SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for amavisd-new-debuginfo-2.8.0-92.8.x86_64.rpm :
Wed May 29 14:00:00 2013 crrodriguezAATTopensuse.org
- Fix multiple bugs in systemd unit, syslog.target should
not be used and Wants must be used instead of requires in most
cases.

Thu May 2 14:00:00 2013 meissnerAATTsuse.com
- use %defattr correctly to make /var/spool/amavis not worldreadable.

Mon Feb 25 13:00:00 2013 mlinAATTsuse.com
- Install amavisd.service accordingly (/usr/lib/systemd for 12.3
and up or /lib/systemd for older versions).

Wed Feb 6 13:00:00 2013 ajAATTajaissle.de
- update to version 2.8.0
- COMPATIBILITY 2.8.0

* removed an old compatibility measure: default value of AATTbanned_admin_maps
was changed from:
AATTbanned_admin_maps = (\\$banned_admin, \\%virus_admin, \\$virus_admin);
to a more consistent:
AATTbanned_admin_maps = (\\$banned_admin);
The previous default value of AATTbanned_admin_maps tried to maintain
compatibility with versions before the setting was separated from
its companion AATTvirus_admin_maps. Now this compatibility is no longer
considered necessary and contributes to some confusion, so it was dropped.
See 2.4.0 and 2.2.1 release notes for previous changes to this setting.

* quarantining to an mbox format file used to include a local time in an
mbox separator line, which differs from RFC 4155 and common practices
of using an UTC timestamp; a time zone of a timestamp in separator lines
is now changed to UTC;
- BUG FIXES 2.8.0

* fixed initial evaluation of dynamic (i.e. per policy bank) values of
$enable_dkim_verification, $enable_dkim_signing and $bypass_decode_parts
across all declared policy banks; these policy bank entries may be scalars
of references to such;

* finely adjust a message size for de-stuffed dots according to a size
definition in RFC 1870; avoids occasional message size mismatch when
using an antispam interface module SpamdClient (implementing client-side
of a spamc/spamd protocol);

* updated LDAP.ldif to match LDAP.schema; provided by Quanah Gibson-Mount;

* updated AMAVIS-MIB.txt and amavisd-snmp-subagent: changed type of
SNMP variables
*MsgsSize
* in the group amavisStats 7 from Counter32
to Counter64 for consistency with other
*MsgsSize
* variables in groups
amavisStats 3 and amavisStats 9;
- NEW FEATURES SUMMARY 2.8.0

* For monitoring and statistics gathering purposes a new set of utilities
and service processes is available based on a message passing paradigm,
using a 0MQ (a.k.a. ZMQ, ZeroMQ, or Crossroads I/O) library. This
replaces a functionally similar set of utilities based on a shared
BerkeleyDB database, with a benefit of avoiding lock contention
altogether. This can bring sigificant speedups, most pronounced on
a host with many busy amavisd child processes.

* Applied numerous fine-grained optimizations based on a NYTProf profiler
results. Optimizations include a reduction in a number of generated
Perl opcodes and similar micro-optimizations. This accounts for a large
amount of small changes in the code.

* Our current statistics (Q4 2011) shows that 80 % of messages are below
30.000 bytes, and 90 % of mail messages are below 100.000 bytes in
size. As an optimization, messages below 100 KiB in size are now kept
and processed in memory, including passing them more optimally to
SpamAssassin 3.4.0. Some file activity is still there, but is much
reduced. If $TEMPBASE also resides on an SSD disk (or a RAM disk),
observed speedup between 2.7.2 and 2.8.0 was 3 to 8 percent on a
busy host (with monitoring disabled, so as not to skew a measurement).

* Use a module IO::Socket::IP if available, instead of dealing directly
with low-level modules IO::Socket::INET and IO::Socket::INET6;

* choose more appropriate defaults if running on an IPv6-only host
(like connecting to ::1 instead of 127.0.0.1 which may not exist);

* amavisd-release now also supports connecting to amavisd over IPv6;

* as a debugging aid it is now possible that a late event triggers full
logging of earlier events that occurred during processing of a current
mail message;

* $enable_ldap setting is now dynamic, i.e. can be changed by a policy
bank, which makes it possible to selectively disable LDAP lookups
per policy bank;

* optionally avoid persistent connections to SQL and LDAP servers;

* it is now possible to disable calling an external file(1) utility
but still have MIME parts decoding enabled;

* added support in Amavis::SpamControl::ExtProg for an external spam scanner
Bogofilter;

* added locking options to AATTspam_scanners entries, to be used with external
scanners which need but do not implement locking of their resources
by themselves;

* added a global configuration setting $sa_userprefs_file, which is passed
on to SpamAssassin as a \'userprefs_filename\' parameter at initialization;

* added a subroutine iso8601_weekday(), potentially useful with partitioning;

* added several new macros available to logging and notification templates;

Thu Dec 27 13:00:00 2012 wrAATTrosenauer.org
- update to version 2.7.2

* a generated Received header field was missing the \'IPv6:\' prefix
in the TCP-info component of a \'by\' subfield (as required by RFC 5321,
section 4.1.3) when amavisd received a message over an IPv6 protocol;
(btw, the TCP-info component of a \'from\' subfield was correct);

* changed data type of an SNMP variable LogRetries from C32 to C64
for consistency with the MIB;

* updated AV entry \'AVG Anti-Virus\' to consider status 403 continuation
lines when searching for a virus name; suggested by Ralf Hildebrandt;

* reduce a log level to 5 on a log message:
Amavis::IO::RW: Error flushing on close: ...
to avoid an innocent but sinister-looking warning when a pipe
to a virus scanner is broken and needs to be re-established;
reported by Stefan Jakobs

