File amavisd-new.spec of Package amavisd-new

# spec file for package amavisd-new (Version 2.6.1)
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via

# norootforbuild

Name:           amavisd-new
BuildRequires:  sendmail sendmail-devel
License:        GPL v2 or later
Group:          Productivity/Networking/Security
Obsoletes:      amavisd-postfix amavis-postfix amavis-sendmail amavisd-sendmail
Requires:       gzip bzip2 lha unarj unrar zoo sharutils perl-Compress-Zlib perl-Convert-UUlib perl-IO-stringy perl-MIME-tools perl-MailTools perl-Archive-Tar perl-Unix-Syslog perl-Convert-TNEF perl-Archive-Zip perl-Net-Server perl-spamassassin file perl-BerkeleyDB perl-Mail-DKIM
PreReq:         /usr/sbin/useradd /bin/hostname /bin/sed /bin/cp /bin/mv %insserv_prereq
AutoReqProv:    on
Summary:        High-Performance E-Mail Virus Scanner
Version:        2.6.1
Release:        41
Source0:        amavisd-new-%{version}.tar.gz
Source1:        sysconfig.amavis
Source2:        rc.amavis
Source3:        README.SuSE
Source4:        RELEASE_NOTES.2.6.1
Patch:          amavisd-new-suse.diff
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%define avspool        /var/spool/amavis
%define avquarantine   /var/spool/amavis/virusmails
%define miltersockdir  /var/run/amavis
%define avuser       vscan
%define avgroup      vscan
# ---------------------------------------------------------------------------

%setup -q -n amavisd-new-%{version}
%patch -p 1
# ---------------------------------------------------------------------------

cd helper-progs
%configure --with-user=%{avuser} \
            --with-runtime-dir=%{avspool} \
	    --with-sockname=%{avspool}/amavisd.sock \
# ---------------------------------------------------------------------------

# create the vscan user in the build system
/usr/sbin/groupadd -r %{avgroup} 2> /dev/null || :
/usr/sbin/useradd -r -o -g %{avgroup} -u 65 -s /bin/false -c "Vscan account" -d %{avspool} %{avuser} 2> /dev/null || :
mkdir -p $RPM_BUILD_ROOT/%{avquarantine}
mkdir -p $RPM_BUILD_ROOT/%{avspool}/tmp
mkdir -p $RPM_BUILD_ROOT/%{avspool}/db
mkdir -p $RPM_BUILD_ROOT/etc/init.d
mkdir -p $RPM_BUILD_ROOT/usr/sbin
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
mkdir -p $RPM_BUILD_ROOT/etc/openldap/schema
install -m 644 $RPM_SOURCE_DIR/sysconfig.amavis $RPM_BUILD_ROOT/var/adm/fillup-templates
install -m 755 amavisd $RPM_BUILD_ROOT/usr/sbin/amavisd
install -m 755 amavisd-agent $RPM_BUILD_ROOT/usr/sbin/amavisd-agent
install -m 755 amavisd-nanny $RPM_BUILD_ROOT/usr/sbin/amavisd-nanny
install -m 755 amavisd-release $RPM_BUILD_ROOT/usr/sbin/amavisd-release
install -m 644  amavisd.conf $RPM_BUILD_ROOT/etc/amavisd.conf
install -m 755 $RPM_SOURCE_DIR/rc.amavis $RPM_BUILD_ROOT/etc/init.d/amavis
ln -s ../../etc/init.d/amavis $RPM_BUILD_ROOT/usr/sbin/rcamavis
install -m 755 helper-progs/amavis $RPM_BUILD_ROOT/usr/sbin/amavis
install -m 755 helper-progs/amavis-milter $RPM_BUILD_ROOT/usr/sbin/amavis-milter
# copy README.SuSE
install -m 644 %{S:3} .
install -m 644 %{S:4} .
mkdir -p  $RPM_BUILD_ROOT/%{miltersockdir}
install -m 644 LDAP.schema $RPM_BUILD_ROOT/etc/openldap/schema/amavisd-new.schema
mkdir -p $RPM_BUILD_ROOT/%{perl_vendorlib}
install -m 644 $RPM_BUILD_ROOT/%{perl_vendorlib}/

