forked from haraka/Haraka
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Changes
268 lines (248 loc) · 12.4 KB
/
Changes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
2.7.0 - Jun NN, 2015
* New Features
* SPF bounce check
* rspamd plugin (@fatalbanana)
* watch plugin
* limit plugin (connection concurrency, errors, unrecognized commands)
* plugins can now be npm packages (see also #946)
* built-in HTTP server (Express backed)
* ESETS AV plugin
* DCC plugin (incomplete)
* Add LOGIN support to XCLIENT
* backscatterer plugin
* Improvements
*
* toobusy: only run checks if toobusy.js installed and loads
* HAProxy: set local_ip, local_port and remote_port
* save auth pass/fail/user to result_store
* ini files no longer require values (useful for storing lists)
* connection: add MAIL and RCPT to results
* results_store: enable 'emit' feature for .push()
* add support for custom Outbound Received header value (@zombified)
* save smtp_forward result to result_store
* auth_base: permit a return message (@DarkSorrow)
* add DSN.create() and RFC 4954 support
* enhanced pipelining support
* added config/access.domains with some tips (@EyePulp)
* Add SSL detection over plain-text socket
* earlytalker: store results
* bounce: make it safe to check non_local_msgid
* AVG: store results, added defer options
* tls: change createCredentials to tls.createSecureContext (@DarkSorrow)
* update dependency versions (esp async 0.2.9 -> 1.0.0)
* ASN docs: add FTP download note for routeviews
* karma: removed concurrency limits (see limit plugin) and penalty feature
* added utils.elapsed()
* deny message includes hostname
* Add Fisher-Yates shuffle to randomize lookup order in data.uribl
* change default message size limit to 25mb
* auth_base: save auth results
* upgrade toobusy plugin to toobusy-js (@alexkavon)
* configfile: permit / char in ini keys
* added utils.node_min()
* added result_store.get_all()
* updated ubuntu upstart script
* Bug Fixes
* corrected hook_rcpt log code hook_rcpt_ok returns CONT
* fix crash bug when loglevel = LOGDEBUG
* corrected pathname in rcpt.ldap plugin (@abhas)
* added helo.checks boolean for proto_mismatch
* make rate_limit redis keys always expire @celesteking
* dkim_sign: Buffer.concat expects an array of buffers
* transaction: check discard_data before adding line end (@DarkSorrow)
* fix 8-bit msg not displayed properly in gmail
* fcrdns: always init results
* TLS timer on error
* dkim_verify: fixed timeout issue
* smtp_[proxy|forward]: correct authentication example
* Fork child workers after init_master hook
* connection: return 450/550 for plugin DENY* (was 452/552)
* spamassassin: don't call next() when transaction gone
* outbound: fix crash when sending bounce mail
2.6.1 - Mar 27, 2015
* added sedation timers for config file re-reading
* Add AUTH support to outbound
* tests/spf: quiet excessive DEBUG noise
* allow domains with underscore
* correct name of domains config file in access
* Fix SMTP AUTH in smtp_forward/proxy and add docs
* Fix opts not being passed to HMailItem _bounce function
* log.syslog will try strong-fork-syslog (for node 0.12 compat)
* improvements to Plugin docs
* rename net_utils.is_rfc1918 -> is_private_ip
* IPv6 compat
* test coverage
* add IPv6 unique local fc00::/7
* pre-populated config/plugins
* added utils.extend, copies props onto objects
2.6.0 - Feb 21, 2015
* other bug fixes
* updated a few tests so test suite passes on Windows
* log.syslog: handle failure to load node-syslog
* plugin directory is $ENV definable (@martin1yness)
* logging timestamps were static, fixed by @cloudbuy
* queue/rabbitmq_amqplib, new plugin for RabbitMQ using amqplib (@esevece)
* outbound:
* plugins can set the outbound IP (during get_mx)
* only replace line endings if not \r\n
* bannering fixes
* added support for per recipient routes
* tls: don't register hooks upless certs exist
* removed contrib/geolite-mirror-simple.pl (replaced by
docs update pointing to maxmind-geolite-mirror)
* rcpt.routes: new plugin by @msimerson
* make haproxy IPv6 compatible
* record_envelope_addresses: new plugin by @deburau
* prevent_credential_leaks: new plugin by @smfreegard
* config:
* configfile: added .yaml support
* improved config file 'watch' logic
