Fedora EPEL 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Feb 22 19:05:30 UTC 2013
The following Fedora EPEL 6 Security updates need testing:
Age URL
306 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0405/bitlbee-3.2-1.el6
7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0376/openconnect-4.08-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0417/Django14-1.4.5-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0420/awstats-7.0-3.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0430/drupal7-7.20-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0423/nginx-1.0.15-4.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0410/seamonkey-2.16-1.el6
83 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-13610/drupal6-ctools-1.10-1.el6
229 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1.el6
494 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6
16 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0267/mediawiki119-1.19.3-3.el6
31 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0123/python-tw2-jquery-2.0.3-5.el6
13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0298/roundcubemail-0.8.5-1.el6
9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0233/wordpress-3.5.1-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
Django14-1.4.5-1.el6
ReviewBoard-1.6.16-1.el6
amavisd-new-2.8.0-4.el6
awstats-7.0-3.el6
drupal7-7.20-1.el6
fedora-review-0.4.0-4.el6
gxine-0.5.905-1.el6
imapsync-1.525-1.el6
latex2rtf-2.3.2-1.el6
netcdf4-python-1.0.2-1.el6
nginx-1.0.15-4.el6
openstack-packstack-2012.2.2-1.0.dev408.el6
packagedb-cli-1.4.0-1.el6
python-django-extensions-1.0.3-2.el6
python-djblets-0.6.28-1.el6
python-elfdata-0.5-2.el6
seamonkey-2.16-1.el6
sks-1.1.4-1.el6
will-crash-0.3-1.el6
wordpress-plugin-bad-behavior-2.2.13-1.el6
Details about builds:
================================================================================
Django14-1.4.5-1.el6 (FEDORA-EPEL-2013-0417)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
update fix CVE-2013-0305, CVE-2013-0306
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 21 2013 Matthias Runge <mrunge at redhat.com> - 1.4.5-1
- update fix CVE-2013-0305, CVE-2013-0306
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #913037 - Django: Host header poisoning hardening
https://bugzilla.redhat.com/show_bug.cgi?id=913037
[ 2 ] Bug #913039 - Django: XML entity attacks
https://bugzilla.redhat.com/show_bug.cgi?id=913039
[ 3 ] Bug #913041 - CVE-2013-0305 Django: Data leakage via admin history log
https://bugzilla.redhat.com/show_bug.cgi?id=913041
[ 4 ] Bug #913042 - CVE-2013-0306 Django: Formset denial-of-service
https://bugzilla.redhat.com/show_bug.cgi?id=913042
--------------------------------------------------------------------------------
================================================================================
ReviewBoard-1.6.16-1.el6 (FEDORA-EPEL-2013-0411)
Web-based code review tool
--------------------------------------------------------------------------------
Update Information:
After installing this update (as with all ReviewBoard updates) you must run "rb-site upgrade /path/to/reviewboard"
- Security Updates:
* We now require Django 1.3.7, which fixes a few security vulnerabilities
- Web API Changes:
* Added API support for querying and manipulating default reviewers
* Repositories deleted through the Web API are now only archived if they
have any associated review requests
- Bug Fixes:
* Fixed an HTML escaping issue when listing filenames in the diff viewer
* Fixed an occasional crash when viewing a diff when displaying a function
or class header on the left-hand side but when there was none on the
right-hand side
* We try harder now to set the PYTHONPATH for subprocesses, which should
fix some issues fetching files over Subversion
* Fixed default Apache configuration files to be explicit in enabling
FollowSymLinks
* Fixed fetching files with FedoraHosted
* SMTP servers saved with additional whitespace will now have that
whitespace stripped, in order to prevent lookup failures
* Fixed the link to the PyLucene documentation in the General Settings page
* Fixed the review ID column when using Local Sites
* Fixed the starred public review count for new users when using
Local Sites
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 21 2013 Stephen Gallagher <sgallagh at redhat.com> - 1.6.16-1
- New upstream release 1.6.16
- http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.16/
- Security Updates:
* We now require Django 1.3.7, which fixes a few security vulnerabilities
- Web API Changes:
* Added API support for querying and manipulating default reviewers
* Repositories deleted through the Web API are now only archived if they
have any associated review requests
- Bug Fixes:
* Fixed an HTML escaping issue when listing filenames in the diff viewer
* Fixed an occasional crash when viewing a diff when displaying a function
or class header on the left-hand side but when there was none on the
right-hand side
* We try harder now to set the PYTHONPATH for subprocesses, which should
fix some issues fetching files over Subversion
* Fixed default Apache configuration files to be explicit in enabling
FollowSymLinks
* Fixed fetching files with FedoraHosted
* SMTP servers saved with additional whitespace will now have that
whitespace stripped, in order to prevent lookup failures
* Fixed the link to the PyLucene documentation in the General Settings page
* Fixed the review ID column when using Local Sites
* Fixed the starred public review count for new users when using
Local Sites
--------------------------------------------------------------------------------
================================================================================
amavisd-new-2.8.0-4.el6 (FEDORA-EPEL-2013-0427)
Email filter with virus scanner and spamassassin support
--------------------------------------------------------------------------------
Update Information:
June 30, 2012
amavisd-new-2.8.0 release notes
Contents:
COMPATIBILITY
BUG FIXES
NEW FEATURES SUMMARY
NEW FEATURES - 0MQ
NEW FEATURES - OTHER
OTHER
COMPATIBILITY
- removed an old compatibility measure: default value of @banned_admin_maps
was changed from:
@banned_admin_maps = (\$banned_admin, \%virus_admin, \$virus_admin);
to a more consistent:
@banned_admin_maps = (\$banned_admin);
The previous default value of @banned_admin_maps tried to maintain
compatibility with versions before the setting was separated from
its companion @virus_admin_maps. Now this compatibility is no longer
considered necessary and contributes to some confusion, so it was dropped.
See 2.4.0 and 2.2.1 release notes for previous changes to this setting.
- quarantining to an mbox format file used to include a local time in an
mbox separator line, which differs from RFC 4155 and common practices
of using an UTC timestamp; a time zone of a timestamp in separator lines
is now changed to UTC;
BUG FIXES
- fixed initial evaluation of dynamic (i.e. per policy bank) values of
$enable_dkim_verification, $enable_dkim_signing and $bypass_decode_parts
across all declared policy banks; these policy bank entries may be scalars
of references to such;
- finely adjust a message size for de-stuffed dots according to a size
definition in RFC 1870; avoids occasional message size mismatch when
using an antispam interface module SpamdClient (implementing client-side
of a spamc/spamd protocol);
- updated LDAP.ldif to match LDAP.schema; provided by Quanah Gibson-Mount;
- updated AMAVIS-MIB.txt and amavisd-snmp-subagent: changed type of
SNMP variables *MsgsSize* in the group amavisStats 7 from Counter32
to Counter64 for consistency with other *MsgsSize* variables in groups
amavisStats 3 and amavisStats 9;
See also the bug fixes section of 2.7.1 and 2.7.2 release notes.
All fixes applied to 2.7.1 and 2.7.2 are incorporated in the 2.8.0 code.
NEW FEATURES SUMMARY
- For monitoring and statistics gathering purposes a new set of utilities
and service processes is available based on a message passing paradigm,
using a 0MQ (a.k.a. ZMQ, ZeroMQ, or Crossroads I/O) library. This
replaces a functionally similar set of utilities based on a shared
BerkeleyDB database, with a benefit of avoiding lock contention
altogether. This can bring sigificant speedups, most pronounced on
a host with many busy amavisd child processes.
- Applied numerous fine-grained optimizations based on a NYTProf profiler
results. Optimizations include a reduction in a number of generated
Perl opcodes and similar micro-optimizations. This accounts for a large
amount of small changes in the code.
- Our current statistics (Q4 2011) shows that 80 % of messages are below
30.000 bytes, and 90 % of mail messages are below 100.000 bytes in
size. As an optimization, messages below 100 KiB in size are now kept
and processed in memory, including passing them more optimally to
SpamAssassin 3.4.0. Some file activity is still there, but is much
reduced. If $TEMPBASE also resides on an SSD disk (or a RAM disk),
observed speedup between 2.7.2 and 2.8.0 was 3 to 8 percent on a
busy host (with monitoring disabled, so as not to skew a measurement).
- Use a module IO::Socket::IP if available, instead of dealing directly
with low-level modules IO::Socket::INET and IO::Socket::INET6;
- choose more appropriate defaults if running on an IPv6-only host
(like connecting to ::1 instead of 127.0.0.1 which may not exist);
- amavisd-release now also supports connecting to amavisd over IPv6;
- as a debugging aid it is now possible that a late event triggers full
logging of earlier events that occurred during processing of a current
mail message;
- $enable_ldap setting is now dynamic, i.e. can be changed by a policy
bank, which makes it possible to selectively disable LDAP lookups
per policy bank;
- optionally avoid persistent connections to SQL and LDAP servers;
- it is now possible to disable calling an external file(1) utility
but still have MIME parts decoding enabled;
- added support in Amavis::SpamControl::ExtProg for an external spam scanner
Bogofilter;
- added locking options to @spam_scanners entries, to be used with external
scanners which need but do not implement locking of their resources
by themselves;
- added a global configuration setting $sa_userprefs_file, which is passed
on to SpamAssassin as a 'userprefs_filename' parameter at initialization;
- added a subroutine iso8601_weekday(), potentially useful with partitioning;
- added several new macros available to logging and notification templates;
NEW FEATURES - 0MQ
- added support for monitoring and auxilliary services, communicating
with amavisd and among themselves through 0MQ sockets (also called ZMQ
or ZeroMQ, or Crossroads I/O or XS). This method offers similar features
as current services amavisd-nanny, amavisd-agent and amavisd-snmp-subagent,
but use message passing paradigm instead of communicating through a shared
Berkeley database. This avoids locking contention, so the gain can be
significant for a busy amavisd setup with lots of child processes.
New files in the package are:
- amavis-mc is a master supervisor process ( master of ceremonies :),
to be started at boot time as root, or as a user vscan/amavis.
Currently its only function is to spawn three instances of
amavis-services processes with dropped privileges, to monitor
and restart them in case they fail, and to terminate them when
itself if being terminated. Preferably this process should be
started before amavisd and before amavisd-snmp-subagent-zmq,
although things would eventually catch up even if this is not
the case. This process must run on the same host as amavis-service
processes.
- amavis-mc_init.sh is an example FreeBSD-style startup/shutdown shell
script for starting/stopping the amavis-mc process;
- amavis-service implements three services, chosen by a command line
argument. It should be running as user vscan/amavis (not as root!).
All its instances are typically started/stopped automatically by
the amavis-mc process with dropped privileges. A note for manual
testing (started from a command line, not by an amavis-mc process):
make sure to run amavis-service under the same UID as the amavisd is
running. If 0MQ cannot write to a socket due to privilege violation,
messages are silently dropped. Service processes as implemented
by amavis-service must run on the same host as amavisd for two
reasons: they communicate with amavisd child processes through a
Unix socket, and at least some of these services need visibility
of amavisd processes through signals (kill). At least the forwarding
service must be running when amavisd is operational with $enable_zmq
at true, otherwise amavisd processing might eventually stall when
their message queue fills up. Preferably amavis-service processes
should be started before amavisd is started, although things would
eventually catch up even if started late or restarted during operation.
- amavisd-status is a user utility program, similar to amavisd-nanny,
which connects to amavis-service 0MQ socket and displays a status
of running amavisd child processes. This program communicates
with amavis-service processes through an inet socket and can
in principle run on a different host (in which case sockets must
not be bound to a loopback interface). The program can be started
and stopped at any time, can run under any UID as long as it has
access to a 0MQ socket $outer_sock_specs, and may run in multiple
instances if necessary.
- amavisd-snmp-subagent-zmq is a SNMP AgentX program, functionally
equivalent to amavisd-snmp-subagent. It collects information from
amavis-service processes and passes it as a MIB to an SNMP daemon.
This process communicates with amavis-service processes through an
inet socket and can in principle run on a different host (in which
case sockets must not be bound to a loopback interface). If access
to the amavisMta MIB (1.3.6.1.4.1.15312.2.1.3) is desired, the
amavisd-snmp-subagent-zmq must run on the same host as Postfix
in order to have access to its queue directories. In principle
there could be more than one instance of amavisd-snmp-subagent-zmq
running at the same time, although this hardly serves any practical
purpose.
The old amavisd-agent utility does not currently have a 0MQ equivalent;
use snmpbulkwalk with net-snmp and amavisd-snmp-subagent-zmq for similar
functionality.
Please see comments in amavis-service for details and configuration
of sockets.
To enable amavisd child processes to start sending their status and
statistics information to amavis-service services, please set a
configuration variable $enable_zmq to true in amavisd.conf:
$enable_zmq = 1;
Optionally a 0MQ socket can be changed, it defaults to:
@zmq_sockets = ( "ipc://$MYHOME/amavisd-zmq.sock" );
The @zmq_sockets is a list of 0MQ sockets, so in principle amavisd
processes can report their state to multiple instances of amavis-service.
Both the 0MQ-based ($enable_zmq=1) and the BerkeleyDB-based ($enable_db=1)
monitoring implementations can coexist: use one or the other, or both
at the same time, or turn off both if monitoring is not needed.
Required Perl modules are either:
ZeroMQ, which interfaces with a version 2 of a libzmq library
(in case of FreeBSD that would be ports net/p5-ZeroMQ and devel/zmq),
or with a Crossroads I/O library libxs, which itself is similar to a
version 3 of libzmq, but provides a zmq 2.1 compatibility interface;
or
ZMQ::LibZMQ2 and ZMQ::Constants modules
with a version 2 of a libzmq library or with a Crossroads I/O library;
or
ZMQ::LibZMQ3 and ZMQ::Constants
with a version 3 of a libzmq library (FreeBSD ports: devel/zmq-devel).
Although Crossroads I/O library is natively equivalent to a libzmq
version 3 library, the ZMQ::LibZMQ3 perl module does not currently
support interfacing with Crossroads I/O (libxs).
Tested combinations of a Perl interface module with a message passing
library:
* with 0MQ ( http://www.zeromq.org/ ):
ZeroMQ 0.21 + zeromq 2.2.0
ZMQ::LibZMQ2 1.01 + zeromq 2.2.0
ZMQ::LibZMQ3 1.00 + zeromq 3.1.0
* with Crossroads I/O ( http://www.crossroads.io/ ):
ZeroMQ 0.21 + libxs 1.2.0 (zmq v2.1 compatible)
ZMQ::LibZMQ2 1.01 + libxs 1.2.0 (zmq v2.1 compatible)
ZMQ::LibZMQ3 1.00 + libxs 1.2.0 (native) (no, XS not supported by LibZMQ3)
PERFORMANCE with 0MQ
When scanning messages for spam is enabled (using SpamAssassin), a
spam scan takes most of the processing time and resources, so replacing
a BerkeleyDB-based monitoring with a 0MQ-based monitoring brings some
speedup on a busy server, but the change is not dramatic.
But as an extreme counter-example: when DKIM signing passed messages,
with most other checks disabled, a speedup can be by a factor of 10.
(Synthetic benchmark: 7 KiB messages, 8 child processes, log level 2,
CPU Intel Core i7-960 (4 cores, 8 threads), $TEMPBASE on an SSD disk,
result: 19 mail messages per second with BerkeleyDB, over 200 mail
messages per second with 0MQ, and still 130 msg/s with all checks
*but* spam scanning enabled).
SECURITY CONSIDERATIONS with 0MQ
0MQ libraries (zeromq or libxs) do not provide any application-level
security beyond what is available with standard Unix or INET or INET6
sockets. This means that Unix-style inter-process sockets are protected
by the usual file system's ownership and protection bits, and access
to INET/INET6 sockets is only protected by interface binding and system
firewall mechanisms.
Communication between amavisd child processes and the forwarding service
(amavis-services msg-forwarder) goes by default over a Unix-style socket,
owned by UID vscan/amavis. Communication between utilities and service
processes goes by default over an INET socket bound to a loopback
interface, and as such is accessible to any process running on the
same host, but is not accessible from other hosts. If access to these
sockets from other hosts is desired, their binding should be changed
to all or to ethernet interfaces, making them accessible to any host
in the network, so host-firewall rules should be implemented if access
needs to be restricted.
Having said that, currently information passing through 0MQ sockets
is limited to statistics and health status only, and does not affect
operation of amavisd child processes, nor is any sensitive information
passed around, so access to these sockets from unauthorized sources
is not expected to pose a high security risk.
0MQ and IPv6
IPv6 is supported by zeromq library starting with version 3, and by
libxs (any version). Because the application needs to pass information
to a library about a type of sockets needed and there is no universal
and backward compatible (with v2) way to do so, currently amavisd does
not offer any configuration option to choose INET6 over INET on 0MQ
sockets. This restriction is expected to be lifted in the next version.
Currently on an IPv6-only host one can choose to use Unix-style sockets,
or patch amavis programs to turn off a ZMQ_IPV4ONLY socket option
(these are commented-out in present code).
NEW FEATURES - OTHER
- if a module IO::Socket::IP is available, amavisd will use this module
to create its client-side inet or inet6 sockets, instead of using the
low-level modules IO::Socket::INET and IO::Socket::INET6. This delegates
some of the dirty details handling to IO::Socket::IP, such as using the
getaddrinfo(3) system service to resolve host names, and dealing with
dual-stack multihomed host names. If IO::Socket::IP is not available,
the IO::Socket::INET or IO::Socket::INET6 are used directly instead,
to preserve compatibility. Please use a fairly recent version of
IO::Socket::IP, testing was done with versions 0.08 and 0.16.
- added a subroutine read_cidr() which can read a Postfix style CIDR file,
with a syntax interpreted according a Postfix cidr_table(5) man page.
The subroutine returns a ref to an array by default (but can also
produce a hash, and is able to add data to an existing array or hash).
