Changelog for amavisd-new-docs-2.8.0-92.8.i586.rpm :
Wed May 29 14:00:00 2013
- Fix multiple bugs in systemd unit, should
not be used and Wants must be used instead of requires in most

Thu May 2 14:00:00 2013
- use %defattr correctly to make /var/spool/amavis not worldreadable.

Mon Feb 25 13:00:00 2013
- Install amavisd.service accordingly (/usr/lib/systemd for 12.3
and up or /lib/systemd for older versions).

Wed Feb 6 13:00:00 2013
- update to version 2.8.0

* removed an old compatibility measure: default value of AATTbanned_admin_maps
was changed from:
AATTbanned_admin_maps = (\\$banned_admin, \\%virus_admin, \\$virus_admin);
to a more consistent:
AATTbanned_admin_maps = (\\$banned_admin);
The previous default value of AATTbanned_admin_maps tried to maintain
compatibility with versions before the setting was separated from
its companion AATTvirus_admin_maps. Now this compatibility is no longer
considered necessary and contributes to some confusion, so it was dropped.
See 2.4.0 and 2.2.1 release notes for previous changes to this setting.

* quarantining to an mbox format file used to include a local time in an
mbox separator line, which differs from RFC 4155 and common practices
of using an UTC timestamp; a time zone of a timestamp in separator lines
is now changed to UTC;
- BUG FIXES 2.8.0

* fixed initial evaluation of dynamic (i.e. per policy bank) values of
$enable_dkim_verification, $enable_dkim_signing and $bypass_decode_parts
across all declared policy banks; these policy bank entries may be scalars
of references to such;

* finely adjust a message size for de-stuffed dots according to a size
definition in RFC 1870; avoids occasional message size mismatch when
using an antispam interface module SpamdClient (implementing client-side
of a spamc/spamd protocol);

* updated LDAP.ldif to match LDAP.schema; provided by Quanah Gibson-Mount;

* updated AMAVIS-MIB.txt and amavisd-snmp-subagent: changed type of
SNMP variables
* in the group amavisStats 7 from Counter32
to Counter64 for consistency with other
* variables in groups
amavisStats 3 and amavisStats 9;

* For monitoring and statistics gathering purposes a new set of utilities
and service processes is available based on a message passing paradigm,
using a 0MQ (a.k.a. ZMQ, ZeroMQ, or Crossroads I/O) library. This
replaces a functionally similar set of utilities based on a shared
BerkeleyDB database, with a benefit of avoiding lock contention
altogether. This can bring sigificant speedups, most pronounced on
a host with many busy amavisd child processes.

* Applied numerous fine-grained optimizations based on a NYTProf profiler
results. Optimizations include a reduction in a number of generated
Perl opcodes and similar micro-optimizations. This accounts for a large
amount of small changes in the code.

* Our current statistics (Q4 2011) shows that 80 % of messages are below
30.000 bytes, and 90 % of mail messages are below 100.000 bytes in
size. As an optimization, messages below 100 KiB in size are now kept
and processed in memory, including passing them more optimally to
SpamAssassin 3.4.0. Some file activity is still there, but is much
reduced. If $TEMPBASE also resides on an SSD disk (or a RAM disk),
observed speedup between 2.7.2 and 2.8.0 was 3 to 8 percent on a
busy host (with monitoring disabled, so as not to skew a measurement).

* Use a module IO::Socket::IP if available, instead of dealing directly
with low-level modules IO::Socket::INET and IO::Socket::INET6;

* choose more appropriate defaults if running on an IPv6-only host
(like connecting to ::1 instead of which may not exist);

* amavisd-release now also supports connecting to amavisd over IPv6;

* as a debugging aid it is now possible that a late event triggers full
logging of earlier events that occurred during processing of a current
mail message;

* $enable_ldap setting is now dynamic, i.e. can be changed by a policy
bank, which makes it possible to selectively disable LDAP lookups
per policy bank;

* optionally avoid persistent connections to SQL and LDAP servers;

* it is now possible to disable calling an external file(1) utility
but still have MIME parts decoding enabled;

* added support in Amavis::SpamControl::ExtProg for an external spam scanner

* added locking options to AATTspam_scanners entries, to be used with external
scanners which need but do not implement locking of their resources
by themselves;

* added a global configuration setting $sa_userprefs_file, which is passed
on to SpamAssassin as a \'userprefs_filename\' parameter at initialization;

* added a subroutine iso8601_weekday(), potentially useful with partitioning;

* added several new macros available to logging and notification templates;

Thu Dec 27 13:00:00 2012
- update to version 2.7.2

* a generated Received header field was missing the \'IPv6:\' prefix
in the TCP-info component of a \'by\' subfield (as required by RFC 5321,
section 4.1.3) when amavisd received a message over an IPv6 protocol;
(btw, the TCP-info component of a \'from\' subfield was correct);

