1 exim4 (4.87-3) unstable; urgency=medium
3 Starting with 4.87~RC1-1 exim will not accept or send out messages with
4 physical lines longer than 998 characters by SMTP DATA. Delivery of such
5 RFC-violating message might fail and subsequently cause routing errors and
6 loss of legitimate mail. See <https://bugs.exim.org/show_bug.cgi?id=1684>.
7 This limit can be disabled by setting the macro
8 IGNORE_SMTP_LINE_LENGTH_LIMIT.
10 -- Andreas Metzler <ametzler@debian.org> Sun, 08 May 2016 14:03:10 +0200
12 exim4 (4.87-2) unstable; urgency=medium
14 exim4-daemon heavy does not support the "demime" ACL condition
15 (WITH_OLD_DEMIME) anymore. It was superceded by the acl_smtp_mime ACL and
16 will not be part of the next upstream release.
18 -- Andreas Metzler <ametzler@debian.org> Sat, 30 Apr 2016 13:38:29 +0200
20 exim4 (4.87~RC6-3) unstable; urgency=medium
22 As part of the fix for CVE-2016-1531 updated Exim versions clean
23 the complete execution environment by default, affecting Exim and
24 subprocesses such as routers calling other programs, and thus may break
25 existing installations. New configuration options (keep_environment,
26 add_environment) were introduced to adjust this behavior. Because of the
27 possible breakage Exim will show a runtime warning if keep_environment is
30 The Debian exim4 configuration does not rely on specific environment
31 variables and therefore sets 'keep_environment =' (i.e confirm empty
34 Users of custom Exim configurations will need to check whether their setup
35 continues to work with the abovementioned upstream change and modify the
36 Exim environment as needed otherwise. If the setup works fine with empty
37 environment it is still necessary to set the main configuration option
38 "keep_environment =" to quiet the runtime warning.
40 See <https://exim.org/static/doc/CVE-2016-1531.txt> for details.
42 -- Andreas Metzler <ametzler@debian.org> Wed, 23 Mar 2016 18:44:22 +0100
44 exim4 (4.80~rc6-1) experimental; urgency=low
46 Upstream's handling of GnuTLS DH parameters has changed, hardcoded
47 parameters (from RFCs are used by default. See
48 /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping
49 /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl
50 and /var/spool/exim4/gnutls-params-2236.
52 -- Andreas Metzler <ametzler@debian.org> Sun, 27 May 2012 18:46:48 +0200
54 exim4 (4.80~rc2-1) experimental; urgency=low
56 Ldap lookups returning multi-valued attributes now separate the attributes
57 with only a comma, not a comma-space sequence.
59 The GnuTLS support has been mostly rewritten. exim main configuration
60 options gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols,
61 are no longer supported. (They are ignored if present now, but will trigger
62 an error in later releases.) Their functionality is entirely subsumed into
63 tls_require_ciphers. In turn, tls_require_ciphers is no longer an Exim list
64 and is not parsed by Exim, but is instead given to gnutls_priority_init(3).
66 See /exim4-base/usr/share/doc/exim4-base/README.UPDATING.gz for details.
68 -- Andreas Metzler <ametzler@debian.org> Sat, 22 Oct 2011 19:16:58 +0200
70 exim4 (4.77~rc4-1) experimental; urgency=low
72 Exim no longer performs string expansion on the second string of
73 the match_* expansion conditions: "match_address", "match_domain",
74 "match_ip" & "match_local_part". Named lists can still be used.
76 The previous behavior made it too easy to create (remotely) vulnerable
77 configurations. A more detailed rationale and explanation can be found on
78 https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html
80 -- Andreas Metzler <ametzler@debian.org> Thu, 05 Oct 2011 19:22:52 +0200
82 exim4 (4.72-3) unstable; urgency=low
84 Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345.
85 This is a privilege escalation issue that allows the exim user to gain
86 root privileges by specifying an alternate configuration file using the -C
87 option. The macro override facility (-D) might also be misused for this
90 In reaction to this security vulnerability upstream has made a number of
91 user visible changes. This package includes these changes.