Typical use:
@mynetworks_maps = ( read_cidr('/etc/postfix/mynetworks.cidr') );
@client_ipaddr_policy = map(($_,'MYNETS'), @mynetworks_maps);
or:
@mynetworks = @{ read_cidr('/etc/postfix/mynetworks.cidr') };
For details and more complex usage see leading comments in the read_cidr
subroutine;
- as a debugging aid it is now possible that a late event triggers full
logging of earlier events that occurred during processing of a current
mail message. This is implemented by writing all log events to a temporary
file regardless of their log level and of the current $log_level setting.
A later event can cause the captured temporary log to be copied to a
regular log. Each child process keeps its own temporary log file open
all the time, the file is rewound and truncated after each mail message
processing and reused for the next capture, so its size rarely exceeds
about 50 kB.
Maintaining a temporary capture log is enabled by setting a configuration
variable $enable_log_capture to true:
$enable_log_capture = 1;
Enabling a log capture costs a little bit of resources as amavisd needs
to assemble and format all log messages regardless of their log level, not
benefiting from early pruning of log entries not reaching the $log_level.
Nevertheless the small overhead is quite acceptable when troubleshooting
some rarely occurring problem and keeping $log_level permanently at the
max is not acceptable due to sheer volume of debug logging.
The captured log is read from a temporary file and copied to a regular
log as log level 1 entries (i.e. at LOG_INFO syslog priority) if a
dynamic variable $enable_log_capture_dump is true by the end of mail
message processing. A chunk of captured log entries is preceded/ended
by a log line:
CAPTURED DEBUG LOG DUMP BEGINS
CAPTURED DEBUG LOG DUMP ENDS
and each such log entry has a prepended timestamp (hours, minutes,
seconds with milliseconds) of a capture time.
The $enable_log_capture_dump variable can be turned on directly
by some debugging patch code, but is more conveniently loaded by
activating a policy bank, e.g.:
$policy_bank{'SLOW'} = {
enable_log_capture_dump => 1,
};
$policy_bank{'GOTCHA'} = {
enable_log_capture_dump => 1,
};
which can be loaded for example by a custom hook, e.g.:
sub after_send {
my($self,$conn,$msginfo) = @_;
if (Time::HiRes::time - $msginfo->rx_time > 5.5) {
Amavis::load_policy_bank('SLOW', $msginfo);
}
# or perhaps:
if ($msginfo->sender =~ /some-regexp/) {
Amavis::load_policy_bank('GOTCHA', $msginfo);
}
}
Btw, the only purpose of having two different policy banks in the example
is to be able to see at a glance in the log which one was activated.
- the @decoders list is made a bit more flexible: the first entry in
each tuple (a short type name) may be a scalar string as before,
or may be a reference to a list of such names, in which case the
tuple applies to all listed short types.
Example:
[['zip','kmz'], \&Amavis::Unpackers::do_unzip],
which previously needed two entries:
['zip', \&Amavis::Unpackers::do_unzip],
['kmz', \&Amavis::Unpackers::do_unzip],
- support an external decompressor lrzip for a .lrz format.
Thanks to Jernej Porenta for a suggestion;
- $enable_ldap setting is now dynamic, i.e. can be changed by a policy
bank, which makes it possible to selectively disable LDAP lookups
per policy bank. The LDAP code is loaded and a connection to an LDAP
server is established if at least one policy bank has enable_ldap set
to true (e.g. enable_ldap => 1 ) or a global $enable_ldap is true,
but queries are disabled if currently active enable_ldap is false.
Suggested by Tomislav Mihaliček;
Example:
$enable_ldap = 1;
$policy_bank{'GUESTS'} = {
enable_ldap => 0,
};
or the other way around:
$enable_ldap = 0;
$policy_bank{'INBOUND'} = {
enable_ldap => 1,
};
- optionally avoid persistent connections to SQL and LDAP servers - at
the expense of about 3 to 7 ms elapsed time for a reconnect. Persistent
connections from mostly idling child processes consume database server
resources (e.g. a TCP socket) unnecessarily, and may become stuck when
some intermediate stateful device like a firewall or a NAT decides to
drop stale sessions.
The behaviour is controlled by a setting $database_sessions_persistent:
when true sessions remain open even after a SMTP session (from an MTA) has
closed; when false sessions are closed after each SMTP session closedown.
The default value is true for compatibility with earlier versions.
Problem reported by Jernej Porenta;
- it is now possible to disable calling an external file(1) utility
but still have MIME parts decoding enabled: $file = undef;
This may save some contents classification time, at the expense of
losing results of a file(1) utility (i.e. short file type information)
for banning checks. Disabling file(1) checks can be useful when most
other checks are disabled too, e.g. in an amavisd instance whose only
task is DKIM-signing, like after a mailing list manager fanout;
- added Amavis::SpamControl::ExtProg support for an external spam scanner
Bogofilter. An entry in @spam_scanners list for invoking the bogofilter
program can be something like:
@spam_scanners = (
['Bogofilter', 'Amavis::SpamControl::ExtProg', 'bogofilter',
[ qw(-e -v)], # -u
mail_body_size_limit => 65000, score_factor => 1.0,
],
# ['SpamAssassin', 'Amavis::SpamControl::SpamAssassin' ],
);
The bogofilter interface code assigns a hard-coded score +5 to
bogofilter's result status 'Spam', -5 to 'Ham' and 0 to 'Unsure'.
This score is multiplied by score_factor (default 1 if not given)
to produce the final spam score which is summed up with scores
as contributed by other spam scanners in the @spam_scanners list.
The 'X-Bogosity' header field will be inserted into forwarded message,
unless prevented by a corresponding %allowed_added_header_fields entry.
Based on a patch contributed by Stephen Davies.
- added Amavis::SpamControl::ExtProg support for auto-learning on external
spam scanners; experimental: works, but may change in future versions;
*** to be documented ***; Suggested by Jernej Porenta;
- added locking options to @spam_scanners entries, to be used with
external scanners which do not implement database locking by themselves.
Options are: 'lock_file', 'lock_type', 'classifier_lock_type' and
'learner_lock_type'. The 'lock_file' specifies a file name on which
a flock(2) is acquired. A lock type can be 'shared', 'exclusive',
or 'none'. The 'shared' acquires a LOCK_SH (shared read) lock,
the 'exclusive' acquires a LOCK_EX (exclusive write) lock on a given
file. A default lock type is 'exclusive' if the lock_type option is
missing. If either a lock_file is absent or empty, or a lock type is
'none', then no locking is performed.
Option 'classifier_lock_type' can override a generic 'lock_type'
option when a scanner is requested to classify a message. Similarly,
a 'learner_lock_type' option can override a generic 'lock_type' when
a scanner is invoked for auto-learning.
Example:
['CRM114', 'Amavis::SpamControl::ExtProg', 'crm',
[ qw(-u /var/amavis/home/.crm114 mailreaver.crm
--dontstore --report_only --stats_only
--good_threshold=8 --spam_threshold=-8) ],
learn_ham => [ qw(-u /var/amavis/home/.crm114 mailreaver.crm --good) ],
learn_spam => [ qw(-u /var/amavis/home/.crm114 mailreaver.crm --spam) ],
mail_body_size_limit => 65000, score_factor => -0.20,
lock_file => '/var/amavis/crm114.lock',
lock_type => 'shared', learner_lock_type => 'exclusive',
],
- added a global configuration setting $sa_userprefs_file (undef by
default), which is passed on to SpamAssassin as a 'userprefs_filename'
parameter during its initialization. If 'userprefs_filename' parameter
is nonempty, SpamAssassin tries to load a file with that name as
user preferences configuration file (overriding systemwide settings),
otherwise it tries to load a file '~/.spamassassin/user_prefs'
if it exists. Suggested by Quanah Gibson-Mount;
- added a subroutine iso8601_weekday() which takes a Unix time as an
argument (seconds since 1970-01-01T00:00Z), and returns a weekday number
based on local time: a number from 1 through 7, beginning with Monday and
ending with Sunday, as specified in ISO 8601 (EN 28601).
May be useful as a partition_tag for short-term cycling of a logging
database storage (e.g. used by a pen-pals feature):
$partition_tag =
sub { my($msginfo)=@_; iso8601_weekday($msginfo->rx_time) };
- added a macro 'weekday', which expands to a weekday number
of the current message reception time, as provided by a call
to iso8601_weekday($msginfo->rx_time);
- added a macro 'secret_id', which expands to a secret counterpart to
mail_id, such that: b64_encode(md5(b64_decode(secret_id))) == mail_id.
It is encoded in base64url (RFC 4648), e.g. laL-rCJ6MBTm
(with a counterpart mail_id: XlZbJeFhn4OE). Typically used to authorize
releasing from a quarantine. Suggested by Antoine Nguyen;
- added a macro 'mail_id' as a synonym to a macro 'i', which is a
long-term unique mail_id on this system, possibly used in log and in
quarantine names, encoded in base64url (RFC 4648), e.g. XlZbJeFhn4OE
(with a counterpart secret_id: laL-rCJ6MBTm);
- added a macro 'log_id' as a synonym to a macro 'n', which is an
internal log id (also called task id, am_id) as shown in the log
and by amavisd-nanny, e.g. 58725-05-2;
- added a macro 'hexenc', which encodes its string arguments as
hex digits, high nybble first;
- added macros 'b64enc' and 'b64urlenc', which encode their arguments
as base64 strings, removing the final null padding '=' characters.
The 'b64enc' encodes into a character set [A-Za-z0-9+/], while the
'b64urlenc' encodes into a character set [A-Za-z0-9-_] according to
RFC 4648;
- added a macro 'body_digest', which expands to a digest (a hash) of a
body of a mail message as computed by the algorithm chosen by a setting
$mail_digest_algorithm (defaults to 'MD5', can be 'SHA-1' or 'SHA-256').
These are raw (non-encoded) bytes, not suitable for direct display.
It is common to encode it with one of the macros: 'hexenc', 'b64enc',
or 'b64urlenc', and possibly truncate it by a macro 'substr', e.g.:
[:substr|[:b64urlenc|[:body_digest]]|0|9]
The result of:
[:hexenc|[:body_digest]]
is the same as the result of a legacy macro call %b.
- added a configuration setting $mail_digest_algorithm which chooses an
algorithm name for generating a mail header digest and a mail body digest.
If set to 'MD5' (case-insensitive) a module Digest::MD5 will be used,
producing a MD5 digest (128 bits, 32 hex digits, 22 base64 characters).
This is the fastest algorithm and is a default. Any other value is
passed on to a module Digest::SHA as an argument to its method new().
The module Digest::SHA can produce digests of a SHA family: 160..512 bits,
and accepts an algorithm name like 'SHA-1' or 'SHA-256' (see its
documentation for details). The SHA-1 digest size is 160 bits / 40 hex /
27 base64 chars, while the SHA-256 size is 256 bits / 64 hex / 43 base64
characters.
The generated digest may end up as part of a quarantine file name
(%b in templates), or via macro 'b' or 'body_digest' in notification
templates or a main log entry.
OTHER
- quarantining to a mbox format file was using mboxo rule for protecting
a "From " line in a mail body, which made an original ">From " line
indistinguishable from a protected From; now a mboxrd format rule is
used, see http://en.wikipedia.org/wiki/Mbox
- make MIME::Parser use $TEMPBASE as a temporary directory for scratch
files instead of its default (which was /tmp, or failing over to a
current directory, disregarding a TMPDIR environment variable).
This can bring performance improvements if $TEMPBASE resides on
an SSD or RAM disk and /tmp resides on a HDD;
- distinguish an absence of an SMTP response from a negative SMTP response
in an SMTP/LMTP client code for improved logging/debugging purposes;
report delay time in case of a failure;
- a default value for $inet_socket_bind now reflects the availability
of socket protocol families INET (IPv4) and INET6 (IPv6):
- if version of Net::Server is below 2.0: '127.0.0.1'
- if both inet & inet6 are available: [ '127.0.0.1', '[::1]' ]
- if only inet is available: '127.0.0.1'
- if only inet6 available (IPv6-only host): '[::1]'
Previously a default was always a '127.0.0.1'.
- $forward_method, $notify_method and $requeue_method now default to an IPv6
address of a loopback interface ::1 instead of 127.0.0.1 when INET6 support
is available and INET is unavailable (IPv6-only host);
- remove an existing Authentication-Results header field only if we are
capable of generating our own: keep it if $enable_dkim_verification
is false or if $allowed_added_header_fields{'authentication-results'}
is false;
- add a field "Source-Port:" to "Abuse report format" (ARF) messages
as per draft-kucherawy-marf-source-ports;
- Avira SAVAPI av scanner: only log a warning instead of aborting
when a QUIT command at the end of a session fails;
- load all (both) applicable policy banks when %interface_policy contain
both a "SOCK" entry and a Unix socket path name; and similarly when it
contains both the "IPaddress:port" and a "port" entries. Previously
the "SOCK" policy bank was not loaded when a socket path name entry
existed in %interface_policy, and similarly a port-only -based policy
bank was not loaded when a more specific "IPaddress:port" entry existed;
- make use of a new SpamAssassin 3.4.0 option "skip_prng_reseeding"
(description in the SpamAssassin Bug 6690);
- no longer pre-load a module Mail::SpamAssassin::Plugin::SpamCop
to avoid unnecessarily dragging-in modules Net::SMTP and Net::Cmd;
- a spamd client code in Amavis::SpamControl::SpamdClient now obeys an
option 'mail_body_size_limit' in a @spam_scanners entry and truncates
a message passed to spamd (like other spam scanner interfaces do),
instead of skipping a call to spamd. This interface module is mainly
intended for testing spamd, or used with third-party software which
uses the same spamc/spamd protocol.
- modules Convert::TNEF is now made optional, instead of being required;
do not load it if @decoders list is empty;
- avoid a warning issued when encountering an empty ehlo-keyword in a
response to an EHLO command (like on testing with a smtp-sink utility);
- some fine-grained reduction in a number of generated opcodes and
similar tiny optimizations; this accounts for numerous small changes
in the code;
- avoid some warnings issued by Test::Perl::Critic;
- just in case: make sure that our SMTP responses at the incoming session
are truly flushed to the socket and not stuck in a perlio I/O buffer;
- updated 2.7.0 release notes, documenting that a policy bank may also be
loaded based on a path name of a Unix socket receiving a connection;
- updated and clarified schema and instructions in README.sql-pg
based on suggested changes by Tim Howe;
- fixed spelling mistakes in comments;
- internal incompatible change: changed arguments and a result of a
subroutine write_header; also, now it rewinds a message file by itself;
---------------------------------------------------------------------------
June 30, 2012
amavisd-new-2.7.2 release notes
BUG FIXES
- a generated Received header field was missing the 'IPv6:' prefix
in the TCP-info component of a 'by' subfield (as required by RFC 5321,
section 4.1.3) when amavisd received a message over an IPv6 protocol;
(btw, the TCP-info component of a 'from' subfield was correct);
- changed data type of an SNMP variable LogRetries from C32 to C64
for consistency with the MIB;
- updated AV entry 'AVG Anti-Virus' to consider status 403 continuation
lines when searching for a virus name; suggested by Ralf Hildebrandt;
OTHER
- reduce a log level to 5 on a log message:
Amavis::IO::RW: Error flushing on close: ...
to avoid an innocent but sinister-looking warning when a pipe
to a virus scanner is broken and needs to be re-established;
reported by Stefan Jakobs;
- updated an AV entry for 'F-Secure Linux Security' to version 9.14;
options updated by Mika Ilmaranta, a patch by Tuomo Soini;
- fix a Unix socket compatibility issue with Net::Server versions 2.000,
2.001 and 2.002, where a method NS_unix_path no longer exists.
This method was re-introduced for compatibility reasons in 2.003.
Reported by Paul MacKenzie;
---------------------------------------------------------------------------
April 29, 2012
amavisd-new-2.7.1 release notes
BUG FIXES
- prevent rmdir() from failing with 'Invalid argument' on Solaris 10 when
deleting a temporary directory: current working directory must not be
within a directory which is about to be deleted; reported and diagnosed
by Maciej Uhlig;
- forwarding or quarantining through a 'pipe:' method failed with
"Insecure dependency in exec while running with -T switch" when a
sendmail command-line option -N was needed; reported by Andreas Schulze;
- when multiple sockets are specified (e.g. in $forward_method) as a
redundancy/failover mechanism, and SMTP session caching is enabled,
a failed forwarding session does not clear a cached session, so all
further attempts are stuck with the failed server, instead of picking
a different server from the list; discovered by Michael Storz;
- on establishing a SMTP session when multiple sockets are specified
(e.g. in $forward_method) as a redundancy/failover mechanism, the
random choice never picked the last socket in a list;
discovered by Michael Storz;
- fix defanging by mimedefang, it was failing with perl 5.10 or later
due to an unhandled "Insecure dependency in sprintf" while logging the
result if the $log_level was 2 or higher, or when debugging was enabled;
thanks to Steve Scotter for a problem report;
- fix defanging by Anomy::Sanitizer, it was failing with an error message:
"mangling by anomy failed: replacement size 0, mail will pass unmodified";
- fix the 'xz' entry in a default @decoders list (in files amavisd.conf,
amavisd.conf-default and amavisd); the first two variants ('xzdec' and
'xz') were glued together, so the xz decoder was only available if found
under names 'unxz' or 'xzcat';
- provide a workaround for a bug [rt.cpan.org #64642] in a perl module
Encode, which gratuitously untaints a string when encoding or decoding it:
https://rt.cpan.org/Public/Bug/Display.html?id=64642
(still unfixed in Encode 2.44, perl 5.14.2);
A module Scalar::Util is now required, which should not be a compatibility
problem, as this module is a Perl core module since perl 5.8.0.
