Changelog for
amavisd-new-docs-2.8.1-11.1.x86_64.rpm :
Sun Jul 30 14:00:00 2017 wrAATTrosenauer.org
- boo#1012969 IPv6: DENIED ACCESS due to INVALID PEER IP ADDRESS
add amavisd-new-bug1012969.diff
Sun Jan 29 13:00:00 2017 varkolyAATTsuse.com
- bnc#1014205 L3: /etc/sysconfig/amavis missing
- bnc#1014157 L3: amavisd-new needs sa-update
Thu Sep 17 14:00:00 2015 wrAATTrosenauer.org
- require perl-Convert-BinHex as otherwise startup fails if the
package is missing (bnc#942254)
Sat Aug 16 14:00:00 2014 roAATTsuse.de
- add /bin/logger as prereq (util-linux split)
Wed Jan 1 13:00:00 2014 wrAATTrosenauer.org
- add some recommended decoders (bnc#754852)
- fixed amavisd-milter invocation (bnc#809969)
- correctly set clamd socket to (/var/run/clamav/clamd-socket)
(bnc#844575)
- some spec file cleanup including using optflags for native code
Tue Nov 12 13:00:00 2013 wrAATTrosenauer.org
- Add real systemd support; add required macros in %post/postun sections
and drop sysvinit support on openSUSE >= 12.3
Tue Oct 22 14:00:00 2013 varkolyAATTsuse.com
- bnc#844575 - amavis received a change where /var/run was replaced
with /run still /var/run is present
Thu Oct 3 14:00:00 2013 opensuseAATTcboltz.de
- fix clamd socket location (bnc#809580)
Wed Sep 25 14:00:00 2013 varkolyAATTsuse.com
- bnc#831556 - naming mismatch for amavis and systemd
Sat Sep 14 14:00:00 2013 wrAATTrosenauer.org
- update to version 2.8.1
COMPATIBILITY
when 0MQ (a.k.a. ZeroMQ) is used between Amavis components as an
internal messaging protocol, make sure to replace all 0MQ-enabled
Amavis components on upgrading amavisd, as the internal protocol
has changed slightly, taking advantage of 0MQ multi-part messages
for better performance. Affected programs are: amavis-services,
amavisd-status, amavisd-snmp-subagent-zmq, and amavisd.
NOTE: The Crossroads I/O project (libxs) ceased development on
July 2012, to be replaced by nanomsg eventually by the same author.
The 0MQ library (libzmq) is currently (2013) the best choice,
the preferred library version is 3.2.2 or later along with
the ZMQ::LibZMQ3 Perl interface module and ZMQ::Constants.
The older version 2 of the library, along with an older perl
module ZeroMQ, should be fine too, but lacks support for IPv6.
amavisd is compatible with perl 5.18.0 and with SpamAssassin 3.4.0
NEW FEATURES SUMMARY
* new Redis storage for the \"pen pals\" feature;
* improved IPv6 support;
* support for p0f v3;
* new macros ip_trace_all and ip_trace_public;
* amavisd-status now shows a bar graph display
of the number of active processes;
* the timing report log entry can show CPU usage
at log level 2 if a module Unix::Getrusage is available;
Wed May 29 14:00:00 2013 crrodriguezAATTopensuse.org
- Fix multiple bugs in systemd unit, syslog.target should
not be used and Wants must be used instead of requires in most
cases.
Thu May 2 14:00:00 2013 meissnerAATTsuse.com
- use %defattr correctly to make /var/spool/amavis not worldreadable.
Mon Feb 25 13:00:00 2013 mlinAATTsuse.com
- Install amavisd.service accordingly (/usr/lib/systemd for 12.3
and up or /lib/systemd for older versions).
Wed Feb 6 13:00:00 2013 ajAATTajaissle.de
- update to version 2.8.0
- COMPATIBILITY 2.8.0
* removed an old compatibility measure: default value of AATTbanned_admin_maps
was changed from:
AATTbanned_admin_maps = (\\$banned_admin, \\%virus_admin, \\$virus_admin);
to a more consistent:
AATTbanned_admin_maps = (\\$banned_admin);
The previous default value of AATTbanned_admin_maps tried to maintain
compatibility with versions before the setting was separated from
its companion AATTvirus_admin_maps. Now this compatibility is no longer
considered necessary and contributes to some confusion, so it was dropped.
See 2.4.0 and 2.2.1 release notes for previous changes to this setting.
