Changelog for amavisd-new-docs-2.10.1-163.3.noarch.rpm :
Tue Dec 16 13:00:00 2014
- Update to version 2.10.1
+ fixed a missing import of mail_addr_idn_to_ascii() and idn_to_utf8()
when SQL is in use
+ void warnings issued by perl 5.21.5:
- Changes from version 2.10
- New requirement: perl module Net::LibIDN needs to be installed.
- Uses a perl module File::LibMagic if installed, instead of spawning
a file(1) utility.
- Support for international email relies heavily on perl to do the
right thing in its support of Unicode, so using a reasonably recent
version of perl is recommended. Amavisd was tested with perl 5.18
and 5.20.1. Versions of perl older than 5.12 may cause problems
with handling, encoding, and decoding of Unicode characters.
It is reasonable to expect that versions 5.14 and 5.16 are fine too,
but have not been tested extensively.
- Default log templates and notification templates have changed
in details (like in decoding of international e-mail addresses), so
if locally customized templates are in use these will benefit from
updating - otherwise expect some mojibake in log and notifications.
- International domain names (IDN) encoded in ASCII-compatible encoding
found in e-mail addresses and in Message-ID header field will be decoded
to Unicode for presentation purposes (syslog, JSON structured log,
notifications). This decoding does not affect a mail message itself.
- Logging via syslog expects that syslogd (or equivalent) will not
clobber UTF-8 octets. It may be necessary to tell syslogd to accept
C1 control characters unchanged, e.g. by adding a command line option
\"-8\" to syslogd. Failing to do so may leave logged entries (like
sender and recipient address, From, Subject) in international mail
garbled or poorly readable in syslog.
On FreeBSD one should add: syslogd_flags=\"-8\" to /etc/rc.conf.
- Third party log parsers may need updating to accept logs with Unicode
characters in UTF-8 encoding.
- A SMTP response to an EHLO command will now announce SMTPUTF8 capability
by default.
- releasing a message from an SQL quarantine was broken in version 2.9.1
due to introduction of parent_mail_id(); patches provided by Stef Simoens
and Gionatan Danti;
- if checking of a message was aborted prematurely (like due to a timeout
or some fatal error), JSON log could receive a copy of a previous
log entry;
- prevent non-ASCII non-UTF-8 octets from reaching a JSON log/report
(which produced an invalid JSON object and Elasticsearch complaining);
- allow SMTP commands MAIL FROM and RCPT TO to accept options without
values, as allowed by the RFC 5321 syntax;
- in delivery status notification (DSN) the field Received-From-MTA
specified \'smtp\' as mta-name-type, instead of a \'dns\' as prescribed
in RFC 3464;
- releasing from a quarantine left envelope sender address as \'<>\'
instead of using the address found in a Return-Path header field
of a quarantined message, while also logging a warning:
Quarantine release $QID: missing X-Envelope-From or Return-Path
reported by Pascal Volk;
- avoid failure in os_fingerprint or in smtp forwarding in certain cases
where the $os_fingerprint_method or $forward_method or $notify_method
uses an asterisk in place of a host IP address or port number.
The reported error in os_fingerprint (reported by -ben) was:
os_fingerprint FAILED: Insecure dependency in socket
while running with -T switch
at /usr/lib/perl/5.18/IO/ line 80
and in SMTP forwarding or notification (reported by Dennis Boone):
(!)connect to
*:10025 attempt #1:
Insecure dependency in socket while running with -T switch
at /usr/lib/perl/5.18/IO/ line 80.
- files LDAP.ldif and LDAP.schema: added a missing attribute
amavisDisclaimerOptions to objectClass; reported by Quanah Gibson-Mount;
- added support for Internationalized Email:

* RFC 6530 - Overview and Framework for Internationalized Email

* RFC 6531 - SMTP Extension for Internationalized Email (SMTPUTF8)

