings, because DB is standard with libc6.
+
+It appears that with glibc-2.1.x (a minor libc upgrade), they have standardised
+on Berkeley DB2 (instead of DB1 in glibc-2.0.x). If you want to get DB1 back,
+you need to set
+
+ INCLUDE=-I/usr/include/db1
+ DBMLIB=-ldb1
+
+in your Local/Makefile. If you omit DBMLIB=-ldb1 Exim will link successfully
+using the DB1 compatibility interface to DB2, but it will expect the file
+format to be that of DB2, and so will not be able to read existing DB1 files.
+
+
+******* IMPORTANT FOR FREEBSD USERS *******
+
+On FreeBSD there is a file called /etc/mail/mailer.conf which selects what to
+run for various MTA calls. Instead of changing /usr/sbin/sendmail, you should
+edit this file instead, to read something like this:
+
+sendmail /usr/exim/bin/exim
+send-mail /usr/exim/bin/exim
+mailq /usr/exim/bin/exim -bp
+newaliases /usr/bin/true
+
+You will most probably need to add the line:
+
+daily_status_include_submit_mailq="NO" # No separate 'submit' queue
+
+to /etc/periodic.conf. This stops FreeBSD running the command "mailq -Ac"
+(which Exim doesn't understand) to list a separate submit queue (which Exim
+doesn't have).
+
+If you are using FreeBSD prior to 3.0-RELEASE, and you are not using the ports
+mechanism to install Exim, then you should install the perl5 package
+(/usr/local/bin/perl) and use that instead of perl in the base system, which is
+perl4 up until 3.0-RELEASE. If you are using the ports mechanism, this is
+handled for you.
+
+If you are upgrading from version 2.11 of Exim or earlier, and you are using
+DBM files, and you did not previously have USE_DB=yes in your Local/Makefile,
+then you will either have to put USE_DB=no in your Local/Makefile or (better)
+rebuild your DBM data files. The default for FreeBSD has been changed to
+USE_DB=yes, since FreeBSD comes with Berkeley DB. However, using the native DB
+interface means that the data files no longer have the ".db" extension.
+
+
+
+******* IMPORTANT FOR Tru64 (aka Digital Unix aka DEC-OSF1) USERS *******
+
+The default compiler may not recognize ANSI C by default. You may have to set
+
+CC=cc
+CFLAGS=-std1
+
+in Local/Makefile in order to compile Exim. A user reported another small
+problem with this operating system: In the file /usr/include/net/if.h a
+semicolon was missing at the end of line 143.
+
+
+
+******* IMPORTANT FOR SCO USERS *******
+
+The building scripts assume the existence of the "ar" command, which is part of
+the Development System. However, it is also possible to use the "gar" command
+that is part of the GNU utilities that are distributed with the 5.0.7 release.
+If you have "gar" and not "ar" you should include
+
+AR=gar
+
+in your Local/Makefile.
+
+
+
+******* IMPORTANT FOR Unixware 2.x USERS *******
+
+Unixware does not include db/dbm/ndbm with its standard compiler (it is
+available with /usr/ucb/cc, but that has bugs of its own). You should install
+gcc and Berkeley DB (or another dbm library if you really insist). If you use a
+different dbm library you will need to override the default setting of DBMLIB.
+
+DB 1.85 and 2.x can be found at http://www.sleepycat.com/. They have different
+characteristics. See the discussion of dbm libraries in doc/dbm.discuss.txt. DB
+needs to be compiled with gcc and you need a 'cc' in your path before the
+Unixware CC to compile it.
+
+Don't bother even starting to install exim on Unixware unless you have
+installed gcc and use it for everything.
+
+
+******* IMPORTANT FOR SOLARIS 2.3 (SUNOS 5.3) USERS *******
+
+The file /usr/include/sysexits.h does not exist on Solaris 2.3 (and presumably
+earlier versions), though it is present in 2.4 and later versions. To compile
+Exim on Solaris 2.3 it is necessary to include the line
+
+CFLAGS=-O -DNO_SYSEXITS -DEX_TEMPFAIL=75
+
+in your Local/Makefile.
+
+
+******* IMPORTANT FOR IRIX USERS *******
+
+There are problems with some versions of gcc on IRIX, as a result of which all
+DNS lookups yield either 0.0.0.0 or 255.255.255.255. Releases of gcc after
+2.7.2.3 (which works ok) are affected. Specifically, 2.8.* is affected, as are
+the 2.95 series. From release 3.21 of Exim, a workaround for this problem
+should automatically be enabled when Exim is compiled on IRIX using gcc.
+
+As from version 2.03 there is IRIX-specific code in Exim to obtain a list of
+all the IP addresses on local interfaces, including alias addresses, because
+the standard code gives only non-alias addresses in IRIX. The code came from
+SGI, with the comment:
+
+"On 6.2 you need the libc patch to get the sysctl() stub and the networking
+kernel patch to get the support."
+
+It seems that this code doesn't work on at least some earlier versions of IRIX
+(e.g. IRIX 5.3). If you can't compile under IRIX and the problem appears to
+relate to sysctl(), try commenting or #ifdef-ing out all the code in the
+file OS/os.c-IRIX.
+
+
+******* IMPORTANT FOR HP-UX USERS *******
+
+There are two different sets of configuration files for HP-UX. Those ending in
+HP-UX-9 are used for HP-UX version 9, and have been tested on HP-UX version
+9.05. Those ending in HP-UX are for later releases, and have been tested on
+HP-UX version 11.00. If you are using a version of HP-UX between 9.05 and
+11.00, you may need to edit the file OS/os.h-HP-UX if you encounter problems
+building Exim.
+
+If you want to use the Sieve facility in Exim, the alias iso-8859-1 should be
+added to the alias definition for iso81 in /usr/lib/nls/iconv/config.iconv. You
+also need to add a new alias definition: "alias utf8 utf-8".
+
+
+******* IMPORTANT FOR QNX USERS *******
+
+1. Exim makes some assumptions about the shell in the makefiles. The "normal"
+ QNX shell (ksh) will not work. You need to install "bash", which can be
+ obtained from the QNX freeware on QUICS. Install it to /usr/local/bin/bash
+ Then you need to change the SHELL definition at the top of the main Makefile
+ to SHELL=/usr/local/bin/bash. The file OS/Makefile-QNX sets the variable
+ MAKE_SHELL to /usr/local/bin/bash. If you install bash in a different place,
+ you will need to set MAKE_SHELL in your Local/Makefile in order to override
+ this.
+
+2. For some strange reason make will fail at building "exim_dbmbuild" when
+ called the first time. However simply calling make a second time will solve
+ the problem. Alternatively, run "make makefile" and then "make".
+
+
+******* IMPORTANT FOR ULTRIX USERS *******
+
+You need to set SHELL explicitly in the make call when building on ULTRIX,
+that is, type "make SHELL=sh5".
+
+
+******* IMPORTANT FOR GNU/HURD USERS *******
+
+GNU/Hurd doesn't (at the time of writing, June 1999) have the ioctls for
+finding out the IP addresses of the local interfaces. You therefore have to set
+local_interfaces yourself. Otherwise it will treat only 127.0.0.1 as local.
+
+Philip Hazel
diff --git a/README.DSN b/README.DSN
new file mode 100644
index 0000000..d700dd0
--- /dev/null
+++ b/README.DSN
@@ -0,0 +1,141 @@
+Exim DSN Patch (4.82)
+---------------------
+
+This patch is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This patch is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this patch; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA.
+
+Installation & Usage
+--------------------
+See docs/experimental-spec.txt
+
+Credits
+-------
+
+The original work for the patch was done by Philip Hazel in Exim 3
+
+The extract was taken and re-applied to Exim 4 by the following :-
+Phil Bingham (phil.bingham@cwipapps.net)
+Steve Falla (steve.falla@cwipapps.net)
+Ray Edah (ray.edah@cwipapps.net)
+Andrew Johnson (andrew.johnson@cwippaps.net)
+Adrian Hungate (adrian.hungate@cwipapps.net)
+
+Now Primarily maintained by :-
+Andrew Johnson (andrew.johnson@cwippaps.net)
+
+Updated for 4.82, improved and submitted to
+http://bugs.exim.org/show_bug.cgi?id=118
+by :-
+Wolfgang Breyha (wbreyha@gmx.net)
+
+Contributions
+-------------
+Andrey J. Melnikoff (TEMHOTA) (temnota@kmv.ru)
+
+
+ChangeLog
+---------
+14-Apr-2006 : Changed subject to "Delivery Status Notification"
+
+17-May-2006 : debug_printf in spool-in.c were not wrapped with #ifndef COMPILE_UTILITY
+ thanks to Andrey J. Melnikoff for this information
+
+12-Sep-2006 : Now supports Exim 4.63
+
+12-Sep-2006 : src/EDITME did not include the #define SUPPORT_DSN as stated
+ in the documentation, this has now been corrected
+ thanks to Robert Kehl for this information
+
+28-Jul-2008 : New version for exim 4.69 released.
+
+02-Jul-2010 : New version for exim 4.72 released.
+
+25-Apr-2014 : Version 1.4
+ *) fix ENVID and ORCPT addition in SMTP transport
+ *) p was not moved to the end of the string. new content
+ added afterwards overwrites ENVID and/or ORCPT
+ *) change spool file format to be compatible with the
+ extensible format of exim 4 by prepending new values and
+ setting the extended bitmask accordingly
+ *) use SUPPORT_DSN_LEGACY=yes in Makefile to be able to read
+ the legacy format of older patches until all messages are out of queue.
+ *) change "dsn" boolean toggle to "dsn_advertise_hosts" to
+ be able to select who actually can use the extension
+ *) Add all RFC 3461 MUST fields to delivery-status section
+ *) convert xtext in ENVID
+ *) add all successful rcpts to ONE message instead of sending several messages
+
+26-Apr-2014 : Version 1.5
+ fixes:
+ *) fixed wrong order for ENVID
+ *) fixed wrong Final-Recipient value
+ *) af_ignore_failure is ignored for success reports
+ *) fixed DSN_LEGACY switch
+ improvements:
+ *) added MIME "failure" reports
+ *) bounce_return_message is ignored (required by RFC)
+ *) in case RET= is defined we honor these values
+ otherwise bounce_return_body is honored.
+ *) bounce_return_size_limit is always honored.
+ *) message body intro and final text is ignored
+ *) do not send report if DSN flags say NO
+ *) added MIME "delay" reports
+ *) do not send report if DSN flags say NO
+ *) changed from SUPPORT_DSN to EXPERIMENTAL_DSN
+ *) updated documentation
+
+01-May-2014 : Version 1.6
+ fixes:
+ *) code cleanup
+ *) use text/rfc822-headers were applicable
+ *) fix NOTIFY=FAILURE
+
+ improvements:
+ *) do not truncated MIME messages
+ *) if bounce_return_size_limit is smaller then the actual message
+ only the header is returned
+ *) if bounce_return_body or bounce_return_size_limit prevents Exim
+ from returning the requested (RET=FULL) body this fact is added
+ as X-Exim-DSN-Information Header
+ *) this also means that all of the last three parts of the "failure"
+ template are not used anymore
+
+ *) dsn_process switch removed
+ *) every router "processes" DSN by default
+ *) there is no possibility to "gag" DSN anymore since this violates RFC
+ *) dsn_lasthop switch added for routers
+ *) if dsn_lasthop is set by a router it is handled as relaying to a
+ non DSN aware relay. success mails are sent if Exim successfully
+ delivers the message.
+ *) redirect routers always "act" as if dsn_lasthop is set
+
+ *) address_item.dsn_aware changed from uschar to int for easier handling.
+
+02-May-2014 : fixes:
+ *) Reporting-MTA: use smtp_active_hostname instead of qualify_domain from
+ original patch.
+
+20-May-2014 : fixes:
+ *) removed support for EXPERIMENTAL_DSN_LEGACY for codebase inclusion
+ *) fixed build of exim_monitor tree
+ *) fixed late declaration of dsn_all_lasthop
+
+-----------------
+
+Support for this patch up to 1.3 (limited though it is) will only be provided through the SourceForge
+project page (http://sourceforge.net/projects/eximdsn/)
+
+From 1.4 onward feel free to ask on the exim-users mailinglist or add comments to
+http://bugs.exim.org/show_bug.cgi?id=118
+
diff --git a/README.UPDATING b/README.UPDATING
new file mode 100644
index 0000000..a0afa8d
--- /dev/null
+++ b/README.UPDATING
@@ -0,0 +1,867 @@
+This document contains detailed information about incompatibilities that might
+be encountered when upgrading from one release of Exim to another. The
+information is in reverse order of release numbers. Mostly these are relatively
+small points, and the configuration file is normally upwards compatible, but
+there have been two big upheavals...
+
+
+**************************************************************************
+* There was a big reworking of the way mail routing works for release *
+* 4.00. Previously used "directors" were abolished, and all routing is *
+* now done by routers. Policy controls for incoming mail are now done by *
+* Access Control Lists instead of separate options. All this means that *
+* pre-4.00 configuration files have to be massively converted. If you *
+* are coming from a 3.xx release, please read the document in the file *
+* doc/Exim4.upgrade, and allow some time to complete the upgrade. *
+* *
+* There was a big reworking of the way domain/host/net/address lists are *
+* handled at release 3.00. If you are coming from a pre-3.00 release, it *
+* might be easier to start again from a default configuration. Otherwise *
+* you need to read doc/Exim3.upgrade and do a double conversion of your *
+* configuration file. *
+**************************************************************************
+
+
+The rest of this document contains information about changes in 4.xx releases
+that might affect a running system.
+
+
+Exim version 4.94
+-----------------
+
+Some Transports now refuse to use tainted data in constructing their delivery
+location; this WILL BREAK configurations which are not updated accordingly.
+In particular: any Transport use of $local_user which has been relying upon
+check_local_user far away in the Router to make it safe, should be updated to
+replace $local_user with $local_part_data.
+
+Attempting to remove, in router or transport, a header name that ends with
+an asterisk (which is a standards-legal name) will now result in all headers
+named starting with the string before the asterisk being removed. We recommend
+staying away from such names, if they are private ones (and in case of future
+enhancements, alao header names that look like REs).
+
+
+Exim version 4.93
+-----------------
+
+For a detailed list of changes that might affect Exim's operation with
+an unchanged configuration, please see the doc/ChangeLog file.
+
+Build:
+
+ * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC
+
+ * DISABLE_TLS replaces SUPPORT_TLS
+
+ * Bump the version for the local_scan API.
+
+Runtime:
+
+ * smtp transport option hosts_try_fastopen defaults to "*".
+
+ * DNSSec is requested (not required) for all queries. (This seemes to
+ ask for trouble if your resolver is a systemd-resolved.)
+
+ * Generic router option retry_use_local_part defaults to "true" under specific
+ pre-conditions.
+
+ * Introduce a tainting mechanism for values read from untrusted sources.
+
+ * Use longer file names for temporary spool files (this avoids
+ name conflicts with spool on a shared file system).
+
+ * Use dsn_from main config option (was ignored previously).
+
+
+Exim version 4.92
+-----------------
+
+ * Exim used to manually follow CNAME chains, to a limited depth. In this
+ day-and-age we expect the resolver to be doing this for us, so the loop
+ is limited to one retry unless the (new) config option dns_cname_loops
+ is changed.
+
+Exim version 4.91
+-----------------
+
+ * DANE and SPF have been promoted from Experimental to Supported status, thus
+ the options to enable them in Local/Makefile have been renamed.
+ See current src/EDITME for full details, including changes in dependencies,
+ but loosely: replace EXPERIMENTAL_SPF with SUPPORT_SPF and replace
+ EXPERIMENTAL_DANE with SUPPORT_DANE.
+
+ * Ancient ClamAV stream support, long deprecated by ClamAV, has been removed;
+ if you were building with WITH_OLD_CLAMAV_STREAM enabled then your problems
+ have marginally increased.
+
+ * A number of logging changes; if relying upon the previous DKIM additional
+ log-line, explicit log_selector configuration is needed to keep it.
+
+ * Other incompatible changes in EXPERIMENTAL_* features, read NewStuff and
+ ChangeLog carefully if relying upon an experimental feature such as DMARC.
+ Note that this includes changes to SPF as it was promoted into Supported.
+
+
+Exim version 4.89
+-----------------
+
+ * SMTP CHUNKING in Exim 4.88 did not ensure that received mails had a final
+ newline; attempts to deliver such messages onwards to non-chunking hosts
+ would probably hang, as Exim does not insert the newline before a ".".
+ In 4.89, the newline is added upon receipt. For already-received messages
+ in your queue, try util/chunking_fixqueue_finalnewlines.pl
+ to walk the queue, fixing any affected messages. Note that because a
+ delivery attempt will be hanging, attempts to lock the messages for fixing
+ them will stall; stopping all queue-runners temporarily is recommended.
+
+ * OpenSSL: oldest supported release series is now 1.0.2, which is the oldest
+ supported by the OpenSSL project. If you can build Exim with an older
+ release series, congratulations. If you can't, then upgrade.
+ The file doc/openssl.txt contains instructions for installing a current
+ OpenSSL outside the system library paths and building Exim to use it.
+
+ * FreeBSD: we now always use the system iconv in libc, as all versions of
+ FreeBSD supported by the FreeBSD project provide this functionality.
+
+
+Exim version 4.88
+-----------------
+
+ * The "demime" ACL condition, deprecated for the past 10 years, has
+ now been removed.
+
+ * Old GnuTLS configuration options "gnutls_require_kx", "gnutls_require_mac",
+ and "gnutls_require_protocols" have now been removed. (Inoperative from
+ 4.80, per below; logging warnings since 4.83, again per below).
+
+
+Exim version 4.83
+-----------------
+
+ * SPF condition results renamed "permerror" and "temperror". The old
+ names are still accepted for back-compatibility, for this release.
+
+ * TLS details are now logged on rejects, subject to log selectors.
+
+ * Items in headers_remove lists must now have any embedded list-separators
+ doubled.
+
+ * Attempted use of the deprecated options "gnutls_require_kx" et. al.
+ now result in logged warning.
+
+
+Exim version 4.82
+-----------------
+
+ * New option gnutls_allow_auto_pkcs11 defaults false; if you have GnuTLS 2.12.0
+ or later and do want PKCS11 modules to be autoloaded, then set this option.
+
+ * A per-transport wait-<name> database is no longer updated if the transport
+ sets "connection_max_messages" to 1, as it can not be used and causes
+ unnecessary serialisation and load. External tools tracking the state of
+ Exim by the hints databases may need modification to take this into account.
+
+ * The av_scanner option can now accept multiple clamd TCP targets, all other
+ setting limitations remain.
+
+
+Exim version 4.80
+-----------------
+
+ * BEWARE backwards-incompatible changes in SSL libraries, thus the version
+ bump. See points below for details.
+ Also an LDAP data returned format change.
+
+ * The value of $tls_peerdn is now print-escaped when written to the spool file
+ in a -tls_peerdn line, and unescaped when read back in. We received reports
+ of values with embedded newlines, which caused spool file corruption.
+
+ If you have a corrupt spool file and you wish to recover the contents after
+ upgrading, then lock the message, replace the new-lines that should be part
+ of the -tls_peerdn line with the two-character sequence \n and then unlock
+ the message. No tool has been provided as we believe this is a rare
+ occurrence.
+
+ * For OpenSSL, SSLv2 is now disabled by default. (GnuTLS does not support
+ SSLv2). RFC 6176 prohibits SSLv2 and some informal surveys suggest no
+ actual usage. You can re-enable with the "openssl_options" Exim option,
+ in the main configuration section. Note that supporting SSLv2 exposes
+ you to ciphersuite downgrade attacks.
+
+ * With OpenSSL 1.0.1+, Exim now supports TLS 1.1 and TLS 1.2. If built
+ against 1.0.1a then you will get a warning message and the
+ "openssl_options" value will not parse "no_tlsv1_1": the value changes
+ incompatibly between 1.0.1a and 1.0.1b, because the value chosen for 1.0.1a
+ is infelicitous. We advise avoiding 1.0.1a.
+
+ "openssl_options" gains "no_tlsv1_1", "no_tlsv1_2" and "no_compression".
+
+ COMPATIBILITY WARNING: The default value of "openssl_options" is no longer
+ "+dont_insert_empty_fragments". We default to "+no_sslv2".
+ That old default was grandfathered in from before openssl_options became a
+ configuration option.
+ Empty fragments are inserted by default through TLS1.0, to partially defend
+ against certain attacks; TLS1.1+ change the protocol so that this is not
+ needed. The DIEF SSL option was required for some old releases of mail
+ clients which did not gracefully handle the empty fragments, and was
+ initially set in Exim release 4.31 (see ChangeLog, item 37).
+
+ If you still have affected mail-clients, and you see SSL protocol failures
+ with this release of Exim, set:
+ openssl_options = +dont_insert_empty_fragments
+ in the main section of your Exim configuration file. You're trading off
+ security for compatibility. Exim is now defaulting to higher security and
+ rewarding more modern clients.
+
+ If the option tls_dhparams is set and the parameters loaded from the file
+ have a bit-count greater than the new option tls_dh_max_bits, then the file
+ will now be ignored. If this affects you, raise the tls_dh_max_bits limit.
+ We suspect that most folks are using dated defaults and will not be affected.
+
+ * Ldap lookups returning multi-valued attributes now separate the attributes
+ with only a comma, not a comma-space sequence. Also, an actual comma within
+ a returned attribute is doubled. This makes it possible to parse the
+ attribute as a comma-separated list. Note the distinction from multiple
+ attributes being returned, where each one is a name=value pair.
+
+ If you are currently splitting the results from LDAP upon a comma, then you
+ should check carefully to see if adjustments are needed.
+
+ This change lets cautious folks distinguish "comma used as separator for
+ joining values" from "comma inside the data".
+
+ * accept_8bitmime now defaults on, which is not RFC compliant but is better
+ suited to today's Internet. See http://cr.yp.to/smtp/8bitmime.html for a
+ sane rationale. Those who wish to be strictly RFC compliant, or know that
+ they need to talk to servers that are not 8-bit-clean, now need to take
+ explicit configuration action to default this option off. This is not a
+ new option, you can safely force it off before upgrading, to decouple
+ configuration changes from the binary upgrade while remaining RFC compliant.
+
+ * The GnuTLS support has been mostly rewritten, to use APIs which don't cause
+ deprecation warnings in GnuTLS 2.12.x. As part of this, these three options
+ are no longer supported:
+
+ gnutls_require_kx
+ gnutls_require_mac
+ gnutls_require_protocols
+
+ Their functionality is entirely subsumed into tls_require_ciphers. In turn,
+ tls_require_ciphers is no longer an Exim list and is not parsed by Exim, but
+ is instead given to gnutls_priority_init(3), which expects a priority string;
+ this behaviour is much closer to the OpenSSL behaviour. See:
+
+ http://www.gnutls.org/manual/html_node/Priority-Strings.html
+
+ for fuller documentation of the strings parsed. The three gnutls_require_*
+ options are still parsed by Exim and, for this release, silently ignored.
+ A future release will add warnings, before a later still release removes
+ parsing entirely and the presence of the options will be a configuration
+ error.
+
+ Note that by default, GnuTLS will not accept RSA-MD5 signatures in chains.
+ A tls_require_ciphers value of NORMAL:%VERIFY_ALLOW_SIGN_RSA_MD5 may
+ re-enable support, but this is not supported by the Exim maintainers.
+ Our test suite no longer includes MD5-based certificates.
+
+ This rewrite means that Exim will continue to build against GnuTLS in the
+ future, brings Exim closer to other GnuTLS applications and lets us add
+ support for SNI and other features more readily. We regret that it wasn't
+ feasible to retain the three dropped options.
+
+ * If built with TLS support, then Exim will now validate the value of
+ the main section tls_require_ciphers option at start-up. Before, this
+ would cause a STARTTLS 4xx failure, now it causes a failure to start.
+ Running with a broken configuration which causes failures that may only
+ be left in the logs has been traded off for something more visible. This
+ change makes an existing problem more prominent, but we do not believe
+ anyone would deliberately be running with an invalid tls_require_ciphers
+ option.
+
+ This also means that library linkage issues caused by conflicts of some
+ kind might take out the main daemon, not just the delivery or receiving
+ process. Conceivably some folks might prefer to continue delivering
+ mail plaintext when their binary is broken in this way, if there is a
+ server that is a candidate to receive such mails that does not advertise
+ STARTTLS. Note that Exim is typically a setuid root binary and given
+ broken linkage problems that cause segfaults, we feel it is safer to
+ fail completely. (The check is not done as root, to ensure that problems
+ here are not made worse by the check).
+
+ * The "tls_dhparam" option has been updated, so that it can now specify a
+ path or an identifier for a standard DH prime from one of a few RFCs.
+ The default for OpenSSL is no longer to not use DH but instead to use
+ one of these standard primes. The default for GnuTLS is no longer to use
+ a file in the spool directory, but to use that same standard prime.
+ The option is now used by GnuTLS too. If it points to a path, then
+ GnuTLS will use that path, instead of a file in the spool directory;
+ GnuTLS will attempt to create it if it does not exist.
+
+ To preserve the previous behaviour of generating files in the spool
+ directory, set "tls_dhparam = historic". Since prior releases of Exim
+ ignored tls_dhparam when using GnuTLS, this can safely be done before
+ the upgrade.
+
+
+
+Exim version 4.77
+-----------------
+
+ * GnuTLS will now attempt to use TLS 1.2 and TLS 1.1 before TLS 1.0 and SSL3,
+ if supported by your GnuTLS library. Use the existing
+ "gnutls_require_protocols" option to downgrade this if that will be a
+ problem. Prior to this release, supported values were "TLS1" and "SSL3",
+ so you should be able to update configuration prior to update.
+
+ [nb: gnutls_require_protocols removed in Exim 4.80, instead use
+ tls_require_ciphers to provide a priority string; see notes above]
+
+ * The match_<type>{string1}{string2} expansion conditions no longer subject
+ string2 to string expansion, unless Exim was built with the new
+ "EXPAND_LISTMATCH_RHS" option. Too many people have inadvertently created
+ insecure configurations that way. If you need the functionality and turn on
+ that build option, please let the developers know, and know why, so we can
+ try to provide a safer mechanism for you.
+
+ The match{}{} expansion condition (for regular expressions) is NOT affected.
+ For match_<type>{s1}{s2}, all list functionality is unchanged. The only
+ change is that a '$' appearing in s2 will not trigger expansion, but instead
+ will be treated as a literal $ sign; the effect is very similar to having
+ wrapped s2 with \N...\N. If s2 contains a named list and the list definition
+ uses $expansions then those _will_ be processed as normal. It is only the
+ point at which s2 is read where expansion is inhibited.
+
+ If you are trying to test if two email addresses are equal, use eqi{s1}{s2}.
+ If you are testing if the address in s1 occurs in the list of items given
+ in s2, either use the new inlisti{s1}{s2} condition (added in 4.77) or use
+ the pre-existing forany{s2}{eqi{$item}{s1}} condition.
+
+
+Exim version 4.74
+-----------------
+
+ * The integrated support for dynamically loadable lookup modules has an ABI
+ change from the modules supported by some OS vendors through an unofficial
+ patch. Don't try to mix & match.
+
+ * Some parts of the build system are now beginning to assume that the host
+ environment is POSIX. If you're building on a system where POSIX tools are
+ not the default, you might have an easier time if you switch to the POSIX
+ tools. Feel free to report non-POSIX issues as a request for a feature
+ enhancement, but if the POSIX variants are available then the fix will
+ probably just involve some coercion. See the README instructions for
+ building on such hosts.
+
+
+Exim version 4.73
+-----------------
+
+ * The Exim run-time user can no longer be root; this was always
+ strongly discouraged, but is now prohibited both at build and
+ run-time. If you need Exim to run routinely as root, you'll need to
+ patch the source and accept the risk. Here be dragons.
+
+ * Exim will no longer accept a configuration file owned by the Exim
+ run-time user, unless that account is explicitly the value in
+ CONFIGURE_OWNER, which we discourage. Exim now checks to ensure that
+ files are not writeable by other accounts.
+
+ * The ALT_CONFIG_ROOT_ONLY build option is no longer optional and is forced
+ on; the Exim user can, by default, no longer use -C/-D and retain privilege.
+ Two new build options mitigate this.
+
+ * TRUSTED_CONFIG_LIST defines a file containing a whitelist of config
+ files that are trusted to be selected by the Exim user; one per line.
+ This is the recommended approach going forward.
+
+ * WHITELIST_D_MACROS defines a colon-separated list of macro names which
+ the Exim run-time user may safely pass without dropping privileges.
+ Because changes to this involve a recompile, this is not the recommended
+ approach but may ease transition. The values of the macros, when
+ overridden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$
+
+ * The system_filter_user option now defaults to the Exim run-time user,
+ rather than root. You can still set it explicitly to root and this
+ can be done with prior versions too, letting you roll versions
+ without needing to change this configuration option.
+
+ * ClamAV must be at least version 0.95 unless WITH_OLD_CLAMAV_STREAM is
+ defined at build time.
+
+
+Exim version 4.70
+-----------------
+
+1. Experimental Yahoo! Domainkeys support has been dropped in this release.
+It has been superseded by a native implementation of its successor DKIM.
+
+2. Up to version 4.69, Exim came with an embedded version of the PCRE library.
+As of 4.70, this is no longer the case. To compile Exim, you will need PCRE
+installed. Most OS distributions have ready-made library and development
+packages.
+
+
+Exim version 4.68
+-----------------
+
+1. The internal implementation of the database keys that are used for ACL
+ratelimiting has been tidied up. This means that an update to 4.68 might cause
+Exim to "forget" previous rates that it had calculated, and reset them to zero.
+
+
+Exim version 4.64
+-----------------
+
+1. Callouts were setting the name used for EHLO/HELO from $smtp_active_
+hostname. This is wrong, because it relates to the incoming message (and
+probably the interface on which it is arriving) and not to the outgoing
+callout (which could be using a different interface). This has been
+changed to use the value of the helo_data option from the smtp transport
+instead - this is what is used when a message is actually being sent. If
+there is no remote transport (possible with a router that sets up host
+addresses), $smtp_active_hostname is used. This change is mentioned here in
+case somebody is relying on the use of $smtp_active_hostname.
+
+2. A bug has been fixed that might just possibly be something that is relied on
+in some configurations. In expansion items such as ${if >{xxx}{yyy}...} an
+empty string (that is {}) was being interpreted as if it was {0} and therefore
+treated as the number zero. From release 4.64, such strings cause an error
+because a decimal number, possibly followed by K or M, is required (as has
+always been documented).
+
+3. There has been a change to the GnuTLS support (ChangeLog/PH/20) to improve
+Exim's performance. Unfortunately, this has the side effect of being slightly
+non-upwards compatible for versions 4.50 and earlier. If you are upgrading from
+one of these earlier versions and you use GnuTLS, you must remove the file
+called gnutls-params in Exim's spool directory. If you don't do this, you will
+see this error:
+
+ TLS error on connection from ... (DH params import): Base64 decoding error.
+
+Removing the file causes Exim to recompute the relevant encryption parameters
+and cache them in the new format that was introduced for release 4.51 (May
+2005). If you are upgrading from release 4.51 or later, there should be no
+problem.
+
+
+Exim version 4.63
+-----------------
+
+When an SMTP error message is specified in a "message" modifier in an ACL, or
+in a :fail: or :defer: message in a redirect router, Exim now checks the start
+of the message for an SMTP error code. This consists of three digits followed
+by a space, optionally followed by an extended code of the form n.n.n, also
+followed by a space. If this is the case and the very first digit is the same
+as the default error code, the code from the message is used instead. If the
+very first digit is incorrect, a panic error is logged, and the default code is
+used. This is an incompatible change, but it is not expected to affect many (if
+any) configurations. It is possible to suppress the use of the supplied code in
+a redirect router by setting the smtp_error_code option false. In this case,
+any SMTP code is quietly ignored.
+
+
+Exim version 4.61
+-----------------
+
+1. The default number of ACL variables of each type has been increased to 20,
+and it's possible to compile Exim with more. You can safely upgrade to this
+release if you already have messages on the queue with saved ACL variable
+values. However, if you downgrade from this release with messages on the queue,
+any saved ACL values they may have will be lost.
+
+2. The default value for rfc1413_query_timeout has been changed from 30s to 5s.
+
+
+Exim version 4.54
+-----------------
+
+There was a problem with 4.52/TF/02 in that a "name=" option on control=
+submission terminated at the next slash, thereby not allowing for slashes in
+the name. This has been changed so that "name=" takes the rest of the string as
+its data. It must therefore be the last option.
+
+
+Version 4.53
+------------
+
+If you are using the experimental Domain Keys support, you must upgrade to
+at least libdomainkeys 0.67 in order to run this release of Exim.
+
+
+Version 4.51
+------------
+
+1. The format in which GnuTLS parameters are cached (in the file gnutls-params
+in the spool directory) has been changed. The new format can also be generated
+externally, so it is now possible to update the values from outside Exim. This
+has been implemented in an upwards, BUT NOT downwards, compatible manner.
+Upgrading should be seamless: when Exim finds that it cannot understand an
+existing cache file, it generates new parameters and writes them to the cache
+in the new format. If, however, you downgrade from 4.51 to a previous release,
+you MUST delete the gnutls-params file in the spool directory, because the
+older Exim will not recognize the new format.
+
+2. When doing a callout as part of verifying an address, Exim was not paying
+attention to any local part prefix or suffix that was matched by the router
+that accepted the address. It now behaves in the same way as it does for
+delivery: the affixes are removed from the local part unless
+rcpt_include_affixes is set on the transport. If you have a configuration that
+uses prefixes or suffixes on addresses that could be used for callouts, and you
+want the affixes to be retained, you must make sure that rcpt_include_affixes
+is set on the transport.