92 ---------------------------------------------------------
93 If exim is invoked with the -C or -D option the daemon will not regain
94 root privileges though re-execution. This is usually necessary for local
95 delivery, though. Therefore it is generally not possible anymore to run an
96 exim daemon with -D or -C options.
98 However this version of exim has been built with
99 TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST
100 defines a list of configuration files which are trusted; if a config file
101 is owned by root and matches a pathname in the list, then it may be
102 invoked by the Exim build-time user without Exim relinquishing root
105 As a hotfix to not break existing installations of mailscanner we have
106 also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start
107 exim with -DOUTGOING while being able to do local deliveries.
109 If you previously were using -D switches you will need to change your
110 setup to use a separate configuration file. The ".include" mechanism
112 ---------------------------------------------------------
113 The system filter is run as exim_user instead of root by default. If your
114 setup requies root privileges when running the system filter you will
115 need to set the system_filter_user exim main configuration option.
116 ---------------------------------------------------------
118 -- Andreas Metzler <ametzler@debian.org> Sat, 18 Dec 2010 18:57:16 +0100
120 exim4 (4.69-4) unstable; urgency=low
122 In reaction to #475194, the size of the Diffie-Hellman parameters
123 used by exim was increased to 2048, which is GnuTLS's default.
125 Since periodically regenerating the Diffie-Hellman parameters
126 doesn't increase security that much (they're sent in clear text in the
127 TLS handshake, and some protocols even have hardcoded them in the
128 standard document), and automatically generating 2048 bits
129 Diffie-Hellman parameters can take a long time, this has been disabled
130 in the Exim4 packages starting with 4.69-4. All exim installations
131 will thus run with the Diffie-Hellman parameters shipped in the
134 Really, really paranoid people with sufficiently fast machines will
135 want to set up a cron job calling
136 /usr/share/exim4/exim4_refresh_gnutls-params manually - suggested
137 interval is weekly or monthly.
139 -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 27 Apr 2008 09:14:32 +0200
141 exim4 (4.68-1) unstable; urgency=low
143 In order to fix #420217, the handling of incoming messages to
144 system accounts has been changed once again. To allow system
145 account mail addresses to be redirected via traditional
146 /etc/aliases, system accounts are now processed later in the
149 This has made it necessary to change the default behavior of the
150 real- prefix. real-foo is now only accessible for locally
151 generated messages, such as the error message generated by the
152 userforward router. If you need the old behavior back, set the
153 macro COND_LOCAL_SUBMITTER=true. As a side-effect, you can
154 entirely switch off the real- processing by setting
155 COND_LOCAL_SUBMITTER=false.
157 -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 04 Oct 2007 22:34:01 +0200
159 exim4 (4.67-6) unstable; urgency=low
161 acl_whitelist_local_deny was renamed to acl_local_deny_exceptions
162 to avoid confusion. This means changes to ACLs, file names in
163 /etc/exim4/conf.d/acl and the exception list file names themselves.
165 CONFDIR/local_host_whitelist and CONFDIR/local_sender_whitelist
166 have been renamed to CONFDIR/host_local_deny_exceptions and
167 CONFDIR/sender_local_deny_exceptions. The old files will continue
168 to be honored for a transition period.
170 The old file conf.d/acl/20_exim4-config_whitelist_local_deny will
171 get a .dpkg-bak suffix if it had local changes, and it will be
172 removed if there were no local changes. In the case of local changes,
173 you'll need to repeat these changes in the new file
174 conf.d/acl/20_exim4-config_local_deny_exceptions.
176 -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 05 Sep 2007 21:22:22 +0200
178 exim4 (4.67-5) unstable; urgency=low
180 The macro generation in update-exim4.conf has been changed once
181 more. update-exim4.conf now looks for the (non-commented!)
