"Fossies" - the Fresh Open Source Software Archive

Member "hermes-1.9/ChangeLog" (9 Sep 2014, 15325 Bytes) of package /linux/privat/hermes-1.9.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ChangeLog": 1.8_vs_1.9.

    1 ChangeLog
    2 ---------
    3 
    4 2014-10-09 06:54 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
    5 
    6 * fix a bug with certificate handling, load a full chain from a file if a
    7 availabe
    8 * fix building on win32
    9 
   10 2014-06-28 18:46 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
   11 
   12 * add more information to the headers injected by hermes
   13 * make ip matching for sqlite-black/whitelisted a strict match instead of a
   14 loose one
   15 * fix build issues on newer compilers
   16 
   17 Older changes which were not previously released:
   18 
   19 * number_of_unimplemented_commands_allowed option to limit the number of
   20 unimplemented commands a server can return.
   21 * mark ssl IO as such
   22 * try to detect if ssl will not work before accepting ssl connections
   23 * change to how we manage SSL initialization. It needs to be done in two steps
   24 to be able to return the correct smtp code in case of failure
   25 * ignore SIGPIPE and SIGCHLD. this was causing hermes to randomly finish
   26 * fix bug when trying to enable ssl and not suceeding. now we handle it
   27 gracefully instead of failing and randomly crashing
   28 * add spf-fail to the headers
   29 * add the add_status_header_if_dns_listed option
   30 * fix small bug in the percentage estimation optimization
   31 * add option to control verboseness of log
   32 * report PID at startup
   33 * fix stats submission
   34 * make filelogger log more similar to unixlogger
   35 * fixes for win32
   36 * quick get_canonical_filename version for win32
   37 
   38 2011-01-08 19:28 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
   39 
   40 * fixed NullLogger
   41 
   42 2011-01-08 17:22 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
   43 
   44 * fixed small bug when submitting stats that would stop the thread that
   45 submits them
   46 
   47 
   48 2011-01-08 02:27 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
   49 
   50 * revamped logging system. hopefully, messages will be more informative now
   51 
   52 
   53 2011-01-06 23:53 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
   54 
   55 * development restarted
   56 
   57 * print a small message about which config file we are actually using. Some
   58 people seem to have gotten confused about this...
   59 
   60 
   61 2008-12-14 20:17 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
   62 
   63 * Implemented log rotation for filelogger. Sponsored by Damir Simunic of
   64 http://edgeof.net
   65 
   66 * Disable chunking extension, it interferes with hermes operation
   67 
   68 * Updated email address... again
   69 
   70 
   71 2008-08-30 21:35 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
   72 
   73 * Updated email address.
   74 
   75 
   76 2007-11-28 19:54 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
   77 
   78 * Fixed some sqls
   79 
   80 
   81 2007-11-20 19:14 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
   82 
   83 * Added a small feature sponsored by http://www.pixelkinder.com. It allows to 
   84 specify a list of valid ips for each domain, if a mail comes from an ip not on 
   85 the list, then reject it.
   86 
   87 
   88 2007-10-02 11:33 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
   89 
   90 * Add blacklisting based on the "to" address and domain. Useful to migrate
   91 sites and to correct MTAs errors.
   92 
   93 
   94 2007-07-20 20:03 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
   95 
   96 * 1.6 release
   97 
   98 * Bugs:
   99 
  100 * Fixed a DoS-causing, remotely explitable bug in Proxy.cpp. This bug only affects version 1.3 to
  101 1.5, both inclusive. If you are using either 1.3, 1.4 or 1.5 UPDATE NOW.
  102 Thanks to Veit Wahlich for finding and reporting the bug and for submitting
  103 a preeliminar patch.
  104 
  105 * While looking for similar vulnerabilities in the code, found a small
  106 incorrection, although it doesn't have security implications.