* Allow hyphens in params in config files (@abhas)
* cached requests include options in cache key name
* asn: updates for node 0.11 compat
* dnsbl: use aysync.each vs forEach (avoid race condition)
* spamassassin: improved config loading and test coverage
* geoip: deprecate geoip-lite in favor of maxmind, IPv6 compatible
* disable SSLv3 (due to POODLE)
* dkim & spf, updates for node 0.11 compatibiilty
* karma: move neighbor scoring from code to karma.ini
* move excludes list to karma.ini
* apply awards before adding message header & permit rejection at queue
* karma.ini: score updates for access & uribl plugins
* score denials issued by skipped plugins
* add scores for specific DNSBLs
* add transaction body filters (@chazomaticus)
* change bannering to use them
* helo.checks: fix timeout bug
* match_re now validates and pre-compiles all REs
* Add new proto_mismatch check
* p0f: add register(), load config once, early
* server: improved config handling
* data.headers: add Delivered-To check
* rcpt_to.ldap: new plugin by @abhas
* smtp_client: only load tls_* when cfg.enable_tls
* added plugins/host_list_base
* Platform independent temp dir (thanks @martinvd)
* move deprecated docs into docs/deprecated
* Switch to Phusion baseimage instead of stock Ubuntu (thanks @Synchro)
* dkim_verify: new plugin by @smfreegard
* many new tests
* improved URI parser (for URIBL plugin)
* Allow mixed case STARTTLS command
* Install Node via package manager (Mohd Rozi)
* Fix a couple crit errors (@Illirgway)
* Add noisy/bulk out-of-band rule support to MessaageSniffer plugin
* initial support for rabbitmq plugin (@samuelharden)
* bounce, added non_local_msgid checks and much faster lookups
* vpopmail: fail faster during a CRAM-MD5 auth attempt with an invalid user
* fcrdns: handle a null hostname
* Improve HAProxy support code and documentation
* tls: reworked for efficiency and linear style
* access: test hostname validity before PSL lookup
* load lists into objects (vs arrays), for much faster runtime access
* host_list: huge performance increase, esp for many hosts
2.5.0 - May 24, 2014
* added automated build testing via Travis-CI.org
* fixed dkim_sign crash issue #560
* geoip can discover external IP via net_utils.get_public_ip
* geoip: skip private IPs
* qmd: when relaying, validate MAIL FROM against QMD, add per-domain
configurations, added reject option, added tests and bug fixes.
* net_utils: added is_ipv4_literal, is_public_suffix, get_public_ip, added
tests, shed some CamelCase.
* asn: looksup up ASN of connection, uses 3 providers, tests providers, saves
results, optionally adds headers. Includes tests.
* access: new plugin that merges rdns_access, mail_from.access, and
rcpt_to.access.
* connect.fcrdns: new plugin (Forward Confirmed Reverse DNS)
* bounce: new plugin (merges
* data.headers: new plugin added direct_to_mx, check & reject settings, added MLM detection,
tests.
* helo.checks: refactored, better config handling, new tests (match_rdns,
mismatch, results), reject option.
* results_store: store processing results in data structures (vs notes)
* spf: refactored, added outbound checks when relaying, added 15 tests,
* dnsbl: return errors as Error objects, reduce list to unique zones, added
tests, added search=multi option, handle ENOTFOUND error, added reject=false option.
* dns_list_base: bug fixes (race condition, returning invalid results)
* bounce: refactored, each check has enable and reject switches, added tests,
added bad_bounce_to
* clamav: add virus name to results, better config parsing, typo fixes
* uribl:
* mf_resolvable:
* tls: add link to wiki article on TLS setup
* relay_acl: fix issue #428, refactored, don't crash when relay_dest_domains.ini
missing, added tests
* fix mx mechanism when no records are returned
* vpopmaild: added per-domain feature
* karma: added whitelist award, pass through temp (DENYSOFT) errors, made
tarpit variable, configurable reject hooks, doc rewrite, ASN awards, fix penalty days calculation, new DSL for karma awards,
* bannering fixes
* added log* stubs to test/fixtures/[plugin|connection]
* tests/fixtures/stub_plugin: set name property
* config: corrected handling of config.arg gets, fix caching bug, fix boolean
handling, added missing 'type' handling.
