Mercurial > notdcc
diff CHANGES @ 0:c7f6b056b673
First import of vendor version
| author | Peter Gervai <grin@grin.hu> |
|---|---|
| date | Tue, 10 Mar 2009 13:49:58 +0100 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/CHANGES Tue Mar 10 13:49:58 2009 +0100 @@ -0,0 +1,2254 @@ +Changes to the Distributed Checksum Clearinghouse source. + + 2009/02/26 02:52:46 Rhyolite Software DCC 1.3.103-1.295 $Revision$ + +1.3.103 + Quiet RedHat versus Debian error message from rcDCC reported by Ken Rea. + Deal with corrupt /var/dcc/map reported by Steve Martin instead of + calling abort(). + Fix error in libexec/fetch-testmsg-whitelist reported by Horst Scheuermann + and William Taylor. + Tweak ./configure and makefiles to try to avoid the mysterious, + unreproducable linking problem reported by John Levine. + Fix bug with `./configure --with-max-log-size=0` reported by + Valentin Schmid. + `./configure --with-max-log-size=KB` now also applies to dccproc log files. + Generate man pages with /var/dcc and other directories replaced by + local ./configure choices. This is intended to help the FreeBSD + package and similar redistributions. + +1.3.102 + Fix build error reported by Steve Martin in dnsbl.c on MacOS X and other + systems without a resolver library found by ./configure. + +1.3.101 + Fix inconsistent declaration of grey_on in dccd/dump-clients/dump-clients.c + reported by Bobby Rose. + +1.3.100 + Support groups of DNS blacklists that can be independently enabled + in per-user whiteclnt files. + Follow Petar Bogdanovic's suggestion to make ./configure assume that + `su -` and the default file ownership on NetBSD should be like FreeBSD + Another tweak to reduce spurious DCC Reputations for 127.0.0.1. + Dccifd in query mode assumes one recipient and so always generates an + X-DCC header. + Tweak proof of concept per-user whitelist cgi scripts in cgi-bin. + Improve long term client request rate computation to improve how public + DCC servers handle too active clients. + Count anonymous clients ignored by `dccd -uFOREVER` among `cdcc stats` + "bad IDs" to more easily detect local clients that lack client-IDs + and passwords. + `misc/hackmc -M` now reports mail rejected with the sendmail + FEATURE(`badmx') to the DCC with counts of "MANY" + +1.3.99 + Fix typo in Makefile.inc for NetBSD and OSF1 reported by Petar Bogdanovic. + +1.3.98 + Change the DCC server to not sign responses to anonymous clients with + the client's sequence numbers in protocol version 9. + Add `dccd -T wlist` and `cdcc "trace wlist on"` to help find failures + by clients to whitelist IP addresses and other checksums + in /var/dcc/whitelist. + Let whitelisting by the MTA, DCC server, or other whiteclnt lines override + "option spam-trap-accept" and "option spam-trap-reject" whiteclnt + lines as suggested by Horst Scheuermann. + Finally document in the man pages parameters including %CIP that can be + used in dccifd and dccm rejection messages. + +1.3.97 + Fix "pthread_mutex_lock(cwf): Invalid argument; fatal error" reported + by Steve Martin. + +1.3.96 + Add `cdcc "clock check" to help detect broken clocks at DCC servers. + Fix intermittent complaints about whiteclnt.dccw reported by Gary Mills. + `cdcc clients` now indicates clients that have pegged a server's + anti-DoS delays. + +1.3.95 + Stop rare "fcntl(F_SETLKW F_WRLCK info -1): Bad file descriptor" complaints + when dccm and dccifd start. + +1.3.94 + Fix core new dump in version 1.3.93 of dccm with aborted mail messages. + +1.3.93 + Make the default value for the `dccm -j` and `dccifd -j` job limit + as large as possible. This makes -j settings unnecessary. + Dccproc and cdcc time out after about 1 minute when the /var/dcc/map + file is not unlocked. + Add "option spam-trap-accept" and "option spam-trap-reject" to + whiteclnt files. I think these are the best way to build + DCC spam traps. + +1.3.92 + Improve the hash function used in the DCC server database. + Replace -Bno-envelope for dccm, dccproc, and dccifd with + -Bno-client and -Bno-mail_host for Tony Del Porto. It seems that + Spamhaus' PBL should generally not be applied to SMTP envelope + Mail_From domain names to avoid rejecting mail received through an + ISP smart-host but with sender domain name hosted on a dynamically + assigned IP address. The now undocumented -Bno-envelope implies + -Bno-client and -Bno-mail_host. + Fix the @configsuffix@ mechanism in homedir/Makefile.in as suggested + by Craig Green. + Switch to -lpthread threads on FreeBSD starting with 6.2 because of + recent problems with libc_r threads. + Dccproc should not require a "option DNSBL-on" line in /var/dcc/whiteclnt + to pay attention to DNSBL hits. The -B settings on the dccproc + command line are sufficient to show that the user wants DNSBL checking. + Fix bug in compression of DCC Reputation reports. + +1.3.91 + Fix mechanism that should prevent dccd from starting dbclean for a quick + cleaning about the time the cron job runs. + Let DNSBL target addresses be CIDR blocks to improve the use of Spamhaus' + lists. + Fix DNSBL bug that caused false positives reported by Ray Gardener. + Tweak homedire/Makefile.in for the gento folks. + Fix recent compiling bug with Borland on WIN32 reported by Tommy Barberis. + +1.3.90 + Fix updatedcc problem reported by Chris Magnuson. + Updatedcc failed after shutting down the localhost DCC server and + finding no working server and when the environment variable + DCC_UPDATEDCC_FAST is not set to "yes". The easiest work-around + is to add the public DCC servers to the local /var/dcc/map file + with `cdcc "add dcc1.dcc-servers.net RTT+1000 ms"` Besides working + around the updatedcc problem, that uses the public DCC servers + as backups for the local server. + +1.3.89 + Repair compile problem on Solaris + +1.3.88 + Repair rate limiting on dccd syslog complaints. + Relax dccd load sharing enough to prevent spurious timeouts by + keepalive timers and some troubles with flood connections. + +1.3.87 + Add `./configure --enable-64-bits` to compile 64-bit DCC server code + for Solaris or Linux PowerPC. If you are using dccm, you will + need to build a 64-bit sendmail milter library. + Fix complaint from `cdcc "new map"` about the new file being empty. + Fix bug in `./configure --with-installroot=DIR` and `make install` + reported by Pavel Urban. + Fix at least some causes of "continue not asking Greylist" complaints + from dccm and dccifd. + Make dbclean on Linux systems with lots of RAM even closer to -F. + +1.3.86 + Disable automatic 64-bit compilation for Solaris again + +1.3.85 + Fix Redhat Enterprise 5.1 build bugs in 1.3.84 reported by Mark Thomas. + Fix old glitch in building for 64-bit Solaris systems. + +1.3.84 + Allow very large DCC database hash tables, including that used + for greylisting. + Add `./configure --with-configsuffix=.str` to improve FreeBSD port. + Add `rcDCC -m {dccd|dccm|...}` to improve FreeBSD port. + Add magic comments to rcDCC to make it work with SUSE insserv. + +1.3.83 + Deal with build problem on FreeBSD 7.0 reported by Craig Green. + Keep client IP addresses as old as 7 days in /var/dcc/dccd_clients + and /var/dcc/grey_clients + +1.3.82 + Fix automagic upgrade of old /var/dcc/map files reported by James Carlson + and Earl Killian. The bug was new with 1.3.81. + +1.3.81 + improve SMTP status messages from dccm and dccifd + improve dbclean handling of less frequent spam + do something like `dbclean -F` on systems that lack mmap(MAP_NOSYNC). + This should help recent versions of Linux that thrash themselves + much as Solaris always has. + perhaps fix the "Deadlock situation detected/avoided" messages long + but infrequently seen on Solaris. + fix a bug reported by Edward Toton in the mechanism that works around a + missing cron-dccd cron job. + fix problem in cron-dccd reported by Dean Maluski when a greylist server + is running but no DCC server. + +1.3.80 + fix bug with `dccm -t` log thresholds reported by Bart Dumon + +1.3.79 + remove -t arg. for dbclean + change lines in log files for DNSBL hits to include IP address from + the DNSBL + probe a DNSBL only once for several -B results with distinct SMTP + 4yz or 5yz rejection messages + reduce dccifd memory on some Linux systems by 4 MByte + do not use set-UID privileges outside the ./configure --homedir=DIR + directory + fix bug in 1.3.78 in sizing the window for large (>100 MByte) greylist + databases found by Tomasz Potega + +1.3.78 + Fix failure to reduce default dbclean expirations when working around + a missing cron-dccd cron job. + +1.3.77 + Improve dccd load limiting, including while catching up on flooding. + +1.3.76 + Add yet more system log tracing with `dccd -d` for the determination of + memory limits. + Tweak duplicate flooded report detection. + +1.3.75 + Fix false duplicate detection of flooded checksums introduced in + version 1.3.74. + Make the rep-total default threshold be 20, matching the documentation. + +1.3.74 + Repair rate limiting of dccd system log messages. + Another fix for detecting duplicate bulk mail reports. + +1.3.73 + Correct count of reputation hits. + +1.3.72 + Fix holes in the detection of duplicate flooded reports. + Fix quick database cleaning to not run dbclean 2 hours or less before + the usual cron cleaning. + Fix bug in counting DCC operations by the free DCC servers. + +1.3.71 + Fix confusion in daily log messages between incoming and outgoing + flood error messages. + +1.3.70 + /var/dcc/libexec/dcc-stats-graph no longer combines RRD files to + generate a graph. Instead the new /var/dcc/rrd-combine should be used + to generate a combined file that is then graphed. + Fix dccproc to report mail to the DCC server that DCC Reputations has + marked as spam. + Remove SOCKS flooding input bug that I added in 1.3.67. + Fix a failure by DCC Reputation servers to fail to detect flooded + duplicate reports. + +1.3.69 + Fix embarrassing build bug in 1.3.68 reported by Chris Pollock. + +1.3.68 + Enhance /var/dcc/libexec/list-clients + Increase flooding listen() queue to try to deal with connection timeouts. + dccifd should pay attention to thresholds in /var/dcc/whiteclnt + Fix new fix for reputation report counting. + +1.3.67 + Occassionally run a quick dbclean on the server database when the database + gets too big. + Report "connection refused" flooding problems in `cdcc "flood stats ..."` + `cdcc stats` on DCC Reputation servers report the number of client + reputation hits. + updatedcc -K does not try to download more than once per week. + -K is assumed if stdin is not a tty. Some installations seem to + have cron jobs that run updatedcc several times per day. + SOCKS flooding only doubles instead of quadruples the backoff or delay + before retrying connections. + Add more tracing of flood state changes to try to find the stickiness + with Solaris. + +1.3.66 + Fix SOCKS flood crash introduced in 1.3.65 and reported by Tomasz Potega. + +1.3.65 + Another tweak to the negotiation of DCC Reputations. + Restore recently lost logging of flooding error messages. + Fix missing reset of keepalive timer. + Include flooding position in `cdcc "flood stats ..."