+
+3. Bounce and delay warning messages no longer contain details of delivery
+errors, except for explicit messages (e.g. generated by :fail:) and SMTP
+responses from remote hosts.
+
+
+Version 4.50
+------------
+
+The exicyclog script has been updated to use three-digit numbers in rotated log
+files if the maximum number to keep is greater than 99. If you are already
+keeping more than 99, there will be an incompatible change when you upgrade.
+You will probably want to rename your old log files to the new form before
+running the new exicyclog.
+
+
+Version 4.42
+------------
+
+RFC 3848 specifies standard names for the "with" phrase in Received: header
+lines when AUTH and/or TLS are in use. This is the "received protocol"
+field. Exim used to use "asmtp" for authenticated SMTP, without any
+indication (in the protocol name) for TLS use. Now it follows the RFC and
+uses "esmtpa" if the connection is authenticated, "esmtps" if it is
+encrypted, and "esmtpsa" if it is both encrypted and authenticated. These names
+appear in log lines as well as in Received: header lines.
+
+
+Version 4.34
+------------
+
+Change 4.31/2 gave problems to data ACLs and local_scan() functions that
+expected to see a Received: header. I have changed to yet another scheme. The
+Received: header is now generated after the body is received, but before the
+ACL or local_scan() is called. After they have run, the timestamp in the
+Received: header is updated.
+
+Thus, change (a) of 4.31/2 has been reversed, but change (b) is still true,
+which is lucky, since I decided it was a bug fix.
+
+
+Version 4.33
+------------
+
+If an expansion in a condition on a "warn" statement fails because a lookup
+defers, the "warn" statement is abandoned, and the next ACL statement is
+processed. Previously this caused the whole ACL to be aborted.
+
+
+Version 4.32
+------------
+
+Change 4.31/2 has been reversed, as it proved contentious. Recipient callout
+verification now uses <> in the MAIL command by default, as it did before. A
+new callout option, "use_sender", has been added to request the other
+behaviour.
+
+
+Version 4.31
+------------
+
+1. If you compile Exim to use GnuTLS, it now requires the use of release 1.0.0
+ or greater. The interface to the obsolete 0.8.x releases is no longer
+ supported. There is one externally visible change: the format for the
+ display of Distinguished Names now uses commas as a separator rather than a
+ slash. This is to comply with RFC 2253.
+
+2. When a message is received, the Received: header line is now generated when
+ reception is complete, instead of at the start of reception. For messages
+ that take a long time to come in, this changes the meaning of the timestamp.
+ There are several side-effects of this change:
+
+ (a) If a message is rejected by a DATA or non-SMTP ACL, or by local_scan(),
+ the logged header lines no longer include the local Received: line,
+ because it has not yet been created. If the message is a non-SMTP one,
+ and the error is processed by sending a message to the sender, the copy
+ of the original message that is returned does not have an added
+ Received: line.
+
+ (b) When a filter file is tested using -bf, no additional Received: header
+ is added to the test message. After some thought, I decided that this
+ is a bug fix.
+
+ The contents of $received_for are not affected by this change. This
+ variable still contains the single recipient of a message, copied after
+ addresses have been rewritten, but before local_scan() is run.
+
+2. Recipient callout verification, like sender verification, was using <> in
+ the MAIL FROM command. This isn't really the right thing, since the actual
+ sender may affect whether the remote host accepts the recipient or not. I
+ have changed it to use the actual sender in the callout; this means that
+ the cache record is now keyed on a recipient/sender pair, not just the
+ recipient address. There doesn't seem to be a real danger of callout loops,
+ since a callout by the remote host to check the sender would use <>.
+
+
+Version 4.30
+------------
+
+1. I have abolished timeout_DNS as an error that can be detected in retry
+ rules, because it has never worked. Despite the fact that it has been
+ documented since at least release 1.62, there was no code to support it.
+ If you have used it in your retry rules, you will now get a warning message
+ to the log and panic log. It is now treated as plain "timeout".
+
+2. After discussion on the mailing list, Exim no longer adds From:, Date:, or
+ Message-Id: header lines to messages that do not originate locally, that is,
+ messages that have an associated sending host address.
+
+3. When looking up a host name from an IP address, Exim now tries the DNS
+ first, and only if that fails does it use gethostbyaddr() (or equivalent).
+ This change was made because on some OS, not all the names are given for
+ addresses with multiple PTR records via the gethostbyaddr() interface. The
+ order of lookup can be changed by setting host_lookup_order.
+
+
+Version 4.23
+------------
+
+1. The new FIXED_NEVER_USERS build-time option creates a list of "never users"
+ that cannot be overridden. The default in the distributed EDITME is "root".
+ If for some reason you were (against advice) running deliveries as root, you
+ will have to ensure that FIXED_NEVER_USERS is not set in your
+ Local/Makefile.
+
+2. The ${quote: operator now quotes an empty string, which it did not before.
+
+3. Version 4.23 saves the contents of the ACL variables with the message, so
+ that they can be used later. If one of these variables contains a newline,
+ there will be a newline character in the spool that will not be interpreted
+ correctly by a previous version of Exim. (Exim ignores keyed spool file
+ items that it doesn't understand - precisely for this kind of problem - but
+ it expects them all to be on one line.)
+
+ So the bottom line is: if you have newlines in your ACL variables, you
+ cannot retreat from 4.23.
+
+
+Version 4.21
+------------
+
+1. The idea of the "warn" ACL verb is that it adds a header or writes to the
+ log only when "message" or "log_message" are set. However, if one of the
+ conditions was an address verification, or a call to a nested ACL, the
+ messages generated by the underlying test were being passed through. This
+ no longer happens. The underlying message is available in $acl_verify_
+ message for both "message" and "log_message" expansions, so it can be
+ passed through if needed.
+
+2. The way that the $h_ (and $header_) expansions work has been changed by the
+ addition of RFC 2047 decoding. See the main documentation (the NewStuff file
+ until release 4.30, then the manual) for full details. Briefly, there are
+ now three forms:
+
+ $rh_xxx: and $rheader_xxx: give the original content of the header
+ line(s), with no processing at all.
+
+ $bh_xxx: and $bheader_xxx: remove leading and trailing white space, and
+ then decode base64 or quoted-printable "words" within the header text,
+ but do not do charset translation.
+
+ $h_xxx: and $header_xxx: attempt to translate the $bh_ string to a
+ standard character set.
+
+ If you have previously been using $h_ expansions to access the raw
+ characters, you should change to $rh_ instead.
+
+3. When Exim creates an RFC 2047 encoded word in a header line, it labels it
+ with the default character set from the headers_charset option instead of
+ always using iso-8859-1.
+
+4. If TMPDIR is defined in Local/Makefile (default in src/EDITME is
+ TMPDIR="/tmp"), Exim checks for the presence of an environment variable
+ called TMPDIR, and if it finds it is different, it changes its value.
+
+5. Following a discussion on the list, the rules by which Exim recognises line
+ endings on incoming messages have been changed. The -dropcr and drop_cr
+ options are now no-ops, retained only for backwards compatibility. The
+ following line terminators are recognized: LF CRLF CR. However, special
+ processing applies to CR:
+
+ (i) The sequence CR . CR does *not* terminate an incoming SMTP message,
+ nor a local message in the state where . is a terminator.
+
+ (ii) If a bare CR is encountered in a header line, an extra space is added
+ after the line terminator so as not to end the header. The reasoning
+ behind this is that bare CRs in header lines are most likely either
+ to be mistakes, or people trying to play silly games.
+
+6. The code for using daemon_smtp_port, local_interfaces, and the -oX options
+ has been reorganized. It is supposed to be backwards compatible, but it is
+ mentioned here just in case I've screwed up.
+
+
+
+Version 4.20
+------------
+
+1. I have tidied and re-organized the code that uses alarm() for imposing time
+ limits on various things. It shouldn't affect anything, but if you notice
+ processes getting stuck, it may be that I've broken something.
+
+2. The "arguments" log selector now also logs the current working directory
+ when Exim is called.
+
+3. An incompatible change has been made to the appendfile transport. This
+ affects the case when it is used for file deliveries that are set up by
+ .forward and filter files. Previously, any settings of the "file" or
+ "directory" options were ignored. It is hoped that, like the address_file
+ transport in the default configuration, these options were never in fact set
+ on such transports, because they were of no use.
+
+ Now, if either of these options is set, it is used. The path that is passed
+ by the router is in $address_file (this is not new), so it can be used as
+ part of a longer path, or modified in any other way that expansion permits.
+
+ If neither "file" nor "directory" is set, the behaviour is unchanged.
+
+4. Related to the above: in a filter, if a "save" command specifies a non-
+ absolute path, the value of $home/ is pre-pended. This no longer happens if
+ $home is unset or is set to an empty string.
+
+5. Multiple file deliveries from a filter or .forward file can never be
+ batched; the value of batch_max on the transport is ignored for file
+ deliveries. I'm assuming that nobody ever actually set batch_max on the
+ address_file transport - it would have had odd effects previously.
+
+6. DESTDIR is the more common variable that ROOT for use when installing
+ software under a different root filing system. The Exim install script now
+ recognizes DESTDIR first; if it is not set, ROOT is used.
+
+7. If DESTDIR is set when installing Exim, it no longer prepends its value to
+ the path of the system aliases file that appears in the default
+ configuration (when a default configuration is installed). If an aliases
+ file is actually created, its name *does* use the prefix.
+
+
+Version 4.14
+------------
+
+1. The default for the maximum number of unknown SMTP commands that Exim will
+accept before dropping a connection has been reduced from 5 to 3. However, you
+can now change the value by setting smtp_max_unknown_commands.
+
+2. The ${quote: operator has been changed so that it turns newline and carriage
+return characters into \n and \r, respectively.
+
+3. The file names used for maildir messages now include the microsecond time
+fraction as well as the time in seconds, to cope with systems where the process
+id can be re-used within the same second. The format is now
+
+ <time>.H<microsec>P<pid>.<host>
+
+This should be a compatible change, but is noted here just in case.
+
+4. The rules for creating message ids have changed, to cope with systems where
+the process id can be re-used within the same second. The format, however, is
+unchanged, so this should not cause any problems, except as noted in the next
+item.
+
+5. The maximum value for localhost_number has been reduced from 255 to 16, in
+order to implement the new message id rules. For operating systems that have
+case-insensitive file systems (Cygwin and Darwin), the limit is 10.
+
+6. verify = header_syntax was allowing unqualified addresses in all cases. Now
+it allows them only for locally generated messages and from hosts that match
+sender_unqualified_hosts or recipient_unqualified_hosts, respectively.
+
+7. For reasons lost in the mists of time, when a pipe transport was run, the
+environment variable MESSAGE_ID was set to the message ID preceded by 'E' (the
+form used in Message-ID: header lines). The 'E' has been removed.
+
+
+Version 4.11
+------------
+
+1. The handling of lines in the configuration file has changed. Previously,
+macro expansion was applied to logical lines, after continuations had been
+joined on. This meant that it could not be used in .include lines, which are
+handled as physical rather than logical lines. Macro expansion is now done on
+physical lines rather than logical lines. This means there are two
+incompatibilities:
+
+ (a) A macro that expands to # to turn a line into a comment now applies only
+ to the physical line where it appears. Previously, it would have caused
+ any following continuations also to be ignored.
+
+ (b) A macro name can no longer be split over the boundary between a line and
+ its continuation. Actually, this is more of a bug fix. :-)
+
+2. The -D command line option must now all be within one command line item.
+This makes it possible to use -D to set a macro to the empty string by commands
+such as
+
+ exim -DABC ...
+ exim -DABC= ...
+
+Previously, these items would have moved on to the next item on the command
+line. To include spaces in a macro definition item, quotes must be used, in
+which case you can also have spaces after -D and surrounding the equals. For
+example:
+
+ exim '-D ABC = something' ...
+
+3. The way that addresses that redirect to themselves are handled has been
+changed, in order to fix an obscure bug. This should not cause any problems
+except in the case of wanting to go back from a 4.11 (or later) release to an
+earlier release. If there are undelivered messages on the spool that contain
+addresses which redirect to themselves, and the redirected addresses have
+already been delivered, you might get a duplicate delivery if you revert to an
+earlier Exim.
+
+4. The default way of looking up IP addresses for hosts in the manualroute and
+queryprogram routers has been changed. If "byname" or "bydns" is explicitly
+specified, there is no change, but if no method is specified, Exim now behaves
+as follows:
+
+ First, a DNS lookup is done. If this yields anything other than
+ HOST_NOT_FOUND, that result is used. Otherwise, Exim goes on to try a call to
+ getipnodebyname() (or gethostbyname() on older systems) and the result of the
+ lookup is the result of that call.
+
+This change has been made because it has been discovered that on some systems,
+if a DNS lookup called via getipnodebyname() times out, HOST_NOT_FOUND is
+returned instead of TRY_AGAIN. Thus, it is safest to try a DNS lookup directly
+first, and only if that gives a definite "no such host" to try the local
+function.
+
+5. In fixing the minor security problem with pid_file_path, I have removed some
+backwards-compatible (undocumented) code which was present to ease conversion
+from Exim 3. In Exim 4, pid_file_path is a literal; in Exim 3 it was allowed to
+contain "%s", which was replaced by the port number for daemons listening on
+non-standard ports. In Exim 4, such daemons do not write a pid file. The
+backwards compatibility feature was to replace "%s" by nothing if it occurred
+in an Exim 4 setting of pid_file_path. The bug was in this code. I have solved
+the problem by removing the backwards compatibility feature. Thus, if you still
+have "%s" somewhere in a setting of pid_file_path, you should remove it.
+
+6. There has been an extension to lsearch files. The keys in these files may
+now be quoted in order to allow for whitespace and colons in them. This means
+that if you were previously using keys that began with a doublequote, you will
+now have to wrap them with extra quotes and escape the internal quotes. The
+possibility that anybody is actually doing this seems extremely remote, but it
+is documented just in case.
+
+
+Version 4.10
+------------
+
+The build-time parameter EXIWHAT_KILL_ARG has been renamed EXIWHAT_KILL_SIGNAL
+to better reflect its function. The OS-specific files have been updated. Only
+if you have explicitly set this in your Makefile (highly unlikely) do you need
+to change anything.
+
+****
diff --git a/conf b/conf
new file mode 100644
index 0000000..1619c0d
--- /dev/null
+++ b/conf
@@ -0,0 +1,2 @@
+perl_startup = $| = 1; print "<${^TAINT}>\n";
+perl_taintmode = yes
diff --git a/doc/ChangeLog b/doc/ChangeLog
new file mode 100644
index 0000000..585deb0
--- /dev/null
+++ b/doc/ChangeLog
@@ -0,0 +1,7790 @@
+This document describes *changes* to previous versions, that might
+affect Exim's operation, with an unchanged configuration file. For new
+options, and new features, see the NewStuff file next to this ChangeLog.
+
+
+Exim version 4.94
+-----------------
+
+JH/01 Avoid costly startup code when not strictly needed. This reduces time
+ for some exim process initialisations. It does mean that the logging
+ of TLS configuration problems is only done for the daemon startup.
+
+JH/02 Early-pipelining support code is now included unless disabled in Makefile.
+
+JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to
+ RFC 8301. They can still be enabled, using the dkim_verify_hashes main
+ option.
+
+JH/04 Support CHUNKING from an smtp transport using a transport_filter, when
+ DKIM signing is being done. Previously a transport_filter would always
+ disable CHUNKING, falling back to traditional DATA.
+
+JH/05 Regard command-line receipients as tainted.
+
+JH/06 Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM.
+
+JH/07 Bug 2489: Fix crash in the "pam" expansion condition. It seems that the
+ PAM library frees one of the arguments given to it, despite the
+ documentation. Therefore a plain malloc must be used.
+
+JH/08 Bug 2491: Use tainted buffers for the transport smtp context. Previously
+ on-stack buffers were used, resulting in a taint trap when DSN information
+ copied from a received message was written into the buffer.
+
+JH/09 Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix
+ the ordering of its ARC headers. This caused a crash.
+
+JH/10 Bug 2492: Use tainted memory for retry record when needed. Previously when
+ a new record was being constructed with information from the peer, a trap
+ was taken.
+
+JH/11 Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive
+ installation would get error messages from DMARC verify, when it hit the
+ nonexistent file indicated by the default. Distros wanting DMARC enabled
+ should both provide the file and set the option.
+ Also enforce no DMARC verification for command-line sourced messages.
+
+JH/12 Fix an uninitialised flag in early-pipelining. Previously connections
+ could, depending on the platform, hang at the STARTTLS response.
+
+JH/13 Bug 2498: Reset a counter used for ARC verify before handling another
+ message on a connection. Previously if one message had ARC headers and
+ the following one did not, a crash could result when adding an
+ Authentication-Results: header.
+
+JH/14 Bug 2500: Rewind some of the common-coding in string handling between the
+ Exim main code and Exim-related utities. The introduction of taint
+ tracking also did many adjustments to string handling. Since then, eximon
+ frequently terminated with an assert failure.
+
+JH/15 When PIPELINING, synch after every hundred or so RCPT commands sent and
+ check for 452 responses. This slightly helps the inefficieny of doing
+ a large alias-expansion into a recipient-limited target. The max_rcpt
+ transport option still applies (and at the current default, will override
+ the new feature). The check is done for either cause of synch, and forces
+ a fast-retry of all 452'd recipients using a new MAIL FROM on the same
+ connection. The new facility is not tunable at this time.
+
+JH/16 Fix the variables set by the gsasl authenticator. Previously a pointer to
+ library live data was being used, so the results became garbage. Make
+ copies while it is still usable.
+
+JH/17 Logging: when the deliver_time selector ise set, include the DT= field
+ on delivery deferred (==) and failed (**) lines (if a delivery was
+ attemtped). Previously it was only on completion (=>) lines.
+
+JH/18 Authentication: the gsasl driver not provides the $authN variables in time
+ for the expansion of the server_scram_iter and server_scram_salt options.
+
+WB/01 SPF: DNS lookups for the obsolete SPF RR type done by the libspf2 library
+ are now specifically given a NO_DATA response without hitting the system
+ resolver. The library goes on to do the now-standard TXT lookup.
+ Use of dnsdb lookups is not affected.
+
+JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure,
+ only retrieve the errormessage once. Previously two calls to dlerror()
+ were used, and the second one (for mainlog/paniclog) retrieved null
+ information.
+
+JH/20 Taint checking: disallow use of tainted data for
+ - the appendfile transport file and directory options
+ - the pipe transport command
+ - the autoreply transport file, log and once options
+ - file names used by the redirect router (including filter files)
+ - named-queue names
+ - paths used by single-key lookups
+ Previously this was permitted.
+
+JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it
+ adjusted the size of a major service buffer; this failed because the
+ buffer was in use at the time. Change to a compile-time increase in the
+ buffer size, when this authenticator is compiled into exim.
+
+JH/22 Taint-checking: move to safe-mode taint checking on all platforms. The
+ previous fast-mode was untenable in the face of glibs using mmap to
+ support larger malloc requests.
+
+PP/01 Update the openssl_options possible values through OpenSSL 1.1.1c.
+ New values supported, if defined on system where compiled:
+ allow_no_dhe_kex, cryptopro_tlsext_bug, enable_middlebox_compat,
+ no_anti_replay, no_encrypt_then_mac, prioritize_chacha, tlsext_padding
+
+JH/23 Performance improvement in the initial phase of a two-pass queue run. By
+ running a limited number of proceses in parallel, a benefit is gained. The
+ amount varies with the platform hardware and load. The use of the option
+ queue_run_in_order means we cannot do this, as ordering becomes
+ indeterminate.
+
+JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage. A previous fix
+ had introduced a string-copy (for ensuring NUL-termination) which was not
+ appropriate for that case, which can include embedded NUL bytes in the
+ block of data. Investigation showed the copy to actually be needless, the
+ data being length-specified.
+
+JH/25 Fix use of concurrent TLS connections under GnuTLS. When a callout was
+ done during a receiving connection, and both used TLS, global info was
+ used rather than per-connection info for tracking the state of data
+ queued for transmission. This could result in a connection hang.
+
+JH/26 Fix use of the SIZE parameter on MAIL commands, on continued connections.
+ Previously, when delivering serveral messages down a single connection
+ only the first would provide a SIZE. This was due to the size information
+ not being properly tracked.
+
+JH/27 Bug 2530: When operating in a timezone with sub-minute offset, such as
+ TAI (at 37 seconds currently), pretend to be in UTC for time-related
+ expansion and logging. Previously, spurious values such as a future
+ minute could be seen.
+
+JH/28 Bug 2533: Fix expansion of ${tr } item. When called in some situations
+ it could crash from a null-deref. This could also affect the
+ ${addresses: } operator and ${readsock } item.
+
+JH/29 Bug 2537: Fix $mime_part_count. When a single connection had a non-mime
+ message following a mime one, the variable was not reset.
+
+JH/30 When an pipelined-connect fails at the first response, assume incorrect
+ cached capability (perhaps the peer reneged?) and immediately retry in
+ non-pipelined mode.
+
+JH/31 Fix spurious detection of timeout while writing to transport filter.
+
+JH/32 Bug 2541: Fix segfault on bad cmdline -f (sender) argument. Previously
+ an attempt to copy the string was made before checking it.
+
+JH/33 Fix the dsearch lookup to return an untainted result. Previously the
+ taint of the lookup key was maintained; we now regard the presence in the
+ filesystem as sufficient validation.
+
+JH/34 Fix the readsocket expansion to not segfault when an empty "options"
+ argument is supplied.
+
+JH/35 The dsearch lookup now requires that the directory is an absolute path.
+ Previously this was not checked, and nonempty relative paths made an
+ access under Exim's current working directory.
+
+JH/36 Bug 2554: Fix msg:defer event for the hosts_max_try_hardlimit case.
+ Previously no event was raised.
+
+JH/37 Bug 2552: Fix the check on spool space during reception to use the SIZE
+ parameter supplied by the sender MAIL FROM command. Previously it was
+ ignored, and only the check_spool_space option value for the required
+ leeway checked.
+
+JH/38 Fix $dkim_key_length. This should, after a DKIM verification, present
+ the size of the signing public-key. Previously it was instead giving
+ the size of the signature hash.
+
+JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now
+ the default. See the (new) dkim_verify_min_keysizes option.
+
+JH/40 Fix a memory-handling bug: when a connection carried multiple messages
+ and an ACL use a lookup for checking either the local_part or domain,
+ stale data could be accessed. Ensure that variable references are
+ dropped between messages.
+
+JH/41 Bug 2571: Fix SPA authenticator. Running as a server, an offset supplied
+ by the client was not checked as pointing within response data before
+ being used. A malicious client could thus cause an out-of-bounds read and
+ possibly gain authentication. Fix by adding the check.
+
+JH/42 Internationalisation: change the default for downconversion in the smtp
+ transport to be "if needed". Previously it was "as previously set" for
+ the message, which usually meant "if needed" for message-submission but
+ "no" for everything else. However, MTAs have been seen using SMTPUTF8
+ even when the envelope addresses did not need it, resulting in forwarding
+ failures to non-supporting MTAs. A downconvert in such cases will be
+ a no-op on the addresses, merely dropping the use of SMTPUTF8 by the
+ transport. The change does mean that addresses needing conversion will
+ be converted when previously a delivery failure would occur.
+
+JH/43 Fix possible long line in DSN. Previously when a very long SMTP error
+ response was received it would be used unchecked in a fail-DSN, violating
+ standards on line-length limits. Truncate if needed.
+
+HS/01 Remove parameters of the link to www.open-spf.org. The linked form
+ doesn't work. (Additionally add a new main config option to configure the
+ spf_smtp_comment)
+
+
+Exim version 4.93
+-----------------
+
+JH/01 OpenSSL: With debug enabled output keying information sufficient, server
+ side, to decode a TLS 1.3 packet capture.
+
+JH/02 OpenSSL: Suppress the sending of (stateful) TLS1.3 session tickets.
+ Previously the default library behaviour applied, sending two, each in
+ its own TCP segment.
+
+JH/03 Debug output for ACL now gives the config file name and line number for
+ each verb.
+
+JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause.
+
+JH/05 DKIM: ensure that dkim_domain elements are lowercased before use.
+
+JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible
+ buffer overrun for (non-chunking) other transports.
+
+JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
+ TLS1.3, means that a server rejecting a client certificate is not visible
+ to the client until the first read of encrypted data (typically the
+ response to EHLO). Add detection for that case and treat it as a failed
+ TLS connection attempt, so that the normal retry-in-clear can work (if
+ suitably configured).
+
+JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part
+ and/or domain. Found and fixed by Jason Betts.
+
+JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid
+ configuration). If a CNAME target was not a wellformed name pattern, a
+ crash could result.
+
+JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when
+ the OS reports them interleaved with other addresses.
+
+JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was
+ used both for input and for a verify callout, both encrypted, SMTP
+ responses being sent by the server could be lost. This resulted in
+ dropped connections and sometimes bounces generated by a peer sending
+ to this system.
+
+JH/11 Harden plaintext authenticator against a badly misconfigured client-send
+ string. Previously it was possible to cause undefined behaviour in a
+ library routine (usually a crash). Found by "zerons".
+
+JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no
+ output.
+
+JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old
+ API was removed, so update to use the newer ones.
+
+JH/14 Bug 1891: Close the log file if receiving a non-smtp message, without
+ any timeout set, is taking a long time. Previously we would hang on to a
+ rotated logfile "forever" if the input was arriving with long gaps
+ (a previous attempt to fix addressed lack, for a long time, of initial
+ input).
+
+HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a
+ shared (NFS) environment. The length of the tempfile name is now
+ 4 + 16 ("hdr.$message_exim_id") which might break on file
+ systems which restrict the file name length to lower values.
+ (It was "hdr.$pid".)
+
+HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a
+ shared (NFS) environment.
+
+HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it
+ did for all versions <4.90). Notably -M, -m, --invert, -I may be
+ affected.
+
+JH/15 Use unsigned when creating bitmasks in macros, to avoid build errors
+ on some platforms for bit 31.
+
+JH/16 GnuTLS: rework ciphersuite strings under recent library versions. Thanks
+ to changes apparently associated with TLS1.3 handling some of the APIs
+ previously used were either nonfunctional or inappropriate. Strings
+ like TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM__AEAD:256
+ and TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128 replace
+ the previous TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 .
+ This affects log line X= elements, the $tls_{in,out}_cipher variables,
+ and the use of specific cipher names in the encrypted= ACL condition.
+
+JH/17 OpenSSL: the default openssl_options now disables ssl_v3.
+
+JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the
+ verification result was not updated unless hosts_require_ocsp applied.
+
+JH/19 Bug 2398: fix listing of a named-queue. Previously, even with the option
+ queue_list_requires_admin set to false, non-admin users were denied the
+ facility.
+
+JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
+ directory-of-certs mode. Previously they were advertised despite the
+ documentation.
+
+JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default.
+ A single TCP connection by a client will now hold a TLS connection open
+ for multiple message deliveries, by default. Previoud the default was to
+ not do so.
+
+JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by
+ default. If built with the facility, DANE will be used. The facility
+ SUPPORT_DANE is now enabled in the prototype build Makefile "EDITME".
+
+JH/23 The build default is now for TLS to be included; the SUPPORT_TLS define
+ is replaced with DISABLE_TLS. Either USE_GNUTLS or (the new) USE_OPENSSL
+ must be defined and you must still, unless you define DISABLE_TLS, manage
+ the the include-dir and library-file requirements that go with that
+ choice. Non-TLS builds are still supported.
+
+JH/24 Fix duplicated logging of peer name/address, on a transport connection-
+ reject under TFO.
+
+JH/25 The smtp transport option "hosts_try_fastopen" now enables all hosts by
+ default. If the platform supports and has the facility enabled, it will
+ be requested on all coneections.
+
+JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now
+ controlled by the build-time option SUPPORT_PIPE_CONNECT.
+
+PP/01 Unbreak heimdal_gssapi, broken in 4.92.
+
+JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for
+ success-DSN messages. Previously the From: header was always the default
+ one for these; the option was ignored.
+
+JH/28 Fix the timeout on smtp response to apply to the whole response.
+ Previously it was reset for every read, so a teergrubing peer sending
+ single bytes within the time limit could extend the connection for a
+ long time. Credit to Qualsys Security Advisory Team for the discovery.
+
+JH/29 Fix DSN Final-Recipient: field. Previously it was the post-routing
+ delivery address, which leaked information of the results of local
+ forwarding. Change to the original envelope recipient address, per
+ standards.
+
+JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is
+ requested. Previously not bounce was generated and a log entry of
+ error ignored was made.
+
+JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917)
+
+JH/32 Introduce a general tainting mechanism for values read from the input
+ channel, and values derived from them. Refuse to expand any tainted
+ values, to catch one form of exploit.
+
+JH/33 Bug 2413: Fix dkim_strict option. Previously the expansion result
+ was unused and the unexpanded text used for the test. Found and
+ fixed by Ruben Jenster.
+
+JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open,
+ an attempt to use a TLS library read routine dereffed a nul pointer,
+ causing a segfault.
+
+JH/35 Bug 2409: filter out-of-spec chars from callout response before using
+ them in our smtp response.
+
+JH/36 Have the general router option retry_use_local_part default to true when
+ any of the restrictive preconditions are set (to anything). Previously it
+ was only for check_local user. The change removes one item of manual
+ configuration which is required for proper retries when a remote router
+ handles a subset of addresses for a domain.
+
+JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file
+ link count into consideration.
+
+HS/04 Fix handling of very log lines in -H files. If a -<key> <value> line
+ caused the extension of big_buffer, the following lines were ignored.
+
+JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in
+ accordance with RFC 2308. Previously there was no expiry, so a longlived
+ receive process (eg. due to ACL delays) versus a short SOA value could
+ surprise.
+
+HS/05 Handle trailing backslash gracefully. (CVE-2019-15846)
+
+JH/39 Promote DMARC support to mainline.
+
+JH/40 Bug 2452: Add a References: header to DSNs.
+
+JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman
+ parameters. The relevant library call is documented as "Deprecated: This
+ function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since
+ 3.6.0, DH parameters are negotiated following RFC7919."
+
+HS/06 Change the default of dnssec_request_domains to "*"
+
+JH/42 Bug 2545: Fix CHUNKING for all RCPT commands rejected. Previously we
+ carried on and emitted a BDAT command, even when PIPELINING was not
+ active.
+
+JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted
+ buffer was used for the filename, resulting in a trap when tainted
+ arguments (eg. $domain) were used.
+
+JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below;
+ recommended to avoid a possible server-load attack. The feature can be
+ re-enabled via the openssl_options main cofiguration option.
+
+JH/45 local_scan API: documented the current smtp_printf() call. This changed
+ for version 4.90 - adding a "more data" boolean to the arguments.
+ Bumped the ABI version number also, this having been missed previously;
+ release versions 4.90 to 4.92.3 inclusive were effectively broken in
+ respect of usage of smtp_printf() by either local_scan code or libraries
+ accessed via the ${dlfunc } expansion item. Both will need coding
+ adjustment for any calls to smtp_printf() to match the new function
+ signature; a FALSE value for the new argument is always safe.
+
+JH/46 FreeBSD: fix use of the sendfile() syscall. The shim was not updating
+ the file-offset (which the Linux syscall does, and exim expects); this
+ resulted in an indefinite loop.
+
+JH/47 ARC: fix crash in signing, triggered when a configuration error failed
+ to do ARC verification. The Authentication-Results: header line added
+ by the configuration then had no ARC item.
+
+
+Exim version 4.92
+-----------------
+
+JH/01 Remove code calling the customisable local_scan function, unless a new
+ definition "HAVE_LOCAL_SCAN=yes" is present in the Local/Makefile.
+
+JH/02 Bug 1007: Avoid doing logging from signal-handlers, as that can result in
+ non-signal-safe functions being used.
+
+JH/03 Bug 2269: When presented with a received message having a stupidly large
+ number of DKIM-Signature headers, disable DKIM verification to avoid
+ a resource-consumption attack. The limit is set at twenty.
+
+JH/04 Add variables $arc_domains, $arc_oldest_pass for ARC verify. Fix the
+ report of oldest_pass in ${authres } in consequence, and separate out
+ some descriptions of reasons for verification fail.
+
+JH/05 Bug 2273: Cutthrough delivery left a window where the received messsage
+ files in the spool were present and unlocked. A queue-runner could spot
+ them, resulting in a duplicate delivery. Fix that by doing the unlock
+ after the unlink. Investigation by Tim Stewart. Take the opportunity to
+ add more error-checking on spoolfile handling while that code is being
+ messed with.
+
+PP/01 Refuse to open a spool data file (*-D) if it's a symlink.
+ No known attacks, no CVE, this is defensive hardening.
+
+JH/06 Bug 2275: The MIME ACL unlocked the received message files early, and
+ a queue-runner could start a delivery while other operations were ongoing.
+ Cutthrough delivery was a common victim, resulting in duplicate delivery.
+ Found and investigated by Tim Stewart. Fix by using the open message data
+ file handle rather than opening another, and not locally closing it (which
+ releases a lock) for that case, while creating the temporary .eml format
+ file for the MIME ACL. Also applies to "regex" and "spam" ACL conditions.
+
+JH/07 Bug 177: Make a random-recipient callout success visible in ACL, by setting
+ $sender_verify_failure/$recipient_verify_failure to "random".
+
+JH/08 When generating a selfsigned cert, use serial number 1 since zero is not
+ legitimate.
+
+JH/09 Bug 2274: Fix logging of cmdline args when starting in an unlinked cwd.
+ Previously this would segfault.
+
+JH/10 Fix ARC signing for case when DKIM signing failed. Previously this would
+ segfault.
