Changes - j0ke.net Open Build Service

Changes of Revision 24

[-] [+]	Changed	amavisd-new.changes
@@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Wed Apr 22 17:50:00 CEST 2009 - cs@linux-administrator.com + +- update to version 2.6.3 + - see RELEASE_NOTES.2.6.3 for details + +------------------------------------------------------------------- Sun Jan 18 14:10:00 CEST 2009 - cs@linux-administrator.com - update to version 2.6.2
[-] [+]	Changed	amavisd-new.spec ^
@@ -1,5 +1,5 @@ # -# spec file for package amavisd-new (Version 2.6.2) +# spec file for package amavisd-new (Version 2.6.3) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -25,7 +25,7 @@ %endif AutoReqProv: on Summary: High-Performance E-Mail Virus Scanner -Version: 2.6.2 +Version: 2.6.3 Release: 1 Source0: amavisd-new-%{version}.tar.bz2 Source1: sysconfig.amavis @@ -234,6 +234,10 @@ Mark Martinec <mark.martinec@ijs.si> %changelog +* Wed Apr 22 2009 Carsten Schoene <cs@linux-administrator.com> +- update to version 2.6.3 + - see RELEASE_NOTES.2.6.3 for details + * Sun Jan 18 2009 Carsten Schoene <cs@linux-administrator.com> - update to version 2.6.2 - more details in RELEASE_NOTES.2.6.2
[-] [+]	Changed	amavisd-new-conf-qmail.patch ^
@@ -1,5 +1,5 @@ ---- amavisd.conf.orig 2009-01-18 13:49:48.000000000 +0100 -+++ amavisd.conf 2009-01-18 13:51:34.000000000 +0100 +--- amavisd.conf.orig 2009-04-22 16:39:13.000000000 +0200 ++++ amavisd.conf 2009-04-22 16:41:19.000000000 +0200 @@ -58,8 +58,12 @@ $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter # option(s) -p overrides $inet_socket_port and $unix_socketname @@ -59,7 +59,7 @@ # ### http://www.clamav.net/ -# ['ClamAV-clamd', -# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], --# qr/\bOK$/, qr/\bFOUND$/, +-# qr/\bOK$/m, qr/\bFOUND$/m, -# qr/^.?: (?!Infected Archive)(.) FOUND$/m ], -# # NOTE: run clamd under the same user as amavisd, or run it under its own -# # uid such as clamav, add user clamav to the amavis group, and then add @@ -68,7 +68,7 @@ -# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". +['ClamAV-clamd', + \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], -+ qr/\bOK$/, qr/\bFOUND$/, ++ qr/\bOK$/m, qr/\bFOUND$/m, + qr/^.?: (?!Infected Archive)(.) FOUND$/m ], +# NOTE: run clamd under the same user as amavisd, or run it under its own +# uid such as clamav, add user clamav to the amavis group, and then add
[-] [+]	Added	amavisd-new-conf-qmail.patchold ^
@@ -0,0 +1,80 @@ +--- amavisd.conf.orig 2009-01-18 13:49:48.000000000 +0100 ++++ amavisd.conf 2009-01-18 13:51:34.000000000 +0100 +@@ -58,8 +58,12 @@ + $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter + # option(s) -p overrides $inet_socket_port and $unix_socketname + +-$protocol = 'QMQPqq'; # suggested protocol to use on all input sockets +-$inet_socket_port = 10628; # accept connections on this local TCP port(s) ++$protocol = 'QMQPqq'; # suggested protocol to use on all input sockets ++$inet_socket_port = [10024, 10628]; # accept connections on this local TCP port(s) ++#$inet_qmqpqq_port = 10628; # accept QMQPqq on this local TCP port ++#$inet_smtp_port = 10024; # accept