The latest version of the popular mail transfer agent, Exim 4.95, ships with TLS resumption support included in default builds.
If you’re unfamiliar with Exim, it is one of the most used email server software, developed at the University of Cambridge. It is a free software under the GNU General Public License terms, which means that Exim is an open source mail transfer agent (MTA). It is among the best mail transfer agents in regard to its customization and configuration abilities.
An interesting fact to note is that Exim is currently the world’s most popular MTA. According to one recent survey nearly 60% of mail servers visible on the internet use Exim, followed by Postfix at 35%.
Recently, the project has released Exim 4.95, so let’s take a quick look at it.
Key Changes in Exim 4.95
The native SRS support, previously experimental, is now supported. In short terms, SRS (Sender Rewriting Scheme) does exactly what its name says – it’s a scheme for rewriting an email’s envelope sender in order to remail it.
Perhaps the most important new feature introduced in Exim 4.95 is a TLS session resumption, which is now supported and included in default builds. As the name suggest, TLS session resumption provides a mechanism to resume or share the same negotiated secret key data between multiple connections. It provides two important benefits:
- Eliminates an extra handshake roundtrip for returning visitors, which results in speed improvement.
- Reduces the computational cost of the handshake by allowing reuse of previously negotiated session parameters.
The other big change in this update concerns the faster TLS startup. When various configuration options contain no expandable elements, the information can be preloaded and cached rather than the previous behavior of always loading at startup time for every connection. This helps particularly for the CA bundle.
In Exim 4.95, the default maximum number of recipients of a single email was changed from “unlimited” (ie: as much as CPU and memory will allow, until something breaks badly) to 50,000. Of course, you can raise or lower this as you see fit, but Exim’s devs strongly caution against using zero/unlimited.
Among other noteworthy changes, Exim 4.95 adds an option to ignore the cache on a lookup and support for single-key LMDB lookups. In addition, the fast-ramp two phase queue run support, previously experimental, is now supported by default.
Note that there may be some incompatibilities if you upgrade from an older version to the latest release. The names of various drivers such as authenticators, routers, transports, etc, have always been limited to 64 characters, but before Exim 4.95 the names were silently truncated, inviting problems. Now the length limit should be enforced. If this affects you, then please rename to use shorter names.