annotate NEWS @ 449:d4275f26241c stable-6-0-69

fix spf mx:domain.tld token parsing
author Carl Byington <carl@five-ten-sg.com>
date Tue, 10 Apr 2018 12:56:07 -0700
parents 71019a7d2b59
children f2bc221240e8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
449
d4275f26241c fix spf mx:domain.tld token parsing
Carl Byington <carl@five-ten-sg.com>
parents: 446
diff changeset
1 6.69 2018-04-10 fix spf mx:domain.tld token parsing
446
71019a7d2b59 bump version number
Carl Byington <carl@five-ten-sg.com>
parents: 443
diff changeset
2 6.68 2018-02-19 round spamassassin scores; check >= rather than >
443
0df77bbb7fc2 always call dcc code so we get log entries
Carl Byington <carl@five-ten-sg.com>
parents: 440
diff changeset
3 6.67 2018-01-05 always call dcc code so we get log entries
440
f9165d9aa689 more changes for long syslog messages
Carl Byington <carl@five-ten-sg.com>
parents: 438
diff changeset
4 6.66 2017-12-07 more changes for long syslog messages
438
1686cb639269 code cleanup
Carl Byington <carl@five-ten-sg.com>
parents: 436
diff changeset
5 6.65 2017-11-03 code cleanup
436
7b072e16bd69 fix syslog for long messages, supress dkim checks for mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 432
diff changeset
6 6.64 2017-11-03 fix syslog for long messages, supress dkim checks for mail from localhost
432
4ffa356316d5 allow syslogging of long txt records
Carl Byington <carl@five-ten-sg.com>
parents: 430
diff changeset
7 6.63 2017-10-24 allow syslogging of long txt records
430
69d33c034a8e include arpa/nameser.h earlier
Carl Byington <carl@five-ten-sg.com>
parents: 428
diff changeset
8 6.62 2017-10-03 include arpa/nameser.h earlier
428
6f2db3d19a34 allow 4000 byte spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 425
diff changeset
9 6.61 2017-10-02 allow 4000 byte spf txt records
425
1b7a785610f5 hosts-ignore.conf can be used to ignore nameserver names
Carl Byington <carl@five-ten-sg.com>
parents: 423
diff changeset
10 6.60 2017-08-18 hosts-ignore.conf can be used to ignore nameserver names
423
c9b7b6dd1206 use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain
Carl Byington <carl@five-ten-sg.com>
parents: 421
diff changeset
11 6.59 2017-07-26 use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain.
421
22027ad2a28f spf code now handles %{d} and %{h} macros; use envelope from value for spf if it is a subdomain of the header from domain
Carl Byington <carl@five-ten-sg.com>
parents: 414
diff changeset
12 6.58 2017-05-19 spf code now handles %{d} and %{h} macros, use envelope from value for spf if it is a subdomain of the header from domain.
414
d5a1ed33d3ae spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
Carl Byington <carl@five-ten-sg.com>
parents: 412
diff changeset
13 6.57 2017-04-25 spf code now handles mx,exists,ptr tags, multiple A records, %{i} macro
412
e63c6b4835ef refactor spf code; allow wildcard *.example.com in dkim signing restrictions
Carl Byington <carl@five-ten-sg.com>
parents: 409
diff changeset
14 6.56 2017-04-19 refactor spf code; allow wildcard *.example.com in dkim signing restrictions
409
e018ed19a1cc require 3 dots in bare ip addresses
Carl Byington <carl@five-ten-sg.com>
parents: 407
diff changeset
15 6.55 2017-04-16 require 3 dots in bare ip addresses.
