annotate NEWS @ 415:16451edcb962

spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
author Carl Byington <carl@five-ten-sg.com>
date Tue, 25 Apr 2017 15:23:33 -0700
parents d5a1ed33d3ae
children 22027ad2a28f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 412
diff changeset
1 6.57 2017-04-25 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
412
e63c6b4835ef refactor spf code; allow wildcard *.example.com in dkim signing restrictions
Carl Byington <carl@five-ten-sg.com>
parents: 409
diff changeset
2 6.56 2017-04-19 refactor spf code; allow wildcard *.example.com in dkim signing restrictions
409
e018ed19a1cc require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents: 407
diff changeset
3 6.55 2017-04-16 require 3 dots in bare ip addresses.
407
29d54e7028f6 document dmarc vs dnsbl dkim/spf; switch to . rather than " " for dkim impossible signer
Carl Byington <carl@five-ten-sg.com>
parents: 405
diff changeset
4 6.54 2017-03-30 document dmarc vs dnsbl dkim/spf; switch to . rather than " " for dkim impossible signer
405
8f3a84de3739 handle redirect= elements in spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 403
diff changeset
5 6.53 2017-03-17 suppress duplicate calls to acceptable_content(); redirect= in spf
400
b48ee4bc431b handle a and a: elements in spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 395
diff changeset
6 6.52 2017-03-09 document dkim/spf processing, handle a and a: elements
385
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
7 6.51 2017-03-06 parse spf txt records for required dkim signers
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
8 6.50 2017-02-22 reject if dkim signer is listed on surbl
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
9 6.49 2017-02-08 RHEL7 systemd and /var/run on tmpfs
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 316
diff changeset
10 6.48 2016-12-17 Add dkim white/black listing
316
f7c5cfb76e86 better smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 312
diff changeset
11 6.47 2016-09-21 Better smtp verify logging
312
9c71faaae576 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
12 6.46 2016-09-19 Enable smtp verify logging
305
1f40b1b0ad31 add bitcoin donation address
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
13 6.45 2015-04-09 Add bitcoin donation address
301
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 294
diff changeset
14 6.44 2014-10-13 Generic regex now matches against the reverse dns PTR value
294
7fb5911fe3a4 allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents: 291
diff changeset
15 6.43 2014-07-18 Allow broken SRS0+ rather than the correct SRS0= tag.
291
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
16 6.42 2014-06-28 Never add auto-whitelist entries for outgoing mail from localhost.
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
17 6.41 2014-03-21 Unique ip connection limits only apply to authenticated connections.
286
9bd5388bf469 Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents: 284
diff changeset
18 6.40 2014-02-05 Fix possible segfault in mlfi_connect, hostaddr might be null.
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
19 6.39 2013-12-31 Fix segfault caused by freeing unallocated memory.
282
e276180647ab Activate check for unique ip connection limits
Carl Byington <carl@five-ten-sg.com>
parents: 279
diff changeset
20 6.38 2013-12-24 Activate check for unique ip connection limits.
279
3d894d09c198 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
21 6.37 2013-12-17 Add unique ip connection limits per authenticated id or email address.
272
a99b6c1f5f67 Code cleanup, increase minimum hostname length for uribl checking
Carl Byington <carl@five-ten-sg.com>
parents: 270
diff changeset
22 6.36 2013-09-09 Code cleanup, increase minimum hostname length for uribl checking.
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
23 6.35 2013-09-09 Use mozilla prefix list for tld checking. Enable surbl/uribl/dbl rhs lists.
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 264
diff changeset
24 6.34 2013-05-22 Add require_rdns checking.
264
56f55547b120 fix unauthenticated rate limit bug for empty mail from; move unauthenticated rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 260
diff changeset
25 6.33 2012-07-21 Fix unauthenticated rate limit bug for empty mail from. Move unauthenticated rate limit checks after spam filtering.
260
7c05043a220e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
26 6.32 2012-07-21 Allow rate limiting for unauthentication connections by mail from address or domain.
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
27 6.31 2012-07-01 Fix uribl lookups on client dns name.
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
28 6.30 2012-04-09 Allow dnswl_list and dnsbl_list to be empty; add daily recipient limits.
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 246
diff changeset
29 6.29 2012-04-08 Add dnswl support.
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
30 6.28 2011-09-30 Add prvs decoding to envelope addresses.
