-
Notifications
You must be signed in to change notification settings - Fork 75
/
Changes
1280 lines (740 loc) · 39.2 KB
/
Changes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1.00 Feb 16, 2023
Use readable file test for certificate files (#304)
Adding IP address to logs for 535 LOGIN errors, to use with fail2ban (#301)
Add support for network ranges in whitelist plugin (#298)
Change GeoIP order (#297)
Regex fix, checkip argument & updated tld list (#283)
Support for userprefs' reject threshold (#281)
Improve RPM packaging (#276-278)
tls: fix a typo in SSL_dh_file. (#275)
Badmailfromto whitespace (#273)
Fix Can't call method 'notes' on unblessed reference in plugins/logging/file. (#272)
Use eval to get dkim policies (#268)
Check $addr is defined before using it (#266)
Check for negative strikes in karma (#265)
Dmarc policy improvements (#260-263)
Find the karma DB dir (#264)
Update data_post_headers doc (#259)
Check rua is defined before trying to parse it (#257)
Record the name of the original plugin (#256)
Make spammy_tlds configurable (#255)
Possibility to set the number of "strikes" for the karma plugin (#254)
Prevent credentials being logged in plain text (#249)
Prevent a "Use of implicit split" warning (#250)
uribl needs to hook in data_post #251
Allow setting TLS protocol versions in a config file #252
New size_limit param for spamassassin plugin #253
0.96 Feb 16, 2016
Fix DMARC authentication-result string (#244)
Replace all occurances of CR in X-Spam-Status (#247)
In helo, check *every* regex, not just first (#246)
badrcpt use reason, and defined-ness test (#245)
DMARC plugin: Added option to disable reporting (#242)
Add perms test to Qpsmtpd::DB::File::DBM::dir() (#234)
Skip greylisting when we can't talk to greylist DB (#233)
Change fake_{config,hook} to mock_{config,hook} (#232)
Use a fake greeting for testing run_continuation() (#231)
0.95 Feb 11, 2015
tls: adding support of Perfect Forward Secrecy (biergaizi)
more test coverage
misc updates to tests and docs
use perl DNS methods instead of shell cmds
tidier testing (t/tmp/*) vs scattershot
greylisting plugin adds Redis support
Qpsmtpd::DB with DBM and Redis classes
Auth-Results header won't be modified if DKIM signed
ordering headers to improve SpamAssassin interaction (priyadi)
disable SSLv3
fcrdns: add tests and improved localhost detection
added data_post_headers hook (priyadi)
added preliminary support for GeoIP v2 and ASN lookups from GeoIP DBs
make content log location configurable
added script for fetching GeoIP dbs
added auth_imap plugin (Graham Todd)
improved IPv6 support
removed async everything (unsupported and stagnant)
0.94 Sep 05, 2014
Added null char in username check to auth_cvm plugin
Build updates for CentOS 6 (Robert Siddall)
SpamAssassin plugin fixes (Priyadi Nurcahyo)
Added plugins/stunnel (luzluna)
Fixed a config error in Apache/Qpsmtpd.pm (luzluna)
loadcheck: imported (Robert Siddall)
return a useful error message when temp rejecting connections (Priyadi)
smtp_forward: added Postfix XCLIENT support (Chase Venters)
smtp_forward: add the remote message id in log entry (tpoindessous)
clamdscan: added support for remote (TCP/IP) clamd (M Simerson)
Updated DMARC plugin to use Mail::DMARC
Updated SPF & DKIM plugins to store data for DMARC processing
karma plugin: added spammy TLD penalty
a few more log prefixes (corralling stragglers)
0.93 Dec 17, 2013
Added Authentication-Results header
moves Authentication-Results to Original-Authentication-Results on inbound.
no longer puts auth info in Received header
TcpServer: ignore DNS search path and explicitely request PTR lookups (speedup)
store envelope TO/FROM in connection notes
raised max msg size in clamdscan
SPF enabled by default (if Mail::SPF available)
auth_vpopmaild: added taint checking to responses
added run files for most common deployment methods (easier install)
untaint config data passed to plugins
Qpsmtpd.pm: split config args on /\s+/, was / /
(compatibility with newer versions of perl)
dmarc: added subdomain policy handling
0.92 Apr 20, 2013
new plugins: dmarc, fcrdns
new feature: DKIM message signing. See 'perldoc plugins/dkim' for details.
includes script for generating DKIM selectors, keys, and DNS records.
