SpamPD Change Log ----------------- 2.30 (31-Oct-05) - Another, hopefully final, fix for the Sys::Syslog issue of % signs in the log string. Fixes possible DoS vulnerability. Thanks to Sven Mueller and Florian Weimer for the solution. - Added new options for adding X-Envelope-From and (optionally) X-Envelope-To headers to messages before SA processing. The idea is to help SA process any blacklist/whitelist to/from directives on the actual sender/recipients instead of the possibly bogus envelope headers. Use --seh or --set-envelope-headers to enable setting both headers, or use --sef or --set-envelope-from to enable only X-Envelope-From. If added, spampd attempts to remove the X-Envelope-To header after SA processing to preserve BCC recipient anonymity, but enabling this header may still expose recipient information. See man page for more details. This patch was originally submitted by Sven Mueller, was slightly modified, and the --sef option was added. ######## 2.21 (23-Oct-05) (unreleased) - fixed SA version check on alphanumeric version strings. Stops the annoying Perl warning messages in the mail log. Thanks to Sven Mueller for the fix. ######## 2.20 (05-Oct-04) - added support for SpamAssassin version 3. spampd should now support all SA versions (tested with 2.6.3 and 3.0.0). - removed --add-sc-header feature. It is now redundant with SA v2.6 ability to (almost fully) customize headers, which v3 improves on. If anyone really needs this feature, please let me know. - added --nodetach option to prevent daemon process backgrounding. Patch provided by Urban Petry. Can be useful for win32/cygwin. - if --debug is specified, Net::Server log level is increased to 4 (debug) to provide some more info in the log (can be useful for diagnosing user/permission issues). Thanks to Urban Petry for idea. - the message sender (From header) is now included in the log along with message ID, recipient, and scoring info. Thanks to Roland Koeckel for the patch. ######## 2.13 (24-Nov-03) - SA debug messages redirected from STDERR (warn) to syslog. Thanks to Roland Koeckel for the suggestion. ######## 2.12 (15-Nov-03) - fixed bug related to Sys::Syslog where we needed to escape % signs in Message IDs. Thanks to Jeffrey W. Collyer and Yann Grossel for the bug reports. - minor performance improvement in SpamPD::Client using buffered write to send message data. Thanks to Sam Horrocks for the tip. - fixed error condition when an error response ([4|5]xx) was returned after a DATA command was sent. Thanks to Rodrigo Ventura for bug reports about this. ######## 2.11 (15-Jul-03): - fix for occasional corrupted message headers which caused blank messages (seemed to have only affected certain malformed spam mail). - added --logsock option for syslog socket. Defaults to 'unix' except for HP-UX and SunOS (Solaris) which I'm told prefer 'inet'. ######## 2.10 (01-Jul-03): - added optional 'X-Spam-Checked-By: {hostname}' header, where {hostname} is, theoretically, the name of the machine doing the message scanning. New options --add-sc-header and --hostname=name control this behavior. ######## 2.00 (10-Jun-03): - major rewrite of how mail is handled internally. spampd now takes no responsibility for the mail at any point, instead acting as a transparent proxy between the originating and the destination servers. That is, the servers speak to each other through spampd so final mail delivery occurs only when the destination server acknowledges receipt of the data. Idea based on smtpprox by Bennett Todd (http://bent.latency.net/smtpprox/). Unfortunately this breaks the ability to redirect the mail based on spam score, since scoring happens after all recipients have been specified and accepted. But, it is much cleaner and safer than the previous method. - new architecture doesn't store the mail data in memory any more. Message is still written to memory before scanning by SpamAssassin, but messages larger than the --maxsize to be scanned won't eat up a bunch of memory. From smtpprox documentation by Bennet Todd: "it [spampd] stores the body of the message in an unlinked file under /tmp, which should be a tmpfs; this prevents the allocation overhead associated with large strings (often 2-3x) and ensures that space will be returned to the OS as soon as it's not needed." - as a bonus feature, LMTP is now supported by virtue of spampd's transparency. - added a timeout check around the socket operations as suggested in the Net::Server docs. Added new parameter to control this: --childtimeout=n where n is number of seconds. - added a timeout check around the message processing (spam checking) routines to guard against a SpamAssassin hang. Added new parameter to control this: --satimeout=n where n is number of seconds. If a timeout (or error) occurs while processing, the mail is still passed on unless the new --dose (die-on-sa-errors) paramater is given. - added --children=n parameter to specify how many child servers to spawn and maintain. Default is 5 children (plus one parent). - now uses Net::Server::PreForkSimple instead of PreFork. (Tried utilizing the advanced children pool features of PreFork but either couldn't figure it out or they're kinda broken. If anyone has experience here, please let me know.) - improved logging including the Message-ID, recipients, 100ths precision on spam score, processing time, and file size. Logging format now better resembles that of spamd (which hopefully means spamd log analysis tools can be made to work with spampd easily). - removed dependencies on Net::SMTP, Net::SMTP::Server::Client, and Error modules. - host/port and relay host/port can both be specified as xx.xx.xx.xx:nn in the --host and --relayhost parameters, or as individual parameters (--host, --port, --relayhost, --relayport). # The next 3 items are ideas/patches by # Kurt Andersen, # Agilent Technologies Postmaster # Global Messaging Team, Agilent Technologies - added optional support for Time::HiRes for more accurate processing time reporting in the log (automatically loaded if Time::HiRes is available). - added optional logging of which SA rules matched a message. New option is --log-rules-hit or --rh for short. - Added auto HPUX OS detection for syslog loggging "(for some reason HPUX chokes on using the 'unix' socket type)." # Thanks Kurt! - added much more verbose spampd logging when using the --debug option. - 3 parameters are now deprecated but accepted for backwards compatability: --dead-letters, --heloname, and --stop-at-threshold - added shorthand choice for some options: --aw for --auto-whitelist; --L for --local-only; --a for --tagall --u for --user; --g for --group; --p for --pid --d for --debug; --h for --help; - documentation updates - licensing change due to use of Bennet Todd's code (to GNU GPL from Perl Artistic). ######## 1.0.2 (13-Apr-03): - added 'local-only' parameter to pass on to SA which turns off all network-based tests (DNS, Razor, etc). ######## 1.0.1 (3-Feb-03): - fixed minor but substantial bug preventing child processes from exiting properly since the counter wasn't being incremented (d'oh!). Thanks to Mark Blackman for pointing this out. - fixed typo in pod docs (Thx to James Sizemore for pointing out) ######## Changes to assassind (1.0.0 initial release of spampd - May 2002): A different message rewriting method (using Mail::SpamAssassin::NoMailAudit instead of Dave Carrigan's custom headers and Mail::Audit); Adding more options for message handling, network/protocol options, some options to pass on to SpamAssassin (such as whitelist usage); More orientation to being used as a content filter for the Postfix MTA, mostly by changing some default values; Documentation changes; ## EOF ##