- avoid the use of Encode::is_utf8 due to a bug in a perl module Encode
as bundled with versions of Perl 5.8.0 to 5.8.8 (fixed in March 2007):
Perl bug tracking: #32687:
Encode::is_utf8 on tainted UTF8 string returns false
https://rt.perl.org/rt3/Public/Bug/Display.html?id=32687
also referenced by #37170:
https://rt.perl.org/rt3/Public/Bug/Display.html?id=37170
This is a re-manifestation of the same problem we had back in 2004,
with a workaround provided by amavisd-new-2.2.1. Forgot that people
are still using Perl 5.8 :) Reported by Peter Dieth;
- fix a warning: _WARN: Invalid conversion in sprintf: "%a"
- write informational messages during a stop/start/restart to stdout,
instead of to stderr, avoiding unnecessary cron job messages;
thanks to Cristian Seres, Sandro Janke and John Griffiths;
also: https://bugzilla.redhat.com/show_bug.cgi?id=561389
- fix a syntactically incorrect 'Avira SAVAPI' av entry (missing
closing bracket) in a sample configuration file amavisd.conf;
- minor: get_body_digest incorrectly logged 8-bit body as 8-bit header;
- no longer insist on a minimal version 2.22 of a module Digest::MD5,
the 'clone' method is no longer needed since amavisd-new-2.7.0;
- do not call $parser->max_parts($MAXFILES) with some old versions
of MIME::Parser which did not yet provide this method;
- pre-load a module File::Glob even with perl 5.8.0, otherwise
autowhitelisting in SpamAssasssin may fail with "Insecure dependency";
- documentation: (files README.sql-mysql and README.sql-pg):
fixed a field name "policy.unchecked_lover", previously incorrectly
specified as "policy.unchecked_lovers_maps"; reported by TimH;
- documentation: fixed the two SELECT examples in files README.sql-pg and
README.sql-mysql, the field 'select' needs to be qualified with a table
name: 'msgrcpt.content' to avoid ambiguity; reported by Gary V;
- documentation bug in amavisd.conf-default: 'ESMTP' is not a valid
setting for $protocol, just use 'SMTP' instead; reported by Pascal Volk;
COMPATIBILITY
- commented out the LHA entry in the default @decoders list and in
do_executable(). The program seems to be unmaintained, was seen crashing
and as such it may pose a security risk; pointed out by Thomas Jarosch;
- due to popular demand, bring the 'spam-tag:' log line back to log level 2
(version 2.7.0 dropped it to log level 3) to retain compatibility with
some log analyzers. Caveat: 'spam-tag' string is now entirely in lowercase.
Suggested by Stefan Jakobs;
OTHER
- if a message is quarantined to more than one location using different
quarantine methods, the SQL field msgs.quar_type indicates only the
type of the last one. When archival quarantining is enabled this choice
is unfortunate, as the primary quarantine type is more interesting
than the permanent archival quarantine type. This is now reversed,
the msgs.quar_type field now reflects the first quarantine type.
Suggested by Patrick Ben Koetter.
- SMTP session caching now no longer re-uses old sessions which are
in use for more than a minute since their establishment; suggested
by Michael Storz;
- having the archive quarantine enabled should not be a sufficient reason
to store information to SQL when $sql_store_info_for_all_msgs is off;
Suggested by Patrick Ben Koetter.
- ClamAV-clamd and ClamAV-clamd-stream av scanners: changed socket name
in a sample configuration file amavisd.conf to /var/run/clamav/clamd.sock
(previously the socket name was /var/run/clamav/clamd); this makes it
compatible with a default socket name under several Linux distributions
and under FreeBSD; suggested by Oliver Schinagl;
- documentation updates;
---------------------------------------------------------------------------
July 1, 2011
amavisd-new-2.7.0 release notes
Contents:
NEW FEATURES SUMMARY
GENERAL
COMPATIBILITY WITH 2.6.4 / 2.6.5 / 2.6.6
BUG FIXES SINCE 2.6.6
BUG FIXES SINCE 2.6.5
BUG FIXES SINCE 2.6.4
NEW FEATURES
OPTIMIZATIONS
OTHER
CLEANING
NEW FEATURES SUMMARY
- significant improvements affecting a pre-queue content filtering setup
(time limiting, warm/flying restart, ...) - requires Postfix 2.7.0 and
SpamAssassin 3.3.0, or later;
- new daemon amavisd-signer makes it possible to sign mail with DKIM
signatures without requiring amavisd process to have access to private
signing keys;
- added support for the Sophos-SSSP, Avira SAVAPI and ClamAV clamd streaming
protocols allows amavisd to communicate with these antivirus solutions;
- allow specifying multiple (fail-over) back-end mailers for resubmission
of messages from amavisd back to MTA;
- support for Postfix 2.8.0 XFORWARD IDENT, passes a local message identifier
(queue id) downstream to a post-queue content filter and back to Postfix;
- speedup in data transfer rate on receiving large mail via SMTP/LMTP
sessions by a factor of 3.9 for plain text sessions, and by a factor
of 11 for encrypted (TLS) sessions;
- recognize and insert header fields as prepared by SpamAssassin 3.3.0
or later through its 'add_header' configuration option;
- a new setting allows a forward_method to be chosen based on a message
content type and/or recipient address; this may be useful for outgoing
mail routing purposes or to implement sender reputation schemes;
- per-recipient (or per- policy bank) SpamAssassin configuration files or
SQL configuration sets are supported (@sa_userconf_maps), and per-recipient
SQL Bayes database usernames (@sa_username_maps);
- new macros: client_helo, client_addr, client_port, client_addr_port,
mime2utf8, rusage, ADDEDHEADERHAM, ADDEDHEADERSPAM, banned_parts_as_attr,
actions_performed, new arguments to macros dkim, header_field, HEADER,
YESNO and YESNOCAPS;
- @listen_sockets setting offers a unified configuration of listening
sockets; it may be configured directly, or the traditional way: the
$inet_socket_port, $unix_socketname and $inet_socket_bind just add
their entries to the @listen_sockets list;
- lists of lookup tables (the @*_maps variables) can now contain
explicit SQL and LDAP lookup objects as their elements, instead of
(or in addition to) the implied SQL and LDAP lookups;
- a new configuration variable @virus_name_to_policy_bank_maps allows
loading of policy banks based on a virus name;
- a new configuration variable $mail_id_size_bits allows setting the size
of randomly generated mail_id and secret_id codes;
- a new configuration variable $sql_store_info_for_all_msgs allows storing
information on mail messages selectively just for quarantined messages;
- added SNMP counters InMsgsStatus* which combine the final mail checking
status with a direction of a mail flow;
- optional transparent archival quarantine, retaining envelope recipient
addresses on delivery to a dedicated SMTP server;
GENERAL
With a synergy of four solutions, using amavisd-new in a pre-queue
filtering setup became a sensible / better behaved solution:
- the "smtpd_proxy_options=speed_adjust" Postfix option, available since
Postfix 2.7.0 (20091101), improves decoupling between SMTP clients
and a content filter in a proxy setup, reducing the number of content
filtering processes needed for the same mail load. With this option
turned on, a Postfix SMTP server receives entire message before
connecting to a before-queue content filter;
- a master_deadline option and its API equivalent, available in SpamAssassin
since version 3.3.0, allows for time limiting on lengthy rules checking,
while still providing results when a time limit is exceeded; this makes
it more suitable for time-sensitive setups like a pre-queue filtering setup;
- reworked sub-task time limiting in amavisd, along with its counterpart
solution in SpamAssassin, makes it better suited to a real-time nature
of pre-queue filtering setups where one has no control over how long
SMTP clients are willing to wait at the data-end stage;
- a re-purposed command line option 'reload' now does a warm restart,
keeping sockets available to an MTA client at all times, thus reducing
a chance that an MTA would even notice a content filter's warm restart.
Provided that required minimal versions of Postfix and SpamAssassin are
available, on can try amavisd in a Postfix proxy setup. The $child_timeout
setting needs to be radically reduced in this setup, matching the longest
time most SMTP clients are willing to wait, and must be less than Postfix
is willing to wait (smtpd_proxy_timeout), which by default is 100 s.
A sensible value is somewhat less then a minute (e.g. 45 seconds). Even
though RFC 5321 (section 4.5.3.2.6) recommends that clients SHOULD be
willing to wait for 10 minutes at data-end stage, it is not uncommon
that this recommendation is not adhered to.
Note that a pre-queue filtering setup (along with its benefits) still
has all its drawbacks, like the need for more filtering processes to
accommodate mail arrival rate peaks (instead of averages), and much shorter
and unpredictable (client-dependent) time limits. The new features of the
three products only rise the thresholds where trouble starts, and make
the whole setup better behaved.
COMPATIBILITY WITH 2.6.4 / 2.6.5 / 2.6.6
- due to popular demand to reduce undesired and unintentional backscatter,
defaults for the settings $final_spam_destiny and $final_banned_destiny
were changed. Previously they both defaulted to D_BOUNCE, new defaults
are:
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
Please adjust to will. If you have these settings configured explicitly
in a configuration file, this change of a default value does not affect
you.
For a pre-queue content filtering setup (smtp proxy or milter) a suitable
value for undesired content is D_REJECT. For a post-queue filtering setup
preferred choices are to tag-and-deliver (D_PASS), or to drop (D_DISCARD)
and quarantine.
It is still possible to use a D_BOUNCE setting, but please limit
and monitor your backscatter. Due to a default setting of
@viruses_that_fake_sender_maps the backscatter on viruses has been
fully suppressed since amavisd-new-20021116 even with a D_BOUNCE.
Backscatter on high-scoring spam has been controllable since
amavisd-new-20030616-p8 by a family of settings
@spam(_crediblefrom)_dsn_cutoff_level(_bysender)_maps,
- several ancient configuration settings were removed or deactivated,
see section CLEANING below;
- a command line option 'reload' has been renamed to 'restart',
corresponding to a shutdown followed by a normal (cold) start;
while a command line option 'reload' has been re-purposed to function
as a warm/flying restart. See below for details. Protection of some
files may need to be examined (configurations files and DKIM private
keys should be readable for group vscan/amavis and not writable by
UID vscan/amavis);
- a failure of all virus scanners no longer automatically tempfails the
operation, but flags a message with a CC_UNCHECKED contents category
(just like a failure of decoders/dearchivers), and allows the usual
controls (*_destiny, *_quarantine_*) to be used to choose behaviour.
The $virus_scanners_failure_is_fatal=1 reverts to previous behaviour,
see below;
- a default value of $hdr_encoding and $bdy_encoding has been changed
from 'iso-8859-1' to 'UTF-8' which better suits reporting of banned parts;
- default encoding for reading text templates from the tail of a file
'amavisd' has been changed to 'utf8', which allows replacing a default
text by a non-ascii Unicode template, encoded as UTF-8;
- when using SQL for logging/penpals: three fields need to be added
to a table msgrcpt: msgrcpt.content, msgrcpt.rseqnum, msgrcpt.is_local,
and one to a table msgs: msgs.originating .
Semantics of msgrcpt.content is similar to msgs.content, but reflects
individual recipient's settings (e.g. when a message is both banned and
spam, a recipient with banning tests disabled will see a message as spam,
while other recipient of the same message will consider it banned).
The added field may also simplify queries by third party applications.
The field msgrcpt.rseqnum uniquely identifies/enumerates recipients within
each message, typically by assigning them sequential numbers starting
with 1. The only purpose of this field is to make it possible to define
a primary key for the table msgrcpt, which may be needed for some
clustering/partitioning purposes. Amavisd itself does not require a
primary key on this table.
The field msgrcpt.is_local should be considered a boolean, its value can be:
'Y' ... yes, recipient is local, i.e. matches @local_domains_maps
'N' ... no, recipient does not match @local_domains_maps
' ' ... unknown - this is a default field value; amavisd always sets
this field to either 'Y' or 'N';
The field msgs.originating should be considered a boolean, its value can be:
'Y' ... yes, message is originating from inside or from an authenticated
roaming sender (the flag $originating was true);
'N' ... no, message is not submitted by our user ($originating was false);
' ' ... unknown - this is a default field value; amavisd always sets
this field to either 'Y' or 'N', reflecting the $originating flag;
A combination of msgs.originating and msgrcpt.is_local tells a direction
a message is traveling:
originating is_local
N N open relay (probably misconfigured @local_domains_maps
or $originating flag not set)
N Y inbound message
Y N outbound message
Y Y internal message (inside or authenticated -> inside)
Note that a direction is a per-recipient property, a multi-recipient
message can be outbound for some recipients and internal for others
at the same time.
The following SQL directives can be used to add these new fields:
ALTER TABLE msgrcpt ADD rseqnum integer DEFAULT 0 NOT NULL;
ALTER TABLE msgrcpt ADD content char(1) DEFAULT ' ' NOT NULL;
ALTER TABLE msgrcpt ADD is_local char(1) DEFAULT ' ' NOT NULL;
ALTER TABLE msgs ADD originating char(1) DEFAULT ' ' NOT NULL;
If a primary key on table msgrcpt is needed for some reason,
try something like the following:
*MySQL:
UPDATE msgrcpt SET rseqnum=1+floor(999999999*rand()) WHERE rseqnum=0;
ALTER TABLE msgrcpt ADD PRIMARY KEY (partition_tag,mail_id,rseqnum);
*PostgreSQL:
UPDATE msgrcpt SET rseqnum=1+floor(999999999*random()) WHERE rseqnum=0;
CREATE UNIQUE INDEX msgrcpt_idx_primary
ON msgrcpt (partition_tag,mail_id,rseqnum);
If keeping a possibly customized copy of %sql_clause in a configuration
file, entries 'ins_rcp' and 'upd_msg' will need to be updated accordingly.
To facilitate transition from 2.6.6 to 2.7.0, it is possible to configure
amavisd 2.7.0 to supply with SELECT and INSERT clauses a subset of
parameters as used by 2.6.6. A configuration setting $sql_schema_version
controls this backward compatibility. Its default value is 2.007000 .
By setting it to a value below 2.007000 (such as 2.006006 or 2.006004) a
subset of parameters as was used with a version 2.6.6 or 2.6.4 is selected.
SQL clauses in $sql_clause{'upd_msg'} and $sql_clause{'ins_rcp'} need to
be adjusted according to a chosen version of actual parameters. Below is
an example of a required setting compatible with both amavisd-new 2.6.6
and 2.7.0, which lets amavisd 2.7.0 use an SQL schema of 2.6.6, which
lacks the four newly added fields:
our($sql_schema_version) if $myversion_id_numeric < 2.007000;
$sql_schema_version = 2.006006;
$sql_clause{'upd_msg'} =
'UPDATE msgs SET content=?, quar_type=?, quar_loc=?, dsn_sent=?,'.
' spam_level=?, message_id=?, from_addr=?, subject=?, client_addr=?'.
' WHERE partition_tag=? AND mail_id=?';
$sql_clause{'ins_rcp'} =
'INSERT INTO msgrcpt (partition_tag, mail_id, rid,'.
' ds, rs, bl, wl, bspam_level, smtp_resp) VALUES (?,?,?,?,?,?,?,?,?)';
Note that this is only provided to facilitate transition. Please add
the new fields on an opportunity, then remove the above settings from
your configuration file and restart amavisd.
- SQL fields msgs.content and msgrcpt.content used to encode a content
type CC_SPAMMY as 's', and CC_MTA as 't'. With default case-insensitive
queries on a data type CHAR it was not possible to distinguish
between lowercase 's' (= CC_SPAMMY) and uppercase 'S' (= CC_SPAM), so
the CC_SPAMMY is now encoded as 'Y', and CC_MTA as 'T' (just in case).
Please adjust your management tools if necessary.
- please check SQL data types on fields msgs.mail_id, msgs.secret_id,
msgrcpt.mail_id and quarantine.mail_id in existing databases, these must
be treated case-insensitively - see details further down, please search
further down for "must be treated case-insensitively";
- SQL clause $sql_clause{'sel_quar'} no longer uses a coalesce() function
(introduced in amavisd-new-2.6.2) which attempted to deal with NULL
quarantine.partition_tag or with undefined $partition_tag, when releasing
a message from an SQL quarantine - but payed the price of not using an
index. If releasing from an SQL quarantine is desired, either ensure there
are no (old) records in a table 'quarantine' with a NULL partition_tag
(e.g. replace such fields with a 0, and don't leave $partition_tag
undefined in amavisd.conf - set it to 0 for example when partitioning
is not needed), or assign a former clause to $sql_clause{'sel_quar'}
in amavisd.conf :
$sql_clause{'sel_quar'} =
'SELECT mail_text FROM quarantine'.
' WHERE coalesce(partition_tag,0)=coalesce(?,0) AND mail_id=?'.
' ORDER BY chunk_ind';
Thanks to Michael Scheidell and Thomas Gelf for pointing out the
inefficiency.
- if using Petr Rehor's amavisd-milter to call amavisd, please update it
to version 1.5.0 (or later), as earlier versions did not accept a new
attribute 'log_id', which is now included in a response from amavisd;
- a sample configuration file amavisd.conf-sample was removed from the
package - it hasn't been seriously updated for years, and it contained
lots of aged or distracting information;
- old helper programs amavis.c and amavis-milter.c are no longer distributed
with the package, along with the entire helper-progs subdirectory.
As a milter client please use the more modern 'amavisd-milter' package by
Petr Rehor, available at http://sourceforge.net/projects/amavisd-milter/
- old AM.CL protocol is no longer supported; it was provided for
compatibility with versions of AMaViS pre-dating amavisd-new, along with
its client programs: old helper programs amavis.c and amavis-milter.c.