+
+JH/11 Bug 2264: Exim now only follows CNAME chains one step by default. We'd
+ like zero, since the resolver should be doing this for us, But we need one
+ as a CNAME but no MX presence gets the CNAME returned; we need to check
+ that doesn't point to an MX to declare it "no MX returned" rather than
+ "error, loop". A new main option is added so the older capability of
+ following some limited number of chain links is maintained.
+
+JH/12 Add client-ip info to non-pass iprev ${authres } lines.
+
+JH/13 For receent Openssl versions (1.1 onward) use modern generic protocol
+ methods. These should support TLS 1.3; they arrived with TLS 1.3 and the
+ now-deprecated earlier definitions used only specified the range up to TLS
+ 1.2 (in the older-version library docs).
+
+JH/14 Bug 2284: Fix DKIM signing for body lines starting with a pair of dots.
+
+JH/15 Rework TLS client-side context management. Stop using a global, and
+ explicitly pass a context around. This enables future use of TLS for
+ connections to service-daemons (eg. malware scanning) while a client smtp
+ connection is using TLS; with cutthrough connections this is quite likely.
+
+JH/16 Fix ARC verification to do AS checks in reverse order.
+
+JH/17 Support a "tls" option on the ${readsocket } expansion item.
+
+JH/18 Bug 2287: Fix the protocol name (eg utf8esmtp) for multiple messages
+ using the SMTPUTF8 option on their MAIL FROM commands, in one connection.
+ Previously the "utf8" would be re-prepended for every additional message.
+
+JH/19 Reject MAIL FROM commands with SMTPUTF8 when the facility was not advertised.
+ Previously thery were accepted, resulting in issues when attempting to
+ forward messages to a non-supporting MTA.
+
+PP/02 Let -n work with printing macros too, not just options.
+
+JH/20 Bug 2296: Fix cutthrough for >1 address redirection. Previously only
+ one parent address was copied, and bogus data was used at delivery-logging
+ time. Either a crash (after delivery) or bogus log data could result.
+ Discovery and analysis by Tim Stewart.
+
+PP/03 Make ${utf8clean:} expansion operator detect incomplete final character.
+ Previously if the string ended mid-character, we did not insert the
+ promised '?' replacement.
+
+PP/04 Documentation: current string operators work on bytes, not codepoints.
+
+JH/21 Change as many as possible of the global flags into one-bit bitfields; these
+ should pack well giving a smaller memory footprint so better caching and
+ therefore performance. Group the declarations where this can't be done so
+ that the byte-sized flag variables are not interspersed among pointer
+ variables, giving a better chance of good packing by the compiler.
+
+JH/22 Bug 1896: Fix the envelope from for DMARC forensic reports to be possibly
+ non-null, to avoid issues with sites running BATV. Previously reports were
+ sent with an empty envelope sender so looked like bounces.
+
+JH/23 Bug 2318: Fix the noerror command within filters. It wasn't working.
+ The ignore_error flag wasn't being returned from the filter subprocess so
+ was not set for later routers. Investigation and fix by Matthias Kurz.
+
+JH/24 Bug 2310: Raise a msg:fail:internal event for each undelivered recipient,
+ and a msg:complete for the whole, when a message is manually removed using
+ -Mrm. Developement by Matthias Kurz, hacked on by JH.
+
+JH/25 Avoid fixed-size buffers for pathnames in DB access. This required using
+ a "Gnu special" function, asprintf() in the DB utility binary builds; I
+ hope that is portable enough.
+
+JH/26 Bug 2311: Fix DANE-TA verification under GnuTLS. Previously it was also
+ requiring a known-CA anchor certificate; make it now rely entirely on the
+ TLSA as an anchor. Checking the name on the leaf cert against the name
+ on the A-record for the host is still done for TA (but not for EE mode).
+
+JH/27 Fix logging of proxy address. Previously, a pointless "PRX=[]:0" would be
+ included in delivery lines for non-proxied connections, when compiled with
+ SUPPORT_SOCKS and running with proxy logging enabled.
+
+JH/28 Bug 2314: Fire msg:fail:delivery event even when error is being ignored.
+ Developement by Matthias Kurz, tweaked by JH. While in that bit of code,
+ move the existing event to fire before the normal logging of message
+ failure so that custom logging is bracketed by normal logging.
+
+JH/29 Bug 2322: A "fail" command in a non-system filter (file) now fires the
+ msg:fail:internal event. Developement by Matthias Kurz.
+
+JH/30 Bug 2329: Increase buffer size used for dns lookup from 2k, which was
+ far too small for todays use of crypto signatures stored there. Go all
+ the way to the max DNS message size of 64kB, even though this might be
+ overmuch for IOT constrained device use.
+
+JH/31 Fix a bad use of a copy function, which could be used to pointlessly
+ copy a string over itself. The library routine is documented as not
+ supporting overlapping copies, and on MacOS it actually raised a SIGABRT.
+
+JH/32 For main options check_spool_space and check_inode_space, where the
+ platform supports 64b integers, support more than the previous 2^31 kB
+ (i.e. more than 2 TB). Accept E, P and T multipliers in addition to
+ the previous G, M, k.
+
+JH/33 Bug 2338: Fix the cyrus-sasl authenticator to fill in the
+ $authenticated_fail_id variable on authentication failure. Previously
+ it was unset.
+
+JH/34 Increase RSA keysize of autogen selfsign cert from 1024 to 2048. RHEL 8.0
+ OpenSSL didn't want to use such a weak key. Do for GnuTLS also, and for
+ more-modern GnuTLS move from GNUTLS_SEC_PARAM_LOW to
+ GNUTLS_SEC_PARAM_MEDIUM.
+
+JH/35 OpenSSL: fail the handshake when SNI processing hits a problem, server
+ side. Previously we would continue as if no SNI had been received.
+
+JH/36 Harden the handling of string-lists. When a list consisted of a sole
+ "<" character, which should be a list-separator specification, we walked
+ off past the nul-terimation.
+
+JH/37 Bug 2341: Send "message delayed" warning MDNs (restricted to external
+ causes) even when the retry time is not yet met. Previously they were
+ not, meaning that when (say) an account was over-quota and temp-rejecting,
+ and multiple senders' messages were queued, only one sender would get
+ notified on each configured delay_warning cycle.
+
+JH/38 Bug 2351: Log failures to extract envelope addresses from message headers.
+
+JH/39 OpenSSL: clear the error stack after an SSL_accept(). With anon-auth
+ cipher-suites, an error can be left on the stack even for a succeeding
+ accept; this results in impossible error messages when a later operation
+ actually does fail.
+
+AM/01 Bug 2359: GnuTLS: repeat lowlevel read and write operations while they
+ return error codes indicating retry. Under TLS1.3 this becomes required.
+
+JH/40 Fix the feature-cache refresh for EXPERIMENTAL_PIPE_CONNECT. Previously
+ it only wrote the new authenticators, resulting in a lack of tracking of
+ peer changes of ESMTP extensions until the next cache flush.
+
+JH/41 Fix the loop reading a message header line to check for integer overflow,
+ and more-often against header_maxsize. Previously a crafted message could
+ induce a crash of the recive process; now the message is cleanly rejected.
+
+JH/42 Bug 2366: Fix the behaviour of the dkim_verify_signers option. It had
+ been totally disabled for all of 4.91. Discovery and fix by "Mad Alex".
+
+
+Exim version 4.91
+-----------------
+
+GF/01 DEFER rather than ERROR on redis cluster MOVED response.
+ When redis_servers is set to a list of > 1 element, and the Redis servers
+ in that list are in cluster configuration, convert the REDIS_REPLY_ERROR
+ case of MOVED into a DEFER case instead, thus moving the query onto the
+ next server in the list. For a cluster of N elements, all N servers must
+ be defined in redis_servers.
+
+GF/02 Catch and remove uninitialized value warning in exiqsumm
+ Check for existence of @ARGV before looking at $ARGV[0]
+
+JH/01 Replace the store_release() internal interface with store_newblock(),
+ which internalises the check required to safely use the old one, plus
+ the allocate and data copy operations duplicated in both (!) of the
+ extant use locations.
+
+JH/02 Disallow '/' characters in queue names specified for the "queue=" ACL
+ modifier. This matches the restriction on the commandline.
+
+JH/03 Fix pgsql lookup for multiple result-tuples with a single column.
+ Previously only the last row was returned.
+
+JH/04 Bug 2217: Tighten up the parsing of DKIM signature headers. Previously
+ we assumed that tags in the header were well-formed, and parsed the
+ element content after inspecting only the first char of the tag.
+ Assumptions at that stage could crash the receive process on malformed
+ input.
+
+JH/05 Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
+ While running the DKIM ACL we operate on the Permanent memory pool so that
+ variables created with "set" persist to the DATA ACL. Also (at any time)
+ DNS lookups that fail create cache records using the Permanent pool. But
+ expansions release any allocations made on the current pool - so a dnsdb
+ lookup expansion done in the DKIM ACL releases the memory used for the
+ DNS negative-cache, and bad things result. Solution is to switch to the
+ Main pool for expansions.
+ While we're in that code, add checks on the DNS cache during store_reset,
+ active in the testsuite.
+ Problem spotted, and debugging aided, by Wolfgang Breyha.
+
+JH/06 Fix issue with continued-connections when the DNS shifts unreliably.
+ When none of the hosts presented to a transport match an already-open
+ connection, close it and proceed with the list. Previously we would
+ queue the message. Spotted by Lena with Yahoo, probably involving
+ round-robin DNS.
+
+JH/07 Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL.
+ Previously a spurious "250 OK id=" response was appended to the proper
+ failure response.
+
+JH/08 The "support for" informational output now, which built with Content
+ Scanning support, has a line for the malware scanner interfaces compiled
+ in. Interface can be individually included or not at build time.
+
+JH/09 The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
+ by the template makefile "src/EDITME". The "STREAM" support for an older
+ ClamAV interface method is removed.
+
+JH/10 Bug 2223: Fix mysql lookup returns for the no-data case (when the number of
+ rows affected is given instead).
+
+JH/11 The runtime Berkeley DB library version is now additionally output by
+ "exim -d -bV". Previously only the compile-time version was shown.
+
+JH/12 Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
+ SMTP connection. Previously, when one had more receipients than the
+ first, an abortive onward connection was made. Move to full support for
+ multiple onward connections in sequence, handling cutthrough connection
+ for all multi-message initiating connections.
+
+JH/13 Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by
+ routers. Previously, a multi-recipient message would fail to match the
+ onward-connection opened for the first recipient, and cause its closure.
+
+JH/14 Bug 2174: A timeout on connect for a callout was also erroneously seen as
+ a timeout on read on a GnuTLS initiating connection, resulting in the
+ initiating connection being dropped. This mattered most when the callout
+ was marked defer_ok. Fix to keep the two timeout-detection methods
+ separate.
+
+JH/15 Relax results from ACL control request to enable cutthrough, in
+ unsupported situations, from error to silently (except under debug)
+ ignoring. This covers use with PRDR, frozen messages, queue-only and
+ fake-reject.
+
+HS/01 Fix Buffer overflow in base64d() (CVE-2018-6789)
+
+JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
+ metadata, resulting in a crash in free().
+
+PP/01 Fix broken Heimdal GSSAPI authenticator integration.
+ Broken in f2ed27cf5, missing an equals sign for specified-initialisers.
+ Broken also in d185889f4, with init system revamp.
+
+JH/17 Bug 2113: Fix conversation closedown with the Avast malware scanner.
+ Previously we abruptly closed the connection after reading a malware-
+ found indication; now we go on to read the "scan ok" response line,
+ and send a quit.
+
+JH/18 Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail
+ ACL. Previously, a crash would result.
+
+JH/19 Speed up macro lookups during configuration file read, by skipping non-
+ macro text after a replacement (previously it was only once per line) and
+ by skipping builtin macros when searching for an uppercase lead character.
+
+JH/20 DANE support moved from Experimental to mainline. The Makefile control
+ for the build is renamed.
+
+JH/21 Fix memory leak during multi-message connections using STARTTLS. A buffer
+ was allocated for every new TLS startup, meaning one per message. Fix
+ by only allocating once (OpenSSL) or freeing on TLS-close (GnuTLS).
+
+JH/22 Bug 2236: When a DKIM verification result is overridden by ACL, DMARC
+ reported the original. Fix to report (as far as possible) the ACL
+ result replacing the original.
+
+JH/23 Fix memory leak during multi-message connections using STARTTLS under
+ OpenSSL. Certificate information is loaded for every new TLS startup,
+ and the resources needed to be freed.
+
+JH/24 Bug 2242: Fix exim_dbmbuild to permit directoryless filenames.
+
+JH/25 Fix utf8_downconvert propagation through a redirect router. Previously it
+ was not propagated.
+
+JH/26 Bug 2253: For logging delivery lines under PRDR, append the overall
+ DATA response info to the (existing) per-recipient response info for
+ the "C=" log element. It can have useful tracking info from the
+ destination system. Patch from Simon Arlott.
+
+JH/27 Bug 2251: Fix ldap lookups that return a single attribute having zero-
+ length value. Previously this would segfault.
+
+HS/02 Support Avast multiline protoocol, this allows passing flags to
+ newer versions of the scanner.
+
+JH/28 Ensure that variables possibly set during message acceptance are marked
+ dead before release of memory in the daemon loop. This stops complaints
+ about them when the debug_store option is enabled. Discovered specifically
+ for sender_rate_period, but applies to a whole set of variables.
+ Do the same for the queue-runner and queue-list loops, for variables set
+ from spool message files. Do the same for the SMTP per-message loop, for
+ certain variables indirectly set in ACL operations.
+
+JH/29 Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
+ as a multi-recipient message from a mailinglist manager). The coding had
+ an arbitrary cutoff number of characters while checking for more input;
+ enforced by writing a NUL into the buffer. This corrupted long / fast
+ input. The problem was exposed more widely when more pipelineing of SMTP
+ responses was introduced, and one Exim system was feeding another.
+ The symptom is log complaints of SMTP syntax error (NUL chars) on the
+ receiving system, and refused recipients seen by the sending system
+ (propating to people being dropped from mailing lists).
+ Discovered and pinpointed by David Carter.
+
+JH/30 The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
+ replaced by the ${authresults } expansion.
+
+JH/31 Bug 2257: Fix pipe transport to not use a socket-only syscall.
+
+HS/03 Set a handler for SIGTERM and call exit(3) if running as PID 1. This
+ allows proper process termination in container environments.
+
+JH/32 Bug 2258: Fix spool_wireformat in combination with LMTP transport.
+ Previously the "final dot" had a newline after it; ensure it is CR,LF.
+
+JH/33 SPF: remove support for the "spf" ACL condition outcome values "err_temp"
+ and "err_perm", deprecated since 4.83 when the RFC-defined words
+ "temperror" and "permerror" were introduced.
+
+JH/34 Re-introduce enforcement of no cutthrough delivery on transports having
+ transport-filters or DKIM-signing. The restriction was lost in the
+ consolidation of verify-callout and delivery SMTP handling.
+ Extend the restriction to also cover ARC-signing.
+
+JH/35 Cutthrough: for a final-dot response timeout (and nonunderstood responses)
+ in defer=pass mode supply a 450 to the initiator. Previously the message
+ would be spooled.
+
+PP/02 DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
+ tls_require_ciphers is used as before.
+
+HS/03 Malware Avast: Better match the Avast multiline protocol. Add
+ "pass_unscanned". Only tmpfails from the scanner are written to
+ the paniclog, as they may require admin intervention (permission
+ denied, license issues). Other scanner errors (like decompression
+ bombs) do not cause a paniclog entry.
+
+JH/36 Fix reinitialisation of DKIM logging variable between messages.
+ Previously it was possible to log spurious information in receive log
+ lines.
+
+JH/37 Bug 2255: Revert the disable of the OpenSSL session caching. This
+ triggered odd behaviour from Outlook Express clients.
+
+PP/03 Add util/renew-opendmarc-tlds.sh script for safe renewal of public
+ suffix list.
+
+JH/38 DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
+ since the IETF WG has not yet settled on that versus the original
+ "bare" representation.
+
+JH/39 Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
+ Previously the millisecond value corrupted the output.
+ Fix also for syslog_pid=no and log_selector +pid, for which the pid
+ corrupted the output.
+
+
+Exim version 4.90
+-----------------
+
+JH/01 Rework error string handling in TLS interface so that the caller in
+ more cases is responsible for logging. This permits library-sourced
+ string to be attached to addresses during delivery, and collapses
+ pairs of long lines into single ones.
+
+PP/01 Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
+ during configuration. Wildcards are allowed and expanded.
+
+JH/02 Rework error string handling in DKIM to pass more info back to callers.
+ This permits better logging.
+
+JH/03 Rework the transport continued-connection mechanism: when TLS is active,
+ do not close it down and have the child transport start it up again on
+ the passed-on TCP connection. Instead, proxy the child (and any
+ subsequent ones) for TLS via a unix-domain socket channel. Logging is
+ affected: the continued delivery log lines do not have any DNSSEC, TLS
+ Certificate or OCSP information. TLS cipher information is still logged.
+
+JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of
+ identical IP addresses on different listening ports. Will also affect
+ "exiwhat" output.
+
+PP/02 Bug 2070: uClibc defines __GLIBC__ without providing glibc headers;
+ add noisy ifdef guards to special-case this sillyness.
+ Patch from Bernd Kuhls.
+
+JH/05 Tighten up the checking in isip4 (et al): dotted-quad components larger
+ than 255 are no longer allowed.
+
+JH/06 Default openssl_options to include +no_ticket, to reduce load on peers.
+ Disable the session-cache too, which might reduce our load. Since we
+ currrectly use a new context for every connection, both as server and
+ client, there is no benefit for these.
+ GnuTLS appears to not support tickets server-side by default (we don't
+ call gnutls_session_ticket_enable_server()) but client side is enabled
+ by default on recent versions (3.1.3 +) unless the PFS priority string
+ is used (3.2.4 +).
+
+PP/03 Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
+ <https://reproducible-builds.org/specs/source-date-epoch/>.
+
+JH/07 Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously
+ the check for any unsuccessful recipients did not notice the limit, and
+ erroneously found still-pending ones.
+
+JH/08 Pipeline CHUNKING command and data together, on kernels that support
+ MSG_MORE. Only in-clear (not on TLS connections).
+
+JH/09 Avoid using a temporary file during transport using dkim. Unless a
+ transport-filter is involved we can buffer the headers in memory for
+ creating the signature, and read the spool data file once for the
+ signature and again for transmission.
+
+JH/10 Enable use of sendfile in Linux builds as default. It was disabled in
+ 4.77 as the kernel support then wasn't solid, having issues in 64bit
+ mode. Now, it's been long enough. Add support for FreeBSD also.
+
+JH/11 Bug 2104: Fix continued use of a transport connection with TLS. In the
+ case where the routing stage had gathered several addresses to send to
+ a host before calling the transport for the first, we previously failed
+ to close down TLS in the old transport process before passing the TCP
+ connection to the new process. The new one sent a STARTTLS command
+ which naturally failed, giving a failed delivery and bloating the retry
+ database. Investigation and fix prototype from Wolfgang Breyha.
+
+JH/12 Fix check on SMTP command input synchronisation. Previously there were
+ false-negatives in the check that the sender had not preempted a response
+ or prompt from Exim (running as a server), due to that code's lack of
+ awareness of the SMTP input buffering.
+
+PP/04 Add commandline_checks_require_admin option.
+ Exim drops privileges sanely, various checks such as -be aren't a
+ security problem, as long as you trust local users with access to their
+ own account. When invoked by services which pass untrusted data to
+ Exim, this might be an issue. Set this option in main configuration
+ AND make fixes to the calling application, such as using `--` to stop
+ processing options.
+
+JH/13 Do pipelining under TLS. Previously, although safe, no advantage was
+ taken. Now take care to pack both (client) MAIL,RCPT,DATA, and (server)
+ responses to those, into a single TLS record each way (this usually means
+ a single packet). As a side issue, smtp_enforce_sync now works on TLS
+ connections.
+
+PP/05 OpenSSL/1.1: use DH_bits() for more accurate DH param sizes. This
+ affects you only if you're dancing at the edge of the param size limits.
+ If you are, and this message makes sense to you, then: raise the
+ configured limit or use OpenSSL 1.1. Nothing we can do for older
+ versions.
+
+JH/14 For the "sock" variant of the malware scanner interface, accept an empty
+ cmdline element to get the documented default one. Previously it was
+ inaccessible.
+
+JH/15 Fix a crash in the smtp transport caused when two hosts in succession
+ are unsuable for non-message-specific reasons - eg. connection timeout,
+ banner-time rejection.
+
+JH/16 Fix logging of delivery remote port, when specified by router, under
+ callout/hold.
+
+PP/06 Repair manualroute's ability to take options in any order, even if one
+ is the name of a transport.
+ Fixes bug 2140.
+
+HS/01 Cleanup, prevent repeated use of -p/-oMr (CVE-2017-1000369)
+
+JH/17 Change the list-building routines interface to use the expanding-string
+ triplet model, for better allocation and copying behaviour.
+
+JH/18 Prebuild the data-structure for "builtin" macros, for faster startup.
+ Previously it was constructed the first time a possibly-matching string
+ was met in the configuration file input during startup; now it is done
+ during compilation.
+
+JH/19 Bug 2141: Use the full-complex API for Berkeley DB rather than the legacy-
+ compatible one, to avoid the (poorly documented) possibility of a config
+ file in the working directory redirecting the DB files, possibly correpting
+ some existing file. CVE-2017-10140 assigned for BDB.
+
+JH/20 Bug 2147: Do not defer for a verify-with-callout-and-random which is not
+ cache-hot. Previously, although the result was properly cached, the
+ initial verify call returned a defer.
+
+JH/21 Bug 2151: Avoid using SIZE on the MAIL for a callout verify, on any but
+ the main verify for receipient in uncached-mode.
+
+JH/22 Retire historical build files to an "unsupported" subdir. These are
+ defined as "ones for which we have no current evidence of testing".
+
+JH/23 DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field,
+ if present. Previously it was ignored.
+
+JH/24 Start using specified-initialisers in C structure init coding. This is
+ a C99 feature (it's 2017, so now considered safe).
+
+JH/25 Use one-bit bitfields for flags in the "addr" data structure. Previously
+ if was a fixed-sized field and bitmask ops via macros; it is now more
+ extensible.
+
+PP/07 GitHub PR 56: Apply MariaDB build fix.
+ Patch provided by Jaroslav Škarvada.
+
+PP/08 Bug 2161: Fix regression in sieve quoted-printable handling introduced
+ during Coverity cleanups [4.87 JH/47]
+ Diagnosis and fix provided by Michael Fischer v. Mollard.
+
+JH/26 Fix DKIM bug: when the pseudoheader generated for signing was exactly
+ the right size to place the terminating semicolon on its own folded
+ line, the header hash was calculated to an incorrect value thanks to
+ the (relaxed) space the fold became.
+
+HS/02 Fix Bug 2130: large writes from the transport subprocess were chunked
+ and confused the parent.
+
+JH/27 Fix SOCKS bug: an unitialized pointer was deref'd by the transport process
+ which could crash as a result. This could lead to undeliverable messages.
+
+JH/28 Logging: "next input sent too soon" now shows where input was truncated
+ for log purposes.
+
+JH/29 Fix queue_run_in_order to ignore the PID portion of the message ID. This
+ matters on fast-turnover and PID-randomising systems, which were getting
+ out-of-order delivery.
+
+JH/30 Fix a logging bug on aarch64: an unsafe routine was previously used for
+ a possibly-overlapping copy. The symptom was that "Remote host closed
+ connection in response to HELO" was logged instead of the actual 4xx
+ error for the HELO.
+
+JH/31 Fix CHUNKING code to properly flush the unwanted chunk after an error.
+ Previously only that bufferd was discarded, resulting in SYMTP command
+ desynchronisation.
+
+JH/32 DKIM: when a message has multiple signatures matching an identity given
+ in dkim_verify_signers, run the dkim acl once for each. Previously only
+ one run was done. Bug 2189.
+
+JH/33 Downgrade an unfound-list name (usually a typo in the config file) from
+ "panic the current process" to "deliberately defer". The panic log is
+ still written with the problem list name; the mail and reject logs now
+ get a temp-reject line for the message that was being handled, saying
+ something like "domains check lookup or other defer". The SMTP 451
+ message is still "Temporary local problem".
+
+JH/34 Bug 2199: Fix a use-after-free while reading smtp input for header lines.
+ A crafted sequence of BDAT commands could result in in-use memory beeing
+ freed. CVE-2017-16943.
+
+HS/03 Bug 2201: Fix checking for leading-dot on a line during headers reading
+ from SMTP input. Previously it was always done; now only done for DATA
+ and not BDAT commands. CVE-2017-16944.
+
+JH/35 Bug 2201: Flush received data in BDAT mode after detecting an error fatal
+ to the message (such as an overlong header line). Previously this was
+ not done and we did not exit BDAT mode. Followon from the previous item
+ though a different problem.
+
+
+Exim version 4.89
+-----------------
+
+JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules
+ than -2003 did; needs libidn2 in addition to libidn.
+
+JH/02 The path option on a pipe transport is now expanded before use.
+
+PP/01 GitHub PR 50: Do not call ldap_start_tls_s on ldapi:// connections.
+ Patch provided by "Björn", documentation fix added too.
+
+JH/03 Bug 2003: fix Proxy Protocol v2 handling: the address size field was
+ missing a wire-to-host endian conversion.
+
+JH/04 Bug 2004: fix CHUNKING in non-PIPELINEING mode. Chunk data following
+ close after a BDAT command line could be taken as a following command,
+ giving a synch failure. Fix by only checking for synch immediately
+ before acknowledging the chunk.
+
+PP/02 GitHub PR 52: many spelling fixes, which include fixing parsing of
+ no_require_dnssec option and creation of _HAVE_TRANSPORT_APPEND_MAILDIR
+ macro. Patches provided by Josh Soref.
+
+JH/05 Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
+ Previously we did not; the RFC seems ambiguous and VRFY is not listed
+ by IANA as a service extension. However, John Klensin suggests that we
+ should.
+
+JH/06 Bug 2017: Fix DKIM verification in -bh test mode. The data feed into
+ the dkim code may be unix-mode line endings rather than smtp wire-format
+ CRLF, so prepend a CR to any bare LF.
+
+JH/07 Rationalise the coding for callout smtp conversations and transport ones.
+ As a side-benfit, callouts can now use PIPELINING hence fewer round-trips.
+
+JH/08 Bug 2016: Fix DKIM verification vs. CHUNKING. Any BDAT commands after
+ the first were themselves being wrongly included in the feed into dkim
+ processing; with most chunk sizes in use this resulted in an incorrect
+ body hash calculated value.
+
+JH/09 Bug 2014: permit inclusion of a DKIM-Signature header in a received
+ DKIM signature block, for verification. Although advised against by
+ standards it is specifically not ruled illegal.
+
+JH/10 Bug 2025: Fix reception of (quoted) local-parts with embedded spaces.
+
+JH/11 Bug 2029: Fix crash in DKIM verification when a message signature block is
+ missing a body hash (the bh= tag).
+
+JH/12 Bug 2018: Re-order Proxy Protocol startup versus TLS-on-connect startup.
+ It seems that HAProxy sends the Proxy Protocol information in clear and
+ only then does a TLS startup, so do the same.
+
+JH/13 Bug 2027: Avoid attempting to use TCP Fast Open for non-transport client
+ TCP connections (such as for Spamd) unless the daemon successfully set
+ Fast Open mode on its listening sockets. This fixes breakage seen on
+ too-old kernels or those not configured for Fast Open, at the cost of
+ requiring both directions being enabled for TFO, and TFO never being used
+ by non-daemon-related Exim processes.
+
+JH/14 Bug 2000: Reject messages recieved with CHUNKING but with malformed line
+ endings, at least on the first header line. Try to canonify any that get
+ past that check, despite the cost.
+
+JH/15 Angle-bracket nesting (an error inserted by broken sendmails) levels are
+ now limited to an arbitrary five deep, while parsing addresses with the
+ strip_excess_angle_brackets option enabled.
+
+PP/03 Bug 2018: For Proxy Protocol and TLS-on-connect, do not over-read and
+ instead leave the unprompted TLS handshake in socket buffer for the
+ TLS library to consume.
+
+PP/04 Bug 2018: Also handle Proxy Protocol v2 safely.
+
+PP/05 FreeBSD compat: handle that Ports no longer create /usr/bin/perl
+
+JH/16 Drop variables when they go out of scope. Memory management drops a whole
+ region in one operation, for speed, and this leaves assigned pointers
+ dangling. Add checks run only under the testsuite which checks all
+ variables at a store-reset and panics on a dangling pointer; add code
+ explicitly nulling out all the variables discovered. Fixes one known
+ bug: a transport crash, where a dangling pointer for $sending_ip_address
+ originally assigned in a verify callout, is re-used.
+
+PP/06 Drop '.' from @INC in various Perl scripts.
+
+PP/07 Switch FreeBSD iconv to always use the base-system libc functions.
+
+PP/08 Reduce a number of compilation warnings under clang; building with
+ CC=clang CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses
+ should be warning-free.
+
+JH/17 Fix inbound CHUNKING when DKIM disabled at runtime.
+
+HS/01 Fix portability problems introduced by PP/08 for platforms where
+ realloc(NULL) is not equivalent to malloc() [SunOS et al].
+
+HS/02 Bug 1974: Fix missing line terminator on the last received BDAT
+ chunk. This allows us to accept broken chunked messages. We need a more
+ general solution here.
+
+PP/09 Wrote util/chunking_fixqueue_finalnewlines.pl to help recover
+ already-broken messages in the queue.
+
+JH/18 Bug 2061: Fix ${extract } corrupting an enclosing ${reduce } $value.
+
+JH/19 Fix reference counting bug in routing-generated-address tracking.
+
+
+Exim version 4.88
+-----------------
+
+JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
+ supports it and a size is available (ie. the sending peer gave us one).
+
+JH/02 The obsolete acl condition "demime" is removed (finally, after ten
+ years of being deprecated). The replacements are the ACLs
+ acl_smtp_mime and acl_not_smtp_mime.
+
+JH/03 Upgrade security requirements imposed for hosts_try_dane: previously
+ a downgraded non-dane trust-anchor for the TLS connection (CA-style)
+ or even an in-clear connection were permitted. Now, if the host lookup
+ was dnssec and dane was requested then the host is only used if the
+ TLSA lookup succeeds and is dnssec. Further hosts (eg. lower priority
+ MXs) will be tried (for hosts_try_dane though not for hosts_require_dane)
+ if one fails this test.
+ This means that a poorly-configured remote DNS will make it incommunicado;
+ but it protects against a DNS-interception attack on it.
+
+JH/04 Bug 1810: make continued-use of an open smtp transport connection
+ non-noisy when a race steals the message being considered.
+
+JH/05 If main configuration option tls_certificate is unset, generate a
+ self-signed certificate for inbound TLS connections.
+
+JH/06 Bug 165: hide more cases of password exposure - this time in expansions
+ in rewrites and routers.
+
+JH/07 Retire gnutls_require_mac et.al. These were nonfunctional since 4.80
+ and logged a warning sing 4.83; now they are a configuration file error.
+
+JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name
+ (lacking @domain). Apply the same qualification processing as RCPT.
+
+JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode.
+
+JH/10 Support ${sha256:} applied to a string (as well as the previous
+ certificate).
+
+JH/11 Cutthrough: avoid using the callout hints db on a verify callout when
+ a cutthrough deliver is pending, as we always want to make a connection.
+ This also avoids re-routing the message when later placing the cutthrough
+ connection after a verify cache hit.
+ Do not update it with the verify result either.
+
+JH/12 Cutthrough: disable when verify option success_on_redirect is used, and
+ when routing results in more than one destination address.
+
+JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim
+ signing (which inhibits the cutthrough capability). Previously only
+ the presence of an option was tested; now an expansion evaluating as
+ empty is permissible (obviously it should depend only on data available
+ when the cutthrough connection is made).
+
+JH/14 Fix logging of errors under PIPELINING. Previously the log line giving
+ the relevant preceding SMTP command did not note the pipelining mode.
+
+JH/15 Fix counting of empty lines in $body_linecount and $message_linecount.
+ Previously they were not counted.
+
+JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same
+ as one having no matching records. Previously we deferred the message
+ that needed the lookup.
+
+JH/17 Fakereject: previously logged as a normal message arrival "<="; now
+ distinguished as "(=".
+
+JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work
+ for missing MX records. Previously it only worked for missing A records.
+
+JH/19 Bug 1850: support Radius libraries that return REJECT_RC.
+
+JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops
+ after the data-go-ahead and data-ack. Patch from Jason Betts.
+
+JH/21 Bug 1846: Send DMARC forensic reports for reject and quarantine results,
+ even for a "none" policy. Patch from Tony Meyer.
+
+JH/22 Fix continued use of a connection for further deliveries. If a port was
+ specified by a router, it must also match for the delivery to be
+ compatible.
+
+JH/23 Bug 1874: fix continued use of a connection for further deliveries.
+ When one of the recipients of a message was unsuitable for the connection
+ (has no matching addresses), we lost track of needing to mark it
+ deferred. As a result mail would be lost.
+
+JH/24 Bug 1832: Log EHLO response on getting conn-close response for HELO.
+
+JH/25 Decoding ACL controls is now done using a binary search; the source code
+ takes up less space and should be simpler to maintain. Merge the ACL
+ condition decode tables also, with similar effect.
+
+JH/26 Fix problem with one_time used on a redirect router which returned the
+ parent address unchanged. A retry would see the parent address marked as
+ delivered, so not attempt the (identical) child. As a result mail would
+ be lost.
+
+JH/27 Fix a possible security hole, wherein a process operating with the Exim
+ UID can gain a root shell. Credit to http://www.halfdog.net/ for
+ discovery and writeup. Ubuntu bug 1580454; no bug raised against Exim
+ itself :(
+
+JH/28 Enable {spool,log} filesystem space and inode checks as default.