* updated an AV entry for \'F-Secure Linux Security\' to version 9.14;
options updated by Mika Ilmaranta, a patch by Tuomo Soini;

* fix a Unix socket compatibility issue with Net::Server versions 2.000,
2.001 and 2.002, where a method NS_unix_path no longer exists.
This method was re-introduced for compatibility reasons in 2.003.
Reported by Paul MacKenzie;

Mon Aug 27 14:00:00 2012 dmuellerAATTsuse.com
- unarj was dropped from Factory, remove dependency to it

Mon Jun 25 14:00:00 2012 varkolyAATTsuse.com
- fix the systemd service file

Thu Apr 26 14:00:00 2012 chrisAATTcomputersalat.de
- fix build for < 1210

Wed Jan 4 13:00:00 2012 varkolyAATTsuse.com
- bnc#706257 - amavis failed to start during boot, however it is active

Fri Nov 4 13:00:00 2011 varkolyAATTsuse.com
- Add systemd scripts

Wed Nov 2 13:00:00 2011 varkolyAATTsuse.com
- Fix amavisd-milter binary name

Wed Oct 26 14:00:00 2011 wrAATTrosenauer.org
- obsolete amavisd-milter package

Thu Oct 13 14:00:00 2011 varkolyAATTsuse.com
- Integrate amavisd-milter

Tue Oct 11 14:00:00 2011 varkolyAATTsuse.com
- bnc#718025 - amavisd-new 2.7.0 fails to start

Sat Sep 17 14:00:00 2011 jengelhAATTmedozas.de
- Remove redundant tags/sections from specfile

Tue Sep 13 14:00:00 2011 varkolyAATTsuse.com
- update to 2.7.0 With a synergy of four solutions, using amavisd-new
in a pre-queue filtering setup became a sensible / better behaved solution:
- old helper programs amavis.c and amavis-milter.c are no longer distributed
with the package, along with the whole helper-progs subdirectory.
As a milter client please use the more modern \'amavisd-milter\' package by
Petr Rehor, available at http://sourceforge.net/projects/amavisd-milter/
- the \"smtpd_proxy_options=speed_adjust\" Postfix option, available since
Postfix 2.7.0 (20091101), improves decoupling between SMTP clients
and a content filter in a proxy setup, reducing the number of content
filtering processes needed for the same mail load. With this option
turned on, a Postfix SMTP server receives the entire message before
connecting to a before-queue content filter;
- a master_deadline option and its API equivalent, available in SpamAssassin
since version 3.3.0, allows for time limiting on lengthy rules checking,
while still providing results when a time limit is exceeded; this makes
it more suitable for time-sensitive setups like a pre-queue filtering setup;
- reworked sub-task time limiting in amavisd, along with its counterpart
solution in SpamAssassin, makes it better suited to a real-time nature
of pre-queue filtering setups, where one has no control over how long
SMTP clients are willing to wait at the data-end stage;
- a re-purposed command line option \'reload\' now does a warm restart,
keeping sockets available to an MTA client at all times, thus reducing
a chance that an MTA would even notice a content filter\'s warm restart.

Tue Aug 30 14:00:00 2011 varkolyAATTsuse.com
- bnc#710289 - amavisd-new: fails rpmlint check non-ghost-in-var-run

Tue Jul 12 14:00:00 2011 varkolyAATTnovell.com
- Enable clamav as integrated scanner
- Enable Avira Antivir personal

Tue May 24 14:00:00 2011 varkolyAATTsuse.de
- update to 2.6.6
- amavisd-release was not sending a \'mail_file\' attribute when a quarantined
message was a non-compressed file in a single-level directory quarantine
- quarantining to SQL was sporadically failing, reporting some unrelated
random error (like \'not available\' or \'OpenSSL error: header too long\');
- avoid a warning \"_WARN: Use of uninitialized value in string eq at ...
line 275.\" when an SQL-based white/black-listing is used;
- wrap the sql clause SET NAMES \'utf8\' so that only a warning at
a log level 2 is issued if an SQL server does not understand the
command (SQLite, old versions of MySQL) instead of aborting;
- when a back-end MTA rejected a message, amavisd would send a non-delivery
status notification, but also propagate the reject status back, which is
wrong, only one or the other response would be appropriate. A fix also
allows choosing either a D_REJECT, D_BOUNCE or D_DISCARD response for
such a case, configurable through %final_destiny_by_ccat at a CC_MTA
entry, defaulting to D_REJECT;

Mon Feb 21 13:00:00 2011 varkolyAATTnovell.com
- bnc#663726 - amavisd-new: group of /var/spool/amavis conflicts with av programms

Sun Feb 20 13:00:00 2011 cooloAATTnovell.com
- unrar should not be required (non-free software now)

Thu Jun 24 14:00:00 2010 varkolyAATTnovell.com
- bnc#614316 - amavisd-new: amavisd-new/README.SuSE does not match /etc/amavisd.conf

Mon May 10 14:00:00 2010 varkolyAATTnovell.com
- bnc#600409 - amavisd not starting after system crash because of stale pid file

