Adding upstream version 4.94.upstream/4.94upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

409 files changed, 255883 insertions, 0 deletions

diff --git a/.ctags b/.ctags
new file mode 100644
index 0000000..c764086
--- /dev/null
+++ b/.ctags
@@ -0,0 +1,2 @@
+--recurse
+--exclude=build-*
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..554385c
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+ACKNOWLEDGMENTS         encoding=utf-8
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..8965c11
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+Local
+build-*
+tags
+cscope.*
diff --git a/ABOUT b/ABOUT
new file mode 100644
index 0000000..8d204b5
--- /dev/null
+++ b/ABOUT
@@ -0,0 +1,9 @@
+Exim repository: src
+--------------------
+
+This directory contains everything that is included in an Exim distribution
+tarball, with the exception of the doc directory and an empty Local directory.
+You can build Exim from the contents of this directory by adding a Local
+directory that contains appropriate configuration files.
+
+End
diff --git a/ACKNOWLEDGMENTS b/ACKNOWLEDGMENTS
new file mode 100644
index 0000000..22e9909
--- /dev/null
+++ b/ACKNOWLEDGMENTS
@@ -0,0 +1,475 @@
+EXIM ACKNOWLEDGEMENTS
+
+This file is divided into two parts.  The first is the original list maintained
+by Exim's author, Philip Hazel, before he retired.  That has two sub-lists of
+contributors.  The second main part is an attempt to bring this up-to-date,
+using information from ChangeLog and git.
+
+Names may well occur more than once.
+
+There was a five year gap.  It is unlikely that this file is complete.
+If you contributed and are not listed, then *please* let us know.  Even if you
+don't much care, we want to acknowledge your help.  A contribution isn't just
+code, it includes reporting real bugs, helping with tracking problems down,
+documentation fixes and more.
+
+(Note that we have patches from folks in various countries and Latin1 is not
+ sufficient to handle all of their names acceptably.
+ This file should be in UTF-8).
+
+-Phil Pennock, pp The Exim Maintainers.
+
+============================8< cut here >8==============================
+
+I have not been very good at keeping a proper record of all the people who have
+sent in patches and other contributions to Exim. I am going to try to do better
+in the future by keeping a record in this file. First, I'll put a list of all
+those I can recover from the past; then I'll create a new list to which I'll
+add new contributors in future. Some regular contributors may appear in both.
+
+I'm going to record people who send in actual patches or who help in detailed
+ways. I'm not going to list people who just make a suggestion or report a
+bug. I hope that is a reasonable approach.
+
+If you should be on one of these lists and are not, please accept my apologies,
+and let me know! Any omissions are solely due to my incompetence. In
+particular, the "past" list has certainly lost the names of people who sent in
+relatively small patches.
+
+Philip Hazel
+
+Lists created: 20 November 2002
+Last updated (by PH):  22 August 2007
+
+THE OLD LIST
+
+Alan Barratt              First code for relay checking
+Malcolm Beattie           Interface to embedded Perl
+Philip Blundell           First support for IPv6
+Piete Brooks              Running the first live version
+                            Implementing multiple-system compilation
+Matthew Byng-Maddick      First code for dsearch lookup
+Steve Campbell            Extensions to eximstats
+                            Steve is now the maintainer of eximstats
+Brian Candler             LDAP support enhancement
+Petr Cech                 PostgreSQL interface
+Steve Clarke              Best way to find the load average in Linux
+Energis Ltd               Resources for the exim.org site
+Yann Golanski             Numerical hash function
+Jason Gunthorpe           IPv6 support (Linux)
+Michael Haardt            LDAP support enhancement
+Steve Haslam              First code for TLS
+Kjetil Torgrim Homme      Suggested patch for macro extensions
+John Horne                Proof-reading documentation (repeatedly)
+Pierre Humblet            Cygwin support
+Paul Kelly                MySQL interface
+                            First code for Oracle interface
+Ian Kirk                  Radius support
+Stuart Levy               Replacement for broken inet_ntoa() on IRIX
+Stuart Lynne              First code for LDAP
+Nigel Metheringham        Setting up the website and mailing list
+                            Managing the website and mailing list
+                            Interface to Berkeley DB
+                            Support for cdb
+                            Support for maildir
+Barry Pederson            LDAP support enhancement
+Marc Prud'hommeaux        SPA client authentication
+Alexander Sabourenkov     pwcheck daemon support
+Peter Savitch             LDAP support enhancement
+Robert Wal                whoson lookup
+Joachim Wieland           Researching strace and stolen subprocesses in Linux
+
+
+THE NEW LIST
+
+Alexander Alekseev        Use of function attribute checks in gcc
+Justo Alonso              Suggested patch for maildir++ maildirsize file support
+Anton Altaparmakov        Patches to get cyrus_sasl fully working
+Simon Arlott              Patch for $dnslist_matched.
+Claus Assmann             Example code for OpenSSL CRL support
+Warren Baker              Experimental Redis lookup.
+Robert Bannocks           Patch for LDAP reference problem on Solaris
+Ian Bell                  Analysis of a bug and an infelicity in clock tick code
+                          Patch for ${quote_local_part
+Peter Benie               A number mistakes found by analysing the code
+Johannes Berg             Suggested patch for authentication client $auth<n> support
+                          Suggested patch for acl_not_smtp_start
+Matt Bernstein            LMTP over socket
+                          Suggested patch for dnslists '&' feature
+Mike Bethune              Help with debugging an elusive ALRM signal bug
+Ard Biesheuvel            Lookup code for accessing an Interbase database
+Richard Birkett           Fix for empty -f address crash
+Dean Brooks               Fix for ratelimit per_rcpt in acl_not_smtp.
+Nick Burrett              Patch for CONFIGURE_FILE_USE_EUID in exicyclog
+Matthew Byng-Maddick      Patch for qualify_domain in redirect router
+                          Patch for ignore_target_hosts in ipliteral router
+                          The cyrus_sasl authenticator
+Steve Campbell            eximstats extensions and continued maintenance
+Brian Candler             Use h_errno for gethostbyname()
+                          Suggested patch for .ifdef etc
+                          Several minor fixes and suggestions
+Pete Carah                Patch for change to radiusclient API
+Oliver Cook               Suggested patch for exigrep & rejected messages
+                            Patch to add sender/host info to local_scan() rejects
+                            Suggested patch to add queue time to "Completed"
+Ted Cooper                Suggested patch for NOTQUIT ACL
+Jennifer Corley           Designing the new Exim logo
+John Dalbec               Patch for quota_warn_threshold bug
+Vivek Dasmohapatra        Suggested patch for CRL support
+Dennis Davis              Suggested server_condition for all authenticators
+Andrew Doran              Patch for NetBSD configuration files
+                          Patch for ifreq alignment and size problems
+Michael Deutschmann       Suggested patch for treating bind() failure like connect()
+                          Patch for $sender_data and $recipient_data
+                          Suggested patch for null address match lookup bug
+                          Suggested patch for verify = not_blind
+                          Patch for alternate TXT lookup in DNS lists
+Oliver Eikemeier          Patch to skip Received: if expansion is empty
+                          Patch for "eqi"
+Nico Erfurth              Fix for bug in ${readfile}
+                            Patch for router_home_directory
+                            Patch for ACL crash (try to test sender after ETRN)
+                            Suggested patch for lookup search bug
+                            Suggested patch for advertise_condition
+                            Patch for missing HELO in checkaccess
+                            Patch for raw headers
+                            Patch for lsearch lookups tidying
+                            Patch for .include_if_exists
+                            Patch for partial- not recognized in host list
+                            Lots more patches for bug fixes, enhancements, and
+                              code refactorings - too many to record details!
+Jochen Erwied             Fix for BDB 4.1 API
+Stefan Esser              Fix for DNS RR parsing bug
+Peter Evans               Suggested using modification time of "new" for time
+                            of "mailbox last read" for maildir
+Andrew Findlay            Patch to close writing end of ${readsocket
+Michael Fischer
+  v. Mollard              Suggested patch for exigrep -t option
+Kevin Fleming             Callout cache code
+                            Patch for authenticated_sender
+Tony Finch                Expansion extensions
+                            Timezone addition to log timestamps
+                            A number of useful code criticisms
+                            Timezone patch for exiwhat
+                            Patch for more daemon exiwhat information
+                            Patch for -dd
+                            Patch for mxh lookup type in dnsdb
+                            Patch for defer_foo in dndsb
+                            Patch for ${dlfunc
+                            Patch for $message_linecount
+                            ... and many more
+Graeme Fowler             Suggested patch for /noupdate with ratelimit
+Ian Freislich             Patch for spamd timeout problem
+Giuliano Gavazzi          Patches for OSX compilation
+Dominic Germain           Patch for exiqgrep MacOS X bug
+Oliver Gorwits            $load_average patch
+                          Patch for additional syslog facilities
+James Grinter             Suggested patches for header manipulation functions
+                            and recipient remove for local_scan() use
+Lukasz Grochal            Patch for saslauthd buglet
+Pavel Gulchouck           Diagnosis of return_path_on_delivery crash
+Michael Haardt            Tidies to make the code stricter
+                          Refactoring to allow for other filter types
+                          Suggested patch for appendfile "folder" extension
+                          Module to support Sieve (RFC 3028) filters and
+                            continued maintenance of same
+                          Patch for faster sort algorithm in queue.c
+                          Patch for LDAP timeout handling
+                            ... and several more
+Thomas Hager              Patch for saslauthd crash bug
+Richard Hall              Fix for file descriptor leak in redirection
+                          Fix for exiqsumm output corner case
+Jori Hamalainen           Patch to add features to exiqsumm
+                          Patch to speed up exigrep
+Steve Haslam              Lots of stuff, including
+                            HMAC computations
+                            Better error messages for BDB
+Sheldon Hearn             Suggested patch for smtp_accept_max_nonmail_hosts
+                          Fix for compile error with OpenSSL 0.9.8e
+Bryan Henderson           Patch to use RM_COMMAND everywhere during building
+Jakob Hirsch              Patch for % operator
+                          Patch for arbitrarily named ACL variables
+Magnus Holmgren           Patch for filter_prepend_home
+                          Patch for "h" flag in Domain Keys
+                          Patch for $sending_ip_address/$sending_port
+                          Patch for ${rfc2047d:
+                            ... and several more
+                          Lots of other maintenance support
+Kjetil Torgrim Homme      Patch for require_files problem on NFS file systems
+Tom Hughes                Suggested patch for $n bug in pipe command from filter
+Pierre Humblet            Continued Cygwin support
+Peter Ilieve              Suggested patch for lookup search bug
+John Jetmore              Writing and maintaining the 'exipick' utility
+                          Much helpful testing of the test suite & elsewhere
+                          Patch for -Mset
+                          Patch for TLS testing with -bh/-bhc/-bs
+                          Patch for exigrep -v functionality
+Bob Johannessen           Patch for Sieve envelope tests bug
+                          Patch for negative uid/gid bug
+Brad Jorsch               Patch for bitwise logical operators
+                          Patch for using "message" on acceptance
+                          Patch to add == and =& to dnslists
+Christian Kellner         Patch for LDAP dereferencing
+Alex Kiernan              Patches for libradius
+                          Diagnosis of milliwait clock-backwards bug
+                          Patch for BDB 4.3 API change
+Tom Kistner               SPA server code
+                          Writing and maintaining the content scanning
+                            extension (exiscan)
+Jürgen Kreileder          Fix for cyrus_sasl advertisement problem
+Friso Kuipers             Patch for GDBM problem
+Matthias Lederhofer       Diagnosing and patching obscure and subtle socket bug
+Chris Liddiard            Fix for bug in exiqsumm
+Chris Lightfoot           Patch for -restore-times in exim_lock
+Edgar Lovecraft           Patch for ${str2b64:
+Torsten Luettgert         Suggested patch for proper integer overflow detection
+Todd Lyons                Patch to add DMARC support using OpenDMARC libs/tools
+David Madole              Patch for SPA forced expansion failure bug
+Lars Mainka               Patch for OpenSSL crl collections
+Andrey Malyshev           Patch for $address_data after redirection bug
+Lionel Elie Mamane        Patch for IPv4/IPv6 listen() problem on USAGI Linux
+                          Patch for recognizing IPv6 "scoped addresses"
+                          Patch for callout caching bug
+Everton da Silva Marques  Suggested patch for SRV handling
+                          Suggested patch for SRV/MX lookup retry option
+Nikos Mavrogiannopoulos   GnuTLS proof of concept code
+                          Update to RSA and D-H parameter caching code
+Komar Maxim               Patch for check_rfc2047_length
+Andy Mell                 Fix for rejectlog regeneration bug
+Marc Merlin               Many suggestions and patches for callouts and
+                            SMTP error message features
+Andreas Metzler           Patch for message_id_header_domain
+                          Suggested patch for multi-config files in scripts bug
+                          GnuTLS non-existent parameter file bug fix
+Alex Miller               Suggested readline() patch
+                          Patch for LDAP_RES_SEARCH_REFERENCE handling
+                          Support for the DrWeb content scanner
+Arkadiusz Miskiewicz      Patch to add timeout to reads in malware.c
+Martin Mrazik             Patches for problems in the test suite
+Andreas Mueller           Patch for logging uncompleted SMTP transactions
+Pete Naylor               Patch for LDAP TCP connect timeout setting
+Alexander Newmann         Diagnosing and patching obscure and subtle socket bug
+Matthew Newton            Patch for exicyclog log location problem
+Marcin Owsiany            Diagnosis of a tricky timeout failure bug
+Andrey Panin              Dovecot authenticator
+Eric Parusel              Patch for tls_remember_esmtp
+Gaige Paulsen             Amended Darwin config files
+Richard Premdas           Patch for PAM buglet
+Jason Pyeron              Suggested patch for ignoring Sendmail's -O option
+Axel Rau                  Patch for Transport Post Delivery sql logging
+Mark Rigby-Jones          Patch for race condition during MBX locking
+Robert Roselius           Patch for OpenSSL workaround for bad clients
+Larry Rosenman            OpenUNIX config files
+Alexander Sabourenkov     Patch to add saslauthd daemon support
+                          Patch for MySQL non-data queries
+David Saez                Suggested patch for $sender_hostname lookup if needed
+                          Support for the clamd virus scanner
+                          Suggested patch for increased number of ACL variables
+Jonathan Sambrook         Suggested patch for expanding uid and gid lists
+Peter Savitch             Diagnosis of FPE bug when statvfs() fails on spool
+Harald Schueler           Patch for dn_expand() failure on truncated data
+Heiko Schlichting         Diagnosis of intermittent daemon crash bug
+Heiko Schlitterman        Proposed patch for +pid
+Stephan Schulz            Patch for $host_data caching error
+Lai Zit Seng              Patch for radiusclient 0.4.9 interface bugs
+Tony Sheen                Log files with datestamped names and auto rollover
+Martin Sluka              Patch for exigrep to include non-message lines
+Adam Stephens             Suggested patch for IGNOREQUOTA in LMTP
+Russell Stuart            Diagnosis of obscure batch multiple delivery bug
+Tamas Tevesz              Patch for crypt16() support
+Johan Thelmen             Support for the F-Secure virus scanner
+William Thompson          Suggested patch for acl_smtp_helo
+                          Suggested patch for nested ACL "drop" bug
+                          Suggested patch for continuation lines in file ACLs
+                          Patch for != support in DNS lists
+Adam Thornton             Patch for SMTP port expansion
+Daniel Tiefnig            Much helpful testing of the test suite
+Rein Tollevik             Patch to fix search cache missing tidyup
+Stefan Traby              Threaded Perl support
+Samuli Tuomola            OS files for QNX 6.2.0
+Dave Turner               Suggested patch for sender rewriting brokenness
+Steve Usher               Unbuffered I/O patch for Dovecot authentication
+Carlos Villegas           Suggested patch for "headers" in filter files
+Matthias Waffenschmidt    Patch for build-time Perl bug in configure script
+                          Queue run abandon log message tidy up
+Norihisa Washitake        Suggested patch for RFC 2047 header decoding
+Chris Webb                Patch for support of an SPF lookup method.
+Florian Weimer            Patch for minor format string issue
+                          Noticing the unwanted (and time-wasting) GnuTLS
+                            RSA_EXPORT code, and supplying a patch to remove it
+Joachim Wieland           Patches for PostgreSQL socket support and other
+                            PostgreSQL functionality
+                          Patch for hosts_avoid_esmtp
+Stephen Wilcox            Patch for ignore_enotdir problem
+Alain Williams            Suggested patch for exicyclog options
+                          PATCH for LDAP referrals option
+David Woodhouse           SQLite support proof of concept code
+                          control=freeze/no_tell basic code
+Erik ?                    patch to use select() instead of poll() on OS X
+****
+
+============================8< cut here >8==============================
+
+The Exim Maintainers Lists
+==========================
+
+We'll start with the Exim Maintainers, who are the people with commit
+access to the master git repository and a couple more folk; then we'll list
+known contributors since the lists above.  Then we list the folks who work
+to make Exim available on various operating systems as porters/packagers.
+
+For the Maintainers, we may list primary focus area.  All maintainers
+will have contributed to work outside those areas.  The maintainers'
+contributions are initialled in ChangeLog.  Changes from before maintainership
+should be listed as a contributor.
+
+For other contributors, we will attempt to track all contributions.  Note that
+the entries per-person were added initially by scanning back through the
+ChangeLog and git, so are not in chronological order.
+
+[ With names from all over the world, we need one sort order.  I've arbitrarily
+  decreed it to be "normal British address-book sort order, but based on family
+  name rather than whichever comes last and using whatever seems sanest for
+  sort order of characters which do not collate onto an English character",
+  which should handle the majority of cases.  If it is not adequate for some
+  situation, we'll resolve it then.
+  We leave out titles and honourifics, just names and handles. ]
+
+
+Maintainers
+-----------
+Steve Campbell            eximstats maintainer.
+Mike Cardwell             Exim webmaster.
+Tony Finch                Unbreaks lots of things. Ratelimit code.
+Graeme Fowler
+Michael Haardt            Maintains Sieve support, works on DKIM.
+Jeremy Harris
+Philip Hazel              Retired.
+                          Originating architect and author of the Exim project.
+John Jetmore
+Tom Kistner               DKIM. Content scanning. SPA.
+Todd Lyons
+Nigel Metheringham        Transitioning out of Default Victim status.
+Phil Pennock              Mostly idle; some security bits still.
+David Woodhouse           Dynamic modules. Security.
+
+
+Contributors
+------------
+Andrew Aitchison          Spotted cmdline AV scanner regression with -bmalware
+Simon Arlott              Code for outbound SSL-on-connect
+                          Patch implementing %M datestamping in log filenames
+                          Patch restoring SIGPIPE handler for child_open_uid
+                          Patch fixing NUL term/init of DKIM strings
+                          Patch fixing dnsdb TXT record handling for DKIM
+                          Patch speeding up DomainKeys signing
+Warren Baker              Found crash with MIME ACLs in non-SMTP local injection
+Dmitry Banschikov         Path to check for LDAP TLS initialisation errors
+René Berber               Pointed out mistake in build instructions for QNX
+Johannes Berg             Maintained dynamically loadable module code out-of-tree
+                          Patch expanding spamd_address if contains $
+Jasen Betts               Spotted lack of docs re bool{} on empty string 
+                            and typo fixes
+Wolfgang Breyha           DCC integration; expandable spamd_address
+                          Patch handling IPv6 addresses for SPF
+                          Patch fixing DKIM verification when signature header
+                            not prepended
+                          Unbroke Cyrus SASL auth after incorrect SSF addition
+                          Logging of 8bitmime reception
+David Brownlee            Patch improving local interface IP address detection
+Eugene Bujak              Security patch fixing buffer overflow in string_format
+Adam Ciarcinski           Patch for TLS-enabled LDAP (alternative to ldaps)
+Dennis Davis              Patches fixing compilation in older compilers
+                          Reported dynlookup framework build issues on Solaris
+Serge Demonchaux          Maintained dynamically loadable module code out-of-tree
+                          Patch fixing sign/unsigned and UTF mismatches
+Uwe Doering               Patch fixing DKIM multiple signature generation
+Maxim Dounin              Patch portability of accept() len
+Frank Elsner              Fixed build reliability by exporting LC_ALL=C
+Paul Fisher               Diagnosed smtp_cmd_buffer_size affecting GSSAPI SASL
+                            initial response, raised buffer size
+                          Patch adjusting connection_max_messages wait-DB usage
+Oliver Fleischmann        Patches fixing compilation in older compilers
+Julian Gilbey             Helped improve userforward local_part_suffix docs
+Richard Godbee            Patch fixing usage fprintf
+Steve Haslam              Maintained dynamically loadable module code out-of-tree
+Oliver Heesakkers         Debugged dynamic lookup build issues for LOOKUP_foo.
+Dmitry Isaikin            Spotted short writes to local files
+                          Patch for format string regression
+Alun Jones                Patch for NULL dereference in localhost_number
+Brad Jorsch               Patches fixing Resent-*: header handling
+John Hall                 Updated PCRE to 7.4 (when in-tree)
+Jeremy Harris             Patch to log authentication information in reject log
+                          Reported a ${extract error message typo
+Jakob Hirsch              Patch implementing freeze_signal on pipe transports
+                          Suggested X-Envelope-Sender: for content-scanning
+                          Patch fixing Base64 decode bugs
+John Horne                Patch adding $av_failed
+                          Patch escaping log text after lookup expansion defer
+                          Documentation fixes
+                          Pointed out ClamAV ExtendedDetectionInfo compat issue
+Regid Ichira              Documentation fixes
+Andreas M. Kirchwitz      Let /dev/null have normal permissions (4.73 fallout)
+J. Nick Koston            Patch adding force_command pipe transport option
+Roberto Lima              Patch letting exicyclog rotate paniclog
+Todd Lyons                Patch handling TAB in MAIL arguments
+Christof Meerwald         Provided insight & suggested patch for GnuTLS update
+Andreas Metzler           Patch upgrading PolarSSL (DKIM)
+                          Reported delivery logging problems (4.73 fallout)
+                          Patch to build without WITH_CONTENT_SCAN
+                          Patches fixing docs for max_rcpts, relay hosts/domains
+                          Documentation fixes
+Kirill Miazine            Multiple patches improving Dovecot authenticator
+Robert Millan             Wrote SPF Best Guess support
+Marcin Mirosław           Running static analysis tools for us, catching issues
+Dirk Mueller              Patch extending use of our printf() compiler checking
+Andrey Oktyabrski         Patch fixing wide character breakage in rfc2047 coding
+                          Patch keeping SQL errors from being returned over SMTP
+Phil Pennock              Patch adding gnutls_compat_mode
+                          Patches adding bool{} and later bool_lax{}
+                          Patch for TLS library version reporting build/runtime
+                          Patch letting EXPN work under TLS
+                          More patches built up & applied when became maintainer
+Mark Daniel Reidel        Patch adding f-protd malware scanner support
+Steven A Reisman          Pointed out ${eval:x % 0} SIGFPE
+Todd Rinaldo              Patch fixing transport filter timeout
+Dan Rosenberg             Security notification & patch for hardlink attack on
+                            sticky mail directory
+                          Security notification of race condition in MBX locking
+Jay Rouman                Kept our copyright claim in the 21st century, not 11th
+                          Drew attention to SSL docs and epoch issue on 32bit
+Heiko Schlittermann       Patch making maildir_use_size_file expand
+                          Patch fixing maildir quota file races
+                          Patch fixing make parallelisation
+                          Updates to eximstats, exiwhat
+Janne Snabb               TLS extensive debugging & failure root cause analysis
+                          Added SPF record type support to dnsdb lookup
+Jan Srzednicki            Patch improving Dovecot authenticator
+                          Reported crash in Dovecot authenticator
+Samuel Thibault           Patch fixing IPv6 interface address detection on Hurd
+Martin Tscholak           Reported issue with TLS anonymous ciphersuites
+Stephen Usher             Patch fixing use of Oracle's LDAP libraries on Solaris
+Jasper Wallace            Patch for LibreSSL compatibility
+Holger Weiß               Patch leting ${run} return more data than OS pipe
+                            buffer size
+Moritz Wilhelmy           Pointed out PCRE_PRERELEASE glitch
+Alain Williams            Patch supporting MySQL stored procedures
+Mark Zealey               Patch updating $message_linecount for maildir_tag
+                          Patch improving spamd server selection
+                          Patch to allow multiple TCP clamd servers
+
+
+Packagers
+---------
+Mark Baker                Debian, through Exim 3
+Hilko Bengen              Debian, Exim 4, current(*) maintenance
+Tim Cutts                 Debian, initial packaging
+Marc Haber                Debian, Exim 4, current(*) maintenance
+Steve Haslam              Debian, Exim 4
+Andreas Metzler           Debian, current(*) maintenance
+Christian Perrier         Debian, current(*) maintenance
+
+(*) Current as of our last information as of release: Exim 4.82
+
+
+# vim: set fileencoding=utf-8 expandtab :
diff --git a/CHANGES b/CHANGES
new file mode 100644
index 0000000..6f8fd3b
--- /dev/null
+++ b/CHANGES
@@ -0,0 +1,10 @@
+Change Information for Exim
+---------------------------
+
+Complete lists of all changes to the code, including bug fixes, are listed in
+doc/ChangeLog, and documentation for changes that have not yet made it
+into the manual is available in doc/NewStuff. The ftp site has a directory
+called ChangeLogs which contains individual ChangeLog and NewStuff files for
+each separate release.
+
+****
diff --git a/CONTRIBUTING b/CONTRIBUTING
new file mode 100644
index 0000000..a5f7809
--- /dev/null
+++ b/CONTRIBUTING
@@ -0,0 +1,56 @@
+CONTRIBUTING TO EXIM
+====================
+
+Exim is an open-source project licensed under the GNU General Public License.
+At time of writing, all the developers work on Exim on a volunteer basis.
+We welcome patches and contributions.  There is no copyright assignment
+policy; if you offer a patch, it is assumed to be under the GPL, of whichever
+version the main developers see fit to use.
+
+Mistakes or inadequacies in the documentation are treated as bugs.  The main
+documentation is called "The Exim Specification" for a reason.  So if you
+can't code there are still places where your help will be very appreciated.
+
+General discussion, requests for help, and initial "is this a bug?" questions
+go to <exim-users@exim.org>.  Many suspected bugs turn out to not be bugs, so
+asking first is appreciated.
+
+Our main website is at http://www.exim.org/ and contains links to our wiki,
+where many frequent setups are walked through.  You will also find our
+bug-tracking system linked there.
+
+Development takes place in part on exim-users, when bugs or missing features
+are spotted based on feedback from people actually using the product.  In
+large part, discussion takes place on <exim-dev@exim.org>.  While you can use
+the bug-tracking system, everyone working on Exim, a mail transfer agent, is
+comfortable dealing with just email too, so you can use whichever you're most
+comfortable with.
+
+If you have an idea for a new feature, please do raise it on exim-users first.
+
+Our code is maintained in a Git repository.  The master repository, together
+with some others, can be found on http://git.exim.org/ and we welcome patches,
+whether of documentation or of code.  If you have a request for a new feature
+and can accompany it with working code, then it stands a much greater chance
+of being incorporated in a timely manner.
+
+If you're planning on working on a major new feature or redesign, please do
+talk to us first.
+
+We do not have a formal code-review process, but posted patches are subject to
+being reworked before being pulled in, or requests for modification made;
+we're a small enough pool of developers that we rely on the good judgement and
+discretion of the committer rather than formal process.
+
+We prefer new features to be accompanied by documentation patches, but if no
+new documentation is provided, we can write it and, in the process, perhaps
+uncover issues to work over with you.  Note that the PDF form of the
+documentation is faster to build than the TXT form.
+
+We do have a test harness and appreciate it if new features can be accompanied
+by new tests; if this is awkward for you, please do include sufficient
+description to allow someone else to write the test.
+
+
+-The Exim Maintainers
+ July 7th, 2010
diff --git a/LICENCE b/LICENCE
new file mode 100644
index 0000000..31d076d
--- /dev/null
+++ b/LICENCE
@@ -0,0 +1,340 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+               51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/LICENSE.opendmarc b/LICENSE.opendmarc
new file mode 100644
index 0000000..e2ba06b
--- /dev/null
+++ b/LICENSE.opendmarc
@@ -0,0 +1,29 @@
+Copyright (c) 2009, 2010, 2012, The Trusted Domain Project.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of The Trusted Domain Project nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+Portions of this project are also covered by the Sendmail Open Source
+License, available in this distribution in the file "LICENSE.Sendmail".
+See the copyright notice(s) in each file to determine whether or not it is
+covered by both licenses.
+
+THIS SOFTWARE IS PROVIDED BY THE OPENDKIM PROJECT ''AS IS'' AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE OPENDKIM PROJECT BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..3aa3cc3
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,113 @@
+# Top-level makefile for Exim; handles creating a build directory with
+# appropriate links, and then creating and running the main makefile in that
+# directory.
+
+# Copyright (c) University of Cambridge, 1995 - 2018
+# See the file NOTICE for conditions of use and distribution.
+
+# IRIX make uses the shell that is in the SHELL variable, which often defaults
+# to csh, so put this in to make it use the Bourne shell. In systems where
+# /bin/sh is not a Bourne-compatible shell, this line will have to be edited,
+# or "make" must be called with a different SHELL= setting.
+
+SHELL=/bin/sh
+RM_COMMAND=/bin/rm
+
+# The buildname defaults to "<os-type>-<arch-type>". It can be
+# overridden by the "build" parameter when invoking make (e.g. make
+# build=xxx) This does not provide an override for the OS type and
+# architecture type used during the build process; they still have to be
+# used for the OS-specific files. To override them, you can set the
+# shell variables OSTYPE and ARCHTYPE when running make.
+#
+# EXIM_BUILD_SUFFIX gets appended to the buildname.  (This enables
+# parallel builds on a file system shared among different Linux distros
+# (same os-type, same arch-type). The ../test/runtest script honours the
+# EXIM_BUILD_SUFFIX when searching the Exim binary.)
+
+buildname=$${build:-`$(SHELL) scripts/os-type`-`$(SHELL) scripts/arch-type`}$${EXIM_BUILD_SUFFIX:+.$$EXIM_BUILD_SUFFIX}
+
+# The default target checks for the existence of Local/Makefile, that the main
+# makefile is built and up-to-date, and then it runs it.
+# If Local/Makefile-<buildname> exists, it is read too.
+
+all: Local/Makefile configure
+	@cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS)
+
+# This pair for the convenience of of the Debian maintainers
+exim: Local/Makefile configure
+	@cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS) exim
+utils: Local/Makefile configure
+	@cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS) utils
+
+Local/Makefile:
+	@echo ""
+	@echo "*** Please create Local/Makefile by copying src/EDITME and making"
+	@echo "*** appropriate changes for your site."
+	@echo ""
+	@test ! -d Local && mkdir Local
+	@false
+
+# This is separated off so that "make build-directory" can be obeyed on
+# its own if necessary.
+
+build-directory:
+	@builddir=build-$(buildname); \
+	case "$$builddir" in *UnKnown*) exit 1;; esac; \
+	$(SHELL) -c "test -d $$builddir -a -r $$builddir/version.c || \
+	  (mkdir $$builddir; cd $$builddir; $(SHELL) ../scripts/MakeLinks)";
+
+checks:
+	$(SHELL) scripts/source_checks
+
+# The "configure" target ensures that the build directory exists, then arranges
+# to build the main makefile from inside the build directory, by calling the
+# Configure-Makefile script. This does its own dependency checking because of
+# the optional files.
+
+configure: checks build-directory
+	@cd build-$(buildname); \
+	  build=$(build) $(SHELL) ../scripts/Configure-Makefile
+
+# The "makefile" target forces a rebuild of the makefile (as opposed to
+# "configure", which doesn't force it).
+
+makefile: build-directory
+	@cd build-$(buildname); $(RM_COMMAND) -f Makefile; \
+	  build=$(build) $(SHELL) ../scripts/Configure-Makefile
+
+# The installation commands are kept in a separate script, which expects
+# to be run from inside the build directory.
+
+install:        all
+		@cd build-$(buildname); \
+		build=$(build) $(SHELL) ../scripts/exim_install $(INSTALL_ARG)
+
+# Tidy-up targets
+
+clean:; @echo ""; echo '*** "make clean" just removes all .o and .a files'
+	@echo '*** Use "make makefile" to force a rebuild of the makefile'
+	@echo ""
+	cd build-$(buildname); \
+	$(RM_COMMAND) -f *.o lookups/*.o lookups/*.a auths/*.o auths/*.a \
+	routers/*.o routers/*.a transports/*.o transports/*.a \
+	pdkim/*.o pdkim/*.a
+
+clean_exim:; cd build-$(buildname); \
+	 $(RM_COMMAND) -f *.o lookups/*.o lookups/*.a auths/*.o auths/*.a \
+	routers/*.o routers/*.a transports/*.o transports/*.a lookups/*.so
+
+distclean:; $(RM_COMMAND) -rf build-* cscope*
+
+cscope.files: FRC
+	echo "-q" > $@
+	echo "-p3" >> $@
+	find src Local OS exim_monitor -name "*.[cshyl]" -print \
+		    -o -name "os.[ch]*" -print \
+		    -o -name "*akefile*" -print \
+		    -o -name config.h.defaults -print \
+		    -o -name EDITME -print >> $@
+
+FRC:
+
+# End of top-level makefile
diff --git a/NOTICE b/NOTICE
new file mode 100644
index 0000000..b4a5c40
--- /dev/null
+++ b/NOTICE
@@ -0,0 +1,152 @@
+THE EXIM MAIL TRANSFER AGENT
+----------------------------
+
+Copyright (c) 2004 University of Cambridge
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+In addition, for the avoidance of any doubt, permission is granted to
+link this program with OpenSSL or any other library package and to
+(re)distribute the binaries produced as the result of such linking.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+UNSOLICITED EMAIL
+-----------------
+
+The use, supply or promotion of Exim for the purpose of sending bulk,
+unsolicited electronic mail is incompatible with the basic aims of the program,
+which revolve around the free provision of a service that enhances the quality
+of personal communications. The author of Exim regards indiscriminate
+mass-mailing as an antisocial, irresponsible abuse of the Internet.
+
+
+INCORPORATED CODE
+-----------------
+
+A number of pieces of external code are included in the Exim distribution.
+
+ .   Support for the cdb (Constant DataBase) lookup method is provided by code
+     contributed by Nigel Metheringham of Planet Online Ltd. which contains
+     the following statements:
+     _________________________________________________________________________
+
+     Copyright (c) 1998 Nigel Metheringham, Planet Online Ltd
+
+     This program is free software; you can redistribute it and/or modify it
+     under the terms of the GNU General Public License as published by the
+     Free Software Foundation; either version 2 of the License, or (at your
+     option) any later version.
+
+     This code implements Dan Bernstein's Constant DataBase (cdb) spec.
+     Information, the spec and sample code for cdb can be obtained from
+     http://www.pobox.com/~djb/cdb.html. This implementation borrows some code
+     from Dan Bernstein's implementation (which has no license restrictions
+     applied to it).
+     _________________________________________________________________________
+
+     The implementation is completely contained within the code of Exim. It
+     does not link against an external cdb library.
+
+ .   Client support for Microsoft's "Secure Password Authentication" is pro-
+     vided by code contributed by Marc Prud'hommeaux. Server support was
+     contributed by Tom Kistner. This includes code taken from the Samba
+     project, which is released under the Gnu GPL.
+
+
+ .   Support for calling the Cyrus "pwcheck" and "saslauthd" daemons is
+     provided by code taken from the Cyrus-SASL library and adapted by
+     Alexander S. Sabourenkov. The permission notice appears below, in
+     accordance with the conditions expressed therein.
+
+     _________________________________________________________________________
+
+     Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
+
+     Redistribution and use in source and binary forms, with or without
+     modification, are permitted provided that the following conditions are
+     met:
+
+     1.   Redistributions of source code must retain the above copyright
+          notice, this list of conditions and the following disclaimer.
+
+     2.   Redistributions in binary form must reproduce the above copyright
+          notice, this list of conditions and the following disclaimer in the
+          documentation and/or other materials provided with the distribution.
+
+     3.   The name 'Carnegie Mellon University' must not be used to endorse or
+          promote products derived from this software without prior written
+          permission. For permission or any other legal details, please
+          contact
+
+            Office of Technology Transfer
+            Carnegie Mellon University
+            5000 Forbes Avenue
+            Pittsburgh, PA  15213-3890
+            (412) 268-4387, fax: (412) 268-7395
+            tech-transfer@andrew.cmu.edu
+
+     4.   Redistributions of any form whatsoever must retain the following
+          acknowledgment:
+             This product includes software developed by Computing Services at
+             Carnegie Mellon University (http://www.cmu.edu/computing/).
+
+     CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
+     SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+     FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY
+     SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
+     RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
+     CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+     CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+     _________________________________________________________________________
+
+
+ .   The Exim Monitor program, which is an X-Window application, includes
+     modified versions of the Athena StripChart and TextPop widgets. This code
+     is copyright by DEC and MIT, and their permission notice appears below,
+     in accordance with the conditions expressed therein.
+
+     _________________________________________________________________________
+
+     Copyright 1987, 1988 by Digital Equipment Corporation, Maynard,
+     Massachusetts, and the Massachusetts Institute of Technology, Cambridge,
+     Massachusetts.
+
+                                All Rights Reserved
+
+     Permission to use, copy, modify, and distribute this software and its
+     documentation for any purpose and without fee is hereby granted, provided
+     that the above copyright notice appear in all copies and that both that
+     copyright notice and this permission notice appear in supporting documen-
+     tation, and that the names of Digital or MIT not be used in advertising
+     or publicity pertaining to distribution of the software without specific,
+     written prior permission.
+
+     DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
+     ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
+     DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
+     ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+     WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+     ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+     SOFTWARE.
+     _________________________________________________________________________
+
+
+ .   Some of the code to support the use of maildirsize files for maildir
+     deliveries is taken from the Courier Imapd source code. This code is
+     released under the GPL.
+     _________________________________________________________________________
+
+--
+Philip Hazel            University of Cambridge Computing Service,
diff --git a/OS/Makefile-Base b/OS/Makefile-Base
new file mode 100644
index 0000000..9eed7b0
--- /dev/null
+++ b/OS/Makefile-Base
@@ -0,0 +1,992 @@
+# This file is the basis of the main makefile for Exim and friends. The
+# makefile at the top level arranges to build the main makefile by calling
+# scripts/Configure-Makefile from within the build directory. This
+# concatenates the configuration settings from Local/Makefile and other,
+# optional, Local/* files at the front of this file, to create Makefile in the
+# build directory.
+#
+# Copyright (c) The Exim Maintainers 1995 - 2018
+# Copyright (c) The Exim Maintainers 2020
+
+SHELL      = $(MAKE_SHELL)
+SCRIPTS    = ../scripts
+O          = ../OS
+EDITME     = ../Local/Makefile
+EXIMON_EDITME = ../Local/eximon.conf
+
+# The compiler used for linking is normally the same as the compiler used for
+# compiling. However, by giving it a different name, we can override it from
+# the command line, and this is helpful for certain types of testing.
+
+LNCC = $(CC)
+
+# The compile commands can be very long. To make the output look better,
+# they are not normally echoed in full. To get full echoing, the caller
+# must set FULLECHO='' on the command line and call make with -e. We default
+# FULLECHO to '@' to suppress the full echo. Then define an abbreviation.
+
+FULLECHO = @
+FE       = $(FULLECHO)
+
+# The default target double-checks the existence of $(EDITME) and then arranges
+# to touch it if it exists and any of the optional configuration files, which
+# depend on the os or the architecture, have been altered. The same sub-target
+# does the same thing for the eximon configuration file if it exists. Then
+# there is a check that the Makefile (the one built from this file) is
+# up-to-date. Then the os-specific source files and the C configuration file
+# are set up, and finally it goes to the main Exim target.
+
+all:       utils exim
+config:    $(EDITME) checklocalmake Makefile os.c config.h version.h version.sh macro.c
+
+checklocalmake:
+	@if $(SHELL) $(SCRIPTS)/newer $(EDITME)-$(OSTYPE) $(EDITME) || \
+	  $(SHELL) $(SCRIPTS)/newer $(EDITME)-$(ARCHTYPE) $(EDITME) || \
+	  $(SHELL) $(SCRIPTS)/newer $(EDITME)-$(OSTYPE)-$(ARCHTYPE) $(EDITME); \
+	then \
+	  touch $(EDITME); \
+	fi
+	@if $(SHELL) $(SCRIPTS)/newer $(EXIMON_EDITME)-$(OSTYPE) $(EXIMON_EDITME) || \
+	  $(SHELL) $(SCRIPTS)/newer $(EXIMON_EDITME)-$(ARCHTYPE) $(EXIMON_EDITME) || \
+	  $(SHELL) $(SCRIPTS)/newer $(EXIMON_EDITME)-$(OSTYPE)-$(ARCHTYPE) $(EXIMON_EDITME); \
+	then \
+	  if [ -f $(EXIMON_EDITME) ]; then touch $(EXIMON_EDITME); fi \
+	fi
+
+$(EDITME):
+	@echo " "
+	@echo "*** Please create Local/Makefile by copying src/EDITME and making"
+	@echo "*** appropriate changes for your site."
+	@echo " "
+	@false
+
+$(EXIMON_EDITME):
+	@echo " "
+	@echo "*** Please create Local/eximon.conf by copying exim_monitor/EDITME and making"
+	@echo "*** appropriate changes for your site."
+	@echo " "
+	@test ! -d ../Local && mkdir ../Local
+	@false
+
+# Check that the local Makefile is up-to-date
+
+Makefile: ../OS/Makefile-Base ../OS/Makefile-Default \
+          $(SCRIPTS)/Configure $(SCRIPTS)/Configure-Makefile $(EDITME)
+	@echo " "
+	@echo "*** Makefile needs rebuilding"
+	@echo "*** Please run \"make makefile\" at top level"
+	@echo " "
+	@false
+
+# Build (link) the os.h file
+
+os.h:	$(SCRIPTS)/Configure-os.h \
+	$(O)/os.h-Darwin	\
+	$(O)/os.h-FreeBSD	\
+	$(O)/os.h-GNU		\
+	$(O)/os.h-Linux		\
+	$(O)/os.h-OpenBSD	\
+	$(O)/os.h-SunOS5
+	$(SHELL) $(SCRIPTS)/Configure-os.h
+
+# Build the os.c file
+
+os.c:   ../src/os.c \
+	$(SCRIPTS)/Configure-os.c \
+	$(O)/os.c-FreeBSD	\
+	$(O)/os.c-GNU		\
+	$(O)/os.c-Linux		\
+	$(O)/os.c-SunOS5
+	$(SHELL) $(SCRIPTS)/Configure-os.c
+
+# Build the config.h file.
+
+config.h: Makefile buildconfig ../src/config.h.defaults $(EDITME)
+	$(SHELL) $(SCRIPTS)/Configure-config.h "$(MAKE)"
+
+# Build the builtin-macros data struct
+
+MACRO_HSRC = macro_predef.h os.h globals.h config.h macros.h \
+	routers/accept.h routers/dnslookup.h routers/ipliteral.h \
+	routers/iplookup.h routers/manualroute.h routers/queryprogram.h \
+	routers/redirect.h
+
+OBJ_MACRO = macro_predef.o \
+	macro-globals.o macro-readconf.o macro-route.o macro-transport.o macro-drtables.o \
+	macro-tls.o \
+	macro-appendfile.o macro-autoreply.o macro-lmtp.o macro-pipe.o macro-queuefile.o \
+	macro-smtp.o macro-accept.o macro-dnslookup.o macro-ipliteral.o macro-iplookup.o \
+	macro-manualroute.o macro-queryprogram.o macro-redirect.o \
+	macro-auth-spa.o macro-cram_md5.o macro-cyrus_sasl.o macro-dovecot.o macro-gsasl_exim.o \
+	macro-heimdal_gssapi.o macro-plaintext.o macro-spa.o macro-authtls.o macro-external.o \
+	macro-dkim.o macro-malware.o macro-signing.o
+
+$(OBJ_MACRO):	$(MACRO_HSRC)
+
+macro_predef.o :	macro_predef.c
+	@echo "$(CC) -DMACRO_PREDEF macro_predef.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ macro_predef.c
+macro-globals.o :	globals.c
+	@echo "$(CC) -DMACRO_PREDEF globals.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ globals.c
+macro-readconf.o :	readconf.c
+	@echo "$(CC) -DMACRO_PREDEF readconf.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ readconf.c
+macro-route.o :		route.c
+	@echo "$(CC) -DMACRO_PREDEF route.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ route.c
+macro-transport.o:	transport.c
+	@echo "$(CC) -DMACRO_PREDEF transport.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transport.c
+macro-drtables.o :	drtables.c
+	@echo "$(CC) -DMACRO_PREDEF drtables.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ drtables.c
+macro-tls.o:	tls.c tls-gnu.c tls-openssl.c
+	@echo "$(CC) -DMACRO_PREDEF tls.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ tls.c
+macro-appendfile.o :	transports/appendfile.c
+	@echo "$(CC) -DMACRO_PREDEF transports/appendfile.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/appendfile.c
+macro-autoreply.o :	transports/autoreply.c
+	@echo "$(CC) -DMACRO_PREDEF transports/autoreply.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/autoreply.c
+macro-lmtp.o:		transports/lmtp.c
+	@echo "$(CC) -DMACRO_PREDEF transports/lmtp.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/lmtp.c
+macro-pipe.o :		transports/pipe.c
+	@echo "$(CC) -DMACRO_PREDEF transports/pipe.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/pipe.c
+macro-queuefile.o :	transports/queuefile.c
+	@echo "$(CC) -DMACRO_PREDEF transports/queuefile.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/queuefile.c
+macro-smtp.o :		transports/smtp.c
+	@echo "$(CC) -DMACRO_PREDEF transports/smtp.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ transports/smtp.c
+macro-accept.o :	routers/accept.c
+	@echo "$(CC) -DMACRO_PREDEF routers/accept.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/accept.c
+macro-dnslookup.o :	routers/dnslookup.c
+	@echo "$(CC) -DMACRO_PREDEF routers/dnslookup.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/dnslookup.c
+macro-ipliteral.o :	routers/ipliteral.c
+	@echo "$(CC) -DMACRO_PREDEF routers/ipliteral.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/ipliteral.c
+macro-iplookup.o :	routers/iplookup.c
+	@echo "$(CC) -DMACRO_PREDEF routers/iplookup.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/iplookup.c
+macro-manualroute.o :	routers/manualroute.c
+	@echo "$(CC) -DMACRO_PREDEF routers/manualroute.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/manualroute.c
+macro-queryprogram.o :	routers/queryprogram.c
+	@echo "$(CC) -DMACRO_PREDEF routers/queryprogram.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/queryprogram.c
+macro-redirect.o :	routers/redirect.c
+	@echo "$(CC) -DMACRO_PREDEF routers/redirect.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ routers/redirect.c
+macro-auth-spa.o :	auths/auth-spa.c
+	@echo "$(CC) -DMACRO_PREDEF auths/auth-spa.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/auth-spa.c
+macro-cram_md5.o :	auths/cram_md5.c
+	@echo "$(CC) -DMACRO_PREDEF auths/cram_md5.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/cram_md5.c
+macro-cyrus_sasl.o :	auths/cyrus_sasl.c
+	@echo "$(CC) -DMACRO_PREDEF auths/cyrus_sasl.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/cyrus_sasl.c
+macro-dovecot.o:	auths/dovecot.c
+	@echo "$(CC) -DMACRO_PREDEF auths/dovecot.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/dovecot.c
+macro-external.o:	auths/external.c
+	@echo "$(CC) -DMACRO_PREDEF auths/external.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/external.c
+macro-gsasl_exim.o :	auths/gsasl_exim.c
+	@echo "$(CC) -DMACRO_PREDEF auths/gsasl_exim.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/gsasl_exim.c
+macro-heimdal_gssapi.o:	auths/heimdal_gssapi.c
+	@echo "$(CC) -DMACRO_PREDEF auths/heimdal_gssapi.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/heimdal_gssapi.c
+macro-plaintext.o :	auths/plaintext.c
+	@echo "$(CC) -DMACRO_PREDEF auths/plaintext.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/plaintext.c
+macro-spa.o :		auths/spa.c
+	@echo "$(CC) -DMACRO_PREDEF auths/spa.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/spa.c
+macro-authtls.o:	auths/tls.c
+	@echo "$(CC) -DMACRO_PREDEF auths/tls.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ auths/tls.c
+macro-dkim.o:		dkim.c
+	@echo "$(CC) -DMACRO_PREDEF dkim.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ dkim.c
+macro-malware.o:	malware.c
+	@echo "$(CC) -DMACRO_PREDEF malware.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ malware.c
+macro-signing.o:	pdkim/signing.c
+	@echo "$(CC) -DMACRO_PREDEF pdkim/signing.c"
+	$(FE)$(CC) -c $(CFLAGS) -DMACRO_PREDEF $(INCLUDE) -o $@ pdkim/signing.c
+
+macro_predef: $(OBJ_MACRO)
+	@echo "$(LNCC) -o $@"
+	$(FE)$(LNCC) -o $@ $(LFLAGS) $(OBJ_MACRO)
+
+macro.c: macro_predef
+	./macro_predef > macro.c
+
+# This target is recognized specially by GNU make. It records those targets
+# that do not correspond to files that are being built and which should
+# therefore always be run, even if the files exist. This shouldn't in fact be a
+# problem, but it does no harm. Other make programs will just ignore this.
+
+.PHONY: all config utils \
+	buildauths buildlookups buildpdkim buildrouters \
+        buildtransports checklocalmake clean
+
+
+utils: $(EXIM_MONITOR) exicyclog exinext exiwhat \
+        exigrep eximstats exipick exiqgrep exiqsumm \
+        transport-filter.pl convert4r3 convert4r4 \
+        exim_checkaccess \
+        exim_dbmbuild exim_dumpdb exim_fixdb exim_tidydb exim_lock
+
+
+# Targets for special-purpose configuration header builders
+buildconfig: buildconfig.c
+	@echo "$(CC) buildconfig.c"
+	$(FE)$(CC) $(CFLAGS) $(INCLUDE) -o buildconfig buildconfig.c $(LIBS)
+
+
+# Target for the exicyclog utility script
+exicyclog: config ../src/exicyclog.src
+	@rm -f exicyclog
+	@. ./version.sh && sed \
+	  -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+	  -e "/^# /p" \
+	  -e "/^# /d" \
+	  -e "s?CONFIGURE_FILE_USE_NODE?$(CONFIGURE_FILE_USE_NODE)?" \
+	  -e "s?CONFIGURE_FILE_USE_EUID?$(CONFIGURE_FILE_USE_EUID)?" \
+	  -e "s?CONFIGURE_FILE?$(CONFIGURE_FILE)?" \
+	  -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+	  -e "s?EXICYCLOG_MAX?$(EXICYCLOG_MAX)?" \
+	  -e "s?COMPRESS_COMMAND?$(COMPRESS_COMMAND)?" \
+	  -e "s?COMPRESS_SUFFIX?$(COMPRESS_SUFFIX)?" \
+	  -e "s?CHGRP_COMMAND?$(CHGRP_COMMAND)?" \
+	  -e "s?CHMOD_COMMAND?$(CHMOD_COMMAND)?" \
+	  -e "s?CHOWN_COMMAND?$(CHOWN_COMMAND)?" \
+	  -e "s?MV_COMMAND?$(MV_COMMAND)?" \
+	  -e "s?RM_COMMAND?$(RM_COMMAND)?" \
+	  -e "s?TOUCH_COMMAND?$(TOUCH_COMMAND)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/exicyclog.src > exicyclog-t
+	@mv exicyclog-t exicyclog
+	@chmod a+x exicyclog
+	@echo ">>> exicyclog script built"
+
+# Target for the exinext utility script
+exinext: config ../src/exinext.src
+	@rm -f exinext
+	@. ./version.sh && sed \
+	  -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+	  -e "/^# /p" \
+	  -e "/^# /d" \
+	  -e "s?CONFIGURE_FILE_USE_NODE?$(CONFIGURE_FILE_USE_NODE)?" \
+	  -e "s?CONFIGURE_FILE?$(CONFIGURE_FILE)?" \
+	  -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/exinext.src > exinext-t
+	@mv exinext-t exinext
+	@chmod a+x exinext
+	@echo ">>> exinext script built"
+
+# Target for the exiwhat utility script
+exiwhat: config ../src/exiwhat.src
+	@rm -f exiwhat
+	@. ./version.sh && sed \
+	  -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+	  -e "/^# /p" \
+	  -e "/^# /d" \
+	  -e "s?CONFIGURE_FILE_USE_NODE?$(CONFIGURE_FILE_USE_NODE)?" \
+	  -e "s?CONFIGURE_FILE?$(CONFIGURE_FILE)?" \
+	  -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+	  -e "s?EXIWHAT_PS_CMD?$(EXIWHAT_PS_CMD)?" \
+	  -e "s?EXIWHAT_PS_ARG?$(EXIWHAT_PS_ARG)?" \
+	  -e "s?EXIWHAT_KILL_SIGNAL?$(EXIWHAT_KILL_SIGNAL)?" \
+	  -e "s?EXIWHAT_EGREP_ARG?$(EXIWHAT_EGREP_ARG)?" \
+	  -e "s?EXIWHAT_MULTIKILL_CMD?$(EXIWHAT_MULTIKILL_CMD)?" \
+	  -e "s?EXIWHAT_MULTIKILL_ARG?$(EXIWHAT_MULTIKILL_ARG)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  -e "s?RM_COMMAND?$(RM_COMMAND)?" \
+	  ../src/exiwhat.src > exiwhat-t
+	@mv exiwhat-t exiwhat
+	@chmod a+x exiwhat
+	@echo ">>> exiwhat script built"
+
+# Target for the exim_checkaccess utility script
+exim_checkaccess: config ../src/exim_checkaccess.src
+	@rm -f exim_checkaccess
+	@. ./version.sh && sed \
+	  -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+	  -e "/^# /p" \
+	  -e "/^# /d" \
+	  -e "s?CONFIGURE_FILE_USE_NODE?$(CONFIGURE_FILE_USE_NODE)?" \
+	  -e "s?CONFIGURE_FILE?$(CONFIGURE_FILE)?" \
+	  -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+	  -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/exim_checkaccess.src > exim_checkaccess-t
+	@mv exim_checkaccess-t exim_checkaccess
+	@chmod a+x exim_checkaccess
+	@echo ">>> exim_checkaccess script built"; echo ""
+
+# Target for the Exim monitor start-up script
+eximon: config ../src/eximon.src ../OS/eximon.conf-Default \
+          ../Local/eximon.conf
+	@rm -f eximon
+	$(SHELL) $(SCRIPTS)/Configure-eximon
+	@. ./version.sh && sed \
+	  -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+	  -e "/^# /p" \
+	  -e "/^# /d" \
+	  -e "s?CONFIGURE_FILE_USE_NODE?$(CONFIGURE_FILE_USE_NODE)?" \
+	  -e "s?CONFIGURE_FILE?$(CONFIGURE_FILE)?" \
+	  -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+	  -e "s?BASENAME_COMMAND?$(BASENAME_COMMAND)?" \
+	  -e "s?HOSTNAME_COMMAND?$(HOSTNAME_COMMAND)?" \
+	  -e "s?X11_LD_LIBRARY?$(X11_LD_LIB)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/eximon.src >> eximon
+	@echo ">>> eximon script built"; echo ""
+
+# Targets for utilities; these are all Perl scripts that have to get the
+# location of Perl put in them. A few need other things as well.
+
+exigrep: config ../src/exigrep.src
+	@rm -f exigrep
+	@. ./version.sh && sed \
+	  -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+	  -e "/^# /p" \
+	  -e "/^# /d" \
+	  -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+	  -e "s?ZCAT_COMMAND?$(ZCAT_COMMAND)?" \
+          -e "s?COMPRESS_SUFFIX?$(COMPRESS_SUFFIX)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/exigrep.src > exigrep-t
+	@mv exigrep-t exigrep
+	@chmod a+x exigrep
+	@echo ">>> exigrep script built"
+
+eximstats: config ../src/eximstats.src
+	@rm -f eximstats
+	@. ./version.sh && sed \
+	  -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/eximstats.src > eximstats-t
+	@mv eximstats-t eximstats
+	@chmod a+x eximstats
+	@echo ">>> eximstats script built"
+
+exiqgrep: config ../src/exiqgrep.src
+	@rm -f exiqgrep
+	@. ./version.sh && sed \
+	  -e "s?PROCESSED_FLAG?This file has been so processed.?"\
+	  -e "/^# /p" \
+	  -e "/^# /d" \
+	  -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+	  -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/exiqgrep.src > exiqgrep-t
+	@mv exiqgrep-t exiqgrep
+	@chmod a+x exiqgrep
+	@echo ">>> exiqgrep script built"
+
+exiqsumm: config ../src/exiqsumm.src
+	@rm -f exiqsumm
+	@. ./version.sh && sed \
+	  -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/exiqsumm.src > exiqsumm-t
+	@mv exiqsumm-t exiqsumm
+	@chmod a+x exiqsumm
+	@echo ">>> exiqsumm script built"
+
+exipick: config ../src/exipick.src
+	@rm -f exipick
+	@. ./version.sh && sed \
+	  -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+	  -e "s?SPOOL_DIRECTORY?$(SPOOL_DIRECTORY)?" \
+	  -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/exipick.src > exipick-t
+	@mv exipick-t exipick
+	@chmod a+x exipick
+	@echo ">>> exipick script built"
+
+transport-filter.pl: config ../src/transport-filter.src
+	@rm -f transport-filter.pl
+	@. ./version.sh && sed \
+	  -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/transport-filter.src > transport-filter.pl-t
+	@mv transport-filter.pl-t transport-filter.pl
+	@chmod a+x transport-filter.pl
+	@echo ">>> transport-filter.pl script built"
+
+convert4r3: config ../src/convert4r3.src
+	@rm -f convert4r3
+	@. ./version.sh && sed \
+	  -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/convert4r3.src > convert4r3-t
+	@mv convert4r3-t convert4r3
+	@chmod a+x convert4r3
+	@echo ">>> convert4r3 script built"
+
+convert4r4: config ../src/convert4r4.src
+	@rm -f convert4r4
+	@. ./version.sh && sed \
+	  -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \
+	  -e "s?EXIM_RELEASE_VERSION?$${EXIM_RELEASE_VERSION}?" \
+	  -e "s?EXIM_VARIANT_VERSION?$${EXIM_VARIANT_VERSION}?" \
+	  ../src/convert4r4.src > convert4r4-t
+	@mv convert4r4-t convert4r4
+	@chmod a+x convert4r4
+	@echo ">>> convert4r4 script built"
+
+
+# These are objects of optional features. They are always compiled, but
+# if the corresponding #defines are not set, they wind up empty and
+# are thrown away by the linker.
+
+OBJ_WITH_CONTENT_SCAN = malware.o mime.o regex.o spam.o spool_mbox.o
+OBJ_EXPERIMENTAL =	arc.o \
+			bmi_spam.o \
+			dane.o \
+			dcc.o \
+			dmarc.o \
+			imap_utf7.o \
+			spf.o \
+			srs.o \
+			utf8.o
+
+# Targets for final binaries; the main one has a build number which is
+# updated each time. We don't bother with that for the auxiliaries.
+
+OBJ_LOOKUPS = lookups/lf_quote.o lookups/lf_check_file.o lookups/lf_sqlperform.o
+
+OBJ_EXIM = acl.o base64.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \
+        directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \
+        filtertest.o globals.o dkim.o dkim_transport.o hash.o \
+        header.o host.o ip.o log.o lss.o match.o md5.o moan.o \
+        os.o parse.o queue.o \
+        rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \
+        route.o search.o sieve.o smtp_in.o smtp_out.o spool_in.o spool_out.o \
+        std-crypto.o store.o string.o tls.o tod.o transport.o tree.o verify.o \
+        environment.o macro.o \
+        $(OBJ_LOOKUPS) \
+        local_scan.o $(EXIM_PERL) $(OBJ_WITH_CONTENT_SCAN) \
+        $(OBJ_EXPERIMENTAL)
+
+exim:   buildlookups buildauths pdkim/pdkim.a \
+        buildrouters buildtransports \
+        $(OBJ_EXIM) version.o
+	@echo "$(LNCC) -o exim"
+	$(FE)$(PURIFY) $(LNCC) -o exim $(LFLAGS) $(OBJ_EXIM) version.o \
+	  routers/routers.a transports/transports.a lookups/lookups.a \
+	  auths/auths.a pdkim/pdkim.a \
+	  $(LIBRESOLV) $(LIBS) $(LIBS_EXIM) $(IPV6_LIBS) $(EXTRALIBS) \
+	  $(EXTRALIBS_EXIM) $(DBMLIB) $(LOOKUP_LIBS) $(AUTH_LIBS) \
+	  $(PERL_LIBS) $(TLS_LIBS) $(PCRE_LIBS) $(LDFLAGS)
+	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+	  echo $(STRIP_COMMAND) exim; \
+	  $(STRIP_COMMAND) exim; \
+	fi
+	$(EXIM_CHMOD)
+	@echo " "
+	@echo ">>> exim binary built"
+	@echo " "
+
+# The utility for dumping the contents of an exim database
+
+OBJ_DUMPDB = exim_dumpdb.o util-os.o util-store.o
+
+exim_dumpdb: $(OBJ_DUMPDB)
+	@echo "$(LNCC) -o exim_dumpdb"
+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dumpdb $(LFLAGS) $(OBJ_DUMPDB) \
+	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
+	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+	  echo $(STRIP_COMMAND) exim_dumpdb; \
+	  $(STRIP_COMMAND) exim_dumpdb; \
+	fi
+	@echo ">>> exim_dumpdb utility built"
+	@echo " "
+
+# The utility for interrogating/fixing the contents of an exim database
+
+OBJ_FIXDB = exim_fixdb.o util-os.o util-store.o util-md5.o
+
+exim_fixdb:  $(OBJ_FIXDB)
+	@echo "$(LNCC) -o exim_fixdb"
+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_fixdb $(LFLAGS) $(OBJ_FIXDB) \
+	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
+	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+	  echo $(STRIP_COMMAND) exim_fixdb; \
+	  $(STRIP_COMMAND) exim_fixdb; \
+	fi
+	@echo ">>> exim_fixdb utility built"
+	@echo " "
+
+# The utility for tidying the contents of an exim database
+
+OBJ_TIDYDB = exim_tidydb.o util-os.o util-store.o
+
+exim_tidydb: $(OBJ_TIDYDB)
+	@echo "$(LNCC) -o exim_tidydb"
+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_tidydb $(LFLAGS) $(OBJ_TIDYDB) \
+	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
+	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+	  echo $(STRIP_COMMAND) exim_tidydb; \
+	  $(STRIP_COMMAND) exim_tidydb; \
+	fi
+	@echo ">>> exim_tidydb utility built"
+	@echo " "
+
+# The utility for building dbm files
+
+exim_dbmbuild: exim_dbmbuild.o
+	@echo "$(LNCC) -o exim_dbmbuild"
+	$(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \
+	  $(LIBS) $(EXTRALIBS) $(DBMLIB)
+	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+	  echo $(STRIP_COMMAND) exim_dbmbuild; \
+	  $(STRIP_COMMAND) exim_dbmbuild; \
+	fi
+	@echo ">>> exim_dbmbuild utility built"
+	@echo " "
+
+# The utility for locking a mailbox while messing around with it
+
+exim_lock: exim_lock.c os.h
+	@echo "$(CC) exim_lock.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c
+	@echo "$(LNCC) -o exim_lock"
+	$(FE)$(LNCC) -o exim_lock $(LFLAGS) exim_lock.o  \
+	  $(LIBS) $(EXTRALIBS)
+	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+	  echo $(STRIP_COMMAND) exim_lock; \
+	  $(STRIP_COMMAND) exim_lock; \
+	fi
+	@echo ">>> exim_lock utility built"
+	@echo " "
+
+# The X-based Exim monitor program's binary part. There's a macro for cutting
+# out the modified TextPop module, because some antique link editors cannot
+# handle the fact that it is redefining things that are found later in the
+# Xaw library.
