Commit graph

5 commits

Author SHA1 Message Date
jperkin
71fa94bf01 Support builtin libmilter. 2014-09-25 13:56:50 +00:00
pettai
6fc66a9166 2.7.3 2012/11/29
Log DB error string in dkimf_add_signrequest(), and fix a DSN handling
                error in dkimf_db_strerror().
        LIBOPENDKIM: Ignore entries in the oversign header field name list
                that are empty, and an oversign header field name list that
                is present but empty.
        LIBOPENDKIM: Allow header field lists to be empty, flushing any that
                were previously defined.
        BUILD: Improve tests for including <strl.h>.
        REPUTATION: Use lowercase for keywords in REPUTE query generation
                and handling.
        STATS: Clean up a dead link in opendkim-genstats.

2.7.2           2012/11/14
        Log the author domain name when rejecting or discarding due to ADSP.
        LIBOPENDKIM: Improve re-entrancy of dkim_eoh() when verifying.
        LIBOPENDKIM: Only do a single read attempt of a private key under
                GNUTLS to avoid hiding a useful error code.
        STATS: Add long option support for opendkim-importstats.
        STATS: Fix overly-strict domain name rules in opendkim-reportstats.
        TOOLS: Fix opendkim-genkey subdomains default.
        TOOLS: Fix opendkim-testmsg GNUTLS initialization.
        TOOLS: Add ability to assert a reporter ID to opendkim-spam.
        TOOLS: Add ability to skip a fixed number of Received: fields.
        TOOLS: Print a warning when asked to generate a key smaller than
                the recommended minimum.
        BUILD: Fix bug #SF3585163: Use a provided libstrl if detected.
        BUILD: Portability fixes for Solaris 10 from Claus Assmann and
                Leena Heino.

2.7.1           2012/10/30
        Fix bug #SF3581657: Fix faulty logic in LDAP open code.
        Fix bug #SF3581743: Properly handle NULLs returned from OpenDBX
                queries and low field counts in dkimf_db_walk().
        In the _FFR_REPUTATION code, free JSON objects when done with them.
        TOOLS: Fix argument parsing in new version of opendkim-genkey.

2.7.0           2012/10/24
        Feature request #SF2964375: Reject configuration files that have
                a SigningTable referencing a missing or malformed KeyTable
                entry.
        Feature request #SF3544764: Support for libar has been discontinued.
                For asynchronous and/or thread-safe resolver service,
                use libunbound or a suitable version of BIND.
        Feature request #SF3545658: Replace "ResolvConf" with "Nameservers"
                and add support for NS list overrides for versions of bind
                that have res_setservers().  Also rename "UnboundConfigFile"
                to "ResolverConfiguration", and make "TrustAnchorFile"
                generally available.
        Feature request #SF3547124: Skip reputation checks on passing
                signatures whose keys had a "t=y" value.
        Feature request #SF3555842: Add "ReputationTest" setting.
        Feature request #SF3556439: Update opendkim-atpszone per RFC6541.
        Feature request #SF3559744: Add library option DKIM_OPTS_MINKEYBITS
                allowing one to specify a minimum number of key bits for
                acceptable keys and signatures.  This is exposed through new
                configuration file option "MinimumKeyBits".  The default
                is 1024.
        Fix bug #SF3536414: Activate _FFR_OVERSIGN, and remove
                DKIM_OPTS_ALWAYSHDRS.
        Fix bug #SF3536655: Rename "X-Header" to "SoftwareHeader", and rename
                all header fields added that start "X-" to remove that prefix,
                per RFC6648.  The old name will be accepted through the end
                of the 2.7.x line.
        Fix bug #SF3538896: Remove antiquated CVS Id: tags, which cleans up
