1.17 ===== - bugfix: Invalid characters in variable substitutions were not correctly catched when the '=' operator was used, like "client_name=$$helo_name". If you can not upgrade for some reason change your rule to "client_name=~$$helo_name" - code: Net::DNS internal errors will now be handled gracefully - code: default for options --dns_max_ns_a_lookups and --dns_max_mx_a_lookups of 100 1.16 ===== - bugfix: this is a bugfix release for 1.15. anyone affected is encouraged to upgrade. detail: the default behavior for the '=' operator with numeric items (size, recipient_count, ...) changed with version 1.15 to '==' (equals to). now these items are compared '>=' (greater than) again. note: if you are using 1.15 and you are not able upgrade for some reason, please change '=' to '>=' in your ruleset where you mean 'greater than'. 1.15 ===== - feature: items may now be retrieved from files using "item=file:/some/where" more information in the postfwd manual (FILES section) - feature: helo_address, and sender_(ns|mx)_addrs can now be csv items - feature: new rcpt() command counts recipients for rate limits (thanks to Sahil Tandon) - code: redirect syslog to stdout for --kill, --reload and --showconfig - code: option --reload (HUP signal) now reloads config, if the file is unchanged - code: configuration parser improvements: * rules without defined action will be skipped at configuration stage * undefined ACLs will now be detected and skipped at configuration stage * parser timeout skips loading a rule after 4s, to prevent problems with large files or loops. use --config_timeout to override - bugfix: documentation fixed (missing "action=" in ask() examples) 1.14 ===== - feature: new compare operators * ==================================================================== ITEM == VALUE true if ITEM equals VALUE ITEM => VALUE true if ITEM >= VALUE ITEM =< VALUE true if ITEM <= VALUE ITEM =~ VALUE true if ITEM ~= /^VALUE$/i *ITEM != VALUE false if ITEM equals VALUE *ITEM !> VALUE false if ITEM >= VALUE *ITEM !< VALUE false if ITEM <= VALUE *ITEM !~ VALUE false if ITEM ~= /^VALUE$/i ITEM = VALUE default behaviour (see ITEMS section) ==================================================================== - feature: added --nodaemon option - code: non dns items first: if a rule contains dns and non dns items, the lookups will only be done if all non dns items matched - bugfix: empty pcre with empty sender_(ns|mx)_names was parsed incorrectly. this bug affects postfwd versions 1.12 - 1.13 - bugfix: negated pcre items with '~=' operator were parsed incorrectly. this bug affects postfwd version 1.13 1.13 ===== - feature: enabled dns cache for sender(ns|mx) and helo address - feature: new options --dns_max_ns_lookups and --dns_max_mx_lookups - bugfix: workaround: Net::Server died if a unix domain socket filename without a dot ('.') was used (B. Frauendienst) 1.12 ===== - feature: new items sender_ns_names and sender_ns_addrs - feature: new items sender_mx_names and sender_mx_addrs - feature: new item helo_address, please see docs for more - feature: added --proto switch, to enable the use of unix domain sockets (thanks to Bernhard Frauendienst) - feature: added command-line options --kill and --reload (of course you can still use TERM and HUP signals) - feature: dnsbl txt lookups only for dnsbls with at least one a record. use --dns_async_txt for the old behaviour (see docs for more). - code: small performance improvement (5-10%) for pcre (~= or =~) items - bugfix: network 0.0.0.0/0 did not work as expected on all platforms - bugfix: postfwd tried to chop() an uninitialized value when sending garbage (non policy delegation protocol requests) to it. 1.11 ===== - feature: the ask() action allows to delegate the policy decision to another policy service (like postgrey). a new parameter allows to specify answer patterns which should be ignored by postfwd. please look at the 'ACTIONS' section in the manual (postfwd2 -m) for details. - feature: new options --noidlestats and --norulelog - feature: more informative --version - feature: documentation updates ************************************************************************************************** ATTENTION: requirements changed - postfwd since v1.10pre8 now uses Net::DNS. Net::DNS::Async and Net::CIDR::Lite are not required anymore. NOTE: please see the docs ('postfwd -m' or 'perldoc postfwd') for more information ************************************************************************************************** 