/usr/sbin/groupadd -r %{avgroup} 2> /dev/null || :
/usr/sbin/useradd -r -o -g %{avgroup} -u 65 -s /bin/false -c "Vscan account" -d %{avspool} %{avuser} 2> /dev/null || :
/usr/sbin/usermod %{avuser} -g %{avgroup} 2> /dev/null || :

%stop_on_removal amavis

BAKSUFFIX=$(date +%Y-%m-%d)
FQHN=$(hostname -f)
if [ $1 -le 1 ]; then
   AVDOMAIN=$(echo $FQHN | sed 's/[^\.]*\.//')
   if [ -n "$AVDOMAIN" ]; then
     perl -pi -e "s/mydomain =.*;/mydomain = '$AVDOMAIN';/" $AVCF.NEW
     if ! cmp -s $AVCF $AVCF.NEW ; then
       echo "setting \$mydomain to $AVDOMAIN in $AVCF"
if [ -n "$FQHN" ]; then
   if ! grep ^\$myhostname $AVCF > /dev/null; then
      sed -ie "s%^#*[[:space:]]*\$myhostname[[:space:]]\+=.*%\$myhostname = '$FQHN';%" $AVCF.NEW
      if ! cmp -s $AVCF $AVCF.NEW ; then
        echo "setting \$myhostname to $FQHN in $AVCF"
if [ -f $AVCF.NEW ]; then
   if cmp -s $AVCF $AVCF.NEW ; then
     rm -f $AVCF.NEW
     cp --remove-destination $AVCF $AVCF.$BAKSUFFIX
     mv $AVCF.NEW $AVCF
%{fillup_and_insserv -n amavis amavis}

%restart_on_update amavis


%config /etc/init.d/amavis
%config(noreplace) /etc/amavisd.conf
%dir /etc/openldap
%dir /etc/openldap/schema
%dir %attr(0700, %{avuser}, root) %{avspool}
%dir %attr(0700, %{avuser}, root) %{avspool}/tmp
%dir %attr(0700, %{avuser}, root) %{avspool}/db
%dir %attr(0700, %{avuser}, root) %{avquarantine}
%dir %attr(0700, %{avuser}, root) %{miltersockdir}
%doc amavisd.conf-*
%doc test-messages
%doc RELEASE_NOTES.2.6.1

Amavisd-new is a high-performance interface between mailer (MTA) and
content checkers: virus scanners or SpamAssassin. It talks to the MTA
via (E)SMTP, LMTP, or by using helper programs. It works with the
following MTAs:

- postfix

- sendmail (sendmail-milter)