407
29d54e7028f6 document dmarc vs dnsbl dkim/spf; switch to . rather than " " for dkim impossible signer
Carl Byington <carl@five-ten-sg.com>
parents: 405
diff changeset
16 6.54 2017-03-30 document dmarc vs dnsbl dkim/spf; switch to . rather than " " for dkim impossible signer
405
8f3a84de3739 handle redirect= elements in spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 403
diff changeset
17 6.53 2017-03-17 suppress duplicate calls to acceptable_content(); redirect= in spf
400
b48ee4bc431b handle a and a: elements in spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 395
diff changeset
18 6.52 2017-03-09 document dkim/spf processing, handle a and a: elements
385
be7355b47051 start parsing spf txt records
Carl Byington <carl@five-ten-sg.com>
parents: 381
diff changeset
19 6.51 2017-03-06 parse spf txt records for required dkim signers
381
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
20 6.50 2017-02-22 reject if dkim signer is listed on surbl
879a470c6ac3 fetch spf txt records for required dkim signers
Carl Byington <carl@five-ten-sg.com>
parents: 377
diff changeset
21 6.49 2017-02-08 RHEL7 systemd and /var/run on tmpfs
321
e172dc10fe24 add dkim white/black listing
Carl Byington <carl@five-ten-sg.com>
parents: 316
diff changeset
22 6.48 2016-12-17 Add dkim white/black listing
316
f7c5cfb76e86 better smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 312
diff changeset
23 6.47 2016-09-21 Better smtp verify logging
312
9c71faaae576 enable smtp verify logging
Carl Byington <carl@five-ten-sg.com>
parents: 311
diff changeset
24 6.46 2016-09-19 Enable smtp verify logging
305
1f40b1b0ad31 add bitcoin donation address
Carl Byington <carl@five-ten-sg.com>
parents: 301
diff changeset
25 6.45 2015-04-09 Add bitcoin donation address
301
13905d36ca82 Generic regex now matches against the reverse dns PTR value
Carl Byington <carl@five-ten-sg.com>
parents: 294
diff changeset
26 6.44 2014-10-13 Generic regex now matches against the reverse dns PTR value
294
7fb5911fe3a4 allow broken SRS0+ rather than the correct SRS0= tag
Carl Byington <carl@five-ten-sg.com>
parents: 291
diff changeset
27 6.43 2014-07-18 Allow broken SRS0+ rather than the correct SRS0= tag.
291
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
28 6.42 2014-06-28 Never add auto-whitelist entries for outgoing mail from localhost.
9f0d9fcb58dd Never add auto-whitelist entries for outgoing mail from localhost
Carl Byington <carl@five-ten-sg.com>
parents: 286
diff changeset
29 6.41 2014-03-21 Unique ip connection limits only apply to authenticated connections.
286
9bd5388bf469 Fix possible segfault in mlfi_connect, hostaddr might be null
Carl Byington <carl@five-ten-sg.com>
parents: 284
diff changeset
30 6.40 2014-02-05 Fix possible segfault in mlfi_connect, hostaddr might be null.
284
896b9393d3f0 Fix segfault caused by freeing unallocated memory
Carl Byington <carl@five-ten-sg.com>
parents: 282
diff changeset
31 6.39 2013-12-31 Fix segfault caused by freeing unallocated memory.
282
e276180647ab Activate check for unique ip connection limits
Carl Byington <carl@five-ten-sg.com>
parents: 279
diff changeset
32 6.38 2013-12-24 Activate check for unique ip connection limits.
279
3d894d09c198 add limits on unique ip addresses per hour per authenticated user
Carl Byington <carl@five-ten-sg.com>
parents: 278
diff changeset
33 6.37 2013-12-17 Add unique ip connection limits per authenticated id or email address.
272
a99b6c1f5f67 Code cleanup, increase minimum hostname length for uribl checking
Carl Byington <carl@five-ten-sg.com>
parents: 270
diff changeset
34 6.36 2013-09-09 Code cleanup, increase minimum hostname length for uribl checking.
270
f92f24950bd3 Use mozilla prefix list for tld checking, Enable surbl/uribl/dbl rhs lists
Carl Byington <carl@five-ten-sg.com>
parents: 268
diff changeset
35 6.35 2013-09-09 Use mozilla prefix list for tld checking. Enable surbl/uribl/dbl rhs lists.
268
f941563c2a95 Add require_rdns checking
Carl Byington <carl@five-ten-sg.com>
parents: 264
diff changeset
36 6.34 2013-05-22 Add require_rdns checking.
264
56f55547b120 fix unauthenticated rate limit bug for empty mail from; move unauthenticated rate limit checks after spam filtering
Carl Byington <carl@five-ten-sg.com>
parents: 260
diff changeset
37 6.33 2012-07-21 Fix unauthenticated rate limit bug for empty mail from. Move unauthenticated rate limit checks after spam filtering.
