ChangeLog 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425
  1. ChangeLog
  2. ---------
  3. 2014-10-09 06:54 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  4. * fix a bug with certificate handling, load a full chain from a file if a
  5. availabe
  6. * fix building on win32
  7. 2014-06-28 18:46 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  8. * add more information to the headers injected by hermes
  9. * make ip matching for sqlite-black/whitelisted a strict match instead of a
  10. loose one
  11. * fix build issues on newer compilers
  12. Older changes which were not previously released:
  13. * number_of_unimplemented_commands_allowed option to limit the number of
  14. unimplemented commands a server can return.
  15. * mark ssl IO as such
  16. * try to detect if ssl will not work before accepting ssl connections
  17. * change to how we manage SSL initialization. It needs to be done in two steps
  18. to be able to return the correct smtp code in case of failure
  19. * ignore SIGPIPE and SIGCHLD. this was causing hermes to randomly finish
  20. * fix bug when trying to enable ssl and not suceeding. now we handle it
  21. gracefully instead of failing and randomly crashing
  22. * add spf-fail to the headers
  23. * add the add_status_header_if_dns_listed option
  24. * fix small bug in the percentage estimation optimization
  25. * add option to control verboseness of log
  26. * report PID at startup
  27. * fix stats submission
  28. * make filelogger log more similar to unixlogger
  29. * fixes for win32
  30. * quick get_canonical_filename version for win32
  31. 2011-01-08 19:28 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  32. * fixed NullLogger
  33. 2011-01-08 17:22 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  34. * fixed small bug when submitting stats that would stop the thread that
  35. submits them
  36. 2011-01-08 02:27 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  37. * revamped logging system. hopefully, messages will be more informative now
  38. 2011-01-06 23:53 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  39. * development restarted
  40. * print a small message about which config file we are actually using. Some
  41. people seem to have gotten confused about this...
  42. 2008-12-14 20:17 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  43. * Implemented log rotation for filelogger. Sponsored by Damir Simunic of
  44. http://edgeof.net
  45. * Disable chunking extension, it interferes with hermes operation
  46. * Updated email address... again
  47. 2008-08-30 21:35 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  48. * Updated email address.
  49. 2007-11-28 19:54 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  50. * Fixed some sqls
  51. 2007-11-20 19:14 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  52. * Added a small feature sponsored by http://www.pixelkinder.com. It allows to
  53. specify a list of valid ips for each domain, if a mail comes from an ip not on
  54. the list, then reject it.
  55. 2007-10-02 11:33 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  56. * Add blacklisting based on the "to" address and domain. Useful to migrate
  57. sites and to correct MTAs errors.
  58. 2007-07-20 20:03 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  59. * 1.6 release
  60. * Bugs:
  61. * Fixed a DoS-causing, remotely explitable bug in Proxy.cpp. This bug only affects version 1.3 to
  62. 1.5, both inclusive. If you are using either 1.3, 1.4 or 1.5 UPDATE NOW.
  63. Thanks to Veit Wahlich for finding and reporting the bug and for submitting
  64. a preeliminar patch.
  65. * While looking for similar vulnerabilities in the code, found a small
  66. incorrection, although it doesn't have security implications.
  67. 2007-07-19 12:57 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  68. * 1.5 release
  69. * Enhancements:
  70. * Allow permanently rejecting mails with dnsbl or spf errors. To use configure
  71. return_temp_error_on_reject as false (default). To keep the old behaviour,
  72. configure the above option as true.
  73. * File logger can now be configured to only open the file sporadically to
  74. write its buffer. This allows for external log rotators on platforms that
  75. can't rename an open file (i.e. windows). The option is called
  76. keep_file_locked. To use the new behaviour, configure as false, to keep the
  77. old one configure as true.
  78. * Implemented win32 service support. To enable, configure with
  79. --enable-win32-service. The windows build on the website are already compiled
  80. with this option. To install the service execute:
  81. c:\hermes> hermes -install
  82. To uninstall:
  83. c:\hermes> hermes -uninstall
  84. To start:
  85. c:\hermes> net start hermes
  86. To stop:
  87. c:\hermes> net stop hermes
  88. Of course, you can also use the service manager to start and stop the service.
  89. Using the service code there's a big warning everyone should read:
  90. The config file MUST be named "hermes.ini" and be located on the same
  91. directory as "hermes.exe". Also, since hermes is started from another
  92. directory, you have to specify the full path to the database:
  93. database_file = "c:\hermes\greydatabase.db"
  94. * Fixes:
  95. * Fix SPF requests to be synchronized. I haven't seen a single failure from
  96. this, but this is the right way.
  97. * Removed an stale debug statement. It could be noticed when starting hermes
  98. that the list of dns white/black lists was printed on the standard output.