Mon Jul 20 14:00:00 2009 varkolyAATTsuse.de
- bnc#521366 - Amavisd-new sends bounces when it isn\'t allowed to do so (backscatter!)
- update to 2.6.4
BUG FIXES
- amavisd failed to start when spam scanning was disabled either
by AATTbypass_spam_checks_maps=(1) or by AATTspam_scanners=(), giving:
Can\'t locate object method \"new\" via package \"Amavis::SpamControl\"
- several decoders failed to propagate \"Exceeded storage quota\" exception,
so the protection of AV scanners against mail bombs was ineffective;
- milter usage (AM.PDP): verbatim header edits inserted a header body of \"1\"
instead of the correct string, for example: \"Authentication-Results: 1\";
- updated AV entry for BitDefender\'s bdscan to recognize tabs around a colon
in its output; contributed by Steve;
- fix parsing of a combined result from DSPAM (option --classify), as
earlier versions of DSPAM did not include a signature with a combined
result line;
- when logging to SQL (pen pals), the msgs.message_id field always received
a value \'1\' instead of a Message-Id, thus making pen pals less effective
(only matching on sender/recipient pairs worked, not on message threads)
and letting some bounces bypass a bounce killer; bug was introduced with
version 2.6.2;
- timer was not reset after a persistent failure to connect to a daemonized
virus scanner, so a subsequent call to a backup scanner only had 10 seconds
available before it was aborted, which was often too short for a command
line backup scanner like clamscan;
- if a virus scanner interface did not find a name of a virus in the output
of a virus scanner (despite noticing infection), the infection was ignored;
- added missing /m flags to regular expressions in AV entries
(a bug is revealed with Perl 5.10.0; previous versions of Perl happened
to work, unintentionally accepting a /m flag if added late during a regexp
evaluation);
- $banned_namepath_re setting only worked globally, but was not usable in
policy banks;
- do_uncompress: signal run_command_copy() errors, instead of returning a
status, thus allowing decompose_part() to detect \'Exceeded storage quota\'
or \'Maximum number of files exceeded\', and flag mail as CC_UNCHECKED;
- if $mailfrom_notify_admin was not specified in a configuration file but
defaulted to an e-mail address in $hdrfrom_notify_admin, the following
was reported (due to missing angle brackets) on an attempt to submit
a notification:
(!)SEND via SMTP: virusalertAATTexample.com -> ...
501 5.1.7 Bad sender address syntax
(!)FAILED to notify admin: 501 5.1.7 Failed, id=40690-23,
from MTA([::1]:10027): 501 5.1.7 Bad sender address syntax
Notification was not sent, the rest of the processing was unaffected;
- fetch_modules: only suppress the \"Can\'t locate ... in AATTINC\" diagnostics
if exactly the requested module is missing, but do show the error if some
subordinate module is missing and preventing the requested module to be
loaded;
- do_unrar: recognize an information line with a \'<->\';
- fixed a syntax error in LDAP.ldif;
- fixed a bug in SpamdClient;
NEW FEATURES SUMMARY
- provide a true SNMP agent and a MIB, facilitating monitoring the health
of a content filtering system, its performance and mail characteristics;
- a new AV interface to SMTP-based antivirus scanners;
- allow customizing SMTP-status response reason text for blocked messages;
- prevent inserting fake copies of certain important mail header fields
without breaking a DKIM signature;
- added a configuration variable AATTclient_ipaddr_policy, which maps smtp
client\'s IP address lookup lists to a policy bank name. This allows for
loading a policy bank based on a client IP address, and generalizes a
formerly hard-wired mapping of AATTmynetworks_maps into \'MYNETS\'.
- large messages beyond $sa_mail_body_size_limit are now partially passed
to SpamAssassin and other spam scanners for checking: a copy passed to
a spam scanner is truncated near or slightly past the indicated limit.
Large messages are no longer given an almost free passage through spam
checks.
- supports passing an extra argument suppl_attrib to $spamassassin->parse,
as recognized by SpamAssassin 3.3.0, passing a set of DKIM signature
objects to a SpamAssassin\'s plugin DKIM, which saves having to do the
same signature verification operation again within a plugin, and provides
uncrippled signatures to SpamAssassin even when a large message is
truncated by amavisd and only partially submitted to spam analysis;
- add global variables $sa_configpath and $sa_siteconfigpath (undef by
default), which are passed to SpamAssassin as options \'rules_filename\'
and \'site_rules_filename\' during its initialization call; this makes
it easier to run multiple instances of amavisd, each with a different
SpamAssassin configuration, using the same amavisd configurations file
by taking advantage of option -i; suggested by Noah Baker;
- report process resource usage at log level 2 by calling getrusage(1)
if a perl module Unix::Getrusage is available;

Wed Jan 21 13:00:00 2009 roAATTsuse.de
- drop requires for lha for post 11.1 (dropped package)

Mon Dec 29 13:00:00 2008 lruppAATTsuse.de
- update to 2.6.2:
+ bounce killer: improved detection of nonstandard bounces
+ bounces to be killed no longer waste SpamAssassin time
+ tool to convert dkim-filter keysfile into amavisd configuration
+ compatibility with SpamAssassin 3.3 (CVS head) regained
+ rewritten and expanded documentation section on DKIM signing and
verification in amavisd-new-docs.html
+ the %sql_clause default has changed in detail, if its value
is overridden in a configuration file the setting may need
updating
- don\'t patch it: use a regexp in the specfile to get rid of
amavisd-new-suse.{dif,patch}
- package p0f-analyzer.pl
(a program to interface amavisd with a p0f utility)
- remove outdated Obsoletes
- dont enable clamd per default - its a user decision
- added probe option to init script
- compress the Release-Notes
- Recommend clamav perl-spamassassin perl-ldap perl-Authen-SASL
perl-DBI and perl-Mail-ClamAV - they are needed just in
special cases
- use package names in PreReq
- split up amavisd-new-docs subpackage and package additional files
- dont create the vscan user in the build system (not needed)
- added amavisd-new-rpmlintrc

Tue Oct 28 13:00:00 2008 varkolyAATTsuse.de
- Require perl-Mail-DKIM
- (bnc#439292) - amavisd.conf comes with wrong path to clamd socket

Mon Sep 1 14:00:00 2008 kukukAATTsuse.de
- Don\'t require unace, amavis does not know about it.