- exim

    Mark Martinec <>

* Tue Oct 28 2008
- Require perl-Mail-DKIM
- (bnc#439292) - amavisd.conf comes with wrong path to clamd socket
* Mon Sep 01 2008
- Don't require unace, amavis does not know about it.
* Wed Aug 13 2008
- fix init scripts
* Tue Jul 01 2008
- update to version 2.6.1
  - avoid a bounce-killer's false positive when a message is multipart/mixed
  with an attached message/rfc822 (looking like a qmail or a MSN bounce)
  and having attached a message with a foreign Message-ID - by restricting
  the check to messages with an empty sender address or a 'postmaster' or
  'MAILER-DAEMON' author address;
  - privileges were dropped too early when chrooting, causing chroot to fail
  - fix unwarranted 'run_av error: Exceeded allowed time' error when using
  a virus scanned Mail::ClamAV;
  - fix a bug in helper-progs/amavis-milter.c where atoi could be reading
  from a non-null terminated string which could result in wrong milter
  return status, or even cause a read-access violation;
  - dsn_cutoff_level was ignored if SpamAssassin was not invoked (e.g. on
  large messages) even if recip_score_boost was nonzero, causing a DSN
  not to be suppressed for internally generated large score values;
  - add back the 'Ok, id=..., from MTA(...):' prefix to a MTA status responses
  on forwarded mail when generating own SMTP status response
  - replaced '-ErrFile=>*STDOUT' with '-ErrFile=>\*STDOUT' in a call to
  BerkeleyDB::Env::new in amavisd-nanny and amavisd-agent;
  - recognize an additional place-holder %%P in a template used to build
  a file name in file-based quarantining.
* Fri Jun 27 2008
- openldap do not contains /etc/openldap anymore
* Wed Jun 25 2008
- update to version 2.6.0
  - integrated DKIM signing and verification
  - loading of policy banks based on valid DKIM-signed author's address
  can be used for reliable whitelisting, for bypassing banned checks, etc.
  - bounce killer feature: uses a pen pals SQL lookup to check inbound DSN;
  - SQL logging and quarantining tables have a new field 'partition_tag';
  - captures SpamAssassin logging, more flexibility specifying SA log areas;
  - collects and logs SpamAssassin timing breakdown report (requires SA 3.3);
  - releasing from a quarantine can push a released message to an attachment;
  - new experimental code for abuse reporting using formats: ARF/attach/plain;
  - TLS support on the SMTP client and server side;
  - connection caching by a SMTP client;
  - amavisd-nanny and amavisd-agent now re-open a database on amavisd restarts;
  - amavisd-nanny and amavisd-agent new command line option: -c count;
  - updated to support source port number in queries;
  - amavisd can send queries either to or directly to p0f;
* Thu Jun 21 2007
- Bug 230822  Amavisd-release Misconfiguration
- update to version 2.5.1
- provides checking the number of archive members against $MAXFILES quota
  even when just listing an archive directory, providing some additional
  protection (besides a time limit) against runaway dearchivers
  (such as a recent Zoo archiver DoS);
- please use the most recent versions of file(1) utility (currently 4.21)
  and recent versions of external dearchivers/decoders to avoid known
  security vulnerabilities in them;
- introduced a variation of a message release from a quarantine, allowing
  a releaser to choose between forwarding a message to the back-end MTA
  port as usual (avoiding re-checking of a message), or to send it to MTA
  on its incoming port (normally 25) and let the message be rescanned,
  which might be useful after adjusting spam rules or antivirus database.
  It is implemented by:
  * adding a configuration variable $requeue_method (also a member
  of policy banks), with a default value: 'smtp:[]:25'
  * extending the AM.PDP protocol with a 'request=requeue' attribute
  which can be used in place of a 'request=release',
  * enhancing the 'amavisd-release' utility program to choose between
  sending 'request=release' and 'request=requeue' based on its
  program name, i.e. by making a soft or hard link to amavisd-release
  (or its copy) named 'amavisd-requeue', the utility will send
  a 'request=requeue' in place of the usual 'request=release', e.g.:
  [#] ln -s amavisd-release amavisd-requeue
  $ amavisd-requeue spam/k/kg2P0rP9Lpu3.gz
  * enhancing amavisd daemon to choose between forwarding a released
  message either to $release_method or to $requeue_method destination
  based on a 'request' attribute value in an AM.PDP request;
- new AV entry: ArcaVir for Linux and Unix, see below for links;