* RFC 6532 - Internationalized Email Headers

* RFC 6533 - Internationalized Delivery Status Notifications
This supports UTF-8 (EAI) in SMTP/LMTP sender addresses, recipient
addresses, and message header section. Feature parity with Postfix
version 2.12 (support introduced in development snapshot 20140715).
The SMTPUTF8 extension is supported by Gmail since 2014-08-05:
- added support for Internationalized Domain Names (IDN) according
to IDNA (RFC 5890, RFC 5891; RFC 3490);

* A-labels in ASCII-compatible encoding of domain names are converted
to U-labels for presentation/logging purposed;

* U-labels are converted to A-labels when feeding a mail message
to an MTA which does not announce support for SMTPUTF8 extension
(instead of rejecting them as invalid mail address);

* For lookup purposes an international domain name is converted to
ASCII-compatible encoding when used as a query key in DNS lookups
and in lookups into hash, list, SQL and LDAP lookup tables (but not
in regexp table lookups). These tables are expected to contain domain
names in their ASCII representation (ACE). For convenience of config
files subroutines idn_to_ascii() and mail_idn_to_ascii() are available,
which encode a Unicode domain name to ACE (like ToASCII in RFC 3490);

* Many configuration settings may have their domain names in UTF-8.
These will be converted to ACE automatically where necessary
(e.g. when creating a Received and Authentication-Results header
fields, DKIM signatures, mail addresses in notifications, ...).
These settings include:
$myhostname, $localhost_name, $myauthservid, $mydomain,
notification sender and recipient mail addresses
*, $hdrfrom_notify_
domain names and selectors in DKIM signing keys (in calls
to dkim_key() );
- delivery notifications and admin notifications now show the following
information encoded as UTF-8 (which is a default $bdy_encoding) in the
plain text part of the message: IDN domain names in sender and recipient
mail addresses and Message-ID are first decoded to Unicode, Subject and
author display names are MIME-decoded;
- \'amavisd showkeys\' and \'amavisd testkeys\' can now deal with IDN
(international domain names): domain names in DNS zone comments
end up as UTF-8, DNS labels are in ASCII (A-labels); domain names in
calls to dkim_key() may be specified either as UTF-8 or in ASCII (ACE);
- new macro \'mail_addr_decode\' takes an e-mail address as a string of
octets, where a local part may be encoded as UTF-8, and the domain part
may be an international domain name (IDN) consisting either of U-labels
or A-labels or NR-LDH labels. Decodes A-labels to U-labels in domain
name. Returns a string of logical characters (Unicode), suitable for
notification templates. If the mail address is not a valid UTF-8 string,
it is interpreted as ISO-8859-1 (Latin-1).
- new macro \'mail_addr_decode_octets\' is like \'mail_addr_decode\', except
that the result is a string of octets, only valid as UTF-8 if the
provided address was a valid UTF-8 (garbage-in/garbage-out);
- new macro \'header_field_octets\' is like \'header_field\', except that
a result is a string of octets in UTF-8 encoding, suitable for a log
- new macro \'ip_proto_trace_all\' expands into a list of information
items from a Received header trace; each item consists of a protocol
name (the WITH clause) and an IP address, optionally followed by a
source port number if known;
ESMTP://[2001:db8::143:1]:39141 < ESMTP://2001:db8::25 <
esmtps:// < ESMTPSA://
UTF8SMTP://[]:51208 < UTF8SMTPSA://
- new macro \'ip_proto_trace_public\' is like ip_proto_trace_all, except
that entries with non-public IP address are excluded from the list;
\'Received\' trace information in $log_verbose_templ and in notifications
now include results from this macro call;
- new macro \'protocol\' evaluates to a protocol name by which a message
was received by amavisd, according to RFC 3848 (\"Transmission Types
Registration\") and \"Mail Transmission Types\" / \"WITH protocol types\"
IANA registration
- new macro \'client_protocol\' expands into a protocol name by which
a message was received from a client by MTA; the information is passed
from MTA to amavisd through XFORWARD PROTO SMTP protocol extension or
through AM.PDP (milter); typical values are \'ESMTP\' or \'SMTP\';
- use a perl module File::LibMagic when available, instead of spawning
a file(1) utility for classifying contents of mail parts.
By using a direct interface to a libmagic library the startup cost
of spawning an external process is avoided. Benchmarking shows that
using libmagic is significantly faster especially for checking a small
number of files - takes 4 ms for checking one file with libmagic
vs. 27 ms with a spawned file(1); based on a patch by Markus Benning;
- RFC 6533: recognize a MIME type \'message/global\' as similar
to \'message/rfc822\', and \'message/global-headers\' as similar
to \'text/rfc822-headers\' where appropriate (e.g. in bounce killer);
- header validity check now distinguishes \'non-ASCII and invalid UTF-8\'
from \'non-ASCII but valid UTF-8\' characters in a mail header section.
By default valid UTF-8 strings in a mail header section are not treated
as error even if mail is not flagged as international mail (SMTPUTF8),
as these are quite common in practice. To treat non- MIME-encoded UTF-8
in a header section as error the test can be enabled by:
$allowed_header_tests{\'utf8\'} = 1;
- ORCPT attribute in SMTP \'RCPT TO\' command now accepts the original
recipient mail address in any of these encodings: utf-8-address,
utf-8-addr-unitext, utf-8-addr-xtext, or as a legacy xtext,
as required by RFC 6533;
- updated do_cabextract (extraction of Microsoft cabinet .cab archives)
to recognize a slightly changed output of cabextract version 1.2;
patch by Thomas Jarosch;
- adjusted some timeouts to leave more reserve for later stages of
mail processing and forwarding;
- prefer sanitizing/protecting control characters as hex code (like \\x7F)
instead of octal (like \\177) (e.g. in logging and DSN);
- Use dowload Url as source
- Add a requirement on perl-Net-LibIDN; new upstream dependency