Tue Aug 12 14:00:00 2008 crrodriguezAATTsuse.de
- fix init scripts

Tue Jul 1 14:00:00 2008 varkolyAATTsuse.de
- update to version 2.6.1
BUG FIXES
- avoid a bounce-killer\'s false positive when a message is multipart/mixed
with an attached message/rfc822 (looking like a qmail or a MSN bounce)
and having attached a message with a foreign Message-ID - by restricting
the check to messages with an empty sender address or a \'postmaster\' or
\'MAILER-DAEMON\' author address;
- privileges were dropped too early when chrooting, causing chroot to fail
- fix unwarranted \'run_av error: Exceeded allowed time\' error when using
a virus scanned Mail::ClamAV;
- fix a bug in helper-progs/amavis-milter.c where atoi could be reading
from a non-null terminated string which could result in wrong milter
return status, or even cause a read-access violation;
- dsn_cutoff_level was ignored if SpamAssassin was not invoked (e.g. on
large messages) even if recip_score_boost was nonzero, causing a DSN
not to be suppressed for internally generated large score values;
- add back the \'Ok, id=..., from MTA(...):\' prefix to a MTA status responses
on forwarded mail when generating own SMTP status response
- replaced \'-ErrFile=>
*STDOUT\' with \'-ErrFile=>\\
*STDOUT\' in a call to
BerkeleyDB::Env::new in amavisd-nanny and amavisd-agent;
NEW FEATURES
- recognize an additional place-holder %P in a template used to build
a file name in file-based quarantining.

Fri Jun 27 14:00:00 2008 varkolyAATTsuse.de
- openldap do not contains /etc/openldap anymore

Wed Jun 25 14:00:00 2008 varkolyAATTsuse.de
- update to version 2.6.0
- integrated DKIM signing and verification
- loading of policy banks based on valid DKIM-signed author\'s address
can be used for reliable whitelisting, for bypassing banned checks, etc.
- bounce killer feature: uses a pen pals SQL lookup to check inbound DSN;
- SQL logging and quarantining tables have a new field \'partition_tag\';
- captures SpamAssassin logging, more flexibility specifying SA log areas;
- collects and logs SpamAssassin timing breakdown report (requires SA 3.3);
- releasing from a quarantine can push a released message to an attachment;
- new experimental code for abuse reporting using formats: ARF/attach/plain;
- TLS support on the SMTP client and server side;
- connection caching by a SMTP client;
- amavisd-nanny and amavisd-agent now re-open a database on amavisd restarts;
- amavisd-nanny and amavisd-agent new command line option: -c count;
- updated p0f-analyzer.pl to support source port number in queries;
- amavisd can send queries either to p0f-analyzer.pl or directly to p0f;

Thu Jun 21 14:00:00 2007 varkolyAATTsuse.de
- Bug 230822 Amavisd-release Misconfiguration
- update to version 2.5.1
SECURITY
- provides checking the number of archive members against $MAXFILES quota
even when just listing an archive directory, providing some additional
protection (besides a time limit) against runaway dearchivers
(such as a recent Zoo archiver DoS);
- please use the most recent versions of file(1) utility (currently 4.21)
and recent versions of external dearchivers/decoders to avoid known
security vulnerabilities in them;
NEW FEATURES
- introduced a variation of a message release from a quarantine, allowing
a releaser to choose between forwarding a message to the back-end MTA
port as usual (avoiding re-checking of a message), or to send it to MTA
on its incoming port (normally 25) and let the message be rescanned,
which might be useful after adjusting spam rules or antivirus database.
It is implemented by:

* adding a configuration variable $requeue_method (also a member
of policy banks), with a default value: \'smtp:[127.0.0.1]:25\'

* extending the AM.PDP protocol with a \'request=requeue\' attribute
which can be used in place of a \'request=release\',

* enhancing the \'amavisd-release\' utility program to choose between
sending \'request=release\' and \'request=requeue\' based on its
program name, i.e. by making a soft or hard link to amavisd-release
(or its copy) named \'amavisd-requeue\', the utility will send
a \'request=requeue\' in place of the usual \'request=release\', e.g.:
[#] ln -s amavisd-release amavisd-requeue
$ amavisd-requeue spam/k/kg2P0rP9Lpu3.gz