+ Main config options check_{log,spool}_{inodes,space} are now
+ 100 inodes, 10MB unless set otherwise in the configuration.
+
+JH/29 Fix the connection_reject log selector to apply to the connect ACL.
+ Previously it only applied to the main-section connection policy
+ options.
+
+JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext.
+
+PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
+ by me. Added RFC7919 DH primes as an alternative.
+
+PP/02 Unbreak build via pkg-config with new hash support when crypto headers
+ are not in the system include path.
+
+JH/31 Fix longstanding bug with aborted TLS server connection handling. Under
+ GnuTLS, when a session startup failed (eg because the client disconnected)
+ Exim did stdio operations after fclose. This was exposed by a recent
+ change which nulled out the file handle after the fclose.
+
+JH/32 Bug 1909: Fix OCSP proof verification for cases where the proof is
+ signed directly by the cert-signing cert, rather than an intermediate
+ OCSP-signing cert. This is the model used by LetsEncrypt.
+
+JH/33 Bug 1914: Ensure socket is nonblocking before draining after SMTP QUIT.
+
+HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on
+ an incoming connection.
+
+HS/02 Bug 1802: Do not half-close the connection after sending a request
+ to rspamd.
+
+HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2
+ fallback to "prime256v1".
+
+JH/34 SECURITY: Use proper copy of DATA command in error message.
+ Could leak key material. Remotely exploitable. CVE-2016-9963.
+
+
+Exim version 4.87
+-----------------
+
+JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16
+ and 3.4.4 - once the server is enabled to respond to an OCSP request
+ it does even when not requested, resulting in a stapling non-aware
+ client dropping the TLS connection.
+
+TF/01 Code cleanup: Overhaul the debug_selector and log_selector machinery to
+ support variable-length bit vectors. No functional change.
+
+TF/02 Improve the consistency of logging incoming and outgoing interfaces.
+ The I= interface field on outgoing lines is now after the H= remote
+ host field, same as incoming lines. There is a separate
+ outgoing_interface log selector which allows you to disable the
+ outgoing I= field.
+
+JH/02 Bug 728: Close logfiles after a daemon-process "exceptional" log write.
+ If not running log_selector +smtp_connection the mainlog would be held
+ open indefinitely after a "too many connections" event, including to a
+ deleted file after a log rotate. Leave the per net connection logging
+ leaving it open for efficiency as that will be quickly detected by the
+ check on the next write.
+
+HS/01 Bug 1671: Fix post transport crash.
+ Processing the wait-<transport> messages could crash the delivery
+ process if the message IDs didn't exist for some reason. When
+ using 'split_spool_directory=yes' the construction of the spool
+ file name failed already, exposing the same netto behaviour.
+
+JH/03 Bug 425: Capture substrings in $regex1, $regex2 etc from regex &
+ mime_regex ACL conditions.
+
+JH/04 Bug 1686: When compiled with EXPERIMENTAL_DSN_INFO: Add extra information
+ to DSN fail messages (bounces): remote IP, remote greeting, remote response
+ to HELO, local diagnostic string.
+
+JH/05 Downgrade message for a TLS-certificate-based authentication fail from
+ log line to debug. Even when configured with a tls authenticator many
+ client connections are expected to not authenticate in this way, so
+ an authenticate fail is not an error.
+
+HS/02 Add the Exim version string to the process info. This way exiwhat
+ gives some more detail about the running daemon.
+
+JH/06 Bug 1395: time-limit caching of DNS lookups, to the TTL value. This may
+ matter for fast-change records such as DNSBLs.
+
+JH/07 Bug 1678: Always record an interface option value, if set, as part of a
+ retry record, even if constant. There may be multiple transports with
+ different interface settings and the retry behaviour needs to be kept
+ distinct.
+
+JH/08 Bug 1586: exiqgrep now refuses to run if there are unexpected arguments.
+
+JH/09 Bug 1700: ignore space & tab embedded in base64 during decode.
+
+JH/10 Bug 840: fix log_defer_output option of pipe transport
+
+JH/11 Bug 830: use same host for all RCPTS of a message, even under
+ hosts_randomize. This matters a lot when combined with mua_wrapper.
+
+JH/12 Bug 1706: percent and underbar characters are no longer escaped by the
+ ${quote_pgsql:<string>} operator.
+
+JH/13 Bug 1708: avoid misaligned access in cached lookup.
+
+JH/14 Change header file name for freeradius-client. Relevant if compiling
+ with Radius support; from the Gentoo tree and checked under Fedora.
+
+JH/15 Bug 1712: Introduce $prdr_requested flag variable
+
+JH/16 Bug 1714: Permit an empty string as expansion result for transport
+ option transport_filter, meaning no filtering.
+
+JH/17 Bug 1713: Fix non-PDKIM_DEBUG build. Patch from Jasen Betts.
+
+JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now
+ defaults to "*" (all hosts). The variable is now available when not built
+ with TLS, default unset, mainly to enable keeping the testsuite sane.
+ If a server certificate is not supplied (via tls_certificate) an error is
+ logged, and clients will find TLS connections fail on startup. Presumably
+ they will retry in-clear.
+ Packagers of Exim are strongly encouraged to create a server certificate
+ at installation time.
+
+HS/03 Add -bP config_file as a synonym for -bP configure_file, for consistency
+ with the $config_file variable.
+
+JH/19 Two additional event types: msg:rcpt:defer and msg:rcpt:host:defer. Both
+ in transport context, after the attempt, and per-recipient. The latter type
+ is per host attempted. The event data is the error message, and the errno
+ information encodes the lookup type (A vs. MX) used for the (first) host,
+ and the trailing two digits of the smtp 4xx response.
+
+GF/01 Bug 1715: Fix for race condition in exicyclog, where exim could attempt
+ to write to mainlog (or rejectlog, paniclog) in the window between file
+ creation and permissions/ownership being changed. Particularly affects
+ installations where exicyclog is run as root, rather than exim user;
+ result is that the running daemon panics and dies.
+
+JH/20 Bug 1701: For MySQL lookups, support MySQL config file option group names.
+
+JH/21 Bug 1720: Add support for priority groups and weighted-random proxy
+ selection for the EXPERIMENTAL_SOCKS feature, via new per-proxy options
+ "pri" and "weight". Note that the previous implicit priority given by the
+ list order is no longer honoured.
+
+JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalization
+ for DKIM processing.
+
+JH/23 Move SOCKS5 support from Experimental to mainline, enabled for a build
+ by defining SUPPORT_SOCKS.
+
+JH/26 Move PROXY support from Experimental to mainline, enabled for a build
+ by defining SUPPORT_PROXY. Note that the proxy_required_hosts option
+ is renamed to hosts_proxy, and the proxy_{host,target}_{address,port}.
+ variables are renamed to proxy_{local,external}_{address,port}.
+
+JH/27 Move Internationalisation support from Experimental to mainline, enabled
+ for a build by defining SUPPORT_I18N
+
+JH/28 Bug 1745: Fix redis lookups to handle (quoted) spaces embedded in parts
+ of the query string, and make ${quote_redis:} do that quoting.
+
+JH/29 Move Events support from Experimental to mainline, enabled by default
+ and removable for a build by defining DISABLE_EVENT.
+
+JH/30 Updated DANE implementation code to current from Viktor Dukhovni.
+
+JH/31 Fix bug with hosts_connection_nolog and named-lists which were wrongly
+ cached by the daemon.
+
+JH/32 Move Redis support from Experimental to mainline, enabled for a build
+ by defining LOOKUP_REDIS. The libhiredis library is required.
+
+JH/33 Bug 1748: Permit ACL dnslists= condition in non-smtp ACLs if explicit
+ keys are given for lookup.
+
+JH/34 Bug 1192: replace the embedded copy of PolarSSL RSA routines in the DKIM
+ support, by using OpenSSL or GnuTLS library ones. This means DKIM is
+ only supported when built with TLS support. The PolarSSL SHA routines
+ are still used when the TLS library is too old for convenient support.
+
+JH/35 Require SINGLE_DH_USE by default in OpenSSL (main config option
+ openssl_options), for security. OpenSSL forces this from version 1.1.0
+ server-side so match that on older versions.
+
+JH/36 Bug 1778: longstanding bug in memory use by the ${run } expansion: A fresh
+ allocation for $value could be released as the expansion processing
+ concluded, but leaving the global pointer active for it.
+
+JH/37 Bug 1769: Permit a VRFY ACL to override the default 252 response,
+ and to use the domains and local_parts ACL conditions.
+
+JH/38 Fix cutthrough bug with body lines having a single dot. The dot was
+ incorrectly not doubled on cutthrough transmission, hence seen as a
+ body-termination at the receiving system - resulting in truncated mails.
+ Commonly the sender saw a TCP-level error, and retransmitted the message
+ via the normal store-and-forward channel. This could result in duplicates
+ received - but deduplicating mailstores were liable to retain only the
+ initial truncated version.
+
+JH/39 Bug 1781: Fix use of DKIM private-keys having trailing '=' in the base-64.
+
+JH/40 Fix crash in queryprogram router when compiled with EXPERIMENTAL_SRS.
+
+JH/41 Bug 1792: Fix selection of headers to sign for DKIM: bottom-up. While
+ we're in there, support oversigning also; bug 1309.
+
+JH/42 Bug 1796: Fix error logged on a malware scanner connection failure.
+
+HS/04 Add support for keep_environment and add_environment options.
+
+JH/43 Tidy coding issues detected by gcc --fsanitize=undefined. Some remain;
+ either intentional arithmetic overflow during PRNG, or testing config-
+ induced overflows.
+
+JH/44 Bug 1800: The combination of a -bhc commandline option and cutthrough
+ delivery resulted in actual delivery. Cancel cutthrough before DATA
+ stage.
+
+JH/45 Fix cutthrough, when connection not opened by verify and target hard-
+ rejects a recipient: pass the reject to the originator.
+
+JH/46 Multiple issues raised by Coverity. Some were obvious or plausible bugs.
+ Many were false-positives and ignorable, but it's worth fixing the
+ former class.
+
+JH/47 Fix build on HP-UX and older Solaris, which need (un)setenv now also
+ for the new environment-manipulation done at startup. Move the routines
+ from being local to tls.c to being global via the os.c file.
+
+JH/48 Bug 1807: Fix ${extract } for the numeric/3-string case. While preparsing
+ an extract embedded as result-arg for a map, the first arg for extract
+ is unavailable so we cannot tell if this is a numbered or keyed
+ extraction. Accept either.
+
+
+Exim version 4.86
+-----------------
+
+JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
+ expanded.
+
+JH/02 The smtp transport option "multi_domain" is now expanded.
+
+JH/03 The smtp transport now requests PRDR by default, if the server offers
+ it.
+
+JH/04 Certificate name checking on server certificates, when exim is a client,
+ is now done by default. The transport option tls_verify_cert_hostnames
+ can be used to disable this per-host. The build option
+ EXPERIMENTAL_CERTNAMES is withdrawn.
+
+JH/05 The value of the tls_verify_certificates smtp transport and main options
+ default to the word "system" to access the system default CA bundle.
+ For GnuTLS, only version 3.0.20 or later.
+
+JH/06 Verification of the server certificate for a TLS connection is now tried
+ (but not required) by default. The verification status is now logged by
+ default, for both outbound TLS and client-certificate supplying inbound
+ TLS connections
+
+JH/07 Changed the default rfc1413 lookup settings to disable calls. Few
+ sites use this now.
+
+JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery
+ Status Notification (bounce) messages are now MIME format per RFC 3464.
+ Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised
+ under the control of the dsn_advertise_hosts option, and routers may
+ have a dsn_lasthop option.
+
+JH/09 A timeout of 2 minutes is now applied to all malware scanner types by
+ default, modifiable by a malware= option. The list separator for
+ the options can now be changed in the usual way. Bug 68.
+
+JH/10 The smtp_receive_timeout main option is now expanded before use.
+
+JH/11 The incoming_interface log option now also enables logging of the
+ local interface on delivery outgoing connections.
+
+JH/12 The cutthrough-routing facility now supports multi-recipient mails,
+ if the interface and destination host and port all match.
+
+JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
+ /defer_ok option.
+
+JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd.
+ Patch from Andrew Lewis.
+
+JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition)
+ now supports optional time-restrictions, weighting, and priority
+ modifiers per server. Patch originally by <rommer@active.by>.
+
+JH/16 The spamd_address main option now supports a mixed list of local
+ and remote servers. Remote servers can be IPv6 addresses, and
+ specify a port-range.
+
+JH/17 Bug 68: The spamd_address main option now supports an optional
+ timeout value per server.
+
+JH/18 Bug 1581: Router and transport options headers_add/remove can
+ now have the list separator specified.
+
+JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry
+ option values.
+
+JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails
+ under OpenSSL.
+
+JH/21 Support for the A6 type of dns record is withdrawn.
+
+JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
+ rather than the verbs used.
+
+JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
+ from 255 to 1024 chars.
+
+JH/24 Verification callouts now attempt to use TLS by default.
+
+HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains)
+ are generic router options now. The defaults didn't change.
+
+JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames.
+ Original patch from Alexander Shikoff, worked over by JH.
+
+HS/02 Bug 1575: exigrep falls back to autodetection of compressed
+ files if ZCAT_COMMAND is not executable.
+
+JH/26 Bug 1539: Add timeout/retry options on dnsdb lookups.
+
+JH/27 Bug 286: Support SOA lookup in dnsdb lookups.
+
+JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
+ Normally benign, it bites when the pair was led to by a CNAME;
+ modern usage is to not canonicalize the domain to a CNAME target
+ (and we were inconsistent anyway for A-only vs AAAA+A).
+
+JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
+
+JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
+ when evaluating $sender_host_dnssec.
+
+JH/31 Check the HELO verification lookup for DNSSEC, adding new
+ $sender_helo_dnssec variable.
+
+JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve.
+
+JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log.
+
+JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.
+
+JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was
+ documented as working, but never had. Support all but $spam_report.
+
+JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
+ added for tls authenticator.
+
+HS/03 Add perl_taintmode main config option
+
+
+Exim version 4.85
+-----------------
+
+TL/01 When running the test suite, the README says that variables such as
+ no_msglog_check are global and can be placed anywhere in a specific
+ test's script, however it was observed that placement needed to be near
+ the beginning for it to behave that way. Changed the runtest perl
+ script to read through the entire script once to detect and set these
+ variables, reset to the beginning of the script, and then run through
+ the script parsing/test process like normal.
+
+TL/02 The BSD's have an arc4random API. One of the functions to induce
+ adding randomness was arc4random_stir(), but it has been removed in
+ OpenBSD 5.5. Detect this OpenBSD version and skip calling this
+ function when detected.
+
+JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now
+ cause callback expansion.
+
+TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that
+ syntax errors in an expansion can be treated as a string instead of
+ logging or causing an error, due to the internal use of bool_lax
+ instead of bool when processing it.
+
+JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
+ server certificates when making smtp deliveries.
+
+JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups.
+
+JH/04 Add ${sort {list}{condition}{extractor}} expansion item.
+
+TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep.
+
+TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
+ Merged patch from Sebastian Wiedenroth.
+
+JH/05 Fix results-pipe from transport process. Several recipients, combined
+ with certificate use, exposed issues where response data items split
+ over buffer boundaries were not parsed properly. This eventually
+ resulted in duplicates being sent. This issue only became common enough
+ to notice due to the introduction of connection certificate information,
+ the item size being so much larger. Found and fixed by Wolfgang Breyha.
+
+JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed
+ size buffer was used, resulting in syntax errors when an expansion
+ exceeded it.
+
+JH/07 Add support for directories of certificates when compiled with a GnuTLS
+ version 3.3.6 or later.
+
+JH/08 Rename the TPDA experimental facility to Event Actions. The #ifdef
+ is EXPERIMENTAL_EVENT, the main-configuration and transport options
+ both become "event_action", the variables become $event_name, $event_data
+ and $event_defer_errno. There is a new variable $verify_mode, usable in
+ routers, transports and related events. The tls:cert event is now also
+ raised for inbound connections, if the main configuration event_action
+ option is defined.
+
+TL/06 In test suite, disable OCSP for old versions of openssl which contained
+ early OCSP support, but no stapling (appears to be less than 1.0.0).
+
+JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
+ server certificate names available under the smtp transport option
+ "tls_verify_cert_hostname" now do not permit multi-component wildcard
+ matches.
+
+JH/10 Time-related extraction expansions from certificates now use the main
+ option "timezone" setting for output formatting, and are consistent
+ between OpenSSL and GnuTLS compilations. Bug 1541.
+
+JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047-
+ encoded parameter in the incoming message. Bug 1558.
+
+JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now
+ include certificate info, eximon was claiming there were spoolfile
+ syntax errors.
+
+JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return.
+
+JH/14 Log delivery-related information more consistently, using the sequence
+ "H=<name> [<ip>]" wherever possible.
+
+TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which
+ are problematic for Debian distribution, omit them from the release
+ tarball.
+
+JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature.
+
+JH/16 Fix string representation of time values on 64bit time_t architectures.
+ Bug 1561.
+
+JH/17 Fix a null-indirection in certextract expansions when a nondefault
+ output list separator was used.
+
+
+Exim version 4.84
+-----------------
+TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static
+ checkers that were complaining about end of non-void function with no
+ return.
+
+JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers.
+ This was a regression introduced in 4.83 by another bugfix.
+
+JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled.
+
+TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when
+ EXPERIMENTAL_DSN is enabled. Fix from Wolfgang Breyha.
+
+
+Exim version 4.83
+-----------------
+
+TF/01 Correctly close the server side of TLS when forking for delivery.
+
+ When a message was received over SMTP with TLS, Exim failed to clear up
+ the incoming connection properly after forking off the child process to
+ deliver the message. In some situations the subsequent outgoing
+ delivery connection happened to have the same fd number as the incoming
+ connection previously had. Exim would try to use TLS and fail, logging
+ a "Bad file descriptor" error.
+
+TF/02 Portability fix for building lookup modules on Solaris when the xpg4
+ utilities have not been installed.
+
+JH/01 Fix memory-handling in use of acl as a conditional; avoid free of
+ temporary space as the ACL may create new global variables.
+
+TL/01 LDAP support uses per connection or global context settings, depending
+ upon the detected version of the libraries at build time.
+
+TL/02 Experimental Proxy Protocol support: allows a proxied SMTP connection
+ to extract and use the src ip:port in logging and expansions as if it
+ were a direct connection from the outside internet. PPv2 support was
+ updated based on HAProxy spec change in May 2014.
+
+JH/02 Add ${listextract {number}{list}{success}{fail}}.
+
+TL/03 Bugzilla 1433: Fix DMARC SEGV with specific From header contents.
+ Properly escape header and check for NULL return.
+
+PP/01 Continue incomplete 4.82 PP/19 by fixing docs too: use dns_dnssec_ok
+ not dns_use_dnssec.
+
+JH/03 Bugzilla 1157: support log_selector smtp_confirmation for lmtp.
+
+TL/04 Add verify = header_names_ascii check to reject email with non-ASCII
+ characters in header names, implemented as a verify condition.
+ Contributed by Michael Fischer v. Mollard.
+
+TL/05 Rename SPF condition results err_perm and err_temp to standardized
+ results permerror and temperror. Previous values are deprecated but
+ still accepted. In a future release, err_perm and err_temp will be
+ completely removed, which will be a backward incompatibility if the
+ ACL tests for either of these two old results. Patch contributed by
+ user bes-internal on the mailing list.
+
+JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
+
+JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
+ selectors, in both main and reject logs.
+
+JH/06 Log outbound-TLS and port details, subject to log selectors, for a
+ failed delivery.
+
+JH/07 Add malware type "sock" for talking to simple daemon.
+
+JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport.
+
+JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in
+ routers/transports under cutthrough routing.
+
+JH/10 Bugzilla 1005: ACL "condition =" should accept values which are negative
+ numbers. Touch up "bool" conditional to keep the same definition.
+
+TL/06 Remove duplicated language in spec file from 4.82 TL/16.
+
+JH/11 Add dnsdb tlsa lookup. From Todd Lyons.
+
+JH/12 Expand items in router/transport headers_add or headers_remove lists
+ individually rather than the list as a whole. Bug 1452.
+
+ Required for reasonable handling of multiple headers_ options when
+ they may be empty; requires that headers_remove items with embedded
+ colons must have them doubled (or the list-separator changed).
+
+TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly
+ view the policy declared in the DMARC record. Currently, $dmarc_status
+ is a combined value of both the record presence and the result of the
+ analysis.
+
+JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455.
+
+JH/14 New options dnssec_request_domains, dnssec_require_domains on the
+ dnslookup router and the smtp transport (applying to the forward
+ lookup).
+
+TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list
+ of ldap servers used for a specific lookup. Patch provided by Heiko
+ Schlichting.
+
+JH/18 New options dnssec_lax, dnssec_strict on dnsdb lookups.
+ New variable $lookup_dnssec_authenticated for observability.
+
+TL/09 Bugzilla 609: Add -C option to exiqgrep, specify which exim.conf to use.
+ Patch submitted by Lars Timman.
+
+JH/19 EXPERIMENTAL_OCSP support under GnuTLS. Bug 1459.
+
+TL/10 Bugzilla 1454: New -oMm option to pass message reference to Exim.
+ Requires trusted mode and valid format message id, aborts otherwise.
+ Patch contributed by Heiko Schlichting.
+
+JH/20 New expansion variables tls_(in,out)_(our,peer)cert, and expansion item
+ certextract with support for various fields. Bug 1358.
+
+JH/21 Observability of OCSP via variables tls_(in,out)_ocsp. Stapling
+ is requested by default, modifiable by smtp transport option
+ hosts_request_ocsp.
+
+JH/22 Expansion operators ${md5:string} and ${sha1:string} can now
+ operate on certificate variables to give certificate fingerprints
+ Also new ${sha256:cert_variable}.
+
+JH/23 The PRDR feature is moved from being Experimental into the mainline.
+
+TL/11 Bug 1119: fix memory allocation in string_printing2(). Patch from
+ Christian Aistleitner.
+
+JH/24 The OCSP stapling feature is moved from Experimental into the mainline.
+
+TL/12 Bug 1444: Fix improper \r\n sequence handling when writing spool
+ file. Patch from Wolfgang Breyha.
+
+JH/25 Expand the coverage of the delivery $host and $host_address to
+ client authenticators run in verify callout. Bug 1476.
+
+JH/26 Port service names are now accepted for tls_on_connect_ports, to
+ align with daemon_smtp_ports. Bug 72.
+
+TF/03 Fix udpsend. The ip_connectedsocket() function's socket type
+ support and error reporting did not work properly.
+
+TL/13 Bug 1495: Exiqgrep check if -C config file specified on cli exists
+ and is readable. Patch from Andrew Colin Kissa.
+
+TL/14 Enhance documentation of ${run expansion and how it parses the
+ commandline after expansion, particularly in the case when an
+ unquoted variable expansion results in an empty value.
+
+JH/27 The TLS SNI feature was broken in 4.82. Fix it.
+
+PP/02 Fix internal collision of T_APL on systems which support RFC3123
+ by renaming away from it. Addresses GH issue 15, reported by
+ Jasper Wallace.
+
+JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
+
+TL/15 SECURITY: prevent double expansion in math comparison functions
+ (can expand unsanitized data). Not remotely exploitable.
+ CVE-2014-2972
+
+
+Exim version 4.82
+-----------------
+
+PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities.
+
+PP/02 Make -n do something, by making it not do something.
+ When combined with -bP, the name of an option is not output.
+
+PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured
+ by GnuTLS.
+
+PP/04 First step towards DNSSEC, provide $sender_host_dnssec for
+ $sender_host_name and config options to manage this, and basic check
+ routines.
+
+PP/05 DSCP support for outbound connections and control modifier for inbound.
+
+PP/06 Cyrus SASL: set local and remote IP;port properties for driver.
+ (Only plugin which currently uses this is kerberos4, which nobody should
+ be using, but we should make it available and other future plugins might
+ conceivably use it, even though it would break NAT; stuff *should* be
+ using channel bindings instead).
+
+PP/07 Handle "exim -L <tag>" to indicate to use syslog with tag as the process
+ name; added for Sendmail compatibility; requires admin caller.
+ Handle -G as equivalent to "control = suppress_local_fixups" (we used to
+ just ignore it); requires trusted caller.
+ Also parse but ignore: -Ac -Am -X<logfile>
+ Bugzilla 1117.
+
+TL/01 Bugzilla 1258 - Refactor MAIL FROM optional args processing.
+
+TL/02 Add +smtp_confirmation as a default logging option.
+
+TL/03 Bugzilla 198 - Implement remove_header ACL modifier.
+ Patch by Magnus Holmgren from 2007-02-20.
+
+TL/04 Bugzilla 1281 - Spec typo.
+ Bugzilla 1283 - Spec typo.
+ Bugzilla 1290 - Spec grammar fixes.
+
+TL/05 Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
+
+TL/06 Add Experimental DMARC support using libopendmarc libraries.
+
+TL/07 Fix an out of order global option causing a segfault. Reported to dev
+ mailing list by by Dmitry Isaikin.
+
+JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
+
+JH/02 Support "G" suffix to numbers in ${if comparisons.
+
+PP/08 Handle smtp transport tls_sni option forced-fail for OpenSSL.
+
+NM/01 Bugzilla 1197 - Spec typo
+ Bugzilla 1196 - Spec examples corrections
+
+JH/03 Add expansion operators ${listnamed:name} and ${listcount:string}
+
+PP/09 Add gnutls_allow_auto_pkcs11 option (was originally called
+ gnutls_enable_pkcs11, but renamed to more accurately indicate its
+ function.
+
+PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
+ Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
+
+JH/04 Add expansion item ${acl {name}{arg}...}, expansion condition
+ "acl {{name}{arg}...}", and optional args on acl condition
+ "acl = name arg..."
+
+JH/05 Permit multiple router/transport headers_add/remove lines.
+
+JH/06 Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination.
+
+JH/07 Avoid using a waiting database for a single-message-only transport.
+ Performance patch from Paul Fisher. Bugzilla 1262.
+
+JH/08 Strip leading/trailing newlines from add_header ACL modifier data.
+ Bugzilla 884.
+
+JH/09 Add $headers_added variable, with content from use of ACL modifier
+ add_header (but not yet added to the message). Bugzilla 199.
+
+JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line.
+ Pulled from Bugzilla 817 by Wolfgang Breyha.
+
+PP/11 SECURITY: protect DKIM DNS decoding from remote exploit.
+ CVE-2012-5671
+ (nb: this is the same fix as in Exim 4.80.1)
+
+JH/11 Add A= logging on delivery lines, and a client_set_id option on
+ authenticators.
+
+JH/12 Add optional authenticated_sender logging to A= and a log_selector
+ for control.
+
+PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29.
+
+PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not
+ advertise SMTP AUTH mechanism to us, instead of a generic
+ protocol violation error. Also, make Exim more robust to bad
+ data from the Dovecot auth socket.
+
+TF/01 Fix ultimate retry timeouts for intermittently deliverable recipients.
+
+ When a queue runner is handling a message, Exim first routes the
+ recipient addresses, during which it prunes them based on the retry
+ hints database. After that it attempts to deliver the message to
+ any remaining recipients. It then updates the hints database using
+ the retry rules.
+
+ So if a recipient address works intermittently, it can get repeatedly
+ deferred at routing time. The retry hints record remains fresh so the
+ address never reaches the final cutoff time.
+
+ This is a fairly common occurrence when a user is bumping up against
+ their storage quota. Exim had some logic in its local delivery code
+ to deal with this. However it did not apply to per-recipient defers
+ in remote deliveries, e.g. over LMTP to a separate IMAP message store.
+
+ This change adds a proper retry rule check during routing so that the
+ final cutoff time is checked against the message's age. We only do
+ this check if there is an address retry record and there is not a
+ domain retry record; this implies that previous attempts to handle
+ the address had the retry_use_local_parts option turned on. We use
+ this as an approximation for the destination being like a local
+ delivery, as in LMTP.
+
+ I suspect this new check makes the old local delivery cutoff check
+ redundant, but I have not verified this so I left the code in place.
+
+TF/02 Correct gecos expansion when From: is a prefix of the username.
+
+ Test 0254 submits a message to Exim with the header
+
+ Resent-From: f
+
+ When I ran the test suite under the user fanf2, Exim expanded
+ the header to contain my full name, whereas it should have added
+ a Resent-Sender: header. It erroneously treats any prefix of the
+ username as equal to the username.
+
+ This change corrects that bug.
+
+GF/01 DCC debug and logging tidyup
+ Error conditions log to paniclog rather than rejectlog.
+ Debug lines prefixed by "DCC: " to remove any ambiguity.
+
+TF/03 Avoid unnecessary rebuilds of lookup-related code.
+
+PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
+ Bug spotted by Jeremy Harris; was flawed since initial commit.
+ Would have resulted in OCSP responses post-SNI triggering an Exim
+ NULL dereference and crash.
+
+JH/13 Add $router_name and $transport_name variables. Bugzilla 308.
+
+PP/15 Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd.
+ Bug detection, analysis and fix by Samuel Thibault.
+ Bugzilla 1331, Debian bug #698092.
+
+SC/01 Update eximstats to watch out for senders sending 'HELO [IpAddr]'
+
+JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt).
+ Server implementation by Todd Lyons, client by JH.
+ Only enabled when compiled with EXPERIMENTAL_PRDR. A new
+ config variable "prdr_enable" controls whether the server
+ advertises the facility. If the client requests PRDR a new
+ acl_data_smtp_prdr ACL is called once for each recipient, after
+ the body content is received and before the acl_smtp_data ACL.
+ The client is controlled by both of: a hosts_try_prdr option
+ on the smtp transport, and the server advertisement.
+ Default client logging of deliveries and rejections involving
+ PRDR are flagged with the string "PRDR".
+
+PP/16 Fix problems caused by timeouts during quit ACLs trying to double
+ fclose(). Diagnosis by Todd Lyons.
+
+PP/17 Update configure.default to handle IPv6 localhost better.
+ Patch by Alain Williams (plus minor tweaks).
+ Bugzilla 880.
+
+PP/18 OpenSSL made graceful with empty tls_verify_certificates setting.
+ This is now consistent with GnuTLS, and is now documented: the
+ previous undocumented portable approach to treating the option as
+ unset was to force an expansion failure. That still works, and
+ an empty string is now equivalent.
+
+PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
+ clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
+ not performing validation itself.
+
+PP/20 Added force_command boolean option to pipe transport.
+ Patch from Nick Koston, of cPanel Inc.
+
+JH/15 AUTH support on callouts (and hence cutthrough-deliveries).
+ Bugzilla 321, 823.
+
+TF/04 Added udpsend ACL modifier and hexquote expansion operator
+
+PP/21 Fix eximon continuous updating with timestamped log-files.
+ Broken in a format-string cleanup in 4.80, missed when I repaired the
+ other false fix of the same issue.
+ Report and fix from Heiko Schlichting.
+ Bugzilla 1363.
+
+PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
+ Report from Prashanth Katuri.
+
+PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options.
+ It's SecureTransport, so affects any MacOS clients which use the
+ system-integrated TLS libraries, including email clients.
+
+PP/24 Fix segfault from trying to fprintf() to a NULL stdio FILE* if
+ using a MIME ACL for non-SMTP local injection.
+ Report and assistance in diagnosis by Warren Baker.
+
+TL/08 Adjust exiqgrep to be case-insensitive for sender/receiver.
+
+JH/16 Fix comparisons for 64b. Bugzilla 1385.
+
+TL/09 Add expansion variable $authenticated_fail_id to keep track of
+ last id that failed so it may be referenced in subsequent ACL's.
+
+TL/10 Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by
+ Alexander Miroch.
+
+TL/11 Bugzilla 1382 - Option ldap_require_cert overrides start_tls
+ ldap library initialization, allowing self-signed CA's to be
+ used. Also properly sets require_cert option later in code by
+ using NULL (global ldap config) instead of ldap handle (per
+ session). Bug diagnosis and testing by alxgomz.
+
+TL/12 Enhanced documentation in the ratelimit.pl script provided in
+ the src/util/ subdirectory.
+
+TL/13 Bug 1031 - Imported transport SQL logging patch from Axel Rau
+ renamed to Transport Post Delivery Action by Jeremy Harris, as
+ EXPERIMENTAL_TPDA.
+
+TL/14 Bugzilla 1217 - Redis lookup support has been added. It is only enabled
+ when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable
+ redis_servers = needs to be configured which will be used by the redis
+ lookup. Patch from Warren Baker, of The Packet Hub.
+
+TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard Hall.
+
+TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors looking up a
+ hostname or reverse DNS when processing a host list. Used suggestions
+ from multiple comments on this bug.
+
+TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
+
+TL/18 Had previously added a -CONTINUE option to runtest in the test suite.
+ Missed a few lines, added it to make the runtest require no keyboard
+ interaction.
+
+TL/19 Bugzilla 1402 - Test 533 fails if any part of the path to the test suite
+ contains upper case chars. Make router use caseful_local_part.
+
+TL/20 Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS
+ support when GnuTLS has been built with p11-kit.
+
+
+Exim version 4.80.1
+-------------------
+
+PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
+ CVE-2012-5671
+ This, or similar/improved, will also be change PP/11 of 4.82.
+
+
+Exim version 4.80
+-----------------
+
+PP/01 Handle short writes when writing local log-files.
+ In practice, only affects FreeBSD (8 onwards).
+ Bugzilla 1053, with thanks to Dmitry Isaikin.
+
+NM/01 Bugzilla 949 - Documentation tweak
+
+NM/02 Bugzilla 1093 - eximstats DATA reject detection regexps
+ improved.
+
+NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs.
+
+PP/02 Implemented gsasl authenticator.
+
+PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option.