* quarantining to an mbox format file used to include a local time in an
mbox separator line, which differs from RFC 4155 and common practices
of using an UTC timestamp; a time zone of a timestamp in separator lines
is now changed to UTC;
- BUG FIXES 2.8.0
* fixed initial evaluation of dynamic (i.e. per policy bank) values of
$enable_dkim_verification, $enable_dkim_signing and $bypass_decode_parts
across all declared policy banks; these policy bank entries may be scalars
of references to such;
* finely adjust a message size for de-stuffed dots according to a size
definition in RFC 1870; avoids occasional message size mismatch when
using an antispam interface module SpamdClient (implementing client-side
of a spamc/spamd protocol);
* updated LDAP.ldif to match LDAP.schema; provided by Quanah Gibson-Mount;
* updated AMAVIS-MIB.txt and amavisd-snmp-subagent: changed type of
SNMP variables
*MsgsSize
* in the group amavisStats 7 from Counter32
to Counter64 for consistency with other
*MsgsSize
* variables in groups
amavisStats 3 and amavisStats 9;
- NEW FEATURES SUMMARY 2.8.0
* For monitoring and statistics gathering purposes a new set of utilities
and service processes is available based on a message passing paradigm,
using a 0MQ (a.k.a. ZMQ, ZeroMQ, or Crossroads I/O) library. This
replaces a functionally similar set of utilities based on a shared
BerkeleyDB database, with a benefit of avoiding lock contention
altogether. This can bring sigificant speedups, most pronounced on
a host with many busy amavisd child processes.
* Applied numerous fine-grained optimizations based on a NYTProf profiler
results. Optimizations include a reduction in a number of generated
Perl opcodes and similar micro-optimizations. This accounts for a large
amount of small changes in the code.
* Our current statistics (Q4 2011) shows that 80 % of messages are below
30.000 bytes, and 90 % of mail messages are below 100.000 bytes in
size. As an optimization, messages below 100 KiB in size are now kept
and processed in memory, including passing them more optimally to
SpamAssassin 3.4.0. Some file activity is still there, but is much
reduced. If $TEMPBASE also resides on an SSD disk (or a RAM disk),
observed speedup between 2.7.2 and 2.8.0 was 3 to 8 percent on a
busy host (with monitoring disabled, so as not to skew a measurement).
* Use a module IO::Socket::IP if available, instead of dealing directly
with low-level modules IO::Socket::INET and IO::Socket::INET6;
* choose more appropriate defaults if running on an IPv6-only host
(like connecting to ::1 instead of 127.0.0.1 which may not exist);
* amavisd-release now also supports connecting to amavisd over IPv6;
* as a debugging aid it is now possible that a late event triggers full
logging of earlier events that occurred during processing of a current
mail message;
* $enable_ldap setting is now dynamic, i.e. can be changed by a policy
bank, which makes it possible to selectively disable LDAP lookups
per policy bank;
* optionally avoid persistent connections to SQL and LDAP servers;
* it is now possible to disable calling an external file(1) utility
but still have MIME parts decoding enabled;
* added support in Amavis::SpamControl::ExtProg for an external spam scanner
Bogofilter;
* added locking options to AATTspam_scanners entries, to be used with external
scanners which need but do not implement locking of their resources
by themselves;
* added a global configuration setting $sa_userprefs_file, which is passed
on to SpamAssassin as a \'userprefs_filename\' parameter at initialization;
* added a subroutine iso8601_weekday(), potentially useful with partitioning;
* added several new macros available to logging and notification templates;
Thu Dec 27 13:00:00 2012 wrAATTrosenauer.org
- update to version 2.7.2
* a generated Received header field was missing the \'IPv6:\' prefix
in the TCP-info component of a \'by\' subfield (as required by RFC 5321,
section 4.1.3) when amavisd received a message over an IPv6 protocol;
(btw, the TCP-info component of a \'from\' subfield was correct);
* changed data type of an SNMP variable LogRetries from C32 to C64
for consistency with the MIB;
* updated AV entry \'AVG Anti-Virus\' to consider status 403 continuation
lines when searching for a virus name; suggested by Ralf Hildebrandt;
* reduce a log level to 5 on a log message:
Amavis::IO::RW: Error flushing on close: ...
to avoid an innocent but sinister-looking warning when a pipe
to a virus scanner is broken and needs to be re-established;
reported by Stefan Jakobs
* updated an AV entry for \'F-Secure Linux Security\' to version 9.14;
options updated by Mika Ilmaranta, a patch by Tuomo Soini;
* fix a Unix socket compatibility issue with Net::Server versions 2.000,
2.001 and 2.002, where a method NS_unix_path no longer exists.
This method was re-introduced for compatibility reasons in 2.003.