* enhancing amavisd daemon to choose between forwarding a released
message either to $release_method or to $requeue_method destination
based on a \'request\' attribute value in an AM.PDP request;
- new AV entry: ArcaVir for Linux and Unix, see below for links;
- a new macro \'supplementary_info\' gives access to some additional information
provided by content scanners, such as a provided by SpamAssassin API
routine get_tag. The macro takes two arguments, the first is a tag name
(a name of some attribute which is expected to provide an associated
value), the second argument is a sprintf format string and is optional,
if missing a %s is assumed. Currently the only available attributes are
AUTOLEARN, SC, SCRULE, SCTYPE, and RELAYCOUNTRY. These are nonempty only
when an associated SpamAssassin plugin or function is enabled.
BUG FIXES
- fixed quarantining to a SQL database of messages with a null envelope
sender address (broken in 2.5.0, causing such messages to tempfail);
reported by Markus Edholm, Vahur Jõlu and Michael Scheidell;
- fixed parsing of certain broken \'From\' header fields, which would
result in a temporary failure and the following logged error:
check_init2 FAILED: parse_address_list PANIC1 53
at /usr/local/sbin/amavisd line 3292
reported by Michael Scheidell;
- avoid encoding nonprintable characters in X-Envelope-From and X-Envelope-To
header fields in a quarantined message even if envelope mail addresses
contain such invalid characters, so that a quarantine release is possible;
(RFC 2047 allows encoding of a \'phrase\' in From, To, and similar headers,
as well as in comments, but not in the address specification);
- avoid unnecessarily RFC 2047 -encoding of 8-bit characters in those
lines of inserted X-Spam-Report (and similar) multiline header fields
which only contain ASCII characters; also avoid encoding of newlines;
reported by Anant Nitya;
- properly recognize PostgreSQL error code \'S8006\' and reconnect to
a disconnected server right away; thanks to Brian Wong;
- call $mail_obj->finish after a SA call to allow for garbage collection
and removal of SA temporary files; see:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5444
- avoid nonstandard SMTP status code 254 on discarded malware;
on discarding turn status 554 into a 250 instead; violation
of a SHOULD in RFC 2822 pointed out by Alexander Bergolth;
- an informational log message was reported inappropriately:
INFO: truncated ... header line(s) longer than 998 characters
it didn\'t reflect reality, it was always reported together with the:
INFO: unfolded 1 illegal all-whitespace continuation lines
- when a SMTP option BODY=8BITMIME (RFC 1652) is not given on mail
reception, avoid turning it on while forwarding even if mail body
contains 8-bit characters; following a garbage-in-garbage-out
principle, this doesn\'t break anything that isn\'t already broken,
but might prevent later conversion to 7-bit quoted-printable MIME
by some downstream MTA, possibly preventing signature invalidations
(DKIM, S/MIME, PGP, ...) - at a risk that some overzealous firewall
might block a mail transfer;
- fixed a couple of documentation typos/bugs in README.customize
amavisd-new-2.5.0 release notes
COMPATIBILITY WITH 2.4.5
The 2.5.0 is upwards compatible with 2.4.
* versions.
Nevertheless, default notification and logging templates are
enhanced to take advantage of new macros and new concepts,
so it is prudent to update templates if defaults are overridden,
e.g. $log_templ, $notify_
*_admin_templ, ...
NEW FEATURES AT A GLANCE
- new concept: blocking contents category;
- true per-recipient defanging/sanitation of a mail body (previously
a true per-recipient handling was available for mail header edits,
but not for mail body modifications);
- added interface code to invoke Anomy Sanitizer or the \'altermime\' program
allows defanging or adding disclaimers by external utilities on a
per-recipient basis;
- rewritten SMTP client code: get rid of the troublesome module Net::SMTP;
new code now supports pipelining, client-side LMTP, IPv6, Unix sockets,
more reliable error handling, passes on ORCPT parameter, passes on ENVID
parameter unmangled, is bare-CR-clean, tidier code (no workarounds for
rough corners in Net::SMTP), fewer context switches (handshake handovers)
due to pipelining if pipelining is offered by MTA (which usually is);
- makes available pedantically parsed addresses from a mail header:
From, Sender, To, Cc. Addresses from mail header may be needed for
deciding on inserting disclaimers, signing mail (DKIM), custom hooks
(like \'vacation\'-type applications), and other future applications.
Get rid of inexact parsing by module Mail::Address, provide own parser;
- phishing fraud as returned by ClamAV is now treated as spam, no longer
as a virus;
- compatible with SpamAssassin 3.2.0;
- enhancements to amavisd-nanny: shows more detailed states of processes;
- enhancements to amavisd-agent: shows average processing times per message;
- extended AM.PDP protocol with an attribute \'policy_bank\' which may be used
in a client\'s request to require loading additional policy banks;
- add support for 7-Zip archives if external utility 7z is available;
- custom hooks allow custom code to be called at few strategic places;
- penpals can now also match replies which reference previous outgoing mail
by its MessageID (taking into account References or In-Reply-To header
field);
- new key \'originating\' in policy banks generalizes a MYNETS policy bank;
- a documentation rewrite for setting up amavisd-new with Postfix
by Patrick Ben Koetter (one of the two authors of The Book of Postfix).
Previous documentation has been renamed to README.postfix.old and will be
removed in the next version; the new documentation is README.postfix.html,
and its automatically converted plain text version is README.postfix.
BUG FIXES
- if a sender is both white- and black-listed at the same time, then
inserted X-Spam-
* header fields were inconsistent, e.g. X-Spam-Level,
X-Spam-Flag and X-Spam-Status reflected a whitelisted status (no asterisks,
not a spam), while X-Spam-Score showed 64 points; now whitelisting prevails
in all X-Spam-
* header fields;
- relax argument parsing in amavisd-release to allow releasing of
quarantine id containing a body hash in a name (%b in template);
reported by Ron Rademaker;
- skip a SQL-logging database operation if an associated clause in %sql_clause
is disabled, e.g. set to undef or \'\'; this allows for example to selectively
disable SQL logging based on a policy bank; thanks to Riaan Kok;
- let LHA decoder (do_lha) recognize also other listing formats, e.g. MS-DOS,
symlinks, not just plain Unix archives; problem reported by Ryuhei Funatsu;