  107 
  108 
  109 2007-07-19 12:57 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  110 
  111 * 1.5 release
  112 
  113 * Enhancements:
  114 
  115 * Allow permanently rejecting mails with dnsbl or spf errors. To use configure
  116 return_temp_error_on_reject as false (default). To keep the old behaviour,
  117 configure the above option as true.
  118 
  119 * File logger can now be configured to only open the file sporadically to
  120 write its buffer. This allows for external log rotators on platforms that
  121 can't rename an open file (i.e. windows). The option is called
  122 keep_file_locked. To use the new behaviour, configure as false, to keep the
  123 old one configure as true.
  124 
  125 * Implemented win32 service support. To enable, configure with
  126 --enable-win32-service. The windows build on the website are already compiled
  127 with this option. To install the service execute:
  128 
  129 c:\hermes> hermes -install
  130 
  131 To uninstall:
  132 
  133 c:\hermes> hermes -uninstall
  134 
  135 To start:
  136 
  137 c:\hermes> net start hermes
  138 
  139 To stop:
  140 
  141 c:\hermes> net stop hermes
  142 
  143 Of course, you can also use the service manager to start and stop the service.
  144 Using the service code there's a big warning everyone should read:
  145 
  146 The config file MUST be named "hermes.ini" and be located on the same
  147 directory as "hermes.exe". Also, since hermes is started from another
  148 directory, you have to specify the full path to the database:
  149 
  150 database_file = "c:\hermes\greydatabase.db"
  151 
  152 
  153 
  154 * Fixes:
  155 
  156 * Fix SPF requests to be synchronized. I haven't seen a single failure from
  157 this, but this is the right way.
  158 
  159 * Removed an stale debug statement. It could be noticed when starting hermes
  160 that the list of dns white/black lists was printed on the standard output.
  161 
  162 * dns_{white,black}list_percentage now defaults to 100. Setting it to 0 makes
  163 no sense and makes all your emails to be considered white/black listed.
  164 
  165 * Fixed spec file to include the AUTHORS file.
  166 
  167 * The value of spf_query now defaults to true when compiled with SPF support.
  168 
  169 * Applied patch by Veit Wahlich that fixes stats submission to be each 60
  170 minutes exactly. Previously it would send the stats on intervals of
  171 approximattely 60 minutes.
  172 
  173 * Whitelisting IPs is now partial like blacklisting. For example, whitelisting
  174 192.168.0 will whitelist 192.168.0.* (192.168.0.0/24)
  175 
  176 * Small fixes to the building system.
  177 
  178 
  179 2007-06-14 20:23 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  180 
  181 * 1.4 release
  182 
  183 * Enhancements:
  184 
  185 * SPF: if you enable query_spf, everytime someone gets through greylisting,
  186 they will be checked for spf compliance. If they either FAIL or SOFTFAIL, they
  187 will be rejected.
  188 
  189 * Specify your hostname on the config file (option hostname). If it's empty,
  190 it gets filled by gethostname() (as before)
  191 
  192 * DNS Whitelisting: similar to DNS Blacklisting, but the other way around.
  193 
  194 * DNS Whitelisting and DNS Blacklisting both support querying more than one
  195 server at a time. It means that you don't have to rely 100% on a dns list, but
  196 can use more than one. To control how many of the list need to list a server,
  197 use dns_{black,white}list_percentage option on config file.
  198 
  199 * If you define now whitelisted_disables_everything, whitelisted host will not
  200 be forced to go through throttling and banner delaying (or anything else).
  201 
  202 * Blacklisting is now partial. That means that if you blacklist 192.168.0. you
  203 are actually blacklisting 192.168.0.* (192.168.0.0/24 if you prefer)
  204 
  205 * Added the	throttling_time option that controls how much we sleep between
  206 lines when throttling a connection.
  207 
  208 * Changed logging format. Should be clearer now, although there are still some
  209 things I'd like to change.
  210 
  211 * We are also logging now also when someone gets their connection dropped
  212 because of throttling or data-before-banner (or black/whitelisting, spf, etc. ).
  213 It should help to get a better feeling of how much spam we are stopping with 
  214 these techniques.