- a new macro 'supplementary_info' gives access to some additional information
  provided by content scanners, such as a provided by SpamAssassin API
  routine get_tag. The macro takes two arguments, the first is a tag name
  (a name of some attribute which is expected to provide an associated
  value), the second argument is a sprintf format string and is optional,
  if missing a %%s is assumed. Currently the only available attributes are
  AUTOLEARN, SC, SCRULE, SCTYPE, and RELAYCOUNTRY. These are nonempty only
  when an associated SpamAssassin plugin or function is enabled.
- fixed quarantining to a SQL database of messages with a null envelope
  sender address (broken in 2.5.0, causing such messages to tempfail);
  reported by Markus Edholm, Vahur Jõlu and Michael Scheidell;
- fixed parsing of certain broken 'From' header fields, which would
  result in a temporary failure and the following logged error:
  check_init2 FAILED: parse_address_list PANIC1 53
  at /usr/local/sbin/amavisd line 3292
  reported by Michael Scheidell;
- avoid encoding nonprintable characters in X-Envelope-From and X-Envelope-To
  header fields in a quarantined message even if envelope mail addresses
  contain such invalid characters, so that a quarantine release is possible;
  (RFC 2047 allows encoding of a 'phrase' in From, To, and similar headers,
  as well as in comments, but not in the address specification);
- avoid unnecessarily RFC 2047 -encoding of 8-bit characters in those
  lines of inserted X-Spam-Report (and similar) multiline header fields
  which only contain ASCII characters; also avoid encoding of newlines;
  reported by Anant Nitya;
- properly recognize PostgreSQL error code 'S8006' and reconnect to
  a disconnected server right away; thanks to Brian Wong;
- call $mail_obj->finish after a SA call to allow for garbage collection
  and removal of SA temporary files;  see:
- avoid nonstandard SMTP status code 254 on discarded malware;
  on discarding turn status 554 into a 250 instead;  violation
  of a SHOULD in RFC 2822 pointed out by Alexander Bergolth;
- an informational log message was reported inappropriately:
  INFO: truncated ... header line(s) longer than 998 characters
  it didn't reflect reality, it was always reported together with the:
  INFO: unfolded 1 illegal all-whitespace continuation lines
- when a SMTP option BODY=8BITMIME (RFC 1652) is not given on mail
  reception, avoid turning it on while forwarding even if mail body
  contains 8-bit characters;  following a garbage-in-garbage-out
  principle, this doesn't break anything that isn't already broken,
  but might prevent later conversion to 7-bit quoted-printable MIME
  by some downstream MTA, possibly preventing signature invalidations
  (DKIM, S/MIME, PGP, ...) - at a risk that some overzealous firewall
  might block a mail transfer;
- fixed a couple of documentation typos/bugs in README.customize
  amavisd-new-2.5.0 release notes
  The 2.5.0 is upwards compatible with 2.4.* versions.
  Nevertheless, default notification and logging templates are
  enhanced to take advantage of new macros and new concepts,
  so it is prudent to update templates if defaults are overridden,
  e.g. $log_templ, $notify_*_admin_templ, ...
- new concept: blocking contents category;
- true per-recipient defanging/sanitation of a mail body (previously
  a true per-recipient handling was available for mail header edits,
  but not for mail body modifications);
- added interface code to invoke Anomy Sanitizer or the 'altermime' program
  allows defanging or adding disclaimers by external utilities on a
  per-recipient basis;
- rewritten SMTP client code: get rid of the troublesome module Net::SMTP;
  new code now supports pipelining, client-side LMTP, IPv6, Unix sockets,
  more reliable error handling, passes on ORCPT parameter, passes on ENVID
  parameter unmangled, is bare-CR-clean, tidier code (no workarounds for
  rough corners in Net::SMTP), fewer context switches (handshake handovers)
  due to pipelining if pipelining is offered by MTA (which usually is);
- makes available pedantically parsed addresses from a mail header:
  From, Sender, To, Cc.  Addresses from mail header may be needed for
  deciding on inserting disclaimers, signing mail (DKIM), custom hooks
  (like 'vacation'-type applications), and other future applications.
  Get rid of inexact parsing by module Mail::Address, provide own parser;
- phishing fraud as returned by ClamAV is now treated as spam, no longer
  as a virus;
- compatible with SpamAssassin 3.2.0;
- enhancements to amavisd-nanny: shows more detailed states of processes;
