Upstream changes:
version 2.118: Thu Feb 26 12:52:42 CET 2015
Fixes:
- imap: reconstruction of foldername from url should be kept
in folderdir.
rt.cpan.org#82983 [Rotkraut]
- ::Body::Scalar::file() did not construct ::FastScalar correctly
[Andrew Beverley]
- fix attribute continuations
rt.cpan.org#90342 [Claus Jeppesen]
Improvements:
- accept blanks in some Content-* fields
rt.cpan.org#99183 [Randy Diffenderfer]
Upstream changes:
1.300021 2015-10-15 13:53:52-04:00 America/New_York
- when SMTP connection fails, include host and port in error
1.300020 2015-09-03 14:00:04-04:00 America/New_York
- no changes since 1.300019
1.300019 2015-08-10 15:48:02-04:00 America/New_York (TRIAL RELEASE)
- only work around Net::SMTP on broken (pre-3.07) versions
- avoid uninitialized warning when delivering to Maildir
* Properly implemented checking of ABI version for Sieve interpreter
plugins, much like Dovecot itself does for plugins. This will prevent
plugin ABI mismatches.
+ Implemented a vnd.dovecot.environment extension. This builds upon the
standard environment extension and adds a few more environment items,
such as username and default mailbox. It also creates a variables
namespace so that environment items can be accessed directly. I am
still thinking about more environment items that can be added.
+ Sieve extprograms plugin: Made line endings of the input passed to the
external programs configurable. This can be configured separately for
each of the three extensions.
+ ManageSieve: Implemented proxy XCLIENT support. This allows the proxy
to pass client information to the back-end.
- ManageSieve: Fixed an assert failure occurring when a client
disconnects during the GETSCRIPT command.
- doveadm sieve plugin: Fixed incorrect initialization of mail user.
This caused a few memory leaks.
- sieve-filter command line tool: Fixed handling of failure-related
implicit keep when there is an explicit default destination folder.
This caused message duplication.
- lib-sieve: Fixed bug in RFC5322 header folding. Words longer than the
optimal line length caused empty lines in the output, which would
break the resulting message header. This surfaced in References:
headers with very long message IDs.
* pop3_deleted_flag has been broken since v2.2.10. Using it would
cause buffer overflows, which could be exploitable. However, this
bug would have become visible quite soon after users had deleted
some POP3 mails, because the pop3 processes would have started
crashing all the time even in normal use.
* "doveadm director flush" command has a changed meaning now:
It safely moves users to their wanted backends, instead of simply
forgetting the mapping entirely and leaving the existing connections
untouched. Use -F parameter to get the original unsafe behavior.
+ Added imap-hibernate processes (see imap_hibernate_timeout setting).
IDLEing IMAP connections can be hibernated, which saves memory.
+ Optimized tracking mailboxes' vsizes (= sum of all messages' sizes).
If mailbox_list_index=yes, it's also stored in there. This makes it
very efficient to look up vsizes for all mailboxes.
+ Added a quota "count" backend, which uses the mailbox vsizes to get
the current quota usage. It requires using the new quota_vsizes=yes
setting, which tracks the messages' "virtual sizes" rather than
"physical sizes". Their distiction is minor and mostly irrelevant
nowadays (if mail sizes should be counted with LF or CRLF newlines).
+ "doveadm director up/down" commands added. The monitoring script
should be using these commands instead of changing the vhost count.
This allows admin to manually disable a server by changing the vhost
count to 0 without the monitoring script changing it back.
+ Added support for HAProxy protocol: http://wiki2.dovecot.org/HAProxy
+ Added push-notification plugin framework, which can be used to
easily implement push notifications to various backends. Implemented
"ox" backend for notifying Open-Xchange via HTTP/json.
+ imap_logout_format supports more variables now, e.g. number of
deleted messages.
+ pop3: Added pop3_delete_type setting (related to pop3_deleted_flag).
+ plugin { fts_enforced=yes } setting now fails body searches unless
it can be done via the full text search engine.
+ Added %{passdb:*} and %{userdb:*} variables to various places
+ auth: Added ":protected" suffix for passdb and userdb fields. If
used, the field doesn't overwrite an existing field.
+ IMAP/POP3 proxy: If a backend server dies, avoid client reconnection
spikes by slowly disconnecting clients over time. This is enabled by
setting login_proxy_max_disconnect_delay=secs passdb extra field.
+ imap: Added new read-only METADATA entries: /private/specialuse,
/shared/comment, /shared/admin
+ imap: If client disconnects in the middle of a command, log how long
the command had been running.
- mdbox: Rebuilding could have caused message's reference count to
overflow the 16bit number in some situations, causing problems when
trying to expunge the duplicates.
- Various search fixes (fts, solr, tika, lib-charset, indexer)
- Various virtual plugin fixes
- Various fixes and optimizations to dsync, imapc and pop3-migration
- imap: Various RFC compliancy and crash fixes to NOTIFY
* 1.4.12 [31 August 2014]
** Fixing bug in distribution tarball.
*** https://github.com/verdammelt/tnef/issues/9
** Fixing autoconf warnings
*** https://github.com/verdammelt/tnef/issues/4
*** https://github.com/verdammelt/tnef/pull/10
** Fixing compilation warning on Fedora
*** https://github.com/verdammelt/tnef/pull/8
* 1.4.11 [12 July 2014]
** Fixing bug when parsing files with multiple value MAPI attributes
*** https://github.com/verdammelt/tnef/issues/3
** Fixing compilation warnings
*** https://github.com/verdammelt/tnef/issues/5
* 1.4.10 [4 November 2013]
** Incorporating documentation patch from bentley (github)
** Fixing small problems from new versions of automake/gcc
* 1.4.9 [29 February 2012]
** Incorporating patches from Engelke Eschner <tekai@gmx.li>
*** (from github: https://github.com/verdammelt/tnef/pull/1)
*** Fixing some memory leaks
*** printing out MIME types
* 1.4.8 [18 April 2011]
** Switched to Git
** Applied patch for man page from Jari Aalto [patch #3104753]
* 1.4.7 [31 January 2010]
** Reverting to older UTF decoding method. The public domain UTF converter
I replaced my buggy/wrong version with was itself buggy and wrong it seems
(didn't work on some platforms).
** Updating main copyright date notice.
* 1.4.6 [25 August 2009]
** Including patch from Randy Diffenderfer for a variety of fixes & tweaks.
** Replacing my buggy/wrong UTF converter code with public domain UTF converter code.
* 1.4.5 [28 Sept 2008]
** Fixing bug when reading from stdin [Bug #2126695]
* 1.4.4 [29 May 2008]
** Small updates after long absense
** Adding --ignore-checksum feature.
Changelog:
New Saved files tab now implements Search field and Clear button.
Fixed (Right-)Clicking on a newsgroup now allows directly composing a message again
Fixed Importing to the address book from CSV now works with international characters
Fixed Thunderbird no longer crashes when executing filter rules when using maildir
Fixed When using the maildir storage format, the INBOX folder is no longer deleted
Fixed Emails with long References headers are now decoded correctly
Fixed Checking for new messages correctly works after hibernation again
Fixed Chat entries are no longer sometimes lost in global database at shutdown.
Release date: 2015-09-13 13:48 UTC
Release state: stable
Changelog:
* Add possibility to add externally created Mail_mimePart objects as
attachments [alec]
* Add possibility to set preamble text for multipart messages [alec]
== 2.6.2 / 2015-09-13
* Bugs:
* Emilio Losada (@losadaem) fixed an error where +each_with_object+'s block
parameters are the inverse of those used by +inject+. Resolves
{#107}[https://github.com/mime-types/ruby-mime-types/issues/107] with pull
request {#108}[https://github.com/mime-types/ruby-mime-types/pull/108].
