123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425 |
- ChangeLog
- ---------
- 2014-10-09 06:54 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * fix a bug with certificate handling, load a full chain from a file if a
- availabe
- * fix building on win32
- 2014-06-28 18:46 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * add more information to the headers injected by hermes
- * make ip matching for sqlite-black/whitelisted a strict match instead of a
- loose one
- * fix build issues on newer compilers
- Older changes which were not previously released:
- * number_of_unimplemented_commands_allowed option to limit the number of
- unimplemented commands a server can return.
- * mark ssl IO as such
- * try to detect if ssl will not work before accepting ssl connections
- * change to how we manage SSL initialization. It needs to be done in two steps
- to be able to return the correct smtp code in case of failure
- * ignore SIGPIPE and SIGCHLD. this was causing hermes to randomly finish
- * fix bug when trying to enable ssl and not suceeding. now we handle it
- gracefully instead of failing and randomly crashing
- * add spf-fail to the headers
- * add the add_status_header_if_dns_listed option
- * fix small bug in the percentage estimation optimization
- * add option to control verboseness of log
- * report PID at startup
- * fix stats submission
- * make filelogger log more similar to unixlogger
- * fixes for win32
- * quick get_canonical_filename version for win32
- 2011-01-08 19:28 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * fixed NullLogger
- 2011-01-08 17:22 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * fixed small bug when submitting stats that would stop the thread that
- submits them
- 2011-01-08 02:27 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * revamped logging system. hopefully, messages will be more informative now
- 2011-01-06 23:53 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * development restarted
- * print a small message about which config file we are actually using. Some
- people seem to have gotten confused about this...
- 2008-12-14 20:17 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Implemented log rotation for filelogger. Sponsored by Damir Simunic of
- http://edgeof.net
- * Disable chunking extension, it interferes with hermes operation
- * Updated email address... again
- 2008-08-30 21:35 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Updated email address.
- 2007-11-28 19:54 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Fixed some sqls
- 2007-11-20 19:14 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Added a small feature sponsored by http://www.pixelkinder.com. It allows to
- specify a list of valid ips for each domain, if a mail comes from an ip not on
- the list, then reject it.
- 2007-10-02 11:33 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Add blacklisting based on the "to" address and domain. Useful to migrate
- sites and to correct MTAs errors.
- 2007-07-20 20:03 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * 1.6 release
- * Bugs:
- * Fixed a DoS-causing, remotely explitable bug in Proxy.cpp. This bug only affects version 1.3 to
- 1.5, both inclusive. If you are using either 1.3, 1.4 or 1.5 UPDATE NOW.
- Thanks to Veit Wahlich for finding and reporting the bug and for submitting
- a preeliminar patch.
- * While looking for similar vulnerabilities in the code, found a small
- incorrection, although it doesn't have security implications.
- 2007-07-19 12:57 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * 1.5 release
- * Enhancements:
- * Allow permanently rejecting mails with dnsbl or spf errors. To use configure
- return_temp_error_on_reject as false (default). To keep the old behaviour,
- configure the above option as true.
- * File logger can now be configured to only open the file sporadically to
- write its buffer. This allows for external log rotators on platforms that
- can't rename an open file (i.e. windows). The option is called
- keep_file_locked. To use the new behaviour, configure as false, to keep the
- old one configure as true.
- * Implemented win32 service support. To enable, configure with
- --enable-win32-service. The windows build on the website are already compiled
- with this option. To install the service execute:
- c:\hermes> hermes -install
- To uninstall:
- c:\hermes> hermes -uninstall
- To start:
- c:\hermes> net start hermes
- To stop:
- c:\hermes> net stop hermes
- Of course, you can also use the service manager to start and stop the service.
- Using the service code there's a big warning everyone should read:
- The config file MUST be named "hermes.ini" and be located on the same
- directory as "hermes.exe". Also, since hermes is started from another
- directory, you have to specify the full path to the database:
- database_file = "c:\hermes\greydatabase.db"
- * Fixes:
- * Fix SPF requests to be synchronized. I haven't seen a single failure from
- this, but this is the right way.
- * Removed an stale debug statement. It could be noticed when starting hermes
- that the list of dns white/black lists was printed on the standard output.
