1v1.38
2=====
3- bugfix:    fix for AutoCacheID and rulesets containing no items
4
51.37
6====
7- code:    new options --stdin and --cmd re-enable the ability  to check requests at
8	   the commmand-line without opening a network socket
9	   (this was broken since version 1.36, see manpage for more info)
10
111.36
12====
13- feature: new items postfwd_port and postfwd_interface, allow to use the same
14           ruleset for different instances of postfwd
15- code:    code changes for --stdout and --nodaemon options allow to run postfwd in a
16	   docker container. An example can be found in the ../docker folder of the
17	   main distribution or at http://postfwd.org/docker
18- code:    allowed several postfwd2 specific command-line arguments, to allow easy
19	   switching between versions by using the same startscript.
20- code:    new AutoCacheID feature enhances effectivity of the builtin request cache
21
221.35
23====
24- code:    rate(), size() and rcpt() function index is now case insensitive by default
25	   (same limit counters for from@example.org and fRom@eXample.org)
26           if you need to treat the localpart case-sensitive according to rfc5321
27	   you may use rate5321(), size5321() and rcpt5321()
28
291.34
30====
31- bugfix:  fixed taint mode logging error for verbose --showconfig and --stdoutlog
32	   options and newer perl versions.
33- bugfix:  check_* functions use print/getline instead of send/recv for large
34	   --dumpcache output (thanks to Alexandre Simon)
35- code:    log_* routines added to allow the same plugins for postfwd1 and postfwd2
36- code:    added more information when using --debug=cleanup
37- docs:    documentation updates
38- feature: new sendmail(sendmail-path::from::to::subject::body) action.
39           Please take a look at the manual, especially about
40           it's limitations, before using it!
41    ------------------------------------------------------------
42     # alert
43     action=sendmail(/usr/sbin/sendmail::from@example.org::to@example.org::Subject::Text)
44    ------------------------------------------------------------
45
46
471.33
48====
49- feature: new compare operators *
50        ====================================================================
51         *ITEM > VALUE                true if ITEM > VALUE
52         *ITEM < VALUE                true if ITEM < VALUE
53        ====================================================================
54- bugfix:  fixed bug when computing scores with more than 1 digit after the "." (n.nn)
55- bugfix:  fixed bug when computing negative values with the set action
56- bugfix:  ITEMS plugins returning zero values were handled incorrectly
57- bugfix:  max command recursion was not reset for each rule
58
59
601.32
61====
62- feature: new option --save_rates=<file> allows to load and save
63	   rate limit counters to disk on program start and termination.
64	   this allows rate limit persistence during restarts and reboots
65	   (requires perl module 'Storable')
66- feature: the --debugitem="sender=example\.org$" option
67           allows verbose logging for particular requests
68- feature: the debug() action allows verbose logging for certain
69           rules:
70    ------------------------------------------------------------
71     id=R01
72        client_address=1.1.1.1
73        action=debug(on)
74     id=R02
75     ...
76     id=R42
77        action=debug(off)
78    ------------------------------------------------------------
79- feature: nested commands are possible now, e.g.:
80    ------------------------------------------------------------
81     # throttle
82     action=rate(client_address/10/60/wait(3))
83    ------------------------------------------------------------
84- feature: new mail(server/helo/from/to/subject/body) action.
85           Please take a look at the manual, especially about
86           it's limitations, before using it!
87    ------------------------------------------------------------
88     # alert
89     action=size(recipient_domain/100000000/86400/mail(mailhost/helo/from/to/subject/text))
90    ------------------------------------------------------------
91
921.31
93====
94- feature: single cache items can be wiped using --delcache <item>
95	   or --delrate <item> options. use --dumpcache to identify
96- feature: sasl_username is logged if available
97	   (thanks to Bernhard Schmidt)
98- code:    rate limit action is executed, if the first request exceeds the limit
99- code:    exceeded ratecounters will not be kept permanently anymore. this
100	   allows further requests to pass, if they are below the limit
101- code:	   rate limits are evaluated at ruleset stage now, which leads to
102	   much more comprehensible behaviour. due to this change the request
103	   cache is now disabled, if rate limits are used. use the
104	   --fast_limit_evaluation option to revert to the former mode.
