Exim4U Version History Current Exim4U Version Is 3.1.2 3.1.2 Release Date: January 7, 2022 Implemented fixes to address the "Tainted filename for search" error that was introduced in a security patch for Exim 4.94 and later. Updated files to accommodate Mailman3 integration. Fixed Bug that caused PHP parse error in adminlists.php. Fixed Bug in Simple Mailing List script PHPLiveX.php. 3.1.1 Release Date: April 6, 2018 Implemented an interactive bash shell script, mysql.sh, to create and initialize the Exim5U MySQL database. The user may optionally continue to edit and use the mysql.sql script for database creation. Modified the MySQL installation scripts and created an update script to define the blocklists table as utf8mb4. This fixes the "max key length is 767 bytes" problem for headers (such as subjects) with embeded encoding for things like emojis. Added a primary key (alias) to the domainalias table. Set empty realname to localpart in the web interface. Implemented a password strength test to the web interface. Removed max_vacation_length in the web interface. Added the ability to select subdomain names to be removed from the left side of the domain name when using the domainguess feature in the web interface. Replaced `imap_qprint()` and `imap_8bit()` with `quoted_printable_decode` in the web interface. Added a robots exclusion meta tag to index.php. Added port 465 for client submissions in the exim configuration (exim4u_local.conf.inc) as required by RFC8314. Removed the demime acl condition from the exim configuration since it is removed from Exim 4.88. Various other enhancements, bug fixes and security related modifications. Credits Thanks to the Vexim team for numerous enhancements and bug fixes. Thanks to Neza Nice for contributing the correct spfd socket to put into /etc/rc.local in Debian since the "-path" option has been deprecated. Other Volunteers are needed to help with Exim4U's locale language translation files. Specifically, additional work needs to be done to address the syntax differences between Exim4U and Vexim and the language translation files need to be reviewed and tested in their native languages. 3.1.0 Release Date: June 13, 2016 Implemented enhanced attachment filtering in exim.conf to block windows executables that are packed inside .zip and .rar files. Configuration options added to exim4u_local.conf.inc to include/exclude DNSBL checks, URI block list checks, greylisting, sender address blacklisting and to optionally disable ipv6 in Exim. Implemented improved error checking and data verification for all web interface functions. Data Verification now returns to the original form (instead of the parent) when data verification fails. Implemented a permanent solution for the headers_remove problems in exim.conf introduced as a result of Exim bug 1533 which is a regression that was introduced in Exim 4.83, 4.84 and 4.85 that caused the headers_remove clause to malfunction. The single/double colon issue in headers_remove statements is now addressed with a single exim.conf file that is forwards and backwards compatible with the various Exim versions instead of the three exim.conf files that were included in Exim4U version 3.0.0 to address this issue. Added "enabled" field for relay domains to enable/disable relay domains. Provided alias users with the functionality to login as a non-admin user, edit their password and their forwarding address. Added keep_environment and add_environment variables to exim4u_local.conf.inc to address the security fix for CVE-2016-1531 which is included in Exim versions 4.86.2 and later. Modified the spamdel and spamreport scripts to avoid recently implemented MySQL warning messages. A template file for variables.php is now provided entitled variables.php.sample, from which the variables.php file is to be created upon the installation of Exim4U's web interface. variables.php is no longer included per se since it is now to be created by editing and copying variables.php.sample. The mysql.sql script was updated to amend some of the database's variable field lengths based on pratical limits, kernel limits and RFC3696, Errata #1690. The mysql_exim4u-3.1.sql script was created for migrating the database from Exim4U 3.0.0 to Exim4U 3.1.0. Sender address blacklisting was implemented in exim.conf and exim4u_local.conf.inc. Modified the main login form (index.php) to only use a Username form field (specifically email address or "siteadmin") and a Password form field. Previously, there was a seperate form field for the domain name which is no longer used. The Username field width was enlarged to accomodate the entire email address instead of the shorter local part only field as previously was used with the separate local part and domain fields. An option was added to automatically use the hostname for the domain name to allow users on single domain servers to login with the local part only. Added a password generator for siteadmin creation of admins and domain administration of admins and users. Implemented improved handling of disabled accounts. Disabled accounts are now marked