- * dns_{white,black}list_percentage now defaults to 100. Setting it to 0 makes
- no sense and makes all your emails to be considered white/black listed.
- * Fixed spec file to include the AUTHORS file.
- * The value of spf_query now defaults to true when compiled with SPF support.
- * Applied patch by Veit Wahlich that fixes stats submission to be each 60
- minutes exactly. Previously it would send the stats on intervals of
- approximattely 60 minutes.
- * Whitelisting IPs is now partial like blacklisting. For example, whitelisting
- 192.168.0 will whitelist 192.168.0.* (192.168.0.0/24)
- * Small fixes to the building system.
- 2007-06-14 20:23 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * 1.4 release
- * Enhancements:
- * SPF: if you enable query_spf, everytime someone gets through greylisting,
- they will be checked for spf compliance. If they either FAIL or SOFTFAIL, they
- will be rejected.
- * Specify your hostname on the config file (option hostname). If it's empty,
- it gets filled by gethostname() (as before)
- * DNS Whitelisting: similar to DNS Blacklisting, but the other way around.
- * DNS Whitelisting and DNS Blacklisting both support querying more than one
- server at a time. It means that you don't have to rely 100% on a dns list, but
- can use more than one. To control how many of the list need to list a server,
- use dns_{black,white}list_percentage option on config file.
- * If you define now whitelisted_disables_everything, whitelisted host will not
- be forced to go through throttling and banner delaying (or anything else).
- * Blacklisting is now partial. That means that if you blacklist 192.168.0. you
- are actually blacklisting 192.168.0.* (192.168.0.0/24 if you prefer)
- * Added the throttling_time option that controls how much we sleep between
- lines when throttling a connection.
- * Changed logging format. Should be clearer now, although there are still some
- things I'd like to change.
- * We are also logging now also when someone gets their connection dropped
- because of throttling or data-before-banner (or black/whitelisting, spf, etc. ).
- It should help to get a better feeling of how much spam we are stopping with
- these techniques.
- * We now can reject emails if peer doesn't have an inverse resolution (patch
- by Veit Wahlich) or if the inverse resolution doesn't match the helo string.
- Both of these features should be used with extreme care, and are disabled by
- default. You shouldn't use them if you don't know what you are doing.
- * Fixes:
- * FileLogger.cpp: file logging now flushes its buffer after a few lines (15).
- This should update the log on file more often.
- * Configfile.tmpl: when compiling on windows, all default values should be
- valid
- * Fixed a bug when closing the filelogger file (most people noticed that
- hermes crashed when closing when using file logger).
- * Changed the X-Anti-Spam-Proxy header to be more clear.
- * Fixed all typos with wether to whether
- * Fixed a minor RFC-strict error when defining the non-existing extension
- * Timezone _should_ be correct now on windows. If it isn't, write to the
- mailing list with an example and why you think it's incorrect.
- * Fixed configure.in. If you specify now --disable-openssl it will disable
- openssl even if you have it installed
- * Updated the .spec file (thanks again to Veit Wahlich's patch)
- * Added AUTHORS file and also added lot's of docs to the windows release.
- 2007-05-18 20:11 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * 1.3 release
- * added the add_headers option, will add the rfc-required "Received" headers
- should give a better idea of where emails are coming/going
- * also added date to logging when it is done to a file
- * fixed filelogger, should now use file_logger_file config option
- * windows version can now resolve addresses, so rbl works and also you can now
- use fancy names like "localhost" instead of ugly ips like "127.0.0.1"
- * updated rpm, hopefully everything should be ok now
- 2007-05-13 18:21 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * 1.2 release
- * added rbl checking. Simply define rbl_domain in configfile
- 2007-04-20 12:04 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Added an option to configure the initial delay of the SMTP banner
- 2007-04-19 20:28 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Bugfix 1.1 release
- * Implemented the bind_to config option. Defining bind_to in the configfile
- will force hermes to only bind to one ip.
