Change Log perdition Mail retrieval proxy server Copyright (C) 1999-2005 Horms ---------------------------------------------------------------------- 31st October 2007 (Horms) * 1.17.1 - Verify that tag read from end-users is valid - Various Debian packaging updates - Fixed documentation of map_library. Thanks to Anand Kumria. - Revert to using ldap_init() instead of ldap_initialize() which seems to be broken on debian's ldap, 2.1.30. I am not sure what version it works for, if any. http://www.openldap.org/lists/openldap-software/200406/msg00688.html - Make packet and socket handling code in daemon module a separate shared library so its code can be used in daemons written to work with it. ---------------------------------------------------------------------- 22nd June 2005 (Horms) * 1.17 - Added explicit domain option. Brendan O'Dea - Make sure all source files are inculded in tar ball, regardless of what parts of the code are excluded from the build by configure. - Fixed possible buffer overflow in berkely db module Chris Stratford - Option to disable compilation of ldap (latex) documentation - Use ldap_initialize() when compiled against openssl (>=2.0.0) to allow arbitary ldap urls. In particular, ldaps is now supported. - Don't add libraries discovered in configure to LDADD. - Better loging connection failures relating to capabilities on the real-server - Pass asynchronous messages sent by the real-server during authentication back to the end-user - When add_domain is used, allow the depth to which the domain name has leading levels stripped. - Fix gcc-4.0 compile problem. Andreas Jochens - Removed bogus loging that occurs before the logger is fully intialised when debug is enabled. Roberto Suarez Soto - Add link daemon module against socket libraries - Reopen logger so child processes get their own file descriptors - Fix segmentation fault when timeout is set to 0. John Capo - Fix ODBC library detection - Fix printing of server_port ojects (in particular the logging of the outgoing_server option) - Use pg_config for Postgress library detection ---------------------------------------------------------------------- 27th May 2004 (Horms) * 1.15 - I would like to thank Fastmail.FM for sponsoring work on the daemon map code. Horms - Debian packaging updates - Updated TODO - Moved *_makedb into $prefix/sbin from $prefix/bin - No other changes over 1.15beta1 ---------------------------------------------------------------------- 27th April 2004 (Horms) * 1.15beta1 - Fixed some typos. Updated INSTALL. Jay zh - LDAP lookups no long return a bogus leading @ in the username. - Updated LDAP documentation in perditiondb(5) ---------------------------------------------------------------------- 2nd April 2004 (Horms) * 1.14 (The not April-fools release) - No changes from 1.14beta1 ---------------------------------------------------------------------- 23rd March 2004 (Horms) * 1.14beta1 - Fixed a logic bug in Makefile.popmap(.in) where the popmaps would never be built. - Fixed problem with pid file creation on FreeBSD (and others)? zh Jay - Fixed minor memory leak in pid file creation - Fixed segmentation fault in ldap module if the zeroth atribute returned was NULL. Jay Zh - Fixed client_server_specification. It was broken. - Cleaned up wording in sample configuration file - Ged Haywood - The query_key option was documented as query_str (and refered to as query_string in this ChangeLog). The docuentation has been fixed. Rayed Alrashed - Changed ordering of table names in documentation to match the code for the MySQL, PostgreSQL and ODBC modules. Rayed Alrashed - Use uint types instead of u_int types, this should be more portable. Andrew McNamara - Changed PERDITION_DEBUG (no longer defined) to VANESSA_LOGGER_DEBUG Only effects build _without_ SSL. Andrew McNamara - Uniformly use limits.h. Andrew McNamar and myself. See http://www.opengroup.org/onlinepubs/007908799/headix.html. - Don't print ident when making inital log to stdout. - If logs are being sent to stdout, stderr or a file handle, then after parsing of the config is complete add a ident (existing behaviour) and timestamp. If the log fails then send it to stderr. - Replaced server_ok_line option with server_resp_line. Andrew McNamara - Spelling Fixes. Andrew McNamara - Fixed incorrect path to pid file in debian init script that caused the script to fail to restart perdition. Thomas Hager - Don't accept truncated commands - Don't assume that the return of a popmap lookup will be