Handling of release requests and milter requests through AM.PDP protocol
remains unaffected;
- a sample AM.PDP client program for mail submission to amavisd which was
previously distributed as 'helper-progs/amavis.pl' has been renamed to
'amavisd-submit' and slightly modernized. It provides partial functional
compatibility with a very early AMaViS client program amavis.c . It takes
a message on stdin, copies it to a temporary file, passes its name to
amavisd daemon using AM.PDP protocol, and based on the response adjusts
its exit status value so that an invoking script or program may decide
whether to deliver the mail message or not;
- mail_id and secret_id are now composed of characters from a character set
[ A-Z, a-z, 0-9, -, _ ] instead of [ A-Z, a-z, 0-9, +, - ] (i.e. now uses
underline instead of a plus) to conform to RFC 4648 base64url specification,
thus making it potentially easier to specify an id in various GUI/API
interfaces without a need for quoting a plus. The change is also reflected
in a choice of quarantine file names. Compatibility with releasing of old
quarantined messages is retained;
- relationship between mail_id and secret_id has changed and is now:
mail_id = encode_base64(md5(decode_base64(secret_id)))
(i.e. md5 is applied to 9 raw bytes of a secret id)
while previously it was:
mail_id = encode_base64(md5(secret_id))
(i.e. md5 was applied to 12 base64 characters of a secret id)
Releasing from a quarantine still understands old relationship and old
base64 encoding character set for compatibility, so no problems are
expected even when releasing a mix of old and new quarantined messages.
The change may potentially affect some third party application.
- caching of virus and spam check results based on a mail body hash has been
removed. It was very beneficial years ago when virus storms were common
and spam was not personalized. Nowadays (2011) the feature barely pays
for itself (savings are comparable to additional processing needed), and
is incompatible with per-recipient spam checks (as introduced with this
version), and incompatible with DKIM verification on locally originating
and signed mail being returned from a mailing list. Rather than trying
to fit a square peg into a round hole, the feature is now dropped.
Associated configuration variables are still declared for compatibility,
but have no effect:
$enable_global_cache,
$virus_check_negative_ttl, $virus_check_positive_ttl,
$spam_check_negative_ttl, $spam_check_positive_ttl
- a default value for $lock_file is now undefined instead of the former
default value "$helpers_home/amavisd.lock"; an undefined value lets
Net::Server choose a suitable temporary file (POSIX::tmpnam) for 'flock'
serialization on socket accept();
- updated (rarely used) AV entries 'Sophos SAVI', 'Mail::ClamAV'
and 'av_smtp' in an incompatible way (they now use ask_daemon interface
instead of a dedicated subroutine), please update your AV entries
according to the new sample file amavisd.conf;
- internal: spam_level() and spam_tests() are no longer properties of a
message but are now a property of each recipient, which makes possible
per-recipient spam checking settings (e.g. rules, bayes username, ...);
- internal: a delivery_method() is no longer a property of a message, but
is now a property of each recipient, which makes per-recipient forwarding
possible;
- internal: a load_policy_bank() takes one additional argument $msginfo,
which is passed on to any policy bank's ACTION routine if a policy bank
has one;
BUG FIXES SINCE 2.6.6
- take a more cautious approach on keeping evidence on an SMTP session
transaction state when feeding a message back to MTA. Under certain
abnormal circumstances an MTA could respond to end-of-data with a temporary
failure but retain an active transaction state while amavisd would assume
the transaction was closed, leading to a 'MAIL transaction in progress'
failure on the next message using the same cached SMTP session.
Now amavisd considers a transaction state to be unknown when there is any
doubt and closes a session instead of caching it, unless the transaction
is reliably known to be closed. Problem reported by Ralf Hildebrandt.
BUG FIXES SINCE 2.6.5
All bug fixes that were developed during a 2.7.0 developement cycle
have been backported to the 2.6 branch and released as 2.6.6.
They are all documented in release notes of the 2.6.6 release.
BUG FIXES SINCE 2.6.4
All bug fixes and some compatibility measures that were developed during
a 2.7.0 developement cycle have been backported to the 2.6 branch and
released as 2.6.5. They are all documented in release notes of the
2.6.5 release.
NEW FEATURES
- a command line option 'reload' has been renamed to 'restart', while keeping
its semantics: to stop a currently running daemon, and then promote a
process to become a new daemon. This makes a complete and independent
restart with all its benefits: can start a chrooted daemon, can access
config files or DKIM signing keys accessible only to root, can open
sockets/ports otherwise restricted to root, can change inet and unix
socket locations, their bindings and port numbers. It will also reset
SNMP counters in a database, if it is enabled.
A downside is that during a restart existing sockets are closed, so
until new sockets are re-established an MTA client experiences connection
failures, which is particularly disruptive in a pre-queue MTA setup.
- a command line option 'reload' has been re-purposed to function as a
warm restart: it now sends a HUP signal to a running daemon, then exits.
A running daemon upon receiving a HUP signal will clone its sockets,
clear their 'close-on-exec' flag, then restart itself through exec().
A reborn daemon inherits open sockets, does a normal startup (loading
perl modules and config files), then reassociates inherited sockets
with configured inet and Unix socket names, which is why these must
not be changed in a configuration file between reloads.
Sockets remain open and available to clients during the whole warm-restart
period, requests are queued by kernel (queue size is configurable through
$listen_queue_size, defaulting to SOMAXCONN, or there may not be any
queues at all when an IP stack is using SYN cookies), so apart from a
delay in connection establishment, an MTA client will not notice a restart
as long as the IP stack is willing to accept new sessions (as controlled
by listen queue size or SYN cookies). This makes the reloading method
particularly suitable for pre-queue filter setups.
A downside is that a HUP-ed daemon has already dropped root privileges
during its first start, so it must restart as a nonprivileged user
(typically 'vscan' or 'amavis'), which rules out its ability to chroot,
and requires that configuration files, DKIM signing keys files, and
perl modules must be readable by this GID or UID, otherwise a restart
fails and a daemon process no longer exists. Depending on a version
of perl and operating system in use, it might be necessary to specify
an absolute path to amavisd on the initial start. To debug warm-restart
problems it may be useful to first try a warm restart on a non-daemonized
process (started manually as: amavisd foreground, or: amavisd debug),
so that potential errors on stderr are visible.
A sensible protection of configuration files and files with DKIM keys is
to set their group ownership to vscan (amavis) and UID ownership to root,
and mode to 0640 (u=rw,g=r,o=).
A need for non-root accessibility of DKIM signing keys can be avoided
by using a new signing service daemon included with this release (see
further down: amavisd-signer).
One additional feature of a warm reload is that SNMP counters in a
database (visible through amavisd-agent or amavisd-snmp-subagent)
are not reset to zero, unlike the restart which clears them.
- on stop, restart or reload, currently busy child processes are left
to complete their current task instead of being abruptly stopped.
This minimizes a disruption experienced by MTA.
- added a client-side and server-side support for the IDENT attribute of
a Postfix XFORWARD smtp command (available since Postfix version 2.8.0).
The attribute allows passing of a local message identifier (MTA queue id)
downstream from a front-end MTA to a post-queue content filter and back
to a back-end MTA. Amavisd makes this information available through an
existing macro %Q (which was previously non-empty only in milter setups),
and as such the information appears in the log when using a default amavisd
log template. This information is also passed back to a re-entry MTA if
it announces a support for this attribute (enabled on a back-end smtpd
service with an option smtpd_authorized_xforward_hosts), so the log entries
are now easier to correlate in a post-queue filtering setup:
back-end MTA:
postfix/smtpd[72995]: 553261D1CB0: client=localhost[::1],
orig_queue_id=2F5971D1CA3, orig_client=...
post-queue content filter:
amavis[20341]: (20341-15) Passed CLEAN ...
Queue-ID: 2F5971D1CA3, queued_as: 553261D1CB0
front-end MTA:
postfix/lmtp[73130]: 2F5971D1CA3: ... relay=127.0.0.1[127.0.0.1]:10024,
status=sent (250 2.0.0 from MTA(smtp:[::1]:10025):
250 2.0.0 Ok: queued as 553261D1CB0)
- support Postfix 2.9 long queue IDs (enable_long_queue_ids=yes)
as available since postfix-20110321 by adjusted default values
of $log_short_templ and $log_verbose_templ templates;
- improved support for pre-queue content filtering setups: reorganized time
limiting on processing to obey more strictly a deadline time, which is the
sum of $child_timeout and a timestamp at the moment of a reception of a
complete message (SMTP data-end time). The deadline time is also passed
to SpamAssassin, which since version 3.3.0 supports a 'master_deadline'
option and can gracefully terminate its processing on a time limit, while
still providing results collected so far.
The setting $sa_timeout is now retired: the variable is still declared
for backward compatibility, but has no effect. Instead, the time available
for spam scanning is automatically determined from $child_timeout, taking
into consideration the actual time left till the deadline;
- $child_timeout and $smtpd_timeout settings are now dynamic, i.e. can be
changed by a policy bank, which makes it possible to support (on different
ports) both the pre-queue and post-queue (e.g. fallback) clients by the
same amavisd daemon;
- a new configuration variable $soft_bounce (also a member of policy banks)
turns rejects, bounces and discards into a temporary failure when true;
this is potentially useful as a short-term safety net when testing
configuration changes on a low-traffic server;
- added an AV entry and supporting code for Sophos-SSSP, implementing the
client side of the Sophos SSSP protocol, talking to a savdid daemon
(a replacement for Sophie) using its native protocol;
- added an AV entry and supporting code for AVIRA SAVAPI protocol,
implementing the client side of the protocol, talking to a savapi daemon;
- added an AV entry for clamdscan which can serve as a useful backup scanner,
connecting as client to a remote clamd; the supplied alternative config
file should specify the host IP and port number where clamd is running
using TCPAddr and TCPSocket options; suggested by Michael Scheidell;
- added an AV entry for ClamAV clamd streaming which can serve as a main
or backup scanner, connecting as client to a remote clamd. The client
side implements clamd zINSTREAM command, batched in a zIDSESSION / zEND
group. This approach is comparable to what is implemented in clamdscan
and is somewhat less efficient than passing only a directory name to
clamd, but has an advantage that the clamd daemon need not have direct
access to amavisd temporary files, and may even be running on a remote
host. The cost of this flexibility is additional data transfer.
Suggested by Michael Scheidell.
- lists of lookup tables (the @*_maps variables) can now contain
explicit SQL and LDAP lookup objects as their elements, instead of
(or in addition to) the implied SQL and LDAP lookups.
A new configuration setting $lookup_maps_imply_sql_and_ldap controls
whether the SQL and LDAP lookup objects are implicitly prepended
to list in @*_maps variables (when true), or not (when false).
The default value is 1 for compatibility with previous versions.
Regardless of the $lookup_maps_imply_sql_and_ldap setting, the @*_maps
lists of lookup tables/objects may now contain explicit lookup objects
for arbitrarily named SQL fields and LDAP attributes. This provides more
flexibility: the order of lookups is now configurable (previously SQL and
LDAP lookup objects were prepended to lists and thus always looked up
first), and the names of SQL fields or LDAP attributes can now be
specified as arguments to SQL and LDAP lookup objects (previously field
and attribute names were hardwired into code).
Three shorthand functions are available for creating SQL lookup (query)
objects: q_sql_s, q_sql_n, q_sql_b, and three for creating LDAP lookup
(query) objects: q_ldap_s, q_ldap_n, q_ldap_b. The _s, _n and _b suffixes
imply a data type of the expected result: a string, a numeric value, and a
boolean. Due to Perl's forgiveness a string data type can in most cases be
used as a number or as a boolean and may be used when data type conversion
and value normalization is not necessary or when a data type is not known.
Here are some examples:
@spam_kill_level_maps = (
{ # a hash-type lookup object
'user1 at example.com' => 8,
'.example.org' => 7.5,
},
q_ldap_n('amavisSpamKillLevel'), # an LDAP lookup object
q_sql_n('spam_kill_level'), # an SQL lookup object
$sa_kill_level_deflt, # a constant-type pseudo-lookup object
);
@spam_subject_tag2_maps = (
q_sql_s('subject_tag'),
);
In addition to simple scalar arguments (a field or attribute name), these
six lookup object-creating functions can take as their argument a listref
of field or attribute names, or a hashref where hash entry values are
SQL field names (or LDAP attribute names), and hash entry keys are the
result data names. Lookups resulting from such lookup objects will return
a hashref of key/value pairs instead of a single scalar result. This is
currently only useful in the @dkim_signature_options_bysender_maps list
of lookups which expects such hash results (sets of data names and their
values, i.e. entire records).
The listref argument is just a shorthand notation which can be used
in place of a hashref when field names (or attribute names) are the
same as the desired result data names. The following alternatives
are equivalent:
q_sql_s( { 'd' => 'd', 's' => 's', 'ttl' => 'ttl' } )
q_sql_s( { d => 'd', s => 's', ttl => 'ttl' } ) # perl shorthand
q_sql_s( [ 'd', 's', 'ttl' ] )
q_sql_s( [qw(d s ttl)] ) # perl shorthand
Example (artificial, not necessarily useful):
@dkim_signature_options_bysender_maps = (
q_sql_s( ['d', 's', 'ttl'] ),
q_ldap_s( ['d', 's', 'a'] ),
q_ldap_s({ d => 'sdid', s => 'amavisSelector', a => 'amavisDkimAlg' }),
{ 'postmaster at example.com' => { a => 'rsa-sha1', ttl => 7*24*3600 },
'.' => { a => 'rsa-sha256', ttl => 30*24*3600 },
},
);
- a new configuration variable $sql_store_info_for_all_msgs when turned
off requests storing information on mail messages selectively just for
quarantined messages. At the same time turning this setting off also
disables pen pals lookups. A default value is 1 (true) as before,
indicating that information on all messages is to be stored into tables
msgs, msgrcpt and maddr when @storage_sql_dsn is enabled, thus ensuring
long-term uniqueness of mail_id and proper operation of pen pals lookups;
- a new program is included with a package: amavisd-signer. It is a DKIM
signing service daemon for amavisd. It uses an AM.PDP protocol lookalike
to receive a request from amavisd and provides two services: choosing a
signing key, and signing a message digest with a chosen DKIM private key.
Amavisd uses this signing service when a $dkim_signing_service setting
is defined and nonempty, and $enable_dkim_signing is true. For each
mail message meeting the basic requirements for signing (originating,
nonspam and not infected), the first request sent to a signing service
passes some information about the message (its author, sender, recipients)
and expects the service to choose and provide a suitable signing domain
and selector (and optional signature options) when a signing key is
available and the service considers it appropriate to sign the message.
If the response does not provide a signing domain and selector,
amavisd falls back to consulting its own settings (a dkim_key() set
of signing keys, and @dkim_signature_options_bysender_maps).
The second stage of signing occurs when a signing key has been uniquely
identified during the first stage, i.e. when its signing domain and a
selector have been determined. Amavisd computes a message digest according
to DKIM specifications and passes it to the signing service, along with
the signing domain and selector name. The signing service computes the
signature and returns it as a 'b' attribute (corresponding to a 'b' tag
of a DKIM signature), from which amavisd assembles the signature header
field and inserts it into a message. The signing service may still choose
not to sign at this stage, e.g. when a private key corresponding to the
requested signing domain and selector is not available. If a signing
service is not available or cannot sign, amavisd falls back to its own
configured list of signing keys ( dkim_key() ) for backward compatibility.
The main reason for separating the signing act from the main amavisd daemon
is to make it possible to do the DKIM signing without letting amavisd
have access to private keys - following the minimal 'need-to-know'
security principles. For example, amavisd may be started as non-root or
restarted from a jail, while the independent amavisd-signer process
remains the only process with access to private signing keys (by running as
root or under a separate UID or GID or with an access to a crypto device).
Additional benefit is that more complex decisions on which signing key
to use for which mail message can be delegated to the signing service,
which can be customized (through code changes or replacing it altogether)
without touching the main amavisd daemon.
To let amavisd use a signing service, specify the signing service's
IP address and TCP port number in amavisd.conf, e.g.:
$dkim_signing_service = '127.0.0.1:20203';
matching the $inet_socket_bind and @listen_sockets settings near the
beginning of the 'amavisd-service' file, then start the signing service
and restart amavisd daemon. Currently all the settings for amavisd-service
are contained in its file, no external configuration file or command line
options are available at present.
- a constant D_TEMPFAIL has been added to a set of allowed final_*_destiny
values; mostly intended for completeness and testing;
- a new setting @listen_sockets offers a unified configuration of listening
sockets. This list may be configured directly, or the traditional way: the
$inet_socket_port and $unix_socketname just add their entries (if any)
to the @listen_sockets list, and $inet_socket_bind provides a default
binding IP address for inet or inet6 ports. Each socket specification
may either be a unix socket path (as in $unix_socketname), or an inet or
inet6 socket specification (a binding IP address as in $inet_socket_bind,
combined with a port number $inet_socket_port, delimited by a colon,
e.g. '127.0.0.1:10024', '[::1]:10024', '10024'. When only a port number
is specified without an IP address, the binding address defaults to
$inet_socket_bind, which in turn (if left undefined), defaults to all
interfaces.
An 'unspecified' binding address '0.0.0.0' implies any socket of the inet
family (IPv4), while an 'unspecified' address '::' implies any socket of
an inet6 (IPv6) family. Depending on the operating system and its settings
an inet6 socket may or may not be able to also accept inet connections.
To be able to listen on inet6 (IPv6) sockets requires version 2.0 (or later)
of the module Net::Server, or a patched Net::Server 0.99.
Example:
@listen_sockets = ( '10024', "$MYHOME/amavisd-proxy.sock",
'0.0.0.0:10010', '127.0.0.1:10012', '10026', '9998', '[::1]:10028' );
- SMTP and LMTP client code now accepts a listref of peer socket
specifications, or a single scalar specification as before. This allows
for a failover in case some server is down or refuses connections.
It also provides a simpleminded load balancing between next-hop
(re-entry) MTA servers, as the selection from a list is random.
Session caching still works, so if a recently used SMTP/LMTP session
is still open, it will be reused, in which case no server randomization
takes place for as long as the established session remains open.