RAM bumped up to 300MB, to avoid memory exhaustion errors.
Qpsmtpd.pm: untaint config options before passing them to plugins.
auth_vpopmaild: untaint responses obtained from network. Combined with the taint fix for config options, enables auth_vpopmaild to work when setting the host config and port
tls: added ability to store SSL keys in config/ssl
log2sql: added UPDATE query support
removed FAQ to: https://github.com/qpsmtpd-dev/qpsmtpd-dev/wiki/faq
helo: cease processing DNS records after first positive match
karma: sprinkled karma awards throughout other plugins
- limit poor karma hosts to 1 concurrent connection
- allow +3 conncurrent connections to hosts with good karma
- limit recipients to 1 for senders with negative karma
Sanitize spamd_sock path for perl taint mode - Markus Ullmann
geo_ip: added too_far option (deduct karma from distant senders)
bogus_bounce: add Return-Path check, per RFC 3834
Fix for Net::DNS break - Markus Ullmann
SPF: arrange logic to so improve reliability of spf pass reporting (helpful to DMARC plugin)
is_naughty removed from is_immune feature. Allows more granular handling by plugins.
0.91 Nov 20, 2012
a handful of minor changes to log messages, similar to v0.90
replace all instances of split '' with split // (required for 5.1?+)
clamdscan: skip processing of naughty messages
TcpServer: improved IPv6 support (Michael Holzt)
SPF: improved support for IPv6, removed is_in_relayclient in favor
of checking if relayclient() note is set.
spamassassin: added 'headers none' option
qmail_deliverable: added vpopmail extension support, reject null
senders to ezmlm mailing lists.
dnsbl rejections handled by naughty plugin
changed default loglevel from 9 to 6
allow messages with no body: (Robin's patch)
ordered config.sample/plugins roughly in SMTP phase order
added Plugins::adjust_karma, reduces code requirements in other plugins
added whitelist plugin
helo: added is_plain_ip to lenient checks
dspam improvements
added log2sql, log/watch.pl, log/summarize.pl, and plugins/registry.txt
new dkim plugin added (deprecates domainkeys plugin).
0.90 Jun 27, 2012
Many logging adjustments for plugins, to achieve the goal of emitting
a single message per plugin that provides a summary of that plugins
action(s) and/or outcome(s).
qmail_deliverable plugin added (depends on Qmail::Deliverable).
karma plugin added.
naughty plugin added.
count_unrecognized_commands: corrected variable assignment error
connection_time: added tcpserver deployment compatibility
loop: max_hops was sometimes unset
dnsbl,rhsbl: process DNS queries syncronously to improve overall efficiency
insert headers at top of message (consistent SMTP behavior) in uribl
domainkeys, spamassassin plugins.