null terminated ---------------------------------------------------------------------- 19th December 2003 (Horms) * 1.13 - Fixed some typographical errors in the documentation. Simon Matter ---------------------------------------------------------------------- 18th December 2003 (Horms) * 1.13beta1 - Added sys/limits.h for ULONG_MAX on FreeBSD. Clement Laforet - Fixed bug in callback functions for user_server_port_t structure. This caused perdition to segmentation fault when the outgoing_server option was used. Thanks to Simon Matter for discovering this. - Fixed bug where user-supplied username was used for db lookup rather than the key derived from the query_string option if it is supplied. Roland Rosenfeld - Added missing documentation. paricularly for pid_file and ssl_ca_* options - Changed ssl_chain_file option to ssl_ca_chain_file - Fixed bug where debian module packages stopped perdition rather than restarting it. Roland Rosenfeld ---------------------------------------------------------------------- 15th December 2003 (Horms) * 1.12 - Debian and Red Hat package's init script will run perdition by default (previously /etc/default/perdition / /etc/sysconfig/perdition needed to be edited to enable perdition) - Updated init information in man page - Fixed configure.in so --disable-ssl should actually work - Tidied up naming of logging macros - Fixed output of makebdb -u - makebdb recreated database rather than adding to it - bdb module no longer appends a spurious "\0" to keys - Better logging of failed gethopstbyname() and gethostbyaddr() calls - Strip trailing whitespace from configuration parameters - Mysql module now works with multiple query keys. Previously it would only ever try the first query key. Jeremy Rumpf - Make popmap Makefile more portable. Pascal Schumacher and Horms - Clarify the way that multiple LDAP servers works. Jeremy Rumpf - Removed line from man page stating that TLS isn't supported - it is. - Handle excaped characters in IMAP quoted strings correctly. Rob Mueller, Jeremy Howard and Horms - Handle spaces in POP passwords. Rob Mueller, Kurian Aerthail, Jeremy Howard and Horms - Make includes in log.h work outside the perdition tree. Mark D. Roth - Postgress module returns correct value (-2) if user can't be found. This allows query strings to work correctly. Timur Khanjanov - SSL Certificate Chain file may be used - Frederic Garzon - Fixed minor install problem relating to man page paths not existing when certain modules were disabled. Edward Rudd - Added Daemon Map. - Added option to configure OK response. - Minor fix to debian init script's option handling. Cameron Moore - Make use of WITH_LDAP_SET_OPTION consistent. Thomas Hager - Added pid file support. Roland Rosenfeld and Horms ---------------------------------------------------------------------- 6th June 2003 (Horms) * 1.11 - Minor clean up of warning about missing root privalges if authenticate_in is in effect. - Minor clean up of per-module check messages in configure - New Debian standards version - Fixed debian init script so it can stop perdition correctly - Removed spurious multi line string literal in ssl.c - Test for Berkely DB >= 4.1. It seems that they interface to db->open() is different as of that version (fools!). - Removed acconfig.h as it is no longer needed - Minor cleanup of ssl check in configure - Fixed minor typo in debian init script - Tidied up ssl variables in configure - Removed spurious multi-line string constant from perdition_verify_result() which seems to cause compile problems on at least Debian HPPA. ---------------------------------------------------------------------- 18th April 2003 (Horms) * 1.11beta8 - Fixed capability command for POP3S - Minor updates to databse documentation for MySQL and ODBC - Flags should now work correcly in the debian init script. Kilian Cavalott - Fixed segmentation fault when using the query_key option with end-users whose usernames are more than 32 characters long. - Fixed parsing of LDAP URLs so that non %s format elements are ignored. Perviously they caused the URL to be treated as invalid. - Fixed ODBC module so that it should no longer segmentation fault when trying to do a query. - Don't check for symbols in libdb.a at configure time, the symbols seem to be different between versions of libdb.a. ---------------------------------------------------------------------- 26th March 2003 (Horms) * 1.11beta7 - Cleaned up imap4_write to not used returned local variables. - Show version