Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

amavisd-new-2.12.1-150400.1.4 RPM for noarch

From OpenSuSE Leap 15.6 for noarch

Name: amavisd-new Distribution: SUSE Linux Enterprise 15
Version: 2.12.1 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150400.1.4 Build date: Sat May 7 23:21:09 2022
Group: Productivity/Networking/Security Build host: sheep64
Size: 1775197 Source RPM: amavisd-new-2.12.1-150400.1.4.src.rpm
Packager: https://www.suse.com/
Url: https://gitlab.com/amavis/amavis/
Summary: High-Performance E-Mail Virus Scanner
Amavisd-new is a high-performance interface between mailer (MTA) and
content checkers: virus scanners or SpamAssassin. It talks to the MTA
via (E)SMTP, LMTP. It works with the
following MTAs:

- postfix
- sendmail (sendmail-milter)
- exim

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Wed Dec 08 2021 varkoly@suse.com
  - amavisd-new should require packets perl-IO-stringy and perl-Net-LibIDN
    (bsc#1193291)
* Wed Jul 28 2021 jsegitz@suse.com
  - Added hardening to systemd service(s). Modified:
    * amavis.service
* Wed Feb 24 2021 suse+build@de-korte.org
  - Package amavisd-milter in a separate package
  - Add perl(Convert::BinHex) to required packages
  - Disable BerkeleyDB in configuration
    + amavisd-new-no-berkeleydb.patch
* Wed Dec 30 2020 suse+build@de-korte.org
  - update to version 2.12.1
    * Generate DKIM record comment line including the 's=' (selector) tag
      instead of an 'i=' (identifier) tag when using "amavisd showkeys".
    * Make sure generated Authentication-Results follow RFC specification.
    * Prevent re-encoding of notification templates.
    * Compare inode numbers as strings.
    * Resolve MySQL invalid utf8mb4 clause.
  - cleanup spec
    * align (Build)Requires and Recommends with upstream
    * rework creating vscan user (new system-user in Tumbleweed)
* Mon Oct 26 2020 suse+build@de-korte.org
  - update to version 2.12.0
    * Upstream changed to GitLab
    * Introduce Rspamd client extension
      With this extension, Amavis can use Rspamd either running on the same
      server or remotely. Connections are made using HTTP/HTTPS depending on
      configuration, the latter requiring a HTTPS-capable proxy (like NGINX or
      Apache) for Rspamd, which does not natively support HTTPS. Basic
      authentication with name/password pairs is also available.
    * Treat "not an OLE file" as a successful result
      Amavis supports calling the ripOLE program to extract embedded objects
      from Microsoft OLE documents. However, not all Microsoft documents
      contain said objects, and the underlying file format changes when they
      do. Since Amavis can't tell the difference, it passes everything to
      ripOLE unconditionally.  Amavis now treats the "not an OLE file" error
      code of ripOLE as a successful result, proceeds normally and scans the
      file as a whole.
    * Fix unix socket path extraction that has prevented a socket based
      policy bank to be loaded;
    * Fix DKIM signing for outbound messages (remove dkim-signing.diff)
    * Fix unescaped left brace regex warning in run_av() subroutine.
    * Mention default value for $myprogram_name in minimal amavisd.conf.
  - cleanup spec
    * remove unused rc.amavis SysV initscript
    * remove unused /usr/lib/tmpfiles.d
* Sun Feb 02 2020 kukuk@suse.com
  - pwdutils is gone since ages
* Sun Mar 17 2019 jengelh@inai.de
  - Mark build recipe as bash-specific.
  - Do not hide errors from useradd.
  - Remove pre-openSUSE-12.3 logic.
  - Convert PreReq and rebuild Requires(pre/post) lists.
  - Remove hard scriptlet dependency on systemd.