* Matt Beedle (@mattbeedle) fixed a typo in MIME::Type::Columnar negatively
affecting people who use the +use_instead+ functionality. Resolved in
{#109}[https://github.com/mime-types/ruby-mime-types/pull/109].
* Documentation:
* Juanito Fatas (@JuanitoFatas) fixed a documentation issue with the README
not properly linking internally on the generated rdoc source. Resolved with
{#105}[https://github.com/mime-types/ruby-mime-types/pull/105].
* Development:
* Fixed a minor issue in the IANA registry parser that would generate empty
+text+ xrefs if the +text+ section was empty.
It might still be possible that pkgsrc needs adjustments for gmp loading
if/when we adopt some gmp packages, but until then they serve no purpose
and in fact appear to be harmful. Fixes Firefox startup error message:
addons.manager ERROR Exception calling provider GMPProvider.startup
http://www.sympa.org/distribution/latest-stable/NEWS
for complete list.
Main changes are:
Tracking feature
The tracking feature is a way to request DSN or DSN + MDN when sending
a message to each subscribers. In that case, Sympa (bounced.pl) collect both
DSN and MDN and store them in a new table "notification_table".
Then, for each message, the list owner can display which subscribers has
displayed, received or not received the message. This can be used for some
important lists where list owner need to collect the proof of reception or
display of each message. This page is accessible via archive
Spools back to filesystem
Because of stability and scalability issues, spool for bulk sending no
longer depend on database tables: It is based on filesystem.
Stats
Now Sympa stores data whenever one of the following event occurs:
a message is sent to a list;
a user subscribed to a list;
a user unsubscribed from a list;
a user is added to a list by another user;
a user is removed from a list by another user;
a user is removed from a list by the automatic bounce management;
a file is uploaded to the shared directory;
a file is deleted from the shared;
a message to a list is rejected in moderation;
a user logs in to the web interface;
a user logs out;
a list is created;
a list is deleted;
a list is restored;
a human user (not a harvester) hits a page.
These data are regularly aggregated by the task_manager.
The aggregated data are available to users, owners and listmaster in
their respective interfaces.
Web interface
The most visible is probably the new web interface skin.
It is nicer, simpler, responsive and retains all the customization
capabilities that make Sympa adaptable to your needs.
Exclusion table was just a display of the users excluded. This page is now
a form, similar to the review page, which allows to restore users subscriptions.
Added "Add subscriber" button to modindex page if the sender is not subscribed.
It may be useful because users need not know about SUB command and sympa
command address. The buttons appear only when Web user is the list owner.
The "Customizing" link was moved from main list admin to list config sub
section as list related text files are in a way list configuration parameters
as well.
Better password validation. When the user requests change of password via
WWSympa or SympaSOAP, new password may be checked its strength.
New parameter password_validation may be used to customize policy of password
validation. See help text of the parameter for more details.
Web services
Full VOOT 2.0 protocol support. VOOT is an opensocial subset to manage group
membership. full details on this IETF draft here: http://openvoot.org.
This feature enables Sympa to be both group provider and consumer in the VOOT
protocol.
The soap server now exposes full review with owners, editors and gecos to list masters and list owners.
Plug, plug, plug...
We added or improved several ways to plug new functionnalities in Sympa.
Template plugins
This feature allows to package code to be used in templates. It enables
foreign data integration in Sympa's UI and emails, user specific
UI enhancement and much more! Integrating user targeted data retreived through
a call to a webservice becomes possible in a simple way, automatically adding
info from a database to outgoing emails as well !
Further details here : https://www.sympa.org/manual/templates_plugins
Enhanced custom actions functionality
Custom actions are used to run specific code and/or display user defined
templates. They can be executed in list or global context (it is up to you
to decide what to do in both cases). Previously, a custom action was a
simple TT2 template added to the web interface. It could only display data,
not process them. They were improved to allow greater expressiveness.
You can now develop a perl module to process the data passed to your
custom action.
Warning: AFTER UPGRADING TO 6.2, ANY PRE-EXISTING CUSTOM ACTION MUST BE
MOVED TO THE RELEVANT CUSTOM_ACTION DIRECTORY TO KEEP WORKING.
Mail hooks
Sympa::Message::Plugin provides hook mechanism to intervene in processing by
Sympa. Each hook may modify messages or may break ordinary processing.
This functionnality is quite new and still experimental. Please read the
perldoc of Sympa::Message::Plugin for more details about how to create and enable hooks in message handling.
Custom attributes provisionning
Custom attributes can now be provisionned using external data sources,
the same way as email addresses. For now, only SQL or LDAP datasources are
supported. To use this feature, you need first to define the custom attributes
as previously. This attribute must have the same name as the fields used in
your queries.
Synchronization disabling
In several organizations, nightly maintenances make the datasources
unavailable during some period of times. a new sub-parameter in data sources
definition allow to prevent Sympa from trying to synchronize list members
with these sources during a defined time range.
A recurrent question regarding list inclusion was to be able to extract not the whole list, but only a subset. It is now possible.
include_list parameter value can now look like this:
<listname> filter <filter_condition>
ODBC is now supported for email data sources.
sql, ldap and ldap2 user inclusions now handles gecos. It uses 2nd returned
column for sql and 2nd given attribute for ldap (comma separated).
Now "host" parameter of the LDAP datasource in list config may include URLs
(ldap, ldaps and ldapi) along with hostnames. So "port" and "use_ssl"
parameters
Scenarios
Now CustomCondition can set the action to take (do_it, reject ...) by
setting $_, this allows for complex, single-module CustomConditions.
"[msg_header#field][index]" returns the value of particular field.
Index may be negative. - "[msg_header#field]" still returns list of field
values, additionally, ordering will be preserved. Fixes:
Conditions is_listmaster, is_owner, is_editor and is_subscriber can
handle multiple values.
They also parse arguments as header field values to get address parts.
New parameters
New list parameter: 'member_include'. This parameters allows to defined
.incl files to include list members, the same way it is done for list admins.
This grants extended flexibility in datasources, allowing list owners to tweak
their own data sources without accessing to the actual details of the query
made to gather email addresses.
New sympa.conf config parameter "sender_headers" to specify header fields by
which message sender is detected. This is a enhancement to
S. Shipway's improvement.
RFC: What is the reasonable default for this parameter?
Behavior of one time ticket lock-out is configurable.
Two new robot parameters were introduced:
one_time_ticket_lockout:
"one_time" won't allow access again. This is previous behavior.
"remote_addr" will lock the ticket on remote address accessed at first time.
"open" will never lock-out tickets.
one_time_ticket_lifetime: Duration before ticket expires. Default is "2d", previous hardcoded value.
Changes of list config parameters on archiving. New parameter
"process_archive" controls archiving. The default is "off":
To enable archiving, it must be set to "on" explicitly. OTOH even if
archiving is disabled by setting it "off", past archives will be kept
and accessible according to access settings.
Config files
wwsympa.conf will no longer be used: it would be migrated to sympa.conf.
Alias management uniformization
Now alias maintenance utilities other than newaliases may be used without
special configure options nor patch to alias_manager.pl. Changes:
aliaswrapper and virtualwrapper were deprecated and replaced with sympa_newaliases-wrapper.
New alias management program sympa_newaliases.pl which will typically be
called by alias_manager.pl via sympa_newaliases-wrapper.
New site configuration parameters aliases_db_type and aliases_program will
control behaviour of alias database maintenance.
openssl dependency dropped
openssl(1) utility is no longer required. Instead, a few CPAN modules are required to use S/MIME or SSL features:
Crypt::SMIME
Crypt::OpenSSL::X509
The parameter "openssl" in sympa.conf was obsoleted. Note that p12topem.pl still needs openssl: To make it work, PATH environment variable should be set appropriately.