- * Fixed a small bug when closing hermes with clean_db=false (it would segfault
- previously)
- * Added more documentation and updated http://www.hermes-project.com
- 2007-04-16 19:48 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Initial 1.0 release
- 2007-04-09 20:27 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * *.{h,cpp}: add GPL license to all source files. also added gpl.txt with the
- full license text on /docs
- * Makefile.am: configure automake more correctly (not a lot, probably still
- very wrong)
- * TODO: cleaned up a bit
- 2007-04-09 18:57 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * *.{h,cpp}: Ifdef'd all output to terminal. From now on if you want all that
- output, define REALLY_VERBOSE_DEBUG on config.h (once it is generated)
- * generate_config.pl: generate also a default config file from the information
- on Configfile.tmpl
- 2007-03-18 19:16 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * *Logger.{h,cpp}: Implement logging as a base class with different subclasses
- depending on a configure option. Also added option to Configfile.tmpl to
- configure the filename for FileLogger.
- This change will allow us to port hermes more easily to other platforms,
- specially non-unix(i.e. win32), but also will help if we don't have a logger
- installed or if it's not compatible with the common interface (I'm using
- metalog, btw).
- 2007-03-18 17:06 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * *: change all instances of spit to hermes to reflect project's new name
- 2007-03-09 18:19 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Database.*: modified cleanDB, now the method counts the number of spams we
- have blocked since the last time we cleaned
- * spit.cpp: if we have configured it, send the number of spams blocked to a
- server to keep the statistics
- * Configfile.tmpl: added options to configure the previous changes.
- submit_stats (bool) submit_stats_username (string) and submit_stats_password
- (string)
- 2007-02-14 18:20 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * *.*: change all calls to Exception constructor to send also the file name and line
- number
- 2007-02-12 19:03 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Socket.*: new option setTimeout, sets the timeout for receive/send operations, should
- help with the sockets getting blocked on recv() or send()
- * Exception.*: new constructor accepts a filename and line number. The idea is to migrate
- all calls to Exception to this new constructor so that errors get printed with their source
- filename and line number to make debugging easier.
- 2007-02-10 17:25 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Configfile.*: changed Configfile.{cpp,h} to be generated from Configfile.tmpl and
- Configfile.{cpp,h}.in . It should be MUCH easier to add new config options
- from now on. As a proof, adding options for the time to greylist and the
- initial delay were a breeze compared to before.
- * spit.cpp: instead of sending the data for thread_main in a pointer, send a
- pointer to a stack and just pop the last element added.
- 2006-11-12 21:22 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * updated changelog to use gnu coding standards
- * autotoolize spit
- * Makefile.am
- * configure.in
- * Config.h: rename class to Configfile
- 2006-10-22 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Socket.cpp: now creates the ssl context and loads certificates on the first socket
- creation, so we now use less memory per-thread, AND we also load the certs
- BEFORE chrooting, so now private_key and certificate DON'T need to be
- (and are NOT recomended) INSIDE the chroot, which is a cool security feature.
- 2006-10-21 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * SQL.cpp: Changed SQL class so that every query is made through doQuery, that
- controls that everything works the right way.
- * Exception.cpp: When an Exception ocurrs, we notify it by email, either through smtp
- or through sendmail
- 2006-10-15 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Config.cpp: Fixed Config.cpp::validateConfig to take into account chrooting
- * Socket.cpp: Fixed Socketp.cpp::close, we were sometimes closing fds twice
- * main.cpp: if you send SIGINT or SIGTERM once you close gracefully, if you do
- it twice, you forcefully stop the program, for when a socket is waiting to timeout,
- and you can't restart the proxy in-between
- 2006-10-12 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Config.cpp: Overhauled Config class
- * main.cpp: fixed chrooting, now only /etc/resolv.conf is needed
- 2006-10-08 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Socket.cpp: ssl is now fully working
- decimal time for waiting in Socket::canRead
- * SQL.cpp: whitelisting based on hostname of peer added.
- * Logger.cpp: implements a logger for unix
- * preeliminary port to solaris 10
- 2006-09-24 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * LOTS of bugfixes, some change in semantics and a bit of heavy-work
- testing. Should be MUCH more stable now.
- 2006-09-18 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * main.cpp (main): Made threads detached to allow them to free resources
- 2006-09-17 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * main.cpp (main): Create a thread to clean the database each hour
- Threads now clean themselves up when finishing
- 2006-09-16 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
- * Initial import to svn
|