Sun Nov 9 13:00:00 2014 Led
- fix bashism in post script
- remove \'-e\' option of \'echo\' command that may be unsupported in some
POSIX-complete shells

Sat Oct 4 14:00:00 2014
- Merge from upstream

Sat Aug 16 14:00:00 2014
- add /bin/logger as prereq (util-linux split)

Sun Jul 27 14:00:00 2014
- update to version 2.9.1
There are no known incompatibilities between versions 2.9.0 and 2.9.1.
Additional bugfixes and also:
- updated decoding of RAR archives to recognize a changed format in output
of \'unrar\' utility version 5; based on a patch by amavis17(at)
- avoid tempfailing a message if a redis server is down, just log the
error and carry on;
- some minor logging changes to facilitate troubleshooting;
- changes in 2.9
This version drops dependency on a Perl module Redis, and makes
dependencies on modules Convert::TNEF and Convert::UUlib truly optional.
The following change may affect third-party log parsers:
To facilitate forensic log analysis and troubleshooting, log entries
\'FWD from\' and \'SEND from\' at level 1 now carry one additional
prefixed information field which is the unique internal mail_id of
the message, possibly followed by a parent_mail_id in parenthesis,
No other incompatibilities with a previous version 2.8.1 are expected.
- structured log/reporting to a Redis server in JSON format;
- IP address reputation (uses a Redis server);
- added two minor content categories to the major ccat CC_UNCHECKED
(encrypted (=1) and over-limits/mail-bomb (=2) );
- introduced a by-recipient setting %final_destiny_maps_by_ccat.
- update amavisd-milter to 1.6.0

* New features:
Added new amavisd-milter option -B which passes value of
{daemon_name} milter macro as amavisd-new policy bank name.