  99. * dns_{white,black}list_percentage now defaults to 100. Setting it to 0 makes
  100. no sense and makes all your emails to be considered white/black listed.
  101. * Fixed spec file to include the AUTHORS file.
  102. * The value of spf_query now defaults to true when compiled with SPF support.
  103. * Applied patch by Veit Wahlich that fixes stats submission to be each 60
  104. minutes exactly. Previously it would send the stats on intervals of
  105. approximattely 60 minutes.
  106. * Whitelisting IPs is now partial like blacklisting. For example, whitelisting
  107. 192.168.0 will whitelist 192.168.0.* (192.168.0.0/24)
  108. * Small fixes to the building system.
  109. 2007-06-14 20:23 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  110. * 1.4 release
  111. * Enhancements:
  112. * SPF: if you enable query_spf, everytime someone gets through greylisting,
  113. they will be checked for spf compliance. If they either FAIL or SOFTFAIL, they
  114. will be rejected.
  115. * Specify your hostname on the config file (option hostname). If it's empty,
  116. it gets filled by gethostname() (as before)
  117. * DNS Whitelisting: similar to DNS Blacklisting, but the other way around.
  118. * DNS Whitelisting and DNS Blacklisting both support querying more than one
  119. server at a time. It means that you don't have to rely 100% on a dns list, but
  120. can use more than one. To control how many of the list need to list a server,
  121. use dns_{black,white}list_percentage option on config file.
  122. * If you define now whitelisted_disables_everything, whitelisted host will not
  123. be forced to go through throttling and banner delaying (or anything else).
  124. * Blacklisting is now partial. That means that if you blacklist 192.168.0. you
  125. are actually blacklisting 192.168.0.* (192.168.0.0/24 if you prefer)
  126. * Added the throttling_time option that controls how much we sleep between
  127. lines when throttling a connection.
  128. * Changed logging format. Should be clearer now, although there are still some
  129. things I'd like to change.
  130. * We are also logging now also when someone gets their connection dropped
  131. because of throttling or data-before-banner (or black/whitelisting, spf, etc. ).
  132. It should help to get a better feeling of how much spam we are stopping with
  133. these techniques.
  134. * We now can reject emails if peer doesn't have an inverse resolution (patch
  135. by Veit Wahlich) or if the inverse resolution doesn't match the helo string.
  136. Both of these features should be used with extreme care, and are disabled by
  137. default. You shouldn't use them if you don't know what you are doing.
  138. * Fixes:
  139. * FileLogger.cpp: file logging now flushes its buffer after a few lines (15).
  140. This should update the log on file more often.
  141. * Configfile.tmpl: when compiling on windows, all default values should be
  142. valid
  143. * Fixed a bug when closing the filelogger file (most people noticed that
  144. hermes crashed when closing when using file logger).
  145. * Changed the X-Anti-Spam-Proxy header to be more clear.
  146. * Fixed all typos with wether to whether
  147. * Fixed a minor RFC-strict error when defining the non-existing extension
  148. * Timezone _should_ be correct now on windows. If it isn't, write to the
  149. mailing list with an example and why you think it's incorrect.
  150. * Fixed configure.in. If you specify now --disable-openssl it will disable
  151. openssl even if you have it installed
  152. * Updated the .spec file (thanks again to Veit Wahlich's patch)
  153. * Added AUTHORS file and also added lot's of docs to the windows release.
  154. 2007-05-18 20:11 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  155. * 1.3 release
  156. * added the add_headers option, will add the rfc-required "Received" headers
  157. should give a better idea of where emails are coming/going
  158. * also added date to logging when it is done to a file
  159. * fixed filelogger, should now use file_logger_file config option
  160. * windows version can now resolve addresses, so rbl works and also you can now
  161. use fancy names like "localhost" instead of ugly ips like "127.0.0.1"
  162. * updated rpm, hopefully everything should be ok now
  163. 2007-05-13 18:21 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  164. * 1.2 release
  165. * added rbl checking. Simply define rbl_domain in configfile
  166. 2007-04-20 12:04 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  167. * Added an option to configure the initial delay of the SMTP banner
  168. 2007-04-19 20:28 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  169. * Bugfix 1.1 release
  170. * Implemented the bind_to config option. Defining bind_to in the configfile
  171. will force hermes to only bind to one ip.