Internationalization
i18n titles in configuration.
List families scenari
Now you can define a "scenari" directory in the lists family directory.
These scenarii will be available for lists instantiated from this family.
List families addistional files
Until now, only the config.tt2 file was parsed when the family was
instantiated, thus producing the lists' config file. As a lot of other files
can be used to configure a list (footer, header, etc.), we added the
possibility to instantiate these files as well. The list of files parsed
(in addition to config.tt2) when instantiating a family are defined in
a new (sympa.conf and robot.conf) parameter called 'parsed_family_files'.
This parameter must contain a comma-separated list of file names.
If these files exist, with the '.tt2' extension added to their name,
in a family, they will be parsed and added to the list directory.
The default value of the parameter is: 'message.footer,message.header,message.footer.mime,message.header.mime,info'.
These files are updated in existing lists when a family is instantiated.
note that it will overwrite any other customization.
On the web automatic lists
Administration
Widely extended logs when the log_module parameter is activated with the
value 'scenario': all scenario results are evaluated. Remember that extended
logs can be limited by the IP or the email of the user, using the
'log_condition' parameter. log_module and log_condition are now declared in
sympa.conf instead of wwsympa.conf. Remember these parameters syntax:
log_module: can take the value "scenario" - only.
log condition: takes a character string as value. The form is
"ip=<an.ip>,email=<an_email>". You can put ip alone, email alone or both,
with the comma-separated form.
Listmaster notifications can now be grouped. If, for a specific robot,
several notifications are issued within a short period of time with the
same operation code only the first ones are sent, the next ones are stacked.
The stacking ends when no notifications are issued anymore, or when the first
one is too old. All the stacked notifications are then sent as attachments of
a single message. Internal settings : Stack if more than 3 notifications with
the same operation code are issued for the same robot - Send stacked
notifications if no new one satisfying the condition above was received for
more than 30 seconds - Send stacked notifications if the oldest one was issued
more than 60 seconds ago
sympa.pl -health_check checks config files, database connection and structure,
and data structure version.
Daemons such as sympa.pl no longer check database structure nor data version.
File extension of lock files are changed from ".lock" to ".LOCK", because lowercase name can conflict with domain part in the future.
pkgsrc changes:
o Update MASTER_SITES and HOMEPAGE to current reality.
o Convert the package in order to use GNU_CONFIGURE and add aclocal,
auto{conf,make} to USE_TOOLS (the configure is not provided by upstream
and need to be generated).
o Avoid mremap(2) usage. The NetBSD's mremap(2) isn't compatible (and probably
also other systems does not have it) so use mmap(2) instead.
Changes:
o Add support for STARTTLS on IMAP and POP3, from Markus Bachmann.
o Add "lock-wait" option to make fdm wait the global lock (lock-file option)
rather than exiting with an error immediately. Also add "lock-time" option
for the lock file timeout rather than a fixed 10 seconds. Requested by
Todd C. Miller.
o Add "ignore-errors" flag to instruct fdm to ignore delivery errors and
continue to the next mail, requested by Todd C. Miller.
o Delete Courier support.
o Delete regress/*
o Convert fdm to use autoconf and automake
o Various misc bug fixes
certain asserts based on ICE never trigger. Clang makes the choice
earlier to declare the size as unknown, so it would fail the assert.
The check in question is clearly bogus as an array parameter is really
just a fancy way to write a pointer -- no size information is preserved.
The change is from upstream with minor tweaks: use SSLv23_client_method()
that negociate highest possible protocol instead of TLSv1_client_method()
that can only do TLSv1.0. Insecure SSLv2 and SSLv3 are disabled through
SSL_CTX_set_options().
Approved by Thomas Klausner <wiz@NetBSD.org> on behalf of pksrc-pmc
This adds USE_TOOLS of lex and yacc. The build also uses objcopy, but
that's not a tool -- perhaps it should be, but that's a discussion for
after the branch. For now a comment is left about objcopy.
(leaf package)
Database access is now fully abstracted through databases/libzdb and
dbmail itself is agnostic about which backend support is present.
Bump PKGREVSION.
- improved automation to help combat spammers that are abusing
new top level domains;
- tweaks to the SPF support to block more spoofed emails;
- increased character set normalization to make rules easier to
develop and stop spammers from using alternate character sets
to bypass tests;
- continued refinement to the native IPv6 support; and
- improved Bayesian classification with better debugging and
attachment hashing.
An abridged upstream changelog follows...
---------------------------------------------------------------------------
October 25, 2014
amavisd-new-2.10.1 release notes
BUG FIXES
- fixed a missing import of mail_addr_idn_to_ascii() and idn_to_utf8()
when SQL is in use, resulting in:
Undefined subroutine &Amavis::Out::SQL::Log::mail_addr_idn_to_ascii
Undefined subroutine &Amavis::Out::SQL::Log::idn_to_utf8
OTHER
- avoid warnings issued by perl 5.21.5:
Negative repeat count does nothing at ./amavisd line 17218
Missing argument in sprintf at ./amavisd line 3678
- updated documentation in 2.10.0 release notes (new macros);
---------------------------------------------------------------------------
October 22, 2014
amavisd-new-2.10.0 release notes
COMPATIBILITY
- New requirement: perl module Net::LibIDN needs to be installed.
- Uses a perl module File::LibMagic if installed, instead of spawning
a file(1) utility.
- Default log templates and notification templates have changed
in details
- International domain names (IDN) encoded in ASCII-compatible encoding
found in e-mail addresses and in Message-ID header field will be decoded
to Unicode for presentation purposes (syslog, JSON structured log,
notifications). This decoding does not affect a mail message itself.
- Logging via syslog expects that syslogd (or equivalent) will not
clobber UTF-8 octets.
- Third party log parsers may need updating to accept logs with Unicode
characters in UTF-8 encoding.
- A SMTP response to an EHLO command will now announce SMTPUTF8 capability
by default.
BUG FIXES
- releasing a message from an SQL quarantine was broken in version 2.9.1
due to introduction of parent_mail_id()
and Gionatan Danti;
- if checking of a message was aborted prematurely (like due to a timeout
or some fatal error), JSON log could receive a copy of a previous
log entry;
- prevent non-ASCII non-UTF-8 octets from reaching a JSON log/report
(which produced an invalid JSON object and Elasticsearch complaining);
- allow SMTP commands MAIL FROM and RCPT TO to accept options without
values, as allowed by the RFC 5321 syntax;
- in delivery status notification (DSN) the field Received-From-MTA
specified 'smtp' as mta-name-type, instead of a 'dns' as prescribed
in RFC 3464;
- releasing from a quarantine left envelope sender address as '<>'
instead of using the address found in a Return-Path header field
of a quarantined message
- avoid failure in os_fingerprint or in smtp forwarding in certain cases
where the $os_fingerprint_method or $forward_method or $notify_method
uses an asterisk in place of a host IP address or port number.
- files LDAP.ldif and LDAP.schema: added a missing attribute
amavisDisclaimerOptions to objectClass
NEW FEATURES
- added support for Internationalized Email:
- added support for Internationalized Domain Names (IDN) according
to IDNA (RFC 5890, RFC 5891; RFC 3490);
- delivery notifications and admin notifications now show the following
information encoded as UTF-8 (which is a default $bdy_encoding) in the
plain text part of the message: IDN domain names in sender and recipient
mail addresses and Message-ID are first decoded to Unicode, Subject and
author display names are MIME-decoded;
- 'amavisd showkeys' and 'amavisd testkeys' can now deal with IDN
(international domain names): domain names in DNS zone comments
end up as UTF-8, DNS labels are in ASCII (A-labels); domain names in
calls to dkim_key() may be specified either as UTF-8 or in ASCII (ACE);
- new macro 'mail_addr_decode' takes an e-mail address as a string of
octets, where a local part may be encoded as UTF-8, and the domain part
may be an international domain name (IDN) consisting either of U-labels
or A-labels or NR-LDH labels.
