4d00b4415b
While here, fix a minor DESTDIR botch. 0.1.14 beta-17 - (security) Using File::Spec->canonpath for normalization (trailing slashes) Check ownership of real directories to avoid race attacks for symlinks. Thanks to Robert Buchholz. 0.1.14 beta-16 (not released) - (security) The check for symlinked directories was half complete. perl ignores -l if the argument has a trailung slash. Thanks to Andrej Kacian. 0.1.14 beta-15 - (security) $LOCKPATH and its contents weren't checked for being a symlink which. Thanks to Chris Howells and Andrej Kacian. - (fix) "dedicated" added to the exclusion list for dialup checks. A better approach would be to let the user configure dialup and exclude patterns. 0.1.14 beta-14 - (change) rbls.org link changed to robtext.com - (change) results with 'rc:' as action are not cached - (fix) regexp check for dynamic helo/client did hit also some clients with "static" - (fix) helo numeric check was too fuzzy. - (fix) master didn't read config after policyd-weight reload - (fix) HELO_SEEMS_DIALUP may have scored even if the IP is listed for the sender domain. - (fix) An interrupt of policyd-weight -s may cause a SIGPIPE which killed the cache - (change) Implemented $NS list. Useful for users with split horizon DNS - (fix) don't cache rejections which were deferred (4xx and friends) - (fix) helo_numeric_score didn't catch [n.n.n.n] helos - (fix) Header was not included if $dnsbl_checks_only = 1; and $ADD_X_HEADER = 1; - Thanks to J. Genannt - (fix) Corrected handling of [n.n.n.n] HELOs and address-literals as sender (long standing issue) - (change) Introduced @dnsbl_checks_only_regexps in order to skip DNS checks for certain client hostnames - (change) Added -D (Don't detach) switch for daemon-tools/runit users - (change) Added signals handlers for most of signals so that they are at least logged, also, provide a perl backtrace. - (change) prerequisite steps for providing coredumps (build coredump directories, chdir) - coredumps are non-trivial: we start as root, change uid. At this moment coredumps are denied by kernel in order to protect root-data. The only workaround would be, to start cache and master via system() after changing uid - (change) In daemon mode wrongly crafted policy requests don't lead to a child-exit anymore, only the connection is closed - (change) log-facilities other than 'info' are now mentioned in log-lines - (change) SMTP information such as client, helo, sender and to are now logged in each log-message. If $DEBUG is set this also logs the instance variable. - (fix) rbl_lookup used sometimes 65536 as packet id which appeared to cause problems - (fix) Check for syslog absence. If syslog is not available then log temporarily to $LOCKPATH/polw-emergency.log - (tmpfix) Introduced $TRY_BALANCE which closes connections to smtpds after they got their response in order to avoid too many established smtpd->policyd-weight (child) connections. |
||
---|---|---|
.. | ||
files | ||
DESCR | ||
distinfo | ||
Makefile | ||
PLIST |