|
| 1 | + --\\ Valvula //-- |
| 2 | + The trooper |
| 3 | + 1.0.8 |
| 4 | + |
| 5 | +Advanced Software Production Line is happy to announce a new stable |
| 6 | +release of the Valvula. |
| 7 | + |
| 8 | +Valvula is a OpenSource high performance mail policy daemon for |
| 9 | +Postfix, written in ANSI C, that provides out of the box support for |
| 10 | +sender login mismatch, mail quotas, per user/domain blacklists/white-lists |
| 11 | +and much more. |
| 12 | + |
| 13 | +Valvula is fully extensible through plugins and it is composed by a |
| 14 | +base library (libValvula) that integrates into a ready to use server |
| 15 | +(valvulad) that is able to run different ports with different modules |
| 16 | +so you can connect same valvula process at different points inside |
| 17 | +Postfix policy restriction sections. |
| 18 | + |
| 19 | +Resources |
| 20 | +~~~~~~~~~ |
| 21 | + |
| 22 | + Valvula homepage |
| 23 | + [ http://www.aspl.es/valvula ] |
| 24 | + |
| 25 | + Commercial support |
| 26 | + [ http://www.aspl.es/valvula/commercial.html ] |
| 27 | + |
| 28 | + Advanced Software Production Line, S.L. |
| 29 | + [ http://www.aspl.es ] |
| 30 | + |
| 31 | + Featured project: Core-Admin |
| 32 | + [ http://www.core-admin.com ] |
| 33 | + |
| 34 | +This release in short |
| 35 | +~~~~~~~~~~~~~~~~~~~~~ |
| 36 | + |
| 37 | + - Added new module (mod-object-resolver) to help valvulad engine to |
| 38 | + detect local addresses and domains for especific configurations not |
| 39 | + using MySQL like Plesk. |
| 40 | + |
| 41 | + - Added new policy (deny-unknown-local-mail-from='yes') to mod-bwl |
| 42 | + that allows to deny transactions using valid local domains to |
| 43 | + create forged mail-from addresses. This policy applies by default |
| 44 | + and can be controlled using regular mod-bwl rules. |
| 45 | + |
| 46 | + - Added new API interface that allows registering generic functions |
| 47 | + that are called to resolve if a domain or local address is a valid |
| 48 | + local destination. |
| 49 | + |
| 50 | + - Added generic SQLite interface to allow writing modules using this |
| 51 | + backend (used by mod-object-resolver). |
| 52 | + |
| 53 | + - Several corrections, improvements, doc updates... |
| 54 | + |
| 55 | + |
| 56 | +Changes from previous release |
| 57 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 58 | + |
| 59 | +* [fix] Making mod-object-resolver to also reconfigure |
| 60 | + /var/spool/postfix/plesk/ directory to ensure (chmod o-rwx && chmod |
| 61 | + o+x) so applications can read virtual.db and other root 644 files. |
| 62 | + |
| 63 | +* [fix] Updated regression test (test_05) to check new API added: |
| 64 | + |
| 65 | + - valvulad_run_remove_object_resolver |
| 66 | + |
| 67 | + ..and to test new function introduced into mod-bwl to reject unknown |
| 68 | + accounts targetting known local accounts (deny_unknown_local_mail_from). |
| 69 | + |
| 70 | + |
| 71 | +* [fix] Updated valvula to include a new type of protection to reject |
| 72 | + unknown accounts targetting to known local accounts :: |
| 73 | + deny_unknown_local_mail_from |
| 74 | + |
| 75 | +* [fix] Reorganized valvulad_run_add_object_resolver function to use |
| 76 | + code provided by new function (to remove handler) and make it |
| 77 | + cleaner. API added: |
| 78 | + |
| 79 | + - valvulad_run_remove_object_resolver |
| 80 | + |
| 81 | +* [fix] Updated code to preread and check uid and gid to be used so |
| 82 | + modules can use this information to prepare itself...then, once |