spamassassin: consolidated two data_post methods (more linear, simpler)
rewrote check_basicheaders -> headers
renamed check_loop -> loop
renamed check_badrcptto -> badrcptto
renamed check_badmailfromto -> badmailfromto
renamed check_badmailfrom -> badmailfrom
check_badmailfrom_patterns, merged functionality into check_badmailfrom
check_badrcptto_patterns, merged functionality into check_badrcptto
check_basicheaders. New arguments available: past, future, reject, reject_type
sender_permitted_from. see UPGRADING (Matt Simerson)
dspam plugin added (Matt Simerson)
p0f version 3 supported and new default. see UPGRADING (Matt Simerson)
resolvable_fromhost ignores DNS search path (i.e. it expects fully resolved domains) (Robert Spier, Charlie Brady)
new plugin auth_vpopmaild (Robin Bowes)
new plugin auth_checkpassword (Matt Simerson)
auth_vpopmail_sql: more flexible db config (Matt Simerson)
new plugin check_bogus_bounce (Steve Kemp)
clamav: added ClamAV version to the X-Virus-Checked header,
as well as noting "no virus found". (Matt Simerson)
assorted documentation cleanups (Steve Kemp, Robert Spier)
Revert "Spool body when $transaction->body_fh() is called"
0.84 April 7, 2010
uribl: fix scan-headers option (Jost Krieger, Robert Spier)
exim: Use BSMTP response codes, various cleanups (Devin Carraway)
config: cache returned values from config plugins (Peter J. Holzer)
AUTH PLAIN bug with Alpine (Rick Richard)
resolvable_fromhost: Moved DENYSOFT for temp_resolver_failed
to the RCPT TO hook. (Larry Nedry)
Note Net::IP dependency (Larry Nedry)
Various minor spelling cleanups and such (Steve Kemp, Devin Carraway)
rpm: create .rpm files from the packaging/rpm directory (Peter J. Holzer,
Robin Bowes, Filippo Carletti, Richard Siddell)
spamassasin: Custom spam tag subject munging (Jonathan Martens, Robert Spier)
clamav: Fix typo in name of default configuration file (Filippo Carletti)
0.83 September 15, 2009
plugins/queue/maildir: Allow hyphens in the maildir path (Hinrik Örn Sigurðsson)
Modify plugins/virus/clamav no-summary option for ClamAV 0.95 (Jonathan Martens)
Temporary deny if clamd is not running (Shad L. Lords)
Fix spamassassin plugin log noise if spam score is 0.0
Fix spool_dir configuration documentation and README update (Tomas Lee)
Disconnect host in rhsbl (Charlie Brady)
POD cleanups (Steve Kemp)
check_badmailfrom: Fix parsing of reason messages etc (Robert Spier, Tomas Lee)
check_spamhelo disconnects after denying a 'helo' (Filippo Carletti)
Log even when aren't in a transaction (Jared Johnson)
prefork: More robust child spawning (Peter Samuelson)
Add dup_body_fh method to return a dup'd body FH (Jared Johnson)
0.82 - June 2, 2009
prefork: Fix problem with processes sometimes being "left behind" (Charlie Brady)
prefork: Fix startup when no interface addresses are specified (Devin Carraway)
prefork: add multi-address support
The clamdscan virus-scanning plugin now requires the ClamAV::Client
perl module instead of the older, deprecated Clamd module (Devin Carraway)
prefork: support --listen-address for consistency with forkserver
prefork: Sanitize the shell environment before loading modules
0.81 - April 2, 2009
Close spamd socket after reading the result back (Jared Johnson)
p0f plugin updates (Tom Callahan)
Change transaction->add_recipient to skip adding "null" rcpt if passed
Add logging/apache plugin for logging to the apache error log
Add connection_time plugin
Add git information to version number when running from a git clone
Add rcpt_regexp plugin (Hanno Hecker)
Add notes method to Qpsmtpd::Address objects (Jared Johnson)
Add remove_recipient method to the transaction object (Jared Johnson)
0.80 - February 27, 2009
moved development to git repository!