  215 
  216 * We now can reject emails if peer doesn't have an inverse resolution (patch
  217 by Veit Wahlich) or if the inverse resolution doesn't match the helo string.
  218 Both of these features should be used with extreme care, and are disabled by
  219 default. You shouldn't use them if you don't know what you are doing.
  220 
  221 
  222 * Fixes:
  223 
  224 * FileLogger.cpp: file logging now flushes its buffer after a few lines (15).
  225 This should update the log on file more often.
  226 
  227 * Configfile.tmpl: when compiling on windows, all default values should be
  228 valid
  229 
  230 * Fixed a bug when closing the filelogger file (most people noticed that
  231 hermes crashed when closing when using file logger).
  232 
  233 * Changed the X-Anti-Spam-Proxy header to be more clear.
  234 
  235 * Fixed all typos with wether to whether
  236 
  237 * Fixed a minor RFC-strict error when defining the non-existing extension
  238 
  239 * Timezone _should_ be correct now on windows. If it isn't, write to the
  240 mailing list with an example and why you think it's incorrect.
  241 
  242 * Fixed configure.in. If you specify now --disable-openssl it will disable
  243 openssl even if you have it installed
  244 
  245 * Updated the .spec file (thanks again to Veit Wahlich's patch)
  246 
  247 * Added AUTHORS file and also added lot's of docs to the windows release.
  248 
  249 2007-05-18 20:11 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  250 
  251 * 1.3 release
  252 
  253 * added the add_headers option, will add the rfc-required "Received" headers
  254 should give a better idea of where emails are coming/going
  255 
  256 * also added date to logging when it is done to a file
  257 
  258 * fixed filelogger, should now use file_logger_file config option
  259 
  260 * windows version can now resolve addresses, so rbl works and also you can now
  261 use fancy names like "localhost" instead of ugly ips like "127.0.0.1"
  262 
  263 * updated rpm, hopefully everything should be ok now
  264 
  265 2007-05-13 18:21 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  266 
  267 * 1.2 release
  268 
  269 * added rbl checking. Simply define rbl_domain in configfile
  270 
  271 2007-04-20 12:04 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  272 
  273 * Added an option to configure the initial delay of the SMTP banner
  274 
  275 2007-04-19 20:28 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  276 
  277 * Bugfix 1.1 release
  278 
  279 * Implemented the bind_to config option. Defining bind_to in the configfile
  280 will force hermes to only bind to one ip.
  281 
  282 * Fixed a small bug when closing hermes with clean_db=false (it would segfault
  283 previously)
  284 
  285 * Added more documentation and updated http://www.hermes-project.com
  286 
  287 2007-04-16 19:48 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  288 
  289 * Initial 1.0 release
  290 
  291 2007-04-09 20:27 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  292 
  293 * *.{h,cpp}: add GPL license to all source files. also added gpl.txt with the
  294 full license text on /docs
  295 
  296 * Makefile.am: configure automake more correctly (not a lot, probably still
  297 very wrong)
  298 
  299 * TODO: cleaned up a bit
  300 
  301 2007-04-09 18:57 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  302 
  303 * *.{h,cpp}: Ifdef'd all output to terminal. From now on if you want all that
  304 output, define REALLY_VERBOSE_DEBUG on config.h (once it is generated)
  305 
  306 * generate_config.pl: generate also a default config file from the information
  307 on Configfile.tmpl
  308 
  309 2007-03-18 19:16 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  310 
  311 * *Logger.{h,cpp}: Implement logging as a base class with different subclasses
  312 depending on a configure option. Also added option to Configfile.tmpl to
  313 configure the filename for FileLogger.
  314 This change will allow us to port hermes more easily to other platforms,
  315 specially non-unix(i.e. win32), but also will help if we don't have a logger
  316 installed or if it's not compatible with the common interface (I'm using
  317 metalog, btw).