+
+# Object modules that are the unique Eximon modules
+
+MONBIN = em_StripChart.o $(EXIMON_TEXTPOP) em_globals.o em_init.o \
+	em_log.o em_main.o em_menu.o em_queue.o em_strip.o \
+	em_text.o em_xs.o
+
+# The complete modules list also includes some specially compiled versions of
+# code from the main Exim source tree.
+
+OBJ_MONBIN = util-spool_in.o \
+	     util-store.o \
+	     util-string.o \
+	     util-queue.o \
+	     util-tod.o \
+	     util-tree.o \
+	     $(MONBIN)
+
+eximon.bin: $(EXIMON_EDITME) eximon $(OBJ_MONBIN) ../exim_monitor/em_version.c \
+		mytypes.h store.h macros.h
+	@echo "$(CC) exim_monitor/em_version.c"
+	$(FE)$(CC) -o em_version.o -c \
+	  $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c
+	@echo "$(LNCC) -o eximon.bin"
+	$(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LFLAGS) $(XLFLAGS) \
+	  $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \
+	  $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc
+	@if [ x"$(STRIP_COMMAND)" != x"" ]; then \
+	  echo $(STRIP_COMMAND) eximon.bin; \
+	  $(STRIP_COMMAND) eximon.bin; \
+	fi
+	@echo ">>> exim monitor binary built"
+	@echo " "
+
+
+# Compile step for most of the exim modules. HDRS is a list of headers
+# which cause everything to be rebuilt. PHDRS is the same, for the use
+# of routers, transports, and authenticators. I can't find a way of doing this
+# in one. This list is overkill, but it doesn't really take much time to
+# rebuild Exim on a modern computer.
+
+HDRS  =	blob.h \
+	config.h \
+	dbfunctions.h \
+	dbstuff.h \
+	exim.h \
+	functions.h \
+	globals.h \
+	hash.h \
+	local_scan.h \
+	macros.h \
+	mytypes.h \
+	sha_ver.h \
+	structs.h \
+	os.h
+PHDRS = ../config.h \
+	../dbfunctions.h \
+	../dbstuff.h \
+	../exim.h \
+	../functions.h \
+	../globals.h \
+	../local_scan.h \
+	../macros.h \
+	../mytypes.h \
+	../structs.h \
+	../os.h
+
+.SUFFIXES: .o .c
+.c.o:;  @echo "$(CC) $*.c"
+	$(FE)$(CC) -c $(CFLAGS) -I. $(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE) $*.c
+
+# Update Exim's version information and build the version object.  The dependency
+# chain here avoids problems under parallel-make.
+
+version.sh:
+	@../scripts/reversion
+
+version.h: version.sh
+
+cnumber.h: version.h
+
+version.o: $(HDRS) cnumber.h version.h version.c
+
+# This is the dummy module for use by test compiles of individual modules. It
+# contains functions such as log_write() that may be called from bits of Exim
+# in the tested code.
+
+dummies.o:       dummies.c
+
+# Compile instructions for perl.o for when EXIM_PERL is set
+
+perl.o:          $(HDRS) perl.c
+	@echo "$(PERL_CC) perl.c"
+	$(FE)$(PERL_CC) $(PERL_CCOPTS) $(CFLAGS) $(INCLUDE) -c perl.c
+
+# Compile instructions for the database utility modules
+
+exim_dumpdb.o:   $(HDRS) exim_dbutil.c
+	@echo "$(CC) -DEXIM_DUMPDB exim_dbutil.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) \
+				      -DCOMPILE_UTILITY \
+				      -DEXIM_DUMPDB \
+				      -o exim_dumpdb.o exim_dbutil.c
+
+exim_fixdb.o:    $(HDRS) exim_dbutil.c
+	@echo "$(CC) -DEXIM_FIXDB exim_dbutil.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) \
+				      -DCOMPILE_UTILITY \
+				      -DEXIM_FIXDB \
+				      -o exim_fixdb.o exim_dbutil.c
+
+exim_tidydb.o:   $(HDRS) exim_dbutil.c
+	@echo "$(CC) -DEXIM_TIDYDB exim_dbutil.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) \
+				      -DCOMPILE_UTILITY \
+				      -DEXIM_TIDYDB \
+				      -o exim_tidydb.o exim_dbutil.c
+
+# Compile instructions for exim_dbmbuild
+
+exim_dbmbuild.o: $(HDRS) exim_dbmbuild.c
+	@echo "$(CC) exim_dbmbuild.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY \
+		-o exim_dbmbuild.o exim_dbmbuild.c
+
+# Utilities use special versions of some modules - typically with debugging
+# calls cut out.
+
+util-spool_in.o: $(HDRS) spool_in.c
+	@echo "$(CC) -DCOMPILE_UTILITY spool_in.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-spool_in.o spool_in.c
+
+util-store.o:    $(HDRS) store.c
+	@echo "$(CC) -DCOMPILE_UTILITY store.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-store.o store.c
+
+util-string.o:   $(HDRS) string.c
+	@echo "$(CC) -DCOMPILE_UTILITY string.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-string.o string.c
+
+util-md5.o:   $(HDRS) md5.c
+	@echo "$(CC) -DCOMPILE_UTILITY queue.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-md5.o md5.c
+
+util-queue.o:   $(HDRS) queue.c
+	@echo "$(CC) -DCOMPILE_UTILITY queue.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-queue.o queue.c
+
+util-tod.o:   $(HDRS) tod.c
+	@echo "$(CC) -DCOMPILE_UTILITY tod.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-tod.o tod.c
+
+util-tree.o:   $(HDRS) tree.c
+	@echo "$(CC) -DCOMPILE_UTILITY tree.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-tree.o tree.c
+
+util-os.o:       $(HDRS) os.c
+	@echo "$(CC) -DCOMPILE_UTILITY os.c"
+	$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) \
+				      -DCOMPILE_UTILITY \
+				      -DOS_LOAD_AVERAGE \
+				      -DFIND_RUNNING_INTERFACES \
+				      -o util-os.o os.c
+
+# The local scan module depends only on its own special header, and is compiled
+# from a source whose location is set by configuration.
+
+local_scan.o:    config local_scan.h ../$(LOCAL_SCAN_SOURCE)
+	@echo "$(CC) local_scan.c"
+	$(FE)$(CC) -DLOCAL_SCAN -c $(CFLAGS) -I. $(INCLUDE) -o local_scan.o ../$(LOCAL_SCAN_SOURCE)
+
+# Dependencies for the "ordinary" exim modules
+
+acl.o:           $(HDRS) acl.c
+base64.o:        $(HDRS) mime.h base64.c
+child.o:         $(HDRS) child.c
+crypt16.o:       $(HDRS) crypt16.c
+daemon.o:        $(HDRS) daemon.c
+dbfn.o:          $(HDRS) dbfn.c
+debug.o:         $(HDRS) debug.c
+deliver.o:       $(HDRS) transports/smtp.h deliver.c
+directory.o:     $(HDRS) directory.c
+dns.o:           $(HDRS) dns.c
+enq.o:           $(HDRS) enq.c
+exim.o:          $(HDRS) exim.c
+expand.o:        $(HDRS) expand.c
+environment.o:   $(HDRS) environment.c
+filter.o:        $(HDRS) filter.c
+filtertest.o:    $(HDRS) filtertest.c
+globals.o:       $(HDRS) globals.c
+hash.o:          $(HDRS) hash.c
+header.o:        $(HDRS) header.c
+host.o:          $(HDRS) host.c
+ip.o:            $(HDRS) ip.c
+log.o:           $(HDRS) log.c
+lss.o:           $(HDRS) lss.c
+match.o:         $(HDRS) match.c
+md5.o:           $(HDRS) md5.c
+moan.o:          $(HDRS) moan.c
+os.o:            $(HDRS) $(OS_C_INCLUDES) os.c
+parse.o:         $(HDRS) parse.c
+queue.o:         $(HDRS) queue.c
+rda.o:           $(HDRS) rda.c
+readconf.o:      $(HDRS) readconf.c
+receive.o:       $(HDRS) receive.c
+retry.o:         $(HDRS) retry.c
+rewrite.o:       $(HDRS) rewrite.c
+rfc2047.o:       $(HDRS) rfc2047.c
+route.o:         $(HDRS) route.c
+search.o:        $(HDRS) search.c
+sieve.o:         $(HDRS) sieve.c
+smtp_in.o:       $(HDRS) smtp_in.c
+smtp_out.o:      $(HDRS) smtp_out.c
+spool_in.o:      $(HDRS) spool_in.c
+spool_out.o:     $(HDRS) spool_out.c
+std-crypto.o:    $(HDRS) std-crypto.c
+store.o:         $(HDRS) store.c
+string.o:        $(HDRS) string.c
+tls.o:           $(HDRS) tls.c \
+		 tls-gnu.c tlscert-gnu.c \
+		 tls-openssl.c tlscert-openssl.c \
+		 tls-cipher-stdname.c
+tod.o:           $(HDRS) tod.c
+transport.o:     $(HDRS) transport.c
+tree.o:          $(HDRS) tree.c
+verify.o:        $(HDRS) transports/smtp.h verify.c
+dkim.o:          $(HDRS) pdkim/pdkim.h dkim.c
+dkim_transport.o: $(HDRS) dkim_transport.c
+
+# Dependencies for WITH_CONTENT_SCAN modules
+
+malware.o:       $(HDRS) malware.c
+mime.o:          $(HDRS) mime.h mime.c
+regex.o:         $(HDRS) regex.c
+spam.o:          $(HDRS) spam.c
+spool_mbox.o:    $(HDRS) spool_mbox.c
+
+
+# Dependencies for EXPERIMENTAL_* modules
+
+arc.o:		$(HDRS) pdkim/pdkim.h arc.c
+bmi_spam.o:	$(HDRS) bmi_spam.c
+dane.o:		$(HDRS) dane.c dane-openssl.c
+dcc.o:		$(HDRS) dcc.h dcc.c
+dmarc.o:	$(HDRS) pdkim/pdkim.h dmarc.h dmarc.c
+imap_utf7.o:	$(HDRS) imap_utf7.c
+spf.o:		$(HDRS) spf.h spf.c
+srs.o:		$(HDRS) srs.h srs.c
+utf8.o:		$(HDRS) utf8.c
+
+# The module containing tables of available lookups, routers, auths, and
+# transports must be rebuilt if any of them are. However, because the makefiles
+# for the drivers are always run, we don't actually put the dependencies here,
+# because if we do, some version of "make" (e.g. IRIX) insist on rebuilding
+# drtables.o even though the .a files haven't in fact been updated. Instead
+# it is arranged that the lower-level makefiles remove drtables.o when they
+# rebuild the .a files.
+
+drtables.o:      $(HDRS) drtables.c
+
+# We depend upon object files built as part of building the lookups library
+# When using parallel make, we don't have the dependency to force building
+# in the sub-directory unless we force that dependency:
+
+$(OBJ_LOOKUPS):  buildlookups
+
+# The exim monitor's private modules - the sources live in a private
+# subdirectory. The final binary combines the private modules with some
+# modules from the main exim binary.
+
+em_StripChart.o: ../exim_monitor/em_StripChart.c
+em_TextPop.o:    ../exim_monitor/em_TextPop.c
+em_globals.o:    ../exim_monitor/em_globals.c ../exim_monitor/em_hdr.h
+em_init.o:       ../exim_monitor/em_init.c    ../exim_monitor/em_hdr.h
+em_log.o:        ../exim_monitor/em_log.c     ../exim_monitor/em_hdr.h
+em_main.o:       ../exim_monitor/em_main.c    ../exim_monitor/em_hdr.h
+em_menu.o:       ../exim_monitor/em_menu.c    ../exim_monitor/em_hdr.h
+em_queue.o:      ../exim_monitor/em_queue.c   ../exim_monitor/em_hdr.h
+em_strip.o:      ../exim_monitor/em_strip.c   ../exim_monitor/em_hdr.h
+em_text.o:       ../exim_monitor/em_text.c    ../exim_monitor/em_hdr.h
+em_xs.o:         ../exim_monitor/em_xs.c      ../exim_monitor/em_hdr.h
+em_version.o:    ../exim_monitor/em_version.c ../exim_monitor/em_hdr.h
+$(MONBIN): $(HDRS)
+		 @echo "$(CC) exim_monitor/$(@:.o=.c)"
+		 $(FE)$(CC) -o $@ -c $(CFLAGS) -DCOMPILE_UTILITY -I. -I../exim_monitor $(INCLUDE) $(XINCLUDE) \
+		   ../exim_monitor/$(@:.o=.c)
+
+
+# Targets for the various libraries that Exim uses.
+
+# The lookups library.
+
+buildlookups: config
+	 @cd lookups && $(MAKE) SHELL=$(SHELL) AR="$(AR)" $(MFLAGS) CC="$(CC)" CFLAGS="$(CFLAGS)" \
+	   CFLAGS_DYNAMIC="$(CFLAGS_DYNAMIC)" HDRS="../version.h $(PHDRS)" \
+	   FE="$(FE)" RANLIB="$(RANLIB)" RM_COMMAND="$(RM_COMMAND)" \
+	   INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE) $(LOOKUP_INCLUDE)"
+	 @echo " "
+
+# The routers library.
+
+buildrouters: config
+	 @cd routers && $(MAKE) SHELL=$(SHELL) AR="$(AR)" $(MFLAGS) CC="$(CC)" CFLAGS="$(CFLAGS)" \
+	   FE="$(FE)" RANLIB="$(RANLIB)" RM_COMMAND="$(RM_COMMAND)" HDRS="$(PHDRS)" \
+	   INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE)"
+	 @echo " "
+
+# The transports library.
+
+buildtransports: config
+	 @cd transports && $(MAKE) SHELL=$(SHELL) AR="$(AR)" $(MFLAGS) CC="$(CC)" CFLAGS="$(CFLAGS)" \
+	   FE="$(FE)" RANLIB="$(RANLIB)" RM_COMMAND="$(RM_COMMAND)" HDRS="$(PHDRS)" \
+	   INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE)"
+	 @echo " "
+
+# The library of authorization modules
+
+buildauths: config
+	 @cd auths && $(MAKE) SHELL=$(SHELL) AR="$(AR)" $(MFLAGS) CC="$(CC)" CFLAGS="$(CFLAGS)" \
+	   FE="$(FE)" RANLIB="$(RANLIB)" RM_COMMAND="$(RM_COMMAND)" HDRS="$(PHDRS)" \
+	   INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE)"
+	 @echo " "
+
+# The PDKIM library
+
+buildpdkim: pdkim/pdkim.a
+pdkim/pdkim.a: config
+	 @cd pdkim && $(MAKE) SHELL=$(SHELL) AR="$(AR)" $(MFLAGS) CC="$(CC)" CFLAGS="$(CFLAGS)" \
+	   FE="$(FE)" RANLIB="$(RANLIB)" RM_COMMAND="$(RM_COMMAND)" HDRS="$(PHDRS)" \
+	   INCLUDE="$(INCLUDE) $(IPV6_INCLUDE) $(TLS_INCLUDE)"
+	 @echo " "
+
+# The "clean", "install", and "makefile" targets just pass themselves back to
+# the main Exim makefile. These targets will be obeyed only if "make" is obeyed
+# for them in the build directory.
+
+clean install makefile:; cd ..; $(MAKE) $(MFLAGS) build=$(build) $@
+
+# Targets for building stand-alone testing programs for basic testing of
+# some of the building blocks. These are not integrated with the makefile-
+# building targets. If you change something that is going to cause the
+# makefile to be rebuilt, you must run "make makefile" before running one
+# of these.
+
+# The testing programs use different versions of some modules - usually
+# with bits cut out that are not relevant to the test in hand. For those
+# that are used by several tests, we use a different name.
+
+sa-globals.o:    $(HDRS) globals.c
+	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -o sa-globals.o globals.c
+
+sa-os.o:         $(HDRS) os.c
+	$(CC) -c $(CFLAGS) $(INCLUDE) \
+				      -DFIND_RUNNING_INTERFACES \
+				      -o sa-os.o os.c
+
+# These are the test targets themselves
+
+test_dbfn:   config.h dbfn.c dummies.o sa-globals.o sa-os.o store.o \
+	       string.o tod.o version.o utf8.o
+	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c
+	$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY store.c
+	$(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \
+	  dummies.o sa-globals.o sa-os.o store.o string.o \
+	  tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS)
+	rm -f dbfn.o store.o
+
+test_host:   config.h child.c host.c dns.c dummies.c sa-globals.o os.o \
+	       store.o string.o tod.o tree.o
+	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST child.c
+	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST host.c
+	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dns.c
+	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE -DTEST_HOST dummies.c
+	$(LNCC) -o test_host $(LFLAGS) \
+	  host.o child.o dns.o dummies.o sa-globals.o os.o store.o string.o \
+	  tod.o tree.o $(LIBS) $(LIBRESOLV)
+	rm -f child.o dummies.o host.o dns.o
+
+test_os:     os.h os.c dummies.o sa-globals.o store.o string.o tod.o utf8.o
+	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE os.c
+	$(LNCC) -o test_os $(LFLAGS) os.o dummies.o \
+	  sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LDFLAGS)
+	rm -f os.o
+
+test_parse:  config.h parse.c dummies.o sa-globals.o \
+	     store.o string.o tod.o version.o utf8.o
+	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE parse.c
+	$(LNCC) -o test_parse $(LFLAGS) parse.o \
+	  dummies.o sa-globals.o store.o string.o tod.o version.o \
+	  utf8.o $(LDFLAGS)
+	rm -f parse.o
+
+test_string: config.h string.c dummies.o sa-globals.o store.o tod.o utf8.o
+	$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE string.c
+	$(LNCC) -o test_string $(LFLAGS) -DSTAND_ALONE string.o \
+	  dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LDFLAGS)
+	rm -f string.o
+
+# End
diff --git a/OS/Makefile-Darwin b/OS/Makefile-Darwin
new file mode 100644
index 0000000..be0d952
--- /dev/null
+++ b/OS/Makefile-Darwin
@@ -0,0 +1,29 @@
+# Exim: OS-specific make file for Darwin (Mac OS X).
+
+CC=cc
+
+BASENAME_COMMAND=look_for_it
+CHOWN_COMMAND=/usr/sbin/chown
+CHMOD_COMMAND=/bin/chmod
+
+HAVE_SA_LEN=YES
+
+# Removed -DBIND_8_COMPAT for 4.61
+# CFLAGS=-O -no-cpp-precomp -DBIND_8_COMPAT
+
+CFLAGS=-O -no-cpp-precomp
+LIBRESOLV=-lresolv
+
+USE_DB = yes
+DBMLIB =
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/Makefile-Default b/OS/Makefile-Default
new file mode 100644
index 0000000..41a4dbb
--- /dev/null
+++ b/OS/Makefile-Default
@@ -0,0 +1,327 @@
+##################################################
+#          The Exim mail transport agent         #
+##################################################
+
+# Generic default make file containing settings that relate to the OS or
+# to selectable features within the OS. The configuration options for Exim
+# itself live in Local/Makefile, which is constructed by editing src/EDITME.
+
+# These settings are basic defaults which may be overridden, either by the
+# generic OS-specific files, or by site-specific files. Do not edit this file.
+# Instead, edit or create suitable OS-specific and/or site specific files.
+# See the manual for details.
+
+
+# MAKE_SHELL contains the name of the shell to be used for executing commands
+# from the make files. Normally /bin/sh should be used.
+
+MAKE_SHELL=/bin/sh
+
+
+# BASENAME_COMMAND contains the path to the "basename" command, which varies
+# from OS to OS. This is used when building the Exim monitor script only. (See
+# also HOSTNAME_COMMAND.) If BASENAME_COMMAND is set to "look_for_it" then the
+# script checks for /usr/bin/basename and /bin/basename, and if neither is
+# found, it uses /usr/ucb/basename. This copes with Solaris 2 and Linux, both
+# of which come in different versions.
+
+BASENAME_COMMAND=/usr/bin/basename
+
+
+# If you set STRIP_COMMAND to the path of the "strip" command, it will be run
+# on every binary that is built. It is left unset by default, which leaves
+# the binaries unstripped.
+
+# STRIP_COMMAND=/usr/bin/strip
+
+
+# Some of the following commands live in different places in different OS. We
+# include them all here for generality.
+
+CHOWN_COMMAND=/usr/bin/chown
+CHGRP_COMMAND=/usr/bin/chgrp
+CHMOD_COMMAND=/usr/bin/chmod
+MV_COMMAND=/bin/mv
+RM_COMMAND=/bin/rm
+TOUCH_COMMAND=/usr/bin/touch
+
+
+# Some operating systems have different ways of building libraries of
+# functions. This macro defines the command to do this, defaulting to
+# the "ar" command with options "cq".
+
+AR=ar cq
+
+
+# Not all operating systems have the iconv() function. Those that do have
+#
+# HAVE_ICONV=yes
+#
+# in their OS-specific Makefiles. On those that don't it is possible to
+# install an independent implementation of iconv(). If you've done this,
+# add "HAVE_ICONV=yes" to your Local/Makefile.
+
+
+# Perl is not necessary for running Exim itself, except when EXIM_PERL
+# is set to cause Perl embedding. However, some Perl utilities are provided
+# for processing the logs. Perl 5 is assumed.
+
+PERL_COMMAND=/usr/bin/perl
+
+
+# CC contains the name of the C compiler to be used.
+
+CC=gcc
+
+
+# CFLAGS contains flags to be passed to the compiler. Nothing is defaulted
+# here; instead each OS-dependent Makefile contains a default setting.
+
+# CFLAGS=-O
+
+
+# LFLAGS contains flags to be passed to the link editor. Nothing is defaulted
+# here; instead each OS-dependent Makefile contains a default setting if one
+# is needed.
+
+# LFLAGS=
+
+
+# PCRE_LIBS contains the library to be linked for PCRE
+
+PCRE_LIBS=-lpcre
+
+
+# LIBS and EXTRALIBS contain library settings that are used on linking
+# commands to build binaries. The OS-dependent Makefile may contain a default
+# setting for LIBS, leaving EXTRALIBS available for adding further libraries
+# that are required for optional extras.
+
+# LIBS=
+# EXTRALIBS=
+
+
+# LIBS_EXIM and EXTRALIBS_EXIM contain library settings that are used
+# only when linking the Exim binary. They are not used for other binaries.
+# One possible use is for the TCP wrappers library.
+
+# LIBS_EXIM=
+# EXTRALIBS_EXIM=
+
+
+# LIBS_EXIMON and EXTRALIBS_EXIMON contain library settings that are
+# used only when linking the Exim monitor binary. They are not used for
+# other binaries.
+
+# LIBS_EXIMON=
+# EXTRALIBS_EXIMON=
+
+
+# The error name for quota exceeded varies among operating systems, and
+# even, unfortunately, in different versions of the same operating system.
+# EDQUOT was not in Sys V, but is in SPEC 1170, apparently. It was used
+# in SunOS4, but got taken out for SunOS5, where ENOSPC was given if a quota
+# was exceeded. However, it got put back into SunOS5 with a patch to 5.4 in
+# order to comply with SPEC 1170. Thus even different patch levels of the same
+# system (SunOS5) may use different numbers.
+#
+# If you don't have quotas or are not interested in handling quota errors
+# specially, just set this variable to 0. If it is not set, it defaults to
+# EDQUOT if that is defined for the OS; otherwise it defaults to ENOSPC.
+
+# ERRNO_QUOTA=EDQUOT
+
+
+# The exiwhat utility script finds all the processes running Exim, and sends
+# them a SIGUSR1 signal to get them to write their status to a file. There are
+# two ways in which this can be done:
+#
+# (1) If the OS has a command to find processes and signal them, that can be
+# used. Linux has "killall"; Solaris has "pkill". (Note: "killall" on Solaris
+# does something very different - and disastrous.) The following are set in the
+# OS-specific Makefiles for those OS where this can be done:
+
+# EXIWHAT_MULTIKILL_CMD=
+# EXIWHAT_MULTIKILL_ARG=
+
+# (2) For other operating systems, exiwhat calls the ps command and egreps the
+# output in order to find all the processes running Exim. The arguments for the
+# various commands needed to do this vary from OS to OS. These defaults work on
+# Solaris 2, HPUX, and IRIX. The OS-specific Makefiles have different versions
+# for other systems, and you can override with your own requirements in your
+# private Makefiles in the Local directory. The most commonly found
+# alternatives are -ax instead of -e for the ps argument, and / instead of a
+# blank before the name exim for the egrep argument on systems whose ps output
+# shows the full path name. The quotes for the egrep argument are specified
+# here so that leading white space can be used. This value should always be
+# given in single quotes.
+
+EXIWHAT_PS_CMD=/bin/ps
+EXIWHAT_PS_ARG=-e
+EXIWHAT_EGREP_ARG=' exim( |$$|-)'
+
+# For both kinds of exiwhat usage, the next setting specifies the signal that
+# is sent.
+
+EXIWHAT_KILL_SIGNAL=-USR1
+
+
+# IPv6 is gradually spreading more and more widely. Most operating systems seem
+# to support it nowadays. If you set this option, IPv6 support will be included
+# in the Exim binary. As well as the basic enabling option, there are
+# parameters for include and library directories that may be needed for IPv6 on
+# some systems, where the support is not yet in the standard library.
+
+# HAVE_IPV6=YES
+# IPV6_INCLUDE=-I /usr/ipv6/include
+# IPV6_LIBS=-L/usr/ipv6/libs -linet6
+
+# Exim uses the function getaddrinfo() for converting IPv6 addresses in text
+# form to binary. Apparently some operating systems do not support this, or not
+# correctly, and require the use of the function inet_pton() instead. The
+# following setting enables this. Note, however, the inet_pton() has reduced
+# functionality compared with getaddrinfo(). In particular, it does not
+# recognize the percent convention for identifying scopes (interfaces) that is
+# used by some operating systems.
+
+# IPV6_USE_INET_PTON=yes
+
+# HOSTNAME_COMMAND contains the path to the "hostname" command, which varies
+# from OS to OS. This is used when building the Exim monitor script only. (See
+# also BASENAME_COMMAND.) If HOSTNAME_COMMAND is set to "look_for_it" then the
+# script checks for /usr/bin/hostname and /bin/hostname, and if neither is
+# found, it uses /usr/ucb/basename. This copes with Solaris 2, which comes in
+# different versions.
+
+HOSTNAME_COMMAND=/bin/hostname
+
+
+# INCLUDE contains arbitrary include parameters that you may need to use
+# when building exim. It is added to every compile command.
+
+# INCLUDE=-I /some/special/include-directory
+
+
+# Some OS require a separate library to be quoted when linking programs that
+# call name resolver functions. This can be set in LIBRESOLV, which is left
+# unset here, but is set is some of the OS-specific Makefiles.
+
+# LIBRESOLV=
+
+
+# Additional libraries and include directories may be required for some
+# lookup styles, e.g. LDAP or SQL. LOOKUP_LIBS is included only on the
+# command for linking Exim itself, not on any auxiliary programs. You
+# don't need to set LOOKUP_INCLUDE if the relevant directories are already
+# specified in INCLUDE.
+
+# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/sql/include
+# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber
+
+
+# RANLIB should be set to something that does nothing on systems that do not
+# have the ranlib command or do not need to run it on library files.
+
+RANLIB=ranlib
+
+
+# EXIM_CHMOD is available to specify a command that is automatically applied
+# to the Exim binary immediately it is compiled. (I find this useful when
+# building test versions.)
+
+EXIM_CHMOD=@true
+
+
+# If you want to use local_scan() at all, the support code must be included
+# by uncommenting this line.
+
+# HAVE_LOCAL_SCAN=yes
+
+# LOCAL_SCAN_SOURCE defines the file in which the function local_scan() is
+# defined. This provides the administrator with a hook for including C code
+# for scanning incoming mails. The path that is defined must be relative to
+# the Exim distribution directory. For example
+
+# LOCAL_SCAN_SOURCE=Local/local_scan.c
+
+# A very simple example points to a template function that doesn't actually do
+# any scanning, but just accepts the message.  A compilable file must be
+# included in the build even if HAVE_LOCAL_SCAN is not defined.
+
+LOCAL_SCAN_SOURCE=src/local_scan.c
+
+# If you want to specify options for your local_scan() that can be set from
+# the main Exim configuration file, you need to uncomment the following line,
+# and then provide a table of options in your local_scan() source, as described
+# in the reference manual.
+
+# LOCAL_SCAN_HAS_OPTIONS=yes
+
+
+#############################################################################
+# The following are all concerned with configuring the way Exim handles its
+# database (hints) and other dbm files.
+
+# Some systems require a separate library to be supplied when linking programs
+# that make use of DBM library calls. This can be set in DBMLIB, which is unset
+# by default, but is set in some of the OS-specific Makefiles. Setting it in
+# your Local/Makefile will override any other setting.
+
+# DBMLIB=
+
+
+# When Exim is attempting to lock one of its database (hints) files, it
+# applies a timeout which can be altered here.
+
+# EXIMDB_LOCK_TIMEOUT=60
+
+
+# By default, Exim uses traditional ndbm function calls to handle its indexed
+# hints databases. On systems that have Berkeley db installed, this still
+# works via the compatibility interface. However, by defining USE_DB you can
+# make it use native db function calls.
+
+# USE_DB=YES
+
+# Similarly, if you are using gdbm, Exim will by default use the ndbm
+# compatibility interface. However, by defining USE_GDBM you can make it
+# use the native gdbm function calls.
+
+# USE_GDBM=YES
+
+
+#############################################################################
+# The following definitions are relevant only when compiling the Exim monitor
+# program, which requires an X11 display. See the variable EXIM_MONITOR in
+# src/EDITME for how to suppress this compilation.
+
+# X11 contains the location of the X11 libraries and include files.
+
+X11=/usr/X11R6
+
+# XINCLUDE contains options for header inclusion when compiling functions
+# that call X11 functions.
+
+XINCLUDE=-I$(X11)/include
+
+# XLFLAGS contains flags to be passed to the linker when linking the monitor.
+
+XLFLAGS=-L$(X11)/lib
+
+# X11_LD_LIB contains the name of the X11 library that is to be added to
+# LD_LIBRARY_PATH when running the monitor program.
+
+X11_LD_LIB=$(X11)/lib
+
+# A modified version of the Athena TextPop module is supplied with Exim. The
+# modification is to remove the "replace" part of the "search and replace"
+# operation because it isn't wanted. TextPop is only one of a number of
+# modules that make up the Text widget. Some antique link editors cannot handle
+# the case of a replacement module for one of a set of modules. To allow
+# the monitor to be linked in such cases, set the value of EXIMON_TEXTPOP
+# to be empty. The search operations will then contain a useless "replace"
+# option, which is untidy, but does no harm.
+
+EXIMON_TEXTPOP=em_TextPop.o
+
+# End
diff --git a/OS/Makefile-FreeBSD b/OS/Makefile-FreeBSD
new file mode 100644
index 0000000..d550fb7
--- /dev/null
+++ b/OS/Makefile-FreeBSD
@@ -0,0 +1,54 @@
+# Exim: OS-specific make file for FreeBSD
+# Copyright (c) The Exim Maintainers 2020
+
+CHOWN_COMMAND=/usr/sbin/chown
+STRIP_COMMAND=/usr/bin/strip
+CHMOD_COMMAND=/bin/chmod
+
+
+# FreeBSD Ports no longer insert compatibility symlinks into /usr/bin for
+# scripting languages which traditionally have had them.
+PERL_COMMAND=/usr/local/bin/perl
+
+HAVE_SA_LEN=YES
+
+# crypt() is in a separate library
+LIBS=-lcrypt -lm -lutil
+
+# Dynamically loaded modules need to be built with -fPIC
+CFLAGS_DYNAMIC=-shared -rdynamic -fPIC
+
+# FreeBSD always ships with Berkeley DB
+USE_DB=yes
+
+# This code for building outside ports suggested by Richard Clayton
+.ifdef   X11BASE
+X11=${X11BASE}
+.elifdef LOCALBASE
+X11=$(LOCALBASE)
+.else
+X11=/usr/local
+.endif
+
+# nb: FreeBSD is entirely elf; objformat was removed prior to FreeBSD 7
+# http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.bin/objformat/Attic/objformat.c
+# deleted Jan 2007.
+#
+# So if this fails, you're on an ancient unsupported FreeBSD release *and*
+# running GUI software, which seems both unusual and unwise.
+#
+# http://www.freebsd.org/doc/handbook/binary-formats.html suggests that the
+# switch to default to ELF came with FreeBSD 3.  elf(5) claims ELF support
+# introduced in FreeBSD 2.2.6.
+#
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib -Wl,-rpath,${X11}/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD='killall -m'
+EXIWHAT_MULTIKILL_ARG='^exim($$|-[0-9.]+-[0-9]+$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/Makefile-GNU b/OS/Makefile-GNU
new file mode 100644
index 0000000..b49976f
--- /dev/null
+++ b/OS/Makefile-GNU
@@ -0,0 +1,30 @@
+# Exim: OS-specific make file for GNU and variants.
+# Copyright (c) The Exim Maintainers 2020
+
+HAVE_ICONV=yes
+
+BASENAME_COMMAND=look_for_it
+CHOWN_COMMAND=look_for_it
+CHGRP_COMMAND=look_for_it
+CHMOD_COMMAND=look_for_it
+
+CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+
+DBMLIB = -ldb
+USE_DB = yes
+
+LIBS = -lnsl -lcrypt -lm
+LIBRESOLV = -lresolv
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD=killall
+EXIWHAT_MULTIKILL_ARG=exim
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
new file mode 100644
index 0000000..dfb2fa8
--- /dev/null
+++ b/OS/Makefile-Linux
@@ -0,0 +1,39 @@
+# Exim: OS-specific make file for Linux. This is for modern Linuxes,
+# which use libc6.
+# Copyright (c) The Exim Maintainers 2020
+#
+# For Linux, we assume GNU Make; at time of writing, the only extension
+# used is ?= which is actually portable to other maintained Make variants,
+# just is not POSIX.
+
+HAVE_ICONV=yes
+
+BASENAME_COMMAND=look_for_it
+CHOWN_COMMAND=look_for_it
+CHGRP_COMMAND=look_for_it
+CHMOD_COMMAND=look_for_it
+
+# The system cc may be gcc or clang; do not force gcc
+CC=cc
+# Preserve CFLAGS and CFLAGS_DYNAMIC from the caller/environment
+CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+CFLAGS_DYNAMIC ?= -shared -rdynamic
+
+DBMLIB = -ldb
+USE_DB = yes
+
+LIBS = -lcrypt -lm
+LIBRESOLV = -lresolv
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD=killall
+EXIWHAT_MULTIKILL_ARG=exim
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/Makefile-OpenBSD b/OS/Makefile-OpenBSD
new file mode 100644
index 0000000..8f40879
--- /dev/null
+++ b/OS/Makefile-OpenBSD
@@ -0,0 +1,30 @@
+# Exim: OS-specific make file for OpenBSD
+# Copyright (c) The Exim Maintainers 2020
+
+CHOWN_COMMAND=/usr/sbin/chown
+CHGRP_COMMAND=/usr/sbin/chgrp
+CHMOD_COMMAND=/bin/chmod
+
+CC=cc
+CFLAGS=-O2 -Wall -Wno-parentheses -Wno-self-assign -Wno-logical-op-parentheses
+
+LIBS=-lm
+
+HAVE_SA_LEN=YES
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+
+EXIWHAT_MULTIKILL_CMD=pkill
+EXIWHAT_MULTIKILL_ARG='exim( |$$|-)'
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+HAVE_IPV6=YES
+
+# OpenBSD always ships with Berkeley DB
+USE_DB=yes
+
+# End
diff --git a/OS/Makefile-SunOS5 b/OS/Makefile-SunOS5
new file mode 100644
index 0000000..3b436f4
--- /dev/null
+++ b/OS/Makefile-SunOS5
@@ -0,0 +1,24 @@
+# Exim: OS-specific make file for SunOS5
+# Copyright (c) The Exim Maintainers 2020
+
+HAVE_ICONV=yes
+
+BASENAME_COMMAND=look_for_it
+HOSTNAME_COMMAND=look_for_it
+
+RANLIB=@true
+LIBS=-lsocket -lnsl -lkstat -lm
+LIBRESOLV=-lresolv
+
+EXIWHAT_MULTIKILL_CMD=pkill
+EXIWHAT_MULTIKILL_ARG='exim( |$$|-)'
+
+X11=/usr/openwin
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib -R$(X11)/lib
+X11LIB=$(X11)/lib
+
+OS_C_INCLUDES=setenv.c
+CFLAGS += -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D__EXTENSIONS__
+
+# End
diff --git a/OS/eximon.conf-Default b/OS/eximon.conf-Default
new file mode 100644
index 0000000..2f874ef
--- /dev/null
+++ b/OS/eximon.conf-Default
@@ -0,0 +1,41 @@
+# Exim: Default settings for the eximon script which fires up the Exim monitor.
+# These can be overridden by OS-specific scripts and local installation
+# scripts, and also at run time by shell variables.
+
+# The name of the eximon binary, usually the same as the eximon script,
+# with .bin stuck on the end.
+
+EXIMON_BINARY="${EXIMON_BINARY-$0.bin}"
+
+# The remaining parameters are values likely to be changed to suit the
+# user's taste. They are documented in the EDITME file.
+
+WINDOW_TITLE=${EXIMON_WINDOW_TITLE-'"${hostname} eximon"'}
+
+ACTION_OUTPUT=${EXIMON_ACTION_OUTPUT-no}
+ACTION_QUEUE_UPDATE=${EXIMON_ACTION_QUEUE_UPDATE-yes}
+BODY_MAX=${EXIMON_BODY_MAX-20000}
+LOG_DEPTH=${EXIMON_LOG_DEPTH-300}
+LOG_WIDTH=${EXIMON_LOG_WIDTH-${EXIMON_WIDTH-950}}
+LOG_BUFFER=${EXIMON_LOG_BUFFER-20K}
+LOG_FONT=${EXIMON_LOG_FONT--misc-fixed-medium-r-normal-*-14-140-*-*-*-*-iso8859-1}
+LOG_STRIPCHARTS='/ <= /in/
+                 / => /out/
+                 / => .+ R=local/local/
+                 / => .+ T=[^ ]*smtp/smtp/'
+MENU_EVENT=${EXIMON_MENU_EVENT-'Shift<Btn1Down>'}
+MIN_HEIGHT=${EXIMON_MIN_HEIGHT-162}
+MIN_WIDTH=${EXIMON_MIN_WIDTH-103}
+QUEUE_DEPTH=${EXIMON_QUEUE_DEPTH-200}
+QUEUE_WIDTH=${EXIMON_QUEUE_WIDTH-${EXIMON_WIDTH-950}}
+QUEUE_FONT=${EXIMON_QUEUE_FONT-${LOG_FONT}}
+QUEUE_MAX_ADDRESSES=${EXIMON_QUEUE_MAX_ADDRESSES-10}
+QUEUE_INTERVAL=${EXIMON_QUEUE_INTERVAL-300}
+QUEUE_STRIPCHART_NAME=${EXIMON_QUEUE_STRIPCHART_NAME-queue}
+SIZE_STRIPCHART=${EXIMON_SIZE_STRIPCHART}
+SIZE_STRIPCHART_NAME=${EXIMON_SIZE_STRIPCHART_NAME}
+START_SMALL=${EXIMON_START_SMALL-no}
+STRIPCHART_INTERVAL=${EXIMON_STRIPCHART_INTERVAL-60}
+TEXT_DEPTH=${EXIMON_TEXT_DEPTH-200}
+
+# End
diff --git a/OS/os.Configuring b/OS/os.Configuring
new file mode 100644
index 0000000..465bc26
--- /dev/null
+++ b/OS/os.Configuring
@@ -0,0 +1,215 @@
+Configuring Exim for different Operating Systems
+------------------------------------------------
+
+These notes describe the way in which Exim is configured at the C program level
+for different operating systems. The normal configuration options that apply
+independently of the operating system are specified by creating files in the
+Local directory, as described in chapter 4 of the manual.
+
+These notes cover the os.* files in the OS directory, and contain information
+for people who want to port the program to some new OS, or to modify the
+configuration for an existing port. If you are just wanting to compile Exim on
+a system that it already knows about, you do not need to read further unless
+there are problems.
+
+The os.c-<ostype> files
+-----------------------
+
+There may be an os.c-<ostype> file for each operating system, but for many of
+them it is not necessary. No error occurs is there isn't one. There is a
+generic file called os.c which contains code that is common to two or more OS
+for setting a restarting or a non-restarting signal, for computing the load
+average, and for finding all the network interface addresses. A few OS have
+their own individual code for one or more of these. When they do, the code is
+put into an os.c-<ostype> file, which also defines a macro such as
+OS_RESTARTING_SIGNAL (for example) to cut out the common code in the generic
+os.c.
+
+The os.h-<ostype> files
+-----------------------
+
+For each OS that Exim knows about, there is an os.h-<ostype> file, where
+<ostype> is the OS name. The relevant file is included as a C header file for
+all Exim compilation by pointing a symbolic link called os.h at it from the
+build directory. The settings are as follows:
+
+The select() function
+---------------------
+
+There is a difference in the data type for the second argument to the select()
+function in some OS. The macro SELECT_ARG2_TYPE can be used to define the type.
+If it is not defined in os.h, then it is defaulted to fs_set in exim.h.
+
+The dn_expand() function
+------------------------
+
+There is a difference in the data type for the fourth argument to the
+dn_expand() function in some OS. The macro DN_EXPAND_ARG4_TYPE can be used to
+define the type. If it is not defined in os.h, then it is defaulted to char *
+in exim.h.
+
+The h_errno variable
+--------------------
+
+If NEED_H_ERRNO is defined, then a definition of the form
+
+extern int h_errno
+
+is included in the compiled code of Exim.
+
+The strerror() function
+-----------------------
+
+Most systems provide the ANSI standard strerror() function; older systems may
+instead have an errlist[] variable in which to look up error texts. Defining
+STRERROR_FROM_ERRLIST causes Exim to build its own strerror() function that
+mimics the ANSI function by lookup up the error code in errlist.
+
+Truncating files
+----------------
+
+The fcntl() option for truncating the length of a file is called F_FREESP in
+most systems; in some, however, it is called O_TRUNC. Some os.h files define
+F_FREESP to be O_TRUNC for this reason.
+
+Finding local interfaces
+------------------------
+
+The SIOCGIFCONF ioctl for finding local interfaces behaves differently on BSD
+systems. It returns a vector of ifreq blocks containing sockaddr structures
+that can be longer than their sizeof definition, making the returned ifreq
+blocks longer than their sizeof definitions. BSD sockaddrs structures contain
+an sa_len field giving the actual size. To cope with difference, there is a
+macro called HAVE_SA_LEN. If it is defined, code that works on BSD systems is
+used. Otherwise, the objects returned by SIOCGIFCONF are assumed to be of
+length sizeof(struct ifreq).
+
+On some operating systems, the SIOCGIFCONF ioctl returns the IP addresses
+with the list of interfaces, and there is no need to call SIOCGIFADDR for each
+individual address. Mostly, making the second call does no harm, but on Linux
+when there are IP aliases, it causes things to go wrong. This also happens on
+BSDI and GNU Hurd. Therefore, there is now a macro to cut it out, called
+SIOCGIFCONF_GIVES_ADDR.
+
+Note that, if IPv6 support is configured, Exim cannot find the IPv6 addresses
+on local interfaces by itself. You need to set the local_interfaces option in
+this situation.
+
+Computing load averages
+-----------------------
+
+There are several different ways that load averages are computed. One-off code
+is put in the os.c-<ostype>, but several OS use similar methods, and these
+are coded in the generic os.c, using a number of parameters to make variations
+between OS.
+
+Sometimes the load average is not available to unprivileged callers. If
+LOAD_AVG_NEEDS_ROOT is set, Exim ensures that it is root before trying to
+obtain a load average value.
+
+(1) If HAVE_BSD_GETLOADAVG is defined, Exim uses a simple call to the
+getloadavg() function.
+
+(2) If HAVE_KSTAT is defined, Exim uses the kstat package as found in Solaris 2
+(but nowhere else as yet). It uses some supplementary definitions:
+
+  LOAD_AVG_KSTAT          the kstat to use
+  LOAD_AVG_KSTAT_MODULE   the module to access
+  LOAD_AVG_KSTAT_SYMBOL   the symbol containing the value we want
+  LOAD_AVG_KSTAT_FIELD    the field identity
+
+(3) If HAVE_DEV_KMEM is defined, Exim reads load average values from the
+/dev/kmem device. It uses some supplementary definitions:
+
+  LOAD_AVG_TYPE           the data type
+  LOAD_AVG_SYMBOL         the symbol to look up
+  KERNEL_PATH             the name of the kernel
+  FSCALE                  a scaling factor
+
+Sometimes FSCALE is defined in system headers so need not be defined in the
+os.h-<ostype> file.
+
+Glibc systems and IP options
+----------------------------
+
+The code for inspecting IP options is the same in all OS except for systems
+using glibc (e.g. Linux), which uses a different structure to return data from
+getsockopt(). To handle this, there is a macro called
+
+  GLIBC_IP_OPTIONS
+
+which should be set for Linux (in os.h-Linux) and any other operating system
+that uses glibc.
+
+Options for statvfs()
+---------------------
+
+The following settings apply to the compilation of the Exim monitor as well as
+to the main Exim binary.
+
+#undefine HAVE_STATFS
+
+Exim has options for checking the amount of space in the spool partition
+before accepting a message, and the monitor has the ability to display a
+stripchart of the percentage fullness of a particular disc partition, usually
+/var/spool/mail. The standard way of finding out the data is to call the
+statvfs() function, but some operating systems use statfs() and some may not
+have the ability at all. The Exim code uses STATVFS() for this function and
+this gets defined appropriately. HAVE_STATFS is defined before including the
+os.h file; undefining it suppresses the code for checking a partition in the
+main binary, and for monitoring disc partition in the monitor.
+
+When HAVE_STATFS is defined, the distinction between statvfs() and statfs() is
+made by checking HAVE_SYS_STATVFS_H. If it is defined, then sys/statvfs.h is
+included. Otherwise, STATVFS() is defined as a macro for statfs(), and some
+further includes are done, according to the following definitions:
+
+#define HAVE_SYS_MOUNT_H
+#define HAVE_VFS_H
+
+Each of those definitions causes the inclusion of the corresponding system
+header file in the Exim monitor compilation. For example, the first one causes
+
+#include <sys/mount.h>
+
+to be obeyed. Different systems may require different combinations of these
+headers.
+
+The sys/resource.h header
+-------------------------
+
+One OS does not have the sys/resource.h header. If NO_SYS_RESOURCE_H is defined
+in an os.h-<ostype> file, then the #include for this header is skipped in
+exim.h.
+
+Support for login_cap functions
+-------------------------------
+
+Some of the BSD systems support functions for controlling the resources that
+user processes can use (e.g. login_getpwclass). If HAVE_SETCLASSRESOURCES is
+defined, Exim supports this feature for running pipe deliveries, using the
+setclassresources() function.
+
+The crypt_h header
+------------------
+
+Some OS require crypt.h to be included to get a prototype for the crypt()
+function. This is needed only when compiling with AUTH support. If CRYPT_H is
+defined, then this header is included.
+
+mmap() support
+--------------
+
+The CDB support includes the option of handling file operations by using
+mmap()/munmap(). This gives a reasonable performance increase which will
+probably scale over multiple processes (since the files are mapped read-only
+shared). The vast majority of modern operating systems will support mmap
+(certainly in the simplified way that it is being used here). For example any
+BSD 4.x derived or POSIX compliant system will support it, as will pretty much
+any system using dynamically shared link libraries.
+
+If the OS is believed to support mmap() then the symbol HAVE_MMAP is defined.
+Not all systems that support mmap will have had their config files updated to
+reflect this. Currently Linux, Sun, BSD and SGI/mips systems have been updated.
+
+*** End ***
diff --git a/OS/os.c-FreeBSD b/OS/os.c-FreeBSD
new file mode 100644
index 0000000..cb0b0bf
--- /dev/null
+++ b/OS/os.c-FreeBSD
@@ -0,0 +1,47 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) Jeremy Harris 1995 - 2020 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* FreeBSD-specific code. This is concatenated onto the generic
+src/os.c file. */
+
+
+/*************
+Sendfile shim
+*************/
+
+ssize_t
+os_sendfile(int out, int in, off_t * offp, size_t cnt)
+{
+off_t loff = *offp, written;
+
+if (sendfile(in, out, loff, cnt, NULL, &written, 0) < 0) return (ssize_t)-1;
+*offp = loff + written;
+return (ssize_t)written;
+}
+
+/*************************************************
+TCP Fast Open:  check that the ioctl is accepted
+*************************************************/
+
+#ifndef COMPILE_UTILITY
+void
+tfo_probe(void)
+{
+# ifdef TCP_FASTOPEN
+int sock;
+
+if (  (sock = socket(AF_INET, SOCK_STREAM, 0)) >= 0
+   && setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &on, sizeof(on) >= 0)
+   )
+  f.tcp_fastopen_ok = TRUE;
+close(sock);
+# endif
+}
+#endif
+
+
+/* End of os.c-Linux */
diff --git a/OS/os.c-GNU b/OS/os.c-GNU
new file mode 100644
index 0000000..dbd0149
--- /dev/null
+++ b/OS/os.c-GNU
@@ -0,0 +1,56 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) The Exim Maintainers 2020 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* GNU-specific code. This is concatenated onto the generic src/os.c file.
+GNU/Hurd has approximately the same way to determine the load average as NeXT,
+so a variant of this could also be in the generic os.c file. See the GNU EMacs
+getloadavg.c file, from which this snippet was derived. getloadavg.c from Emacs
+is copyrighted by the FSF under the terms of the GPLv2 or any later version.
+Changes are hereby placed under the same license, as requested by the GPL. */
+
+#ifndef OS_LOAD_AVERAGE
+#define OS_LOAD_AVERAGE
+
+#include <mach.h>
+
+static processor_set_t default_set;
+static int getloadavg_initialized;
+
+int
+os_getloadavg (void)
+{
+host_t host;
+struct processor_set_basic_info info;
+unsigned info_count;
+
+if (!getloadavg_initialized)
+  {
+  if (processor_set_default (mach_host_self(), &default_set) == KERN_SUCCESS)
+    getloadavg_initialized = 1;
+  }
+
+if (getloadavg_initialized)
+  {
+  info_count = PROCESSOR_SET_BASIC_INFO_COUNT;
+  if (processor_set_info(default_set, PROCESSOR_SET_BASIC_INFO, &host,
+       (processor_set_info_t)&info, &info_count) != KERN_SUCCESS)
+    getloadavg_initialized = 0;
+  else
+    {
+    #if LOAD_SCALE == 1000
+    return info.load_average;
+    #else
+    return (int) (((double) info.load_average * 1000) / LOAD_SCALE));
+    #endif
+    }
+  }
+
+return -1;
+}
+#endif  /* OS_LOAD_AVERAGE */
+
+/* End of os.c-GNU */
diff --git a/OS/os.c-Linux b/OS/os.c-Linux
new file mode 100644
index 0000000..59d81f8
--- /dev/null
+++ b/OS/os.c-Linux
@@ -0,0 +1,165 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 1997 - 2018 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Linux-specific code. This is concatenated onto the generic
+src/os.c file. */
+
+
+/*************************************************
+*              Load average computation          *
+*************************************************/
+
+/*Linux has an apparently unique way of getting the load average, so we provide
+a unique function here, and define OS_LOAD_AVERAGE to stop src/os.c trying to
+provide the function. However, when compiling os.c for utilities, we may not
+want this at all, so check that it isn't set first. */
+
+#if !defined(OS_LOAD_AVERAGE) && defined(__linux__)
+#define OS_LOAD_AVERAGE
+
+/* Linux has 2 ways of returning load average:
+
+  (1) Do a read on /proc/loadavg
+  (2) Use the sysinfo library function and syscall
+
+The latter is simpler but in Linux 2.0 - 2.2 (and probably later releases) is
+exceptionally slow - 10-50ms per call is not unusual and about 100x slow the
+first method. This cripples high performance mail servers by increasing CPU
+utilisation by 3-5x.
+
+In Exim's very early days, it used the 1st method. Later, it switched to the
+2nd method. Now it tries the 1st method and falls back to the 2nd if /proc is
+unavailable. */
+
+#include <sys/sysinfo.h>
+
+static int
+linux_slow_getloadavg(void)
+{
+struct sysinfo s;
+double avg;
+if (sysinfo(&s) < 0) return -1;
+avg = (double) (s.loads[0]) / (1<<SI_LOAD_SHIFT);
+return (int)(avg * 1000.0);
+}
+
+int
+os_getloadavg(void)
+{
+char buffer[40];
+double avg;
+int count;
+int fd = open ("/proc/loadavg", O_RDONLY);
+if (fd == -1) return linux_slow_getloadavg();
+count = read (fd, buffer, sizeof(buffer));
+(void)close (fd);
+if (count <= 0) return linux_slow_getloadavg();
+count = sscanf (buffer, "%lf", &avg);
+if (count < 1) return linux_slow_getloadavg();
+return (int)(avg * 1000.0);
+}
+#endif  /* OS_LOAD_AVERAGE */
+
+
+
+
+
+/*************************************************
+*         Finding interface addresses            *
+*************************************************/
+
+/* This function is not required for utilities; we cut it out if
+FIND_RUNNING_INTERFACES is already defined. */
+
+#ifndef FIND_RUNNING_INTERFACES
+
+/* This code, contributed by Jason Gunthorpe, appears to be the current
+way of finding IPv6 interfaces in Linux. It first calls the common function in
+order to find IPv4 interfaces, then grobbles around to find the others. Jason
+said, "This is so horrible, don't look. Slightly ripped from net-tools
+ifconfig." It gets called by virtue of os_find_running_interfaces being defined
+as a macro for os_find_running_interfaces_linux in the os.h-Linux file. */
+
+ip_address_item *
+os_find_running_interfaces_linux(void)
+{
+ip_address_item *yield = NULL;
+
+#if HAVE_IPV6
+ip_address_item *last = NULL;
+ip_address_item  *next;
+char addr6p[8][5];
+unsigned int plen, scope, dad_status, if_idx;
+char devname[20+1];
+FILE *f;
+#endif
+
+yield = os_common_find_running_interfaces();
+
+#if HAVE_IPV6
+
+/* Open the /proc file; give up if we can't. */
+
+if ((f = fopen("/proc/net/if_inet6", "r")) == NULL) return yield;
+
+/* Pick out the data from within the file, and add it on to the chain */
+
+last = yield;
+if (last != NULL) while (last->next != NULL) last = last->next;
+
+while (fscanf(f, "%4s%4s%4s%4s%4s%4s%4s%4s %02x %02x %02x %02x %20s\n",
+             addr6p[0], addr6p[1], addr6p[2], addr6p[3],
+             addr6p[4], addr6p[5], addr6p[6], addr6p[7],
+             &if_idx, &plen, &scope, &dad_status, devname) != EOF)
+  {
+  struct sockaddr_in6 addr;
+
+  /* This data has to survive for ever, so use malloc. */
+
+  next = store_malloc(sizeof(ip_address_item));
+  next->next = NULL;
+  next->port = 0;
+  sprintf(CS next->address, "%s:%s:%s:%s:%s:%s:%s:%s",
+         addr6p[0], addr6p[1], addr6p[2], addr6p[3],
+         addr6p[4], addr6p[5], addr6p[6], addr6p[7]);
+
+  /* Normalize the representation */
+
+  inet_pton(AF_INET6, CS next->address, &addr.sin6_addr);
+  inet_ntop(AF_INET6, &addr.sin6_addr, CS next->address, sizeof(next->address));
+
+  if (yield == NULL) yield = last = next; else
+    {
+    last->next = next;
+    last = next;
+    }
+
+  DEBUG(D_interface)
+    debug_printf("Actual local interface address is %s (%s)\n", last->address,
+      devname);
+  }
+fclose(f);
+#endif  /* HAVE_IPV6 */
+
+return yield;
+}
+
+#endif  /* FIND_RUNNING_INTERFACES */
+
+
+/*************
+* Sendfile   *
+*************/
+#include <sys/sendfile.h>
+
+ssize_t
+os_sendfile(int out, int in, off_t * off, size_t cnt)
+{
+return sendfile(out, in, off, cnt);
+}
+
+/* End of os.c-Linux */
diff --git a/OS/os.c-SunOS5 b/OS/os.c-SunOS5
new file mode 100644
index 0000000..1624869
--- /dev/null
+++ b/OS/os.c-SunOS5
@@ -0,0 +1,16 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2016 */
+/* Copyright (c) Jeremy Harris 2016 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Solaris-specific code. This is concatenated onto the generic
+src/os.c file. */
+
+#if defined(MISSING_UNSETENV_3) && !defined(COMPILE_UTILITY)
+# include "setenv.c"
+#endif
+
+/* End of os.c-SunOS5 */
diff --git a/OS/os.h-Darwin b/OS/os.h-Darwin
new file mode 100644
index 0000000..7e3a67c
--- /dev/null
+++ b/OS/os.h-Darwin
@@ -0,0 +1,58 @@
+/* Exim: OS-specific C header file for Darwin (Mac OS X) */
+
+/* #define CRYPT_H */  /* Apparently this isn't needed */
+
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define PAM_H_IN_PAM
+#define SIOCGIFCONF_GIVES_ADDR
+
+
+#define F_FREESP     O_TRUNC
+typedef struct flock flock_t;
+
+#define BASE_62 36  /* HFS+ aliases lower and upper cases in filenames.
+                               Consider reducing MAX_LOCALHOST_NUMBER */
+
+#ifndef        _BSD_SOCKLEN_T_
+# define _BSD_SOCKLEN_T_ int32_t                 /* socklen_t (duh) */
+#endif
+
+/* Settings for handling IP options. There's no netinet/ip_var.h. The IP
+option handling is in the style of the later GLIBCs but the GLIBC macros
+aren't set, so we invent a new one. */
+
+#define NO_IP_VAR_H
+#define DARWIN_IP_OPTIONS
+
+/* Need this for the DNS lookup code. Remember to remove if we get round to
+updating Exim to use the newer interface. */
+
+#define BIND_8_COMPAT
+
+/* It's not .so for dynamic libraries on Darwin. */
+#define DYNLIB_FN_EXT "dylib"
+
+/* We currently need some assistance getting OFF_T_FMT correct on MacOS */
+#ifdef OFF_T_FMT
+# undef OFF_T_FMT
+#endif
+#define OFF_T_FMT "%lld"
+#define LONGLONG_T long int
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* seems arpa/nameser.h does not define this */
+#define NS_MAXMSG 65535
+
+/* There may be very many supplementary groups for the user. See notes
+in "man 2 getgroups". */
+#define _DARWIN_UNLIMITED_GETGROUPS
+#define EXIM_GROUPLIST_SIZE 64
+
+/* TCP Fast Open: Darwin uses a connectx() call
+rather than a modified sendto() */
+#define EXIM_TFO_CONNECTX
+
+/* End */
diff --git a/OS/os.h-FreeBSD b/OS/os.h-FreeBSD
new file mode 100644
index 0000000..73d9976
--- /dev/null
+++ b/OS/os.h-FreeBSD
@@ -0,0 +1,71 @@
+/* Exim: OS-specific C header file for FreeBSD */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_SETCLASSRESOURCES
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+#define HAVE_SRANDOMDEV
+#define HAVE_ARC4RANDOM
+
+/* Applications should not call arc4random_stir() explicitly after
+ * FreeBSD r227520 (approximately 1000002).
+ * Set NOT_HAVE_ARC4RANDOM_STIR if the version released is past
+ * that point. */
+#if __FreeBSD_version >= 1000002
+# define NOT_HAVE_ARC4RANDOM_STIR
+#endif
+
+typedef struct flock flock_t;
+
+/* iconv arg2 type: libiconv in Ports uses "const char* * inbuf" and was
+ * traditionally the only approach available.  The iconv functionality
+ * in libc is "char ** restrict src".
+ *
+ * <https://www.freebsd.org/doc/en/books/porters-handbook/using-iconv.html>
+ * says that libc has iconv since 2013, in 10-CURRENT.  FreeBSD man-pages
+ * shows it included in 10.0-RELEASE.  Writing this in 2017, 10.3 is the
+ * oldest supported release, so we should assume non-libiconv by default.
+ * (Actually, people still using old releases past EOL; we shouldn't support
+ * them but I don't want to deal with howls of complaints because we dare
+ * to not support the unsupported, so guard this on FreeBSD 10+)
+ *
+ * Thus we no longer override iconv.
+ *
+ * However, if libiconv is installed, and anything adds /usr/local/include
+ * to include-path (likely) then we'll get that.  So define a variable
+ * which makes the libiconv try to not interfere with OS iconv.
