annotate NEWS @ 448:53adaef57eb5

add unifiedlayer.com as tld for spam control
author Carl Byington <carl@five-ten-sg.com>
date Thu, 22 Feb 2018 09:42:42 -0800
parents 71019a7d2b59
children d4275f26241c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
446
71019a7d2b59 bump version number
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
1 6.68 2018-02-19 round spamassassin scores; check >= rather than >
443
0df77bbb7fc2 always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents: 440
diff changeset
2 6.67 2018-01-05 always call dcc code so we get log entries
440
f9165d9aa689 more changes for long syslog messages
Carl Byington <carl@five-ten-sg.com>
parents: 438
diff changeset
3 6.66 2017-12-07 more changes for long syslog messages
438
1686cb639269 code cleanup
Carl Byington <carl@five-ten-sg.com>
parents: 436
diff changeset
4 6.65 2017-11-03 code cleanup
436
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
5 6.64 2017-11-03 fix syslog for long messages, supress dkim checks for mail from localhost
432
4ffa356316d5 allow syslogging of long txt records
Carl Byington <carl@five-ten-sg.com>
parents: 430
diff changeset
6 6.63 2017-10-24 allow syslogging of long txt records
430
69d33c034a8e include arpa/nameser.h earlier
Carl Byington <carl@five-ten-sg.com>
parents: 428
diff changeset
7 6.62 2017-10-03 include arpa/nameser.h earlier
428
6f2db3d19a34 allow 4000 byte spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 425
diff changeset
8 6.61 2017-10-02 allow 4000 byte spf txt records
425
1b7a785610f5 hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents: 423
diff changeset
9 6.60 2017-08-18 hosts-ignore.conf can be used to ignore nameserver names
423
c9b7b6dd1206 use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain
Carl Byington <carl@five-ten-sg.com>
parents: 421
diff changeset
10 6.59 2017-07-26 use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain.
421
22027ad2a28f spf code now handles %{d} and %{h} macros; use envelope from value for spf if it is a subdomain of the header from domain
Carl Byington <carl@five-ten-sg.com>
parents: 414
diff changeset
11 6.58 2017-05-19 spf code now handles %{d} and %{h} macros, use envelope from value for spf if it is a subdomain of the header from domain.
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 412
diff changeset
12 6.57 2017-04-25 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
412
e63c6b4835ef refactor spf code; allow wildcard *.example.com in dkim signing restrictions
Carl Byington <carl@five-ten-sg.com>
parents: 409
diff changeset
13 6.56 2017-04-19 refactor spf code; allow wildcard *.example.com in dkim signing restrictions
409
e018ed19a1cc require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents: 407
diff changeset
14 6.55 2017-04-16 require 3 dots in bare ip addresses.
407
29d54e7028f6 document dmarc vs dnsbl dkim/spf; switch to . rather than " " for dkim impossible signer
Carl Byington <carl@five-ten-sg.com>
parents: 405
diff changeset
15 6.54 2017-03-30 document dmarc vs dnsbl dkim/spf; switch to . rather than " " for dkim impossible signer
405
8f3a84de3739 handle redirect= elements in spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 403
diff changeset
16 6.53 2017-03-17 suppress duplicate calls to acceptable_content(); redirect= in spf
400
b48ee4bc431b handle a and a: elements in spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 395
diff changeset
17 6.52 2017-03-09 document dkim/spf processing, handle a and a: elements
385
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
18 6.51 2017-03-06 parse spf txt records for required dkim signers
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
19 6.50 2017-02-22 reject if dkim signer is listed on surbl
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
20 6.49 2017-02-08 RHEL7 systemd and /var/run on tmpfs
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 316
diff changeset
21 6.48 2016-12-17 Add dkim white/black listing
316
f7c5cfb76e86 better smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 312
diff changeset
22 6.47 2016-09-21 Better smtp verify logging
312
9c71faaae576 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
23 6.46 2016-09-19 Enable smtp verify logging
305
1f40b1b0ad31 add bitcoin donation address
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
24 6.45 2015-04-09 Add bitcoin donation address
301
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 294
diff changeset
25 6.44 2014-10-13 Generic regex now matches against the reverse dns PTR value
294
7fb5911fe3a4 allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents: 291
diff changeset
26 6.43 2014-07-18 Allow broken SRS0+ rather than the correct SRS0= tag.