* Sun Oct 14 2018 wr@rosenauer.org
  - update to version 2.11.1
    * removed a trailing dot element from @INC, as a workaround for a perl
      vulnerability CVE-2016-1238
    * amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR
      for a message "PID <pid> went away", and removed redundant newlines
      from some log messages
    * safe_decode() and safe_decode_utf8(): avoid warning messages
      "Use of uninitialized value in subroutine entry"
      in Encode::MIME::Header when the $check argument is undefined
    * @sa_userconf_maps has been extended to allow loading of per-recipient
      (or per-policy bank, or global) SpamAssassin configuration set from
      LDAP. For consistency with SQL a @sa_userconf_maps entry prefixed with
      'ldap:' will load SpamAssassin configuration set using the
      load_scoreonly_ldap() method;  a patch by Atanas Karashenski
    * add some Sanesecurity.Foxhole false positives to the default
      list @virus_name_to_spam_score_maps
    * updated some comments
  - update amavis-milter to version 2.6.1
    * Fixed bug when creating amavisd-new policy bank names
* Thu Mar 15 2018 varkoly@suse.com
  - bsc#1072122 amavisd-new should use unar instead of unrar
* Wed Mar 14 2018 varkoly@suse.com
  - bsc#1071932 - YaST2 Mail Server Configuration - throws Error for
    starting service amavis.
    amavisd-new should require spamassassin
* Sun Jan 14 2018 varkoly@suse.com
  - bnc#1007149 Amavisd-milter fails to start when started via systemd
    Use fillup_only with -n amavis
* Thu Nov 23 2017 rbrown@suse.com
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Wed Feb 22 2017 wr@rosenauer.org
  - fixed DKIM signing by recognizing ORIGINATING
    (regression in 2.11.0) (dkim-signing.diff)
    (https://lists.amavis.org/pipermail/amavis-users/2016-July/004428.html)
* Mon Feb 20 2017 kukuk@suse.de
  - Don't require insserv if we don't need it.
* Fri May 27 2016 jcnengel@gmail.com
  - Update to version 2.11.0
    + Bugfixes
    * delivery method was undefined when always_bcc was used;
    reported by Marieke Janssen;
    * avoid warnings issued by perl 5.21.7 and later:
    Negative repeat count does nothing at ./amavisd line 16408
    and similarly in amavisd-status;
    * releasing from an SQL quarantine failed to provide the original
    envelope sender address to a released message;
    reported, and a fix suggested by Tom Johnson and Tobias;
    * remove a stale database file __db.nanny.db on a reload or restart,
    as it can prevent a successful start when a previous start failed
    for some reason; a patch by Trent Lloyd;
    + Compatibility
    * During startup more detailed testing is performed for taint bugs of
    a module Encode and the function utf8::is_utf8(), which may produce
    warnings on old versions of perl with its old core module Encode,
    or may exit on detecting more sinister bugs in these modules.
    Note that the module Encode may be upgraded independently of perl,
    if desired;
    * with MySQL: changed character set 'utf8' to 'utf8mb4' for fields
    msgs.subject and msgs.from_addr, as previously some of the UTF-8
    characters could not be stored in a database;
    * when logging to stderr a timestamp prefix to each message is only
    still inserted if $DEBUG is true.  When $DEBUG is false each message
    is prefixed with a syslog log level in angle brackets, and a timestamp
    is omitted (for compatibility with systemd);
    * a perl module Digest::SHA is now a required module. It is a perl core
    module since perl 5.10, so it shouldn't introduce a new dependency,
    and it was a de-facto required module even previously, as it was needed
    for DKIM processing;
    + New features
    * Polished rough corners to facilitate running amavisd as a non-daemonized
    supervised process
    * A log template macro 'report_json' can now take arguments, which can
    include or exclude fields (key/values) from the JSON report object.
    Arguments to a macro are either field names (keys) to be included
    in a report, or are field names to be excluded, each prefixed with
    an exclamation mark, to produce a report with all but excluded fields.
    * Two new configuration settings are added: %smtpd_tls_server_options
    and %smtp_tls_client_options. These two associative arrays are passed
    to IO::Socket::SSL->start_SSL when establishing a server-side or a
    client-side TLS session with an MTA, and provide more control over
    a TLS session - like providing certificates and restricting ciphers.
    See documentation of a perl module IO::Socket::SSL for a list of
    all options with their descriptions and their defaults.
    * Supports receiving SMTP/LMTP connections through a HAProxy,
    recognizing 'PROXY protocol Version 1' data on the first line read,
    after a connection from HAProxy to amavisd has been established.
    Connection data (IP addresses and ports) received via this protocol
    end up replacing such data in the the Amavis::In::Connection object
    ($conn).  Set configuration variable $haproxy_target_enabled (also
    a member of policy banks) to true in order to enable this protocol.
    * redis: allow a scoped / link-local IP address specification
    (avoiding current limitation in IO::Socket::IP [rt.cpan.org #89608]);
    * the Amavis::Unpackers::Part::digest method now holds a digest (SHA1,
    hex) of a decoded (base64 or quoted-printable) MIME part contents,
    followed by a colon and a lowercased Content-Type of the MIME part.
