H-Sphere version: 2.4.x

Improvements and fixes:

• ClamAV 0.90.3.
• SpamAssassin-3.2.1
• blackholedsender db - configured to work with wildcard patterns
• Fixed user check procedure in the case 'default@domain' mail recipient
• Improved filtering of wildcard sender patterns for autoresponder and mail SMS (HS 3.1.0+)
• Included usercheck for dummy users in 'master+relay' or 'relay' mail server configuration (for HS 3.1.0+)
• Fixed startup issue for POP3 SSL service

Improvements and fixes:

• SpamAssassin-3.2.0
• Disabled TLS by default
• Decreased SSL timeout (POP3S, SMTPS protocols) to 1 minute
• Qmail startup file fixes

hsphere-mail-service-3-35 is released with H-Sphere System Packages Update

Improvements:

• ClamAV 0.90.2 that fixes a security hole.
• Optional STARTTLS (RFC 2487) support in conjunction with sslserver, includes:
  • UCSPI-SSL implementation patched by UCSPI-TLS extension
  • SPAMCONTROL STARTTLS/STLS SMTP/POP3 protocol implementation
  • Changes related to choosing SSLv2/3/TLSv1 protocols
  • Chrooted configuration
• ClamAV daemon works under clamav user

Fixes:

• Fixed per IP limit check inconsistencies
• SIZE extension for some mail clients
• SMTP logging and SMTP AUTH issue
• Rules Du Jour update procedure

hsphere-mail-service-3-34 is released with H-Sphere System Packages Update

Fixes:

• ClamAV updated to version 0.90.1
• NodalCoreAcceleration option in clamav.conf is set to default
• DCC (Distributed Checksum Clearinghouse) client updated to version 1.3.52

hsphere-mail-service-3-33 is released with H-Sphere System Packages Update

Improvements:

• ClamAV 0.90 introduces lots of new interesting features and marks a big step forward in the development of antivirus engine. Over 90.000 signatures in the database. Main improvements:
  • The availability of scripted updates - instead of transferring the whole cvd file at each update, only the differences between the latest cvds and the previous versions will be transferred.
  • RAR3, SIS and SFX archives support is finally available together with new unpackers and decryptors: pespin, sue, yc, wwpack32, nspack, mew, upack and others.
  • ClamAV now includes better mechanisms for scanning ELF, PDF and tar files.
  • Improved email decoding to reduce both the memory requirements and the time taken to process attachments.
  • On the performance side, implemented support for the MULTISCAN command in clamd, allowing to scan multiple files simultaneously.
  • Support for a new phishing signatures format that has proved very effective in detecting phishing emails. (NOT INCLUDED yet, as this requires configuration with --enable-experimental option).
• SpamAssassin 3.1.8 with a security hole fix.
• SPAMCONTROL Version 2.4.17.
  • GREETDELAY to discourage botnet spam SMTP servers.
  • Extensible logging format.
  • Logging for failed SMTP sessions.
  • Reference badsignatures implementation and additional badloadertypes filter (this part is optimized avoiding using cdbs)
• Added stricthelocheck parameter (options file, disabled by default), which considers HELO command obligatory.
• Added chksignature and chkloadertype (options file, disabled by default), which provide badsignatures and badloadertypes filtering for mail resources with enabled antivirus check.
• Exclusively for testing purposes added includeoriginmsg boolean parameter (options file, disabled by default). It provides full message inclusion in the bounce email.
• Removed expired --badurls spamd option.

Fixes:

• intialization variables in qmail startup file (FreeBSD boxes)
• Added required MIMEHeader SpamAssassin plugin to init.pre conf file
• command line misconfiguration with anti-rbl list and default rblsmtpd mode
• Added set of more stricted file/directory permissions
• Fixed problem with qmail-pop3d daemon which occured in previous mail update and caused high load of IMAP service

hsphere-mail-service-3-32 source files are available at http://www.psoft.net/shiv/HS/bundles/hsphere-mail-service-4-17.tgz

Improvements:

• Added qmail-spp engine aimed to add rblspp plugin
• Added rblspp plugin as a replacement for rblsmtpd. It resolves the RBL check delay problem for successful SMTP authenticated connections
• Additional RBL configuration:
  • allowed addition of anti-RBL source
  • added setting of modes which are allowed by rblsmtpd or rblspp:
    • used a 553 error code for IP addresses listed in the RBL instead of default, 451
    • always considering dns lookups failure as a temporary error, 451
• Extended qmail's pop3 daemon (qmail-pop3d.c) functionality - added seen flag on files in maildir for messages involved in RETR or TOP commands