1.10pre8b ========== - bugfix: fixed two warnings about logging of undefined values in verbose mode 1.10pre8a ========== - bugfix: item plugins have been made available as cache-id items. this fixes a minor issue with --cache-rdomain-only and version 1.10pre8 1.10pre8 ========= - code: Net::DNS::Async is no longer used. The parameters --dns_queuesize and --dns_retries are still valid but have no function. The option --dns_timeout now defaults to 14s and applies to all rules containing dns items. - code: Net::CIDR::Lite is not required any longer. - feature: the new variable $$request_hits contains a list of all matching ruleids - feature: the new variable $$dnsbltext allows access to txt records of rbls - feature: new options --no-rulestats and --nodnslog - feature: ttls of the dns responses override --cache-rbl-timeout when bigger, which means that you can set the option to 0 if you want to use the ttl of the dns answer. - feature: new item "rhsbl_helo" allows to check helo against rhsbls - bugfix: disabled fallback to synchronous dns on timed out rbls, default is now to disable non responding dnsbls after 11 timeouts for 1200 seconds. use --dns_timeout_max and --dns_timeout_interval to adjust these settings. - bugfix: days=Wed now means exactly Wednesday. to use a range you may still specify days=Wed- days=-Wed and days=Tue-Thu this applies to all date and time items - code: --shortlog is now default behaviour (use -v to see more) - code: changed Net::Server behaviour to ignore syslog errors 1.10pre7c ========== - note: 1.10pre7c does not contain any code-changes to the postfwd daemon. this release only fixes some issues when buidling packages. - bugfix: set permissions of manpage dirs to 755 - bugfix: manpage has gone to section 8 - bugfix: postfwd-rblcheck.pl has gone to the tools folder - bugfix: documentation now refers to request.sample 1.10pre7b ========== - bugfix: inter-section links in documentation did not work correctly (thanks to Alexander 'Leo' Bergolth) 1.10pre7a ========== - bugfix: implemented workaround for possible crash of Sys::Syslog when syslog daemon is unavailable (thanks to Henrik Krohns) - bugfix: changed syslog socktype on solaris 1.10pre7 ========= - feature: $$request_score may now be used to access a request's score - feature: auto-deactivation of non-responding dnsbls; please see the new --cleanup-timeouts and --dns_timeout_max options - feature: the set command allows some basic operations: ========================================================= action=set(ITEM+=VALUE) adds VALUE to ITEM action=set(ITEM-=VALUE) substracts VALUE from ITEM action=set(ITEM*=VALUE) multiplies ITEM by VALUE action=set(ITEM/=VALUE) divides ITEM through VALUE action=set(ITEM.=VALUE) concatenates ITEM and VALUE action=set(ITEM==VALUE) sets ITEM to VALUE action=set(ITEM=VALUE) default: sets ITEM to VALUE ========================================================= - bugfix: fixed wrong timestamp for timed out rbls - code: score() command now allows integer values - code: setting an empty score removes it from the table - code: duplicate lookups within the same rule are now recognised 1.10pre6 ========= - feature: the new rate() and size() commands offer some basic rate limit controls - feature: new cleanup options: --cleanup-rates - feature: regexps may now be included in // characters - feature: an empty sender address is now replaced by <> - bugfix: some csv-separated itemlists did not work correctly since v1.10pre1 - bugfix: fixed a possible race condition with request cache when config was reloaded via HUP signal 1.10pre5a ========= - bugfix: fixed a possible race condition in rbl_read_dns() function 1.10pre5 ======== - feature: new dnsbl lookup types: rhsbl_client, rhsbl_sender, rhsbl_reverse_client - feature: new caching option --cacheid allows to increase performance and cache efficiency - code: cleanups will only be logged if '-v' was set or if the process took at least 1 second 1.10pre4 ======== - feature: new date items 'days=Sun-Sat' and 'months=Jan-Dec' - feature: all date/time items may now be csv-separated lists - feature: the set command can now have multiple, csv-separated arguments - feature: enhanced use of rblcount and rhsblcount (see doc) - feature: new caching options --cache-no-sender,--cache-rbl-timeout and --cache-rbl-default - feature: new cleanup options: --cleanup-requests and --cleanup-rbls - code: cache cleanups are now performed on interval