Mercurial > dnsbl
annotate NEWS @ 467:f5b394bec28c
allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Wed, 16 Dec 2020 10:25:37 -0800 |
parents | 79e944269c0b |
children | 5209e92b4885 |
rev | line source |
---|---|
467
f5b394bec28c
allow checking names without A records on uribl lists; improve extraction of fake TLDs from our RPZ zone
Carl Byington <carl@five-ten-sg.com>
parents:
465
diff
changeset
|
1 6.77 2020-12-16 allow checking names without A records on uribl lists. |
465
79e944269c0b
SA needs original rfc5321 envelope from to do proper spf checking. Remove some debug code.
Carl Byington <carl@five-ten-sg.com>
parents:
464
diff
changeset
|
2 6.76 2019-04-25 SA needs original rfc5321 envelope from to do proper spf checking. |
464
428de28b34b7
cleanup code for adding extra spf data in dkim_from
Carl Byington <carl@five-ten-sg.com>
parents:
462
diff
changeset
|
3 6.75 2019-03-10 change dkim_from syntax to allow "signer1,signer2;spf data" |
460
ad05c61d6372
add debug code for spf check with microsoft /14
Carl Byington <carl@five-ten-sg.com>
parents:
458
diff
changeset
|
4 6.74 2018-12-24 add debug code for spf check with microsoft /14 |
458
6c1c2bd9fb54
ignore dnswl entries if the sender is <>
Carl Byington <carl@five-ten-sg.com>
parents:
456
diff
changeset
|
5 6.73 2018-09-18 ignore dnswl entries if the sender is <> |
456
2cf7183a911c
add unsigned_black for enforcement of dmarc policy
Carl Byington <carl@five-ten-sg.com>
parents:
453
diff
changeset
|
6 6.72 2018-06-06 add unsigned_black for enforcement of dmarc policy |
449
d4275f26241c
fix spf mx:domain.tld token parsing
Carl Byington <carl@five-ten-sg.com>
parents:
446
diff
changeset
|
7 6.69 2018-04-10 fix spf mx:domain.tld token parsing |
446 | 8 6.68 2018-02-19 round spamassassin scores; check >= rather than > |
443
0df77bbb7fc2
always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents:
440
diff
changeset
|
9 6.67 2018-01-05 always call dcc code so we get log entries |
440
f9165d9aa689
more changes for long syslog messages
Carl Byington <carl@five-ten-sg.com>
parents:
438
diff
changeset
|
10 6.66 2017-12-07 more changes for long syslog messages |
438 | 11 6.65 2017-11-03 code cleanup |
436
7b072e16bd69
fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
432
diff
changeset
|
12 6.64 2017-11-03 fix syslog for long messages, supress dkim checks for mail from localhost |
432
4ffa356316d5
allow syslogging of long txt records
Carl Byington <carl@five-ten-sg.com>
parents:
430
diff
changeset
|
13 6.63 2017-10-24 allow syslogging of long txt records |
430
69d33c034a8e
include arpa/nameser.h earlier
Carl Byington <carl@five-ten-sg.com>
parents:
428
diff
changeset
|
14 6.62 2017-10-03 include arpa/nameser.h earlier |
428
6f2db3d19a34
allow 4000 byte spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
425
diff
changeset
|
15 6.61 2017-10-02 allow 4000 byte spf txt records |
425
1b7a785610f5
hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents:
423
diff
changeset
|
16 6.60 2017-08-18 hosts-ignore.conf can be used to ignore nameserver names |
423
c9b7b6dd1206
use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain
Carl Byington <carl@five-ten-sg.com>
parents:
421
diff
changeset
|
17 6.59 2017-07-26 use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain. |
421
22027ad2a28f
spf code now handles %{d} and %{h} macros; use envelope from value for spf if it is a subdomain of the header from domain
Carl Byington <carl@five-ten-sg.com>
parents:
414
diff
changeset
|
18 6.58 2017-05-19 spf code now handles %{d} and %{h} macros, use envelope from value for spf if it is a subdomain of the header from domain. |
414
d5a1ed33d3ae
spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents:
412
diff
changeset
|
19 6.57 2017-04-25 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro |
412
e63c6b4835ef
refactor spf code; allow wildcard *.example.com in dkim signing restrictions
Carl Byington <carl@five-ten-sg.com>
parents:
409
diff
changeset
|
20 6.56 2017-04-19 refactor spf code; allow wildcard *.example.com in dkim signing restrictions |
409
e018ed19a1cc