Fixes:

• Changed SMTP status code in case message size exceeds Internationalized Email Headers draft requirements (from 558 to 552)
• Fixed the problem with SpamAssassin and ClamAV filters for catchall mail resources for some OSs
• Fixed ezmlm and NFS storage

hsphere-mail-service-3-31 is released with H-Sphere System Packages Update

Fixes:

• ClamAV 0.88.7 that fixes a security hole

hsphere-mail-service-3-30 is released with H-Sphere System Packages Update

Fixes:

• Fixed mailbox disk usage calculation with size greater than 4GB
• Fixed formation of X-Envelope header with dot in the user part of the email address
• Fixed local bouncing after unsuccessful remote delivery

Updates and Improvements:

• ClamAV updated to version 0.88.6
• According to AOL (the largest ISP) recommendations, X-Originating-IP header was added
• File locking and NFS storage:
  • now vpopmail & ezmlm file locking is automatically switched off in case of NFS shared storage
  • spamd and clamd supervise are moved to local disk storage in case of NFS
  • Criteria for the 2 above-mentioned modes: presence of /etc/hsphere/lb.id configuration file
• Included OpenProtect's SpamAssassin sa-update channel engine
• Added X-Envelope-To header required by some mail clients (xenveloptoheader parameter is now disabled by default)
• Fixed qmail startup file to avoid hanging during remote service restart

hsphere-mail-service-3-28 is released with H-Sphere System Packages Update

Updates and Improvements:

• SpamAssassin 3.1.7
• Fixed problem with capital letter B in the envelope recipient address.
• Other improvements and fixes included into private hsphere-mail-service-3-25

hsphere-mail-service-3-27 is released with H-Sphere System Packages Update

hsphere-mail-service-3-27 source files are available at http://www.psoft.net/shiv/HS/bundles/hsphere-mail-service-4-17.tgz

Updates and Improvements:

• Fixed problem with recipient email address, which contains space(s) and other denied symbols, if catchall is enabled.

Updates and Improvements:

• SpamAssassin 3.1.5.
• Enabling tcpserver verbose mode only when smtplog equals 2.
• Vpopmail improvements:
  • increased buffer for vaddfilter and vdelfilter utils.
  • correct unlocking open-smtp file when tcp.smtp.cdb is locked

hsphere-mail-service-3-24 is released with H-Sphere System Packages Update

Fixes and Improvements:

• SpamAssassin updated to version 3.1.4
• ClamAV updated to version 0.88.4
• Fixes in Bayes rules engine.
• Moving AWL pluging to init.pre configuration file to provide correct work of this addon.

Fixes and Improvements:

• ClamAV updated to version 0.88.3

Note: hsphere-mail-service-4-11 is included into H-Sphere System Packages Update

Fixes and Improvements:

• Spamassassin updated to version 3.1.3
• Restricted MySQL access to Spamassassin databases (only for localhost)

• Updated components:
  - Vpopmail 5.4.13
  - Spamassassin 3.1.2
  
• Fixed:
  - fixed the issue with mail duplication in case of specific mail alias configuration
  - extended maillog format via smtplog options parameter (including SMTP related notifications)
  - updated security for all mail related users with /sbin/nologin shell
  - changed init.pre SpamAssassin configuration file: when containing "THIS IS DEFAULT PSOFT CONF." string, it is overwritten
  

hsphere-mail-service-3-20 source files are available at: http://www.psoft.net/shiv/HS/bundles/hsphere-mail-service-3-20.tgz

This security release eliminates a ClamAV security hole by updating hsphere-mail-service package 3-19 version.

Note: hsphere-mail-service-3-19 is released with H-Sphere Mail Update

Fixes and Improvements:

• SpamAssassin updated to version 3.11.

Update instructions

Fixes and Improvements:

• ClamAV 0.88.1 security update

Additional Boolean configuration parameters:

• uquotacheck provides message bouncing during SMTP session in case of mailbox quota overflow.
• localtime provides generation of date stamps in local timezones for various qmail programs.