* Bug and compatibility fixes:
Added amavisd-milter.spec for compilation with rpmbuild.
Fixed typo which prevents using LDFLAGS on Debian.
Fixed missing definition of true and false in libmilter/mfapi.h.
- upstream packages as tar.xz -> added xz as BuildRequires to
support building for older dists

Sun Jan 12 13:00:00 2014
- Merge from upstream

Wed Jan 1 13:00:00 2014
- add some recommended decoders (bnc#754852)
- fixed amavisd-milter invocation (bnc#809969)
- correctly set clamd socket to (/var/run/clamav/clamd-socket)
- some spec file cleanup including using optflags for native code

Sat Nov 16 13:00:00 2013
- Merge from upstream
- Minor cleanups in debian package

Tue Nov 12 13:00:00 2013
- Add real systemd support; add required macros in %post/postun sections
and drop sysvinit support on openSUSE >= 12.3

Tue Oct 22 14:00:00 2013
- bnc#844575 - amavis received a change where /var/run was replaced
with /run still /var/run is present

Mon Oct 7 14:00:00 2013
- Merge from upstream
- Adapted qmail patch
- Cleanups in debian package

Sun Oct 6 14:00:00 2013
- Merge from upstream

Thu Oct 3 14:00:00 2013
- fix clamd socket location (bnc#809580)

Wed Sep 25 14:00:00 2013
- bnc#831556 - naming mismatch for amavis and systemd

Sat Sep 14 14:00:00 2013
- update to version 2.8.1
when 0MQ (a.k.a. ZeroMQ) is used between Amavis components as an
internal messaging protocol, make sure to replace all 0MQ-enabled
Amavis components on upgrading amavisd, as the internal protocol
has changed slightly, taking advantage of 0MQ multi-part messages
for better performance. Affected programs are: amavis-services,
amavisd-status, amavisd-snmp-subagent-zmq, and amavisd.
NOTE: The Crossroads I/O project (libxs) ceased development on
July 2012, to be replaced by nanomsg eventually by the same author.
The 0MQ library (libzmq) is currently (2013) the best choice,
the preferred library version is 3.2.2 or later along with
the ZMQ::LibZMQ3 Perl interface module and ZMQ::Constants.
The older version 2 of the library, along with an older perl
module ZeroMQ, should be fine too, but lacks support for IPv6.
amavisd is compatible with perl 5.18.0 and with SpamAssassin 3.4.0

* new Redis storage for the \"pen pals\" feature;

* improved IPv6 support;

* support for p0f v3;

* new macros ip_trace_all and ip_trace_public;

* amavisd-status now shows a bar graph display
of the number of active processes;

* the timing report log entry can show CPU usage
at log level 2 if a module Unix::Getrusage is available;

Fri May 31 14:00:00 2013
- Merge from upstream

Wed May 29 14:00:00 2013
- Fix multiple bugs in systemd unit, should
not be used and Wants must be used instead of requires in most

Mon May 6 14:00:00 2013
- Merge from upstream

Thu May 2 14:00:00 2013
- use %defattr correctly to make /var/spool/amavis not worldreadable.

Tue Feb 26 13:00:00 2013
- Fixed systemd unit dir for fedora

Tue Feb 26 13:00:00 2013
- Merge from upstream
- Added more packers to recommends list

Mon Feb 25 13:00:00 2013
- Install amavisd.service accordingly (/usr/lib/systemd for 12.3
and up or /lib/systemd for older versions).

Wed Feb 13 13:00:00 2013
- Merge from upstream

Wed Feb 6 13:00:00 2013
- update to version 2.8.0

* removed an old compatibility measure: default value of AATTbanned_admin_maps
was changed from:
AATTbanned_admin_maps = (\\$banned_admin, \\%virus_admin, \\$virus_admin);
to a more consistent:
AATTbanned_admin_maps = (\\$banned_admin);
The previous default value of AATTbanned_admin_maps tried to maintain
compatibility with versions before the setting was separated from
its companion AATTvirus_admin_maps. Now this compatibility is no longer
considered necessary and contributes to some confusion, so it was dropped.
See 2.4.0 and 2.2.1 release notes for previous changes to this setting.