| 83 | + everything is loaded, valvula changes running uid and gid. |
| 84 | + |
| 85 | +* [fix] Fixed mod-object-resolver to avoid changing permissions when |
| 86 | + running uid and gid is 0 |
| 87 | + |
| 88 | +* [fix] Updated valvula engine to keep track about running uid and gid. |
| 89 | +* [fix] Updated log reporting to state if a delivery is local or non-local. |
| 90 | + |
| 91 | +* [fix] Updated mod-object-resolver to configure permissions on |
| 92 | + startup to ensure passwd.db from plesk is correctly accessed by |
| 93 | + valvula. |
| 94 | + |
| 95 | +* [fix] Fixed gid reporting.. |
| 96 | + |
| 97 | +* [fix] Updated valvulad_db_sqlite run query to report uid=, euid= and |
| 98 | + errno in case of sqlite error |
| 99 | + |
| 100 | +* [fix] More updates to fix sqlite3_errstr detection |
| 101 | + |
| 102 | +* [fix] Indented code inside __valvulad_sqlite3_get_error_code and |
| 103 | + added ENABLE_SQLITE_SUPPORT macro to avoid including this code. |
| 104 | + |
| 105 | +* [fix] Updated configure process to detect if sqlite_errstr is available. |
| 106 | + |
| 107 | +* [fix] Added initial code to substitute sqlite3_errstr with |
| 108 | + __valvulad_sqlite3_get_error_code because the former is not always |
| 109 | + available (ubuntu precise, squeeze and lenny has no support for |
| 110 | + such function). |
| 111 | + |
| 112 | +* [fix] Improved error message when valvulad is not able to open |
| 113 | + sqlite3 database.. |
| 114 | + |
| 115 | +* [fix] Updated valvula.spec to include reference to sqlite package |
| 116 | + for centos. |
| 117 | + |
| 118 | +* [fix] More updates to control files (debian/ubuntu). |
| 119 | + |
| 120 | +* [fix] Updated server/Makefile.am to include references to |
| 121 | + sqlite3_libs for libvalvulad (seems to be causing problems in ubuntu |
| 122 | + precise). |
| 123 | + |
| 124 | +* [fix] Updated valvulad to support building mod-object-resolver for |
| 125 | + Centos |
| 126 | + |
| 127 | +* [fix] Adding install file for valvulad-mod-object-resolver |
| 128 | + (debian/ubuntu). |
| 129 | + |
| 130 | +* [fix] Adding initial support for valvulad-mod-object-resolver. |
| 131 | + |
| 132 | +* [fix] added initial documentation explaining how to use valvulad's |
| 133 | + mod-object-resolver. |
| 134 | + |
| 135 | +* [fix] Added additional documentation to explain module activation |
| 136 | + with and without port association. |
| 137 | + |
| 138 | +* [fix] Updated valvulad-mgr.py to support two new functions to enable |
| 139 | + and disable modules without port association. |
| 140 | + |
| 141 | +* [fix] Added initial complete implementation for mod-object-resolver |
| 142 | + (a module that uses new API to add object resolutions that enables |
| 143 | + valvulad to be able to detect domains and accounts that do not use |
| 144 | + mysql interface). |
| 145 | + |
| 146 | +* [fix] Added new regression test (test_02h) to check external object |
| 147 | + resolvers (functions that allows providing resolution support to |
| 148 | + valvulad engine about accounts and domains that are local). |
| 149 | + |
| 150 | +* [fix] Added new functions to support registering an external handler |
| 151 | + that works as an object resolver (account or domain that are |
| 152 | + detected as local). API added: |
| 153 | + |
| 154 | + - ValvuladObjectResolver (handler) |
| 155 | + - valvulad_run_add_object_resolver |
| 156 | + - ValvuladObjectRequest (enum) |
| 157 | + | VALVULAD_OBJECT_ACCOUNT |
| 158 | + | VALVULAD_OBJECT_DOMAIN |