    Canonical line endings CRLF in decoded textual parts are normalized
    to a native newline (\n) before feeding them to a digest algorithm.
    * Policy bank names in a @client_ipaddr_policy setting can now accept
    a comma-separated list of policy names to be loaded on a match
    (for loading of policy banks based on an IP address of a SMTP client).
    Whitespace around each policy name is allowed and is stripped.
    Previously only a single policy bank name was allowed in each entry
    of @client_ipaddr_policy.
    * Experimental feature: IP lookups (as implemented by lookup_ip_acl()
    and used by @client_ipaddr_policy) can now also do DNS-based lookups,
    in addition to array- and hash-based lookups.
* Thu Jan 21 2016 aj@ajaissle.de
  - Add amavisd-new-2.10.1-myhostname.patch:
    $myhostname is set using POSIX::uname, but expects a FQDN. This
    patch changes this behaviour to use Net::Domain::hostfqdn instead
* Wed Aug 12 2015 wr@rosenauer.org
  - require perl-Convert-BinHex as otherwise startup fails with
    default installation
  - file based requirement does not work
    - > changed to package requirement util-linux-systemd
* Tue Dec 16 2014 p.drouand@gmail.com
  - Update to version 2.10.1
    + fixed a missing import of mail_addr_idn_to_ascii() and idn_to_utf8()
      when SQL is in use
    + void warnings issued by perl 5.21.5:
  - Changes from version 2.10
    COMPATIBILITY
  - New requirement: perl module Net::LibIDN needs to be installed.
  - Uses a perl module File::LibMagic if installed, instead of spawning
    a file(1) utility.
  - Support for international email relies heavily on perl to do the
    right thing in its support of Unicode, so using a reasonably recent
    version of perl is recommended. Amavisd was tested with perl 5.18
    and 5.20.1. Versions of perl older than 5.12 may cause problems
    with handling, encoding, and decoding of Unicode characters.
    It is reasonable to expect that versions 5.14 and 5.16 are fine too,
    but have not been tested extensively.
  - Default log templates and notification templates have changed
    in details (like in decoding of international e-mail addresses), so
    if locally customized templates are in use these will benefit from
    updating - otherwise expect some mojibake in log and notifications.
  - International domain names (IDN) encoded in ASCII-compatible encoding
    found in e-mail addresses and in Message-ID header field will be decoded
    to Unicode for presentation purposes (syslog, JSON structured log,
    notifications). This decoding does not affect a mail message itself.
  - Logging via syslog expects that syslogd (or equivalent) will not
    clobber UTF-8 octets. It may be necessary to tell syslogd to accept
    C1 control characters unchanged, e.g. by adding a command line option
    "-8" to syslogd. Failing to do so may leave logged entries (like
    sender and recipient address, From, Subject) in international mail
    garbled or poorly readable in syslog.
    On FreeBSD one should add:  syslogd_flags="-8"  to /etc/rc.conf.
  - Third party log parsers may need updating to accept logs with Unicode
    characters in UTF-8 encoding.
  - A SMTP response to an EHLO command will now announce SMTPUTF8 capability
    by default.
    BUG FIXES
  - releasing a message from an SQL quarantine was broken in version 2.9.1
    due to introduction of parent_mail_id(); patches provided by Stef Simoens
    and Gionatan Danti;
  - if checking of a message was aborted prematurely (like due to a timeout
    or some fatal error), JSON log could receive a copy of a previous
    log entry;
  - prevent non-ASCII non-UTF-8 octets from reaching a JSON log/report
    (which produced an invalid JSON object and Elasticsearch complaining);
  - allow SMTP commands MAIL FROM and RCPT TO to accept options without
    values, as allowed by the RFC 5321 syntax;
  - in delivery status notification (DSN) the field Received-From-MTA
    specified 'smtp' as mta-name-type, instead of a 'dns' as prescribed
    in RFC 3464;
  - releasing from a quarantine left envelope sender address as '<>'
    instead of using the address found in a Return-Path header field
    of a quarantined message, while also logging a warning:
      Quarantine release $QID: missing X-Envelope-From or Return-Path
    reported by Pascal Volk;
  - avoid failure in os_fingerprint or in smtp forwarding in certain cases
    where the $os_fingerprint_method or $forward_method or $notify_method
    uses an asterisk in place of a host IP address or port number.