* quarantining to an mbox format file used to include a local time in an
mbox separator line, which differs from RFC 4155 and common practices
of using an UTC timestamp; a time zone of a timestamp in separator lines
is now changed to UTC;
- BUG FIXES 2.8.0

* fixed initial evaluation of dynamic (i.e. per policy bank) values of
$enable_dkim_verification, $enable_dkim_signing and $bypass_decode_parts
across all declared policy banks; these policy bank entries may be scalars
of references to such;

* finely adjust a message size for de-stuffed dots according to a size
definition in RFC 1870; avoids occasional message size mismatch when
using an antispam interface module SpamdClient (implementing client-side
of a spamc/spamd protocol);

* updated LDAP.ldif to match LDAP.schema; provided by Quanah Gibson-Mount;

* updated AMAVIS-MIB.txt and amavisd-snmp-subagent: changed type of
SNMP variables
* in the group amavisStats 7 from Counter32
to Counter64 for consistency with other
* variables in groups
amavisStats 3 and amavisStats 9;

* For monitoring and statistics gathering purposes a new set of utilities
and service processes is available based on a message passing paradigm,
using a 0MQ (a.k.a. ZMQ, ZeroMQ, or Crossroads I/O) library. This
replaces a functionally similar set of utilities based on a shared
BerkeleyDB database, with a benefit of avoiding lock contention
altogether. This can bring sigificant speedups, most pronounced on
a host with many busy amavisd child processes.

* Applied numerous fine-grained optimizations based on a NYTProf profiler
results. Optimizations include a reduction in a number of generated
Perl opcodes and similar micro-optimizations. This accounts for a large
amount of small changes in the code.

* Our current statistics (Q4 2011) shows that 80 % of messages are below
30.000 bytes, and 90 % of mail messages are below 100.000 bytes in
size. As an optimization, messages below 100 KiB in size are now kept
and processed in memory, including passing them more optimally to
SpamAssassin 3.4.0. Some file activity is still there, but is much
reduced. If $TEMPBASE also resides on an SSD disk (or a RAM disk),
observed speedup between 2.7.2 and 2.8.0 was 3 to 8 percent on a
busy host (with monitoring disabled, so as not to skew a measurement).

* Use a module IO::Socket::IP if available, instead of dealing directly
with low-level modules IO::Socket::INET and IO::Socket::INET6;

* choose more appropriate defaults if running on an IPv6-only host
(like connecting to ::1 instead of which may not exist);

* amavisd-release now also supports connecting to amavisd over IPv6;

* as a debugging aid it is now possible that a late event triggers full
logging of earlier events that occurred during processing of a current
mail message;

* $enable_ldap setting is now dynamic, i.e. can be changed by a policy
bank, which makes it possible to selectively disable LDAP lookups
per policy bank;

* optionally avoid persistent connections to SQL and LDAP servers;

* it is now possible to disable calling an external file(1) utility
but still have MIME parts decoding enabled;

* added support in Amavis::SpamControl::ExtProg for an external spam scanner

* added locking options to AATTspam_scanners entries, to be used with external
scanners which need but do not implement locking of their resources
by themselves;

* added a global configuration setting $sa_userprefs_file, which is passed
on to SpamAssassin as a \'userprefs_filename\' parameter at initialization;

* added a subroutine iso8601_weekday(), potentially useful with partitioning;

* added several new macros available to logging and notification templates;

Tue Jan 8 13:00:00 2013
- Merge from upstream

Thu Dec 27 13:00:00 2012
- update to version 2.7.2

* a generated Received header field was missing the \'IPv6:\' prefix
in the TCP-info component of a \'by\' subfield (as required by RFC 5321,
section 4.1.3) when amavisd received a message over an IPv6 protocol;
(btw, the TCP-info component of a \'from\' subfield was correct);

* changed data type of an SNMP variable LogRetries from C32 to C64
for consistency with the MIB;