182 definition of the exim configuration macro UPEX4CmacrosUPEX4C to
183 an arbitrary, non-empty value, and inserts the generated macro
184 definitions right after this line, without changing it.
186 update-exim4.conf looks for commented UPEX4CmacrosUPEX4C (which
187 used to be the place marker in earlier 4.67-x versions) and barfs
188 if it finds them anywhere in /etc/exim4/exim4.conf.template or
189 recursively /etc/exim4/conf.d. This check - as a feature - also
190 includes files that would normally be excluded by
191 update-exim4.conf, such as .dpkg-old and .dpkg-dist files.
193 If you insist on having a commented UPEX4CmacrosUPEX4C in your
194 exim configuration and don't want update-exim4.conf to barf, set
195 the exim macro UPEX4CmacrosOK_config_adapted to a non-empty value.
197 -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 28 Jun 2007 08:29:36 +0200
199 exim4 (4.67-4) unstable; urgency=low
201 Since a lot of users did not read the docs while upgrading and
202 filed bug reports about exim4-config failing to install due to a
203 "malformed macro definition", update-exim4.conf.conf now checks
204 for DEBCONFsomethingDEBCONF strings anywhere in
205 /etc/exim4/exim4.conf.template or recursively /etc/exim4/conf.d
206 and barfs if such strings are found. This check - as a feature - also
207 includes files that would normally be excluded by
210 It _is_ necessary to either accept the offered configuration file
211 change _or_ to manually check a manually changed exim config. Exim
212 will _NOT_ run if a configuration file of an older version is
213 being used with a more recent exim4-config.
215 If you insist on having DEBCONFsomethingDEBCONF strings in your
216 exim configuration and don't want update-exim4.conf to barf, set
217 the exim macro DEBCONFstringOK_config_adapted to a non-empty
220 -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 22 Jun 2007 12:50:38 +0200
222 exim4 (4.67-2) experimental; urgency=low
224 The symlink /etc/exim4/email-addresses caused data loss for people
225 who had a local file named /etc/exim4/email-addresses. The Debian
226 tools do not handle symlinks in /etc which are contained in
227 packages very well, so we decided to simply remove it. Please
228 submit a tested patch if you think that it would be a more elegant
229 way to handle the transition from /etc/exim4/email-addresses to
230 /etc/email-addresses.
232 There is now a possibility to modify handling of incoming messages
233 to system accounts, identified by their UID (see
234 conf.d/router/250_exim4-config_lowuid). If you want this, set the
235 macro FIRST_USER_ACCOUNT_UID (which defaults to 0) to the UID of
236 your first "real" user account. Incoming messages for an account
237 with an UID below that value get routed according to the extra
238 alias file /etc/exim4/lowuid-aliases. If an account does not have
239 an alias there, it gets routed to the value of the macro
240 DEFAULT_SYSTEM_ACCOUNT_ALIAS, which defaults to ":fail: no mail to
241 system accounts" and gets the message rejected. You can use this
242 mechanism to route all messages for system accounts to a single
243 address, with exceptions. Locally generated messages are not
244 processed by this facility.
246 Generation of the final exim configuration has changed. The
247 configuration no longer has the DEBCONFsomethingDEBCONF
248 placeholders. All data from Debconf are put into exim
249 configuration macros by update-exim4.conf, which are then
250 appropriately picked up by the configuration itself. There should
251 be no visible change to people who have not modified their
252 configuration, but customized configurations need to adapt.
254 We now do basic sanitizing of input read from
255 update-exim4.conf.conf. If your update-exim4.conf complains about
256 non-ascii values, you have found a bug. Please report it.
258 -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 11 Jun 2007 14:09:24 +0200
260 exim4 (4.62-7) unstable; urgency=low
262 Bug #392993 says that 4.63-5 and -6 have overwritten manual
263 setting of dc_local_delivery with one of the default versions if
264 you have set dc_local_delivery to a value that is not either
265 mail_spool or maildir_home. Please verify that your
266 dc_local_delivery does still point to the transport you have
269 Please note that the debconf configuration only supports plain
270 lists. Advanced features like "dsearch;" entered there may work
271 today, but are not guaranteed to continue working in the future.