+ */
+#if __FreeBSD__ >= 10
+# define LIBICONV_PLUG
+#endif
+/* for more specific version constraints, look at __FreeBSD_version
+ * from <sys/param.h> */
+
+/* When using DKIM, setting OS_SENDFILE can increase
+performance on outgoing mail a bit. */
+
+#define OS_SENDFILE
+extern ssize_t os_sendfile(int, int, off_t *, size_t);
+
+
+/*******************/
+
+#define EXIM_TFO_PROBE
+#define EXIM_TFO_FREEBSD
+
+
+/* for TCP state-variable values, for TFO logging */
+#include <netinet/tcp_fsm.h>
+#define TCP_SYN_RECV TCPS_SYN_RECEIVED
+
+/*******************/
+
+/* End */
diff --git a/OS/os.h-GNU b/OS/os.h-GNU
new file mode 100644
index 0000000..59130ef
--- /dev/null
+++ b/OS/os.h-GNU
@@ -0,0 +1,28 @@
+/* Exim: OS-specific C header file for GNU/Hurd */
+/* Copyright (c) The Exim Maintainers 2020 */
+
+#define CRYPT_H
+#define GLIBC_IP_OPTIONS
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_MMAP
+#define HAVE_SYS_VFS_H
+#define NO_IP_VAR_H
+#define SIG_IGN_WORKS
+#define SIOCGIFCONF_GIVES_ADDR
+
+#define F_FREESP     O_TRUNC
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+/* Hurd-specific bits below */
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* setgroups(0, NULL) succeeds, and drops the gid group
+as well as any supplementary groups*/
+#define OS_SETGROUPS_ZERO_DROPS_ALL
+
+/* End */
diff --git a/OS/os.h-Linux b/OS/os.h-Linux
new file mode 100644
index 0000000..c705e5c
--- /dev/null
+++ b/OS/os.h-Linux
@@ -0,0 +1,94 @@
+/* Exim: OS-specific C header file for Linux */
+/* Copyright (c) University of Cambridge 1995 - 2020 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+
+/* Some old systems we've received bug-reports for have a <limits.h> which
+does not pull in <features.h>.  Best to just pull it in now and have done
+with the issue. */
+
+#include <features.h>
+#include <sys/types.h>
+
+
+#define CRYPT_H
+#define GLIBC_IP_OPTIONS
+#define HAVE_MMAP
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_SYS_STATVFS_H
+#define NO_IP_VAR_H
+#define SIG_IGN_WORKS
+
+/* When using DKIM, setting OS_SENDFILE can increase
+performance on outgoing mail a bit. Note: With older glibc versions
+this setting will conflict with the _FILE_OFFSET_BITS=64 setting
+defined as part of the Linux CFLAGS.  As of 2017 those are declared
+to be too old to build by default. */
+
+#define OS_SENDFILE
+extern ssize_t os_sendfile(int, int, off_t *, size_t);
+
+#define F_FREESP     O_TRUNC
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+#if defined(__linux__) || defined(__FreeBSD_kernel__) || defined(__NetBSD_kernel__)
+# define SIOCGIFCONF_GIVES_ADDR
+# define HAVE_SYS_MOUNT_H
+#endif
+
+#if defined(__linux__)
+
+/* Some versions of Linux need explicit sync-ing of directories as well as
+files. This setting requests that. If the directory is on NFS, it may not
+be possible to sync it - in that case, Exim now should ignore the error. But
+if you have problems in that area, try undefining this. But be aware that you
+may be in a situation where files are not being properly "committed to stable
+storage" as quickly as Exim thinks they are. */
+
+#define NEED_SYNC_DIRECTORY
+
+#define os_find_running_interfaces os_find_running_interfaces_linux
+
+/* Need a prototype for the Linux-specific function. The structure hasn't
+been defined yet, so we need to pre-declare it. */
+
+struct ip_address_item;
+extern struct ip_address_item *os_find_running_interfaces_linux(void);
+
+#endif /* __linux__ */
+
+/* Some folks running "unusual" setups with very old libc environments have
+found that _GNU_SOURCE=1 before <features.h> is not sufficient to define some
+constants needed for 64-bit arithmetic.  If you encounter build errors based
+on LLONG_MIN being undefined and various other escape hatches have not helped,
+then change the 0 to 1 in the next block. */
+
+#if 0
+# define LLONG_MIN LONG_LONG_MIN
+# define LLONG_MAX LONG_LONG_MAX
+#endif
+
+#if _POSIX_C_SOURCE >= 200809L || _ATFILE_SOUCE
+# define EXIM_HAVE_OPENAT
+#endif
+
+/* TCP Fast Open support */
+
+#include <netinet/tcp.h>	/* for TCP_FASTOPEN */
+#include <sys/socket.h>		/* for MSG_FASTOPEN */
+#if defined(TCP_FASTOPEN) && !defined(MSG_FASTOPEN)
+# define MSG_FASTOPEN 0x20000000
+#endif
+#define EXIM_HAVE_TCPI_UNACKED
+#ifndef TCPI_OPT_SYN_DATA
+# define TCPI_OPT_SYN_DATA 32
+#endif
+
+/* "Abstract" Unix-socket names */
+#define EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
+
+
+/* End */
diff --git a/OS/os.h-OpenBSD b/OS/os.h-OpenBSD
new file mode 100644
index 0000000..dde779f
--- /dev/null
+++ b/OS/os.h-OpenBSD
@@ -0,0 +1,60 @@
+/* Exim: OS-specific C header file for OpenBSD */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+#define HAVE_ARC4RANDOM
+/* In May 2014, OpenBSD 5.5 was released which cleaned up the arc4random_* API
+   which removed the arc4random_stir() function. Set NOT_HAVE_ARC4RANDOM_STIR
+   if the version released is past that point. */
+#include <sys/param.h>
+#if OpenBSD >= 201405
+# define NOT_HAVE_ARC4RANDOM_STIR
+#endif
+
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+typedef struct __res_state *res_state;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+#ifndef EPROTO
+# define EPROTO 71
+#endif
+
+/* We need to force this; the automatic in buildconfig.c gets %ld */
+#ifdef OFF_T_FMT
+# undef OFF_T_FMT
+# undef LONGLONG_T
+#endif
+#define OFF_T_FMT "%lld"
+#define LONGLONG_T long long int
+
+#ifdef PID_T_FMT
+# undef PID_T_FMT
+#endif
+#define PID_T_FMT "%d"
+
+#ifdef INO_T_FMT
+# undef INO_T_FMT
+#endif
+#define INO_T_FMT "%llu"
+
+#ifdef TIME_T_FMT
+# undef TIME_T_FMT
+#endif
+#define TIME_T_FMT "%lld"
+
+/* seems arpa/nameser.h does not define this.
+Space-constrained devices could use much smaller; a few k. */
+#define NS_MAXMSG 65535
+
+/* End */
diff --git a/OS/os.h-SunOS5 b/OS/os.h-SunOS5
new file mode 100644
index 0000000..dfbd8f1
--- /dev/null
+++ b/OS/os.h-SunOS5
@@ -0,0 +1,51 @@
+/* Exim: OS-specific C header file for SunOS5 aka Solaris */
+
+#define CRYPT_H
+#define HAVE_MMAP
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL                f_favail
+#define SIOCGIFCONF_GIVES_ADDR
+
+#define HAVE_GETIPNODEBYNAME    1
+#define HAVE_GETIPNODEBYADDR    1
+
+#define HAVE_KSTAT
+#define LOAD_AVG_KSTAT         "system_misc"
+#define LOAD_AVG_KSTAT_MODULE  "unix"
+#define LOAD_AVG_SYMBOL        "avenrun_1min"
+#define LOAD_AVG_FIELD          value.ui32
+
+#define os_strsignal            strsignal
+#define OS_STRSIGNAL
+
+/* This is needed for some early Solaris releases, but causes trouble
+in the current ones, so it is out by default. */
+
+/* #define EXIM_SOCKLEN_T       size_t */
+
+/* This is different from Linux and all other PAM implementations,
+it seems. */
+
+#define PAM_CONVERSE_ARG2_TYPE  struct pam_message
+
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+#if _POSIX_C_SOURCE < 200112L
+# define MISSING_UNSETENV_3
+#endif
+
+
+/* SunOS5 doesn't accept getcwd(NULL, 0) to auto-allocate
+a buffer */
+
+#define OS_GETCWD
+
+
+#ifndef MIN
+# define MIN(a,b) (((a)<(b))?(a):(b))
+# define MAX(a,b) (((a)>(b))?(a):(b))
+#endif
+
+/* End */
diff --git a/OS/unsupported/Makefile-AIX b/OS/unsupported/Makefile-AIX
new file mode 100644
index 0000000..fc32aa2
--- /dev/null
+++ b/OS/unsupported/Makefile-AIX
@@ -0,0 +1,28 @@
+# Exim: OS-specific make file for AIX
+# Written by Nick Waterman (nick@cimio.co.uk)
+# Modified by PH following a message from Mike Meredith
+
+# Note that the output of uname -m is probably not what Philip expected,
+# so you might end up with more build-AIX-random_number directories than
+# you expected if you have too many AIX boxes, but it seems to work... I
+# blame IBM.
+
+# Note that nowadays you have to pay extra for a cc compiler with AIX!
+
+CC=gcc
+
+# This needs to be in here rather than os.h-AIX because of regexp stuff.
+# basically strchr is a #define, which means "extern char *strchr()"
+# ruins things. __STR31__ seems to get around this by magic. The AIX
+# include files are quite a confusing maze.
+# Mike M says this is not necessary any more; possibly this is related to
+# using gcc. Commented out by PH.
+#CFLAGS = -D__STR31__
+
+CFLAGS = -mcpu=power4 -maix64 -O3
+
+# Needed for vfork() and vfork() only?
+
+LIBS = -lbsd -lm
+
+# End
diff --git a/OS/unsupported/Makefile-BSDI b/OS/unsupported/Makefile-BSDI
new file mode 100644
index 0000000..d56aa9b
--- /dev/null
+++ b/OS/unsupported/Makefile-BSDI
@@ -0,0 +1,21 @@
+# Exim: OS-specific make file for BSDI aka BSD/OS. Its antique link editor
+# cannot handle the TextPop overriding.
+
+CFLAGS=-O
+CHOWN_COMMAND=/usr/sbin/chown
+
+HAVE_SA_LEN=YES
+
+X11=/usr/X11
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+LIBS_EXIMON=-lSM -lICE -lipc -lm
+EXIMON_TEXTPOP=
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/unsupported/Makefile-CYGWIN b/OS/unsupported/Makefile-CYGWIN
new file mode 100644
index 0000000..5e608fe
--- /dev/null
+++ b/OS/unsupported/Makefile-CYGWIN
@@ -0,0 +1,113 @@
+# OS-specific file for Cygwin.
+
+# This file provided by Pierre A. Humblet <Pierre.Humblet@ieee.org>
+
+HAVE_IPV6 = yes
+HAVE_ICONV = yes
+# Use c99 to have %z 
+CFLAGS= -g -Wall -std=c99 -U __STRICT_ANSI__
+LIBS= -lcrypt -lresolv
+LIBS_EXIM= -liconv
+EXIWHAT_PS_ARG=-as
+EXIWHAT_KILL_SIGNAL=-USR1
+EXIWHAT_EGREP_ARG='/(EXIM|exim)[0-9. -]*$$'
+
+DBMLIB=-lgdbm
+USE_GDBM=YES
+
+# Some OS add a suffix to executables
+EXE = .exe
+
+# To add a resource file with an icon
+LIBS_EXIM +=../Local/exim_res.o
+
+# To produce a linker map
+#LIBS_EXIM+=-Wl,-Map,Exim.Map
+
+
+##################################################
+# The following is normally set in local/Makefile.
+# Makefile.cygwin provides defaults with which the
+# precompiled version is built
+##################################################
+
+BIN_DIRECTORY=/usr/bin
+CONFIGURE_FILE=/etc/exim.conf
+EXIM_USER=18   # This changes if user exim exists
+EXIM_GROUP=544 # Administrators
+SPOOL_DIRECTORY=/var/spool/exim
+LOG_FILE_PATH=/var/log/exim/exim_%s.log
+TIMEZONE_DEFAULT = ""
+
+AUTH_CRAM_MD5=yes
+AUTH_PLAINTEXT=yes
+AUTH_SPA=yes
+
+#DISABLE_TLS=yes
+TLS_LIBS=-lssl -lcrypto
+
+ROUTER_ACCEPT=yes
+ROUTER_DNSLOOKUP=yes
+ROUTER_IPLITERAL=yes
+ROUTER_MANUALROUTE=yes
+ROUTER_QUERYPROGRAM=yes
+ROUTER_REDIRECT=yes
+
+TRANSPORT_APPENDFILE=yes
+TRANSPORT_AUTOREPLY=yes
+TRANSPORT_PIPE=yes
+TRANSPORT_SMTP=yes
+
+SUPPORT_MAILDIR=yes
+SUPPORT_MAILSTORE=yes
+SUPPORT_MBX=yes
+
+LOOKUP_DBM=yes
+LOOKUP_LSEARCH=yes
+
+# LOOKUP_CDB=yes
+LOOKUP_DNSDB=yes
+LOOKUP_DSEARCH=yes
+LOOKUP_LDAP=yes
+# LOOKUP_MYSQL=yes
+# LOOKUP_NIS=yes
+# LOOKUP_NISPLUS=yes
+# LOOKUP_ORACLE=yes
+LOOKUP_PASSWD=yes
+# LOOKUP_PGSQL=yes
+# LOOKUP_WHOSON=yes
+
+LDAP_LIB_TYPE=OPENLDAP2
+LOOKUP_LIBS=-lldap -llber
+
+WITH_CONTENT_SCAN=yes
+
+# It is important to define these variables but the values are always overridden
+CONFIGURE_OWNER=18
+CONFIGURE_GROUP=544
+
+EXICYCLOG_MAX=10
+
+COMPRESS_COMMAND=/usr/bin/gzip
+COMPRESS_SUFFIX=gz
+ZCAT_COMMAND=/usr/bin/zcat
+
+# EXIM_PERL=perl.o
+
+# Comment the two lines below if you do not have PAM, e.g. from
+# ftp://ftp.uni-erlangen.de/pub/pc/gnuwin32/cygwin/porters/Humblet_Pierre_A
+SUPPORT_PAM=yes
+CFLAGS += -DINCLUDE_PAM -I ../pam -I ../../pam
+
+# All modes are in octal and must start with 0
+EXIMDB_DIRECTORY_MODE    = 01777
+EXIMDB_MODE              = 0666
+EXIMDB_LOCKFILE_MODE     = 0666
+INPUT_DIRECTORY_MODE  = 01777
+LOG_DIRECTORY_MODE    = 01777
+LOG_MODE              = 0666
+MSGLOG_DIRECTORY_MODE = 01777
+SPOOL_DIRECTORY_MODE  = 01777
+SPOOL_MODE            = 0600
+
+# End
diff --git a/OS/unsupported/Makefile-DGUX b/OS/unsupported/Makefile-DGUX
new file mode 100644
index 0000000..667c63f
--- /dev/null
+++ b/OS/unsupported/Makefile-DGUX
@@ -0,0 +1,32 @@
+# Exim: OS-specific make file for DGUX
+#
+# Written by Ken Bailey (K.Bailey@rbgkew.org.uk) Feb 1998
+# on dgux R4.11MU04 generic AViiON mc88100
+# with no X
+
+# Minor tidies to remove settings that are actually the default,
+# in line with the style of other system files - PH.
+
+BASENAME_COMMAND=/bin/basename
+CHOWN_COMMAND=/bin/chown
+CHGRP_COMMAND=/bin/chgrp
+CHMOD_COMMAND=/bin/chmod
+
+# PERL
+# Perl is not necessary for running Exim itself, but some Perl utilities
+# are provided for processing the logs. Perl 5 is assumed.
+# DG ship perl version 4.036 in /bin/perl so need to use locally installed perl
+
+PERL_COMMAND=/usr/local/bin/perl
+
+# dg's version of gcc likes O2
+
+CFLAGS=-O2
+
+RANLIB=@true
+LIBS=-lsocket -lnsl -lm
+LIBRESOLV=-lresolv
+DBMLIB=-ldbm
+
+# End
+
diff --git a/OS/unsupported/Makefile-DragonFly b/OS/unsupported/Makefile-DragonFly
new file mode 100644
index 0000000..c49c59f
--- /dev/null
+++ b/OS/unsupported/Makefile-DragonFly
@@ -0,0 +1,31 @@
+# Exim: OS-specific make file for DragonFly
+# There's no setting of CFLAGS here, to allow the system default
+# for "make" to be the default.
+
+CHOWN_COMMAND=/usr/sbin/chown
+CHMOD_COMMAND=/bin/chmod
+
+HAVE_SA_LEN=YES
+
+# crypt() is in a separate library
+LIBS=-lcrypt -lm
+
+# DragonFly always ships with Berkeley DB
+USE_DB=yes
+
+# X11 may be under /usr/pkg/xorg/ for example.
+# X11=/usr/X11R6
+X11=$(X11BASE)
+
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+XLFLAGS+=-Wl,-rpath,${X11BASE}/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD='killall -m'
+EXIWHAT_MULTIKILL_ARG='^exim($$|-[0-9.]+-[0-9]+$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/unsupported/Makefile-GNUkFreeBSD b/OS/unsupported/Makefile-GNUkFreeBSD
new file mode 100644
index 0000000..8019281
--- /dev/null
+++ b/OS/unsupported/Makefile-GNUkFreeBSD
@@ -0,0 +1,29 @@
+# Exim: OS-specific make file for GNU and variants.
+
+HAVE_ICONV=yes
+
+BASENAME_COMMAND=look_for_it
+CHOWN_COMMAND=look_for_it
+CHGRP_COMMAND=look_for_it
+CHMOD_COMMAND=look_for_it
+
+CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+
+DBMLIB = -ldb
+USE_DB = yes
+
+LIBS = -lnsl -lcrypt -lm
+LIBRESOLV = -lresolv
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD=killall
+EXIWHAT_MULTIKILL_ARG=exim4
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/unsupported/Makefile-GNUkNetBSD b/OS/unsupported/Makefile-GNUkNetBSD
new file mode 100644
index 0000000..8019281
--- /dev/null
+++ b/OS/unsupported/Makefile-GNUkNetBSD
@@ -0,0 +1,29 @@
+# Exim: OS-specific make file for GNU and variants.
+
+HAVE_ICONV=yes
+
+BASENAME_COMMAND=look_for_it
+CHOWN_COMMAND=look_for_it
+CHGRP_COMMAND=look_for_it
+CHMOD_COMMAND=look_for_it
+
+CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+
+DBMLIB = -ldb
+USE_DB = yes
+
+LIBS = -lnsl -lcrypt -lm
+LIBRESOLV = -lresolv
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_MULTIKILL_CMD=killall
+EXIWHAT_MULTIKILL_ARG=exim4
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/unsupported/Makefile-HI-OSF b/OS/unsupported/Makefile-HI-OSF
new file mode 100644
index 0000000..da3d487
--- /dev/null
+++ b/OS/unsupported/Makefile-HI-OSF
@@ -0,0 +1,8 @@
+# Exim: OS-specific make file for HI-OSF/1-MJ and HI-UX/MPP
+
+CC=cc
+CFLAGS=-O
+RANLIB=@true
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+
+# End
diff --git a/OS/unsupported/Makefile-HI-UX b/OS/unsupported/Makefile-HI-UX
new file mode 100644
index 0000000..870ee84
--- /dev/null
+++ b/OS/unsupported/Makefile-HI-UX
@@ -0,0 +1,12 @@
+# Exim: OS-specific make file for HI-UX
+
+CC=cc -Aa -D_HIUX_SOURCE
+HAVE_SETRESUID=YES
+HAVE_SETEUID=NO
+XINCLUDE=-I/usr/include/X11R5
+XLFLAGS=-L/usr/lib/X11R5
+DBMLIB = -lndbm
+NEED_H_ERRNO=1
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-HP-UX b/OS/unsupported/Makefile-HP-UX
new file mode 100644
index 0000000..ea35144
--- /dev/null
+++ b/OS/unsupported/Makefile-HP-UX
@@ -0,0 +1,27 @@
+# Exim: OS-specific make file for HP-UX later than 9
+
+# HP ANSI C compiler
+#CC=cc
+#CFLAGS=+O2 +Onolimit -z -D_XOPEN_SOURCE_EXTENDED
+# Users of the A.06.00 compiler might need to use +O1 rather than +O2 as
+# there have been some problems reported with this compiler with +O2 set.
+
+# gcc
+CFLAGS=-O -D_XOPEN_SOURCE_EXTENDED
+LDFLAGS=-Wl,-z
+LIBS=-lm
+
+BASENAME_COMMAND=/bin/basename
+HAVE_ICONV=yes
+HAVE_SETRESUID=YES
+HAVE_SETEUID=NO
+XINCLUDE=-I/usr/include/X11R6 -I/usr/contrib/X11R6/include
+XLFLAGS=-L/usr/lib/X11R6 -L/usr/contrib/X11R6/lib
+X11_LD_LIB=/usr/contrib/X11R6/lib
+EXIMON_TEXTPOP=
+DBMLIB=-lndbm
+RANLIB=@true
+
+OS_C_INCLUDES=setenv.c
+
+# End
diff --git a/OS/unsupported/Makefile-HP-UX-9 b/OS/unsupported/Makefile-HP-UX-9
new file mode 100644
index 0000000..1530009
--- /dev/null
+++ b/OS/unsupported/Makefile-HP-UX-9
@@ -0,0 +1,15 @@
+# Exim: OS-specific make file for HP-UX 9
+
+CFLAGS=-O
+BASENAME_COMMAND=/bin/basename
+HAVE_ICONV=yes
+HAVE_SETRESUID=YES
+HAVE_SETEUID=NO
+XINCLUDE=-I/usr/include/X11R5
+XLFLAGS=-L/usr/lib/X11R5 -L/usr/contrib/X11R5/lib
+X11_LD_LIB=/usr/contrib/X11R5/lib
+EXIMON_TEXTPOP=
+DBMLIB=-lndbm
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-IRIX b/OS/unsupported/Makefile-IRIX
new file mode 100644
index 0000000..7b95783
--- /dev/null
+++ b/OS/unsupported/Makefile-IRIX
@@ -0,0 +1,12 @@
+# Exim: OS-specific make file for IRIX
+
+HAVE_ICONV=yes
+BASENAME_COMMAND=/sbin/basename
+HOSTNAME_COMMAND=/usr/bsd/hostname
+CFLAGS=-OPT:Olimit=1500
+LIBS=-lmld -lm
+XINCLUDE=-I/usr/include/X11
+vfork=fork
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-IRIX6 b/OS/unsupported/Makefile-IRIX6
new file mode 100644
index 0000000..be01138
--- /dev/null
+++ b/OS/unsupported/Makefile-IRIX6
@@ -0,0 +1,13 @@
+# Exim: OS-specific make file for IRIX6 on 64-bit systems
+
+HAVE_ICONV=yes
+HOSTNAME_COMMAND=/usr/bsd/hostname
+CFLAGS=-O2 -n32 -OPT:Olimit=4000
+LFLAGS=-n32
+LIBS=-lelf -lm
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=
+vfork=fork
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-IRIX632 b/OS/unsupported/Makefile-IRIX632
new file mode 100644
index 0000000..b567fc6
--- /dev/null
+++ b/OS/unsupported/Makefile-IRIX632
@@ -0,0 +1,16 @@
+# Exim: OS-specific make file for IRIX 6 on 32-bit systems.
+# There seems to be some variation. The commented settings show
+# some alternatives.
+
+HAVE_ICONV=yes
+HOSTNAME_COMMAND=/usr/bsd/hostname
+#CFLAGS=-OPT:Olimit=1500 -32 -mips2
+CFLAGS=-32
+LFLAGS=-32
+#LIBS=-lmld
+LIBS=-lelf -lm
+XINCLUDE=-I/usr/include/X11
+vfork=fork
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-IRIX65 b/OS/unsupported/Makefile-IRIX65
new file mode 100644
index 0000000..50e7745
--- /dev/null
+++ b/OS/unsupported/Makefile-IRIX65
@@ -0,0 +1,16 @@
+# Exim: OS-specific make file for IRIX 6.5
+
+HAVE_ICONV=yes
+HOSTNAME_COMMAND=/usr/bsd/hostname
+CC=cc
+CFLAGS=-O2 -OPT:Olimit=0
+# CFLAGS=-O2 # override with this (in your Local/Makefile) if using gcc
+LFLAGS=-Wl,-LD_MSG:off=85
+LFLAGS=
+# nlist has moved from libmld to libelf
+LIBS=-lelf -lm
+XINCLUDE=-I/usr/include/X11
+vfork=fork
+RANLIB=@true
+
+# End
diff --git a/OS/unsupported/Makefile-NetBSD b/OS/unsupported/Makefile-NetBSD
new file mode 100644
index 0000000..35d03a2
--- /dev/null
+++ b/OS/unsupported/Makefile-NetBSD
@@ -0,0 +1,27 @@
+# Exim: OS-specific make file for NetBSD (ELF object format)
+
+CHOWN_COMMAND=/usr/sbin/chown
+CHMOD_COMMAND=/bin/chmod
+
+CFLAGS ?= -O2
+
+HAVE_SA_LEN=YES
+HAVE_IPV6=YES
+LIBS=-lcrypt -lm
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# NetBSD always ships with Berkeley DB
+USE_DB=yes
+
+# NetBSD ELF linker needs a -R flag.
+XLFLAGS+=-Wl,-R$(X11)/lib/
+
+# End
diff --git a/OS/unsupported/Makefile-NetBSD-a.out b/OS/unsupported/Makefile-NetBSD-a.out
new file mode 100644
index 0000000..e210efd
--- /dev/null
+++ b/OS/unsupported/Makefile-NetBSD-a.out
@@ -0,0 +1,24 @@
+# Exim: OS-specific make file for NetBSD (a.out/COFF object format)
+
+CHOWN_COMMAND=/usr/sbin/chown
+CHMOD_COMMAND=/bin/chmod
+
+CFLAGS ?= -O2
+
+HAVE_SA_LEN=YES
+HAVE_IPV6=YES
+LIBS=-lcrypt -lm
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# NetBSD always ships with Berkeley DB
+USE_DB=yes
+
+# End
diff --git a/OS/unsupported/Makefile-OSF1 b/OS/unsupported/Makefile-OSF1
new file mode 100644
index 0000000..811ca07
--- /dev/null
+++ b/OS/unsupported/Makefile-OSF1
@@ -0,0 +1,10 @@
+# Exim: OS-specific make file for OSF1
+
+CFLAGS=-O
+LIBS=-liconv -lm
+HAVE_CRYPT16=yes
+HAVE_ICONV=yes
+HOSTNAME_COMMAND=/usr/bin/hostname
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+
+# End
diff --git a/OS/unsupported/Makefile-OpenUNIX b/OS/unsupported/Makefile-OpenUNIX
new file mode 100644
index 0000000..e4d7261
--- /dev/null
+++ b/OS/unsupported/Makefile-OpenUNIX
@@ -0,0 +1,17 @@
+# Exim: OS-specific make file for OpenUNIX
+
+CC=/usr/bin/cc
+CFLAGS=-O -I/usr/local/include
+LFLAGS=-L/usr/local/lib
+
+LIBS=-lsocket -lnsl -lelf -lgen -lresolv -lm
+EXTRALIBS_EXIMON=-lICE -lSM
+
+RANLIB=@true
+ERRNO_QUOTA=0
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-QNX b/OS/unsupported/Makefile-QNX
new file mode 100644
index 0000000..3cf81c4
--- /dev/null
+++ b/OS/unsupported/Makefile-QNX
@@ -0,0 +1,30 @@
+# Exim: OS-specific makefile for QNX
+
+BASENAME_COMMAND=/bin/basename
+MAKE_SHELL=/usr/bin/bash
+
+CHOWN_COMMAND=/bin/chown
+CHGRP_COMMAND=/bin/chgrp
+CHMOD_COMMAND=/bin/chmod
+HOSTNAME_COMMAND=/bin/hostname
+MV_COMMAND=/bin/mv
+PERL_COMMAND=/usr/bin/perl
+RM_COMMAND=/bin/rm
+
+AR=ar -rc
+
+CC=cc
+CFLAGS=-Otax
+LIBIDENTCFLAGS=
+
+RANLIB=@true
+DBMLIB=-ldb
+USE_DB=yes
+LIBS=-lsocket -lm
+
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-SCO b/OS/unsupported/Makefile-SCO
new file mode 100644
index 0000000..baa61d8
--- /dev/null
+++ b/OS/unsupported/Makefile-SCO
@@ -0,0 +1,28 @@
+# Exim: OS-specific make file for SCO
+
+# It was reported that some versions of gcc (e.g. 2.8.1) require this to be
+# CFLAGS=-melf
+
+CFLAGS=-b elf
+
+RANLIB=@true
+DBMLIB=-lndbm
+ERRNO_QUOTA=0
+LIBS=-lsocket -lm
+HAVE_ICONV=yes
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+# Changes from Frank Bernhardt (30/09/04)
+
+BASENAME_COMMAND=/bin/basename
+CHOWN_COMMAND=/bin/chown
+CHGRP_COMMAND=/bin/chgrp
+CHMOD_COMMAND=/bin/chmod
+HOSTNAME_COMMAND=/usr/bin/hostname
+TOUCH_COMMAND=/bin/touch
+
+# End
diff --git a/OS/unsupported/Makefile-SCO_SV b/OS/unsupported/Makefile-SCO_SV
new file mode 100644
index 0000000..249b81a
--- /dev/null
+++ b/OS/unsupported/Makefile-SCO_SV
@@ -0,0 +1,34 @@
+# Exim: OS-specific make file for SCO_SV release 5 (tested on 5.0.5 & 5.0.5)
+#       (see the UNIX_SV files for SCO 4.2)
+# Supplied by: Tony Earnshaw <tonye@ilion.nl>
+
+# Note that 'gcc -melf -m486' applies to gcc 2.7.2 and higher;
+# 2.7.1 and SCO's SDK need '-belf'.
+
+# Removed -lwrap (PH 27/7/00) because not all systems have it
+
+CFLAGS=-melf -O3 -m486
+LFLAGS=-L/lib -L/usr/lib -L/usr/local/lib
+LIBS=-ltinfo -lsocket -lm
+
+HAVE_ICONV=yes
+
+RANLIB=@true
+DBMLIB=-lndbm
+ERRNO_QUOTA=0
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+# Changes from Frank Bernhardt (30/9/04)
+
+BASENAME_COMMAND=/bin/basename
+CHOWN_COMMAND=/bin/chown
+CHGRP_COMMAND=/bin/chgrp
+CHMOD_COMMAND=/bin/chmod
+HOSTNAME_COMMAND=/usr/bin/hostname
+TOUCH_COMMAND=/bin/touch
+
+# End
diff --git a/OS/unsupported/Makefile-SunOS4 b/OS/unsupported/Makefile-SunOS4
new file mode 100644
index 0000000..c876998
--- /dev/null
+++ b/OS/unsupported/Makefile-SunOS4
@@ -0,0 +1,16 @@
+# Exim: OS-specific make file for SunOS4
+
+CFLAGS=-O
+
+CHOWN_COMMAND=/usr/etc/chown
+HOSTNAME_COMMAND=/usr/bin/hostname
+EXIT_FAILURE=1
+EXIT_SUCCESS=0
+LIBRESOLV=-lresolv
+XINCLUDE=-I/usr/include/X11
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-30
+
+# End
diff --git a/OS/unsupported/Makefile-SunOS5-hal b/OS/unsupported/Makefile-SunOS5-hal
new file mode 100644
index 0000000..05ea893
--- /dev/null
+++ b/OS/unsupported/Makefile-SunOS5-hal
@@ -0,0 +1,18 @@
+# Exim: OS-specific make file for SunOS5 on a HAL
+
+# Note: The HAL runs a standard SunOS5 except that it has a 64 bit C
+# compiler called hcc.  To make things work pass the -KV7 flag to force
+# 32bit compilation - this is necessary to interwork with some libraries.
+
+CC=hcc
+CFLAGS=-O -KV7
+LIBIDENTCFLAGS="-KV7 -O -DHAVE_ANSIHEADERS"
+LIBIDENTNAME=sunos5
+RANLIB=@true
+LIBS=-lsocket -lnsl -lkstat -lm
+LIBRESOLV=-lresolv
+X11=/usr/X11R6
+XINCLUDE=-I$(X11)/include
+XLFLAGS=-L$(X11)/lib -R$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-ULTRIX b/OS/unsupported/Makefile-ULTRIX
new file mode 100644
index 0000000..9e912b3
--- /dev/null
+++ b/OS/unsupported/Makefile-ULTRIX
@@ -0,0 +1,18 @@
+# Exim: OS-specific make file for Ultrix
+
+MAKE_SHELL=/usr/bin/sh5
+
+CFLAGS=-O
+
+# This can either be /usr/include/X11 or /usr/include/mit depending on
+# the particular version of ULTRIX.
+
+XINCLUDE=-I/usr/include/X11 -I/usr/include/mit
+
+DBMLIB=-lgdbm
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-USR1
+
+# End
diff --git a/OS/unsupported/Makefile-UNIX_SV b/OS/unsupported/Makefile-UNIX_SV
new file mode 100644
index 0000000..bfcfae1
--- /dev/null
+++ b/OS/unsupported/Makefile-UNIX_SV
@@ -0,0 +1,24 @@
+# Exim: OS-specific make file for SCO SVR4.2MP (and maybe Unixware)
+#
+#  *** Note that for SCO 5 the configuration file is called SCO_SV,
+#  *** and that Unixware7 has its own configuration. This is an old
+#  *** file that is retained for compatibility.
+#
+# Note that SCO does not include dbm/ndbm with their standard compiler
+# (it is available with /usr/ucb/cc, but that has bugs of its own). You
+# should install gcc and gdbm, then execute 'make install-compat' in the
+# gdbm source directory.
+
+CC=gcc -I/usr/local/include
+CFLAGS=-O
+
+RANLIB=@true
+DBMLIB=-lgdbm -L/usr/local/lib
+ERRNO_QUOTA=0
+LIBS=-lsocket -lelf -lgen -lnsl -lresolv -lm
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-USG b/OS/unsupported/Makefile-USG
new file mode 100644
index 0000000..753a2d7
--- /dev/null
+++ b/OS/unsupported/Makefile-USG
@@ -0,0 +1,33 @@
+# Exim: OS-specific make file for Unixware 2.x
+#
+# Note that Unixware does not include db/dbm/ndbm with their standard compiler
+# (it is available with /usr/ucb/cc, but that has bugs of its own). You
+# should install gcc and Berkeley DB (or another dbm library if you really
+# insist). If you use a different dbm library you will need to override
+# DBMLIB below.
+#
+# DB 1.85 and 2.x can be found at http://www.sleepycat.com/.
+# They have different characteristics. See the discussion of dbm libraries
+# in doc/dbm.discuss.txt in the Exim distribution.
+#
+# DB needs to be compiled with gcc and you need a 'cc' in your path
+# before the Unixware CC to compile it.
+#
+# Don't bother even starting to install exim on Unixware unless
+# you have installed gcc and use it for everything.
+
+CC=gcc -I/usr/local/include
+CFLAGS=-O
+
+RANLIB=@true
+DBMLIB=-ldb -L/usr/local/lib
+USE_DB=YES
+ERRNO_QUOTA=0
+LIBS=-lsocket -lelf -lgen -lnsl -lresolv -lm
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+X11_LD_LIB=$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-Unixware7 b/OS/unsupported/Makefile-Unixware7
new file mode 100644
index 0000000..88a8838
--- /dev/null
+++ b/OS/unsupported/Makefile-Unixware7
@@ -0,0 +1,32 @@
+# Exim: OS-specific make file for Unixware7
+# Based on information from James FitzGibbon <james@ehlo.com>
+
+# If you want to use libbind, you need to
+#     add -I/usr/local/bind/include to CFLAGS
+#     add -L/usr/local/bind/lib to LFLAGS
+#     remove -lresolv from LIBS
+#     add LOOKUP_LIBS=-lbind
+# The new settings should go in your Local/Makefile rather than here; then
+# they will be usable for subsequent Exim releases.
+
+CC=/usr/bin/cc
+CFLAGS=-O -I/usr/local/include
+LFLAGS=-L/usr/local/lib
+
+HAVE_ICONV=yes
+
+LIBS=-lsocket -lnsl -lelf -lgen -lresolv -lm
+
+# Removed on the advice of Larry Rosenman
+# EXTRALIBS=-lwrap
+
+EXTRALIBS_EXIMON=-lICE -lSM
+
+RANLIB=@true
+ERRNO_QUOTA=0
+
+X11=/usr/lib/X11
+XINCLUDE=-I/usr/include/X11
+XLFLAGS=-L/usr/lib -L$(X11)/lib
+
+# End
diff --git a/OS/unsupported/Makefile-mips b/OS/unsupported/Makefile-mips
new file mode 100644
index 0000000..ff33139
--- /dev/null
+++ b/OS/unsupported/Makefile-mips
@@ -0,0 +1,16 @@
+# Exim: OS-specific make file for RiscOS4bsd
+
+HOSTNAME_COMMAND=/usr/ucb/hostname
+EXIT_FAILURE=1
+EXIT_SUCCESS=0
+LIBRESOLV=-lresolv
+LIBS=-liberty -lm
+XINCLUDE=-I/usr/X11R6/include
+
+CFLAGS=-O
+
+EXIWHAT_PS_ARG=-ax
+EXIWHAT_EGREP_ARG='/exim( |$$)'
+EXIWHAT_KILL_SIGNAL=-30
+
+# End
diff --git a/OS/unsupported/README b/OS/unsupported/README
new file mode 100644
index 0000000..73790ae
--- /dev/null
+++ b/OS/unsupported/README
@@ -0,0 +1,14 @@
+Files in this directory are historical.  They may have worked once but the
+project has no assurance that they still do.
+
+If you need to use one for a build for your platform, copy it up one directory
+level first.  We'll reinstate it given a current version and evidence of testing.
+For the latter please look into the project regression testsuite, and please
+consider operating a buildfarm animal in the long term (it runs the testsuite).
+
+The buildfarm status page is:
+  https://buildfarm.exim.org/cgi-bin/show_status.pl
+There's a "register" link there with a link to how-to instructions.  Please do
+monitor the status of your animal on an ongoing basis.  The exim-users or
+exim-dev mailinglist are good places to ask for help and to discuss any regressions
+seen in test runs.  There is also the #exim IRC channel on Freenode.
diff --git a/OS/unsupported/os.c-BSDI b/OS/unsupported/os.c-BSDI
new file mode 100644
index 0000000..03a7a1c
--- /dev/null
+++ b/OS/unsupported/os.c-BSDI
@@ -0,0 +1,19 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) 2016 Heiko Schlittermann <hs@schlittermann.de> */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* BSDI-specific code. This is concatenated onto the generic
+src/os.c file. */
+
+#ifndef OS_UNSETENV
+#define OS_UNSETENV
+
+int
+os_unsetenv(const uschar * name)
+{
+unsetenv(CS name);
+return 0;
+}
diff --git a/OS/unsupported/os.c-HI-OSF b/OS/unsupported/os.c-HI-OSF
new file mode 100644
index 0000000..5e3d336
--- /dev/null
+++ b/OS/unsupported/os.c-HI-OSF
@@ -0,0 +1,35 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* HI-OSF-specific code. This is concatenated onto the generic
+src/os.c file. OSF has an apparently unique way of getting the
+load average, so we provide a unique function here, and define
+OS_LOAD_AVERAGE to stop src/os.c trying to provide the function. */
+
+#ifndef OS_LOAD_AVERAGE
+#define OS_LOAD_AVERAGE
+
+#include <sys/table.h>
+
+int
+os_getloadavg(void)
+{
+double avg;
+struct tbl_loadavg load_avg;
+
+table (TBL_LOADAVG, 0, &load_avg, 1, sizeof (load_avg));
+
+avg = (load_avg.tl_lscale == 0)?
+  load_avg.tl_avenrun.d[0] :
+  (load_avg.tl_avenrun.l[0] / (double)load_avg.tl_lscale);
+
+return (int)(avg * 1000.0);
+}
+
+#endif  /* OS_LOAD_AVERAGE */
+
+/* End of os.c-HI-OSF */
diff --git a/OS/unsupported/os.c-HP-UX b/OS/unsupported/os.c-HP-UX
new file mode 100644
index 0000000..fdd8708
--- /dev/null
+++ b/OS/unsupported/os.c-HP-UX
@@ -0,0 +1,16 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2016 */
+/* Copyright (c) Jeremy Harris 2016 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* HP-UX-specific code. This is concatenated onto the generic
+src/os.c file. */
+
+#ifndef COMPILE_UTILITY
+# include "setenv.c"
+#endif
+
+/* End of os.c-SunHP-UX */
diff --git a/OS/unsupported/os.c-IRIX b/OS/unsupported/os.c-IRIX
new file mode 100644
index 0000000..c1539cb
--- /dev/null
+++ b/OS/unsupported/os.c-IRIX
@@ -0,0 +1,118 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Irix-specific code. This is concatenated onto the generic src/os.c file.
+Irix has a unique way of finding all the network interfaces, so we provide a
+unique function here, and define FIND_RUNNING_INTERFACES to stop src/os.c
+trying to provide the function. The macro may be set initially anyway, when
+compiling os. for utilities that don't want this function. */
+
+#ifndef FIND_RUNNING_INTERFACES
+#define FIND_RUNNING_INTERFACES
+
+/* This is the special form of the function using sysctl() which is the only
+form that returns all the aliases on IRIX systems. This code has its origins
+in a sample program that came from within SGI. */
+
+#include <sys/sysctl.h>
+#include <net/if_dl.h>
+#include <net/if_types.h>
+#include <net/soioctl.h>
+#include <net/route.h>
+
+#define ROUNDUP(a) ((a) > 0 ? (1 + (((a) - 1) | (sizeof(__uint64_t) -1))) \
+                    : sizeof(__uint64_t))
+#ifdef _HAVE_SA_LEN
+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
+#else
+#define ADVANCE(x, n) (x += ROUNDUP(_FAKE_SA_LEN_DST(n)))
+#endif
+
+
+ip_address_item *
+os_find_running_interfaces(void)
+{
+ip_address_item *yield = NULL;
+ip_address_item *last = NULL;
+ip_address_item *next;
+
+size_t needed;
+int mib[6];
+char *buf, *nextaddr, *lim;
+register struct if_msghdr *ifm;
+
+mib[0] = CTL_NET;
+mib[1] = PF_ROUTE;
+mib[2] = 0;
+mib[3] = 0;
+mib[4] = NET_RT_IFLIST;
+mib[5] = 0;
+
+/* Get an estimate of the amount of store needed, then get the store and
+get the data into it. Any error causes a panic death. */
+
+if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
+  log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
+    strerror(errno));
+
+buf = store_get(needed, FALSE);
+
+if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
+  log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",
+    strerror(errno));
+
+/* Now fish out the data for each interface */
+
+lim  = buf + needed;
+for (nextaddr = buf; nextaddr < lim; nextaddr += ifm->ifm_msglen)
+  {
+  ifm = (struct if_msghdr *)nextaddr;
+
+  if (ifm->ifm_type != RTM_IFINFO)
+    {
+    struct ifa_msghdr *ifam = (struct ifa_msghdr *)ifm;
+    struct sockaddr_in *mask = NULL, *addr = NULL;
+
+    if ((ifam->ifam_addrs & RTA_NETMASK) != 0)
+      mask = (struct sockaddr_in *)(ifam + 1);
+
+    if ((ifam->ifam_addrs & RTA_IFA) != 0)
+      {
+      char *cp = CS mask;
+      struct sockaddr *sa = (struct sockaddr *)mask;
+      ADVANCE(cp, sa);
+      addr = (struct sockaddr_in *)cp;
+      }
+
+    /* Create a data block for the address, fill in the data, and put it on
+    the chain. This data has to survive for ever, so use malloc. */
+
+    if (addr != NULL)
+      {
+      next = store_malloc(sizeof(ip_address_item));
+      next->next = NULL;
+      next->port = 0;
+      (void)host_ntoa(-1, addr, next->address, NULL);
+
+      if (yield == NULL) yield = last = next; else
+        {
+        last->next = next;
+        last = next;
+        }
+
+      DEBUG(D_interface) debug_printf("Actual local interface address is %s\n",
+        last->address);
+      }
+    }
+  }
+
+return yield;
+}
+
+#endif  /* FIND_RUNNING_INTERFACES */
+
+/* End of os.c-IRIX */
diff --git a/OS/unsupported/os.c-IRIX6 b/OS/unsupported/os.c-IRIX6
new file mode 100644
index 0000000..c1539cb
--- /dev/null
+++ b/OS/unsupported/os.c-IRIX6
@@ -0,0 +1,118 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Irix-specific code. This is concatenated onto the generic src/os.c file.
+Irix has a unique way of finding all the network interfaces, so we provide a
+unique function here, and define FIND_RUNNING_INTERFACES to stop src/os.c
+trying to provide the function. The macro may be set initially anyway, when
+compiling os. for utilities that don't want this function. */
+
+#ifndef FIND_RUNNING_INTERFACES
+#define FIND_RUNNING_INTERFACES
+
+/* This is the special form of the function using sysctl() which is the only
+form that returns all the aliases on IRIX systems. This code has its origins
+in a sample program that came from within SGI. */
+
+#include <sys/sysctl.h>
+#include <net/if_dl.h>
+#include <net/if_types.h>
+#include <net/soioctl.h>
+#include <net/route.h>
+
+#define ROUNDUP(a) ((a) > 0 ? (1 + (((a) - 1) | (sizeof(__uint64_t) -1))) \
+                    : sizeof(__uint64_t))
+#ifdef _HAVE_SA_LEN
+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
+#else
+#define ADVANCE(x, n) (x += ROUNDUP(_FAKE_SA_LEN_DST(n)))
+#endif
+
+
+ip_address_item *
+os_find_running_interfaces(void)
+{
+ip_address_item *yield = NULL;
+ip_address_item *last = NULL;
+ip_address_item *next;
+
+size_t needed;
+int mib[6];
+char *buf, *nextaddr, *lim;
+register struct if_msghdr *ifm;
+
+mib[0] = CTL_NET;
+mib[1] = PF_ROUTE;
+mib[2] = 0;
+mib[3] = 0;
+mib[4] = NET_RT_IFLIST;
+mib[5] = 0;
+
+/* Get an estimate of the amount of store needed, then get the store and
+get the data into it. Any error causes a panic death. */
+
+if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
+  log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
+    strerror(errno));
+
+buf = store_get(needed, FALSE);
+
+if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
+  log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",
+    strerror(errno));
+
+/* Now fish out the data for each interface */
+
+lim  = buf + needed;
+for (nextaddr = buf; nextaddr < lim; nextaddr += ifm->ifm_msglen)
+  {
+  ifm = (struct if_msghdr *)nextaddr;
+
+  if (ifm->ifm_type != RTM_IFINFO)
+    {
+    struct ifa_msghdr *ifam = (struct ifa_msghdr *)ifm;
+    struct sockaddr_in *mask = NULL, *addr = NULL;
+
+    if ((ifam->ifam_addrs & RTA_NETMASK) != 0)
+      mask = (struct sockaddr_in *)(ifam + 1);
+
+    if ((ifam->ifam_addrs & RTA_IFA) != 0)
+      {
+      char *cp = CS mask;
+      struct sockaddr *sa = (struct sockaddr *)mask;
+      ADVANCE(cp, sa);
+      addr = (struct sockaddr_in *)cp;
+      }
+
+    /* Create a data block for the address, fill in the data, and put it on
+    the chain. This data has to survive for ever, so use malloc. */
+
+    if (addr != NULL)
+      {
+      next = store_malloc(sizeof(ip_address_item));
+      next->next = NULL;
+      next->port = 0;
+      (void)host_ntoa(-1, addr, next->address, NULL);
+
+      if (yield == NULL) yield = last = next; else
+        {
+        last->next = next;
+        last = next;
+        }
+
+      DEBUG(D_interface) debug_printf("Actual local interface address is %s\n",
+        last->address);
+      }
+    }
+  }
+
+return yield;
+}
+
+#endif  /* FIND_RUNNING_INTERFACES */
+
+/* End of os.c-IRIX */
diff --git a/OS/unsupported/os.c-IRIX632 b/OS/unsupported/os.c-IRIX632
new file mode 100644
index 0000000..c1539cb
--- /dev/null
+++ b/OS/unsupported/os.c-IRIX632
@@ -0,0 +1,118 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Irix-specific code. This is concatenated onto the generic src/os.c file.
+Irix has a unique way of finding all the network interfaces, so we provide a
+unique function here, and define FIND_RUNNING_INTERFACES to stop src/os.c
+trying to provide the function. The macro may be set initially anyway, when
+compiling os. for utilities that don't want this function. */
+
+#ifndef FIND_RUNNING_INTERFACES
+#define FIND_RUNNING_INTERFACES
+
+/* This is the special form of the function using sysctl() which is the only
+form that returns all the aliases on IRIX systems. This code has its origins
+in a sample program that came from within SGI. */
+
+#include <sys/sysctl.h>
+#include <net/if_dl.h>
+#include <net/if_types.h>
+#include <net/soioctl.h>
+#include <net/route.h>
+
+#define ROUNDUP(a) ((a) > 0 ? (1 + (((a) - 1) | (sizeof(__uint64_t) -1))) \
+                    : sizeof(__uint64_t))
+#ifdef _HAVE_SA_LEN
+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
+#else
+#define ADVANCE(x, n) (x += ROUNDUP(_FAKE_SA_LEN_DST(n)))
+#endif
+
+
+ip_address_item *
+os_find_running_interfaces(void)
+{
+ip_address_item *yield = NULL;
+ip_address_item *last = NULL;
+ip_address_item *next;
+
+size_t needed;
+int mib[6];
+char *buf, *nextaddr, *lim;
+register struct if_msghdr *ifm;
+
+mib[0] = CTL_NET;
+mib[1] = PF_ROUTE;
+mib[2] = 0;
+mib[3] = 0;
+mib[4] = NET_RT_IFLIST;
+mib[5] = 0;
+
+/* Get an estimate of the amount of store needed, then get the store and
+get the data into it. Any error causes a panic death. */
+
+if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
+  log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
+    strerror(errno));
+
+buf = store_get(needed, FALSE);
+
+if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
+  log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",
+    strerror(errno));
+
+/* Now fish out the data for each interface */
+
+lim  = buf + needed;
+for (nextaddr = buf; nextaddr < lim; nextaddr += ifm->ifm_msglen)
+  {
+  ifm = (struct if_msghdr *)nextaddr;
+
+  if (ifm->ifm_type != RTM_IFINFO)
+    {
+    struct ifa_msghdr *ifam = (struct ifa_msghdr *)ifm;
+    struct sockaddr_in *mask = NULL, *addr = NULL;
+
+    if ((ifam->ifam_addrs & RTA_NETMASK) != 0)
+      mask = (struct sockaddr_in *)(ifam + 1);
+
+    if ((ifam->ifam_addrs & RTA_IFA) != 0)
+      {
+      char *cp = CS mask;
+      struct sockaddr *sa = (struct sockaddr *)mask;
+      ADVANCE(cp, sa);
+      addr = (struct sockaddr_in *)cp;
+      }
+
+    /* Create a data block for the address, fill in the data, and put it on
+    the chain. This data has to survive for ever, so use malloc. */
+
+    if (addr != NULL)
+      {
+      next = store_malloc(sizeof(ip_address_item));
+      next->next = NULL;
+      next->port = 0;
+      (void)host_ntoa(-1, addr, next->address, NULL);
+
+      if (yield == NULL) yield = last = next; else
+        {
+        last->next = next;
+        last = next;
+        }
+
+      DEBUG(D_interface) debug_printf("Actual local interface address is %s\n",
+        last->address);
+      }
+    }
+  }
+
+return yield;
+}
+
+#endif  /* FIND_RUNNING_INTERFACES */
+
+/* End of os.c-IRIX */
diff --git a/OS/unsupported/os.c-IRIX65 b/OS/unsupported/os.c-IRIX65
new file mode 100644
index 0000000..c1539cb
--- /dev/null
+++ b/OS/unsupported/os.c-IRIX65
@@ -0,0 +1,118 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Irix-specific code. This is concatenated onto the generic src/os.c file.
+Irix has a unique way of finding all the network interfaces, so we provide a
+unique function here, and define FIND_RUNNING_INTERFACES to stop src/os.c
+trying to provide the function. The macro may be set initially anyway, when
+compiling os. for utilities that don't want this function. */
+
+#ifndef FIND_RUNNING_INTERFACES
+#define FIND_RUNNING_INTERFACES
+
+/* This is the special form of the function using sysctl() which is the only
+form that returns all the aliases on IRIX systems. This code has its origins
+in a sample program that came from within SGI. */
+
+#include <sys/sysctl.h>
+#include <net/if_dl.h>
+#include <net/if_types.h>
+#include <net/soioctl.h>
+#include <net/route.h>
+
+#define ROUNDUP(a) ((a) > 0 ? (1 + (((a) - 1) | (sizeof(__uint64_t) -1))) \
+                    : sizeof(__uint64_t))
+#ifdef _HAVE_SA_LEN
+#define ADVANCE(x, n) (x += ROUNDUP((n)->sa_len))
+#else
+#define ADVANCE(x, n) (x += ROUNDUP(_FAKE_SA_LEN_DST(n)))
+#endif
+
+
+ip_address_item *
+os_find_running_interfaces(void)
+{
+ip_address_item *yield = NULL;
+ip_address_item *last = NULL;
+ip_address_item *next;
+
+size_t needed;
+int mib[6];
+char *buf, *nextaddr, *lim;
+register struct if_msghdr *ifm;
+
+mib[0] = CTL_NET;
+mib[1] = PF_ROUTE;
+mib[2] = 0;
+mib[3] = 0;
+mib[4] = NET_RT_IFLIST;
+mib[5] = 0;
+
+/* Get an estimate of the amount of store needed, then get the store and
+get the data into it. Any error causes a panic death. */
+
+if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0)
+  log_write(0, LOG_PANIC_DIE, "iflist-sysctl-estimate failed: %s",
+    strerror(errno));
+
+buf = store_get(needed, FALSE);
+
+if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0)
+  log_write(0, LOG_PANIC_DIE, "sysctl of ifnet list failed: %s",
+    strerror(errno));
+
+/* Now fish out the data for each interface */
+
+lim  = buf + needed;
+for (nextaddr = buf; nextaddr < lim; nextaddr += ifm->ifm_msglen)
+  {
+  ifm = (struct if_msghdr *)nextaddr;
+
+  if (ifm->ifm_type != RTM_IFINFO)
+    {
+    struct ifa_msghdr *ifam = (struct ifa_msghdr *)ifm;
+    struct sockaddr_in *mask = NULL, *addr = NULL;
+
+    if ((ifam->ifam_addrs & RTA_NETMASK) != 0)
+      mask = (struct sockaddr_in *)(ifam + 1);
+
+    if ((ifam->ifam_addrs & RTA_IFA) != 0)
+      {
+      char *cp = CS mask;
+      struct sockaddr *sa = (struct sockaddr *)mask;
+      ADVANCE(cp, sa);
+      addr = (struct sockaddr_in *)cp;
+      }
+
+    /* Create a data block for the address, fill in the data, and put it on
+    the chain. This data has to survive for ever, so use malloc. */
+
+    if (addr != NULL)
+      {
+      next = store_malloc(sizeof(ip_address_item));
+      next->next = NULL;
+      next->port = 0;
+      (void)host_ntoa(-1, addr, next->address, NULL);
+
+      if (yield == NULL) yield = last = next; else
+        {
+        last->next = next;
+        last = next;
+        }
+
+      DEBUG(D_interface) debug_printf("Actual local interface address is %s\n",
+        last->address);
+      }
+    }
+  }
+
+return yield;
+}
+
+#endif  /* FIND_RUNNING_INTERFACES */
+
+/* End of os.c-IRIX */
diff --git a/OS/unsupported/os.c-OSF1 b/OS/unsupported/os.c-OSF1
new file mode 100644
index 0000000..ad91b63
--- /dev/null
+++ b/OS/unsupported/os.c-OSF1
@@ -0,0 +1,36 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) University of Cambridge 2001 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* OSF1-specific code. This is concatenated onto the generic src/os.c file.
+OSF1 has an apparently unique way of getting the load average, so we provide a
+unique function here, and define OS_LOAD_AVERAGE to stop src/os.c trying to
+provide the function. The macro may be set initially anyway, when compiling os.
+for utilities that don't want this function. */
+
+#ifndef OS_LOAD_AVERAGE
+#define OS_LOAD_AVERAGE
+
+#include <sys/table.h>
+
+int
+os_getloadavg(void)
+{
+double avg;
+struct tbl_loadavg load_avg;
+
+table (TBL_LOADAVG, 0, &load_avg, 1, sizeof (load_avg));
+
+avg = (load_avg.tl_lscale == 0)?
+  load_avg.tl_avenrun.d[0] :
+  (load_avg.tl_avenrun.l[0] / (double)load_avg.tl_lscale);
+
+return (int)(avg * 1000.0);
+}
+
+#endif  /* OS_LOAD_AVERAGE */
+
+/* End of os.c-OSF1 */
diff --git a/OS/unsupported/os.c-cygwin b/OS/unsupported/os.c-cygwin
new file mode 100644
index 0000000..5ca05a8
--- /dev/null
+++ b/OS/unsupported/os.c-cygwin
@@ -0,0 +1,531 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Cygwin-specific code. December 2002. Updated Jan 2015.
+   This is prefixed to the src/os.c file.
+
+   This code was supplied by Pierre A. Humblet <Pierre.Humblet@ieee.org>
+*/
+
+/* We need a special mkdir that
+   allows names starting with // */
+#undef mkdir
+int cygwin_mkdir( const char *path, mode_t mode )
+{
+  const char * p = path;
+  if (*p == '/') while(*(p+1) == '/') p++;
+  return mkdir(p, mode);
+}
+
+#ifndef COMPILE_UTILITY /* Utilities don't need special code */
+
+#ifdef INCLUDE_PAM
+#include "../pam/pam.c"
+#endif
+#include <alloca.h>
+
+unsigned int cygwin_WinVersion;
+
+/* Conflict between Windows definitions and others */
+#ifdef NOERROR
+#undef NOERROR
+#endif
+#ifdef DELETE
+#undef DELETE
+#endif
+
+#include <windows.h>
+#include <ntstatus.h>
+#include <lmcons.h>
+
+#define EqualLuid(Luid1, Luid2) \
+  ((Luid1.LowPart == Luid2.LowPart) && (Luid1.HighPart == Luid2.HighPart))
+#include <sys/cygwin.h>
+
+/* Special static variables */
+static BOOL cygwin_debug = FALSE;
+static int fakesetugid = 1; /* when not privileged, setugid = noop */
+
+#undef setuid
+int cygwin_setuid(uid_t uid )
+{
+  int res = 0;
+  if (fakesetugid == 0) { 
+    res = setuid(uid);
+    if (cygwin_debug)
+      fprintf(stderr, "setuid %u %u %d pid: %d\n",
+              uid, getuid(),res, getpid());
+  }
+  return res;
+}
+
+#undef setgid
+int cygwin_setgid(gid_t gid )
+{
+  int res = 0;
+  if (fakesetugid == 0) { 
+    res = setgid(gid);
+    if (cygwin_debug)
+      fprintf(stderr, "setgid %u %u %d pid: %d\n",
+              gid, getgid(), res, getpid());
+  }
+  return res;
+}
+
+/* Background processes run at lower priority */
+static void cygwin_setpriority()
+{
+  if (!SetPriorityClass(GetCurrentProcess(), BELOW_NORMAL_PRIORITY_CLASS))
+    SetPriorityClass(GetCurrentProcess(), IDLE_PRIORITY_CLASS);
+  return;
+}
+
+
+/* GetVersion()
+   MSB: 1 for 95/98/ME; Next 7: build number, except for 95/98/ME
+   Next byte: 0
+   Next byte: minor version of OS
+   Low  byte: major version of OS (3 or 4 for for NT, 5 for 2000 and XP) */
+//#define VERSION_IS_58M(x) (x & 0x80000000) /* 95, 98, Me   */
+//#define VERSION_IS_NT(x)  ((x & 0XFF) < 5) /* NT 4 or 3.51 */
+
+/*
+  Routine to find if process or thread is privileged
+*/
+
+enum {
+  CREATE_BIT = 1,
+};
+
+static DWORD get_privileges ()
+{
+  char buffer[1024];
+  DWORD i, length;
+  HANDLE hToken = NULL;
+  PTOKEN_PRIVILEGES privs;
+  LUID cluid, rluid;
+  DWORD ret = 0;
+
+  privs = (PTOKEN_PRIVILEGES) buffer;
+
+  if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken)
+      && LookupPrivilegeValue (NULL, SE_CREATE_TOKEN_NAME, &cluid)
+      && LookupPrivilegeValue(NULL, SE_RESTORE_NAME, &rluid)
+      && (GetTokenInformation( hToken, TokenPrivileges,
+                               privs, sizeof (buffer), &length)
+          || (GetLastError () == ERROR_INSUFFICIENT_BUFFER
+              && (privs = (PTOKEN_PRIVILEGES) alloca (length))
+              && GetTokenInformation(hToken, TokenPrivileges,
+                                     privs, length, &length)))) {
+    for (i = 0; i < privs->PrivilegeCount; i++) {
+      if (EqualLuid(privs->Privileges[i].Luid, cluid))
+        ret |= CREATE_BIT;
+      if (ret == (CREATE_BIT))
+        break;
+    }
+  }
+  else
+    fprintf(stderr, "has_create_token_privilege %u\n", GetLastError());
+
+  if (hToken)
+    CloseHandle(hToken);
+
+  return ret;
+}
+
+/* 
+  We use cygwin_premain to fake a few things 
+	and to provide some debug info 
+*/
+void cygwin_premain2(int argc, char ** argv, struct per_process * ptr)
+{
+  int i, res, is_daemon = 0, is_spoolwritable, is_privileged, is_eximuser;
+  uid_t myuid, systemuid;
+  gid_t mygid, adminsgid;
+  struct passwd * pwp = NULL;
+  struct stat buf;
+  char *cygenv;
+  SID(1, SystemSid, SECURITY_LOCAL_SYSTEM_RID);
+  SID(2, AdminsSid, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS);
+  DWORD priv_flags;
+
+  myuid = getuid();
+  mygid = getgid();
+  cygwin_WinVersion = GetVersion();
+  if ((cygenv = getenv("CYGWIN")) == NULL) cygenv = "";
+  /* Produce some debugging on stderr,
+     cannot yet use exim's debug functions.
+     Exim does not use -c and ignores -n.
+     Set lower priority for daemons */
+  for (i = 1; i < argc; i++) {
+    if (argv[i][0] == '-') {
+      if (argv[i][1] == 'c') {
+        ssize_t size;
+        wchar_t *win32_path;
+        argv[i][1] = 'n';  /* Replace -c by -n */
+        cygwin_debug = TRUE;
+        fprintf(stderr, "CYGWIN = \"%s\".\n", cygenv);
+        if (((size = cygwin_conv_path(CCP_POSIX_TO_WIN_W,"/", win32_path, 0)) > 0)
+ 	 && ((win32_path = store_malloc(size)) != NULL)
+         && (cygwin_conv_path(CCP_POSIX_TO_WIN_W,"/", win32_path, size) == 0)) {
+	        fprintf(stderr, " Root / mapped to %ls.\n", win32_path);
+		store_free(win32_path);
+	}
+      }
+      else if (argv[i][1] == 'b' && argv[i][2] == 'd') {
+        is_daemon = 1;
+        cygwin_setpriority();
+    }
+  }
+  }
+
+  /* Nt/2000/XP
+     We initially set the exim uid & gid to those of the "exim user",
+       or to the root uid (SYSTEM) and exim gid (ADMINS),
+     If privileged, we setuid to those.
+     We always set the configure uid to the system uid.
+     We always set the root uid to the real uid
+       to allow exim imposed restrictions (bypassable by recompiling)
+       and to avoid exec that cause loss of privilege
+     If not privileged and unable to chown,
+       we set the exim uid to our uid.