- new macro 'mail_addr_decode_octets' is like 'mail_addr_decode', except
that the result is a string of octets, only valid as UTF-8 if the
provided address was a valid UTF-8 (garbage-in/garbage-out);
- new macro 'header_field_octets' is like 'header_field', except that
a result is a string of octets in UTF-8 encoding, suitable for a log
template;
- new macro 'ip_proto_trace_all' expands into a list of information
items from a Received header trace;
- new macro 'ip_proto_trace_public' is like ip_proto_trace_all, except
that entries with non-public IP address are excluded from the list;
- new macro 'protocol' evaluates to a protocol name by which a message
was received by amavisd, according to RFC 3848 ("Transmission Types
Registration") and "Mail Transmission Types" / "WITH protocol types"
IANA registration
- new macro 'client_protocol' expands into a protocol name by which
a message was received from a client by MTA; the information is passed
from MTA to amavisd through XFORWARD PROTO SMTP protocol extension or
through AM.PDP (milter); typical values are 'ESMTP' or 'SMTP';
- use a perl module File::LibMagic when available, instead of spawning
a file(1) utility for classifying contents of mail parts.
OTHER
- RFC 6533: recognize a MIME type 'message/global' as similar
to 'message/rfc822', and 'message/global-headers' as similar
to 'text/rfc822-headers' where appropriate (e.g. in bounce killer);
- header validity check now distinguishes 'non-ASCII and invalid UTF-8'
from 'non-ASCII but valid UTF-8' characters in a mail header section.
- ORCPT attribute in SMTP 'RCPT TO' command now accepts the original
recipient mail address in any of these encodings: utf-8-address,
utf-8-addr-unitext, utf-8-addr-xtext, or as a legacy xtext,
as required by RFC 6533;
- updated do_cabextract (extraction of Microsoft cabinet .cab archives)
to recognize a slightly changed output of cabextract version 1.2;
- adjusted some timeouts to leave more reserve for later stages of
mail processing and forwarding;
- prefer sanitizing/protecting control characters as hex code (like \x7F)
instead of octal (like \177) (e.g. in logging and DSN);
---------------------------------------------------------------------------
June 27, 2014
amavisd-new-2.9.1 release notes
BUG FIXES
- when a $final_bad_header_destiny is set to D_BOUNCE and a mail
message was a DSN or coming from a mailing list, spam checks were
inappropriately skipped (logged as: "bypassing of spam checks,
message will be blocked anyway", which was not true as the blocking
was overruled at a later stage);
- perl 5.20.0 may occasionally report:
"Malformed UTF-8 character (unexpected end of string)"
due to a bug in perl [perl #122148]. Treat this error as non-fatal
and only log a warning in two such cases: when SpamAssassin is called
as a spawned subprocess ($sa_spawned=1) and is returning a result
to a parent process, or when constructing a structured report.
OTHER
- updated decoding of RAR archives to recognize a changed format in output
of 'unrar' utility version 5;
- avoid tempfailing a message if a redis server is down, just log the
error and carry on;
- some minor logging changes to facilitate troubleshooting;
---------------------------------------------------------------------------
May 9, 2014
amavisd-new-2.9.0 release notes
COMPATIBILITY
This version drops dependency on a Perl module Redis, and makes
dependencies on modules Convert::TNEF and Convert::UUlib truly optional.
The following change may affect third-party log parsers:
To facilitate forensic log analysis and troubleshooting, log entries
'FWD from' and 'SEND from' at level 1 now carry one additional
prefixed information field which is the unique internal mail_id of
the message, possibly followed by a parent_mail_id in parenthesis,
e.g.:
(00525-02) XE9xnQYjrWyd FWD from <...> -> <...>, ...
(00495-02) v1pyIOMQkUYD(CIcqao-vCDO9) SEND from <...> -> <...>, ...
NEW FEATURES SUMMARY
- structured log/reporting to a Redis server in JSON format;
- IP address reputation (uses a Redis server);
- added two minor content categories to the major ccat CC_UNCHECKED
(encrypted (=1) and over-limits/mail-bomb (=2) );
- introduced a by-recipient setting %final_destiny_maps_by_ccat.
BUG FIXES
- fixed "Insecure dependency in sprintf" in Sophos SAVI av-scanner,
- fixed the interface code to virus scanners Sophie, Trophie and fpscand,
where a time-out on a long-running virus scan would leave a connection
to the virus scanner open and a late response from a scanner to a
previous request could be interpreted as a result of the current scan;
- fixed a bug in transforming an IPv6 alternative form IP address into
a preferred form. One effect of this bug was declaring an IPv4-mapped
IPv6 address as syntactically incorrect;
- if SQL logging was disabled a pen pals feature was non-functional even
when a Redis storage back-end was available and collecting data; now
pen pals is fully functional with a Redis database back-end and no SQL;
- provided our own Redis client code, avoiding Redis CPAN module bugs,
its slowness and non-support for IPv6.
- fixed a regexp in parsing wildcarded signing domain in a DKIM key
declaration and in a wildcarded sender pattern of signing options.
- dropped hard-coded dependency on modules Convert::TNEF and Convert::UUlib.
The Convert::TNEF was made optional in amavisd-new-2.8.0, but the
program still failed if the module could not be loaded at startup.
- import a missing do_log_safe() in Amavis::LDAP::Connection to avoid
a warning: _WARN: \t(in cleanup)
Undefined subroutine &Amavis::LDAP::Connection::do_log_safe
called at (eval 101) line 76 during global destruction;
- at startup amavis may try to find a decoder for 7z and zip extensions
twice;
- fixed the amavisd-new-courier.patch which resulted in two instances
of sub post_bind_hook(). Only tested for syntax.
NEW FEATURES
- Structured logging/reporting in JSON format is now available through
a redis server.
- IP address reputation
- Added support for decompressing LZ4 streams in mail attachments when
an external utility lz4c is available and the 'file' utility recognizes
such streams (probably since version file-5.17). Default settings
of @decoders and $map_full_type_to_short_type_re now recognize LZ4;
if these settings are replaced by a configuration file, the config
file needs to be updated to include the new entry.
- Added two minor content categories to the major ccat CC_UNCHECKED
to allow distinguishing between reasons of decoders failure.
- introduced a setting %final_destiny_maps_by_ccat, which makes it
possible to specify by-recipient final destiny for each contents
category, e.g. use D_REJECT on spam to some users, and D_BOUNCE or
D_DISCARD or D_PASS for others. Introduced mostly for completeness.
- added a setting $outbound_disclaimers_only. When set to true and
disclaimers are enabled, it will only allow adding disclaimers
to non-local recipients. For backward compatibility the default
value is false (undef)
- the $recipient_delimiter setting can now hold a multi-character string,
specifying all characters that can delimit an address extension from
a base e-mail address. Previously this setting was restricted to a
single character (typically a '+' or a '-').
- added macros report_json and rot13 (to be used in a log template):
* the macro 'report_json' expands to a JSON representation of a
structured log event;
* the macro 'rot13' replaces a string in its argument with an obfuscated
string where letters are shifted by 13 positions of an English
alphabet (a popular variant of a Caesar cipher to conceal spoilers);
this may serve to (poorly) hide strings such as mail Subject or
an e-mail address from casual browsing of a log;
OTHER
- dropped dependency on a CPAN module Redis, implementing our own
client-side redis protocol implementation (Amavis::TinyRedis).