260
7c05043a220e add recipient rate limits by email from address or domain
Carl Byington <carl@five-ten-sg.com>
parents: 257
diff changeset
38 6.32 2012-07-21 Allow rate limiting for unauthentication connections by mail from address or domain.
257
d11b529ce9c5 Fix uribl lookups on client dns name, need to strip the ip address in brackets
Carl Byington <carl@five-ten-sg.com>
parents: 255
diff changeset
39 6.31 2012-07-01 Fix uribl lookups on client dns name.
255
d6d5c50b9278 Allow dnswl_list and dnsbl_list to be empty, to override lists specified in the ancestor contexts. Add daily recipient limits as a multiple of the hourly limits.
Carl Byington <carl@five-ten-sg.com>
parents: 249
diff changeset
40 6.30 2012-04-09 Allow dnswl_list and dnsbl_list to be empty; add daily recipient limits.
249
15bf4f68a0b2 Add dnswl support
Carl Byington <carl@five-ten-sg.com>
parents: 246
diff changeset
41 6.29 2012-04-08 Add dnswl support.
246
8b0f16abee53 Add prvs decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 244
diff changeset
42 6.28 2011-09-30 Add prvs decoding to envelope addresses.
244
ef97c7cd4a6e const correctness fixes from new gcc, libresolv.a moved to glibc-static on newer distributions
Carl Byington <carl@five-ten-sg.com>
parents: 242
diff changeset
43 6.27 2011-08-15 const correctness fixes from new gcc
ef97c7cd4a6e const correctness fixes from new gcc, libresolv.a moved to glibc-static on newer distributions
Carl Byington <carl@five-ten-sg.com>
parents: 242
diff changeset
44 6.26 2010-11-19 64 bit fixes for libresolv.a
236
c0d2e99c0a1d Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name
Carl Byington <carl@five-ten-sg.com>
parents: 235
diff changeset
45 6.25 2009-09-29 Add surbl checks on the smtp helo value, client reverse dns name, and mail from domain name.
235
e6c66640f6f9 Add SRS decoding to envelope addresses
Carl Byington <carl@five-ten-sg.com>
parents: 233
diff changeset
46 6.24 2009-06-09 Add SRS decoding to envelope addresses.
233
5c3e9bf45bb5 Add whitelisting by regex expression filtering.
Carl Byington <carl@five-ten-sg.com>
parents: 230
diff changeset
47 6.23 2009-05-25 Add whitelisting by regex expression filtering.
230
ad38575e98ca Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
Carl Byington <carl@five-ten-sg.com>
parents: 227
diff changeset
48 6.22 2009-05-08 Prevent auto whitelisting due to outgoing multipart/report delivery notifications.
227
3fee608becbc Fixes to compile on old systems without memrchr or string::clear().
Carl Byington <carl@five-ten-sg.com>
parents: 216
diff changeset
49 6.21 2009-01-03 Fixes to compile on old systems without memrchr or string::clear().
216
784030ac71f1 Never whitelist self addressed mail. Changes for Fedora 10 and const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 214
diff changeset
50 6.20 2008-12-27 Never whitelist self addressed mail.
214
82886d4dd71f Fixes to compile on Fedora 9 and for const correctness.
Carl Byington <carl@five-ten-sg.com>
parents: 211
diff changeset
51 6.19 2008-06-10 Fixes to compile on Fedora 9 and for const correctness.
211
4db1457cd11a Extend auto-whitelisting when receiving mail even if the auto whitelist is specified in a parent context.
Carl Byington <carl@five-ten-sg.com>
parents: 203
diff changeset
52 6.18 2008-03-22 Extend auto-whitelisting even if specified in a parent context.
203
92a5c866bdfa Verify from/to pairs even if they might be explicitly whitelisted.
Carl Byington <carl@five-ten-sg.com>
parents: 201
diff changeset
53 6.17 2008-03-04 Verify all from/to pairs, fix dcc bulk thresholds of many.