                some (harmless) build warnings.
        Fix bug #SF3548741: Add "ReputationTimeout" for use inside
                _FFR_REPUTATION, rather than using the built-in default
                or a hard-coded one.
        Fix bug #SF3549307: Remove _FFR_REPUTATION_CACHE, as it is redundant
                to caching code that's part of _FFR_REPUTATION already.
        Fix bug #SF3555844: Get repute client code in sync with repute.php
                (and the current REPUTE WG drafts).
        Fix bounds checking in the dstring printf functions.
        Fix loop structure in the C side of odkim.get_rcpt().
        Change all temporary directory defaults from /var/tmp to /tmp.
        Activate _FFR_LUA_GLOBALS.
        Request the milter permissions required to get _FFR_REDIRECT working.
        Add _FFR_REPRRD, which is a second approach to DKIM-based reputation
                using round robin databases and Holt-Winters foreacasting
                using rrdtool (see http://oss.oetiker.ch/rrdtool/).  Still
                experimental.
        Patch #SF3555843: With sufficient verbosity, report the default
                configuration file path.  Patch from Andreas Schulze.
        BUILD: Fix bug #SF3531658: Move the strlcat() and strlcpy()
                implementations to their own library so that programs don't
                drag in crypto and other dependencies they don't need.
                Also clean up several other unnecessary dependencies imposed
                by imprecise use of autoconf.
        BUILD: Patch #SF3555845: Add support for older versions of libcurl.
        BUILD: Install non-user things in sbin instead of bin.
        LIBOPENDKIM: Feature request #SF3565006: Add dkim_add_querymethod()
                and dkim_sig_seterror(), define DKIM_CBSTAT_DEFAULT, and
                remove an assertion in dkim_get_key_dns(), which together
                allow for applications to develop non-standard key retrieval
                mechanisms.
        LIBOPENDKIM: Fix bug #SF3559080: Log correct domains and selectors
                with SSL errors.
        LIBOPENDKIM: Add DNS functions dkim_dns_config(), dkim_dns_init(),
                dkim_dns_nslist(), dkim_dns_set_init(), dkim_dns_set_close(),
                dkim_dns_set_nslist(), dkim_dns_set_config(),
                dkim_dns_set_trustanchor(), dkim_dns_trustanchor().
        LIBOPENDKIM: Patch #SF3562496: Add DKIM_OPTS_REQUIREDHDRS to allow
                alteration of the mandatory header field set.
        LIBOPENDKIM: If "q=" is present and method "dns" is specified, it
                must be followed by "/txt", per RFC6376.
        LIBOPENDKIM: For dkim_add_xtag(), copy the provided values so the
                caller doesn't have to keep them around.
        LIBOPENDKIM: Allow dual signing of a single body with dkim_resign().
        STATS: Fix bug #SF3555847: Add "--nocircles" to opendkim-gengraphs
                to allow operation with versions of gnuplot that don't know
                what "with circles" means.
        STATS: Patch #SF3555841: Temporary table SQL correction.
        TOOLS: Feature request #SF3553918: Add "-u" flag to opendkim-atpszone
                and opendkim-genzone enabling them to produce output suitable
                for use as input to nsupdate(8).
        TOOLS: Feature request #SF3558818: Teach opendkim-testkey about the new
                "ResolverConfiguration" setting.
        TOOLS: Fix bug #SF3565013: Replace opendkim-genkey with a perl script
                that knows how to do splitting of character-strings in DNS
                TXT records.
        TOOLS: Fix bug #SF3568846: Add "-t" to opendkim-testmsg to allow
                override of the directory where temporary files go.  Also,
                clean up temporary files after creating them.
        TOOLS: Add opendkim-rephistory.