Thu Mar 8 13:00:00 2007 varkolyAATTsuse.de
- update to version 2.4.5
SECURITY
- Recommended version of Convert::UUlib is 1.08 or higher
to avoid processing of uninitialized data containing \'random\' garbage.
Note that a security hole in uulib which comes with Convert::UUlib 1.04
and older is now (as of 2006-12-05) known to be exploitable:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1349
credits to Jean-Sébastien Guay-Leroux;
- p0f-analyzer.pl will no longer reply to queries coming from low-numbered
UDP ports below 1024 or from nfsd port 2049, and will ignore queries
with nonce longer than 1024 character or containing characters outside
of \\040-\\177 range to limit its usefulness as a potential reflector
for an attacker from internal networks.
INCOMPATIBLE CHANGE WITH 2.4.4
- p0f-analyzer.pl now only binds to a loopback interface by default, instead
of to all interfaces; change $bind_addr in p0f-analyzer.pl to \'0.0.0.0\'
if p0f-analyzer.pl is running on a different host from amavisd or from
other querying clients; suggested by Shaun T. Erickson and Mario Liehr;
BUG FIXES
- let p0f-analyzer.pl exit when a pipe on stdin is closed (e.g. when p0f
is killed or crashes), instead of entering a tight loop; reported by
Justin Piszcz and Henrik Krohns;
- hard-blacklisting no longer skips quarantining when
$spam_quarantine_cutoff_level is undefined (or is an empty string);
- restart timer after Sophie times out; previously the next attempt
would run with no time limit; reported by Nick Leverton and
Nicklas Bondesson;
- fixed AM.PDP code to always provide smtp-quoted form in angle brackets
in delrcpt and addrcpt attributes of a response, i.e. in the same form
as was received in sender and recipient attributes;
- fix error reporting in open_on_specific_fd when POSIX::dup2 fails;
thanks to Chris (decoder);
- fix signal handling in read_snmp_variables() and register_proc(),
a signal could previously get lost (not re-signaled) if it occurred
within these subroutines;
- fixed get_body_digest which incorrectly determined 7- or 8-bitness
of mail header and body, setting body_type incorrectly (with only
cosmetic ill-effects);
- AM.PDP protocol: ensure proper address form is used in server response
attributes \'delrcpt\' and \'addrcpt\': the same form should be used as
in \'sender\' and \'recipient\' attributes. The attribute value syntax is
specified in RFC 2821 as \'Reverse-path\' (i.e. smtp-quoted form, enclosed
in <>); previously enclosing angle brackets were missing in a server reply;
- documentation - amavisd.conf-default incorrectly stated that a default
value for $prepend_header_fields_hdridx is 1; actually the default is 0
as correctly indicated in release notes; reported by Jo Rhett;

Mon Nov 20 13:00:00 2006 varkolyAATTsuse.de
- fixing bug 218230 - amavisd crashes on start

Fri Oct 20 14:00:00 2006 varkolyAATTsuse.de
- update to version 2.4.3
BUG FIXES AND WORKAROUNDS
- fixed a bug (introduced with amavisd-new-2.4.0): when receiving mail
from MTA through a LMTP protocol (not SMTP) and with D_BOUNCE as a
final
*destiny setting, a suppressed non-delivery notification (e.g.
spam above cutoff_level) did not turn LMTP status into a success,
so an undesired bounce was generated by MTA in a post-queue filtering
setup, contributing to excessive bounce backscatter; reported by
Michael Scheidell, thanks to Gary V for analysis;
- bug fix to amavisd-release: a regexp needs to be relaxed to allow
quarantine names like Y/spam-Y5y7A3J5r2Ax.gz, reported by Rob Chanter;
- fix a bug in LDAP lookups which could lead to an infinite loop while
expanding %m in the filter; reported by Petr Vokac;
- add \"LOCAL_STATE_DIR => \'/var/lib\'\" to the SA object initialization
for versions of SA 3.1.4 or older, so that SpamAssassin would see
additional rules provided by sa-update and placed to its default location;
the SA 3.1.5 provides its own default so this becomes unnecessary;
- bug fix: don\'t reject mail when mail size restriction is in force,
the limit is exceeded, and $final_destiny_by_ccat{+CC_OVERSIZED}
is not D_REJECT;
- treat blacklisting like high spam score when considering suppressing
quarantining (AATTspam_quarantine_cutoff_level_maps) or suppressing sending
a DSN (AATTspam_dsn_cutoff_level_maps);
- calling do_quarantine() multiple times on the same message would accumulate
header edits from each invocation, fixed; (such situation can only happen
with a modified program);
- when defanging mail or releasing mail from a quarantine, with a goal
of not breaking DKIM Sender Signing Policy and DomainKeys policy,
do not copy existing Sender header field to a new header, and insert
our own Sender field (configurable by %hdrfrom_notify_recip_by_ccat);
Note that dk-milter-0.4.1 (dk-filter) incorrectly signs mail released by
amavisd from a quarantine - presence of X-Spam-
* header fields preceded
and followed by Received header fields makes dk-filter inappropriately
reorder headers fields before signing. The dkim-milter works correctly.
The bug has been reported, but has not yet been resolved at this time.
- explicitly set PerlIO layer to \":bytes\" on a temporary file handle for
email.txt (just in case); based on a problem report by Alexander Schäfer;
- in a string produced by a macro %c remove a decimal dot if score happens
to be an integer;
- reduce $sa_mail_body_size_limit from 512 kB to 400 kB in amavisd.conf
and amavisd.conf-sample for the time being, while the SA folks work
on http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5041
(MS Outlook Express seems to be chopping long mail in approx 500 kB chunks);
- another workaround for Perl taint bug: IO::Handle::_open_mode_string
taints the $1 when mode string to IO::File::open is \'+<\', use O_RDWR
instead; thanks to Ryan Frantz;
- abort if a specified syslog facility name is unknown, instead of
switching to LOG_DAEMON as before;
- change the code which selects defanging so that defanging is triggered
if any applicable contents category of a message chooses defanging;
counterintuitive behaviour reported by Tapani Tarvainen;
- fix example in amavisd.conf-sample to use +CC_SPAM instead of CC_SPAM
as a key to a hash, e.g. $final_destiny_by_ccat{+CC_SPAM}, otherwise Perl
would implicitly turn CC_SPAM into a string when used in such a context.
Note that any Perl expression syntax would do, as long as the argument
does not look like a plain variable which receives implicit quoting;
possibilities include $xx{&CC_SPAM}, $xx{+CC_SPAM}, $xx{CC_SPAM()},
$xx{(CC_SPAM)} and similar; a more obvious &CC_SPAM is avoided because
it prevents subroutine call inlining optimization in Perl;
- qmail: update amavisd-new-qmqpqq.patch to be compatible with Net::Server
version 0.91 or later; thanks to mr from DBA Lab S.p.A.;
- AM.PDP protocol: change the order of attributes returned in an reply:
delete and edit header fields before adding new header fields;
problem of deleting just-inserted header fields in a sendmail milter
setup reported by Petr Rehor;
- AM.PDP protocol change - with version 2 of the protocol the following
changes to the protocol were made:

* \"version_server=2\" is provided in a server response as the
first attribute, older versions did not provide such attribute
(assumed version on the server side was 1);

* delheader and chgheader now stand in a response before insheader
and addheader, assuming that milter MTA will execute these
in the same order;

* new attribute: \"insheader=hdridx hdr_head hdr_body\"
(where hdridx as used by amavisd will always be 0 for now), making
it possible to prepend header fields in a sendmail milter setup
(instead of appending them, breaking compatibility with DomainKeys);
problem noted by Adam Gibson and Petr Rehor;

* new attribute: \"quarantine=reason\"
place message on hold or to a quarantine maintained by MTA, and supply
a reason text (e.g. client may call smfi_quarantine milter routine);
For future use - it is currently (2.4.3 or earlier) never used.
- new feature: \"pen pals soft-whitelisting\" lowers spam score of received
replies to a message previously sent by a local user to this address;
- new feature: added command line options to override certain configuration
settings from a config file, see below;
- documentation bug fixes, especially on the use of SQL data type TIMESTAMP;
- zoo decoder interface routine can now use utility unzoo(1) or zoo(1);
- LDAP.schema: add missing LDAP attribute amavisSpamQuarantineCutoffLevel
to the list of allowed attributes in objectclass amavisAccount;
pointed out by Paolo Cravero;
- Delivery status notifications (DSN) are now supported, both as a SMTP
protocol extension and in notifications. Header fields like X-Amavis
and X-Spam are now prepended to mail header for DomainKeys compatibility.
Configuration variables can be chosen based on mail contents category,
which is now represented explicitly. A built-in macro expander is enhanced,
providing new macros and call types. Added support for passive operating
system fingerprinting with the use of p0f, supplying collected information
as a header field to SpamAssassin. Provide compatibility with Net::Server
0.91 and later.
- fix insufficient sender address sanitation when storing quarantined or
forwarded files as BSMTP files _and_ having a %s in the corresponding

* _method template; potential security vulnerability (with limited scope)
in versions of amavisd-new 2.3.1, 2.3.2 and 2.3.3 discovered by Thomas
Jarosch;
- recognize result \"ms-windows metafile\" (or \"ms-windows metafont\") from a
file(1) utility and provide short type \'wmf\' for it; added two example
rules to amavisd.conf (and amavisd.conf-sample) to block files containing
Windows Metafiles, based on US-CERT Alert TA05-362A;

Wed Jan 25 13:00:00 2006 mlsAATTsuse.de
- converted neededforbuild to BuildRequires

Mon Aug 29 14:00:00 2005 choegerAATTsuse.de
- change clamav default setting from unix socket to tcp to be
compliant with the default settings of the clamav package

Fri Aug 26 14:00:00 2005 choegerAATTsuse.de
- amavisd does not behave LSB conform with it\'s return codes of start and stop,
so work around it in start and stop section of init script
- version 2.3.3 now requires uname(2) to return an FQHN, which isn\'t
the case with SUSE Linux; work around it in %post

Mon Aug 22 14:00:00 2005 choegerAATTsuse.de
- update to version 2.3.3

Mon Jul 4 14:00:00 2005 choegerAATTsuse.de
- use RPM_OPT_FLAGS

Wed Jun 29 14:00:00 2005 choegerAATTsuse.de
- update to version 2.3.2

Tue May 10 14:00:00 2005 choegerAATTsuse.de
- update to version 2.3.1

Mon Apr 25 14:00:00 2005 choegerAATTsuse.de
- update to version 2.3.0

Thu Feb 3 13:00:00 2005 choegerAATTsuse.de
- s/X-UnitedLinux-Should-Start/Should-Start/

Mon Jan 24 13:00:00 2005 roAATTsuse.de
- removed arc dependency (deleted package)

Fri Jan 21 13:00:00 2005 choegerAATTsuse.de
- update to version 2.2.1

Wed Nov 24 13:00:00 2004 choegerAATTsuse.de
- update to version 2.2.0

Tue Oct 5 14:00:00 2004 choegerAATTsuse.de
- bugfix: untainting filename in unlink() in function
files_to_scan(). Without untaint() amavisd-new will
e.g. fail in case of a message with an attachment that
has more than $MAXFILES files in it.

Thu Sep 23 14:00:00 2004 choegerAATTsuse.de
- setting \"$final_spam_destiny = D_PASS;\" again
- changing /var/run/clamav/clamd to /var/lib/clamav/clamd-socket

Wed Sep 15 14:00:00 2004 choegerAATTsuse.de
- HUPing no longer possible in version 2.1, using
amavisd reload instead

Tue Sep 7 14:00:00 2004 choegerAATTsuse.de
- update to minor maintenance release 2.1.2
- fixed (hard)black- and white-listing on static lookup tables
which failed to match any sender; reported by Derck Floor;
- use $hdrfrom_notify_recip address in the From: field for recipient
notifications, instead of $hdrfrom_notify_admin; inconsistency pointed out
by Ekkehard Burkon;
- the \'neutral\' sender notification template was joining the Subject and the
Message-ID header fields into one longer Subject when it was reporting some
nondelivery other than the \'invalid characters in header\'. Likewise the
first body line of this same DSN was eaten up: \"This nondelivery report was
generated by the amavisd-new program\" (the problem was introduced in
amavisd-new-20030616 and never reported);
- in amavisd-agent, amavisd-nanny, amavisd: extend the signal and error
handling in code sections holding bdb locks from just ignoring the SIGINT,
to controlled catching and re-signaling several signals and error
conditions; problem reported by Tom Mulder;
- provide new macro %e which evaluates to our best guess of the originator IP
address collected from the Received trace, complementing similar macros
%t, %a and %g; suggested by Gregor Weiss;
- add the result of macro %e to the default 0-level log entry;