It is faster and smaller, and supports opening sessions with a
redis server over IPv6 (or over IPv4 or over a Unix socket).
- store only essential information for pen pals operation to a Redis
storage back-end to save memory on a database server; information on
inbound messages is no longer stored there, i.e. only information on
originating messages is kept;
- more informative logging of pen pals query results when using a Redis
storage back-end. The redis support code (Lua and protocol handling)
was largely rewritten for efficiency since amavisd-new 2.8.1.
- added LDAP attribute amavisDisclaimerOptions 1.3.6.1.4.1.15312.2.2.1.47
to LDAP.schema;
- reduced EDNS payload size from 1240 bytes to a conservative default
of 1220 bytes when calling Mail::DKIM verifier;
- optimization: filter for public IP addresses from a Received trace
only once;
- added one digit of precision in the TIMING log report to reported small
elapsed times (below 5 ms);
- in a milter setup (AM.PDP) the log-id wasn't unique; adding a request
sequence number to it;
- avoid writing a notification to stdout about a warm reload for the benefit
of a cron job;
- reduced log level on some of the less useful log messages in a milter
setup;
- documentation README.sql-mysql: added "CREATE INDEX msgs_idx_mail_id..."
with a note on an InnoDB requirement for a foreign key;
---------------------------------------------------------------------------
June 28, 2013
amavisd-new-2.8.1 release notes
COMPATIBILITY
- when 0MQ (a.k.a. ZeroMQ) is used between Amavis components as an
internal messaging protocol, make sure to replace all 0MQ-enabled
Amavis components on upgrading amavisd, as the internal protocol
has changed slightly, taking advantage of 0MQ multi-part messages
for better performance. Affected programs are: amavis-services,
amavisd-status, amavisd-snmp-subagent-zmq, and amavisd.
- amavisd is compatible with perl 5.18.0 and with SpamAssassin 3.4.0
BUG FIXES
- fixed a bug in the SMTP client code, where the final SMTP status did
not reflect a failure status of a DATA command from a back-end MTA.
This caused a reception of a mail message to be confirmed but a message
was then lost, as it could not be passed to a back-end MTA. The bug
went unnoticed for years, as the commonly used MTAs normally reject
either at the MAIL FROM, at RCPT TO, or at the data-dot stage, but not
at the DATA command.
- fixed calling an external spam scanner DSPAM or Bogofilter, which
failed with a message:
auto-learning with spam scanner ... failed: error running program
- if a configuration file path as given through a command line option -c
or as an argument to include_config_files() was not an absolute path,
and that file contained an error, the do() would search the @INC list
for alternative files of the same name, and reported an unrelated error
(typically: No such file or directory) instead of reporting the true
reason for a failure;
- fixed a regular expression in amavisd.conf for an 'Avast!' AV entry
to properly extract a virus name;
- added LDAP errors LOCAL_ERROR and OPERATIONS_ERROR to the set of
expected error conditions which lets amavisd retry the failed
operation;
NEW FEATURES SUMMARY
- new Redis storage for the "pen pals" feature;
- improved IPv6 support;
- support for p0f v3;
- new macros ip_trace_all and ip_trace_public;
- amavisd-status now shows a bar graph display
of the number of active processes;
- the timing report log entry can show CPU usage
at log level 2 if a module Unix::Getrusage is available;
- improved IPv6 support: p0f-analyzer.pl can now communicate with amavisd
processes over an INET6 socket (or over an INET or UNIX socket as before).
- rewritten p0f-analyzer.pl to support a newer p0f v3 output format,
while still recognizing an older p0f v2 output format;
- improved IPv6 support: program amavisd-snmp-subagent-zmq can now
attach as an AgentX to a Net-SNMP daemon snmpd over an INET6 socket;
- improved IPv6 support: program amavisd-submit can now submit a mail
message to amavisd over an INET6 socket;
- a macro W can now produce a list of all virus scanners invoked,
along with a list of virus names each scanner detected;
- new macros ip_trace_all and ip_trace_public;
- templates for administrator notifications, recipient notifications,
and sender notifications now use macro 'ip_trace_all' instead of macros
'e' and 't' in order to report the full 'received' trace, not just the
first hop;
- macro supplementary_info recognizes new arguments: VERSION, SUBVERSION,
and RULESVERSION, providing additional information from SpamAssassin
correspond to equivalent SpamAssassin tags;
- a new command line option -X allows controlling some exotic features,
useful for example in debugging or automatic testing.
- a configuration setting $sa_debug may now specify a comma-separated
list of SpamAssassin debug facilities, complementing a similar method
of specifying these facilities through a command line option -d.
- pass the size of an original mail body as a 'supplementary attribute'
to SpamAssassin for the benefit of a 'check_body_length' eval rule
(new with SpamAssassin 3.4.0).
- to the output of amavisd-status add a simple bar graph display (with
an exponential-decay peak indicator) of the number of active processes;
- if a module Unix::Getrusage is available, the timing report log entry
(at log level 2) is enhanced: in addition to total elapsed time
(wall clock) spent in processing a message, it also shows a sum of
CPU user and system times spent by amavisd process and its spawned
processes.
OTHER
- the 'amavisd genrsa' command will now warn if the requested DKIM
signing key size is below 1024 bits, as required by RFC 6376;
- on amavisd startup a check on available private DKIM signing keys
(as declared by dkim_key) will now warn if a key size is below
1024 bits as required by RFC 6376, and log an information message
if a key size is below a configured $dkim_minimum_key_bits size
(defaults to 1024, currently 768 would still be a sensible value);
- for purposes of DKIM-based whitelisting (@author_to_policy_bank_maps)
and @signer_reputation_maps spam scores, valid signatures with
public keys shorter than $dkim_minimum_key_bits bits (default 1024,
equivalent to a lower limit as presently used by Google) are now
ignored, with an informational message logged at level 1.