Typical configuration variables where this feature is available are:
$forward_method, $notify_method, $resend_method, $release_method, and
$requeue_method, but only when the specified protocol is smtp: or lmtp:,
(not pipe:, local:, sql:, bsmtp:).
Example:
$forward_method =
[ 'smtp:[::1]:10025', 'smtp:[127.0.0.1]:10025', 'smtp:*:10025' ];
$notify_method =
[ 'smtp:*:*', 'smtp:192.0.2.10:10025' ];
It is assumed that the protocol specification scheme (e.g. 'smtp:')
of all entries in a list is the same. Mixing different protocols
in the same list of alternatives is not allowed;
- when a message is being released from a quarantine as an attachment
( $release_format = 'attach' ), it is now possible to wrap this attached
message into a password-protected ZIP archive to prevent accidental or
automatic opening of the possibly malicious original message. The chosen
password is included in the first plain text MIME part, along with an
explanation / instructions for a recipient.
Note that the purpose of password scrambling is only to prevent an
accidental or automatic opening of an attachment. It is not intended
to be a strong mechanism for keeping messages secret. There is no point
in providing excessively long / strong passwords.
A template for this first plain-text MIME part can be changed as before
by assigning a new text to $notify_release_templ (or modifying a default
template near the end of the file 'amavisd').
Three new configuration variables are added, all three are also members
of policy banks: $attachment_email_name, $attachment_outer_name, and
$attachment_password. Their default values are:
$attachment_password = ''; # no password and no ZIP wrapping
$attachment_email_name = 'msg-%m.eml';
$attachment_outer_name = 'msg-%m.zip';
The $attachment_email_name is a template for forming a name of a file,
which is then inserted into a zip archive. This name will be seen as a
filename containing an original mail message when a recipient unzips
the archive. The supplied string may contain placeholders, the same
placeholders are recognized as for filename templates used to control
quarantining. For the record, here is a complete list of placeholders
currently recognized:
%P => $msginfo->partition_tag
%b => $msginfo->body_digest
%m => $msginfo->mail_id
%n => $msginfo->log_id
%i => iso8601 timestamp of a message reception time by amavisd
%% => %
The $attachment_outer_name is a template for forming a name of a ZIP
archive which will be attached to a message. This name will end up
in a MIME sub-header field of the attachment, and as such will be used
as a filename when a recipient saves the attachment (without unzipping
it). The supplied string may contain the same placeholders as above.
The $attachment_password setting can be:
. an empty string, in which case no ZIP wrapping will occur and no
passwords are applied; also the settings $attachment_email_name and
$attachment_outer_name have (currently) no effect, as the attachment
is not a ZIP archive but the original message itself;
this is a default setting for compatibility with earlier versions;
. a fixed static string, in which case an original message is wrapped
in a ZIP archive and the archive is encrypted with this fixed string
password;
. an undefined value ( $attachment_password = undef ), in which case
a 4-digit random password (PIN) is internally generated for each
quarantine release, the rest is the same as with a fixed string;
. a subroutine reference, in which case the supplied subroutine is
called (in a scalar context), passing it a $msginfo object as
the only argument; the subroutine is expected to return a password
as a string, or die if it cannot do its job; the returned value is
then treated as one of the three cases above, i.e. an empty string
disables zipping, an undefined value invokes internal PIN generating
code, and any other value is taken as a password for encrypting
the archive.
Example use:
$release_format = 'resend'; # choices: plain, resend (default), attach
or:
$release_format = 'attach';
$attachment_password = ''; # no archive, just plain attachment
or:
$release_format = 'attach';
$attachment_password = undef; # internally generated 4-digit random PIN
or:
$release_format = 'attach';
$attachment_password = 'fooBAR'; # fixed password
or:
$release_format = 'attach';
$attachment_password = sub {
my($msginfo) = @_;
my $str = qx'pwgen -N 1 -n -B -s 6';
die "pwgen failed, exit status: $?" if $?;
die "pwgen returned empty result" if $str eq '';
return $str;
};
As the $attachment_password is a member of policy bank, it is possible
to configure amavisd to listen to release requests on two TCP ports,
for example using one to release unencrypted false-positive spam messages,
and the other to release possibly problematic infected messages.
- updated amavisd-snmp-subagent and AMAVIS-MIB.txt by adding ten
user-specifiable 64-bit counters and ten user-specifiable 32-bit gauges;
Counters are placed into OID tree under 1.3.6.1.4.1.15312.2.1.1.17
and named UserCounter1..UserCounter10, whereas gauges are placed
under 1.3.6.1.4.1.15312.2.1.1.18 and named UserGauge1..UserGauge10.
A custom hook or a policy bank ACTION hook can be used for adjusting
their values by calling snmp_count64() routine, e.g.:
Amavis::Util::snmp_count64('UserCounter3', 'UserCounter9');
or:
Amavis::Util::snmp_count( ['UserCounter4', 1234, 'C64'] );
- updated amavisd-snmp-subagent and AMAVIS-MIB.txt by adding the following
counters, all placed under 1.3.6.1.4.1.15312.2.1.1 :
.19.1 InMsgsStatusAcceptedAll same value as .2.7
.19.2 InMsgsStatusAcceptedInbound
.19.3 InMsgsStatusAcceptedOutbound
.19.4 InMsgsStatusAcceptedInternal
.19.5 InMsgsStatusAcceptedOriginating
.19.6 InMsgsStatusAcceptedOpenRelay
.20.1 InMsgsStatusRelayedUntaggedAll (no equivalent)
.20.2 InMsgsStatusRelayedUntaggedInbound
.20.3 InMsgsStatusRelayedUntaggedOutbound
.20.4 InMsgsStatusRelayedUntaggedInternal
.20.5 InMsgsStatusRelayedUntaggedOriginating
.20.6 InMsgsStatusRelayedUntaggedOpenRelay
.21.1 InMsgsStatusRelayedTaggedAll (no equivalent)
.21.2 InMsgsStatusRelayedTaggedInbound
.21.3 InMsgsStatusRelayedTaggedOutbound
.21.4 InMsgsStatusRelayedTaggedInternal
.21.5 InMsgsStatusRelayedTaggedOriginating
.21.6 InMsgsStatusRelayedTaggedOpenRelay
.22.1 InMsgsStatusDiscardedAll same value as .2.9
.22.2 InMsgsStatusDiscardedInbound
.22.3 InMsgsStatusDiscardedOutbound
.22.4 InMsgsStatusDiscardedInternal
.22.5 InMsgsStatusDiscardedOriginating
.22.6 InMsgsStatusDiscardedOpenRelay
.23.1 InMsgsStatusNoBounceAll same value as .2.10
.23.2 InMsgsStatusNoBounceInbound
.23.3 InMsgsStatusNoBounceOutbound
.23.4 InMsgsStatusNoBounceInternal
.23.5 InMsgsStatusNoBounceOriginating
.23.6 InMsgsStatusNoBounceOpenRelay
.24.1 InMsgsStatusBouncedAll same value as .2.11
.24.2 InMsgsStatusBouncedInbound
.24.3 InMsgsStatusBouncedOutbound
.24.4 InMsgsStatusBouncedInternal
.24.5 InMsgsStatusBouncedOriginating
.24.6 InMsgsStatusBouncedOpenRelay
.25.1 InMsgsStatusRejectedAll same value as .2.12
.25.2 InMsgsStatusRejectedInbound
.25.3 InMsgsStatusRejectedOutbound
.25.4 InMsgsStatusRejectedInternal
.25.5 InMsgsStatusRejectedOriginating
.25.6 InMsgsStatusRejectedOpenRelay
.26.1 InMsgsStatusTempFailedAll same value as .2.13
.26.2 InMsgsStatusTempFailedInbound
.26.3 InMsgsStatusTempFailedOutbound
.26.4 InMsgsStatusTempFailedInternal
.26.5 InMsgsStatusTempFailedOriginating
.26.6 InMsgsStatusTempFailedOpenRelay
For compatibility, the following counters appear in the MIB
at two locations (both locations present the same value):
.19.1 or .2.7 InMsgsStatusAcceptedAll
(.20.1 - InMsgsStatusRelayedUntaggedAll)
(.21.1 - InMsgsStatusRelayedTaggedAll)
.22.1 or .2.9 InMsgsStatusDiscardedAll
.23.1 or .2.10 InMsgsStatusNoBounceAll
.24.1 or .2.11 InMsgsStatusBouncedAll
.25.1 or .2.12 InMsgsStatusRejectedAll
.26.1 or .2.13 InMsgsStatusTempFailedAll
The value of a counter .2.8 InMsgsStatusRelayed is a sum of:
.20.1 InMsgsStatusRelayedUntaggedAll
.21.1 InMsgsStatusRelayedTaggedAll
Their semantics is documented in AMAVIS-MIB.txt .
Suggested by Patrick Ben Koetter.
- a policy bank may now provide a custom hook as a hash key 'ACTION'.
On loading a policy bank whose ACTION key has an associated value
being a subroutine reference, the supplied subroutine is called when
a policy bank is loaded, before its remaining keys/values are copied
to the current setting. The action routine is passed two arguments:
a $msginfo (a ref to an object containing all the information about
a message being processed), and a policy name being loaded. Note that
$msginfo may be undef if a policy bank is loaded early - before a
$msginfo object is created, such as with policy banks associated with
a port number or with client's IP address;
Example use:
$policy_bank{'TRUSTED_BOOKSHOPS'} = {
bypass_spam_checks_maps => [1],
spam_lovers_maps => [1],
ACTION => sub { Amavis::Util::do_log(2,'Buying a book?');
Amavis::Util::snmp_count64('UserCounter2'); },
};
@author_to_policy_bank_maps = ({
'amazon.com' => 'TRUSTED_BOOKSHOPS',
'amazon.co.uk' => 'TRUSTED_BOOKSHOPS',
'amazon.de' => 'TRUSTED_BOOKSHOPS',
});
- a new configuration variable @virus_name_to_policy_bank_maps has been
introduced. It allows loading of policy banks based on a virus name
as reported by virus scanners. Reported names converted to spam by a
@virus_name_to_spam_score_maps are no longer treated as virus names
and as such are not eligible to @virus_name_to_policy_bank_maps.
The @virus_name_to_policy_bank_maps is a list of lookup tables. A lookup
key is each virus name as reported by any virus scanner. A result of a
lookup is expected to be a string containing a comma-separated list of
policy bank names. Nonexistent policy banks are ignored. Duplicate names
are merged into a single name. The most suitable lookup mechanisms are
a regexp lookup and a hash lookup, as these are able to provide an
arbitrary user-specifiable result (unlike a list-based (ACL) lookup, which
can only provide a boolean value). Suggested by Patrick Ben Koetter.
Example use:
@virus_name_to_policy_bank_maps = (
new_RE( # a regexp lookup
[ qr'^(W32/MyDoom|W32/Netsky|Mal/BredoZp)' => 'VIRUS,MASS_VIRUS' ],
[ qr'\bEICAR\b'i => 'EICAR_TEST' ],
),
'VIRUS', # constant (pseudo)lookup, catchall for any other virus name
);
$policy_bank{'VIRUS'} = {
ACTION => sub { Amavis::Util::snmp_count('UserCounter1') },
};
$policy_bank{'EICAR_TEST'} = {
log_templ => $log_short_templ . ', EICAR test message, not to worry',
final_destiny_by_ccat => { CC_VIRUS() => D_BOUNCE },
};
$policy_bank{'MASS_VIRUS'} = { # mute everything using a big hammer
final_destiny_by_ccat => { CC_VIRUS() => D_DISCARD },
warnsender_by_ccat => { REPLACE => 1 },
warnrecip_maps_by_ccat => { REPLACE => 1 },
quarantine_method_by_ccat => { REPLACE => 1 },
admin_maps_by_ccat => { REPLACE => 1 },
newvirus_admin_maps => [],
log_templ => 'MASS VIRUS DROPPED, ' . $log_templ,
ACTION => sub { Amavis::Util::snmp_count('UserCounter2') },
};
- a policy bank may now be loaded based on a path name of a Unix socket
receiving a connection.
Example use:
@listen_sockets = (
"$helpers_home/amavisd.sock1",
"$helpers_home/amavisd.sock2",
"$helpers_home/amavisd.sock3",
);
$interface_policy{"$helpers_home/amavisd.sock1"} = 'UX-S1';
$interface_policy{"$helpers_home/amavisd.sock2"} = 'UX-S2';
$interface_policy{"$helpers_home/amavisd.sock3"} = 'UX-S3';
$policy_bank{'UX-S1'} = { ... };
$policy_bank{'UX-S2'} = { ... };
$policy_bank{'UX-S3'} = { ... };
- transparent archival quarantine is a special case of archive quarantining
which retains all recipient addresses unmodified in an envelope of a message
directed to a quarantine. It makes sense when $archive_quarantine_method
specifies protocols 'smtp:' or 'lmtp:' or 'bsmtp:' and a dedicated server
is used which guarantees these quarantined messages will *not* be delivered
to recipients in the envelope.
Transparent archiving is used when $archive_quarantine_to (actually the
@archive_quarantine_to_maps) results in a reserved string '%a' for all
recipients.
Think of the '%a' as a placeholder in a replacement string, being
substituted by a full original recipient address. There may be other
substitution placeholders available in the future, equivalent to
placeholders %l, %d, etc. in SQL query templates.
Example:
$archive_quarantine_method = 'smtp:127.0.0.1:7777';
$archive_quarantine_to = '%a';
@archive_quarantine_to_maps = (\$archive_quarantine_to);
or:
$archive_quarantine_method = ['smtp:[::1]:7777', 'smtp:127.0.0.1:7777'];
@archive_quarantine_to_maps = (
{ '.example.com' => '%a',
'.example.net' => '%a',
'.example.org' => 'quarantine at example.org',
'.' => undef,
}
);
The envelope sender address of messages sent to an archival quarantine
is still controlled by the $mailfrom_to_quarantine setting as before.
When this value is undef (which is a default) the envelope sender address
remains unchanged - is the same as in a received message. Any other value
replaces the original sender address, so an empty string implies a null
return path.
When delivering quarantine messages to a dedicated SMTP server it must be
ensured that the receiving server will not bounce or reject quarantine
messages or deliver them to recipients specified in the SMTP envelope!
If a receiving SMTP server announces a DSN capability in its response
to EHLO, amavisd will add option NOTIFY=NEVER with each recipient
to prevent potential backscatter. This is an additional safeguard to
prevent potential backscatter, therefore it is recommended that the
receiving quarantine server implements and announces the DSN capability.
Specifying an empty string for the $mailfrom_to_quarantine achieves the
same effect (a null return path implies NOTIFY=NEVER) thus preventing
backscatter, but loses original sender address in the envelope.
Suggested by Patrick Ben Koetter.
- as a convenience, two pre-defined logging templates are provided:
$log_short_templ and $log_verbose_templ. The former is the same as was
a default $log_templ in previous versions, the later is quite verbose
and provides most of the interesting information about a message.
An initial value of $log_templ is taken from the $log_short_templ.
To change $log_templ, either assign a new template directly as before,
or, as a shorthand if $log_verbose_templ is appropriate, just assign it,
e.g.:
$log_templ = $log_verbose_templ;
- added a configuration variable @debug_recipient_maps. Similarly to
@debug_sender_maps, a debug level logging is temporarily turned on for
the duration of processing of this message when a recipient address
matches a list of lookup tables @debug_recipient_maps;
suggested by Patrick Ben Koetter;
- internal: a delivery_method() is now a property of a recipient instead
of being a property of a message as a whole. This makes per-recipient
forwarding method selection possible. When recipients of a multi-recipient
message specify different forwarding methods, a message is forwarded in
multiple transactions, one for each unique delivery_method() setting;
i.e. recipients are clustered into sets with the same delivery_method
setting and a message for each subset of recipients if forwarded as one
transaction;
- finer custom control over the forwarding method is available through a
before_send() custom hook which may override the $r->delivery_method(...)
for all or just some of the recipients with whatever forwarding method
specification is suitable - for example a next-hop server's IP address or
its port number can be chosen based on spam score or based on a sender
domain or some other characteristics of a message or of a recipient;
- a new configuration variable @forward_method_maps (along with making
a delivery_method() a property of a recipient instead of being a property
of a message) makes per-recipient forwarding method selection possible;
suggested by Ralf Hildebrandt;
Example:
@forward_method_maps = ({ # use lowercase keys with hash-type lookups!
'user at example.com' => 'smtp:[::1]:10025',
'.sub1.example.com' => 'smtp:[::1]:10026',
'.sub2.example.com' => 'smtp:[::1]:10027',
'.example.net' => 'smtp:[127.0.0.1]:10025',
'.example.org' => [ 'smtp:[192.0.2.9]:125', 'smtp:[2001:db8::f]:125' ],
'.' => $forward_method,
});
- a new configuration variable %forward_method_maps_by_ccat allows the
forward_method_maps to depend on content type and allows per-recipient
specification of a forward method, such as specifying a next hop MTA's
IP address and port number. This offers new possibilities to control
mail routing for purposes like implementing sender reputation schemes
which dynamically choose an SMTP source IP address (typically of
outgoing mail) based on the contents of a mail message or based on
recipient's e-mail address or domain. This needs to be complemented
by a suitable configuration of an MTA, such as Postfix 2.7.0 or later.
The default is to use the $forward_method setting, ensuring compatibility.
There is no need to specify entries for content types which are not being
forwarded (often: CC_VIRUS, CC_BANNED, CC_SPAM).