    The reported error in os_fingerprint (reported by -ben) was:
      os_fingerprint FAILED: Insecure dependency in socket
      while running with -T switch
      at /usr/lib/perl/5.18/IO/Socket.pm line 80
    and in SMTP forwarding or notification (reported by Dennis Boone):
      (!)connect to *:10025 attempt #1:
      Insecure dependency in socket while running with -T switch
      at /usr/lib/perl/5.18/IO/Socket.pm line 80.
  - files LDAP.ldif and LDAP.schema: added a missing attribute
    amavisDisclaimerOptions to objectClass; reported by Quanah Gibson-Mount;
    NEW FEATURES
  - added support for Internationalized Email:
    * RFC 6530 - Overview and Framework for Internationalized Email
    * RFC 6531 - SMTP Extension for Internationalized Email (SMTPUTF8)
    * RFC 6532 - Internationalized Email Headers
    * RFC 6533 - Internationalized Delivery Status Notifications
    This supports UTF-8 (EAI) in SMTP/LMTP sender addresses, recipient
    addresses, and message header section. Feature parity with Postfix
    version 2.12 (support introduced in development snapshot 20140715).
    The SMTPUTF8 extension is supported by Gmail since 2014-08-05:
      http://googleblog.blogspot.com/2014/08/a-first-step-toward-more-global-email.html
  - added support for Internationalized Domain Names (IDN) according
    to IDNA (RFC 5890, RFC 5891; RFC 3490);
    * A-labels in ASCII-compatible encoding of domain names are converted
      to U-labels for presentation/logging purposed;
    * U-labels are converted to A-labels when feeding a mail message
      to an MTA which does not announce support for SMTPUTF8 extension
      (instead of rejecting them as invalid mail address);
    * For lookup purposes an international domain name is converted to
      ASCII-compatible encoding when used as a query key in DNS lookups
      and in lookups into hash, list, SQL and LDAP lookup tables (but not
      in regexp table lookups). These tables are expected to contain domain
      names in their ASCII representation (ACE). For convenience of config
      files subroutines idn_to_ascii() and mail_idn_to_ascii() are available,
      which encode a Unicode domain name to ACE (like ToASCII in RFC 3490);
    * Many configuration settings may have their domain names in UTF-8.
      These will be converted to ACE automatically where necessary
      (e.g. when creating a Received and Authentication-Results header
      fields, DKIM signatures, mail addresses in notifications, ...).
      These settings include:
      $myhostname, $localhost_name, $myauthservid, $mydomain,
      notification sender and recipient mail addresses
      ($mailfrom_notify_*, $hdrfrom_notify_*, @*_admin_maps),
      domain names and selectors in DKIM signing keys (in calls
      to dkim_key() );
  - delivery notifications and admin notifications now show the following
    information encoded as UTF-8 (which is a default $bdy_encoding) in the
    plain text part of the message: IDN domain names in sender and recipient
    mail addresses and Message-ID are first decoded to Unicode, Subject and
    author display names are MIME-decoded;
  - 'amavisd showkeys' and 'amavisd testkeys' can now deal with IDN
    (international domain names): domain names in DNS zone comments
    end up as UTF-8, DNS labels are in ASCII (A-labels); domain names in
    calls to dkim_key() may be specified either as UTF-8 or in ASCII (ACE);
  - new macro 'mail_addr_decode' takes an e-mail address as a string of
    octets, where a local part may be encoded as UTF-8, and the domain part
    may be an international domain name (IDN) consisting either of U-labels
    or A-labels or NR-LDH labels. Decodes A-labels to U-labels in domain
    name. Returns a string of logical characters (Unicode), suitable for
    notification templates. If the mail address is not a valid UTF-8 string,
    it is interpreted as ISO-8859-1 (Latin-1).