* Adding the option of using CIDR ranges in the haproxy_hosts file
* tarpit: added config option hooks_to_delay, added docs
* contrib/haraka.bsd.rc: startup file for *BSD
* Store attachment headers on stream
* Record accepted domains at hook_rcpt and improve queue/lmtp
* return after next() in the whitelist checks
* Add new -o option to bin/haraka
2.4.0 - Feb 12, 2014
* Trim whitespace when reading "list" type config files (such as config/plugins)
* Added LMTP via queue/lmtp plugin
* Fixed bug in outbound when temp failing some of the recipients that would prevent delivery working to those recipients for future delivery attempts
* Add additional details/parameters to delivered hook for outbound mail
* Removed the hmail.bounce_extra object as that information now stored with the rcpt_to list
* Store the RCPT TO rejection reason on the address object
2.3.0 - Feb 07, 2014
* Fix memory leak when watching config files for changes
* Support for badly formatted MAIL FROM/RCPT TO lines
* Fix a memory corruption when fixing line endings
* Fix breakpoints in plugins when using node inspector
* Reload config in relay_force_routing without restart
* Don't re-attempt TLS upgrade if upgraded already and STARTTLS is re-advertised
* Improved outbound logging
* Pass failed recipients to bounce hook in outbound processing
* Added startup checks to ensure Haraka has been installed correctly
* Handle case of Haraka server running out of disk space better
* In mail_from.is_resolvable: move re_bogus_ip into config
* Added auth/auth_vpopmaild plugin - SMTP AUTH against a vpopmaild server
* Fixed graph plugin to work with sqlite3
* Added rcpt_to.qmail_deliverable plugin - Authenticate inbound RCPT TOs against Qmail::Deliverable daemon
* Added data.headers plugin which merges header checks into one place.
Deprecates data.noreceived, data.rfc5322_header_checks, and data.nomsgid.
* Added documentation for logging system
* Added DKIM per-domain signing support
* Added p0f plugin
* In relay_acl, if host is allowed by acl, don't deny the recipient because the domain isn't in the allow list
* Add Authentication-Results header (RFC 5451) to all emails
* Fixed writing the todo file in outbound for newer Node versions
* Added Karma plugin to support penalizing consistently evil senders
* Added GeoIP plugin including distance calculation from your mail server
* Added bounce plugin for handling incoming bounce messages in various ways
* Fix underscores in documentation so web version doesn't look so weird
* By default prevent SMTP AUTH unless on a private IP or using TLS WARNING: May break some uses of Haraka, but is worth it for security
* In lookup_rdns.strict, check whitelist before looking up IP
* Big rewrite of the SpamAssassin plugin for simplicity and mainly to pass through X-Spam-* headers provided
* Added delay_deny plugin allowing more flexibility on when to reject mail
* Improvements to ini file parsing allowing floats and negative integers, and specifying boolean keys
* Fix issue causing a CRIT/crash with lost transaction/connection while sending inbound to ongoing SMTP server
* Allow setting of spamd_user for spamassassin plugin
2.0.0 - Nov 28, 2012
* Various fixes to SMTP AUTH code, including providing SMTP AUTH to inbound
mail forwarders.
* Updates to process_title plugin to show more details
* Changed transaction.data_lines to a Stream (this will break all code which
uses transaction.data_lines currently - see the migration guide)
* Changed attachments to be a Stream (this will break some code which uses
transaction.attachment_hooks - see the migration guide)
* Capture and log signals sent to Haraka
* Various performance improvements
* Fixed a memory leak in connection pool
* Improvements to TLS compatibility
* RFC compliance improvements with greeting, EHLO/HELO, QUIT, and dot stuffing
* Throw exception with set_banner as it is now non-functional. Will be returned in a future version.
* Small fixes to data.uribl
1.4.0 -