require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents:
407
diff
changeset
|
21 6.55 2017-04-16 require 3 dots in bare ip addresses. |
407
29d54e7028f6
document dmarc vs dnsbl dkim/spf; switch to . rather than " " for dkim impossible signer
Carl Byington <carl@five-ten-sg.com>
parents:
405
diff
changeset
|
22 6.54 2017-03-30 document dmarc vs dnsbl dkim/spf; switch to . rather than " " for dkim impossible signer |
405
8f3a84de3739
handle redirect= elements in spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
403
diff
changeset
|
23 6.53 2017-03-17 suppress duplicate calls to acceptable_content(); redirect= in spf |
400
b48ee4bc431b
handle a and a: elements in spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
395
diff
changeset
|
24 6.52 2017-03-09 document dkim/spf processing, handle a and a: elements |
385
be7355b47051
start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents:
381
diff
changeset
|
25 6.51 2017-03-06 parse spf txt records for required dkim signers |
381
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
26 6.50 2017-02-22 reject if dkim signer is listed on surbl |
879a470c6ac3
fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents:
377
diff
changeset
|
27 6.49 2017-02-08 RHEL7 systemd and /var/run on tmpfs |
321
e172dc10fe24
add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents:
316
diff
changeset
|
28 6.48 2016-12-17 Add dkim white/black listing |
316
f7c5cfb76e86
better smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents:
312
diff
changeset
|
29 6.47 2016-09-21 Better smtp verify logging |
312
9c71faaae576
enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents:
311
diff
changeset
|
30 6.46 2016-09-19 Enable smtp verify logging |
305
1f40b1b0ad31
add bitcoin donation address
Carl Byington <carl@five-ten-sg.com>
parents:
301
diff
changeset
|
31 6.45 2015-04-09 Add bitcoin donation address |
301
13905d36ca82
Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents:
294
diff
changeset
|
32 6.44 2014-10-13 Generic regex now matches against the reverse dns PTR value |
294
7fb5911fe3a4
allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents:
291
diff
changeset
|
33 6.43 2014-07-18 Allow broken SRS0+ rather than the correct SRS0= tag. |
291
9f0d9fcb58dd
Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
286
diff
changeset
|
34 6.42 2014-06-28 Never add auto-whitelist entries for outgoing mail from localhost. |
9f0d9fcb58dd
Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents:
286
diff
changeset
|
35 6.41 2014-03-21 Unique ip connection limits only apply to authenticated connections. |
286
9bd5388bf469
Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents:
284
diff
changeset
|
36 6.40 2014-02-05 Fix possible segfault in mlfi_connect, hostaddr might be null. |
284
896b9393d3f0
Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents:
282
diff
changeset
|
37 6.39 2013-12-31 Fix segfault caused by freeing unallocated memory. |
282
e276180647ab
Activate check for unique ip connection limits
Carl Byington <carl@five-ten-sg.com>
parents:
279
diff
changeset
|
38 6.38 2013-12-24 Activate check for unique ip connection limits. |
279
3d894d09c198
add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents:
278
diff
changeset
|
39 6.37 2013-12-17 Add unique ip connection limits per authenticated id or email address. |
272
a99b6c1f5f67
Code cleanup, increase minimum hostname length for uribl checking
Carl Byington <carl@five-ten-sg.com>
parents:
270
diff
changeset
|
40 6.36 2013-09-09 Code cleanup, increase minimum hostname length for uribl checking. |
270
f92f24950bd3
Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents:
268
diff
changeset
|
41 6.35 2013-09-09 Use mozilla prefix list for tld checking. Enable surbl/uribl/dbl rhs lists. |
268
f941563c2a95
Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents:
264
diff
changeset
|
42 6.34 2013-05-22 Add require_rdns checking. |
264
56f55547b120
fix unauthenticated rate limit bug for empty mail from; move unauthenticated rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents:
260
diff
