3.4.1
* Packaging fixes
3.4
* add a mimedefang-release(8) program to release a message from quarantine
directory
* add email_is_blacklisted to check an email address against an "hashbl"
rbl server
* UTF-8 support improvements
* Authentication-Results header improvements
fix it by rewriting the filename with ascii characters, using code which
was present upstream at some point.
See patches/patch-modules_lib_Mail_MIMEDefang_MIME.pm for details.
Bump PKGREVISION
* add is_public_ip6_address to check if an ipv6 address
is local
* add md_authres method to generate a basic Authentication-Results
header for the message
* add md_arc_sign method to sign email messages
with DKIM ARC signatures
* add md_dkim_verify method to verify DKIM signatures
* add md_dkim_sign method to sign email messages
with DKIM signatures
* add anonymize_uri to remove utm_* parameters
from uris.
* split mimedefang.pl code in Perl modules
* add re_match_in_7zip_directory to check for files
inside 7zip archives
* fallback to plaintext when md_check_against_smtp_server
fails SSL connection for unknown reasons
* add experimental support to scan emails with Rspamd antispam
* Obtain the Queue-ID as early as possible in the SMTP
session. Requires the "-y" command-line option to mimedefang.
* mimedefang.pl: Add support for a configuration file
to separate data from code
* mimedefang.pl: Add support to scan messages for viruses on a remote
Clamav server using clamdscan client.
* mimedefang.pl: Add re_match_in_rar_directory function to match
unwanted file names extensions inside a rar archive file.
* mimedefang.pl: Added TLS support to md_check_against_smtp_server
* mimedefang-multiplexor: Make "workerinfo nnn" show how long ago
the last state change was for a given worker.
* mimedefang.pl: Do not add a Message-ID: header when handing a
message to SpamAssassin if the original message lacks such a
header.
* Add a new -V maxLifetime option to mimedefang-multiplexor that
terminates worker processes after maxLifetime seconds (approximately).
This is in addition to the -r maxRequests option.
* Log the lifetime and number of requests processed when we terminate
a worker process.
* Make mimedefang and mimedefang-multiplexor write their PID files
as root to avoid an unprivileged user tampering with the pidfiles.
Thanks to Michael Orlitzky for pointing this issue out.
* mimedefang.pl: Add an extra level of subdirectories in the quarantine
to avoid 32K subdirectory limit on ext3. Idea by Kevin McGrail.
* Add the --data-dump option to scripts/mimedefang-util
And various bug fixes and minor improvements.
pkgsrc changes: make the rc.d script use the new -o option and move the pid
files to $VARBASE/run/, keeping the lock and socket files in
$VARBASE/spool/MIMEdefang/
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
The following distfiles were unfetchable (possibly fetched
conditionally?):
./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.
No effective change for the above reason.
Ok joerg
* Fix bug in logic that coalesces multiparts to single-parts if
possible; the bug broke DKIM signing.
MIMEDefang 2.77 RELEASED
* Change old author's name to "Dianne Skoll" in many places.
MIMEDefang 2.76 RELEASED
* mimedefang.pl.in: Get rid of all Perl function prototypes.
Perl prototypes are badly-implemented and consensus among
modern Perl 5 programmers is they shouldn't be used.
https://www.securecoding.cert.org/confluence/display/perl/DCL00-PL.+Do+not+use+subroutine+prototypes
* Add support for filter_wrapup callback. This is called at the
very end and permits header modifications, but not body
modifications. Useful for DKIM-signing.
* mimedefang.pl.in: Fix typo: SOPHOS should have been SAVSCAN
* mimedefang.c: Don't add a MIME-Version header if there is already
one.
* Fix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646347
* Minor clarifications to mimedefang-filter man page.
* Add "All / Summary" button to watch-multiple-mimedefangs.tcl
* Many cosmetic improvements to watch-multiple-mimedefangs.tcl
* Fix md_get_bogus_mx_hosts so it checks A records iff a domain has
no MX records.
* Add a forward declaration of rebuild_entity to avoid warnings on
recent Perl versions.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
* A new action_add_entity function has been added.
* Deprecated defined(@array) construct has been removed.
* New load1 md-mx-ctrl command summarizes load in a more useful format than load
* watch-multiple-mimedefangs.tcl has been overhauled.
* Various other bugfixes and documentation cleanups.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
* A new -G option causes files created by mimedefang to
be group-readable and sockets to be group readable/writable.
* The multiplexor snoops in on communications and saves the
Sendmail queue-ID for logging purposes. It logs the queue ID when
logging a slave's STDERR.
* MIMEDefang passes along the client port number, server IP address
and server port number to all filter functions. This feature was
sponsored by Scayl.
* In mimedefang.c, truncate overlong responses from the multiplexor. Also sanitize replies so "\r" doesn't get fed to smfi_setmlreply.
* If a slave process replies with a very long reply, have the multiplexor consume (and discard) the excess input so the multiplexor-to-slave protocol does not become de-synchronized.
* When mimedefang becomes a daemon, have it wait for a "go/no-go" message from the child before exiting. This should eliminate race conditions whereby the MTA starts before the milter socket is present.
* Avoid run-time errors from Unix::Syslog on some platforms.
* Restores compatibility with Postfix (which was broken in 2.70).
* Properly fixes signal-handling in child processes. 2.70 included a partial fix,
but signal-handling would break if you ran md-mx-ctrl reread.