105
1061.30
107====
108- feature: new parser enhancement allows to omit the trailing "\" for multi-line rules,
109	   if the following lines are prefixed by whitespace characters:
110		--------------------------------------
111		 id=RCPTCOUNT
112		    protocol_state  == END-OF-MESSAGE
113		    client_address  != 10.1.1.0/24
114		    recipient_count >= 100
115		    action=REJECT too many recipients
116		--------------------------------------
117- feature: new plugin interface (BETA)
118- feature: Time::HiRes is used if available
119- feature: new $$ratecount variable for rate() actions
120- feature: ported --dumpstats and --dumpcache option from postfwd2
121- bugfix:  fixed program usage statistics (--summary)
122- docs:    documentation updates
123
1241.22
125=====
126- feature: new option --keep_rates
127- feature: queueid is logged when available
128- bugfix:  rate limits using the same item and the same limits
129           did not work correctly (thanks to Yves Blusseau):
130		id=INT01; INT_DOMAIN==1; \
131			action=rate(sender/100/60/450 4.7.1 too much for internal domains)
132		id=EXT01; EXT_DOMAIN==1; \
133			action=rate(sender/100/60/450 4.7.1 too much for external domains)
134- bugfix:  small fix for cleanup of old rate limits
135- docs:    documentation updates and fixes (thanks to Vincent Lefevre)
136
1371.21
138=====
139- feature: postfwd supports multiple rate limits to the same items now.
140	   this means that the following will now work as expected:
141		id=R001; recipient_count>=100; action=rate(sender/3/3600/WARN state RED)
142		id=R002; recipient_count>=100; action=rate(sender/2/3600/WARN state YELLOW)
143		id=R003; recipient_count>=100; action=rate(sender/1/3600/WARN state GREEN)
144- code:    ported command-line option --facility from postfwd2
145- docs:    documentation updates and fixes (thanks to Vincent Lefevre)
146
1471.20
148=====
149- code:    changed the default umask for the server socket to 0111
150           to support out-of-the-box postfix setup. Use the
151           --umask setting to change this
152- bugfix:  rbl check could fail on multiple dnsbl answers
153- bugfix:  rbl checks disabled for ipv6 addresses, cidr compare
154	   will switch to default (regex/string)
155
1561.19
157=====
158- code:    Rate limit code rewritten
159- code:    new --umask setting allows to set filepermissions for pidfiles
160	   and unix domain sockets. Default is 0117 (owner and group rw).
161
1621.18
163=====
164- bugfix:  Fixed bug when comparing sender and recipient addresses, like
165	   "sender=$$recipient". This affects only postfwd version 1.17.
166
1671.17
168=====
169- bugfix:  Invalid characters in variable substitutions were not correctly catched when
170           the '=' operator was used, like "client_name=$$helo_name". If you can not
171           upgrade for some reason change your rule to "client_name=~$$helo_name"
172- code:    Net::DNS errors will now be handled gracefully
173- code:    default for options --dns_max_ns_a_lookups and --dns_max_mx_a_lookups of 100
174
1751.16
176=====
177- bugfix:  this is a bugfix release for 1.15. anyone affected is encouraged to upgrade.
178	   detail: the default behavior for the '=' operator with numeric items
179	   (size, recipient_count, ...) changed with version 1.15 to '==' (equals to).
180	   now these items are compared '>=' (greater than) again.
181	   note: if you are using 1.15 and you are not able upgrade for some reason,
182	   please change '=' to '>=' in your ruleset where you mean 'greater than'.