reorganized plugin author documentation
added End of headers hook: data_headers_end
added "random error plugin"
improve logging of plugins generating fatal errors (Steve Kemp)
async: added $connection->local_ip, $connection->local_port
async: Fix bug where the body_file/body_filename wouldn't have headers
lower log level of rcpt/from addresses
prefork: improve shutdown of parent (and children) on very busy
systems (Diego d'Ambra)
prefork: exit codes cleanup (based on patch by Diego d'Ambra)
prefork: detect and reset locked shared memory (based on patch by
Diego d'Ambra)
prefork: untaint the value of the --interface option (reported by
Diego d'Ambra)
prefork: the children pool size was sometimes not adjusted immediately
after the exit of children (reported by Diego d'Ambra)
async, prefork: detach and daemonize only after reading the configuration
and loading the plugins, to give the init scripts a chance to detect
failed startups due to broken configuration or plugins (Diego d'Ambra)
plugins/tls: close the file descriptor for the SSL socket
plugins/queue/maildir: multi user / multi domain support added
set the Return-Path header when queuing into maildir mailboxes
plugins/resolvable_fromhost: check all MX hosts, not just the first
remove outdated virus/check_for_hi_virus plugin
prefork, forkserver: restart on SIGHUP (reload all modules, with register()
or init() phase).
prefork: add --detach option to daemonize like forkserver
use user/group switching from forkserver to support secondary groups
(needed with plugins/queue/postfix-queue)
--pid-file now works
apache: add post-connection hook, connection->reset
Create async version of dns_whitelist_soft, rhsbl and uribl plugins.
async: added pre- and post-connection hooks
improve handling of inetd/xinetd connections (Hanno Hecker)
Qpsmtpd::Connection->notes are now reset on end of connection (currently
not in Apache). The workaround plugins/tls for -prefork is no longer
needed now.
keep the square brackets around the IP as "remote_host" if the reverse lookup failed (Hanno Hecker)
async: Dereference the DATA deny message before sending it to the client
Change async/resolvable_fromhost to match the logic of
the non-async version and other MTAs
async: Handle End-of-data marker split across packets
Allow plugins to use the post-fork hook
Add qpsmtpd-prefork to the install targets (Robin Bowes)
Address definitions are now package vars and can be overriden for
sites that wish to change the definition of an email address. (Jared Johnson)
http://groups.google.com/group/perl.qpsmtpd/browse_thread/thread/35e3a187d8e75cbe
New config option "spool_perms" to set permissions of spool_dir
(Jared Johnson)
leading/trailing whitespace in config files is ignored (Henry Baragar)
0.43 - February 5, 2008 - Never offically released; oops.
(This release was mostly done by Matt Sergeant and Hanno Hecker)
Allow qpsmtpd-async to detatch (Chris Lewis).
plugins/tls: work-around for failed connections in -prefork after
STARTTLS connection (Stefan Priebe, Hanno Hecker)
Make the cleanup socket location parameter in the postfix plugin work
Implement config caching properly (for async).
Hook/plugin caching
Remove the connection / transaction id feature (never released)
Option to clamdscan to scan all messages, even if there are no attachments
add new clamd_user parameter that sets the user we pass to clamd
async: Support for HUPing the server to clear the cache. Wake-one child support.
async: Don't listen for readiness in the parent any more - breaks
under high load.
Made user() and host() setters as well as getters in
Qpsmtpd::Address. Suggested by [email protected].
Pluggable "help", based on patch by Jose Luis Martinez.
Updated plugin documentation.
0.42 - October 1, 2007 - Never released
Pluggable hook "noop"
Pluggable hook "help" (based on patch by Jose Luis Martinez)
async: better config caching (of flat files, not results from hook_config
or .cdb files), send SIGHUP to clear cache
New docs/plugins.pod documentation!