291
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
27 6.42 2014-06-28 Never add auto-whitelist entries for outgoing mail from localhost.
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
28 6.41 2014-03-21 Unique ip connection limits only apply to authenticated connections.
286
9bd5388bf469 Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents: 284
diff changeset
29 6.40 2014-02-05 Fix possible segfault in mlfi_connect, hostaddr might be null.
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
30 6.39 2013-12-31 Fix segfault caused by freeing unallocated memory.
282
e276180647ab Activate check for unique ip connection limits
Carl Byington <carl@five-ten-sg.com>
parents: 279
diff changeset
31 6.38 2013-12-24 Activate check for unique ip connection limits.
279
3d894d09c198 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
32 6.37 2013-12-17 Add unique ip connection limits per authenticated id or email address.
272
a99b6c1f5f67 Code cleanup, increase minimum hostname length for uribl checking
Carl Byington <carl@five-ten-sg.com>
parents: 270
diff changeset
33 6.36 2013-09-09 Code cleanup, increase minimum hostname length for uribl checking.
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
34 6.35 2013-09-09 Use mozilla prefix list for tld checking. Enable surbl/uribl/dbl rhs lists.
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 264
diff changeset
35 6.34 2013-05-22 Add require_rdns checking.
264
56f55547b120 fix unauthenticated rate limit bug for empty mail from; move unauthenticated rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 260
diff changeset
36 6.33 2012-07-21 Fix unauthenticated rate limit bug for empty mail from. Move unauthenticated rate limit checks after spam filtering.
260
7c05043a220e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
37 6.32 2012-07-21 Allow rate limiting for unauthentication connections by mail from address or domain.
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
38 6.31 2012-07-01 Fix uribl lookups on client dns name.
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
39 6.30 2012-04-09 Allow dnswl_list and dnsbl_list to be empty; add daily recipient limits.
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 246
diff changeset
40 6.29 2012-04-08 Add dnswl support.
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
41 6.28 2011-09-30 Add prvs decoding to envelope addresses.
244
ef97c7cd4a6e const correctness fixes from new gcc, libresolv.a moved to glibc-static on newer distributions
Carl Byington <carl@five-ten-sg.com>
parents: 242
diff changeset
42 6.27 2011-08-15 const correctness fixes from new gcc
ef97c7cd4a6e const correctness fixes from new gcc, libresolv.a moved to glibc-static on newer distributions
Carl Byington <carl@five-ten-sg.com>
parents: 242
diff changeset
43 6.26 2010-11-19 64 bit fixes for libresolv.a
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
44 6.25 2009-09-29 Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name.
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
45 6.24 2009-06-09 Add SRS decoding to envelope addresses.
233
5c3e9bf45bb5 Add whitelisting by regex expression filtering.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
46 6.23 2009-05-25 Add whitelisting by regex expression filtering.
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
47 6.22 2009-05-08 Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
227
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
48 6.21 2009-01-03 Fixes to compile on old systems without memrchr or string::clear().
216
784030ac71f1 Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
49 6.20 2008-12-27 Never whitelist self addressed mail.
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
50 6.19 2008-06-10 Fixes to compile on Fedora 9 and for const correctness.
211
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
51 6.18 2008-03-22 Extend auto-whitelisting even if specified in a parent context.
203
92a5c866bdfa Verify from/to pairs even if they might be explicitly whitelisted.
Carl Byington <carl@five-ten-sg.com>
parents: 201
diff changeset
52 6.17 2008-03-04 Verify all from/to pairs, fix dcc bulk thresholds of many.