This should fix PR pkg/47370.
2013-01-05 17:05:07 +00:00
adam
d22c77bae6 pkglint clean-up 2011-04-29 11:48:24 +00:00
pettai
7cb6fe3dd2 2.3.0 2011/02/21
Feature request #SF2964396: Allow SignHeaders, OmitHeaders and
                SenderHeaders to be specified as deltas to the default lists.
        Feature request #SF3053094: Correct documentation and improve function
                of the AuthservID configuration setting.  Requested by
                Andreas Schulze.
        Feature request #SF3060152: Add odkim.replace_header() function.
        Feature request #SF3060161: Add odkim.del_header() function.
        Feature request #SF3061189: Add new "quarantine" option to all the
                various "On-" settings.
        Feature request #SF3066104: Add "AnonymousDomains" configuration
                option.
        Feature request #SF3074290: Add _FFR_ATPS, experimental support for
                draft-kucherawy-dkim-atps.
        Feature request #SF3076684: Add "VBR-TrustedCertifiersOnly" flag.
        Feature request #SF3080604: Add odkim.parse_field() function.
                Requested by Todd Lyons.
        Feature request #SF3081697: Add "OversignHeaders" configuration
                option.
        Feature request #SF3085536: Activate _FFR_STATS_I, providing
                statistics reporting about use of "i=" in signatures.
        Feature request #SF3096630: Add odkim.rbl_check() function.
        Feature request #SF3097083: Make SigningTable accessible from Lua.
        Feature request #SF3103095: Allow "%" in a KeyTable entry's filename
                component as well as the domain name.
        Feature request #SF3105480: Improved VBR correctness; don't conduct
                VBR checks at all if there are disagreeing "mc" values in
                multiple VBR-Info header fields.
        Feature request #SF3106132: Allow "%" in a SigningTable's value.
        Feature request #SF3109963: Add "MaximumSignaturesToVerify" setting.
                Suggested by John Wood.
        Feature request #SF3110593: Add compile-time support for GnuTLS as
                an alternative to OpenSSL.  Suggested by Alessandro Vesely.
        Feature request #SF3136772: Sign the VBR-Info header field, if added.
                Requested by Frederik Pettai.
        Fix bug #SF3134119: With AutoRestart enabled, arrange to relay
                SIGUSR1 from the parent to the child rather than terminating.
                Reported by Yoshiaki Yanagihara.
        Fix bug #SF3141313: Trim whitespace from values in in-core data
                sets.  Reported by Todd Lyons.
        Fix bug #SF3156124: More robust handling of database disconnects.
                Also add _FFR_POSTGRESQL_RECONNECT_HACK, which will hopefully
                be temporary.  Reported by Miha Vrhovnik.
        Fix bug #SF3181180: Correct handling of quoted strings containing
                parentheses (and the opposite) when parsing
                Authentication-Results header fields.  Reported by
                Mark Martinec.
        Fix back-compatibility with very old implementations of milter in MTAs.
        Fix case-insensitive matching for domain names when doing signing
                selection.  Problem noted by John Espiro.
        New configuration file options:
                - "CaptureUnknownErrors", replacing the FFR of the same name
                - "DNSConnect", requesting the resolver use TCP mode
                - "KeepAuthResults", suppressing required removal of
                  Authentication-Results header fields
                - "ResolverTracing", adding detailed logging of libar activity
                - "StrictHeaders", requesing libopendkim to assert header
                  field counts according to the standards
                - "UnboundConfigFile", passing a configuration file name to
                  libunbound (suggested by Andreas Schulze)
                - "VBR-PurgeFields", removing "X-VBR-*" fields after using them
        Trim whitespace from the end of all values in a config file, not just
                strings.  Problem noted by Reuben Farrelly.
        Assume a default location for opendkim.conf.  Suggested by Andreas
                Schulze.
        Don't needlessly demand milter features, causing aborts when they're
                not available.  Problem noted by Todd Lyons.
        Make odkim.get_clienthost(), odkim.get_clientip() and
                odkim.get_fromdomain() available in the final script.
        When "SyslogSuccess" is active, log the selector and domain used.
                Suggested by Miha Vrhovnik.
        LIBAR: Feature request #SF3115073: Add flag for fine-grained activity
                logging for debugging purposes.
        LIBAR: Add support for using poll() instead of socket().
        LIBOPENDKIM: Feature request #SF3087029: Add DKIM_LIBFLAGS_STRICTHDRS.
        LIBOPENDKIM: Feature request #SF3089990: Add dkim_sig_getsignedhdrs().
        LIBOPENDKIM: Fix bug #SF3079094: Have dkim_diffheaders() take
                canonicalization into account when generating its results
                to avoid false positives.
        LIBOPENDKIM: Fix bug #SF3184670: Add error codes for missing and empty
                "v=" tags, thus avoiding a possible assertion failure when
                DKIM_LIBFLAGS_BADSIGHANDLES is in use.  Reported by J. Coloos.
        LIBOPENDKIM: Fix up handling of multi-TXT DNS replies inside
                dkim_get_policy_dns().
        LIBOPENDKIM: Add dkim_getid().
        LIBOPENDKIM: Treat no answers as an NXDOMAIN with respect to
                retrieving ADSP records.
        LIBOPENDKIM: When an unexpected DNS type or class is received,
                log the received values.
        LIBVBR: Feature request #SF3105477: Copy the generic DNS work from
                libopendkim.
        STATS: Feature request #SF3085536: Activate _FFR_STATS_I, providing
                statistics reporting about use of "i=" in signatures.
        STATS: Feature request #SF3125701: Add "s=" key value tracking.
        STATS: Feature request #SF3137445: Track key sizes.  Suggested by
                Todd Lyons.
        MILTERTEST: When asserting negotiation state, don't forget to capture
                what was negotiated.
        TOOLS: Feature request #SF3106876: Amend opendkim-testkey to return
                the DNSSEC results as well.
        TOOLS: Fix bug #SF3143922: Command line parameters to opendkim-testkey
                now override their configuration file counterparts.
        TOOLS: Experimental new "opendkim-spam" tool to let users update a
                stats database to indicate a message is spam, for possible
                later correlation use.
        BUILD: opendkim-genzone needs LIBCRYPTO_LDFLAGS.  Reported by
                John Smith.
        Activate _FFR_CAPTURE_UNKNOWN_ERRORS.
2011-03-13 23:31:31 +00:00
pettai
6eee611b7e OpenDKIM is an open source implementation of the DKIM (Domain Keys Identified
Mail) sender authentication system proposed by the E-mail Signing Technology
Group (ESTG), now standardized by the IETF (RFC4871). It also includes
implementations of the Author Domain Signing Practises (ADSP, RFC5617) and
Vouch By Reference (VBR, RFC5518) proposed standards.

The project started from a code fork of version 2.8.3 of the open source
dkim-milter package developed and maintained by Sendmail, Inc.
2010-10-19 23:11:42 +00:00