183
1841.15
185=====
186- feature: items may now be retrieved from files using "item=file:/some/where"
187	   more information in the postfwd manual (FILES section)
188- feature: helo_address, and sender_(ns|mx)_addrs can now be csv items
189- feature: new rcpt() command counts recipients for rate limits (thanks to Sahil Tandon)
190- code:    redirect syslog to stdout for --kill, --reload and --showconfig
191- code:    option --reload (HUP signal) now reloads config, if the file is unchanged
192- code:	   configuration parser improvements:
193	   * rules without defined action will be skipped at configuration stage
194	   * undefined ACLs will now be detected and skipped at configuration stage
195	   * parser timeout skips loading a rule after 4s, to prevent problems with
196	     large files or loops. use --config_timeout to override
197- bugfix:  documentation fixed (missing "action=" in ask() examples)
198
1991.14
200=====
201- feature: new compare operators *
202        ====================================================================
203         ITEM == VALUE                true if ITEM equals VALUE
204         ITEM => VALUE                true if ITEM >= VALUE
205         ITEM =< VALUE                true if ITEM <= VALUE
206         ITEM =~ VALUE                true if ITEM ~= /^VALUE$/i
207         *ITEM != VALUE               false if ITEM equals VALUE
208         *ITEM !> VALUE               false if ITEM >= VALUE
209         *ITEM !< VALUE               false if ITEM <= VALUE
210         *ITEM !~ VALUE               false if ITEM ~= /^VALUE$/i
211         ITEM =  VALUE                default behaviour (see ITEMS section)
212        ====================================================================
213- feature: added --nodaemon option
214- code:    non dns items first: if a rule contains dns and non dns items, the
215	   lookups will only be done if all non dns items matched
216- bugfix:  empty pcre with empty sender_(ns|mx)_names was parsed incorrectly.
217	   this bug affects postfwd versions 1.12 - 1.13
218- bugfix:  negated pcre items with '~=' operator were parsed incorrectly.
219	   this bug affects postfwd version 1.13
220
2211.13
222=====
223- feature: enabled dns cache for sender(ns|mx) and helo address
224- feature: new options --dns_max_ns_lookups and --dns_max_mx_lookups
225- bugfix:  workaround: Net::Server died if a unix domain socket
226	   filename without a dot ('.') was used (B. Frauendienst)
227
2281.12
229=====
230- feature: new items sender_ns_names and sender_ns_addrs
231- feature: new items sender_mx_names and sender_mx_addrs
232- feature: new item helo_address, please see docs for more
233- feature: added --proto switch, to enable the use of unix domain sockets
234	   (thanks to Bernhard Frauendienst)
235- feature: added command-line options --kill and --reload
236	   (of course you can still use TERM and HUP signals)
237- feature: dnsbl txt lookups only for dnsbls with at least one a record.
238	   use --dns_async_txt for the old behaviour (see docs for more).
239- code:    small performance improvement (5-10%) for pcre (~= or =~) items
240- bugfix:  network 0.0.0.0/0 did not work as expected on all platforms
241- bugfix:  postfwd tried to chop() an uninitialized value when sending
242	   garbage (non policy delegation protocol requests) to it.
243
2441.11
245=====
246- feature: the ask() action allows to delegate the policy decision to another
247           policy service (like postgrey). a new parameter allows to specify
248           answer patterns which should be ignored by postfwd. please look
249           at the 'ACTIONS' section in the manual (postfwd2 -m) for details.
250- feature: new options --noidlestats and --norulelog
251- feature: more informative --version
252- feature: documentation updates
253
254
255**************************************************************************************************
256ATTENTION:  requirements changed - postfwd since v1.10pre8 now uses Net::DNS.
257	    Net::DNS::Async and Net::CIDR::Lite are not required anymore.
258NOTE:       please see the docs ('postfwd -m' or 'perldoc postfwd') for more information
259**************************************************************************************************
260
2611.10pre8b
262==========
263- bugfix:  fixed two warnings about logging of undefined values in verbose mode
264
2651.10pre8a
266==========
267- bugfix:  item plugins have been made available as cache-id items. this fixes a minor issue with
268	   --cache-rdomain-only and version 1.10pre8
269
2701.10pre8
271=========
272- code:    Net::DNS::Async is no longer used. The parameters --dns_queuesize and
273           --dns_retries are still valid but have no function. The option --dns_timeout
274           now defaults to 14s and applies to all rules containing dns items.
275- code:    Net::CIDR::Lite is not required any longer.
276- feature: the new variable $$request_hits contains a list of all matching ruleids
277- feature: the new variable $$dnsbltext allows access to txt records of rbls
278- feature: new options --no-rulestats and --nodnslog
279- feature: ttls of the dns responses override --cache-rbl-timeout when bigger, which means
280           that you can set the option to 0 if you want to use the ttl of the dns answer.