Example use:
$forward_method = 'smtp:[127.0.0.1]:10025';
%forward_method_maps_by_ccat = (
CC_BADH.',3', [ 'smtp:*:10027' ],
CC_BADH.',4', [ 'smtp:*:10027' ],
CC_BADH.',5', [ 'smtp:*:10027' ],
CC_BADH.',6', [ 'smtp:*:10027' ],
CC_BADH.',8', [ 'smtp:*:10027' ],
CC_SPAMMY, [ 'smtp:[192.0.2.22]:10025' ],
CC_CATCHALL, sub { ca('forward_method_maps') },
);
- added a global configuration setting $allow_preserving_evidence, defaults
to true. Turning it off disables preserving temporary files (as evidence)
in case of trouble, which is potentially useful for unattended and
unmonitored operation. The setting has no influence on preserving evidence
in case of @debug_sender_maps or @debug_recipient_maps triggering, which
always preserves evidence;
- an entry for CC_UNCHECKED was added to %admin_maps_by_ccat, defaulting
to @virus_admin_maps. Hence administrator notifications are also sent
for messages which cannot be decoded (e.g. are encrypted or contain
a mangled archive) if virus administrator notifications are enabled.
To turn off sending administrator notifications for unchecked contents:
delete $admin_maps_by_ccat{&CC_UNCHECKED};
- to avoid a need to directly manipulate the *_by_ccat settings, a set
of individual configuration variables associated with CC_UNCHECKED
contents category was added, with their default values compatible
with earlier versions of amavisd:
$final_unchecked_destiny = D_PASS;
$unchecked_quarantine_method = undef;
$unchecked_quarantine_to = 'unchecked-quarantine';
@unchecked_quarantine_to_maps = (\$unchecked_quarantine_to);
LDAP attribute: amavisUncheckedQuarantineTo
SQL field: unchecked_quarantine_to
- a failure of all virus scanners no longer automatically tempfails the
operation, but flags a message with a CC_UNCHECKED contents category
(just like a failure of decoders/dearchivers), and allows the usual
controls (*_destiny, *_quarantine_*) to be used to choose behaviour;
for example:
$final_unchecked_destiny = D_TEMPFAIL;
$unchecked_quarantine_method = 'local:unchecked/%m.gz';
To revert to a previous behaviour where a failure of all virus scanners
resulted in a temporary failure, set the $virus_scanners_failure_is_fatal
to true, e.g.:
$virus_scanners_failure_is_fatal = 1;
The setting $virus_scanners_failure_is_fatal is a member of policy banks.
- support decompression of a .xz file format and legacy .lzma file formats
through XZ Utils ( http://tukaani.org/xz/ ) if an entry with a decoding
program is found in the @decoders list; it defaults to finding a program
'xz' or 'xzdec' in the $path ;
- added two new functions: iso8601_year_and_week() and iso8601_yearweek()
to accompany the existing function iso8601_week(); they all provide
a week-of-the-year number (ISO 8601 / EN 28601, 1..53, in local time zone)
given a Unix timestamp (seconds since 1970-01-01T00:00Z) as an argument,
optionally together with the corresponding year number. The result is an
integer or a pair of integers as follows:
$w = iso8601_week($unix_time); # e.g. 49
$yw = iso8601_yearweek($unix_time); # e.g. 201049
($y, $w) = iso8601_year_and_week($unix_time); # e.g. (2010,49)
Semantics is equivalent to PostgreSQL extract(week from ...), and
to MySQL week(date,3). These functions can be useful for assigning
to a $partition_tag (in amavisd.conf), e.g.:
$partition_tag =
sub { my($msginfo)=@_; iso8601_week($msginfo->rx_time) };
or:
$partition_tag =
sub { my($msginfo)=@_; iso8601_yearweek($msginfo->rx_time) };
or based on a day of a week for short-term cycling (Mo=1, Tu=2,... Su=7):
$partition_tag =
sub { my($msginfo)=@_; ((localtime($msginfo->rx_time))[6]+6)%7+1 };
(a note from a future: starting with 2.8.0 the following is equivalent:
$partition_tag =
sub { my($msginfo)=@_; iso8601_weekday($msginfo->rx_time) };
)
Suggested by Michael Scheidell.
- the two placeholders %k and %a in templates for SQL lookup clauses
$sql_clause{'sel_policy'} (i.e. $sql_select_policy) and
$sql_clause{'sel_wblist'} (i.e. $sql_select_white_black_list)
were augmented by four new placeholders: %l, %u, %e, and %d,
potentially facilitating forming of more complex SQL queries;
suggested by Marco Fretz.
The following replacements are made:
%a -> exact/unmodified e-mail address (same as the first entry in %k)
%l -> full unmodified localpart (all up to, but not including the '@')
%u -> lowercased username (a localpart without extension)
%e -> lowercased address extension (including a delimiter), if any
%d -> lowercased domain (without '@')
%k -> a list of lookup strings, as before (see below)
For example, given an e-mail address: User+Foo at Sub.Example.COM
the placeholders would be substituted by:
%a User+Foo at Sub.Example.COM
%l User+Foo
%u user
%e +foo
%d sub.example.com
%k User+Foo at sub.exAMPLE.COM
user+foo at sub.example.com
user at sub.example.com
user+foo
user
@sub.example.com
@.sub.example.com
@.example.com
@.com
@.
- per-recipient (or per- policy bank, or global) SpamAssassin configuration
files or SQL configuration sets are now supported (the @sa_userconf_maps
setting, a policy.sa_userconf SQL field). A multi-recipient message whose
recipients map to different configuration sets will be checked by calling
SpamAssassin multiple times, once for each unique SpamAssassin configuration
set. A configuration set is either a filename, or a set of SQL records
obtained from SpamAssassin's user_scores_dsn SQL database by calling its
method load_scoreonly_sql().
A lookup on a list of lookup tables @sa_userconf_maps may return undef
or an empty string implying no user preferences file, or may provide a
file name (absolute path, or relative to $MYHOME) of a SpamAssassin's
'user preferences' configuration file, or may start with a string 'sql:'
which implies loading user preferences from a user_scores_dsn SQL database
(as declared in a SpamAssassin's configuration file) for a username
provided by a lookup on @sa_username_maps (see further down).
SpamAssassin will be requested to load a user preferences configuration
through its read_scoreonly_config() or load_scoreonly_sql() method, which
otherwise (in spamd) serves to load user's .spamassassin/user_prefs file
or SQL preferences when switching users. See SpamAssassin documentation
file sql/README for SQL details.
SpamAssassin's SQL database is only consulted if user_scores_dsn is
declared in a SpamAssassin configuration file, and the @sa_userconf_maps
returns a string starting with 'sql:' (case insensitive, the rest of the
string is currently ignored). If a username as provided by a lookup on
@sa_username_maps equals the username under which amavisd was started,
SpamAssassin's SQL preferences for that username will not be loaded - it
is assumed that preferences for a default username are empty, i.e. that
it uses a default SpamAssassin configuration.
Each time that currently loaded configuration needs to be replaced
by another or restored to a systemwide default, an initial SpamAssassin
configuration is restored through SpamAssassin's copy_config() method.
Note that saving an original SpamAssassin configuration, loading a user
configuration, and restoring to the original configuration does not come
cheap: it can take 200 ms for a load and restore, and 370 ms for the
initial saving of the configuration (saving is only done once per child
process, and only if needed). Saved configuration can occupy additional
2 MB of virtual memory, so use the feature sparingly. No penalty occurs
until a child process does its first loading of a user configuration, so
rarely activated or inactive policy banks or per-recipient setting using
this feature do not cause any additional processing or occupy additional
memory.
According to SpamAssassin documentation, a user preferences file or SQL
preferences can include scoring options, scores, whitelists and blacklists,
etc. If 'allow_user_rules' is enabled (local.cf), then user preferences
file can also include rule definitions and privileged settings - but not
administrator settings.
The feature is only available since SpamAssassin 3.3.0.
Example:
@sa_userconf_maps = (
{ 'user1 at example.com' =>
'/etc/mail/spamassassin/special_user_config',
'.example.org' => 'sql:',
}
);
Based on a suggestion by Alexander Wirt and initially based on his patch;
- added a global configuration setting $sa_num_instances with a default
value of 1, which is the only sensible setting for sites not using
per-recipient SpamAssassin configuration switching (as described in
the previous section).
The $sa_num_instances controls the number of Mail::SpamAssassin objects
(instances) created by a parent amavisd process during a startup. Each
SpamAssassin instance does its own initialization (loading of rules and
configuration settings) during a program startup and occupies a sizable
portion of virtual memory (like 7 MB on a 64-bit platform with SA 3.4
rules).
When switching SpamAssassin configurations (@sa_userconf_maps), and given
more than one instance of the Mail::SpamAssassin object, amavisd has a
choice of picking an instance which may already have loaded a selected
user configuration file previously, and thus save some time by not having
to store and reload SpamAssassin state again. This may be beneficial
for example when a sizable portion of users use a default SpamAssassin
configuration, while other users need a per-user or per-domain preferences
settings;
Note that as of SpamAssassin 3.3.2 some features (like compiled rules)
are global and not a property of a SpamAssassin instance object.
The problem is tracked in the SpamAssassin project as Bug 6236.
Until this is resolved please consider the feature experimental.
- per-recipient (or per- policy bank) SpamAssassin SQL database usernames
are supported (setting @sa_username_maps, a policy.sa_username SQL field).
This makes it possible to implement per-user or per-user-group or
per-domain Bayes databases when SpamAssassin is configured to keep
its Bayes database on an SQL server. It also makes it possible to load
per-recipient SpamAssassin preferences (configurations) from an SQL
database (as described in a previous section).
Switching between Bayes usernames is cheap compared to switching between
SpamAssassin configuration files. A multi-recipient message whose
recipients map to different usernames will be checked by SpamAssassin
multiple times, once for each unique username;
Example:
@sa_username_maps = (
{ 'user1 at example.com' => 'user1',
'user2 at example.com' => 'user2',
'.example.com' => 'user_ex',
}
);
- passes a value of $originating flag to SpamAssassin through its
suppl_attrib argument in a $spamassassin->parse call; it is expected
that this information would be treated by SpamAssassin 3.4.0 similarly
to msa_networks;
- a new configuration variable $mail_id_size_bits allows setting the size
of randomly generated mail_id and secret_id codes which are used to
identify a message on releasing it from a quarantine, and are used as a
key when logging to SQL (penpals) or storing to quarantine. The variable
specifies a length of mail_id in bits, and must be an integral multiple
of 24 (i.e. must be divisible by 6 and by 8). The mail_id is represented
externally as a base64url-encoded string of $mail_id_size_bits / 6
characters, and internally as a string of $mail_id_size_bits / 8 octets.
The default value is 72 bits, as in previous versions.
Sensible values are 48, 72 and 96 bits.
See entry "introduce a concept of 'mail_id'" in amavisd-new-2.3.0 release
notes for probability analysis of collisions. The default size should fit
all practical current needs.
The size of SQL fields msgs.mail_id, msgs.secret_id, msgrcpt.mail_id and
quarantine.mail_id may need increasing to accommodate $mail_id_size_bits/6
characters if using a non-default value of $mail_id_size_bits.
See also the next entry regarding a type for these fields.
- SQL fields msgs.mail_id, msgs.secret_id, msgrcpt.mail_id and
quarantine.mail_id must be treated case-insensitively. A suitable data
type for these fields in PostgreSQL is bytea, and varbinary in MySQL
(of size 12 or 16 characters). In order not to lose entropy in mail_id,
and not to increase a probability of collisions, please check existing
database schema and adjust as necessary, either a data type, or chose
a case-sensitive collation setting. See README.sql-pg and README.sql-mysql
for an ALTER command to change data type of these fields.
- added optional SQL and LDAP lookups for @spam_tag3_level_maps
(sql field: policy.spam_tag3_level, ldap attribute: amavisSpamTag3Level),
and for @spam_subject_tag3_maps (sql field: policy.spam_subject_tag3,
ldap attribute: amavisSpamSubjectTag3); suggested by Thomas Johnson;
- added the following LDAP settings to $default_ldap:
sslversion, clientcert, clientkey, cafile, capath, verify,
sasl, sasl_mech, sasl_auth_id, localaddr, scheme, inet6;
allows bind authentication with a certificate or SASL and allows
connections to an LDAP server over IPv6;
based on a patch by Christian Roessner;
- added macros ADDEDHEADERHAM and ADDEDHEADERSPAM, which expand
to newly generated header fields which SpamAssassin prepared for
insertion into a header section, in case the message is eventually
declared to be nonspam or spam respectively; this information is
available from SpamAssassin since version 3.3.0;
- macro 'dkim' now recognizes two additional keywords: 'selector',
'sig_sd', and 'newsig_sd', see README.customize for details;
in particular, the 'newsig_sd' allows to add information on newly
applied signature to a main log entry, and is now included in a
default log template;
- added a macro 'mime2utf8' which takes a string as its first argument,
and an optional truncation length as the second. The string is decoded
as a MIME-Header string (understands Q or B character set encodings
like =?iso-8859-2?Q?...?=, =?koi8-r?B?...?=) and is converted to UTF-8,
optionally truncated to the specified size at clean UTF-8 boundaries,
and returned as a result. Suggested by Bastian.
The macro is useful in a logging template or in notification templates
to decode Subject or From header fields, e.g.:
[? [:header_field|Subject]||,\
Subject: [:dquote|[:mime2utf8|[:header_field|Subject]|100]]]#
- added a macro 'client_helo', which provides a client-supplied EHLO/HELO
domain name of the original SMTP session. The information is obtained
through an XFORWARD extension to an SMTP protocol as provided by Postfix,
or through a 'helo_name' attribute in an AM.PDP request.
Add something like:
, helo=[:client_helo]#
to the log template if it needs to be logged. Suggested by Xueron Nee;
- added a macro 'client_addr' which is a synonym for macro 'a';
the information is obtained through an XFORWARD extension to an SMTP
protocol as provided by Postfix, or through a 'client_address'
attribute in an AM.PDP request; if neither of these are available,
the client's IP address is parsed from a topmost Received header field;
- added a macro 'client_port', yields a TCP source port number of an
original SMTP session; the information is obtained through an XFORWARD
extension to an SMTP protocol as provided by Postfix, or through a
'client_port' attribute in an AM.PDP request. See RFC 6302;
- added a macro 'client_addr_port' which combines a client's IP address
and a TCP source port number (if available) of an original SMTP session;
it is similar to:
\[[:client_addr]\]:[:client_port]
or when a port number is not available:
\[[:client_addr]\]
This macro is now included in a default main log template, so the TCP
source port number is logged along its IP address. This information is
useful in reporting abuse (e.g. client behind a NAT), troubleshooting,
forensics and law enforcement. If this information is not desired, one
may assign a customized template to the $log_templ configuration variable.
See RFC 6302: Logging Recommendations for Internet-Facing Servers.
Suggested by Rok Potočnik.
- added a macro 'banned_parts_as_attr' and an associated per-recipient
attribute banned_parts_as_attr(); it provides the same information as
a macro 'banned_parts' and its associated attribute banned_parts(),
but uses a different syntax, possibly facilitating parsing and reporting
names or types or location of banned parts.
The following example illustrates the difference. A result is a single
string in both cases, wrapped here for clarity, and shows a path in a
message tree of a banned leaf node:
a macro 'banned_parts' can yield:
multipart/mixed |
application/octet-stream,.rar,Setup1.1.rar |
.exe,.exe-ms,setup.exe
while a macro 'banned_parts_as_attr' yields:
P=p003,L=1,M=multipart/mixed |
P=p002,L=1/2,M=application/octet-stream,T=rar,N=Setup1.1.rar |
P=p007,L=1/2/4,T=exe,T=exe-ms,N=setup.exe
for the same banned part in a message.
The single-character attribute names are unchanged from previous versions.
For documentation, here is a legend:
P: part's base name, i.e. a file name in a ./parts/ temporary directory
L: part's location (path) in a mail tree (branch enumeration, top-down)
M: MIME type as declared in MIME header fields of a message
T: short part's content type according to a file(1) utility and mapped
through @map_full_type_to_short_type_maps
N: declared part names (none, one or more), as declared in MIME header
fields or in an archive (tar, zip, ...)
A: part's attributes as follows:
U=undecodable, C=crypted, D=directory, S=special(device), L=link
- macro 'header_field' and its alias 'HEADER' now has an optional third
parameter (index), which chooses the header field in case of multiple
header fields of the same name; the default (-1) is to return the last
(bottommost) occurrence, as before; see README.customize for details;
- added a macro 'actions_performed', which expands into a comma-separated
list of words: Accepted, Relayed(Untagged), RelayedTagged, Discarded,
Rejected, Bounced, NoBounce or TempFailed, followed by a mail flow
direction word: Inbound, Internal, Outbound or OpenRelay. For brevity
the 'RelayedUntagged' status appears in this list as 'Relayed'.
Additionally, the list may include words Quarantined and Archived.
For multirecipient messages it is possible that the list includes
more than one combination.
The purpose of this macro is to augment the bare-bones 'Passed CLEAN'
or 'Blocked SPAM' in the main log entry. For this purpose the default
log template now includes this macro call. If the additional information
is not desired in the log, please assign a customized template to the
$log_templ configuration variable.
Some examples of the new log entries:
Passed CLEAN {RelayedOutbound}, ...
Passed CLEAN {RelayedInbound}, ...
Passed CLEAN {RelayedInternal,RelayedOutbound}, ...
Passed SPAMMY {RelayedTaggedInbound}, ...
Blocked SPAM {RejectedInbound,Quarantined}, ...
Blocked INFECTED (Mal/BredoZp-B) {DiscardedInbound,Quarantined}, ...
Semantics of entries in the 'actions_performed' list corresponds
to the newly added SNMP variables 1.3.6.1.4.1.15312.2.1.1.19 - .26
(with the exception that 'RelayedUntagged' counter is abbreviated
in this macro as 'Relayed'). Please see their detailed description
in a file AMAVIS-MIB.txt .