Add X-Spam-Level header in spamassassin plugin (idea from Werner Fleck)
prefork: support two or more parallel running instances (on different
ports; the first 4 digits of the port number must be different for each
instance - see IPC::Sharable).
prefork: Fix sporadic bug showing itself after millions of
connections (S. Priebe)
Remove the auth/authnull sample plugin (there are plenty proper examples now
so we don't have to include this insecure plugin)
POD syntax cleanup (Steve Kemp)
Fix Qpsmtpd::Plugins::isa_plugin() with multiple plugin dirs (Gavin Carr)
Fix false positives in check_for_hi_virus plugin (Jerry D. Hedden)
Make connection->local_ip available from the Apache transport (Peter Eisch)
Support checking for early talkers at DATA
Make the documented DENY{,SOFT}_DISCONNECT work in the data-post hook
Allow buffered writes in Postfix plugin (from Joe Schaefer)
Cleanup spamassassin plugin code a little
Fix bug which breaks queue plugins that implement continuations
Fix false positives in check_for_hi_virus plugin (Jerry D. Hedden)
Unrecognized command fix (issue #16)
Updated documentation (Apache 2.2, more)
Add uribl plugin (Devin Carraway)
0.40 - June 11, 2007
Add async server - uses epoll/kqueue/poll where available. (Matt Sergeant)
Add preforking qpsmtp server (Lars Roland)
Support SMTPS (John Peacock)
Support "module" plugins ("My::Plugin" in the config/plugins file)
Added IPv6 support. (Mike Williams)
Added tests for the rcpt_ok plugin (Guy Hulbert, issue #4)
Fix logging when dropping a mail due to size (m. allan noah /
kitno455, issue #13)
Don't drop privileges in forkserver if we don't have to.
greylisting: fix db_dir configuration option so it actually works
(kitno455, issue #6)
Correct header parsing of "space only" lines (Joerg Meyer, issue #11)
Update the sample configuration to use zen.spamhaus.org
Make the badmailfrom plugin support (optional) rejection messages after the
rejection pattern (Robin Hugh Johnson)
The ill-named $transaction->body_size() is depreceated now, use
$transaction->data_size() instead. Check your logs for LOGWARN messages
about "body_size" and fix your plugins. (Hanno Hecker)
Support pluggable Received headers (Matt Sergeant)
RFC3848 support for ESMTP. (Nick Leverton)
Updated the list of DNSBLs in the default config
Instead of failing with cryptic message, ignore lines in config/plugins
for uninstalled plugins. (John Peacock)
Clean up some of the logging (hjp)
Patch to prefork code to make it run (Leonardo Helman). Add --pretty
option to qpsmtpd-prefork to change $0 for child processes (John Peacock).
Add support for multiple plugin directories, whose paths are given by the
'plugin_dirs' configuration. (Devin Carraway, Nick Leverton)
Greylisting DBs may now be stored in a configured location, and are
looked for by default in /var/lib/qpsmtpd/greylisting in addition to the
previous locations relative to the qpsmtpd binary. (Devin Carraway)
New Qpsmtpd::Postfix::Constants to encapsulate all of the current return
codes from Postfix, plus script to generate it. (Hanno Hecker)
Add ability to specific socket for syslog (Peter Eisch)
Do the right thing for unimplemented AUTH mechanisms (Brian Szymanski)
relay_only plugin for smart relay host. (John Peacock)
Enhance the spamassassin plugin to support connecting to a remote
spamd process (Kjetil Kjernsmo).
Add domainkeys plugin (John Peacock)
Add SSL encryption method to header to mirror other qmail/SSL patches.
Add tls_before_auth to suppress AUTH unless TLS has already been
established (Robin Johnson).
Fix "help" command when there's no "smtpgreeting" configured (the default)
(Thanks to Thomas Ogrisegg)
Move the Qpsmtpd::Auth POD to a top-level README to be more obvious.
Add Qpsmtpd::Command to gather all parsing logic in one place (Hanno
Hecker)
Support multiline responses from plugins (Charlie Brady)
Added queue_pre and queue_post hooks (John Peacock)
Implement multiple host/port listening for qpsmtpd-forkserver (Devin
Carraway)
Fix a spurious newline at the start of messages queued via exim (Devin
Carraway)
Make the clamdscan plugin temporarily deny mail if if can't talk to clamd
(Filippo Carletti)
Improve Qpsmtpd::Transaction documentation (Fred Moyer)
0.32 - 2006/02/26
Add logging/file plugin for simple logging to a file (Devin Carraway and
Peter J. Holzer).