+
+PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
+ `pkg-config foo` for cflags/libs.
+
+PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
+ with rest of GSASL and with heimdal_gssapi.
+
+PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
+ `pkg-config foo` for cflags/libs for the TLS implementation.
+
+PP/07 New expansion variable $tls_bits; Cyrus SASL server connection
+ properties get this fed in as external SSF. A number of robustness
+ and debugging improvements to the cyrus_sasl authenticator.
+
+PP/08 cyrus_sasl server now expands the server_realm option.
+
+PP/09 Bugzilla 1214 - Log authentication information in reject log.
+ Patch by Jeremy Harris.
+
+PP/10 Added dbmjz lookup type.
+
+PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid.
+
+PP/12 MAIL args handles TAB as well as SP, for better interop with
+ non-compliant senders.
+ Analysis and variant patch by Todd Lyons.
+
+NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated
+ Bug report from Lars Müller <lars@samba.org> (via SUSE),
+ Patch from Dirk Mueller <dmueller@suse.com>
+
+PP/13 tls_peerdn now print-escaped for spool files.
+ Observed some $tls_peerdn in wild which contained \n, which resulted
+ in spool file corruption.
+
+PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
+ values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
+ or write after TLS renegotiation, which otherwise led to messages
+ "Got SSL error 2".
+
+TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
+ as a tracking header (ie: a signed header comes before the signature).
+ Patch from Wolfgang Breyha.
+
+JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
+ comma-sep list; embedded commas doubled.
+
+JH/02 Refactored ACL "verify =" logic to table-driven dispatch.
+
+PP/15 LDAP: Check for errors of TLS initialisation, to give correct
+ diagnostics.
+ Report and patch from Dmitry Banschikov.
+
+PP/16 Removed "dont_insert_empty_fragments" from "openssl_options".
+ Removed SSL_clear() after SSL_new() which led to protocol negotiation
+ failures. We appear to now support TLS1.1+ with Exim.
+
+PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
+ lets Exim select keys and certificates based upon TLS SNI from client.
+ Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly
+ before an outbound SMTP session. New log_selector, +tls_sni.
+
+PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
+ NULL dereference. Report and patch from Alun Jones.
+
+PP/19 DNS resolver init changes for NetBSD compatibility. (Risk of breakage
+ on less well tested platforms). Obviates NetBSD pkgsrc patch-ac.
+ Not seeing resolver debug output on NetBSD, but suspect this is a
+ resolver implementation change.
+
+PP/20 Revert part of NM/04, it broke log_path containing %D expansions.
+ Left warnings. Added "eximon gdb" invocation mode.
+
+PP/21 Defaulting "accept_8bitmime" to true, not false.
+
+PP/22 Added -bw for inetd wait mode support.
+
+PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
+ locate the relevant includes and libraries. Made this the default.
+
+PP/24 Fixed headers_only on smtp transports (was not sending trailing dot).
+ Bugzilla 1246, report and most of solution from Tomasz Kusy.
+
+JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
+ This may cause build issues on older platforms.
+
+PP/25 Revamped GnuTLS support, passing tls_require_ciphers to
+ gnutls_priority_init, ignoring Exim options gnutls_require_kx,
+ gnutls_require_mac & gnutls_require_protocols (no longer supported).
+ Added SNI support via GnuTLS too.
+ Made ${randint:..} supplier available, if using not-too-old GnuTLS.
+
+PP/26 Added EXPERIMENTAL_OCSP for OpenSSL.
+
+PP/27 Applied dnsdb SPF support patch from Janne Snabb.
+ Applied second patch from Janne, implementing suggestion to default
+ multiple-strings-in-record handling to match SPF spec.
+
+JH/04 Added expansion variable $tod_epoch_l for a higher-precision time.
+
+PP/28 Fix DCC dcc_header content corruption (stack memory referenced,
+ read-only, out of scope).
+ Patch from Wolfgang Breyha, report from Stuart Northfield.
+
+PP/29 Fix three issues highlighted by clang analyser static analysis.
+ Only crash-plausible issue would require the Cambridge-specific
+ iplookup router and a misconfiguration.
+ Report from Marcin Mirosław.
+
+PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
+
+PP/31 %D in printf continues to cause issues (-Wformat=security), so for
+ now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
+ As part of this, removing so much warning spew let me fix some minor
+ real issues in debug logging.
+
+PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing
+ assignment on my part. Fixed.
+
+PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit
+ of NSS, for GnuTLS/NSS interop. Problem root cause diagnosis by
+ Janne Snabb (who went above and beyond: thank you).
+
+PP/34 Validate tls_require_ciphers on startup, since debugging an invalid
+ string otherwise requires a connection and a bunch more work and it's
+ relatively easy to get wrong. Should also expose TLS library linkage
+ problems.
+
+PP/35 Pull in <features.h> on Linux, for some portability edge-cases of
+ 64-bit ${eval} (JH/03).
+
+PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of
+ GNU libc to support some of the 64-bit stuff, should not lead to
+ conflicts. Defined before os.h is pulled in, so if a given platform
+ needs to override this, it can.
+
+PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought
+ protection layer was required, which is not implemented.
+ Bugzilla 1254, patch from Wolfgang Breyha.
+
+PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
+ into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make
+ tls_dhparam take prime identifiers. Also unbreak combination of
+ OpenSSL+DH_params+TLSSNI.
+
+PP/39 Disable SSLv2 by default in OpenSSL support.
+
+
+Exim version 4.77
+-----------------
+
+PP/01 Solaris build fix for Oracle's LDAP libraries.
+ Bugzilla 1109, patch from Stephen Usher.
+
+TF/01 HP/UX build fix: avoid arithmetic on a void pointer.
+
+TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o
+ whitespace trailer
+
+TF/02 Fix a couple more cases where we did not log the error message
+ when unlink() failed. See also change 4.74-TF/03.
+
+TF/03 Make the exiwhat support code safe for signals. Previously Exim might
+ lock up or crash if it happened to be inside a call to libc when it
+ got a SIGUSR1 from exiwhat.
+
+ The SIGUSR1 handler appends the current process status to the process
+ log which is later printed by exiwhat. It used to use the general
+ purpose logging code to do this, but several functions it calls are
+ not safe for signals.
+
+ The new output code in the SIGUSR1 handler is specific to the process
+ log, and simple enough that it's easy to inspect for signal safety.
+ Removing some special cases also simplifies the general logging code.
+ Removing the spurious timestamps from the process log simplifies
+ exiwhat.
+
+TF/04 Improved ratelimit ACL condition.
+
+ The /noupdate option has been deprecated in favour of /readonly which
+ has clearer semantics. The /leaky, /strict, and /readonly update modes
+ are mutually exclusive. The update mode is no longer included in the
+ database key; it just determines when the database is updated. (This
+ means that when you upgrade Exim will forget old rate measurements.)
+
+ Exim now checks that the per_* options are used with an update mode that
+ makes sense for the current ACL. For example, when Exim is processing a
+ message (e.g. acl_smtp_rcpt or acl_smtp_data, etc.) you can specify
+ per_mail/leaky or per_mail/strict; otherwise (e.g. in acl_smtp_helo) you
+ must specify per_mail/readonly. If you omit the update mode it defaults to
+ /leaky where that makes sense (as before) or /readonly where required.
+
+ The /noupdate option is now undocumented but still supported for
+ backwards compatibility. It is equivalent to /readonly except that in
+ ACLs where /readonly is required you may specify /leaky/noupdate or
+ /strict/noupdate which are treated the same as /readonly.
+
+ A useful new feature is the /count= option. This is a generalization
+ of the per_byte option, so that you can measure the throughput of other
+ aggregate values. For example, the per_byte option is now equivalent
+ to per_mail/count=${if >{0}{$message_size} {0} {$message_size} }.
+
+ The per_rcpt option has been generalized using the /count= mechanism
+ (though it's more complicated than the per_byte equivalence). When it is
+ used in acl_smtp_rcpt, the per_rcpt option adds recipients to the
+ measured rate one at a time; if it is used later (e.g. in acl_smtp_data)
+ or in a non-SMTP ACL it adds all the recipients in one go. (The latter
+ /count=$recipients_count behaviour used to work only in non-SMTP ACLs.)
+ Note that using per_rcpt with a non-readonly update mode in more than
+ one ACL will cause the recipients to be double-counted. (The per_mail
+ and per_byte options don't have this problem.)
+
+ The handling of very low rates has changed slightly. If the computed rate
+ is less than the event's count (usually one) then this event is the first
+ after a long gap. In this case the rate is set to the same as this event's
+ count, so that the first message of a spam run is counted properly.
+
+ The major new feature is a mechanism for counting the rate of unique
+ events. The new per_addr option counts the number of different
+ recipients that someone has sent messages to in the last time period. It
+ behaves like per_rcpt if all the recipient addresses are different, but
+ duplicate recipient addresses do not increase the measured rate. Like
+ the /count= option this is a general mechanism, so the per_addr option
+ is equivalent to per_rcpt/unique=$local_part@$domain. You can, for
+ example, measure the rate that a client uses different sender addresses
+ with the options per_mail/unique=$sender_address. There are further
+ details in the main documentation.
+
+TF/05 Removed obsolete $Cambridge$ CVS revision strings.
+
+TF/06 Removed a few PCRE remnants.
+
+TF/07 Automatically extract Exim's version number from tags in the git
+ repository when doing development or release builds.
+
+PP/02 Raise smtp_cmd_buffer_size to 16kB.
+ Bugzilla 879. Patch from Paul Fisher.
+
+PP/03 Implement SSL-on-connect outbound with protocol=smtps on smtp transport.
+ Heavily based on revision 40f9a89a from Simon Arlott's tree.
+ Bugzilla 97.
+
+PP/04 Use .dylib instead of .so for dynamic library loading on MacOS.
+
+PP/05 Variable $av_failed, true if the AV scanner deferred.
+ Bugzilla 1078. Patch from John Horne.
+
+PP/06 Stop make process more reliably on build failure.
+ Bugzilla 1087. Patch from Heiko Schlittermann.
+
+PP/07 Make maildir_use_size_file an _expandable_ boolean.
+ Bugzilla 1089. Patch from Heiko Schlittermann.
+
+PP/08 Handle ${run} returning more data than OS pipe buffer size.
+ Bugzilla 1131. Patch from Holger Weiß.
+
+PP/09 Handle IPv6 addresses with SPF.
+ Bugzilla 860. Patch from Wolfgang Breyha.
+
+PP/10 GnuTLS: support TLS 1.2 & 1.1.
+ Bugzilla 1156.
+ Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler].
+ Bugzilla 1095.
+
+PP/11 match_* no longer expand right-hand-side by default.
+ New compile-time build option, EXPAND_LISTMATCH_RHS.
+ New expansion conditions, "inlist", "inlisti".
+
+PP/12 fix uninitialised greeting string from PP/03 (smtps client support).
+
+PP/13 shell and compiler warnings fixes for RC1-RC4 changes.
+
+PP/14 fix log_write() format string regression from TF/03.
+ Bugzilla 1152. Patch from Dmitry Isaikin.
+
+
+Exim version 4.76
+-----------------
+
+PP/01 The new ldap_require_cert option would segfault if used. Fixed.
+
+PP/02 Harmonised TLS library version reporting; only show if debugging.
+ Layout now matches that introduced for other libraries in 4.74 PP/03.
+
+PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
+
+PP/04 New "dns_use_edns0" global option.
+
+PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid.
+ Bugzilla 1098.
+
+PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
+ nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
+
+TK/01 Updated PolarSSL code to 0.14.2.
+ Bugzilla 1097. Patch from Andreas Metzler.
+
+PP/07 Catch divide-by-zero in ${eval:...}.
+ Fixes bugzilla 1102.
+
+PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed.
+ Bugzilla 1104.
+
+TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
+ format-string attack -- SECURITY: remote arbitrary code execution.
+
+TK/03 SECURITY - DKIM signature header parsing was double-expanded, second
+ time unintentionally subject to list matching rules, letting the header
+ cause arbitrary Exim lookups (of items which can occur in lists, *not*
+ arbitrary string expansion). This allowed for information disclosure.
+
+PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to
+ INT_MIN/-1 -- value coerced to INT_MAX.
+
+
+Exim version 4.75
+-----------------
+
+NM/01 Workaround for PCRE version dependency in version reporting
+ Bugzilla 1073
+
+TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0.
+ This fixes portability to compilers other than gcc, notably
+ Solaris CC and HP-UX CC. Fixes Bugzilla 1050.
+
+TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup
+ makefiles for portability to HP-UX and POSIX correctness.
+
+PP/01 Permit LOOKUP_foo enabling on the make command-line.
+ Also via indented variable definition in the Makefile.
+ (Debugging by Oliver Heesakkers).
+
+PP/02 Restore caching of spamd results with expanded spamd_address.
+ Patch from author of expandable spamd_address patch, Wolfgang Breyha.
+
+PP/03 Build issue: lookups-Makefile now exports LC_ALL=C
+ Improves build reliability. Fix from: Frank Elsner
+
+NM/02 Fix wide character breakage in the rfc2047 coding
+ Fixes bug 1064. Patch from Andrey N. Oktyabrski
+
+NM/03 Allow underscore in dnslist lookups
+ Fixes bug 1026. Patch from Graeme Fowler
+
+PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps).
+ Code patches from Adam Ciarcinski of NetBSD.
+
+NM/04 Fixed exiqgrep to cope with mailq missing size issue
+ Fixes bug 943.
+
+PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which
+ is logged, to avoid truncation. Patch from John Horne.
+
+PP/06 Bugzilla 1042: implement freeze_signal on pipe transports.
+ Patch from Jakob Hirsch.
+
+PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal
+ SQL string expansion failure details.
+ Patch from Andrey Oktyabrski.
+
+PP/08 Bugzilla 486: implement %M datestamping in log filenames.
+ Patch from Simon Arlott.
+
+PP/09 New lookups functionality failed to compile on old gcc which rejects
+ extern declarations in function scope.
+ Patch from Oliver Fleischmann
+
+PP/10 Use sig_atomic_t for flags set from signal handlers.
+ Check getgroups() return and improve debugging.
+ Fixed developed for diagnosis in bug 927 (which turned out to be
+ a kernel bug).
+
+PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag.
+ Patch from Mark Zealey.
+
+PP/12 Bugzilla 1056: Improved spamd server selection.
+ Patch from Mark Zealey.
+
+PP/13 Bugzilla 1086: Deal with maildir quota file races.
+ Based on patch from Heiko Schlittermann.
+
+PP/14 Bugzilla 1019: DKIM multiple signature generation fix.
+ Patch from Uwe Doering, sign-off by Michael Haardt.
+
+NM/05 Fix to spam.c to accommodate older gcc versions which dislike
+ variable declaration deep within a block. Bug and patch from
+ Dennis Davis.
+
+PP/15 lookups-Makefile IRIX compatibility coercion.
+
+PP/16 Make DISABLE_DKIM build knob functional.
+
+NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler
+ Patch by Simon Arlott
+
+TF/03 Fix valgrind.h portability to C89 compilers that do not support
+ variable argument macros. Our copy now differs from upstream.
+
+
+Exim version 4.74
+-----------------
+
+TF/01 Failure to get a lock on a hints database can have serious
+ consequences so log it to the panic log.
+
+TF/02 Log LMTP confirmation messages in the same way as SMTP,
+ controlled using the smtp_confirmation log selector.
+
+TF/03 Include the error message when we fail to unlink a spool file.
+
+DW/01 Bugzilla 139: Support dynamically loaded lookups as modules.
+ With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux
+ for maintaining out-of-tree patches for some time.
+
+PP/01 Bugzilla 139: Documentation and portability issues.
+ Avoid GNU Makefile-isms, let Exim continue to build on BSD.
+ Handle per-OS dynamic-module compilation flags.
+
+PP/02 Let /dev/null have normal permissions.
+ The 4.73 fixes were a little too stringent and complained about the
+ permissions on /dev/null. Exempt it from some checks.
+ Reported by Andreas M. Kirchwitz.
+
+PP/03 Report version information for many libraries, including
+ Exim version information for dynamically loaded libraries. Created
+ version.h, now support a version extension string for distributors
+ who patch heavily. Dynamic module ABI change.
+
+PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
+ privilege escalation vulnerability whereby the Exim run-time user
+ can cause root to append content of the attacker's choosing to
+ arbitrary files.
+
+PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
+ (Wolfgang Breyha)
+
+PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
+ If dropping privileges for untrusted macros, we disabled normal logging
+ on the basis that it would fail; for the Exim run-time user, this is not
+ the case, and it resulted in successful deliveries going unlogged.
+ Fixed. Reported by Andreas Metzler.
+
+
+Exim version 4.73
+-----------------
+
+PP/01 Date: & Message-Id: revert to normally being appended to a message,
+ only prepend for the Resent-* case. Fixes regression introduced in
+ Exim 4.70 by NM/22 for Bugzilla 607.
+
+PP/02 Include check_rfc2047_length in configure.default because we're seeing
+ increasing numbers of administrators be bitten by this.
+
+JJ/01 Added DISABLE_DKIM and comment to src/EDITME
+
+PP/03 Bugzilla 994: added openssl_options main configuration option.
+
+PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
+
+PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports.
+
+PP/06 Adjust NTLM authentication to handle SASL Initial Response.
+
+PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
+ without a peer certificate, leading to a segfault because of an
+ assumption that peers always have certificates. Be a little more
+ paranoid. Problem reported by Martin Tscholak.
+
+PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
+ filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
+ NB: ClamAV planning to remove STREAM in "middle of 2010".
+ CL also introduces -bmalware, various -d+acl logging additions and
+ more caution in buffer sizes.
+
+PP/09 Implemented reverse_ip expansion operator.
+
+PP/10 Bugzilla 937: provide a "debug" ACL control.
+
+PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne.
+
+PP/12 Bugzilla 973: Implement --version.
+
+PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0.
+
+PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.
+
+PP/15 Bugzilla 816: support multiple condition rules on Routers.
+
+PP/16 Add bool_lax{} expansion operator and use that for combining multiple
+ condition rules, instead of bool{}. Make both bool{} and bool_lax{}
+ ignore trailing whitespace.
+
+JJ/02 prevent non-panic DKIM error from being sent to paniclog
+
+JJ/03 added tcp_wrappers_daemon_name to allow host entries other than
+ "exim" to be used
+
+PP/17 Fix malware regression for cmdline scanner introduced in PP/08.
+ Notification from Dr Andrew Aitchison.
+
+PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's
+ ExtendedDetectionInfo response format.
+ Notification from John Horne.
+
+PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards
+ compatible.
+
+PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http:
+ XSL and documented dependency on system catalogs, with examples of how
+ it normally works.
+
+DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
+ access.
+
+DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
+ of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
+ configuration file which is writeable by the Exim user or group.
+
+DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
+ of configuration files to cover files specified with the -C option if
+ they are going to be used with root privileges, not just the default
+ configuration file.
+
+DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
+ option (effectively making it always true).
+
+DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
+ files to be used while preserving root privileges.
+
+DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
+ that rogue child processes cannot use them.
+
+PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim
+ run-time user, instead of root.
+
+PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the
+ Exim run-time user without dropping privileges.
+
+DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
+ result string, instead of calling string_vformat() twice with the same
+ arguments.
+
+DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not
+ for other users. Others should always drop root privileges if they use
+ -C on the command line, even for a whitelisted configure file.
+
+DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes.
+
+NM/01 Fixed bug #1002 - Message loss when using multiple deliveries
+
+
+Exim version 4.72
+-----------------
+
+JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
+ $data_path, and $header_path variables; fixed documentation bugs and
+ typos
+
+JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
+ exipick to access non-standard spools, including the "frozen" queue
+ (Finput)
+
+NM/01 Bugzilla 965: Support mysql stored procedures.
+ Patch from Alain Williams
+
+NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD
+
+NM/03 Bugzilla 955: Documentation fix for max_rcpts.
+ Patch from Andreas Metzler
+
+NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator.
+ Patch from Kirill Miazine
+
+NM/05 Bugzilla 671: Added umask to procmail example.
+
+JJ/03 installed exipick 20100323.0, fixing doc bug
+
+NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail
+ directory. Notification and patch from Dan Rosenberg.
+
+TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1.
+
+TK/02 Improve log output when DKIM signing operation fails.
+
+MH/01 Treat the transport option dkim_domain as a colon separated
+ list, not as a single string, and sign the message with each element,
+ omitting multiple occurences of the same signer.
+
+NM/07 Null terminate DKIM strings, Null initialise DKIM variable
+ Bugzilla 985, 986. Patch by Simon Arlott
+
+NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related)
+ Patch by Simon Arlott
+
+PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on
+ MBX locking. Notification from Dan Rosenberg.
+
+
+Exim version 4.71
+-----------------
+
+TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body.
+
+NM/01 Bugzilla 913: Documentation fix for gnutls_* options.
+
+NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults.
+
+NM/03 Bugzilla 847: Enable DNSDB lookup by default.
+
+NM/04 Bugzilla 915: Flag broken perl installation during build.
+
+
+Exim version 4.70
+-----------------
+
+TK/01 Added patch by Johannes Berg that expands the main option
+ "spamd_address" if it starts with a dollar sign.
+
+TK/02 Write list of recipients to X-Envelope-Sender header when building
+ the mbox-format spool file for content scanning (suggested by Jakob
+ Hirsch).
+
+TK/03 Added patch by Wolfgang Breyha that adds experimental DCC
+ (http://www.dcc-servers.net/) support via dccifd. Activated by
+ setting EXPERIMENTAL_DCC=yes in Local/Makefile.
+
+TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted
+ by Mark Daniel Reidel <mr@df.eu>.
+
+NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree.
+ When building exim an external PCRE library is now needed -
+ PCRE is a system library on the majority of modern systems.
+ See entry on PCRE_LIBS in EDITME file.
+
+NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator
+ conversation. Added nologin parameter to request.
+ Patch contributed by Kirill Miazine.
+
+TF/01 Do not log submission mode rewrites if they do not change the address.
+
+TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c.
+
+NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty
+ log files in place. Contributed by Roberto Lima.
+
+NM/04 Bugzilla 667: Close socket used by dovecot authenticator.
+
+TF/03 Bugzilla 615: When checking the local_parts router precondition
+ after a local_part_suffix or local_part_prefix option, Exim now
+ does not use the address's named list lookup cache, since this
+ contains cached lookups for the whole local part.
+
+NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by
+ Robert Millan. Documentation is in experimental-spec.txt.
+
+TF/04 Bugzilla 668: Fix parallel build (make -j).
+
+NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000.
+
+NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling.
+ Patch provided by Jan Srzednicki.
+
+TF/05 Leading white space used to be stripped from $spam_report which
+ wrecked the formatting. Now it is preserved.
+
+TF/06 Save $spam_score, $spam_bar, and $spam_report in spool files, so
+ that they are available at delivery time.
+
+TF/07 Fix the way ${extract is skipped in the untaken branch of a conditional.
+
+TF/08 TLS error reporting now respects the incoming_interface and
+ incoming_port log selectors.
+
+TF/09 Produce a more useful error message if an SMTP transport's hosts
+ setting expands to an empty string.
+
+NM/06 Bugzilla 744: EXPN did not work under TLS.
+ Patch provided by Phil Pennock.
+
+NM/07 Bugzilla 769: Extraneous comma in usage fprintf
+ Patch provided by Richard Godbee.
+
+NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be
+ acl_smtp_notquit, added index entry.
+
+NM/09 Bugzilla 787: Potential buffer overflow in string_format.
+ Patch provided by Eugene Bujak.
+
+NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to
+ accept(). Patch provided by Maxim Dounin.
+
+NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero.
+ Patch provided by Phil Pennock.
+
+NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists.
+
+NM/13 Bugzilla 590: Correct handling of Resent-Date headers.
+ Patch provided by Brad "anomie" Jorsch.
+
+NM/14 Bugzilla 622: Added timeout setting to transport filter.
+ Patch provided by Dean Brooks.
+
+TK/05 Add native DKIM support (does not depend on external libraries).
+
+NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful.
+ Patch provided by Graeme Fowler.
+
+NM/16 Bugzilla 851: Documentation example syntax fix.
+
+NM/17 Changed NOTICE file to remove references to embedded PCRE.
+
+NM/18 Bugzilla 894: Fix issue with very long lines including comments in
+ lsearch.
+
+NM/19 Bugzilla 745: TLS version reporting.
+ Patch provided by Phil Pennock.
+
+NM/20 Bugzilla 167: bool: condition support.
+ Patch provided by Phil Pennock.
+
+NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken
+ clients. Patch provided by Phil Pennock.
+
+NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date.
+ Patch provided by Brad "anomie" Jorsch.
+
+NM/23 Bugzilla 687: Fix misparses in eximstats.
+ Patch provided by Heiko Schlittermann.
+
+NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid.
+ Patch provided by Heiko Schlittermann.
+
+NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file.
+ plus update to original patch.
+
+NM/26 Bugzilla 799: Documentation correction for ratelimit.
+
+NM/27 Bugzilla 802: Improvements to local interface IP addr detection.
+ Patch provided by David Brownlee.
+
+NM/28 Bugzilla 807: Improvements to LMTP delivery logging.
+
+NM/29 Bugzilla 862, 866, 875: Documentation bugfixes.
+
+NM/30 Bugzilla 888: TLS documentation bugfixes.
+
+NM/31 Bugzilla 896: Dovecot buffer overrun fix.
+
+NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --"
+ Unlike the original bugzilla I have changed all shell scripts in src tree.
+
+NM/33 Bugzilla 898: Transport filter timeout fix.
+ Patch by Todd Rinaldo.
+
+NM/34 Bugzilla 901: Fix sign/unsigned and UTF mismatches.
+ Patch by Serge Demonchaux.
+
+NM/35 Bugzilla 39: Base64 decode bug fixes.
+ Patch by Jakob Hirsch.
+
+NM/36 Bugzilla 909: Correct connect() call in dcc code.
+
+NM/37 Bugzilla 910: Correct issue with relaxed/simple handling.
+
+NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed.
+
+NM/39 Bugzilla 911: Fixed MakeLinks build script.
+
+
+Exim version 4.69
+-----------------
+
+TK/01 Add preliminary DKIM support. Currently requires a forked version of
+ ALT-N's libdkim that I have put here:
+ http://duncanthrax.net/exim-experimental/
+
+ Note to Michael Haardt: I had to rename some vars in sieve.c. They
+ were called 'true' and it seems that C99 defines that as a reserved
+ keyword to be used with 'bool' variable types. That means you could
+ not include C99-style headers which use bools without triggering
+ build errors in sieve.c.
+
+NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
+ as mailq or other aliases. Changed the --help handling significantly
+ to do whats expected. exim_usage() emits usage/help information.
+
+SC/01 Added the -bylocaldomain option to eximstats.
+
+NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr.
+
+NM/03 Bugzilla 613: Documentation fix for acl_not_smtp.
+
+NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall).
+
+
+Exim version 4.68
+-----------------
+
+PH/01 Another patch from the Sieve maintainer.
+
+PH/02 When an IPv6 address is converted to a string for single-key lookup
+ in an address list (e.g. for an item such as "net24-dbm;/net/works"),
+ dots are used instead of colons so that keys in lsearch files need not
+ contain colons. This was done some time before quoting was made available
+ in lsearch files. However, iplsearch files do require colons in IPv6 keys
+ (notated using the quote facility) so as to distinguish them from IPv4
+ keys. This meant that lookups for IP addresses in host lists did not work
+ for iplsearch lookups.
+
+ This has been fixed by arranging for IPv6 addresses to be expressed with
+ colons if the lookup type is iplsearch. This is not incompatible, because
+ previously such lookups could never work.
+
+ The situation is now rather anomalous, since one *can* have colons in
+ ordinary lsearch keys. However, making the change in all cases is
+ incompatible and would probably break a number of configurations.
+
+TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
+ version.
+
+MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
+ conversion specification without a maximum field width, thereby enabling
+ a rogue spamd server to cause a buffer overflow. While nobody in their
+ right mind would setup Exim to query an untrusted spamd server, an
+ attacker that gains access to a server running spamd could potentially
+ exploit this vulnerability to run arbitrary code as the Exim user.
+
+TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
+ $primary_hostname instead of what libspf2 thinks the hosts name is.
+
+MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
+ a directory entry by the name of the lookup key. Previously, if a
+ symlink pointed to a non-existing file or a file in a directory that
+ Exim lacked permissions to read, a lookup for a key matching that
+ symlink would fail. Now it is enough that a matching directory entry
+ exists, symlink or not. (Bugzilla 503.)
+
+PH/03 The body_linecount and body_zerocount variables are now exported in the
+ local_scan API.
+
+PH/04 Added the $dnslist_matched variable.
+
+PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
+ This means they are set thereafter only if the connection becomes
+ encrypted.
+
+PH/06 Added the client_condition to authenticators so that some can be skipped
+ by clients under certain conditions.
+
+PH/07 The error message for a badly-placed control=no_multiline_responses left
+ "_responses" off the end of the name.
+
+PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
+
+PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
+ (without spaces) instead of just copying the configuration text.
+
+PH/10 Added the /noupdate option to the ratelimit ACL condition.
+
+PH/11 Added $max_received_linelength.
+
+PH/12 Added +ignore_defer and +include_defer to host lists.
+
+PH/13 Installed PCRE version 7.2. This needed some changes because of the new
+ way in which PCRE > 7.0 is built.
+
+PH/14 Implemented queue_only_load_latch.
+
+PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
+ MAIL command. The effect was to mangle the value on 64-bit systems.
+
+PH/16 Another patch from the Sieve maintainer.
+
+PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
+
+PH/18 If a system quota error occurred while trying to create the file for
+ a maildir delivery, the message "Mailbox is full" was not appended to the
+ bounce if the delivery eventually timed out. Change 4.67/27 below applied
+ only to a quota excession during the actual writing of the file.
+
+PH/19 It seems that peer DN values may contain newlines (and other non-printing
+ characters?) which causes problems in log lines. The DN values are now
+ passed through string_printing() before being added to log lines.
+
+PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
+ and InterBase are left for another time.)
+
+PH/21 Added message_body_newlines option.
+
+PH/22 Guard against possible overflow in moan_check_errorcopy().
+
+PH/23 POSIX allows open() to be a macro; guard against that.
+
+PH/24 If the recipient of an error message contained an @ in the local part
+ (suitably quoted, of course), incorrect values were put in $domain and
+ $local_part during the evaluation of errors_copy.
+
+
+Exim version 4.67
+-----------------
+
+MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address
+ is unset (happens when testing with -bh and -oMi isn't used). Thanks to
+ Jan Srzednicki.
+
+PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not
+ issue a MAIL command.
+
+PH/02 In an ACL statement such as
+
+ deny dnslists = X!=127.0.0.2 : X=127.0.0.2
+
+ if a client was not listed at all, or was listed with a value other than
+ 127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list,
+ the condition was not true (as it should be), so access was not denied.
+ The bug was that the ! inversion was incorrectly passed on to the second
+ item. This has been fixed.
+
+PH/03 Added additional dnslists conditions == and =& which are different from
+ = and & when the dns lookup returns more than one IP address.
+
+PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the
+ cipher suites used by GnuTLS. These options are ignored by OpenSSL.
+
+PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_
+ FSYNC, which compiles an option called disable_fsync that allows for
+ bypassing fsync(). The documentation is heavily laced with warnings.
+
+SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket.
+
+PH/06 Some tidies to the infrastructure of the Test Suite that is concerned
+ with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT
+ to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile,
+ including adding "make clean"; (3) Added -fPIC when compiling the test
+ dynamically loaded module, to get rid of a warning.
+
+MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce
+ message fails, move_frozen_messages = true and ignore_bounce_errors_after
+ = 0s. The bug is otherwise harmless.
+
+PH/07 There was a bug in the dovecot authenticator such that the value of
+ $auth1 could be overwritten, and so not correctly preserved, after a
+ successful authentication. This usually meant that the value preserved by
+ the server_setid option was incorrect.
+
+PH/08 Added $smtp_count_at_connection_start, deliberately with a long name.
+
+PH/09 Installed PCRE release 7.0.
+
+PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being
+ run for batched SMTP input. It is now run at the start of every message
+ in the batch. While fixing this I discovered that the process information
+ (output by running exiwhat) was not always getting set for -bs and -bS
+ input. This is fixed, and it now also says "batched" for BSMTP.
+
+PH/11 Added control=no_pipelining.
+
+PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's
+ patch, slightly modified), and move the expansion of helo_data till after
+ the connection is made in the smtp transport (so it can use these
+ values).
+
+PH/13 Added ${rfc2047d: to decoded RFC 2047 strings.
+
+PH/14 Added log_selector = +pid.
+
+PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set.
+
+PH/16 Add ${if forany and ${if forall.
+
+PH/17 Added dsn_from option to vary the From: line in DSNs.
+
+PH/18 Flush SMTP output before performing a callout, unless control =
+ no_callout_flush is set.
+
+PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender
+ was true (the default) a successful delivery failed to delete the retry
+ item, thus causing premature timeout of the address. The bug is now
+ fixed.
+
+PH/20 Added hosts_avoid_pipelining to the smtp transport.
+
+PH/21 Long custom messages for fakedefer and fakereject are now split up
+ into multiline responses in the same way that messages for "deny" and
+ other ACL rejections are.
+
+PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep,
+ with slight modification.
+
+PH/23 Applied sieve patches from the maintainer "tracking the latest notify
+ draft, changing the syntax and factoring some duplicate code".
+
+PH/24 When the log selector "outgoing_port" was set, the port was shown as -1
+ for deliveries of the second and subsequent messages over the same SMTP
+ connection.
+
+PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and
+ ${reduce, with only minor "tidies".
+
+SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match.
+
+PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its
+ expansion side effects.