* changed data type of an SNMP variable LogRetries from C32 to C64
for consistency with the MIB;

* updated AV entry \'AVG Anti-Virus\' to consider status 403 continuation
lines when searching for a virus name; suggested by Ralf Hildebrandt;

* reduce a log level to 5 on a log message:
Amavis::IO::RW: Error flushing on close: ...
to avoid an innocent but sinister-looking warning when a pipe
to a virus scanner is broken and needs to be re-established;
reported by Stefan Jakobs

* updated an AV entry for \'F-Secure Linux Security\' to version 9.14;
options updated by Mika Ilmaranta, a patch by Tuomo Soini;

* fix a Unix socket compatibility issue with Net::Server versions 2.000,
2.001 and 2.002, where a method NS_unix_path no longer exists.
This method was re-introduced for compatibility reasons in 2.003.
Reported by Paul MacKenzie;

Mon Aug 27 14:00:00 2012
- unarj was dropped from Factory, remove dependency to it

Mon Jun 25 14:00:00 2012
- fix the systemd service file

Thu Apr 26 14:00:00 2012
- fix build for < 1210

Wed Jan 4 13:00:00 2012
- bnc#706257 - amavis failed to start during boot, however it is active

Fri Nov 4 13:00:00 2011
- Add systemd scripts

Wed Nov 2 13:00:00 2011
- Fix amavisd-milter binary name

Wed Oct 26 14:00:00 2011
- obsolete amavisd-milter package

Thu Oct 13 14:00:00 2011
- Integrate amavisd-milter

Tue Oct 11 14:00:00 2011
- bnc#718025 - amavisd-new 2.7.0 fails to start

Sat Sep 17 14:00:00 2011
- Remove redundant tags/sections from specfile

Tue Sep 13 14:00:00 2011
- update to 2.7.0 With a synergy of four solutions, using amavisd-new
in a pre-queue filtering setup became a sensible / better behaved solution:
- old helper programs amavis.c and amavis-milter.c are no longer distributed
with the package, along with the whole helper-progs subdirectory.
As a milter client please use the more modern \'amavisd-milter\' package by
Petr Rehor, available at
- the \"smtpd_proxy_options=speed_adjust\" Postfix option, available since
Postfix 2.7.0 (20091101), improves decoupling between SMTP clients
and a content filter in a proxy setup, reducing the number of content
filtering processes needed for the same mail load. With this option
turned on, a Postfix SMTP server receives the entire message before
connecting to a before-queue content filter;
- a master_deadline option and its API equivalent, available in SpamAssassin
since version 3.3.0, allows for time limiting on lengthy rules checking,
while still providing results when a time limit is exceeded; this makes
it more suitable for time-sensitive setups like a pre-queue filtering setup;
- reworked sub-task time limiting in amavisd, along with its counterpart
solution in SpamAssassin, makes it better suited to a real-time nature
of pre-queue filtering setups, where one has no control over how long
SMTP clients are willing to wait at the data-end stage;
- a re-purposed command line option \'reload\' now does a warm restart,
keeping sockets available to an MTA client at all times, thus reducing
a chance that an MTA would even notice a content filter\'s warm restart.

Tue Aug 30 14:00:00 2011
- bnc#710289 - amavisd-new: fails rpmlint check non-ghost-in-var-run

Tue Jul 12 14:00:00 2011
- Enable clamav as integrated scanner
- Enable Avira Antivir personal

Tue May 24 14:00:00 2011
- update to 2.6.6
- amavisd-release was not sending a \'mail_file\' attribute when a quarantined
message was a non-compressed file in a single-level directory quarantine
- quarantining to SQL was sporadically failing, reporting some unrelated
random error (like \'not available\' or \'OpenSSL error: header too long\');
- avoid a warning \"_WARN: Use of uninitialized value in string eq at ...
line 275.\" when an SQL-based white/black-listing is used;
- wrap the sql clause SET NAMES \'utf8\' so that only a warning at
a log level 2 is issued if an SQL server does not understand the
command (SQLite, old versions of MySQL) instead of aborting;
- when a back-end MTA rejected a message, amavisd would send a non-delivery
status notification, but also propagate the reject status back, which is
wrong, only one or the other response would be appropriate. A fix also
allows choosing either a D_REJECT, D_BOUNCE or D_DISCARD response for
such a case, configurable through %final_destiny_by_ccat at a CC_MTA
entry, defaulting to D_REJECT;

Mon Feb 21 13:00:00 2011
- bnc#663726 - amavisd-new: group of /var/spool/amavis conflicts with av programms

Sun Feb 20 13:00:00 2011
- unrar should not be required (non-free software now)

