Exim, the widely used open-source mail transfer agent, has just rolled out version 4.99, addressing multiple long-standing issues and bringing a range of performance and security improvements.
Among the most notable changes is the removal of TCP-Wrappers support and legacy OpenSSL 0.9.x compatibility. At the same time, this update resolves several issues affecting DKIM verification, signing, and ARC handling. These fixes address crash conditions and verification bypasses triggered by malformed or crafted message headers.
Apart from that, Exim 4.99 addresses CVE-2025-30232 and includes additional memory safety fixes based on Qualys Security reports. TLS verification logic has also been refined to better handle edge cases, improving compatibility and reliability in encrypted sessions.
Regarding mail delivery, the process now uses fewer forks and execs when sending multiple messages to the same host, improving performance for mailing list and smarthost configurations.
Moreover, transaction support for the hints database—with both tdb and SQLite backends—allows safer concurrency and removes the need for separate lock files. These changes also improve retry and transport handling during high-load scenarios.
It’s also worth noting that Exim 4.99’s logging of authentication failures now includes additional context, such as host and user information. Additionally, the output of exim -bV lists dynamically loaded lookup modules, aiding in diagnostics.
Finally, several parsing and memory management issues affecting DKIM signing, ARC signing, and SMTP transport have been corrected. Plus, documentation and scripts related to obsolete Exim 3 conversions have been removed as part of regular maintenance.
For more information about all the changes in the new version, refer to the full changelog or visit the project’s website.