when logging options - format string corretly handles username and domain when no domain_delimter is supplied by the end-user. Evan Moore. - Logger is reoppened on SIGHUP. This is particularly useful perdition is logging to a file. - Compliation of each database library may be disabled using configure - Fixed minor SSL include path problem. Bo Bendtsen - Fixed minor documentation error in SSL crt and key files ---------------------------------------------------------------------- 12th February 2003 (Horms) * 1.11beta5 - Return correct tag for server_ok_line broke somewhere in the 1.11beta series ---------------------------------------------------------------------- 7th February 2003 (Horms) * 1.11beta4 - Updated configure.in's download references - Fixed bug in server_ok_line option that caused connections to fail. Found by Marc Langer ---------------------------------------------------------------------- 10th January 2003 (Horms) * 1.11beta3 - Improved handling of real-server certificate validation. Don Kozlowski and Myself - Cleaned up build when compiled without SSL ---------------------------------------------------------------------- 8th January 2003 (Horms) * 1.11beta2 - Fixed handling of POP3 CAPA command - Cleaned up perditiondb(5) man page - Fixed packaging ---------------------------------------------------------------------- 27th December 2002 (Horms) * 1.11beta1 - Added Berkely DB map library contributed by Chris Stratford - Default db file for GDBM libary is now perdition.gdbm.db - Added TLS support. Thanks to Wolfgang Breyha - Fixed error in help and invocation in .spec file of the with-ldap-schema-directory configure option - Use logging convenicence macros provided by libvanessa_logger rather than providing our own. - Fixed bug in username mangling code, whereby the original username could be freed and subsequently become corupted. Effects the --lower_case, -S|--strip_domain and -A|--add_domain options. - Fixed bug where connection to server may be closed twice resulting in an unecssesary debuging message. - No longer missinterpates some ssl shutdowns as errors. - Reconciled protocol numbers when compiled without SSL. Thanks to Yiu - Minor correction to documentation of regular expression back references. Atif Ghaffar - LDAP URL may contain myltiple occurances of the lookup key. David Morton - Increased my autoconf-foo so defines in acconfig.h actually work as expected (with more recent versions of autoconf ?) - Don't complain if there is no SSL object for an io in io_get_ssl() as this is a valid state to be in. - Use string leterals to authenticate with real server in IMAP4 mode. - Tidied up connection logging - Connection logging works after authentication - Reverted default IMAP capability to "IMAP4 IMAP4REV1" as perdition shouldn't assume that real servers support rfc2088. "IMAP4 IMAP4REV1 LITERAL+" may be set as the capability at run time if desired. - Fail if there are trailing command line arguments. - Explicitly set LDAP protocol version Russell Mosemann - perdition_vl has been renamed vl and is no longer global. The logger can be obtained using vanessa_logger_get() if needed. - Use vanessa_logger's (new) convenience macros - Use vanessa_config_file_read() instead of our own - Logic errors in configure script when --disable-ssl was in effect, such that configure would fail if openssl libraries were not installed. - Fixed handling of '#' within regular expression in popmap.re - Fixed potential buffer overflow in token_read() - Tided up perditiondb_ldap_makedb - In debug mode, log the name of the configuration file being used - Added infomration on how to use bind passwords to LDAP documentation. Russell Corker - Allow cipher suite list to be set - Added source port to available escape sequences for query_key - Relog AUTH line periodically - Recommend running configure with --enable-shared So that the map libraries are built correctly. This is the default on many (most ?) systems anyway - Removed Redhat 6.2 specific .spec file - Verify the Common Name of real-server certificates when making outgoing SSL or TLS connections - Removed Redhat 6.2 specific .spec file - Verify real-server certificates using a certificate authority when making outgoing SSL or TLS connections - Verify real-server certificate's common name when making outgoing SSL or TLS connections - Fixed some problems in handling IMAP string literals if they are used for both the the username and password for LOGIN - Log initial errors / logs