273 If you want to use such features, please use the macros made
274 available for use in the configuration or edit the configuration
277 This allows us to use semicolons as list delimiters consistently
278 while still being backwards compatible to colon-separated lists
279 without driving code complexity up too high.
281 Starting with this version, update-exim4.conf will print a warning
282 if a dsearch lookup is found in the list of local domains,
283 dc_local_domains since there is a HOWTO on the Internet that
284 recommends doing this kind of things and this will _not_ work any
287 -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 15 Oct 2006 10:00:15 +0000
289 exim4 (4.62-4) unstable; urgency=low
291 exim4-config has had its debconf templates re-worked. Basic
292 functionality is unchanged, so you shouldn't expect a real
293 difference. The priority of most questions has been lowered to
294 medium, so that the Installer can install exim4 with no questions
295 being asked. The default is local delivery only. Mail messages for
296 root and postmaster are delivered to an mbox file in
297 /var/mail/mail, make sure to read them.
299 You can do the full exim4 configuration by calling
300 dpkg-reconfigure exim4-config as root.
302 It is now finally possible to configure exim4 to deliver outgoing
303 mail to a smarthost on a port number different from 25 via debconf.
305 -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 9 Oct 2006 14:12:25 +0000
307 exim4 (4.62-3) unstable; urgency=low
309 A template for SPF support is now provided. It is disabled by
310 default, and relies on external calls to spfquery(1) from the
311 libmail-spf-query-perl package. For details, check README.Debian,
312 and conf.d/acl/30_exim4-config_check_rcpt.
314 -- Robert Millan <rmh@aybabtu.com> Fri, 28 Jul 2006 22:43:56 +0200
316 exim4 (4.62-1) unstable; urgency=low
318 Please note that the handling of update-exim4.conf.conf has
319 changed with regard to dc_local_interfaces and dc_relay_nets: If
320 the strings given there contain a semicolon, the string "<;" is
321 now prepended to the value written to the configuration file to
322 consider ; a list separator. This significantly helps writing down
323 IPv6 addresses, but means that if you use complex things like
324 lookups in update-exim4.conf.conf, you'll have to change your
325 configuration to use the macros that directly interfere with the
328 127.0.0.1 and ::1 have been removed from the default hostlist
329 relay_from_hosts - these addresses are now added by
330 update-exim4.conf with the appropriate separator. If you set
331 MAIN_RELAY_NETS manually, you'll need to add these two addresses
332 to your local host list.
334 -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 29 Apr 2006 22:36:31 +0000
336 exim4 (4.60-2) unstable; urgency=low
338 The exim4 daemon packages now include a symlink from
339 /usr/sbin/exim4 to /usr/sbin/exim. This can break exim 3 cron and
340 init scripts if the last exim 3 you had installed was any earlier
341 than 3.36-5 and the conffiles from your exim 3 package are still
342 around. Be sure to have any exim 4 earlier than 3.36-5 _purged_
343 (not removed) before installing this package.
345 -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 24 Jan 2006 14:58:08 +0100
347 exim4 (4.50-5) unstable; urgency=low
349 mailname, the local name of the system used to qualify senders and
350 recipients is no longer a local domain by default. Having local
351 delivery for that host name used to break satellite and smarthost
352 setups where no local delivery was expected.
353 /etc/exim4/update-exim4.conf.conf is modified automatically on
354 upgrade from the appropriate earlier versions, so if you don't do any
355 funky things with /etc/exim4/update-exim4.conf.conf, you should be fine.
357 -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 2 Apr 2005 20:31:27 +0200
359 exim4 (4.43-3) unstable; urgency=low
361 /etc/exim4/email-addresses is ignored now, please use /etc/email-addresses!