gray and and their logins disabled. Implemented improved encryption schemes. Implemented support for multiple alias email forwarding addresses. Documentation updated Bug Fixes Fixed the non-admin user web interface form and data base functions (userchange.php and userchangesubmit.php) to be fully functional. (Previously broken.) Fixed the query that searches for users/emails in domain admin's "POP/IMAP Accounts" form (adminuser.php). (Previously broken.) Various other bug fixes. Credits Thanks to the Vexim team for numerous enhancements and bug fixes. Thanks to Yuriy/xoyteam for the bug fix to the query in domain admin's "POP/IMAP Accounts" form (adminuser.php). Thanks to Odhiambo Washington for the sender address blacklisting suggestion and code snippet. Other Volunteers are needed to help with Exim4U's locale language translation files. Specifically, additional work needs to be done to address the syntax differences between Exim4U and Vexim and the language translation files need to be reviewed and tested in their native languages. 3.0.0 Release Date: May 17, 2015 Overhauled password encryption to support SHA512, MD5 and DES. Removed the "clear" password column in the users database table. When encryption is selected then clear-text passwords are not stored anywhere. The "crypt" column is now used exclusively to store passwords as encrypted. Revised php code to eliminate deprecated extensions and functions. Pear-DB was replaced by PDO, ereg() was replaced with preg_match() and split() was replaced with explode(). exim.conf is provided in three versions for compatibility with the various versions of Exim related to Exim bug 1533 which is a regression that was introduced in Exim 4.83, 4.84 and 4.85. This regression caused the headers_remove clauses in the Exim configuration files to malfunction. Additionally, changes that were made to Exim version 4.83 and later introduced an additional requirement that all colons be replaced by double colons in the headers_remove statements. The three versions of exim.conf are provided to address these issues. Added random password generation for adding new users in Email Admin. Added UTF-8 support for usernames and vacation messages. Created a link for the email address in Email Admin so that POP/IMAP accounts can be accessed by the user name or email address. Spamalert script added that detects outgoing ratelimit violations which are usually bulk spam originating from internal user accounts that have been compromised via hacking or viruses, etc. Upon detection, an email is then sent to the designated admin address to report the outgoing ratelimit violation. Various other modifications, bug fixes and documentation revisions were also implemented. Credits The Vexim team recently made significant enhancements to the Vexim2 code base which were incorporated in this version of Exim4U. Thanks to Rimas Kudelis, Udera and the Vexim developer team! Michael Seidel provided a code sample to fix a problem with Debian encryption. Thanks Michael! 2.1.1 Release Date: October 12, 2012 Exim Configuration's URIBL/SURBL/DBL Blocklists (exim_surbl) Upgraded exim_surbl upgraded from version 2.2 to version 2.3. This new version of exim_surbl supports added functionality to better parse "http://" strings that are encoded. Regenerated surbl_whitelist.txt, two-level-tlds, and three-level-tlds files. exim_surbl version 2.3 is described here: http://www.teuton.org/~ejm/exim_surbl Spamassassin's Spam Report May Now Be Included In All Email SpamHeaderType variable is now specified in the exim4u_global_spam_virus configuration file. For SpamHeaderType=0, Spamassassin's Spam Report will only appear in email headers for Spam Score > Spam Tag Score. For SpamHeaderType=1, Spamassassin's Spam Report will appear in all email headers. Bug Fixes The crypt field was expanded to 256 characters which solved a problem with Debian installations. An update script is also provided for upgrading existing installs. In prior Exim4U versions, a domain's Mailman installation could not be implemented on the Exim4U server when webhosting for that domain was on a different server. Exim4U's php code has been modified to solve this issue. Now, if web hosting for a mail domain is not on the same server as Exim4U then another domain is specified in variables.php which is to be used by Mailman on the Exim4U server. Other Exim's ident callbacks are now disabled by default in exim4u_local.conf.inc with: rfc1413_query_timeout = 0s This can be re-enabled by setting a value > 0. The default config now requires TLS encryption for all authenticated connections in exim4u_local.conf.inc with: +auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}} This can be disabled by commenting out the auth_advertise_hosts line. The Groups router configuration and the Simple Mailing List router configuration were modified to support Groups and Simple Mailing List addresses with hyphens in the local part of the address. Uncomment the following lines in exim-mailinglist-router.conf.inc and exim-group-router.conf.inc. to re-enable: local_part_suffix = -* local_part_suffix_optional Various other modifications and bug fixes were also implemented. Revised Documentation The following documents were revised: INSTALL, NOTES, EXIM_4.69, DEBIAN, WEBMAIL, CHANGELOG and VERSION. 