1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
SpamPD Change Log
-----------------
2.30 (31-Oct-05)
- Another, hopefully final, fix for the Sys::Syslog issue of % signs in the log
string. Fixes possible DoS vulnerability. Thanks to Sven Mueller and Florian
Weimer for the solution.
- Added new options for adding X-Envelope-From and (optionally) X-Envelope-To
headers to messages before SA processing. The idea is to help SA process any
blacklist/whitelist to/from directives on the actual sender/recipients instead
of the possibly bogus envelope headers. Use --seh or --set-envelope-headers
to enable setting both headers, or use --sef or --set-envelope-from to enable
only X-Envelope-From. If added, spampd attempts to remove the X-Envelope-To
header after SA processing to preserve BCC recipient anonymity, but enabling
this header may still expose recipient information. See man page for more
details. This patch was originally submitted by Sven Mueller, was slightly
modified, and the --sef option was added.
########
2.21 (23-Oct-05) (unreleased)
- fixed SA version check on alphanumeric version strings. Stops the annoying
Perl warning messages in the mail log. Thanks to Sven Mueller for the fix.
########
2.20 (05-Oct-04)
- added support for SpamAssassin version 3. spampd should now support all
SA versions (tested with 2.6.3 and 3.0.0).
- removed --add-sc-header feature. It is now redundant with SA v2.6 ability
to (almost fully) customize headers, which v3 improves on. If anyone
really needs this feature, please let me know.
- added --nodetach option to prevent daemon process backgrounding. Patch
provided by Urban Petry. Can be useful for win32/cygwin.
- if --debug is specified, Net::Server log level is increased to 4 (debug)
to provide some more info in the log (can be useful for diagnosing
user/permission issues). Thanks to Urban Petry for idea.
- the message sender (From header) is now included in the log along with message
ID, recipient, and scoring info. Thanks to Roland Koeckel for the patch.
########
2.13 (24-Nov-03)
- SA debug messages redirected from STDERR (warn) to syslog. Thanks to Roland
Koeckel for the suggestion.
########
2.12 (15-Nov-03)
- fixed bug related to Sys::Syslog where we needed to escape % signs in
Message IDs. Thanks to Jeffrey W. Collyer and Yann Grossel for the bug reports.
- minor performance improvement in SpamPD::Client using buffered write to send
message data. Thanks to Sam Horrocks for the tip.
- fixed error condition when an error response ([4|5]xx) was returned after a
DATA command was sent. Thanks to Rodrigo Ventura for bug reports about this.
########
2.11 (15-Jul-03):
- fix for occasional corrupted message headers which caused blank messages
(seemed to have only affected certain malformed spam mail).
- added --logsock option for syslog socket. Defaults to 'unix' except for
HP-UX and SunOS (Solaris) which I'm told prefer 'inet'.
########
2.10 (01-Jul-03):
- added optional 'X-Spam-Checked-By: {hostname}' header, where {hostname} is,
theoretically, the name of the machine doing the message scanning. New
options --add-sc-header and --hostname=name control this behavior.
########
2.00 (10-Jun-03):
- major rewrite of how mail is handled internally. spampd now takes no
responsibility for the mail at any point, instead acting as a transparent
proxy between the originating and the destination servers. That is, the
servers speak to each other through spampd so final mail delivery
occurs only when the destination server acknowledges receipt of the data.
Idea based on smtpprox by Bennett Todd (http://bent.latency.net/smtpprox/).
Unfortunately this breaks the ability to redirect the mail based on spam
score, since scoring happens after all recipients have been specified and
accepted. But, it is much cleaner and safer than the previous method.
- new architecture doesn't store the mail data in memory any more. Message
is still written to memory before scanning by SpamAssassin, but messages
larger than the --maxsize to be scanned won't eat up a bunch of memory.
From smtpprox documentation by Bennet Todd:
"it [spampd] stores the body of the message in an unlinked file
under /tmp, which should be a tmpfs; this prevents the allocation
overhead associated with large strings (often 2-3x) and ensures that
space will be returned to the OS as soon as it's not needed."
- as a bonus feature, LMTP is now supported by virtue of spampd's transparency.
- added a timeout check around the socket operations as suggested in the
Net::Server docs. Added new parameter to control this: --childtimeout=n
where n is number of seconds.
- added a timeout check around the message processing (spam checking) routines
to guard against a SpamAssassin hang. Added new parameter to control
this: --satimeout=n where n is number of seconds. If a timeout (or error)
occurs while processing, the mail is still passed on unless the new --dose
(die-on-sa-errors) paramater is given.
- added --children=n parameter to specify how many child
servers to spawn and maintain. Default is 5 children (plus
one parent).
- now uses Net::Server::PreForkSimple instead of PreFork. (Tried utilizing the
advanced children pool features of PreFork but either couldn't figure it out
or they're kinda broken. If anyone has experience here, please let me know.)
- improved logging including the Message-ID, recipients, 100ths precision
on spam score, processing time, and file size. Logging format now better
resembles that of spamd (which hopefully means spamd log analysis tools can be
made to work with spampd easily).
- removed dependencies on Net::SMTP, Net::SMTP::Server::Client, and Error
modules.
- host/port and relay host/port can both be specified as xx.xx.xx.xx:nn in
the --host and --relayhost parameters, or as individual parameters (--host,
--port, --relayhost, --relayport).
# The next 3 items are ideas/patches by
# Kurt Andersen,
# Agilent Technologies Postmaster
# Global Messaging Team, Agilent Technologies
- added optional support for Time::HiRes for more accurate processing time
reporting in the log (automatically loaded if Time::HiRes is available).
- added optional logging of which SA rules matched a message. New option is
--log-rules-hit or --rh for short.
- Added auto HPUX OS detection for syslog loggging
"(for some reason HPUX chokes on using the 'unix' socket type)."
# Thanks Kurt!
- added much more verbose spampd logging when using the --debug option.
- 3 parameters are now deprecated but accepted for backwards compatability:
--dead-letters, --heloname, and --stop-at-threshold
- added shorthand choice for some options:
--aw for --auto-whitelist; --L for --local-only; --a for --tagall
--u for --user; --g for --group; --p for --pid
--d for --debug; --h for --help;
- documentation updates
- licensing change due to use of Bennet Todd's code (to GNU GPL from Perl
Artistic).
########
1.0.2 (13-Apr-03):
- added 'local-only' parameter to pass on to SA which turns off all
network-based tests (DNS, Razor, etc).
########
1.0.1 (3-Feb-03):
- fixed minor but substantial bug preventing child processes
from exiting properly since the counter wasn't being incremented (d'oh!).
Thanks to Mark Blackman for pointing this out.
- fixed typo in pod docs (Thx to James Sizemore for pointing out)
########
Changes to assassind (1.0.0 initial release of spampd - May 2002):
A different message rewriting method (using
Mail::SpamAssassin::NoMailAudit instead of Dave Carrigan's
custom headers and Mail::Audit);
Adding more options for message handling, network/protocol options,
some options to pass on to SpamAssassin (such as whitelist usage);
More orientation to being used as a content filter for the
Postfix MTA, mostly by changing some default values;
Documentation changes;
## EOF ##
|