Reported by Paul MacKenzie;
Mon Aug 27 14:00:00 2012 dmuellerAATTsuse.com
- unarj was dropped from Factory, remove dependency to it
Mon Jun 25 14:00:00 2012 varkolyAATTsuse.com
- fix the systemd service file
Thu Apr 26 14:00:00 2012 chrisAATTcomputersalat.de
- fix build for < 1210
Wed Jan 4 13:00:00 2012 varkolyAATTsuse.com
- bnc#706257 - amavis failed to start during boot, however it is active
Fri Nov 4 13:00:00 2011 varkolyAATTsuse.com
- Add systemd scripts
Wed Nov 2 13:00:00 2011 varkolyAATTsuse.com
- Fix amavisd-milter binary name
Wed Oct 26 14:00:00 2011 wrAATTrosenauer.org
- obsolete amavisd-milter package
Thu Oct 13 14:00:00 2011 varkolyAATTsuse.com
- Integrate amavisd-milter
Tue Oct 11 14:00:00 2011 varkolyAATTsuse.com
- bnc#718025 - amavisd-new 2.7.0 fails to start
Sat Sep 17 14:00:00 2011 jengelhAATTmedozas.de
- Remove redundant tags/sections from specfile
Tue Sep 13 14:00:00 2011 varkolyAATTsuse.com
- update to 2.7.0 With a synergy of four solutions, using amavisd-new
in a pre-queue filtering setup became a sensible / better behaved solution:
- old helper programs amavis.c and amavis-milter.c are no longer distributed
with the package, along with the whole helper-progs subdirectory.
As a milter client please use the more modern \'amavisd-milter\' package by
Petr Rehor, available at http://sourceforge.net/projects/amavisd-milter/
- the \"smtpd_proxy_options=speed_adjust\" Postfix option, available since
Postfix 2.7.0 (20091101), improves decoupling between SMTP clients
and a content filter in a proxy setup, reducing the number of content
filtering processes needed for the same mail load. With this option
turned on, a Postfix SMTP server receives the entire message before
connecting to a before-queue content filter;
- a master_deadline option and its API equivalent, available in SpamAssassin
since version 3.3.0, allows for time limiting on lengthy rules checking,
while still providing results when a time limit is exceeded; this makes
it more suitable for time-sensitive setups like a pre-queue filtering setup;
- reworked sub-task time limiting in amavisd, along with its counterpart
solution in SpamAssassin, makes it better suited to a real-time nature
of pre-queue filtering setups, where one has no control over how long
SMTP clients are willing to wait at the data-end stage;
- a re-purposed command line option \'reload\' now does a warm restart,
keeping sockets available to an MTA client at all times, thus reducing
a chance that an MTA would even notice a content filter\'s warm restart.
Tue Aug 30 14:00:00 2011 varkolyAATTsuse.com
- bnc#710289 - amavisd-new: fails rpmlint check non-ghost-in-var-run
Tue Jul 12 14:00:00 2011 varkolyAATTnovell.com
- Enable clamav as integrated scanner
- Enable Avira Antivir personal
Tue May 24 14:00:00 2011 varkolyAATTsuse.de
- update to 2.6.6
- amavisd-release was not sending a \'mail_file\' attribute when a quarantined
message was a non-compressed file in a single-level directory quarantine
- quarantining to SQL was sporadically failing, reporting some unrelated
random error (like \'not available\' or \'OpenSSL error: header too long\');
- avoid a warning \"_WARN: Use of uninitialized value in string eq at ...
line 275.\" when an SQL-based white/black-listing is used;
- wrap the sql clause SET NAMES \'utf8\' so that only a warning at
a log level 2 is issued if an SQL server does not understand the
command (SQLite, old versions of MySQL) instead of aborting;
- when a back-end MTA rejected a message, amavisd would send a non-delivery
status notification, but also propagate the reject status back, which is
wrong, only one or the other response would be appropriate. A fix also
allows choosing either a D_REJECT, D_BOUNCE or D_DISCARD response for
such a case, configurable through %final_destiny_by_ccat at a CC_MTA
entry, defaulting to D_REJECT;
Mon Feb 21 13:00:00 2011 varkolyAATTnovell.com
- bnc#663726 - amavisd-new: group of /var/spool/amavis conflicts with av programms
Sun Feb 20 13:00:00 2011 cooloAATTnovell.com
- unrar should not be required (non-free software now)
Thu Jun 24 14:00:00 2010 varkolyAATTnovell.com
- bnc#614316 - amavisd-new: amavisd-new/README.SuSE does not match /etc/amavisd.conf
Mon May 10 14:00:00 2010 varkolyAATTnovell.com
- bnc#600409 - amavisd not starting after system crash because of stale pid file
Mon Jul 20 14:00:00 2009 varkolyAATTsuse.de
- bnc#521366 - Amavisd-new sends bounces when it isn\'t allowed to do so (backscatter!)