244
ef97c7cd4a6e const correctness fixes from new gcc, libresolv.a moved to glibc-static on newer distributions
Carl Byington <carl@five-ten-sg.com>
parents: 242
diff changeset
31 6.27 2011-08-15 const correctness fixes from new gcc
ef97c7cd4a6e const correctness fixes from new gcc, libresolv.a moved to glibc-static on newer distributions
Carl Byington <carl@five-ten-sg.com>
parents: 242
diff changeset
32 6.26 2010-11-19 64 bit fixes for libresolv.a
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
33 6.25 2009-09-29 Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name.
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
34 6.24 2009-06-09 Add SRS decoding to envelope addresses.
233
5c3e9bf45bb5 Add whitelisting by regex expression filtering.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
35 6.23 2009-05-25 Add whitelisting by regex expression filtering.
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
36 6.22 2009-05-08 Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
227
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
37 6.21 2009-01-03 Fixes to compile on old systems without memrchr or string::clear().
216
784030ac71f1 Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
38 6.20 2008-12-27 Never whitelist self addressed mail.
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
39 6.19 2008-06-10 Fixes to compile on Fedora 9 and for const correctness.
211
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
40 6.18 2008-03-22 Extend auto-whitelisting even if specified in a parent context.
203
92a5c866bdfa Verify from/to pairs even if they might be explicitly whitelisted.
Carl Byington <carl@five-ten-sg.com>
parents: 201
diff changeset
41 6.17 2008-03-04 Verify all from/to pairs, fix dcc bulk thresholds of many.
201
752d4315675c add reference to mercurial repository in the documentation
Carl Byington <carl@five-ten-sg.com>
parents: 195
diff changeset
42 6.16 2008-02-02 Switch to Mercurial source control.
195
797299e9fffc fix null dereference if missing _ macro
carl
parents: 192
diff changeset
43 6.15 2007-12-07 Fix null pointer dereference if macro _ not passed to this milter.
797299e9fffc fix null dereference if missing _ macro
carl
parents: 192
diff changeset
44 6.14 2007-11-10 Don't autowhitelist due to out of office reply bots.
187
f0eda59e8afd fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
45 6.13 2007-11-10 Fix null pointer dereference on missing HELO command.
185
505283ab296c smtp rejections take precendence over greylisting
carl
parents: 184
diff changeset
46 6.12 2007-10-13 SMTP rejections take precedence over greylisting.
184
0e15a805d295 embedded dcc filtering
carl
parents: 179
diff changeset
47 6.11 2007-10-07 Add DCC filtering via dccifd. Fix static buffer referenced by multiple threads.
174
da0c41b9f672 don't whitelist addresses with embedded spaces
carl
parents: 173
diff changeset
48 6.10 2007-09-23 Don't whitelist addresses with embedded blanks, or the empty path.
173
83fe0be032c1 fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents: 172
diff changeset
49 6.09 2007-09-06 Fix memory leak. Update timestamps when receiving from auto-whitelisted sender.
172
d3189495ec68 don't do generic rdns filtering on whitelisted recipients
carl
parents: 168
diff changeset
50 6.08 2007-08-30 Don't do generic reverse dns filtering on authenticated connections.
168
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
51 6.07 2007-08-30 Add generic reverse dns filtering with regular expression.
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
52 6.06 2007-08-27 Fix bug that effectively disabled spamassassin filtering.
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
53 6.05 2007-08-26 Fix unitialized variable in my spamassassin code.
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
54 6.04 2007-08-26 Add spamassassin integration via spamc, code from spamass-milter.
162
c4bce911c276 don't add auto whitelist for A to A
carl
parents: 160
diff changeset
55 6.03 2007-07-14 Don't add auto whitelist entries for our own domains.
160
b3ed72ee6564 allow manual updates to auto whitelist files
carl
parents: 152
diff changeset
56 6.02 2007-07-10 Allow manual updates to the auto whitelisting files.
152
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
57 6.01 2007-07-07 GPL3. Block mail to recipients that cannot reply. Start auto whitelisting.
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
58 5.30 2007-06-09 Selinux fixes
150
a23ef169d322 limit dns resolver timeouts and retry interval
carl
parents: 149
diff changeset
59 5.29 2007-03-27 Limit dns resolver to two retries five seconds apart.
149
9581f6e62574 switch to second context wins in all cases
carl
parents: 148
diff changeset
60 5.28 2007-02-19 Change conflict resolution to "second context wins". Update ICANN tld list,
9581f6e62574 switch to second context wins in all cases
carl
parents: 148
diff changeset
61 5.27 2007-01-30 Allow 'inherit' as an env_from target.
