-
Notifications
You must be signed in to change notification settings - Fork 2
/
NEWS
251 lines (196 loc) · 8.34 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
Version svn
* New check: reverse. It tries to find a name for client_ip
and then check if that name points back to client_ip.
* New check: helo. It checks if helo_name matches client_ip.
* New check: spf. Depends on libspf2, compile time option.
* New configure option 'grey_tuple' for looser greylist.
* do not check /etc/hosts in dnsbl check
* -u command line option to run grossd with a differnet uid
Issues fixed:
#71: grossd dies under Linux
#72: freebsd port broken
Version 1.0.1
* Two new configuration options: postfix_response_grey and
postfix_response_block. Now it's possible to configure
responses grossd sends in reply to Postfix policy delegation
client.
* Now grossd allows only the configured sync_peer to connect
to sync server port.
* When grey_threshold = 0 is set grossd defaults to greylisting.
Now it's possible to combine traditional greylisting with
blocking based on check results.
Issues fixed:
#65: Version number to log (RFE)
#66: Compiler warnings on with 1.0.0
#67: Setting grey_threshold = 0 is not intuitive
#68: grossd should accept sync connections only from the configured sync_peer
#69: Implement postfix_response_grey and postfix_response_block (RFE)
#70: Busyloop if no access to configured statefile
Version 1.0.0
* Prevent grossd from running as root (euid == 0). You may
have to modify configuration and state file ownerships
and/or permissions. Grossd tries to setuid() and setgid()
to nobody if started by root.
* New match shortcut logic. Now grossd will shortcut after
a filter match only if no checks are configured (traditional
greylister) or block_threshold == 0.
- changed filter_bits default back to 24, as stated in the docs.
- added grey_reason configuration file option. See block_reason.
Issues fixed:
#48: Need man pages
#59: grossd 0.9.3 leaks memory
#60: Grossd should do all dns queries as fully qualified
#61: Space Character in Mail From Crashing Gross
#62: Double free() with milter
Version 0.9.3
* A few important bug fixes to milter server
* HELOified all the rest of the code. There are still no checks
that use helo info, but now grossd logs it and also gclient
can send it to the server. Check INSTALL details about
configuring SJSMS to send helo string over to grossd.
* New logfile format! An example log line:
Thu Apr 17 14:50:05 2008 #8505600: a=greylist d=3 w=5 c=127.0.0.2
s=sender r=recipient h=N/A m=cbl.abuseat.org+1 m=bl.spamcop.net+2
m=combined.njabl.org+1 m=dnsbl.sorbs.net+1
where
a = action
d = delay
w = total weight
c = client ip
s = sender
r = recipient
h = helo/ehlo
m = matched check with possible weight
- A few important bug fixes to milter server
- behaviour change: grossd now exits after creating the
statefile when invoked with -C command line option. This
makes life easier for package maintainers in the future.
- Implemented pidfile creation and checking. New config option
'pidfile' controls the behaviour. Setting the option will make
grossd to write the process pid into the file specified by the
full path. An optional parameter 'check' can be set to keep
grossd from starting if the pidfile already exists.
pidfile = /full/path[;check]
Another way to control this is by command line options -p and -P.
Both of the options will enable pidfile creation, and -P will
check the existence of the file.
Issues fixed:
#58: grossd should write a pid file after daemonizing (RFE)
Version 0.9.2
- documented configuration options query_timelimit and
block_reason. See doc/examples/grossd.conf
- new option: pool_maxthreads, you may need to change this
if you get more than 100 queries per second and/or have
slow dns servers
- some log messages got sent with wrong priorities
#56: Grossd skips all the checks if block_threshold not set
#57: sjsms: query_timelimit is one second off
Version 0.9.1
Issues fixed:
#55: --disable-dnsbl broken on 0.9
Version 0.9
* changed the port defaults to be more compatible with
the community, grossd now defaults to ports 5525 (grossd),
5524 (sync), and 5522 (status queries)
* preliminary support for MILTER protocol, check config file
* support for definitive checks: it's now possible to write
checks that cause grossd to block or pass (whitelisting)
* dnsbl check is now run time configurable
* two new check types: RHSBL and DNSWL - check config file
for documentation and examples. DNSWL is first definitive
check.
