RELEASE NOTES SPAMCONTROL 2.5 ============================= FEATURES -------- SPAMCONTROL is an extension to qmail. Enhancements for qmail-smtpd: * ESMTP enhancements - Strict RFC 2821 conformance. - Reference 'Mail From:' parameter parser, supporting SIZE (RFC 1870) and AUTH options. - Customizable SMTP Authentication (RFC 2554) support for LOGIN, PLAIN, and CRAM-MD5. - SMTP Auth SUBMISSION feature. - Optional STARTTLS (RFC 2487) support in conjunction with sslserver. * SMTP envelope Anti-Spam-Tools - Wildmat Filters for the HELO/EHLO greeting and the 'Mail From: ' in Split-Horizon fashion. - DNS Lookup for the HELO/EHLO greeting (A/MX) and the domain part of the 'Mail From:' (MX). - Customizable HELO/EHLO greeting checks including exceptions. #) - Greetdelay, Tarpitting, and Smart Rejection in case of too many invalid Recipients. * Mail From: Address Verification - Check, whether for Relayclients the domain part of corresponds to a local address (Reverse Split-Horizon). - Full control of outgoing Mail From: SMTP envelope addresses in case of a SMTP authenticated user. * Enhanced badmailfrom support - Wildmat filter. - 'badmailfromunknown' capabilities. - 'badmailfromwellknown' capabilities. - Anti-spoofing of own addresses. * Recipients extensions #) - badrcptto wildmat filter. - Restricting the number of allowed 'Rcpt To:' per SMTP session. - Whitelisting: Controlling the reception of mails not only on a rcpthosts base but rather on the complete with fast and extensible cdb/PAM lookup, domain-wildlisting and VERP support. - Customizable 550 or 450 return messages. * Virus prevention - Reference badmimetypes implementation. #) - Improved badloadertypes filter. - Qmail High Performance Scanner Interface (QHPSI). - Customizable SMTP 554 Reply Message. * qmail-smtpd logging - Extensible logging format. - Logging for failed and accepted SMTP sessions. Enhancements for qmail-remote: * SMTP Authentication - Supported are Auth types LOGIN and PLAIN. - Additional authsenders control file. * QMTP support +) - Additional qmtproutes control file in addition to smtproutes. * Fast delivery - Delivery to any DNS listed MX for that domain instead just the primary. - Increased read buffer for delivery. * Bounce host support +) - Forward qmail-send bounces to dedicated QMTP hosts. - Forward qmail-send bounces to dedicated SMTP hosts. Enhancements for qmail-pop3d: * STLS support Limitations: * As by today, some SSL envrionment variables are not made available by sslserver. Enhancements for qmail-queue: * High speed virus scanner by means of QHPSI. * Additional QMAILQUEUE usage. * Optional BIGTODO support. * Optional use of RC=33 for spam messages detected via qmail-queue replacement. Enhancements for qmail-send: * Bounce control - Restricting the size of bounces. - Doublebouncetrim. * Additional recognition of local IP addresses - Moreipme - Notipme External enhancements: * Seemless support for djbdns lib instead dnslib. * qmail-mrtg interface. * Newanalyse for logs. * rblsmtpd patch can be downloaded in addition. With SPAMCONTROL qmail-smtpd can stand the two most common threats: * Lexical and/or dictionary Spam attacks in particular to none-existing and the subsequent generation of bounce messages to none-existing . * Virus Bombing and resource exhaustion due to the Virus Scanners. With SPAMCONTROL you can guarantee the integrity and authentication of at least * the domain part of the provided 'Mail From:" SMTP envelop address for RELAYCLIENTS * even chained over serveral Qmail instances. With SPAMCONTROL qmail-remote allows * to dedicate email traffic to particular accounts/domains via QMTP handled by specific qmail instances * to decouple queuing of bounces from regular emails to a dedicated qmail instance or bounce host. CHANGES (2.4 -> 2.5) -------------------- Userland: #) Modified syntax in 'badhelo'. [+) Additional GREETDELAY capabilitiy via patched rblsmptd => now part of rblsmtpd] +) Added Qmail QMTP capabilities for qmail-remote. -) Removed tarpitcount/tarpitdelay control file. #) Additional detection of white spaces in Base64 attachements via BADMIMETYPE='!'. +) Enhanced syntax of control/smtproutes, control/qmtproutes with the token '!@' for bounce control. +) Added SUBMISSION port feature for qmail-smtpd. #) Recipient 0.5 whith additional PAM support and domain recognition. Internal: +) Added Return Code '33' to qmail-queue and added display support for SpamAssassin et al in qmail-smtpd log message. #) Improved WARLORD algorithm for less false positives and additional whitespace filtering. *) Fixed one bug in qmail-remote PLAIN Auth + updated base64.c (gcc -O2 problem). +) Added bouncecontrol to qmail-remote. *) Updates to Makefile (to respect conf-cc) and cdb*.c to cope with 64 bit architectures. EXPERIMENTAL ADD-ONS -------------------- Some features in SPAMCONTROL 2.5 sholl be considered as 'experimental' only. QMQ: The Qmail Multiple Queue feature can be used, but the skeletons to raise the individual instances' subdirectories and a corresponding setup-script is still incomplete/missing. DELIVERTO: The qmail-queue.scan wrapper script can be used to conditionally 'deliver to' detected spam emails to certain accounts. For normail use, the environment variable DELIVERTO shall be empty. Erwin Hoffmann, Cologne 2009-04-05.