+
+PH/27 When a message times out after an over-quota error from an Exim-imposed
+ quota, the bounce message says "mailbox is full". This message was not
+ being given when it was a system quota that was exceeded. It now should
+ be the same.
+
+MH/03 Made $recipients available in local_scan(). local_scan() already has
+ better access to the recipient list through recipients_list[], but
+ $recipients can be useful in postmaster-provided expansion strings.
+
+PH/28 The $smtp_command and $smtp_command_argument variables were not correct
+ in the case of a MAIL command with additional options following the
+ address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings
+ were accidentally chopped off.
+
+PH/29 SMTP synchronization checks are implemented when a command is read -
+ there is a check that no more input is waiting when there shouldn't be
+ any. However, for some commands, a delay in an ACL can mean that it is
+ some time before the response is written. In this time, more input might
+ arrive, invalidly. So now there are extra checks after an ACL has run for
+ HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when
+ pipelining has not been advertised.
+
+PH/30 MH's patch to allow iscntrl() characters to be list separators.
+
+PH/31 Unlike :fail:, a custom message specified with :defer: was not being
+ returned in the SMTP response when smtp_return_error_details was false.
+ This has been fixed.
+
+PH/32 Change the Dovecot authenticator to use read() and write() on the socket
+ instead of the C I/O that was originally supplied, because problems were
+ reported on Solaris.
+
+PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in
+ Exim which did not show up earlier: it was assuming that a call to
+ SSL_CTX_set_info_callback() might give an error value. In fact, there is
+ no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback()
+ was a macro that became an assignment, so it seemed to work. This has
+ changed to a proper function call with a void return, hence the compile
+ error. Exim's code has been fixed.
+
+PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit
+ cpus.
+
+PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify".
+
+PH/36 Applied John Jetmore's patch to add -v functionality to exigrep.
+
+PH/37 If a message is not accepted after it has had an id assigned (e.g.
+ because it turns out to be too big or there is a timeout) there is no
+ "Completed" line in the log. When some messages of this type were
+ selected by exigrep, they were listed as "not completed". Others were
+ picked up by some special patterns. I have improved the selection
+ criteria to be more general.
+
+PH/38 The host_find_failed option in the manualroute router can now be set
+ to "ignore", to completely ignore a host whose IP address cannot be
+ found. If all hosts are ignored, the behaviour is controlled by the new
+ host_all_ignored option.
+
+PH/39 In a list of hosts for manualroute, if one item (either because of multi-
+ homing or because of multiple MX records with /mx) generated more than
+ one IP address, and the following item turned out to be the local host,
+ all the secondary addresses of the first item were incorrectly removed
+ from the list, along with the local host and any following hosts (which
+ is what is supposed to happen).
+
+PH/40 When Exim receives a message, it writes the login name, uid, and gid of
+ whoever called Exim into the -H file. In the case of the daemon it was
+ behaving confusingly. When first started, it used values for whoever
+ started the daemon, but after a SIGHUP it used the Exim user (because it
+ calls itself on a restart). I have changed the code so that it now always
+ uses the Exim user.
+
+PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a
+ message are rejected with the same error (e.g. no authentication or bad
+ sender address), and a DATA command is nevertheless sent (as can happen
+ with PIPELINING or a stupid MUA), the error message that was given to the
+ RCPT commands is included in the rejection of the DATA command. This is
+ intended to be helpful for MUAs that show only the final error to their
+ users.
+
+PH/42 Another patch from the Sieve maintainer.
+
+SC/02 Eximstats - Differentiate between permanent and temporary rejects.
+ Eximstats - Fixed some broken HTML links and added missing column headers
+ (Jez Hancock).
+ Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email
+ columns for Rejects, Temp Rejects, Ham, and Spam rows.
+
+SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables.
+
+PH/43 Yet another patch from the Sieve maintainer.
+
+PH/44 I found a way to check for a TCP/IP connection going away before sending
+ the response to the final '.' that terminates a message, but only in the
+ case where the client has not sent further data following the '.'
+ (unfortunately, this is allowed). However, in many cases there won't be
+ any further data because there won't be any more messages to send. A call
+ to select() can be used: if it shows that the input is "ready", there is
+ either input waiting, or the socket has been closed. An attempt to read
+ the next input character can distinguish the two cases. Previously, Exim
+ would have sent an OK response which the client would never have see.
+ This could lead to message repetition. This fix should cure that, at
+ least in a lot of common cases.
+
+PH/45 Do not advertise STARTTLS in response to HELP unless it would be
+ advertised in response to EHLO.
+
+
+Exim version 4.66
+-----------------
+
+PH/01 Two more bugs that were introduced by 4.64/PH/07, in addition to the one
+ fixed by 4.65/MH/01 (is this a record?) are fixed:
+
+ (i) An empty string was always treated as zero by the numeric comparison
+ operators. This behaviour has been restored.
+
+ (ii) It is documented that the numeric comparison operators always treat
+ their arguments as decimal numbers. This was broken in that numbers
+ starting with 0 were being interpreted as octal.
+
+ While fixing these problems I realized that there was another issue that
+ hadn't been noticed. Values of message_size_limit (both the global option
+ and the transport option) were treated as octal if they started with 0.
+ The documentation was vague. These values are now always treated as
+ decimal, and I will make that clear in the documentation.
+
+
+Exim version 4.65
+-----------------
+
+TK/01 Disable default definition of HAVE_LINUX_SENDFILE. Clashes with
+ Linux large file support (_FILE_OFFSET_BITS=64) on older glibc
+ versions. (#438)
+
+MH/01 Don't check that the operands of numeric comparison operators are
+ integers when their expansion is in "skipping" mode (fixes bug
+ introduced by 4.64-PH/07).
+
+PH/01 If a system filter or a router generates more than SHRT_MAX (32767)
+ child addresses, Exim now panics and dies. Previously, because the count
+ is held in a short int, deliveries were likely to be lost. As such a
+ large number of recipients for a single message is ridiculous
+ (performance will be very, very poor), I have chosen to impose a limit
+ rather than extend the field.
+
+
+Exim version 4.64
+-----------------
+
+TK/01 Bugzilla #401. Fix DK spooling code so that it can overwrite a
+ leftover -K file (the existence of which was triggered by #402).
+ While we were at it, introduced process PID as part of the -K
+ filename. This should rule out race conditions when creating
+ these files.
+
+TK/02 Bugzilla #402. Apply patch from Simon Arlott, speeding up DK signing
+ processing considerably. Previous code took too long for large mails,
+ triggering a timeout which in turn triggers #401.
+
+TK/03 Introduced HAVE_LINUX_SENDFILE to os.h-Linux. Currently only used
+ in the DK code in transports.c. sendfile() is not really portable,
+ hence the _LINUX specificness.
+
+TF/01 In the add_headers option to the mail command in an Exim filter,
+ there was a bug that Exim would claim a syntax error in any
+ header after the first one which had an odd number of characters
+ in the field name.
+
+PH/01 If a server that rejects MAIL FROM:<> was the target of a sender
+ callout verification, Exim cached a "reject" for the entire domain. This
+ is correct for most verifications, but it is not correct for a recipient
+ verification with use_sender or use_postmaster set, because in that case
+ the callout does not use MAIL FROM:<>. Exim now distinguishes the special
+ case of MAIL FROM:<> rejection from other early rejections (e.g.
+ rejection of HELO). When verifying a recipient using a non-null MAIL
+ address, the cache is ignored if it shows MAIL FROM:<> rejection.
+ Whatever the result of the callout, the value of the domain cache is
+ left unchanged (for any other kind of callout, getting as far as trying
+ RCPT means that the domain itself is ok).
+
+PH/02 Tidied a number of unused variable and signed/unsigned warnings that
+ gcc 4.1.1 threw up.
+
+PH/03 On Solaris, an unexpectedly close socket (dropped connection) can
+ manifest itself as EPIPE rather than ECONNECT. When tidying away a
+ session, the daemon ignores ECONNECT errors and logs others; it now
+ ignores EPIPE as well.
+
+PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c
+ (quoted-printable decoding).
+
+PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and
+ later the small subsequent patch to fix an introduced bug.
+
+PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer.
+
+PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}.
+
+PH/08 An error is now given if message_size_limit is specified negative.
+
+PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables
+ to be given (somewhat) arbitrary names.
+
+JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced
+ in 4.64-PH/09.
+
+JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions,
+ miscellaneous code fixes
+
+PH/10 Added the log_reject_target ACL modifier to specify where to log
+ rejections.
+
+PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_
+ hostname. This is wrong, because it relates to the incoming message (and
+ probably the interface on which it is arriving) and not to the outgoing
+ callout (which could be using a different interface). This has been
+ changed to use the value of the helo_data option from the smtp transport
+ instead - this is what is used when a message is actually being sent. If
+ there is no remote transport (possible with a router that sets up host
+ addresses), $smtp_active_hostname is used.
+
+PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various
+ tweaks were necessary in order to get it to work (see also 21 below):
+ (a) The code assumed that strncpy() returns a negative number on buffer
+ overflow, which isn't the case. Replaced with Exim's string_format()
+ function.
+ (b) There were several signed/unsigned issues. I just did the minimum
+ hacking in of casts. There is scope for a larger refactoring.
+ (c) The code used strcasecmp() which is not a standard C function.
+ Replaced with Exim's strcmpic() function.
+ (d) The code set only $1; it now sets $auth1 as well.
+ (e) A simple test gave the error "authentication client didn't specify
+ service in request". It would seem that Dovecot has changed its
+ interface. Fortunately there's a specification; I followed it and
+ changed what the client sends and it appears to be working now.
+
+PH/13 Added $message_headers_raw to provide the headers without RFC 2047
+ decoding.
+
+PH/14 Corrected misleading output from -bv when -v was also used. Suppose the
+ address A is aliased to B and C, where B exists and C does not. Without
+ -v the output is "A verified" because verification stops after a
+ successful redirection if more than one address is generated. However,
+ with -v the child addresses are also verified. Exim was outputting "A
+ failed to verify" and then showing the successful verification for C,
+ with its parentage. It now outputs "B failed to verify", showing B's
+ parentage before showing the successful verification of C.
+
+PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to
+ look up a TXT record in a specific list after matching in a combined
+ list.
+
+PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and
+ RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when
+ they consult the DNS. I had assumed they would set it the way they
+ wanted; and indeed my experiments on Linux seem to show that in some
+ cases they do (I could influence IPv6 lookups but not IPv4 lookups).
+ To be on the safe side, however, I have now made the interface to
+ host_find_byname() similar to host_find_bydns(), with an argument
+ containing the DNS resolver options. The host_find_byname() function now
+ sets these options at its start, just as host_find_bydns() does. The smtp
+ transport options dns_qualify_single and dns_search_parents are passed to
+ host_find_byname() when gethostbyname=TRUE in this transport. Other uses
+ of host_find_byname() use the default settings of RES_DEFNAMES
+ (qualify_single) but not RES_DNSRCH (search_parents).
+
+PH/17 Applied (a modified version of) Nico Erfurth's patch to make
+ spool_read_header() do less string testing, by means of a preliminary
+ switch on the second character of optional "-foo" lines. (This is
+ overdue, caused by the large number of possibilities that now exist.
+ Originally there were few.) While I was there, I also converted the
+ str(n)cmp tests so they don't re-test the leading "-" and the first
+ character, in the hope this might squeeze out yet more improvement.
+
+PH/18 Two problems with "group" syntax in header lines when verifying: (1) The
+ flag allowing group syntax was set by the header_syntax check but not
+ turned off, possible causing trouble later; (2) The flag was not being
+ set at all for the header_verify test, causing "group"-style headers to
+ be rejected. I have now set it in this case, and also caused header_
+ verify to ignore an empty address taken from a group. While doing this, I
+ came across some other cases where the code for allowing group syntax
+ while scanning a header line wasn't quite right (mostly, not resetting
+ the flag correctly in the right place). These bugs could have caused
+ trouble for malformed header lines. I hope it is now all correct.
+
+PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called
+ with the "reply" argument non-NULL. The code, however (which originally
+ came from elsewhere) had *some* tests for NULL when it wrote to *reply,
+ but it didn't always do it. This confused somebody who was copying the
+ code for some other use. I have removed all the tests.
+
+PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a
+ feature that was used to support insecure browsers during the U.S. crypto
+ embargo. It requires special client support, and Exim is probably the
+ only MTA that supported it -- and would never use it because real RSA is
+ always available. This code has been removed, because it had the bad
+ effect of slowing Exim down by computing (never used) parameters for the
+ RSA_EXPORT functionality.
+
+PH/21 On the advice of Timo Sirainen, added a check to the dovecot
+ authenticator to fail if there's a tab character in the incoming data
+ (there should never be unless someone is messing about, as it's supposed
+ to be base64-encoded). Also added, on Timo's advice, the "secured" option
+ if the connection is using TLS or if the remote IP is the same as the
+ local IP, and the "valid-client-cert option" if a client certificate has
+ been verified.
+
+PH/22 As suggested by Dennis Davis, added a server_condition option to *all*
+ authenticators. This can be used for authorization after authentication
+ succeeds. (In the case of plaintext, it servers for both authentication
+ and authorization.)
+
+PH/23 Testing for tls_required and lost_connection in a retry rule didn't work
+ if any retry times were supplied.
+
+PH/24 Exim crashed if verify=helo was activated during an incoming -bs
+ connection, where there is no client IP address to check. In this
+ situation, the verify now always succeeds.
+
+PH/25 Applied John Jetmore's -Mset patch.
+
+PH/26 Added -bem to be like -Mset, but loading a message from a file.
+
+PH/27 In a string expansion for a processed (not raw) header when multiple
+ headers of the same name were present, leading whitespace was being
+ removed from all of them, but trailing whitespace was being removed only
+ from the last one. Now trailing whitespace is removed from each header
+ before concatenation. Completely empty headers in a concatenation (as
+ before) are ignored.
+
+PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John
+ Jetmore). It would have mis-read ACL variables from pre-4.61 spool files.
+
+PH/29 [Removed. This was a change that I later backed out, and forgot to
+ correct the ChangeLog entry (that I had efficiently created) before
+ committing the later change.]
+
+PH/30 Exim was sometimes attempting to deliver messages that had suffered
+ address errors (4xx response to RCPT) over the same connection as other
+ messages routed to the same hosts. Such deliveries are always "forced",
+ so retry times are not inspected. This resulted in far too many retries
+ for the affected addresses. The effect occurred only when there were more
+ hosts than the hosts_max_try setting in the smtp transport when it had
+ the 4xx errors. Those hosts that it had tried were not added to the list
+ of hosts for which the message was waiting, so if all were tried, there
+ was no problem. Two fixes have been applied:
+
+ (i) If there are any address or message errors in an SMTP delivery, none
+ of the hosts (tried or untried) are now added to the list of hosts
+ for which the message is waiting, so the message should not be a
+ candidate for sending over the same connection that was used for a
+ successful delivery of some other message. This seems entirely
+ reasonable: after all the message is NOT "waiting for some host".
+ This is so "obvious" that I'm not sure why it wasn't done
+ previously. Hope I haven't missed anything, but it can't do any
+ harm, as the worst effect is to miss an optimization.
+
+ (ii) If, despite (i), such a delivery is accidentally attempted, the
+ routing retry time is respected, so at least it doesn't keep
+ hammering the server.
+
+PH/31 Installed Andrew Findlay's patch to close the writing end of the socket
+ in ${readsocket because some servers need this prod.
+
+PH/32 Added some extra debug output when updating a wait-xxx database.
+
+PH/33 The hint "could be header name not terminated by colon", which has been
+ given for certain expansion errors for a long time, was not being given
+ for the ${if def:h_colon_omitted{... case.
+
+PH/34 The spec says: "With one important exception, whenever a domain list is
+ being scanned, $domain contains the subject domain." There was at least
+ one case where this was not true.
+
+PH/35 The error "getsockname() failed: connection reset by peer" was being
+ written to the panic log as well as the main log, but it isn't really
+ panic-worthy as it just means the connection died rather early on. I have
+ removed the panic log writing for the ECONNRESET error when getsockname()
+ fails.
+
+PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue
+ runs only) independently of the message's sender address. This meant
+ that, if the 4xx error was in fact related to the sender, a different
+ message to the same recipient with a different sender could confuse
+ things. In particular, this can happen when sending to a greylisting
+ server, but other circumstances could also provoke similar problems.
+ I have changed the default so that the retry time for these errors is now
+ based a combination of the sender and recipient addresses. This change
+ can be overridden by setting address_retry_include_sender=false in the
+ smtp transport.
+
+PH/37 For LMTP over TCP/IP (the smtp transport), error responses from the
+ remote server are returned as part of bounce messages. This was not
+ happening for LMTP over a pipe (the lmtp transport), but now it is the
+ same for both kinds of LMTP.
+
+PH/38 Despite being documented as not happening, Exim was rewriting addresses
+ in header lines that were in fact CNAMEs. This is no longer the case.
+
+PH/39 If -R or -S was given with -q<time>, the effect of -R or -S was ignored,
+ and queue runs started by the daemon processed all messages. This has
+ been fixed so that -R and -S can now usefully be given with -q<time>.
+
+PH/40 Import PCRE release 6.7 (fixes some bugs).
+
+PH/41 Add bitwise logical operations to eval (courtesy Brad Jorsch).
+
+PH/42 Give an error if -q is specified more than once.
+
+PH/43 Renamed the variables $interface_address and $interface_port as
+ $received_ip_address and $received_port, to make it clear that these
+ values apply to message reception, and not to the outgoing interface when
+ a message is delivered. (The old names remain recognized, of course.)
+
+PH/44 There was no timeout on the connect() call when using a Unix domain
+ socket in the ${readsocket expansion. There now is.
+
+PH/45 Applied a modified version of Brad Jorsch's patch to allow "message" to
+ be meaningful with "accept".
+
+SC/01 Eximstats V1.43
+ Bug fix for V1.42 with -h0 specified. Spotted by Chris Lear.
+
+SC/02 Eximstats V1.44
+ Use a glob alias rather than an array ref in the generated
+ parser. This improves both readability and performance.
+
+SC/03 Eximstats V1.45 (Marco Gaiarin / Steve Campbell)
+ Collect SpamAssassin and rejection statistics.
+ Don't display local sender or destination tables unless
+ there is data to show.
+ Added average volumes into the top table text output.
+
+SC/04 Eximstats V1.46
+ Collect data on the number of addresses (recipients)
+ as well as the number of messages.
+
+SC/05 Eximstats V1.47
+ Added 'Message too big' to the list of mail rejection
+ reasons (thanks to Marco Gaiarin).
+
+SC/06 Eximstats V1.48
+ Mainlog lines which have GMT offsets and are too short to
+ have a flag are now skipped.
+
+SC/07 Eximstats V1.49 (Alain Williams)
+ Added the -emptyok flag.
+
+SC/08 Eximstats V1.50
+ Fixes for obtaining the IP address from reject messages.
+
+JJ/03 exipick.20061117.2, made header handling as similar to exim as possible
+ (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed
+ whitespace changes from 4.64-PH/27
+
+JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to
+ match 4.64-PH/13
+
+JJ/05 exipick.20061117.2, bug fixes (error out sooner when invalid criteria
+ are found, allow negative numbers in numeric criteria)
+
+JJ/06 exipick.20061117.2, added new $message_body_missing variable
+
+JJ/07 exipick.20061117.2, added $received_ip_address and $received_port
+ to match changes made in 4.64-PH/43
+
+PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm.
+
+PH/47 Put in an explicit test for a DNS lookup of an address record where the
+ "domain" is actually an IP address, and force a failure. This locks out
+ those revolvers/nameservers that support "A-for-A" lookups, in
+ contravention of the specifications.
+
+PH/48 When a host name was looked up from an IP address, and the subsequent
+ forward lookup of the name timed out, the host name was left in
+ $sender_host_name, contrary to the specification.
+
+PH/49 Although default lookup types such as lsearch* or cdb*@ have always been
+ restricted to single-key lookups, Exim was not diagnosing an error if
+ * or *@ was used with a query-style lookup.
+
+PH/50 Increased the value of DH_BITS in tls-gnu.c from 768 to 1024.
+
+MH/01 local_scan ABI version incremented to 1.1. It should have been updated
+ long ago, but noone interested enough thought of it. Let's just say that
+ the "1.1" means that there are some new functions that weren't there at
+ some point in the past.
+
+PH/51 Error processing for expansion failure of helo_data from an smtp
+ transport during callout processing was broken.
+
+PH/52 Applied John Jetmore's patch to allow tls-on-connect and STARTTLS to be
+ tested/used via the -bh/-bhc/-bs options.
+
+PH/53 Added missing "#include <time.h>" to pcre/pcretest.c (this was a PCRE
+ bug, fixed in subsequent PCRE releases).
+
+PH/54 Applied Robert Bannocks' patch to avoid a problem with references that
+ arises when using the Solaris LDAP libraries (but not with OpenLDAP).
+
+PH/55 Check for a ridiculously long file name in exim_dbmbuild.
+
+
+Exim version 4.63
+-----------------
+
+SC/01 Use a glob alias rather than an array ref in eximstats generated
+ parser. This improves both readability and performance.
+
+SC/02 Collect SpamAssassin and rejection statistics in eximstats.
+ Don't display local sender or destination tables in eximstats unless
+ there is data to show.
+ Added average volumes into the eximstats top table text output.
+
+SC/03 Collect data on the number of addresses (recipients) as well
+ as the number of messages in eximstats.
+
+TF/01 Correct an error in the documentation for the redirect router. Exim
+ does (usually) call initgroups() when daemonizing.
+
+TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs
+ with consistent privilege compared to when running as a daemon.
+
+TF/03 Note in the spec that $authenticated_id is not set for local
+ submissions from trusted users.
+
+TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp.
+ Thanks to Dean Brooks <dean@iglou.com> for the patch.
+
+TF/05 Make it easier to get SMTP authentication and TLS/SSL support working
+ by adding some example configuration directives to the default
+ configuration file. A little bit of work is required to uncomment the
+ directives and define how usernames and passwords are checked, but
+ there is now a framework to start from.
+
+PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old"
+ functions that Exim currently uses aren't defined in ldap.h for OpenLDAP
+ without this. I don't know how relevant this is to other LDAP libraries.
+
+PH/02 Add the verb name to the "unknown ACL verb" error.
+
+PH/03 Magnus Holmgren's patch for filter_prepend_home.
+
+PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work.
+
+PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home
+ directory not expanded when it should be if an expanded home directory
+ was set for the address (which is overridden by the transport).
+
+PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with
+ libradius.
+
+PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the
+ bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL,
+ because it is too late at that time, and has no effect.
+
+PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a
+ security issue with \' (bugzilla #107). I could not use the
+ PQescapeStringConn() function, because it needs a PGconn value as one of
+ its arguments.
+
+PH/08 When testing addresses using -bt, indicate those final addresses that
+ are duplicates that would not cause an additional delivery. At least one
+ person was confused, thinking that -bt output corresponded to deliveries.
+ (Suppressing duplicates isn't a good idea as you lose the information
+ about possibly different redirections that led to the duplicates.)
+
+PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on
+ systems where poll() doesn't work, in particular OS X.
+
+PH/10 Added more information to debugging output for retry time not reached.
+
+PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read
+ operations in malware.c.
+
+PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys
+ signatures.
+
+PH/13 If write_rejectlog was set false when logging was sent to syslog with
+ syslog_duplication set false, log lines that would normally be written
+ both the the main log and to the reject log were not written to syslog at
+ all.
+
+PH/14 In the default configuration, change the use of "message" in ACL warn
+ statements to "add_header".
+
+PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not
+ not followed by a command (e.g. "seen endif").
+
+PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail:
+ and :defer: in a redirect router. Add forbid_smtp_code to suppress the
+ latter.
+
+PH/17 Added extra conditions to the default value of delay_warning_condition
+ so that it is now:
+
+ ${if or { \
+ { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \
+ { match{$h_precedence:}{(?i)bulk|list|junk} } \
+ { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \
+ }{no}{yes}}
+
+ The Auto-Submitted: and various List- headers are standardised, whereas I
+ don't think Precedence: ever was.
+
+PH/18 Refactored debugging code in route_finduser() to show more information,
+ in particular, the error code if getpwnam() issues one.
+
+PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module.
+ This is apparently needed in addition to the PH/07 change above to avoid
+ any possible encoding problems.
+
+PH/20 Perl can change the locale. Exim was resetting it after a ${perl call,
+ but not after initializing Perl.
+
+PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and
+ output them only if debugging. By default they are written stderr,
+ apparently, which is not desirable.
+
+PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on
+ queries.
+
+JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and
+ --not options
+
+JJ/02 exipick: rewrote --help documentation to hopefully make more clear.
+
+PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is
+ authenticated or an ident call has been made. Suppress the default
+ values for $authenticated_id and $authenticated_sender (but permit -oMai
+ and -oMas) when testing with -bh.
+
+PH/24 Re-jigged the order of the tests in the default configuration so that the
+ tests for valid domains and recipients precede the DNS black list and CSA
+ tests, on the grounds that those ones are more expensive.
+
+PH/25 Exim was not testing for a space following SMTP commands such as EHLO
+ that require one. Thus, EHLORHUBARB was interpreted as a valid command.
+ This bug exists in every version of Exim that I still have, right back to
+ 0.12.
+
+PH/26 (n)wildlsearch lookups are documented as being done case-insensitively.
+ However, an attempt to turn on case-sensitivity in a regex key by
+ including (?-i) didn't work because the subject string was already
+ lowercased, and the effects were non-intuitive. It turns out that a
+ one-line patch can be used to allow (?-i) to work as expected.
+
+
+Exim version 4.62
+-----------------
+
+TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst
+ other effects) broke the use of negated acl sub-conditions.
+
+PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore
+ patch).
+
+PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow".
+ "Deny" causes Exim to reject the incoming connection with a 554 error.
+ Unfortunately, if there is a major crisis, such as a disk failure,
+ tcp-wrappers gives "deny", whereas what one would like would be some
+ kind of temporary error. A kludge has been added to help with this.
+ Before calling hosts_ctl(), errno is set zero. If the result is "deny", a
+ 554 error is used if errno is still zero or contains ENOENT (which occurs
+ if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a
+ 451 error is used.
+
+PH/03 Add -lutil to the default FreeBSD LIBS setting.
+
+PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host
+ errors. Otherwise a message that provokes a temporary error (when other
+ messages do not) can cause a whole host to time out.
+
+PH/05 Batch deliveries by appendfile and pipe transports did not work when the
+ addresses were routed directly to files or pipes from a redirect router.
+ File deliveries just didn't batch; pipe deliveries might have suffered
+ odd errors.
+
+PH/06 A failure to get a lock for a hints database would erroneously always say
+ "Failed to get write lock", even when it was really a read lock.
+
+PH/07 The appendfile transport was creating MBX lock files with a fixed mode
+ of 0600. This has been changed to use the value of the lockfile_mode
+ option (which defaults to 0600).
+
+PH/08 Applied small patch from the Sieve maintainer.
+
+PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash
+ folder from quota calculations, a direct delivery into this folder messed
+ up the contents of the maildirsize file. This was because the regex was
+ used only to exclude .Trash (or whatever) when the size of the mailbox
+ was calculated. There was no check that a delivery was happening into an
+ excluded directory. This bug has been fixed by ignoring all quota
+ processing for deliveries into excluded directories.
+
+PH/10 Added the maildirfolder_create_regex option to appendfile.
+
+
+Exim version 4.61
+-----------------
+
+PH/01 The code for finding all the local interface addresses on a FreeBSD
+ system running IPv6 was broken. This may well have applied to all BSD
+ systems, as well as to others that have similar system calls. The broken
+ code found IPv4 interfaces correctly, but gave incorrect values for the
+ IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was
+ that it would not match correctly against @[] and not recognize the IPv6
+ addresses as local.
+
+PH/02 The ipliteral router was not recognizing addresses of the form user@
+ [ipv6:....] because it didn't know about the "ipv6:" prefix.
+
+PH/03 Added disable_ipv6.
+
+PH/04 Changed $reply_address to use the raw form of the headers instead of the
+ decoded form, because it is most often used to construct To: headers
+ lines in autoreplies, and the decoded form may well be syntactically
+ invalid. However, $reply_address has leading white space removed, and all
+ newlines turned into spaces so that the autoreply transport does not
+ grumble.
+
+PH/05 If group was specified without a user on a router, and no group or user
+ was specified on a transport, the group from the router was ignored.
+
+PH/06 Increased the number of ACL variables to 20 of each type, and arranged
+ for visible compile-time settings that can be used to change these
+ numbers, for those that want even more. Backwards compatibility with old
+ spool files has been maintained. However, going back to a previous Exim
+ release will lost any variables that are in spool files.
+
+PH/07 Two small changes when running in the test harness: increase delay when
+ passing a TCP/IP connection to a new process, in case the original
+ process has to generate a bounce, and remove special handling of
+ 127.0.0.2 (sic), which is no longer necessary.
+
+PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to
+ be the same on different OS.
+
+PH/09 Moved a debug statement in filter processing to avoid a race problem when
+ testing.
+
+JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:"
+ whether --show-vars was specified or not
+
+JJ/02 exipick: Added support for new ACL variable spool format introduced
+ in 4.61-PH/06
+
+PH/10 Fixed another bug related to PH/04 above: if an incoming message had a
+ syntactically invalid From: or Reply-to: line, and a filter used this to
+ generate an autoreply, and therefore failed to obtain an address for the
+ autoreply, Exim could try to deliver to a non-existent relative file
+ name, causing unrelated and misleading errors. What now happens is that
+ it logs this as a hard delivery error, but does not attempt to create a
+ bounce message.
+
+PH/11 The exinext utility has a -C option for testing purposes, but although
+ the given file was scanned by exinext itself; it wasn't being passed on
+ when Exim was called.
+
+PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as
+ an end-of-file indication when reading a command response.
+
+PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was
+ compiled. In many other places in Exim, IPv6 addresses are always
+ recognized, so I have changed this. It also means that IPv4 domain
+ literals of the form [IPV4:n.n.n.n] are now always recognized.
+
+PH/14 When a uid/gid is specified for the queryprogram router, it cannot be
+ used if the router is not running as root, for example, when verifying at
+ ACL time, or when using -bh. The debugging output from this situation was
+ non-existent - all you got was a failure to exec. I have made two
+ changes:
+
+ (a) Failures to set uid/gid, the current directory, or a process leader
+ in a subprocess such as that created by queryprogram now generate
+ suitable debugging output when -d is set.
+
+ (b) The queryprogram router detects when it is not running as root,
+ outputs suitable debugging information if -d is set, and then runs
+ the subprocess without attempting to change uid/gid.
+
+PH/15 Minor change to Makefile for building test_host (undocumented testing
+ feature).
+
+PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the
+ additional section of a DNS packet that returns MX or SRV records.
+ Instead, it always explicitly searches for A/AAAA records. This avoids
+ major problems that occur when a DNS server includes only records of one
+ type (A or AAAA) in an MX/SRV packet. A byproduct of this change has
+ fixed another bug: if SRV records were looked up and the corresponding
+ address records were *not* found in the additional section, the port
+ values from the SRV records were lost.
+
+PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not
+ using the correct key (the original address) when searching the retry
+ rules in order to find which one to use for generating the retry hint.
+
+PH/18 If quota_warn_message contains a From: header, Exim now refrains from
+ adding the default one. Similarly, if it contains a Reply-To: header, the
+ errors_reply_to option, if set, is not used.
+
+PH/19 When calculating a retry time, Exim used to measure the "time since
+ failure" by looking at the "first failed" field in the retry record. Now
+ it does not use this if it is later than than the arrival time of the
+ message. Instead it uses the arrival time. This makes for better
+ behaviour in cases where some deliveries succeed, thus re-setting the
+ "first failed" field. An example is a quota failure for a huge message
+ when small messages continue to be delivered. Without this change, the
+ "time since failure" will always be short, possible causing more frequent
+ delivery attempts for the huge message than are intended.
+ [Note: This change was subsequently modified - see PH/04 for 4.62.]
+
+PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
+ $1, $2, $3) because the numerical variables can be reset during some
+ expansion items (e.g. "match"), thereby losing the authentication data.
+
+PH/21 Make -bV show the size of off_t variables so that the test suite can
+ decide whether to run tests for quotas > 2G.
+
+PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold,
+ mailbox_size, and mailbox_filecount in the appendfile transport. If a
+ filecount value is greater than 2G or if a quota value is greater than 2G
+ on a system where the size of off_t is not greater than 4, a panic error
+ is given.
+
+PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
+ never match. The debug and -bh output now contains an explicit error
+ message indicating a malformed IPv4 address or mask.
+
+PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
+ 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
+ PH/23 above applies.
+
+PH/25 Do not write to syslog when running in the test harness. The only
+ occasion when this arises is a failure to open the main or panic logs
+ (for which there is an explicit test).
+
+PH/26 Added the /no_tell option to "control=freeze".
+
+PH/27 If a host name lookup failed very early in a connection, for example, if
+ the IP address matched host_lookup and the reverse lookup yielded a name
+ that did not have a forward lookup, an error message of the form "no IP
+ address found for host xxx.xxx.xxx (during SMTP connection from NULL)"
+ could be logged. Now it outputs the IP address instead of "NULL".
+
+PH/28 An enabling patch from MH: add new function child_open_exim2() which
+ allows the sender and the authenticated sender to be set when
+ submitting a message from within Exim. Since child_open_exim() is
+ documented for local_scan(), the new function should be too.
+
+PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
+ ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
+ results in an empty string is now treated as unset.
+
+PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
+
+PH/31 Added sender_verify_fail logging option.
+
+PH/32 In November 2003, the code in Exim that added an empty Bcc: header when
+ needed by RFC 822 but not by RFC 2822 was commented out. I have now
+ tidied the source and removed it altogether.