changeset
|
43 6.33 2012-07-21 Fix unauthenticated rate limit bug for empty mail from. Move unauthenticated rate limit checks after spam filtering. |
260
7c05043a220e
add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents:
257
diff
changeset
|
44 6.32 2012-07-21 Allow rate limiting for unauthentication connections by mail from address or domain. |
257
d11b529ce9c5
Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents:
255
diff
changeset
|
45 6.31 2012-07-01 Fix uribl lookups on client dns name. |
255
d6d5c50b9278
Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents:
249
diff
changeset
|
46 6.30 2012-04-09 Allow dnswl_list and dnsbl_list to be empty; add daily recipient limits. |
249 | 47 6.29 2012-04-08 Add dnswl support. |
246
8b0f16abee53
Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
244
diff
changeset
|
48 6.28 2011-09-30 Add prvs decoding to envelope addresses. |
244
ef97c7cd4a6e
const correctness fixes from new gcc, libresolv.a moved to glibc-static on newer distributions
Carl Byington <carl@five-ten-sg.com>
parents:
242
diff
changeset
|
49 6.27 2011-08-15 const correctness fixes from new gcc |
ef97c7cd4a6e
const correctness fixes from new gcc, libresolv.a moved to glibc-static on newer distributions
Carl Byington <carl@five-ten-sg.com>
parents:
242
diff
changeset
|
50 6.26 2010-11-19 64 bit fixes for libresolv.a |
236
c0d2e99c0a1d
Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents:
235
diff
changeset
|
51 6.25 2009-09-29 Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name. |
235
e6c66640f6f9
Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents:
233
diff
changeset
|
52 6.24 2009-06-09 Add SRS decoding to envelope addresses. |
233
5c3e9bf45bb5
Add whitelisting by regex expression filtering.
Carl Byington <carl@five-ten-sg.com>
parents:
230
diff
changeset
|
53 6.23 2009-05-25 Add whitelisting by regex expression filtering. |
230
ad38575e98ca
Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents:
227
diff
changeset
|
54 6.22 2009-05-08 Prevent auto whitelisting due to outgoing multipart/report delivery notifications. |
227
3fee608becbc
Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents:
216
diff
changeset
|
55 6.21 2009-01-03 Fixes to compile on old systems without memrchr or string::clear(). |
216
784030ac71f1
Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
214
diff
changeset
|
56 6.20 2008-12-27 Never whitelist self addressed mail. |
214
82886d4dd71f
Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents:
211
diff
changeset
|
57 6.19 2008-06-10 Fixes to compile on Fedora 9 and for const correctness. |
211
4db1457cd11a
Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents:
203
diff
changeset
|
58 6.18 2008-03-22 Extend auto-whitelisting even if specified in a parent context. |
203
92a5c866bdfa
Verify from/to pairs even if they might be explicitly whitelisted.
Carl Byington <carl@five-ten-sg.com>
parents:
201
diff
changeset
|
59 6.17 2008-03-04 Verify all from/to pairs, fix dcc bulk thresholds of many. |
201
752d4315675c
add reference to mercurial repository in the documentation
Carl Byington <carl@five-ten-sg.com>
parents:
195
diff
changeset
|
60 6.16 2008-02-02 Switch to Mercurial source control. |
195 | 61 6.15 2007-12-07 Fix null pointer dereference if macro _ not passed to this milter. |
62 6.14 2007-11-10 Don't autowhitelist due to out of office reply bots. | |
187
f0eda59e8afd
fix null pointer dereference from missing HELO command
carl
parents:
185
diff
changeset
|
63 6.13 2007-11-10 Fix null pointer dereference on missing HELO command. |
185 | 64 6.12 2007-10-13 SMTP rejections take precedence over greylisting. |
184 | 65 6.11 2007-10-07 Add DCC filtering via dccifd. Fix static buffer referenced by multiple threads. |
174 | 66 6.10 2007-09-23 Don't whitelist addresses with embedded blanks, or the empty path. |
173
83fe0be032c1
fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents:
172
diff
changeset
|
67 6.09 2007-09-06 Fix memory leak. Update timestamps when receiving from auto-whitelisted sender. |
172
d3189495ec68