* updated AV entry \'AVG Anti-Virus\' to consider status 403 continuation
lines when searching for a virus name; suggested by Ralf Hildebrandt;

* reduce a log level to 5 on a log message:
Amavis::IO::RW: Error flushing on close: ...
to avoid an innocent but sinister-looking warning when a pipe
to a virus scanner is broken and needs to be re-established;
reported by Stefan Jakobs

* updated an AV entry for \'F-Secure Linux Security\' to version 9.14;
options updated by Mika Ilmaranta, a patch by Tuomo Soini;

* fix a Unix socket compatibility issue with Net::Server versions 2.000,
2.001 and 2.002, where a method NS_unix_path no longer exists.
This method was re-introduced for compatibility reasons in 2.003.
Reported by Paul MacKenzie;

Wed Aug 29 14:00:00 2012
- Merge from upstream

Mon Aug 27 14:00:00 2012
- unarj was dropped from Factory, remove dependency to it

Sun Jul 1 14:00:00 2012
- Merge from upstream

Mon Jun 25 14:00:00 2012
- fix the systemd service file

Thu May 10 14:00:00 2012
- Added machine-readable debian.copyright

Thu May 10 14:00:00 2012
- Completed dependency list for debian
- Removed spamassassin recommendation because it\'s required anyway

Thu May 10 14:00:00 2012
- Changed arch from any to all for debian

Thu May 10 14:00:00 2012
- Added debian stuff

Mon Apr 30 14:00:00 2012
- Upgrade to upstream 2.7.1

Fri Apr 27 14:00:00 2012
- Cleaned up path with \"../\" in patch file

Fri Apr 27 14:00:00 2012
- Merge from upstream

Fri Apr 27 14:00:00 2012
- More mods for fedora

Thu Apr 26 14:00:00 2012
- fix build for < 1210

Thu Apr 26 14:00:00 2012
- Really disable Recommends headers for fedora

Wed Apr 25 14:00:00 2012
- Disable Recommends headers for fedora

Wed Apr 25 14:00:00 2012
- Have pwdutils substitute handled by project config
- Fixed some requirements
- Fixed postun scriptlet

Mon Apr 23 14:00:00 2012
- Added substitute for pwdutils

Wed Jan 18 13:00:00 2012
- Fix: suppress install of rcamavis symlink, too

Wed Jan 18 13:00:00 2012
- Fix: suppress install of sysv init script

Wed Jan 18 13:00:00 2012
- Suppress sysv init script in pre-12.1 (it shouldn\'t use a different name than the systemd service)
- Remove milter+postfix stuff from systemd service
- Add post, preun, postun stuff for systemd

Thu Jan 5 13:00:00 2012
- Merge from upstream package

Wed Jan 4 13:00:00 2012
- bnc#706257 - amavis failed to start during boot, however it is active

Tue Nov 8 13:00:00 2011
- Add Requires: licenses

Tue Nov 8 13:00:00 2011
- Minor correction in README.qmail
- Replace LICENSE with symlink to /usr/share/doc/licenses/md5, if available
- Don\'t mark systemd script as conffile

Tue Nov 8 13:00:00 2011
- Added README.qmail
- Moved various Required stuff to qmail subpackage
- Removed milter from init script
- Replaced in-package patch with own improved version
- Fixed install wrt pre-11.4

