- Fixed crash bug in STARTTLS handling of loaded DH parameters.
- Added $TLS_COMPAT flag to disable certain TLS (security) features for
maximum compatibility with buggy clients.
- Added support for STARTTLS directly in the SMTP protocol.
Adapted from contribution by John R. Levine.
- Added support for "final ok" rules in mailrules plugin.
- Added hook for debugging plugin invocation (set $MSG_DEBUG=1).
- Added support for "and" lines to mailrules plugin.
- Modified rbl plugin to log all responses in a single line.
- Fixed minor memory leak in the rbl plugin.
- Fix build issue with redefining the "accept" function.
- Added support for whitelists in the rbl plugin.
- Added option to skip the Received header for authenticated connections.
- Added ability for rbl plugin to capture messages before rejecting them.
- Fixed broken use of -lbg-sysdeps in modules.
- Fixed missing plugin-rbl in installed image.
- Updated for bglibs v2
- Added new "rbl" plugin, to block messages from IPs in an RBL.
- Added new "queuedir" backend, to save messages to simple files.
- Make sure plugin reset functions get called before exiting.
- Added missing plugin-starttls-ucspi to installed files.
- Added support for limiting the number of messages to plugin-counters.
- This version updates the plugin API to add new features:
- Capabilities reported by the SMTP EHLO response can be added by
plugins.
- Plugins are passed any SMTP parameters given with the sender and
recipient commands.
- Plugins can add new commands to the SMTP protocol.
Plugins compiled for previous versions of mailfront will not work
without recompiling. The short-circuit on accept logic has also been
eliminated to fix a semantic issue.
- SMTP AUTH support has been moved into a new plugin, cvm-authenticate.
Existing installations relying on SMTP AUTH support will need to make
sure they are using this new plugin. The smtpfront-qmail wrapper
has been modified to provide this additional plugin.
- Fixed plugin-add-received to add the "IPv6:" prefix in the Received:
header when the protocol is TCP6.
- Added plugin starttls-ucspi to implement STARTTLS using ucspi-tls.
- SMTP AUTH can now be restricted to TLS-enabled sessions.
- Added controls for pop3front-auth to limit the number of USER commands
and authentication failures allowed per session.
- Added control to imapfront-auth to limit the number of authentication
failures allowed per session.
- Modified the clamav plugin to use the newer INSTREAM protocol.
- imapfront-auth now sets $DOVECONF_ENV in Dovecot mode in order to
avoid having Dovecot imapd reset it through doveconf.
- Added Lua scripting plugin (optional, build with 'make lua').
- Modified the qmail backend to evaluate $QMAILQUEUE as late as possible.
This allows more options for changing $QMAILQUEUE in plugins.
- Added support for running Dovecot IMAP from imapfront-auth.
See imapfront.html for details on how to set this up.
- Added support for rejecting whole messages when the recipient count is
exceeded in plugin-counters.
- Made the check-fqdn plugin explicitly reject empty recipients.
- Added a sender domain restriction to the check-fqdn plugin.
- Added missing plugin-spamassassin.so to installation.
- Fix bug in handling invalid message numbers in retrieving messages in
pop3front-maildir.
- Added a SpamAssassin scanning plugin.
- Optimized pop3front-maildir to avoid stat'ing each message twice, and
to use sizes recorded in the filename to avoid stat'ing entirely.
See pop3front.html for details on the filenames.
pkgsrc changes:
- Libtoolize to fix build on OS X.
1.12:
- Fixed problem with overwriting existing session data items.
- Fixed several problems with handling of databytes in rules.
- Fixed crash in plugin cvm-validate when the lookup secret was unset.
- pop3front-auth now supports a no-argument variant on the AUTH command,
used by KMail to test for authentication modes, and documented
in http://www.tools.ietf.org/html/draft-myers-sasl-pop3-05
Thanks Bernhard Graf for the initial patch
- pop3front-auth and -maildir now support the CAPA command.
Thanks Bernhard Graf for the initial patch
- Made imapfront-auth more compatible with Courier IMAP by adding extra
bits to the CAPABILITY command. Thanks Bernhard Graf.
- plugin-cvm-validate handles modules that provide an "out of scope"
fact by passing to the next plugin.
- Fixed handling of addresses without a domain in @file rules.
Thanks Jorge Valdes
1.11:
- Fixed the main mailfront program to clean up temporary files properly.
- Modified the SMTP protocol module to export the SASL authentication
information internally.
- Modified the check-fqdn plugin to append $DEFAULTHOST and
$DEFAULTDOMAIN to addresses if necessary.
- Added separate connect and send timeouts and a maximum message size to
the ClamAV plugin, and fixed a bug with handling port numbers
when using multiple IPs.
- Modified the ClamAV plugin to prefer $CLAMAV_* settings over $CLAMD_*
- Added plugin API documentation.
1.10:
- Added a ClamAV virus scanner plugin. Note: Using this plugin will
cause mailfront to save messages to temporary files. See
mailfront.html for details.
- Modified the plugin API to add a version code, a flags word, and to
(optionally) save messages to a temporary file.
- Fixed a few cases where the UCSPI-TCP protocol was assumed.
- Fixed pop3front-maildir breakage on dietlibc/uClibc and empty
maildirs. Thanks Wayne Marshall.
1.01:
- Fixed a bug in the counters plugin that triggered a problem in the
SMTP protocol when handling the SIZE=# parameter.
- Reversed the order of cvm-validate and qmail-validate in the wrapper
scripts (and documentation) due to the semantics of the two plugins.
- Added a list of built-in plugins. The list currently contains the
three accept* plugins, which are extremely trivial.
1.0:
Mailfront has been rewritten to be totally modular. The core mailfront
program loads the protocol, backend, and all plugin behaviors at run
time from shared objects.
The previous commands, such as smtpfront-qmail, are now shell script
wrappers for the main "mailfront" command, and as such are depricated in
favor of using "mailfront" directly. The *front-qmail wrappers preload
all the plugins that were previously compiled into the corresponding
programs:
check-fqdn counters mailrules relayclient cvm-validate
qmail-validate add-received patterns accept-sender
NOTE: The *front-reject backends have been dropped in favor of a plugin.
In addition, the $REQUIRE_AUTH feature has been moved to another plugin.
If you used this backend or feature you will need to adjust your
configuration accordingly.
- Added enhanced mail system status codes (RFC 1893/2034).
- Added support for rejecting all mail unless client is authenticated
(either as a relay client or with SMTP authentication) if
$REQUIRE_AUTH is set.
- Full domain names are now required in all addresses except for the
null sender.
- Removed the "bounce must have a single recipient" rule, as it is
currently causing more problems (with address checkers) than it is
solving (spammers no longer use this technique).
- Fixed one-off bug in counting recipients for $MAXRCPTS.
- Truncate UIDL responses to 70 characters as per RFC 1939.
- Added QMQP and QMTP "reject" front ends, for completeness.
The enhanced mail system status codes together with the $REQUIRE_AUTH
change should make smtpfront compliant with RFC 2476's requirements for
a "message submission agent", suitable for use on TCP port 587.
- Add support to the qmail backend for custom qmail-queue error messages
taken from $QQERRMSG_#.
- Clear session timeouts (via alarm) before executing authenticated
commands in imapfront-auth and pop3front-auth.
- Fixed typo in the CVM lookup code that would prevent the proper
operation of lookup secrets. Thanks Dale Woolridge.
network front-ends for mail servers. It contains complete SMTP,
QMQP, QMTP, and POP3 front-ends as well as an authentication module
for IMAP. The mail delivery front-ends also contain internal address
filtering features.