in control/smtpplugins. Extract a "Greylisting" stanza in MESSAGE. Merge
"Local non-root users to see the queue" into previous section (and
provide qmail-qread-client in example mailer.conf to begin with).
Mention port numbers where applicable.
Enable defaults that are sensible: realrcptto in control/rcptchecks and
viruscan in control/smtpfilters.
Add fixsmtpio rules to make greylisting-spp's tempfails look more like
qmail's other messages.
Bump dependency on qmail for config-fast-pkgsrc, which is like
config-fast but lets us simulate CONF_FILES-like behavior. As before, we
install these minimal config files, and won't deinstall them. (But the
updated qmail package will.)
Bump version.
installs the generated files elsewhere, so we can simulate
CONF_FILES-like behavior. qmail-run will switch to config-fast-pkgsrc.
We'll take advantage to deinstall these config files (as well as the
three basic .qmail files in ~alias) provided they haven't been changed.
Both of these commands stop leaving leftovers in ${PKG_SYSCONFDIR}:
# pkg_add qmail && pkg_delete qmail
# pkg_add qmail-run && pkg_delete -r qmail
While here, warn if the queue directory is on a case-insensitive
filesystem. Probably not gonna work perfectly.
Bump PKGREVISION.
sensible default, we wrap it in "greylisting-spp-with-exemptions", which
lets recipient addresses and domains be exempted from greylisting by
editing control/greylist/exemptrcpt{s,hosts}.
qmailofmipd: enable user CDB by default and remove the verbiage.
qmailsmtpd: bump datalimit (seeing occasional "fixsmtpio: out of memory" in production).
Improve MESSAGE a bit more.
Bump version.
SPP-compatible qmail-rcptcheck. Create control/smtpplugins so that the
RCPTCHECK-compatible programs continue to run as before. No functional
change intended.
Bump version.
qmail-smtpd (tweaked to tolerate the absence of a config file).
The RCPTCHECK patch is a logical subset of SPP with a slightly different
interface, and conflicts with SPP. Remove RCPTCHECK.
Bump PKGREVISION.
20181108 implements STARTTLS in fixsmtpio(8). Rebase EAI patch onto
TLS-onlyremote. Switch back to upstream for RCPTCHECK, which applies
cleanly again. Bump PKGREVISION.
(obviating the need for qmail-smtpd(8) to be patched to link OpenSSL).
Make TLS configurable for submission, POP3, and now also incoming SMTP:
- "yes" (startup will fail if cert or DH params are missing)
- "no" (even if they're present, don't offer TLS)
- "auto" (the default: offer TLS iff they're present)
Mention TLS setup in MESSAGE.
Delay SMTP greeting by 2 seconds. Enable zen.spamhaus.org RBL.
Bump version.
- Add STARTTLS support to fixsmtpio(8), which needs to terminate TLS in
order to continue observing requests and responses and do its job.
- Restore missing trailing " ESMTP" in greeting.
- Fix all warnings in acceptutils code.
- Document FIXSMTPIODEBUG, UCSPITLS, and DISABLETLS.
* 3.17.1
--------
* bug fixes:
* 3.17.0
--------
* the minimum GLib requirement is now 2.28.
* the mimimum GTK+2 requirement is now 2.24.
* nettle is now required, following removal of libcrypt from glibc.
* explicit use of --disable-gnutls is now required if gnuTLS support
is not required.
* SOCKS proxy support has been added.
Global settings can be found on the Mail Handling/Proxy page.
This can be overridden by Account settings on the new Proxy page.
* Accounts can now have their own auto-check intervals, or follow the
global interval.
* in the options for 'default selection when entering a folder',
'first [...]' has been renamed to 'oldest [...]', and
'newest [...]' items have been added.
* Message List: when changing sort key by clicking column header,
the sort direction is now preserved
* Message View: keypress handling for scrolling, (PgUp/Down, Space,
Backspace), has been improved.
* the Network Log now displays output from LDAP operations.
* "Go to last error" has been added to the Log Window context menu.
* Filtering/Processing: "mark_as_spam" is no longer a final action,
since it does not move the marked message.
* Filtering/Processing: Resent-From and Resent-To have been added in
Any/All header(s) (in Address Book) matcher rules.
* when a Return-Receipt request is received by an unknown address,
the user is now required to choose which Account to send it from.
* Colour Labels: confirmation is asked for when clearing or
overriding existing colour labels.
* Address Book: basic contact merging has been added.
* NetworkManager support: ported from libnm-util/libnm-glib to libnm.
* Dillo plugin: this HTML rendering plugin is now once again
available.
* RSSyl plugin: the modified time is no longer considered when
matching deleted items.