SMTP/LMTP on this local TCP port ++$inet_socket_bind = '127.10.10.10'; # limit socket bind to loopback interface ++@inet_acl = qw( 127.10.10.10 ); # allow SMTP access only from localhost IP + + $policy_bank{'MYNETS'} = { # mail originating from @mynetworks + originating => 1, # is true in MYNETS by default, but let's make it explicit +@@ -94,9 +98,9 @@ + auth_required_release => 0, # do not require secret_id for amavisd-release + }; + +-$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level +-$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level +-$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) ++$sa_tag_level_deflt = undef; # add spam info headers if at, or above that level ++$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level ++$sa_kill_level_deflt = 99; # triggers spam evasive actions (e.g. blocks mail) + $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent + $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From + # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off +@@ -149,16 +153,16 @@ + + # OTHER MORE COMMON SETTINGS (defaults may suffice): + +-# $myhostname = 'host.example.com'; # must be a fully-qualified domain name! ++$myhostname = 'host.example.com'; # must be a fully-qualified domain name! + +-# $notify_method = 'smtp:[127.0.0.1]:10025'; +-# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! ++$notify_method = 'smtp:127.10.10.10:10025'; ++$forward_method = 'smtp:127.10.10.10:10025'; # set to undef with milter! + +-# $final_virus_destiny = D_DISCARD; +-# $final_banned_destiny = D_BOUNCE; +-# $final_spam_destiny = D_BOUNCE; +-# $final_bad_header_destiny = D_PASS; +-# $bad_header_quarantine_method = undef; ++$final_virus_destiny = D_DISCARD; ++$final_banned_destiny = D_BOUNCE; ++$final_spam_destiny = D_PASS; ++$final_bad_header_destiny = D_PASS; ++$bad_header_quarantine_method = undef; + + # $os_fingerprint_method = 'p0f::2345'; # to query p0f-analyzer.pl + +@@ -360,15 +364,15 @@ + # ['Sophos SAVI', \&sophos_savi ], + + # ### http://www.clamav.net/ +-# ['ClamAV-clamd', +-# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], +-# qr/\bOK$/, qr/\bFOUND$/, +-# qr/^.?: (?!Infected Archive)(.) FOUND$/m ], +-# # NOTE: run clamd under the same user as amavisd, or run it under its own +-# # uid such as clamav, add user clamav to the amavis group, and then add +-# # AllowSupplementaryGroups to clamd.conf; +-# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in +-# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". ++['ClamAV-clamd', ++ \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], ++ qr/\bOK$/, qr/\bFOUND$/, ++ qr/^.?: (?!Infected Archive)(.*) FOUND$/m ], ++# NOTE: run clamd under the same user as amavisd, or run it under its own ++# uid such as clamav, add user clamav to the amavis group, and then add ++# AllowSupplementaryGroups to clamd.conf; ++# NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in ++# this entry; when running chrooted one may prefer socket "$MYHOME/clamd". + + # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) + # # note that Mail::ClamAV requires perl to be build with threading!