201
752d4315675c add reference to mercurial repository in the documentation
Carl Byington <carl@five-ten-sg.com>
parents: 195
diff changeset
54 6.16 2008-02-02 Switch to Mercurial source control.
195
797299e9fffc fix null dereference if missing _ macro
carl
parents: 192
diff changeset
55 6.15 2007-12-07 Fix null pointer dereference if macro _ not passed to this milter.
797299e9fffc fix null dereference if missing _ macro
carl
parents: 192
diff changeset
56 6.14 2007-11-10 Don't autowhitelist due to out of office reply bots.
187
f0eda59e8afd fix null pointer dereference from missing HELO command
carl
parents: 185
diff changeset
57 6.13 2007-11-10 Fix null pointer dereference on missing HELO command.
185
505283ab296c smtp rejections take precendence over greylisting
carl
parents: 184
diff changeset
58 6.12 2007-10-13 SMTP rejections take precedence over greylisting.
184
0e15a805d295 embedded dcc filtering
carl
parents: 179
diff changeset
59 6.11 2007-10-07 Add DCC filtering via dccifd. Fix static buffer referenced by multiple threads.
174
da0c41b9f672 don't whitelist addresses with embedded spaces
carl
parents: 173
diff changeset
60 6.10 2007-09-23 Don't whitelist addresses with embedded blanks, or the empty path.
173
83fe0be032c1 fix leak, update timestamps when receiving auto-whitelisted sender
carl
parents: 172
diff changeset
61 6.09 2007-09-06 Fix memory leak. Update timestamps when receiving from auto-whitelisted sender.
172
d3189495ec68 don't do generic rdns filtering on whitelisted recipients
carl
parents: 168
diff changeset
62 6.08 2007-08-30 Don't do generic reverse dns filtering on authenticated connections.
168
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
63 6.07 2007-08-30 Add generic reverse dns filtering with regular expression.
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
64 6.06 2007-08-27 Fix bug that effectively disabled spamassassin filtering.
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
65 6.05 2007-08-26 Fix unitialized variable in my spamassassin code.
6bac960af6b4 add generic reverse dns filtering regex
carl
parents: 167
diff changeset
66 6.04 2007-08-26 Add spamassassin integration via spamc, code from spamass-milter.
162
c4bce911c276 don't add auto whitelist for A to A
carl
parents: 160
diff changeset
67 6.03 2007-07-14 Don't add auto whitelist entries for our own domains.
160
b3ed72ee6564 allow manual updates to auto whitelist files
carl
parents: 152
diff changeset
68 6.02 2007-07-10 Allow manual updates to the auto whitelisting files.
152
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
69 6.01 2007-07-07 GPL3. Block mail to recipients that cannot reply. Start auto whitelisting.
c7fc218686f5 gpl3, block mail to recipients that cannot reply
carl
parents: 150
diff changeset
70 5.30 2007-06-09 Selinux fixes
150
a23ef169d322 limit dns resolver timeouts and retry interval
carl
parents: 149
diff changeset
71 5.29 2007-03-27 Limit dns resolver to two retries five seconds apart.
149
9581f6e62574 switch to second context wins in all cases
carl
parents: 148
diff changeset
72 5.28 2007-02-19 Change conflict resolution to "second context wins". Update ICANN tld list,
9581f6e62574 switch to second context wins in all cases
carl
parents: 148
diff changeset
73 5.27 2007-01-30 Allow 'inherit' as an env_from target.