Thu Aug 26 14:00:00 2004 choegerAATTsuse.de
- uncomment $unix_socketname in amavisd.conf to be able to
pipe into /usr/sbin/amavis, which needs to connect to
$unix_socketname

Thu Aug 26 14:00:00 2004 choegerAATTsuse.de
- Bugfix: amavisd 2.1.1 still announces itself as 2.1.0

Wed Aug 25 14:00:00 2004 choegerAATTsuse.de
- update to latest version 2.1.1
- fixed specfile (now needs to additional directories %{avspool}/tmp
and %{avspool}/db
- fixed hardcoded berkeleydb home path to /var/spool/amavis/db in
amavisd-agent and amavisd-nanny
- added perl-BerkeleyDB to Requires

Tue Aug 17 14:00:00 2004 choegerAATTsuse.de
- update to latest version 2.1.0 (20040815)

Mon Jun 28 14:00:00 2004 choegerAATTsuse.de
- Bugfix ID#42381 - amavisd-new reload/restart kills service
chown logfile to $daemon_user when using file logging instead
of syslog
- Bugfix ID#42223 - amavis-new spams mail.warn
do not enable amavisd-new per default in sysconfig.amavis

Mon Jun 7 14:00:00 2004 choegerAATTsuse.de
- added clamd to X-UnitedLinux-Should-Start in init-script
(related to Bugzilla ID#41722)

Fri Apr 23 14:00:00 2004 choegerAATTsuse.de
- Bugfix Bugzilla ID#39293, amavisd-new + bind9 cache
When using rbl checks etc. in amavisd-new (/etc/amavsid.conf:
$sa_local_tests_only = 0; # (default: false)) amavis seems to check for a
working DNS resolver. If not present, remote tests are disabled.
- > added $named to X-UnitedLinux-Should-Start in init-script

Tue Apr 6 14:00:00 2004 choegerAATTsuse.de
- update to patchlevel 9:
The P9 fixes few minor problems that P8 introduced, adds more workarounds for
Perl taint bugs, recognizes SFX LHA archives, supports DrWebD 4.31, The
helper program amavis-milter.c now checks and properly reports the status of
all calls to mkdir/rmdir/open/unlink/write, and makes a clear distinction
between message data and connection data. Please see the RELEASE NOTES.

Tue Mar 30 14:00:00 2004 choegerAATTsuse.de
- forgot to add the patch for the X-Amavis-Alert changes

Fri Mar 26 13:00:00 2004 choegerAATTsuse.de
- added sendmail to neededforbuild
- always use the same X-Amavis-Alert header (and not X-AMaViS-Alert on
one place)

Wed Mar 17 13:00:00 2004 choegerAATTsuse.de
- update to patchlevel 8
Improved W32/Bagle-{F,...} detection (password-protected zip archives)
Bugzilla ID#36041

Thu Feb 26 13:00:00 2004 choegerAATTsuse.de
- forgot to increase patchlevel in version number

Fri Jan 9 13:00:00 2004 choegerAATTsuse.de
- update to 20030616-p7

Thu Dec 11 13:00:00 2003 choegerAATTsuse.de
- add amavis LDAP.schema to filelist (/etc/openldap/schema/amavisd-new.schema)
- deaktivate virus-scanner per default, as this requires one of the
commercial virus scanners to be installed.

Mon Nov 17 13:00:00 2003 choegerAATTsuse.de
- update to 20030616-p6

Fri Oct 31 13:00:00 2003 choegerAATTsuse.de
- Don\'t build as root

Fri Sep 5 14:00:00 2003 choegerAATTsuse.de
- security: create own group vscan and put user vscan into
group vscan as documented in the INSTALL document

Thu Sep 4 14:00:00 2003 choegerAATTsuse.de
- update to 20030616-p5
The p5 fixes SQL white/blacklist caching bug, fixes a failure when attempting
to parse nonexistent Received header field, and few minor details. See the
RELEASE NOTES.

Tue Sep 2 14:00:00 2003 choegerAATTsuse.de
- only copy /etc/amavisd.conf, if it had been really changed in %post

Mon Sep 1 14:00:00 2003 choegerAATTsuse.de
- added spamassassin to Requires (Bugzilla ID#29731)

Fri Aug 29 14:00:00 2003 kukukAATTsuse.de
- Add -r option to useradd for systemaccounts [Bug #29611]

Thu Aug 28 14:00:00 2003 mmjAATTsuse.de
- Add sysconfig metadata [#28812]

Wed Jul 30 14:00:00 2003 choegerAATTsuse.de
- new macros for stop/restart of services on rpm update/removal

Mon Jul 28 14:00:00 2003 choegerAATTsuse.de
- added AMAVIS_SENDMAIL_MILTER feature to sysconfig.amavis
- added AMAVIS_SENDMAIL_MILTER to init-script
- updated README.SuSE
- added patch to 20030616-p3

Tue Jul 1 14:00:00 2003 choegerAATTsuse.de
- do not quarantine spam mails, because the amavisd-new default is to reject
spam, which I changed to pass and tag, so there\'s no need to store them.
- set default spam score to 5.0, which is the spamassassin default
- added sysconfig.amavis to integrate into postfix/sendmail as with
amavis[d]-postfix/amavis[d]-sendmail

Tue Jul 1 14:00:00 2003 choegerAATTsuse.de
- use --with-milterlib=%{_libdir} in order to find libmilter.a on
64bit biarchs

Mon Jun 30 14:00:00 2003 choegerAATTsuse.de
- initial version 20030616-p2


 
ICM