[-] [+]	Added	RELEASE_NOTES.2.6.3 ^
@@ -0,0 +1,11919 @@ +--------------------------------------------------------------------------- + April 22, 2009 +amavisd-new-2.6.3 release notes + + +COMPATIBILITY WITH 2.6.2 + +- support for DSPAM has been removed from Amavis::SpamControl::SpamAssassin + module, merging DSPAM scores into SpamAssassin and DSPAM autolearning + is no longer available. Nevertheless, it is now possible to use DSPAM + instead of SpamAssassin, or by adding results from each. See description + below for @spam_scanners; + +- there are no other known incompatibilities with 2.6.2; + + +BUG FIXES + +- when logging to SQL (pen pals), the msgs.message_id field always received + a value '1' instead of a Message-Id, thus making pen pals less effective + (only matching on sender/recipient pairs worked, not on message threads) + and letting some bounces bypass a bounce killer; bug was introduced with + version 2.6.2; reported by Michael Scheidell; + +- timer was not reset after a persistent failure to connect to a daemonized + virus scanner, so a subsequent call to a backup scanner only had 10 seconds + available before it was aborted, which was often too short for a command + line backup scanner like clamscan; reported by Bill Landry; + +- if a virus scanner interface did not find a name of a virus in the output + of a virus scanner (despite noticing infection), the infection was ignored; + reported by Thomas Mueller; + +- added missing /m flags to regular expressions in AV entries + (a bug is revealed with Perl 5.10.0; previous versions of Perl happened + to work, unintentionally accepting a /m flag if added late during a regexp + evaluation); reported by Rafael; + +- $banned_namepath_re setting only worked globally, but was not usable in + policy banks; reported by Danny Richter; + +- do_uncompress: signal run_command_copy() errors, instead of returning a + status, thus allowing decompose_part() to detect 'Exceeded storage quota' + or 'Maximum number of files exceeded', and flag mail as CC_UNCHECKED; + +- if $mailfrom_notify_admin was not specified in a configuration file but + defaulted to an e-mail address in $hdrfrom_notify_admin, the following + was reported (due to missing angle brackets) on an attempt to submit + a notification: + (!)SEND via SMTP: virusalert@example.com -> <virusalert@example.com>... + 501 5.1.7 Bad sender address syntax + (!)FAILED to notify admin: 501 5.1.7 Failed, id=40690-23, + from MTA([::1]:10027): 501 5.1.7 Bad sender address syntax + Notification was not sent, the rest of the processing was unaffected; + reported by Peter Pechnik, Thomas Mueller, and Stefan Förster; + +- fetch_modules: only suppress the "Can't locate ... in @INC" diagnostics + if exactly the requested module is missing, but do show the error if some + subordinate module is missing and preventing the requested module to be + loaded; + +- do_unrar: recognize an information line with a '<->'; + +- fixed a syntax error in LDAP.ldif; by Quanah Gibson-Mount + +- fixed a bug in SpamdClient; reported by Filip Valder + + +NEW FEATURES + +- added a configuration variable @client_ipaddr_policy, which maps smtp + client's IP address lookup lists to a policy bank name. This allows for + loading a policy bank based on a client IP address, and generalizes a + formerly hard-wired mapping of @mynetworks_maps into 'MYNETS'. + The list is traversed in order, the first matching networks list stops + the search and its associated policy name is used. Suggested by Jo Rhett. + + The default setting retains backwards compatibility: + @client_ipaddr_policy = map { $_ => 'MYNETS' } @mynetworks_maps; + + Example: + @client_ipaddr_policy = ( + [qw( 0.0.0.0/8 127.0.0.1/8 [::] [::1] )] => 'LOCALHOST', + [qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS', + [qw( 192.0.2.0/25 192.0.2.129 192.0.2.130 )] => 'PARTNER', + \@some_other_networks => 'OTHER', + \@mynetworks => 'MYNETS', + ); + +- large messages beyond $sa_mail_body_size_limit are now partially passed + to SpamAssassin and other spam scanners for checking: a copy passed to + a spam scanner is truncated near or slightly past the indicated limit. + Large messages are no longer given an almost free passage through spam + checks. + + Note that message truncation can invalidate a DKIM or DK signature. + If using (non-default) SpamAssassin rules to assign score points to mail + with no valid signatures from authors which are expected to always provide + a valid signature, the message truncation can cause false positives on + these rules. As a workaround, to a truncated message passed to spam + scanners, amavisd inserts a header field: + X-Amavis-MessageSize: mmmmm, TRUNCATED to nnnnn + which can be captured by SpamAssassin