` + Fix rm and rmdir complaints from cron-dccd on Solaris reported + by Mark Thomas. + SUBMIT whiteclnt entries now also turn off DCC Reputation checking. + There are better ways to turn off mail from a local SMTP client + DCC Reputations. + Fix looping whitelisted flooded report bug reported by John L. + This bug might be related to crashes complaining + "ifp->ibuf_len=-111; fatal error" + +1.3.64 + Make ./configure and so updatedcc complaints about bad memory sizes + warnings instead of fatal errors. + +1.3.63 + Correct error in `cdcc "flood list"` announced negotiation of DCC + Reputations. + +1.3.62 + Let "option threshold type,val" lines in whiteclnt file accept "all" + and "cmn" for "type" as with `dccproc -c` and `dccm -t` and `dccifd -t`. + Use yet another scheme in updatedcc to detect download failures that + won't force unneeded downloads. + Fix dccifd man page about the location of the socket as suggested by + Carl Byington. + Fix several rare or potential bugs related to broken TCP connections with + DCC flooding including one that has caused a core dump. + +1.3.61 + Fix problems with Sun Studio 12 compilers reported by Rob McMahon. + `updatedcc -K` or cron mode is silent when things go ok, + or at least less chatty. + +1.3.60 + Fix confusion in flooding connection accounting. + Work around new Fedore Core 6 gcc Fortify buffer over-non-flow bug + reported by Joseph Breu by reducing the size of server-to-server + messages by 1 byte. + Reduce the number of socket() and bind() system calls in dccm and dccifd. + Close unused sockets in dccm and dccifd after bursts of mail such + as dictionary attacks. + Prevent complaints during flooding from between commercial and free + versions about bad protocol versions. + +1.3.59 + Fix crashing in dccifd reported by John M. Crawford. + Fix problem in flooding server-ID assertions. + +1.3.58 + Fix bug in recent versions of `/var/dcc/libexec/dcc-stats-graph -d` + reported by Kevin W. Gagel. + Deal with multiple A RR answers from DNSBLs such as Spamhaus' ZEN + for dccifd, dccproc, and dccm -B. + Turn off a "close(socket): Connection reset by peer" message from + dccifd in proxy mode when postfix gets anxious and closes early. + +1.3.57 + Fix bug in libexec/fetchblack adding a local blacklist file + reported by Krzysztof Snopek. + Make the system host name be the default value of `dccifd -D` + so that local user name for per-user logs and whiteclnt files + is "user" given SMTP recipient address "user@host.example.com" + on the system named user.host.example. + Support wildcards so that `dccifd '-D*example.com'` will take + "user" as the local name for per-user logs and whiteclnt files + vien SMTP recipient address user@host.exaple.com. + Fix bug in version 1.3.56 of dbclean in computing the hash table size + when upgrading from 1.3.42 reported by Domenico Diacono. + +1,3,56 + Dccd continues parsing /var/dcc/blacklist after a bad line instead + of stopping. + Change dcc-stats-graph to not use --alt-y-mrtg with rrdtool version 1.2. + Do not save dccd client list when running with -Gon. + Dccd continues to inflate queue wait for 5 minutes after flooding + resumes so that the database will be good for clients. + Add -K to updatedcc for "cron mode" to not install code, restart daemons, + or otherwise disturb things by installing the same version. + Improve server queue delay measurement when the system is too slow + to keep up with incoming floods. + Do not use MAXHOSTNAMELEN for domain name lengths because on Linux + it is only 64 bytes. This implies a new version of the /var/dcc/map + file. Old versions of the file are automatically upgraded, but that + implies problems if you install old versions of the DCC client + programs. + Dccm, dccifd, and dccproc delete all old X-DCC headers instead of only + those with the same brand name as the current DCC server to fix + problem reported by Frank Tegtmeyer. + Fix unrecognized data /var/dcc/dccd_clients message. + Improve DCC server hash table size estimation to help servers with + 1 GByte or less or more than 3 GByte of RAM. + Fix "flooding not stopped before ADMN DB UNLOCK" problem reported by + Tomasz Potega. + dcc-stats-graph no longer labels "Spam Ratio" graphs with '%' because + recent versions of rrdtool graph no longer understand "--units %%" + +1.3.55 + Dccd falls back on foreground DNS resolution of flooding peer names + when fork() fails, perhaps because of a lack of swap space. + Fix structure alignment bug introduced in 1.3.51/2.3.51 and seen in + Solaris on SPARC CPUs using `gcc -O` reported by Stephan Schulz. + +1.3.54 + Fix bug in proof-of-concept CGI script "LogOut/In" button introduced in + 1.3.48 on Apache without mod_unique_id. + Fix new bug in proof-of-concept list-log CGI script reported by + Krzysztof Snopek. It seems that in Solaris`ls -f` does not work on + a list of files. + Make `dccd -F` the default on Solaris to speed up the DCC server there. + +1.3.53 + More speed for dbclean on FreeBSD. + Fix recent damage to `dccproc -a` and dccproc -f`. + Fix -B "name too long" problem reported by Daniel Gehriger and + Giulio Cervera. + Fix bogus mail rejection by dccifd in proxy mode reported by + Daniel Gehriger. + Reduce BIND timeout for each lookup to whatever remains of the + -Bset:url-secs=X limit. + +1.3.52 + Fix bug in updatedcc found and diagnosed by Asgeir. + Speed up dbclean on FreeBSD. + +1.3.51 + Fix recently added bug with greylisting in dccifd reported by + Daniel Gehriger. + Fix database corruption bug in `dccd -F` added in version 1.3.49. + Fix bugs in queue delay reported by DCC servers to anonymous clients. + This change is important for the public DCC servers. + What the nightly cron job, /var/dcc/libexec/cron-dccd, to try to + restart dccd if it is not running but is turned on. + Include anonymous client queue delay in `cdcc stats` queue delay report. + Close hole that allowed deleting or adding hosts in /var/dcc/maps. + Reduce minimum default reduced dbclean expiriation durations to + 1 hour and 1 day from 2 hours and 2 days to help systems with + 1 GByte or less RAM. + Change cgi-bin/webuser-notify to use sendmail and include a + "Precedence: bulk" header so that the vacation program won't + respond to the CGI cron script's mail messages. + Change cgi-bin/webuser-notify to handle per-user log subdirectories + generated by "option log-subdirectory-*" in whiteclnt files. + +1.3.50 + Fix client random selection of public DCC servers. + /var/dcc/blacklist also affects flooding peers. + +1.3.49 + Change dbclean to use a dccd optimization and be faster on FreeBSD + systems that have less that 4 GByte of RAM. + Set the GID of dccifd, dccm, and dccproc log files and subdirectory + to be the same as the parent directory if running as root and + if necessary. + Possibly fix pthread_mutex_lock(user_log) bug on MaxOS X reported by + Steve Martin. + +1.3.48 + Turn off automatic generation of 64-bit DCC servers. + +1.3.47 + Remove support for external filters as part of the fix for the + thundering herd problem in `dccm -B` reported by Gary Mills. + Check NS IP addresses in DNS blacklists (DNSBLs) before MX IP addresses + for dccproc, dccifd, and dccm -B. + Fix `dccm -tsubstitute...` problem reported by Ludger Bolmerg-Berliner + Try to compile for 64-bit pointers on Solaris to use more than 2 GBytes + if available. + Significantly improve speed on large FreeBSD DCC servers. + Make dbclean automatic -e/-E adjustments much more stable to + significantly help DCC servers on Mondays and Tuesdays. + Fix bad Body and missing Fuz1 and Fuz2 checksums for dccifd and dccm + when previous messages had bad MIME encapsulation reported by + Gary Mills and Harel Tassa. + +1.3.46 + Do not greylist mail from SMTP submission clients marked by + "submit IP" lines in /var/dcc/whiteclnt. + Stop race with idle DNSBL helper processes. + More adjustments to help deal with large databases. + Deal with ./configure problem with BIND resolver on some versions + of Linux reported by Daniel Gehriger. + Change header checksums to ignore all instead of only some occurrences + characters matching [<>'"] + Dccm uses SMFIP_RCPT_REJ in sendmail 8.14 to detect dictionary attacks + and adjust the DCC Reputation of attackers. + Fix a very rare infinite loop in the MIME decoding code in DCC clients. + Add "option log-subdirectory-{day,hour,minute}" to whiteclnt files + to create per-user log files in subdirectories like the subdirectories + used for /var/dcc/log with dccm, dccifd, and dccproc -l. + Detect too-small file size resource limits in dccd and dbclean. + Compile with -D_FILE_OFFSET_BITS=64 on Linux as suggested by + Dmitry Konovalov. + Compile with -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 as advised by + James Carlson. + Add dccm and dccifd -Bset:maxjobs=X + Suppress ENOENT errors from recvmsg() on Tru64-UNIX observed by + Alberto D'Ambrosio. + Fix printf(null) crash in dccifd acting as a proxy for CommuniGate + reported by Charles Chappell. + +1.3.45 + Fix memory leak in dccm and dccifd when DNSBLs (-B) are used. + Improve performance on current UNIX-like systems that have madvise() + with large DCC server databases. + Mention the "incompatible whitelists" message in the FAQ. + +1.3.44 + Remove some quoting in homedir/Makefile to try to work around Linux + "improvements." + +1.3.43 + Make "option forced-discard-nok" in /var/dcc/whiteclnt the default for + dccm as well as dccifd in proxy mode. + Add whiteclnt type of IP address entry "submit". + It is intended to be applied to the IP addresses of SMTP submission + clients such as web browsers that cannot tolerate 4yz temporary + rejections of mail, but that cannot be trusted to not send spam. + Let body and reputation checksum thresholds be set in the global and + per-user whiteclnt files. "Never" is a valid threshold and turns + off rejections for a checksum. + Overhaul proof of concept per-user whiteclnt CGI scripts to handle + per-user checksum thresholds. + Rationalize /var/dcc/libexec/dcc-stats-graph -tTITLE + Fix bugs with -eNEVER and -Enever in dbclean. + Add "submit" to "mx" and "mxdcc" values for IP addresses whiteclnt files + to mark SMTP clients that are submitting new messages and that + do not understand 4yz rejections for individual recipients. + Fix dccifd crash on bogus long recipient names diagnosed by Tomasz Potega. + /var/dcc/libexec/fetchblack is not as noisy when the sources of the + public DCC server blacklist are down for long periods. + Limit the database window to less than 2 GBytes on all 32-bit systems + including Solaris. Previous versions assumed that Solaris would + do the right thing if it allowed large files. + Fix bugs in the "skipping asking DCC server" mechanism that made it + too forgiving. + Remove the `dccd -t` thresholds in favor of simple constants. + Dccm, dccifd, and dccproc now emit X-DCC headers for locally white- + and blacklisted messages even when no DCC server responds. + Automatically compensate for incompatibility in newer versions of + rrdtool. + Prefer poll() to select() on Linux. + Increase the computed limit on `dccm -j` by not dedicating two FDs + to each thread for per-user log files but instead doing some locking. + +1.3.42 + Correct wrong count of `cdcc "clients -i 10.11.12.13"` + Change rcDCC.in back to allow the use of /var/run for PID files. + +1.3.41 + Finally fix ancient missing quote in start-dccm. + +1.3.40 + Make bad password-IDs in /var/dcc/flod a serious error that is reported + even when tracing is off. + Fix missing ';;' in libexec/logger as suggested by James Carlson. + Restore `start-dccm -c` that was removed from version 1.3.39 with the + mistaken idea that -c was not in use. + Fix bug counting clients of public DCC servers introduced in 1.3.39. + Adding -d to DCCD_ARGS or GREY_DCCD_ARGS causes dccd to say how it + determines the size of available memory. + Deal with sysctl(HW_PHYSMEM) on amd64 FreeBSD 6.* need for an 8-byte value + without breaking sysctl(HW_PHYSMEM) on FreeBSD 5.* that demands a + 4-byte value. + Allow databases larger than 3 GBytes on 64-bit systems. + +1.3.39 + Fix bug that caused `cdcc "clients -V"` to sometimes report version + numbers of '?'