2.0.1 Release Date: October 11, 2011 Simple Mailing List Added To Exim4U's Web Interface Exim4U now includes a mailing list manager module called the Simple Mailing List. This module is accessibly from within the Exim4U web interface and is similar in functionality to dedicated mailing list manager packages but with substantially fewer features. The Simple Mailing List is not meant as a direct replacement for dedicated mailing list manager packages since it has a much smaller feature set, however, it offers a quick and simple alternative for basic mailing lists especially for installations where no other mailing list manager is installed. Exim4U Webmail Groupware Is Now Based On Horde Version 4 And Uses The Horde Pear Installer Horde Version 4 is a significant upgrade over Horde version 3 with much improved AJAX frontends for the various modules along with a new installation process using the PEAR installer. The Horde PEAR installer has several advantages including a much easier installation/configuration process and installations may be updated at will immediately after new Horde versions are released. Scripts are provided which will automatically configure the Exim4U preferences, appearance features and file ownerships/permissions. Revised Documentation The following documents were revised: APPEARANCE, DEBIAN, MIGRATE, SPAMASSASSIN, and WEBMAIL. Other The Exim4U web interface has been streamlined to be simpler and more consistent for improved usability. OpenProtect's rule channel has been removed from the recommended Spamassassin configuration since the OpenProtect channel is now obsolete. The spamreport script would not run properly on Debian/Ubuntu which is now fixed. A problem was discovered on Debian Squeeze related to an empty crypt field while logging into exim4u's web interface and was resolved with a modification to the crypt_password function in config/function.php. A bug was fixed in the Exim4U user interface that caused formatting problems in userchange.php Various other improvements and bug fixes. Credits Thomas Carrié designed and implemented all of the software for the Simple Mailing List module. Thanks Thomas! Neza Nice reported the spamreport bug, the obsolescence of the OpenProtect Spamassassin channel and contributed changes in the DEBIAN instruction file. Kebba Foon reported the empty crypt field bug and participated in its resolution. Thanks Neza and Kebba! 1.2.5 Release Date: January 26, 2011 Exim Configuration's URIBL/SURBL/DBL Blocklists (exim_surbl) Upgraded Upgraded exim_surbl from version 2.0 to version 2.2. This new version of exim_surbl adds the Spamhaus DBL list for enhanced spam prevention and supports the new SURBL implementation guidelines. exim_surbl version 2.2 is described here: http://www.teuton.org/~ejm/exim_surbl Revised Exim Configuration's Vacation Autoreply Transport Configuration The new vacation autoreply transport configuration limits autoreplys for each sender to one autoreply per user specified time period (default = 1 day) in order to avoid email ping pong infinite loops with mailing lists, etc. Revised Documentation The following documents were revised to reflect the upgrade of exim_surbl from version 2.0 to version 2.2: README, INSTALL, NOTES, and SPAMASSASSIN. The following document was added which contains a crontab script necessary for the implementation of exim_surbl version 2.2: etc/exim/exim.pl/README2. The MIGRATE document was changed to include instructions for expanding the vacation autoreply message field in the MySQL database. The DEBIAN file was amended to include instructions for the location of the greylisting db file and the vacation autoreply db files. While the db file locations in the instructions work fine in RedHat/CentoS and FreeBSD they have been reported to conflict with Debian's exim4-base cron.daily script. Other Bug fix to adminuserchange.php related to the vacation autoreply text for admin users. Expanded the vacation autoreply message field in the MySQL database to 4096 characters. The smtp_accept_queue_per_connection configuration option was added to exim4u_local.conf.inc. This option specifies the maximum number of delivery processes that exim starts automatically when receiving messages via SMTP. If not specified, a default value of 10 is used, however, on large systems and/or systems with large mailing lists, this parameter should be increased or set to zero (zero means disabled). Other minor enhancements were implemented to several of the documentation files and the exim configuration files. Credits The vacation autoreply modifications were contributed by Jörg Roßdeutscher who also recommended the additions to the DEBIAN documentation file. The upgrade to exim_surbl 2.2 and the smtp_accept_queue_per_connection configuration option was suggested by Odhiambo Washington. Thanks Jörg and Odhiambo! 