+     If unprivileged and /var/spool/exim is writable and not running as listening daemon, 
+       we fake all subsequent setuid. */
+
+  /* Get the system and admins uid from their sids */
+  if ((systemuid = cygwin_internal(CW_GET_UID_FROM_SID, & SystemSid)) == -1) {
+	fprintf(stderr, "Cannot map System sid. Aborting\n");
+	exit(1);
+  }
+  if ((adminsgid = cygwin_internal(CW_GET_GID_FROM_SID, & AdminsSid)) == -1) {
+	fprintf(stderr, "Cannot map Admins sid. Aborting\n");
+	exit(1);
+  }
+
+  priv_flags = get_privileges ();
+  is_privileged = !!(priv_flags & CREATE_BIT);
+
+  /* Call getpwnam for account exim after getting the local exim name */
+  char exim_username[DNLEN + UNLEN + 2];
+  if (cygwin_internal(CW_CYGNAME_FROM_WINNAME, "exim", exim_username, sizeof exim_username) != 0)
+     pwp = getpwnam (exim_username);
+
+  /* If cannot setuid to exim or and is not the daemon (which is assumed to be
+     able to chown or to be the exim user) set the exim ugid to our ugid to avoid
+     chown failures after creating files and to be able to setuid to exim in 
+     exim.c ( "privilege not needed" ). */
+  if ((is_privileged == 0) && (!is_daemon)) {
+    exim_uid = myuid;
+    exim_gid = mygid;
+  }
+  else if (pwp != NULL) {
+    exim_uid = pwp->pw_uid;  /* Set it according to passwd */
+    exim_gid = pwp->pw_gid;
+    is_eximuser = 1;
+  }
+  else {
+    exim_uid = systemuid;
+    exim_gid = adminsgid;
+    is_eximuser = 0;
+  }
+
+  res = stat("/var/spool/exim", &buf);
+  /* Check if writable (and can be stat) */
+  is_spoolwritable = ((res == 0) && ((buf.st_mode & S_IWOTH) != 0));
+
+  fakesetugid = (is_privileged == 0) && (is_daemon == 0) && (is_spoolwritable == 1);
+
+  if (is_privileged) {             /* Can setuid */
+     if (cygwin_setgid(exim_gid) /* Setuid to exim */
+         || cygwin_setuid(exim_uid)) {
+	   fprintf(stderr, "Unable to setuid/gid to exim. priv_flags: %x\n", priv_flags);
+      	   exit(0);          /* Problem... Perhaps not in 544 */
+     }
+  }
+
+  /* Set the configuration file uid and gid to the system uid and admins gid. */
+  config_uid = systemuid;
+  config_gid = adminsgid;
+
+  /* Pretend we are root to avoid useless exec
+     and avoid exim set limitations.
+     We are limited by file access rights */
+  root_uid = getuid ();
+
+  if (cygwin_debug) {
+    fprintf(stderr, "Starting uid %u, gid %u, priv_flags %x, is_privileged %d, is_daemon %d, is_spoolwritable %d.\n",
+            myuid, mygid, priv_flags, is_privileged, is_daemon, is_spoolwritable);
+    fprintf(stderr, "root_uid %u, exim_uid %u, exim_gid %u, config_uid %u, config_gid %u, is_eximuser %d.\n",
+            root_uid, exim_uid, exim_gid, config_uid, config_gid, is_eximuser);
+  }
+  return;
+}
+
+#ifndef OS_LOAD_AVERAGE /* Can be set on command line */
+#define OS_LOAD_AVERAGE /* src/os.c need not provide it */
+
+/*****************************************************************
+ Functions for average load measurements
+
+ Uses NtQuerySystemInformation.
+ This requires definitions that are not part of
+ standard include files.
+
+ This is discouraged starting with WinXP.
+
+*************************************************************/
+/* Structure to compute the load average efficiently */
+typedef struct {
+  DWORD Lock;
+  unsigned long long Time100ns;   /* Last measurement time */
+  unsigned long long IdleCount;   /* Latest cumulative idle time */
+  unsigned long long LastCounter; /* Last measurement counter */
+  unsigned long long PerfFreq;    /* Perf counter frequency */
+  int LastLoad;                   /* Last reported load, or -1 */
+} cygwin_perf_t;
+
+static struct {
+   HANDLE handle;
+   pid_t pid;
+   cygwin_perf_t *perf;
+} cygwin_load = {NULL, 0, NULL};
+
+#include <ntdef.h>
+
+typedef enum _SYSTEM_INFORMATION_CLASS
+{
+  SystemBasicInformation = 0,
+  SystemPerformanceInformation = 2,
+  SystemTimeOfDayInformation = 3,
+  SystemProcessesAndThreadsInformation = 5,
+  SystemProcessorTimes = 8,
+  SystemPagefileInformation = 18,
+  /* There are a lot more of these... */
+} SYSTEM_INFORMATION_CLASS;
+
+typedef struct _SYSTEM_BASIC_INFORMATION
+{
+  ULONG Unknown;
+  ULONG MaximumIncrement;
+  ULONG PhysicalPageSize;
+  ULONG NumberOfPhysicalPages;
+  ULONG LowestPhysicalPage;
+  ULONG HighestPhysicalPage;
+  ULONG AllocationGranularity;
+  ULONG LowestUserAddress;
+  ULONG HighestUserAddress;
+  ULONG ActiveProcessors;
+  UCHAR NumberProcessors;
+} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
+
+typedef struct __attribute__ ((aligned (8))) _SYSTEM_PROCESSOR_TIMES
+{
+  LARGE_INTEGER IdleTime;
+  LARGE_INTEGER KernelTime;
+  LARGE_INTEGER UserTime;
+  LARGE_INTEGER DpcTime;
+  LARGE_INTEGER InterruptTime;
+  ULONG InterruptCount;
+} SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
+
+typedef NTSTATUS NTAPI (*NtQuerySystemInformation_t) (SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
+typedef ULONG NTAPI (*RtlNtStatusToDosError_t) (NTSTATUS);
+
+static NtQuerySystemInformation_t NtQuerySystemInformation;
+static RtlNtStatusToDosError_t RtlNtStatusToDosError;
+
+/*****************************************************************
+ *
+ LoadNtdll()
+ Load special functions from the NTDLL
+ Return TRUE if success.
+
+ *****************************************************************/
+
+static BOOL LoadNtdll()
+{
+  HINSTANCE hinstLib;
+
+  if ((hinstLib = LoadLibrary("NTDLL.DLL"))
+      && (NtQuerySystemInformation =
+          (NtQuerySystemInformation_t) GetProcAddress(hinstLib,
+                                                        "NtQuerySystemInformation"))
+      && (RtlNtStatusToDosError =
+          (RtlNtStatusToDosError_t) GetProcAddress(hinstLib,
+                                                     "RtlNtStatusToDosError")))
+    return TRUE;
+
+  DEBUG(D_load)
+    debug_printf("perf: load: %u (Windows)\n", GetLastError());
+  return FALSE;
+}
+/*****************************************************************
+ *
+ ReadStat()
+ Measures current Time100ns and IdleCount
+ Return TRUE if success.
+
+ *****************************************************************/
+
+static BOOL ReadStat(unsigned long long int *Time100nsPtr,
+                     unsigned long long int *IdleCountPtr)
+{
+  NTSTATUS ret;
+  SYSTEM_BASIC_INFORMATION sbi;
+  PSYSTEM_PROCESSOR_TIMES spt;
+
+  *Time100nsPtr = *IdleCountPtr = 0;
+
+  if ((ret = NtQuerySystemInformation(SystemBasicInformation,
+                                      (PVOID) &sbi, sizeof sbi, NULL))
+      != STATUS_SUCCESS) {
+    DEBUG(D_load)
+      debug_printf("Perf: NtQuerySystemInformation: %u (Windows)\n",
+                   RtlNtStatusToDosError(ret));
+  }
+  else if (!(spt = (PSYSTEM_PROCESSOR_TIMES) alloca(sizeof(spt[0]) * sbi.NumberProcessors))) {
+    DEBUG(D_load)
+      debug_printf("Perf: alloca: errno %d (%s)\n", errno, strerror(errno));
+  }
+  else if ((ret = NtQuerySystemInformation(SystemProcessorTimes, (PVOID) spt,
+                                           sizeof spt[0] * sbi.NumberProcessors, NULL))
+           != STATUS_SUCCESS) {
+    DEBUG(D_load)
+      debug_printf("Perf: NtQuerySystemInformation: %u (Windows)\n",
+                   RtlNtStatusToDosError(ret));
+  }
+  else {
+    int i;
+    for (i = 0; i < sbi.NumberProcessors; i++) {
+      *Time100nsPtr += spt[i].KernelTime.QuadPart;;
+      *Time100nsPtr += spt[i].UserTime.QuadPart;
+      *IdleCountPtr += spt[i].IdleTime.QuadPart;
+    }
+    return TRUE;
+  }
+  return FALSE;
+}
+
+/*****************************************************************
+ *
+ InitLoadAvg()
+ Initialize the cygwin_load.perf structure.
+ and set cygwin_load.perf->Flag to TRUE if successful.
+ This is called the first time os_getloadavg is called
+ *****************************************************************/
+static void InitLoadAvg(cygwin_perf_t *this)
+{
+  BOOL success = TRUE;
+
+  /* Get perf frequency and counter */
+  QueryPerformanceFrequency((LARGE_INTEGER *)& this->PerfFreq);
+  QueryPerformanceCounter((LARGE_INTEGER *)& this->LastCounter);
+
+  /* Get initial values for Time100ns and IdleCount */
+  success = success
+            && ReadStat( & this->Time100ns,
+                         & this->IdleCount);
+  /* If success, set the Load to 0, else to -1 */
+  if (success) this->LastLoad = 0;
+  else {
+    log_write(0, LOG_MAIN, "Cannot obtain Load Average");
+    this->LastLoad = -1;
+  }
+}
+
+
+/*****************************************************************
+ *
+ os_getloadavg()
+
+ Return -1 if not available;
+ Return the previous value if less than AVERAGING sec old.
+ else return the processor load on a [0 - 1000] scale.
+
+ The first time we are called we initialize the counts
+ and return 0 or -1.
+ The initial load cannot be measured as we use the processor 100%
+*****************************************************************/
+static SECURITY_ATTRIBUTES sa = {sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};
+#define AVERAGING 10
+
+int os_getloadavg()
+{
+  unsigned long long Time100ns, IdleCount, CurrCounter;
+  int value;
+  pid_t newpid;
+
+  /* New process.
+     Reload the dlls and the file mapping */
+  if ((newpid = getpid()) != cygwin_load.pid) {
+    BOOL new;
+    cygwin_load.pid = newpid;
+
+    if (!LoadNtdll()) {
+      log_write(0, LOG_MAIN, "Cannot obtain Load Average");
+      cygwin_load.perf = NULL;
+      return -1;
+    }
+
+    if ((new = !cygwin_load.handle)) {
+      cygwin_load.handle = CreateFileMapping (INVALID_HANDLE_VALUE, &sa, PAGE_READWRITE,
+                                              0, sizeof(cygwin_perf_t), NULL);
+      DEBUG(D_load)
+        debug_printf("Perf: CreateFileMapping: handle %p\n", (void *) cygwin_load.handle);
+    }
+    cygwin_load.perf = (cygwin_perf_t *) MapViewOfFile (cygwin_load.handle,
+                                                        FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
+    DEBUG(D_load)
+      debug_printf("Perf: MapViewOfFile: addr %p\n", (void *) cygwin_load.perf);
+    if (new && cygwin_load.perf)
+      InitLoadAvg(cygwin_load.perf);
+  }
+
+  /* Check if initialized OK */
+  if (!cygwin_load.perf || cygwin_load.perf->LastLoad < 0)
+    return -1;
+
+  /* If we cannot get the lock, we return 0.
+     This is to prevent any lock-up possibility.
+     Finding a lock busy is unlikely, and giving up only
+     results in an immediate delivery .*/
+
+  if (InterlockedCompareExchange(&cygwin_load.perf->Lock, 1, 0)) {
+    DEBUG(D_load)
+      debug_printf("Perf: Lock busy\n");
+    return 0;
+  }
+
+    /* Get the current time (PerfCounter) */
+    QueryPerformanceCounter((LARGE_INTEGER *)& CurrCounter);
+    /* Calls closer than AVERAGING sec apart use the previous value */
+  if (CurrCounter - cygwin_load.perf->LastCounter >
+      AVERAGING * cygwin_load.perf->PerfFreq) {
+      /* Get Time100ns and IdleCount */
+      if (ReadStat( & Time100ns, & IdleCount)) { /* Success */
+        /* Return processor load on 1000 scale */
+      value = 1000 - ((1000 * (IdleCount - cygwin_load.perf->IdleCount)) /
+                      (Time100ns - cygwin_load.perf->Time100ns));
+      cygwin_load.perf->Time100ns = Time100ns;
+      cygwin_load.perf->IdleCount = IdleCount;
+      cygwin_load.perf->LastCounter = CurrCounter;
+      cygwin_load.perf->LastLoad = value;
+      DEBUG(D_load)
+        debug_printf("Perf: New load average %d\n", value);
+      }
+      else { /* Something bad happened.
+                Refuse to measure the load anymore
+                but don't bother releasing the buffer */
+        log_write(0, LOG_MAIN, "Cannot obtain Load Average");
+      cygwin_load.perf->LastLoad = -1;
+    }
+  }
+  else
+  DEBUG(D_load)
+      debug_printf("Perf: Old load average %d\n", cygwin_load.perf->LastLoad);
+  cygwin_load.perf->Lock = 0;
+  return cygwin_load.perf->LastLoad;
+}
+#endif /* OS_LOAD_AVERAGE */
+#endif /* COMPILE_UTILITY */
diff --git a/OS/unsupported/os.h-AIX b/OS/unsupported/os.h-AIX
new file mode 100644
index 0000000..5cd4501
--- /dev/null
+++ b/OS/unsupported/os.h-AIX
@@ -0,0 +1,27 @@
+/* Exim: OS-specific C header file for AIX */
+/* Written by Nick Waterman <nick@cimio.co.uk> */
+/* Modified by Philip Hazel with data from
+   Niels Provos <provos@wserver.physnet.uni-hamburg.de>
+   Juozas Simkevicius <juozas@omnitel.net> for load averages
+*/
+
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/unix"
+#define LOAD_AVG_TYPE   int
+#define FSCALE          65536.0
+
+#define HAVE_SYS_VFS_H
+#define HAVE_SYS_STATFS_H
+
+/* Now tell AIX to emulate BSD as badly as it can. */
+
+#define _BSD 44
+
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+
+/* End */
diff --git a/OS/unsupported/os.h-BSDI b/OS/unsupported/os.h-BSDI
new file mode 100644
index 0000000..a1705ec
--- /dev/null
+++ b/OS/unsupported/os.h-BSDI
@@ -0,0 +1,15 @@
+/* Exim: OS-specific C header file for BSDI */
+
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_SETCLASSRESOURCES
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+#define OS_UNSETENV
+
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-DGUX b/OS/unsupported/os.h-DGUX
new file mode 100644
index 0000000..9040f0e
--- /dev/null
+++ b/OS/unsupported/os.h-DGUX
@@ -0,0 +1,28 @@
+/* Exim: OS-specific C header file for DGUX */
+
+/* Written by Ken Bailey (K.Bailey@rbgkew.org.uk) Feb 1998 */
+/* on dgux R4.11MU04 generic AViiON mc88100                */
+/* Modified Dec 1998 by PH after message from Ken.         */
+
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL                 f_favail
+
+#define NO_SYSEXITS              /* DGUX doesn't ship sysexits.h */
+#define NO_IP_VAR_H              /* DGUX has no netinet/ip_var.h */
+
+#define os_strsignal             dg_strsignal
+#define OS_STRSIGNAL
+
+#define HAVE_MMAP
+
+/* The definition of ipoptions in netinet/in.h (masquerading as ip_opts) used
+in smtp_in.c is for Intel DG _IX86_ABI only. You may be able to get this to
+work on Intel DG but it's certainly easier to skip it on M88k. This means we
+forego the detection of some source-routing based IP attacks. */
+
+#define NO_IP_OPTIONS
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-DragonFly b/OS/unsupported/os.h-DragonFly
new file mode 100644
index 0000000..4c2f1d5
--- /dev/null
+++ b/OS/unsupported/os.h-DragonFly
@@ -0,0 +1,13 @@
+/* Exim: OS-specific C header file for DragonFly */
+
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-GNUkFreeBSD b/OS/unsupported/os.h-GNUkFreeBSD
new file mode 100644
index 0000000..ab35031
--- /dev/null
+++ b/OS/unsupported/os.h-GNUkFreeBSD
@@ -0,0 +1,25 @@
+/* Exim: OS-specific C header file for GNU/kFreeBSD */
+
+#define CRYPT_H
+#define GLIBC_IP_OPTIONS
+#define HAVE_MMAP
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_SYS_VFS_H
+#define NO_IP_VAR_H
+#define SIG_IGN_WORKS
+
+#define F_FREESP     O_TRUNC
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+/* kFreeBSD-specific bits below */
+
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-GNUkNetBSD b/OS/unsupported/os.h-GNUkNetBSD
new file mode 100644
index 0000000..bc3bc25
--- /dev/null
+++ b/OS/unsupported/os.h-GNUkNetBSD
@@ -0,0 +1,25 @@
+/* Exim: OS-specific C header file for GNU/kNetBSD */
+
+#define CRYPT_H
+#define GLIBC_IP_OPTIONS
+#define HAVE_MMAP
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_SYS_VFS_H
+#define NO_IP_VAR_H
+#define SIG_IGN_WORKS
+
+#define F_FREESP     O_TRUNC
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+/* kNetBSD-specific bits below */
+
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-HI-OSF b/OS/unsupported/os.h-HI-OSF
new file mode 100644
index 0000000..0f50fb6
--- /dev/null
+++ b/OS/unsupported/os.h-HI-OSF
@@ -0,0 +1,12 @@
+/* Exim: OS-specific C header file for HI-OSF/1-MJ and HI-UX/MPP */
+
+#define HAVE_SYS_MOUNT_H
+
+typedef struct flock           flock_t;
+#define F_FREESP               O_TRUNC
+#define DN_EXPAND_ARG4_TYPE    u_char *
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-HI-UX b/OS/unsupported/os.h-HI-UX
new file mode 100644
index 0000000..f3df963
--- /dev/null
+++ b/OS/unsupported/os.h-HI-UX
@@ -0,0 +1,21 @@
+/* Exim: OS-specific C header file for HI-UX */
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE       double
+#define LOAD_AVG_SYMBOL     "avenrun"
+#define KERNEL_PATH         "/HI-UX"
+#define FSCALE              1.0
+
+#define HAVE_SYS_VFS_H
+
+#define SELECT_ARG2_TYPE    int
+#define F_FREESP            O_TRUNC
+#define NEED_H_ERRNO        1
+
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-HP-UX b/OS/unsupported/os.h-HP-UX
new file mode 100644
index 0000000..4998734
--- /dev/null
+++ b/OS/unsupported/os.h-HP-UX
@@ -0,0 +1,34 @@
+/* Exim: OS-specific C header file for HP-UX versions greater than 9 */
+
+#define EXIM_SOCKLEN_T size_t
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   double
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/stand/vmunix"
+#define FSCALE          1.0
+
+#define HAVE_SYS_STATVFS_H
+
+#define F_FREESP           O_TRUNC
+#define NEED_H_ERRNO       1
+
+typedef struct flock flock_t;
+
+typedef struct __res_state *res_state;
+
+#define LLONG_MIN LONG_LONG_MIN
+#define LLONG_MAX LONG_LONG_MAX
+
+#define strtoll(a,b,c) strtoimax(a,b,c)
+
+/* Determined by sockaddr_un */
+
+struct sockaddr_storage
+{
+  short ss_family;
+  char __ss_padding[92];
+};
+
+/* End */
diff --git a/OS/unsupported/os.h-HP-UX-9 b/OS/unsupported/os.h-HP-UX-9
new file mode 100644
index 0000000..5a260d6
--- /dev/null
+++ b/OS/unsupported/os.h-HP-UX-9
@@ -0,0 +1,23 @@
+/* Exim: OS-specific C header file for HP-UX version 9 */
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   double
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/hp-ux"
+#define FSCALE          1.0
+
+#define HAVE_SYS_VFS_H
+
+#define SELECT_ARG2_TYPE   int
+#define F_FREESP           O_TRUNC
+#define NEED_H_ERRNO       1
+
+#define killpg(pgid,sig)   kill(-(pgid),sig)
+
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-IRIX b/OS/unsupported/os.h-IRIX
new file mode 100644
index 0000000..1d4bf46
--- /dev/null
+++ b/OS/unsupported/os.h-IRIX
@@ -0,0 +1,17 @@
+/* Exim: OS-specific C header file for IRIX */
+
+#define DN_EXPAND_ARG4_TYPE  u_char *
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   long
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/unix"
+#define FSCALE          1000.0
+
+#define HAVE_MMAP
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL        f_favail
+#define vfork fork
+
+/* End */
diff --git a/OS/unsupported/os.h-IRIX6 b/OS/unsupported/os.h-IRIX6
new file mode 100644
index 0000000..bf30767
--- /dev/null
+++ b/OS/unsupported/os.h-IRIX6
@@ -0,0 +1,16 @@
+/* Exim: OS-specific C header file for IRIX */
+
+#define CRYPT_H
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   long
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/unix"
+#define FSCALE          1000.0
+
+#define HAVE_MMAP
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL        f_favail
+#define vfork fork
+
+/* End */
diff --git a/OS/unsupported/os.h-IRIX632 b/OS/unsupported/os.h-IRIX632
new file mode 100644
index 0000000..90f1c58
--- /dev/null
+++ b/OS/unsupported/os.h-IRIX632
@@ -0,0 +1,18 @@
+/* Exim: OS-specific C header file for IRIX */
+
+#define CRYPT_H
+#define DN_EXPAND_ARG4_TYPE  u_char *
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   long
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/unix"
+#define FSCALE          1000.0
+
+#define HAVE_MMAP
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL        f_favail
+#define vfork fork
+
+/* End */
diff --git a/OS/unsupported/os.h-IRIX65 b/OS/unsupported/os.h-IRIX65
new file mode 100644
index 0000000..4b248fe
--- /dev/null
+++ b/OS/unsupported/os.h-IRIX65
@@ -0,0 +1,16 @@
+/* Exim: OS-specific C header file for IRIX 6.5 */
+
+#define CRYPT_H
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   long
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/unix"
+#define FSCALE          1000.0
+
+#define HAVE_MMAP
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL        f_favail
+#define vfork fork
+
+/* End */
diff --git a/OS/unsupported/os.h-NetBSD b/OS/unsupported/os.h-NetBSD
new file mode 100644
index 0000000..d2d3e0d
--- /dev/null
+++ b/OS/unsupported/os.h-NetBSD
@@ -0,0 +1,28 @@
+/* Exim: OS-specific C header file for NetBSD */
+
+#define HAVE_BSD_GETLOADAVG
+#define HAVE_GETIFADDRS
+#define HAVE_MMAP
+#define HAVE_SYS_MOUNT_H
+#define SIOCGIFCONF_GIVES_ADDR
+#define HAVE_ARC4RANDOM
+
+typedef struct flock flock_t;
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+
+#define os_get_dns_resolver_res __res_get_state
+#define os_put_dns_resolver_res(RP) __res_put_state(RP)
+#define OS_GET_DNS_RESOLVER_RES
+
+#include <sys/param.h>
+
+#if __NetBSD_Version__ >= 299000900
+#define HAVE_SYS_STATVFS_H
+#endif
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-NetBSD-a.out b/OS/unsupported/os.h-NetBSD-a.out
new file mode 100644
index 0000000..29a8fee
--- /dev/null
+++ b/OS/unsupported/os.h-NetBSD-a.out
@@ -0,0 +1,5 @@
+/* Exim: OS-specific C header file for NetBSD (a.out binary format) */
+
+#include "../OS/os.h-NetBSD"     /* Same as for ELF format */
+
+/* End */
diff --git a/OS/unsupported/os.h-OSF1 b/OS/unsupported/os.h-OSF1
new file mode 100644
index 0000000..6b5fa49
--- /dev/null
+++ b/OS/unsupported/os.h-OSF1
@@ -0,0 +1,16 @@
+/* Exim: OS-specific C header file for OSF1 */
+
+#define HAVE_SYS_MOUNT_H
+#define HAVE_GETIPNODEBYNAME    1
+
+typedef struct flock flock_t;
+#define F_FREESP     O_TRUNC
+
+/* This was here for some time, but it seems that now (June 2005) things have
+changed. */
+/* #define EXIM_SOCKLEN_T    size_t */
+
+/* Still not "socklen_t", which is the most common setting */
+#define EXIM_SOCKLEN_T       int
+
+/* End */
diff --git a/OS/unsupported/os.h-OpenUNIX b/OS/unsupported/os.h-OpenUNIX
new file mode 100644
index 0000000..67d1063
--- /dev/null
+++ b/OS/unsupported/os.h-OpenUNIX
@@ -0,0 +1,19 @@
+/* Exim: OS-specific C header file for OpenUNIX */
+
+#define NO_SYSEXITS
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/stand/unix"
+#define FSCALE          256
+
+#define HAVE_SYS_STATVFS_H
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-QNX b/OS/unsupported/os.h-QNX
new file mode 100644
index 0000000..798f799
--- /dev/null
+++ b/OS/unsupported/os.h-QNX
@@ -0,0 +1,24 @@
+/* Exim: OS-specific C header file for QNX */
+/* Modified for QNX 6.2.0 with diffs from Samuli Tuomola. */
+
+#include <sys/select.h>
+
+/* This include is wrapped in an ifdef so as to be skipped for QNXRTP, which
+doesn't have/need this header file. From Karsten P. Hoffmann. */
+
+#ifdef __QNX__
+#include <unix.h>
+#endif
+
+#undef HAVE_STATFS
+#undef HAVE_VFS_H
+#undef HAVE_SYS_MOUNT_H
+
+#define NO_SYSEXITS
+
+extern int h_errno;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-SCO b/OS/unsupported/os.h-SCO
new file mode 100644
index 0000000..e5e915e
--- /dev/null
+++ b/OS/unsupported/os.h-SCO
@@ -0,0 +1,21 @@
+/* Exim: OS-specific C header file for SCO */
+
+#define DN_EXPAND_ARG4_TYPE    u_char *
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/unix"
+#define FSCALE          256
+#define EXIM_SOCKLEN_T  int
+
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL        f_favail
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-SCO_SV b/OS/unsupported/os.h-SCO_SV
new file mode 100644
index 0000000..0ca29f7
--- /dev/null
+++ b/OS/unsupported/os.h-SCO_SV
@@ -0,0 +1,19 @@
+/* Exim: OS-specific C header file for SCO_SV */
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/unix"
+#define FSCALE          256
+#define EXIM_SOCKLEN_T  int
+
+#define HAVE_SYS_STATVFS_H
+#define F_FAVAIL        f_favail
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-SunOS4 b/OS/unsupported/os.h-SunOS4
new file mode 100644
index 0000000..6555620
--- /dev/null
+++ b/OS/unsupported/os.h-SunOS4
@@ -0,0 +1,39 @@
+/* Exim: OS-specific C header file for SunOS4 */
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   long
+#define LOAD_AVG_SYMBOL "_avenrun"
+#define KERNEL_PATH     "/vmunix"
+
+#define HAVE_MMAP
+#define HAVE_SYS_VFS_H
+
+#define F_FREESP     O_TRUNC
+#define EXIT_FAILURE 1
+#define EXIT_SUCCESS 0
+typedef struct flock flock_t;
+
+#define STRERROR_FROM_ERRLIST
+#define memmove(a, b, c) bcopy(b, a, c)
+#define strtoul(str, ptr, base) ((unsigned int)strtol((str),(ptr),(base)))
+
+extern char *strerror(int);
+extern int   sys_nerr;
+extern char *sys_errlist[];
+
+/* In ANSI C strtod() is defined in stdlib.h, but in SunOS4 it is defined in
+floatingpoint.h which is called from math.h, which Exim doesn't include. */
+
+extern double strtod(const char *, char **);
+
+/* SunOS4 seems to define getc, ungetc, feof and ferror as macros only, not
+as functions. We need to have them as assignable functions. Setting this
+flag causes this to get done in exim.h. */
+
+#define FUDGE_GETC_AND_FRIENDS
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-SunOS5-hal b/OS/unsupported/os.h-SunOS5-hal
new file mode 100644
index 0000000..cd9e877
--- /dev/null
+++ b/OS/unsupported/os.h-SunOS5-hal
@@ -0,0 +1,14 @@
+/* Exim: OS-specific C header file for SunOS5 on HAL */
+
+#define HAVE_MMAP
+
+#define HAVE_KSTAT
+#define LOAD_AVG_KSTAT        "system_misc"
+#define LOAD_AVG_KSTAT_MODULE "unix"
+#define LOAD_AVG_SYMBOL       "avenrun_1min"
+#define LOAD_AVG_FIELD         value.ul
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-ULTRIX b/OS/unsupported/os.h-ULTRIX
new file mode 100644
index 0000000..08db5ae
--- /dev/null
+++ b/OS/unsupported/os.h-ULTRIX
@@ -0,0 +1,18 @@
+/* Exim: OS-specific C header file for Ultrix */
+
+/* Well, it *does* have statfs(), but its structure is called something
+different, all the members have different names, and the function returns
+1 on success rather than 0. As this is for a minority function, and I think
+a minority operating system, easiest just to say "no" until someone asks. */
+
+#undef HAVE_STATFS
+
+#define F_FREESP     O_TRUNC
+#define NEED_H_ERRNO
+#define NO_OPENLOG
+typedef struct flock flock_t;
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-UNIX_SV b/OS/unsupported/os.h-UNIX_SV
new file mode 100644
index 0000000..4943a07
--- /dev/null
+++ b/OS/unsupported/os.h-UNIX_SV
@@ -0,0 +1,25 @@
+/* Exim: OS-specific C header file for SCO SVR4.2 (and maybe Unixware) */
+
+/**
+*** Note that for SCO 5 the configuration file is called SCO_SV,
+*** and that Unixware7 has its own configuration. This is an old
+*** file that is retained for compatibility.
+**/
+
+#define NO_SYSEXITS
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/stand/unix"
+#define FSCALE          256
+
+#define HAVE_SYS_STATVFS_H
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-USG b/OS/unsupported/os.h-USG
new file mode 100644
index 0000000..e769220
--- /dev/null
+++ b/OS/unsupported/os.h-USG
@@ -0,0 +1,19 @@
+/* Exim: OS-specific C header file for Unixware 2.x */
+
+#define NO_SYSEXITS
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/stand/unix"
+#define FSCALE          256
+
+#define HAVE_SYS_STATVFS_H
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-Unixware7 b/OS/unsupported/os.h-Unixware7
new file mode 100644
index 0000000..4d3ed42
--- /dev/null
+++ b/OS/unsupported/os.h-Unixware7
@@ -0,0 +1,18 @@
+/* Exim: OS-specific C header file for Unixware 7 */
+
+#define NO_SYSEXITS
+
+#define EXIM_SOCKLEN_T size_t
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   short
+#define LOAD_AVG_SYMBOL "avenrun"
+#define KERNEL_PATH     "/stand/unix"
+#define FSCALE          256
+
+#define HAVE_SYS_STATVFS_H
+#define _SVID3
+#define NEED_H_ERRNO
+
+/* End */
diff --git a/OS/unsupported/os.h-cygwin b/OS/unsupported/os.h-cygwin
new file mode 100644
index 0000000..6ef59e0
--- /dev/null
+++ b/OS/unsupported/os.h-cygwin
@@ -0,0 +1,41 @@
+/* Exim: OS-specific C header file for Cygwin */
+
+/* This code was supplied by Pierre A. Humblet <Pierre.Humblet@ieee.org>
+   December 2002. Updated Jan 2015. */
+
+/* Redefine the set*id calls to run when faking root */
+#include <unistd.h>   /* Do not redefine in unitsd.h */
+int cygwin_setuid(uid_t uid );
+int cygwin_setgid(gid_t gid );
+#define setuid cygwin_setuid
+#define setgid cygwin_setgid
+
+#define os_strsignal strsignal
+#define OS_STRSIGNAL
+#define BASE_62 36  /* Windows aliases lower and upper cases in filenames.
+                       Consider reducing MAX_LOCALHOST_NUMBER */
+#define CRYPT_H
+#define HAVE_MMAP
+#define HAVE_SYS_VFS_H
+#define NO_IP_VAR_H
+#define NO_IP_OPTIONS
+/* Defining LOAD_AVG_NEEDS_ROOT causes an initial
+   call to os_getloadavg. In our case this is beneficial
+   because it initializes the counts */
+#define LOAD_AVG_NEEDS_ROOT
+
+typedef struct flock flock_t;
+
+/* Macro to define variable length SID structures */
+#define SID(n, name, sid...) \
+struct  { \
+  BYTE  Revision; \
+  BYTE  SubAuthorityCount; \
+  SID_IDENTIFIER_AUTHORITY IdentifierAuthority; \
+  DWORD SubAuthority[n]; \
+} name = { SID_REVISION, n, {SECURITY_NT_AUTHORITY}, {sid}}
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/OS/unsupported/os.h-mips b/OS/unsupported/os.h-mips
new file mode 100644
index 0000000..325e3a1
--- /dev/null
+++ b/OS/unsupported/os.h-mips
@@ -0,0 +1,27 @@
+/* Exim: OS-specific C header file for RiscOS4bsd */
+
+#define LOAD_AVG_NEEDS_ROOT
+#define HAVE_DEV_KMEM
+#define LOAD_AVG_TYPE   long
+#define LOAD_AVG_SYMBOL "_avenrun"
+#define KERNEL_PATH     "/unix"
+
+#define HAVE_MMAP
+#define HAVE_SYS_VFS_H
+
+#define F_FREESP     O_TRUNC
+#define EXIT_FAILURE 1
+#define EXIT_SUCCESS 0
+typedef struct flock flock_t;
+
+#define STRERROR_FROM_ERRLIST
+#define memmove(a, b, c) bcopy(b, a, c)
+
+extern char *strerror(int);
+extern int   sys_nerr;
+extern char *sys_errlist[];
+
+/* default is non-const */
+#define ICONV_ARG2_TYPE const char **
+
+/* End */
diff --git a/README b/README
new file mode 100644
index 0000000..d9379f7
--- /dev/null
+++ b/README
@@ -0,0 +1,350 @@
+THE EXIM MAIL TRANSFER AGENT VERSION 4
+--------------------------------------
+
+Copyright (c) 1995 - 2018 University of Cambridge.
+See the file NOTICE for conditions of use and distribution.
+
+There is a book about Exim by Philip Hazel called "The Exim SMTP Mail Server",
+published by UIT Cambridge in May 2003. This is the official guide for Exim 4.
+The current edition covers release 4.10 and a few later extensions.
+
+The O'Reilly book about Exim ("Exim The Mail Transfer Agent" by Philip Hazel)
+covers Exim 3, which is now deprecated. Exim 4 has a large number of changes
+from Exim 3, though the basic structure and philosophy remains the same. The
+older book may be helpful for the background, but a lot of the detail has
+changed, so it is likely to be confusing to newcomers.
+
+There is a website at https://www.exim.org; this contains details of the
+mailing list exim-users@exim.org.
+
+A copy of the Exim FAQ should be available from the same source that you used
+to obtain the Exim distribution. Additional formats for the documentation
+(PostScript, PDF, Texinfo, and HTML) should also be available there.
+
+
+EXIM DISTRIBUTION
+-----------------
+
+Unpacking the tar file should produce a single directory called exim-<version>,
+containing the following files and directories:
+
+ACKNOWLEDGMENTS  some acknowledgments
+CHANGES          a conventional file name; it indirects to some files in doc/
+LICENCE          the GNU General Public Licence
+Local/           an empty directory for local configuration files
+Makefile         top level Makefile
+NOTICE           notice about conditions of use
+OS/              directory containing OS-specific files
+README           this file
+README.UPDATING  special notes about updating from previous versions
+doc/             directory of documentation files
+exim_monitor/    directory of source files for the Exim monitor
+scripts/         directory of scripts used in the build process
+src/             directory of source files
+util/            directory of independent utilities
+
+Please see the documentation files for full instructions on how to build,
+install, and run Exim. For straightforward installations on operating systems
+to which Exim has already been ported, the building process is as follows:
+
+. Ensure that the top-level Exim directory (e.g. exim-4.80) is the current
+  directory (containing the files and directories listed above).
+
+. Edit the file called src/EDITME and put the result in a new file called
+  Local/Makefile. There are comments in src/EDITME telling you what the various
+  parameters are. You must at least provide values for BIN_DIRECTORY,
+  CONFIGURE_FILE, EXIM_USER and EXIM_GROUP (if EXIM_USER is numeric), and it is
+  recommended that SPOOL_DIRECTORY also be defined here if it is a fixed path.
+
+. There are a number of additional parameters whose defaults can also be
+  overridden by additions to Local/Makefile. The basic defaults are in
+  OS/Makefile-Default, but these settings are overridden for some operating
+  systems by values on OS/Makefile-<osname>. The most commonly-required change
+  is probably the setting of CC, which defines the command to run the C
+  compiler, and which defaults to gcc. To change it to cc, add the following
+  line to Local/Makefile:
+
+  CC=cc
+
+  If you are running the Berkeley DB package as your dbm library, then it is
+  worth putting USE_DB=yes in Local/Makefile, to get Exim to use the native
+  interface. This is the default for some operating systems. See
+  doc/dbm.discuss.txt for discussion on dbm libraries.
+
+. If you want to compile the Exim monitor, edit the file called
+  exim_monitor/EDITME and put the result in a file called Local/eximon.conf.
+  If you are not going to compile the Exim monitor, you should have commented
+  out the line starting EXIM_MONITOR= when creating Local/Makefile. There are
+  comments in exim_monitor/EDITME about the values set therein, but in this
+  case everything can be defaulted if you wish.
+
+. If your system is not POSIX compliant by default, then you might experience
+  fewer problems if you help point the build tools to the POSIX variants. For
+  instance, on Solaris:
+
+  PATH=/usr/xpg4/bin:$PATH make SHELL=/usr/xpg4/bin/sh
+
+. Type "make". This will determine what your machine's architecture and
+  operating system are, and create a build directory from those names (e.g.
+  "build-SunOS5-sparc"). Symbolic links are created from the build directory
+  to the source directory. A configured make file called <build-dir>/makefile
+  is then created, and "make" then goes on to use this to build various
+  binaries and scripts inside the build directory.
+
+. Type "make install", while running as root, to install the binaries,
+  scripts, and a default configuration file. To see what this command is
+  going to do before risking it, run "../scripts/exim_install -n" (not as
+  root) from within the build directory.
+
+. When you are ready to try running Exim, see the section entitled "Testing"
+  in the chapter called "Building and Installing Exim" in doc/spec.txt, or in
+  one of the other forms of the documentation.
+
+. Running the install script does NOT replace /usr/sbin/sendmail or
+  /usr/lib/sendmail with a link to Exim. That step you must perform by hand
+  when you are satisfied that Exim is running correctly.
+
+. Note that the default configuration refers to an alias file called
+  /etc/aliases. It used to be the case that every Unix had that file, because
+  it was the Sendmail default. These days, there are systems that don't have
+  /etc/aliases, so you might need to set it up. Your aliases should at least
+  include an alias for "postmaster".
+
+. Consider notifying users of the change of MTA. Exim has different
+  capabilities, and there are various operational differences, such as stricter
+  adherence to the RFCs than some MTAs, and differences in the text of
+  messages produced by various command-line options.
+
+. The default configuration file will use your host's fully qualified name (as
+  obtained from the uname() function) as the only local mail domain and as the
+  domain which is used to qualify unqualified local mail addresses. See the
+  comments in the default configuration file if you want to change these.
+
+The operating systems currently supported are: AIX, BSD/OS (aka BSDI), Darwin
+(Mac OS X), DGUX, FreeBSD, GNU/Hurd, GNU/Linux, HI-OSF (Hitachi), HP-UX, IRIX,
+MIPS RISCOS, NetBSD, OpenBSD, QNX, SCO, SCO SVR4.2 (aka UNIX-SV), Solaris (aka
+SunOS5), SunOS4, Tru64-Unix (formerly Digital Unix, formerly DEC-OSF1), Ultrix,
+and Unixware. However, code is not available for determining system load
+averages on Ultrix. There are also configuration files for compiling Exim in
+the Cygwin environment that can be installed on systems running Windows.
+However, the documentation supplied with the distribution does not contain any
+information about running Exim in the Cygwin environment.
+
+
+******* Modifying the building process ******
+
+Instructions for overriding the build-time options for Exim are given in the
+manual. You should never have to modify any of the supplied files; it should be
+possible to override everything that is necessary by creating suitable files in
+the Local directory. This means that you won't need to redo your modifications
+for the next release of Exim. If you find you can't avoid changing some other
+file, let me know and I'll see if I can find a way of making that unnecessary.
+
+Briefly, the building process concatenates a number of files in order to
+construct its working makefile. If <ostype> and <archtype> are the operating
+system and architecture types respectively, the files used are:
+
+  OS/Makefile-Default
+  OS/Makefile-<ostype>
+  Local/Makefile
+  Local/Makefile-<ostype>
+  Local/Makefile-<archtype>
+  Local/Makefile-<ostype>-<archtype>
+  Local/Makefile-<buildname>
+  OS/Makefile-Base
+
+Of the Local/* files, only Local/Makefile is required to exist; the rest are
+optional. Because of the way "make" works, values set in later files override
+values set in earlier ones. Thus you can set up general options that are
+overridden for specify operating systems and/or architectures if you wish.
+
+
+******* IMPORTANT FOR GNU/LINUX USERS *******
+
+Exim 4 won't work with some versions of Linux if you put its spool directory on
+an NFS partition. You get an error about "directory sync failed". This is
+because of a bug in Linux NFS. A fix has been promised in due course. It is in
+any case much better to put Exim's spool directory on local disc.
+
+If you get an error complaining about the lack of functions such as dbm_open()
+when building Exim, the problem is that it hasn't been able to find a DBM
+library. See the file doc/dbm.discuss.txt for a discussion about the various
+DBM libraries.
+
+Different versions of Linux come with different DBM libraries, stored in
+different places. As well as setting USE_DB=yes in Local/Makefile if Berkeley
+DB is in use, it may also be necessary to set a value in DBMLIB to specify the
+inclusion of the DBM library, for example: DBMLIB=-ldb or DBMLIB=-lgdbm.
+
+If you are using RedHat 7.0, which has DB3 as its DBM library, you need to
+install the db-devel package before building Exim. This will have a name like
+db3-devel-3.1.14-16.i386.rpm (but check which release of DB3 you have).
+
+The building scripts now distinguish between versions of Linux with the older
+libc5 and the more recent ones that use libc6. In the latter case, USE_DB and
+-ldb are the default settings, because DB is standard with libc6.
+
+It appears that with glibc-2.1.x (a minor libc upgrade), they have standardised
+on Berkeley DB2 (instead of DB1 in glibc-2.0.x). If you want to get DB1 back,
+you need to set
+
+  INCLUDE=-I/usr/include/db1
+  DBMLIB=-ldb1
+
+in your Local/Makefile. If you omit DBMLIB=-ldb1 Exim will link successfully
+using the DB1 compatibility interface to DB2, but it will expect the file
+format to be that of DB2, and so will not be able to read existing DB1 files.
+
+
+******* IMPORTANT FOR FREEBSD USERS *******
+
+On FreeBSD there is a file called /etc/mail/mailer.conf which selects what to
+run for various MTA calls. Instead of changing /usr/sbin/sendmail, you should
+edit this file instead, to read something like this:
+
+sendmail          /usr/exim/bin/exim
+send-mail         /usr/exim/bin/exim
+mailq             /usr/exim/bin/exim -bp
+newaliases        /usr/bin/true
+
+You will most probably need to add the line:
+
+daily_status_include_submit_mailq="NO"  # No separate 'submit' queue
+
+to /etc/periodic.conf. This stops FreeBSD running the command "mailq -Ac"
+(which Exim doesn't understand) to list a separate submit queue (which Exim
+doesn't have).
+
+If you are using FreeBSD prior to 3.0-RELEASE, and you are not using the ports
+mechanism to install Exim, then you should install the perl5 package
+(/usr/local/bin/perl) and use that instead of perl in the base system, which is
+perl4 up until 3.0-RELEASE. If you are using the ports mechanism, this is
+handled for you.
+
+If you are upgrading from version 2.11 of Exim or earlier, and you are using
+DBM files, and you did not previously have USE_DB=yes in your Local/Makefile,
+then you will either have to put USE_DB=no in your Local/Makefile or (better)
+rebuild your DBM data files. The default for FreeBSD has been changed to
+USE_DB=yes, since FreeBSD comes with Berkeley DB. However, using the native DB
+interface means that the data files no longer have the ".db" extension.
+
+
+
+******* IMPORTANT FOR Tru64 (aka Digital Unix aka DEC-OSF1) USERS *******
+
+The default compiler may not recognize ANSI C by default. You may have to set
+
+CC=cc
+CFLAGS=-std1
+
+in Local/Makefile in order to compile Exim. A user reported another small
+problem with this operating system: In the file /usr/include/net/if.h a
+semicolon was missing at the end of line 143.
+
+
+
+******* IMPORTANT FOR SCO USERS *******
+
+The building scripts assume the existence of the "ar" command, which is part of
+the Development System. However, it is also possible to use the "gar" command
+that is part of the GNU utilities that are distributed with the 5.0.7 release.
+If you have "gar" and not "ar" you should include
+
+AR=gar
+
+in your Local/Makefile.
+
+
+
+******* IMPORTANT FOR Unixware 2.x USERS *******
+
+Unixware does not include db/dbm/ndbm with its standard compiler (it is
+available with /usr/ucb/cc, but that has bugs of its own). You should install
+gcc and Berkeley DB (or another dbm library if you really insist). If you use a
+different dbm library you will need to override the default setting of DBMLIB.
+
+DB 1.85 and 2.x can be found at http://www.sleepycat.com/. They have different
+characteristics. See the discussion of dbm libraries in doc/dbm.discuss.txt. DB
+needs to be compiled with gcc and you need a 'cc' in your path before the
+Unixware CC to compile it.
+
+Don't bother even starting to install exim on Unixware unless you have
+installed gcc and use it for everything.
+
+
+******* IMPORTANT FOR SOLARIS 2.3 (SUNOS 5.3) USERS *******
+
+The file /usr/include/sysexits.h does not exist on Solaris 2.3 (and presumably
+earlier versions), though it is present in 2.4 and later versions. To compile
+Exim on Solaris 2.3 it is necessary to include the line
+
+CFLAGS=-O -DNO_SYSEXITS -DEX_TEMPFAIL=75
+
+in your Local/Makefile.
+
+
+******* IMPORTANT FOR IRIX USERS *******
+
+There are problems with some versions of gcc on IRIX, as a result of which all
+DNS lookups yield either 0.0.0.0 or 255.255.255.255. Releases of gcc after
+2.7.2.3 (which works ok) are affected. Specifically, 2.8.* is affected, as are
+the 2.95 series. From release 3.21 of Exim, a workaround for this problem
+should automatically be enabled when Exim is compiled on IRIX using gcc.
+
+As from version 2.03 there is IRIX-specific code in Exim to obtain a list of
+all the IP addresses on local interfaces, including alias addresses, because
+the standard code gives only non-alias addresses in IRIX. The code came from
+SGI, with the comment:
+
+"On 6.2 you need the libc patch to get the sysctl() stub and the networking
+kernel patch to get the support."
+
+It seems that this code doesn't work on at least some earlier versions of IRIX
+(e.g. IRIX 5.3). If you can't compile under IRIX and the problem appears to
+relate to sysctl(), try commenting or #ifdef-ing out all the code in the
+file OS/os.c-IRIX.
+
+
+******* IMPORTANT FOR HP-UX USERS *******
+
+There are two different sets of configuration files for HP-UX. Those ending in
+HP-UX-9 are used for HP-UX version 9, and have been tested on HP-UX version
+9.05. Those ending in HP-UX are for later releases, and have been tested on
+HP-UX version 11.00. If you are using a version of HP-UX between 9.05 and
+11.00, you may need to edit the file OS/os.h-HP-UX if you encounter problems
+building Exim.
+
+If you want to use the Sieve facility in Exim, the alias iso-8859-1 should be
+added to the alias definition for iso81 in /usr/lib/nls/iconv/config.iconv. You
+also need to add a new alias definition: "alias utf8 utf-8".
+
+
+******* IMPORTANT FOR QNX USERS *******
+
+1. Exim makes some assumptions about the shell in the makefiles. The "normal"
+   QNX shell (ksh) will not work. You need to install "bash", which can be
+   obtained from the QNX freeware on QUICS. Install it to /usr/local/bin/bash
+   Then you need to change the SHELL definition at the top of the main Makefile
+   to SHELL=/usr/local/bin/bash. The file OS/Makefile-QNX sets the variable
+   MAKE_SHELL to /usr/local/bin/bash. If you install bash in a different place,
+   you will need to set MAKE_SHELL in your Local/Makefile in order to override
+   this.
+
+2. For some strange reason make will fail at building "exim_dbmbuild" when
+   called the first time. However simply calling make a second time will solve
+   the problem. Alternatively, run "make makefile" and then "make".
+
+
+******* IMPORTANT FOR ULTRIX USERS *******
+
+You need to set SHELL explicitly in the make call when building on ULTRIX,
+that is, type "make SHELL=sh5".
+
+
+******* IMPORTANT FOR GNU/HURD USERS *******
+
+GNU/Hurd doesn't (at the time of writing, June 1999) have the ioctls for
+finding out the IP addresses of the local interfaces. You therefore have to set
+local_interfaces yourself. Otherwise it will treat only 127.0.0.1 as local.
+
+Philip Hazel
diff --git a/README.DSN b/README.DSN
new file mode 100644
index 0000000..d700dd0
--- /dev/null
+++ b/README.DSN
@@ -0,0 +1,141 @@
+Exim DSN Patch (4.82)
+---------------------
+
+This patch is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This patch is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this patch; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA.
+
+Installation & Usage
+--------------------
+See docs/experimental-spec.txt
+
+Credits
+-------
+
+The original work for the patch was done by Philip Hazel in Exim 3
+
+The extract was taken and re-applied to Exim 4 by the following :-
+Phil Bingham   (phil.bingham@cwipapps.net)
+Steve Falla    (steve.falla@cwipapps.net)
+Ray Edah       (ray.edah@cwipapps.net)
+Andrew Johnson (andrew.johnson@cwippaps.net)
+Adrian Hungate (adrian.hungate@cwipapps.net)
+
+Now Primarily maintained by :-
+Andrew Johnson (andrew.johnson@cwippaps.net)
+
+Updated for 4.82, improved and submitted to
+http://bugs.exim.org/show_bug.cgi?id=118
+by :-
+Wolfgang Breyha (wbreyha@gmx.net)
+
+Contributions
+-------------
+Andrey J. Melnikoff (TEMHOTA) (temnota@kmv.ru) 
+
+
+ChangeLog
+---------
+14-Apr-2006 : Changed subject to "Delivery Status Notification"
+
+17-May-2006 : debug_printf in spool-in.c were not wrapped with #ifndef COMPILE_UTILITY
+              thanks to Andrey J. Melnikoff for this information
+
+12-Sep-2006 : Now supports Exim 4.63
+
+12-Sep-2006 : src/EDITME did not include the #define SUPPORT_DSN as stated
+              in the documentation, this has now been corrected
+              thanks to Robert Kehl for this information
+
+28-Jul-2008 : New version for exim 4.69 released.
+
+02-Jul-2010 : New version for exim 4.72 released.
+
+25-Apr-2014 : Version 1.4
+              *) fix ENVID and ORCPT addition in SMTP transport
+                *) p was not moved to the end of the string. new content
+                   added afterwards overwrites ENVID and/or ORCPT
+              *) change spool file format to be compatible with the
+                 extensible format of exim 4 by prepending new values and
+                 setting the extended bitmask accordingly
+                *) use SUPPORT_DSN_LEGACY=yes in Makefile to be able to read
+                   the legacy format of older patches until all messages are out of queue.
+              *) change "dsn" boolean toggle to "dsn_advertise_hosts" to
+                 be able to select who actually can use the extension
+              *) Add all RFC 3461 MUST fields to delivery-status section
+              *) convert xtext in ENVID
+              *) add all successful rcpts to ONE message instead of sending several messages
+
+26-Apr-2014 : Version 1.5
+              fixes:
+                *) fixed wrong order for ENVID
+                *) fixed wrong Final-Recipient value
+                *) af_ignore_failure is ignored for success reports
+                *) fixed DSN_LEGACY switch
+              improvements:
+                *) added MIME "failure" reports
+                  *) bounce_return_message is ignored (required by RFC)
+                  *) in case RET= is defined we honor these values
+                     otherwise bounce_return_body is honored.
+                  *) bounce_return_size_limit is always honored.
+                  *) message body intro and final text is ignored
+                  *) do not send report if DSN flags say NO
+                *) added MIME "delay" reports
+                  *) do not send report if DSN flags say NO
+                *) changed from SUPPORT_DSN to EXPERIMENTAL_DSN
+                *) updated documentation
+
+01-May-2014 : Version 1.6
+              fixes:
+                *) code cleanup
+                *) use text/rfc822-headers were applicable
+                *) fix NOTIFY=FAILURE
+
+              improvements:
+                *) do not truncated MIME messages
+                  *) if bounce_return_size_limit is smaller then the actual message
+                     only the header is returned
+                *) if bounce_return_body or bounce_return_size_limit prevents Exim
+                   from returning the requested (RET=FULL) body this fact is added
+                   as X-Exim-DSN-Information Header
+                  *) this also means that all of the last three parts of the "failure"
+                     template are not used anymore
+
+                *) dsn_process switch removed
+                  *) every router "processes" DSN by default
+                  *) there is no possibility to "gag" DSN anymore since this violates RFC
+                *) dsn_lasthop switch added for routers
+                  *) if dsn_lasthop is set by a router it is handled as relaying to a
+                     non DSN aware relay. success mails are sent if Exim successfully 
+                     delivers the message.
+                *) redirect routers always "act" as if dsn_lasthop is set
+
+                *) address_item.dsn_aware changed from uschar to int for easier handling.
+
+02-May-2014 : fixes:
+                *) Reporting-MTA: use smtp_active_hostname instead of qualify_domain from
+                   original patch.
+
+20-May-2014 : fixes:
+                *) removed support for EXPERIMENTAL_DSN_LEGACY for codebase inclusion
+                *) fixed build of exim_monitor tree
+                *) fixed late declaration of dsn_all_lasthop
+
+-----------------
+
+Support for this patch up to 1.3 (limited though it is) will only be provided through the SourceForge
+project page (http://sourceforge.net/projects/eximdsn/)
+
+From 1.4 onward feel free to ask on the exim-users mailinglist or add comments to
+http://bugs.exim.org/show_bug.cgi?id=118
+
diff --git a/README.UPDATING b/README.UPDATING
new file mode 100644
index 0000000..a0afa8d
--- /dev/null
+++ b/README.UPDATING
@@ -0,0 +1,867 @@
+This document contains detailed information about incompatibilities that might
+be encountered when upgrading from one release of Exim to another. The
+information is in reverse order of release numbers. Mostly these are relatively
+small points, and the configuration file is normally upwards compatible, but
+there have been two big upheavals...
+
+
+**************************************************************************
+* There was a big reworking of the way mail routing works for release    *
+* 4.00. Previously used "directors" were abolished, and all routing is   *
+* now done by routers. Policy controls for incoming mail are now done by *
+* Access Control Lists instead of separate options. All this means that  *
+* pre-4.00 configuration files have to be massively converted. If you    *
+* are coming from a 3.xx release, please read the document in the file   *
+* doc/Exim4.upgrade, and allow some time to complete the upgrade.        *
+*                                                                        *
+* There was a big reworking of the way domain/host/net/address lists are *
+* handled at release 3.00. If you are coming from a pre-3.00 release, it *
+* might be easier to start again from a default configuration. Otherwise *
+* you need to read doc/Exim3.upgrade and do a double conversion of your  *
+* configuration file.                                                    *
+**************************************************************************
+
+
+The rest of this document contains information about changes in 4.xx releases
+that might affect a running system.
+
+
+Exim version 4.94
+-----------------
+
+Some Transports now refuse to use tainted data in constructing their delivery
+location; this WILL BREAK configurations which are not updated accordingly.
+In particular: any Transport use of $local_user which has been relying upon
+check_local_user far away in the Router to make it safe, should be updated to
+replace $local_user with $local_part_data.
+
+Attempting to remove, in router or transport, a header name that ends with
+an asterisk (which is a standards-legal name) will now result in all headers
+named starting with the string before the asterisk being removed.  We recommend
+staying away from such names, if they are private ones (and in case of future
+enhancements, alao header names that look like REs).
+
+
+Exim version 4.93
+-----------------
+
+For a detailed list of changes that might affect Exim's operation with
+an unchanged configuration, please see the doc/ChangeLog file.
+
+Build:
+
+ * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC
+
+ * DISABLE_TLS replaces SUPPORT_TLS
+
+ * Bump the version for the local_scan API.
+
+Runtime:
+
+ * smtp transport option hosts_try_fastopen defaults to "*".
+
+ * DNSSec is requested (not required) for all queries. (This seemes to
+   ask for trouble if your resolver is a systemd-resolved.)
+
+ * Generic router option retry_use_local_part defaults to "true" under specific
+   pre-conditions.
+
+ * Introduce a tainting mechanism for values read from untrusted sources.
+
+ * Use longer file names for temporary spool files (this avoids
+   name conflicts with spool on a shared file system).
+
+ * Use dsn_from main config option (was ignored previously).
+
+
+Exim version 4.92
+-----------------
+
+ * Exim used to manually follow CNAME chains, to a limited depth.  In this
+   day-and-age we expect the resolver to be doing this for us, so the loop
+   is limited to one retry unless the (new) config option dns_cname_loops
+   is changed.
+
+Exim version 4.91
+-----------------
+
+ * DANE and SPF have been promoted from Experimental to Supported status, thus
+   the options to enable them in Local/Makefile have been renamed.
+   See current src/EDITME for full details, including changes in dependencies,
+   but loosely: replace EXPERIMENTAL_SPF with SUPPORT_SPF and replace
+   EXPERIMENTAL_DANE with SUPPORT_DANE.
+
+ * Ancient ClamAV stream support, long deprecated by ClamAV, has been removed;
+   if you were building with WITH_OLD_CLAMAV_STREAM enabled then your problems
+   have marginally increased.
+
+ * A number of logging changes; if relying upon the previous DKIM additional
+   log-line, explicit log_selector configuration is needed to keep it.
+
+ * Other incompatible changes in EXPERIMENTAL_* features, read NewStuff and
+   ChangeLog carefully if relying upon an experimental feature such as DMARC.
+   Note that this includes changes to SPF as it was promoted into Supported.
+
+
+Exim version 4.89
+-----------------
+
+ * SMTP CHUNKING in Exim 4.88 did not ensure that received mails had a final
+   newline; attempts to deliver such messages onwards to non-chunking hosts
+   would probably hang, as Exim does not insert the newline before a ".".
+   In 4.89, the newline is added upon receipt.  For already-received messages
+   in your queue, try util/chunking_fixqueue_finalnewlines.pl
+   to walk the queue, fixing any affected messages.  Note that because a
+   delivery attempt will be hanging, attempts to lock the messages for fixing
+   them will stall; stopping all queue-runners temporarily is recommended.
+
+ * OpenSSL: oldest supported release series is now 1.0.2, which is the oldest
+   supported by the OpenSSL project.  If you can build Exim with an older
+   release series, congratulations.  If you can't, then upgrade.
+   The file doc/openssl.txt contains instructions for installing a current
+   OpenSSL outside the system library paths and building Exim to use it.
+
+ * FreeBSD: we now always use the system iconv in libc, as all versions of
+   FreeBSD supported by the FreeBSD project provide this functionality.
+
+
+Exim version 4.88
+-----------------
+
+ * The "demime" ACL condition, deprecated for the past 10 years, has
+   now been removed.
+
+ * Old GnuTLS configuration options "gnutls_require_kx", "gnutls_require_mac",
+   and "gnutls_require_protocols" have now been removed.  (Inoperative from
+   4.80, per below; logging warnings since 4.83, again per below).
+
+
+Exim version 4.83
+-----------------
+
+ * SPF condition results renamed "permerror" and "temperror".  The old
+   names are still accepted for back-compatibility, for this release.
+
+ * TLS details are now logged on rejects, subject to log selectors.
+
+ * Items in headers_remove lists must now have any embedded list-separators
+   doubled.
+
+ * Attempted use of the deprecated options "gnutls_require_kx" et. al.
+   now result in logged warning.
+
+
+Exim version 4.82
+-----------------
+
+ * New option gnutls_allow_auto_pkcs11 defaults false; if you have GnuTLS 2.12.0
+   or later and do want PKCS11 modules to be autoloaded, then set this option.
+
+ * A per-transport wait-<name> database is no longer updated if the transport
+   sets "connection_max_messages" to 1, as it can not be used and causes
+   unnecessary serialisation and load.  External tools tracking the state of
+   Exim by the hints databases may need modification to take this into account.
+
+ * The av_scanner option can now accept multiple clamd TCP targets, all other
+   setting limitations remain.
+
+
+Exim version 4.80
+-----------------
+
+ * BEWARE backwards-incompatible changes in SSL libraries, thus the version
+   bump.  See points below for details.
+   Also an LDAP data returned format change.
+
+ * The value of $tls_peerdn is now print-escaped when written to the spool file
+   in a -tls_peerdn line, and unescaped when read back in.  We received reports
+   of values with embedded newlines, which caused spool file corruption.
+
+   If you have a corrupt spool file and you wish to recover the contents after
+   upgrading, then lock the message, replace the new-lines that should be part
+   of the -tls_peerdn line with the two-character sequence \n and then unlock
+   the message.  No tool has been provided as we believe this is a rare
+   occurrence.
+
+ * For OpenSSL, SSLv2 is now disabled by default.  (GnuTLS does not support
+   SSLv2).  RFC 6176 prohibits SSLv2 and some informal surveys suggest no
+   actual usage.  You can re-enable with the "openssl_options" Exim option,
+   in the main configuration section.  Note that supporting SSLv2 exposes
+   you to ciphersuite downgrade attacks.
+
+ * With OpenSSL 1.0.1+, Exim now supports TLS 1.1 and TLS 1.2.  If built
+   against 1.0.1a then you will get a warning message and the
+   "openssl_options" value will not parse "no_tlsv1_1": the value changes
+   incompatibly between 1.0.1a and 1.0.1b, because the value chosen for 1.0.1a
+   is infelicitous.  We advise avoiding 1.0.1a.
+
+   "openssl_options" gains "no_tlsv1_1", "no_tlsv1_2" and "no_compression".
+
+   COMPATIBILITY WARNING: The default value of "openssl_options" is no longer
+   "+dont_insert_empty_fragments".  We default to "+no_sslv2".
+   That old default was grandfathered in from before openssl_options became a
+   configuration option.
+   Empty fragments are inserted by default through TLS1.0, to partially defend
+   against certain attacks; TLS1.1+ change the protocol so that this is not
+   needed.  The DIEF SSL option was required for some old releases of mail
+   clients which did not gracefully handle the empty fragments, and was
+   initially set in Exim release 4.31 (see ChangeLog, item 37).
+
+   If you still have affected mail-clients, and you see SSL protocol failures
+   with this release of Exim, set:
+     openssl_options = +dont_insert_empty_fragments
+   in the main section of your Exim configuration file.  You're trading off
+   security for compatibility.  Exim is now defaulting to higher security and
+   rewarding more modern clients.
+
+   If the option tls_dhparams is set and the parameters loaded from the file
+   have a bit-count greater than the new option tls_dh_max_bits, then the file
+   will now be ignored.  If this affects you, raise the tls_dh_max_bits limit.
+   We suspect that most folks are using dated defaults and will not be affected.
+
+ * Ldap lookups returning multi-valued attributes now separate the attributes
+   with only a comma, not a comma-space sequence.  Also, an actual comma within
+   a returned attribute is doubled.  This makes it possible to parse the
+   attribute as a comma-separated list.  Note the distinction from multiple
+   attributes being returned, where each one is a name=value pair.
+
+   If you are currently splitting the results from LDAP upon a comma, then you
+   should check carefully to see if adjustments are needed.
+
+   This change lets cautious folks distinguish "comma used as separator for
+   joining values" from "comma inside the data".