. + Change dccd to prefer recycling an old, almost idle client rate-limiting + block instead of the oldest block. + Modify /var/dcc/libexec/list-clients based on a suggestion from Chris Myers. + +1.3.38 + Add `cdcc "clients x.y.z.w/p"` + +1.3.37 + Fix problems in /var/dcc/libexec/list-clients and with `cdcc clients` + with IPv6 addresses reported by Vincent Schonau. + +1.3.36 + Fix bad ./configure check to see if `xargs` needs and can use -r + reported by Mark Thomas. + +1.3.35 + Fix dccm crash reported by John Doherty. + +1.3.34 + Fix bug in `make install` on Solaris introduced in 1.3.33. + +1.3.33 + Work around change to `sort` collating sequence in Fedore Cort 5 reported + by Jakob Hirsch. + +1.3.32 + Fix dccd crash as suggested by Wolfgang Breyha. + Do not try to stat() missing whiteclnt files more often than once every + 5 seconds. This should significantly reduce the number of stat() + system calls on busy systems using dccifd and SpamAssassin. + Fix some problems with determining the mail sender through MX forwarders + for second and subsequent mail messages in an SMTP session. + Recognize some more qmail variations of Received headers for obtaining + IP addresses. + Add `cdcc "clients -V"`. + Optionally in dccm and by default in dccifd in proxy mode temporarily + reject SMTP recipients that might be forced to have spam discarded + instead of rejected because it must be delivered to other + recipients. + +1.3.31 + Mention /var/dcc/libexec/uninstalldcc in the installation instructions. + Change dccm and dccifd per-user log message for mail that is now being + accepted after being temporarily rejected for some other recipient + to "accept after greylist embargo" from "accept", as requested by + Spike Ilacqua. + Fix failure to reset "continue not asking" counter problem reported + by Breno Moiana. + Reduce default value of `dbclean -e` from 2 days to 1. + Modify error messages to try to find some clues about the Solaris + "deadlock avoided" problem. + +1.3.30 + Fix leak in dccd blacklist. + Change client-server protocol so that `cdcc clients` gets more than + 16 bits of NOP counts. + updatedcc and fetchblack try two FTP and HTTP servers. + do not use stdio to parse whiteclnt files to deal with Solaris' + 255 limit on stdio file descriptors. + add /var/dcc/libexec/uninstalldcc + +1.3.29 + Fix dblist.c compiling problem in 1.3.28 on some versions of + Linux reported by Thomas Schwanhaeuser and Nigel Horne. + +1.3.28 + Turn off use of futimes() on Linux to resolve bug diagnosed by + Wolfgang Breyha. + Fix two locking problems dccm and dccifd that might cause the crashes + reported by Gary Mills. + Reduce dccifd and dccm thread stack size. + Fix bug that kept some DCC Reputations from being compressed in + the database. + Change the default DCC Reputation rejection message to the equivalent of + -r '%s bad reputation; see http://commercial-dcc.rhyolite.com/cgi-bin/reps.cgi?tgt=%s' + +1.3.27 + Fix an odd case where flooding connections between DCC servers were + not being shut down. I think it only happened when a firewall + or something else systematically filtered TCP FINs. + Use setresgid() for setegid() on HP-UX to fix problem reported by + Giacomo Fazio. + +1.3.26 + Compression reputation reports from the same week instead of from + the same half day. This significantly reduces the size of the + database on systems using DCC Reputations. + Restore the flood rate limiting based on TCP windows, but now just + ignore the bogus EAGAIN complaints from some versions of Solaris. + Fix server whitelists broken in 1.3.21. + +1.3.25 + Fix dccproc crash when given a bogus env_From value diagnosed by + Jeff Mincy. + Fix greylist triple checksum in dccm and dccifd log files. + Fix the default expiration of DCC Reputation checksums at 30 days and + 2 days unaffected by the system's amount of RAM. + Expire FUZ1 checksums in reports that also have FUZ2 checksums. This + significantly reduces the size of the DCC server database. + Remove new flood output rate limit using SO_SNDBUF because it causes some + versions of Solaris to generate persistent EAGAIN errors for send(). + Fix at least some of the dccifd memory leak reported by Chris Mikkelson. + It may be the same as the leak reported by Gunther Richter. + Limit worst case DCC client delays exclusive of delays caused by waiting + for DNS blacklists or external filters are limited to about 16 seconds. + +1.3.24 + Dccproc starts dccifd after 500 uses at least as fast as 0.1/second. + With luck SpamAssassin will notice and switch to dccifd. + Look for libsmutil.a in /usr/lib on Linx for old RedHat + as suggested by Jason Balicki. + Fix X-DCC header misplaced by dccproc reported by James McNutt. + +1.3.23 + Fix bug in dccm, dccproc, and dccifd that tripled effective DCC target + counts on messages being retransmitted after greylisting. I + introduced this bug in version 1.3.21, which was released 3 days ago. + +1.3.22 + Fix "POSSIBLE ATTACK" complaint from sendmail about trailing '\n' + on headers added by dccm reported by Paul Ganci. + +1.3.21 + Add a crude cache or database to the proof-of-concept scripts in + cgi-bin/common to speed them up on large log directories. + The goal is to handle log directories with 40,000 files within a + second or two. The caches files are built incrementally. + Invert the sort order of list-log in cgi scripts. + This change to cgi-bin/common should be upward compatible because + it is controlled by additional parameters to the Perl functions. + Complain about contradictory or ignored entries in whitelists, including + "from" checksums that are normally ignored in server whitelists. + Fix dccd craziness with gre (or any) interfaces with the same IP addresses + as other interfaces observed Craig Green. + Fix infinite loop in dccproc triggered by a To: header of more than + 20480 bytes and with a '\n' character in byte #20478 observed by + James McNutt. + Ignore a few failures by select() apparently caused by SOCKS libraries. + Increase default DNSBL timeouts to -Bset:msg-secs=40 and -BURL-secs=11 + +1.3.20 + Fix dbclean expiration of reputation checksums + +1.3.19 + Changed the midnight dccm and dccifd system log message to disclose + spam passed from whiteclnt-listed MX servers. + MX servers should now be listed in /var/dcc/whiteclnt with lines like: + mx ip 10.2.3.4 + mx ip 10.5.6.0/28 + mxdcc ip 10.7.8.9 + "MX" marks the IP address of one of your mail systems that should + be ignored in initial Received: headers and when reported by + sendmail to dccm. "MXDCC" marks IP addresss of your mail systems + that run DCC clients and that will have already reported mail + to the DCC. Continue using "OK" whitelist entries for mail systems + that you trust to never send or forward unsolicited bulk email. + Allow custom DNS blacklist SMTP rejection messages. See + -Bset:rej-msg=X in the dccifd and dccm man pages. + +1.3.18 + Fix `dccm -aIGNORE` crash reported by Juergen Georgi. + Fix detection of duplicates reputation reports. + Initial support for "mx ip" entries in whiteclnt files. + Fix compression by dccd of delayed reputation reports. + +1.3.17 + People have broken wget by changing the old "--non-verbose" to + "--no-verbose". That would have ok, except they do not understand + what they were doing enough to support the old form. Reportedly + "-nv" works on both versions. + `cdcc stats` on DCC Reputation servers includes an additional line + about reputation results. + Adjust logged reason when spam is ignored after greylist as suggested + by Spike Ilacqua. + Replace `dccproc -R` with `dccproc -r N` (Of course, `dccproc -R` + is still recognized.) + +1.3.16 + Fix bug introduced in 1.3.15 that caused greylist retransmissions + to be counted by the DCC server as separate messages contributing + to the "bulkness" of a message. + If /var/dcc/log is neither readable nor searchable by 'other', then + create log files with the same 'group' permissions as the directory + instead of the old default of 600. This allows the application of + cgi scripts to the main whiteclnt and log files. + `dccd -T ALL` no longer works. It never made much sense and continues + to cause confusion. + Dccifd in proxy mode no longer requires blanks after colons in SMTP + commands. Problem reported by Martin Pala. + Fix dccifd proxy mode crash on mail messages without bodies reported + by Martin Pala. + Complain about bad host name and other errors in whiteclnt files + every 30 minutes instead of every 5 minutes. + Allow whiteclnt files to be read-only with a new locking scheme. + Use Milter.macros.eom in sendmail 8.13 so that the ${dcc_isspam}, and + ${dcc_notspam}, ${dcc_userdir} macros can be set by sendmail.cf + rules that examin headers. This might also allow some hack_mc + settings to be used with delay_checks. + As suggested with discussions with Martin Pala, the thresholds for + quick flooding among servers are now non-linear. + +1.3.15 + When "option MTA-first" in a dccm and dccifd whiteclnt file, determinations + of (not) spam by the MTA are consulted first and so can be overidden + by the whiteclnt files. This allows individual users to override a + sendmail access.db file. + Correct the SMTP rejection message in per-user log files for dccm and + dccifd, especially when dccifd is acting as a proxy. + Fix bug reported by James Carlson that kept./configure from turning + on SOCKS. + +1.3.14 + Keep dccd flooding threshold at or above 10. + +1.3.13 + Make default maximum server memory size 2000 MByte on all except IRIX + and Solaris. + Fix bug in 1.3.12 that causes dccd flooding thresholds to be 0 if + dccd is started by hand or without a dccm rejection threshold. + +1.3.12 + Fix packaging error in 1.3.11. + +1.3.11 + Dccproc should complain if the -w whiteclnt file is bad. + misc/dcc.m4 can add a sendmail.cf rule that assigns a single + whiteclnt file and log directory to mail forwarded to another system. + With that the cgi-bin scripts can be used to control dccm for + mail forwarded to another system with a single web user. + +1.3.10 + Delete "message" checksum in greylist database when spam causes + an embargo to be restored. This fixes some counts after a + greylist whitelisting has been revoked. + Make the default owner and group for files be root:wheel on FreeBSD + As always, use the DCC_OWN and DCC_GRP environment variables with + `make install` or updatedcc -e to override those defaults. + +1.3.9 + Dccifd and dccproc treat the bogus SMTP client IP address of 0.0.0.0 + from SpamAssassin as if it were absent, which allows it to look in + in Received headers. + Add "rcvd-nxt" option to the dccifd MTA protocol to parse later + Received: headers. + +1.3.8 + Repair greylisting broken in 1.3.7. + +1.3.7 + Log files now say "Restore #x" instead of "Embargo #x" when a greylist + embargo is restored because the message is spam. + Don't use -a with `fetch` in updatedcc, fetchblack, and + fetch testmsg-whitelist because it does not know when to stop trying + to reach a dead FTP server. + Add "any" to dccm, dccifd, and dccproc -B DNSBL result address as + suggested by Giulio Cervera. + +1.3.6 + Try to deal with UNIX kernel problems cause bogus failures of mmap(). + Fix bug related to --disable-dccifd reported by Krzysztof Snopek. + Stop relying on `su - -c` to start daemons as requested by Dean Hollister. + Fix server-ID mapping in /var/dcc/flod to use the first relevant mapping + as the documentation says instead of the last one. + Fix recent bug in cron-dccd that stopped emptying client per-user log + directories. + +1.3.5 + Untangle `dccd -a` as well as local host name and IPv4 vs. IPv6 options + in /var/dcc/flod + Fix automatic /var/tmp/map file upgrading for Windows. + Actually c:\\program files\dcc\map + Improve dccd work-around for missing /var/dcc/libexec/cron-dccd cron job + on memory-short DCC servers. This still not a substitute for the + cron job. *USE THE CRON JOB*. + Repair dccifd and dccm midnight log entry bug reported + by Christopher Bodenstein. + Fix recent bug in cron-dccd that stopped emptying /var/dcc/log. + +1.3.4 + Fix another dccm, dccifd, and dccproc bug related to bogus long + URLs from a core dump on Spike Ilacqua's system. + Fix installroot homedir/Makefile as suggested by Pavel Urban and Paul Ganci. + Add `cdcc "src x.y.z.w" to help DCC clients navigate firewalls. + This change requires a change in the format of the /var/dcc/map file. + However, the DCC clients should all automatically and invisibly + upgrade old files. + Fix `dccd -a` bug reported by John Levine.