- consider Unique local addresses (ULA) fc00::/7 non-public (RFC 4193),
dropped site-local addresses fec0::/10 (deprecated by RFC 3879),
adjusting the default setting of @mynetworks accordingly;
- consider the "Shared Address Space" 100.64.0.0/10 non-public (RFC 6598);
- adjust parsing the <zone_id> syntax of a scoped IPv6 address
as per RFC 6874;
- updated an AV entry for a Sophos Anti Virus: the scanning program
used to be named 'sweep', now it is 'savscan';
- updated a default value of @virus_name_to_spam_score_maps: updated
entry for Doppelstern and added entries for Bofhland and PORCUPINE;
- increase an arbitrary sanity limit on %smtp_reason_by_ccat strings
from 100 to 450 characters (RFC 5321 allows 512 character reply lines);
- relax testing file type of a configuration file, now a configuration
may also be passed to amavisd through a named pipe (fifo), possibly
facilitating testing or unusual deployments;
- relax a requirement that a $QUARANTINEDIR directory needs to be
writable: if $*_quarantine_method template settings include a
subdirectory (e.g.: $spam_quarantine_method='local:W%P/spam/%m.gz'),
such subdirectories must already exist and should be writable,
but the top-level $QUARANTINEDIR directory need not be writable;
- convert an IPv4-mapped IPv6 address into a plain IPv4 dot-quad form
when found in Received header fields, in socket local or peer address,
in ADDR field of an XFORWARD smtp extension command, or in an AM.PDP
attribute client_address. See draft-cmetz-v6ops-v4mapped-api-harmful
and draft-itojun-v6ops-v4mapped-harmful for potential caveats;
- drop a support for direct queries to p0f v2, as it never worked well
due to bugs in p0f v2. The p0f v3 changed the query protocol, but
a query does not include port numbers (see RFC 6302), so using the
p0f-analyzer.pl interface is still the only reliable approach;
- use sysread() instead of read() when reading from /dev/urandom
to avoid leaving entropy data in I/O buffers; also changed interface
name to sub read_random_bytes(), which now reads directly into a
scalar buffer, provided by an argument;
- fix uniform random distribution when generating a random PIN for an
attachment password (when releasing and $release_format is 'attach')
(not a security issue);
- added keepalive options to a call to Net::LDAP->new, recognized since
Net::LDAP 0.53;
- removed option inet6 from a default LDAP setup ( $ldap_sys_default ),
as Net::LDAP changed semantics in an incompatible way;
presumably the Net::LDAP now does the right thing by default;
- use a low-level 0MQ interface instead of ZeroMQ / ZMQ abstractions;
(i.e. ZeroMQ raw interface or ZMQ::LibZMQ3 or ZMQ::LibZMQ2);
- taking advantage of 0MQ multi-part messages the number of IP packets
transmitted is now radically decreased in favour of sending larger
but fewer packets;
- when generating 'Abuse Reporting Format (ARF) Reports' add a field
Source-IP and use UTC timestamps in the Arrival-Date field, in accordance
with RFC 6692;
- drop (opportunistic) loading of a module Devel::SawAmpersand and testing
the Devel::SawAmpersand::sawampersand(), variables $&, $` and $' are
no longer slow since Perl 5.17.7, the PL_sawampersand became a constant,
there is no longer any need of report it;
- documentation update: remove vestiges of a field 'spam_modifies_subj'
in README.sql, README.sql-mysql, this field was obsoleted in 2.7.0;
---------------------------------------------------------------------------
June 30, 2012
amavisd-new-2.8.0 release notes
COMPATIBILITY
- removed an old compatibility measure: default value of @banned_admin_maps
was changed from:
@banned_admin_maps = (\$banned_admin, \%virus_admin, \$virus_admin);
to a more consistent:
@banned_admin_maps = (\$banned_admin);
- quarantining to an mbox format file used to include a local time in an
mbox separator line, which differs from RFC 4155 and common practices
of using an UTC timestamp; a time zone of a timestamp in separator lines
is now changed to UTC;
BUG FIXES
- fixed initial evaluation of dynamic (i.e. per policy bank) values of
$enable_dkim_verification, $enable_dkim_signing and $bypass_decode_parts
across all declared policy banks; these policy bank entries may be scalars
of references to such;
- finely adjust a message size for de-stuffed dots according to a size
definition in RFC 1870; avoids occasional message size mismatch when
using an antispam interface module SpamdClient (implementing client-side
of a spamc/spamd protocol);
- updated LDAP.ldif to match LDAP.schema; provided by Quanah Gibson-Mount;
- updated AMAVIS-MIB.txt and amavisd-snmp-subagent: changed type of
SNMP variables *MsgsSize* in the group amavisStats 7 from Counter32
to Counter64 for consistency with other *MsgsSize* variables in groups
amavisStats 3 and amavisStats 9;
NEW FEATURES SUMMARY
- For monitoring and statistics gathering purposes a new set of utilities
and service processes is available based on a message passing paradigm,
using a 0MQ (a.k.a. ZMQ, ZeroMQ, or Crossroads I/O) library. This
replaces a functionally similar set of utilities based on a shared
BerkeleyDB database, with a benefit of avoiding lock contention
altogether. This can bring sigificant speedups, most pronounced on
a host with many busy amavisd child processes.
- Applied numerous fine-grained optimizations based on a NYTProf profiler
results. Optimizations include a reduction in a number of generated
Perl opcodes and similar micro-optimizations. This accounts for a large
amount of small changes in the code.
- Our current statistics (Q4 2011) shows that 80 % of messages are below
30.000 bytes, and 90 % of mail messages are below 100.000 bytes in
size. As an optimization, messages below 100 KiB in size are now kept
and processed in memory, including passing them more optimally to
SpamAssassin 3.4.0. Some file activity is still there, but is much
reduced. If $TEMPBASE also resides on an SSD disk (or a RAM disk),
observed speedup between 2.7.2 and 2.8.0 was 3 to 8 percent on a
busy host (with monitoring disabled, so as not to skew a measurement).
- Use a module IO::Socket::IP if available, instead of dealing directly
with low-level modules IO::Socket::INET and IO::Socket::INET6.
The IO::Socket::IP is a Perl core module since Perl version 5.19.8;
- choose more appropriate defaults if running on an IPv6-only host
(like connecting to ::1 instead of 127.0.0.1 which may not exist);
- amavisd-release now also supports connecting to amavisd over IPv6;
- as a debugging aid it is now possible that a late event triggers full
logging of earlier events that occurred during processing of a current
mail message;
- $enable_ldap setting is now dynamic, i.e. can be changed by a policy
bank, which makes it possible to selectively disable LDAP lookups
per policy bank;
- optionally avoid persistent connections to SQL and LDAP servers;
- it is now possible to disable calling an external file(1) utility
but still have MIME parts decoding enabled;
- added support in Amavis::SpamControl::ExtProg for an external spam scanner
Bogofilter;
- added locking options to @spam_scanners entries, to be used with external
scanners which need but do not implement locking of their resources
by themselves;
- added a global configuration setting $sa_userprefs_file, which is passed
on to SpamAssassin as a 'userprefs_filename' parameter at initialization;
- added a subroutine iso8601_weekday(), potentially useful with partitioning;
- added several new macros available to logging and notification templates;
NEW FEATURES - OTHER
- if a module IO::Socket::IP is available, amavisd will use this module
to create its client-side inet or inet6 sockets, instead of using the
low-level modules IO::Socket::INET and IO::Socket::INET6. This delegates
some of the dirty details handling to IO::Socket::IP, such as using the
getaddrinfo(3) system service to resolve host names, and dealing with
dual-stack multihomed host names. If IO::Socket::IP is not available,
the IO::Socket::INET or IO::Socket::INET6 are used directly instead,
to preserve compatibility. Please use a fairly recent version of
IO::Socket::IP, testing was done with versions 0.08 and 0.16.
- added a subroutine read_cidr() which can read a Postfix style CIDR file,
with a syntax interpreted according a Postfix cidr_table(5) man page.
The subroutine returns a ref to an array by default (but can also
produce a hash, and is able to add data to an existing array or hash).
- as a debugging aid it is now possible that a late event triggers full
logging of earlier events that occurred during processing of a current
mail message.
- the @decoders list is made a bit more flexible: the first entry in
each tuple (a short type name) may be a scalar string as before,
or may be a reference to a list of such names, in which case the
tuple applies to all listed short types.
- support an external decompressor lrzip for a .lrz format.
- $enable_ldap setting is now dynamic, i.e. can be changed by a policy
bank, which makes it possible to selectively disable LDAP lookups
per policy bank.
- optionally avoid persistent connections to SQL and LDAP servers - at
the expense of about 3 to 7 ms elapsed time for a reconnect.
- it is now possible to disable calling an external file(1) utility
but still have MIME parts decoding enabled: $file = undef;
- added Amavis::SpamControl::ExtProg support for an external spam scanner
Bogofilter.
- added Amavis::SpamControl::ExtProg support for auto-learning on external
spam scanners; experimental: works, but may change in future versions;
- added locking options to @spam_scanners entries, to be used with
external scanners which do not implement database locking by themselves.
- added a global configuration setting $sa_userprefs_file (undef by
default), which is passed on to SpamAssassin as a 'userprefs_filename'
parameter during its initialization.
- added a subroutine iso8601_weekday() which takes a Unix time as an
argument (seconds since 1970-01-01T00:00Z), and returns a weekday number
based on local time: a number from 1 through 7, beginning with Monday and
ending with Sunday, as specified in ISO 8601 (EN 28601).