1.2.4 Release Date: October 21, 2010 Webmail Groupware Upgraded To Version Horde-1.2.7 Webmail Groupware (home/exim4u/public_html/webmail) was upgraded to incorporate Horde Webmail Groupware Version 1.2.7. Revised Exim Configuration Files (/etc/exim): exim.conf was revised so that sender address callout verifications are only performed for spammy mail (spam score > 0). Also, minor modifications were made to the in-line documentation in exim.conf and exim4u_local.conf.inc to improve clarity. Revised Documentation: WEBMAIL - Minor modifications were made to the Webmail instructions to improve clarity. TODO - Revised to include an additional item 5 - Mailbox size quota notification script. 1.2.3 Release Date: May 13, 2010 Critical Security Release: Version 1.2.3 is a critical security release. As such, all Exim4U installations should immediately be upgraded to version 1.2.3. This release addresses several security vulnerabilities in Exim4U v1.2.2 that were inherited from the base Vexim 2.2.1 php code. In addition to resolving the security issues identified, it tightens other areas of the php code effectively reducing the potential for additional undiscovered vulnerabilities being present in the tightened areas. New Documentation: SECURITY - Instructions for implementing additional administrative precautions to help protect your Exim4U installation from hostile intruders and other potential security issues. Other: Minor enhancements were implemented to several of the documentation files and the exim configuration files. Credits: The security vulnerabilities were identified by Mike Garratt who also provided guidance in fixing the identified issues as well as personally correcting many of the weaknesses himself. Thanks Mike! 1.2.2 Release Date: February 21, 2010 New Documentation: APPEARANCE - Instructions for customizing Exim4U's icons, images and appearance. EXIM_4.69 - Instructions for running Exim Version 4.69 instead of 4.71. FREEBSD, DEBIAN and REDHAT-CENTOS - OS specific installation notes. Exim Configuration Changes: Bug fixed in the acl_smtp_data ACL in exim.conf related to running exim with clamd disabled. Minor enhancement to SpamAssassin header rewriting in exim.conf. Moved several parameter settings from exim.conf to exim4u_local.conf.inc: exim_user exim_group av_scanner spamd_address Added default setting for mailman domain list in exim4u_local.conf.inc: domainlist mm_domains = : The variable, SENDER_RL, was added to exim4u_local.conf.inc which toggles sender ratelimiting ON/OFF in etc/exim/exim4u_acl_check_dkim.conf.inc. SENDER_RL = YES (on) /NO (off). Shell Scripts: Minor modifications were made to the following scripts: eximstats.sh spamdel spamreport The mailx/nail commands from the Heirloom project were also added to these scripts for mailing the reports. The spam deletion utility, spamdel, was completely rewritten to produce an improved report appearance and to be more easily configured for any mailstore locations (mailroot directories). Other: The HTML menu scripts in the following directories were modified to support site specific appearance modifications (logos, images, etc.): home/exim4u/public_html/admin_menu home/exim4u/public_html/user_menu The Exim4U Email Admin PHP scripts were modified in the following directories to support site specific appearance modifications (header text, logos, images, etc.): home/exim4u/public_html/exim4u/config home/exim4u/public_html/exim4u/images All Exim4U logos were modified for improved appearance. The Exim4U admin icon was replaced with a new check mark icon along with another icon which is a "human" image and which may be alternatively used as the Exim4U admin icon. All tab characters were removed from the Exim4U Email Admin PHP code since some custom installations of Apache appeared not to handle tabs well. Other minor bug fixes, modifications and documentation improvements. 1.2.1 Release Date: February 21, 2010 Bug fix for mysql setup scripts where on_spamboxreport field in the users table was improperly named on-spambox_report. mysql_migrate/mysql_migrate.sql and mysql_setup/mysql.sql scripts were revised where the field named on-spambox_report was replaced with the name on_spamboxreport in the users table. 1.2.0 Release Date: February 21, 2010 Exim4U Version 1.2.0 requires Exim version 4.71 or higher for complete functionality. DKIM was implemented. DKIM signing of outgoing mail and DKIM verification of imcoming mail was implemented with or without greylisting and/or failure rejection during the SMTP session. Note that Exim 4.7x's implementation of DKIM causes the obsolescence of DomainKeys with the Exim MTA for all versions after Exim 4.69. Therefore, DomainKeys is obsoleted for all Exim4U versions after Exim4U 1.1.0. Exim RPMs are no longer included. Download links are provided instead and the license is modified accordingly. Minor bug fixes and house cleaning. Changelog available here: http://exim4u.org/svn/exim4u_src/tags/1.2.0/CHANGELOG 1.1.0 Release Date: February 21, 2010 Exim4U Version 1.1.0 requires Exim version 4.68 or 4.69 for complete functionality. DomainKeys is implemented for Exim4U Version 1.1.0.