+
+ * accept_8bitmime now defaults on, which is not RFC compliant but is better
+   suited to today's Internet.  See http://cr.yp.to/smtp/8bitmime.html for a
+   sane rationale.  Those who wish to be strictly RFC compliant, or know that
+   they need to talk to servers that are not 8-bit-clean, now need to take
+   explicit configuration action to default this option off.  This is not a
+   new option, you can safely force it off before upgrading, to decouple
+   configuration changes from the binary upgrade while remaining RFC compliant.
+
+ * The GnuTLS support has been mostly rewritten, to use APIs which don't cause
+   deprecation warnings in GnuTLS 2.12.x.  As part of this, these three options
+   are no longer supported:
+
+     gnutls_require_kx
+     gnutls_require_mac
+     gnutls_require_protocols
+
+   Their functionality is entirely subsumed into tls_require_ciphers.  In turn,
+   tls_require_ciphers is no longer an Exim list and is not parsed by Exim, but
+   is instead given to gnutls_priority_init(3), which expects a priority string;
+   this behaviour is much closer to the OpenSSL behaviour.  See:
+
+     http://www.gnutls.org/manual/html_node/Priority-Strings.html
+
+   for fuller documentation of the strings parsed.  The three gnutls_require_*
+   options are still parsed by Exim and, for this release, silently ignored.
+   A future release will add warnings, before a later still release removes
+   parsing entirely and the presence of the options will be a configuration
+   error.
+
+   Note that by default, GnuTLS will not accept RSA-MD5 signatures in chains.
+   A tls_require_ciphers value of NORMAL:%VERIFY_ALLOW_SIGN_RSA_MD5 may
+   re-enable support, but this is not supported by the Exim maintainers.
+   Our test suite no longer includes MD5-based certificates.
+
+   This rewrite means that Exim will continue to build against GnuTLS in the
+   future, brings Exim closer to other GnuTLS applications and lets us add
+   support for SNI and other features more readily.  We regret that it wasn't
+   feasible to retain the three dropped options.
+
+ * If built with TLS support, then Exim will now validate the value of
+   the main section tls_require_ciphers option at start-up.  Before, this
+   would cause a STARTTLS 4xx failure, now it causes a failure to start.
+   Running with a broken configuration which causes failures that may only
+   be left in the logs has been traded off for something more visible.  This
+   change makes an existing problem more prominent, but we do not believe
+   anyone would deliberately be running with an invalid tls_require_ciphers
+   option.
+
+   This also means that library linkage issues caused by conflicts of some
+   kind might take out the main daemon, not just the delivery or receiving
+   process.  Conceivably some folks might prefer to continue delivering
+   mail plaintext when their binary is broken in this way, if there is a
+   server that is a candidate to receive such mails that does not advertise
+   STARTTLS.  Note that Exim is typically a setuid root binary and given
+   broken linkage problems that cause segfaults, we feel it is safer to
+   fail completely.  (The check is not done as root, to ensure that problems
+   here are not made worse by the check).
+
+ * The "tls_dhparam" option has been updated, so that it can now specify a
+   path or an identifier for a standard DH prime from one of a few RFCs.
+   The default for OpenSSL is no longer to not use DH but instead to use
+   one of these standard primes.  The default for GnuTLS is no longer to use
+   a file in the spool directory, but to use that same standard prime.
+   The option is now used by GnuTLS too.  If it points to a path, then
+   GnuTLS will use that path, instead of a file in the spool directory;
+   GnuTLS will attempt to create it if it does not exist.
+
+   To preserve the previous behaviour of generating files in the spool
+   directory, set "tls_dhparam = historic".  Since prior releases of Exim
+   ignored tls_dhparam when using GnuTLS, this can safely be done before
+   the upgrade.
+
+
+
+Exim version 4.77
+-----------------
+
+ * GnuTLS will now attempt to use TLS 1.2 and TLS 1.1 before TLS 1.0 and SSL3,
+   if supported by your GnuTLS library.  Use the existing
+   "gnutls_require_protocols" option to downgrade this if that will be a
+   problem.  Prior to this release, supported values were "TLS1" and "SSL3",
+   so you should be able to update configuration prior to update.
+
+    [nb: gnutls_require_protocols removed in Exim 4.80, instead use
+         tls_require_ciphers to provide a priority string; see notes above]
+
+ * The match_<type>{string1}{string2} expansion conditions no longer subject
+   string2 to string expansion, unless Exim was built with the new
+   "EXPAND_LISTMATCH_RHS" option.  Too many people have inadvertently created
+   insecure configurations that way.  If you need the functionality and turn on
+   that build option, please let the developers know, and know why, so we can
+   try to provide a safer mechanism for you.
+
+   The match{}{} expansion condition (for regular expressions) is NOT affected.
+   For match_<type>{s1}{s2}, all list functionality is unchanged.  The only
+   change is that a '$' appearing in s2 will not trigger expansion, but instead
+   will be treated as a literal $ sign; the effect is very similar to having
+   wrapped s2 with \N...\N.  If s2 contains a named list and the list definition
+   uses $expansions then those _will_ be processed as normal.  It is only the
+   point at which s2 is read where expansion is inhibited.
+
+   If you are trying to test if two email addresses are equal, use eqi{s1}{s2}.
+   If you are testing if the address in s1 occurs in the list of items given
+   in s2, either use the new inlisti{s1}{s2} condition (added in 4.77) or use
+   the pre-existing forany{s2}{eqi{$item}{s1}} condition.
+
+
+Exim version 4.74
+-----------------
+
+ * The integrated support for dynamically loadable lookup modules has an ABI
+   change from the modules supported by some OS vendors through an unofficial
+   patch. Don't try to mix & match.
+
+ * Some parts of the build system are now beginning to assume that the host
+   environment is POSIX. If you're building on a system where POSIX tools are
+   not the default, you might have an easier time if you switch to the POSIX
+   tools.  Feel free to report non-POSIX issues as a request for a feature
+   enhancement, but if the POSIX variants are available then the fix will
+   probably just involve some coercion.  See the README instructions for
+   building on such hosts.
+
+
+Exim version 4.73
+-----------------
+
+ * The Exim run-time user can no longer be root; this was always
+   strongly discouraged, but is now prohibited both at build and
+   run-time.  If you need Exim to run routinely as root, you'll need to
+   patch the source and accept the risk.  Here be dragons.
+
+ * Exim will no longer accept a configuration file owned by the Exim
+   run-time user, unless that account is explicitly the value in
+   CONFIGURE_OWNER, which we discourage.  Exim now checks to ensure that
+   files are not writeable by other accounts.
+
+ * The ALT_CONFIG_ROOT_ONLY build option is no longer optional and is forced
+   on; the Exim user can, by default, no longer use -C/-D and retain privilege.
+   Two new build options mitigate this.
+
+    * TRUSTED_CONFIG_LIST defines a file containing a whitelist of config
+      files that are trusted to be selected by the Exim user; one per line.
+      This is the recommended approach going forward.
+
+    * WHITELIST_D_MACROS defines a colon-separated list of macro names which
+      the Exim run-time user may safely pass without dropping privileges.
+      Because changes to this involve a recompile, this is not the recommended
+      approach but may ease transition.  The values of the macros, when
+      overridden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$
+
+ * The system_filter_user option now defaults to the Exim run-time user,
+   rather than root.  You can still set it explicitly to root and this
+   can be done with prior versions too, letting you roll versions
+   without needing to change this configuration option.
+
+ * ClamAV must be at least version 0.95 unless WITH_OLD_CLAMAV_STREAM is
+   defined at build time.
+
+
+Exim version 4.70
+-----------------
+
+1. Experimental Yahoo! Domainkeys support has been dropped in this release.
+It has been superseded by a native implementation of its successor DKIM.
+
+2. Up to version 4.69, Exim came with an embedded version of the PCRE library.
+As of 4.70, this is no longer the case. To compile Exim, you will need PCRE
+installed. Most OS distributions have ready-made library and development
+packages.
+
+
+Exim version 4.68
+-----------------
+
+1. The internal implementation of the database keys that are used for ACL
+ratelimiting has been tidied up. This means that an update to 4.68 might cause
+Exim to "forget" previous rates that it had calculated, and reset them to zero.
+
+
+Exim version 4.64
+-----------------
+
+1. Callouts were setting the name used for EHLO/HELO from $smtp_active_
+hostname. This is wrong, because it relates to the incoming message (and
+probably the interface on which it is arriving) and not to the outgoing
+callout (which could be using a different interface). This has been
+changed to use the value of the helo_data option from the smtp transport
+instead - this is what is used when a message is actually being sent. If
+there is no remote transport (possible with a router that sets up host
+addresses), $smtp_active_hostname is used. This change is mentioned here in
+case somebody is relying on the use of $smtp_active_hostname.
+
+2. A bug has been fixed that might just possibly be something that is relied on
+in some configurations. In expansion items such as ${if >{xxx}{yyy}...} an
+empty string (that is {}) was being interpreted as if it was {0} and therefore
+treated as the number zero. From release 4.64, such strings cause an error
+because a decimal number, possibly followed by K or M, is required (as has
+always been documented).
+
+3. There has been a change to the GnuTLS support (ChangeLog/PH/20) to improve
+Exim's performance. Unfortunately, this has the side effect of being slightly
+non-upwards compatible for versions 4.50 and earlier. If you are upgrading from
+one of these earlier versions and you use GnuTLS, you must remove the file
+called gnutls-params in Exim's spool directory. If you don't do this, you will
+see this error:
+
+  TLS error on connection from ... (DH params import): Base64 decoding error.
+
+Removing the file causes Exim to recompute the relevant encryption parameters
+and cache them in the new format that was introduced for release 4.51 (May
+2005). If you are upgrading from release 4.51 or later, there should be no
+problem.
+
+
+Exim version 4.63
+-----------------
+
+When an SMTP error message is specified in a "message" modifier in an ACL, or
+in a :fail: or :defer: message in a redirect router, Exim now checks the start
+of the message for an SMTP error code. This consists of three digits followed
+by a space, optionally followed by an extended code of the form n.n.n, also
+followed by a space. If this is the case and the very first digit is the same
+as the default error code, the code from the message is used instead. If the
+very first digit is incorrect, a panic error is logged, and the default code is
+used. This is an incompatible change, but it is not expected to affect many (if
+any) configurations. It is possible to suppress the use of the supplied code in
+a redirect router by setting the smtp_error_code option false. In this case,
+any SMTP code is quietly ignored.
+
+
+Exim version 4.61
+-----------------
+
+1. The default number of ACL variables of each type has been increased to 20,
+and it's possible to compile Exim with more. You can safely upgrade to this
+release if you already have messages on the queue with saved ACL variable
+values. However, if you downgrade from this release with messages on the queue,
+any saved ACL values they may have will be lost.
+
+2. The default value for rfc1413_query_timeout has been changed from 30s to 5s.
+
+
+Exim version 4.54
+-----------------
+
+There was a problem with 4.52/TF/02 in that a "name=" option on control=
+submission terminated at the next slash, thereby not allowing for slashes in
+the name. This has been changed so that "name=" takes the rest of the string as
+its data. It must therefore be the last option.
+
+
+Version 4.53
+------------
+
+If you are using the experimental Domain Keys support, you must upgrade to
+at least libdomainkeys 0.67 in order to run this release of Exim.
+
+
+Version 4.51
+------------
+
+1. The format in which GnuTLS parameters are cached (in the file gnutls-params
+in the spool directory) has been changed. The new format can also be generated
+externally, so it is now possible to update the values from outside Exim. This
+has been implemented in an upwards, BUT NOT downwards, compatible manner.
+Upgrading should be seamless: when Exim finds that it cannot understand an
+existing cache file, it generates new parameters and writes them to the cache
+in the new format. If, however, you downgrade from 4.51 to a previous release,
+you MUST delete the gnutls-params file in the spool directory, because the
+older Exim will not recognize the new format.
+
+2. When doing a callout as part of verifying an address, Exim was not paying
+attention to any local part prefix or suffix that was matched by the router
+that accepted the address. It now behaves in the same way as it does for
+delivery: the affixes are removed from the local part unless
+rcpt_include_affixes is set on the transport. If you have a configuration that
+uses prefixes or suffixes on addresses that could be used for callouts, and you
+want the affixes to be retained, you must make sure that rcpt_include_affixes
+is set on the transport.
+
+3. Bounce and delay warning messages no longer contain details of delivery
+errors, except for explicit messages (e.g. generated by :fail:) and SMTP
+responses from remote hosts.
+
+
+Version 4.50
+------------
+
+The exicyclog script has been updated to use three-digit numbers in rotated log
+files if the maximum number to keep is greater than 99. If you are already
+keeping more than 99, there will be an incompatible change when you upgrade.
+You will probably want to rename your old log files to the new form before
+running the new exicyclog.
+
+
+Version 4.42
+------------
+
+RFC 3848 specifies standard names for the "with" phrase in Received: header
+lines when AUTH and/or TLS are in use. This is the "received protocol"
+field. Exim used to use "asmtp" for authenticated SMTP, without any
+indication (in the protocol name) for TLS use. Now it follows the RFC and
+uses "esmtpa" if the connection is authenticated, "esmtps" if it is
+encrypted, and "esmtpsa" if it is both encrypted and authenticated. These names
+appear in log lines as well as in Received: header lines.
+
+
+Version 4.34
+------------
+
+Change 4.31/2 gave problems to data ACLs and local_scan() functions that
+expected to see a Received: header. I have changed to yet another scheme. The
+Received: header is now generated after the body is received, but before the
+ACL or local_scan() is called. After they have run, the timestamp in the
+Received: header is updated.
+
+Thus, change (a) of 4.31/2 has been reversed, but change (b) is still true,
+which is lucky, since I decided it was a bug fix.
+
+
+Version 4.33
+------------
+
+If an expansion in a condition on a "warn" statement fails because a lookup
+defers, the "warn" statement is abandoned, and the next ACL statement is
+processed. Previously this caused the whole ACL to be aborted.
+
+
+Version 4.32
+------------
+
+Change 4.31/2 has been reversed, as it proved contentious. Recipient callout
+verification now uses <> in the MAIL command by default, as it did before. A
+new callout option, "use_sender", has been added to request the other
+behaviour.
+
+
+Version 4.31
+------------
+
+1. If you compile Exim to use GnuTLS, it now requires the use of release 1.0.0
+   or greater. The interface to the obsolete 0.8.x releases is no longer
+   supported. There is one externally visible change: the format for the
+   display of Distinguished Names now uses commas as a separator rather than a
+   slash. This is to comply with RFC 2253.
+
+2. When a message is received, the Received: header line is now generated when
+   reception is complete, instead of at the start of reception. For messages
+   that take a long time to come in, this changes the meaning of the timestamp.
+   There are several side-effects of this change:
+
+    (a) If a message is rejected by a DATA or non-SMTP ACL, or by local_scan(),
+        the logged header lines no longer include the local Received: line,
+        because it has not yet been created. If the message is a non-SMTP one,
+        and the error is processed by sending a message to the sender, the copy
+        of the original message that is returned does not have an added
+        Received: line.
+
+    (b) When a filter file is tested using -bf, no additional Received: header
+        is added to the test message. After some thought, I decided that this
+        is a bug fix.
+
+    The contents of $received_for are not affected by this change. This
+    variable still contains the single recipient of a message, copied after
+    addresses have been rewritten, but before local_scan() is run.
+
+2. Recipient callout verification, like sender verification, was using <> in
+   the MAIL FROM command. This isn't really the right thing, since the actual
+   sender may affect whether the remote host accepts the recipient or not. I
+   have changed it to use the actual sender in the callout; this means that
+   the cache record is now keyed on a recipient/sender pair, not just the
+   recipient address. There doesn't seem to be a real danger of callout loops,
+   since a callout by the remote host to check the sender would use <>.
+
+
+Version 4.30
+------------
+
+1. I have abolished timeout_DNS as an error that can be detected in retry
+   rules, because it has never worked. Despite the fact that it has been
+   documented since at least release 1.62, there was no code to support it.
+   If you have used it in your retry rules, you will now get a warning message
+   to the log and panic log. It is now treated as plain "timeout".
+
+2. After discussion on the mailing list, Exim no longer adds From:, Date:, or
+   Message-Id: header lines to messages that do not originate locally, that is,
+   messages that have an associated sending host address.
+
+3. When looking up a host name from an IP address, Exim now tries the DNS
+   first, and only if that fails does it use gethostbyaddr() (or equivalent).
+   This change was made because on some OS, not all the names are given for
+   addresses with multiple PTR records via the gethostbyaddr() interface. The
+   order of lookup can be changed by setting host_lookup_order.
+
+
+Version 4.23
+------------
+
+1. The new FIXED_NEVER_USERS build-time option creates a list of "never users"
+   that cannot be overridden. The default in the distributed EDITME is "root".
+   If for some reason you were (against advice) running deliveries as root, you
+   will have to ensure that FIXED_NEVER_USERS is not set in your
+   Local/Makefile.
+
+2. The ${quote: operator now quotes an empty string, which it did not before.
+
+3. Version 4.23 saves the contents of the ACL variables with the message, so
+   that they can be used later. If one of these variables contains a newline,
+   there will be a newline character in the spool that will not be interpreted
+   correctly by a previous version of Exim. (Exim ignores keyed spool file
+   items that it doesn't understand - precisely for this kind of problem - but
+   it expects them all to be on one line.)
+
+   So the bottom line is: if you have newlines in your ACL variables, you
+   cannot retreat from 4.23.
+
+
+Version 4.21
+------------
+
+1. The idea of the "warn" ACL verb is that it adds a header or writes to the
+   log only when "message" or "log_message" are set. However, if one of the
+   conditions was an address verification, or a call to a nested ACL, the
+   messages generated by the underlying test were being passed through. This
+   no longer happens. The underlying message is available in $acl_verify_
+   message for both "message" and "log_message" expansions, so it can be
+   passed through if needed.
+
+2. The way that the $h_ (and $header_) expansions work has been changed by the
+   addition of RFC 2047 decoding. See the main documentation (the NewStuff file
+   until release 4.30, then the manual) for full details. Briefly, there are
+   now three forms:
+
+     $rh_xxx: and $rheader_xxx: give the original content of the header
+       line(s), with no processing at all.
+
+     $bh_xxx: and $bheader_xxx: remove leading and trailing white space, and
+       then decode base64 or quoted-printable "words" within the header text,
+       but do not do charset translation.
+
+     $h_xxx: and $header_xxx: attempt to translate the $bh_ string to a
+       standard character set.
+
+   If you have previously been using $h_ expansions to access the raw
+   characters, you should change to $rh_ instead.
+
+3. When Exim creates an RFC 2047 encoded word in a header line, it labels it
+   with the default character set from the headers_charset option instead of
+   always using iso-8859-1.
+
+4. If TMPDIR is defined in Local/Makefile (default in src/EDITME is
+   TMPDIR="/tmp"), Exim checks for the presence of an environment variable
+   called TMPDIR, and if it finds it is different, it changes its value.
+
+5. Following a discussion on the list, the rules by which Exim recognises line
+   endings on incoming messages have been changed. The -dropcr and drop_cr
+   options are now no-ops, retained only for backwards compatibility. The
+   following line terminators are recognized: LF CRLF CR. However, special
+   processing applies to CR:
+
+   (i)  The sequence CR . CR does *not* terminate an incoming SMTP message,
+        nor a local message in the state where . is a terminator.
+
+   (ii) If a bare CR is encountered in a header line, an extra space is added
+        after the line terminator so as not to end the header. The reasoning
+        behind this is that bare CRs in header lines are most likely either
+        to be mistakes, or people trying to play silly games.
+
+6. The code for using daemon_smtp_port, local_interfaces, and the -oX options
+   has been reorganized. It is supposed to be backwards compatible, but it is
+   mentioned here just in case I've screwed up.
+
+
+
+Version 4.20
+------------
+
+1. I have tidied and re-organized the code that uses alarm() for imposing time
+   limits on various things. It shouldn't affect anything, but if you notice
+   processes getting stuck, it may be that I've broken something.
+
+2. The "arguments" log selector now also logs the current working directory
+   when Exim is called.
+
+3. An incompatible change has been made to the appendfile transport. This
+   affects the case when it is used for file deliveries that are set up by
+   .forward and filter files. Previously, any settings of the "file" or
+   "directory" options were ignored. It is hoped that, like the address_file
+   transport in the default configuration, these options were never in fact set
+   on such transports, because they were of no use.
+
+   Now, if either of these options is set, it is used. The path that is passed
+   by the router is in $address_file (this is not new), so it can be used as
+   part of a longer path, or modified in any other way that expansion permits.
+
+   If neither "file" nor "directory" is set, the behaviour is unchanged.
+
+4. Related to the above: in a filter, if a "save" command specifies a non-
+   absolute path, the value of $home/ is pre-pended. This no longer happens if
+   $home is unset or is set to an empty string.
+
+5. Multiple file deliveries from a filter or .forward file can never be
+   batched; the value of batch_max on the transport is ignored for file
+   deliveries. I'm assuming that nobody ever actually set batch_max on the
+   address_file transport - it would have had odd effects previously.
+
+6. DESTDIR is the more common variable that ROOT for use when installing
+   software under a different root filing system. The Exim install script now
+   recognizes DESTDIR first; if it is not set, ROOT is used.
+
+7. If DESTDIR is set when installing Exim, it no longer prepends its value to
+   the path of the system aliases file that appears in the default
+   configuration (when a default configuration is installed). If an aliases
+   file is actually created, its name *does* use the prefix.
+
+
+Version 4.14
+------------
+
+1. The default for the maximum number of unknown SMTP commands that Exim will
+accept before dropping a connection has been reduced from 5 to 3. However, you
+can now change the value by setting smtp_max_unknown_commands.
+
+2. The ${quote: operator has been changed so that it turns newline and carriage
+return characters into \n and \r, respectively.
+
+3. The file names used for maildir messages now include the microsecond time
+fraction as well as the time in seconds, to cope with systems where the process
+id can be re-used within the same second. The format is now
+
+  <time>.H<microsec>P<pid>.<host>
+
+This should be a compatible change, but is noted here just in case.
+
+4. The rules for creating message ids have changed, to cope with systems where
+the process id can be re-used within the same second. The format, however, is
+unchanged, so this should not cause any problems, except as noted in the next
+item.
+
+5. The maximum value for localhost_number has been reduced from 255 to 16, in
+order to implement the new message id rules. For operating systems that have
+case-insensitive file systems (Cygwin and Darwin), the limit is 10.
+
+6. verify = header_syntax was allowing unqualified addresses in all cases. Now
+it allows them only for locally generated messages and from hosts that match
+sender_unqualified_hosts or recipient_unqualified_hosts, respectively.
+
+7. For reasons lost in the mists of time, when a pipe transport was run, the
+environment variable MESSAGE_ID was set to the message ID preceded by 'E' (the
+form used in Message-ID: header lines). The 'E' has been removed.
+
+
+Version 4.11
+------------
+
+1. The handling of lines in the configuration file has changed. Previously,
+macro expansion was applied to logical lines, after continuations had been
+joined on. This meant that it could not be used in .include lines, which are
+handled as physical rather than logical lines. Macro expansion is now done on
+physical lines rather than logical lines. This means there are two
+incompatibilities:
+
+  (a) A macro that expands to # to turn a line into a comment now applies only
+      to the physical line where it appears. Previously, it would have caused
+      any following continuations also to be ignored.
+
+  (b) A macro name can no longer be split over the boundary between a line and
+      its continuation. Actually, this is more of a bug fix. :-)
+
+2. The -D command line option must now all be within one command line item.
+This makes it possible to use -D to set a macro to the empty string by commands
+such as
+
+  exim -DABC  ...
+  exim -DABC= ...
+
+Previously, these items would have moved on to the next item on the command
+line. To include spaces in a macro definition item, quotes must be used, in
+which case you can also have spaces after -D and surrounding the equals. For
+example:
+
+  exim '-D ABC = something' ...
+
+3. The way that addresses that redirect to themselves are handled has been
+changed, in order to fix an obscure bug. This should not cause any problems
+except in the case of wanting to go back from a 4.11 (or later) release to an
+earlier release. If there are undelivered messages on the spool that contain
+addresses which redirect to themselves, and the redirected addresses have
+already been delivered, you might get a duplicate delivery if you revert to an
+earlier Exim.
+
+4. The default way of looking up IP addresses for hosts in the manualroute and
+queryprogram routers has been changed. If "byname" or "bydns" is explicitly
+specified, there is no change, but if no method is specified, Exim now behaves
+as follows:
+
+  First, a DNS lookup is done. If this yields anything other than
+  HOST_NOT_FOUND, that result is used. Otherwise, Exim goes on to try a call to
+  getipnodebyname() (or gethostbyname() on older systems) and the result of the
+  lookup is the result of that call.
+
+This change has been made because it has been discovered that on some systems,
+if a DNS lookup called via getipnodebyname() times out, HOST_NOT_FOUND is
+returned instead of TRY_AGAIN. Thus, it is safest to try a DNS lookup directly
+first, and only if that gives a definite "no such host" to try the local
+function.
+
+5. In fixing the minor security problem with pid_file_path, I have removed some
+backwards-compatible (undocumented) code which was present to ease conversion
+from Exim 3. In Exim 4, pid_file_path is a literal; in Exim 3 it was allowed to
+contain "%s", which was replaced by the port number for daemons listening on
+non-standard ports. In Exim 4, such daemons do not write a pid file. The
+backwards compatibility feature was to replace "%s" by nothing if it occurred
+in an Exim 4 setting of pid_file_path. The bug was in this code. I have solved
+the problem by removing the backwards compatibility feature. Thus, if you still
+have "%s" somewhere in a setting of pid_file_path, you should remove it.
+
+6. There has been an extension to lsearch files. The keys in these files may
+now be quoted in order to allow for whitespace and colons in them. This means
+that if you were previously using keys that began with a doublequote, you will
+now have to wrap them with extra quotes and escape the internal quotes. The
+possibility that anybody is actually doing this seems extremely remote, but it
+is documented just in case.
+
+
+Version 4.10
+------------
+
+The build-time parameter EXIWHAT_KILL_ARG has been renamed EXIWHAT_KILL_SIGNAL
+to better reflect its function. The OS-specific files have been updated. Only
+if you have explicitly set this in your Makefile (highly unlikely) do you need
+to change anything.
+
+****
diff --git a/conf b/conf
new file mode 100644
index 0000000..1619c0d
--- /dev/null
+++ b/conf
@@ -0,0 +1,2 @@
+perl_startup = $| = 1; print "<${^TAINT}>\n";
+perl_taintmode = yes
diff --git a/doc/ChangeLog b/doc/ChangeLog
new file mode 100644
index 0000000..585deb0
--- /dev/null
+++ b/doc/ChangeLog
@@ -0,0 +1,7790 @@
+This document describes *changes* to previous versions, that might
+affect Exim's operation, with an unchanged configuration file.  For new
+options, and new features, see the NewStuff file next to this ChangeLog.
+
+
+Exim version 4.94
+-----------------
+
+JH/01 Avoid costly startup code when not strictly needed.  This reduces time
+      for some exim process initialisations.  It does mean that the logging
+      of TLS configuration problems is only done for the daemon startup.
+
+JH/02 Early-pipelining support code is now included unless disabled in Makefile.
+
+JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to
+      RFC 8301.  They can still be enabled, using the dkim_verify_hashes main
+      option.
+
+JH/04 Support CHUNKING from an smtp transport using a transport_filter, when
+      DKIM signing is being done.  Previously a transport_filter would always
+      disable CHUNKING, falling back to traditional DATA.
+
+JH/05 Regard command-line receipients as tainted.
+
+JH/06 Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM.
+
+JH/07 Bug 2489: Fix crash in the "pam" expansion condition.  It seems that the
+      PAM library frees one of the arguments given to it, despite the
+      documentation.  Therefore a plain malloc must be used.
+
+JH/08 Bug 2491: Use tainted buffers for the transport smtp context.  Previously
+      on-stack buffers were used, resulting in a taint trap when DSN information
+      copied from a received message was written into the buffer.
+
+JH/09 Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix
+      the ordering of its ARC headers.  This caused a crash.
+
+JH/10 Bug 2492: Use tainted memory for retry record when needed.  Previously when
+      a new record was being constructed with information from the peer, a trap
+      was taken.
+
+JH/11 Bug 2494: Unset the default for dmarc_tld_file.  Previously a naiive
+      installation would get error messages from DMARC verify, when it hit the
+      nonexistent file indicated by the default.  Distros wanting DMARC enabled
+      should both provide the file and set the option.
+      Also enforce no DMARC verification for command-line sourced messages.
+
+JH/12 Fix an uninitialised flag in early-pipelining.  Previously connections
+      could, depending on the platform, hang at the STARTTLS response.
+
+JH/13 Bug 2498: Reset a counter used for ARC verify before handling another
+      message on a connection.  Previously if one message had ARC headers and
+      the following one did not, a crash could result when adding an
+      Authentication-Results: header.
+
+JH/14 Bug 2500: Rewind some of the common-coding in string handling between the
+      Exim main code and Exim-related utities.  The introduction of taint
+      tracking also did many adjustments to string handling.  Since then, eximon
+      frequently terminated with an assert failure.
+
+JH/15 When PIPELINING, synch after every hundred or so RCPT commands sent and
+      check for 452 responses.  This slightly helps the inefficieny of doing
+      a large alias-expansion into a recipient-limited target.  The max_rcpt
+      transport option still applies (and at the current default, will override
+      the new feature).  The check is done for either cause of synch, and forces
+      a fast-retry of all 452'd recipients using a new MAIL FROM on the same
+      connection.  The new facility is not tunable at this time.
+
+JH/16 Fix the variables set by the gsasl authenticator.  Previously a pointer to
+      library live data was being used, so the results became garbage.  Make
+      copies while it is still usable.
+
+JH/17 Logging: when the deliver_time selector ise set, include the DT= field
+      on delivery deferred (==) and failed (**) lines (if a delivery was
+      attemtped).  Previously it was only on completion (=>) lines.
+
+JH/18 Authentication: the gsasl driver not provides the $authN variables in time
+      for the expansion of the server_scram_iter and server_scram_salt options.
+
+WB/01 SPF: DNS lookups for the obsolete SPF RR type done by the libspf2 library
+      are now specifically given a NO_DATA response without hitting the system
+      resolver.  The library goes on to do the now-standard TXT lookup.
+      Use of dnsdb lookups is not affected.
+
+JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure,
+      only retrieve the errormessage once.  Previously two calls to dlerror()
+      were used, and the second one (for mainlog/paniclog) retrieved null
+      information.
+
+JH/20 Taint checking: disallow use of tainted data for
+      - the appendfile transport file and directory options
+      - the pipe transport command
+      - the autoreply transport file, log and once options
+      - file names used by the redirect router (including filter files)
+      - named-queue names
+      - paths used by single-key lookups
+      Previously this was permitted.
+
+JH/21 Bug 2501: Fix init call in the heimdal authenticator.  Previously it
+      adjusted the size of a major service buffer; this failed because the
+      buffer was in use at the time.  Change to a compile-time increase in the
+      buffer size, when this authenticator is compiled into exim.
+
+JH/22 Taint-checking: move to safe-mode taint checking on all platforms.  The
+      previous fast-mode was untenable in the face of glibs using mmap to
+      support larger malloc requests.
+
+PP/01 Update the openssl_options possible values through OpenSSL 1.1.1c.
+      New values supported, if defined on system where compiled:
+      allow_no_dhe_kex, cryptopro_tlsext_bug, enable_middlebox_compat,
+      no_anti_replay, no_encrypt_then_mac, prioritize_chacha, tlsext_padding
+
+JH/23 Performance improvement in the initial phase of a two-pass queue run.  By
+      running a limited number of proceses in parallel, a benefit is gained. The
+      amount varies with the platform hardware and load.  The use of the option
+      queue_run_in_order means we cannot do this, as ordering becomes
+      indeterminate.
+
+JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage.  A previous fix
+      had introduced a string-copy (for ensuring NUL-termination) which was not
+      appropriate for that case, which can include embedded NUL bytes in the
+      block of data.  Investigation showed the copy to actually be needless, the
+      data being length-specified.
+
+JH/25 Fix use of concurrent TLS connections under GnuTLS.  When a callout was
+      done during a receiving connection, and both used TLS, global info was
+      used rather than per-connection info for tracking the state of data
+      queued for transmission.  This could result in a connection hang.
+
+JH/26 Fix use of the SIZE parameter on MAIL commands, on continued connections.
+      Previously, when delivering serveral messages down a single connection
+      only the first would provide a SIZE.  This was due to the size information
+      not being properly tracked.
+
+JH/27 Bug 2530: When operating in a timezone with sub-minute offset, such as
+      TAI (at 37 seconds currently), pretend to be in UTC for time-related
+      expansion and logging.  Previously, spurious values such as a future
+      minute could be seen.
+
+JH/28 Bug 2533: Fix expansion of ${tr } item.  When called in some situations
+      it could crash from a null-deref.  This could also affect the
+      ${addresses: } operator and ${readsock } item.
+
+JH/29 Bug 2537: Fix $mime_part_count.  When a single connection had a non-mime
+      message following a mime one, the variable was not reset.
+
+JH/30 When an pipelined-connect fails at the first response, assume incorrect
+      cached capability (perhaps the peer reneged?) and immediately retry in
+      non-pipelined mode.
+
+JH/31 Fix spurious detection of timeout while writing to transport filter.
+
+JH/32 Bug 2541: Fix segfault on bad cmdline -f (sender) argument.  Previously
+      an attempt to copy the string was made before checking it.
+
+JH/33 Fix the dsearch lookup to return an untainted result.  Previously the
+      taint of the lookup key was maintained; we now regard the presence in the
+      filesystem as sufficient validation.
+
+JH/34 Fix the readsocket expansion to not segfault when an empty "options"
+      argument is supplied.
+
+JH/35 The dsearch lookup now requires that the directory is an absolute path.
+      Previously this was not checked, and nonempty relative paths made an
+      access under Exim's current working directory.
+
+JH/36 Bug 2554: Fix msg:defer event for the hosts_max_try_hardlimit case.
+      Previously no event was raised.
+
+JH/37 Bug 2552: Fix the check on spool space during reception to use the SIZE
+      parameter supplied by the sender MAIL FROM command.  Previously it was
+      ignored, and only the check_spool_space option value for the required
+      leeway checked.
+
+JH/38 Fix $dkim_key_length.  This should, after a DKIM verification, present
+      the size of the signing public-key.  Previously it was instead giving
+      the size of the signature hash.
+
+JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now
+      the default.  See the (new) dkim_verify_min_keysizes option.
+
+JH/40 Fix a memory-handling bug: when a connection carried multiple messages
+      and an ACL use a lookup for checking either the local_part or domain,
+      stale data could be accessed.  Ensure that variable references are
+      dropped between messages.
+
+JH/41 Bug 2571: Fix SPA authenticator.  Running as a server, an offset supplied
+      by the client was not checked as pointing within response data before
+      being used.  A malicious client could thus cause an out-of-bounds read and
+      possibly gain authentication.  Fix by adding the check.
+
+JH/42 Internationalisation: change the default for downconversion in the smtp
+      transport to be "if needed".  Previously it was "as previously set" for
+      the message, which usually meant "if needed" for message-submission but
+      "no" for everything else.  However, MTAs have been seen using SMTPUTF8
+      even when the envelope addresses did not need it, resulting in forwarding
+      failures to non-supporting MTAs.  A downconvert in such cases will be
+      a no-op on the addresses, merely dropping the use of SMTPUTF8 by the
+      transport.  The change does mean that addresses needing conversion will
+      be converted when previously a delivery failure would occur.
+
+JH/43 Fix possible long line in DSN.  Previously when a very long SMTP error
+      response was received it would be used unchecked in a fail-DSN, violating
+      standards on line-length limits.  Truncate if needed.
+
+HS/01 Remove parameters of the link to www.open-spf.org. The linked form
+      doesn't work. (Additionally add a new main config option to configure the
+      spf_smtp_comment)
+
+
+Exim version 4.93
+-----------------
+
+JH/01 OpenSSL: With debug enabled output keying information sufficient, server
+      side, to decode a TLS 1.3 packet capture.
+
+JH/02 OpenSSL: Suppress the sending of (stateful) TLS1.3 session tickets.
+      Previously the default library behaviour applied, sending two, each in
+      its own TCP segment.
+
+JH/03 Debug output for ACL now gives the config file name and line number for
+      each verb.
+
+JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause.
+
+JH/05 DKIM: ensure that dkim_domain elements are lowercased before use.
+
+JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible
+      buffer overrun for (non-chunking) other transports.
+
+JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
+      TLS1.3, means that a server rejecting a client certificate is not visible
+      to the client until the first read of encrypted data (typically the
+      response to EHLO).  Add detection for that case and treat it as a failed
+      TLS connection attempt, so that the normal retry-in-clear can work (if
+      suitably configured).
+
+JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part
+      and/or domain.  Found and fixed by Jason Betts.
+
+JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid
+      configuration).  If a CNAME target was not a wellformed name pattern, a
+      crash could result.
+
+JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when
+      the OS reports them interleaved with other addresses.
+
+JH/10 OpenSSL: Fix aggregation of messages.  Previously, when PIPELINING was
+      used both for input and for a verify callout, both encrypted, SMTP
+      responses being sent by the server could be lost.  This resulted in
+      dropped connections and sometimes bounces generated by a peer sending
+      to this system.
+
+JH/11 Harden plaintext authenticator against a badly misconfigured client-send
+      string.  Previously it was possible to cause undefined behaviour in a
+      library routine (usually a crash).  Found by "zerons".
+
+JH/12 Bug 2384: fix "-bP smtp_receive_timeout".  Previously it returned no
+      output.
+
+JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward.  Some old
+      API was removed, so update to use the newer ones.
+
+JH/14 Bug 1891: Close the log file if receiving a non-smtp message, without
+      any timeout set, is taking a long time.  Previously we would hang on to a
+      rotated logfile "forever" if the input was arriving with long gaps
+      (a previous attempt to fix addressed lack, for a long time, of initial
+      input).
+
+HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a
+      shared (NFS) environment. The length of the tempfile name is now
+      4 + 16 ("hdr.$message_exim_id") which might break on file
+      systems which restrict the file name length to lower values.
+      (It was "hdr.$pid".)
+
+HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a
+      shared (NFS) environment.
+
+HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it
+      did for all versions <4.90). Notably -M, -m, --invert, -I may be
+      affected.
+
+JH/15 Use unsigned when creating bitmasks in macros, to avoid build errors
+      on some platforms for bit 31.
+
+JH/16 GnuTLS: rework ciphersuite strings under recent library versions.  Thanks
+      to changes apparently associated with TLS1.3 handling some of the APIs
+      previously used were either nonfunctional or inappropriate.  Strings
+      like TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM__AEAD:256
+      and TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128 replace
+      the previous TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 .
+      This affects log line X= elements, the $tls_{in,out}_cipher variables,
+      and the use of specific cipher names in the encrypted= ACL condition.
+
+JH/17 OpenSSL: the default openssl_options now disables ssl_v3.
+
+JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the
+      verification result was not updated unless hosts_require_ocsp applied.
+
+JH/19 Bug 2398: fix listing of a named-queue.  Previously, even with the option
+      queue_list_requires_admin set to false, non-admin users were denied the
+      facility.
+
+JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
+      directory-of-certs mode.  Previously they were advertised despite the
+      documentation.
+
+JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default.
+      A single TCP connection by a client will now hold a TLS connection open
+      for multiple message deliveries, by default.  Previoud the default was to
+      not do so.
+
+JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by
+      default.  If built with the facility, DANE will be used.  The facility
+      SUPPORT_DANE is now enabled in the prototype build Makefile "EDITME".
+
+JH/23 The build default is now for TLS to be included; the SUPPORT_TLS define
+      is replaced with DISABLE_TLS.  Either USE_GNUTLS or (the new) USE_OPENSSL
+      must be defined and you must still, unless you define DISABLE_TLS, manage
+      the the include-dir and library-file requirements that go with that
+      choice.  Non-TLS builds are still supported.
+
+JH/24 Fix duplicated logging of peer name/address, on a transport connection-
+      reject under TFO.
+
+JH/25 The smtp transport option "hosts_try_fastopen" now enables all hosts by
+      default.  If the platform supports and has the facility enabled, it will
+      be requested on all coneections.
+
+JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now
+      controlled by the build-time option SUPPORT_PIPE_CONNECT.
+
+PP/01 Unbreak heimdal_gssapi, broken in 4.92.
+
+JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for
+      success-DSN messages.  Previously the From: header was always the default
+      one for these; the option was ignored.
+
+JH/28 Fix the timeout on smtp response to apply to the whole response.
+      Previously it was reset for every read, so a teergrubing peer sending
+      single bytes within the time limit could extend the connection for a
+      long time.  Credit to Qualsys Security Advisory Team for the discovery.
+
+JH/29 Fix DSN Final-Recipient: field.  Previously it was the post-routing
+      delivery address, which leaked information of the results of local
+      forwarding.  Change to the original envelope recipient address, per
+      standards.
+
+JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is
+      requested.  Previously not bounce was generated and a log entry of
+      error ignored was made.
+
+JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917)
+
+JH/32 Introduce a general tainting mechanism for values read from the input
+      channel, and values derived from them.  Refuse to expand any tainted
+      values, to catch one form of exploit.
+
+JH/33 Bug 2413: Fix dkim_strict option.  Previously the expansion result
+      was unused and the unexpanded text used for the test.  Found and
+      fixed by Ruben Jenster.
+
+JH/34 Fix crash after TLS shutdown.  When the TCP/SMTP channel was left open,
+      an attempt to use a TLS library read routine dereffed a nul pointer,
+      causing a segfault.
+
+JH/35 Bug 2409: filter out-of-spec chars from callout response before using
+      them in our smtp response.
+
+JH/36 Have the general router option retry_use_local_part default to true when
+      any of the restrictive preconditions are set (to anything).  Previously it
+      was only for check_local user.  The change removes one item of manual
+      configuration which is required for proper retries when a remote router
+      handles a subset of addresses for a domain.
+
+JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file
+      link count into consideration.
+
+HS/04 Fix handling of very log lines in -H files. If a -<key> <value> line
+      caused the extension of big_buffer, the following lines were ignored.
+
+JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in
+      accordance with RFC 2308.  Previously there was no expiry, so a longlived
+      receive process (eg. due to ACL delays) versus a short SOA value could
+      surprise.
+
+HS/05 Handle trailing backslash gracefully. (CVE-2019-15846)
+
+JH/39 Promote DMARC support to mainline.
+
+JH/40 Bug 2452: Add a References: header to DSNs.
+
+JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman
+      parameters.  The relevant library call is documented as "Deprecated: This
+      function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since
+      3.6.0, DH parameters are negotiated following RFC7919."
+
+HS/06 Change the default of dnssec_request_domains to "*"
+
+JH/42 Bug 2545: Fix CHUNKING for all RCPT commands rejected.  Previously we
+      carried on and emitted a BDAT command, even when PIPELINING was not
+      active.
+
+JH/43 Bug 2465: Fix taint-handling in dsearch lookup.  Previously a nontainted
+      buffer was used for the filename, resulting in a trap when tainted
+      arguments (eg. $domain) were used.
+
+JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below;
+      recommended to avoid a possible server-load attack.  The feature can be
+      re-enabled via the openssl_options main cofiguration option.
+
+JH/45 local_scan API: documented the current smtp_printf() call. This changed
+      for version 4.90 - adding a "more data" boolean to the arguments.
+      Bumped the ABI version number also, this having been missed previously;
+      release versions 4.90 to 4.92.3 inclusive were effectively broken in
+      respect of usage of smtp_printf() by either local_scan code or libraries
+      accessed via the ${dlfunc } expansion item.  Both will need coding
+      adjustment for any calls to smtp_printf() to match the new function
+      signature; a FALSE value for the new argument is always safe.
+
+JH/46 FreeBSD: fix use of the sendfile() syscall.  The shim was not updating
+      the file-offset (which the Linux syscall does, and exim expects); this
+      resulted in an indefinite loop.
+
+JH/47 ARC: fix crash in signing, triggered when a configuration error failed
+      to do ARC verification.  The Authentication-Results: header line added
+      by the configuration then had no ARC item.
+
+
+Exim version 4.92
+-----------------
+
+JH/01 Remove code calling the customisable local_scan function, unless a new
+      definition "HAVE_LOCAL_SCAN=yes" is present in the Local/Makefile.
+
+JH/02 Bug 1007: Avoid doing logging from signal-handlers, as that can result in
+      non-signal-safe functions being used.
+
+JH/03 Bug 2269: When presented with a received message having a stupidly large
+      number of DKIM-Signature headers, disable DKIM verification to avoid
+      a resource-consumption attack.  The limit is set at twenty.
+
+JH/04 Add variables $arc_domains, $arc_oldest_pass for ARC verify.  Fix the
+      report of oldest_pass in ${authres } in consequence, and separate out
+      some descriptions of reasons for verification fail.
+
+JH/05 Bug 2273: Cutthrough delivery left a window where the received messsage
+      files in the spool were present and unlocked.  A queue-runner could spot
+      them, resulting in a duplicate delivery.  Fix that by doing the unlock
+      after the unlink.  Investigation by Tim Stewart.  Take the opportunity to
+      add more error-checking on spoolfile handling while that code is being
+      messed with.
+
+PP/01 Refuse to open a spool data file (*-D) if it's a symlink.
+      No known attacks, no CVE, this is defensive hardening.
+
+JH/06 Bug 2275: The MIME ACL unlocked the received message files early, and
+      a queue-runner could start a delivery while other operations were ongoing.
+      Cutthrough delivery was a common victim, resulting in duplicate delivery.
+      Found and investigated by Tim Stewart.  Fix by using the open message data
+      file handle rather than opening another, and not locally closing it (which
+      releases a lock) for that case, while creating the temporary .eml format
+      file for the MIME ACL.  Also applies to "regex" and "spam" ACL conditions.
+
+JH/07 Bug 177: Make a random-recipient callout success visible in ACL, by setting
+      $sender_verify_failure/$recipient_verify_failure to "random".
+
+JH/08 When generating a selfsigned cert, use serial number 1 since zero is not
+      legitimate.
+
+JH/09 Bug 2274: Fix logging of cmdline args when starting in an unlinked cwd.
+      Previously this would segfault.
+
+JH/10 Fix ARC signing for case when DKIM signing failed.  Previously this would
+      segfault.
+
+JH/11 Bug 2264: Exim now only follows CNAME chains one step by default. We'd
+      like zero, since the resolver should be doing this for us, But we need one
+      as a CNAME but no MX presence gets the CNAME returned; we need to check
+      that doesn't point to an MX to declare it "no MX returned" rather than
+      "error, loop".  A new main option is added so the older capability of
+      following some limited number of chain links is maintained.
+
+JH/12 Add client-ip info to non-pass iprev ${authres } lines.
+
+JH/13 For receent Openssl versions (1.1 onward) use modern generic protocol
+      methods.  These should support TLS 1.3; they arrived with TLS 1.3 and the
+      now-deprecated earlier definitions used only specified the range up to TLS
+      1.2 (in the older-version library docs).
+
+JH/14 Bug 2284: Fix DKIM signing for body lines starting with a pair of dots.
+
+JH/15 Rework TLS client-side context management.  Stop using a global, and
+      explicitly pass a context around.  This enables future use of TLS for
+      connections to service-daemons (eg. malware scanning) while a client smtp
+      connection is using TLS; with cutthrough connections this is quite likely.
+
+JH/16 Fix ARC verification to do AS checks in reverse order.
+
+JH/17 Support a "tls" option on the ${readsocket } expansion item.
+
+JH/18 Bug 2287: Fix the protocol name (eg utf8esmtp) for multiple messages
+      using the SMTPUTF8 option on their MAIL FROM commands, in one connection.
+      Previously the "utf8" would be re-prepended for every additional message.
+
+JH/19 Reject MAIL FROM commands with SMTPUTF8 when the facility was not advertised.
+      Previously thery were accepted, resulting in issues when attempting to
+      forward messages to a non-supporting MTA.
+
+PP/02 Let -n work with printing macros too, not just options.
+
+JH/20 Bug 2296: Fix cutthrough for >1 address redirection.  Previously only
+      one parent address was copied, and bogus data was used at delivery-logging
+      time.  Either a crash (after delivery) or bogus log data could result.
+      Discovery and analysis by Tim Stewart.
+
+PP/03 Make ${utf8clean:} expansion operator detect incomplete final character.
+      Previously if the string ended mid-character, we did not insert the
+      promised '?' replacement.
+
+PP/04 Documentation: current string operators work on bytes, not codepoints.
+
+JH/21 Change as many as possible of the global flags into one-bit bitfields; these
+      should pack well giving a smaller memory footprint so better caching and
+      therefore performance.  Group the declarations where this can't be done so
+      that the byte-sized flag variables are not interspersed among pointer
+      variables, giving a better chance of good packing by the compiler.
+
+JH/22 Bug 1896: Fix the envelope from for DMARC forensic reports to be possibly
+      non-null, to avoid issues with sites running BATV.  Previously reports were
+      sent with an empty envelope sender so looked like bounces.
+
+JH/23 Bug 2318: Fix the noerror command within filters.  It wasn't working.
+      The ignore_error flag wasn't being returned from the filter subprocess so
+      was not set for later routers.  Investigation and fix by Matthias Kurz.
+
+JH/24 Bug 2310: Raise a msg:fail:internal event for each undelivered recipient,
+      and a msg:complete for the whole, when a message is manually removed using
+      -Mrm.  Developement by Matthias Kurz, hacked on by JH.
+
+JH/25 Avoid fixed-size buffers for pathnames in DB access.  This required using
+      a "Gnu special" function, asprintf() in the DB utility binary builds; I
+      hope that is portable enough.
+
+JH/26 Bug 2311: Fix DANE-TA verification under GnuTLS.  Previously it was also
+      requiring a known-CA anchor certificate; make it now rely entirely on the
+      TLSA as an anchor.  Checking the name on the leaf cert against the name
+      on the A-record for the host is still done for TA (but not for EE mode).
+
+JH/27 Fix logging of proxy address.  Previously, a pointless "PRX=[]:0" would be
+      included in delivery lines for non-proxied connections, when compiled with
+      SUPPORT_SOCKS and running with proxy logging enabled.
+
+JH/28 Bug 2314: Fire msg:fail:delivery event even when error is being ignored.
+      Developement by Matthias Kurz, tweaked by JH.  While in that bit of code,
+      move the existing event to fire before the normal logging of message
+      failure so that custom logging is bracketed by normal logging.
+
+JH/29 Bug 2322: A "fail" command in a non-system filter (file) now fires the
+      msg:fail:internal event.  Developement by Matthias Kurz.
+
+JH/30 Bug 2329: Increase buffer size used for dns lookup from 2k, which was
+      far too small for todays use of crypto signatures stored there.  Go all
+      the way to the max DNS message size of 64kB, even though this might be
+      overmuch for IOT constrained device use.
+
+JH/31 Fix a bad use of a copy function, which could be used to pointlessly
+      copy a string over itself.  The library routine is documented as not
+      supporting overlapping copies, and on MacOS it actually raised a SIGABRT.
+
+JH/32 For main options check_spool_space and check_inode_space, where the
+      platform supports 64b integers, support more than the previous 2^31 kB
+      (i.e. more than 2 TB).  Accept E, P and T multipliers in addition to
+      the previous G, M, k.
+
+JH/33 Bug 2338: Fix the cyrus-sasl authenticator to fill in the
+      $authenticated_fail_id variable on authentication failure.  Previously
+      it was unset.
+
+JH/34 Increase RSA keysize of autogen selfsign cert from 1024 to 2048.  RHEL 8.0
+      OpenSSL didn't want to use such a weak key.  Do for GnuTLS also, and for
+      more-modern GnuTLS move from GNUTLS_SEC_PARAM_LOW to
+      GNUTLS_SEC_PARAM_MEDIUM.
+
+JH/35 OpenSSL: fail the handshake when SNI processing hits a problem, server
+      side.  Previously we would continue as if no SNI had been received.
+
+JH/36 Harden the handling of string-lists.  When a list consisted of a sole
+      "<" character, which should be a list-separator specification, we walked
+      off past the nul-terimation.
+
+JH/37 Bug 2341: Send "message delayed" warning MDNs (restricted to external
+      causes) even when the retry time is not yet met.  Previously they were
+      not, meaning that when (say) an account was over-quota and temp-rejecting,
+      and multiple senders' messages were queued, only one sender would get
+      notified on each configured delay_warning cycle.
+
+JH/38 Bug 2351: Log failures to extract envelope addresses from message headers.
+
+JH/39 OpenSSL: clear the error stack after an SSL_accept().  With anon-auth
+      cipher-suites, an error can be left on the stack even for a succeeding
+      accept; this results in impossible error messages when a later operation
+      actually does fail.
+
+AM/01 Bug 2359: GnuTLS: repeat lowlevel read and write operations while they
+      return error codes indicating retry.  Under TLS1.3 this becomes required.
+
+JH/40 Fix the feature-cache refresh for EXPERIMENTAL_PIPE_CONNECT.  Previously
+      it only wrote the new authenticators, resulting in a lack of tracking of
+      peer changes of ESMTP extensions until the next cache flush.
+
+JH/41 Fix the loop reading a message header line to check for integer overflow,
+      and more-often against header_maxsize.  Previously a crafted message could
+      induce a crash of the recive process; now the message is cleanly rejected.
+
+JH/42 Bug 2366: Fix the behaviour of the dkim_verify_signers option.  It had
+      been totally disabled for all of 4.91.  Discovery and fix by "Mad Alex".
+
+
+Exim version 4.91
+-----------------
+
+GF/01 DEFER rather than ERROR on redis cluster MOVED response.
+      When redis_servers is set to a list of > 1 element, and the Redis servers
+      in that list are in cluster configuration, convert the REDIS_REPLY_ERROR
+      case of MOVED into a DEFER case instead, thus moving the query onto the
+      next server in the list. For a cluster of N elements, all N servers must
+      be defined in redis_servers.
+
+GF/02 Catch and remove uninitialized value warning in exiqsumm
+      Check for existence of @ARGV before looking at $ARGV[0]
+
+JH/01 Replace the store_release() internal interface with store_newblock(),
+      which internalises the check required to safely use the old one, plus
+      the allocate and data copy operations duplicated in both (!) of the
+      extant use locations.
+
+JH/02 Disallow '/' characters in queue names specified for the "queue=" ACL
+      modifier.  This matches the restriction on the commandline.
+
+JH/03 Fix pgsql lookup for multiple result-tuples with a single column.
+      Previously only the last row was returned.
+
+JH/04 Bug 2217: Tighten up the parsing of DKIM signature headers. Previously
+      we assumed that tags in the header were well-formed, and parsed the
+      element content after inspecting only the first char of the tag.
+      Assumptions at that stage could crash the receive process on malformed
+      input.
+
+JH/05 Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
+      While running the DKIM ACL we operate on the Permanent memory pool so that
+      variables created with "set" persist to the DATA ACL.  Also (at any time)
+      DNS lookups that fail create cache records using the Permanent pool.  But
+      expansions release any allocations made on the current pool - so a dnsdb
+      lookup expansion done in the DKIM ACL releases the memory used for the
+      DNS negative-cache, and bad things result.  Solution is to switch to the
+      Main pool for expansions.
+      While we're in that code, add checks on the DNS cache during store_reset,
+      active in the testsuite.
+      Problem spotted, and debugging aided, by Wolfgang Breyha.
+
+JH/06 Fix issue with continued-connections when the DNS shifts unreliably.
+      When none of the hosts presented to a transport match an already-open
+      connection, close it and proceed with the list.  Previously we would
+      queue the message.  Spotted by Lena with Yahoo, probably involving
+      round-robin DNS.
+
+JH/07 Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL.
+      Previously a spurious "250 OK id=" response was appended to the proper
+      failure response.
+
+JH/08 The "support for" informational output now, which built with Content
+      Scanning support, has a line for the malware scanner interfaces compiled
+      in.  Interface can be individually included or not at build time.
+
+JH/09 The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
+      by the template makefile "src/EDITME".  The "STREAM" support for an older
+      ClamAV interface method is removed.
+
+JH/10 Bug 2223: Fix mysql lookup returns for the no-data case (when the number of
+      rows affected is given instead).
+
+JH/11 The runtime Berkeley DB library version is now additionally output by
+      "exim -d -bV".  Previously only the compile-time version was shown.
+
+JH/12 Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
+      SMTP connection.  Previously, when one had more receipients than the
+      first, an abortive onward connection was made.  Move to full support for
+      multiple onward connections in sequence, handling cutthrough connection
+      for all multi-message initiating connections.
+
+JH/13 Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by
+      routers.  Previously, a multi-recipient message would fail to match the
+      onward-connection opened for the first recipient, and cause its closure.
+
+JH/14 Bug 2174: A timeout on connect for a callout was also erroneously seen as
+      a timeout on read on a GnuTLS initiating connection, resulting in the
+      initiating connection being dropped.  This mattered most when the callout
+      was marked defer_ok.  Fix to keep the two timeout-detection methods
+      separate.
+
+JH/15 Relax results from ACL control request to enable cutthrough, in
+      unsupported situations, from error to silently (except under debug)
+      ignoring.  This covers use with PRDR, frozen messages, queue-only and
+      fake-reject.
+
+HS/01 Fix Buffer overflow in base64d() (CVE-2018-6789)
+
+JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
+      metadata, resulting in a crash in free().
+
+PP/01 Fix broken Heimdal GSSAPI authenticator integration.
+      Broken in f2ed27cf5, missing an equals sign for specified-initialisers.
+      Broken also in d185889f4, with init system revamp.
+
+JH/17 Bug 2113: Fix conversation closedown with the Avast malware scanner.
+      Previously we abruptly closed the connection after reading a malware-
+      found indication; now we go on to read the "scan ok" response line,
+      and send a quit.
+
+JH/18 Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail
+      ACL.  Previously, a crash would result.
+
+JH/19 Speed up macro lookups during configuration file read, by skipping non-
+      macro text after a replacement (previously it was only once per line) and
+      by skipping builtin macros when searching for an uppercase lead character.
+
+JH/20 DANE support moved from Experimental to mainline.  The Makefile control
+      for the build is renamed.
+
+JH/21 Fix memory leak during multi-message connections using STARTTLS.  A buffer
+      was allocated for every new TLS startup, meaning one per message.  Fix
+      by only allocating once (OpenSSL) or freeing on TLS-close (GnuTLS).
+
+JH/22 Bug 2236: When a DKIM verification result is overridden by ACL, DMARC
+      reported the original.  Fix to report (as far as possible) the ACL
+      result replacing the original.
+
+JH/23 Fix memory leak during multi-message connections using STARTTLS under
+      OpenSSL.  Certificate information is loaded for every new TLS startup,
+      and the resources needed to be freed.
+
+JH/24 Bug 2242: Fix exim_dbmbuild to permit directoryless filenames.
+
+JH/25 Fix utf8_downconvert propagation through a redirect router.  Previously it
+      was not propagated.
+
+JH/26 Bug 2253: For logging delivery lines under PRDR, append the overall
+      DATA response info to the (existing) per-recipient response info for
+      the "C=" log element.  It can have useful tracking info from the
+      destination system.  Patch from Simon Arlott.
+
+JH/27 Bug 2251: Fix ldap lookups that return a single attribute having zero-
+      length value.  Previously this would segfault.
+
+HS/02 Support Avast multiline protoocol, this allows passing flags to
+      newer versions of the scanner.
+
+JH/28 Ensure that variables possibly set during message acceptance are marked
+      dead before release of memory in the daemon loop.  This stops complaints
+      about them when the debug_store option is enabled.  Discovered specifically
+      for sender_rate_period, but applies to a whole set of variables.
+      Do the same for the queue-runner and queue-list loops, for variables set
+      from spool message files.  Do the same for the SMTP per-message loop, for
+      certain variables indirectly set in ACL operations.
+
+JH/29 Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
+      as a multi-recipient message from a mailinglist manager).  The coding had
+      an arbitrary cutoff number of characters while checking for more input;
+      enforced by writing a NUL into the buffer.  This corrupted long / fast
+      input.   The problem was exposed more widely when more pipelineing of SMTP
+      responses was introduced, and one Exim system was feeding another.
+      The symptom is log complaints of SMTP syntax error (NUL chars) on the
+      receiving system, and refused recipients seen by the sending system
+      (propating to people being dropped from mailing lists).
+      Discovered and pinpointed by David Carter.
+
+JH/30 The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
+      replaced by the ${authresults } expansion.
+
+JH/31 Bug 2257: Fix pipe transport to not use a socket-only syscall.
+
+HS/03 Set a handler for SIGTERM and call exit(3) if running as PID 1. This
+      allows proper process termination in container environments.
+
+JH/32 Bug 2258: Fix spool_wireformat in combination with LMTP transport.
+      Previously the "final dot" had a newline after it; ensure it is CR,LF.
+
+JH/33 SPF: remove support for the "spf" ACL condition outcome values "err_temp"
+      and "err_perm", deprecated since 4.83 when the RFC-defined words
+      "temperror" and "permerror" were introduced.
+
+JH/34 Re-introduce enforcement of no cutthrough delivery on transports having
+      transport-filters or DKIM-signing.  The restriction was lost in the
+      consolidation of verify-callout and delivery SMTP handling.
+      Extend the restriction to also cover ARC-signing.
+
+JH/35 Cutthrough: for a final-dot response timeout (and nonunderstood responses)
+      in defer=pass mode supply a 450 to the initiator.  Previously the message
+      would be spooled.
+
+PP/02 DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
+      tls_require_ciphers is used as before.
+
+HS/03 Malware Avast: Better match the Avast multiline protocol. Add
+      "pass_unscanned".  Only tmpfails from the scanner are written to
+      the paniclog, as they may require admin intervention (permission
+      denied, license issues). Other scanner errors (like decompression
+      bombs) do not cause a paniclog entry.
+
+JH/36 Fix reinitialisation of DKIM logging variable between messages.
+      Previously it was possible to log spurious information in receive log
+      lines.
+
+JH/37 Bug 2255: Revert the disable of the OpenSSL session caching.  This
+      triggered odd behaviour from Outlook Express clients.
+
+PP/03 Add util/renew-opendmarc-tlds.sh script for safe renewal of public
+      suffix list.
+
+JH/38 DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
+      since the IETF WG has not yet settled on that versus the original
+      "bare" representation.
+
+JH/39 Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
+      Previously the millisecond value corrupted the output.
+      Fix also for syslog_pid=no and log_selector +pid, for which the pid
+      corrupted the output.
+
+
+Exim version 4.90
+-----------------
+
+JH/01 Rework error string handling in TLS interface so that the caller in
+      more cases is responsible for logging.  This permits library-sourced
+      string to be attached to addresses during delivery, and collapses
+      pairs of long lines into single ones.
+
+PP/01 Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
+      during configuration.  Wildcards are allowed and expanded.
+
+JH/02 Rework error string handling in DKIM to pass more info back to callers.
+      This permits better logging.
+
+JH/03 Rework the transport continued-connection mechanism: when TLS is active,
+      do not close it down and have the child transport start it up again on
+      the passed-on TCP connection.  Instead, proxy the child (and any
+      subsequent ones) for TLS via a unix-domain socket channel.  Logging is
+      affected: the continued delivery log lines do not have any DNSSEC, TLS
+      Certificate or OCSP information.  TLS cipher information is still logged.
+
+JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of
+      identical IP addresses on different listening ports.  Will also affect
+      "exiwhat" output.
+
+PP/02 Bug 2070: uClibc defines __GLIBC__ without providing glibc headers;
+      add noisy ifdef guards to special-case this sillyness.