  - new macro 'mail_addr_decode_octets' is like 'mail_addr_decode', except
    that the result is a string of octets, only valid as UTF-8 if the
    provided address was a valid UTF-8 (garbage-in/garbage-out);
  - new macro 'header_field_octets' is like 'header_field', except that
    a result is a string of octets in UTF-8 encoding, suitable for a log
    template;
  - new macro 'ip_proto_trace_all' expands into a list of information
    items from a Received header trace; each item consists of a protocol
    name (the WITH clause) and an IP address, optionally followed by a
    source port number if known;
    Example:
      ESMTP://[2001:db8::143:1]:39141 < ESMTP://2001:db8::25 <
      esmtps://203.0.113.172 < ESMTPSA://192.168.9.9
    or:
      UTF8SMTP://[203.0.113.172]:51208 < UTF8SMTPSA://192.168.9.9
  - new macro 'ip_proto_trace_public' is like ip_proto_trace_all, except
    that entries with non-public IP address are excluded from the list;
    'Received' trace information in $log_verbose_templ and in notifications
    now include results from this macro call;
  - new macro 'protocol' evaluates to a protocol name by which a message
    was received by amavisd, according to RFC 3848 ("Transmission Types
    Registration") and "Mail Transmission Types" / "WITH protocol types"
    IANA registration
      http://www.iana.org/assignments/mail-parameters/mail-parameters.xhtml
    e.g.: SMTP, ESMTP, ESMTPA, ESMTPS, ESMTPSA, LMTP, LMTPA, LMTPS, LMTPSA,
      UTF8SMTP, UTF8SMTPA, UTF8SMTPS, UTF8SMTPSA,
      UTF8LMTP, UTF8LMTPA, UTF8LMTPS, UTF8LMTPSA, ...
  - new macro 'client_protocol' expands into a protocol name by which
    a message was received from a client by MTA; the information is passed
    from MTA to amavisd through XFORWARD PROTO SMTP protocol extension or
    through AM.PDP (milter); typical values are 'ESMTP' or 'SMTP';
  - use a perl module File::LibMagic when available, instead of spawning
    a file(1) utility for classifying contents of mail parts.
    By using a direct interface to a libmagic library the startup cost
    of spawning an external process is avoided. Benchmarking shows that
    using libmagic is significantly faster especially for checking a small
    number of files - takes 4 ms for checking one file with libmagic
    vs. 27 ms with a spawned file(1); based on a patch by Markus Benning;
    OTHER
  - RFC 6533: recognize a MIME type 'message/global' as similar
    to 'message/rfc822', and 'message/global-headers' as similar
    to 'text/rfc822-headers' where appropriate (e.g. in bounce killer);
  - header validity check now distinguishes 'non-ASCII and invalid UTF-8'
    from 'non-ASCII but valid UTF-8' characters in a mail header section.
    By default valid UTF-8 strings in a mail header section are not treated
    as error even if mail is not flagged as international mail (SMTPUTF8),
    as these are quite common in practice. To treat non- MIME-encoded UTF-8
    in a header section as error the test can be enabled by:
      $allowed_header_tests{'utf8'} = 1;
  - ORCPT attribute in SMTP 'RCPT TO' command now accepts the original
    recipient mail address in any of these encodings: utf-8-address,
    utf-8-addr-unitext, utf-8-addr-xtext, or as a legacy xtext,
    as required by RFC 6533;
  - updated do_cabextract (extraction of Microsoft cabinet .cab archives)
    to recognize a slightly changed output of cabextract version 1.2;
    patch by Thomas Jarosch;
  - adjusted some timeouts to leave more reserve for later stages of
    mail processing and forwarding;
  - prefer sanitizing/protecting control characters as hex code (like \x7F)
    instead of octal (like \177) (e.g. in logging and DSN);
  - Use dowload Url as source
  - Add a requirement on perl-Net-LibIDN; new upstream dependency
* Sun Nov 09 2014 ledest@gmail.com
  - fix bashism in post script
  - remove '-e' option of 'echo' command that may be unsupported in some
    POSIX-complete shells

Files

/etc/amavisd.conf
/etc/openldap
/etc/openldap/schema
/etc/openldap/schema/amavisd-new.schema
/usr/lib/perl5/vendor_perl/5.26.1/JpegTester.pm
/usr/lib/systemd/system/amavis.service
/usr/sbin/amavisd
/usr/sbin/amavisd-agent
/usr/sbin/amavisd-nanny
/usr/sbin/amavisd-release
/usr/sbin/p0f-analyzer.pl
/usr/sbin/rcamavis
/usr/share/doc/packages/amavisd-new
/usr/share/doc/packages/amavisd-new/AAAREADME.first
/usr/share/doc/packages/amavisd-new/LDAP.ldif
/usr/share/fillup-templates/sysconfig.amavis
/usr/share/licenses/amavisd-new
/usr/share/licenses/amavisd-new/LICENSE
/var/spool/amavis/db
/var/spool/amavis/tmp
/var/spool/amavis/var
/var/spool/amavis/virusmails


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 19:58:50 2024