147
812c80305f26 fix 5.23 bug and add fsa debug logging
carl
parents: 145
diff changeset
62 5.26 2006-12-04 Fix bug at 5.23 that prevented seeing host names in the mail bodies
145
9b9bab1d3c21 dump effective dnsbl_list with -c switch
carl
parents: 143
diff changeset
63 5.25 2006-10-15 Dump the effective dnsbl list with the -c switch
9b9bab1d3c21 dump effective dnsbl_list with -c switch
carl
parents: 143
diff changeset
64 5.24 2006-10-15 Allow child and parent context to specify the same fully qualified env_to address
143
ecb40aa3eaa5 require two periods for ip addresses
carl
parents: 140
diff changeset
65 5.23 2006-10-10 Require two periods in ip addresses
145
9b9bab1d3c21 dump effective dnsbl_list with -c switch
carl
parents: 143
diff changeset
66 5.22 2006-09-27 Cleanup rate limit code
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
67 5.21 2006-09-26 Add SMTP AUTH recipient rate limits
134
f9917ce924a3 all dns lookups fully qualified, my_read() bug fix
carl
parents: 133
diff changeset
68 5.20 2006-08-02 fully qualify all dns lookups; fix my_read() bug
133
b8ce1b31237d uribl lookups fully qualified; allow two component host names
carl
parents: 131
diff changeset
69 5.19 2006-08-01 uribl dnsl lookups fully qualified; allow two component host names; rpm properly creates user
128
9ab51896447f don't do uribl lookups on rfc1918 address space
carl
parents: 127
diff changeset
70 5.18 2006-04-27 sendmail no longer guarantees <> wrapper on envelopes, don't ask uribls about rfc1918 space either
126
05ae49d37896 don't do dnsbl lookups on rfc1918 address space
carl
parents: 125
diff changeset
71 5.17 2006-03-25 never ask dns blacklists about rfc1918 address space
125
8b1562482b29 put hostname in smtp message for uribl style lookups
carl
parents: 123
diff changeset
72 5.16 2006-03-16 bug fix, smtp error message for uribl filtering needs host name, not ip address
123
ecd97e7eb1f0 properly return error code with reject reason
carl
parents: 122
diff changeset
73 5.15 2006-03-15 bug fix, failed to set reason code when rejecting mail from content filtering
122
e8971c595845 fix typo in multi.surbl.org name
carl
parents: 120
diff changeset
74 5.14 2006-03-13 fix typo in default config and documentation for using multi.surbl.org
120
1d9e6c1b8872 uribl patch from Jeff Evans <jeffe@tricab.com>
carl
parents: 117
diff changeset
75 5.13 2006-03-12 patch from Jeff Evans <jeffe@tricab.com> to add SURBL/URIBL lookups
115
07e5d4721213 use larger resolver buffer
carl
parents: 113
diff changeset
76 5.12 2006-01-08 use larger resolver buffer to accomodate spammers with many name servers
113
a893afee4b80 move to autoconf/automake/docbook
carl
parents: 109
diff changeset
77 5.11 2005-12-20 switch to autoconf/automake/docbook
109
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
78 5.10 2005-10-16 fix compile error on FC3
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
79 5.9 2005-09-26 fix bug with empty return paths
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
80 5.8 2005-09-25 allow empty env_to at global context level
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
81 5.7 2005-09-23 fix bug - failed to return a value from parse_verify()
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
82 5.6 2005-09-22 tokenizer errors now go thru the syslog code
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
83 5.5 2005-09-21 cleanup debug logging
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
84 5.4 2005-09-18 add 'verify' statement
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
85 5.3 2005-08-07 properly quit if the config file has syntax errors
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
86 5.2 2005-08-02 fix bug - lack of a default return value in CONTEXT::acceptable_content()
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
87 5.1 2005-07-20 add multiple syslog debug levels
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
88 5.0 2005-07-16 major changes to the syntax of the config file
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
89 4.6 2005-04-02 fix bug - Fix enum compilation error on FC3
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
90 4.5 2005-01-22 add uuencode decoding for old style attachments
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
91 4.4 2005-01-18 fix bug in forked process termination
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
92 4.3 2005-01-16 only keep 20% of the resolver sockets in the ready pool
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
93 4.2 2005-01-08 always use the separate resolver processes
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
94 4.1 2005-01-06 use a local unix domain socket for the resolver process
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
95 4.0 2005-01-03 fork off a separate resolver listener process
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
96 3.7 2004-10-28 add 'ignore' statement
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
97 3.6 2004-09-08 better documentation regarding disabling the content filtering
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
98 3.5 2004-07-17 extend the error message for content filtering
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
99 3.4 2004-07-15 bug fix - ip addresses cannot have two consecutive periods
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
100 3.3 2004-07-09 drop root priviledges properly