` + +1.3.3 + Work around bogus use of "::" in line 184 of /usr/share/mk/bsd.lib.mk" + in ancient FreeBSD as reported by Lento Yip. + +1.3.2 + Improve logging of failures by external filters. + Fix new use of pstat_getstatic() on HP-UX to obtain physical memory size. + +1.3.1 + Allow dccproc, dccm, and dccifd to use an external filter. See the + ./configure --with-xfltr=FILE --with-xfltr-cflags=opt and + --with-xfltr-ldflags=opt, the discussion of -X in the man pages, + and the toy filter in thrlib/xfltr_sample.c. + See also /var/dcc/dcc_conf-new + Automatically decrease the number of DNS blacklist helper processes for + dccm and dccifd when fewer are needed. + Use pstat_getstatic() on HP-UX to determine the size of physical memory. + Dccifd refuses to run on HP-UX 11.00 to keep SpamAssassin from stalling + while dccifd cannot hear. + +1.3.0 + New license. + cron-dccd tells dbclean -6 if needed. + Treat EHOSTUNREACH or "No route to host" like ECONNREFUSED in DCC + clients and do not complain about every instance. + Deal better with DCC servers with floppy multi-homing such as behind + some NAT boxes. + Deal more gracefully with Linux systems without IPv6 support but + with `cdcc "IPv6 on"`. + Fix crash in dccm, dccifd, and dccproc while computing FUZ2 checksum on + URLs with very long host names in HTML mail messages. + Fix dccifd missing SMTP reply code in dccifd rejections in proxy mode. + `dccifd -ddd` logs SMTP transactions in proxy mode. + Dccifd man page has example -o configuration for use as a Postfix + before-queue filter. + Restart dccm and dccifd after core dumps. + +1.2.74 + Make clients prefer real IPv6 address to embedded or mapped IPv4 + addresses. + +1.2.73 + Fix crash in dccsight as suggested by Vincent Schonau. + Fix handling of log files for senders without reverse DNS in + cgi-bin/common as suggested by Vincent Schonau. + Add IPv4 and IPv6 o-opts to /var/dcc/flod lines to deal with the change + in the default from "YES" to "NO" in the FreeBSD ipv6_ipv4mapping + +1.2.72 + Do not make DNS blacklist checks if the MTA already knows the message + is or is not spam. + Add -lresolv to $LIBS for Mac OS X Darwin as suggested by Joel Brogniart. + Change DNS blacklist checking to check MX servers as well. + Add -B settings to control which DNS blacklists are used for the envelope + or body, and whether MX servers should be checked. + SIGUSR1 causes dccm and dccifd to send their statistics to the system log. + Use getaddrinfo() and getnameinfo() when getipnodebyname() and + getipnodebyaddr() are not available. This might make IPv6 work + on Linux systems. + Note that to make dccd listen to IPv6, -6 must be added to DCCD_ARGS + and GREY_DCCD_ARGS in /var/dcc/dcc_conf. This requirement has long + been present to defend against systems that only pretend to + understand IPv6. Perhaps it is time to remove it. + Add `dccifd -o` to use a subset of ESMTP so that dccifd can be used + as a "before-queue" filter or SMTP proxy by Postifx. + Probably fix a rare dccm and dccifd crash. + +1.2.71 + Fix stray greylist queries reported by Vincent Schonau. + Fix conflict between checking DCC and greylist servers on Linux + reported by Vincent Schonau. + +1.2.70 + Turn on IP TOS bits for DCC server-to-server flooding. + Add -B to dccproc, dccm, and dccifd to consult DNS blacklists. + This feature and greylisting are valuable supplements + to DCC target counting. However, greylisting is generally + significantly better where greylisting can be used. Most + dccproc and many dccifd installations cannot use greylisting. + +1.2.69 + Add `misc/hackmc -r` like -R but to reject instead of discard bad + relay attempts. + Fix bogus X-DCC header added after a fatal problem with the DCC server + as suggested by Harald Daeubler. + Release a single tarball equivalent to the old dcc-dccd-*.tar.Z that + contained the DCC server and all clients. + +1.2.68 + Fix counting of blacklisted DCC clients by dccd. + +1.2.67 + Remove bonehead optimization in dccd of /var/dcc/blacklist in 1.2.66. + Deal with stdargs in gcc 3.4 on AMD 64-bit systems that do not allow + a va_list arg to be passed to two different subfunctions, but + without breaking things on the many systems that lack va_copy(). + +1.2.66 + Overhaul dccd rate-limiting. Instead of imposing a penalty time + on overactive clients, simply rate-limit them. + Reduce limit on dccd error messages about clients from 2/second to + 0.1/second. + +1.2.65 + Fix accounting of NOPs from blacklisted clients. + Fix race that caused "??" server-IDs in X-DCC headers. + Do not count requests from blacklisted clients against the rate limits + as suggested by Sven Willenberger. + +1.2.64 + Correct ">XXXX clients" from `cdcc stats` + Removed redundant declarations of mapfile_nm and rl_anon as + suggested by Andreas Jochens. + +1.2.63 + Possibly fix dccm crash reported by Ludger Bolmerg. + +1.2.62 + Fix bug in `dccd -a10.2.3.4` diagnosed by John Levine. + +1.2.61 + Fix file descriptor leak in getifaddrs() replacement. + +1.2.60 + Fix bug reported by John Levine on systems such as BSD/OS 4.3 + without getifaddrs() introduced in 1.2.59 with tracking changes + in network interfaces. + +1.2.59 + Fix broken `dccd -G0` reported and diagnosed by Chris Mikkelson. + Track changes in network interfaces on most modern flavors of UNIX + as suggested by James Carlson. + Fix two MIME decoding bugs as suggested by George Schlossnagle. + Treat '>' as a blank instead of punctuation for FUZ2 checksums. + Don't re-use va_list in stdargs functions to work around a characteristic + of gcc for AMD 64 bit systems. gcc 64-bit stdargs + reportedly passes va_list by reference instead of by value. + Fix date labels in graphs generated by dcc-stats-graph as suggested by + Kevin Gagel. + +1.2.58 + Work around new bug in FreeBSD 4.10 mechanism to disconnect UDP + sockets reported by Daniel V Klein. The symptom of the bug is + that DCC servers appear down to clients running on FreeBSD 4.10 + +1.2.57 + Invoke WSACleanup() after using WSAStartup() on Windows systems + as suggested by Carl Stehle. + +1.2.56 + Fix /var/dcc/ids delay= extension. + +1.2.55 + Add `./configure --with-max-db-mem=X` to limit the size of the + database window. + Extend /var/dcc/ids format to allow authenticated clients to be delayed + as `dccd -U` delays anonymous clients. + Add `./configure --with-kludge=FILE`. + +1.2.54 + Fix problem with flooding among greylist servers using `dccd -Gweak-IP` + reported by Valentin Chopov. + +1.2.53 + Restore `dccsight -G grey-cksum` because the proof-of-concept CGI + scripts use it. + On OS X, use owner and group of daemon:daemon for programs and use + dccmaninstall in `make install` as suggested by Jason Schwarz. + +1.2.52 + Fix problem in start-dccm and start-dccifd with Solaris /bin/sh + reported by Gary Mills + Work around bug in OpenBSD HTONL() and NTOHL() reported by Jeff Drinkert. + Change wlist to rebuild the .dccw hash table unless given -Q. + +1.2.51 + Fix cause of "packet length 44 too small" complaints by DCC servers. + With an empty mail body and no useful headers, DCC clients were + sending empty requests to DCC servers. + Add `cdcc "debug TTL=x"` to help find firewalls that filter DCC requests. + Use shared libmilter.so in dccm as suggested by James Carlson. + Fix Body checksum when MIME boundary crosses buffer boundary from + Richard Lyons. + Stop crash in dccm reported by Krzysztof Snopek. + Deprecate misc/dccdnsbl.m4 and change misc/hackmc to work with + FEATURE(dnsbl) and FEATURE(endnsbl) in modern sendmail. + Make it compile on Mac OS X and DragonFly FreeBSD. + Reduce the size of greylisting databases. + Separate DCC query mode for dccm and dccifd from greylist query mode. + Add `dccd -G weak-IP` to whitelist not only a {sender,target,IP address} + after passing the greylist embargo, but anything from the IP address. + Use this facility with caution; it might be a bad idea. + + The last change requires that all greylist clients and servers + be upgraded simultaneously. + +1.2.50 + Fix `dccifd lhost,lport,rhost/bits` on systems that have IPv6. + Change homedir/make-dcc_conf to track changes in + `./configure --with-rundir=x --libexecdir=y` + as suggested by Josef T. Burger. This change will not be effective + until upgrading from 1.2.50 to later versions. + Deal with tiny FD_SETSIZE reported by Christian Becker. + Fix dccifd, dccm, and dccproc core-dump caused by missing whiteclnt file + reported by Henrik Edlund. + +1.2.49 + Fix infinite loop in computing DCC clients computing checksums of + large, deeply nested MIME messages reported by Clive Cleland. + +1.2.48 + Add "option dcc-off" and "option dcc-on" to per-user whitelist files + as suggested by Spike Ilacqua. + Make /var/dcc/libexec/fetch-testmsg-whitelist deal with cron processes + that set $PATH without /usr/local/bin + +1.2.46 + Fix infinite packet flood from DCC clients including dccproc observed + by Benji Spencer, Clive Cleland, and Andrew Kent. I introduced + this serious bug with the WIN32 changes in 1.2.33. + Fix "option greylist-off" bug introduced in 1.2.39 and reported by + Spike Ilacqua. + Defend dccd against too many clients. + +1.2.45 + Fix dccd database "window" size computation bug that chose 3 GBytes + on systems with less than 512 MByte. + Fix `cdcc "stats all"` to use the right host name from Leandro Santi. + Increase `dccd -R` default rate limits for all anonymous clients + and for individual authenticated clients.. + updatedcc understands -V x.y.z unless no old version x.y.z is available. + +1.2.44 + Fix bug in dbclean -e and -E default reductions that made them 50% less + instead of more conservative compared to 1.2.39. + Speed up dbclean on systems with mmap(MAP_ANON). + Clean some uninitialize variable complaints from purify reported by + Praveen Nimmagadda. + Minor adjustments to deal with Solaris's VM system. + +1.2.43 + Fix typo in -e and -E default reductions. + +1.2.42 + More adjustments to deal with Solaris's VM system. + Use all except 384 MByte of physical memory on systems with more than + 768 MByte. On systems with 768 MByte or less, use half. + Tweak WIN32 makefiles. + +1.2.41 + Restore TZ in update/misc after setting it to GMT to keep the + Solaris FTP from going crazy. + +1.2.40 + Include win32.makin2 that was missing from 1.2.39. + Do not respond to clients when the database is broken to ensure that + they switch to another server. + Add missing "option greylist-on" support to cgi-bin/edit-whiteclnt + Remove DCC_PROTO_HOMEDIR support for building RPM or other packages + and add `./configure --installroot=DIR` + Adjust threshold for `dbclean -F` to keep Solaris systems from spending + hours in dbclean. + Add `dbclean -f` to turn off default `dbclean -F` on Solaris for + installations where the file system has been tuned for the + large, randomly accessed file that is a DCC database. + +1.2.39 + Suppress syslog messages from cdcc noted by Krzysztof Snopek. + Suppress complaints about madvise(MADV_WILLNEED). + Tweak WIN32 porting aids. + +1.2.38 + Turn off the use of madvise(MADV_WILLNEED) on systems such as BSD/OS + that claim to have it but don't. + -Gweak did not in 1.2.37 work as reported by Valentin Chopov. + +1.2.37 + Tweak WIN32 #ifdefs. + Change -G for dccm and dccifd to require -Gon. Add kludges in + start-dccm and start-dccifd to convert the old -G to -Gon. + Add "-G noIP" and '-G IPmask/xx' to ignore all or part of the SMTP + client IP address in the greylist triple. + `dblist -G` no longer works. Use `dbclist -Gon` + Fix bug where dbclean increased the number of reasons to stop flooding + by 1 and then decreased it by 2 reported by Bernard Gardner. + Use madvise(WILLNEED) for database buffers on systems with plenty + of RAM as suggested by Robert Milkowski. + Adjust scripts including /var/dcc/libexec/start-dccd to deal with + POSIX compliance of `expr` in FreeBSD 5.1. + Change FUZ2 checksum to know about Polish. + +1.2.36 + Fix updatedcc for systems that have only make in $PATH but where + it is really gmake. + +1.2.35 + Turn off the use of poll() instead of select() on Linux systems. + +1.2.34 + Fix bugs in the ./configure mechanisms to use poll() instead of + select() on FreeBSD reported by Valentin Chopov. + +1.2.33 + Adjust default dbclean expirations based on available RAM and + the size of the database. + Make dcclib, cdcc, and dccproc build for WIN32 with Borland C++ 5.02 + or FreeCommandLineTools.exe. The