* RSSyl plugin: Handle 404 and other fetch failures better.
* Attachment Remover plugin: the user is now notified about what has
been done when processing multiple selections.
* SpamAssassin plugin: added support for compression (the server must
have compression enabled, and the local spamc too).
* SpamAssassin plugin: disabled SSLv3.
* when using the hidden preference, hide_timezone, the time in the
Date header is converted to UTC.
* various other UI improvements.
* many behind-the-scenes improvements.
* bug fixes:
* 3.16.0
--------
* Preferences: for the 'default selection on entering a folder' on
the Display/Summaries page, the first new, first unread, and first
marked message options are now sort-order aware.
* Preferences: the previously hidden preference to 'Warn when sending
to more recipients than []' has been added to the
Mail Handling/Sending page.
* Preferences: Toolbars/Compose window: Sign/Encrypt toggle buttons
can been added to the toolbar.
* Preferences: Fancy Plugin: allow stylesheet file/folder names to
have spaces in them.
* Account Preferences: a 'Show password' checkbox has been added next
to the password fields.
* Account Preferences: the OpenPGP and S/MIME preferences have been
split into two separate pages.
* Account Preferences: newline characters are disallowed in account
usernames and passwords, and warnings are shown to the user if this
is attempted.
* Compose: more UTF-8 list-item characters have been added.
* Address book: a 'Show password' checkbox has been added next to the
LDAP server 'bind password' field.
* GPG: full key/signature fingerprints are now shown instead of the
short versions.
* SSL Certificate Manager: added support for ipv6 addresses.
* NNTP: Fetch XOVER and XHDR data in batches of 5000 and use the
statusbar progress meter when opening/refreshing a NNTP folder.
* CLI: the --insert option has been added to --compose, to allow
inserting files from the command line.
* Plugins window: keyboard shortcuts to Load/Unload buttons have
been added.
* PDF Viewer Plugin: a print button has been added.
* The HTML parser now supports all entities.
* Tools: a simple bash completion helper has been added,
tools/bash_completion/claws-mail.
* Bug fixes:
* 3.15.1
--------
* Bug fixes:
* 3.15.0
--------
* More granular options on when to open a selected message have been
added. There are now several checkboxes on the Display/Summaries
page of the Preferences which allow a greater flexibility.
* Compose window: Show the total size of attachments on the
Attachments tab.
* Compose window: Bcc has been added to the headers drop-down list.
* Folder list: Top-level folders can now be copied. They are created
as regular folders in the target mailbox.
* Folder selection dialogue: Left/right keys collapse/expand rows.
Further keypress will move the cursor to parent or first child,
respectively.
* Menu items: 'Mark all unread [recursively]' has been added to the
folder context menu, message list menu, and the main window menu
and toolbar.
* Toolbar actions: Mark, Unmark, Lock, Unlock, Mark [all] read, Mark
[all] unread, Ignore Thread, Watch Thread, and Delete Duplicate
Messages have been added to the main window toolbar's Actions list.
* Account compose signature: The value of the signature file now
takes a path relative to the user's home directory in addition to a
full path.
* Icon Themes: Support for SVG themes with icon scaling capabilities
has been added. This requires libRSVG 2.40.5 or newer.
* Hidden preferences: colours for specifying Tags, QuickSearch, and
auto-filled header values have been added, both foreground and
background. Respectively, tags_color, tags_bgcolor,
qs_active_color, qs_active_bgcolor, qs_error_color,
qs_error_bgcolor, default_header_color, and default_header_bgcolor.
* Hidden preferences: warn_sending_many_recipients_num, if greater
than zero, a warning dialogue is shown when the number of
recipients exceeds the number given.
* GData plugin: This plugin now requires libgdata version 0.17.2 or
newer.
* TNEF parser plugin: This plugin now uses an external libytnef.
* vCalendar plugin: This plugin now uses an external libical, version
2.0.0 or newer is required.
* Mail Archiver plugin: - updated to support some of the compression
formats up to libarchive 3.2.2
* Several minor UI improvements.
* Bug fixes:
New Features:
* Added --dump-mail option.
* Added --xclient-delim, --xclient-destaddr, --xclient-destport,
--xclient-no-verify, and --xclient-before-starttls options.
Notable Changes:
* XCLIENT can now send multiple XCLIENT requests. Because of this,
--xclient and --xclient-ATTR values are no longer merged into one
string. This breaks previously documented behavior.
* Numerous improvements to the output of --dump and --dump-as-body,
including the ability to limit output by section, layout improvements,
adding missing options to output, and fixing bugs.