- update to 2.6.4
BUG FIXES
- amavisd failed to start when spam scanning was disabled either
by AATTbypass_spam_checks_maps=(1) or by AATTspam_scanners=(), giving:
Can\'t locate object method \"new\" via package \"Amavis::SpamControl\"
- several decoders failed to propagate \"Exceeded storage quota\" exception,
so the protection of AV scanners against mail bombs was ineffective;
- milter usage (AM.PDP): verbatim header edits inserted a header body of \"1\"
instead of the correct string, for example: \"Authentication-Results: 1\";
- updated AV entry for BitDefender\'s bdscan to recognize tabs around a colon
in its output; contributed by Steve;
- fix parsing of a combined result from DSPAM (option --classify), as
earlier versions of DSPAM did not include a signature with a combined
result line;
- when logging to SQL (pen pals), the msgs.message_id field always received
a value \'1\' instead of a Message-Id, thus making pen pals less effective
(only matching on sender/recipient pairs worked, not on message threads)
and letting some bounces bypass a bounce killer; bug was introduced with
version 2.6.2;
- timer was not reset after a persistent failure to connect to a daemonized
virus scanner, so a subsequent call to a backup scanner only had 10 seconds
available before it was aborted, which was often too short for a command
line backup scanner like clamscan;
- if a virus scanner interface did not find a name of a virus in the output
of a virus scanner (despite noticing infection), the infection was ignored;
- added missing /m flags to regular expressions in AV entries
(a bug is revealed with Perl 5.10.0; previous versions of Perl happened
to work, unintentionally accepting a /m flag if added late during a regexp
evaluation);
- $banned_namepath_re setting only worked globally, but was not usable in
policy banks;
- do_uncompress: signal run_command_copy() errors, instead of returning a
status, thus allowing decompose_part() to detect \'Exceeded storage quota\'
or \'Maximum number of files exceeded\', and flag mail as CC_UNCHECKED;
- if $mailfrom_notify_admin was not specified in a configuration file but
defaulted to an e-mail address in $hdrfrom_notify_admin, the following
was reported (due to missing angle brackets) on an attempt to submit
a notification:
(!)SEND via SMTP: virusalertAATTexample.com ->
...
501 5.1.7 Bad sender address syntax
(!)FAILED to notify admin: 501 5.1.7 Failed, id=40690-23,
from MTA([::1]:10027): 501 5.1.7 Bad sender address syntax
Notification was not sent, the rest of the processing was unaffected;
- fetch_modules: only suppress the \"Can\'t locate ... in AATTINC\" diagnostics
if exactly the requested module is missing, but do show the error if some
subordinate module is missing and preventing the requested module to be
loaded;
- do_unrar: recognize an information line with a \'<->\';
- fixed a syntax error in LDAP.ldif;
- fixed a bug in SpamdClient;
NEW FEATURES SUMMARY
- provide a true SNMP agent and a MIB, facilitating monitoring the health
of a content filtering system, its performance and mail characteristics;
- a new AV interface to SMTP-based antivirus scanners;
- allow customizing SMTP-status response reason text for blocked messages;
- prevent inserting fake copies of certain important mail header fields
without breaking a DKIM signature;
- added a configuration variable AATTclient_ipaddr_policy, which maps smtp
client\'s IP address lookup lists to a policy bank name. This allows for
loading a policy bank based on a client IP address, and generalizes a
formerly hard-wired mapping of AATTmynetworks_maps into \'MYNETS\'.
- large messages beyond $sa_mail_body_size_limit are now partially passed
to SpamAssassin and other spam scanners for checking: a copy passed to
a spam scanner is truncated near or slightly past the indicated limit.
Large messages are no longer given an almost free passage through spam
checks.
- supports passing an extra argument suppl_attrib to $spamassassin->parse,
as recognized by SpamAssassin 3.3.0, passing a set of DKIM signature
objects to a SpamAssassin\'s plugin DKIM, which saves having to do the
same signature verification operation again within a plugin, and provides
uncrippled signatures to SpamAssassin even when a large message is
truncated by amavisd and only partially submitted to spam analysis;
- add global variables $sa_configpath and $sa_siteconfigpath (undef by
default), which are passed to SpamAssassin as options \'rules_filename\'
and \'site_rules_filename\' during its initialization call; this makes
it easier to run multiple instances of amavisd, each with a different
SpamAssassin configuration, using the same amavisd configurations file
by taking advantage of option -i; suggested by Noah Baker;
- report process resource usage at log level 2 by calling getrusage(1)
if a perl module Unix::Getrusage is available;