to stderr not stdout. - Fixed handling of a client not supplying a password to the IMAP4 LOGIN Command - Honour IMAP4 LOGINDISABLED capability - Added options to enforce TLS negotion on incoming and/or outgoing connections. - Added login_disabled option - Different configuration files for different basenames and protocols - Fixed Posix Regular Expression map library so that it handles escape codes properly and tests the regular expressions in the order they appear in the popmap.re, rather than reverse order. ---------------------------------------------------------------------- 17th May 2002 (Horms) * 0.1.10 - May log to stdout or stderr. - Updated debian dependancies - Updated man page dates - Handle empty map library better - Fixed redhat packaging ---------------------------------------------------------------------- 11th May 2002 (Horms) * 0.1.10beta4 - Flush internal buffers for tokeniser when switching between the client and the real server in unauthenticated mode. This resolves a problem with IMAP literal strings not working. - Support non-syncronising IMAP string literals as per RFC 2088 - Correct logging of timeout - Add no_daemon option to perdition - Fixed version information in makegdbm - reinstall of symlinks works on Solaris 7 ---------------------------------------------------------------------- 30th April 2002 (Horms) * 0.1.10beta3 - Uninstall symlinks created by -hook targets in various Makefile.am - Handle the return of an empty string from db_getserver routines - Minor changes to ldap module to use ldap_init as ldap_open is depreciated and to warn about multiple entries being returned. Eric - A child process, or process handling an inetd connection will exit on reciept of a SIG PIPE. - Document that if no_lookup is used then popmaps must not contain hostnames - Better logging of SSL I/O problems - Fixed handling of empty tags - Log an error and exit if TLS support is requested, as it isn't supported yet. - ldap module: If nothing resembling a servername is returned then the search has failed. Previously a useless entry with no servername was returned. - Up dated .spec file and init script to work against Red Hat 7.1 - ldap module: If supported, set the network timeout to 10 seconds Roland Rosenfeld ---------------------------------------------------------------------- 19th April 2002 (Horms) * 0.1.10beta2 - Better logging of problems when connecting to real-servers - Debian init scripts and packaging updated. - Added LDAP schema, perdition.schema This uses the Private Enteprise Number 12856, which belongs to Verge Networks, which intern belongs to the author Horms - -X is no longer a synonym for --lower_case - Addded POP3S and IMAP4S protocol labels - Updated signal handlers to reflect changes in libvanessa_socket - Change UID and GID before forking rather than after - Change process title at different stages of a perdition processes life - Added ODBC perditondb module - Added query keys. ---------------------------------------------------------------------- 14th March 2002 (Horms) * 0.1.10beta1 - Fixed problem with setting ssl_key_file. - Brief documentation for how to generate .pem files for SSL/TLS - Handle systems that don't have socklen_t - Duplicate strings before calling vanessa_dynamic_array_split_str() to avoid strings being truncated in debuging output. - Fixed error in perditiondb_mysql_makedb whereby privelages were always granted to dbPerdition regarless of the requested name of the database. - Free internally allocated memory if something goes wrong in token_read() - Setting ssl-mode to none now actually works - Link ldap code against libresolv if it is present on the system. Eric Fagan - Fix doble frees relating to username_mangle. - PostgreSQL module now has the same alternate column name support as the MySQL module. Matt Prigge - Fixed minor .spec file and documentaion errors Scot W. Hetzel - Added support for Username and Password in LDAP URL Chris Stratford - Code to detatch from terminal moved into libvanessa_socket - makegdbm now compiles with --disable-static. Vyt - compatibility for systems without parse_printf_format() Ronny Cook - Separate .spec files for Redhat and LSB (SuSE) - -I/--imap_capability option so that the IMAP capabilities can be specified more easily. Added to help resolve a problem when using Perdition with Solaris 8 + Netscape 4 + Cyrus IMAPD discovered by Cristalle Azundris Sabon - Fixed problem with quit() segfaulting on solaris and others. This caused perdition