Add logging/syslog plugin for logging via the syslog facility (Devin
Carrway)
Add Qpsmtpd::DSN to return extended SMTP status codes from RFC-1893 and
patch existing plugins to use it when appropriate (Hanno Hecker).
Add plugins/tls_cert to generate appropriately shaped self-signed certs for
TLS support. Add explicit use of CA used to sign cert. Abstract clone()ing
of connection information when switching to TLS. Fix the AUTH code to work
correctly with TLS.
Add hosts_allow plugin to support pre- and post-connection hooks as well
as move --max-from-ip tests out of core (Hanno Hecker).
Improve postfix-queue plugin to support the known processing flags (Hanno
Hecker).
Drop root privileges before loading plugins, rather than after.
A few fixes to the clamdscan plugin (Dave Rolsky)
Various minor fixes and improvements
0.31.1 - 2005/11/18
Add missing files to the distribution, oops... (Thanks Budi Ang!)
(exim plugin, tls plugin, various sample configuration files)
0.31 - 2005/11/16
STARTTLS support (see plugins/tls)
Added queue/exim-bsmtp plugin to spool accepted mail into an Exim
backend via BSMTP. (Devin Carraway)
New plugin inheritance system, see the bottom of README.plugins for
more information
qpsmtpd-forkserver: --listen-address may now be given more than once, to
request listening on multiple local addresses (Devin Carraway)
(also: no more signal problems making qpsmtpd-forkserver crash/loop
when forking).
qpsmtpd-forkserver: add an option for writing a PID file (pjh)
qpsmtpd-forkserver: set auxiliary groups (this is needed for the
postfix backend, which expects to have write permission to a fifo
which usually belongs to group postdrop). (pjh)
qpsmtpd-forkserver: if -d or --detach is given on the commandline,
forkserver will detach from the controlling terminal and daemonize
itself (Devin Carraway)
replace some fun smtp comments with boring ones.
example patterns for badrcptto plugin - Gordon Rowell
Extend resolvable_fromhost to include a configurable list of
"impossible" addresses to combat spammer forging. (Hanno Hecker)
Use qmail/control/smtpdgreeting if it exists, otherwise
show the original qpsmtpd greeting (with version information).
Apply slight variation on patch from Peter Holzer to allow specification of
an explicit $QPSMTPD_CONFIG variable to specify where the config lives,
overriding $QMAIL/control and /var/qmail/control if set. The usual
"last location with the file wins" rule still applies.
Refactor Qpsmtpd::Address
when disconncting with a temporary failure, return 421 rather than
450 or 451. (Peter J. Holzer)
The unrecognized_command hook now uses DENY_DISCONNECT return
for disconnecting the user.
If the environment variable $QPSMTPD_CONFIG is set, qpsmtpd will look
for its config files in the directory given therein, in addition to (and
in preference to) other locations. (Peter J. Holzer)
Updated documentation
Various minor cleanups
0.30 - 2005/07/05
Add plugable logging support include sample plugin which replicates
the existing core code. Add OK hook.
Add new logging plugin, logging/adaptive, which logs at different
levels depending on whether the message was accepted/rejected.
(See README.logging for information about the new logging system by
John Peacock)
plugins/auth/auth_ldap_bind - New plugin to authenticate against an
LDAP database. Thanks to Elliot Foster <[email protected]>
new plugin: plugins/auth/auth_flat_file - flat file auth plugin
new plugin: plugins/auth/auth_cvm_unix_local - Only DENY if the
credentials were accepted but incorrect (bad password?). Interfaces
with Bruce Guenther's Credential Validation Module (CVM)
Revamp Qpsmtpd::Constants so it is possible to retrieve the text
representation from the numeric (for logging purposes).
new plugin: plugins/check_badrcptto_patterns - Match bad RCPTO
address with regex (Gordon Rowell)
new plugin: plugins/check_norelay - Carve out holes from larger
relay blocks (Also Gordon Rowell)
new plugin: plugins/virus/sophie - Uses SOPHOS Antivirus via Sophie
resident daemon.