- added a macro 'rusage', which expands to a resource usage entry as provided
by a system service getrusage(2); the argument to the macro should be one
of the field names in the structure rusage (see getrusage(2) man page),
e.g. ru_utime, ru_stime, ru_maxrss, ru_ixrss, ru_idrss, ru_isrss,
ru_minflt, ru_majflt, ru_nswap, ru_inblock, ru_oublock, ru_msgsnd,
ru_msgrcv, ru_nsignals, ru_nvcsw, ru_nivcsw; the information is only
provided if an optional perl module Unix::Getrusage is available;
- SpamAssassin-compatible macros 'YESNO' and 'YESNOCAPS' now optionally
accept two string arguments, replacing the default strings 'Yes' and 'No'
in the result;
- settings $enable_dkim_verification and $enable_dkim_signing are now
dynamic, i.e. became members of policy banks, thus facilitating
selectively enabling or disabling these features on a policy bank basis;
- internal: added a message property object dkim_signwith_sd() which allows
custom hooks to provide the DKIM signing code with a selector and a
domain name preferred for choosing a signing key. If this information is
not available the signing code will consult an external signing service
if provided ($dkim_signing_service), or else use the built-in algorithm
for choosing a signing key. A custom hook may provide the information
as follows:
$msginfo->dkim_signwith_sd( ['some_selector', 'some_domain'] );
After a successful signing, the dkim_signwith_sd will contain a pair
[selector,domain] which was actually chosen for signing;
- recognize and insert header fields as prepared by SpamAssassin 3.3.0
or later through its 'add_header' configuration option; some of the
standard X-Spam-* header fields are still overruled by equivalent ones
generated by amavisd itself, primarily to provide true per-recipient
handling; header field names must still be listed in the associative
array %allowed_added_header_fields in order to be inserted;
overrides are configurable through %prefer_our_added_header_fields,
for example:
$prefer_our_added_header_fields{lc('X-Spam-Status')} = 0;
- added an attribute 'log_id' to server responses in an AM.PDP protocol,
allowing the client to match its request with the amavisd daemon logging;
- added LDAP attributes: amavisAddrExtensionVirus,
amavisAddrExtensionSpam, amavisAddrExtensionBanned, and
amavisAddrExtensionBadHeader for consistency with SQL;
suggested by Stefan Palme;
- added LDAP attributes: amavisSpamTag3Level, amavisSpamSubjectTag3,
amavisUncheckedQuarantineTo, amavisCleanQuarantineTo, amavisUncheckedLover,
amavisForwardMethod, amavisSaUserConf and amavisSaUserName for consistency
with SQL;
- added LDAP attribute amavisDisclaimerOptions, along with its corresponding
SQL field 'disclaimer_options'. It finds its way to the list of lookup
tables @disclaimer_options_bysender_maps, so the replacement of the
_OPTIONS_ placeholder in @altermime_args_disclaimer could be made dynamic;
suggested by Quanah Gibson-Mount;
- for consistencly, added LDAP attribute amavisUncheckedLover, along
with its corresponding SQL field 'unchecked_lover' and a statical
list of lookup tables @unchecked_lovers_maps, which appears in the
%lovers_maps_by_ccat. Previously the CC_UNCHECKED entry of the
%lovers_maps_by_ccat was (ab)used, and shared the @virus_lovers_maps
value. Suggested by Patrick Ben Koetter;
- added a variable $myprogram_name, which defaults to a program name
(perl variable $0), but may be modified in a configuration file typically
depending on a value of $instance_name. It is used to dynamically change
a process name in $0, which shows up in a ps(1) and top(1) output on
most Unix systems. Along with $syslog_ident, it offers a handy way to
distinguish amavisd instances.
- if running other spam scanners besides SpamAssassin through a @spam_scanners
mechanism (such as DSPAM or CRM114), make header fields produced by them
visible to SpamAssassin too, so that its rules can benefit from additional
information. Note that in order for SpamAssassin to be able to see such
header fields from other scanners, such scanners must be listed in the
@spam_scanners list *before* the 'SpamAssassin' entry. Suggested by Marco.
OPTIMIZATIONS
- rewritten a code section on receiving SMTP/LMTP DATA, replacing perl
line-by-line reads & processing by reading & processing 32 kB chunks
of data at a time; as a result, data transfer rate has been increased
by a factor of about 3.9 for plain text session, and by a factor of 11
for encrypted (TLS) session.
Measured data rates of an SMTP DATA transfer between Postfix and amavisd
on a loopback interface:
No TLS (no session encryption):
. amavisd receiving, old code: 8.3 MiB/s
. amavisd receiving, new code: 32.3 MiB/s
. amavisd sending: 18 MiB/s
With TLS (encrypted session, AES256-SHA):
. amavisd receiving, old code: 1.0 MiB/s
. amavisd receiving, new code: 11.2 MiB/s
. amavisd sending: 4.3 MiB/s
- save about 6 MB of virtual memory per amavisd child process by properly
deleting some larger data items from variables, known not to be reused;
thanks to the insight of Perl Monks (ikegami) in:
http://www.perlmonks.org/?node_id=803515
- speed up lookup_ip_acl lookups on larger lists of CIDR network addresses
(like @mynetworks and @inet_acl list) by using a radix trie (Patricia Trie)
representation; the patricia trie is used when a module Net::Patricia
is available and a list contains more than 20 elements; minimal required
version of Net::Patricia is 1.015;
- avoid entering and exiting a block in most map() and grep() calls saves
on opcodes, achieving a small reduction of code size and a tiny speedup;
- 'use constant' for CC_* and D_* constants allows perl to inline them;
OTHER
- provide a workaround for a Perl 5.8.9 bug #62502, where O_WRONLY, O_APPEND
and other Fcntl constants can become tainted; this is an application of
the same workaround as already applied in 2.6.3, but covers two additional
code sections; the bug could manifest itself as a taint problem during
opening a pipe to an external mail submission problem. This only affects
perl 5.8.9; the 5.8.8 and 5.10.0 are fine. Tracked down and a patch
provided by Petr Rehor;
- RFC 5617 now defines an "Author Domain Signature" as a valid signature
in which the domain name of the DKIM signing entity, i.e., the d= tag in
the DKIM-Signature header field, is the same as the domain name in the
Author Address. The change came with draft-ietf-dkim-ssp-10; previously
the "Author Domain Signature" was based on an 'i' tag (identity).
This change is now followed by amavisd-new 2.7.0 in macro 'dkim', in
evaluation of the @author_to_policy_bank_maps list, in internal attribute
dkim_author_sig(), and reflected in logging. Similarly, the evaluation of
@signer_reputation_maps is now based on a signing domain ('d' tag), instead
of the 'i' tag as previously. The change only affects signatures where
the domain name of a signing identity is a subdomain of a signing domain
(not identical to the signing domain), which is rare in current practices.
- updated generating and parsing of Authentication-Results headear
field according to RFC 5451 and RFC 6008 - previously it followed
a draft-kucherawy-sender-auth-header. This header field is now also
inserted for new DKIM signatures as just-generated and inserted to a
passed internal-to-internal message when it is eligible for signing;
suggested by Florian Effenberger.
- added a setting $myauthservid, also a member of policy banks, which
controls the "authserv-id" token in the Authentication-Results header
field, according to RFC 5451. Its default value is $myhostname as before.
Its value must comply with the RFC 5451 syntax ("dot-atom"). Having a
separate control may facilitate setups where a message is processed by
amavisd more than once, e.g. for DKIM signing of a mailing list fanout
messages, where the second pass should not remove an Authentication-Results
header field from a first pass.
- updated ARF notifications to RFC 5965 (An Extensible Format for Email
Feedback Reports); the $report_format = 'arf' implementation was based
on ARF draft, now it complies with RFC 5965;
- tightened some sanity limits on DKIM verification to better handle
mail messages with a huge number of signatures; problem reported
by Tuomo Soini;
- amavisd.conf: added file types ini, lib, ocx, sys, vxd to the commented-out
long list of file types in $banned_filename_re, along with a commented-out
list of type names for consideration: asd, asf, asx, url, vcs, wmd, wmz;
- updated default @virus_name_to_spam_score_maps with new or changed entries:
[ qr'^(Heuristics\.)?Phishing\.' => 0.1 ],
[ qr'^Doppelstern\.(Scam4|Phishing)' => 0.1 ],
[ qr'^ScamNailer\.Phish\.' => 0.1 ],
[ qr'^HTML/Bankish' => 0.1 ],
thank to Giampaolo Tomassoni for Heuristics.Phishing and HTML/Bankish;
- when inserting a subject tag into a Subject header field, remove
existing copies of the same string first to avoid subjects like
"***UNCHECKED*** Fwd: ***UNCHECKED*** Re: foo bar" ; based on a
patch by Thomas Arendsen Hein;
- p0f-analyzer.pl: convert an 'IPv4-mapped IPv6 addresses in alternative
form' to an IPv4 address, otherwise the p0f-analyzer.pl would ignore
such queries, as the p0f daemon did not handle IPv6 until version 3.
The 'IPv4-mapped IPv6 addresses' is returned for an IPv4 connection
when TCP/IP stack is configured to allow inet6 sockets to accept inet
sessions; problem reported by Vytautas Kasparavicius;
- suppress generating a non-delivery notification if a SpamAssassin test
DKIM_ADSP_DISCARD is hit, honouring RFC 5617;
- amavisd.conf: commented-out calls to do_ascii to match defaults in the
amavisd program; the uulib code (as invoked by Convert::UUlib) has a
history of stability problems, seems it is causing more grief compared
to the benefits it brings;
- new AV entry for 'Avira for UNIX 3.x', thanks to g0rbi, Thomas Mueller,
Steffen Ille, Klaus Fuerstberger and Andreas Schulze;
- add three more exception cases to mercifully ignore an EBADF I/O error
due to a Perl bug on line-by-line reading;
- entries 'SpamAssassin' and 'SpamdClient' in the @spam_scanners list
now recognize options 'mail_body_size_limit' and 'score_factor', to match
their behaviour with 'DSPAM' and 'CRM114' entries;
- dropped a logging level (from -1 to 2) on a warning message:
INFO: dot-stuffing error (only one leading dot): ...
as Postfix in a pre-queue proxy filtering setup does not do any dot-stuffing
sanitation, so garbage in the DATA section as received by a Postfix smtpd
service comes unchanged to a proxy filter; reported by Ralf Heidenreich,
confirmed by Victor Duchovni and Wietse Venema;
- use module File::Temp to create a temporary working directory, instead
of using a home-brewed code; as a result, these directory names are now
a bit longer;
- avoid slurping the whole directory contents into memory when recursively
tidying, removing, or checking a temporary directory, when purging old
database files on a restart, and when preparing a list of files to be
scanned;
- collect a couple of random bytes from /dev/urandom (if available)
at a start of the main process and at each child process birth (when
our entropy pool is rather depleted), then stir our entropy pool and
perl's srand() to prevent File::Temp from working with the same
pseudorandom sequence in each child process;
- reworked fetching random bits from entropy pool and deriving mail id
from secret id (after re-reading RFC 4086); much less of the private
entropy accumulator is now exposed to observers; added a new function
fetch_entropy_bytes(), dropped a function fetch_entropy();
- a macro %S no longer corresponds to sender_contact, which was a relict
from times of early viruses; for compatibility with existing templates
it is now equivalent to %s, but should no longer be used and might be
retired or re-purposed with the next version; default notification
templates were adjusted accordingly - please adjust your customized
templates if using them;
- drop dependency on Digest::SHA1;
- README.chroot: document that sa-update needs to update rules in the jail
and refresh the text somewhat; thanks to Francois Rolland;
CLEANING
- retired often misused settings $warnvirussender and $warnspamsender
(but kept marginally useful $warnbannedsender, $warnbadhsender, and their
parent %warnsender_by_ccat). To bounce or reject viruses and spam use
D_REJECT and D_BOUNCE settings for corresponding $final_*_destiny. It
is no longer supported to both deliver (D_PASS) a virus or spam message
while also sending a notification to sender. Both retired variables are
still declared for compatibility with old config files, but their value
is ignored. An attempt to set their value to a non-default value produces
a warning.
- retired a setting $syslog_priority, it was not particularly useful since
the introduction of dynamic syslog priorities with amavisd-new-2.0 .
The new behaviour is equivalent to a previous $syslog_priority='debug';
The variable is still declared for compatibility with old config files,
but its value is ignored. An attempt to set its value to a non-default
value produces a warning.
- retired a setting $SYSLOG_LEVEL, it was obsoleted by amavisd-new-2.4.0;
please use the setting $syslog_facility instead, defaulting to
$syslog_facility='mail' . The variable $SYSLOG_LEVEL is still declared
for compatibility with old config files, but its value is ignored.
An attempt to set its value to a non-default value produces a warning.
- renamed $DO_SYSLOG to $do_syslog, and $LOGFILE to $logfile; old names
are kept as aliases for compatibility;
- retired a setting $relayhost_is_client, it became obsolete with
amavisd-new-2.0. Please use a '*' in place of a host IP address and
port number when amavisd should pass a checked mail message back
to the same host from which the request came, e.g.:
$forward_method = 'smtp:*:*';
The variable is still declared for compatibility with old config files,
but its value is ignored. An attempt to set its value to a non-default
value produces a warning.
- retired a setting $sa_timeout, the variable is still declared for
backward compatibility, but has no effect. Instead, the time available
for spam scanning is automatically determined from $child_timeout,
taking into consideration the actual time left till the deadline;
An attempt to set its value to a non-default value produces a warning.
- retired a setting $sa_spam_report_header, it was obsoleted in
amavisd-new-2.4.3 with the introduction of %allowed_added_header_fields.
To enable insertion of X-Spam-Report header field, please use instead:
$allowed_added_header_fields{lc('X-Spam-Report')} = 1;
The variable is still declared for compatibility with old config files,
but its value is ignored. An attempt to set its value to a non-default
value produces a warning.
- retired settings $sa_spam_modifies_subj and @spam_modifies_subj_maps.
Disabling insertion of spam tag into a Subject header field can be achieved
by turning off the corresponding entries in %subject_tag_maps_by_ccat:
undef $subject_tag_maps_by_ccat{CC_SPAM()};
undef $subject_tag_maps_by_ccat{CC_SPAMMY.',1'};
undef $subject_tag_maps_by_ccat{CC_SPAMMY()};
undef $subject_tag_maps_by_ccat{CC_CLEAN.',1'};
or by emptying corresponding lists of lookup tables, e.g.:
@spam_subject_tag_maps = ();
@spam_subject_tag2_maps = ();
@spam_subject_tag3_maps = ();
or individually (by-recipient) by specifying suitable lookup tables in
@spam_subject_tag_maps / @spam_subject_tag2_maps / @spam_subject_tag3_maps,
either statically, or through SQL or LDAP lookups;
Both settings are still declared for compatibility with old config files,
but their value is ignored. An attempt to set the value of a variable
$sa_spam_modifies_subj to a non-default value produces a warning.
- retired a setting $insert_received_line, it was obsoleted in
amavisd-new-2.4.3 with the introduction of %allowed_added_header_fields.
To disable insertion of a Received header field, please use instead:
$allowed_added_header_fields{lc('Received')} = 0;
The variable is still declared for compatibility with old config files,
but its value is ignored. An attempt to set its value to a non-default
value produces a warning.
- retired a setting $notify_xmailer_header, the X-Mailer header field is
not inserted into notifications, as was a default. The variable is still
declared for compatibility with old config files, but its value is ignored.
An attempt to set its value to a non-default value produces a warning.
- retired a setting $sa_auto_whitelist, it became obsolete with
amavisd-new-2.1.0 and SpamAssassin 3.0.0 (released in 2004)
by a 'use_auto_whitelist 1' option in local.cf . The variable is still
declared for compatibility with old config files, but its value is ignored.
An attempt to set its value to a non-default value produces a warning.
- retired a deprecated macro 'x-mailer', use macros 'header_field' or
'useragent' instead;
- removed a constant CC_TEMPFAIL, it was retired with amavisd-new-2.5.0;
- renamed a configuration variable $sql_partition_tag to $partition_tag
in order to reflect its more general usage outside of SQL; the old name
$sql_partition_tag is retained for compatibility and is an alias for
$partition_tag;
- dropped compatibility of $final_*_destiny settings with old numerical
values (used by versions of amavisd older than amavisd-new-20030314);
- internal: retire Amavis::In::Message::client_addr_mynets, no longer in use;
- internal: retire Amavis::In::Message::sender_contact, no longer in use;
- internal: retire Amavis::In::Message::PerRecip::infected, no longer in use;
- internal: drop a redundant argument $conn from the following subroutines:
make_received_header_field, check_header_validity, defanged_mime_entity,
msg_from_quarantine, check_amcl_policy, postfix_policy,
add_forwarding_header_edits_common, add_forwarding_header_edits_per_recip,
prepare_modified_mail, do_notify_and_quarantine, do_quarantine,
save_info_preliminary, save_info_final, mail_dispatch,
dispatch_from_quarantine, virus_scan, spam_scan, white_black_list,
Amavis::SpamControl::{ExtProg,SpamdClient,SpamAssassin}::check
As a compatibility measure, the do_quarantine() may still be called
with or without the first argument $conn, its value is now ignored
if present.
Although the $conn argument is also redundant in calls to custom hooks
(as this information is available through $msginfo->conn_obj), these
calls are left unchanged for compatibility with existing custom hooks.
---------------------------------------------------------------------------
May 18, 2011
amavisd-new-2.6.6 release notes
This version is strictly a maintenance release, it incorporates bug fixes
backported from 2.7.0-pre* series and/or posted as patches to the mailing
list.