+      Patch from Bernd Kuhls.
+
+JH/05 Tighten up the checking in isip4 (et al): dotted-quad components larger
+      than 255 are no longer allowed.
+
+JH/06 Default openssl_options to include +no_ticket, to reduce load on peers.
+      Disable the session-cache too, which might reduce our load.  Since we
+      currrectly use a new context for every connection, both as server and
+      client, there is no benefit for these.
+      GnuTLS appears to not support tickets server-side by default (we don't
+      call gnutls_session_ticket_enable_server()) but client side is enabled
+      by default on recent versions (3.1.3 +) unless the PFS priority string
+      is used (3.2.4 +).
+
+PP/03 Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
+      <https://reproducible-builds.org/specs/source-date-epoch/>.
+
+JH/07 Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously
+      the check for any unsuccessful recipients did not notice the limit, and
+      erroneously found still-pending ones.
+
+JH/08 Pipeline CHUNKING command and data together, on kernels that support
+      MSG_MORE.  Only in-clear (not on TLS connections).
+
+JH/09 Avoid using a temporary file during transport using dkim.  Unless a
+      transport-filter is involved we can buffer the headers in memory for
+      creating the signature, and read the spool data file once for the
+      signature and again for transmission.
+
+JH/10 Enable use of sendfile in Linux builds as default.  It was disabled in
+      4.77 as the kernel support then wasn't solid, having issues in 64bit
+      mode.  Now, it's been long enough.  Add support for FreeBSD also.
+
+JH/11 Bug 2104: Fix continued use of a transport connection with TLS.  In the
+      case where the routing stage had gathered several addresses to send to
+      a host before calling the transport for the first, we previously failed
+      to close down TLS in the old transport process before passing the TCP
+      connection to the new process.  The new one sent a STARTTLS command
+      which naturally failed, giving a failed delivery and bloating the retry
+      database.  Investigation and fix prototype from Wolfgang Breyha.
+
+JH/12 Fix check on SMTP command input synchronisation.  Previously there were
+      false-negatives in the check that the sender had not preempted a response
+      or prompt from Exim (running as a server), due to that code's lack of
+      awareness of the SMTP input buffering.
+
+PP/04 Add commandline_checks_require_admin option.
+      Exim drops privileges sanely, various checks such as -be aren't a
+      security problem, as long as you trust local users with access to their
+      own account.  When invoked by services which pass untrusted data to
+      Exim, this might be an issue.  Set this option in main configuration
+      AND make fixes to the calling application, such as using `--` to stop
+      processing options.
+
+JH/13 Do pipelining under TLS.  Previously, although safe, no advantage was
+      taken.  Now take care to pack both (client) MAIL,RCPT,DATA, and (server)
+      responses to those, into a single TLS record each way (this usually means
+      a single packet).  As a side issue, smtp_enforce_sync now works on TLS
+      connections.
+
+PP/05 OpenSSL/1.1: use DH_bits() for more accurate DH param sizes.  This
+      affects you only if you're dancing at the edge of the param size limits.
+      If you are, and this message makes sense to you, then: raise the
+      configured limit or use OpenSSL 1.1.  Nothing we can do for older
+      versions.
+
+JH/14 For the "sock" variant of the malware scanner interface, accept an empty
+      cmdline element to get the documented default one.  Previously it was
+      inaccessible.
+
+JH/15 Fix a crash in the smtp transport caused when two hosts in succession
+      are unsuable for non-message-specific reasons - eg. connection timeout,
+      banner-time rejection.
+
+JH/16 Fix logging of delivery remote port, when specified by router, under
+      callout/hold.
+
+PP/06 Repair manualroute's ability to take options in any order, even if one
+      is the name of a transport.
+      Fixes bug 2140.
+
+HS/01 Cleanup, prevent repeated use of -p/-oMr (CVE-2017-1000369)
+
+JH/17 Change the list-building routines interface to use the expanding-string
+      triplet model, for better allocation and copying behaviour.
+
+JH/18 Prebuild the data-structure for "builtin" macros, for faster startup.
+      Previously it was constructed the first time a possibly-matching string
+      was met in the configuration file input during startup; now it is done
+      during compilation.
+
+JH/19 Bug 2141: Use the full-complex API for Berkeley DB rather than the legacy-
+      compatible one, to avoid the (poorly documented) possibility of a config
+      file in the working directory redirecting the DB files, possibly correpting
+      some existing file.  CVE-2017-10140 assigned for BDB.
+
+JH/20 Bug 2147: Do not defer for a verify-with-callout-and-random which is not
+      cache-hot.  Previously, although the result was properly cached, the
+      initial verify call returned a defer.
+
+JH/21 Bug 2151: Avoid using SIZE on the MAIL for a callout verify, on any but
+      the main verify for receipient in uncached-mode.
+
+JH/22 Retire historical build files to an "unsupported" subdir.  These are
+      defined as "ones for which we have no current evidence of testing".
+
+JH/23 DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field,
+      if present.  Previously it was ignored.
+
+JH/24 Start using specified-initialisers in C structure init coding.  This is
+      a C99 feature (it's 2017, so now considered safe).
+
+JH/25 Use one-bit bitfields for flags in the "addr" data structure.  Previously
+      if was a fixed-sized field and bitmask ops via macros; it is now more
+      extensible.
+
+PP/07 GitHub PR 56: Apply MariaDB build fix.
+      Patch provided by Jaroslav Škarvada.
+
+PP/08 Bug 2161: Fix regression in sieve quoted-printable handling introduced
+      during Coverity cleanups [4.87 JH/47]
+      Diagnosis and fix provided by Michael Fischer v. Mollard.
+
+JH/26 Fix DKIM bug: when the pseudoheader generated for signing was exactly
+      the right size to place the terminating semicolon on its own folded
+      line, the header hash was calculated to an incorrect value thanks to
+      the (relaxed) space the fold became.
+
+HS/02 Fix Bug 2130: large writes from the transport subprocess were chunked
+      and confused the parent.
+
+JH/27 Fix SOCKS bug: an unitialized pointer was deref'd by the transport process
+      which could crash as a result.  This could lead to undeliverable messages.
+
+JH/28 Logging: "next input sent too soon" now shows where input was truncated
+      for log purposes.
+
+JH/29 Fix queue_run_in_order to ignore the PID portion of the message ID.  This
+      matters on fast-turnover and PID-randomising systems, which were getting
+      out-of-order delivery.
+
+JH/30 Fix a logging bug on aarch64: an unsafe routine was previously used for
+      a possibly-overlapping copy.  The symptom was that "Remote host closed
+      connection in response to HELO" was logged instead of the actual 4xx
+      error for the HELO.
+
+JH/31 Fix CHUNKING code to properly flush the unwanted chunk after an error.
+      Previously only that bufferd was discarded, resulting in SYMTP command
+      desynchronisation.
+
+JH/32 DKIM: when a message has multiple signatures matching an identity given
+      in dkim_verify_signers, run the dkim acl once for each.  Previously only
+      one run was done.  Bug 2189.
+
+JH/33 Downgrade an unfound-list name (usually a typo in the config file) from
+      "panic the current process" to "deliberately defer".  The panic log is
+      still written with the problem list name; the mail and reject logs now
+      get a temp-reject line for the message that was being handled, saying
+      something like "domains check lookup or other defer".  The SMTP 451
+      message is still "Temporary local problem".
+
+JH/34 Bug 2199: Fix a use-after-free while reading smtp input for header lines.
+      A crafted sequence of BDAT commands could result in in-use memory beeing
+      freed.  CVE-2017-16943.
+
+HS/03 Bug 2201: Fix checking for leading-dot on a line during headers reading
+      from SMTP input.  Previously it was always done; now only done for DATA
+      and not BDAT commands.  CVE-2017-16944.
+
+JH/35 Bug 2201: Flush received data in BDAT mode after detecting an error fatal
+      to the message (such as an overlong header line).  Previously this was
+      not done and we did not exit BDAT mode.  Followon from the previous item
+      though a different problem.
+
+
+Exim version 4.89
+-----------------
+
+JH/01 Bug 1922: Support IDNA2008.  This has slightly different conversion rules
+      than -2003 did; needs libidn2 in addition to libidn.
+
+JH/02 The path option on a pipe transport is now expanded before use.
+
+PP/01 GitHub PR 50: Do not call ldap_start_tls_s on ldapi:// connections.
+      Patch provided by "Björn", documentation fix added too.
+
+JH/03 Bug 2003: fix Proxy Protocol v2 handling: the address size field was
+      missing a wire-to-host endian conversion.
+
+JH/04 Bug 2004: fix CHUNKING in non-PIPELINEING mode.  Chunk data following
+      close after a BDAT command line could be taken as a following command,
+      giving a synch failure.  Fix by only checking for synch immediately
+      before acknowledging the chunk.
+
+PP/02 GitHub PR 52: many spelling fixes, which include fixing parsing of
+      no_require_dnssec option and creation of _HAVE_TRANSPORT_APPEND_MAILDIR
+      macro.  Patches provided by Josh Soref.
+
+JH/05 Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
+      Previously we did not; the RFC seems ambiguous and VRFY is not listed
+      by IANA as a service extension.  However, John Klensin suggests that we
+      should.
+
+JH/06 Bug 2017: Fix DKIM verification in -bh test mode.  The data feed into
+      the dkim code may be unix-mode line endings rather than smtp wire-format
+      CRLF, so prepend a CR to any bare LF.
+
+JH/07 Rationalise the coding for callout smtp conversations and transport ones.
+      As a side-benfit, callouts can now use PIPELINING hence fewer round-trips.
+
+JH/08 Bug 2016: Fix DKIM verification vs. CHUNKING.  Any BDAT commands after
+      the first were themselves being wrongly included in the feed into dkim
+      processing; with most chunk sizes in use this resulted in an incorrect
+      body hash calculated value.
+
+JH/09 Bug 2014: permit inclusion of a DKIM-Signature header in a received
+      DKIM signature block, for verification.  Although advised against by
+      standards it is specifically not ruled illegal.
+
+JH/10 Bug 2025: Fix reception of (quoted) local-parts with embedded spaces.
+
+JH/11 Bug 2029: Fix crash in DKIM verification when a message signature block is
+      missing a body hash (the bh= tag).
+
+JH/12 Bug 2018: Re-order Proxy Protocol startup versus TLS-on-connect startup.
+      It seems that HAProxy sends the Proxy Protocol information in clear and
+      only then does a TLS startup, so do the same.
+
+JH/13 Bug 2027: Avoid attempting to use TCP Fast Open for non-transport client
+      TCP connections (such as for Spamd) unless the daemon successfully set
+      Fast Open mode on its listening sockets.  This fixes breakage seen on
+      too-old kernels or those not configured for Fast Open, at the cost of
+      requiring both directions being enabled for TFO, and TFO never being used
+      by non-daemon-related Exim processes.
+
+JH/14 Bug 2000: Reject messages recieved with CHUNKING but with malformed line
+      endings, at least on the first header line.  Try to canonify any that get
+      past that check, despite the cost.
+
+JH/15 Angle-bracket nesting (an error inserted by broken sendmails) levels are
+      now limited to an arbitrary five deep, while parsing addresses with the
+      strip_excess_angle_brackets option enabled.
+
+PP/03 Bug 2018: For Proxy Protocol and TLS-on-connect, do not over-read and
+      instead leave the unprompted TLS handshake in socket buffer for the
+      TLS library to consume.
+
+PP/04 Bug 2018: Also handle Proxy Protocol v2 safely.
+
+PP/05 FreeBSD compat: handle that Ports no longer create /usr/bin/perl
+
+JH/16 Drop variables when they go out of scope.  Memory management drops a whole
+      region in one operation, for speed, and this leaves assigned pointers
+      dangling.  Add checks run only under the testsuite which checks all
+      variables at a store-reset and panics on a dangling pointer; add code
+      explicitly nulling out all the variables discovered.  Fixes one known
+      bug: a transport crash, where a dangling pointer for $sending_ip_address
+      originally assigned in a verify callout, is re-used.
+
+PP/06 Drop '.' from @INC in various Perl scripts.
+
+PP/07 Switch FreeBSD iconv to always use the base-system libc functions.
+
+PP/08 Reduce a number of compilation warnings under clang; building with
+      CC=clang CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses
+      should be warning-free.
+
+JH/17 Fix inbound CHUNKING when DKIM disabled at runtime.
+
+HS/01 Fix portability problems introduced by PP/08 for platforms where
+      realloc(NULL) is not equivalent to malloc() [SunOS et al].
+
+HS/02 Bug 1974: Fix missing line terminator on the last received BDAT
+      chunk. This allows us to accept broken chunked messages. We need a more
+      general solution here.
+
+PP/09 Wrote util/chunking_fixqueue_finalnewlines.pl to help recover
+      already-broken messages in the queue.
+
+JH/18 Bug 2061: Fix ${extract } corrupting an enclosing ${reduce }  $value.
+
+JH/19 Fix reference counting bug in routing-generated-address tracking.
+
+
+Exim version 4.88
+-----------------
+
+JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
+      supports it and a size is available (ie. the sending peer gave us one).
+
+JH/02 The obsolete acl condition "demime" is removed (finally, after ten
+      years of being deprecated). The replacements are the ACLs
+      acl_smtp_mime and acl_not_smtp_mime.
+
+JH/03 Upgrade security requirements imposed for hosts_try_dane: previously
+      a downgraded non-dane trust-anchor for the TLS connection (CA-style)
+      or even an in-clear connection were permitted.  Now, if the host lookup
+      was dnssec and dane was requested then the host is only used if the
+      TLSA lookup succeeds and is dnssec.  Further hosts (eg. lower priority
+      MXs) will be tried (for hosts_try_dane though not for hosts_require_dane)
+      if one fails this test.
+      This means that a poorly-configured remote DNS will make it incommunicado;
+      but it protects against a DNS-interception attack on it.
+
+JH/04 Bug 1810: make continued-use of an open smtp transport connection
+      non-noisy when a race steals the message being considered.
+
+JH/05 If main configuration option tls_certificate is unset, generate a
+      self-signed certificate for inbound TLS connections.
+
+JH/06 Bug 165: hide more cases of password exposure - this time in expansions
+      in rewrites and routers.
+
+JH/07 Retire gnutls_require_mac et.al.  These were nonfunctional since 4.80
+      and logged a warning sing 4.83; now they are a configuration file error.
+
+JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name
+      (lacking @domain).  Apply the same qualification processing as RCPT.
+
+JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode.
+
+JH/10 Support ${sha256:} applied to a string (as well as the previous
+      certificate).
+
+JH/11 Cutthrough: avoid using the callout hints db on a verify callout when
+      a cutthrough deliver is pending, as we always want to make a connection.
+      This also avoids re-routing the message when later placing the cutthrough
+      connection after a verify cache hit.
+      Do not update it with the verify result either.
+
+JH/12 Cutthrough: disable when verify option success_on_redirect is used, and
+      when routing results in more than one destination address.
+
+JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim
+      signing (which inhibits the cutthrough capability).  Previously only
+      the presence of an option was tested; now an expansion evaluating as
+      empty is permissible (obviously it should depend only on data available
+      when the cutthrough connection is made).
+
+JH/14 Fix logging of errors under PIPELINING.  Previously the log line giving
+      the relevant preceding SMTP command did not note the pipelining mode.
+
+JH/15 Fix counting of empty lines in $body_linecount and $message_linecount.
+      Previously they were not counted.
+
+JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same
+      as one having no matching records.  Previously we deferred the message
+      that needed the lookup.
+
+JH/17 Fakereject: previously logged as a normal message arrival "<="; now
+      distinguished as "(=".
+
+JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work
+      for missing MX records.  Previously it only worked for missing A records.
+
+JH/19 Bug 1850: support Radius libraries that return REJECT_RC.
+
+JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops
+      after the data-go-ahead and data-ack.  Patch from Jason Betts.
+
+JH/21 Bug 1846: Send DMARC forensic reports for reject and quarantine results,
+      even for a "none" policy.  Patch from Tony Meyer.
+
+JH/22 Fix continued use of a connection for further deliveries. If a port was
+      specified by a router, it must also match for the delivery to be
+      compatible.
+
+JH/23 Bug 1874: fix continued use of a connection for further deliveries.
+      When one of the recipients of a message was unsuitable for the connection
+      (has no matching addresses), we lost track of needing to mark it
+      deferred.  As a result mail would be lost.
+
+JH/24 Bug 1832: Log EHLO response on getting conn-close response for HELO.
+
+JH/25 Decoding ACL controls is now done using a binary search; the source code
+      takes up less space and should be simpler to maintain.  Merge the ACL
+      condition decode tables also, with similar effect.
+
+JH/26 Fix problem with one_time used on a redirect router which returned the
+      parent address unchanged.  A retry would see the parent address marked as
+      delivered, so not attempt the (identical) child.  As a result mail would
+      be lost.
+
+JH/27 Fix a possible security hole, wherein a process operating with the Exim
+      UID can gain a root shell.  Credit to http://www.halfdog.net/ for
+      discovery and writeup.  Ubuntu bug 1580454; no bug raised against Exim
+      itself :(
+
+JH/28 Enable {spool,log} filesystem space and inode checks as default.
+      Main config options check_{log,spool}_{inodes,space} are now
+      100 inodes, 10MB unless set otherwise in the configuration.
+
+JH/29 Fix the connection_reject log selector to apply to the connect ACL.
+      Previously it only applied to the main-section connection policy
+      options.
+
+JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext.
+
+PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created
+      by me.  Added RFC7919 DH primes as an alternative.
+
+PP/02 Unbreak build via pkg-config with new hash support when crypto headers
+      are not in the system include path.
+
+JH/31 Fix longstanding bug with aborted TLS server connection handling.  Under
+      GnuTLS, when a session startup failed (eg because the client disconnected)
+      Exim did stdio operations after fclose.  This was exposed by a recent
+      change which nulled out the file handle after the fclose.
+
+JH/32 Bug 1909: Fix OCSP proof verification for cases where the proof is
+      signed directly by the cert-signing cert, rather than an intermediate
+      OCSP-signing cert.  This is the model used by LetsEncrypt.
+
+JH/33 Bug 1914: Ensure socket is nonblocking before draining after SMTP QUIT.
+
+HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on
+      an incoming connection.
+
+HS/02 Bug 1802: Do not half-close the connection after sending a request
+      to rspamd.
+
+HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2
+      fallback to "prime256v1".
+
+JH/34 SECURITY: Use proper copy of DATA command in error message.
+      Could leak key material.  Remotely exploitable.  CVE-2016-9963.
+
+
+Exim version 4.87
+-----------------
+
+JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16
+      and 3.4.4 - once the server is enabled to respond to an OCSP request
+      it does even when not requested, resulting in a stapling non-aware
+      client dropping the TLS connection.
+
+TF/01 Code cleanup: Overhaul the debug_selector and log_selector machinery to
+      support variable-length bit vectors. No functional change.
+
+TF/02 Improve the consistency of logging incoming and outgoing interfaces.
+      The I= interface field on outgoing lines is now after the H= remote
+      host field, same as incoming lines. There is a separate
+      outgoing_interface log selector which allows you to disable the
+      outgoing I= field.
+
+JH/02 Bug 728: Close logfiles after a daemon-process "exceptional" log write.
+      If not running log_selector +smtp_connection the mainlog would be held
+      open indefinitely after a "too many connections" event, including to a
+      deleted file after a log rotate. Leave the per net connection logging
+      leaving it open for efficiency as that will be quickly detected by the
+      check on the next write.
+
+HS/01 Bug 1671: Fix post transport crash.
+      Processing the wait-<transport> messages could crash the delivery
+      process if the message IDs didn't exist for some reason. When
+      using 'split_spool_directory=yes' the construction of the spool
+      file name failed already, exposing the same netto behaviour.
+
+JH/03 Bug 425: Capture substrings in $regex1, $regex2 etc from regex &
+      mime_regex ACL conditions.
+
+JH/04 Bug 1686: When compiled with EXPERIMENTAL_DSN_INFO: Add extra information
+      to DSN fail messages (bounces): remote IP, remote greeting, remote response
+      to HELO, local diagnostic string.
+
+JH/05 Downgrade message for a TLS-certificate-based authentication fail from
+      log line to debug.  Even when configured with a tls authenticator many
+      client connections are expected to not authenticate in this way, so
+      an authenticate fail is not an error.
+
+HS/02 Add the Exim version string to the process info.  This way exiwhat
+      gives some more detail about the running daemon.
+
+JH/06 Bug 1395: time-limit caching of DNS lookups, to the TTL value.  This may
+      matter for fast-change records such as DNSBLs.
+
+JH/07 Bug 1678: Always record an interface option value, if set,  as part of a
+      retry record, even if constant.  There may be multiple transports with
+      different interface settings and the retry behaviour needs to be kept
+      distinct.
+
+JH/08 Bug 1586: exiqgrep now refuses to run if there are unexpected arguments.
+
+JH/09 Bug 1700: ignore space & tab embedded in base64 during decode.
+
+JH/10 Bug 840: fix log_defer_output option of pipe transport
+
+JH/11 Bug 830: use same host for all RCPTS of a message, even under
+      hosts_randomize.  This matters a lot when combined with mua_wrapper.
+
+JH/12 Bug 1706: percent and underbar characters are no longer escaped by the
+      ${quote_pgsql:<string>} operator.
+
+JH/13 Bug 1708: avoid misaligned access in cached lookup.
+
+JH/14 Change header file name for freeradius-client.  Relevant if compiling
+      with Radius support; from the Gentoo tree and checked under Fedora.
+
+JH/15 Bug 1712: Introduce $prdr_requested flag variable
+
+JH/16 Bug 1714: Permit an empty string as expansion result for transport
+      option transport_filter, meaning no filtering.
+
+JH/17 Bug 1713: Fix non-PDKIM_DEBUG build.  Patch from Jasen Betts.
+
+JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now
+      defaults to "*" (all hosts).  The variable is now available when not built
+      with TLS, default unset, mainly to enable keeping the testsuite sane.
+      If a server certificate is not supplied (via tls_certificate) an error is
+      logged, and clients will find TLS connections fail on startup.  Presumably
+      they will retry in-clear.
+      Packagers of Exim are strongly encouraged to create a server certificate
+      at installation time.
+
+HS/03 Add -bP config_file as a synonym for -bP configure_file, for consistency
+      with the $config_file variable.
+
+JH/19 Two additional event types: msg:rcpt:defer and msg:rcpt:host:defer. Both
+      in transport context, after the attempt, and per-recipient. The latter type
+      is per host attempted.  The event data is the error message, and the errno
+      information encodes the lookup type (A vs. MX) used for the (first) host,
+      and the trailing two digits of the smtp 4xx response.
+
+GF/01 Bug 1715: Fix for race condition in exicyclog, where exim could attempt
+      to write to mainlog (or rejectlog, paniclog) in the window between file
+      creation and permissions/ownership being changed. Particularly affects
+      installations where exicyclog is run as root, rather than exim user;
+      result is that the running daemon panics and dies.
+
+JH/20 Bug 1701: For MySQL lookups, support MySQL config file option group names.
+
+JH/21 Bug 1720: Add support for priority groups and weighted-random proxy
+      selection for the EXPERIMENTAL_SOCKS feature, via new per-proxy options
+      "pri" and "weight".  Note that the previous implicit priority given by the
+      list order is no longer honoured.
+
+JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalization
+      for DKIM processing.
+
+JH/23 Move SOCKS5 support from Experimental to mainline, enabled for a build
+      by defining SUPPORT_SOCKS.
+
+JH/26 Move PROXY support from Experimental to mainline, enabled for a build
+      by defining SUPPORT_PROXY.  Note that the proxy_required_hosts option
+      is renamed to hosts_proxy, and the proxy_{host,target}_{address,port}.
+      variables are renamed to proxy_{local,external}_{address,port}.
+
+JH/27 Move Internationalisation support from Experimental to mainline, enabled
+      for a build by defining SUPPORT_I18N
+
+JH/28 Bug 1745: Fix redis lookups to handle (quoted) spaces embedded in parts
+      of the query string, and make ${quote_redis:} do that quoting.
+
+JH/29 Move Events support from Experimental to mainline, enabled by default
+      and removable for a build by defining DISABLE_EVENT.
+
+JH/30 Updated DANE implementation code to current from Viktor Dukhovni.
+
+JH/31 Fix bug with hosts_connection_nolog and named-lists which were wrongly
+      cached by the daemon.
+
+JH/32 Move Redis support from Experimental to mainline, enabled for a build
+      by defining LOOKUP_REDIS. The libhiredis library is required.
+
+JH/33 Bug 1748: Permit ACL dnslists= condition in non-smtp ACLs if explicit
+      keys are given for lookup.
+
+JH/34 Bug 1192: replace the embedded copy of PolarSSL RSA routines in the DKIM
+      support, by using OpenSSL or GnuTLS library ones.  This means DKIM is
+      only supported when built with TLS support.  The PolarSSL SHA routines
+      are still used when the TLS library is too old for convenient support.
+
+JH/35 Require SINGLE_DH_USE by default in OpenSSL (main config option
+      openssl_options), for security.  OpenSSL forces this from version 1.1.0
+      server-side so match that on older versions.
+
+JH/36 Bug 1778: longstanding bug in memory use by the ${run } expansion: A fresh
+      allocation for $value could be released as the expansion processing
+      concluded, but leaving the global pointer active for it.
+
+JH/37 Bug 1769: Permit a VRFY ACL to override the default 252 response,
+      and to use the domains and local_parts ACL conditions.
+
+JH/38 Fix cutthrough bug with body lines having a single dot. The dot was
+      incorrectly not doubled on cutthrough transmission, hence seen as a
+      body-termination at the receiving system - resulting in truncated mails.
+      Commonly the sender saw a TCP-level error, and retransmitted the message
+      via the normal store-and-forward channel. This could result in duplicates
+      received - but deduplicating mailstores were liable to retain only the
+      initial truncated version.
+
+JH/39 Bug 1781: Fix use of DKIM private-keys having trailing '=' in the base-64.
+
+JH/40 Fix crash in queryprogram router when compiled with EXPERIMENTAL_SRS.
+
+JH/41 Bug 1792: Fix selection of headers to sign for DKIM: bottom-up.  While
+      we're in there, support oversigning also; bug 1309.
+
+JH/42 Bug 1796: Fix error logged on a malware scanner connection failure.
+
+HS/04 Add support for keep_environment and add_environment options.
+
+JH/43 Tidy coding issues detected by gcc --fsanitize=undefined.  Some remain;
+      either intentional arithmetic overflow during PRNG, or testing config-
+      induced overflows.
+
+JH/44 Bug 1800: The combination of a -bhc commandline option and cutthrough
+      delivery resulted in actual delivery.  Cancel cutthrough before DATA
+      stage.
+
+JH/45 Fix cutthrough, when connection not opened by verify and target hard-
+      rejects a recipient: pass the reject to the originator.
+
+JH/46 Multiple issues raised by Coverity. Some were obvious or plausible bugs.
+      Many were false-positives and ignorable, but it's worth fixing the
+      former class.
+
+JH/47 Fix build on HP-UX and older Solaris, which need (un)setenv now also
+      for the new environment-manipulation done at startup.  Move the routines
+      from being local to tls.c to being global via the os.c file.
+
+JH/48 Bug 1807: Fix ${extract } for the numeric/3-string case. While preparsing
+      an extract embedded as result-arg for a map, the first arg for extract
+      is unavailable so we cannot tell if this is a numbered or keyed
+      extraction.  Accept either.
+
+
+Exim version 4.86
+-----------------
+
+JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
+      expanded.
+
+JH/02 The smtp transport option "multi_domain" is now expanded.
+
+JH/03 The smtp transport now requests PRDR by default, if the server offers
+      it.
+
+JH/04 Certificate name checking on server certificates, when exim is a client,
+      is now done by default.  The transport option tls_verify_cert_hostnames
+      can be used to disable this per-host.  The build option
+      EXPERIMENTAL_CERTNAMES is withdrawn.
+
+JH/05 The value of the tls_verify_certificates smtp transport and main options
+      default to the word "system" to access the system default CA bundle.
+      For GnuTLS, only version 3.0.20 or later.
+
+JH/06 Verification of the server certificate for a TLS connection is now tried
+      (but not required) by default.  The verification status is now logged by
+      default, for both outbound TLS and client-certificate supplying inbound
+      TLS connections
+
+JH/07 Changed the default rfc1413 lookup settings to disable calls.  Few
+      sites use this now.
+
+JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery
+      Status Notification (bounce) messages are now MIME format per RFC 3464.
+      Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised
+      under the control of the dsn_advertise_hosts option, and routers may
+      have a dsn_lasthop option.
+
+JH/09 A timeout of 2 minutes is now applied to all malware scanner types by
+      default, modifiable by a malware= option.  The list separator for
+      the options can now be changed in the usual way.  Bug 68.
+
+JH/10 The smtp_receive_timeout main option is now expanded before use.
+
+JH/11 The incoming_interface log option now also enables logging of the
+      local interface on delivery outgoing connections.
+
+JH/12 The cutthrough-routing facility now supports multi-recipient mails,
+      if the interface and destination host and port all match.
+
+JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a
+      /defer_ok option.
+
+JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd.
+      Patch from Andrew Lewis.
+
+JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition)
+      now supports optional time-restrictions, weighting, and priority
+      modifiers per server.  Patch originally by <rommer@active.by>.
+
+JH/16 The spamd_address main option now supports a mixed list of local
+      and remote servers.  Remote servers can be IPv6 addresses, and
+      specify a port-range.
+
+JH/17 Bug 68: The spamd_address main option now supports an optional
+      timeout value per server.
+
+JH/18 Bug 1581: Router and transport options headers_add/remove can
+      now have the list separator specified.
+
+JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry
+      option values.
+
+JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails
+      under OpenSSL.
+
+JH/21 Support for the A6 type of dns record is withdrawn.
+
+JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters
+      rather than the verbs used.
+
+JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size
+      from 255 to 1024 chars.
+
+JH/24 Verification callouts now attempt to use TLS by default.
+
+HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains)
+      are generic router options now. The defaults didn't change.
+
+JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames.
+      Original patch from Alexander Shikoff, worked over by JH.
+
+HS/02 Bug 1575: exigrep falls back to autodetection of compressed
+      files if ZCAT_COMMAND is not executable.
+
+JH/26 Bug 1539: Add timeout/retry options on dnsdb lookups.
+
+JH/27 Bug 286: Support SOA lookup in dnsdb lookups.
+
+JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
+      Normally benign, it bites when the pair was led to by a CNAME;
+      modern usage is to not canonicalize the domain to a CNAME target
+      (and we were inconsistent anyway for A-only vs AAAA+A).
+
+JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
+
+JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
+      when evaluating $sender_host_dnssec.
+
+JH/31 Check the HELO verification lookup for DNSSEC, adding new
+      $sender_helo_dnssec variable.
+
+JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve.
+
+JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log.
+
+JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues.
+
+JH/35 Bug 1642: Fix support of $spam_ variables at delivery time.  Was
+      documented as working, but never had.  Support all but $spam_report.
+
+JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command
+      added for tls authenticator.
+
+HS/03 Add perl_taintmode main config option
+
+
+Exim version 4.85
+-----------------
+
+TL/01 When running the test suite, the README says that variables such as
+      no_msglog_check are global and can be placed anywhere in a specific
+      test's script, however it was observed that placement needed to be near
+      the beginning for it to behave that way. Changed the runtest perl
+      script to read through the entire script once to detect and set these
+      variables, reset to the beginning of the script, and then run through
+      the script parsing/test process like normal.
+
+TL/02 The BSD's have an arc4random API. One of the functions to induce
+      adding randomness was arc4random_stir(), but it has been removed in
+      OpenBSD 5.5. Detect this OpenBSD version and skip calling this
+      function when detected.
+
+JH/01 Expand the EXPERIMENTAL_TPDA feature.  Several different events now
+      cause callback expansion.
+
+TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that
+      syntax errors in an expansion can be treated as a string instead of
+      logging or causing an error, due to the internal use of bool_lax
+      instead of bool when processing it.
+
+JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
+      server certificates when making smtp deliveries.
+
+JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups.
+
+JH/04 Add ${sort {list}{condition}{extractor}} expansion item.
+
+TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep.
+
+TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
+      Merged patch from Sebastian Wiedenroth.
+
+JH/05 Fix results-pipe from transport process.  Several recipients, combined
+      with certificate use, exposed issues where response data items split
+      over buffer boundaries were not parsed properly.  This eventually
+      resulted in duplicates being sent.  This issue only became common enough
+      to notice due to the introduction of connection certificate information,
+      the item size being so much larger.  Found and fixed by Wolfgang Breyha.
+
+JH/06 Bug 1533: Fix truncation of items in headers_remove lists.  A fixed
+      size buffer was used, resulting in syntax errors when an expansion
+      exceeded it.
+
+JH/07 Add support for directories of certificates when compiled with a GnuTLS
+      version 3.3.6 or later.
+
+JH/08 Rename the TPDA experimental facility to Event Actions.  The #ifdef
+      is EXPERIMENTAL_EVENT, the main-configuration and transport options
+      both become "event_action", the variables become $event_name, $event_data
+      and $event_defer_errno.  There is a new variable $verify_mode, usable in
+      routers, transports and related events.  The tls:cert event is now also
+      raised for inbound connections, if the main configuration event_action
+      option is defined.
+
+TL/06 In test suite, disable OCSP for old versions of openssl which contained
+      early OCSP support, but no stapling (appears to be less than 1.0.0).
+
+JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
+      server certificate names available under the smtp transport option
+      "tls_verify_cert_hostname" now do not permit multi-component wildcard
+      matches.
+
+JH/10 Time-related extraction expansions from certificates now use the main
+      option "timezone" setting for output formatting, and are consistent
+      between OpenSSL and GnuTLS compilations.  Bug 1541.
+
+JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047-
+      encoded parameter in the incoming message.  Bug 1558.
+
+JH/12 Bug 1527: Autogrow buffer used in reading spool files.  Since they now
+      include certificate info, eximon was claiming there were spoolfile
+      syntax errors.
+
+JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return.
+
+JH/14 Log delivery-related information more consistently, using the sequence
+      "H=<name> [<ip>]" wherever possible.
+
+TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which
+      are problematic for Debian distribution, omit them from the release
+      tarball.
+
+JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature.
+
+JH/16 Fix string representation of time values on 64bit time_t architectures.
+      Bug 1561.
+
+JH/17 Fix a null-indirection in certextract expansions when a nondefault
+      output list separator was used.
+
+
+Exim version 4.84
+-----------------
+TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static
+      checkers that were complaining about end of non-void function with no
+      return.
+
+JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers.
+      This was a regression introduced in 4.83 by another bugfix.
+
+JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled.
+
+TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when
+      EXPERIMENTAL_DSN is enabled.  Fix from Wolfgang Breyha.
+
+
+Exim version 4.83
+-----------------
+
+TF/01 Correctly close the server side of TLS when forking for delivery.
+
+      When a message was received over SMTP with TLS, Exim failed to clear up
+      the incoming connection properly after forking off the child process to
+      deliver the message. In some situations the subsequent outgoing
+      delivery connection happened to have the same fd number as the incoming
+      connection previously had. Exim would try to use TLS and fail, logging
+      a "Bad file descriptor" error.
+
+TF/02 Portability fix for building lookup modules on Solaris when the xpg4
+      utilities have not been installed.
+
+JH/01 Fix memory-handling in use of acl as a conditional; avoid free of
+      temporary space as the ACL may create new global variables.
+
+TL/01 LDAP support uses per connection or global context settings, depending
+      upon the detected version of the libraries at build time.
+
+TL/02 Experimental Proxy Protocol support: allows a proxied SMTP connection
+      to extract and use the src ip:port in logging and expansions as if it
+      were a direct connection from the outside internet. PPv2 support was
+      updated based on HAProxy spec change in May 2014.
+
+JH/02 Add ${listextract {number}{list}{success}{fail}}.
+
+TL/03 Bugzilla 1433: Fix DMARC SEGV with specific From header contents.
+      Properly escape header and check for NULL return.
+
+PP/01 Continue incomplete 4.82 PP/19 by fixing docs too: use dns_dnssec_ok
+      not dns_use_dnssec.
+
+JH/03 Bugzilla 1157: support log_selector smtp_confirmation for lmtp.
+
+TL/04 Add verify = header_names_ascii check to reject email with non-ASCII
+      characters in header names, implemented as a verify condition.
+      Contributed by Michael Fischer v. Mollard.
+
+TL/05 Rename SPF condition results err_perm and err_temp to standardized
+      results permerror and temperror.  Previous values are deprecated but
+      still accepted.  In a future release, err_perm and err_temp will be
+      completely removed, which will be a backward incompatibility if the
+      ACL tests for either of these two old results. Patch contributed by
+      user bes-internal on the mailing list.
+
+JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
+
+JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
+      selectors, in both main and reject logs.
+
+JH/06 Log outbound-TLS and port details, subject to log selectors, for a
+      failed delivery.
+
+JH/07 Add malware type "sock" for talking to simple daemon.
+
+JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport.
+
+JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in
+      routers/transports under cutthrough routing.
+
+JH/10 Bugzilla 1005: ACL "condition =" should accept values which are negative
+      numbers.  Touch up "bool" conditional to keep the same definition.
+
+TL/06 Remove duplicated language in spec file from 4.82 TL/16.
+
+JH/11 Add dnsdb tlsa lookup.  From Todd Lyons.
+
+JH/12 Expand items in router/transport headers_add or headers_remove lists
+      individually rather than the list as a whole.  Bug 1452.
+
+      Required for reasonable handling of multiple headers_ options when
+      they may be empty; requires that headers_remove items with embedded
+      colons must have them doubled (or the list-separator changed).
+
+TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly
+      view the policy declared in the DMARC record. Currently, $dmarc_status
+      is a combined value of both the record presence and the result of the
+      analysis.
+
+JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport.  Bug 1455.
+
+JH/14 New options dnssec_request_domains, dnssec_require_domains on the
+      dnslookup router and the smtp transport (applying to the forward
+      lookup).
+
+TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list
+      of ldap servers used for a specific lookup.  Patch provided by Heiko
+      Schlichting.
+
+JH/18 New options dnssec_lax, dnssec_strict on dnsdb lookups.
+      New variable $lookup_dnssec_authenticated for observability.
+
+TL/09 Bugzilla 609: Add -C option to exiqgrep, specify which exim.conf to use.
+      Patch submitted by Lars Timman.
+
+JH/19 EXPERIMENTAL_OCSP support under GnuTLS.  Bug 1459.
+
+TL/10 Bugzilla 1454: New -oMm option to pass message reference to Exim.
+      Requires trusted mode and valid format message id, aborts otherwise.
+      Patch contributed by Heiko Schlichting.
+
+JH/20 New expansion variables tls_(in,out)_(our,peer)cert, and expansion item
+      certextract with support for various fields.  Bug 1358.
+
+JH/21 Observability of OCSP via variables tls_(in,out)_ocsp.  Stapling
+      is requested by default, modifiable by smtp transport option
+      hosts_request_ocsp.
+
+JH/22 Expansion operators ${md5:string} and ${sha1:string} can now
+      operate on certificate variables to give certificate fingerprints
+      Also new ${sha256:cert_variable}.
+
+JH/23 The PRDR feature is moved from being Experimental into the mainline.
+
+TL/11 Bug 1119: fix memory allocation in string_printing2().  Patch from
+      Christian Aistleitner.
+
+JH/24 The OCSP stapling feature is moved from Experimental into the mainline.
+
+TL/12 Bug 1444: Fix improper \r\n sequence handling when writing spool
+      file.  Patch from Wolfgang Breyha.
+
+JH/25 Expand the coverage of the delivery $host and $host_address to
+      client authenticators run in verify callout.  Bug 1476.
+
+JH/26 Port service names are now accepted for tls_on_connect_ports, to
+      align with daemon_smtp_ports.  Bug 72.
+
+TF/03 Fix udpsend. The ip_connectedsocket() function's socket type
+      support and error reporting did not work properly.
+
+TL/13 Bug 1495: Exiqgrep check if -C config file specified on cli exists
+      and is readable.  Patch from Andrew Colin Kissa.
+
+TL/14 Enhance documentation of ${run expansion and how it parses the
+      commandline after expansion, particularly in the case when an
+      unquoted variable expansion results in an empty value.
+
+JH/27 The TLS SNI feature was broken in 4.82.  Fix it.
+
+PP/02 Fix internal collision of T_APL on systems which support RFC3123
+      by renaming away from it.  Addresses GH issue 15, reported by
+      Jasper Wallace.
+
+JH/28 Fix parsing of MIME headers for parameters with quoted semicolons.
+
+TL/15 SECURITY: prevent double expansion in math comparison functions
+      (can expand unsanitized data). Not remotely exploitable.
+      CVE-2014-2972
+
+
+Exim version 4.82
+-----------------
+
+PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities.
+
+PP/02 Make -n do something, by making it not do something.
+      When combined with -bP, the name of an option is not output.
+
+PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured
+      by GnuTLS.
+
+PP/04 First step towards DNSSEC, provide $sender_host_dnssec for
+      $sender_host_name and config options to manage this, and basic check
+      routines.
+
+PP/05 DSCP support for outbound connections and control modifier for inbound.
+
+PP/06 Cyrus SASL: set local and remote IP;port properties for driver.
+      (Only plugin which currently uses this is kerberos4, which nobody should
+      be using, but we should make it available and other future plugins might
+      conceivably use it, even though it would break NAT; stuff *should* be
+      using channel bindings instead).
+
+PP/07 Handle "exim -L <tag>" to indicate to use syslog with tag as the process
+      name; added for Sendmail compatibility; requires admin caller.
+      Handle -G as equivalent to "control = suppress_local_fixups" (we used to
+      just ignore it); requires trusted caller.
+      Also parse but ignore: -Ac -Am -X<logfile>
+      Bugzilla 1117.
+
+TL/01 Bugzilla 1258 - Refactor MAIL FROM optional args processing.
+
+TL/02 Add +smtp_confirmation as a default logging option.
+
+TL/03 Bugzilla 198 - Implement remove_header ACL modifier.
+      Patch by Magnus Holmgren from 2007-02-20.
+
+TL/04 Bugzilla 1281 - Spec typo.
+      Bugzilla 1283 - Spec typo.
+      Bugzilla 1290 - Spec grammar fixes.
+
+TL/05 Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
+
+TL/06 Add Experimental DMARC support using libopendmarc libraries.
+
+TL/07 Fix an out of order global option causing a segfault.  Reported to dev
+      mailing list by by Dmitry Isaikin.
+
+JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
+
+JH/02 Support "G" suffix to numbers in ${if comparisons.
+
+PP/08 Handle smtp transport tls_sni option forced-fail for OpenSSL.
+
+NM/01 Bugzilla 1197 - Spec typo
+      Bugzilla 1196 - Spec examples corrections
+
+JH/03 Add expansion operators ${listnamed:name} and ${listcount:string}
+
+PP/09 Add gnutls_allow_auto_pkcs11 option (was originally called
+      gnutls_enable_pkcs11, but renamed to more accurately indicate its
+      function.
+
+PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
+      Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
+
+JH/04 Add expansion item ${acl {name}{arg}...}, expansion condition
+      "acl {{name}{arg}...}", and optional args on acl condition
+      "acl = name arg..."
+
+JH/05 Permit multiple router/transport headers_add/remove lines.
+
+JH/06 Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination.
+
+JH/07 Avoid using a waiting database for a single-message-only transport.
+      Performance patch from Paul Fisher.  Bugzilla 1262.
+
+JH/08 Strip leading/trailing newlines from add_header ACL modifier data.
+      Bugzilla 884.
+
+JH/09 Add $headers_added variable, with content from use of ACL modifier
+      add_header (but not yet added to the message).  Bugzilla 199.
+
+JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line.
+      Pulled from Bugzilla 817 by Wolfgang Breyha.
+
+PP/11 SECURITY: protect DKIM DNS decoding from remote exploit.
+      CVE-2012-5671
+      (nb: this is the same fix as in Exim 4.80.1)
+
+JH/11 Add A= logging on delivery lines, and a client_set_id option on
+      authenticators.
+
+JH/12 Add optional authenticated_sender logging to A= and a log_selector
+      for control.
+
+PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29.
+
+PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not
+      advertise SMTP AUTH mechanism to us, instead of a generic
+      protocol violation error.  Also, make Exim more robust to bad
+      data from the Dovecot auth socket.
+
+TF/01 Fix ultimate retry timeouts for intermittently deliverable recipients.
+
+      When a queue runner is handling a message, Exim first routes the
+      recipient addresses, during which it prunes them based on the retry
+      hints database. After that it attempts to deliver the message to
+      any remaining recipients. It then updates the hints database using
+      the retry rules.
+
+      So if a recipient address works intermittently, it can get repeatedly
+      deferred at routing time. The retry hints record remains fresh so the
+      address never reaches the final cutoff time.
+
+      This is a fairly common occurrence when a user is bumping up against
+      their storage quota. Exim had some logic in its local delivery code
+      to deal with this. However it did not apply to per-recipient defers
+      in remote deliveries, e.g. over LMTP to a separate IMAP message store.
+
+      This change adds a proper retry rule check during routing so that the
+      final cutoff time is checked against the message's age. We only do
+      this check if there is an address retry record and there is not a
+      domain retry record; this implies that previous attempts to handle
+      the address had the retry_use_local_parts option turned on. We use
+      this as an approximation for the destination being like a local
+      delivery, as in LMTP.
+
+      I suspect this new check makes the old local delivery cutoff check
+      redundant, but I have not verified this so I left the code in place.
+
+TF/02 Correct gecos expansion when From: is a prefix of the username.
+
+      Test 0254 submits a message to Exim with the header
+
+        Resent-From: f
+
+      When I ran the test suite under the user fanf2, Exim expanded
+      the header to contain my full name, whereas it should have added
+      a Resent-Sender: header. It erroneously treats any prefix of the
+      username as equal to the username.
+
+      This change corrects that bug.
+
+GF/01 DCC debug and logging tidyup
+      Error conditions log to paniclog rather than rejectlog.
+      Debug lines prefixed by "DCC: " to remove any ambiguity.
+
+TF/03 Avoid unnecessary rebuilds of lookup-related code.
+
+PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
+      Bug spotted by Jeremy Harris; was flawed since initial commit.
+      Would have resulted in OCSP responses post-SNI triggering an Exim
+      NULL dereference and crash.
+
+JH/13 Add $router_name and $transport_name variables.  Bugzilla 308.
+
+PP/15 Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd.
+      Bug detection, analysis and fix by Samuel Thibault.
+      Bugzilla 1331, Debian bug #698092.
+
+SC/01 Update eximstats to watch out for senders sending 'HELO [IpAddr]'
+
+JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt).
+      Server implementation by Todd Lyons, client by JH.
+      Only enabled when compiled with EXPERIMENTAL_PRDR.  A new
+      config variable "prdr_enable" controls whether the server
+      advertises the facility.  If the client requests PRDR a new
+      acl_data_smtp_prdr ACL is called once for each recipient, after
+      the body content is received and before the acl_smtp_data ACL.
+      The client is controlled by both of: a hosts_try_prdr option
+      on the smtp transport, and the server advertisement.
+      Default client logging of deliveries and rejections involving
+      PRDR are flagged with the string "PRDR".
+
+PP/16 Fix problems caused by timeouts during quit ACLs trying to double
+      fclose().  Diagnosis by Todd Lyons.
+
+PP/17 Update configure.default to handle IPv6 localhost better.
+      Patch by Alain Williams (plus minor tweaks).
+      Bugzilla 880.
+
+PP/18 OpenSSL made graceful with empty tls_verify_certificates setting.
+      This is now consistent with GnuTLS, and is now documented: the
+      previous undocumented portable approach to treating the option as
+      unset was to force an expansion failure.  That still works, and
+      an empty string is now equivalent.
+
+PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
+      clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
+      not performing validation itself.
+
+PP/20 Added force_command boolean option to pipe transport.
+      Patch from Nick Koston, of cPanel Inc.
+
+JH/15 AUTH support on callouts (and hence cutthrough-deliveries).
+      Bugzilla 321, 823.
+
+TF/04 Added udpsend ACL modifier and hexquote expansion operator
+
+PP/21 Fix eximon continuous updating with timestamped log-files.
+      Broken in a format-string cleanup in 4.80, missed when I repaired the
+      other false fix of the same issue.
+      Report and fix from Heiko Schlichting.
+      Bugzilla 1363.
+
+PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
+      Report from Prashanth Katuri.
+
+PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options.
+      It's SecureTransport, so affects any MacOS clients which use the
+      system-integrated TLS libraries, including email clients.
+
+PP/24 Fix segfault from trying to fprintf() to a NULL stdio FILE* if
+      using a MIME ACL for non-SMTP local injection.
+      Report and assistance in diagnosis by Warren Baker.
+
+TL/08 Adjust exiqgrep to be case-insensitive for sender/receiver.
+
+JH/16 Fix comparisons for 64b.  Bugzilla 1385.
+
+TL/09 Add expansion variable $authenticated_fail_id to keep track of
+      last id that failed so it may be referenced in subsequent ACL's.
+
+TL/10 Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by
+      Alexander Miroch.
+
+TL/11 Bugzilla 1382 - Option ldap_require_cert overrides start_tls
+      ldap library initialization, allowing self-signed CA's to be
+      used. Also properly sets require_cert option later in code by
+      using NULL (global ldap config) instead of ldap handle (per
+      session). Bug diagnosis and testing by alxgomz.
+
+TL/12 Enhanced documentation in the ratelimit.pl script provided in
+      the src/util/ subdirectory.
+
+TL/13 Bug 1031 - Imported transport SQL logging patch from Axel Rau
+      renamed to Transport Post Delivery Action by Jeremy Harris, as
+      EXPERIMENTAL_TPDA.
+
+TL/14 Bugzilla 1217 - Redis lookup support has been added. It is only enabled
+      when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable
+      redis_servers = needs to be configured which will be used by the redis
+      lookup.  Patch from Warren Baker, of The Packet Hub.
+
+TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard Hall.
+
+TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors looking up a
+      hostname or reverse DNS when processing a host list. Used suggestions
+      from multiple comments on this bug.
+
+TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
+
+TL/18 Had previously added a -CONTINUE option to runtest in the test suite.
+      Missed a few lines, added it to make the runtest require no keyboard
+      interaction.
+
+TL/19 Bugzilla 1402 - Test 533 fails if any part of the path to the test suite
+      contains upper case chars. Make router use caseful_local_part.
+
+TL/20 Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS
+      support when GnuTLS has been built with p11-kit.
+
+
+Exim version 4.80.1
+-------------------
+
+PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
+      CVE-2012-5671
+      This, or similar/improved, will also be change PP/11 of 4.82.
+
+
+Exim version 4.80
+-----------------
+
+PP/01 Handle short writes when writing local log-files.
+      In practice, only affects FreeBSD (8 onwards).
+      Bugzilla 1053, with thanks to Dmitry Isaikin.
+
+NM/01 Bugzilla 949 - Documentation tweak
+
+NM/02 Bugzilla 1093 - eximstats DATA reject detection regexps
+      improved.
+
+NM/03 Bugzilla 1169 - primary_hostname spelling was incorrect in docs.
+
+PP/02 Implemented gsasl authenticator.
+
+PP/03 Implemented heimdal_gssapi authenticator with "server_keytab" option.
+
+PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
+      `pkg-config foo` for cflags/libs.
+
+PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
+      with rest of GSASL and with heimdal_gssapi.
+
+PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
+      `pkg-config foo` for cflags/libs for the TLS implementation.
+
+PP/07 New expansion variable $tls_bits; Cyrus SASL server connection
+      properties get this fed in as external SSF.  A number of robustness
+      and debugging improvements to the cyrus_sasl authenticator.
+
+PP/08 cyrus_sasl server now expands the server_realm option.
+
+PP/09 Bugzilla 1214 - Log authentication information in reject log.
+      Patch by Jeremy Harris.
+
+PP/10 Added dbmjz lookup type.
+
+PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid.
+
+PP/12 MAIL args handles TAB as well as SP, for better interop with
+      non-compliant senders.
+      Analysis and variant patch by Todd Lyons.
+
+NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated
+      Bug report from Lars Müller <lars@samba.org> (via SUSE),
+      Patch from Dirk Mueller <dmueller@suse.com>
+
+PP/13 tls_peerdn now print-escaped for spool files.
+      Observed some $tls_peerdn in wild which contained \n, which resulted
+      in spool file corruption.
+
+PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
+      values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
+      or write after TLS renegotiation, which otherwise led to messages
+      "Got SSL error 2".
+
+TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted
+      as a tracking header (ie: a signed header comes before the signature).
+      Patch from Wolfgang Breyha.
+
+JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
+      comma-sep list; embedded commas doubled.
+
+JH/02 Refactored ACL "verify =" logic to table-driven dispatch.
+
+PP/15 LDAP: Check for errors of TLS initialisation, to give correct
+      diagnostics.
+      Report and patch from Dmitry Banschikov.
+
+PP/16 Removed "dont_insert_empty_fragments" from "openssl_options".
+      Removed SSL_clear() after SSL_new() which led to protocol negotiation
+      failures.  We appear to now support TLS1.1+ with Exim.
+
+PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
+      lets Exim select keys and certificates based upon TLS SNI from client.
+      Also option tls_sni on SMTP Transports.  Also clear $tls_bits correctly
+      before an outbound SMTP session.  New log_selector, +tls_sni.
+
+PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid
+      NULL dereference.  Report and patch from Alun Jones.
+
+PP/19 DNS resolver init changes for NetBSD compatibility.  (Risk of breakage
+      on less well tested platforms).  Obviates NetBSD pkgsrc patch-ac.
+      Not seeing resolver debug output on NetBSD, but suspect this is a
+      resolver implementation change.
+
+PP/20 Revert part of NM/04, it broke log_path containing %D expansions.
+      Left warnings.  Added "eximon gdb" invocation mode.
+
+PP/21 Defaulting "accept_8bitmime" to true, not false.
+
+PP/22 Added -bw for inetd wait mode support.
+
+PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
+      locate the relevant includes and libraries.  Made this the default.
+
+PP/24 Fixed headers_only on smtp transports (was not sending trailing dot).
+      Bugzilla 1246, report and most of solution from Tomasz Kusy.
+
+JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
+      This may cause build issues on older platforms.
+
+PP/25 Revamped GnuTLS support, passing tls_require_ciphers to
+      gnutls_priority_init, ignoring Exim options gnutls_require_kx,
+      gnutls_require_mac & gnutls_require_protocols (no longer supported).
+      Added SNI support via GnuTLS too.
+      Made ${randint:..} supplier available, if using not-too-old GnuTLS.
+
+PP/26 Added EXPERIMENTAL_OCSP for OpenSSL.
+
+PP/27 Applied dnsdb SPF support patch from Janne Snabb.
+      Applied second patch from Janne, implementing suggestion to default
+      multiple-strings-in-record handling to match SPF spec.
+
+JH/04 Added expansion variable $tod_epoch_l for a higher-precision time.
+
+PP/28 Fix DCC dcc_header content corruption (stack memory referenced,
+      read-only, out of scope).
+      Patch from Wolfgang Breyha, report from Stuart Northfield.
+
+PP/29 Fix three issues highlighted by clang analyser static analysis.
+      Only crash-plausible issue would require the Cambridge-specific
+      iplookup router and a misconfiguration.
+      Report from Marcin Mirosław.
+
+PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
+
+PP/31 %D in printf continues to cause issues (-Wformat=security), so for
+      now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
+      As part of this, removing so much warning spew let me fix some minor
+      real issues in debug logging.
+
+PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing
+      assignment on my part.  Fixed.
+
+PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit
+      of NSS, for GnuTLS/NSS interop.  Problem root cause diagnosis by
+      Janne Snabb (who went above and beyond: thank you).
+
+PP/34 Validate tls_require_ciphers on startup, since debugging an invalid
+      string otherwise requires a connection and a bunch more work and it's
+      relatively easy to get wrong.  Should also expose TLS library linkage
+      problems.
+
+PP/35 Pull in <features.h> on Linux, for some portability edge-cases of
+      64-bit ${eval} (JH/03).
+
+PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of
+      GNU libc to support some of the 64-bit stuff, should not lead to
+      conflicts.  Defined before os.h is pulled in, so if a given platform
+      needs to override this, it can.
+
+PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought
+      protection layer was required, which is not implemented.
+      Bugzilla 1254, patch from Wolfgang Breyha.
+
+PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
+      into Exim, default to IKE id 23 from RFC 5114 (2048 bit).  Make
+      tls_dhparam take prime identifiers.  Also unbreak combination of
+      OpenSSL+DH_params+TLSSNI.
+
+PP/39 Disable SSLv2 by default in OpenSSL support.
+
+
+Exim version 4.77
+-----------------
+
+PP/01 Solaris build fix for Oracle's LDAP libraries.
+      Bugzilla 1109, patch from Stephen Usher.
+
+TF/01 HP/UX build fix: avoid arithmetic on a void pointer.
+
+TK/01 DKIM Verification: Fix relaxed canon for empty headers w/o
+      whitespace trailer
+
+TF/02 Fix a couple more cases where we did not log the error message
+      when unlink() failed. See also change 4.74-TF/03.
+
+TF/03 Make the exiwhat support code safe for signals. Previously Exim might
+      lock up or crash if it happened to be inside a call to libc when it
+      got a SIGUSR1 from exiwhat.
+
+      The SIGUSR1 handler appends the current process status to the process
+      log which is later printed by exiwhat. It used to use the general
+      purpose logging code to do this, but several functions it calls are
+      not safe for signals.
+
+      The new output code in the SIGUSR1 handler is specific to the process
+      log, and simple enough that it's easy to inspect for signal safety.
+      Removing some special cases also simplifies the general logging code.
+      Removing the spurious timestamps from the process log simplifies
+      exiwhat.
+
+TF/04 Improved ratelimit ACL condition.
+
+      The /noupdate option has been deprecated in favour of /readonly which
+      has clearer semantics. The /leaky, /strict, and /readonly update modes
+      are mutually exclusive. The update mode is no longer included in the
+      database key; it just determines when the database is updated. (This
+      means that when you upgrade Exim will forget old rate measurements.)
+
+      Exim now checks that the per_* options are used with an update mode that
+      makes sense for the current ACL. For example, when Exim is processing a
+      message (e.g. acl_smtp_rcpt or acl_smtp_data, etc.) you can specify
+      per_mail/leaky or per_mail/strict; otherwise (e.g. in acl_smtp_helo) you
+      must specify per_mail/readonly. If you omit the update mode it defaults to
+      /leaky where that makes sense (as before) or /readonly where required.
+
+      The /noupdate option is now undocumented but still supported for
+      backwards compatibility. It is equivalent to /readonly except that in
+      ACLs where /readonly is required you may specify /leaky/noupdate or
+      /strict/noupdate which are treated the same as /readonly.
+
+      A useful new feature is the /count= option. This is a generalization
+      of the per_byte option, so that you can measure the throughput of other
+      aggregate values. For example, the per_byte option is now equivalent
+      to per_mail/count=${if >{0}{$message_size} {0} {$message_size} }.
+
+      The per_rcpt option has been generalized using the /count= mechanism
+      (though it's more complicated than the per_byte equivalence). When it is
+      used in acl_smtp_rcpt, the per_rcpt option adds recipients to the
+      measured rate one at a time; if it is used later (e.g. in acl_smtp_data)
+      or in a non-SMTP ACL it adds all the recipients in one go. (The latter
+      /count=$recipients_count behaviour used to work only in non-SMTP ACLs.)
+      Note that using per_rcpt with a non-readonly update mode in more than
+      one ACL will cause the recipients to be double-counted. (The per_mail
+      and per_byte options don't have this problem.)
+
+      The handling of very low rates has changed slightly. If the computed rate
+      is less than the event's count (usually one) then this event is the first
+      after a long gap. In this case the rate is set to the same as this event's
+      count, so that the first message of a spam run is counted properly.
+
+      The major new feature is a mechanism for counting the rate of unique
+      events. The new per_addr option counts the number of different
+      recipients that someone has sent messages to in the last time period. It
+      behaves like per_rcpt if all the recipient addresses are different, but
+      duplicate recipient addresses do not increase the measured rate. Like
+      the /count= option this is a general mechanism, so the per_addr option
+      is equivalent to per_rcpt/unique=$local_part@$domain. You can, for
+      example, measure the rate that a client uses different sender addresses
+      with the options per_mail/unique=$sender_address. There are further
+      details in the main documentation.
+
+TF/05 Removed obsolete $Cambridge$ CVS revision strings.
+
+TF/06 Removed a few PCRE remnants.
+
+TF/07 Automatically extract Exim's version number from tags in the git
+      repository when doing development or release builds.
+
+PP/02 Raise smtp_cmd_buffer_size to 16kB.
+      Bugzilla 879.  Patch from Paul Fisher.
+
+PP/03 Implement SSL-on-connect outbound with protocol=smtps on smtp transport.
+      Heavily based on revision 40f9a89a from Simon Arlott's tree.
+      Bugzilla 97.
+
+PP/04 Use .dylib instead of .so for dynamic library loading on MacOS.
+
+PP/05 Variable $av_failed, true if the AV scanner deferred.
+      Bugzilla 1078.  Patch from John Horne.
+
+PP/06 Stop make process more reliably on build failure.
+      Bugzilla 1087.  Patch from Heiko Schlittermann.
+
+PP/07 Make maildir_use_size_file an _expandable_ boolean.
+      Bugzilla 1089.  Patch from Heiko Schlittermann.
+
+PP/08 Handle ${run} returning more data than OS pipe buffer size.
+      Bugzilla 1131.  Patch from Holger Weiß.
+
+PP/09 Handle IPv6 addresses with SPF.
+      Bugzilla 860.  Patch from Wolfgang Breyha.
+
+PP/10 GnuTLS: support TLS 1.2 & 1.1.
+      Bugzilla 1156.
+      Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler].
+      Bugzilla 1095.
+
+PP/11 match_* no longer expand right-hand-side by default.
+      New compile-time build option, EXPAND_LISTMATCH_RHS.
+      New expansion conditions, "inlist", "inlisti".
+
+PP/12 fix uninitialised greeting string from PP/03 (smtps client support).
+
+PP/13 shell and compiler warnings fixes for RC1-RC4 changes.
+
+PP/14 fix log_write() format string regression from TF/03.
+      Bugzilla 1152.  Patch from Dmitry Isaikin.
+
+
+Exim version 4.76
+-----------------
+
+PP/01 The new ldap_require_cert option would segfault if used.  Fixed.
+
+PP/02 Harmonised TLS library version reporting; only show if debugging.
+      Layout now matches that introduced for other libraries in 4.74 PP/03.
+
+PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
+
+PP/04 New "dns_use_edns0" global option.
+
+PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid.
+      Bugzilla 1098.
+
+PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
+      nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
+
+TK/01 Updated PolarSSL code to 0.14.2.
+      Bugzilla 1097. Patch from Andreas Metzler.
+
+PP/07 Catch divide-by-zero in ${eval:...}.
+      Fixes bugzilla 1102.
+
+PP/08 Condition negation of bool{}/bool_lax{} did not negate.  Fixed.
+      Bugzilla 1104.
+
+TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
+      format-string attack -- SECURITY: remote arbitrary code execution.
+
+TK/03 SECURITY - DKIM signature header parsing was double-expanded, second
+      time unintentionally subject to list matching rules, letting the header
+      cause arbitrary Exim lookups (of items which can occur in lists, *not*
+      arbitrary string expansion). This allowed for information disclosure.