former can use the dcc.ide file + and the latter can use win32.mak. + Fix use of SO_LINGER on Solaris. + More changes to ease compiling cdcc for WIN32. + Possibly fix dccd amnesia about flooding peers. + Use poll() instead of select() on FreeBSD. + Fix updatedcc to use gmake if ./configure insisted. + Entirely remove "--prefix" from ./configure to stop people from + mistakenly assuming that ./configure is what the Free Software + Foundation dictates it should be. + Change /var/dcc/libexec/start-dccd to stop dbclean when dccd starts + and so prevent a deadlock between dbclean and dccd. + Fix problem with updatedcc on systems with only gmake reported by + James Carlson. + Fix problem with large greylist whitelist files reported by John Levine. + Reduce number of write() system calls per operation in dccifd. + +1.2.32 + Fix corruption of `dccm -U` directory introduced in 1.2.31 and + reported by Spike Ilacqua. + +1.2.31 + Make all dccd databases "big." If you have not previously used + `./configure --enable-big-db` then when version 1.2.31 of + dccd is started, it will run dbclean to rebuild the database. + This will make the hash table about 9% bigger and so 9% slower. + Make the "ms" units optional for RTT adjustments in `cdcc add` or + `cdcc load` as suggested by Hernan A. Perez Masci. + Add ${dcc_userdir} sendmail.cf macro as suggested by Valentin Chopov. + This lets you use the full power of sendmail.cf rewrite rules + to control per-user whitelist and log directories. See the + dccm man page. + Make `dbclean -F` the default on Solaris systems with plenty of RAM + and automatically turn it off when there is not enough RAM to hold + the entire database. + +1.2.30 + Let `dccd -C` take arguments for dbclean, so that the following line + in dcc_conf works: + DCCD_ARGS="'-C$DCC_LIBEXEC/dbclean -F'" + Make pthread_detach() failures in dccifd non-fatal. + Add mechanism to cgi-bin/list-msg to whitelist-for-greylisting + (sender,IP-address,recipient) checksums. This mechanism + requires that the 1.2.30 versions of dccd and dccsight be + installed. + Change dccifd to record the message headers in the log file even when + the MTA fails to provide the message body. + +1.2.29 + FUZ2 checksums character entity references in URLs in HTML. + Insert checksums of greylist triples of whitelisted messages + into the greylist database. + If greylisting is turned on, then include greylist checksums in dccm and + dccifd log files even for whitelisted and blacklist messages. + Dccm and dccifd log some messages that are whitelisted for greylisting + or otherwise not currently embargoed but were in the past. + Change whiteclnt "log all-grey" and "log no-grey" options to + "option greylist-log-off" and "option greylist-log-on". + (Of course the old strings continue to work.) + Add whiteclnt option "option greylist-off" and "option greylist-on" + to control greylisting for greylistig for an individual user. + Note mail in SMTP transactions that involve other users for which + greylisting has not been turned off can still temporarily rejected. + Add "option log-all" log everything for an individual user. + The proof-of-concept CGI scripts handle the new whiteclnt options. + Fix false "many" from dccproc when switching DCC servers reported by + Rutger ter Borg. + Remove 1.2.28 change in the dccd "xx MByte window" message that + displayed the minimum of the physical file size and the mmap() window + size. The message now contains the mmap() window size.. + Fix `dccd -FG,` core dump reported by Aleksander Dzierzanowski. + Make "skip asking" in `cdcc info` output a comment as suggested by + Gunther Heintzen. + Speed up flooding among greylist servers. + +1.2.28 + Reduce the number of msync() system calls, significantly speeding up + dbclean and dccd on FreeBSD. + Fix "window" size computation for dccd and dbclean on systems with + more than 4 GByte of RAM. + Adjust flooding threshold for greylist dccd. + Changed the dccifd man page to say that dccifd looks at the first + Received: header for the sender's IP address if was not provided + by the dccifd client. + Remove the recommendation for whitelisting the Habeas Mark from the + sample dcc_conf file. + Detect bogus -G args reported by Aleksander Dzierzanowski. + +1.2.27 + Use fsync() and msync() on /var/dcc/flod.map in dccd to try to + get Linux to send the file to the disk. + Use setsockopt(SO_LINGER) to speed shutdown on FreeBSD. + +1.2.26 + Fix `dccd -F`. Adding -F to DBCLEAN_ARGS in /var/dcc/dcc_conf on + Solaris systems with enough RAM to hold most of the database + can make dbclean twice as fast and reduces its effects on other + processes. Addcing -F to DCCD_ARGS might have similar effects. + The use of MAP_NOSYNC on systems that support it including FreeBSD + reduces the effects of dccd on other processes. + +1.2.25 + Fiddle with /var/dcc/libexec/dcc-stats-graph. + Add `dccd -F` like `dbclean -F` + +1.2.24 + Generate /var/dcc/dcc_conf-new whether it is needed or not. + Add `dbclean -F` to work around Solaris performance bugs with large + files and mmap(). + Add `dccd -Gweak` to not require a retransmission of the same message + to end a greylist embargo. + Add option "no-reject" to the dccifd-MTA protocol to be similar to + `dccm -aIGNORE` for greylisting while ignoring DCC results. + +1.2.22 + Fix stray hostnames reported in dccifd log file headers observed by + Chris Mikkelson. + Fix empty dccm syslog complaints seen on Solaris. + Fix core-dump with bogus hostname in whiteclnt file observed by + Joe Ilacqua. + Updatedcc starts to shut down dccd early to avoid problems restarting + it on slow systems at the end. + +1.2.21 + Fix dbclean every 20 seconds possibly observed by Kelsey Cummings. + Stop frequent running of dbclean from dccd to clean up greylisting records. + +1.2.20 + Fix cdcc core dump with non-existent /var/dcc/map files. + Change updatedcc to not use "set -e" because some versions of + bash have tantrums if you unset a variable that is not set. + +1.2.19 + Fix "too many CIDR blocks" problem reported by John Doherty. + +1.2.18 + Fix infinite loop in dccm reported by Gary Mills. This error might + also have caused dccm to crash. It should affect dccd as well + as the DCC client programs. I introduced it in version 1.2.15. + +1.2.17 + Fix IP whitelist entries in DCC server databases broken in 1.2.15 and + 1.2.16. + +1.2.16 + Fix bug in libexec/updatedcc with blanks in CFLAGS reported by + Aaron Paetznick. This only fix uses of updatedcc after + 1.2.16 has been installed. + +1.2.15 + Ensure the mtime of /var/dcc/whiteclnt.dccw files changes to stop + endless reparsing on some Linux systems. + Resolve inconsistency in dccproc whitelist vs. -t many noted by + Dawn Endico by making whitelisting always produce an exit code of 0. + Put absolute path on cdcc in misc/stats-get as pointed out by + Kevin Gagel. + Make dccm and dccifd log file size configurable as suggested by + Furlan Campos. + Fix bug reported by Jim Carroll that kept mail from being rejected + when first sent to a spam. + Allow large CIDR blocks to be white- or blacklisted in whiteclnt files. + Fix dccifd -p bug reported by Christopher Bodenstein. + Fix "continue not asking greylist" log message that should be + "continue not asking DCC" reported by Jorg Bielak. + Fix ./configure script in dccproc tarball that was creating a bogus + RUNDIR value for dccifd. + Add `./configure --with-max-log-size=KB` as requested by Furlan Campos. + The proof of concept CGI scripts now + deal with per-user logs for user that receive enough spam that their + log directories have 20,000 entries. + support the per-user greylist log options for whiteclnt files + described in the dcc man page near the description of "include" + support locking of per-user whiteclnt files with a line of + "#webuser locked" + Fix output file data corruption bug reported by Chris Mikkelson. + Change default dccm greylist SMTP status code as suggested by Gary Mills. + +1.2.14 + Adjust homedir/make-dcc_conf for Solaris as suggested by Gary Mills. + +1.2.13 + Tweak libexec/updatedcc for Solaris. + +1.2.12 + Report checksums in greylist embargoed mail to a DCC server while + waiting for the embargo to expire. + Recognize more than 1 GByte of RAM on Solaris systems. + Fix bug in stats-get not counting queries pointed out by Yury Razbegin. + Change the default greylist -G "white" value from 30 to 63 days. + dccm and dccifd now include the greylist triple checksum in per-user + log files. + Fix bugs in dccifd C interface routine pointed out by Stephen Misel. + Fix dccd whitelist bug observed by Gary Mills. + Fix bug in 1.2.8 through 1.2.11 that stops flooding of brand new + reports of bulk mail that is not spam. + Automatically generate /var/dcc/dcc_conf-new from existing dcc_conf + to aid installation of greylisting. + +1.2.11 + Resume looking for native sendmail milter libraries on more than + FreeBSD. + +1.2.10 + Fix some compiler warnings on Solaris. + Fix "only 256 open files allowed" message from dccid on Solaris + reported by Turgut Kalfaoglu. + Use poll() instead of select() in dccifd if possible. + Fix error in libexec/start-dccd reported by Valentin Chopov. + Look for native sendmail milter and install man pages on + recent versions of NetBSD as suggested by Josef T. Burger. + +1.2.9 + Turn off database hash debugging accidentally turned on in 1.2.8. + +1.2.8 + Fix serious bug in resolving DCC server host names by dccm and dccifd. + Add "temporary" to default greylist rejection messages. + Fix greylisting of null messages. + Add misc/fetch-testmsg-whitelist + Improve compression/suppression of flooded checksums to reduce the + database size and bandwidth requirements 10-50% for DCC servers that + see fewer than 20K DCC ops/day. Tests have produced conflicting + results. The full effects are not seen unless flooding peers + install this version. + +1.2.7 + Fix greylist flooding problem reported by Valentin Chopov. + Add whitelists to greylist servers as requested by Bobby Rose. + Change `dccm -r` to also set the greylist rejection message and to + optionally interpolate the queue-ID and SMTP client IP address + as requested by Gary Mills. + Fix 1.2.x bug that treated all flooded checksums to a new database + as stale until a local checksum has been added and dbclean run. + +1.2.6 + Complete the fix for "badly signed NOP response" in the DCC server. + To be effective, the public DCC servers will need to use + version 1.2.6. + +1.2.5 + Fix "badly signed NOP response" bug diagnosed by Philipp Buehler and + Thorsten Janssen. + Turn off connect() on DCC client UDP sockets for Linux 5.2. + Use sysconf() on Solaris and Linux and sysctl() on BSD systems to + estimate the size of physical memory. This may reduce the need + for `./configure --with-db-memory=X` + Add `./configure --with-DCC-MD5` to use the MD5 code in the DCC source + instead of any local library. + Fix dblcean "repairing" the database because "was [it] not closed cleanly." + +1.2.4 + Fix core dump in creating X-DCC header as suggested by James Carlson. + Fix dccif.c for `./configure --disable-IPv6` and stats-get for + deleting /dev/null when interrupted as suggested by Yury Razbegin. + +1.2.3 + Fix leak in greylist server. + Improve some obscure error messages from dccd. + Address IPv6 problem on RedHat 5.2 reported by Darren Nickerson. + Check /proc/meminfo on Linux for hints on real memory size to + work around the Linux mmap() bugs and resulting dccd performance + problems as suggested by Dave Lugo. + +1.2.2 + Avoid `chown` in start-dccm and start-dccd. + Fix stop-dccd as noted by Michael Ghens. + Add greylist installation instructions to INSTALL.html and INSTALL.txt. + +1.2.1 + Fix typo in default map.txt noted by Michael Ghens. + Fix undetected hash table size overflow noted by Leandro Santi. + Fix "BRAND" error in start-dccd. + Fix inflation of target counts on greylisted messages. + Dccd is off in the default dcc_conf. + Reduce default greylist embargo to 4.5 minutes. + +1.2.0 + Many changes to support a form of Greylisting. + See