Store mail in memory up to a certain threshold (default 10k).
Remove needless restriction on temp_file() to allow the spool
directory path to include dots (as in ../)
Fix off-by-one line numbers in warnings from plugins (thanks to
Brian Grossman).
Don't check the HELO host for rfc-ignorant compliance
body_write patches from Brian Grossman
Fix for corruption problem under Apache
Update Apache::Qpsmtpd to work with the latest Apache/mod_perl 2.0
API. Fix various bucket issues.
Replace $ENV{RELAYCLIENT} with $connection->relay_client in last plugin.
Fix typo in qpsmtpd-forkserver commandline help
0.29 - 2005/03/03
Store entire incoming message in spool file (so that scanners can read
the complete message) and ignore old headers before adding lines and
queuing for delivery.
New anti-virus scanners: hbedv (Hanno Hecker), bitdefender, and clamdscan
(John Peacock). Update clamav plugin to directly scan the spool file.
New temp_file() and temp_dir() methods; when used by plugins, they create
a filename or directory which will last only as long as the current
transaction. Also created a spool_dir() method which checks/creates the
spool_dir when the application starts up. All three methods are also
available in the base class where the temp_* objects are not automatically
limited to the transaction's lifetime. (John Peacock)
Added Gavin Carr's greylisting plugin
Renamed config/ to config.sample/
Qpsmtpd::Auth - document $mechanism option, improve fallback to generic
hooks, document that auth-login works now, stash auth user and method for
later use by Qpsmtpd::SMTP to generate authentication header.
(Michael Toren)
Qpsmtpd::SMTP - "MAIL FROM: <#@[]>" now works like qmail (null sender),
add LOGIN to default auth mechanisms, display auth user and method in
Received: line instead of X-Qpsmtpd-Auth header.
(Michael Toren)
check_badmailfromto - NEW PLUGIN - like check_badmailfrom except matches
both FROM: and TO:, and effectively makes it seem like the recipient
no longer exists for that sender (great for harassment cases).
(John Peacock)
earlytalker and resolvable_fromhost - short circuit test if
whitelistclient is set. (Michael Toren)
check_badmailfrom - Do not say why a given message is denied.
(Michael Toren)
dns_whitelist_soft - NEW PLUGIN - dns-based whitelist override for
other qpsmtpd plugins. Add suuport for whitelisthost to dnsbl.
(John Peacock)
auth/auth_vpopmail_sql - Support CRAM-MD5 (requires clear_passwd)
(John Peacock)
plugins/queue/qmail-queue - Added a timestamp and the qmail-queue qp
identifier to the "Queued!" message, for compatibility with qmail-smtpd
(Michael Toren)
Support qmail-smtpd's timeoutsmtpd config file
Many improvements to the forking server (qpsmtpd-forkserver)
Plugin testing framework (Matt)
Added Apache::Qpsmtpd (Apache/mod_perl 2.0 connection handler)
Allow for multiple instances of a single plugin by using plugin:0
notation (Robert)
Fix CDB support so the server can work without it
VRFY plugin support (Robert Spier)
Added Makefile.PL etc to make it easier to build a package (Matt).
Added Apache::Qpsmtpd to the distro.