- added a macro 'weekday', which expands to a weekday number
of the current message reception time, as provided by a call
to iso8601_weekday($msginfo->rx_time);
- added a macro 'secret_id', which expands to a secret counterpart to
mail_id, such that: b64_encode(md5(b64_decode(secret_id))) == mail_id.
It is encoded in base64url (RFC 4648), e.g. laL-rCJ6MBTm
(with a counterpart mail_id: XlZbJeFhn4OE).
- added a macro 'mail_id' as a synonym to a macro 'i', which is a
long-term unique mail_id on this system, possibly used in log and in
quarantine names, encoded in base64url (RFC 4648), e.g. XlZbJeFhn4OE
(with a counterpart secret_id: laL-rCJ6MBTm);
- added a macro 'log_id' as a synonym to a macro 'n', which is an
internal log id (also called task id, am_id) as shown in the log
and by amavisd-nanny, e.g. 58725-05-2;
- added a macro 'hexenc', which encodes its string arguments as
hex digits, high nybble first;
- added macros 'b64enc' and 'b64urlenc', which encode their arguments
as base64 strings, removing the final null padding '=' characters.
The 'b64enc' encodes into a character set [A-Za-z0-9+/], while the
'b64urlenc' encodes into a character set [A-Za-z0-9-_] in accordance
with RFC 4648;
- added a macro 'body_digest', which expands to a digest (a hash) of a
body of a mail message as computed by the algorithm chosen by a setting
$mail_digest_algorithm (defaults to 'MD5', can be 'SHA-1' or 'SHA-256').
- added a configuration setting $mail_digest_algorithm which chooses an
algorithm name for generating a mail header digest and a mail body digest.
OTHER
- quarantining to a mbox format file was using mboxo rule for protecting
a "From " line in a mail body, which made an original ">From " line
indistinguishable from a protected From; now a mboxrd format rule is
used, see http://en.wikipedia.org/wiki/Mbox
- make MIME::Parser use $TEMPBASE as a temporary directory for scratch
files instead of its default (which was /tmp, or failing over to a
current directory, disregarding a TMPDIR environment variable).
- distinguish an absence of an SMTP response from a negative SMTP response
in an SMTP/LMTP client code for improved logging/debugging purposes;
report delay time in case of a failure;
- a default value for $inet_socket_bind now reflects the availability
of socket protocol families INET (IPv4) and INET6 (IPv6).
- $forward_method, $notify_method and $requeue_method now default to an IPv6
address of a loopback interface ::1 instead of 127.0.0.1 when INET6 support
is available and INET is unavailable (IPv6-only host);
- remove an existing Authentication-Results header field only if we are
capable of generating our own: keep it if $enable_dkim_verification
is false or if $allowed_added_header_fields{'authentication-results'}
is false;
- add a field "Source-Port:" to "Abuse report format" (ARF) messages
as per draft-kucherawy-marf-source-ports;
- Avira SAVAPI av scanner: only log a warning instead of aborting
when a QUIT command at the end of a session fails;
- load all (both) applicable policy banks when %interface_policy contain
both a "SOCK" entry and a Unix socket path name; and similarly when it
contains both the "IPaddress:port" and a "port" entries.
- make use of a new SpamAssassin 3.4.0 option "skip_prng_reseeding".
- no longer pre-load a module Mail::SpamAssassin::Plugin::SpamCop
to avoid unnecessarily dragging-in modules Net::SMTP and Net::Cmd;
- a spamd client code in Amavis::SpamControl::SpamdClient now obeys an
option 'mail_body_size_limit' in a @spam_scanners entry and truncates
a message passed to spamd (like other spam scanner interfaces do),
instead of skipping a call to spamd.
- modules Convert::TNEF is now made optional, instead of being required;
do not load it if @decoders list is empty;
- avoid a warning issued when encountering an empty ehlo-keyword in a
response to an EHLO command (like on testing with a smtp-sink utility);
- some fine-grained reduction in a number of generated opcodes and
similar tiny optimizations; this accounts for numerous small changes
in the code;
- avoid some warnings issued by Test::Perl::Critic;
- just in case: make sure that our SMTP responses at the incoming session
are truly flushed to the socket and not stuck in a perlio I/O buffer;
- updated 2.7.0 release notes, documenting that a policy bank may also be
loaded based on a path name of a Unix socket receiving a connection;
- updated and clarified schema and instructions in README.sql-pg
- fixed spelling mistakes in comments;
- internal incompatible change: changed arguments and a result of a
subroutine write_header; also, now it rewinds a message file by itself;
---------------------------------------------------------------------------
August xx, 2012
amavisd-new-2.7.3 release notes
BUG FIXES
- fixed a bug in the SMTP client code, where the final SMTP status did
not reflect a failure status of a DATA command from a back-end MTA.
- if a configuration file path as given through a command line option -c
or as an argument to include_config_files() was not an absolute path,
and that file contained an error, the do() would search the @INC list
for alternative files of the same name, and report an unrelated error
(typically: No such file or directory) instead of reporting the true
reason for a failure;
- fixed a regular expression in amavisd.conf for an 'Avast!' AV entry
to properly extract a virus name;
OTHER
- updated an AV entry for a Sophos Anti Virus: the scanning program
used to be named 'sweep', now it is 'savscan';
- documentation update: remove vestiges of a field 'spam_modifies_subj'
in README.sql, README.sql-mysql, this field was obsoleted in 2.7.0;
---------------------------------------------------------------------------
June 30, 2012
amavisd-new-2.7.2 release notes
BUG FIXES
- a generated Received header field was missing the 'IPv6:' prefix
in the TCP-info component of a 'by' subfield (as required by RFC 5321,
section 4.1.3) when amavisd received a message over an IPv6 protocol;
- changed data type of an SNMP variable LogRetries from C32 to C64
for consistency with the MIB;
- updated AV entry 'AVG Anti-Virus' to consider status 403 continuation
lines when searching for a virus name;
OTHER
- reduce a log level to 5 on a log message:
Amavis::IO::RW: Error flushing on close: ...
to avoid an innocent but sinister-looking warning when a pipe
to a virus scanner is broken and needs to be re-established;
- updated an AV entry for 'F-Secure Linux Security' to version 9.14;
- fix a Unix socket compatibility issue with Net::Server versions 2.000,
2.001 and 2.002, where a method NS_unix_path no longer exists.
---------------------------------------------------------------------------
April 29, 2012
amavisd-new-2.7.1 release notes
BUG FIXES
- prevent rmdir() from failing with 'Invalid argument' on Solaris 10 when
deleting a temporary directory: current working directory must not be
within a directory which is about to be deleted;
- forwarding or quarantining through a 'pipe:' method failed with
"Insecure dependency in exec while running with -T switch" when a
sendmail command-line option -N was needed;
- when multiple sockets are specified (e.g. in $forward_method) as a
redundancy/failover mechanism, and SMTP session caching is enabled,
a failed forwarding session does not clear a cached session, so all
further attempts are stuck with the failed server, instead of picking
a different server from the list;
- on establishing a SMTP session when multiple sockets are specified
(e.g. in $forward_method) as a redundancy/failover mechanism, the
random choice never picked the last socket in a list;
- fix defanging by mimedefang, it was failing with perl 5.10 or later
due to an unhandled "Insecure dependency in sprintf" while logging the
result if the $log_level was 2 or higher, or when debugging was enabled;
- fix defanging by Anomy::Sanitizer, it was failing with an error message:
"mangling by anomy failed: replacement size 0, mail will pass unmodified";
- fix the 'xz' entry in a default @decoders list (in files amavisd.conf,
amavisd.conf-default and amavisd); the first two variants ('xzdec' and
'xz') were glued together, so the xz decoder was only available if found
under names 'unxz' or 'xzcat';
- provide a workaround for a bug [rt.cpan.org #64642] in a perl module
Encode, which gratuitously untaints a string when encoding or decoding it.