201
752d4315675c add reference to mercurial repository in the documentation
Carl Byington <carl@five-ten-sg.com>
parents: 195
diff changeset
53 6.16 2008-02-02 Switch to Mercurial source control.
195
797299e9fffc fix null dereference if missing _ macro
carl
parents: 192
diff changeset
54 6.15 2007-12-07 Fix null pointer dereference if macro _ not passed to this milter.
797299e9fffc fix null dereference if missing _ macro
carl
parents: 192
diff changeset
55 6.14 2007-11-10 Don't autowhitelist due to out of office reply bots.
187
f0eda59e8afd fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
56 6.13 2007-11-10 Fix null pointer dereference on missing HELO command.
185
505283ab296c smtp rejections take precendence over greylisting
carl
parents: 184
diff changeset
57 6.12 2007-10-13 SMTP rejections take precedence over greylisting.
184
0e15a805d295 embedded dcc filtering
carl
parents: 179
diff changeset
58 6.11 2007-10-07 Add DCC filtering via dccifd. Fix static buffer referenced by multiple threads.
174
da0c41b9f672 don't whitelist addresses with embedded spaces
carl
parents: 173
diff changeset
59 6.10 2007-09-23 Don't whitelist addresses with embedded blanks, or the empty path.
173
83fe0be032c1 fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents: 172
diff changeset
60 6.09 2007-09-06 Fix memory leak. Update timestamps when receiving from auto-whitelisted sender.
172
d3189495ec68 don't do generic rdns filtering on whitelisted recipients
carl
parents: 168
diff changeset
61 6.08 2007-08-30 Don't do generic reverse dns filtering on authenticated connections.
168
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
62 6.07 2007-08-30 Add generic reverse dns filtering with regular expression.
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
63 6.06 2007-08-27 Fix bug that effectively disabled spamassassin filtering.
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
64 6.05 2007-08-26 Fix unitialized variable in my spamassassin code.
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
65 6.04 2007-08-26 Add spamassassin integration via spamc, code from spamass-milter.
162
c4bce911c276 don't add auto whitelist for A to A
carl
parents: 160
diff changeset
66 6.03 2007-07-14 Don't add auto whitelist entries for our own domains.
160
b3ed72ee6564 allow manual updates to auto whitelist files
carl
parents: 152
diff changeset
67 6.02 2007-07-10 Allow manual updates to the auto whitelisting files.
152
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
68 6.01 2007-07-07 GPL3. Block mail to recipients that cannot reply. Start auto whitelisting.
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
69 5.30 2007-06-09 Selinux fixes
150
a23ef169d322 limit dns resolver timeouts and retry interval
carl
parents: 149
diff changeset
70 5.29 2007-03-27 Limit dns resolver to two retries five seconds apart.
149
9581f6e62574 switch to second context wins in all cases
carl
parents: 148
diff changeset
71 5.28 2007-02-19 Change conflict resolution to "second context wins". Update ICANN tld list,
9581f6e62574 switch to second context wins in all cases
carl
parents: 148
diff changeset
72 5.27 2007-01-30 Allow 'inherit' as an env_from target.