| 159 | + | VALVULAD_OBJECT_ALIAS |
| 160 | + |
| 161 | + |
| 162 | + |
| 163 | +* [fix] Added initial working initialization code to have support for |
| 164 | + object resolvers at valvulad (external handlers that tells if an |
| 165 | + object is a local domain or a local account). |
| 166 | + |
| 167 | +* [fix] Added complete regression test (test_02g) to check new Sqlite |
| 168 | + API added.. |
| 169 | + |
| 170 | +* [fix] Exported hidden function for valvulad main server.. |
| 171 | + |
| 172 | +* [fix] Updated valvulad server to also load modules when requested to |
| 173 | + check for local domain or local account (-l option). |
| 174 | + |
| 175 | +* [fix] added initial working support for valvula SQLite library API. |
| 176 | + Added functions: |
| 177 | + |
| 178 | + - valvulad_db_sqlite_run_query |
| 179 | + - valvulad_db_sqlite_run_sql |
| 180 | + - valvulad_db_sqlite_get_row |
| 181 | + - valvulad_db_sqlite_get_cell |
| 182 | + - valvulad_db_sqlite_release_result |
| 183 | + |
| 184 | +* [fix] Added support to detect and compile valvula with SQLIte |
| 185 | + support. |
| 186 | + |
| 187 | + |
| 188 | +* [fix] Updated regression test_01.c (test_07a) to include new file |
| 189 | + reported but no error was found.. |
| 190 | + |
| 191 | +* [fix] adding test_07a3.conf configuration example to improve |
| 192 | + regression test (test_07a) but no failure found. |
| 193 | + |
| 194 | +* [fix] Upgraded version to compilation.. |
| 195 | + |
| 196 | +* [fix] Adding some more additional debug to mod-mquota to better |
| 197 | + report what is doing when no match was found.. |
| 198 | + |
| 199 | +* [fix] Added more regression tests to test_07 to check mod-mquota.. |
| 200 | + |
| 201 | +* [fix] Added new regression test to check bug reported. Everything ok |
| 202 | + so far.. |
| 203 | + |
| 204 | +* [fix] Added some debug to mod-mquota module to better report what's |
| 205 | + doing. |
| 206 | + |
| 207 | +* [fix] Updated valvulad mysql configuration detection to better |
| 208 | + report it is not able to find right indication (instead of failing |
| 209 | + with a split error). |
| 210 | + |
| 211 | +* [fix] Updated valvula regression test to add more checks to check |
| 212 | + valvula address matching for tld domains |
| 213 | + |
| 214 | +* [fix] Fixed valvula_get_tld_extension to support domains with more |
| 215 | + dots than one ... making implementation more robust |
| 216 | + |
| 217 | +* [fix] Adding additional debug to mod-bwl to trace when rules does |
| 218 | + not match and what parameters were passed.. |
| 219 | + |
| 220 | +* [fix] Updated mod-bwl (varchar(1024) -> "who") |
| 221 | + |
| 222 | +* [fix] Updated regression test (test_00) to check new api to get top |
| 223 | + level extensions. Updated test_05 to check new support included in |
| 224 | + mod-bwl to allow rejecting/accepting top level domains.. |
| 225 | + |
| 226 | +* [fix] Making valvula mod-bwl to allow creating rules for top level |
| 227 | + domains (.com, .org, .us, .top ... for example). This allow |
| 228 | + rejecting or accepting globally, domain level or account level |
| 229 | + complete domain zones... |
| 230 | + |
| 231 | +* [fix] Updated libValvula to include new function to get domain |
| 232 | + extension (to level extension). API added: |
| 233 | + |
| 234 | + - valvula_get_tld_extension |
| 235 | + |
| 236 | +* [fix] More regression test updates.. |
| 237 | + |
| 238 | +* [fix] Corrected postfix configuration variables handling. Updated |