147
812c80305f26 fix 5.23 bug and add fsa debug logging
carl
parents: 145
diff changeset
74 5.26 2006-12-04 Fix bug at 5.23 that prevented seeing host names in the mail bodies
145
9b9bab1d3c21 dump effective dnsbl_list with -c switch
carl
parents: 143
diff changeset
75 5.25 2006-10-15 Dump the effective dnsbl list with the -c switch
9b9bab1d3c21 dump effective dnsbl_list with -c switch
carl
parents: 143
diff changeset
76 5.24 2006-10-15 Allow child and parent context to specify the same fully qualified env_to address
143
ecb40aa3eaa5 require two periods for ip addresses
carl
parents: 140
diff changeset
77 5.23 2006-10-10 Require two periods in ip addresses
145
9b9bab1d3c21 dump effective dnsbl_list with -c switch
carl
parents: 143
diff changeset
78 5.22 2006-09-27 Cleanup rate limit code
136
f4746d8a12a3 add smtp auth rate limits
carl
parents: 134
diff changeset
79 5.21 2006-09-26 Add SMTP AUTH recipient rate limits
134
f9917ce924a3 all dns lookups fully qualified, my_read() bug fix
carl
parents: 133
diff changeset
80 5.20 2006-08-02 fully qualify all dns lookups; fix my_read() bug
133
b8ce1b31237d uribl lookups fully qualified; allow two component host names
carl
parents: 131
diff changeset
81 5.19 2006-08-01 uribl dnsl lookups fully qualified; allow two component host names; rpm properly creates user
128
9ab51896447f don't do uribl lookups on rfc1918 address space
carl
parents: 127
diff changeset
82 5.18 2006-04-27 sendmail no longer guarantees <> wrapper on envelopes, don't ask uribls about rfc1918 space either
126
05ae49d37896 don't do dnsbl lookups on rfc1918 address space
carl
parents: 125
diff changeset
83 5.17 2006-03-25 never ask dns blacklists about rfc1918 address space
125
8b1562482b29 put hostname in smtp message for uribl style lookups
carl
parents: 123
diff changeset
84 5.16 2006-03-16 bug fix, smtp error message for uribl filtering needs host name, not ip address
123
ecd97e7eb1f0 properly return error code with reject reason
carl
parents: 122
diff changeset
85 5.15 2006-03-15 bug fix, failed to set reason code when rejecting mail from content filtering
122
e8971c595845 fix typo in multi.surbl.org name
carl
parents: 120
diff changeset
86 5.14 2006-03-13 fix typo in default config and documentation for using multi.surbl.org
120
1d9e6c1b8872 uribl patch from Jeff Evans <jeffe@tricab.com>
carl
parents: 117
diff changeset
87 5.13 2006-03-12 patch from Jeff Evans <jeffe@tricab.com> to add SURBL/URIBL lookups
115
07e5d4721213 use larger resolver buffer
carl
parents: 113
diff changeset
88 5.12 2006-01-08 use larger resolver buffer to accomodate spammers with many name servers
113
a893afee4b80 move to autoconf/automake/docbook
carl
parents: 109
diff changeset
89 5.11 2005-12-20 switch to autoconf/automake/docbook
109
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
90 5.10 2005-10-16 fix compile error on FC3
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
91 5.9 2005-09-26 fix bug with empty return paths
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
92 5.8 2005-09-25 allow empty env_to at global context level
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
93 5.7 2005-09-23 fix bug - failed to return a value from parse_verify()
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
94 5.6 2005-09-22 tokenizer errors now go thru the syslog code
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
95 5.5 2005-09-21 cleanup debug logging
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
96 5.4 2005-09-18 add 'verify' statement
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
97 5.3 2005-08-07 properly quit if the config file has syntax errors
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
98 5.2 2005-08-02 fix bug - lack of a default return value in CONTEXT::acceptable_content()
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
99 5.1 2005-07-20 add multiple syslog debug levels
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
100 5.0 2005-07-16 major changes to the syntax of the config file
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
101 4.6 2005-04-02 fix bug - Fix enum compilation error on FC3
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
102 4.5 2005-01-22 add uuencode decoding for old style attachments
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
103 4.4 2005-01-18 fix bug in forked process termination
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
104 4.3 2005-01-16 only keep 20% of the resolver sockets in the ready pool
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
105 4.2 2005-01-08 always use the separate resolver processes
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
106 4.1 2005-01-06 use a local unix domain socket for the resolver process
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
107 4.0 2005-01-03 fork off a separate resolver listener process
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
108 3.7 2004-10-28 add 'ignore' statement
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
109 3.6 2004-09-08 better documentation regarding disabling the content filtering
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
110 3.5 2004-07-17 extend the error message for content filtering
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
111 3.4 2004-07-15 bug fix - ip addresses cannot have two consecutive periods
9978e29c4d71 move to autoconf/automake/docbook
carl
parents:
diff changeset
112 3.3 2004-07-09 drop root priviledges properly