http://projects.puremagic.com/greylisting/ + and the dccd and dccm man pages. Greylisting is probably not + ready for prime time in 1.2.0. + Change flod.map file format to allow `cdcc "flood stats 123"` to say + "not connected since" as suggested by by James Carlson. + Fix bogus "overwriting existing entry" error message noted by + Dallas Engelken. + As suggested by Leandro Santi, prevent false alarms about bogus packets + received by DCC clients. + Improve 24-hour averaging of client operations by dccd. + Fixes to dccd/rl.c from Leandro Santi. + +1.1.45 + Fix error in sample homedir/map.txt file. + Fix problem in starting flooding. + Fix error in misc/dcc-stats-init. + +1.1.44 + Fix core dump observed by Stephen Misel. + Suppress error message from rcDCC and start-dccm when dccm is not + installed as noted by Kevin Gagel. + +1.1.43 + Fix core dump reported by James Carlson. + +1.1.42 + Fix dbclean progress reporting bug noted by Vladimir Samoilov. + Improve misc/na-spam to catch another kind of quote leader. + Drop anonymous requests that would be delayed by more than the maximum + possible RTT. + Add application layer keepalives to flooding. + +1.1.41 + Sort IP addresses in `cdcc rtt`. + Improve response of the client code to broken servers. + +1.1.40 + Adjust client failure "fail_more()" backoff mechanism. + Add commas to misc/dcc.m4 as suggesed by Spike Ilacqua. + +1.1.39 + Fix missing changes to dcc.m4. + +1.1.38 + Fix `make install` file ownership as noted by Gary Mills. + +1.1.37 + Deal with certain obfuscating URLs. This change includes some + URLs in Fuz2 checksums and removes parts of some URLs from Fuz1 + checksums. This should reduce much of the need for the dubious + many hex FUZ2: 00000000 00000000 00000000 00000000 + whiteclnt entry. + Decode RFC 822 and MIME entity headers to control quoted-printable + and base64 decoding instead of the previous adaptive algorithm. + This also involves decoding nested MIME multipart messages. + A side effect of this is to change the checksums computed for + some mail. + Use poll() on Solaris to avoid failures from select() on large FDs. + Smuggle the Mail_From value to dccm with a ${dcc_mail_host} macro + so the mail_host checksum is valid despite sendmail smart relays. + This requires rebuilding sendmail.cf with the new dcc.m4. + Move part of the server-failing timer into /var/dcc/map so that + dccproc processes can share it. + Fix dccifd bug in handling detecting the end of headers reported + by Tim Clymo. + Fix `dccd -u` which was almost entirely broken. Extend `dccd -u` + to inflate the delay for busy anonymous clients. + Make server selection more stable despite network problems. + Fix some cases of false alarms of database corruption by dbclean. + This fix is important where dbclean complains about `repairing` the + database. + Clear dccd queue delay when the server is idle. This should help + dccd on BSD/OS after dbclean runs. + Avoid `chown` and `chgrp` with `configure --disable-sys-inst`. + Add `dccproc -x exitcode` as suggested by Paul Wright. + `cdcc clients` displays counts of NOPs to catch misconfigured firewalls + at clients. + +1.1.36 + Add optional DCCM_ENABLE and DCCD_ENABLE to /var/dcc/dcc_conf + Look for libmilter.a where it is in some versions of Linux. + Add "eval" to start-dccd, start-dccm, and start-dccifd when + not using a separate UID to allow quoted blanks in + `dccm -r "rejection messages"`. + +1.1.35 + Deal with name space pollution in Solaris as suggested by Isaac Saldana. + +1.1.34 + Fix libexec/dcc-stats-collect and libexec/stats-get as noted + by Valentin Chopov. + Adjust FUZ2 length thresholds to catch more HTML obfuscated spam. + Reduce some stalling of dccd on BSD/OS when dbclean starts. + Resolve conflict between start-dccifd and dccifd by making the default + location for the dccifd PID file the same as for the dccm file + Fix dccifd to remove stray X-DCC headers. + Fix start-dccifd to pay attention to DCCIFD_ARGS in dcc-conf. + +1.1.33 + Fix rare core-dump in dccd that more frequently corrupts the database. + Do not loop forever as the result of some database corruption. + Turn off by default dccd blacklist event tracing. + Increase the limit on the size of white-listed CIDR blocks from /24 to + /20 or 1024 IP addresses. Every IP address whether specified + separately or with a CIDR block requires a separate entry in a + client DCC whitelist hash table. The hash table is limited to + about 80K entries. + Add '-T' to misc/hackmc to trust or white-list mail authenticated + by SMTP AUTH or START TLS. + Server blacklisting suppresses "bad client or server-ID" error messages. + add /var/dcc/libexec/stats-get produce server statistics as noted by + Daniel Klein. + +1.1.32 + Do not count MIME content-type image bytes when deciding whether + to generate FUZ2 checksums. + Unlink dccm and dccifd PID files before trying to (re)create them. + Dccm watches milter "contexts" more closely for corruption. + Add an optional count to `cdcc clients`. + Dbclean tries harder to restore dccd flooding. + Initialize wtgts in dccproc as noted by Leandro Santi. + +1.1.31 + Fix core dump in ckfuz1.c noted by Gary Mills. + +1.1.30 + Allow blanks in MIME boundaries. + Possibly fix compiler "initialization type mismatch" warnings noted by + Gary Mills. + +1.1.29 + Fix dccm core dump in ckfuz1.c noted by Sven Willenberger. + +1.1.28 + Fix dccm core dump in dcc_ck_body0() noted by Valentin Chopov. + +1.1.27 + Add to HTML character references known by the Fuz2 checksums. + +1.1.25 + Notice "Content-Type: text/html" headers to pay attention to HTML + even in mail without <html> tags. + Tweak the Fuz2 checksum to ignore some Microsoft delivery notifications. + Adjust Fuz1 checksum to be more consistent on URLs. + Fix date bug reported by Krzysztof Snopek in `cdcc clients`. + Include an indication that the client was blacklisted in `cdcc clients`. + Change MIME decoding somewhat as suggested by Leandro Santi. + Fix bug in dccd client blacklist. + Add `dccm -g not-all`. + +1.1.24 + Add `cdcc "clients -s"` to sort by the number of requests. + Add /var/dcc/blacklist of blocks of IP addresses refused by dccd. + Remove -lpthread from $(DPADD) in dccm and dccifd Makefiles for Solaris + with gmake to try to deal with problem observed by Krzysztof Snopek. + +1.1.23 + Fix handling of & in the middle of words in HTML. + Change dccifd to respond with DCCIF_RESULT_REJECT or 'R' when + queried about spam. + Fix typo in detection of non-compiler on SunOS. + Add `./configure --disable-dccifd` as suggested by Krzysztof Snopek. + +1.1.22 + Fix inconsistencies in fuzzy checksums computed by dccm and dccproc. + More ./configure script changes to try to deal with problems on + a Solaris system with GCC and some undetermined oddities. + +1.1.21 + Suppress repeated messages about unauthorized server IDs of peers. + Install cdcc, dccproc, and so forth in $HOME/bin by default + if /usr/local/bin is not writable and $HOME/bin exists. + Fix infinite loop in decoding invalid HTML character references. + +1.1.20 + Fuzzy checksums ignore all text before initial MIME boundary and + after terminal MIME boundary. + Add support for Spanish thanks to Leandro Santi. + Shuffle hostname resolving code to try to fix what may be a race + in the Linux pthread_create() as discovered by Karl Grindley. + Reduce default value of `dbclean -e` from 7 to 2 days. Mail that does + not reach the local bulk threshold within 2 days is probably not + spam and if it is, it will almost certainly reach a bulk threshold + at some other server in the network. + +1.1.19 + fix missing env_From handling in dccifd/dccif.pl observed + by Nathan Neulinger + set mode of dccifd socket to 0666 as suggested by Nathan Neulinger + +1.1.18 + fix `dccproc -c` logging bug noted by Brad Volz. + fix ./configure to pick UID and GUID out of `id` with --disable-sys-inst + multiply the `dccd -u` delay by 4 when flooding is off or broken to + steer clients away from DCC servers without working links. + radically reduce the number of wsync() calls to speed systems with + lame mmap() support including BSD/OS 4.2. + fix setting of file descriptor limit in dccm and dccifd as noted + by Gary Mills + change configure script to deal with change in gmake version string + discovered by Aaron Paetznick + +1.1.17 + add DCC interface daemon, dccifd, similar to dccm for SpamAssassin and + Perl filters and MTAs other than sendmail. This is only an initial + release soliciting comments about its interface. Its interface + may change in 1.1.18. The new lines of homdir/dcc_conf must be + added to /var/dcc/dcc_conf to turn it on. + `dccm -a IGNORE` says "would have rejected" in the log messages + for Sven Willenberger + generate sample client-ID password for localhost server in /var/dcc/ids + and /var/dcc/map + dccd only complains about unknown server-IDs when "IDS" tracing is + turned on. + DCC clients check for new server DNS records every other hour + instead of every hour + compute the same Base64 result for 32-character lines with or without '\r' + close unlikely, theoretical per-user log file FD leak in dccm. + dccproc passes header lines (including continuations) longer than + 20 KBytes + fix bugs in misc/newwebuser as noted by Furlan Campos. + dccm deletes all X-DCC headers of the right brand name to foil + tricky spammers. + dccproc defaults the -T tmpdir to the -l logdir + +1.1.16 + fix long HELO values in dccm from Leandro Santi. + fix /var/dcc ownership installation bugs noted by John Reames. + let count of clients seen within 24 hours be more than 1000. + change misc/na-spam, the news.admin.net-abuse.sightings gateway script + to use dccproc log files instead of generating its own. + don't allow ':' in DCC server "brandnames". + recover misplaced change to misc/dcc.m4 to fix need to use + FEATURE(`delay_checks') + fix apparently harmless quoting error in dcc.m4 + fix `cdcc "flood stats all"` when the server's peers are not ordered + by their IDs. + decode Base64 with invalidly long lines. + +1.1.15 + change graph generating shell scripts, including making the + database size RRA use "MIN" instead of "MAX". A shell script + that can convert existing RRDs is available. + make `misc/hackmc -O` apply to all uses of the sendmail access DB + instead of only the envelope Mail_From value. + +1.1.14 + tweak graph generating shell scripts. + add `cdcc "flood stats all"` and `cdcc "flood stats clear all"` + +1.1.13 + tweak graph generating shell scripts including fixes from Jack Bates. + adjust autoconf mechanism to try to deal with systems with inet_ntop() + but without IPv6. + +1.1.12 + move dccd statistics to the flod.map so they're preserved despite + restarting dccd. + add shell scripts to generate RRD graphs. + make rate-limits run-time parameters for `dccd -R`. + +1.1.11 + fix dccm bugs with handling a non-responsive server. + change misc/hackmc to modify sendmail.cf to reject unauthorized relay + attempts with a temporary failure when they are supposed to be sent + to the DCC but dccm is not running. This prevents leaking relay + relay spam. You must use the new hackmc script to install this + change in sendmail.cf. + remove "# whitelisted" from `cdcc stats` output to give more room + for totals. + prevent empty dccproc log files as noted by Krzysztof Snopek. + even fatal errors should cause dccproc to exit with 0 to avoid + rejecting mail, as noted by Krzysztof Snopek. + When server hostnames have common IP addresses, prefer the server + with the non-anonymous client-ID, noted by Krzysztof Snopek. + +1.1.10 + try to deal with truncated per-user dccm logs on Solaris. + reduce threshold at which Fuz2 checksums are computed to capture + more spam. + force the use of gcc on Solaris. + try not to wait for the syslog console messages to resolve a dccm + crash on Solaris. + +1.1.9 + make `cdcc "flood list"` unpriviledged, but disclose only server-IDs + to strangers. + +1.1.8 + fix "invalid database address" problems on SPARC systems with + ./configure ----enable-big-db + %-encode quotes in URLs generated