Search
j0ke.net Open Build Service
>
Projects
>
server:mail
>
amavisd-new
> Changes
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
Changes of Revision 5
[-]
[+]
Added
amavisd-new.changes
@@ -0,0 +1,687 @@ +------------------------------------------------------------------- +Thu Jun 21 10:10:24 CEST 2007 - varkoly@suse.de + +- Bug 230822 Amavisd-release Misconfiguration + +- update to version 2.5.1 + +SECURITY + +- provides checking the number of archive members against $MAXFILES quota + even when just listing an archive directory, providing some additional + protection (besides a time limit) against runaway dearchivers + (such as a recent Zoo archiver DoS); + +- please use the most recent versions of file(1) utility (currently 4.21) + and recent versions of external dearchivers/decoders to avoid known + security vulnerabilities in them; + + +NEW FEATURES + +- introduced a variation of a message release from a quarantine, allowing + a releaser to choose between forwarding a message to the back-end MTA + port as usual (avoiding re-checking of a message), or to send it to MTA + on its incoming port (normally 25) and let the message be rescanned, + which might be useful after adjusting spam rules or antivirus database. + + It is implemented by: + + * adding a configuration variable $requeue_method (also a member + of policy banks), with a default value: 'smtp:[127.0.0.1]:25' + + * extending the AM.PDP protocol with a 'request=requeue' attribute + which can be used in place of a 'request=release', + + * enhancing the 'amavisd-release' utility program to choose between + sending 'request=release' and 'request=requeue' based on its + program name, i.e. by making a soft or hard link to amavisd-release + (or its copy) named 'amavisd-requeue', the utility will send + a 'request=requeue' in place of the usual 'request=release', e.g.: + # ln -s amavisd-release amavisd-requeue + $ amavisd-requeue spam/k/kg2P0rP9Lpu3.gz + + * enhancing amavisd daemon to choose between forwarding a released + message either to $release_method or to $requeue_method destination + based on a 'request' attribute value in an AM.PDP request; + +- new AV entry: ArcaVir for Linux and Unix, see below for links; + +- a new macro 'supplementary_info' gives access to some additional information + provided by content scanners, such as a provided by SpamAssassin API + routine get_tag. The macro takes two arguments, the first is a tag name + (a name of some attribute which is expected to provide an associated + value), the second argument is a sprintf format string and is optional, + if missing a %s is assumed. Currently the only available attributes are + AUTOLEARN, SC, SCRULE, SCTYPE, and RELAYCOUNTRY. These are nonempty only + when an associated SpamAssassin plugin or function is enabled. + +BUG FIXES + +- fixed quarantining to a SQL database of messages with a null envelope + sender address (broken in 2.5.0, causing such messages to tempfail); + reported by Markus Edholm, Vahur Jõlu and Michael Scheidell; + +- fixed parsing of certain broken 'From' header fields, which would + result in a temporary failure and the following logged error: + check_init2 FAILED: parse_address_list PANIC1 53 + at /usr/local/sbin/amavisd line 3292 + reported by Michael Scheidell; + +- avoid encoding nonprintable characters in X-Envelope-From and X-Envelope-To + header fields in a quarantined message even if envelope mail addresses + contain such invalid characters, so that a quarantine release is possible; + (RFC 2047 allows encoding of a 'phrase' in From, To, and similar headers, + as well as in comments, but not in the address specification); + +- avoid unnecessarily RFC 2047 -encoding of 8-bit characters in those + lines of inserted X-Spam-Report (and similar) multiline header fields + which only contain ASCII characters; also avoid encoding of newlines; + reported by Anant Nitya; + +- properly recognize PostgreSQL error code 'S8006' and reconnect to + a disconnected server right away; thanks to Brian Wong; + +- call $mail_obj->finish after a SA call to allow for garbage collection + and removal of SA temporary files; see: + http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5444 + +- avoid nonstandard SMTP status code 254 on discarded malware; + on discarding turn status 554 into a 250 instead; violation + of a SHOULD in RFC 2822 pointed out by Alexander Bergolth; + +- an informational log message was reported inappropriately: + INFO: truncated ... header line(s) longer than 998 characters + it didn't reflect reality, it was always reported together with the: + INFO: unfolded 1 illegal all-whitespace continuation lines + +- when a SMTP option BODY=8BITMIME (RFC 1652) is not given on mail + reception, avoid turning it on while forwarding even if mail body + contains 8-bit characters; following a garbage-in-garbage-out + principle, this doesn't break anything that isn't already broken, + but might prevent later conversion to 7-bit quoted-printable MIME + by some downstream MTA, possibly preventing signature invalidations + (DKIM, S/MIME, PGP, ...) - at a risk that some overzealous firewall + might block a mail transfer; + +- fixed a couple of documentation typos/bugs in README.customize + amavisd-new-2.5.0 release notes + +COMPATIBILITY WITH 2.4.5 + + The 2.5.0 is upwards compatible with 2.4.* versions. + + Nevertheless, default notification and logging templates are + enhanced to take advantage of new macros and new concepts, + so it is prudent to update templates if defaults are overridden, + e.g. $log_templ, $notify_*_admin_templ, ... + +NEW FEATURES AT A GLANCE + +- new concept: blocking contents category; + +- true per-recipient defanging/sanitation of a mail body (previously + a true per-recipient handling was available for mail header edits, + but not for mail body modifications); + +- added interface code to invoke Anomy Sanitizer or the 'altermime' program + allows defanging or adding disclaimers by external utilities on a + per-recipient basis; + +- rewritten SMTP client code: get rid of the troublesome module Net::SMTP; + new code now supports pipelining, client-side LMTP, IPv6, Unix sockets, + more reliable error handling, passes on ORCPT parameter, passes on ENVID + parameter unmangled, is bare-CR-clean, tidier code (no workarounds for + rough corners in Net::SMTP), fewer context switches (handshake handovers) + due to pipelining if pipelining is offered by MTA (which usually is); + +- makes available pedantically parsed addresses from a mail header: + From, Sender, To, Cc. Addresses from mail header may be needed for + deciding on inserting disclaimers, signing mail (DKIM), custom hooks + (like 'vacation'-type applications), and other future applications. + Get rid of inexact parsing by module Mail::Address, provide own parser; + +- phishing fraud as returned by ClamAV is now treated as spam, no longer + as a virus; + +- compatible with SpamAssassin 3.2.0; + +- enhancements to amavisd-nanny: shows more detailed states of processes; + +- enhancements to amavisd-agent: shows average processing times per message; + +- extended AM.PDP protocol with an attribute 'policy_bank' which may be used + in a client's request to require loading additional policy banks; + +- add support for 7-Zip archives if external utility 7z is available; + +- custom hooks allow custom code to be called at few strategic places; + +- penpals can now also match replies which reference previous outgoing mail + by its MessageID (taking into account References or In-Reply-To header + field); + +- new key 'originating' in policy banks generalizes a MYNETS policy bank; + +- a documentation rewrite for setting up amavisd-new with Postfix + by Patrick Ben Koetter (one of the two authors of The Book of Postfix). + Previous documentation has been renamed to README.postfix.old and will be + removed in the next version; the new documentation is README.postfix.html, + and its automatically converted plain text version is README.postfix. + +BUG FIXES + +- if a sender is both white- and black-listed at the same time, then + inserted X-Spam-* header fields were inconsistent, e.g. X-Spam-Level, + X-Spam-Flag and X-Spam-Status reflected a whitelisted status (no asterisks, + not a spam), while X-Spam-Score showed 64 points; now whitelisting prevails + in all X-Spam-* header fields; + +- relax argument parsing in amavisd-release to allow releasing of + quarantine id containing a body hash in a name (%b in template); + reported by Ron Rademaker; + +- skip a SQL-logging database operation if an associated clause in %sql_clause + is disabled, e.g. set to undef or ''; this allows for example to selectively + disable SQL logging based on a policy bank; thanks to Riaan Kok; + +- let LHA decoder (do_lha) recognize also other listing formats, e.g. MS-DOS, + symlinks, not just plain Unix archives; problem reported by Ryuhei Funatsu; + +------------------------------------------------------------------- +Thu Mar 8 14:58:24 CET 2007 - varkoly@suse.de + +- update to version 2.4.5 + +SECURITY + +- Recommended version of Convert::UUlib is 1.08 or higher + to avoid processing of uninitialized data containing 'random' garbage.