Notable Bugs Fixed:
* Fixed bug preventing Proxy from working with --tls-on-connect.
* XCLIENT is now sent after STARTTLS to match with Postfix's expectations.
* Fixed bug which could allow mail sending to proceed without a valid
recipient.
* Replacing a multi-line header via --header or --h-HEADER now replaces
the entire header, not just the first line.
* The option for specifying the local port was documented as --local-port
but implemented as --lport. Both are now documented and implemented.
* Fixed two bugs which prevented interactions between --dump,
--auth-hide-password, --dump-as-body, and --dump-as-body-shows-password
from producing consistent output.
the tag; for instance, "nbqmailofmipd" becomes "nbqmail/ofmipd". Vaguely
redolent of Postfix, and easier to glance at logs now that just about
everything runs similarly from rc.d. Turn off sslserver verbosity by
default. Bump version.
- removed a trailing dot element from @INC, as a workaround for a perl
vulnerability CVE-2016-1238;
- amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR
for a message "PID <pid> went away", and removed redundant newlines
from some log messages;
- safe_decode() and safe_decode_utf8(): avoid warning messages
"Use of uninitialized value in subroutine entry"
in Encode::MIME::Header when the $check argument is undefined;
- @sa_userconf_maps has been extended to allow loading of per-recipient
(or per- policy bank, or global) SpamAssassin configuration set from
LDAP. For consistency with SQL a @sa_userconf_maps entry prefixed with
'ldap:' will load SpamAssassin configuration set using the
load_scoreonly_ldap() method; a patch by Atanas Karashenski;
- add some Sanesecurity.Foxhole false positives to the default
list @virus_name_to_spam_score_maps;
- updated some comments;
+++
also add a patch to make it run with perl 5.28 without complaints
about regex syntax
- when users specify an SSL version that no longer exists in the Python
ssl module, do not result in an unhandled exception. Thanks: "nandre".
- catch IMAP UNAVAILABLE temporary error during login. Thanks:
Dario Corti.
This update includes XSS security problem.
RELEASE 1.3.8
-------------
- Fix PHP warnings on dummy QUOTA responses in Courier-IMAP 4.17.1 (#6374)
- Fix so fallback from BINARY to BODY FETCH is used also on [PARSE] errors in dovecot 2.3 (#6383)
- Fix invalid regular expressions that throw warnings on PHP 7.3 (#6398)
- Fix so Classic skin splitter does not escape out of window (#6397)
- Fix XSS issue in handling invalid style tag content (#6410)
- Fix compatibility with MySQL 8 - error on 'system' table use
- Managesieve: Fix bug where show_real_foldernames setting wasn't respected (#6422)
- New_user_identity: Fix %fu/%u vars substitution in user specific LDAP params (#6419)
- Fix support for "allow-from <uri>" in "x_frame_options" config option (#6449)
- Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
- Fix multiple VCard field search (#6466)
- Fix session issue on long running requests (#6470)
- CERTFILE needs to be set early enough for sslserver. Move it to rc.d.
UCSPITLS is application-specific and can stay in the CDB.
- Add PYMSGAUTH_TOLERATE_UNCONFIGURED to the CDB.
- Switch qmailpop3d from tcpserver+qmail-popup to sslserver+authup.
Set UCSPITLS in the CDB to require STLS before USER/PASS.
- Specify a few new required_files.
- Point more precisely at the need to inspect alias/.qmail-*.
- Bump qmail-acceptutils for integrated privsep TLS using ucspi-ssl.
- Switch qmailofmipd rc.d script to sslserver, listening on the network.
- Install control/{pop3,smtp}capabilities, as newly required by authup.
- Organize INSTALL a bit better.
- Remove all vestiges of stunnel, including further shortening MESSAGE.
- Implement SMTP "STARTTLS" and POP3 "STLS", relying on sslserver's UCSPI-TLS.
Derived from s/qmail's implementation.
- Catch up to s/qmail's base64 implementation.
- Implement POP3 "CAPA" verb for POP3.
- Require admin to describe child program in control/{pop3,smtp}capabilities.
- Fix regression from qmail-popup: sleep after auth failure for SMTP only.
- Update authup(8) manual page.
pkgsrc changes:
- Replace security/stunnel dependency with net/ucspi-ssl.
respective dependencies on spamdyke and stunnel. Depend instead on
qmail-acceptutils, which provides SMTP AUTH (and new filtering
functionality) and brings its own unconditional mess822 and stunnel
dependencies. Update rc.d scripts to match.
Use CONF_FILES instead of a bunch of open-coded INSTALL cleverness.
Clean up even better with a little DEINSTALL cleverness to remove CDB
files if their source CONF_FILES are gone.