by the CGI scripts. + fix `cdcc "id=X"` for X>65535. + increase path length limit to 24. + add `dblist -I server-ID`. + +1.1.7 + fix man page installation on AIX. + work around connect() bugs on AIX41 and OpenUNIX. + +1.1.6 + fix encoding of quote characters in the CGI scripts + look for sendmail 8.12.1 libsm.a that is required by that version of + the Milter code. + make the configure script again find the FreeBSD MD5 library. + +1.1.5 + fix bugs in white-list links in the CGI scripts. + increase 8-hop flooding path limit to 16. + changes from Mark Moraes to compile dccproc under Cygwin on Windows 2000 + the DCC source compiles on OpenUNIX 8.0.1 thanks to Larry Rosenman. + reduce the chances of duplicate or missing entries in the list + from `cdcc clients` as suggested by Dave Lugo. + add `dblist -C` to limit the listing to reports with specified checksums + as suggested by Sam Leffler. + `dccm -r "4xx ..." now produces a proper SMTP "temporary failure". + deal with /usr/include/md5.h that seems to be RedHat 7.3 but that does + not compile by itself. + +1.1.4 + fix dccproc and dccm tarballs broken in 1.1.3. + +1.1.3 + add a "VERSION:" string to the start of dccm and dccproc log files. + fix memory leak in dccm observed by Gary Mills. + fix core-dump in dccd with unreadable /var/dcc/flod noted by Sam Leffler. + add prototype CGI scripts for per-user white lists. + rate limit and improve log messages about read-only whiteclnt files. + allow null passwords for server-IDs in /var/dcc/ids that are used only + as markers so that no DCC server is accidentally started with the + password "unknown" + install initial /var/dcc/map file using dcc.dcc-servers.net + install empty server database as suggested by Andrew Macpherson. + create /var/dcc/log during installation. + adjust the `dccd -u` default to minimize rejecting DCC queries from + nearby anonymous clients. + convert upper to lower case in dccm per-user white list directories as + suggested by Andrew Macpherson. + allow null passwords as place-keepers in /var/dcc/ids. + rebuild gmake .d depend files when include/dcc_config.h changes so + that bad things don't happen when a header file disappears and + the configuration changes to match. + fix "log-del" option in /var/dcc/flod to log checksum delete requests. + add "del" and "no-log-del" options to /var/dcc/flod lines. + change the defaults for flooding delete requests to log them ("log-del"), + not send them ("no-del" among o-opts) and + reject them ("no-del" among i-opts). + change misc/hackmc to be usable in typical Makefiles that generate + .mc files. It now feeds a single set of .mc files to m4 + to produce a single .cf file on stdout instead of a set of .mc files. + It also no longer includes ../m4/cf.m4 + use native sendmail milter libraries on FreeBSD 4.6 + IDs in /var/dcc/ids can be placeholders without passwords + +1.1.2 + fix `dccm -W`. + the recipient mailbox resolved by sendmail can be used as an white list + value by dccm. This simplifies white-listing when the system + has more than one name. + +1.1.1. + add -follow to cron-dccd in case user log directories are beyond + symbolic links. + fix "resource temporarily unavailable" message from dccproc + reported by Henrik Lewander. + fix `dccm -W` problem in 1.1.0 reported by Mark Motley. + +1.1.0 + "substitute" whitelist header entries must start with the name of + the header. This is incompatible with previous versions. + remove `dccm -a REJECT_ONLY` + add per-user whitelists and logs to dccm. See `dccm -U`. Use the + DCCM_USERDIRS variable in the new homedir/dcc_conf file to turn on. + To generate per-user log files without leaking informatio about + Bcc addresses, the format of all log files has changed slightly. + Look for "bulk" in the X-DCC line instead of the final "targets" line. + add `dccproc -E` to add dccm log file style envelope lines to log files. + fix cleaning of hourly DCC log files as suggested by Gary Mills. + X-DCC header lines contain the string "bulk" when the message is bulky. + add the "mail_host" as a possible "subsitute header" for dccm. + several of the mailing lists in the sample white list now require that + dccproc or dccm use `-S sender` or dccm use `-S mail_host`. + This removes hostnames from the sample whitelist, because they + can take a long time to resolve or fail to resolve. + change env_To: lines in dccm log files to include the sendmail "mailer" + and address. Also add the resolved "mail_addr" and "mail_host" + to dccm log files. + allow common dccproc white list files owned by the DCC user to be in + subdirectories of the DCC home directory instead of only the + DCC home directory. + use Rgethostbyname() in clients only when `cdcc SOCKS on` is sent + and in the server only for flooding peers that are flagged with + "SOCKS" in /var/dcc/flod. + use gethostid() and hash the local host name instead of gethostbyname() + to generate the DCC client host ID + consider an entire report of checksums obsolete if the fuzziest checksum + is obsolete for dbclean or flooding. This reduces the database + size and flooding bandwidth by another factor of 2. + fix `./configure --mandir=/tmp/foo` to put the man pages into + /tmp/foo/man8/dccm.8 and similar places on other systems instead + of /tmp/foo8/dccm.8 as suggested by Michael Grant. + add `configure --disable-sys-install` to simplify and make a non-system + installation (e.g. by a user with a shell account) safer (no suid). + stop frequent complaints about bad flooding passwords in most cases. + +1.0.53 + fix bug in fuzzy checksums that was not handling long Base64 lines. + increase the thresholds for computing the Body and Fuz2 checksums + and decrease the threshold for the Fuz1 checksum. + limit work-around for broken Linux threads that need signals delivered + to the process group to Linux systems to avoid breaking dccm + on Solaris 2.6 systems. + add `cdccc "flood stats ID". Part of this involves a change + to format of the flod.map file. It will be automatically rebuilt. + fix `cdcc clients` and `cdcc stats` operations to do better with more + than 64 active clients. + fix core-dump in dccd found by James Carlson. + use Rgethostbyname() when SOCKS is configured. + fix private (not owned by the dcc user) whitelist files for dccproc. + notice and report missing incoming flood connections. + detect and complain about duplicate definitions in /var/dcc/ids + +1.0.52 + fix bug in dbclean that was inflating instead of compressing some + reports. + fix spurious emergency execution of dbclean by dccd. + deal with missing h_nerr and h_errlist[] in Solaris 2.6 as + suggested by Gary Mills. + fix use of old $DCCM_RUNDIR in rcDCC as suggested by Gary Mills. + fix extra blank in dcc.m4 as suggested by Gary Mills. + generate dcc.m4 with the local choice for /var/dcc/run with configure. + use dcc_inet_ntop() on systems that do not understand IPv6 to fix + a problem on Solaris 2.6 discovered by Gary Mills. + +1.0.51 + fix man pages on FreeBSD. + fix file descriptor leak in dccd when using SOCKS. + `cdcc "flood check"` forces dccd to re-resolve hostnames for flooding + peers that are failing. + +1.0.50 + Improve automatic dbclean-ing by dccd. + +1.0.49 + Check the log directory for dccproc and dccm after changing to the + home directory. + +1.0.48 + Split old records in the database so they compress better. + Reduce bandwidth required for flooding by summarizing checksum counts. + Fix configure in the partial packages, dcc-dccm-*.tar.Z and + dcc-dccproc-*.tar.Z + Fix `dccd -K no-IP`. + Fix error messages for `dccproc -c type,thold` and add "never" as in + `dccproc -c all,never` + Fix yet another bug in dcc_mkstemp(). + Add "NEVER" to -c for dccproc and -t for dccm. + Enhance `dccm -l logdir` and `dccproc -l logdir` to scatter log files + among directories for systems dealing with more than 500,000 + mail messages per day. + Dccm log files are now named "tmp.XXXXXX" until it is known that they + are needed and they are renamed to msg.XXXXXX or they are deleted. + +1.0.47 + Make "-n brand" optional for dccd. + decode Base64 before computing checksums. + remove `cdcc pck` and `cdcc delck body` operations. + add configure parameter --with-bad-locks to deal with Solaris mmap() + vs. fcntl() locking problems. + Dccm and dccproc shold keep only the last of several locally specified + header checksums. + Because people have been confused by env_To checksums being ignored + in server whitelists, they are now reported as errors. + +1.0.46 + Fix garbage in dccm log file names. + When run as root, dbclean avoids changing the owner of the database files. + Add logging to dccproc in the style of dccm. + Accept hex checksums to allow whitelisting message bodies, and especially + "empty" bodies contianing more than 1 KBytes generated by + Outlook Express. + Improve compression of old entries in the database. + Add checking of "substitute" headers. See -S in the dccm and dccproc + man pages. + +1.0.45 + Repair incoming flood duplicate detection broken in 1.0.44. + +1.0.44 + Dccd now tries to fix the database when it starts + dccd also marks the database potentially inconsistent while it + is running and until it stops cleanly. Graceless shutdowns + are now detected and the database is automatically checked with + `dbclean -R` before dccd resumes operation. + Add Fuz2 checksums to the default lists along with Fuz1 and Body + By default, dccd does not keep non-body checksums in the database. + The previous behavior can be restored with -Kall. + Double the maximum size of the database's hash table + Teach dccd to run dbclean to expire checksums so things work even + if the cron job doesn't + Misc/hackmc -D adds a local rule to reject mail from SMPT clients + without reverse DNS to the DCC + Suppress messages from dccd for EINVAL the second connect(). + This is lame, but both FreeBSD and Linux answer the second connect() + on a non-blocking socket after an ICMP Unreachable or timeout + with EINVAL. + Speed up dbclean for large databases + It is only about 2.5 times faster on linux 2.2.14-5.0 + Large systems handling more than 200,000 messages/day should + use --with-db-memory=500000000 or whatever is the appropriate number. + This change combined with the -K changes mentioned above produce + an overall speed-up of about 10 times for busy, not large systems. + Add configure parameter --enable-big-db to support server databases + with up to 2 billion instead of 16 million entries in the hash table + Fix problem with env_To white-listing reported by Mark Motley + Add -H to dccproc to emit only the header + Fix dccd to pass -L parameters to dbclean so that log messages from + automatic invocations of dbclean are not lost + + +1.0.43 + add prototype Fuz2 fuzzy body checksum and remove the subject checksum + See INSTALL.