Mon Nov 7 13:00:00 2011
- Merge from upstream package

Fri Nov 4 13:00:00 2011
- Add systemd scripts

Thu Nov 3 13:00:00 2011
- Modifications for using amavisd with netqmail

Wed Nov 2 13:00:00 2011
- Fix amavisd-milter binary name

Wed Oct 26 14:00:00 2011
- obsolete amavisd-milter package

Thu Oct 13 14:00:00 2011
- Integrate amavisd-milter

Tue Oct 11 14:00:00 2011
- bnc#718025 - amavisd-new 2.7.0 fails to start

Sat Sep 17 14:00:00 2011
- Remove redundant tags/sections from specfile

Tue Sep 13 14:00:00 2011
- update to 2.7.0 With a synergy of four solutions, using amavisd-new
in a pre-queue filtering setup became a sensible / better behaved solution:
- old helper programs amavis.c and amavis-milter.c are no longer distributed
with the package, along with the whole helper-progs subdirectory.
As a milter client please use the more modern \'amavisd-milter\' package by
Petr Rehor, available at
- the \"smtpd_proxy_options=speed_adjust\" Postfix option, available since
Postfix 2.7.0 (20091101), improves decoupling between SMTP clients
and a content filter in a proxy setup, reducing the number of content
filtering processes needed for the same mail load. With this option
turned on, a Postfix SMTP server receives the entire message before
connecting to a before-queue content filter;
- a master_deadline option and its API equivalent, available in SpamAssassin
since version 3.3.0, allows for time limiting on lengthy rules checking,
while still providing results when a time limit is exceeded; this makes
it more suitable for time-sensitive setups like a pre-queue filtering setup;
- reworked sub-task time limiting in amavisd, along with its counterpart
solution in SpamAssassin, makes it better suited to a real-time nature
of pre-queue filtering setups, where one has no control over how long
SMTP clients are willing to wait at the data-end stage;
- a re-purposed command line option \'reload\' now does a warm restart,
keeping sockets available to an MTA client at all times, thus reducing
a chance that an MTA would even notice a content filter\'s warm restart.

Tue Aug 30 14:00:00 2011
- bnc#710289 - amavisd-new: fails rpmlint check non-ghost-in-var-run

Tue Jul 12 14:00:00 2011
- Enable clamav as integrated scanner
- Enable Avira Antivir personal

Tue May 24 14:00:00 2011
- update to 2.6.6
- amavisd-release was not sending a \'mail_file\' attribute when a quarantined
message was a non-compressed file in a single-level directory quarantine
- quarantining to SQL was sporadically failing, reporting some unrelated
random error (like \'not available\' or \'OpenSSL error: header too long\');
- avoid a warning \"_WARN: Use of uninitialized value in string eq at ...
line 275.\" when an SQL-based white/black-listing is used;
- wrap the sql clause SET NAMES \'utf8\' so that only a warning at
a log level 2 is issued if an SQL server does not understand the
command (SQLite, old versions of MySQL) instead of aborting;
- when a back-end MTA rejected a message, amavisd would send a non-delivery
status notification, but also propagate the reject status back, which is
wrong, only one or the other response would be appropriate. A fix also
allows choosing either a D_REJECT, D_BOUNCE or D_DISCARD response for
such a case, configurable through %final_destiny_by_ccat at a CC_MTA
entry, defaulting to D_REJECT;

Mon Feb 21 13:00:00 2011
- bnc#663726 - amavisd-new: group of /var/spool/amavis conflicts with av programms

Sun Feb 20 13:00:00 2011
- unrar should not be required (non-free software now)

Thu Jun 24 14:00:00 2010
- bnc#614316 - amavisd-new: amavisd-new/README.SuSE does not match /etc/amavisd.conf

Mon May 10 14:00:00 2010
- bnc#600409 - amavisd not starting after system crash because of stale pid file