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
PERL_SET_CONTEXT after forking or Perl gets confused.
In particular, setting signal-handling dispositions using
$SIG{FOO} = sub { ... } breaks.
* Clarify wording of mimedefang-filter man page.
* Remove obsolete code that used to attempt to generate working
directory names. Deactivate the no-longer-needed "-M" mimedefang
option.
* Add new "-y" option to mimedefang-multiplexor. This limits
the number of concurrent "recipok" commands on a per-domain basis.
* Remove Anomy::HTMLCleaner support.
* use MIME::Parser::Filer's ignore_filename() call instead of
subclassing to override evil_filename(). Same effect, less code.
* refactor resend_message_one_recipient() to use
resend_message_specifying_mode() instead of reimplementing it.
* header_timezone() now generates a strictly RFC2822-compliant timezone
string without needing POSIX::strftime()
* Ensure that decode_mimewords() is called in scalar context.
* Detect Sys::Syslog vs. Unix::Syslog at run-time
rather than when running ./configure.
* Bug fix: Don't change Content-Disposition to "inline" by default.
This was causing weird bugs with Outlook iCalendar attachments.
* Various crash fixes.
* Make relay_is_blacklisted and relay_is_blacklisted_multi handle
IPv6 addresses.
* Make the C code call smfi_setmlreply if the milter library supports it
and the Perl code returns a multi-line reply.
(And take over maintainer)
Release 2.67 adds the following features since 2.65 (there was no public
2.66 release):
* The ability for mimedefang-multiplexor to use poll rather than select.
This removes the FD_SETSIZE limit on the number of file descriptors
the multiplexor can handle.
* Support for FPROTD version 6 daemonized virus scanner.
2.65
There is only one change since 2.64: An error in the way the embedded
perl interpreter was initialized has been fixed. This fixes problems
on the Debian HPPA architecture and possibly others.
2.64
This is a minor bugfix release;
* Add support for NOD32 command-line scanner
* Add support for Sophos "savscan" scanner
Changes since 2.62:
* mimedefang-multiplexor.c: Relax the umask when creating the unprivileged
socket ("-a" command-line option.)
* mimedefang.c(eom): If we do not have a queue ID yet, try to obtain one
in eom. This is designed to improve operation with Postfix, which does
not assign a queue ID until after the first successful RCPT. Based on a
patch from Henrik Krohns.
* examples/init-script.in: Added MD_SKIP_BAD_RCPTS init script option
(suggested by John Nemeth)
* Remove support for OpenAntivirus. It's a dead product.
* mimedefang.pl.in(spam_assassin_status): Call $mail->finish() to prevent
temporary files from accumulating.
* redhat/mimedefang-init.in: Add configtest routine to check filter
syntax.
Changes since 2.61:
* A new "change_sender" action lets you change the envelope sender. Only
works with Sendmail/Milter 8.14.0 and newer!
* Clam interface code has been fixed to work properly with ClamAV 0.90
and later.
* Other minor improvements and bugfixes.
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
includes patch to work with clamav 0.90 and newer.
Changes since 2.59:
* SECURITY FIX: Versions 2.59 and 2.60 contained a programming error
that could lead to a buffer overflow. This is definitely
exploitable as a denial-of-service attack, and potentially may
allow arbitrary code execution. The bug is fixed in 2.61.
* If a message is going to end up being rejected,
discarded or tempfailed, we don't bother carrying out requests
to add/delete/modify headers or recipients, change the message
body, etc.
* mimedefang.c: Fix filter registration so MIMEDefang works
correctly against libmilter from Sendmail 8.14
Changes since 2.58:
* A new "watch-multiple-mimedefangs.tcl" tool that lets you keep an eye
on a cluster of MIMEDefang scanners.
* Fixes to the build scripts that should eliminate build problems on
Intel/AMD 64-bit architectures.
* mimedefang generates the COMMANDS file more safely and more efficiently.
* Various other minor improvements and bug-fixes.
Changes since 2.57:
* Various minor bug-fixes, including a memory leak.
Changes since 2.56:
* Various minor bug-fixes
* New md-mx-ctrl hload command shows load over past 1, 4, 12 and 24 hours.
* New multiplexor scheduling algorithm tries to keep a given command on a
given set of slaves.
INSTALL/DEINSTALL script creation within pkgsrc.
If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts. If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:
INSTALL_SRC= ${PKGDIR}/INSTALL
DEINSTALL_SRC= # emtpy
As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts. By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).
In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework. The only public variables relating to the templates are:
INSTALL_SRC INSTALL_TEMPLATE
DEINSTALL_SRC DEINSTALL_TEMPLATE
HEADER_TEMPLATE
The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
Changes 2.56:
An off-by-one error in the multiplexor that could restart slaves
unnecessarily was fixed. Compilation errors on some systems were fixed.
A handful of other minor bugs were fixed.
Changes 2.55:
A new option allows you to reserve some slaves for connections from
localhost; this helps clientmqueue runs to succeed on busy servers.
Modern Vexira anti-virus scanners are supported; versions older than
Spring 2005 are no longer supported. A new "filter_helo" callback lets
you take action in response to HELO/EHLO. A new "action_insert_header"
function lets you prepend headers (rather than just appending them).
A new function lets you reject mail from hosts with bogus MX records;
for example, MX records that resolve to private IP networks or the
loopback address.