Install sensible fixsmtpio rules and viruscan signatures.
Tighten MESSAGE. The basics have gotten pretty easy. Bump version.
patch and the AUTH patch conflict, nobody else has published a newer
hand-merged combo patch, and as it happens, I'd apparently rather
write a pile of new DJB-style C than make myself responsible for
hand-merging other people's security-sensitive code every time there's
a new TLS patch.
Now that we have AUTH without patching (see mail/qmail-acceptutils), the
"sasl" option goes away, we're finally on the most recent TLS patch
available, and when it's updated it'll be easy for us to keep up.
Rebase RCPTCHECK and EAI patches onto netqmail-with-TLS-and-no-AUTH.
Bump PKGREVISION.
Changelog v0.5.3:
- Fix assertion panic occurring when managesieve service fails to open
INBOX while saving a Sieve script. This was caused by a lack of
cleanup after failure.
- Fix specific messages causing an assert panic with actions that
compose a reply (e.g. vacation). With some rather weird input from the
original message, the header folding algorithm (as used for composing
the References header for the reply) got confused, causing the panic.
- IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing.
After finishing reading the Sieve script, the command parsing
sometimes didn't continue with the search arguments. This is a time-
critical bug that likely only occurs when the Sieve script is sent in
the next TCP frame.
2.3.3:
* doveconf hides more secrets now in the default output.
* ssl_dh setting is no longer enforced at startup. If it's not set and
non-ECC DH key exchange happens, error is logged and client is
disconnected.
+ Added log_debug=<filter> setting.
+ Added log_core_filter=<log filter> setting.
+ quota-clone: Write to dict asynchronously
+ --enable-hardening attempts to use retpoline Spectre 2 mitigations
+ lmtp proxy: Support source_ip passdb extra field.
+ doveadm stats dump: Support more fields and output stddev by default.
+ push-notification: Add SSL support for OX backend.
- NUL bytes in mail headers can cause truncated replies when fetched.
- director: Conflicting host up/down state changes may in some rare
situations ended up in a loop of two directors constantly overwriting
each others' changes.
- director: Fix hang/crash when multiple doveadm commands are being
handled concurrently.
- director: Fix assert-crash if doveadm disconnects too early
- virtual plugin: Some searches used 100% CPU for many seconds
- dsync assert-crashed with acl plugin in some situations.
- mail_attachment_detection_options=add-flags-on-save assert-crashed
with some specific Sieve scripts.
- Mail snippet generation crashed with mails containing invalid
Content-Type:multipart header.
- Log prefix ordering was different for some log lines.
- quota: With noenforcing option current quota usage wasn't updated.
- auth: Kerberos authentication against Samba assert-crashed.
- stats clients were unnecessarily chatty with the stats server.
- imapc: Fixed various assert-crashes when reconnecting to server.
- lmtp, submission: Fix potential crash if client disconnects while
handling a command.
- quota: Fixed compiling with glibc-2.26 / support libtirpc.
- fts-solr: Empty search values resulted in 400 Bad Request errors
- fts-solr: default_ns parameter couldn't be used
- submission server crashed if relay server returned over 7 lines in
a reply (e.g. to EHLO)
qmail. It avoids patch conflicts, adds new user-controlled features, and
is more consistent with qmail's design.
To SMTP-authenticate users without patching ofmipd(8) or qmail-smtpd(8),
compose the following programs into your configuration:
- reup runs a program repeatedly until it succeeds.
- authup offers SMTP or POP3 authentication and calls checkpassword.
- checknotroot refuses to run as UID 0.
- fixsmtpio filters SMTP I/O and exit status to suit authup.
From Attila Fueloep in pull request NetBSD/pkgsrc#32.
Apache SpamAssassin 3.4.2 contains numerous tweaks and bug fixes over the
past three and 1/2 years. As we release 3.4.2, we are preparing 4.0.0 which
will move us into a full UTF-8 environment. We expect one final 3.4.3
release.
As with any release there are a number of functional patches, improvements as
well as security reasons to upgrade to 3.4.2. In this case we have over 3
years of issues being resolved at once. And we are laying thr groundwork for
version 4.0 which is is designed to more natively handle UTF-8.
However, there is one specific pressing reason to upgrade. Specifically, we
will stop producing SHA-1 signatures for rule updates. This means that while
we produce rule updates with the focus on them working for any release from
v3.3.2 forward, they will start failing SHA-1 validation for sa-update.
*** If you do not update to 3.4.2, you will be stuck at the last ruleset
with SHA-1 signatures in the near future. ***
Full release notes at http://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.2.txt.
- nullmailer-send no longer generates bounces for rejected bounces.