Mon Jul 20 14:00:00 2009
- bnc#521366 - Amavisd-new sends bounces when it isn\'t allowed to do so (backscatter!)
- update to 2.6.4
- amavisd failed to start when spam scanning was disabled either
by AATTbypass_spam_checks_maps=(1) or by AATTspam_scanners=(), giving:
Can\'t locate object method \"new\" via package \"Amavis::SpamControl\"
- several decoders failed to propagate \"Exceeded storage quota\" exception,
so the protection of AV scanners against mail bombs was ineffective;
- milter usage (AM.PDP): verbatim header edits inserted a header body of \"1\"
instead of the correct string, for example: \"Authentication-Results: 1\";
- updated AV entry for BitDefender\'s bdscan to recognize tabs around a colon
in its output; contributed by Steve;
- fix parsing of a combined result from DSPAM (option --classify), as
earlier versions of DSPAM did not include a signature with a combined
result line;
- when logging to SQL (pen pals), the msgs.message_id field always received
a value \'1\' instead of a Message-Id, thus making pen pals less effective
(only matching on sender/recipient pairs worked, not on message threads)
and letting some bounces bypass a bounce killer; bug was introduced with
version 2.6.2;
- timer was not reset after a persistent failure to connect to a daemonized
virus scanner, so a subsequent call to a backup scanner only had 10 seconds
available before it was aborted, which was often too short for a command
line backup scanner like clamscan;
- if a virus scanner interface did not find a name of a virus in the output
of a virus scanner (despite noticing infection), the infection was ignored;
- added missing /m flags to regular expressions in AV entries
(a bug is revealed with Perl 5.10.0; previous versions of Perl happened
to work, unintentionally accepting a /m flag if added late during a regexp
- $banned_namepath_re setting only worked globally, but was not usable in
policy banks;
- do_uncompress: signal run_command_copy() errors, instead of returning a
status, thus allowing decompose_part() to detect \'Exceeded storage quota\'
or \'Maximum number of files exceeded\', and flag mail as CC_UNCHECKED;
- if $mailfrom_notify_admin was not specified in a configuration file but
defaulted to an e-mail address in $hdrfrom_notify_admin, the following
was reported (due to missing angle brackets) on an attempt to submit
a notification:
(!)SEND via SMTP: -> ...
501 5.1.7 Bad sender address syntax
(!)FAILED to notify admin: 501 5.1.7 Failed, id=40690-23,
from MTA([::1]:10027): 501 5.1.7 Bad sender address syntax
Notification was not sent, the rest of the processing was unaffected;
- fetch_modules: only suppress the \"Can\'t locate ... in AATTINC\" diagnostics
if exactly the requested module is missing, but do show the error if some
subordinate module is missing and preventing the requested module to be
- do_unrar: recognize an information line with a \'<->\';
- fixed a syntax error in LDAP.ldif;
- fixed a bug in SpamdClient;
- provide a true SNMP agent and a MIB, facilitating monitoring the health
of a content filtering system, its performance and mail characteristics;
- a new AV interface to SMTP-based antivirus scanners;
- allow customizing SMTP-status response reason text for blocked messages;
- prevent inserting fake copies of certain important mail header fields
without breaking a DKIM signature;
- added a configuration variable AATTclient_ipaddr_policy, which maps smtp
client\'s IP address lookup lists to a policy bank name. This allows for
loading a policy bank based on a client IP address, and generalizes a
formerly hard-wired mapping of AATTmynetworks_maps into \'MYNETS\'.
- large messages beyond $sa_mail_body_size_limit are now partially passed
to SpamAssassin and other spam scanners for checking: a copy passed to
a spam scanner is truncated near or slightly past the indicated limit.
Large messages are no longer given an almost free passage through spam
- supports passing an extra argument suppl_attrib to $spamassassin->parse,
as recognized by SpamAssassin 3.3.0, passing a set of DKIM signature
objects to a SpamAssassin\'s plugin DKIM, which saves having to do the
same signature verification operation again within a plugin, and provides
uncrippled signatures to SpamAssassin even when a large message is
truncated by amavisd and only partially submitted to spam analysis;
- add global variables $sa_configpath and $sa_siteconfigpath (undef by
default), which are passed to SpamAssassin as options \'rules_filename\'
and \'site_rules_filename\' during its initialization call; this makes
it easier to run multiple instances of amavisd, each with a different
SpamAssassin configuration, using the same amavisd configurations file
by taking advantage of option -i; suggested by Noah Baker;
- report process resource usage at log level 2 by calling getrusage(1)
if a perl module Unix::Getrusage is available;