Opened 14 months ago
Closed 13 months ago
New minor version.
Download all attachments as:
New stuff we've added since 4.94:
- From previous experimental support:
- fast-ramp queue run
- native SRS
- TLS resumption
- LMDB lookups with single key
- smtp transport option "message_linelength_limit"
- optionally ignore lookup caches
- quota checking for appendfile transport during message reception
- sqlite lookups allow a "file=<path>" option
- lsearch lookups allow a "ret=full" option
- command line option for the notifier socket
- faster TLS startup
- new main config option "proxy_protocol_timeout"
- expand "smtp_accept_max_per_connection"
- log selector "queue_size_exclusive"
- main config option "smtp_backlog_monitor"
- main config option "hosts_require_helo"
- main config option "allow_insecure_tainted_data"
- support for MacOS
All fixes from the 4.94.2+fixes branch (this includes the "21 nails" CVEs) are
If you upgrade from previous versions <4.94: the new taint checks are likely to
make your runtime configuration unusable. Read about the mitigation via the
"allow_insecure_tainted_data" first or make your configuration "taint check
If you upgrade from 4.94.2, nothing should break.
Fixed at 3713bc71c8799deddf404003ad32bde2df32fd03
4.95 has a serious pam bug, for which there is also already a fix:
I have attached the patch, it applies with -p2 and fixes the problem for me (sending authenticated mails).
Tim, should we add this patch to the book? We do not build exim with PAM support, do we?
I would. I build exim with
echo "EXTRALIBS=-lldap -llber -lpam" >> Local/Makefile
before the printf USE_GDBM line, which then automatically enables pam and ldap authentication and allows you to use exim as an authenticating smtp server.
The pam file for exim is also quite simple/standard:
# Begin /etc/pam.d/exim
auth include system-auth
account include system-account
session include system-session
# End /etc/pam.d/exim
If you want, I can add that to the page.
Lets put that in the "Adding Additional Functionality" section with the pam file in the configuration section.
Hmm, "Adding additional functionality" has already a link to the documentation about linking to PAM. I think either we should have it in the "install" section (with the PAM file in "configuration", or possibly, just something in "command explanations" (but without the PAM file).
Personally, I am not against adding PAM support, if Tim is able to include it.
It would involve adding the patch.
I added the pam-specific patch, build and config instructions.
Fixed in commit dd9aab332d
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2022 Gerard Beekmans.