to exit if an authentication error occured in pop3 mode - Added additional LDAP documentation. Richard Holbert - Fixed memory leaks in LDAP module - Added optional dmalloc debugging - Use a select wrapper to get around internal SSL buffering issues ---------------------------------------------------------------------- 29th June 2001 (Horms) * 0.1.9 - Added SSL Support - Modified logging semantics to have Connect, Auth, and Close logs suitable for pop/imap-before-smtp. Carlos Canau & Matt Prigge - Added code to log source and destination IP address when in inetd mode. Carlos Canau - Added logging of reread or map library - Removed code that expands % to %25 in LDAP urls as it handles some RFC 1959 compliant URLS incorrectly by expanding out % that shouldn't be expanded. Erik R. Leo - Fixed typo in documentation that refered to log_facility as logging_facility. Matt Prigge - Added add_domain option. Chris Stratford - Documented that there is no implicit ^ or $ in regular expression maps. - Added -X|--lower_case option to convert usernames given by end users to lowercase. ---------------------------------------------------------------------- 9th May 2001 (Horms) * 0.1.8 *** NB: Several options and defaults have changed meaning *** - Fixed Segmentation Fault that occurs when reading strings that have a trainling whitespace during the authentication phase. Thanks to Ronny Cook - Fixed Linking Problems in MySQL, PostgresSQL and LDAP map lookup libraries. - Fixed (minor) casting problems with using various popt calls - Correct handling of litereals quoted with \" characters in IMAP mode. - Removed mutiple calls to dlerror() for a single error - A modified S|strip_domain option such that domain may optionally be stripped for zero or more of: database lookup, local authentication, remote login. - Updated documenation of MySQL module Matt Prigge - Added -U|--username_from_database option to control the use of servernames of the form userdomain. - Added SSL Support - Added logging of successful Authentication - Added logging of reread or map library ---------------------------------------------------------------------- 5th April 2001 (Horms) * 0.1.7 - Red Hat init script reports status correctly - Fixed minor spelling errors in documentation - Added missing library symlings to spec file - Server ok line option fixed. Was expecting arguments when it has none. - Added -lresolv and -lvanessa_logger to build for perdition itself to fix compile problems under solaris - Added ability to specify columns in MySQL module Geoff Mitchell - Running perdition.pop3 and perdition.imap4 now automatically runs perdition in POP3 or IMAP4 mode respectively - Added connection logging to interaction between perdition and clients may be logged for debugging purposes - UID in LDAP URL now specified using %s instead of %25s (Chris Stratford) ---------------------------------------------------------------------- 9th January 2001 (Horms) * 0.1.6 - Fixed Bug in specifying port of PostgreSQL server. Thanks to Michael J. Maravillo. - Fixed Bug in reporting of reauthenication failures in IMAP4 mode Thanks to Mike Shirobokov - Added logging to libtcp_pipe that is activated by running perdition in debug mode - LDAP popmap access support added courtesy of ChrisS - Fixed compile time dependancies on PAM - Added sysconfig file to control init script - Split mysql, posgresql and ldap libaries into separage rpm packages so perdition can be installed without the dependancies that these bring. - Added IMAP4REV1 to IMAP4_CAPABILITIES in imap4_write.h to fix incompatibility with Outlook 5. Thanks to Valtteri Vuorikoski - LDAP popmax fix for values with only one attribute courtesy of Jeremy Nelson - Added perdition_LDFLAGS = -Wl,--rpath -Wl,@prefix@ to perdition/Makefile.am to aid finding modules. (Removed because debian doesn't like it,) Thanks to Arvid Requate - Added NIS map, thanks to Nathan Neulinger - Removed uneccessary macros in config parsing code - Fixed freeing of structure for default server - Tidied up build and added debian directory so debian packages can be build. - Bind Address now dictates source address for conections to real servers - Greet with reverse DNS of bind_address if given. An option is supplied to disable this behaviour - Added quiet option which allows for logging only of (fatal) internal errors - More powerful configuration file parser. In particular empty values may be specified and # (hash) characters may be in keys or values. - Buffered reads