| 239 | + regression test files to ensure it is working right. |
| 240 | + |
| 241 | +* [fix] Fixed memory leaks at postfix configuration parse to |
| 242 | + support/resist those configurations with repeated declarations.. |
| 243 | + |
| 244 | +* [fix] Added additional code to support old mysql postfix interface |
| 245 | + based on select_field/where_field/table/additional. Updated test_02b |
| 246 | + to include a regression test to check this. |
| 247 | + |
| 248 | +* [fix] Updated valvula support to read postfix variables (to load |
| 249 | + mysql indications). |
| 250 | + |
| 251 | +* [fix] Updated __valvulad_run_request_common_object to check |
| 252 | + unallowed characters.. |
| 253 | + |
| 254 | +* [fix] Updated valvulad-db module to include new functions to detect |
| 255 | + unallowed characters: |
| 256 | + |
| 257 | + - valvulad_db_check_unallowed_chars |
| 258 | + |
| 259 | +* [fix] Updated valvula.example.conf to include a good example about |
| 260 | + how to enable mod-bwl debug.. |
| 261 | + |
| 262 | +* [fix] More fixings applied to mod-bwl.. |
| 263 | + |
| 264 | +* [fix] Making mod-bwl to only skip rules that are not local delivery |
| 265 | + they they have "OK" as status to also check if the request we are |
| 266 | + matching to is not authenticated. |
| 267 | + |
| 268 | +* [fix] Added additional debug information to mod-bwl to explain what |
| 269 | + does mod-bwl with generic and specific rules.. |
| 270 | + |
| 271 | +* [fix] Updated mod-slm/mod-slm.c to avoid applying its rules when it |
| 272 | + is found request is a local delivery |
| 273 | + |
| 274 | +* [fix] Updated valvula plugins/Makefile.am to avoid building |
| 275 | + mod-transport for now.. |
| 276 | + |
| 277 | +* [fix] Adding more documentation to about whey OK rules are skipped |
| 278 | + by mod-bwl when it is not targeted to a local delivery.. |
| 279 | + |
| 280 | +* [fix] Updated mod-bwl to report skip rule when non local delivery |
| 281 | + was detected.. |
| 282 | + |
| 283 | +* [fix] Updated mod-bwl to avoid logging some messages if debug is not |
| 284 | + enabled.. |
| 285 | + |
| 286 | +* [fix] Fixed valvula cron to include all needed PATH elements to make |
| 287 | + it find "sed" command (failure found at jessie platform). |
| 288 | + |
| 289 | +* [fix] Updated mod-transport.c (few lines).. |
| 290 | + |
| 291 | +* [fix] Added initial code to implement mod-transport: a flexible |
| 292 | + Postfix map module that helps to create rules that, if matches, a |
| 293 | + particular postfix transport will be applied. |
| 294 | + |
| 295 | +* [fix] Several updates to valvula core to improve sql injection |
| 296 | + protection |
| 297 | + |
| 298 | + |
| 299 | +About Advanced Software Production Line, S.L. (ASPL) |
| 300 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 301 | + |
| 302 | + Advanced Software Production Line (ASPL) provides GNU/Linux support |
| 303 | + and consulting services to enable organisation to introduce |
| 304 | + GNU/Linux into their processes, making other platforms to properly |
| 305 | + interact with it. |
| 306 | + |
| 307 | + You can contact us, using English or Spanish, at: |
| 308 | + |
| 309 | + http://www.aspl.es - [email protected] |
| 310 | + |
| 311 | + We hope Valvula may be useful you. Enjoy Valvula! |
| 312 | + |
| 313 | +-- |
| 314 | +Francis Brosnan Blázquez - [email protected] |
| 315 | +Advanced Software Production Line - http://www.aspl.es |
| 316 | +28th Nov 2017, Madrid (Spain) |
| 317 | + |
| 318 | + |
| 319 | + |
0 commit comments