+
+PH/33 When a queue run was abandoned because the load average was too high, a
+ log line was always written; now it is written only if the queue_run log
+ selector is set. In addition, the log line for abandonment now contains
+ information about the queue run such as the pid. This is always present
+ in "start" and "stop" lines but was omitted from the "abandon" line.
+
+PH/34 Omit spaces between a header name and the colon in the error message that
+ is given when verify = headers_syntax fails (if there are lots of them,
+ the message gets confusing).
+
+PH/35 Change the default for dns_check_names_pattern to allow slashes within
+ names, as there are now some PTR records that contain slashes. This check
+ is only to protect against broken name servers that fall over on strange
+ characters, so the fact that it applies to all lookups doesn't matter.
+
+PH/36 Now that the new test suite is complete, we can remove some of the
+ special code in Exim that was needed for the old test suite. For example,
+ sorting DNS records because real resolvers return them in an arbitrary
+ order. The new test suite's fake resolver always returns records in the
+ same order.
+
+PH/37 When running in the test harness, use -odi for submitted messages (e.g.
+ bounces) except when queue_only is set, to avoid logging races between
+ the different processes.
+
+PH/38 Panic-die if .include specifies a non-absolute path.
+
+PH/39 A tweak to the "H" retry rule from its user.
+
+JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified
+ a label. They prevented compilation on older perls.
+
+JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused
+ a warning to be raised on newish perls.
+
+JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages
+ on queue. Changes to match documented behaviour of showing count of
+ messages matching specified criteria.
+
+PH/40 Changed the default ident timeout from 30s to 5s.
+
+PH/41 Added support for the use of login_cap features, on those BSD systems
+ that have them, for controlling the resources used by pipe deliveries.
+
+PH/42 The content-scanning code uses fopen() to create files in which to put
+ message data. Previously it was not paying any attention to the mode of
+ the files. Exim runs with umask(0) because the rest of the code creates
+ files with open(), and sets the required mode explicitly. Thus, these
+ files were ending up world-writeable. This was not a big issue, because,
+ being within the spool directory, they were not world-accessible. I have
+ created a function called modefopen, which takes an additional mode
+ argument. It sets umask(777), creates the file, chmods it to the required
+ mode, then resets the umask. All the relevant calls to fopen() in the
+ content scanning code have been changed to use this function.
+
+PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset
+ to 24 hours. This avoids potential overflow problems when processing G
+ and H retry rules. I suspect nobody ever tinkers with this value.
+
+PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile.
+
+PH/45 When the plaintext authenticator is running as a client, the server's
+ challenges are checked to ensure they are valid base64 strings. By
+ default, the authentication attempt is cancelled if an invalid string is
+ received. Setting client_ignore_invalid_base64 true ignores these errors.
+ The decoded challenge strings are now placed in $auth1, $auth2, etc. as
+ they are received. Thus, the responses can be made to depend on the
+ challenges. If an invalid string is ignored, an empty string is placed in
+ the variable.
+
+PH/46 Messages that are created by the autoreply transport now contains a
+ References: header, in accordance with RFCs 2822 and 3834.
+
+PH/47 Added authenticated_sender_force to the smtp transport.
+
+PH/48 The ${prvs expansion was broken on systems where time_t was long long.
+
+PH/49 Installed latest patch from the Sieve maintainer.
+
+PH/50 When an Exim quota was set without a file count quota, and mailbox_size
+ was also set, the appendfile transport was unnecessarily scanning a
+ directory of message files (e.g. for maildir delivery) to find the count
+ of files (along with the size), even though it did not need this
+ information. It now does the scan only if it needs to find either the
+ size of the count of files.
+
+PH/51 Added ${time_eval: to convert Exim time strings into seconds.
+
+PH/52 Two bugs concerned with error handling when the smtp transport is
+ used in LMTP mode:
+
+ (i) Exim was not creating retry information for temporary errors given
+ for individual recipients after the DATA command when the smtp transport
+ was used in LMTP mode. This meant that they could be retried too
+ frequently, and not timed out correctly.
+
+ (ii) Exim was setting the flag that allows error details to be returned
+ for LMTP errors on RCPT commands, but not for LMTP errors for individual
+ recipients that were returned after the DATA command.
+
+PH/53 This is related to PH/52, but is more general: for any failing address,
+ when detailed error information was permitted to be returned to the
+ sender, but the error was temporary, then after the final timeout, only
+ "retry timeout exceeded" was returned. Now it returns the full error as
+ well as "retry timeout exceeded".
+
+PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that
+ do this, and (what is worse) MTAs that accept it.
+
+PH/55 Added the add_header modified to ACLs. The use of "message" with "warn"
+ will now be deprecated.
+
+PH/56 New os.c-cygwin from the Cygwin maintainer.
+
+JJ/06 exipick: added --unsorted option to allow unsorted output in all output
+ formats (previously only available in exim formats via -bpr, -bpru,
+ and -bpra. Now also available in native and exiqgrep formats)
+
+JJ/07 exipick: added --freeze and --thaw options to allow faster interaction
+ with very large, slow to parse queues
+
+JJ/08 exipick: added ! as generic prefix to negate any criteria format
+
+JJ/09 exipick: miscellaneous performance enhancements (~24% improvements)
+
+PH/57 Tidies in SMTP dialogue display in debug output: (i) It was not showing
+ responses to authentication challenges, though it was showing the
+ challenges; (ii) I've removed the CR characters from the debug output for
+ SMTP output lines.
+
+PH/58 Allow for the insertion of a newline as well as a space when a string
+ is turned into more than one encoded-word during RFC 2047 encoding. The
+ Sieve code now uses this.
+
+PH/59 Added the following errors that can be detected in retry rules: mail_4xx,
+ data_4xx, lost_connection, tls_required.
+
+PH/60 When a VRFY deferred or FAILED, the log message rather than the user
+ message was being sent as an SMTP response.
+
+PH/61 Add -l and -k options to exicyclog.
+
+PH/62 When verifying, if an address was redirected to one new address, so that
+ verification continued, and the new address failed or deferred after
+ having set something in $address_data, the value of $address_data was not
+ passed back to the ACL. This was different to the case when no
+ redirection occurred. The value is now passed back in both cases.
+
+PH/63 Changed the macro HAVE_LOGIN_CAP (see PH/41 for this release above) to
+ HAVE_SETCLASSRESOURCES because there are different APIs in use that all
+ use login_cap.h, so on its own it isn't the distinguishing feature. The
+ new name refers directly to the setclassresources() function.
+
+PH/65 Added configuration files for NetBSD3.
+
+PH/66 Updated OS/Makefile-HP-UX for gcc 4.1.0 with HP-UX 11.
+
+PH/67 Fixed minor infelicity in the sorting of addresses to ensure that IPv6
+ is preferred over IPv4.
+
+PH/68 The bounce_return_message and bounce_return_body options were not being
+ honoured for bounces generated during the reception of non-SMTP messages.
+ In particular, this applied to messages rejected by the ACL. This bug has
+ been fixed. However, if bounce_return_message is true and bounce_return_
+ body is false, the headers that are returned for a non-SMTP message
+ include only those that have been read before the error was detected.
+ (In the case of an ACL rejection, they have all been read.)
+
+PH/69 The HTML version of the specification is now built in a directory called
+ spec_html instead of spec.html, because the latter looks like a path with
+ a MIME-type, and this confuses some software.
+
+PH/70 Catch two compiler warnings in sieve.c.
+
+PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The
+ function verify_get_ident() calls ip_connect() to connect a socket, but
+ if the "connect()" function timed out, ip_connect() used to close the
+ socket. However, verify_get_ident() also closes the socket later, and in
+ between Exim writes to the log, which may get opened at this point. When
+ the socket was closed in ip_connect(), the log could get the same file
+ descriptor number as the socket. This naturally causes chaos. The fix is
+ not to close the socket in ip_connect(); the socket should be closed by
+ the function that creates it. There was only one place in the code where
+ this was missing, in the iplookup router, which I don't think anybody now
+ uses, but I've fixed it anyway.
+
+PH/72 Make dns_again_means_nonexist apply to lookups using gethostbyname() as
+ well as to direct DNS lookups. Otherwise the handling of names in host
+ lists is inconsistent and therefore confusing.
+
+
+Exim version 4.60
+-----------------
+
+PH/01 Two changes to the default runtime configuration:
+
+ (1) Move the checks for relay_from_hosts and authenticated clients from
+ after to before the (commented out) DNS black list checks.
+
+ (2) Add control=submission to the relay_from_hosts and authenticated
+ clients checks, on the grounds that messages accepted by these
+ statements are most likely to be submissions.
+
+PH/02 Several tidies to the handling of ${prvs and ${prvscheck:
+
+ (1) Generate an error if the third argument for the ${prvs expansion is
+ not a single digit.
+
+ (2) Treat a missing third argument of ${prvscheck as if it were an empty
+ string.
+
+ (3) Reset the variables that are obtained from the first argument of
+ ${prvscheck and used in the second argument before leaving the code,
+ because their memory is reclaimed, so using them afterwards may do
+ silly things.
+
+ (4) Tidy up the code for expanding the arguments of ${prvscheck one by
+ one (it's much easier than Tom thought :-).
+
+ (5) Because of (4), we can now allow for the use of $prvscheck_result
+ inside the third argument.
+
+PH/03 For some reason, the default setting of PATH when running a command from
+ a pipe transport was just "/usr/bin". I have changed it to
+ "/bin:/usr/bin".
+
+PH/04 SUPPORT_TRANSLATE_IP_ADDRESS and MOVE_FROZEN_MESSAGES did not cause
+ anything to be listed in the output from -bV.
+
+PH/05 When a filter generated an autoreply, the entire To: header line was
+ quoted in the delivery log line, like this:
+
+ => >A.N.Other <ano@some.domain> <original@ddress> ...
+
+ This has been changed so that it extracts the operative address. There
+ may be more than one such address. If so, they are comma-separated, like
+ this:
+
+ => >ano@some.domain,ona@other.domain <original@ddress> ...
+
+PH/06 When a client host used a correct literal IP address in a HELO or EHLO
+ command, (for example, EHLO [1.2.3.4]) and the client's IP address was
+ not being looked up in the rDNS to get a host name, Exim was showing the
+ IP address twice in Received: lines, even though the IP addresses were
+ identical. For example:
+
+ Received: from [1.2.3.4] (helo=[1.2.3.4])
+
+ However, if the real host name was known, it was omitting the HELO data
+ if it matched the actual IP address. This has been tidied up so that it
+ doesn't show the same IP address twice.
+
+PH/07 When both +timestamp and +memory debugging was on, the value given by
+ $tod_xxx expansions could be wrong, because the tod_stamp() function was
+ called by the debug printing, thereby overwriting the timestamp buffer.
+ Debugging no longer uses the tod_stamp() function when +timestamp is set.
+
+PH/08 When the original message was included in an autoreply transport, it
+ always said "this is a copy of the message, including all the headers",
+ even if body_only or headers_only was set. It now gives an appropriate
+ message.
+
+PH/09 Applied a patch from the Sieve maintainer which:
+
+ o fixes some comments
+ o adds the (disabled) notify extension core
+ o adds some debug output for the result of if/elsif tests
+ o points to the current vacation draft in the documentation
+ and documents the missing references header update
+
+ and most important:
+
+ o fixes a bug in processing the envelope test (when testing
+ multiple envelope elements, the last element determined the
+ result)
+
+PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to
+ Electronic Mail") by including:
+
+ Auto-submitted: auto-generated
+
+ in the messages that it generates (bounce messages and others, such as
+ warnings). In the case of bounce messages for non-SMTP messages, there was
+ also a typo: it was using "Auto_submitted" (underscore instead of
+ hyphen). Since every message generated by Exim is necessarily in response
+ to another message, thes have all been changed to:
+
+ Auto-Submitted: auto-replied
+
+ in accordance with these statements in the RFC:
+
+ The auto-replied keyword:
+
+ - SHOULD be used on messages sent in direct response to another
+ message by an automatic process,
+
+ - MUST NOT be used on manually-generated messages,
+
+ - MAY be used on Delivery Status Notifications (DSNs) and Message
+ Disposition Notifications (MDNs),
+
+ - MUST NOT be used on messages generated by automatic or periodic
+ processes, except for messages which are automatic responses to
+ other messages.
+
+PH/11 Added "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
+ to the default Received: header definition.
+
+PH/12 Added log selector acl_warn_skipped (default on).
+
+PH/13 After a successful wildlsearch lookup, discard the values of numeric
+ variables because (a) they are in the wrong storage pool and (b) even if
+ they were copied, it wouldn't work properly because of the caching.
+
+PH/14 Add check_rfc2047_length to disable enforcement of RFC 2047 length
+ checking when decoding. Apparently there are clients that generate
+ overlong encoded strings. Why am I not surprised?
+
+PH/15 If the first argument of "${if match_address" was not empty, but did not
+ contain an "@" character, Exim crashed. Now it writes a panic log message
+ and treats the condition as false.
+
+PH/16 In autoreply, treat an empty string for "once" the same as unset.
+
+PH/17 A further patch from the Sieve maintainer: "Introduce the new Sieve
+ extension "envelope-auth". The code is finished and in agreement with
+ other implementations, but there is no documentation so far and in fact,
+ nobody wrote the draft yet. This extension is currently #undef'ed, thus
+ not changing the active code.
+
+ Print executed "if" and "elsif" statements when debugging is used. This
+ helps a great deal to understand what a filter does.
+
+ Document more things not specified clearly in RFC3028. I had all this
+ sorted out, when out of a sudden new issues came to my mind. Oops."
+
+PH/18 Exim was not recognizing the "net-" search type prefix in match_ip lists
+ (Bugzilla #53).
+
+PH/19 Exim expands the IPv6 address given to -bh to its full non-abbreviated
+ canonical form (as documented). However, after a host name lookup from
+ the IP address, check_host() was doing a simple string comparison with
+ addresses acquired from the DNS when checking that the found name did
+ have the original IP as one of its addresses. Since any found IPv6
+ addresses are likely to be in abbreviated form, the comparison could
+ fail. Luckily, there already exists a function for doing the comparison
+ by converting both addresses to binary, so now that is used instead of
+ the text comparison.
+
+PH/20 There was another similar case to PH/19, when a complete host name was
+ given in a host list; looking up its IP address could give an abbreviated
+ form, whereas the current host's name might or might not be abbreviated.
+ The same fix has been applied.
+
+
+Exim version 4.54
+-----------------
+
+PH/01 The ${base62: operator adjusted itself to base 36 when BASE_62 was
+ set to 36 (for Darwin and Cygwin), but the ${base62d: operator did not.
+ It now does.
+
+PH/02 Two minor problems detected in Cygwin: the os.{c,h} files had lost */ on
+ the CVS lines, and there was a missing #if HAVE_IPV6 in host.c.
+
+PH/03 Typo: missing ".o" in src/pcre/Makefile.
+
+PH/04 Tighten up "personal" tests: Instead of testing for any "List-"
+ header line, restrict the check to what is listed in RFCs 2369 and 2929.
+ Also, for "Auto-Submitted", treat anything other than "no" as
+ non-personal, in accordance with RFC 3834. (Previously it treated
+ anything starting "auto-" as non-personal.)
+
+TF/01 The control=submission/name=... option had a problem with syntax
+ errors if the name included a slash character. The /name= option
+ now slurps the rest of the string, so it can include any characters
+ but it must come last in the list of options (after /sender_retain
+ or /domain=).
+
+PH/05 Some modifications to the interface to the fake nameserver for the new
+ testing suite.
+
+
+
+Exim version 4.53
+-----------------
+
+TK/01 Added the "success_on_redirect" address verification option. See
+ NewStuff for rationale and an example.
+
+PH/01 Added support for SQLite, basic code supplied by David Woodhouse.
+
+PH/02 Patch to exigrep to allow it to work on syslog lines.
+
+PH/03 When creating an mbox file for a virus/spam scan, use fseek() instead of
+ fread() to skip over the body file's header line, because in Cygwin the
+ header line is locked and is inaccessible.
+
+PH/04 Added $message_exim_id, ultimately to replace $message_id (they will both
+ co-exist for some time) to make it clear that it is the Exim ID that is
+ referenced, not the Message-ID: header line.
+
+PH/05 Replaced all Tom's calls to snprintf() with calls to the internal
+ string_format() function, because snprintf() does not exist on all
+ operating systems.
+
+PH/06 The use of forbid_filter_existstest now also locks out the use of the
+ ${stat: expansion item.
+
+PH/07 Changed "SMTP protocol violation: synchronization error" into "SMTP
+ protocol synchronization error", to keep the pedants happy.
+
+PH/08 Arrange for USE_INET_NTOA_FIX to be set in config.h for AIX systems as
+ well as for IRIX systems, when gcc is being used. See the host.c source
+ file for comments.
+
+PH/09 Installed latest Cygwin configuration files from the Cygwin maintainer.
+
+PH/10 Named domain lists were not working if used in a queue_smtp_domains
+ setting.
+
+PH/11 Added support for the IGNOREQUOTA extension to LMTP, both to the lmtp
+ transport and to the smtp transport in LMTP mode.
+
+TK/02 Remove one case of BASE64 error detection FTTB (undocumented anyway).
+
+PH/12 There was a missing call to search_tidyup() before the fork() in rda.c to
+ run a filter in a subprocess. This could lead to confusion in subsequent
+ lookups in the parent process. There should also be a search_tidyup() at
+ the end of the subprocess.
+
+PH/13 Previously, if "verify = helo" was set in an ACL, the condition was true
+ only if the host matched helo_try_verify_hosts, which caused the
+ verification to occur when the EHLO/HELO command was issued. The ACL just
+ tested the remembered result. Now, if a previous verification attempt has
+ not happened, "verify = helo" does it there and then.
+
+JJ/01 exipick: added $message_exim_id variable (see 4.53-PH/04)
+
+TK/03 Fix log output including CR from clamd.
+
+PH/14 A reference to $reply_address when Reply-to: was empty and From: did not
+ exist provoked a memory error which could cause a segfault.
+
+PH/15 Installed PCRE 6.2
+
+PH/17 Defined BIND_8_COMPAT in the Darwin os.h file.
+
+PH/18 Reversed 4.52/PH/17 because the HP-UX user found it wasn't the cause
+ of the problem. Specifically, suggested +O2 rather than +O1 for the
+ HP-UX compiler.
+
+PH/19 Added sqlite_lock_timeout option (David Woodhouse's patch).
+
+PH/20 If a delivery was routed to a non-standard port by means of an SRV
+ record, the port was not correctly logged when the outgoing_port log
+ selector was set (it logged the transort's default port).
+
+PH/21 Added support for host-specific ports to manualroute, queryprogram,
+ fallback_hosts, and "hosts" in the smtp transport.
+
+PH/22 If the log selector "outgoing_port" is set, the port is now also given on
+ host errors such as "Connection refused".
+
+PH/23 Applied a patch to fix problems with exim-4.52 while doing radius
+ authentication with radiusclient 0.4.9:
+
+ - Error returned from rc_read_config was caught wrongly
+ - Username/password not passed on to radius server due to wrong length.
+
+ The presumption is that some radiusclient API changes for 4.51/PH/17
+ were not taken care of correctly. The code is still untested by me (my
+ Linux distribution still has 0.3.2 of radiusclient), but it was
+ contributed by a Radius user.
+
+PH/24 When doing a callout, the value of $domain wasn't set correctly when
+ expanding the "port" option of the smtp transport.
+
+TK/04 MIME ACL: Fix buffer underrun that occurs when EOF condition is met
+ while reading a MIME header. Thanks to Tom Hughes for a patch.
+
+PH/24 Include config.h inside local_scan.h so that configuration settings are
+ available.
+
+PH/25 Make $smtp_command_argument available after all SMTP commands. This means
+ that in an ACL for RCPT (for example), you can examine exactly what was
+ received.
+
+PH/26 Exim was recognizing IPv6 addresses of the form [IPv6:....] in EHLO
+ commands, but it was not correctly comparing the address with the actual
+ client host address. Thus, it would show the EHLO address in Received:
+ header lines when this was not necessary.
+
+PH/27 Added the % operator to ${eval:}.
+
+PH/28 Exim tries to create and chdir to its spool directory when it starts;
+ it should be ignoring failures (because with -C, for example, it has lost
+ privilege). It wasn't ignoring creation failures other than "already
+ exists".
+
+PH/29 Added "crypteq" to the list of supported features that Exim outputs when
+ -bV or -d is used.
+
+PH/30 Fixed (presumably very longstanding) bug in exim_dbmbuild: if it failed
+ because an input line was too long, either on its own, or by virtue of
+ too many continuations, the temporary file was not being removed, and the
+ return code was incorrect.
+
+PH/31 Missing "BOOL" in function definition in filtertest.c.
+
+PH/32 Applied Sieve patches from the maintainer.
+
+TK/05 Domainkeys: Accomodate for a minor API change in libdomainkeys 0.67.
+
+PH/33 Added "verify = not_blind".
+
+PH/34 There are settings for CHOWN_COMMAND and MV_COMMAND that can be used in
+ Local/Makefile (with some defaults set). These are used in built scripts
+ such as exicyclog, but they have never been used in the exim_install
+ script (though there are many overriding facilities there). I have
+ arranged that the exim_install script now takes note of these two
+ settings.
+
+PH/35 Installed configuration files for Dragonfly.
+
+PH/36 When a locally submitted message by a trusted user did not contain a
+ From: header, and the sender address was obtained from -f or from an SMTP
+ MAIL command, and the trusted user did not use -F to supply a sender
+ name, $originator_name was incorrectly used when constructing a From:
+ header. Furthermore, $originator_name was used for submission mode
+ messages from external hosts without From: headers in a similar way,
+ which is clearly wrong.
+
+PH/37 Added control=suppress_local_fixups.
+
+PH/38 When log_selector = +received_sender was set, and the addition of the
+ sender made the log line's construction buffer exactly full, or one byte
+ less than full, an overflow happened when the terminating "\n" was
+ subsequently added.
+
+PH/39 Added a new log selector, "unknown_in_list", which provokes a log entry
+ when the result of a list match is failure because a DNS lookup failed.
+
+PH/40 RM_COMMAND is now used in the building process.
+
+PH/41 Added a "distclean" target to the top-level Makefile; it deletes all
+ the "build-* directories that it finds.
+
+PH/42 (But a TF fix): In a domain list, Exim incorrectly matched @[] if the IP
+ address in a domain literal was a prefix of an interface address.
+
+PH/43 (Again a TF fix): In the dnslookup router, do not apply widen_domains
+ when verifying a sender address, unless rewrite_headers is false.
+
+PH/44 Wrote a long comment about why errors_to addresses are verified as
+ recipients, not senders.
+
+TF/01 Add missing LIBS=-lm to OS/Makefile-OpenBSD which was overlooked when
+ the ratelimit ACL was added.
+
+PH/45 Added $smtp_command for the full command (cf $smtp_command_argument).
+
+PH/46 Added extra information about PostgreSQL errors to the error string.
+
+PH/47 Added an interface to a fake DNS resolver for use by the new test suite,
+ avoiding the need to install special zones in a real server. This is
+ backwards compatible; if it can't find the fake resolver, it drops back.
+ Thus, both old and new test suites can be run.
+
+TF/02 Added util/ratelimit.pl
+
+TF/03 Minor fix to the ratelimit code to improve its behaviour in case the
+ clock is set back in time.
+
+TF/04 Fix the ratelimit support in exim_fixdb. Patch provided by Brian
+ Candler <B.Candler@pobox.com>.
+
+TF/05 The fix for PH/43 was not completely correct; widen_domains is always
+ OK for addresses that are the result of redirections.
+
+PH/48 A number of further additions for the benefit of the new test suite,
+ including a fake gethostbyname() that interfaces to the fake DNS resolver
+ (see PH/47 above).
+
+TF/06 The fix for widen_domains has also been applied to qualify_single and
+ search_parents which are the other dnslookup options that can cause
+ header rewrites.
+
+PH/49 Michael Haardt's randomized retrying, but as a separate retry parameter
+ type ("H").
+
+PH/50 Make never_users, trusted_users, admin_groups, trusted_groups expandable.
+
+TF/07 Exim produced the error message "an SRV record indicated no SMTP
+ service" if it encountered an MX record with an empty target hostname.
+ The message is now "an MX or SRV record indicated no SMTP service".
+
+TF/08 Change PH/13 introduced the possibility that verify=helo may defer,
+ if the DNS of the sending site is misconfigured. This is quite a
+ common situation. This change restores the behaviour of treating a
+ helo verification defer as a failure.
+
+PH/51 If self=fail was set on a router, the bounce message did not include the
+ actual error message.
+
+
+Exim version 4.52
+-----------------
+
+TF/01 Added support for Client SMTP Authorization. See NewStuff for details.
+
+PH/01 When a transport filter timed out in a pipe delivery, and the pipe
+ command itself ended in error, the underlying message about the transport
+ filter timeout was being overwritten with the pipe command error. Now the
+ underlying error message should be appended to the second error message.
+
+TK/01 Fix poll() being unavailable on Mac OSX 10.2.
+
+PH/02 Reduce the amount of output that "make" produces by default. Full output
+ can still be requested.
+
+PH/03 The warning log line about a condition test deferring for a "warn" verb
+ was being output only once per connection, rather than after each
+ occurrence (because it was using the same function as for successful
+ "warn" verbs). This seems wrong, so I have changed it.
+
+TF/02 Two buglets in acl.c which caused Exim to read a few bytes of memory that
+ it should not have, which might have caused a crash in the right
+ circumstances, but probably never did.
+
+PH/04 Installed a modified version of Tony Finch's patch to make submission
+ mode fix the return path as well as the Sender: header line, and to
+ add a /name= option so that you can make the user's friendly name appear
+ in the header line.
+
+TF/03 Added the control = fakedefer ACL modifier.
+
+TF/04 Added the ratelimit ACL condition. See NewStuff for details. Thanks to
+ Mark Lowes for thorough testing.
+
+TK/02 Rewrote SPF support to work with libspf2 versions >1.2.0.
+
+TK/03 Merged latest SRS patch from Miles Wilton.
+
+PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts
+ with the definition in sysexits.h (which is #included earlier).
+ Fortunately, Exim does not actually use EX_OK. The code used to try to
+ preserve the sysexits.h value, by assuming that macro definitions were
+ scanned for macro replacements. I have been disabused of this notion,
+ so now the code just undefines EX_OK before #including unistd.h.
+
+PH/06 There is a timeout for writing blocks of data, set by, e.g. data_timeout
+ in the smtp transport. When a block could not be written in a single
+ write() function, the timeout was being re-applied to each part-write.
+ This seems wrong - if the receiver was accepting one byte at a time it
+ would take for ever. The timeout is now adjusted when this happens. It
+ doesn't have to be particularly precise.
+
+TK/04 Added simple SPF lookup method in EXPERIMENTAL_SPF. See NewStuff for
+ details. Thanks to Chris Webb <chris@arachsys.com> for the patch!
+
+PH/07 Added "fullpostmaster" verify option, which does a check to <postmaster>
+ without a domain if the check to <postmaster@domain> fails.
+
+SC/01 Eximstats: added -xls and the ability to specify output files
+ (patch written by Frank Heydlauf).
+
+SC/02 Eximstats: use FileHandles for outputting results.
+
+SC/03 Eximstats: allow any combination of xls, txt, and html output.
+
+SC/04 Eximstats: fixed display of large numbers with -nvr option
+
+SC/05 Eximstats: fixed merging of reports with empty tables.
+
+SC/06 Eximstats: added the -include_original_destination flag
+
+SC/07 Eximstats: removed tabs and trailing whitespace.
+
+TK/05 Malware: Improve on aveserver error handling. Patch from Alex Miller.
+
+TK/06 MBOX spool code: Add real "From " MBOX separator line
+ so the .eml file is really in mbox format (even though
+ most programs do not really care). Patch from Alex Miller.
+
+TK/07 MBOX spool code: Add X-Envelope-From: and X-Envelope-To: headers.
+ The latter is generated from $received_to and is only set if the
+ message has one envelope recipient. SA can use these headers,
+ obviously out-of-the-box. Patch from Alex Miller.
+
+PH/08 The ${def test on a variable was returning false if the variable's
+ value was "0", contrary to what the specification has always said!
+ The result should be true unless the variable is empty.
+
+PH/09 The syntax error of a character other than { following "${if
+ def:variable_name" (after optional whitespace) was not being diagnosed.
+ An expansion such as ${if def:sender_ident:{xxx}{yyy}} in which an
+ accidental colon was present, for example, could give incorrect results.
+
+PH/10 Tidied the code in a number of places where the st_size field of a stat()
+ result is used (not including appendfile, where other changes are about
+ to be made).
+
+PH/11 Upgraded appendfile so that quotas larger than 2G are now supported.
+ This involved changing a lot of size variables from int to off_t. It
+ should work with maildirs and everything.
+
+TK/08 Apply fix provided by Michael Haardt to prevent deadlock in case of
+ spamd dying while we are connected to it.
+
+TF/05 Fixed a ${extract error message typo reported by Jeremy Harris
+ <jgh@wizmail.org>
+
+PH/12 Applied Alex Kiernan's patch for the API change for the error callback
+ function for BDB 4.3.
+
+PH/13 Changed auto_thaw such that it does not apply to bounce messages.
+
+PH/14 Imported PCRE 6.0; this was more than just a trivial operation because
+ the sources for PCRE have been re-arranged and more files are now
+ involved.
+
+PH/15 The code I had for printing potentially long long variables in PH/11
+ above was not the best (it lost precision). The length of off_t variables
+ is now inspected at build time, and an appropriate printing format (%ld
+ or %lld) is chosen and #defined by OFF_T_FMT. We also define LONGLONG_T
+ to be "long long int" or "long int". This is needed for the internal
+ formatting function string_vformat().
+
+PH/16 Applied Matthew Newton's patch to exicyclog: "If log_file_path is set in
+ the configuration file to be ":syslog", then the script "guesses" where
+ the logs files are, rather than using the compiled in default. In our
+ case the guess is not the same as the compiled default, so the script
+ suddenly stopped working when I started to use syslog. The patch checks
+ to see if log_file_path is "". If so, it attempts to read it from exim
+ with no configuration file to get the compiled in version, before it
+ falls back to the previous guessing code."
+
+TK/09 Added "prvs" and "prvscheck" expansion items. These help a lot with
+ implementing BATV in an Exim configuration. See NewStuff for the gory
+ details.
+
+PH/17 Applied Michael Haardt's patch for HP-UX, affecting only the os.h and
+ Makefile that are specific to HP-UX.
+
+PH/18 If the "use_postmaster" option was set for a recipient callout together
+ with the "random" option, the postmaster address was used as the MAIL
+ FROM address for the random test, but not for the subsequent recipient
+ test. It is now used for both.
+
+PH/19 Applied Michael Haardt's patch to update Sieve to RFC3028bis. "The
+ patch removes a few documentation additions to RFC 3028, because the
+ latest draft now contains them. It adds the new en;ascii-case comparator
+ and a new error check for 8bit text in MIME parts. Comparator and
+ require names are now matched exactly. I enabled the subaddress
+ extension, but it is not well tested yet (read: it works for me)."
+
+PH/20 Added macros for time_t as for off_t (see PH/15 above) and used them to
+ rework some of the code of TK/09 above to avoid the hardwired use of
+ "%lld" and "long long". Replaced the call to snprintf() with a call to
+ string_vformat().
+
+PH/21 Added some other messages to those in 4.51/PH/42, namely "All relevant MX
+ records point to non-existent hosts", "retry timeout exceeded", and
+ "retry time not reached for any host after a long failure period".
+
+PH/22 Fixed some oversights/typos causing bugs when Exim is compiled with
+ experimental DomainKeys support:
+
+ (1) The filter variables $n0-$n9 and $sn0-$sn9 were broken.
+ (2) On an error such as an illegally used "control", the wrong name for
+ the control was given.
+
+ These problems did NOT occur unless DomainKeys support was compiled.
+
+PH/23 Added daemon_startup_retries and daemon_startup_sleep.
+
+PH/24 Added ${if match_ip condition.
+
+PH/25 Put debug statements on either side of calls to EXIM_DBOPEN() for hints
+ databases so that it will be absolutely obvious if a crash occurs in the
+ DB library. This is a regular occurrence (often caused by mis-matched
+ db.h files).
+
+PH/26 Insert a lot of missing (void) casts for functions such as chown(),
+ chmod(), fcntl(), sscanf(), and other functions from stdio.h. These were
+ picked up on a user's system that detects such things. There doesn't seem
+ to be a gcc warning option for this - only an attribute that has to be
+ put on the function's prototype. It seems that in Fedora Core 4 they have
+ set this on a number of new functions. No doubt there will be more in due
+ course.
+
+PH/27 If a dnslookup or manualroute router is set with verify=only, it need not
+ specify a transport. However, if an address that was verified by such a
+ router was the subject of a callout, Exim crashed because it tried to
+ read the rcpt_include_affixes from the non-existent transport. Now it
+ just assumes that the setting of that option is false. This bug was
+ introduced by 4.51/PH/31.
+
+PH/28 Changed -d+all to exclude +memory, because that information is very
+ rarely of interest, but it makes the output a lot bigger. People tend to
+ do -d+all out of habit.
+
+PH/29 Removed support for the Linux-libc5 build, as it is obsolete and the
+ code in os-type was giving problems when libc.so lives in lib64, like on
+ x86_64 Fedora Core.
+
+PH/30 Exim's DNS code uses the original T_xxx names for DNS record times. These
+ aren't the modern standard, and it seems that some systems' include files
+ don't always have them. Exim was already checking for some of the newer
+ ones like T_AAAA, and defining it itself. I've added checks for all the
+ record types that Exim uses.
