$Cambridge: exim/exim-doc/doc-txt/NewStuff,v 1.108 2006/07/31 14:19:31 ph10 Exp $

New Features in Exim
--------------------

This file contains descriptions of new features that have been added to Exim,
but have not yet made it into the main manual (which is most conveniently
updated when there is a relatively large batch of changes). The doc/ChangeLog
file contains a listing of all changes, including bug fixes.


Backported from version 4.73
----------------------------

1.  [POSSIBLE CONFIG BREAKAGE] The default value for system_filter_user is now
    the Exim run-time user, instead of root.

2.  [POSSIBLE CONFIG BREAKAGE] ALT_CONFIG_ROOT_ONLY is no longer optional and
    is forced on.  This is mitigated by the new build option
    TRUSTED_CONFIG_LIST which defines a list of configuration files which
    are trusted; one per line. If a config file is owned by root and matches
    a pathname in the list, then it may be invoked by the Exim build-time
    user without Exim relinquishing root privileges.

3.  [POSSIBLE CONFIG BREAKAGE] The Exim user is no longer automatically
    trusted to supply -D<Macro[=Value]> overrides on the command-line.  Going
    forward, we recommend using TRUSTED_CONFIG_LIST with shim configs that
    include the main config.  As a transition mechanism, we are temporarily
    providing a work-around: the new build option WHITELIST_D_MACROS provides
    a colon-separated list of macro names which may be overriden by the Exim
    run-time user.  The values of these macros are constrained to the regex
    ^[A-Za-z0-9_/.-]*$ (which explicitly does allow for empty values).



Version 4.63
------------

1. There is a new Boolean option called filter_prepend_home for the redirect
   router. It defaults true, for backward compatibility. If a "save" command in
   an Exim filter has a relative path for its argument, and $home is defined,
   it is automatically prepended to the relative path. This action can now be
   prevented by setting filter_prepend_home false.

2. There is a new acl, set by acl_not_smtp_start, which is run right at the
   start of receiving a non-SMTP message, before any of the message has been
   read. (This is the analogue of the acl_smtp_predata ACL for SMTP input.) The
   result of this ACL is ignored; it cannot be used to reject a message. If
   you really need to, you could set a value in an ACL variable here and reject
   based on that in the acl_not_smtp ACL. However, this ACL can be used to set
   controls, and in particular, it can be used to set control=suppress_local_
   fixups, which cannot be used in the acl_not_smtp ACL because by the time
   that ACL is run, it is too late. When the acl_not_smtp_start ACL is run, the
   sender and recipients are known, so the "senders" and "sender_domains"
   conditions and $sender_address and $recipients variables can be used.
   Variables such as $authenticated_ sender are also available. It is possible
   to specify added header lines in this ACL.

3. When an SMTP error message is specified in a "message" modifier in an ACL,
   or in a :fail: or :defer: message in a redirect router, Exim now checks the
   start of the message for an SMTP error code. This consists of three digits
   followed by a space, optionally followed by an extended code of the form
   n.n.n, also followed by a space. If this is the case and the very first
   digit is the same as the default error code, the code from the message is
   used instead. If the very first digit is incorrect, a panic error is logged,
   and the default code is used. This is an incompatible change, but it is not
   expected to affect many (if any) configurations. It is possible to suppress
   the use of the supplied code in a redirect router by setting the
   forbid_smtp_code option true. In this case, any SMTP code is quietly
   ignored.

4. There is a new parameter for LDAP lookups called "referrals", which takes
   one of the settings "follow" (the default) or "nofollow". The latter stops
   the LDAP library from trying to follow referrals issued by the LDAP server.

5. Version 20070721.2 of exipick now included, offering these new options:
    --reverse
        After all other sorting options have bee processed, reverse order
        before displaying messages (-R is synonym).
    --random
        Randomize order of matching messages before displaying.
    --size
        Instead of displaying the matching messages, display the sum
        of their sizes.
    --sort <variable>[,<variable>...]
        Before displaying matching messages, sort the messages according to
        each messages value for each variable.
    --not
        Negate the value for every test (returns inverse output from the
        same criteria without --not).


Version 4.62
------------

1. The ${readsocket expansion item now supports Internet domain sockets as well
   as Unix domain sockets. If the first argument begins "inet:", it must be of
   the form "inet:host:port". The port is mandatory; it may be a number or the
   name of a TCP port in /etc/services. The host may be a name, or it may be an
   IP address. An ip address may optionally be enclosed in square brackets.
   This is best for IPv6 addresses. For example:

     ${readsocket{inet:[::1]:1234}{<request data>}...

   Only a single host name may be given, but if looking it up yield more than
   one IP address, they are each tried in turn until a connection is made. Once
   a connection has been made, the behaviour is as for ${readsocket with a Unix
   domain socket.

2. If a redirect router sets up file or pipe deliveries for more than one
   incoming address, and the relevant transport has batch_max set greater than
   one, a batch delivery now occurs.

3. The appendfile transport has a new option called maildirfolder_create_regex.
   Its value is a regular expression. For a maildir delivery, this is matched
   against the maildir directory; if it matches, Exim ensures that a
   maildirfolder file is created alongside the new, cur, and tmp directories.


Version 4.61
------------

The documentation is up-to-date for the 4.61 release. Major new features since
the 4.60 release are:

. An option called disable_ipv6, to disable the use of IPv6 completely.

. An increase in the number of ACL variables to 20 of each type.

. A change to use $auth1, $auth2, and $auth3 in authenticators instead of $1,
  $2, $3, (though those are still set) because the numeric variables get used
  for other things in complicated expansions.

. The default for rfc1413_query_timeout has been changed from 30s to 5s.

. It is possible to use setclassresources() on some BSD OS to control the
  resources used in pipe deliveries.

. A new ACL modifier called add_header, which can be used with any verb.

. More errors are detectable in retry rules.

There are a number of other additions too.


Version 4.60
------------

The documentation is up-to-date for the 4.60 release. Major new features since
the 4.50 release are:

. Support for SQLite.

. Support for IGNOREQUOTA in LMTP.

. Extensions to the "submission mode" features.

. Support for Client SMTP Authorization (CSA).

. Support for ratelimiting hosts and users.

. New expansion items to help with the BATV "prvs" scheme.

. A "match_ip" condition, that matches an IP address against a list.

There are many more minor changes.

****