362 The last version of exim4 that shipped this file was uploaded on the
363 19th of May 2003, and I really do not want to start sarge with cruft like
366 -- Andreas Metzler <ametzler@debian.org> Mon, 10 Jan 2004 10:05:34 +0100
368 exim4 (4.34-1) unstable; urgency=low
370 Debconf will not ask for relay_domains if configuring smarthost or
371 satellite-type systems. - This functionality was untested and could
374 -- Andreas Metzler <ametzler@debian.org> Wed, 12 May 2004 13:42:23 +0200
376 exim4 (4.31-2) unstable; urgency=low
378 The local_scan perl-plugin has been removed because upstream
379 development has stopped. (am)
381 -- Andreas Metzler <ametzler@debian.org> Mon, 5 Apr 2004 15:55:12 +0200
383 exim4 (4.30-5) unstable; urgency=low
385 (Re)introduce /etc/exim4/exim4.conf.template as alternative to the
386 multiple small files in /etc/exim4/conf.d/ and make it the default choice
387 for fresh installations. This trades in a loss of comfort (you will again
388 need to merge in each small change manually) for increased stability.
390 -- Andreas Metzler <ametzler@debian.org> Sun, 11 Jan 2004 13:03:43 +0100
392 exim4 (4.30-1) unstable; urgency=low
394 * Exim now runs under its own uid (Debian-exim) instead of using mail:mail.
396 WARNING: You cannot downgrade this version to an older one without
397 manual chown|chrgrp all files owned by Debian-exim to mail.
399 Securitywise this is a tradeoff:
400 - if exim is SUID root and runs without deliver_drop_privilege you win:
401 exim's internal data in /var/spool/exim4 is not open to attacks by
402 bugs in programs SGID mail (mail delivery agents like deliver or
403 procmail, or MUAs like pine) anymore. This is Debian's default setup.
404 - OTOH if you need to be able to make local deliveries to /var/mail and
405 want to run exim with reduced priviledge you have some additional work
407 * Use an SGID MDA for the actual delivery (I suggest maildrop.)
408 * Make changes to run exim4 under group mail:
410 - Hack: make Debian-exim a group with gid=8, i.e. an alias for
411 the mail group, _before_ you make the upgrade. (groupadd -o -g 8
414 -- Andreas Metzler <ametzler@debian.org> Sun, 7 Dec 2003 13:59:46 +0100
416 exim4 (4.24-1) unstable; urgency=low
418 * This version of exim cannot run deliveries as root anymore, see change
419 5a for exim 4.23 in /usr/share/doc/exim4-base/changelog.gz. If you
420 don't redirect mail for root via /etc/aliases to a nonpriviledged
421 account the mail will be delivered to /var/mail/mail with permissions
422 0600 and owner mail:mail.
424 -- Andreas Metzler <ametzler@debian.org> Fri, 3 Oct 2003 18:11:17 +0200
426 exim4 (4.22-2) unstable; urgency=low
428 Include exiscan-acl patch http://duncanthrax.net/exiscan-acl/ in
429 -heavy and -custom for easy integration of content-scanning and
430 invoking spamassassin at SMTP time.
432 -- Andreas Metzler <ametzler@debian.org> Wed, 27 Aug 2003 12:50:59 +0200
434 exim4 (4.22-1) unstable; urgency=low
436 * The way that the $h_ (and $header_) expansions work has been changed
437 by the addition of RFC 2047 decoding. See the main documentation (the
438 NewStuff file until release 4.30, then the manual) for full details.
440 Exim shipped with Debian defaults to HEADER_DECODE_TO="UTF-8"
442 -- Andreas Metzler <ametzler@debian.org> Mon, 18 Aug 2003 16:51:47 +0200
444 exim4 (4.20-2) unstable; urgency=low
446 Rewriting now uses /etc/email-addresses instead of
447 /etc/exim4/email-addresses like exim v3 did. Please move the contents to
448 the new file and delete the old one, when you have time to spare.
450 -- Andreas Metzler <ametzler@debian.org> Tue, 15 Jul 2003 10:20:15 +0200