Thu Jun 24 14:00:00 2010
- bnc#614316 - amavisd-new: amavisd-new/README.SuSE does not match /etc/amavisd.conf

Mon May 10 14:00:00 2010
- bnc#600409 - amavisd not starting after system crash because of stale pid file

Mon Jul 20 14:00:00 2009
- bnc#521366 - Amavisd-new sends bounces when it isn\'t allowed to do so (backscatter!)
- update to 2.6.4
- amavisd failed to start when spam scanning was disabled either
by AATTbypass_spam_checks_maps=(1) or by AATTspam_scanners=(), giving:
Can\'t locate object method \"new\" via package \"Amavis::SpamControl\"
- several decoders failed to propagate \"Exceeded storage quota\" exception,
so the protection of AV scanners against mail bombs was ineffective;
- milter usage (AM.PDP): verbatim header edits inserted a header body of \"1\"
instead of the correct string, for example: \"Authentication-Results: 1\";
- updated AV entry for BitDefender\'s bdscan to recognize tabs around a colon
in its output; contributed by Steve;
- fix parsing of a combined result from DSPAM (option --classify), as
earlier versions of DSPAM did not include a signature with a combined
result line;
- when logging to SQL (pen pals), the msgs.message_id field always received
a value \'1\' instead of a Message-Id, thus making pen pals less effective
(only matching on sender/recipient pairs worked, not on message threads)
and letting some bounces bypass a bounce killer; bug was introduced with
version 2.6.2;
- timer was not reset after a persistent failure to connect to a daemonized
virus scanner, so a subsequent call to a backup scanner only had 10 seconds
available before it was aborted, which was often too short for a command
line backup scanner like clamscan;
- if a virus scanner interface did not find a name of a virus in the output
of a virus scanner (despite noticing infection), the infection was ignored;
- added missing /m flags to regular expressions in AV entries
(a bug is revealed with Perl 5.10.0; previous versions of Perl happened
to work, unintentionally accepting a /m flag if added late during a regexp
- $banned_namepath_re setting only worked globally, but was not usable in
policy banks;
- do_uncompress: signal run_command_copy() errors, instead of returning a
status, thus allowing decompose_part() to detect \'Exceeded storage quota\'
or \'Maximum number of files exceeded\', and flag mail as CC_UNCHECKED;
- if $mailfrom_notify_admin was not specified in a configuration file but
defaulted to an e-mail address in $hdrfrom_notify_admin, the following
was reported (due to missing angle brackets) on an attempt to submit
a notification:
(!)SEND via SMTP: -> ...
501 5.1.7 Bad sender address syntax
(!)FAILED to notify admin: 501 5.1.7 Failed, id=40690-23,
from MTA([::1]:10027): 501 5.1.7 Bad sender address syntax
Notification was not sent, the rest of the processing was unaffected;
- fetch_modules: only suppress the \"Can\'t locate ... in AATTINC\" diagnostics
if exactly the requested module is missing, but do show the error if some
subordinate module is missing and preventing the requested module to be
- do_unrar: recognize an information line with a \'<->\';
- fixed a syntax error in LDAP.ldif;
- fixed a bug in SpamdClient;
- provide a true SNMP agent and a MIB, facilitating monitoring the health
of a content filtering system, its performance and mail characteristics;
- a new AV interface to SMTP-based antivirus scanners;
- allow customizing SMTP-status response reason text for blocked messages;
- prevent inserting fake copies of certain important mail header fields
without breaking a DKIM signature;
- added a configuration variable AATTclient_ipaddr_policy, which maps smtp
client\'s IP address lookup lists to a policy bank name. This allows for
loading a policy bank based on a client IP address, and generalizes a
formerly hard-wired mapping of AATTmynetworks_maps into \'MYNETS\'.
- large messages beyond $sa_mail_body_size_limit are now partially passed
to SpamAssassin and other spam scanners for checking: a copy passed to
a spam scanner is truncated near or slightly past the indicated limit.
Large messages are no longer given an almost free passage through spam
- supports passing an extra argument suppl_attrib to $spamassassin->parse,
as recognized by SpamAssassin 3.3.0, passing a set of DKIM signature
objects to a SpamAssassin\'s plugin DKIM, which saves having to do the
same signature verification operation again within a plugin, and provides
uncrippled signatures to SpamAssassin even when a large message is
truncated by amavisd and only partially submitted to spam analysis;
- add global variables $sa_configpath and $sa_siteconfigpath (undef by
default), which are passed to SpamAssassin as options \'rules_filename\'
and \'site_rules_filename\' during its initialization call; this makes
it easier to run multiple instances of amavisd, each with a different
SpamAssassin configuration, using the same amavisd configurations file
by taking advantage of option -i; suggested by Noah Baker;
- report process resource usage at log level 2 by calling getrusage(1)
if a perl module Unix::Getrusage is available;