  318 
  319 2007-03-18 17:06 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  320 
  321 * *: change all instances of spit to hermes to reflect project's new name
  322 
  323 2007-03-09 18:19 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  324 
  325 * Database.*: modified cleanDB, now the method counts the number of spams we
  326 have blocked since the last time we cleaned
  327 
  328 * spit.cpp: if we have configured it, send the number of spams blocked to a
  329 server to keep the statistics
  330 
  331 * Configfile.tmpl: added options to configure the previous changes.
  332 submit_stats (bool) submit_stats_username (string) and submit_stats_password
  333 (string)
  334 
  335 2007-02-14 18:20 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  336 
  337 * *.*: change all calls to Exception constructor to send also the file name and line
  338 number
  339 
  340 2007-02-12 19:03 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  341 
  342 * Socket.*: new option setTimeout, sets the timeout for receive/send operations, should
  343 help with the sockets getting blocked on recv() or send()
  344 
  345 * Exception.*: new constructor accepts a filename and line number. The idea is to migrate
  346 all calls to Exception to this new constructor so that errors get printed with their source
  347 filename and line number to make debugging easier.
  348 
  349 2007-02-10 17:25 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  350 
  351 * Configfile.*: changed Configfile.{cpp,h} to be generated from Configfile.tmpl and
  352 Configfile.{cpp,h}.in . It should be MUCH easier to add new config options
  353 from now on. As a proof, adding options for the time to greylist and the
  354 initial delay were a breeze compared to before.
  355 
  356 * spit.cpp: instead of sending the data for thread_main in a pointer, send a
  357 pointer to a stack and just pop the last element added.
  358 
  359 2006-11-12 21:22 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  360 
  361 * updated changelog to use gnu coding standards
  362 
  363 * autotoolize spit
  364 * Makefile.am
  365 * configure.in
  366 * Config.h: rename class to Configfile
  367 
  368 2006-10-22 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  369 
  370 * Socket.cpp: now creates the ssl context and loads certificates on the first socket
  371 creation, so we now use less memory per-thread, AND we also load the certs
  372 BEFORE chrooting, so now private_key and certificate DON'T need to be
  373 (and are NOT recomended) INSIDE the chroot, which is a cool security feature.
  374 
  375 2006-10-21 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  376 
  377 * SQL.cpp: Changed SQL class so that every query is made through doQuery, that
  378 controls that everything works the right way.
  379 
  380 * Exception.cpp: When an Exception ocurrs, we notify it by email, either through smtp
  381 or through sendmail
  382 
  383 2006-10-15 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  384 
  385 * Config.cpp: Fixed Config.cpp::validateConfig to take into account chrooting
  386 
  387 * Socket.cpp: Fixed Socketp.cpp::close, we were sometimes closing fds twice
  388 
  389 * main.cpp: if you send SIGINT or SIGTERM once you close gracefully, if you do
  390 it twice, you forcefully stop the program, for when a socket is waiting to timeout,
  391 and you can't restart the proxy in-between
  392 
  393 2006-10-12 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  394 
  395 * Config.cpp: Overhauled Config class
  396 
  397 * main.cpp: fixed chrooting, now only /etc/resolv.conf is needed
  398 
  399 2006-10-08 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  400 
  401 * Socket.cpp: ssl is now fully working
  402 decimal time for waiting in Socket::canRead
  403 
  404 * SQL.cpp: whitelisting based on hostname of peer added.
  405 
  406 * Logger.cpp: implements a logger for unix
  407 
  408 * preeliminary port to solaris 10
  409 
  410 2006-09-24 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  411 
  412 * LOTS of bugfixes, some change in semantics and a bit of heavy-work
  413 testing. Should be MUCH more stable now.
  414 
  415 2006-09-18 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  416 
  417 * main.cpp (main): Made threads detached to allow them to free resources
  418 
  419 2006-09-17 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  420 
  421 * main.cpp (main): Create a thread to clean the database each hour
  422 Threads now clean themselves up when finishing
  423 
  424 2006-09-16 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  425 * Initial import to svn