- avoid the use of Encode::is_utf8 due to a bug in a perl module Encode
as bundled with versions of Perl 5.8.0 to 5.8.8 (fixed in March 2007):
Perl bug tracking: #32687:
Encode::is_utf8 on tainted UTF8 string returns false
https://rt.perl.org/rt3/Public/Bug/Display.html?id=32687
also referenced by #37170:
https://rt.perl.org/rt3/Public/Bug/Display.html?id=37170
- fix a warning: _WARN: Invalid conversion in sprintf: "%a"
- write informational messages during a stop/start/restart to stdout,
instead of to stderr, avoiding unnecessary cron job messages;
- fix a syntactically incorrect 'Avira SAVAPI' av entry (missing
closing bracket) in a sample configuration file amavisd.conf;
- minor: get_body_digest incorrectly logged 8-bit body as 8-bit header;
- no longer insist on a minimal version 2.22 of a module Digest::MD5,
the 'clone' method is no longer needed since amavisd-new-2.7.0;
- do not call $parser->max_parts($MAXFILES) with some old versions
of MIME::Parser which did not yet provide this method;
- pre-load a module File::Glob even with perl 5.8.0, otherwise
autowhitelisting in SpamAssasssin may fail with "Insecure dependency";
- documentation: (files README.sql-mysql and README.sql-pg):
fixed a field name "policy.unchecked_lover", previously incorrectly
specified as "policy.unchecked_lovers_maps";
- documentation: fixed the two SELECT examples in files README.sql-pg and
README.sql-mysql, the field 'select' needs to be qualified with a table
name: 'msgrcpt.content' to avoid ambiguity;
- documentation bug in amavisd.conf-default: 'ESMTP' is not a valid
setting for $protocol, just use 'SMTP' instead;
COMPATIBILITY
- commented out the LHA entry in the default @decoders list and in
do_executable(). The program seems to be unmaintained, was seen crashing
and as such it may pose a security risk;
- due to popular demand, bring the 'spam-tag:' log line back to log level 2
(version 2.7.0 dropped it to log level 3) to retain compatibility with
some log analyzers. Caveat: 'spam-tag' string is now entirely in lowercase.
OTHER
- if a message is quarantined to more than one location using different
quarantine methods, the SQL field msgs.quar_type indicates only the
type of the last one.
- SMTP session caching now no longer re-uses old sessions which are
in use for more than a minute since their establishment;
- having the archive quarantine enabled should not be a sufficient reason
to store information to SQL when $sql_store_info_for_all_msgs is off;
- ClamAV-clamd and ClamAV-clamd-stream av scanners: changed socket name
in a sample configuration file amavisd.conf to /var/run/clamav/clamd.sock
(previously the socket name was /var/run/clamav/clamd);
- documentation updates;
Database and regexp map functionality is now split into separate packages:
- postfix-cdb
- postfix-ldap
- postfix-lmdb
- postfix-mysql
- postfix-pcre
- postfix-pgsql
- postfix-sqlite
Upstream changelog follows.
Postfix 3.0.2
-------------
No delta against 2.11.6.
Postfix 3.0.1
-------------
- Build error when compiling the Postfix SMTP server with SASL support
but no TLS support.
- The DNS "resource record to text" converter, used for xxx_dns_reply_filter
pattern matching, appended a '.' to TXT record resource values.
- The postscreen(8) manpage specified an incorrect Postfix version number
for the postscreen_dnsbl_timeout parameter.
- The postfix-install script expanded macros in parameter values when
trying to detect parameter overrides, causing unnecessary main.cf updates
during "postfix start" etc.
- Some low-level cleanup of UTF-8 string handling with no visible change
in behavior (besides better performance).
Postfix 3.0.0
-------------
- SMTPUTF8 support for internationalized domain names and address
localparts as defined in RFC 6530 and related documents.
- Support for Postfix dynamically-linked libraries and database plugins.
- An OPT-IN safety net for the selective adoption of new Postfix default
settings. If you do nothing, the old Postfix default settings *should*
remain in effect (complain to your downstream maintainer if that is not
the case).
- Support for operations on multiple lookup tables. The
pipemap:{map1,map2...} database type implements a pipeline of lookup
tables where the result from one lookup table becomes a query for
the next table; the unionmap:{map1,map2,...} database type sends the
Should be fix PR pkg/50197.
Here is changes from previous pkgsrc's snapshot.
Version 1.4.23 - SVN
--------------------
...
- Added Solarized Light and Solarized Dark themes, by Pavneet Arora.
- Added associative edit list option widget, with optional folder
list selector for values
- Added option to use blank spacer instead of security image ("This
image has been removed for security reasons.") for replacing
unsafe images.
- Full date and time is used as "title" (mouseover) text for dates
shown on the message list screen
- Custom Stylesheets are now sorted on the Display Preferences page
- $xtra in the displayHtmlHeader function is now available in the
global scope so that plugins can modify it during the generic_header
hook
- Added some generic client-side (JavaScript) libraries (including
an asynchronous server request mechansim). See the new /scripts
directory (plugin authors can refer to the plugin documentation
for how to use them)
- Added optional JavaScript folder list refresh ("check mail")
mechanisms that try to avoid refreshing if server is not responding -
see the $check_mail_mechanism setting in config/config.php or the
"4. General Options ==> "21. Auto check mail mechanism" setting in
the configuration tool. (If you do not update your configuration,
you will get messages in your logs: "PHP Notice: Undefined variable:
check_mail_mechanism in /path/to/squirrelmail/src/left_main.php on
line 322...")
- Added advanced control over the SSL context used when connecting
to the SMTP and IMAP servers over SSL/TLS (thanks to Emmanuel
Dreyfus). You can take a look at $imap_stream_options and
$smtp_stream_options in config_local.example.php in SquirrelMail
version 1.5.2 for more information. These configuration settings
should work the same under 1.4.23:
http://sourceforge.net/p/squirrelmail/code/HEAD/tree/trunk/squirrelmail/config/config_local.example.php
- Added ability to show login error from the IMAP server instead of
traditional "Unknown user or password incorrect" (thanks to Alain
Williams). See $display_imap_login_error in the configuration
file or "4. General Options ==> 22. Display login error from IMAP"
in the configuration tool.
- Configuration tool now shows the SquirrelMail version
- Added new attachments_top hook to src/read_body.php
- When resuming a draft, correct (from) identity is now pre-selected
- Removed overly-restrictive character limitations on address book
nicknames
- Prevent session lock-up caused by filters plugin trying to move
messages in an account that is over quota
- Added MD5 alternative to directory hash calculation
- Added ability for administrator to control whether or not users
can edit their reply-to address ($edit_reply_to in config.php)
- Added new "login_before_page_header" (boolean) hook; allows
plugins to have more explicit control over login page header
Update compressed patch to follow suit.
Remove x-label option since patch hasn't been updated since 1.5.17 (2007).
Comment out sidebar option since patch hasn't been updated yet.
Changes:
1.5.24 contains several new features in addition to bug fixes, perhaps
hinting it's past time to release 1.6.0. At the very least, the Mutt
team would like to encourage everyone to consider this release as
"very close to stable" and suggest anyone still using the 1.4 series
please upgrade.
A few changes were made to the suggested GPG and S/MIME configuration
settings. Please take the time to review the UPDATING file, as well
as the sample gpg.rc and smime.rc files under the contrib
subdirectory.
We'd like to thank everyone who contributed patches, bug reports,
translation, feedback, documentation updates, and testing. We're
grateful for all of your help in making this release happen.