Make the distro follow the CPAN module style (Makefile.PL, MANIFEST, etc)
Make the rhsbl plugin do DNS lookups in the background. (Mark Powell)
Fix warning in count_unrecognized_commands plugin (thanks to spaze
and Roger Walker)
Improve error messages from the Postfix module (Erik I. Bolsø,
<knan at mo.himolde.no>)
make the maildir plugin record who the message was to (with a bit of improvements
this could make a decent local delivery plugin)
Pass extra "stuff" to HELO/EHLO callbacks (to make it easier to
support SMTP extensions)
Renamed the *HARD return codes to DENY_DISCONNECT and
DENYSOFT_DISCONNECT (DENYSOFT_DISCONNECT is new)
Mail::Address does RFC822 addresses, we need SMTP addresses.
Replace Mail::Address with Peter J. Holzer's Qpsmtpd::Address module.
Don't keep adding ip addresses to the process status line ($0) when
running under PPerl.
Include the date and time the session started in the process status line.
Add "plugin/virus/uvscan" - McAfee commandline virus scanner
Inbound connections logged as soon as the remote host address is known
when running under tcpserver.
Add Qpsmtpd::Auth (authentication handlers! See plugins/auth/) (John Peacock)
Add a plugin hook for the DATA command
earlytalker -
+ optionally react to an earlytalker by denying all MAIL-FROM commands
rather than issuing a 4xx/5xx greeting and disconnecting. (Mark
Powell)
+ initial "awkward silence" period now configurable (Mark Powell)
+ DENY/DENYSOFT now configurable
Move relay flag to connection object (John Peacock):
+ add relay_client() method to Connection.pm
+ Remove $transaction->relaying() completely (due to popular demand)
Split check_relay plugin into two plugins (John Peacock):
+ check_relay now fires on connect and sets relay_client() flag
+ rcpt_ok runs last of rcpt plugins and performs final OK/DENY
+ change default config/plugins to reflect new order
0.28 - 2004/06/05
Don't keep adding ip addresses to the process status line ($0) when running under PPerl.
Include the date and time the session started in the process status line.
Added a "queue/maildir" plugin for writing incoming mails to a maildir.
Create temp files with permissions 0600 (thanks to Robert James Kaes again)
Fix warning in check_badrcptto plugin (Thanks to Robert James Kaes)
Proper "Log levels" with a configuration option
$Include feature in config/plugins
0.27.1 - 2004/03/11
SpamAssassin plugin Outlook compatibility fix (Thanks to Gergely Risko)
0.27 - 2004/03/10
Support for unix sockets in the spamassassin plugin (requires SA
2.60 or higher). Thanks to John Peacock!
Modified the dnsbl plugin to better support both A and TXT records and
support all of the RBLSMTPD functionality. (Thanks to Mark Powell)
reject bare carriage-returns in addition to the bare line-feeds
(based on a patch from Robert James Kaes, thanks!)
Bugfix to the count_unrecognized_commands plugin so it works
under PPerl (it wasn't resetting the count properly).
reset_transaction is called after disconnect plugins are called so
the Transaction objects DESTROY method is called. (Thanks to Robert
James Kaes <[email protected]>)
Made the SpamAssassin plugin work with SA 2.6+ (thanks to numerous
contributors, thanks everyone!). Note that for now it's not
including the Spam: headers with the score explained. For that use
the spamassassin_spamc plugin from http://projects.bluefeet.net/
(for now).
Added Postfix queue plugin thanks to Peter J Holzer!
Took out the last "exit" call from the SMTP object; the "transport"
module ("TcpServer", "SelectServer") needs to do the right thing in
it's disconnect method.
Update the SPF plugin (Philip Gladstone, [email protected]):
* Integrated with Mail::SPF::Query 1.991
* Don't do SPF processing when you are acting as a relay system
* Remove the MX changes as they are now inside Mail::SPF::Query
Take out Data::Dumper to save a few bytes of memory
Say Received: ... via ESMTP instead of via SMTP when the client
speaks ESMTP. (Hoping this can be a useful SpamAssassin rule).
Take out the X-SMTPD header.
Add pod documentation and sanity checking of the config to
check_badmailfrom
Use $ENV{QMAIL} to override /var/qmail for where to find the
control/ directory.