281- feature: new item "rhsbl_helo" allows to check helo against rhsbls
282- bugfix:  disabled fallback to synchronous dns on timed out rbls, default is now
283	   to disable non responding dnsbls after 11 timeouts for 1200 seconds.
284	   use --dns_timeout_max and --dns_timeout_interval to adjust these settings.
285- bugfix:  days=Wed now means exactly Wednesday. to use a range you may
286           still specify days=Wed- days=-Wed and days=Tue-Thu
287           this applies to all date and time items
288- code:    --shortlog is now default behaviour (use -v to see more)
289- code:    changed Net::Server behaviour to ignore syslog errors
290
291
2921.10pre7c
293==========
294- note:    1.10pre7c does not contain any code-changes to the postfwd daemon.
295           this release only fixes some issues when buidling packages.
296- bugfix:  set permissions of manpage dirs to 755
297- bugfix:  manpage has gone to section 8
298- bugfix:  postfwd-rblcheck.pl has gone to the tools folder
299- bugfix:  documentation now refers to request.sample
300
3011.10pre7b
302==========
303- bugfix:  inter-section links in documentation did not work correctly
304           (thanks to Alexander 'Leo' Bergolth)
305
3061.10pre7a
307==========
308- bugfix:  implemented workaround for possible crash of Sys::Syslog when syslog
309           daemon is unavailable (thanks to Henrik Krohns)
310- bugfix:  changed syslog socktype on solaris
311
3121.10pre7
313=========
314- feature: $$request_score may now be used to access a request's score
315- feature: auto-deactivation of non-responding dnsbls; please see the
316           new --cleanup-timeouts and --dns_timeout_max options
317- feature: the set command allows some basic operations:
318  =========================================================
319   action=set(ITEM+=VALUE)     adds VALUE to ITEM
320   action=set(ITEM-=VALUE)     substracts VALUE from ITEM
321   action=set(ITEM*=VALUE)     multiplies ITEM by VALUE
322   action=set(ITEM/=VALUE)     divides ITEM through VALUE
323   action=set(ITEM.=VALUE)     concatenates ITEM and VALUE
324   action=set(ITEM==VALUE)     sets ITEM to VALUE
325   action=set(ITEM=VALUE)      default: sets ITEM to VALUE
326  =========================================================
327- bugfix:  fixed wrong timestamp for timed out rbls
328- code:    score() command now allows integer values
329- code:    setting an empty score removes it from the table
330- code:    duplicate lookups within the same rule are now recognised
331
3321.10pre6
333=========
334- feature: the new rate() and size() commands offer some basic rate limit controls
335- feature: new cleanup options: --cleanup-rates
336- feature: regexps may now be included in // characters
337- feature: an empty sender address is now replaced by <>
338- bugfix:  some csv-separated itemlists did not work correctly since v1.10pre1
339- bugfix:  fixed a possible race condition with request cache when config was reloaded via HUP signal
340
3411.10pre5a
342=========
343- bugfix:  fixed a possible race condition in rbl_read_dns() function
344
3451.10pre5
346========
347- feature: new dnsbl lookup types: rhsbl_client, rhsbl_sender, rhsbl_reverse_client
348- feature: new caching option --cacheid allows to increase performance and cache efficiency
349- code:    cleanups will only be logged if '-v' was set or if the process took at least 1 second
350
3511.10pre4
352========
353- feature: new date items 'days=Sun-Sat' and 'months=Jan-Dec'
354- feature: all date/time items may now be csv-separated lists
355- feature: the set command can now have multiple, csv-separated arguments
356- feature: enhanced use of rblcount and rhsblcount (see doc)
357- feature: new caching options --cache-no-sender,--cache-rbl-timeout and --cache-rbl-default
358- feature: new cleanup options: --cleanup-requests and --cleanup-rbls
359- code:    cache cleanups are now performed on interval basis (not per request)
360           which should decrease load on busy systems.
361- code:    warning on multiple definitions of id, action, rblcount and rhsblcount is issued
362- bugfix:  date items may now contain whitespaces (e.g. days = Fri - Sat)
363
3641.10pre3
365========
366- feature: all hits for a rule are now logged in the final message
367- feature: option --shortlog disables logging for some postfwd actions
368- feature: introduced set() command, which enables setting of variables, which then can be
369           compared to the ruleset to gain performance on repeated item lists (see doc).
