exim4 (4.80~rc6-1) experimental; urgency=low Upstream's handling of GnuTLS DH parameters has changed, hardcoded parameters (from RFCs are used by default. See /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl and /var/spool/exim4/gnutls-params-2236. -- Andreas Metzler Sun, 27 May 2012 18:46:48 +0200 exim4 (4.69-4) unstable; urgency=low In reaction to #475194, the size of the Diffie-Hellman parameters used by exim was increased to 2048, which is GnuTLS's default. Since periodically regenerating the Diffie-Hellman parameters doesn't increase security that much (they're sent in clear text in the TLS handshake, and some protocols even have hardcoded them in the standard document), and automatically generating 2048 bits Diffie-Hellman parameters can take a long time, this has been disabled in the Exim4 packages starting with 4.69-4. All exim installations will thus run with the Diffie-Hellman parameters shipped in the package by default. Really, really paranoid people with sufficiently fast machines will want to set up a cron job calling /usr/share/exim4/exim4_refresh_gnutls-params manually - suggested interval is weekly or monthly. -- Marc Haber Sun, 27 Apr 2008 09:14:32 +0200 exim4 (4.30-1) unstable; urgency=low * Exim now runs under its own uid (Debian-exim) instead of using mail:mail. WARNING: You cannot downgrade this version to an older one without manual chown|chrgrp all files owned by Debian-exim to mail. Securitywise this is a tradeoff: - if exim is SUID root and runs without deliver_drop_privilege you win: exim's internal data in /var/spool/exim4 is not open to attacks by bugs in programs SGID mail (mail delivery agents like deliver or procmail, or MUAs like pine) anymore. This is Debian's default setup. - OTOH if you need to be able to make local deliveries to /var/mail and want to run exim with reduced priviledge you have some additional work to do: * Use an SGID MDA for the actual delivery (I suggest maildrop.) * Make changes to run exim4 under group mail: - exim_group=mail. - Hack: make Debian-exim a group with gid=8, i.e. an alias for the mail group, _before_ you make the upgrade. (groupadd -o -g 8 Debian-exim) -- Andreas Metzler Sun, 7 Dec 2003 13:59:46 +0100 exim4 (4.24-1) unstable; urgency=low * This version of exim cannot run deliveries as root anymore, see change 5a for exim 4.23 in /usr/share/doc/exim4-base/changelog.gz. If you don't redirect mail for root via /etc/aliases to a nonpriviledged account the mail will be delivered to /var/mail/mail with permissions 0600 and owner mail:mail. -- Andreas Metzler Fri, 3 Oct 2003 18:11:17 +0200 exim4 (4.22-1) unstable; urgency=low * The way that the $h_ (and $header_) expansions work has been changed by the addition of RFC 2047 decoding. See the main documentation (the NewStuff file until release 4.30, then the manual) for full details. Exim shipped with Debian defaults to HEADER_DECODE_TO="UTF-8" -- Andreas Metzler Mon, 18 Aug 2003 16:51:47 +0200