+
+PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to
+      INT_MIN/-1 -- value coerced to INT_MAX.
+
+
+Exim version 4.75
+-----------------
+
+NM/01 Workaround for PCRE version dependency in version reporting
+      Bugzilla 1073
+
+TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0.
+      This fixes portability to compilers other than gcc, notably
+      Solaris CC and HP-UX CC. Fixes Bugzilla 1050.
+
+TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup
+      makefiles for portability to HP-UX and POSIX correctness.
+
+PP/01 Permit LOOKUP_foo enabling on the make command-line.
+      Also via indented variable definition in the Makefile.
+      (Debugging by Oliver Heesakkers).
+
+PP/02 Restore caching of spamd results with expanded spamd_address.
+      Patch from author of expandable spamd_address patch, Wolfgang Breyha.
+
+PP/03 Build issue: lookups-Makefile now exports LC_ALL=C
+      Improves build reliability.  Fix from: Frank Elsner
+
+NM/02 Fix wide character breakage in the rfc2047 coding
+      Fixes bug 1064. Patch from Andrey N. Oktyabrski
+
+NM/03 Allow underscore in dnslist lookups
+      Fixes bug 1026. Patch from Graeme Fowler
+
+PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps).
+      Code patches from Adam Ciarcinski of NetBSD.
+
+NM/04 Fixed exiqgrep to cope with mailq missing size issue
+      Fixes bug 943.
+
+PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which
+      is logged, to avoid truncation. Patch from John Horne.
+
+PP/06 Bugzilla 1042: implement freeze_signal on pipe transports.
+      Patch from Jakob Hirsch.
+
+PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal
+      SQL string expansion failure details.
+      Patch from Andrey Oktyabrski.
+
+PP/08 Bugzilla 486: implement %M datestamping in log filenames.
+      Patch from Simon Arlott.
+
+PP/09 New lookups functionality failed to compile on old gcc which rejects
+      extern declarations in function scope.
+      Patch from Oliver Fleischmann
+
+PP/10 Use sig_atomic_t for flags set from signal handlers.
+      Check getgroups() return and improve debugging.
+      Fixed developed for diagnosis in bug 927 (which turned out to be
+      a kernel bug).
+
+PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag.
+      Patch from Mark Zealey.
+
+PP/12 Bugzilla 1056: Improved spamd server selection.
+      Patch from Mark Zealey.
+
+PP/13 Bugzilla 1086: Deal with maildir quota file races.
+      Based on patch from Heiko Schlittermann.
+
+PP/14 Bugzilla 1019: DKIM multiple signature generation fix.
+      Patch from Uwe Doering, sign-off by Michael Haardt.
+
+NM/05 Fix to spam.c to accommodate older gcc versions which dislike
+      variable declaration deep within a block.  Bug and patch from
+      Dennis Davis.
+
+PP/15 lookups-Makefile IRIX compatibility coercion.
+
+PP/16 Make DISABLE_DKIM build knob functional.
+
+NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler
+      Patch by Simon Arlott
+
+TF/03 Fix valgrind.h portability to C89 compilers that do not support
+      variable argument macros. Our copy now differs from upstream.
+
+
+Exim version 4.74
+-----------------
+
+TF/01 Failure to get a lock on a hints database can have serious
+      consequences so log it to the panic log.
+
+TF/02 Log LMTP confirmation messages in the same way as SMTP,
+      controlled using the smtp_confirmation log selector.
+
+TF/03 Include the error message when we fail to unlink a spool file.
+
+DW/01 Bugzilla 139: Support dynamically loaded lookups as modules.
+      With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux
+      for maintaining out-of-tree patches for some time.
+
+PP/01 Bugzilla 139: Documentation and portability issues.
+      Avoid GNU Makefile-isms, let Exim continue to build on BSD.
+      Handle per-OS dynamic-module compilation flags.
+
+PP/02 Let /dev/null have normal permissions.
+      The 4.73 fixes were a little too stringent and complained about the
+      permissions on /dev/null.  Exempt it from some checks.
+      Reported by Andreas M. Kirchwitz.
+
+PP/03 Report version information for many libraries, including
+      Exim version information for dynamically loaded libraries.  Created
+      version.h, now support a version extension string for distributors
+      who patch heavily. Dynamic module ABI change.
+
+PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
+      privilege escalation vulnerability whereby the Exim run-time user
+      can cause root to append content of the attacker's choosing to
+      arbitrary files.
+
+PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
+      (Wolfgang Breyha)
+
+PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
+      If dropping privileges for untrusted macros, we disabled normal logging
+      on the basis that it would fail; for the Exim run-time user, this is not
+      the case, and it resulted in successful deliveries going unlogged.
+      Fixed.  Reported by Andreas Metzler.
+
+
+Exim version 4.73
+-----------------
+
+PP/01 Date: & Message-Id: revert to normally being appended to a message,
+      only prepend for the Resent-* case.  Fixes regression introduced in
+      Exim 4.70 by NM/22 for Bugzilla 607.
+
+PP/02 Include check_rfc2047_length in configure.default because we're seeing
+      increasing numbers of administrators be bitten by this.
+
+JJ/01 Added DISABLE_DKIM and comment to src/EDITME
+
+PP/03 Bugzilla 994: added openssl_options main configuration option.
+
+PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads.
+
+PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports.
+
+PP/06 Adjust NTLM authentication to handle SASL Initial Response.
+
+PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but
+      without a peer certificate, leading to a segfault because of an
+      assumption that peers always have certificates.  Be a little more
+      paranoid.  Problem reported by Martin Tscholak.
+
+PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
+      filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
+      NB: ClamAV planning to remove STREAM in "middle of 2010".
+      CL also introduces -bmalware, various -d+acl logging additions and
+      more caution in buffer sizes.
+
+PP/09 Implemented reverse_ip expansion operator.
+
+PP/10 Bugzilla 937: provide a "debug" ACL control.
+
+PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne.
+
+PP/12 Bugzilla 973: Implement --version.
+
+PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0.
+
+PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.
+
+PP/15 Bugzilla 816: support multiple condition rules on Routers.
+
+PP/16 Add bool_lax{} expansion operator and use that for combining multiple
+      condition rules, instead of bool{}.  Make both bool{} and bool_lax{}
+      ignore trailing whitespace.
+
+JJ/02 prevent non-panic DKIM error from being sent to paniclog
+
+JJ/03 added tcp_wrappers_daemon_name to allow host entries other than
+      "exim" to be used
+
+PP/17 Fix malware regression for cmdline scanner introduced in PP/08.
+      Notification from Dr Andrew Aitchison.
+
+PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's
+      ExtendedDetectionInfo response format.
+      Notification from John Horne.
+
+PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards
+      compatible.
+
+PP/20 Added a CONTRIBUTING file.  Fixed the documentation build to use http:
+      XSL and documented dependency on system catalogs, with examples of how
+      it normally works.
+
+DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
+      access.
+
+DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
+      of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
+      configuration file which is writeable by the Exim user or group.
+
+DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
+      of configuration files to cover files specified with the -C option if
+      they are going to be used with root privileges, not just the default
+      configuration file.
+
+DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
+      option (effectively making it always true).
+
+DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
+      files to be used while preserving root privileges.
+
+DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
+      that rogue child processes cannot use them.
+
+PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim
+      run-time user, instead of root.
+
+PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the
+      Exim run-time user without dropping privileges.
+
+DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
+      result string, instead of calling string_vformat() twice with the same
+      arguments.
+
+DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not
+      for other users. Others should always drop root privileges if they use
+      -C on the command line, even for a whitelisted configure file.
+
+DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes.
+
+NM/01 Fixed bug #1002 - Message loss when using multiple deliveries
+
+
+Exim version 4.72
+-----------------
+
+JJ/01 installed exipick 20100104.1, adding $max_received_linelength,
+      $data_path, and $header_path variables; fixed documentation bugs and
+      typos
+
+JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow
+      exipick to access non-standard spools, including the "frozen" queue
+      (Finput)
+
+NM/01 Bugzilla 965: Support mysql stored procedures.
+      Patch from Alain Williams
+
+NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD
+
+NM/03 Bugzilla 955: Documentation fix for max_rcpts.
+      Patch from Andreas Metzler
+
+NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator.
+      Patch from Kirill Miazine
+
+NM/05 Bugzilla 671: Added umask to procmail example.
+
+JJ/03 installed exipick 20100323.0, fixing doc bug
+
+NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail
+      directory.  Notification and patch from Dan Rosenberg.
+
+TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1.
+
+TK/02 Improve log output when DKIM signing operation fails.
+
+MH/01 Treat the transport option dkim_domain as a colon separated
+      list, not as a single string, and sign the message with each element,
+      omitting multiple occurences of the same signer.
+
+NM/07 Null terminate DKIM strings, Null initialise DKIM variable
+      Bugzilla 985, 986.  Patch by Simon Arlott
+
+NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related)
+      Patch by Simon Arlott
+
+PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on
+      MBX locking.  Notification from Dan Rosenberg.
+
+
+Exim version 4.71
+-----------------
+
+TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body.
+
+NM/01 Bugzilla 913: Documentation fix for gnutls_* options.
+
+NM/02 Bugzilla 722: Documentation for randint.  Better randomness defaults.
+
+NM/03 Bugzilla 847: Enable DNSDB lookup by default.
+
+NM/04 Bugzilla 915: Flag broken perl installation during build.
+
+
+Exim version 4.70
+-----------------
+
+TK/01 Added patch by Johannes Berg that expands the main option
+      "spamd_address" if it starts with a dollar sign.
+
+TK/02 Write list of recipients to X-Envelope-Sender header when building
+      the mbox-format spool file for content scanning (suggested by Jakob
+      Hirsch).
+
+TK/03 Added patch by Wolfgang Breyha that adds experimental DCC
+      (http://www.dcc-servers.net/) support via dccifd. Activated by
+      setting EXPERIMENTAL_DCC=yes in Local/Makefile.
+
+TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted
+      by Mark Daniel Reidel <mr@df.eu>.
+
+NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree.
+      When building exim an external PCRE library is now needed -
+      PCRE is a system library on the majority of modern systems.
+      See entry on PCRE_LIBS in EDITME file.
+
+NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator
+      conversation.  Added nologin parameter to request.
+      Patch contributed by Kirill Miazine.
+
+TF/01 Do not log submission mode rewrites if they do not change the address.
+
+TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c.
+
+NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty
+      log files in place.  Contributed by Roberto Lima.
+
+NM/04 Bugzilla 667: Close socket used by dovecot authenticator.
+
+TF/03 Bugzilla 615: When checking the local_parts router precondition
+      after a local_part_suffix or local_part_prefix option, Exim now
+      does not use the address's named list lookup cache, since this
+      contains cached lookups for the whole local part.
+
+NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by
+      Robert Millan.  Documentation is in experimental-spec.txt.
+
+TF/04 Bugzilla 668: Fix parallel build (make -j).
+
+NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000.
+
+NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling.
+      Patch provided by Jan Srzednicki.
+
+TF/05 Leading white space used to be stripped from $spam_report which
+      wrecked the formatting. Now it is preserved.
+
+TF/06 Save $spam_score, $spam_bar, and $spam_report in spool files, so
+      that they are available at delivery time.
+
+TF/07 Fix the way ${extract is skipped in the untaken branch of a conditional.
+
+TF/08 TLS error reporting now respects the incoming_interface and
+      incoming_port log selectors.
+
+TF/09 Produce a more useful error message if an SMTP transport's hosts
+      setting expands to an empty string.
+
+NM/06 Bugzilla 744: EXPN did not work under TLS.
+      Patch provided by Phil Pennock.
+
+NM/07 Bugzilla 769: Extraneous comma in usage fprintf
+      Patch provided by Richard Godbee.
+
+NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be
+      acl_smtp_notquit, added index entry.
+
+NM/09 Bugzilla 787: Potential buffer overflow in string_format.
+      Patch provided by Eugene Bujak.
+
+NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to
+      accept(). Patch provided by Maxim Dounin.
+
+NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero.
+      Patch provided by Phil Pennock.
+
+NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists.
+
+NM/13 Bugzilla 590: Correct handling of Resent-Date headers.
+      Patch provided by Brad "anomie" Jorsch.
+
+NM/14 Bugzilla 622: Added timeout setting to transport filter.
+      Patch provided by Dean Brooks.
+
+TK/05 Add native DKIM support (does not depend on external libraries).
+
+NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful.
+      Patch provided by Graeme Fowler.
+
+NM/16 Bugzilla 851: Documentation example syntax fix.
+
+NM/17 Changed NOTICE file to remove references to embedded PCRE.
+
+NM/18 Bugzilla 894: Fix issue with very long lines including comments in
+      lsearch.
+
+NM/19 Bugzilla 745: TLS version reporting.
+      Patch provided by Phil Pennock.
+
+NM/20 Bugzilla 167: bool: condition support.
+      Patch provided by Phil Pennock.
+
+NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken
+      clients. Patch provided by Phil Pennock.
+
+NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date.
+      Patch provided by Brad "anomie" Jorsch.
+
+NM/23 Bugzilla 687: Fix misparses in eximstats.
+      Patch provided by Heiko Schlittermann.
+
+NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid.
+      Patch provided by Heiko Schlittermann.
+
+NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file.
+      plus update to original patch.
+
+NM/26 Bugzilla 799: Documentation correction for ratelimit.
+
+NM/27 Bugzilla 802: Improvements to local interface IP addr detection.
+      Patch provided by David Brownlee.
+
+NM/28 Bugzilla 807: Improvements to LMTP delivery logging.
+
+NM/29 Bugzilla 862, 866, 875: Documentation bugfixes.
+
+NM/30 Bugzilla 888: TLS documentation bugfixes.
+
+NM/31 Bugzilla 896: Dovecot buffer overrun fix.
+
+NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --"
+      Unlike the original bugzilla I have changed all shell scripts in src tree.
+
+NM/33 Bugzilla 898: Transport filter timeout fix.
+      Patch by Todd Rinaldo.
+
+NM/34 Bugzilla 901: Fix sign/unsigned and UTF mismatches.
+      Patch by Serge Demonchaux.
+
+NM/35 Bugzilla 39: Base64 decode bug fixes.
+      Patch by Jakob Hirsch.
+
+NM/36 Bugzilla 909: Correct connect() call in dcc code.
+
+NM/37 Bugzilla 910: Correct issue with relaxed/simple handling.
+
+NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed.
+
+NM/39 Bugzilla 911: Fixed MakeLinks build script.
+
+
+Exim version 4.69
+-----------------
+
+TK/01 Add preliminary DKIM support. Currently requires a forked version of
+      ALT-N's libdkim that I have put here:
+      http://duncanthrax.net/exim-experimental/
+
+      Note to Michael Haardt: I had to rename some vars in sieve.c. They
+      were called 'true' and it seems that C99 defines that as a reserved
+      keyword to be used with 'bool' variable types. That means you could
+      not include C99-style headers which use bools without triggering
+      build errors in sieve.c.
+
+NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
+      as mailq or other aliases.  Changed the --help handling significantly
+      to do whats expected.  exim_usage() emits usage/help information.
+
+SC/01 Added the -bylocaldomain option to eximstats.
+
+NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr.
+
+NM/03 Bugzilla 613: Documentation fix for acl_not_smtp.
+
+NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall).
+
+
+Exim version 4.68
+-----------------
+
+PH/01 Another patch from the Sieve maintainer.
+
+PH/02 When an IPv6 address is converted to a string for single-key lookup
+      in an address list (e.g. for an item such as "net24-dbm;/net/works"),
+      dots are used instead of colons so that keys in lsearch files need not
+      contain colons. This was done some time before quoting was made available
+      in lsearch files. However, iplsearch files do require colons in IPv6 keys
+      (notated using the quote facility) so as to distinguish them from IPv4
+      keys. This meant that lookups for IP addresses in host lists did not work
+      for iplsearch lookups.
+
+      This has been fixed by arranging for IPv6 addresses to be expressed with
+      colons if the lookup type is iplsearch. This is not incompatible, because
+      previously such lookups could never work.
+
+      The situation is now rather anomalous, since one *can* have colons in
+      ordinary lsearch keys. However, making the change in all cases is
+      incompatible and would probably break a number of configurations.
+
+TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
+      version.
+
+MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
+      conversion specification without a maximum field width, thereby enabling
+      a rogue spamd server to cause a buffer overflow. While nobody in their
+      right mind would setup Exim to query an untrusted spamd server, an
+      attacker that gains access to a server running spamd could potentially
+      exploit this vulnerability to run arbitrary code as the Exim user.
+
+TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
+      $primary_hostname instead of what libspf2 thinks the hosts name is.
+
+MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
+      a directory entry by the name of the lookup key. Previously, if a
+      symlink pointed to a non-existing file or a file in a directory that
+      Exim lacked permissions to read, a lookup for a key matching that
+      symlink would fail. Now it is enough that a matching directory entry
+      exists, symlink or not. (Bugzilla 503.)
+
+PH/03 The body_linecount and body_zerocount variables are now exported in the
+      local_scan API.
+
+PH/04 Added the $dnslist_matched variable.
+
+PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
+      This means they are set thereafter only if the connection becomes
+      encrypted.
+
+PH/06 Added the client_condition to authenticators so that some can be skipped
+      by clients under certain conditions.
+
+PH/07 The error message for a badly-placed control=no_multiline_responses left
+      "_responses" off the end of the name.
+
+PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
+
+PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
+      (without spaces) instead of just copying the configuration text.
+
+PH/10 Added the /noupdate option to the ratelimit ACL condition.
+
+PH/11 Added $max_received_linelength.
+
+PH/12 Added +ignore_defer and +include_defer to host lists.
+
+PH/13 Installed PCRE version 7.2. This needed some changes because of the new
+      way in which PCRE > 7.0 is built.
+
+PH/14 Implemented queue_only_load_latch.
+
+PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
+      MAIL command. The effect was to mangle the value on 64-bit systems.
+
+PH/16 Another patch from the Sieve maintainer.
+
+PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
+
+PH/18 If a system quota error occurred while trying to create the file for
+      a maildir delivery, the message "Mailbox is full" was not appended to the
+      bounce if the delivery eventually timed out. Change 4.67/27 below applied
+      only to a quota excession during the actual writing of the file.
+
+PH/19 It seems that peer DN values may contain newlines (and other non-printing
+      characters?) which causes problems in log lines. The DN values are now
+      passed through string_printing() before being added to log lines.
+
+PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
+      and InterBase are left for another time.)
+
+PH/21 Added message_body_newlines option.
+
+PH/22 Guard against possible overflow in moan_check_errorcopy().
+
+PH/23 POSIX allows open() to be a macro; guard against that.
+
+PH/24 If the recipient of an error message contained an @ in the local part
+      (suitably quoted, of course), incorrect values were put in $domain and
+      $local_part during the evaluation of errors_copy.
+
+
+Exim version 4.67
+-----------------
+
+MH/01 Fix for bug #448, segfault in Dovecot authenticator when interface_address
+      is unset (happens when testing with -bh and -oMi isn't used). Thanks to
+      Jan Srzednicki.
+
+PH/01 Added a new log selector smtp_no_mail, to log SMTP sessions that do not
+      issue a MAIL command.
+
+PH/02 In an ACL statement such as
+
+        deny dnslists = X!=127.0.0.2 : X=127.0.0.2
+
+      if a client was not listed at all, or was listed with a value other than
+      127.0.0.2, in the X list, but was listed with 127.0.0.2 in the Y list,
+      the condition was not true (as it should be), so access was not denied.
+      The bug was that the ! inversion was incorrectly passed on to the second
+      item. This has been fixed.
+
+PH/03 Added additional dnslists conditions == and =& which are different from
+      = and & when the dns lookup returns more than one IP address.
+
+PH/04 Added gnutls_require_{kx,mac,protocols} to give more control over the
+      cipher suites used by GnuTLS. These options are ignored by OpenSSL.
+
+PH/05 After discussion on the list, added a compile time option ENABLE_DISABLE_
+      FSYNC, which compiles an option called disable_fsync that allows for
+      bypassing fsync(). The documentation is heavily laced with warnings.
+
+SC/01 Updated eximstats to collate all SpamAssassin rejects into one bucket.
+
+PH/06 Some tidies to the infrastructure of the Test Suite that is concerned
+      with the auxiliary C programs that it uses: (1) Arrange for BIND_8_COMPAT
+      to be defined when compiling on OSX (Darwin); (2) Tidies to the Makefile,
+      including adding "make clean"; (3) Added -fPIC when compiling the test
+      dynamically loaded module, to get rid of a warning.
+
+MH/02 Fix for bug #451, causing paniclog entries to be written if a bounce
+      message fails, move_frozen_messages = true and ignore_bounce_errors_after
+      = 0s. The bug is otherwise harmless.
+
+PH/07 There was a bug in the dovecot authenticator such that the value of
+      $auth1 could be overwritten, and so not correctly preserved, after a
+      successful authentication. This usually meant that the value preserved by
+      the server_setid option was incorrect.
+
+PH/08 Added $smtp_count_at_connection_start, deliberately with a long name.
+
+PH/09 Installed PCRE release 7.0.
+
+PH/10 The acl_not_smtp_start ACL was, contrary to the documentation, not being
+      run for batched SMTP input. It is now run at the start of every message
+      in the batch. While fixing this I discovered that the process information
+      (output by running exiwhat) was not always getting set for -bs and -bS
+      input. This is fixed, and it now also says "batched" for BSMTP.
+
+PH/11 Added control=no_pipelining.
+
+PH/12 Added $sending_ip_address and $sending_port (mostly Magnus Holmgren's
+      patch, slightly modified), and move the expansion of helo_data till after
+      the connection is made in the smtp transport (so it can use these
+      values).
+
+PH/13 Added ${rfc2047d: to decoded RFC 2047 strings.
+
+PH/14 Added log_selector = +pid.
+
+PH/15 Flush SMTP output before delaying, unless control=no_delay_flush is set.
+
+PH/16 Add ${if forany and ${if forall.
+
+PH/17 Added dsn_from option to vary the From: line in DSNs.
+
+PH/18 Flush SMTP output before performing a callout, unless control =
+      no_callout_flush is set.
+
+PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender
+      was true (the default) a successful delivery failed to delete the retry
+      item, thus causing premature timeout of the address. The bug is now
+      fixed.
+
+PH/20 Added hosts_avoid_pipelining to the smtp transport.
+
+PH/21 Long custom messages for fakedefer and fakereject are now split up
+      into multiline responses in the same way that messages for "deny" and
+      other ACL rejections are.
+
+PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep,
+      with slight modification.
+
+PH/23 Applied sieve patches from the maintainer "tracking the latest notify
+      draft, changing the syntax and factoring some duplicate code".
+
+PH/24 When the log selector "outgoing_port" was set, the port was shown as -1
+      for deliveries of the second and subsequent messages over the same SMTP
+      connection.
+
+PH/25 Applied Magnus Holmgren's patch for ${addresses, ${map, ${filter, and
+      ${reduce, with only minor "tidies".
+
+SC/02 Applied Daniel Tiefnig's patch to improve the '($parent) =' pattern match.
+
+PH/26 Added a "continue" ACL modifier that does nothing, for the benefit of its
+      expansion side effects.
+
+PH/27 When a message times out after an over-quota error from an Exim-imposed
+      quota, the bounce message says "mailbox is full". This message was not
+      being given when it was a system quota that was exceeded. It now should
+      be the same.
+
+MH/03 Made $recipients available in local_scan(). local_scan() already has
+      better access to the recipient list through recipients_list[], but
+      $recipients can be useful in postmaster-provided expansion strings.
+
+PH/28 The $smtp_command and $smtp_command_argument variables were not correct
+      in the case of a MAIL command with additional options following the
+      address, for example: MAIL FROM:<foo@bar> SIZE=1234. The option settings
+      were accidentally chopped off.
+
+PH/29 SMTP synchronization checks are implemented when a command is read -
+      there is a check that no more input is waiting when there shouldn't be
+      any. However, for some commands, a delay in an ACL can mean that it is
+      some time before the response is written. In this time, more input might
+      arrive, invalidly. So now there are extra checks after an ACL has run for
+      HELO/EHLO and after the predata ACL, and likewise for MAIL and RCPT when
+      pipelining has not been advertised.
+
+PH/30 MH's patch to allow iscntrl() characters to be list separators.
+
+PH/31 Unlike :fail:, a custom message specified with :defer: was not being
+      returned in the SMTP response when smtp_return_error_details was false.
+      This has been fixed.
+
+PH/32 Change the Dovecot authenticator to use read() and write() on the socket
+      instead of the C I/O that was originally supplied, because problems were
+      reported on Solaris.
+
+PH/33 Compile failed with OpenSSL 0.9.8e. This was due to a coding error in
+      Exim which did not show up earlier: it was assuming that a call to
+      SSL_CTX_set_info_callback() might give an error value. In fact, there is
+      no error. In previous releases of OpenSSL, SSL_CTX_set_info_callback()
+      was a macro that became an assignment, so it seemed to work. This has
+      changed to a proper function call with a void return, hence the compile
+      error. Exim's code has been fixed.
+
+PH/34 Change HDA_SIZE in oracle.c from 256 to 512. This is needed for 64-bit
+      cpus.
+
+PH/35 Applied a patch from the Sieve maintainer which fixes a bug in "notify".
+
+PH/36 Applied John Jetmore's patch to add -v functionality to exigrep.
+
+PH/37 If a message is not accepted after it has had an id assigned (e.g.
+      because it turns out to be too big or there is a timeout) there is no
+      "Completed" line in the log. When some messages of this type were
+      selected by exigrep, they were listed as "not completed". Others were
+      picked up by some special patterns. I have improved the selection
+      criteria to be more general.
+
+PH/38 The host_find_failed option in the manualroute router can now be set
+      to "ignore", to completely ignore a host whose IP address cannot be
+      found. If all hosts are ignored, the behaviour is controlled by the new
+      host_all_ignored option.
+
+PH/39 In a list of hosts for manualroute, if one item (either because of multi-
+      homing or because of multiple MX records with /mx) generated more than
+      one IP address, and the following item turned out to be the local host,
+      all the secondary addresses of the first item were incorrectly removed
+      from the list, along with the local host and any following hosts (which
+      is what is supposed to happen).
+
+PH/40 When Exim receives a message, it writes the login name, uid, and gid of
+      whoever called Exim into the -H file. In the case of the daemon it was
+      behaving confusingly. When first started, it used values for whoever
+      started the daemon, but after a SIGHUP it used the Exim user (because it
+      calls itself on a restart). I have changed the code so that it now always
+      uses the Exim user.
+
+PH/41 (Following a suggestion from Tony Finch) If all the RCPT commands in a
+      message are rejected with the same error (e.g. no authentication or bad
+      sender address), and a DATA command is nevertheless sent (as can happen
+      with PIPELINING or a stupid MUA), the error message that was given to the
+      RCPT commands is included in the rejection of the DATA command. This is
+      intended to be helpful for MUAs that show only the final error to their
+      users.
+
+PH/42 Another patch from the Sieve maintainer.
+
+SC/02 Eximstats - Differentiate between permanent and temporary rejects.
+      Eximstats - Fixed some broken HTML links and added missing column headers
+                  (Jez Hancock).
+      Eximstats - Fixed Grand Total Summary Domains, Edomains, and Email
+                  columns for Rejects, Temp Rejects, Ham, and Spam rows.
+
+SC/03 Eximstats - V1.58 Fix to get <> and blackhole to show in edomain tables.
+
+PH/43 Yet another patch from the Sieve maintainer.
+
+PH/44 I found a way to check for a TCP/IP connection going away before sending
+      the response to the final '.' that terminates a message, but only in the
+      case where the client has not sent further data following the '.'
+      (unfortunately, this is allowed). However, in many cases there won't be
+      any further data because there won't be any more messages to send. A call
+      to select() can be used: if it shows that the input is "ready", there is
+      either input waiting, or the socket has been closed. An attempt to read
+      the next input character can distinguish the two cases. Previously, Exim
+      would have sent an OK response which the client would never have see.
+      This could lead to message repetition. This fix should cure that, at
+      least in a lot of common cases.
+
+PH/45 Do not advertise STARTTLS in response to HELP unless it would be
+      advertised in response to EHLO.
+
+
+Exim version 4.66
+-----------------
+
+PH/01 Two more bugs that were introduced by 4.64/PH/07, in addition to the one
+      fixed by 4.65/MH/01 (is this a record?) are fixed:
+
+      (i)  An empty string was always treated as zero by the numeric comparison
+           operators. This behaviour has been restored.
+
+      (ii) It is documented that the numeric comparison operators always treat
+           their arguments as decimal numbers. This was broken in that numbers
+           starting with 0 were being interpreted as octal.
+
+      While fixing these problems I realized that there was another issue that
+      hadn't been noticed. Values of message_size_limit (both the global option
+      and the transport option) were treated as octal if they started with 0.
+      The documentation was vague. These values are now always treated as
+      decimal, and I will make that clear in the documentation.
+
+
+Exim version 4.65
+-----------------
+
+TK/01 Disable default definition of HAVE_LINUX_SENDFILE. Clashes with
+      Linux large file support (_FILE_OFFSET_BITS=64) on older glibc
+      versions. (#438)
+
+MH/01 Don't check that the operands of numeric comparison operators are
+      integers when their expansion is in "skipping" mode (fixes bug
+      introduced by 4.64-PH/07).
+
+PH/01 If a system filter or a router generates more than SHRT_MAX (32767)
+      child addresses, Exim now panics and dies. Previously, because the count
+      is held in a short int, deliveries were likely to be lost. As such a
+      large number of recipients for a single message is ridiculous
+      (performance will be very, very poor), I have chosen to impose a limit
+      rather than extend the field.
+
+
+Exim version 4.64
+-----------------
+
+TK/01 Bugzilla #401. Fix DK spooling code so that it can overwrite a
+      leftover -K file (the existence of which was triggered by #402).
+      While we were at it, introduced process PID as part of the -K
+      filename. This should rule out race conditions when creating
+      these files.
+
+TK/02 Bugzilla #402. Apply patch from Simon Arlott, speeding up DK signing
+      processing considerably. Previous code took too long for large mails,
+      triggering a timeout which in turn triggers #401.
+
+TK/03 Introduced HAVE_LINUX_SENDFILE to os.h-Linux. Currently only used
+      in the DK code in transports.c. sendfile() is not really portable,
+      hence the _LINUX specificness.
+
+TF/01 In the add_headers option to the mail command in an Exim filter,
+      there was a bug that Exim would claim a syntax error in any
+      header after the first one which had an odd number of characters
+      in the field name.
+
+PH/01 If a server that rejects MAIL FROM:<> was the target of a sender
+      callout verification, Exim cached a "reject" for the entire domain. This
+      is correct for most verifications, but it is not correct for a recipient
+      verification with use_sender or use_postmaster set, because in that case
+      the callout does not use MAIL FROM:<>. Exim now distinguishes the special
+      case of MAIL FROM:<> rejection from other early rejections (e.g.
+      rejection of HELO). When verifying a recipient using a non-null MAIL
+      address, the cache is ignored if it shows MAIL FROM:<> rejection.
+      Whatever the result of the callout, the value of the domain cache is
+      left unchanged (for any other kind of callout, getting as far as trying
+      RCPT means that the domain itself is ok).
+
+PH/02 Tidied a number of unused variable and signed/unsigned warnings that
+      gcc 4.1.1 threw up.
+
+PH/03 On Solaris, an unexpectedly close socket (dropped connection) can
+      manifest itself as EPIPE rather than ECONNECT. When tidying away a
+      session, the daemon ignores ECONNECT errors and logs others; it now
+      ignores EPIPE as well.
+
+PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c
+      (quoted-printable decoding).
+
+PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and
+      later the small subsequent patch to fix an introduced bug.
+
+PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer.
+
+PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}.
+
+PH/08 An error is now given if message_size_limit is specified negative.
+
+PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables
+      to be given (somewhat) arbitrary names.
+
+JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced
+      in 4.64-PH/09.
+
+JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions,
+      miscellaneous code fixes
+
+PH/10 Added the log_reject_target ACL modifier to specify where to log
+      rejections.
+
+PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_
+      hostname. This is wrong, because it relates to the incoming message (and
+      probably the interface on which it is arriving) and not to the outgoing
+      callout (which could be using a different interface). This has been
+      changed to use the value of the helo_data option from the smtp transport
+      instead - this is what is used when a message is actually being sent. If
+      there is no remote transport (possible with a router that sets up host
+      addresses), $smtp_active_hostname is used.
+
+PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various
+      tweaks were necessary in order to get it to work (see also 21 below):
+      (a) The code assumed that strncpy() returns a negative number on buffer
+          overflow, which isn't the case. Replaced with Exim's string_format()
+          function.
+      (b) There were several signed/unsigned issues. I just did the minimum
+          hacking in of casts. There is scope for a larger refactoring.
+      (c) The code used strcasecmp() which is not a standard C function.
+          Replaced with Exim's strcmpic() function.
+      (d) The code set only $1; it now sets $auth1 as well.
+      (e) A simple test gave the error "authentication client didn't specify
+          service in request". It would seem that Dovecot has changed its
+          interface. Fortunately there's a specification; I followed it and
+          changed what the client sends and it appears to be working now.
+
+PH/13 Added $message_headers_raw to provide the headers without RFC 2047
+      decoding.
+
+PH/14 Corrected misleading output from -bv when -v was also used. Suppose the
+      address A is aliased to B and C, where B exists and C does not. Without
+      -v the output is "A verified" because verification stops after a
+      successful redirection if more than one address is generated. However,
+      with -v the child addresses are also verified. Exim was outputting "A
+      failed to verify" and then showing the successful verification for C,
+      with its parentage. It now outputs "B failed to verify", showing B's
+      parentage before showing the successful verification of C.
+
+PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to
+      look up a TXT record in a specific list after matching in a combined
+      list.
+
+PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and
+      RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when
+      they consult the DNS. I had assumed they would set it the way they
+      wanted; and indeed my experiments on Linux seem to show that in some
+      cases they do (I could influence IPv6 lookups but not IPv4 lookups).
+      To be on the safe side, however, I have now made the interface to
+      host_find_byname() similar to host_find_bydns(), with an argument
+      containing the DNS resolver options. The host_find_byname() function now
+      sets these options at its start, just as host_find_bydns() does. The smtp
+      transport options dns_qualify_single and dns_search_parents are passed to
+      host_find_byname() when gethostbyname=TRUE in this transport. Other uses
+      of host_find_byname() use the default settings of RES_DEFNAMES
+      (qualify_single) but not RES_DNSRCH (search_parents).
+
+PH/17 Applied (a modified version of) Nico Erfurth's patch to make
+      spool_read_header() do less string testing, by means of a preliminary
+      switch on the second character of optional "-foo" lines. (This is
+      overdue, caused by the large number of possibilities that now exist.
+      Originally there were few.) While I was there, I also converted the
+      str(n)cmp tests so they don't re-test the leading "-" and the first
+      character, in the hope this might squeeze out yet more improvement.
+
+PH/18 Two problems with "group" syntax in header lines when verifying: (1) The
+      flag allowing group syntax was set by the header_syntax check but not
+      turned off, possible causing trouble later; (2) The flag was not being
+      set at all for the header_verify test, causing "group"-style headers to
+      be rejected. I have now set it in this case, and also caused header_
+      verify to ignore an empty address taken from a group. While doing this, I
+      came across some other cases where the code for allowing group syntax
+      while scanning a header line wasn't quite right (mostly, not resetting
+      the flag correctly in the right place). These bugs could have caused
+      trouble for malformed header lines. I hope it is now all correct.
+
+PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called
+      with the "reply" argument non-NULL. The code, however (which originally
+      came from elsewhere) had *some* tests for NULL when it wrote to *reply,
+      but it didn't always do it. This confused somebody who was copying the
+      code for some other use. I have removed all the tests.
+
+PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a
+      feature that was used to support insecure browsers during the U.S. crypto
+      embargo. It requires special client support, and Exim is probably the
+      only MTA that supported it -- and would never use it because real RSA is
+      always available. This code has been removed, because it had the bad
+      effect of slowing Exim down by computing (never used) parameters for the
+      RSA_EXPORT functionality.
+
+PH/21 On the advice of Timo Sirainen, added a check to the dovecot
+      authenticator to fail if there's a tab character in the incoming data
+      (there should never be unless someone is messing about, as it's supposed
+      to be base64-encoded). Also added, on Timo's advice, the "secured" option
+      if the connection is using TLS or if the remote IP is the same as the
+      local IP, and the "valid-client-cert option" if a client certificate has
+      been verified.
+
+PH/22 As suggested by Dennis Davis, added a server_condition option to *all*
+      authenticators. This can be used for authorization after authentication
+      succeeds. (In the case of plaintext, it servers for both authentication
+      and authorization.)
+
+PH/23 Testing for tls_required and lost_connection in a retry rule didn't work
+      if any retry times were supplied.
+
+PH/24 Exim crashed if verify=helo was activated during an incoming -bs
+      connection, where there is no client IP address to check. In this
+      situation, the verify now always succeeds.
+
+PH/25 Applied John Jetmore's -Mset patch.
+
+PH/26 Added -bem to be like -Mset, but loading a message from a file.
+
+PH/27 In a string expansion for a processed (not raw) header when multiple
+      headers of the same name were present, leading whitespace was being
+      removed from all of them, but trailing whitespace was being removed only
+      from the last one. Now trailing whitespace is removed from each header
+      before concatenation. Completely empty headers in a concatenation (as
+      before) are ignored.
+
+PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John
+      Jetmore). It would have mis-read ACL variables from pre-4.61 spool files.
+
+PH/29 [Removed. This was a change that I later backed out, and forgot to
+      correct the ChangeLog entry (that I had efficiently created) before
+      committing the later change.]
+
+PH/30 Exim was sometimes attempting to deliver messages that had suffered
+      address errors (4xx response to RCPT) over the same connection as other
+      messages routed to the same hosts. Such deliveries are always "forced",
+      so retry times are not inspected. This resulted in far too many retries
+      for the affected addresses. The effect occurred only when there were more
+      hosts than the hosts_max_try setting in the smtp transport when it had
+      the 4xx errors. Those hosts that it had tried were not added to the list
+      of hosts for which the message was waiting, so if all were tried, there
+      was no problem. Two fixes have been applied:
+
+      (i)  If there are any address or message errors in an SMTP delivery, none
+           of the hosts (tried or untried) are now added to the list of hosts
+           for which the message is waiting, so the message should not be a
+           candidate for sending over the same connection that was used for a
+           successful delivery of some other message. This seems entirely
+           reasonable: after all the message is NOT "waiting for some host".
+           This is so "obvious" that I'm not sure why it wasn't done
+           previously. Hope I haven't missed anything, but it can't do any
+           harm, as the worst effect is to miss an optimization.
+
+      (ii) If, despite (i), such a delivery is accidentally attempted, the
+           routing retry time is respected, so at least it doesn't keep
+           hammering the server.
+
+PH/31 Installed Andrew Findlay's patch to close the writing end of the socket
+      in ${readsocket because some servers need this prod.
+
+PH/32 Added some extra debug output when updating a wait-xxx database.
+
+PH/33 The hint "could be header name not terminated by colon", which has been
+      given for certain expansion errors for a long time, was not being given
+      for the ${if def:h_colon_omitted{...  case.
+
+PH/34 The spec says: "With one important exception, whenever a domain list is
+      being scanned, $domain contains the subject domain." There was at least
+      one case where this was not true.
+
+PH/35 The error "getsockname() failed: connection reset by peer" was being
+      written to the panic log as well as the main log, but it isn't really
+      panic-worthy as it just means the connection died rather early on. I have
+      removed the panic log writing for the ECONNRESET error when getsockname()
+      fails.
+
+PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue
+      runs only) independently of the message's sender address. This meant
+      that, if the 4xx error was in fact related to the sender, a different
+      message to the same recipient with a different sender could confuse
+      things. In particular, this can happen when sending to a greylisting
+      server, but other circumstances could also provoke similar problems.
+      I have changed the default so that the retry time for these errors is now
+      based a combination of the sender and recipient addresses. This change
+      can be overridden by setting address_retry_include_sender=false in the
+      smtp transport.
+
+PH/37 For LMTP over TCP/IP (the smtp transport), error responses from the
+      remote server are returned as part of bounce messages. This was not
+      happening for LMTP over a pipe (the lmtp transport), but now it is the
+      same for both kinds of LMTP.
+
+PH/38 Despite being documented as not happening, Exim was rewriting addresses
+      in header lines that were in fact CNAMEs. This is no longer the case.
+
+PH/39 If -R or -S was given with -q<time>, the effect of -R or -S was ignored,
+      and queue runs started by the daemon processed all messages. This has
+      been fixed so that -R and -S can now usefully be given with -q<time>.
+
+PH/40 Import PCRE release 6.7 (fixes some bugs).
+
+PH/41 Add bitwise logical operations to eval (courtesy Brad Jorsch).
+
+PH/42 Give an error if -q is specified more than once.
+
+PH/43 Renamed the variables $interface_address and $interface_port as
+      $received_ip_address and $received_port, to make it clear that these
+      values apply to message reception, and not to the outgoing interface when
+      a message is delivered. (The old names remain recognized, of course.)
+
+PH/44 There was no timeout on the connect() call when using a Unix domain
+      socket in the ${readsocket expansion. There now is.
+
+PH/45 Applied a modified version of Brad Jorsch's patch to allow "message" to
+      be meaningful with "accept".
+
+SC/01 Eximstats V1.43
+     Bug fix for V1.42 with -h0 specified. Spotted by Chris Lear.
+
+SC/02 Eximstats V1.44
+      Use a glob alias rather than an array ref in the generated
+      parser. This improves both readability and performance.
+
+SC/03 Eximstats V1.45 (Marco Gaiarin / Steve Campbell)
+      Collect SpamAssassin and rejection statistics.
+      Don't display local sender or destination tables unless
+      there is data to show.
+      Added average volumes into the top table text output.
+
+SC/04 Eximstats V1.46
+      Collect data on the number of addresses (recipients)
+      as well as the number of messages.
+
+SC/05 Eximstats V1.47
+      Added 'Message too big' to the list of mail rejection
+      reasons (thanks to Marco Gaiarin).
+
+SC/06 Eximstats V1.48
+      Mainlog lines which have GMT offsets and are too short to
+      have a flag are now skipped.
+
+SC/07 Eximstats V1.49 (Alain Williams)
+      Added the -emptyok flag.
+
+SC/08 Eximstats V1.50
+      Fixes for obtaining the IP address from reject messages.
+
+JJ/03 exipick.20061117.2, made header handling as similar to exim as possible
+      (added [br]h_ prefixes, implemented RFC2047 decoding.  Fixed
+      whitespace changes from 4.64-PH/27
+
+JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to
+      match 4.64-PH/13
+
+JJ/05 exipick.20061117.2, bug fixes (error out sooner when invalid criteria
+      are found, allow negative numbers in numeric criteria)
+
+JJ/06 exipick.20061117.2, added new $message_body_missing variable
+
+JJ/07 exipick.20061117.2, added $received_ip_address and $received_port
+      to match changes made in 4.64-PH/43
+
+PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm.
+
+PH/47 Put in an explicit test for a DNS lookup of an address record where the
+      "domain" is actually an IP address, and force a failure. This locks out
+      those revolvers/nameservers that support "A-for-A" lookups, in
+      contravention of the specifications.
+
+PH/48 When a host name was looked up from an IP address, and the subsequent
+      forward lookup of the name timed out, the host name was left in
+      $sender_host_name, contrary to the specification.
+
+PH/49 Although default lookup types such as lsearch* or cdb*@ have always been
+      restricted to single-key lookups, Exim was not diagnosing an error if
+      * or *@ was used with a query-style lookup.
+
+PH/50 Increased the value of DH_BITS in tls-gnu.c from 768 to 1024.
+
+MH/01 local_scan ABI version incremented to 1.1. It should have been updated
+      long ago, but noone interested enough thought of it. Let's just say that
+      the "1.1" means that there are some new functions that weren't there at
+      some point in the past.
+
+PH/51 Error processing for expansion failure of helo_data from an smtp
+      transport during callout processing was broken.
+
+PH/52 Applied John Jetmore's patch to allow tls-on-connect and STARTTLS to be
+      tested/used via the -bh/-bhc/-bs options.
+
+PH/53 Added missing "#include <time.h>" to pcre/pcretest.c (this was a PCRE
+      bug, fixed in subsequent PCRE releases).
+
+PH/54 Applied Robert Bannocks' patch to avoid a problem with references that
+      arises when using the Solaris LDAP libraries (but not with OpenLDAP).
+
+PH/55 Check for a ridiculously long file name in exim_dbmbuild.
+
+
+Exim version 4.63
+-----------------
+
+SC/01 Use a glob alias rather than an array ref in eximstats generated
+      parser. This improves both readability and performance.
+
+SC/02 Collect SpamAssassin and rejection statistics in eximstats.
+      Don't display local sender or destination tables in eximstats unless
+      there is data to show.
+      Added average volumes into the eximstats top table text output.
+
+SC/03 Collect data on the number of addresses (recipients) as well
+      as the number of messages in eximstats.
+
+TF/01 Correct an error in the documentation for the redirect router. Exim
+      does (usually) call initgroups() when daemonizing.
+
+TF/02 Call initgroups() when dropping privilege in exim.c, so that Exim runs
+      with consistent privilege compared to when running as a daemon.
+
+TF/03 Note in the spec that $authenticated_id is not set for local
+      submissions from trusted users.
+
+TF/04 The ratelimit per_rcpt option now works correctly in acl_not_smtp.
+      Thanks to Dean Brooks <dean@iglou.com> for the patch.
+
+TF/05 Make it easier to get SMTP authentication and TLS/SSL support working
+      by adding some example configuration directives to the default
+      configuration file. A little bit of work is required to uncomment the
+      directives and define how usernames and passwords are checked, but
+      there is now a framework to start from.
+
+PH/01 Added #define LDAP_DEPRECATED 1 to ldap.c because some of the "old"
+      functions that Exim currently uses aren't defined in ldap.h for OpenLDAP
+      without this. I don't know how relevant this is to other LDAP libraries.
+
+PH/02 Add the verb name to the "unknown ACL verb" error.
+
+PH/03 Magnus Holmgren's patch for filter_prepend_home.
+
+PH/03 Fixed Bugzilla #101: macro definition between ACLs doesn't work.
+
+PH/04 Applied Magnus Holmgren's patch to fix Bugzilla #98: transport's home
+      directory not expanded when it should be if an expanded home directory
+      was set for the address (which is overridden by the transport).
+
+PH/05 Applied Alex Kiernan's patch to fix Bugzilla #99: a problem with
+      libradius.
+
+PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the
+      bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL,
+      because it is too late at that time, and has no effect.
+
+PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a
+      security issue with \' (bugzilla #107). I could not use the
+      PQescapeStringConn() function, because it needs a PGconn value as one of
+      its arguments.
+
+PH/08 When testing addresses using -bt, indicate those final addresses that
+      are duplicates that would not cause an additional delivery. At least one
+      person was confused, thinking that -bt output corresponded to deliveries.
+      (Suppressing duplicates isn't a good idea as you lose the information
+      about possibly different redirections that led to the duplicates.)
+
+PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on
+      systems where poll() doesn't work, in particular OS X.
+
+PH/10 Added more information to debugging output for retry time not reached.
+
+PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read
+      operations in malware.c.
+
+PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys
+      signatures.
+
+PH/13 If write_rejectlog was set false when logging was sent to syslog with
+      syslog_duplication set false, log lines that would normally be written
+      both the the main log and to the reject log were not written to syslog at
+      all.
+
+PH/14 In the default configuration, change the use of "message" in ACL warn
+      statements to "add_header".
+
+PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not
+      not followed by a command (e.g. "seen endif").
+
+PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail:
+      and :defer: in a redirect router. Add forbid_smtp_code to suppress the
+      latter.
+
+PH/17 Added extra conditions to the default value of delay_warning_condition
+      so that it is now:
+
+        ${if or { \
+            { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \
+            { match{$h_precedence:}{(?i)bulk|list|junk} } \
+            { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \
+            }{no}{yes}}
+
+      The Auto-Submitted: and various List- headers are standardised, whereas I
+      don't think Precedence: ever was.
+
+PH/18 Refactored debugging code in route_finduser() to show more information,
+      in particular, the error code if getpwnam() issues one.
+
+PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module.
+      This is apparently needed in addition to the PH/07 change above to avoid
+      any possible encoding problems.
+
+PH/20 Perl can change the locale. Exim was resetting it after a ${perl call,
+      but not after initializing Perl.
+
+PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and
+      output them only if debugging. By default they are written stderr,
+      apparently, which is not desirable.
+
+PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on
+      queries.
+
+JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and
+      --not options
+
+JJ/02 exipick: rewrote --help documentation to hopefully make more clear.
+
+PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is
+      authenticated or an ident call has been made. Suppress the default
+      values for $authenticated_id and $authenticated_sender (but permit -oMai
+      and -oMas) when testing with -bh.
+
+PH/24 Re-jigged the order of the tests in the default configuration so that the
+      tests for valid domains and recipients precede the DNS black list and CSA
+      tests, on the grounds that those ones are more expensive.
+
+PH/25 Exim was not testing for a space following SMTP commands such as EHLO
+      that require one. Thus, EHLORHUBARB was interpreted as a valid command.
+      This bug exists in every version of Exim that I still have, right back to
+      0.12.
+
+PH/26 (n)wildlsearch lookups are documented as being done case-insensitively.
+      However, an attempt to turn on case-sensitivity in a regex key by
+      including (?-i) didn't work because the subject string was already
+      lowercased, and the effects were non-intuitive. It turns out that a
+      one-line patch can be used to allow (?-i) to work as expected.
+
+
+Exim version 4.62
+-----------------
+
+TF/01 Fix the add_header change below (4.61 PH/55) which had a bug that (amongst
+      other effects) broke the use of negated acl sub-conditions.
+
+PH/01 ${readsocket now supports Internet domain sockets (modified John Jetmore
+      patch).
+
+PH/02 When tcp-wrappers is called from Exim, it returns only "deny" or "allow".
+      "Deny" causes Exim to reject the incoming connection with a 554 error.
+      Unfortunately, if there is a major crisis, such as a disk failure,
+      tcp-wrappers gives "deny", whereas what one would like would be some
+      kind of temporary error. A kludge has been added to help with this.
+      Before calling hosts_ctl(), errno is set zero. If the result is "deny", a
+      554 error is used if errno is still zero or contains ENOENT (which occurs
+      if either of the /etc/hosts.{allow,deny} files is missing). Otherwise, a
+      451 error is used.
+
+PH/03 Add -lutil to the default FreeBSD LIBS setting.
+
+PH/04 Change PH/19 for 4.61 was too wide. It should not be applied to host
+      errors. Otherwise a message that provokes a temporary error (when other
+      messages do not) can cause a whole host to time out.
+
+PH/05 Batch deliveries by appendfile and pipe transports did not work when the
+      addresses were routed directly to files or pipes from a redirect router.
+      File deliveries just didn't batch; pipe deliveries might have suffered
+      odd errors.
+
+PH/06 A failure to get a lock for a hints database would erroneously always say
+      "Failed to get write lock", even when it was really a read lock.
+
+PH/07 The appendfile transport was creating MBX lock files with a fixed mode
+      of 0600. This has been changed to use the value of the lockfile_mode
+      option (which defaults to 0600).
+
+PH/08 Applied small patch from the Sieve maintainer.
+
+PH/09 If maildir_quota_directory_regex was set to exclude (say) the .Trash
+      folder from quota calculations, a direct delivery into this folder messed
+      up the contents of the maildirsize file. This was because the regex was
+      used only to exclude .Trash (or whatever) when the size of the mailbox
+      was calculated. There was no check that a delivery was happening into an
+      excluded directory. This bug has been fixed by ignoring all quota
+      processing for deliveries into excluded directories.
+
+PH/10 Added the maildirfolder_create_regex option to appendfile.
+
+
+Exim version 4.61
+-----------------
+
+PH/01 The code for finding all the local interface addresses on a FreeBSD
+      system running IPv6 was broken. This may well have applied to all BSD
+      systems, as well as to others that have similar system calls. The broken
+      code found IPv4 interfaces correctly, but gave incorrect values for the
+      IPv6 interfaces. In particular, ::1 was not found. The effect in Exim was
+      that it would not match correctly against @[] and not recognize the IPv6
+      addresses as local.
+
+PH/02 The ipliteral router was not recognizing addresses of the form user@
+      [ipv6:....] because it didn't know about the "ipv6:" prefix.
+
+PH/03 Added disable_ipv6.
+
+PH/04 Changed $reply_address to use the raw form of the headers instead of the
+      decoded form, because it is most often used to construct To: headers
+      lines in autoreplies, and the decoded form may well be syntactically
+      invalid. However, $reply_address has leading white space removed, and all
+      newlines turned into spaces so that the autoreply transport does not
+      grumble.
+
+PH/05 If group was specified without a user on a router, and no group or user
+      was specified on a transport, the group from the router was ignored.
+
+PH/06 Increased the number of ACL variables to 20 of each type, and arranged
+      for visible compile-time settings that can be used to change these
+      numbers, for those that want even more. Backwards compatibility with old
+      spool files has been maintained. However, going back to a previous Exim
+      release will lost any variables that are in spool files.
+
+PH/07 Two small changes when running in the test harness: increase delay when
+      passing a TCP/IP connection to a new process, in case the original
+      process has to generate a bounce, and remove special handling of
+      127.0.0.2 (sic), which is no longer necessary.
+
+PH/08 Changed debug output of dbfn_open() flags from numbers to names, so as to
+      be the same on different OS.
+
+PH/09 Moved a debug statement in filter processing to avoid a race problem when
+      testing.
+
+JJ/01 exipick: fixed bug where -b (brief) output option showed "Vars:"
+      whether --show-vars was specified or not
+
+JJ/02 exipick: Added support for new ACL variable spool format introduced
+      in 4.61-PH/06
+
+PH/10 Fixed another bug related to PH/04 above: if an incoming message had a
+      syntactically invalid From: or Reply-to: line, and a filter used this to
+      generate an autoreply, and therefore failed to obtain an address for the
+      autoreply, Exim could try to deliver to a non-existent relative file
+      name, causing unrelated and misleading errors. What now happens is that
+      it logs this as a hard delivery error, but does not attempt to create a
+      bounce message.
+
+PH/11 The exinext utility has a -C option for testing purposes, but although
+      the given file was scanned by exinext itself; it wasn't being passed on
+      when Exim was called.
+
+PH/12 In the smtp transport, treat an explicit ECONNRESET error the same as
+      an end-of-file indication when reading a command response.
+
+PH/13 Domain literals for IPv6 were not recognized unless IPv6 support was
+      compiled. In many other places in Exim, IPv6 addresses are always
+      recognized, so I have changed this. It also means that IPv4 domain
+      literals of the form [IPV4:n.n.n.n] are now always recognized.
+
+PH/14 When a uid/gid is specified for the queryprogram router, it cannot be
+      used if the router is not running as root, for example, when verifying at
+      ACL time, or when using -bh. The debugging output from this situation was
+      non-existent - all you got was a failure to exec. I have made two
+      changes:
+
+      (a) Failures to set uid/gid, the current directory, or a process leader
+          in a subprocess such as that created by queryprogram now generate
+          suitable debugging output when -d is set.
+
+      (b) The queryprogram router detects when it is not running as root,
+          outputs suitable debugging information if -d is set, and then runs
+          the subprocess without attempting to change uid/gid.
+
+PH/15 Minor change to Makefile for building test_host (undocumented testing
+      feature).
+
+PH/16 As discussed on the list in Nov/Dec: Exim no longer looks at the
+      additional section of a DNS packet that returns MX or SRV records.
+      Instead, it always explicitly searches for A/AAAA records. This avoids
+      major problems that occur when a DNS server includes only records of one
+      type (A or AAAA) in an MX/SRV packet. A byproduct of this change has
+      fixed another bug: if SRV records were looked up and the corresponding
+      address records were *not* found in the additional section, the port
+      values from the SRV records were lost.
+
+PH/17 If a delivery to a pipe, file, or autoreply was deferred, Exim was not
+      using the correct key (the original address) when searching the retry
+      rules in order to find which one to use for generating the retry hint.
+
+PH/18 If quota_warn_message contains a From: header, Exim now refrains from
+      adding the default one. Similarly, if it contains a Reply-To: header, the
+      errors_reply_to option, if set, is not used.
+
+PH/19 When calculating a retry time, Exim used to measure the "time since
+      failure" by looking at the "first failed" field in the retry record. Now
+      it does not use this if it is later than than the arrival time of the
+      message. Instead it uses the arrival time. This makes for better
+      behaviour in cases where some deliveries succeed, thus re-setting the
+      "first failed" field. An example is a quota failure for a huge message
+      when small messages continue to be delivered. Without this change, the
+      "time since failure" will always be short, possible causing more frequent
+      delivery attempts for the huge message than are intended.
+      [Note: This change was subsequently modified - see PH/04 for 4.62.]
+
+PH/20 Added $auth1, $auth2, $auth3 to contain authentication data (as well as
+      $1, $2, $3) because the numerical variables can be reset during some
+      expansion items (e.g. "match"), thereby losing the authentication data.
+
+PH/21 Make -bV show the size of off_t variables so that the test suite can
+      decide whether to run tests for quotas > 2G.
+
+PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold,
+      mailbox_size, and mailbox_filecount in the appendfile transport. If a
+      filecount value is greater than 2G or if a quota value is greater than 2G
+      on a system where the size of off_t is not greater than 4, a panic error
+      is given.
+
+PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
+      never match. The debug and -bh output now contains an explicit error
+      message indicating a malformed IPv4 address or mask.
+
+PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
+      1.2.3.4 without a mask. Now it is not recognized as an IP address, and
+      PH/23 above applies.
+
+PH/25 Do not write to syslog when running in the test harness. The only
+      occasion when this arises is a failure to open the main or panic logs
+      (for which there is an explicit test).
+
+PH/26 Added the /no_tell option to "control=freeze".
+
+PH/27 If a host name lookup failed very early in a connection, for example, if
+      the IP address matched host_lookup and the reverse lookup yielded a name
+      that did not have a forward lookup, an error message of the form "no IP
+      address found for host xxx.xxx.xxx (during SMTP connection from NULL)"
+      could be logged. Now it outputs the IP address instead of "NULL".
+
+PH/28 An enabling patch from MH: add new function child_open_exim2() which
+      allows the sender and the authenticated sender to be set when
+      submitting a message from within Exim. Since child_open_exim() is
+      documented for local_scan(), the new function should be too.
+
+PH/29 In GnuTLS, a forced expansion failure for tls_privatekey was not being
+      ignored. In both GnuTLS and OpenSSL, an expansion of tls_privatekey that
+      results in an empty string is now treated as unset.
+
+PH/30 Fix eximon buffer overflow bug (Bugzilla #73).
+
+PH/31 Added sender_verify_fail logging option.
+
+PH/32 In November 2003, the code in Exim that added an empty Bcc: header when
+      needed by RFC 822 but not by RFC 2822 was commented out. I have now
+      tidied the source and removed it altogether.
+
+PH/33 When a queue run was abandoned because the load average was too high, a
+      log line was always written; now it is written only if the queue_run log
+      selector is set. In addition, the log line for abandonment now contains
+      information about the queue run such as the pid. This is always present
+      in "start" and "stop" lines but was omitted from the "abandon" line.
+
+PH/34 Omit spaces between a header name and the colon in the error message that
+      is given when verify = headers_syntax fails (if there are lots of them,
+      the message gets confusing).
+
+PH/35 Change the default for dns_check_names_pattern to allow slashes within
+      names, as there are now some PTR records that contain slashes. This check
+      is only to protect against broken name servers that fall over on strange
+      characters, so the fact that it applies to all lookups doesn't matter.
+
+PH/36 Now that the new test suite is complete, we can remove some of the
+      special code in Exim that was needed for the old test suite. For example,
+      sorting DNS records because real resolvers return them in an arbitrary
+      order. The new test suite's fake resolver always returns records in the
+      same order.
+
+PH/37 When running in the test harness, use -odi for submitted messages (e.g.
+      bounces) except when queue_only is set, to avoid logging races between
+      the different processes.
+
+PH/38 Panic-die if .include specifies a non-absolute path.
+
+PH/39 A tweak to the "H" retry rule from its user.
+
+JJ/03 exipick: Removed parentheses from 'next' and 'last' calls that specified
+      a label.  They prevented compilation on older perls.
+
+JJ/04 exipick: Refactored code to prevent implicit split to @_ which caused
+      a warning to be raised on newish perls.
+
+JJ/05 exipick: Fixed bug where -bpc always showed a count of all messages
+      on queue.  Changes to match documented behaviour of showing count of
+      messages matching specified criteria.
+
+PH/40 Changed the default ident timeout from 30s to 5s.
+
+PH/41 Added support for the use of login_cap features, on those BSD systems
+      that have them, for controlling the resources used by pipe deliveries.
+
+PH/42 The content-scanning code uses fopen() to create files in which to put
+      message data. Previously it was not paying any attention to the mode of
+      the files. Exim runs with umask(0) because the rest of the code creates
+      files with open(), and sets the required mode explicitly. Thus, these
+      files were ending up world-writeable. This was not a big issue, because,
+      being within the spool directory, they were not world-accessible. I have
+      created a function called modefopen, which takes an additional mode
+      argument. It sets umask(777), creates the file, chmods it to the required
+      mode, then resets the umask. All the relevant calls to fopen() in the
+      content scanning code have been changed to use this function.
+
+PH/43 If retry_interval_max is set greater than 24 hours, it is quietly reset
+      to 24 hours. This avoids potential overflow problems when processing G
+      and H retry rules. I suspect nobody ever tinkers with this value.
+
+PH/44 Added STRIP_COMMAND=/usr/bin/strip to the FreeBSD Makefile.
+
+PH/45 When the plaintext authenticator is running as a client, the server's
+      challenges are checked to ensure they are valid base64 strings. By
+      default, the authentication attempt is cancelled if an invalid string is
+      received. Setting client_ignore_invalid_base64 true ignores these errors.
+      The decoded challenge strings are now placed in $auth1, $auth2, etc. as
+      they are received. Thus, the responses can be made to depend on the
+      challenges. If an invalid string is ignored, an empty string is placed in
+      the variable.
+
+PH/46 Messages that are created by the autoreply transport now contains a
+      References: header, in accordance with RFCs 2822 and 3834.
+
+PH/47 Added authenticated_sender_force to the smtp transport.
+
+PH/48 The ${prvs expansion was broken on systems where time_t was long long.
+
+PH/49 Installed latest patch from the Sieve maintainer.
+
+PH/50 When an Exim quota was set without a file count quota, and mailbox_size
+      was also set, the appendfile transport was unnecessarily scanning a
+      directory of message files (e.g. for maildir delivery) to find the count
+      of files (along with the size), even though it did not need this
+      information. It now does the scan only if it needs to find either the
+      size of the count of files.
+
+PH/51 Added ${time_eval: to convert Exim time strings into seconds.
+
+PH/52 Two bugs concerned with error handling when the smtp transport is
+      used in LMTP mode:
+
+      (i) Exim was not creating retry information for temporary errors given
+      for individual recipients after the DATA command when the smtp transport
+      was used in LMTP mode. This meant that they could be retried too
+      frequently, and not timed out correctly.
+
+      (ii) Exim was setting the flag that allows error details to be returned
+      for LMTP errors on RCPT commands, but not for LMTP errors for individual
+      recipients that were returned after the DATA command.