don't do generic rdns filtering on whitelisted recipients
carl
parents:
168
diff
changeset
|
68 6.08 2007-08-30 Don't do generic reverse dns filtering on authenticated connections. |
168 | 69 6.07 2007-08-30 Add generic reverse dns filtering with regular expression. |
70 6.06 2007-08-27 Fix bug that effectively disabled spamassassin filtering. | |
71 6.05 2007-08-26 Fix unitialized variable in my spamassassin code. | |
72 6.04 2007-08-26 Add spamassassin integration via spamc, code from spamass-milter. | |
162 | 73 6.03 2007-07-14 Don't add auto whitelist entries for our own domains. |
160 | 74 6.02 2007-07-10 Allow manual updates to the auto whitelisting files. |
152 | 75 6.01 2007-07-07 GPL3. Block mail to recipients that cannot reply. Start auto whitelisting. |
76 5.30 2007-06-09 Selinux fixes | |
150 | 77 5.29 2007-03-27 Limit dns resolver to two retries five seconds apart. |
149 | 78 5.28 2007-02-19 Change conflict resolution to "second context wins". Update ICANN tld list, |
79 5.27 2007-01-30 Allow 'inherit' as an env_from target. | |
147 | 80 5.26 2006-12-04 Fix bug at 5.23 that prevented seeing host names in the mail bodies |
145 | 81 5.25 2006-10-15 Dump the effective dnsbl list with the -c switch |
82 5.24 2006-10-15 Allow child and parent context to specify the same fully qualified env_to address | |
143 | 83 5.23 2006-10-10 Require two periods in ip addresses |
145 | 84 5.22 2006-09-27 Cleanup rate limit code |
136 | 85 5.21 2006-09-26 Add SMTP AUTH recipient rate limits |
134 | 86 5.20 2006-08-02 fully qualify all dns lookups; fix my_read() bug |
133
b8ce1b31237d
uribl lookups fully qualified; allow two component host names
carl
parents:
131
diff
changeset
|
87 5.19 2006-08-01 uribl dnsl lookups fully qualified; allow two component host names; rpm properly creates user |
128 | 88 5.18 2006-04-27 sendmail no longer guarantees <> wrapper on envelopes, don't ask uribls about rfc1918 space either |
126 | 89 5.17 2006-03-25 never ask dns blacklists about rfc1918 address space |
125 | 90 5.16 2006-03-16 bug fix, smtp error message for uribl filtering needs host name, not ip address |
123 | 91 5.15 2006-03-15 bug fix, failed to set reason code when rejecting mail from content filtering |
122 | 92 5.14 2006-03-13 fix typo in default config and documentation for using multi.surbl.org |
120 | 93 5.13 2006-03-12 patch from Jeff Evans <jeffe@tricab.com> to add SURBL/URIBL lookups |
115 | 94 5.12 2006-01-08 use larger resolver buffer to accomodate spammers with many name servers |
113 | 95 5.11 2005-12-20 switch to autoconf/automake/docbook |
109 | 96 5.10 2005-10-16 fix compile error on FC3 |
97 5.9 2005-09-26 fix bug with empty return paths | |
98 5.8 2005-09-25 allow empty env_to at global context level | |
99 5.7 2005-09-23 fix bug - failed to return a value from parse_verify() | |
100 5.6 2005-09-22 tokenizer errors now go thru the syslog code | |
101 5.5 2005-09-21 cleanup debug logging | |
102 5.4 2005-09-18 add 'verify' statement | |
103 5.3 2005-08-07 properly quit if the config file has syntax errors | |
104 5.2 2005-08-02 fix bug - lack of a default return value in CONTEXT::acceptable_content() | |
105 5.1 2005-07-20 add multiple syslog debug levels | |
106 5.0 2005-07-16 major changes to the syntax of the config file | |
107 4.6 2005-04-02 fix bug - Fix enum compilation error on FC3 | |
108 4.5 2005-01-22 add uuencode decoding for old style attachments | |
109 4.4 2005-01-18 fix bug in forked process termination | |
110 4.3 2005-01-16 only keep 20% of the resolver sockets in the ready pool | |
111 4.2 2005-01-08 always use the separate resolver processes | |
112 4.1 2005-01-06 use a local unix domain socket for the resolver process | |
113 4.0 2005-01-03 fork off a separate resolver listener process | |
114 3.7 2004-10-28 add 'ignore' statement | |
115 3.6 2004-09-08 better documentation regarding disabling the content filtering | |
116 3.5 2004-07-17 extend the error message for content filtering | |
117 3.4 2004-07-15 bug fix - ip addresses cannot have two consecutive periods | |
118 3.3 2004-07-09 drop root priviledges properly |