{html,txt} about DCC_RPT_SUBJECT if you want to + restore Subject checksums in in you DCC clients. + fix SOCKS connection and re-connection of flood stream. + add -c thresholds to dccproc and make its exit code indicate whether + they are exceeded. This should eliminate common needs to parse + the output of dccproc. + fix dccd iflod_send_pos() core-dump seen during very high network losses + to flooding peer. + deal with Linux bug in not allowing connect() after a previous + connect() to 127.1. + fix dccm core-dump on some platforms when whitelist hostnames fail to + resolve. + deal with Linux `bash` vs. `su` + handle duplicate local interfaces on Linux + make `cdcd "flood rewind"` require a remote server-ID + +1.0.42 + fix dccm crash while dealing with white list. + +1.0.41 + fix bug introduced in 1.0.37 that broke `cdcc add` + include truncated getifaddrs() for systems that do not have it to improve + the default behavior of dccd with multihoming. + fixes for syntax errors in misc/{rcDCC,stop-dccd} from Michael Ghens + make `dccm -W` less confusing. + change hackmc to report mail with bogus DNS senders to the DCC + +1.0.40 + fix for syntax error in /var/dcc/libexec/cron-dccd from Dave Lugo + deal with slow dccd response to dbclean + +1.0.39 + keep dccd from going crazy with a crazy value for -q + +1.0.38 + fix dccd core dump with Dave Lugo's help. + improve dccd host name resolving helper process. + improve misc/na-spam. + `cdcc 'stats clear'` now also clears the list of clients seen by dccd. + add a path of server-IDs to flooded checksum reports. + increase the number of checksums recognized by the server. + fix pthread error on SunOS and possibly AIX. + use absolute path for `cdcc` in /var/dcc/libexec/stop-dccd as suggested + by Sam Leffler. + improve fuzzy ignoring of MIME multipart boundaries. + + +1.0.37 + deal with lack of -s in SunOS `logger`. + dccd now has a helper process to wait for slow DNS servers to resolve + the names of flooding peers. + Deleting and restarting the DCC server's database now causes dccd to + ask peers to re-flood their checksums. This new feature required + changing the flooding protocol. DCC servers using the new protocol + talk to servers using the old protocol after the old servers start + their streams or with an explicit tag in the /var/dcc/flod file. + `sendmail -bs` is used by some mail user agents such as pine. In such + cases the sendmail milter interface gives filters such as dccm a null + pointer to what should be an IP address and a pointer to the + string "localhost". Dccm now acts as if such mail arrived from + IP address 127.1. This makes the common white list entry + "ok IP localhost" effective for such mail. Note that dccm deletes + X-DCC header lines with its own brand from white listed messages, + because they would otherwise be wrong and a potential vulnerability + to bad guys. + Fix `dccproc -o ofile` to include the X-DCC header in ofile. If this fix + is a problem, see `dccproc -C` + add /var/dcc/libexec/na-spam and ng-spam to gather spam from + news.admin.net-abuse.sightings + fix start-dccd, start-dccm, and cron-dccd to support multiple dccd + daemons in separate home directories. + +1.0.36 + support for OSF1. + handle msync() with only two parameters in old BSD/OS. + try to fix rare core-dump in dccm whitelist parsing. + fix error in misc/dccdnsbl.m4 noted by Michael Ghens. + fix autoconf errors for SunOS noted by Sam Leffler + add "log-del" option to /var/dcc/flod file + fix recent damage to DCC{D,M}_ARGS in start_dcc{d,m} + +1.0.35 + add DCC_LOG_FACILITY to dcc_conf as suggested by Sam Leffler. + You must install the new homedir/dcc_conf with your parameters + to use it. + fix recently introduced bug that kept dccd from automatically + running dbclean to expand the database. + document the output of the dblist program in its man page. + `configure --with-rundir` can be used to override the use of /var/run/dcc + for the PIDs of DCC daemons, sockets, and so forth. + `configure --with-uid=dcc` creates Makefiles and scripts to install + and start DCC programs as the user "dcc" + + +1.0.34 + support for IRIX + fix bug in setting libexecdir for configure + change `cdcc stats` to show cumulative report counts + increase maximum number of flooding peers from 16 to 32 + and make it a compile-time parameter + change $UID in misc/start-dcc{d,m} to the avoid reserved variable in + RedHat 6.2 as suggested by Michael Ghens + fix bug in cron-dccd found by Michael Ghens and Dave Lugo + remove mechanism for configuring the DCC home directory by setting + an environment variable before invoking `make` + change the default value of the -u anon-delay parameter for dccd to 0. + add "flood list" operation to `cdcc` + look for sendmail for dccm in a FreeBSD "ports" package + +1.0.33 + support for HPUX thanks to Richard Rauenzahn. + check against "$USER" instead of "root" in start-dccm and start-dccd + as suggested by Luke Crawford. + make the server rate limits configurable at compile-time. + +1.0.32 + fix bug in local white lists that ignored changes in the count field + by default, start-dccm no longer tells dccm to reject based on + message-ID checksums + fix recently introduced bug that kept flooding off after the + hash table needs to be expanded. + +1.0.31 + add SOCKS support. + dccproc only logs errors unless given -d. This should fix problems + in some mail systems using dccproc caused by network problems. + fix permissions bugs related to using private map files + the dcc_notspam sendmail macro used by dccm with -o must be non-empty + to be considered "set". + +1.0.30 + fix man page installation on OpenBSD. + fix bug in starting incoming floods on systems with IPv6 interfaces + but without what DCC recognizes as IPv6 support such as OpenBSD. + deal with systems such as OpenBSD with lame mmap() support. + speed up recognition of changes in the /var/dcc/flod file. + use DCCM_REJECT_AT in /var/dcc/dcc_conf to also set the default + flooding threshold used by dccd when it is started by + /var/dcc/libexec/start-dccd + add configure switches to not build dccm and the server + `dccd -u` turns off `cdcc stats` from anonymous systems to avoid telling + strangers how many mail messages a small DCC server has seen. + +1.0.29 + fix start-dccd to deal better with non-standard DCC home directories. + dccproc is now like dccm and treats a missing Message-ID header. + as if it were present and with a null value. + do the right thing for DCC servers running on platforms where + gethostname() fails completely on a short buffer instead of + giving a prefix of the hostname. + detect and quit on null hostname from gethostname(). + +1.0.28 + improve the handling of an already running daemon in by misc/start-dccd + support mapping of ranges of server IDs when flooding reports + yet more changes to deal with quoted-printable. These changes + generally cause the fuz1 checksum to differ. + remove need for FEATURE(delay_checks) when reporting sendmail access_db + hits to DCC server + change body checksum to ignore '>' in "\n>From" because the '>' is + often added for old UNIX MUAs. + improve response of dccproc to 20KByte or larger To: headers. + make `cdcc "file map2; load map2.txt"` act the same as + `printf "file map2\nload map2.txt" | cdcc` + dccm now treats a missing Message-ID header as if it existed but with + a null value. + +1.0.27 + change example scripts to deal with `expr` exiting with 1 and stopping + them on Solaris + fix client IDs larger than 65535 + detect and complain server IDs offered to `cdcc` as client IDs + +1.0.26 + if dccm is already installed, try to build it even if the sendmail + milter library is not available to prevent silent failures to + install new versions of dccm. + +1.0.25 + fix confusion if a quoted-printable sequence overlaps a buffer boundary. + do not give up on remote servers if a local server responds with + an ICMP unreachable error. + +1.0.24 + minimize interpreting '=' in a URL as quoted-printable to make dccproc + and dccm compute the same fuzzy checksums more often. + +1.0.23 + fix confusion in dccproc about whether an initial line of a message + that starts with blanks is a continuation of the last header line + +1.0.22 + fix infinite loop and packet spew from dccproc when the clock jumps + backward or jumps forward more than 1000 seconds. + fix syslog process name on Solaris and AIX + `dccproc -R` picks IP address out of standard Received: lines + fix bugs in decoding quoted printable with broken soft ends of lines + +1.0.21 + repair DCC server whitelist broken in 1.0.20 + +1.0.20 + support for Solaris + describe ways to connect spam traps to the DCC in INSTALL.html + move parameters from start-dccd, start-dccm, and cron-dccd to a common file + add misc/rcDCC start-up script for Solaris and Linux + fix byte-order bug in flood header server ID which requires changing + the flood protocol. To flood to version 1.0.19 or older versions + of dccd, specifiy version 4 in the flod file line. + removed locking file /var/dcc/map.lock + change handling of spam sent simultaneously to white-listed and unlisted + targets. See the discussion of the new "REJECT_ONLY" action in the + dccm man page. + +1.0.19 + improve `cdcc stats` flood formatting + fix `cdcc "host domain.com; stats all"` + change dccproc to use the value of the Return-Path: header for the + envelope-From checksum if the header is present and -f is not used. + fix `dbclean -S -N` when the whitelist is empty + add rough support for NetBSD. + mention dccd in the INSTALL file. + fix for parsing "-L error,LOCAL1.ERR" from Vincent Schonau + +1.0.18 + add "clients -n" to cdcc + add -C to dccproc + +1.0.17 + add dccsight + +1.0.16 + try again to deal with getifaddrs() without freeifaddrs(). + fix bug introduced in 1.0.15 that causes dccproc to require + a white-list + fix corruption of /var/dcc/map when dccproc is run with stderr not + open and when the DCC server first fails to answer. + +1.0.15 + make the sendmail {dcc_isspam} and {dcc_notspam} macros consistently + override what dccm and the DCC server determine + +1.0.14 + deal with systems that have getifaddrs() but not freeifaddrs(). + fix bogus response from server when a duplicate request from an + anonymous client arrives before the original request has been + scheduled to be answered. + fix obscure double-trip bug in threaded client library. + accept "rpt-ok" as well as "rpt_ok" in the ids file. + fix /var/dcc/flod option scanning bug by dccd. + 'dccd -u 999999' turns off access by anonymous or unauthenticated clients. + add -W to dccm to cause only explicitly listed targets to be protected + by the DCC + add a "reject" server-ID translation target in the flods file to + not send or receive the reports of some servers. + +1.0.13 + add RTT adjustment to cdcc load and add operations to allow a client + to prefer servers despite worse RTT's + +1.0.12 + in dccm count two intead of one open file for each active job against + the system imposed limit on open files for automatically setting + the value of -j for dccm and for automatically changing the soft + resource limit. + use the GNU autoconfig install script instead of `install -d` to create + $(HOMEDIR)/libexec because GNU autoconfig does not detect install + programs that do not understand -d + rate limit complaints by dccd about unrecognized server IDs + +1.0.11 + dccm tolerates null sender IP addres and hostname from `sendmail -bs` + from sendmail 8.11.3 but perhaps not from 8.12. + change -p for dccd and dbclean to -a to allow specification of entire + server addresses. + by default, dccd listens on separate UDP sockets so that clients receive + responses from the same IP address to which they send requests. + +1.0.10 + fix "bogus oflod complaint length 0" nonsense from server + `cdcc stats` counts the clients seen in the last 24 hours, but + `cdcc clients` displays all that fit in the cdcc buffer even if + older than 24 hours + the `configure` script looks at `make -v` to guess whether to generate + gmake or make makefiles + include list of common "dictionary attack" user names among the sample + homedir files + +1.0.9 + body checksums ignore effects of quoted-printable encoding + deal with versions of gmake that do not understand ?= + improve "clients" request of cdcc + +1.0.8 + fix rate limiting bugs in the server + fix local env-To whitelist + +1.0.7 + fix locking bug when client whitelist file cannot be opened + use `install -c` to not delete misc scripts + fix server flood stalls when there are many stale or whitelisted + reports + +1.0.6 + fix bug in alternate dccm argv[0] in start-dccm + fix bug in noticing changes to included white lists + +1.0.5 + install cron-dccd, start-dccd, and start-dccm in $(HOMEDIR)/libexec + +1.0.4 + fix server core-dump for repeated invalid admin. opcodes while + tracing is enabled. + add "clients" request to `cdcc` + add "stats all" request to `cdc + add homedir/start-dccm.sh + /var/run/dccm.pid and /var/run/dccm depend on argv[0] + white-lists can use "include pathname" + dccm -o overrides -s + dccm -o and -s have default values + move /var/run/dccm and /var/run/dccm.pid to the directory /var/run/dcc + and change the sendmail "feature" file misc/dcc.m4 to match + +1.0.3 + improve flood ID mapping + remove need to explicitly build before `make install`