postfwd2 1.35 ============= - code: rate(), size() and rcpt() function index is now case insensitive by default (same limit counters for from@example.org and fRom@eXample.org) if you need to treat the localpart case-sensitive according to rfc5321 you may use rate5321(), size5321() and rcpt5321(). - bugfix: fixed segfault when using new perl versions (prevented to work with upstart) postfwd2 1.34 ============= - bugfix: fixed taint mode logging error for verbose --showconfig and --stdoutlog options and newer perl versions. - bugfix: check_* functions use print/getline instead of send/recv for large --dumpcache output (thanks to Alexandre Simon) - code: added more information when using --debug=cleanup - docs: documentation updates - feature: new sendmail(sendmail-path::from::to::subject::body) action. Please take a look at the manual, especially about it's limitations, before using it! ------------------------------------------------------------ # alert action=sendmail(/usr/sbin/sendmail::from@example.org::to@example.org::Subject::Text) ------------------------------------------------------------ postfwd2 1.33 ============= - feature: new compare operators * ==================================================================== ITEM > VALUE true if ITEM > VALUE ITEM < VALUE true if ITEM < VALUE ==================================================================== - bugfix: fixed bug when computing scores with more than 1 digit after the "." (n.nn) - bugfix: fixed bug when computing negative values with the set action - bugfix: ITEMS plugins returning zero values were handled incorrectly - bugfix: max command recursion was not reset for each rule - bugfix: fixed warning about use of (uninitialized value) when STORABLE is available but no cache file was defined postfwd2 1.32 ============= - feature: new option --save_rates= allows to load and save rate limit counters to disk on program start and termination. this allows rate limit persistence during restarts and reboots (requires perl module 'Storable') - feature: the --debugitem="sender=example\.org$" option allows verbose logging for particular requests - feature: the debug() action allows verbose logging for certain rules: ------------------------------------------------------------ id=R01 client_address=1.1.1.1 action=debug(on) id=R02 ... id=R42 action=debug(off) ------------------------------------------------------------ - feature: nested commands are possible now, e.g.: ------------------------------------------------------------ # throttle action=rate(client_address/10/60/wait(3)) ------------------------------------------------------------ - feature: new mail(server/helo/from/to/subject/body) action. Please take a look at the manual, especially about it's limitations, before using it! ------------------------------------------------------------ # alert action=size(recipient_domain/100000000/86400/mail(mailhost/helo/from/to/subject/text)) ------------------------------------------------------------ - feature: --chroot option works now (patch by Lukas Wunner). Look for his notes at http://postfwd.org/postfwd2-chroot.html on how to set up the required chroot environment. postfwd2 1.31 ============= - feature: single cache items can be wiped using --delcache or --delrate options. use --dumpcache to identify - feature: sasl_username is logged if available (thanks to Bernhard Schmidt) - code: rate limit action is executed, if the first request exceeds the limit - code: exceeded ratecounters will not be kept permanently anymore. this allows further requests to pass, if they are below the limit - code: rate limits are evaluated at ruleset stage now, which leads to much more comprehensible behaviour. due to this change the request cache is now disabled, if rate limits are used. use the --fast_limit_evaluation option to return to the former mode. postfwd2 1.30 ============= - feature: new parser enhancement allows to omit the trailing "\" for multi-line rules, if the following lines are prefixed by whitespace characters: -------------------------------------- id=RCPTCOUNT protocol_state == END-OF-MESSAGE client_address != 10.1.1.0/24 recipient_count >= 100 action=REJECT too many recipients -------------------------------------- - feature: new plugin interface (BETA) - feature: Time::HiRes is used if available - feature: multiple rate limits for the same items are supported now - feature: new $$ratecount variable for rate() actions - feature: new option --keep_rates - code: new --debug class 'cleanup' - docs: documentation updates postfwd2 1.22 ============= - general: adapted postfwd1 versioning scheme - feature: queueid is logged when available - bugfix: rate limits did not work correctly (thanks to Yves Blusseau) - docs: documentation updates and fixes (thanks to Vincent Lefevre) postfwd2 1.00 ============= - code: changed the default umask for the server socket to 0111 to support out-of-the-box postfix setup. Use the --server_umask setting to change this - code: --dumpcache command does not require debug mode anymore - code: rate hits included to cache stats - bugfix: rbl checks disabled for ipv6 addresses, cidr compare will switch to default (regex/string) postfwd2 0.22 ============= - feature: Rate limits are completely supported by postfwd2 now. Please note that the cache daemon is required for reliable operation. - bugfix: --syslog_facility could not be changed - code: rate limit code rewritten - code: new --umask, --cache_umask and --server_umask settings allow to set filepermissions for pidfiles and unix domain sockets. New defaults are: * master (pidfile): 0177 (owner rw) * cache (socket): 0177 (owner rw) * server (socket): 0117 (owner and group rw) postfwd2 0.21 ============= - bugfix: Fixed bug when comparing sender and recipient addresses, like "sender=$$recipient". This affects only postfwd2 version 0.20. postfwd2 0.20 ============= - bugfix: Invalid characters in variable substitutions