+
+PH/53 This is related to PH/52, but is more general: for any failing address,
+      when detailed error information was permitted to be returned to the
+      sender, but the error was temporary, then after the final timeout, only
+      "retry timeout exceeded" was returned. Now it returns the full error as
+      well as "retry timeout exceeded".
+
+PH/54 Added control=allow_auth_unadvertised, as it seems there are clients that
+      do this, and (what is worse) MTAs that accept it.
+
+PH/55 Added the add_header modified to ACLs. The use of "message" with "warn"
+      will now be deprecated.
+
+PH/56 New os.c-cygwin from the Cygwin maintainer.
+
+JJ/06 exipick: added --unsorted option to allow unsorted output in all output
+      formats (previously only available in exim formats via -bpr, -bpru,
+      and -bpra.  Now also available in native and exiqgrep formats)
+
+JJ/07 exipick: added --freeze and --thaw options to allow faster interaction
+      with very large, slow to parse queues
+
+JJ/08 exipick: added ! as generic prefix to negate any criteria format
+
+JJ/09 exipick: miscellaneous performance enhancements (~24% improvements)
+
+PH/57 Tidies in SMTP dialogue display in debug output: (i) It was not showing
+      responses to authentication challenges, though it was showing the
+      challenges; (ii) I've removed the CR characters from the debug output for
+      SMTP output lines.
+
+PH/58 Allow for the insertion of a newline as well as a space when a string
+      is turned into more than one encoded-word during RFC 2047 encoding. The
+      Sieve code now uses this.
+
+PH/59 Added the following errors that can be detected in retry rules: mail_4xx,
+      data_4xx, lost_connection, tls_required.
+
+PH/60 When a VRFY deferred or FAILED, the log message rather than the user
+      message was being sent as an SMTP response.
+
+PH/61 Add -l and -k options to exicyclog.
+
+PH/62 When verifying, if an address was redirected to one new address, so that
+      verification continued, and the new address failed or deferred after
+      having set something in $address_data, the value of $address_data was not
+      passed back to the ACL. This was different to the case when no
+      redirection occurred. The value is now passed back in both cases.
+
+PH/63 Changed the macro HAVE_LOGIN_CAP (see PH/41 for this release above) to
+      HAVE_SETCLASSRESOURCES because there are different APIs in use that all
+      use login_cap.h, so on its own it isn't the distinguishing feature. The
+      new name refers directly to the setclassresources() function.
+
+PH/65 Added configuration files for NetBSD3.
+
+PH/66 Updated OS/Makefile-HP-UX for gcc 4.1.0 with HP-UX 11.
+
+PH/67 Fixed minor infelicity in the sorting of addresses to ensure that IPv6
+      is preferred over IPv4.
+
+PH/68 The bounce_return_message and bounce_return_body options were not being
+      honoured for bounces generated during the reception of non-SMTP messages.
+      In particular, this applied to messages rejected by the ACL. This bug has
+      been fixed. However, if bounce_return_message is true and bounce_return_
+      body is false, the headers that are returned for a non-SMTP message
+      include only those that have been read before the error was detected.
+      (In the case of an ACL rejection, they have all been read.)
+
+PH/69 The HTML version of the specification is now built in a directory called
+      spec_html instead of spec.html, because the latter looks like a path with
+      a MIME-type, and this confuses some software.
+
+PH/70 Catch two compiler warnings in sieve.c.
+
+PH/71 Fixed an obscure and subtle bug (thanks Alexander & Matthias). The
+      function verify_get_ident() calls ip_connect() to connect a socket, but
+      if the "connect()" function timed out, ip_connect() used to close the
+      socket. However, verify_get_ident() also closes the socket later, and in
+      between Exim writes to the log, which may get opened at this point. When
+      the socket was closed in ip_connect(), the log could get the same file
+      descriptor number as the socket. This naturally causes chaos. The fix is
+      not to close the socket in ip_connect(); the socket should be closed by
+      the function that creates it. There was only one place in the code where
+      this was missing, in the iplookup router, which I don't think anybody now
+      uses, but I've fixed it anyway.
+
+PH/72 Make dns_again_means_nonexist apply to lookups using gethostbyname() as
+      well as to direct DNS lookups. Otherwise the handling of names in host
+      lists is inconsistent and therefore confusing.
+
+
+Exim version 4.60
+-----------------
+
+PH/01 Two changes to the default runtime configuration:
+
+      (1) Move the checks for relay_from_hosts and authenticated clients from
+          after to before the (commented out) DNS black list checks.
+
+      (2) Add control=submission to the relay_from_hosts and authenticated
+          clients checks, on the grounds that messages accepted by these
+          statements are most likely to be submissions.
+
+PH/02 Several tidies to the handling of ${prvs and ${prvscheck:
+
+      (1) Generate an error if the third argument for the ${prvs expansion is
+          not a single digit.
+
+      (2) Treat a missing third argument of ${prvscheck as if it were an empty
+          string.
+
+      (3) Reset the variables that are obtained from the first argument of
+          ${prvscheck and used in the second argument before leaving the code,
+          because their memory is reclaimed, so using them afterwards may do
+          silly things.
+
+      (4) Tidy up the code for expanding the arguments of ${prvscheck one by
+          one (it's much easier than Tom thought :-).
+
+      (5) Because of (4), we can now allow for the use of $prvscheck_result
+          inside the third argument.
+
+PH/03 For some reason, the default setting of PATH when running a command from
+      a pipe transport was just "/usr/bin". I have changed it to
+      "/bin:/usr/bin".
+
+PH/04 SUPPORT_TRANSLATE_IP_ADDRESS and MOVE_FROZEN_MESSAGES did not cause
+      anything to be listed in the output from -bV.
+
+PH/05 When a filter generated an autoreply, the entire To: header line was
+      quoted in the delivery log line, like this:
+
+        => >A.N.Other <ano@some.domain> <original@ddress> ...
+
+      This has been changed so that it extracts the operative address. There
+      may be more than one such address. If so, they are comma-separated, like
+      this:
+
+        => >ano@some.domain,ona@other.domain <original@ddress> ...
+
+PH/06 When a client host used a correct literal IP address in a HELO or EHLO
+      command, (for example, EHLO [1.2.3.4]) and the client's IP address was
+      not being looked up in the rDNS to get a host name, Exim was showing the
+      IP address twice in Received: lines, even though the IP addresses were
+      identical. For example:
+
+        Received: from [1.2.3.4] (helo=[1.2.3.4])
+
+      However, if the real host name was known, it was omitting the HELO data
+      if it matched the actual IP address. This has been tidied up so that it
+      doesn't show the same IP address twice.
+
+PH/07 When both +timestamp and +memory debugging was on, the value given by
+      $tod_xxx expansions could be wrong, because the tod_stamp() function was
+      called by the debug printing, thereby overwriting the timestamp buffer.
+      Debugging no longer uses the tod_stamp() function when +timestamp is set.
+
+PH/08 When the original message was included in an autoreply transport, it
+      always said "this is a copy of the message, including all the headers",
+      even if body_only or headers_only was set. It now gives an appropriate
+      message.
+
+PH/09 Applied a patch from the Sieve maintainer which:
+
+      o  fixes some comments
+      o  adds the (disabled) notify extension core
+      o  adds some debug output for the result of if/elsif tests
+      o  points to the current vacation draft in the documentation
+         and documents the missing references header update
+
+      and most important:
+
+      o  fixes a bug in processing the envelope test (when testing
+         multiple envelope elements, the last element determined the
+         result)
+
+PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to
+      Electronic Mail") by including:
+
+        Auto-submitted: auto-generated
+
+      in the messages that it generates (bounce messages and others, such as
+      warnings). In the case of bounce messages for non-SMTP messages, there was
+      also a typo: it was using "Auto_submitted" (underscore instead of
+      hyphen). Since every message generated by Exim is necessarily in response
+      to another message, thes have all been changed to:
+
+        Auto-Submitted: auto-replied
+
+      in accordance with these statements in the RFC:
+
+        The auto-replied keyword:
+
+        -  SHOULD be used on messages sent in direct response to another
+           message by an automatic process,
+
+        -  MUST NOT be used on manually-generated messages,
+
+        -  MAY be used on Delivery Status Notifications (DSNs) and Message
+           Disposition Notifications (MDNs),
+
+        -  MUST NOT be used on messages generated by automatic or periodic
+           processes, except for messages which are automatic responses to
+           other messages.
+
+PH/11 Added "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
+      to the default Received: header definition.
+
+PH/12 Added log selector acl_warn_skipped (default on).
+
+PH/13 After a successful wildlsearch lookup, discard the values of numeric
+      variables because (a) they are in the wrong storage pool and (b) even if
+      they were copied, it wouldn't work properly because of the caching.
+
+PH/14 Add check_rfc2047_length to disable enforcement of RFC 2047 length
+      checking when decoding. Apparently there are clients that generate
+      overlong encoded strings. Why am I not surprised?
+
+PH/15 If the first argument of "${if match_address" was not empty, but did not
+      contain an "@" character, Exim crashed. Now it writes a panic log message
+      and treats the condition as false.
+
+PH/16 In autoreply, treat an empty string for "once" the same as unset.
+
+PH/17 A further patch from the Sieve maintainer: "Introduce the new Sieve
+      extension "envelope-auth".  The code is finished and in agreement with
+      other implementations, but there is no documentation so far and in fact,
+      nobody wrote the draft yet.  This extension is currently #undef'ed, thus
+      not changing the active code.
+
+      Print executed "if" and "elsif" statements when debugging is used. This
+      helps a great deal to understand what a filter does.
+
+      Document more things not specified clearly in RFC3028.  I had all this
+      sorted out, when out of a sudden new issues came to my mind.  Oops."
+
+PH/18 Exim was not recognizing the "net-" search type prefix in match_ip lists
+      (Bugzilla #53).
+
+PH/19 Exim expands the IPv6 address given to -bh to its full non-abbreviated
+      canonical form (as documented). However, after a host name lookup from
+      the IP address, check_host() was doing a simple string comparison with
+      addresses acquired from the DNS when checking that the found name did
+      have the original IP as one of its addresses. Since any found IPv6
+      addresses are likely to be in abbreviated form, the comparison could
+      fail. Luckily, there already exists a function for doing the comparison
+      by converting both addresses to binary, so now that is used instead of
+      the text comparison.
+
+PH/20 There was another similar case to PH/19, when a complete host name was
+      given in a host list; looking up its IP address could give an abbreviated
+      form, whereas the current host's name might or might not be abbreviated.
+      The same fix has been applied.
+
+
+Exim version 4.54
+-----------------
+
+PH/01 The ${base62: operator adjusted itself to base 36 when BASE_62 was
+      set to 36 (for Darwin and Cygwin), but the ${base62d: operator did not.
+      It now does.
+
+PH/02 Two minor problems detected in Cygwin: the os.{c,h} files had lost */ on
+      the CVS lines, and there was a missing #if HAVE_IPV6 in host.c.
+
+PH/03 Typo: missing ".o" in src/pcre/Makefile.
+
+PH/04 Tighten up "personal" tests: Instead of testing for any "List-"
+      header line, restrict the check to what is listed in RFCs 2369 and 2929.
+      Also, for "Auto-Submitted", treat anything other than "no" as
+      non-personal, in accordance with RFC 3834. (Previously it treated
+      anything starting "auto-" as non-personal.)
+
+TF/01 The control=submission/name=... option had a problem with syntax
+      errors if the name included a slash character. The /name= option
+      now slurps the rest of the string, so it can include any characters
+      but it must come last in the list of options (after /sender_retain
+      or /domain=).
+
+PH/05 Some modifications to the interface to the fake nameserver for the new
+      testing suite.
+
+
+
+Exim version 4.53
+-----------------
+
+TK/01 Added the "success_on_redirect" address verification option. See
+      NewStuff for rationale and an example.
+
+PH/01 Added support for SQLite, basic code supplied by David Woodhouse.
+
+PH/02 Patch to exigrep to allow it to work on syslog lines.
+
+PH/03 When creating an mbox file for a virus/spam scan, use fseek() instead of
+      fread() to skip over the body file's header line, because in Cygwin the
+      header line is locked and is inaccessible.
+
+PH/04 Added $message_exim_id, ultimately to replace $message_id (they will both
+      co-exist for some time) to make it clear that it is the Exim ID that is
+      referenced, not the Message-ID: header line.
+
+PH/05 Replaced all Tom's calls to snprintf() with calls to the internal
+      string_format() function, because snprintf() does not exist on all
+      operating systems.
+
+PH/06 The use of forbid_filter_existstest now also locks out the use of the
+      ${stat: expansion item.
+
+PH/07 Changed "SMTP protocol violation: synchronization error" into "SMTP
+      protocol synchronization error", to keep the pedants happy.
+
+PH/08 Arrange for USE_INET_NTOA_FIX to be set in config.h for AIX systems as
+      well as for IRIX systems, when gcc is being used. See the host.c source
+      file for comments.
+
+PH/09 Installed latest Cygwin configuration files from the Cygwin maintainer.
+
+PH/10 Named domain lists were not working if used in a queue_smtp_domains
+      setting.
+
+PH/11 Added support for the IGNOREQUOTA extension to LMTP, both to the lmtp
+      transport and to the smtp transport in LMTP mode.
+
+TK/02 Remove one case of BASE64 error detection FTTB (undocumented anyway).
+
+PH/12 There was a missing call to search_tidyup() before the fork() in rda.c to
+      run a filter in a subprocess. This could lead to confusion in subsequent
+      lookups in the parent process. There should also be a search_tidyup() at
+      the end of the subprocess.
+
+PH/13 Previously, if "verify = helo" was set in an ACL, the condition was true
+      only if the host matched helo_try_verify_hosts, which caused the
+      verification to occur when the EHLO/HELO command was issued. The ACL just
+      tested the remembered result. Now, if a previous verification attempt has
+      not happened, "verify = helo" does it there and then.
+
+JJ/01 exipick: added $message_exim_id variable (see 4.53-PH/04)
+
+TK/03 Fix log output including CR from clamd.
+
+PH/14 A reference to $reply_address when Reply-to: was empty and From: did not
+      exist provoked a memory error which could cause a segfault.
+
+PH/15 Installed PCRE 6.2
+
+PH/17 Defined BIND_8_COMPAT in the Darwin os.h file.
+
+PH/18 Reversed 4.52/PH/17 because the HP-UX user found it wasn't the cause
+      of the problem. Specifically, suggested +O2 rather than +O1 for the
+      HP-UX compiler.
+
+PH/19 Added sqlite_lock_timeout option (David Woodhouse's patch).
+
+PH/20 If a delivery was routed to a non-standard port by means of an SRV
+      record, the port was not correctly logged when the outgoing_port log
+      selector was set (it logged the transort's default port).
+
+PH/21 Added support for host-specific ports to manualroute, queryprogram,
+      fallback_hosts, and "hosts" in the smtp transport.
+
+PH/22 If the log selector "outgoing_port" is set, the port is now also given on
+      host errors such as "Connection refused".
+
+PH/23 Applied a patch to fix problems with exim-4.52 while doing radius
+      authentication with radiusclient 0.4.9:
+
+      - Error returned from rc_read_config was caught wrongly
+      - Username/password not passed on to radius server due to wrong length.
+
+      The presumption is that some radiusclient API changes for 4.51/PH/17
+      were not taken care of correctly. The code is still untested by me (my
+      Linux distribution still has 0.3.2 of radiusclient), but it was
+      contributed by a Radius user.
+
+PH/24 When doing a callout, the value of $domain wasn't set correctly when
+      expanding the "port" option of the smtp transport.
+
+TK/04 MIME ACL: Fix buffer underrun that occurs when EOF condition is met
+      while reading a MIME header. Thanks to Tom Hughes for a patch.
+
+PH/24 Include config.h inside local_scan.h so that configuration settings are
+      available.
+
+PH/25 Make $smtp_command_argument available after all SMTP commands. This means
+      that in an ACL for RCPT (for example), you can examine exactly what was
+      received.
+
+PH/26 Exim was recognizing IPv6 addresses of the form [IPv6:....] in EHLO
+      commands, but it was not correctly comparing the address with the actual
+      client host address. Thus, it would show the EHLO address in Received:
+      header lines when this was not necessary.
+
+PH/27 Added the % operator to ${eval:}.
+
+PH/28 Exim tries to create and chdir to its spool directory when it starts;
+      it should be ignoring failures (because with -C, for example, it has lost
+      privilege). It wasn't ignoring creation failures other than "already
+      exists".
+
+PH/29 Added "crypteq" to the list of supported features that Exim outputs when
+      -bV or -d is used.
+
+PH/30 Fixed (presumably very longstanding) bug in exim_dbmbuild: if it failed
+      because an input line was too long, either on its own, or by virtue of
+      too many continuations, the temporary file was not being removed, and the
+      return code was incorrect.
+
+PH/31 Missing "BOOL" in function definition in filtertest.c.
+
+PH/32 Applied Sieve patches from the maintainer.
+
+TK/05 Domainkeys: Accomodate for a minor API change in libdomainkeys 0.67.
+
+PH/33 Added "verify = not_blind".
+
+PH/34 There are settings for CHOWN_COMMAND and MV_COMMAND that can be used in
+      Local/Makefile (with some defaults set). These are used in built scripts
+      such as exicyclog, but they have never been used in the exim_install
+      script (though there are many overriding facilities there). I have
+      arranged that the exim_install script now takes note of these two
+      settings.
+
+PH/35 Installed configuration files for Dragonfly.
+
+PH/36 When a locally submitted message by a trusted user did not contain a
+      From: header, and the sender address was obtained from -f or from an SMTP
+      MAIL command, and the trusted user did not use -F to supply a sender
+      name, $originator_name was incorrectly used when constructing a From:
+      header. Furthermore, $originator_name was used for submission mode
+      messages from external hosts without From: headers in a similar way,
+      which is clearly wrong.
+
+PH/37 Added control=suppress_local_fixups.
+
+PH/38 When log_selector = +received_sender was set, and the addition of the
+      sender made the log line's construction buffer exactly full, or one byte
+      less than full, an overflow happened when the terminating "\n" was
+      subsequently added.
+
+PH/39 Added a new log selector, "unknown_in_list", which provokes a log entry
+      when the result of a list match is failure because a DNS lookup failed.
+
+PH/40 RM_COMMAND is now used in the building process.
+
+PH/41 Added a "distclean" target to the top-level Makefile; it deletes all
+      the "build-* directories that it finds.
+
+PH/42 (But a TF fix): In a domain list, Exim incorrectly matched @[] if the IP
+      address in a domain literal was a prefix of an interface address.
+
+PH/43 (Again a TF fix): In the dnslookup router, do not apply widen_domains
+      when verifying a sender address, unless rewrite_headers is false.
+
+PH/44 Wrote a long comment about why errors_to addresses are verified as
+      recipients, not senders.
+
+TF/01 Add missing LIBS=-lm to OS/Makefile-OpenBSD which was overlooked when
+      the ratelimit ACL was added.
+
+PH/45 Added $smtp_command for the full command (cf $smtp_command_argument).
+
+PH/46 Added extra information about PostgreSQL errors to the error string.
+
+PH/47 Added an interface to a fake DNS resolver for use by the new test suite,
+      avoiding the need to install special zones in a real server. This is
+      backwards compatible; if it can't find the fake resolver, it drops back.
+      Thus, both old and new test suites can be run.
+
+TF/02 Added util/ratelimit.pl
+
+TF/03 Minor fix to the ratelimit code to improve its behaviour in case the
+      clock is set back in time.
+
+TF/04 Fix the ratelimit support in exim_fixdb. Patch provided by Brian
+      Candler <B.Candler@pobox.com>.
+
+TF/05 The fix for PH/43 was not completely correct; widen_domains is always
+      OK for addresses that are the result of redirections.
+
+PH/48 A number of further additions for the benefit of the new test suite,
+      including a fake gethostbyname() that interfaces to the fake DNS resolver
+      (see PH/47 above).
+
+TF/06 The fix for widen_domains has also been applied to qualify_single and
+      search_parents which are the other dnslookup options that can cause
+      header rewrites.
+
+PH/49 Michael Haardt's randomized retrying, but as a separate retry parameter
+      type ("H").
+
+PH/50 Make never_users, trusted_users, admin_groups, trusted_groups expandable.
+
+TF/07 Exim produced the error message "an SRV record indicated no SMTP
+      service" if it encountered an MX record with an empty target hostname.
+      The message is now "an MX or SRV record indicated no SMTP service".
+
+TF/08 Change PH/13 introduced the possibility that verify=helo may defer,
+      if the DNS of the sending site is misconfigured. This is quite a
+      common situation. This change restores the behaviour of treating a
+      helo verification defer as a failure.
+
+PH/51 If self=fail was set on a router, the bounce message did not include the
+      actual error message.
+
+
+Exim version 4.52
+-----------------
+
+TF/01 Added support for Client SMTP Authorization. See NewStuff for details.
+
+PH/01 When a transport filter timed out in a pipe delivery, and the pipe
+      command itself ended in error, the underlying message about the transport
+      filter timeout was being overwritten with the pipe command error. Now the
+      underlying error message should be appended to the second error message.
+
+TK/01 Fix poll() being unavailable on Mac OSX 10.2.
+
+PH/02 Reduce the amount of output that "make" produces by default. Full output
+      can still be requested.
+
+PH/03 The warning log line about a condition test deferring for a "warn" verb
+      was being output only once per connection, rather than after each
+      occurrence (because it was using the same function as for successful
+      "warn" verbs). This seems wrong, so I have changed it.
+
+TF/02 Two buglets in acl.c which caused Exim to read a few bytes of memory that
+      it should not have, which might have caused a crash in the right
+      circumstances, but probably never did.
+
+PH/04 Installed a modified version of Tony Finch's patch to make submission
+      mode fix the return path as well as the Sender: header line, and to
+      add a /name= option so that you can make the user's friendly name appear
+      in the header line.
+
+TF/03 Added the control = fakedefer ACL modifier.
+
+TF/04 Added the ratelimit ACL condition. See NewStuff for details. Thanks to
+      Mark Lowes for thorough testing.
+
+TK/02 Rewrote SPF support to work with libspf2 versions >1.2.0.
+
+TK/03 Merged latest SRS patch from Miles Wilton.
+
+PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts
+      with the definition in sysexits.h (which is #included earlier).
+      Fortunately, Exim does not actually use EX_OK. The code used to try to
+      preserve the sysexits.h value, by assuming that macro definitions were
+      scanned for macro replacements. I have been disabused of this notion,
+      so now the code just undefines EX_OK before #including unistd.h.
+
+PH/06 There is a timeout for writing blocks of data, set by, e.g. data_timeout
+      in the smtp transport. When a block could not be written in a single
+      write() function, the timeout was being re-applied to each part-write.
+      This seems wrong - if the receiver was accepting one byte at a time it
+      would take for ever. The timeout is now adjusted when this happens. It
+      doesn't have to be particularly precise.
+
+TK/04 Added simple SPF lookup method in EXPERIMENTAL_SPF. See NewStuff for
+      details. Thanks to Chris Webb <chris@arachsys.com> for the patch!
+
+PH/07 Added "fullpostmaster" verify option, which does a check to <postmaster>
+      without a domain if the check to <postmaster@domain> fails.
+
+SC/01 Eximstats: added -xls and the ability to specify output files
+     (patch written by Frank Heydlauf).
+
+SC/02 Eximstats: use FileHandles for outputting results.
+
+SC/03 Eximstats: allow any combination of xls, txt, and html output.
+
+SC/04 Eximstats: fixed display of large numbers with -nvr option
+
+SC/05 Eximstats: fixed merging of reports with empty tables.
+
+SC/06 Eximstats: added the -include_original_destination flag
+
+SC/07 Eximstats: removed tabs and trailing whitespace.
+
+TK/05 Malware: Improve on aveserver error handling. Patch from Alex Miller.
+
+TK/06 MBOX spool code: Add real "From " MBOX separator line
+      so the .eml file is really in mbox format (even though
+      most programs do not really care). Patch from Alex Miller.
+
+TK/07 MBOX spool code: Add X-Envelope-From: and X-Envelope-To: headers.
+      The latter is generated from $received_to and is only set if the
+      message has one envelope recipient. SA can use these headers,
+      obviously out-of-the-box. Patch from Alex Miller.
+
+PH/08 The ${def test on a variable was returning false if the variable's
+      value was "0", contrary to what the specification has always said!
+      The result should be true unless the variable is empty.
+
+PH/09 The syntax error of a character other than { following "${if
+      def:variable_name" (after optional whitespace) was not being diagnosed.
+      An expansion such as ${if def:sender_ident:{xxx}{yyy}} in which an
+      accidental colon was present, for example, could give incorrect results.
+
+PH/10 Tidied the code in a number of places where the st_size field of a stat()
+      result is used (not including appendfile, where other changes are about
+      to be made).
+
+PH/11 Upgraded appendfile so that quotas larger than 2G are now supported.
+      This involved changing a lot of size variables from int to off_t. It
+      should work with maildirs and everything.
+
+TK/08 Apply fix provided by Michael Haardt to prevent deadlock in case of
+      spamd dying while we are connected to it.
+
+TF/05 Fixed a ${extract error message typo reported by Jeremy Harris
+      <jgh@wizmail.org>
+
+PH/12 Applied Alex Kiernan's patch for the API change for the error callback
+      function for BDB 4.3.
+
+PH/13 Changed auto_thaw such that it does not apply to bounce messages.
+
+PH/14 Imported PCRE 6.0; this was more than just a trivial operation because
+      the sources for PCRE have been re-arranged and more files are now
+      involved.
+
+PH/15 The code I had for printing potentially long long variables in PH/11
+      above was not the best (it lost precision). The length of off_t variables
+      is now inspected at build time, and an appropriate printing format (%ld
+      or %lld) is chosen and #defined by OFF_T_FMT. We also define LONGLONG_T
+      to be "long long int" or "long int". This is needed for the internal
+      formatting function string_vformat().
+
+PH/16 Applied Matthew Newton's patch to exicyclog: "If log_file_path is set in
+      the configuration file to be ":syslog", then the script "guesses" where
+      the logs files are, rather than using the compiled in default. In our
+      case the guess is not the same as the compiled default, so the script
+      suddenly stopped working when I started to use syslog. The patch checks
+      to see if log_file_path is "". If so, it attempts to read it from exim
+      with no configuration file to get the compiled in version, before it
+      falls back to the previous guessing code."
+
+TK/09 Added "prvs" and "prvscheck" expansion items. These help a lot with
+      implementing BATV in an Exim configuration. See NewStuff for the gory
+      details.
+
+PH/17 Applied Michael Haardt's patch for HP-UX, affecting only the os.h and
+      Makefile that are specific to HP-UX.
+
+PH/18 If the "use_postmaster" option was set for a recipient callout together
+      with the "random" option, the postmaster address was used as the MAIL
+      FROM address for the random test, but not for the subsequent recipient
+      test. It is now used for both.
+
+PH/19 Applied Michael Haardt's patch to update Sieve to RFC3028bis. "The
+      patch removes a few documentation additions to RFC 3028, because the
+      latest draft now contains them. It adds the new en;ascii-case comparator
+      and a new error check for 8bit text in MIME parts. Comparator and
+      require names are now matched exactly. I enabled the subaddress
+      extension, but it is not well tested yet (read: it works for me)."
+
+PH/20 Added macros for time_t as for off_t (see PH/15 above) and used them to
+      rework some of the code of TK/09 above to avoid the hardwired use of
+      "%lld" and "long long". Replaced the call to snprintf() with a call to
+      string_vformat().
+
+PH/21 Added some other messages to those in 4.51/PH/42, namely "All relevant MX
+      records point to non-existent hosts", "retry timeout exceeded", and
+      "retry time not reached for any host after a long failure period".
+
+PH/22 Fixed some oversights/typos causing bugs when Exim is compiled with
+      experimental DomainKeys support:
+
+      (1) The filter variables $n0-$n9 and $sn0-$sn9 were broken.
+      (2) On an error such as an illegally used "control", the wrong name for
+          the control was given.
+
+      These problems did NOT occur unless DomainKeys support was compiled.
+
+PH/23 Added daemon_startup_retries and daemon_startup_sleep.
+
+PH/24 Added ${if match_ip condition.
+
+PH/25 Put debug statements on either side of calls to EXIM_DBOPEN() for hints
+      databases so that it will be absolutely obvious if a crash occurs in the
+      DB library. This is a regular occurrence (often caused by mis-matched
+      db.h files).
+
+PH/26 Insert a lot of missing (void) casts for functions such as chown(),
+      chmod(), fcntl(), sscanf(), and other functions from stdio.h. These were
+      picked up on a user's system that detects such things. There doesn't seem
+      to be a gcc warning option for this - only an attribute that has to be
+      put on the function's prototype. It seems that in Fedora Core 4 they have
+      set this on a number of new functions. No doubt there will be more in due
+      course.
+
+PH/27 If a dnslookup or manualroute router is set with verify=only, it need not
+      specify a transport. However, if an address that was verified by such a
+      router was the subject of a callout, Exim crashed because it tried to
+      read the rcpt_include_affixes from the non-existent transport. Now it
+      just assumes that the setting of that option is false. This bug was
+      introduced by 4.51/PH/31.
+
+PH/28 Changed -d+all to exclude +memory, because that information is very
+      rarely of interest, but it makes the output a lot bigger. People tend to
+      do -d+all out of habit.
+
+PH/29 Removed support for the Linux-libc5 build, as it is obsolete and the
+      code in os-type was giving problems when libc.so lives in lib64, like on
+      x86_64 Fedora Core.
+
+PH/30 Exim's DNS code uses the original T_xxx names for DNS record times. These
+      aren't the modern standard, and it seems that some systems' include files
+      don't always have them. Exim was already checking for some of the newer
+      ones like T_AAAA, and defining it itself. I've added checks for all the
+      record types that Exim uses.
+
+PH/31 When using GnuTLS, if the parameters cache file did not exist, Exim was
+      not automatically generating a new one, as it is supposed to. This
+      prevented TLS from working. If the file did exist, but contained invalid
+      data, a new version was generated, as expected. It was only the case of a
+      non-existent file that was broken.
+
+TK/10 Domainkeys: Fix a bug in verification that caused a crash in conjunction
+      with a change in libdomainkeys > 0.64.
+
+TK/11 Domainkeys: Change the logic how the "testing" policy flag is retrieved
+      from DNS. If the selector record carries the flag, it now has
+      precedence over the domain-wide flag.
+
+TK/12 Cleared some compiler warnings related to SPF, SRS and DK code.
+
+PH/32 In mua_wrapper mode, if an smtp transport configuration error (such as
+      the use of a port name that isn't defined in /etc/services) occurred, the
+      message was deferred as in a normal delivery, and thus remained on the
+      spool, instead of being failed because of the mua_wrapper setting. This
+      is now fixed, and I tidied up some of the mua_wrapper messages at the
+      same time.
+
+SC/08 Eximstats: whilst parsing the mainlog(s), store information about
+      the messages in a hash of arrays rather than using individual hashes.
+      This is a bit cleaner and results in dramatic memory savings, albeit
+      at a slight CPU cost.
+
+SC/09 Eximstats: added the -show_rt<list> and the -show_dt<list> flags
+      as requested by Marc Sherman.
+
+SC/10 Eximstats: added histograms for user specified patterns as requested
+      by Marc Sherman.
+
+SC/11 Eximstats: v1.43 - bugfix for pattern histograms with -h0 specified.
+
+PH/33 Patch from the Cygwin maintainer to add "b" to all occurences of
+      fopen() in the content-scanning modules that did not already have it.
+
+
+Exim version 4.51
+-----------------
+
+TK/01 Added Yahoo DomainKeys support via libdomainkeys. See
+      doc/experimental-spec.txt for details. (http://domainkeys.sf.net)
+
+TK/02 Fix ACL "control" statement not being available in MIME ACL.
+
+TK/03 Fix ACL "regex" condition not being available in MIME ACL.
+
+PH/01 Installed a patch from the Sieve maintainer that allows -bf to be used
+      to test Sieve filters that use "vacation".
+
+PH/02 Installed a slightly modified version of Nikos Mavrogiannopoulos' patch
+      that changes the way the GnuTLS parameters are stored in the cache file.
+      The new format can be generated externally. For backward compatibility,
+      if the data in the cache doesn't make sense, Exim assumes it has read an
+      old-format file, and it generates new data and writes a new file. This
+      means that you can't go back to an older release without removing the
+      file.
+
+PH/03 A redirect router that has both "unseen" and "one_time" set does not
+      work if there are any delivery delays because "one_time" forces the
+      parent to be marked "delivered", so its unseen clone is never tried
+      again. For this reason, Exim now forbids the simultaneous setting of
+      these two options.
+
+PH/04 Change 4.11/85 fixed an obscure bug concerned with addresses that are
+      redirected to themselves ("homonym" addresses). Read the long ChangeLog
+      entry if you want to know the details. The fix, however, neglected to
+      consider the case when local delivery batching is involved. The test for
+      "previously delivered" was not happening when checking to see if an
+      address could be batched with a previous (undelivered) one; under
+      certain circumstances this could lead to multiple deliveries to the same
+      address.
+
+PH/05 Renamed the macro SOCKLEN_T as EXIM_SOCKLEN_T because AIX uses SOCKLEN_T
+      in its include files, and this causes problems building Exim.
+
+PH/06 A number of "verify =" ACL conditions have no options (e.g. verify =
+      header_syntax) but Exim was just ignoring anything given after a slash.
+      In particular, this caused confusion with an attempt to use "verify =
+      reverse_host_lookup/defer_ok". An error is now given when options are
+      supplied for verify items that do not have them. (Maybe reverse_host_
+      lookup should have a defer_ok option, but that's a different point.)
+
+PH/07 Increase the size of the buffer for incoming SMTP commands from 512 (as
+      defined by RFC 821) to 2048, because there were problems with some AUTH
+      commands, and RFC 1869 says the size should be increased for extended
+      SMTP commands that take arguments.
+
+PH/08 Added ${dlfunc dynamically loaded function for expansion (code from Tony
+      Finch).
+
+PH/09 Previously, an attempt to use ${perl when it wasn't compiled gave an
+      "unknown" error; now it says that the functionality isn't in the binary.
+
+PH/10 Added a nasty fudge to try to recognize and flatten LDAP passwords in
+      an address' error message when a string expansion fails (syntax or
+      whatever). Otherwise the password may appear in the log. Following change
+      PH/42 below, there is no longer a chance of it appearing in a bounce
+      message.
+
+PH/11 Installed exipick version 20050225.0 from John Jetmore.
+
+PH/12 If the last host in a fallback_hosts list was multihomed, only the first
+      of its addresses was ever tried. (Bugzilla bug #2.)
+
+PH/13 If "headers_add" in a transport didn't end in a newline, Exim printed
+      the result incorrectly in the debug output. (It correctly added a newline
+      to what was transported.)
+
+TF/01 Added $received_time.
+
+PH/14 Modified the default configuration to add an acl_smtp_data ACL, with
+      commented out examples of how to interface to a virus scanner and to
+      SpamAssassin. Also added commented examples of av_scanner and
+      spamd_address settings.
+
+PH/15 Further to TK/02 and TK/03 above, tidied up the tables of what conditions
+      and controls are allowed in which ACLs. There were a couple of minor
+      errors. Some of the entries in the conditions table (which is a table of
+      where they are NOT allowed) were getting very unwieldy; rewrote them as a
+      negation of where the condition IS allowed.
+
+PH/16 Installed updated OS/os.c-cygwin from the Cygwin maintainer.
+
+PH/17 The API for radiusclient changed at release 0.4.0. Unfortunately, the
+      header file does not have a version number, so I've had to invent a new
+      value for RADIUS_LIB_TYPE, namely "RADIUSCLIENTNEW" to request the new
+      API. The code is untested by me (my Linux distribution still has 0.3.2 of
+      radiusclient), but it was contributed by a Radius user.
+
+PH/18 Installed Lars Mainka's patch for the support of CRL collections in
+      files or directories, for OpenSSL.
+
+PH/19 When an Exim process that is running as root has to create an Exim log
+      file, it does so in a subprocess that runs as exim:exim so as to get the
+      ownership right at creation (otherwise, other Exim processes might see
+      the file with the wrong ownership). There was no test for failure of this
+      fork() call, which would lead to the process getting stuck as it waited
+      for a non-existent subprocess. Forks do occasionally fail when resources
+      run out. I reviewed all the other calls to fork(); they all seem to check
+      for failure.
+
+PH/20 When checking for unexpected SMTP input at connect time (before writing
+      the banner), Exim was not dealing correctly with a non-positive return
+      from the read() function. If the client had disconnected by this time,
+      the result was a log entry for a synchronization error with an empty
+      string after "input=" when read() returned zero. If read() returned -1
+      (an event I could not check), uninitialized data bytes were printed.
+      There were reports of junk text (parts of files, etc) appearing after
+      "input=".
+
+PH/21 Added acl_not_smtp_mime to allow for MIME scanning for non-SMTP messages.
+
+PH/22 Added support for macro redefinition, and (re)definition in between
+      driver and ACL definitions.
+
+PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then
+      forgetting to use the resulting value; it was using the unexpanded value.
+
+PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it
+      hadn't been configured. The fix is from Juergen Kreileder, who
+      understands it better than I do:
+
+      "Here's what I see happening with three configured cyrus_sasl
+      authenticators configured (plain, login, cram-md5):
+
+      On startup auth_cyrus_sasl_init() gets called for each of these.
+      This means three calls to sasl_listmech() without a specified mech_list.
+      => SASL tests which mechs of all available mechs actually work
+      => three warnings about OTP not working
+      => the returned list contains: plain, login, cram-md5, digest-md5, ...
+
+      With the patch, sasl_listmech() also gets called three times.  But now
+      SASL's mech_list option is set to the server_mech specified in the the
+      authenticator.  Or in other words, the answer from sasl_listmech()
+      gets limited to just the mech you're testing for (which is different
+      for each call.)
+      => the return list contains just 'plain' or 'login', 'cram-md5' or
+      nothing depending on the value of ob->server_mech.
+
+      I've just tested the patch: Authentication still works fine,
+      unavailable mechs specified in the exim configuration are still
+      caught, and the auth.log warnings about OTP are gone."
+
+PH/25 When debugging is enabled, the contents of the command line are added
+      to the debugging output, even when log_selector=+arguments is not
+      specified.
+
+PH/26 Change scripts/os-type so that when "uname -s" returns just "GNU", the
+      answer is "GNU", and only if the return is "GNU/something" is the answer
+      "Linux".
+
+PH/27 $acl_verify_message is now set immediately after the failure of a
+      verification in an ACL, and so is available in subsequent modifiers. In
+      particular, the message can be preserved by coding like this:
+
+         warn  !verify = sender
+               set acl_m0 = $acl_verify_message
+
+      Previously, $acl_verify_message was set only while expanding "message"
+      and "log_message" when a very denied access.
+
+PH/28 Modified OS/os.c-Linux with
+
+        -#ifndef OS_LOAD_AVERAGE
+        +#if !defined(OS_LOAD_AVERAGE) && defined(__linux__)
+
+      to make Exim compile on kfreebsd-gnu. (I'm totally confused about the
+      nomenclature these days.)
+
+PH/29 Installed patch from the Sieve maintainer that adds the options
+      sieve_useraddress and sieve_subaddress to the redirect router.
+
+PH/30 In these circumstances:
+        . Two addresses routed to the same list of hosts;
+        . First host does not offer TLS;
+        . First host accepts first address;
+        . First host gives temporary error to second address;
+        . Second host offers TLS and a TLS session is established;
+        . Second host accepts second address.
+      Exim incorrectly logged both deliveries with the TLS parameters (cipher
+      and peerdn, if requested) that were in fact used only for the second
+      address.
+
+PH/31 When doing a callout as part of verifying an address, Exim was not paying
+      attention to any local part prefix or suffix that was matched by the
+      router that accepted the address. It now behaves in the same way as it
+      does for delivery: the affixes are removed from the local part unless
+      rcpt_include_affixes is set on the transport.
+
+PH/32 Add the sender address, as F=<...>, to the log line when logging a
+      timeout during the DATA phase of an incoming message.
+
+PH/33 Sieve envelope tests were broken for match types other than :is. I have
+      applied a patch sanctioned by the Sieve maintainer.
+
+PH/34 Change 4.50/80 broke Exim in that it could no longer handle cases where
+      the uid or gid is negative. A case of a negative gid caused this to be
+      noticed. The fix allows for either to be negative.
+
+PH/35 ACL_WHERE_MIME is now declared unconditionally, to avoid too much code
+      clutter, but the tables that are indexed by ACL_WHERE_xxx values had been
+      overlooked.
+
+PH/36 The change PH/12 above was broken. Fixed it.
+
+PH/37 Exim used to check for duplicate addresses in the middle of routing, on
+      the grounds that routing the same address twice would always produce the
+      same answer. This might have been true once, but it is certainly no
+      longer true now. Routing a child address may depend on the previous
+      routing that produced that child. Some complicated redirection strategies
+      went wrong when messages had multiple recipients, and made Exim's
+      behaviour dependent on the order in which the addresses were given.
+
+      I have moved the duplicate checking until after the routing is complete.
+      Exim scans the addresses that are assigned to local and remote
+      transports, and removes any duplicates. This means that more work will be
+      done, as duplicates will always all be routed, but duplicates are
+      presumably rare, so I don't expect this is of any significance.
+
+      For deliveries to pipes, files, and autoreplies, the duplicate checking
+      still happens during the routing process, since they are not going to be
+      routed further.
+
+PH/38 Installed a patch from Ian Freislich, with the agreement of Tom Kistner.
+      It corrects a timeout issue with spamd. This is Ian's comment: "The
+      background is that sometimes spamd either never reads data from a
+      connection it has accepted, or it never writes response data. The exiscan
+      spam.[ch] uses a 3600 second timeout on spamd socket reads, further, it
+      blindly assumes that writes won't block so it may never time out."
+
+PH/39 Allow G after quota size as well as K and M.
+
+PH/40 The value set for $authenticated_id in an authenticator may not contain
+      binary zeroes or newlines because the value is written to log lines and
+      to spool files. There was no check on this. Now the value is run through
+      the string_printing() function so that such characters are converted to
+      printable escape sequences.
+
+PH/41 $message_linecount is a new variable that contains the total number of
+      lines in the message. Compare $body_linecount, which is the count for the
+      body only.
+
+PH/42 Exim no longer gives details of delivery errors for specific addresses in
+      bounce and delay warning messages, except in certain special cases, which
+      are as follows:
+
+      (a) An SMTP error message from a remote host;
+      (b) A message specified in a :fail: redirection;
+      (c) A message specified in a "fail" command in a system filter;
+      (d) A message specified in a FAIL return from the queryprogram router;
+      (e) A message specified by the cannot_route_message router option.
+
+      In these cases only, Exim does include the error details in bounce and
+      warning messages. There are also a few cases where bland messages such
+      as "unrouteable address" or "local delivery error" are given.
+
+PH/43 $value is now also set for the "else" part of a ${run expansion.
+
+PH/44 Applied patch from the Sieve maintainer: "The vacation draft is still
+      being worked on, but at least Exim now implements the latest version to
+      play with."
+
+PH/45 In a pipe transport, although a timeout while waiting for the pipe
+      process to complete was treated as a delivery failure, a timeout while
+      writing the message to the pipe was logged, but erroneously treated as a
+      successful delivery. Such timeouts include transport filter timeouts. For
+      consistency with the overall process timeout, these timeouts are now
+      treated as errors, giving rise to delivery failures by default. However,
+      there is now a new Boolean option for the pipe transport called
+      timeout_defer, which, if set TRUE, converts the failures into defers for
+      both kinds of timeout. A transport filter timeout is now identified in
+      the log output.
+
+PH/46 The "scripts/Configure-config.h" script calls "make" at one point. On
+      systems where "make" and "gmake" are different, calling "gmake" at top
+      level broke things. I've arranged for the value of $(MAKE) to be passed
+      from the Makefile to this script so that it can call the same version of
+      "make".
+
+
+A note about Exim versions 4.44 and 4.50
+----------------------------------------
+
+Exim 4.50 was meant to be the next release after 4.43. It contains a lot of
+changes of various kinds. As a consequence, a big documentation update was
+needed. This delayed the release for rather longer than seemed good, especially
+in the light of a couple of (minor) security issues. Therefore, the changes
+that fixed bugs were backported into 4.43, to create a 4.44 maintenance
+release. So 4.44 and 4.50 are in effect two different branches that both start
+from 4.43.
+
+I have left the 4.50 change log unchanged; it contains all the changes since
+4.43. The change log for 4.44 is below; many of its items are identical to
+those for 4.50. This seems to be the most sensible way to preserve the
+historical information.
+
+
+Exim version 4.50
+-----------------
+
+ 1. Minor wording change to the doc/README.SIEVE file.
+
+ 2. Change 4.43/35 introduced a bug: if quota_filecount was set, the
+    computation of the current number of files was incorrect.
+
+ 3. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
+    bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
+    place.
+
+ 4. Give more explanation in the error message when the command for a transport
+    filter fails to execute.
+
+ 5. There are several places where Exim runs a non-Exim command in a
+    subprocess. The SIGUSR1 signal should be disabled for these processes. This
+    was being done only for the command run by the queryprogram router. It is
+    now done for all such subprocesses. The other cases are: ${run, transport
+    filters, and the commands run by the lmtp and pipe transports.
+
+ 6. Added CONFIGURE_GROUP build-time option.
+
+ 7. Some older OS have a limit of 256 on the maximum number of file
+    descriptors. Exim was using setrlimit() to set 1000 as a large value
+    unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
+    systems. I've change it so that if it can't get 1000, it tries for 256.
+
+ 8. "control=submission" was allowed, but had no effect, in a DATA ACL. This
+    was an oversight, and furthermore, ever since the addition of extra
+    controls (e.g. 4.43/32), the checks on when to allow different forms of
+    "control" were broken. There should now be diagnostics for all cases when a
+    control that does not make sense is encountered.
+
+ 9. Added the /retain_sender option to "control=submission".
+
+10. $recipients is now available in the predata ACL (oversight).
+
+11. Tidy the search cache before the fork to do a delivery from a message
+    received from the command line. Otherwise the child will trigger a lookup
+    failure and thereby defer the delivery if it tries to use (for example) a
+    cached ldap connection that the parent has called unbind on.
+
+12. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
+    of $address_data from the recipient verification was clobbered by the
+    sender verification.
+
+13. The value of address_data from a sender verification is now available in
+    $sender_address_data in subsequent conditions in the ACL statement.
+
+14. Added forbid_sieve_filter and forbid_exim_filter to the redirect router.
+
+15. Added a new option "connect=<time>" to callout options, to set a different
+    connection timeout.
+
+16. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
+    was its contents. (It was OK if the option was not defined at all.)
+
+17. A "Completed" log line is now written for messages that are removed from
+    the spool by the -Mrm option.
+
+18. New variables $sender_verify_failure and $recipient_verify_failure contain
+    information about exactly what failed.
+
+19. Added -dd to debug only the daemon process.
+
+20. Incorporated Michael Haardt's patch to ldap.c for improving the way it
+    handles timeouts, both on the server side and network timeouts. Renamed the
+    CONNECT parameter as NETTIMEOUT (but kept the old name for compatibility).
+
+21. The rare case of EHLO->STARTTLS->HELO was setting the protocol to "smtp".
+    It is now set to "smtps".
+
+22. $host_address is now set to the target address during the checking of
+    ignore_target_hosts.
+
+23. When checking ignore_target_hosts for an ipliteral router, no host name was
+    being passed; this would have caused $sender_host_name to have been used if
+    matching the list had actually called for a host name (not very likely,
+    since this list is usually IP addresses). A host name is now passed as
+    "[x.x.x.x]".
+
+24. Changed the calls that set up the SIGCHLD handler in the daemon to use the
+    code that specifies a non-restarting handler (typically sigaction() in
+    modern systems) in an attempt to fix a rare and obscure crash bug.
+
+25. Narrowed the window for a race in the daemon that could cause it to ignore
+    SIGCHLD signals. This is not a major problem, because they are used only to
+    wake it up if nothing else does.
+
+26. A malformed maildirsize file could cause Exim to calculate negative values
+    for the mailbox size or file count. Odd effects could occur as a result.
+    The maildirsize information is now recalculated if the size or filecount
+    end up negative.
+
+27. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
+    support for a long time. Removed HAVE_SYS_VFS_H.
+
+28. Installed the latest version of exipick from John Jetmore.
+
+29. In an address list, if the pattern was not a regular expression, an empty
+    subject address (from a bounce message) matched only if the pattern was an
+    empty string. Non-empty patterns were not even tested. This was the wrong
+    because it is perfectly reasonable to use an empty address as part of a
+    database query. An empty address is now tested by patterns that are
+    lookups. However, all the other forms of pattern expect the subject to
+    contain a local part and a domain, and therefore, for them, an empty
+    address still always fails if the pattern is not itself empty.
+
+30. Exim went into a mad DNS loop when attempting to do a callout where the
+    host was specified on an smtp transport, and looking it up yielded more
+    than one IP address.
+
+31. Re-factored the code for checking spool and log partition space into a
+    function that finds that data and another that does the check. The former
+    is then used to implement four new variables: $spool_space, $log_space,
+    $spool_inodes, and $log_inodes.
+
+32. The RFC2047 encoding function was originally intended for short strings
+    such as real names; it was not keeping to the 75-character limit for
+    encoded words that the RFC imposes. It now respects the limit, and
+    generates multiple encoded words if necessary. To be on the safe side, I
+    have increased the buffer size for the ${rfc2047: expansion operator from
+    1024 to 2048 bytes.
+
+33. It is now permitted to omit both strings after an "if" condition; if the
+    condition is true, the result is "true". As before, when the second string
+    is omitted, a false condition yields an empty string. This makes it less
+    cumbersome to write custom ACL and router conditions.
+
+34. Failure to deliver a bounce message always caused it to be frozen, even if
+    there was an errors_to setting on the router. The errors_to setting is now
+    respected.
+
+35. If an IPv6 address is given for -bh or -bhc, it is now converted to the
+    canonical form (fully expanded) before being placed in
+    $sender_host_address.
+
+36. The table in the code that translates DNS record types into text (T_A to
+    "A" for instance) was missing entries for NS and CNAME. It is just possible
+    that this could have caused confusion if both these types were looked up
+    for the same domain, because the text type is used as part of Exim's
+    per-process caching. But the chance of anyone hitting this buglet seems
+    very small.
+
+37. The dnsdb lookup has been extended in a number of ways.
+
+    (1) There is a new type, "zns", which walks up the domain tree until it
+        finds some nameserver records. It should be used with care.
+
+    (2) There is a new type, "mxh", which is like "mx" except that it returns
+        just the host names, not the priorities.
+
+    (3) It is now possible to give a list of domains (or IP addresses) to be
+        looked up. The behaviour when one of the lookups defers can be
+        controlled by a keyword.
+
+    (4) It is now possible to specify the separator character for use when
+        multiple records are returned.
+
+38. The dnslists ACL condition has been extended: it is now possible to supply
+    a list of IP addresses and/or domains to be looked up in a particular DNS
+    domain.
+
+39. Added log_selector=+queue_time_overall.
+
+40. When running the queue in the test harness, wait just a tad after forking a
+    delivery process, to get repeatability of debugging output.
+
+41. Include certificate and key file names in error message when GnuTLS fails
+    to set them up, because the GnuTLS error message doesn't include the name
+    of the failing file when there is a problem reading it.
+
+42. Allow both -bf and -bF in the same test run.
+
+43. Did the same fix as 41 above for OpenSSL, which had the same infelicity.
+
+44. The "Exiscan patch" is now merged into the mainline Exim source.
+
+45. Sometimes the final signoff response after QUIT could fail to get
+    transmitted in the non-TLS case. Testing !tls_active instead of tls_active
+    < 0 before doing a fflush(). This bug looks as though it goes back to the
+    introduction of TLS in release 3.20, but "sometimes" must have been rare
+    because the tests only now provoked it.
+
+46. Reset the locale to "C" after calling embedded Perl, in case it was changed
+    (this can affect the format of dates).
+
+47. exim_tidydb, when checking for the continued existence of a message for
+    which it has found a message-specific retry record, was not finding
+    messages that were in split spool directories. Consequently, it was
+    deleting retry records that should have stayed in existence.
+
+48. Steve fixed some bugs in eximstats.
+
+49. The SPA authentication driver was not abandoning authentication and moving
+    on to the next authenticator when an expansion was forced to fail,
+    contradicting the general specification for all authenticators. Instead it
+    was generating a temporary error. It now behaves as specified.
+
+50. The default ordering of permitted cipher suites for GnuTLS was pessimal
+    (the order specifies the preference for clients). The order is now AES256,
+    AES128, 3DES, ARCFOUR128.
+
+51. Small patch to Sieve code - explicitly set From: when generating an
+    autoreply.
+
+52. Exim crashed if a remote delivery caused a very long error message to be
+    recorded - for instance if somebody sent an entire SpamAssassin report back
+    as a large number of 550 error lines. This bug was coincidentally fixed by
+    increasing the size of one of Exim's internal buffers (big_buffer) that
+    happened as part of the Exiscan merge. However, to be on the safe side, I
+    have made the code more robust (and fixed the comments that describe what
+    is going on).
+
+53. Now that there can be additional text after "Completed" in log lines (if
+    the queue_time_overall log selector is set), a one-byte patch to exigrep
+    was needed to allow it to recognize "Completed" as not the last thing in
+    the line.
+
+54. The LDAP lookup was not handling a return of LDAP_RES_SEARCH_REFERENCE. A
+    patch that reportedly fixes this has been added. I am not expert enough to
+    create a test for it. This is what the patch creator wrote:
+
+      "I found a little strange behaviour of ldap code when working with
+      Windows 2003 AD Domain, where users was placed in more than one
+      Organization Units. When I tried to give exim partial DN, the exit code
+      of ldap_search was unknown to exim because of LDAP_RES_SEARCH_REFERENCE.
+      But simultaneously result of request was absolutely normal ldap result,
+      so I produce this patch..."
+
+    Later: it seems that not all versions of LDAP support LDAP_RES_SEARCH_
+    REFERENCE, so I have modified the code to exclude the patch when that macro
+    is not defined.
+
+55. Some experimental protocols are using DNS PTR records for new purposes. The
+    keys for these records are domain names, not reversed IP addresses. The
+    dnsdb PTR lookup now tests whether its key is an IP address. If not, it
+    leaves it alone. Component reversal etc. now happens only for IP addresses.
+    CAN-2005-0021
+
+56. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP.
+
+57. Double the size of the debug message buffer (to 2048) so that more of very
+    long debug lines gets shown.
+
+58. The exicyclog utility now does better if the number of log files to keep
+    exceeds 99. In this case, it numbers them 001, 002 ... instead of 01, 02...
+
+59. Two changes related to the smtp_active_hostname option:
+
+      (1) $smtp_active_hostname is now available as a variable.
+      (2) The default for smtp_banner uses $smtp_active_hostname instead
+          of $primary_hostname.
+
+60. The host_aton() function is supposed to be passed a string that is known
+    to be a valid IP address. However, in the case of IPv6 addresses, it was
+    not checking this. This is a hostage to fortune. Exim now panics and dies
+    if the condition is not met. A case was found where this could be provoked
+    from a dnsdb PTR lookup with an IPv6 address that had more than 8
+    components; fortuitously, this particular loophole had already been fixed
+    by change 4.50/55 above.
+
+    If there are any other similar loopholes, the new check in host_aton()
+    itself should stop them being exploited. The report I received stated that
+    data on the command line could provoke the exploit when Exim was running as
+    exim, but did not say which command line option was involved. All I could
+    find was the use of -be with a bad dnsdb PTR lookup, and in that case it is
+    running as the user.
+    CAN-2005-0021
+
+61. There was a buffer overflow vulnerability in the SPA authentication code
+    (which came originally from the Samba project). I have added a test to the
+    spa_base64_to_bits() function which I hope fixes it.
+    CAN-2005-0022
+
+62. Configuration update for GNU/Hurd and variations. Updated Makefile-GNU and
+    os.h-GNU, and added configuration files for GNUkFreeBSD and GNUkNetBSD.
+
+63. The daemon start-up calls getloadavg() while still root for those OS that
+    need the first call to be done as root, but it missed one case: when
+    deliver_queue_load_max is set with deliver_drop_privilege. This is
+    necessary for the benefit of the queue runner, because there is no re-exec
+    when deliver_drop_privilege is set.
+
+64. A call to exiwhat cut short delays set up by "delay" modifiers in ACLs.
+    This has been fixed.
+
+65. Caching of lookup data for "hosts =" ACL conditions, when a named host list
+    was in use, was not putting the data itself into the right store pool;
+    consequently, it could be overwritten for a subsequent message in the same
+    SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked
+    the caching.)
+
+66. Added hosts_max_try_hardlimit to the smtp transport, default 50.
+
+67. The string_is_ip_address() function returns 0, 4, or 6, for "no an IP
+    address", "IPv4 address", and "IPv6 address", respectively. Some calls of
+    the function were treating the return as a boolean value, which happened to
+    work because 0=false and not-0=true, but is not correct code.
+
+68. The host_aton() function was not handling scoped IPv6 addresses (those
+    with, for example, "%eth0" on the end) correctly.
+
+69. Fixed some compiler warnings in acl.c for the bitmaps specified with
+    negated items (that is, ~something) in unsigned ints. Some compilers
+    apparently mutter when there is no cast.
+
+70. If an address verification called from an ACL failed, and did not produce a
+    user-specific message (i.e. there was only a "system" message), nothing was
+    put in $acl_verify_message. In this situation, it now puts the system
+    message there.
+
+71. Change 4.23/11 added synchronization checking at the start of an SMTP
+    session; change 4.31/43 added the unwanted input to the log line - except
+    that it did not do this in the start of session case. It now does.
+
+72. After a timeout in a callout SMTP session, Exim still sent a QUIT command.
+    This is wrong and can cause the other end to generate a synchronization
+    error if it is another Exim or anything else that does the synchronization
+    check. A QUIT command is no longer sent after a timeout.
+
+73. $host_lookup_deferred has been added, to make it easier to detect DEFERs
+    during host lookups.
+
+74. The defer_ok option of callout verification was not working if it was used
+    when verifying addresses in header lines, that is, for this case:
+
+      verify = header_sender/callout=defer_ok
+
+75. A backgrounded daemon closed stdin/stdout/stderr on entry; this meant that
+    those file descriptors could be used for SMTP connections. If anything
+    wrote to stderr (the example that came up was "warn" in embedded Perl), it
+    could be sent to the SMTP client, causing chaos. The daemon now opens
+    stdin, stdout, and stderr to /dev/null when it puts itself into the
+    background.
+
+76. Arrange for output from Perl's "warn" command to be written to Exim's main
+    log by default. The user can override this with suitable Perl magic.
+
+77. The use of log_message on a "discard" ACL verb, which is supposed to add to
+    the log message when discard triggers, was not working for the DATA ACL or
+    for the non-SMTP ACL.
+
+78. Error message wording change in sieve.c.
+
+79. If smtp_accept_max_per_host was set, the number of connections could be
+    restricted to fewer than expected, because the daemon was trying to set up
+    a new connection before checking whether the processes handling previous
+    connections had finished. The check for completed processes is now done
+    earlier. On busy systems, this bug wouldn't be noticed because something
+    else would have woken the daemon, and it would have reaped the completed
+    process earlier.
+
+80. If a message was submitted locally by a user whose login name contained one
+    or more spaces (ugh!), the spool file that Exim wrote was not re-readable.
+    It caused a spool format error. I have fixed the spool reading code. A
+    related problem was that the "from" clause in the Received: line became
+    illegal because of the space(s). It is now covered by ${quote_local_part.
+
+81. Included the latest eximstats from Steve (adds average sizes to HTML Top
+    tables).
+
+82. Updated OS/Makefile-AIX as per message from Mike Meredith.
+
+83. Patch from Sieve maintainer to fix unterminated string problem in
+    "vacation" handling.
+
+84. Some minor changes to the Linux configuration files to help with other
+    OS variants using glibc.
+
+85. One more patch for Sieve to update vacation handling to latest spec.
+
+
+----------------------------------------------------
+See the note above about the 4.44 and 4.50 releases.
+----------------------------------------------------
+
+
+Exim version 4.44
+-----------------
+
+ 1. Change 4.43/35 introduced a bug that caused file counts to be
+    incorrectly computed when quota_filecount was set in an appendfile
+    transport
+
+ 2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
+    bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
+    place.
+
+ 3. Give more explanation in the error message when the command for a transport
+    filter fails to execute.
+
+ 4. There are several places where Exim runs a non-Exim command in a
+    subprocess. The SIGUSR1 signal should be disabled for these processes. This
+    was being done only for the command run by the queryprogram router. It is
+    now done for all such subprocesses. The other cases are: ${run, transport
+    filters, and the commands run by the lmtp and pipe transports.
+
+ 5. Some older OS have a limit of 256 on the maximum number of file
+    descriptors. Exim was using setrlimit() to set 1000 as a large value
+    unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
+    systems. I've change it so that if it can't get 1000, it tries for 256.
+
+ 6. "control=submission" was allowed, but had no effect, in a DATA ACL. This
+    was an oversight, and furthermore, ever since the addition of extra
+    controls (e.g. 4.43/32), the checks on when to allow different forms of
+    "control" were broken. There should now be diagnostics for all cases when a
+    control that does not make sense is encountered.
+
+ 7. $recipients is now available in the predata ACL (oversight).
+
+ 8. Tidy the search cache before the fork to do a delivery from a message
+    received from the command line. Otherwise the child will trigger a lookup
+    failure and thereby defer the delivery if it tries to use (for example) a
+    cached ldap connection that the parent has called unbind on.
+
+ 9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
+    of $address_data from the recipient verification was clobbered by the
+    sender verification.
+
+10. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
+    was its contents. (It was OK if the option was not defined at all.)
+
+11. A "Completed" log line is now written for messages that are removed from
+    the spool by the -Mrm option.
+
+12. $host_address is now set to the target address during the checking of
+    ignore_target_hosts.
+
+13. When checking ignore_target_hosts for an ipliteral router, no host name was
+    being passed; this would have caused $sender_host_name to have been used if
+    matching the list had actually called for a host name (not very likely,
+    since this list is usually IP addresses). A host name is now passed as
+    "[x.x.x.x]".
+
+14. Changed the calls that set up the SIGCHLD handler in the daemon to use the
+    code that specifies a non-restarting handler (typically sigaction() in
+    modern systems) in an attempt to fix a rare and obscure crash bug.
+
+15. Narrowed the window for a race in the daemon that could cause it to ignore
+    SIGCHLD signals. This is not a major problem, because they are used only to
+    wake it up if nothing else does.
+
+16. A malformed maildirsize file could cause Exim to calculate negative values
+    for the mailbox size or file count. Odd effects could occur as a result.
+    The maildirsize information is now recalculated if the size or filecount
+    end up negative.
+
+17. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
+    support for a long time. Removed HAVE_SYS_VFS_H.
+
+18. Updated exipick to current release from John Jetmore.
+
+19. Allow an empty sender to be matched against a lookup in an address list.
+    Previously the only cases considered were a regular expression, or an
+    empty pattern.
+
+20. Exim went into a mad DNS lookup loop when doing a callout where the
+    host was specified on the transport, if the DNS lookup yielded more than
+    one IP address.
+
+21. The RFC2047 encoding function was originally intended for short strings
+    such as real names; it was not keeping to the 75-character limit for