- improved thread counting in thread_pool.c
- code cleaning
- default for grey_mask was 0, effectively discarding client_ip
information from greylisting triplet. Changed it to 24.
- checks for c-ares version: there's an API change between
1.4.x and 1.5.0
Issues fixed:
#40: new type of check - RHSBL (RFE)
#41: new type of check - DNSWL (RFE)
#46: Make dnsbl checking run time configurable (RFE)
#47: Grossd will not run any checks if configured with --disable-dnsbl
#54: Grossd dies without error msg in non-localhost setup (with linux)
Version 0.8.2
- updating mappings example in INSTALL
- logging less verbose (one line per query)
Issues fixed:
#39: blocker queries cause segmentation fault
#43: Lot's of open udp connections when using grosscheck
Version 0.8.1
A couple of bugs fixed.
Issues fixed:
#35: grossd crashes when starting
#36: synchronization still loses one update message
Version 0.8.0
In short: Important changes from the previous version
* You must configure protocols in config file. This is done via
'protocol' config file parameter. Either 'protocol = sjsms' or
'protocol = postfix' or both.
* 'sync_host' and 'peer_host' has been deprecated. Use new
'sync_listen' and 'sync_peer' options.
The longer list:
- Checks are now done in thread pools, which makes it easier to
develop new checks, like Sophos blocker or SPF.
- grossd can log aggregate statistics about query results. Check
'stat_type' and 'stat_interval' configuration parameters.
- grossd can now serve different query protocols simultaneously.
This is controlled by the 'protocol' config parameter.
- Preliminary support for Sophos blocker. Not yet production
quality, needs testing. Check issue #19.
- check also doc/examples/grossd.conf, which make install will
install as the default config file if there is no existing
grossd.conf
Issues fixed:
#16: synchronization is confusing to configure
#18: documented and configurable timeouts
#23: Customizable SMTP error messages
#26: connections could come from different IP addresses
#27: configurable greylisting time
#28: Bug in the mapping file example
#29: dnsbl tolerance counters not working on OS X
#31: Get rid of --with-worker configure option
#32: gcc makes grosscheck so dependent on libgcc_s.so.1
#33: Update queue synchronizing
Version 0.7.2
- Configurable log_level and syslog_method.
- Message queue enhancements under the hood
- Status counters for various events implemented
- You can now use host names in the configuration
Issues fixed:
#20: allow host names in configuration
#21: A dry run option for testing needed
#22: configurable logging
Version 0.7.1
A replacement of 0.7.0, there was a bug that prevented grossd
from compiling --with-worker=postfix.
Version 0.7.0
Implemented a thread pool feature. Worker threads are now
reused, instead of firing up one on each connection. Numerous
bug fixes, most notably byte order related bugs in proto_sjsms.c.
Some configuration file changes: peerhost and synchost has been
replaced by sync_listen and sync_peer.
#Issues fixed:
#15: postfix protocol broken
#17: proto-sjsms breaks between hosts of different endianess
Version 0.6.3
Ported to OS X. Since sem_getvalue() is not implemented on
OS X, skipping unresponsive dnsbls does not work, yet.
Issues fixed:
#14: processing delay should be included in the logs
Version 0.6.2
Issues fixed:
#1: -lpthread also on Solaris 9.
#2: Logging has been trimmed down.
#7: Libdir is now installed same as other directories.
#8: Removed relays.ordb.org from example config.
#9: SJSMS client library path corrected in INSTALL.
#10: Default config file path is now correct with default prefix.
#11: Implemented -D command line option for enabling debug logging.
#12: grosscheck now sends empty sender address as <> in query to grossd.
- Installs libraries to $prefix/lib/ instead of previous
$prefix/lib/gross/
Version 0.6.1
- You can now create statfile with grossd -C command line option
- Config file defaults to $sysconfdir/grossd.conf
- example config in doc/examples/grossd.conf