370- feature: introduced new command-line switches --dns_queuesize, --dns_retries and dns_retries
371           to influence the behaviour of DNS lookups
372- code:    restructured code (~+15% speed compared to v1.03, with nodns ruleset)
373
3741.10pre2
375========
376- feature: DNS lookups are now parallelized per rule. this increases the performance of dnsbl
377           items (and any other future dns based check) significantly. implementation (per rule):
378           1.) send dns queries, 2.) process other non-dns items, 3.) evaluate dns results
379           As a downside of this approach the parser does not wait for dns queries anymore, which
380           could result in increased load. you might use the sleep() command to get some delay ;-)
381
3821.10pre1
383========
384- feature: the way how request items are compared to the ruleset can now be influenced.
385  ===============================================================
386   ITEM==VALUE                     true if ITEM equals VALUE
387   ITEM>=VALUE                     true if ITEM >= VALUE
388   ITEM<=VALUE                     true if ITEM <= VALUE
389   ITEM~=VALUE                     true if ITEM ~= /^VALUE$/i
390   ITEM=VALUE                      old default behaviour
391  ===============================================================
392- feature: the score() command now allows some basic arithmetic operations (+-*/=)
393           e.g. action=score(*2) will double the current score
394- feature: you can now refer to request attributes in actions, which will e.g. allow the following:
395           id=R001; rbl=zen.spamhaus.org; \
396		action=554 5.7.1 see http://www.spamhaus.org/query/bl?ip=$$client_address
397- feature: introduced extra request attributes sender_localpart, sender_domain,
398           recipient_localpart, recipient_domain and version for use like:
399             id=test01; client_name ~= $$(sender_domain)$; action=score(-0.5)
400- bugfix:  the "=" character could not be used in items
401- bugfix:  negation of items (!!) did not work correctly under some circumstances
402- bugfix:  time was logged incorrectly during request cache cleanups in verbose mode
403           (thanks to Henrik Krohns)
404- code:    restructured some parts of the code for future enhancement options. a plugin interface
405           was prepared and will be included in the final version. perl's -w switch is used now.
406- note:    the documentation has not been fully updated yet.
407
4081.03
409====
410- feature: request attributes can now be compared (e.g. to compare client_name and helo_name)
411- feature: rule items can now be negated (e.g. to compare if client_name does not match helo_name)
412- feature: extra verbose mode '-vv' now displays much more debug information
413- feature: -L switch to redirect log output to stdout
414- feature: new manual section about the parser, other updates
415- bugfix:  caching did not work at end_of_data level because of different queue ids, corrected
416- bugfix:  all numeric items will now match if the request attribute exceeds the corresponding
417           rule item. the negation operator will lead to the opposite effect:
418  =============================================================================
419   ITEM=VALUE                            TYPE
420  =============================================================================
421   rblcount=2                            matches if rbl hits   >= 2
422   recipient_count=10                    matches if recipients >= 10
423   size=12345                            matches if size       >= 12345
424   encryption_keysize=256                matches if keysize    >= 256
425   encryption_keysize=!!256              matches if keysize    <  256
426  =============================================================================
427
4281.02
429====
430- bugfix:  rblcount and rhsblcount did not work correctly since V1.01, corrected
431
4321.01
433====
434- feature: multiple rbl, rhsbl and client_address statements in a single rule are now possible
435- feature: note() command will now log (not warn!). an empty argument suppresses logging
436- feature: in verbose mode you must set -vv now to see the whole request attributes
437- feature: cached dnsbl results are now only logged in verbose mode
438- manual:  several minor updates
439
4401.00
441====
442- feature: multiple definitions of the same item in a single rule to build groups
443- feature: rules can span multiple lines by specifying a trailing "\" character
444- feature: syslog_name can now be set with -l|--logname <label>
445- bugfix:  fixed bug in acl parser (no "}" character could be used in ACLs)
446
4470.99p
448=====
449- bugfix: size and rcpt_count were checked as minimum values
450          now they are correctly interpreted as maximum.
451
4520.99o
453=====
454- feature: date and time based rules
455- feature: macros (please see doc)
456- feature: slightly changed statistics output
457
4580.99n
459=====
460- first public beta version
461
462
463