• Logging SPF related info (LOG_MAIL syslog facility).
• Additional SpamAssassin configurable parameters:
  • maxsascore (Score, after which spam messages will be removed; default: 100000)
  • samsgsize (Specify maximum message size, in bytes, to be sent to spamd, otherwise this step will be skipped; default: 250k)
  • satimeout (Timeout in seconds for communications to spamd; default: 600).
• Optimized vpopmail authentication mechanism in mysql mode - dynamic relay settings are stored and read by tcpserver from MySQL DB. Static relay settings remain in tcp.smtp.cdb - this is useful to provide more flexible mail server parameters tuning by setting predefined variables.
• Added opensmtptimeout parameter. It allows to set open relay lifetime, in minutes, after POP-before-SMTP authentication; default: 3 hours.

Improvements and Fixes:

• ClamAV 0.88 security update
• Fixed the issue with APOP authentication
• Added utility to check APOP authentication in console mode (~vpopmail/bin/md5digest).
• Added rcptdnschecks qmail parameter, which similarly to smdcheck parameter checks whether mail domain name of a recipient exists.
• Disabling SpamAssassin Test Plugin (added on Jan 17)

Improvements and Fixes:

• ClamAV 0.87-1 security update
• perl modules and some specific utils are removed from the mail-service package to form separate packages

Improvements and Fixes:

• Fixed the problem with correct identification of mail service package name on FreeBSD. From now on, new mail service package builds will be named like hsphere-mail-service-3-11 for Linux and hsphere-mail-service-3_11 for FreeBSD.
• Fixed a qmHandle utility issue.
• Added export of the PATH variable in the qmaild startup file to provide correct qmaild service handling via the 'service' tool.
• Corrected white list handling by the qmail-smtpd service.

Improvements and Fixes:

• ClamAV updated to version 0.87.
• SpamAssassin updated to version 3.1.0.
• User defined filtering rules for SpamAssassin and ClamAV now override global settings.
• Switched on POP3 traffic calculation (IMAP traffic calculation is enabled with the hsphere-imap-4.0.6-1 package).

Improvements and Fixes:

• Minor fix and improvement in a new mail statistics collection scheme.
• Disabled nesting subdirectories for mailboxes (not domains) whose number exceeds 100 under one domain. Due to this improvement, it is possible to create mailboxes with 1-char names. Also, during mail update nested mailboxes' directories are now being converted to 1 nesting level directory structure.
• Added possibility to switch between the cdb and mysql vpopmail authentication.

hsphere-mail-service-3-8 is a security update. Some vulnerabilities have been reported in Clam AntiVirus, which can cause a DoS (Denial of Service) or compromise a vulnerable system.

Fixes and improvements:

• Updated ClamAV to 0.86.2

Fixes:

• Fixed incorrect content forming of maildirsize file by ~vpopmail/bin/vdomainusage utility in case the former is absent
• Added optional key-value-list parameters to the Received-SPF header field
• Removed stray 'Z' symbol from rblsmtpd logging data
• Switched on logging spamd and clamd information via multilog. ClamAV performs logging via syslog too, though we recommend switching this off, as this will be disabled in the next mail update.

  To see logs for spamd/clamd, execute the following command for spamd (for clamd, do the same):

  # tail -f /var/log/spamd/current | /hsphere/shared/bin/tai64nlocal
  2005-07-05 06:50:32.530893500 2005-07-05 03:50:32 [14404] i: result: . -2 -
  ALL_TRUSTED,AWL,NO_REAL_NAME
  scantime=0.0,size=691,mid=(unknown),autolearn=disabled

Improvements and fixes:

• Updated ClamAV to 0.86.1
• Updated SpamAssassin to 3.04
• Improved mail statistics collection. Now mail_anlz.sh takes detailed mail traffic log from /var/hsphere/mail/logs/stats.
• Accelerated mail disk usage collection. Now it is performed by means of the ~vpopmail/bin/vdomainusage utility instead of "du -sk".
  In particular, the mail_overlimit.pl cron is switched to vdomainusage
• Added/modified qmail parameters:
  • added the sanetcheck parameter to enable/disable network check for SpamAssassin (off by default)
  • added the spamdchildren parameter to specify the maximum number of spamd child processes (10 by default).
  • added the badurls parameter to enable/disable sending any URLs contained in infected messages to the Comodo antispam database (off by default);
    and the urlscnt parameter to specify the number of "bad" URLs to be sent to Comodo (5 by default).
• Added possibility to change facility/level settings for rblsmtpd logs
• White lists now have higher priority than black lists.
  Due to this, it is now possible to set the "*@*.*" email mask in black lists in mailbox antispam preferences to sort out all email addresses not specified in respective white lists.
• Enabled using the "service qmaild start|stop|restart" commands under Linux
• Fixed vpopmail issue with int range overflow for large mailbox quota

Fixes and improvements:

• Updated ClamAV to 0.85.1
• Updated SpamAssassin to 3.03

hsphere-mail2-all-19 updates mail system for the H-Sphere branch 2.4.2.

