-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
To kick off the run up to the next Exim release -
the ftp site:
ftp://ftp.exim.org/pub/exim/exim4/test/
now has the initial release candidate build, RC1 of Exim 4.88
available. Built and signed by myself.
Sha265 sums:
025362da42722a6f67204afc042641085ee17c5aee75ea06cc2f8c1e072e8630
exim-4.88_RC1.tar.bz2
76689b11b8e6d450e9a1eeba5b8542e59cd9daf3f1593ae2560c9ae9309d4cdc
exim-pdf-4.88_RC1.tar.bz2
c639ae65da6e4c6867cb1e526577d8fbffd22be120e05be908db7bd76cde7db1
exim-postscript-4.88_RC1.tar.bz2
62d36611a6d0df932ab27742b1de9457d1c99937adb93d8813b012e316c7f4a6
exim-4.88_RC1.tar.gz
fb7d48a964d3c0c92a0f4ec8a44ab581e4ee83e4beb8ae9a5f7dfe6e8ddcc478
exim-pdf-4.88_RC1.tar.gz
2b54762fdec415f2fe6fcb3d3b9e4428f1b411469ebd0b8924733893e00b
exim-postscript-4.88_RC1.tar.gz
New features since 4.87:
1. The new perl_taintmode option allows to run the embedded perl
interpreter in taint mode.
2. New log_selector: dnssec, adds a "DS" tag to acceptance and delivery lines.
3. Speculative debugging, via a "kill" option to the "control=debug" ACL
modifier.
4. New expansion item ${sha3:} / ${sha3_:}.
N can be 224, 256 (default), 384, 512.
With GnuTLS 3.5.0 or later, only.
5. Facility for named queues: A commandline argument can specify
the queue name for a queue operation, and an ACL modifier can set
the queue to be used for a message. A $queue_name variable gives
visibility.
6. New expansion operators base32/base32d.
7. The CHUNKING ESMTP extension from RFC 3030. May give some slight
performance increase and network load decrease. Main config option
chunking_advertise_hosts, and smtp transport option hosts_try_chunking
for control.
8. LMDB lookup support, as Experimental.
9. Expansion operator escape8bit, like escape but not touching newline etc..
10. Feature macros, generated from compile options. All start with "_HAVE_"
and go on with some roughly recognisable name. Use the "-bP macros"
command-line option to see what is present.
11. Integer values for options can take a "G" multiplier.
12. defer=pass option for the ACL control cutthrough_delivery, to reflect 4xx
returns from the target back to the initiator, rather than spooling the
message.
Other changes of interest since 4.87:
01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
supports it and a size is available (ie. the sending peer gave us one).
02 The obsolete acl condition "demime" is removed (finally, after ten
years of being deprecated). The replacements are the ACLs
acl_smtp_mime and acl_not_smtp_mime.
03 Upgrade security requirements imposed for hosts_try_dane: previously
a downgraded non-dane trust-anchor for the TLS connection (CA-style)
or even an in-clear connection were permitted. Now, if the host lookup
was dnssec and dane was requested then the host is only used if the
TLSA lookup succeeds and is dnssec. Further hosts (eg. lower priority
MXs) will be tried (for hosts_try_dane though not for hosts_require_dane)
if one fails this test.
This means that a poorly-configured remote DNS will make it incommunicado;
but it protects against a DNS-interception attack on it.
04 Bug 1810: make continued-use of an open smtp transport connection
non-noisy when a race steals the message being considered.
05 If main configuration option tls_certificate is unset, generate a
selfsigned certificate for inbound TLS connections.
06 Bug 165: hide more cases of password exposure - this time in expansions
in rewrites and routers.
07 Retire gnutls_require_mac et.al. These were nonfunctional since 4.80
and logged a warning sing 4.83; now they are a configuration file error.
08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name
(lacking @domain). Apply the same qualification processing as RCPT.
09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode.
10 Support ${sha256:} applied to a string (as well as the previous
certificate).
11 Cutthrough: avoid using the callout hints db on a verify callout when
a cutthrough deliver is pending, as we always want to make a connection.
This also avoids re-routing the message when later placing the cutthrough
connection after a verify cache hit.
Do not update it with the verify result either.
12 Cutthrough: disable when verify option success_on_redirect is used, and
when routing results in more than one destination address.
13 Cutthrough: expand transport dkim_domain option when testing for dkim
signing (which inhibits the cutthrough capability). Previously only
the presence of an option was tested; now an expansion evaluating as
empty is permissible (obviously it should depend only on data available
when the cutthrough connection is made).
14 Fix logging of errors under PIPELINING.