147
812c80305f26 fix 5.23 bug and add fsa debug logging
carl
parents: 145
diff changeset
73 5.26 2006-12-04 Fix bug at 5.23 that prevented seeing host names in the mail bodies
145
9b9bab1d3c21 dump effective dnsbl_list with -c switch
carl
parents: 143
diff changeset
74 5.25 2006-10-15 Dump the effective dnsbl list with the -c switch
9b9bab1d3c21 dump effective dnsbl_list with -c switch
carl
parents: 143
diff changeset
75 5.24 2006-10-15 Allow child and parent context to specify the same fully qualified env_to address
143
ecb40aa3eaa5 require two periods for ip addresses
carl
parents: 140
diff changeset
76 5.23 2006-10-10 Require two periods in ip addresses
145
9b9bab1d3c21 dump effective dnsbl_list with -c switch
carl
parents: 143
diff changeset
77 5.22 2006-09-27 Cleanup rate limit code
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
78 5.21 2006-09-26 Add SMTP AUTH recipient rate limits
134
f9917ce924a3 all dns lookups fully qualified, my_read() bug fix
carl
parents: 133
diff changeset
79 5.20 2006-08-02 fully qualify all dns lookups; fix my_read() bug
133
b8ce1b31237d uribl lookups fully qualified; allow two component host names
carl
parents: 131
diff changeset
80 5.19 2006-08-01 uribl dnsl lookups fully qualified; allow two component host names; rpm properly creates user
128
9ab51896447f don't do uribl lookups on rfc1918 address space
carl
parents: 127
diff changeset
81 5.18 2006-04-27 sendmail no longer guarantees <> wrapper on envelopes, don't ask uribls about rfc1918 space either
126
05ae49d37896 don't do dnsbl lookups on rfc1918 address space
carl
parents: 125
diff changeset
82 5.17 2006-03-25 never ask dns blacklists about rfc1918 address space
125
8b1562482b29 put hostname in smtp message for uribl style lookups
carl
parents: 123
diff changeset
83 5.16 2006-03-16 bug fix, smtp error message for uribl filtering needs host name, not ip address
123
ecd97e7eb1f0 properly return error code with reject reason
carl
parents: 122
diff changeset
84 5.15 2006-03-15 bug fix, failed to set reason code when rejecting mail from content filtering
122
e8971c595845 fix typo in multi.surbl.org name
carl
parents: 120
diff changeset
85 5.14 2006-03-13 fix typo in default config and documentation for using multi.surbl.org
120
1d9e6c1b8872 uribl patch from Jeff Evans <jeffe@tricab.com>
carl
parents: 117
diff changeset
86 5.13 2006-03-12 patch from Jeff Evans <jeffe@tricab.com> to add SURBL/URIBL lookups
115
07e5d4721213 use larger resolver buffer
carl
parents: 113
diff changeset
87 5.12 2006-01-08 use larger resolver buffer to accomodate spammers with many name servers
113
a893afee4b80 move to autoconf/automake/docbook
carl
parents: 109
diff changeset
88 5.11 2005-12-20 switch to autoconf/automake/docbook
109
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
89 5.10 2005-10-16 fix compile error on FC3
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
90 5.9 2005-09-26 fix bug with empty return paths
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
91 5.8 2005-09-25 allow empty env_to at global context level
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
92 5.7 2005-09-23 fix bug - failed to return a value from parse_verify()
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
93 5.6 2005-09-22 tokenizer errors now go thru the syslog code
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
94 5.5 2005-09-21 cleanup debug logging
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
95 5.4 2005-09-18 add 'verify' statement
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
96 5.3 2005-08-07 properly quit if the config file has syntax errors
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
97 5.2 2005-08-02 fix bug - lack of a default return value in CONTEXT::acceptable_content()
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
98 5.1 2005-07-20 add multiple syslog debug levels
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
99 5.0 2005-07-16 major changes to the syntax of the config file
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
100 4.6 2005-04-02 fix bug - Fix enum compilation error on FC3
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
101 4.5 2005-01-22 add uuencode decoding for old style attachments
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
102 4.4 2005-01-18 fix bug in forked process termination
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
103 4.3 2005-01-16 only keep 20% of the resolver sockets in the ready pool
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
104 4.2 2005-01-08 always use the separate resolver processes
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
105 4.1 2005-01-06 use a local unix domain socket for the resolver process
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
106 4.0 2005-01-03 fork off a separate resolver listener process
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
107 3.7 2004-10-28 add 'ignore' statement
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
108 3.6 2004-09-08 better documentation regarding disabling the content filtering
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
109 3.5 2004-07-17 extend the error message for content filtering
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
110 3.4 2004-07-15 bug fix - ip addresses cannot have two consecutive periods
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
111 3.3 2004-07-09 drop root priviledges properly