basis (not per request) which should decrease load on busy systems. - code: warning on multiple definitions of id, action, rblcount and rhsblcount is issued - bugfix: date items may now contain whitespaces (e.g. days = Fri - Sat) 1.10pre3 ======== - feature: all hits for a rule are now logged in the final message - feature: option --shortlog disables logging for some postfwd actions - feature: introduced set() command, which enables setting of variables, which then can be compared to the ruleset to gain performance on repeated item lists (see doc). - feature: introduced new command-line switches --dns_queuesize, --dns_retries and dns_retries to influence the behaviour of DNS lookups - code: restructured code (~+15% speed compared to v1.03, with nodns ruleset) 1.10pre2 ======== - feature: DNS lookups are now parallelized per rule. this increases the performance of dnsbl items (and any other future dns based check) significantly. implementation (per rule): 1.) send dns queries, 2.) process other non-dns items, 3.) evaluate dns results As a downside of this approach the parser does not wait for dns queries anymore, which could result in increased load. you might use the sleep() command to get some delay ;-) 1.10pre1 ======== - feature: the way how request items are compared to the ruleset can now be influenced. =============================================================== ITEM==VALUE true if ITEM equals VALUE ITEM>=VALUE true if ITEM >= VALUE ITEM<=VALUE true if ITEM <= VALUE ITEM~=VALUE true if ITEM ~= /^VALUE$/i ITEM=VALUE old default behaviour =============================================================== - feature: the score() command now allows some basic arithmetic operations (+-*/=) e.g. action=score(*2) will double the current score - feature: you can now refer to request attributes in actions, which will e.g. allow the following: id=R001; rbl=zen.spamhaus.org; \ action=554 5.7.1 see http://www.spamhaus.org/query/bl?ip=$$client_address - feature: introduced extra request attributes sender_localpart, sender_domain, recipient_localpart, recipient_domain and version for use like: id=test01; client_name ~= $$(sender_domain)$; action=score(-0.5) - bugfix: the "=" character could not be used in items - bugfix: negation of items (!!) did not work correctly under some circumstances - bugfix: time was logged incorrectly during request cache cleanups in verbose mode (thanks to Henrik Krohns) - code: restructured some parts of the code for future enhancement options. a plugin interface was prepared and will be included in the final version. perl's -w switch is used now. - note: the documentation has not been fully updated yet. 1.03 ==== - feature: request attributes can now be compared (e.g. to compare client_name and helo_name) - feature: rule items can now be negated (e.g. to compare if client_name does not match helo_name) - feature: extra verbose mode '-vv' now displays much more debug information - feature: -L switch to redirect log output to stdout - feature: new manual section about the parser, other updates - bugfix: caching did not work at end_of_data level because of different queue ids, corrected - bugfix: all numeric items will now match if the request attribute exceeds the corresponding rule item. the negation operator will lead to the opposite effect: ============================================================================= ITEM=VALUE TYPE ============================================================================= rblcount=2 matches if rbl hits >= 2 recipient_count=10 matches if recipients >= 10 size=12345 matches if size >= 12345 encryption_keysize=256 matches if keysize >= 256 encryption_keysize=!!256 matches if keysize < 256 ============================================================================= 1.02 ==== - bugfix: rblcount and rhsblcount did not work correctly since V1.01, corrected 1.01 ==== - feature: multiple rbl, rhsbl and client_address statements in a single rule are now possible - feature: note() command will now log (not warn!). an empty argument suppresses logging - feature: in verbose mode you must set -vv now to see the whole request attributes - feature: cached dnsbl results are now only logged in verbose mode - manual: several minor updates 1.00 ==== - feature: multiple definitions of the same item in a single rule to build groups - feature: rules can span multiple lines by specifying a trailing "\" character - feature: syslog_name can now be set with -l|--logname