rules, e.g.: + header __TRUNCATED X-Amavis-MessageSize =~ m{\A[^\n]*TRUNCATED}m + and used in rules like NOTVALID_EBAY to prevent them from triggering. + + Starting with version 3.3.0 of SpamAssassin, its DKIM plugin understands + the issue and receives undamaged DKIM signature objects directly from + amavisd, so the above workaround is not needed. Also, a hit on a __TRUNCATED + rule is automatically generated (explicit header rule is not necessary), + just in case it might be useful for some purpose. + +- supports passing an extra argument suppl_attrib to $spamassassin->parse, + as recognized by SpamAssassin 3.3.0, passing a set of DKIM signature + objects to a SpamAssassin's plugin DKIM, which saves having to do the + same signature verification operation again within a plugin, and provides + uncrippled signatures to SpamAssassin even when a large message is + truncated by amavisd and only partially submitted to spam analysis; + +- add global variables $sa_configpath and $sa_siteconfigpath (undef by + default), which are passed to SpamAssassin as options 'rules_filename' + and 'site_rules_filename' during its initialization call; this makes + it easier to run multiple instances of amavisd, each with a different + SpamAssassin configuration, using the same amavisd configurations file + by taking advantage of option -i; suggested by Noah Baker; + +- report process resource usage at log level 2 by calling getrusage(1) + if a perl module Unix::Getrusage is available; + +- a configuration variable @spam_scanners is added, along with a module + Amavis::SpamControl::ExtProg (which is only loaded if needed). + This is similar in concept to @av_scanners list, and allows using + amavisd with different spam scanners, not just with SpamAssassin. + The default setting is backwards compatible: + + @spam_scanners = ( + ['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'], + ); + + The first element of each tuple is a scanner name, the second is a module + name to be invoked, it must implement a method new(). Remaining arguments + are passed to a module as arguments in a call to its new(). The exact + syntax and semantics of these arguments is module-specific and may change + in future versions as more experience is gained. + + Currently supported spam scanners are: + + - SpamAssassin: backwards compatible, uses the module Mail::SpamAssassin + directly as before; + + - SpamdClient: a client to spamd, equivalent to a spamc usage; the main + reason for existence of this module is to allow amavisd to serve as + a test client for exercising spamd; not envisaged for production use; + + - CRM114: spawns an external program 'crm'. A well trained crm114 system + gives good results (even with a global database). An alternative is to + use a CRM114 plugin to SpamAssassin, with a benefit of autolearning + and combining its results with other rules, but at some processing cost; + + - DSPAM: spawns an external program 'dspam'; + + Spam score and test results from all spam scanners are added together, + currently it makes most sense to only have one of these entries enabled + at a time. A possible (artificial, not particularly useful) configuration + with multiple entries is illustrated by the following setting: + + @spam_scanners = ( + ['SpamAssassin', 'Amavis::SpamControl::SpamAssassin' ], + + ['SpamdClient', 'Amavis::SpamControl::SpamdClient' ], + + ['CRM114', 'Amavis::SpamControl::ExtProg', 'crm', + [ qw(-u /var/amavis/home/.crm114 mailreaver.crm + --dontstore --report_only --stats_only + --good_threshold=8 --spam_threshold=-8) ], + mail_body_size_limit => 64000, score_factor => -0.20, + ], + + ['DSPAM', 'Amavis::SpamControl::ExtProg', $dspam, + [ qw(--stdout --classify --deliver=innocent,spam + --mode=tum --tokenizer=chained,noise + --user), $daemon_user ], + # use option --feature instead of --tokenizer with dspam < 3.8.0 + mail_body_size_limit => 64000, score_factor => 1, + ], + ); + + A module Amavis::SpamControl::ExtProg implements an interface to external + spawned programs. These are expected to receive a mail message on their + stdin, and produce a result on their stdout (and errors on stderr). The + result typically consists of some header fields the spawned spam scanner + wishes to report to a caller, but can also be a complete rewritten header + section or a complete rewritten mail message. The ExtProg module just + collects the information it needs from the output of a scanner and discards + the rest (i.e. an external scanner can not rewrite a message), so to avoid + unnecessary processing, it is best to configure an external scanner to + only return what is needed. + + Currently some post-processing of CRM114 and DSPAM results is hard-wired
	Added	amavisd-new-2.6.3.tar.bz2 ^