were not correctly catched when the '=' operator was used, like "client_name=$$helo_name". If you can not upgrade for some reason change your rule to "client_name=~$$helo_name" - code: Net::DNS errors will now be handled gracefully - code: default for options --dns_max_ns_a_lookups and --dns_max_mx_a_lookups of 100 postfwd2 0.19 ============= - bugfix: this is a bugfix release for 0.18. anyone affected is encouraged to upgrade. detail: the default behavior for the '=' operator with numeric items (size, recipient_count, ...) changed with version 0.18 to '==' (equals to). now these items are compared '>=' (greater than) again. note: if you are using 0.18 and you are not able upgrade for some reason, please change '=' to '>=' in your ruleset where you mean 'greater than'. postfwd2 0.18 ============= - feature: items may now be retrieved from files using "item=file:/some/where" more information in the postfwd manual (FILES section) - feature: helo_address, and sender_(ns|mx)_addrs can now be csv items - feature: new rcpt() command counts recipients for rate limits (thanks to Sahil Tandon) - code: redirect syslog to stdout for --kill, --reload, --showconfig and --dump(cache|stats) - code: option --reload (HUP signal) now reloads config, if the file is unchanged - code: new --debug classes 'config' and 'request' - code: configuration parser improvements: * rules without defined action will be skipped at configuration stage * undefined ACLs will now be detected and skipped at configuration stage * parser timeout skips loading a rule after 4s, to prevent problems with large files or loops. use --config_timeout to override - bugfix: documentation fixed (missing "action=" in ask() examples) - bugfix: fixed logging of an uninitialized value in cache cleanups postfwd2 0.17 ============= - feature: new compare operators * ==================================================================== ITEM == VALUE true if ITEM equals VALUE ITEM => VALUE true if ITEM >= VALUE ITEM =< VALUE true if ITEM <= VALUE ITEM =~ VALUE true if ITEM ~= /^VALUE$/i *ITEM != VALUE false if ITEM equals VALUE *ITEM !> VALUE false if ITEM >= VALUE *ITEM !< VALUE false if ITEM <= VALUE *ITEM !~ VALUE false if ITEM ~= /^VALUE$/i ITEM = VALUE default behaviour (see ITEMS section) ==================================================================== - feature: added --nodaemon and --stdout options - code: non dns items first: if a rule contains dns and non dns items, the lookups will only be done if all non dns items matched - bugfix: empty pcre with empty sender_(ns|mx)_names was parsed incorrectly. this bug affects postfwd2 versions 0.15 - 0.16 - bugfix: negated pcre items with '~=' operator were parsed incorrectly. this bug affects postfwd2 version 0.16 postfwd2 0.16 ============= - feature: enabled dns cache for sender(ns|mx) and helo address - feature: new options --dns_max_ns_lookups and --dns_max_mx_lookups - code: parent_dns_cache is now disabled by default. use --parent_dns_cache if you have a slow nameserver - bugfix: workaround: Net::Server died if a unix domain socket filename without a dot ('.') was used (B. Frauendienst) postfwd2 0.15 ============= - feature: new items sender_ns_names and sender_ns_addrs - feature: new items sender_mx_names and sender_mx_addrs - feature: new item helo_address, please see docs for more - feature: new parent cache statistics. the command line option --dumpstats uses the --daemons setting now (default: cache,server) - feature: dnsbl txt lookups only for dnsbls with at least one a record. use --dns_async_txt for the old behaviour (see docs for more). - code: summary function went to postfwd::master (and will stay there ;) - code: small performance improvement (5-10%) for pcre (~= or =~) items - bugfix: network 0.0.0.0/0 did not work as expected on all platforms postfwd2 0.14 ============= - code: summary function was moved from postfwd::cache to postfwd::policy. the reduced policy <-> cache communication increases throughput considerably and improves cpu balancing on multiprocessor systems - bugfix: fixed potential division by zero in summary function postfwd2 0.13 ============= - feature: new options --noidlestats and --norulestats - feature: more informative --version - feature: documentation updates - bugfix: disabled parent_cache counters when --summary=0 postfwd2 0.12 ============= - feature: the ask() action allows to delegate the policy decision to another policy service (like postgrey). a new parameter allows to specify answer patterns which should be ignored by postfwd. please look at the 'ACTIONS' section in the manual (postfwd2 -m) for details. - feature: parent-request cache will now only be updated, if a rule matches. if postfwd should cache all requests, you must place a last rule: id=DEFAULT; action=dunno - bugfix: reorganised some parent-cache loggings for -vv and *cache debug classes postfwd2 0.11 ============= - bugfix: all postfwd settings are now detainted - bugfix: cache-update used an uninitialized value when no rule had hit postfwd2 0.10 ============= - bugfix: command line arguments --pidfile postfwd2 0.09 ============= - bugfix: command line arguments --user and --group were not correctly de-tainted postfwd2 0.08 ============= - bugfix: command line argument --pid_file was ignored - bugfix: command line argument --manual (-m) did not work postfwd2 0.07 ============= - first semi-public release of postfwd2 - full ruleset compatibility, no changes required when migrating from postfwd v1 - new architecture: * Net::Server::PreFork ruleset processor (server) forks new child for any request * Net::Server::Multiplex for parent cache offers a shared request, dns and rate cache for postfwd2 children * Net::Server::Daemonize for master process controls server and cache (watchdog function) and allows direct access to statistics, cache-contents, ... from the command-line - many new commandline options (see postfwd2 -h) for more information