+
+PH/31 When using GnuTLS, if the parameters cache file did not exist, Exim was
+ not automatically generating a new one, as it is supposed to. This
+ prevented TLS from working. If the file did exist, but contained invalid
+ data, a new version was generated, as expected. It was only the case of a
+ non-existent file that was broken.
+
+TK/10 Domainkeys: Fix a bug in verification that caused a crash in conjunction
+ with a change in libdomainkeys > 0.64.
+
+TK/11 Domainkeys: Change the logic how the "testing" policy flag is retrieved
+ from DNS. If the selector record carries the flag, it now has
+ precedence over the domain-wide flag.
+
+TK/12 Cleared some compiler warnings related to SPF, SRS and DK code.
+
+PH/32 In mua_wrapper mode, if an smtp transport configuration error (such as
+ the use of a port name that isn't defined in /etc/services) occurred, the
+ message was deferred as in a normal delivery, and thus remained on the
+ spool, instead of being failed because of the mua_wrapper setting. This
+ is now fixed, and I tidied up some of the mua_wrapper messages at the
+ same time.
+
+SC/08 Eximstats: whilst parsing the mainlog(s), store information about
+ the messages in a hash of arrays rather than using individual hashes.
+ This is a bit cleaner and results in dramatic memory savings, albeit
+ at a slight CPU cost.
+
+SC/09 Eximstats: added the -show_rt<list> and the -show_dt<list> flags
+ as requested by Marc Sherman.
+
+SC/10 Eximstats: added histograms for user specified patterns as requested
+ by Marc Sherman.
+
+SC/11 Eximstats: v1.43 - bugfix for pattern histograms with -h0 specified.
+
+PH/33 Patch from the Cygwin maintainer to add "b" to all occurences of
+ fopen() in the content-scanning modules that did not already have it.
+
+
+Exim version 4.51
+-----------------
+
+TK/01 Added Yahoo DomainKeys support via libdomainkeys. See
+ doc/experimental-spec.txt for details. (http://domainkeys.sf.net)
+
+TK/02 Fix ACL "control" statement not being available in MIME ACL.
+
+TK/03 Fix ACL "regex" condition not being available in MIME ACL.
+
+PH/01 Installed a patch from the Sieve maintainer that allows -bf to be used
+ to test Sieve filters that use "vacation".
+
+PH/02 Installed a slightly modified version of Nikos Mavrogiannopoulos' patch
+ that changes the way the GnuTLS parameters are stored in the cache file.
+ The new format can be generated externally. For backward compatibility,
+ if the data in the cache doesn't make sense, Exim assumes it has read an
+ old-format file, and it generates new data and writes a new file. This
+ means that you can't go back to an older release without removing the
+ file.
+
+PH/03 A redirect router that has both "unseen" and "one_time" set does not
+ work if there are any delivery delays because "one_time" forces the
+ parent to be marked "delivered", so its unseen clone is never tried
+ again. For this reason, Exim now forbids the simultaneous setting of
+ these two options.
+
+PH/04 Change 4.11/85 fixed an obscure bug concerned with addresses that are
+ redirected to themselves ("homonym" addresses). Read the long ChangeLog
+ entry if you want to know the details. The fix, however, neglected to
+ consider the case when local delivery batching is involved. The test for
+ "previously delivered" was not happening when checking to see if an
+ address could be batched with a previous (undelivered) one; under
+ certain circumstances this could lead to multiple deliveries to the same
+ address.
+
+PH/05 Renamed the macro SOCKLEN_T as EXIM_SOCKLEN_T because AIX uses SOCKLEN_T
+ in its include files, and this causes problems building Exim.
+
+PH/06 A number of "verify =" ACL conditions have no options (e.g. verify =
+ header_syntax) but Exim was just ignoring anything given after a slash.
+ In particular, this caused confusion with an attempt to use "verify =
+ reverse_host_lookup/defer_ok". An error is now given when options are
+ supplied for verify items that do not have them. (Maybe reverse_host_
+ lookup should have a defer_ok option, but that's a different point.)
+
+PH/07 Increase the size of the buffer for incoming SMTP commands from 512 (as
+ defined by RFC 821) to 2048, because there were problems with some AUTH
+ commands, and RFC 1869 says the size should be increased for extended
+ SMTP commands that take arguments.
+
+PH/08 Added ${dlfunc dynamically loaded function for expansion (code from Tony
+ Finch).
+
+PH/09 Previously, an attempt to use ${perl when it wasn't compiled gave an
+ "unknown" error; now it says that the functionality isn't in the binary.
+
+PH/10 Added a nasty fudge to try to recognize and flatten LDAP passwords in
+ an address' error message when a string expansion fails (syntax or
+ whatever). Otherwise the password may appear in the log. Following change
+ PH/42 below, there is no longer a chance of it appearing in a bounce
+ message.
+
+PH/11 Installed exipick version 20050225.0 from John Jetmore.
+
+PH/12 If the last host in a fallback_hosts list was multihomed, only the first
+ of its addresses was ever tried. (Bugzilla bug #2.)
+
+PH/13 If "headers_add" in a transport didn't end in a newline, Exim printed
+ the result incorrectly in the debug output. (It correctly added a newline
+ to what was transported.)
+
+TF/01 Added $received_time.
+
+PH/14 Modified the default configuration to add an acl_smtp_data ACL, with
+ commented out examples of how to interface to a virus scanner and to
+ SpamAssassin. Also added commented examples of av_scanner and
+ spamd_address settings.
+
+PH/15 Further to TK/02 and TK/03 above, tidied up the tables of what conditions
+ and controls are allowed in which ACLs. There were a couple of minor
+ errors. Some of the entries in the conditions table (which is a table of
+ where they are NOT allowed) were getting very unwieldy; rewrote them as a
+ negation of where the condition IS allowed.
+
+PH/16 Installed updated OS/os.c-cygwin from the Cygwin maintainer.
+
+PH/17 The API for radiusclient changed at release 0.4.0. Unfortunately, the
+ header file does not have a version number, so I've had to invent a new
+ value for RADIUS_LIB_TYPE, namely "RADIUSCLIENTNEW" to request the new
+ API. The code is untested by me (my Linux distribution still has 0.3.2 of
+ radiusclient), but it was contributed by a Radius user.
+
+PH/18 Installed Lars Mainka's patch for the support of CRL collections in
+ files or directories, for OpenSSL.
+
+PH/19 When an Exim process that is running as root has to create an Exim log
+ file, it does so in a subprocess that runs as exim:exim so as to get the
+ ownership right at creation (otherwise, other Exim processes might see
+ the file with the wrong ownership). There was no test for failure of this
+ fork() call, which would lead to the process getting stuck as it waited
+ for a non-existent subprocess. Forks do occasionally fail when resources
+ run out. I reviewed all the other calls to fork(); they all seem to check
+ for failure.
+
+PH/20 When checking for unexpected SMTP input at connect time (before writing
+ the banner), Exim was not dealing correctly with a non-positive return
+ from the read() function. If the client had disconnected by this time,
+ the result was a log entry for a synchronization error with an empty
+ string after "input=" when read() returned zero. If read() returned -1
+ (an event I could not check), uninitialized data bytes were printed.
+ There were reports of junk text (parts of files, etc) appearing after
+ "input=".
+
+PH/21 Added acl_not_smtp_mime to allow for MIME scanning for non-SMTP messages.
+
+PH/22 Added support for macro redefinition, and (re)definition in between
+ driver and ACL definitions.
+
+PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then
+ forgetting to use the resulting value; it was using the unexpanded value.
+
+PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it
+ hadn't been configured. The fix is from Juergen Kreileder, who
+ understands it better than I do:
+
+ "Here's what I see happening with three configured cyrus_sasl
+ authenticators configured (plain, login, cram-md5):
+
+ On startup auth_cyrus_sasl_init() gets called for each of these.
+ This means three calls to sasl_listmech() without a specified mech_list.
+ => SASL tests which mechs of all available mechs actually work
+ => three warnings about OTP not working
+ => the returned list contains: plain, login, cram-md5, digest-md5, ...
+
+ With the patch, sasl_listmech() also gets called three times. But now
+ SASL's mech_list option is set to the server_mech specified in the the
+ authenticator. Or in other words, the answer from sasl_listmech()
+ gets limited to just the mech you're testing for (which is different
+ for each call.)
+ => the return list contains just 'plain' or 'login', 'cram-md5' or
+ nothing depending on the value of ob->server_mech.
+
+ I've just tested the patch: Authentication still works fine,
+ unavailable mechs specified in the exim configuration are still
+ caught, and the auth.log warnings about OTP are gone."
+
+PH/25 When debugging is enabled, the contents of the command line are added
+ to the debugging output, even when log_selector=+arguments is not
+ specified.
+
+PH/26 Change scripts/os-type so that when "uname -s" returns just "GNU", the
+ answer is "GNU", and only if the return is "GNU/something" is the answer
+ "Linux".
+
+PH/27 $acl_verify_message is now set immediately after the failure of a
+ verification in an ACL, and so is available in subsequent modifiers. In
+ particular, the message can be preserved by coding like this:
+
+ warn !verify = sender
+ set acl_m0 = $acl_verify_message
+
+ Previously, $acl_verify_message was set only while expanding "message"
+ and "log_message" when a very denied access.
+
+PH/28 Modified OS/os.c-Linux with
+
+ -#ifndef OS_LOAD_AVERAGE
+ +#if !defined(OS_LOAD_AVERAGE) && defined(__linux__)
+
+ to make Exim compile on kfreebsd-gnu. (I'm totally confused about the
+ nomenclature these days.)
+
+PH/29 Installed patch from the Sieve maintainer that adds the options
+ sieve_useraddress and sieve_subaddress to the redirect router.
+
+PH/30 In these circumstances:
+ . Two addresses routed to the same list of hosts;
+ . First host does not offer TLS;
+ . First host accepts first address;
+ . First host gives temporary error to second address;
+ . Second host offers TLS and a TLS session is established;
+ . Second host accepts second address.
+ Exim incorrectly logged both deliveries with the TLS parameters (cipher
+ and peerdn, if requested) that were in fact used only for the second
+ address.
+
+PH/31 When doing a callout as part of verifying an address, Exim was not paying
+ attention to any local part prefix or suffix that was matched by the
+ router that accepted the address. It now behaves in the same way as it
+ does for delivery: the affixes are removed from the local part unless
+ rcpt_include_affixes is set on the transport.
+
+PH/32 Add the sender address, as F=<...>, to the log line when logging a
+ timeout during the DATA phase of an incoming message.
+
+PH/33 Sieve envelope tests were broken for match types other than :is. I have
+ applied a patch sanctioned by the Sieve maintainer.
+
+PH/34 Change 4.50/80 broke Exim in that it could no longer handle cases where
+ the uid or gid is negative. A case of a negative gid caused this to be
+ noticed. The fix allows for either to be negative.
+
+PH/35 ACL_WHERE_MIME is now declared unconditionally, to avoid too much code
+ clutter, but the tables that are indexed by ACL_WHERE_xxx values had been
+ overlooked.
+
+PH/36 The change PH/12 above was broken. Fixed it.
+
+PH/37 Exim used to check for duplicate addresses in the middle of routing, on
+ the grounds that routing the same address twice would always produce the
+ same answer. This might have been true once, but it is certainly no
+ longer true now. Routing a child address may depend on the previous
+ routing that produced that child. Some complicated redirection strategies
+ went wrong when messages had multiple recipients, and made Exim's
+ behaviour dependent on the order in which the addresses were given.
+
+ I have moved the duplicate checking until after the routing is complete.
+ Exim scans the addresses that are assigned to local and remote
+ transports, and removes any duplicates. This means that more work will be
+ done, as duplicates will always all be routed, but duplicates are
+ presumably rare, so I don't expect this is of any significance.
+
+ For deliveries to pipes, files, and autoreplies, the duplicate checking
+ still happens during the routing process, since they are not going to be
+ routed further.
+
+PH/38 Installed a patch from Ian Freislich, with the agreement of Tom Kistner.
+ It corrects a timeout issue with spamd. This is Ian's comment: "The
+ background is that sometimes spamd either never reads data from a
+ connection it has accepted, or it never writes response data. The exiscan
+ spam.[ch] uses a 3600 second timeout on spamd socket reads, further, it
+ blindly assumes that writes won't block so it may never time out."
+
+PH/39 Allow G after quota size as well as K and M.
+
+PH/40 The value set for $authenticated_id in an authenticator may not contain
+ binary zeroes or newlines because the value is written to log lines and
+ to spool files. There was no check on this. Now the value is run through
+ the string_printing() function so that such characters are converted to
+ printable escape sequences.
+
+PH/41 $message_linecount is a new variable that contains the total number of
+ lines in the message. Compare $body_linecount, which is the count for the
+ body only.
+
+PH/42 Exim no longer gives details of delivery errors for specific addresses in
+ bounce and delay warning messages, except in certain special cases, which
+ are as follows:
+
+ (a) An SMTP error message from a remote host;
+ (b) A message specified in a :fail: redirection;
+ (c) A message specified in a "fail" command in a system filter;
+ (d) A message specified in a FAIL return from the queryprogram router;
+ (e) A message specified by the cannot_route_message router option.
+
+ In these cases only, Exim does include the error details in bounce and
+ warning messages. There are also a few cases where bland messages such
+ as "unrouteable address" or "local delivery error" are given.
+
+PH/43 $value is now also set for the "else" part of a ${run expansion.
+
+PH/44 Applied patch from the Sieve maintainer: "The vacation draft is still
+ being worked on, but at least Exim now implements the latest version to
+ play with."
+
+PH/45 In a pipe transport, although a timeout while waiting for the pipe
+ process to complete was treated as a delivery failure, a timeout while
+ writing the message to the pipe was logged, but erroneously treated as a
+ successful delivery. Such timeouts include transport filter timeouts. For
+ consistency with the overall process timeout, these timeouts are now
+ treated as errors, giving rise to delivery failures by default. However,
+ there is now a new Boolean option for the pipe transport called
+ timeout_defer, which, if set TRUE, converts the failures into defers for
+ both kinds of timeout. A transport filter timeout is now identified in
+ the log output.
+
+PH/46 The "scripts/Configure-config.h" script calls "make" at one point. On
+ systems where "make" and "gmake" are different, calling "gmake" at top
+ level broke things. I've arranged for the value of $(MAKE) to be passed
+ from the Makefile to this script so that it can call the same version of
+ "make".
+
+
+A note about Exim versions 4.44 and 4.50
+----------------------------------------
+
+Exim 4.50 was meant to be the next release after 4.43. It contains a lot of
+changes of various kinds. As a consequence, a big documentation update was
+needed. This delayed the release for rather longer than seemed good, especially
+in the light of a couple of (minor) security issues. Therefore, the changes
+that fixed bugs were backported into 4.43, to create a 4.44 maintenance
+release. So 4.44 and 4.50 are in effect two different branches that both start
+from 4.43.
+
+I have left the 4.50 change log unchanged; it contains all the changes since
+4.43. The change log for 4.44 is below; many of its items are identical to
+those for 4.50. This seems to be the most sensible way to preserve the
+historical information.
+
+
+Exim version 4.50
+-----------------
+
+ 1. Minor wording change to the doc/README.SIEVE file.
+
+ 2. Change 4.43/35 introduced a bug: if quota_filecount was set, the
+ computation of the current number of files was incorrect.
+
+ 3. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
+ bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
+ place.
+
+ 4. Give more explanation in the error message when the command for a transport
+ filter fails to execute.
+
+ 5. There are several places where Exim runs a non-Exim command in a
+ subprocess. The SIGUSR1 signal should be disabled for these processes. This
+ was being done only for the command run by the queryprogram router. It is
+ now done for all such subprocesses. The other cases are: ${run, transport
+ filters, and the commands run by the lmtp and pipe transports.
+
+ 6. Added CONFIGURE_GROUP build-time option.
+
+ 7. Some older OS have a limit of 256 on the maximum number of file
+ descriptors. Exim was using setrlimit() to set 1000 as a large value
+ unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
+ systems. I've change it so that if it can't get 1000, it tries for 256.
+
+ 8. "control=submission" was allowed, but had no effect, in a DATA ACL. This
+ was an oversight, and furthermore, ever since the addition of extra
+ controls (e.g. 4.43/32), the checks on when to allow different forms of
+ "control" were broken. There should now be diagnostics for all cases when a
+ control that does not make sense is encountered.
+
+ 9. Added the /retain_sender option to "control=submission".
+
+10. $recipients is now available in the predata ACL (oversight).
+
+11. Tidy the search cache before the fork to do a delivery from a message
+ received from the command line. Otherwise the child will trigger a lookup
+ failure and thereby defer the delivery if it tries to use (for example) a
+ cached ldap connection that the parent has called unbind on.
+
+12. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
+ of $address_data from the recipient verification was clobbered by the
+ sender verification.
+
+13. The value of address_data from a sender verification is now available in
+ $sender_address_data in subsequent conditions in the ACL statement.
+
+14. Added forbid_sieve_filter and forbid_exim_filter to the redirect router.
+
+15. Added a new option "connect=<time>" to callout options, to set a different
+ connection timeout.
+
+16. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
+ was its contents. (It was OK if the option was not defined at all.)
+
+17. A "Completed" log line is now written for messages that are removed from
+ the spool by the -Mrm option.
+
+18. New variables $sender_verify_failure and $recipient_verify_failure contain
+ information about exactly what failed.
+
+19. Added -dd to debug only the daemon process.
+
+20. Incorporated Michael Haardt's patch to ldap.c for improving the way it
+ handles timeouts, both on the server side and network timeouts. Renamed the
+ CONNECT parameter as NETTIMEOUT (but kept the old name for compatibility).
+
+21. The rare case of EHLO->STARTTLS->HELO was setting the protocol to "smtp".
+ It is now set to "smtps".
+
+22. $host_address is now set to the target address during the checking of
+ ignore_target_hosts.
+
+23. When checking ignore_target_hosts for an ipliteral router, no host name was
+ being passed; this would have caused $sender_host_name to have been used if
+ matching the list had actually called for a host name (not very likely,
+ since this list is usually IP addresses). A host name is now passed as
+ "[x.x.x.x]".
+
+24. Changed the calls that set up the SIGCHLD handler in the daemon to use the
+ code that specifies a non-restarting handler (typically sigaction() in
+ modern systems) in an attempt to fix a rare and obscure crash bug.
+
+25. Narrowed the window for a race in the daemon that could cause it to ignore
+ SIGCHLD signals. This is not a major problem, because they are used only to
+ wake it up if nothing else does.
+
+26. A malformed maildirsize file could cause Exim to calculate negative values
+ for the mailbox size or file count. Odd effects could occur as a result.
+ The maildirsize information is now recalculated if the size or filecount
+ end up negative.
+
+27. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
+ support for a long time. Removed HAVE_SYS_VFS_H.
+
+28. Installed the latest version of exipick from John Jetmore.
+
+29. In an address list, if the pattern was not a regular expression, an empty
+ subject address (from a bounce message) matched only if the pattern was an
+ empty string. Non-empty patterns were not even tested. This was the wrong
+ because it is perfectly reasonable to use an empty address as part of a
+ database query. An empty address is now tested by patterns that are
+ lookups. However, all the other forms of pattern expect the subject to
+ contain a local part and a domain, and therefore, for them, an empty
+ address still always fails if the pattern is not itself empty.
+
+30. Exim went into a mad DNS loop when attempting to do a callout where the
+ host was specified on an smtp transport, and looking it up yielded more
+ than one IP address.
+
+31. Re-factored the code for checking spool and log partition space into a
+ function that finds that data and another that does the check. The former
+ is then used to implement four new variables: $spool_space, $log_space,
+ $spool_inodes, and $log_inodes.
+
+32. The RFC2047 encoding function was originally intended for short strings
+ such as real names; it was not keeping to the 75-character limit for
+ encoded words that the RFC imposes. It now respects the limit, and
+ generates multiple encoded words if necessary. To be on the safe side, I
+ have increased the buffer size for the ${rfc2047: expansion operator from
+ 1024 to 2048 bytes.
+
+33. It is now permitted to omit both strings after an "if" condition; if the
+ condition is true, the result is "true". As before, when the second string
+ is omitted, a false condition yields an empty string. This makes it less
+ cumbersome to write custom ACL and router conditions.
+
+34. Failure to deliver a bounce message always caused it to be frozen, even if
+ there was an errors_to setting on the router. The errors_to setting is now
+ respected.
+
+35. If an IPv6 address is given for -bh or -bhc, it is now converted to the
+ canonical form (fully expanded) before being placed in
+ $sender_host_address.
+
+36. The table in the code that translates DNS record types into text (T_A to
+ "A" for instance) was missing entries for NS and CNAME. It is just possible
+ that this could have caused confusion if both these types were looked up
+ for the same domain, because the text type is used as part of Exim's
+ per-process caching. But the chance of anyone hitting this buglet seems
+ very small.
+
+37. The dnsdb lookup has been extended in a number of ways.
+
+ (1) There is a new type, "zns", which walks up the domain tree until it
+ finds some nameserver records. It should be used with care.
+
+ (2) There is a new type, "mxh", which is like "mx" except that it returns
+ just the host names, not the priorities.
+
+ (3) It is now possible to give a list of domains (or IP addresses) to be
+ looked up. The behaviour when one of the lookups defers can be
+ controlled by a keyword.
+
+ (4) It is now possible to specify the separator character for use when
+ multiple records are returned.
+
+38. The dnslists ACL condition has been extended: it is now possible to supply
+ a list of IP addresses and/or domains to be looked up in a particular DNS
+ domain.
+
+39. Added log_selector=+queue_time_overall.
+
+40. When running the queue in the test harness, wait just a tad after forking a
+ delivery process, to get repeatability of debugging output.
+
+41. Include certificate and key file names in error message when GnuTLS fails
+ to set them up, because the GnuTLS error message doesn't include the name
+ of the failing file when there is a problem reading it.
+
+42. Allow both -bf and -bF in the same test run.
+
+43. Did the same fix as 41 above for OpenSSL, which had the same infelicity.
+
+44. The "Exiscan patch" is now merged into the mainline Exim source.
+
+45. Sometimes the final signoff response after QUIT could fail to get
+ transmitted in the non-TLS case. Testing !tls_active instead of tls_active
+ < 0 before doing a fflush(). This bug looks as though it goes back to the
+ introduction of TLS in release 3.20, but "sometimes" must have been rare
+ because the tests only now provoked it.
+
+46. Reset the locale to "C" after calling embedded Perl, in case it was changed
+ (this can affect the format of dates).
+
+47. exim_tidydb, when checking for the continued existence of a message for
+ which it has found a message-specific retry record, was not finding
+ messages that were in split spool directories. Consequently, it was
+ deleting retry records that should have stayed in existence.
+
+48. Steve fixed some bugs in eximstats.
+
+49. The SPA authentication driver was not abandoning authentication and moving
+ on to the next authenticator when an expansion was forced to fail,
+ contradicting the general specification for all authenticators. Instead it
+ was generating a temporary error. It now behaves as specified.
+
+50. The default ordering of permitted cipher suites for GnuTLS was pessimal
+ (the order specifies the preference for clients). The order is now AES256,
+ AES128, 3DES, ARCFOUR128.
+
+51. Small patch to Sieve code - explicitly set From: when generating an
+ autoreply.
+
+52. Exim crashed if a remote delivery caused a very long error message to be
+ recorded - for instance if somebody sent an entire SpamAssassin report back
+ as a large number of 550 error lines. This bug was coincidentally fixed by
+ increasing the size of one of Exim's internal buffers (big_buffer) that
+ happened as part of the Exiscan merge. However, to be on the safe side, I
+ have made the code more robust (and fixed the comments that describe what
+ is going on).
+
+53. Now that there can be additional text after "Completed" in log lines (if
+ the queue_time_overall log selector is set), a one-byte patch to exigrep
+ was needed to allow it to recognize "Completed" as not the last thing in
+ the line.
+
+54. The LDAP lookup was not handling a return of LDAP_RES_SEARCH_REFERENCE. A
+ patch that reportedly fixes this has been added. I am not expert enough to
+ create a test for it. This is what the patch creator wrote:
+
+ "I found a little strange behaviour of ldap code when working with
+ Windows 2003 AD Domain, where users was placed in more than one
+ Organization Units. When I tried to give exim partial DN, the exit code
+ of ldap_search was unknown to exim because of LDAP_RES_SEARCH_REFERENCE.
+ But simultaneously result of request was absolutely normal ldap result,
+ so I produce this patch..."
+
+ Later: it seems that not all versions of LDAP support LDAP_RES_SEARCH_
+ REFERENCE, so I have modified the code to exclude the patch when that macro
+ is not defined.
+
+55. Some experimental protocols are using DNS PTR records for new purposes. The
+ keys for these records are domain names, not reversed IP addresses. The
+ dnsdb PTR lookup now tests whether its key is an IP address. If not, it
+ leaves it alone. Component reversal etc. now happens only for IP addresses.
+ CAN-2005-0021
+
+56. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP.
+
+57. Double the size of the debug message buffer (to 2048) so that more of very
+ long debug lines gets shown.
+
+58. The exicyclog utility now does better if the number of log files to keep
+ exceeds 99. In this case, it numbers them 001, 002 ... instead of 01, 02...
+
+59. Two changes related to the smtp_active_hostname option:
+
+ (1) $smtp_active_hostname is now available as a variable.
+ (2) The default for smtp_banner uses $smtp_active_hostname instead
+ of $primary_hostname.
+
+60. The host_aton() function is supposed to be passed a string that is known
+ to be a valid IP address. However, in the case of IPv6 addresses, it was
+ not checking this. This is a hostage to fortune. Exim now panics and dies
+ if the condition is not met. A case was found where this could be provoked
+ from a dnsdb PTR lookup with an IPv6 address that had more than 8
+ components; fortuitously, this particular loophole had already been fixed
+ by change 4.50/55 above.
+
+ If there are any other similar loopholes, the new check in host_aton()
+ itself should stop them being exploited. The report I received stated that
+ data on the command line could provoke the exploit when Exim was running as
+ exim, but did not say which command line option was involved. All I could
+ find was the use of -be with a bad dnsdb PTR lookup, and in that case it is
+ running as the user.
+ CAN-2005-0021
+
+61. There was a buffer overflow vulnerability in the SPA authentication code
+ (which came originally from the Samba project). I have added a test to the
+ spa_base64_to_bits() function which I hope fixes it.
+ CAN-2005-0022
+
+62. Configuration update for GNU/Hurd and variations. Updated Makefile-GNU and
+ os.h-GNU, and added configuration files for GNUkFreeBSD and GNUkNetBSD.
+
+63. The daemon start-up calls getloadavg() while still root for those OS that
+ need the first call to be done as root, but it missed one case: when
+ deliver_queue_load_max is set with deliver_drop_privilege. This is
+ necessary for the benefit of the queue runner, because there is no re-exec
+ when deliver_drop_privilege is set.
+
+64. A call to exiwhat cut short delays set up by "delay" modifiers in ACLs.
+ This has been fixed.
+
+65. Caching of lookup data for "hosts =" ACL conditions, when a named host list
+ was in use, was not putting the data itself into the right store pool;
+ consequently, it could be overwritten for a subsequent message in the same
+ SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked
+ the caching.)
+
+66. Added hosts_max_try_hardlimit to the smtp transport, default 50.
+
+67. The string_is_ip_address() function returns 0, 4, or 6, for "no an IP
+ address", "IPv4 address", and "IPv6 address", respectively. Some calls of
+ the function were treating the return as a boolean value, which happened to
+ work because 0=false and not-0=true, but is not correct code.
+
+68. The host_aton() function was not handling scoped IPv6 addresses (those
+ with, for example, "%eth0" on the end) correctly.
+
+69. Fixed some compiler warnings in acl.c for the bitmaps specified with
+ negated items (that is, ~something) in unsigned ints. Some compilers
+ apparently mutter when there is no cast.
+
+70. If an address verification called from an ACL failed, and did not produce a
+ user-specific message (i.e. there was only a "system" message), nothing was
+ put in $acl_verify_message. In this situation, it now puts the system
+ message there.
+
+71. Change 4.23/11 added synchronization checking at the start of an SMTP
+ session; change 4.31/43 added the unwanted input to the log line - except
+ that it did not do this in the start of session case. It now does.
+
+72. After a timeout in a callout SMTP session, Exim still sent a QUIT command.
+ This is wrong and can cause the other end to generate a synchronization
+ error if it is another Exim or anything else that does the synchronization
+ check. A QUIT command is no longer sent after a timeout.
+
+73. $host_lookup_deferred has been added, to make it easier to detect DEFERs
+ during host lookups.
+
+74. The defer_ok option of callout verification was not working if it was used
+ when verifying addresses in header lines, that is, for this case:
+
+ verify = header_sender/callout=defer_ok
+
+75. A backgrounded daemon closed stdin/stdout/stderr on entry; this meant that
+ those file descriptors could be used for SMTP connections. If anything
+ wrote to stderr (the example that came up was "warn" in embedded Perl), it
+ could be sent to the SMTP client, causing chaos. The daemon now opens
+ stdin, stdout, and stderr to /dev/null when it puts itself into the
+ background.
+
+76. Arrange for output from Perl's "warn" command to be written to Exim's main
+ log by default. The user can override this with suitable Perl magic.
+
+77. The use of log_message on a "discard" ACL verb, which is supposed to add to
+ the log message when discard triggers, was not working for the DATA ACL or
+ for the non-SMTP ACL.
+
+78. Error message wording change in sieve.c.
+
+79. If smtp_accept_max_per_host was set, the number of connections could be
+ restricted to fewer than expected, because the daemon was trying to set up
+ a new connection before checking whether the processes handling previous
+ connections had finished. The check for completed processes is now done
+ earlier. On busy systems, this bug wouldn't be noticed because something
+ else would have woken the daemon, and it would have reaped the completed
+ process earlier.
+
+80. If a message was submitted locally by a user whose login name contained one
+ or more spaces (ugh!), the spool file that Exim wrote was not re-readable.
+ It caused a spool format error. I have fixed the spool reading code. A
+ related problem was that the "from" clause in the Received: line became
+ illegal because of the space(s). It is now covered by ${quote_local_part.
+
+81. Included the latest eximstats from Steve (adds average sizes to HTML Top
+ tables).
+
+82. Updated OS/Makefile-AIX as per message from Mike Meredith.
+
+83. Patch from Sieve maintainer to fix unterminated string problem in
+ "vacation" handling.
+
+84. Some minor changes to the Linux configuration files to help with other
+ OS variants using glibc.
+
+85. One more patch for Sieve to update vacation handling to latest spec.
+
+
+----------------------------------------------------
+See the note above about the 4.44 and 4.50 releases.
+----------------------------------------------------
+
+
+Exim version 4.44
+-----------------
+
+ 1. Change 4.43/35 introduced a bug that caused file counts to be
+ incorrectly computed when quota_filecount was set in an appendfile
+ transport
+
+ 2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
+ bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
+ place.
+
+ 3. Give more explanation in the error message when the command for a transport
+ filter fails to execute.
+
+ 4. There are several places where Exim runs a non-Exim command in a
+ subprocess. The SIGUSR1 signal should be disabled for these processes. This
+ was being done only for the command run by the queryprogram router. It is
+ now done for all such subprocesses. The other cases are: ${run, transport
+ filters, and the commands run by the lmtp and pipe transports.
+
+ 5. Some older OS have a limit of 256 on the maximum number of file
+ descriptors. Exim was using setrlimit() to set 1000 as a large value
+ unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
+ systems. I've change it so that if it can't get 1000, it tries for 256.
+
+ 6. "control=submission" was allowed, but had no effect, in a DATA ACL. This
+ was an oversight, and furthermore, ever since the addition of extra
+ controls (e.g. 4.43/32), the checks on when to allow different forms of
+ "control" were broken. There should now be diagnostics for all cases when a
+ control that does not make sense is encountered.
+
+ 7. $recipients is now available in the predata ACL (oversight).
+
+ 8. Tidy the search cache before the fork to do a delivery from a message
+ received from the command line. Otherwise the child will trigger a lookup
+ failure and thereby defer the delivery if it tries to use (for example) a
+ cached ldap connection that the parent has called unbind on.
+
+ 9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
+ of $address_data from the recipient verification was clobbered by the
+ sender verification.
+
+10. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
+ was its contents. (It was OK if the option was not defined at all.)
+
+11. A "Completed" log line is now written for messages that are removed from
+ the spool by the -Mrm option.
+
+12. $host_address is now set to the target address during the checking of
+ ignore_target_hosts.
+
+13. When checking ignore_target_hosts for an ipliteral router, no host name was
+ being passed; this would have caused $sender_host_name to have been used if
+ matching the list had actually called for a host name (not very likely,
+ since this list is usually IP addresses). A host name is now passed as
+ "[x.x.x.x]".
+
+14. Changed the calls that set up the SIGCHLD handler in the daemon to use the
+ code that specifies a non-restarting handler (typically sigaction() in
+ modern systems) in an attempt to fix a rare and obscure crash bug.
+
+15. Narrowed the window for a race in the daemon that could cause it to ignore
+ SIGCHLD signals. This is not a major problem, because they are used only to
+ wake it up if nothing else does.
+
+16. A malformed maildirsize file could cause Exim to calculate negative values
+ for the mailbox size or file count. Odd effects could occur as a result.
+ The maildirsize information is now recalculated if the size or filecount
+ end up negative.
+
+17. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
+ support for a long time. Removed HAVE_SYS_VFS_H.
+
+18. Updated exipick to current release from John Jetmore.
+
+19. Allow an empty sender to be matched against a lookup in an address list.
+ Previously the only cases considered were a regular expression, or an
+ empty pattern.
+
+20. Exim went into a mad DNS lookup loop when doing a callout where the
+ host was specified on the transport, if the DNS lookup yielded more than
+ one IP address.
+
+21. The RFC2047 encoding function was originally intended for short strings
+ such as real names; it was not keeping to the 75-character limit for