  172. * Fixed a small bug when closing hermes with clean_db=false (it would segfault
  173. previously)
  174. * Added more documentation and updated http://www.hermes-project.com
  175. 2007-04-16 19:48 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  176. * Initial 1.0 release
  177. 2007-04-09 20:27 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  178. * *.{h,cpp}: add GPL license to all source files. also added gpl.txt with the
  179. full license text on /docs
  180. * Makefile.am: configure automake more correctly (not a lot, probably still
  181. very wrong)
  182. * TODO: cleaned up a bit
  183. 2007-04-09 18:57 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  184. * *.{h,cpp}: Ifdef'd all output to terminal. From now on if you want all that
  185. output, define REALLY_VERBOSE_DEBUG on config.h (once it is generated)
  186. * generate_config.pl: generate also a default config file from the information
  187. on Configfile.tmpl
  188. 2007-03-18 19:16 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  189. * *Logger.{h,cpp}: Implement logging as a base class with different subclasses
  190. depending on a configure option. Also added option to Configfile.tmpl to
  191. configure the filename for FileLogger.
  192. This change will allow us to port hermes more easily to other platforms,
  193. specially non-unix(i.e. win32), but also will help if we don't have a logger
  194. installed or if it's not compatible with the common interface (I'm using
  195. metalog, btw).
  196. 2007-03-18 17:06 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  197. * *: change all instances of spit to hermes to reflect project's new name
  198. 2007-03-09 18:19 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  199. * Database.*: modified cleanDB, now the method counts the number of spams we
  200. have blocked since the last time we cleaned
  201. * spit.cpp: if we have configured it, send the number of spams blocked to a
  202. server to keep the statistics
  203. * Configfile.tmpl: added options to configure the previous changes.
  204. submit_stats (bool) submit_stats_username (string) and submit_stats_password
  205. (string)
  206. 2007-02-14 18:20 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  207. * *.*: change all calls to Exception constructor to send also the file name and line
  208. number
  209. 2007-02-12 19:03 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  210. * Socket.*: new option setTimeout, sets the timeout for receive/send operations, should
  211. help with the sockets getting blocked on recv() or send()
  212. * Exception.*: new constructor accepts a filename and line number. The idea is to migrate
  213. all calls to Exception to this new constructor so that errors get printed with their source
  214. filename and line number to make debugging easier.
  215. 2007-02-10 17:25 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  216. * Configfile.*: changed Configfile.{cpp,h} to be generated from Configfile.tmpl and
  217. Configfile.{cpp,h}.in . It should be MUCH easier to add new config options
  218. from now on. As a proof, adding options for the time to greylist and the
  219. initial delay were a breeze compared to before.
  220. * spit.cpp: instead of sending the data for thread_main in a pointer, send a
  221. pointer to a stack and just pop the last element added.
  222. 2006-11-12 21:22 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  223. * updated changelog to use gnu coding standards
  224. * autotoolize spit
  225. * Makefile.am
  226. * configure.in
  227. * Config.h: rename class to Configfile
  228. 2006-10-22 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  229. * Socket.cpp: now creates the ssl context and loads certificates on the first socket
  230. creation, so we now use less memory per-thread, AND we also load the certs
  231. BEFORE chrooting, so now private_key and certificate DON'T need to be
  232. (and are NOT recomended) INSIDE the chroot, which is a cool security feature.
  233. 2006-10-21 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  234. * SQL.cpp: Changed SQL class so that every query is made through doQuery, that
  235. controls that everything works the right way.
  236. * Exception.cpp: When an Exception ocurrs, we notify it by email, either through smtp
  237. or through sendmail
  238. 2006-10-15 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  239. * Config.cpp: Fixed Config.cpp::validateConfig to take into account chrooting
  240. * Socket.cpp: Fixed Socketp.cpp::close, we were sometimes closing fds twice
  241. * main.cpp: if you send SIGINT or SIGTERM once you close gracefully, if you do
  242. it twice, you forcefully stop the program, for when a socket is waiting to timeout,
  243. and you can't restart the proxy in-between
  244. 2006-10-12 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  245. * Config.cpp: Overhauled Config class
  246. * main.cpp: fixed chrooting, now only /etc/resolv.conf is needed
  247. 2006-10-08 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  248. * Socket.cpp: ssl is now fully working
  249. decimal time for waiting in Socket::canRead
  250. * SQL.cpp: whitelisting based on hostname of peer added.
  251. * Logger.cpp: implements a logger for unix
  252. * preeliminary port to solaris 10
  253. 2006-09-24 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  254. * LOTS of bugfixes, some change in semantics and a bit of heavy-work
  255. testing. Should be MUCH more stable now.
  256. 2006-09-18 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  257. * main.cpp (main): Made threads detached to allow them to free resources
  258. 2006-09-17 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  259. * main.cpp (main): Create a thread to clean the database each hour
  260. Threads now clean themselves up when finishing
  261. 2006-09-16 Juan José Gutiérrez de Quevedo <juanjo@gutierrezdequevedo.com>
  262. * Initial import to svn