Thanks Fejes József
- Fixed compile error in sendmail on GCC older than 4.9.
- Fixed treating authentication failure as message rejection.
Thanks Fejes József
- nullmailer-inject now sets the full name of the sender to the user
name as a fallback. This helps distinguish system sent messages when
the MTA rewrites the address (as does GMail, for example).
- Fixed compatibility issue with gnutls 3.6 (and possibly others).
- [Feature] Add arguments schemas to processors and extractors
- [Feature] Add functional selectors library
- [Feature] Add generic selector to reputation module
- [Feature] Add more ratelimits: by digest, by attachments data, by
filenames
- [Feature] Add preliminary stop words detection support
- [Feature] Add pure Lua debugm function
- [Feature] Add schema validation for Redis settings
- [Feature] Add selectors combine function
- [Feature] Add some recursion protection to lua logger
- [Feature] Add support for Lua API tracing
- [Feature] Allow to apply schema to arguments
- [Feature] Allow to get dkim signing data directly from HTTP headers
- [Feature] Allow to reuse existing authentication results
- [Feature] Cache selectors results in re runtime
- [Feature] Implement new text tokenizer based on libicu
- [Feature] Integrate selectors framework to multimap
- [Feature] Relax FORGED_RECIPIENTS
- [Feature] Support (almost) all html entities
- [Feature] Support adding and deletion of recipients in the milter
block
- [Feature] Support gathering HTTP body from fragments in lua_http
- [Feature] Support multi flag in regexp and glob maps
- [Feature] Support selectors in ratelimit module
- [Feature] Support selectors in settings
- [Feature] Use khash in HTML parser
- [Feature] Use pure Lua debugm function
- [Fix] Add fail-safety for destroying sessions
- [Fix] Allow to add result-less fake DNS records
- [Fix] Another try to fix race conditions on config unload
- [Fix] Call Lua callback on DNS timeouts
- [Fix] Deprecate task:inc_dns_req as it is redundant
- [Fix] Do not allow events deletions on cleanup
- [Fix] Do not try to process skipped messages
- [Fix] Fix HTTP requests with no body
- [Fix] Fix another cleanup race condition
- [Fix] Fix bug in processing of pcre regexps
- [Fix] Fix byte array allocation in the pool
- [Fix] Fix crashes on task cleanup
- [Fix] Fix dynamic buckets in ratelimits
- [Fix] Fix endless loop when waiting for Rspamd to stop
- [Fix] Fix lua_util.str_split in case of delimiters set
- [Fix] Fix more issues with watching of async events
- [Fix] Fix stop words detection and loading logic
- [Fix] Fix various corner cases for language detection
- [Fix] Fix watchers in lua_tcp
- [Fix] Fix words decay algorithm
- [Fix] Implement watchers replacement to handle nested calls
- [Fix] Save faked code into fake dns record
- [Fix] Show the proper frame when using lua_util.debugm
- [Fix] Use fake dns records in tests
- [Fix] Use unicode replacements for HTML entities
- [Fix] fixed "cannot find dependency on symbol 1" issue when using
replaced symbols in spamassassin rules
- [Fix] partition_id is not available in old versions of CH
- [Project] Add implicit conversion logic to selectors
- [Project] Add initial support for selectors in regexps
- [Project] Add method concept
- [Project] Further changes in unicode operations
- [Project] Implement Clickhouse migrations
- [Project] Implement implicit conversions to userdata
- [Project] Implement insert method
- [Project] Implement selectors registration for regular expressions
- [Project] Implement selectors support in re_cache
- [Project] Improve language detector: cleanup unused files,
categorize
- [Project] Migrate CH data to a fat table
- [Project] Rework selectors logic
- [Project] Start Clickhouse utilities library
- [Project] Start unicode rework
- [Project] coroutine threaded model for API calls: thread pool
- [Rework] Move phishtank to a DNS based service
- [Rework] Rework Clickhouse plugin to use the new API
- [Rework] Rework language detector
- [Rework] Rework utf content processing in text parts
- [WebUI] Add progress bar for AJAX requests
- [WebUI] Avoid errors table reinitialization
- [WebUI] Avoid history table reinitialization
- [WebUI] Avoid throughput summary table reinitialization
- [WebUI] Destroy summary table on disconnect
- [WebUI] Fix "auth" request URL
- [WebUI] Fix disabling and hiding controls on page reload
- [WebUI] Fix maps loading from neighbours
- [WebUI] Fix symbols sorting by score
- [WebUI] Fix tables destroying
- [WebUI] Fix throughput data consolidation
- [WebUI] Fix upload buttons disabling