BUG FIXES
- amavisd-release was not sending a 'mail_file' attribute when a quarantined
message was a non-compressed file in a single-level directory quarantine
(not SQL-based), causing a release failure; reported by Jarno Huuskonen;
- quarantining to SQL was sporadically failing, reporting some unrelated
random error (like 'not available' or 'OpenSSL error: header too long');
reported by Tonio;
- avoid a warning "_WARN: Use of uninitialized value in string eq at ...
line 275." when an SQL-based white/black-listing is used;
reported by Tonio;
- wrap the sql clause SET NAMES 'utf8' so that only a warning at
a log level 2 is issued if an SQL server does not understand the
command (SQLite, old versions of MySQL) instead of aborting;
reported by Roland Holzner;
---------------------------------------------------------------------------
April 7, 2011
amavisd-new-2.6.5 release notes
This version is strictly a maintenance release, it incorporates bug fixes
backported from 2.7.0-pre* series and/or posted as patches to the mailing
list.
BUG FIXES
- when a back-end MTA rejected a message, amavisd would send a non-delivery
status notification, but also propagate the reject status back, which is
wrong, only one or the other response would be appropriate. A fix also
allows choosing either a D_REJECT, D_BOUNCE or D_DISCARD response for
such a case, configurable through %final_destiny_by_ccat at a CC_MTA
entry, defaulting to D_REJECT; reported by Peer Heinlein;
- checking header section syntax could take excessive amounts of time
in some degenerate cases of a very long header section, now fixed;
- do not bypass spam checking of a bounce message when its referenced domain
in Message-ID is non-local but pen pals are disabled; reported by Stefan;
- removed some of the guesswork in bounce killer to prevent false
positives in certain cases of forwarding a mail message as an attachment,
at the expense of passing through some undesired but nonstandard bounces;
(also, deal with non-delivery notifications from yahoogroups.com,
and fixed one particular case of a false-positive in bounce killer
(mixed/multipart with an attached full message, sent through a mailing
list);
- fixed a 'Zoo archive' entry in the $map_full_type_to_short_type_re list;
- fixed a test for $myhostname being a FQDN to allow IDN domains (with a dash);
- fixed a REPLACE hack (feature introduced in 2.6.2) on loading a policy bank;
- fixed choosing the module IO::Socket::INET in ask_daemon_internal() to
avoid versions of IO::Socket::INET6 older than 2.55 (2.56?) failing with
"Address family not supported by protocol family"
when an IPv4 address with a port number is specified for connections
to a virus scanner; based on a patch by Phil Pearl (Lobbes);
- do_unzip: avoid testing a version of Compress::Raw::Zlib, the module may
not be loaded at all and the test would fail, resulting in inoperative
zip unpacking; reported by Tuomo Soini;
- when logging or quarantining to SQL, execute a clause: SET NAMES 'utf8'
after connecting to a database to ensure the decoded Subject and From
header fields are correctly interpreted by an SQL server as UTF-8 encoded
strings. It seems the module DBD::mysql does not observe a MySQL setting
for 'character_set_client' and needs an explicit SET NAMES. The problem
did not affect PostgreSQL. Reported by Zhang Huangbin;
- avoid LDAP lookups aborting the scan when a %d placeholder is used
in a $default_ldap{base} setting and the resulting base does not exist
in an LDAP schema; reported by Zhang Huangbin;
- the amavisd-new 2.6.3 relaxed semantics of a number of hard links on a
directory in TempDir::prepare(_dir), but left out an equivalent change
necessary in TempDir::check, which is now fixed; the change only affects
certain file system (like the one used on Mac OS X);
- treat an empty PID file or a junk one-liner file the same as a nonexistent
PID file; previously an empty PID file (e.g. after an unclean shutdown)
would prevent amavisd from starting; problem reported by Michael Scheidell;
- changed amavisd-release to only provide a 'quar_type' attribute in its
request when it is reasonably sure of its appropriate value, otherwise
leave the decision to the amavisd daemon; this solves releasing from a
file-based quarantine when compression is not used and all files are at
the top directory; reported by Voytek Eymont;
- provide a workaround for a [perl #62048] bug affecting versions of perl
older than (approx) 5.12.3, when a banning check if using rules in
$banned_namepath_re and a lookup_re() could abort with an:
Unwarranted "Malformed UTF-8 character"
on certain tainted mail part names (with a valid UTF-8 representation);
reported by Jakob Curdes;
- provide a workaround for logging to syslog using an old version of
Unix::Syslog which didn't prepare and keep its own copy of the 'ident'
argument on a call to openlog(3); thanks to Bill Landry;
OTHER
- ensure compatibility with a new version 5.500 of MIME-Tools, which changed
the way mime attributes content-disposition.filename and content-type.name
are decoded, now properly respecting their declared encodings (character
set). As a result, the declared (recommended) file names of MIME parts are
now represented as native Perl character strings (Unicode), and as such
may also end up in reported names of banned parts. Regular expressions
in @banned_filename_maps, $banned_filename_re and $banned_namepath_re
may also see these strings as native Perl characters, along with their
MIME-encoded form. The change also affects interpretation of names with
earlier versions of MIME-Tools, making them behave more like the 5.500.
- amavisd.conf: exclude names starting with 'cid:' from matching the
double extensions banning rule, avoiding false positives;
- a small update to a default @virus_name_to_spam_score_maps;
- the 'originating' flag is now passed on to SpamAssassin through its
%suppl_attrib argument - potentially useful with current trunk version
of SpamAssassin (treats originating mail submission as a MSA submission),
and ignored by older versions;
- some documentation updates;
the RELEASE_NOTES file is now encoded as UTF-8, instead of ISO-8859-1;
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.8.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Oct 19 2012 Robert Scheck <robert at fedoraproject.org> 2.8.0-3
- Added requirements to lrzip and unzoo for unpacking
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sun Jul 8 2012 Robert Scheck <robert at fedoraproject.org> 2.8.0-1
- Upgrade to 2.8.0
* Fri Jun 29 2012 Robert Scheck <robert at fedoraproject.org> 2.6.6-3
- Various minor spec file cleanups
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.6.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Sun Sep 18 2011 Steven Pritchard <steve at kspei.com> 2.6.6-1
- Update to 2.6.6.
- Make /var/spool/amavisd g+x (BZ 548234).
- %ghost /var/run/amavisd and add /etc/tmpfiles.d/amavisd-new-tmpfiles.conf
(BZ 656544, 676430, 710984, 734271).
- Also add /var/run/clamd.amavisd (which seems to be a bug itself). Fixes
BZ 696725.
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.6.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
awstats-7.0-3.el6 (FEDORA-EPEL-2013-0420)
Advanced Web Statistics
--------------------------------------------------------------------------------
Update Information:
This update fixes several cross-site scripting, SQL injection and related flaws in awredir.pl. CVE-2012-4547
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 21 2013 Petr Lautrbach <plautrba at redhat.com> 7.0-3
- fix potential XSS attacks - CVE-2012-4547 (#871159)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #871159 - CVE-2012-4547 awstats: potentially susceptible to XSS attacks
https://bugzilla.redhat.com/show_bug.cgi?id=871159
--------------------------------------------------------------------------------
================================================================================
drupal7-7.20-1.el6 (FEDORA-EPEL-2013-0430)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
New upstream 7.20, resolves SA-CORE-2013-002
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 21 2013 Paul W. Frields <stickster at gmail.com> - 7.20-1
- 7.20, SA-CORE-2013-002 (#913403)
* Fri Jan 25 2013 Jon Ciesla <limburgher at gmail.com> - 7.19-2
- README update for cron_key, BZ 902234.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #913403 - drupal7-7.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=913403
--------------------------------------------------------------------------------
================================================================================
fedora-review-0.4.0-4.el6 (FEDORA-EPEL-2013-0409)
Review tool for fedora rpm packages
--------------------------------------------------------------------------------
Update Information:
This bugfix fixes a bug with mock initialization
Update to 0.4.0 and incorporate patch from Ralf Bean fixing fedora-create-review.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
This fixes problems with large docs check and incorrect handling of some package names. A small addition is also REVIEW_NO_MOCKGROUP_TEST which turns off verification of mock configuration that can be useful in certain non-standard configurations.
Update to 0.4.0 and incorporate patch from Ralf Bean fixing fedora-create-review.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
This fixes problems with large docs check and incorrect handling of some package names. A small addition is also REVIEW_NO_MOCKGROUP_TEST which turns off verification of mock configuration that can be useful in certain non-standard configurations.
Update to 0.4.0 and incorporate patch from Ralf Bean fixing fedora-create-review.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 19 2013 Stanislav Ochotnicky <sochotnicky at redhat.com> - 0.4.0-4
- Fix rhbz912182
- Reorganize patches a bit
* Fri Feb 8 2013 Stanislav Ochotnicky <sochotnicky at redhat.com> - 0.4.0-3
- Fix rhbz908830 and rhbz908830
- Add patch for REVIEW_NO_MOCKGROUP_TEST environment variable
- Remove old patch
* Mon Feb 4 2013 Pierre-Yves Chibon <pingou at pingoured.fr> - 0.4.0-2
- Add Patch0 (0001-Fix-syntax-error.patch) from Ralph Bean fixing fedora-create-review
* Mon Jan 28 2013 Stanislav Ochotnicky <sochotnicky at redhat.com> - 0.4.0-1
- Updating to upstream 0.4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #912182 - ERROR: chroot /var/lib/mock/fedora-rawhide-x86_64/root/ not initialized!
https://bugzilla.redhat.com/show_bug.cgi?id=912182
[ 2 ] Bug #889087 - Unreadable colors in terminal with white background
https://bugzilla.redhat.com/show_bug.cgi?id=889087
[ 3 ] Bug #881337 - AttributeError: 'GemCheckRequiresRubygems' object has no attribute 'spec_packages'
https://bugzilla.redhat.com/show_bug.cgi?id=881337
[ 4 ] Bug #872898 - other Fatal error: Exception down the road
https://bugzilla.redhat.com/show_bug.cgi?id=872898
[ 5 ] Bug #845651 - AttributeError: 'Source' object has no attribute 'filename'
https://bugzilla.redhat.com/show_bug.cgi?id=845651
[ 6 ] Bug #908830 - check-large-docs.sh doesn't properly skip -doc subpackages
https://bugzilla.redhat.com/show_bug.cgi?id=908830
--------------------------------------------------------------------------------
================================================================================
gxine-0.5.905-1.el6 (FEDORA-EPEL-2013-0431)
GTK frontend for the xine multimedia library
--------------------------------------------------------------------------------
Update Information:
Make gxine work again by reverting to 0.5.905, which is the latest version that works with EPEL6 JS offerings (libjs and mozjs). Bugfixes backported.
--------------------------------------------------------------------------------
================================================================================
imapsync-1.525-1.el6 (FEDORA-EPEL-2013-0421)
Tool to migrate email between IMAP servers
--------------------------------------------------------------------------------
Update Information:
Upgrade to 1.525
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 20 2013 Nick Bebout <nb at fedoraproject.org> - 1.525-1
- Upgrade to 1.525
--------------------------------------------------------------------------------
================================================================================
latex2rtf-2.3.2-1.el6 (FEDORA-EPEL-2013-0426)
LaTeX to RTF converter that handles equations, figures, and cross-references
--------------------------------------------------------------------------------
Update Information:
Update to newest stable release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 15 2013 Susi Lehtola <jussilehtola at fedoraproject.org> - 2.3.2-1
- Update to 2.3.2.
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #911531 - latex2rtf-2.3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=911531
--------------------------------------------------------------------------------
================================================================================
netcdf4-python-1.0.2-1.el6 (FEDORA-EPEL-2013-0414)
Python/numpy interface to netCDF
--------------------------------------------------------------------------------
Update Information:
- Update to 1.0.2 (http://netcdf4-python.googlecode.com/svn/trunk/Changelog)
- Remove bundled ordereddict (Bug #913528), require it on EL6
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 21 2013 Orion Poplawski <orion at cora.nwra.com> - 1.0.2-1
- Update to 1.0.2
- Remove bundled ordereddict (Bug #913528), require it on EL6
- Run tests
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0-3.fix1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
nginx-1.0.15-4.el6 (FEDORA-EPEL-2013-0423)
A high performance web server and reverse proxy server
--------------------------------------------------------------------------------
Update Information:
Make sure nginx directories are not world readable
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 22 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1.0.15-4
- make sure nginx directories are not world readable (#913734, #913736)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #913734 - CVE-2013-0337 nginx: world-readable log files
https://bugzilla.redhat.com/show_bug.cgi?id=913734
--------------------------------------------------------------------------------
================================================================================
openstack-packstack-2012.2.2-1.0.dev408.el6 (FEDORA-EPEL-2013-0415)
Openstack Install Utility
--------------------------------------------------------------------------------
Update Information:
Here is where you give an explanation of your update.
Here is where you give an explanation of your update.
Here is where you give an explanation of your update.
Here is where you give an explanation of your update.
Here is where you give an explanation of your update.
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #905083 - Endless loop if scp is missing on nodes
https://bugzilla.redhat.com/show_bug.cgi?id=905083
[ 2 ] Bug #906254 - packstack will fail if ntpd is running while ntpdate is executed
https://bugzilla.redhat.com/show_bug.cgi?id=906254
[ 3 ] Bug #906269 - Please support Scientific Linux
https://bugzilla.redhat.com/show_bug.cgi?id=906269
[ 4 ] Bug #909111 - python-keystone dependency is missing
https://bugzilla.redhat.com/show_bug.cgi?id=909111
--------------------------------------------------------------------------------
================================================================================
packagedb-cli-1.4.0-1.el6 (FEDORA-EPEL-2013-0418)
A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 21 2013 Pierre-Yves Chibon <pingou at pingoured.fr> - 1.4.0-1
- Update to 1.4.0
* Wed Jan 23 2013 Pierre-Yves Chibon <pingou at pingoured.fr> - 1.3.0-1
- Update to 1.3.0
--------------------------------------------------------------------------------
================================================================================
python-django-extensions-1.0.3-2.el6 (FEDORA-EPEL-2013-0416)
Extensions for Django
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #907538 - Review Request: python-django-extensions - extensions for Django
https://bugzilla.redhat.com/show_bug.cgi?id=907538
--------------------------------------------------------------------------------
================================================================================
python-djblets-0.6.28-1.el6 (FEDORA-EPEL-2013-0411)
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
After installing this update (as with all ReviewBoard updates) you must run "rb-site upgrade /path/to/reviewboard"
- Security Updates:
* We now require Django 1.3.7, which fixes a few security vulnerabilities
- Web API Changes:
* Added API support for querying and manipulating default reviewers
* Repositories deleted through the Web API are now only archived if they
have any associated review requests
- Bug Fixes:
* Fixed an HTML escaping issue when listing filenames in the diff viewer
* Fixed an occasional crash when viewing a diff when displaying a function
or class header on the left-hand side but when there was none on the
right-hand side
* We try harder now to set the PYTHONPATH for subprocesses, which should
fix some issues fetching files over Subversion
* Fixed default Apache configuration files to be explicit in enabling
FollowSymLinks
* Fixed fetching files with FedoraHosted
* SMTP servers saved with additional whitespace will now have that
whitespace stripped, in order to prevent lookup failures
* Fixed the link to the PyLucene documentation in the General Settings page
* Fixed the review ID column when using Local Sites
* Fixed the starred public review count for new users when using
Local Sites
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 21 2013 Stephen Gallagher <sgallagh at redhat.com> - 0.6.28-1
- New upstream release 0.6.28
- General:
* Require Django 1.3.7 as a minimum
- djblets.datagrid:
* Fixed a possible XSS exploit in datagrids
* Failures during rendering the datagrid now results in a traceback
- djblets.util.fields:
* CounterField was failing to use the initializers for brand new
instances of a model, defaulting to None instead
--------------------------------------------------------------------------------
================================================================================
python-elfdata-0.5-2.el6 (FEDORA-EPEL-2013-0419)
Python wrapper to get ELF data
--------------------------------------------------------------------------------
Update Information:
initial build of new package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #885120 - Review Request: python-elfdata - Python wrapper to get ELF data
https://bugzilla.redhat.com/show_bug.cgi?id=885120
--------------------------------------------------------------------------------
================================================================================
seamonkey-2.16-1.el6 (FEDORA-EPEL-2013-0410)
Web browser, e-mail, news, IRC client, HTML editor
--------------------------------------------------------------------------------
Update Information:
Update to 2.16
Fix CVE-2013-0765, CVE-2013-{0772-0784}
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 22 2013 Dmitry Butskoy <Dmitry at Butskoy.name> 2.16-1
- update to 2.16
- fix patch to allow build with system's nspr-4.9.2 instead of nspr-4.9.4
- fix build langpacks
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #914551 - seamonkey-2.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=914551
--------------------------------------------------------------------------------
================================================================================
sks-1.1.4-1.el6 (FEDORA-EPEL-2013-0422)
Synchronizing Key Server
--------------------------------------------------------------------------------
Update Information:
Upgrade to 1.1.4
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 20 2013 Nick Bebout <nb at fedoraproject.org> - 1.1.4-1
- Upgrade to 1.1.4
* Wed Feb 20 2013 Nick Bebout <nb at fedoraproject.org> - 1.1.3-5
- Fix broken build
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed May 23 2012 Peter Robinson <pbrobinson at fedoraproject.org> - 1.1.3-2
- Fix ARM arch definition, update spec
--------------------------------------------------------------------------------
================================================================================
will-crash-0.3-1.el6 (FEDORA-EPEL-2013-0429)
Set of crashing executables written in various languages
--------------------------------------------------------------------------------
Update Information:
Version bump.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 21 2013 Richard Marko <rmarko at fedoraproject.org> - 0.3-1
- Version bump
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
wordpress-plugin-bad-behavior-2.2.13-1.el6 (FEDORA-EPEL-2013-0412)
Bad Behavior plugin for WordPress
--------------------------------------------------------------------------------
Update Information:
Upgrade to 2.2.13
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 20 2013 Nick Bebout <nb at fedoraproject.org> - 2.2.13-1
- Upgrade to 2.2.13
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.42-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.42-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.42-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #903859 - Plugin is out of date
https://bugzilla.redhat.com/show_bug.cgi?id=903859
--------------------------------------------------------------------------------
More information about the epel-devel-list
mailing list