from client during authentication (and about time too) - Empty passwords are accepted. This is a mechanism, not a policy. - Syslog facility or file may be specified for logging - Added some man pages. - Added debian package support. ---------------------------------------------------------------------- 2nd May 2000 (Horms) * 0.1.5 - Removed bug that caused 0.1.4 not to background when in stand alone mode. - Fixed potential buffer overun problems in perditiondb_mysql - Added dbhost configuration parameter to perditiondb_mysql - Ported perditiondb_mysql to perditiondb_postgresql - POP3 now quits cleanly - Will now build on systems without gdbm headers. ---------------------------------------------------------------------- 15th April 2000 (Horms) * 0.1.4 - Updated perditiondb_mysql so it no longer used the depreciated myslq_real_connect. Thanks to Krzysztof Sierota for the patch. - Removed missing define that prevented copilation without pam - Logs local address connected to as well as client address when in stand alone mode. (Logs address bound to on Solaris) system_uname global documented for perditiondb use peername and sockname global added and documented for perditiondb use - Tidied up a few minor build problems under FreeBSD 3.4 ---------------------------------------------------------------------- 20th March 2000 (Wim Bonis ) - A map can give a answer including a new username The map can return [username@]servername[:port], The backend server is the contacted via this username - The Regex Map can now expand Variable in the for $n eg. a map "([^.]*)@([^.]*)\.(.*): $1_$2_$3@realserver" will expand a username "bonis@solution-service.de" to "bonis_solution-service_de@realserver" ---------------------------------------------------------------------- 8th February 2000 (Horms) * 0.1.3 - Options structure is now global - Configuration file support added - Logs Client IP address when not in inetd mode - Logs bytes read and written by client - Added option to limit the number of simultaneous connections. - Added an option to enable binding only to interfaces with a specific address - Made db (popmap) access library based so arbitrary methods can be supported. - Added posix_regex map library - Added support for round robin selection of default servers - Aded mysql map library - Removed some memory leaks that occured when mutilple failed login attemts occured - Requires libtool >=1.3 to build (grumble) - An option to return real servers "+OK" - Should now run on Solaris 7, thanks to Sun for some hardware to test this - Added debug option, defualt debuging is now much less verbose - Fixed bug in vanessa_socket_str_is_digigt so it actuall works and as a result changing uid and gid also now works ---------------------------------------------------------------------- 14th November 1999 (Horms) * 0.1.2 - \" is ignored duting authenticatin phase. Netscape seems to put these in during imap authentication. ---------------------------------------------------------------------- 10th November 1999 (Horms) * 0.1.1 *** NB: Several options have changed meaning between 0.1.0 and 0.1.1 *** - Added default server option - Added option to strip domain - Added option to set user, domain delimiter - Added multicharacter user, domain delimiter support - Passwd is no longer logged (Argh this was supposed to be for testing - Doesn't exit after accept as the error may be transient - Set SO_REUSEADDR to avoid bind problems when restarting - Use writev to write when multiple strings are written at once - Cleaned up uninitialised variables - Cleaned up definaition of golbal variable for pam authentication - Zero timeout sets no timeout (will wait ifinitely for input) - Doesn't log Exiting on Signal for non-signal driven exits *** NB: Several options have changed meaning between 0.1.0 and 0.1.1 *** ---------------------------------------------------------------------- 12th October 1999 (Horms) * 0.1.0 - IMAP4 protocol support - Fixed bug were port wasn't closed cleanly on exit on failure - Fixed bug where perdition would loop if client died unexpectedly - Idle timeout, default 1800 seconds - Support for user host and port specification using user@host[:port] patch courtesy of Daniel Roesen - Detects if connection is from itself and closes connection - Beginings of test suite written - Fixed bug that caused init script to report failure under RH6.0 ---------------------------------------------------------------------- 29th May 1999 (Horms) * Initial release (0.0.0)