Fixes and improvements:

• Updated ClamAV to 0.85
• Updated SpamAssassin to 3.03

hsphere-mail-service-3-2 incorporates fixes and improvements to its predecessors

Fixes and improvements:

• Updated vpopmail to 5.4.10
• Improvements in SPF and SRS to handle sending forwards to SMTP servers without SRS support:
  • If a sender's domain does not have SPF record, SRS address rewriting is skipped;
  • If a sender's domain has SPF record, the initial sender policy (fail, softfail, neutral, pass) is checked with regards to the server that has forwarded the message.
  • When the policy on the given message is pass, no SRS address rewriting is made; otherwise, the spfbehavior Qmail control is considered. For example, if the servers allow softfail, SRS address rewriting is also skipped.
• Implemented the MaxScore parameter to filter spam messages to be automatically deleted at the SMTP server level.

  Formerly, there were only three actions on spam messages: remove, mark, and move to. With the MaxScore parameter, all messages whose score will be higher than MaxScore, will be regarded 100% spam, even if the action is mark or move to, and will be deleted by SMTP server.

hsphere-mail-service-3-1 is the next generation of H-Sphere mail system. Starting with H-Sphere 2.4.3, mail service packages are named hsphere-mail-service-3-xx.

Fixes and improvements:

• SPF and SRS
• RulesDuJour - SpamAssassin addon script to automatically updates SpamAssassin's custom rules
• Enhanced functionality of the post/preinstall scripts.
• Fixed the issue with customization of the bounce messages.
• Fixed the issue with logging data of the rblsmptpd utility via syslog.
• Implemented storing of the AWL and Bayes settings for SpamAssassin (SA) during the update.
• Added required perl modules for correct work of the RelayCountry SpamAssassin's plugin.
• Set Unix MySQL socket in DNS configuration in the local.cf SA configuration file

hsphere-mail2-all-17 is an H-Sphere mail service all-in-one package finalizing fixes and improvements to its predecessors.

Fixes and improvements:

• Fixed the issue with customization of the bounce messages.
• Fixed the issue with logging data of the rblsmptpd utility via syslog.
• Implemented storing AWL and Bayes settings for Spamassassin (SA) during mail update.
• Added required perl modules for correct work of the RelayCountry SA plugin.

hsphere-mail2-all-16 is is an update to the H-Sphere mail system.

Fixes and improvements:

• Updated ClamAV to 0.83
• Updated SpamAssassin to 3.02
• Fixed Spamd and Clamd daemon sockets placed in the secure location
• Removed hostname from the spam and virus notification messages
• Fixed SSL issue with chain certificate
• Added support for Bayesian spam filtering in SpamAssassin manager with global "use_bayes" directive disabled by default
• Fixed problem with non-local domains for mail relay servers
• Fixed CatchAll resource issues: added antivirus and antispam check and added real user check in case with multiple recipients
• Autoresponder messages that use only ASCII charset no longer BASE64 encoded
• Fixed issue with stability of the tcp server on FreeBSD boxes
• Improved communication between rblsmtpd and syslogd
• Added support for Auto Whitelist score averaging system
• Added check on necessary encoding of the autoresponders' subject and message

hsphere-mail2-all-11 is an update to the H-Sphere mail system. This version is included into and automatically installed with 2.4.2 Beta 3 update. hsphere-mail2-all-11 introduces more features and fixes and includes updates and bugfixes to mail2-all-9 and mail2-all-10.

• Fixed issue with stability of the tcp server on FreeBSD boxes
• Improved communication between rblsmtpd and syslogd
• Added support for Auto Whitelist score averaging system
• Added support for Bayesian spam filtering in SpamAssassin manager

Fixes and improvements:

• Added Mail-SpamAssassin-3.0.1
• Updated ClamAV to v.0.80
• Updated Courier-IMAP to 3.0.8
• Added customization for the bounce and doublebounce messages
• Added new qmail parameters section 'Bounce message customization' in the Mail Settings menu

Fixes and improvements:

• Removed hostname from the virus notification message
• Fixed problem with non-local domains for mail relay servers
• Fixed CatchAll resource issues: added antivirus and antispam check and added real user check in case with multiple recipients