- enhancements to amavisd-agent: shows average processing times per message;
- extended AM.PDP protocol with an attribute 'policy_bank' which may be used
  in a client's request to require loading additional policy banks;
- add support for 7-Zip archives if external utility 7z is available;
- custom hooks allow custom code to be called at few strategic places;
- penpals can now also match replies which reference previous outgoing mail
  by its MessageID (taking into account References or In-Reply-To header
- new key 'originating' in policy banks generalizes a MYNETS policy bank;
- a documentation rewrite for setting up amavisd-new with Postfix
  by Patrick Ben Koetter (one of the two authors of The Book of Postfix).
  Previous documentation has been renamed to README.postfix.old and will be
  removed in the next version; the new documentation is README.postfix.html,
  and its automatically converted plain text version is README.postfix.
- if a sender is both white- and black-listed at the same time, then
  inserted X-Spam-* header fields were inconsistent, e.g. X-Spam-Level,
  X-Spam-Flag and X-Spam-Status reflected a whitelisted status (no asterisks,
  not a spam), while X-Spam-Score showed 64 points; now whitelisting prevails
  in all X-Spam-* header fields;
- relax argument parsing in amavisd-release to allow releasing of
  quarantine id containing a body hash in a name (%%b in template);
  reported by Ron Rademaker;
- skip a SQL-logging database operation if an associated clause in %%sql_clause
  is disabled, e.g. set to undef or '';  this allows for example to selectively
  disable SQL logging based on a policy bank; thanks to Riaan Kok;
- let LHA decoder (do_lha) recognize also other listing formats, e.g. MS-DOS,
  symlinks, not just plain Unix archives; problem reported by Ryuhei Funatsu;
* Thu Mar 08 2007
- update to version 2.4.5
- Recommended version of Convert::UUlib is 1.08 or higher
  to avoid processing of uninitialized data containing 'random' garbage.
  Note that a security hole in uulib which comes with Convert::UUlib 1.04
  and older is now (as of 2006-12-05) known to be exploitable:
  credits to Jean-Sébastien Guay-Leroux;
- will no longer reply to queries coming from low-numbered
  UDP ports below 1024 or from nfsd port 2049, and will ignore queries
  with nonce longer than 1024 character or containing characters outside
  of \040-\177 range to limit its usefulness as a potential reflector
  for an attacker from internal networks.
- now only binds to a loopback interface by default, instead
  of to all interfaces;  change $bind_addr in to ''
  if is running on a different host from amavisd or from
  other querying clients; suggested by Shaun T. Erickson and Mario Liehr;
- let exit when a pipe on stdin is closed (e.g. when p0f
  is killed or crashes), instead of entering a tight loop; reported by
  Justin Piszcz and Henrik Krohns;
- hard-blacklisting no longer skips quarantining when
  $spam_quarantine_cutoff_level is undefined (or is an empty string);
- restart timer after Sophie times out; previously the next attempt
  would run with no time limit; reported by Nick Leverton and
  Nicklas Bondesson;
- fixed AM.PDP code to always provide smtp-quoted form in angle brackets
  in delrcpt and addrcpt attributes of a response, i.e. in the same form
  as was received in sender and recipient attributes;
- fix error reporting in open_on_specific_fd when POSIX::dup2 fails;
  thanks to Chris (decoder);
- fix signal handling in read_snmp_variables() and register_proc(),
  a signal could previously get lost (not re-signaled) if it occurred
  within these subroutines;
- fixed get_body_digest which incorrectly determined 7- or 8-bitness
  of mail header and body, setting body_type incorrectly (with only
  cosmetic ill-effects);
- AM.PDP protocol: ensure proper address form is used in server response
  attributes 'delrcpt' and 'addrcpt': the same form should be used as
  in 'sender' and 'recipient' attributes. The attribute value syntax is
  specified in RFC 2821 as 'Reverse-path' (i.e. smtp-quoted form, enclosed
  in <>); previously enclosing angle brackets were missing in a server reply;
- documentation - amavisd.conf-default incorrectly stated that a default
  value for $prepend_header_fields_hdridx is 1;  actually the default is 0
  as correctly indicated in release notes; reported by Jo Rhett;
* Mon Nov 20 2006
- fixing bug 218230 - amavisd crashes on start
* Fri Oct 20 2006
- update to version 2.4.3
- fixed a bug (introduced with amavisd-new-2.4.0): when receiving mail
  from MTA through a LMTP protocol (not SMTP) and with D_BOUNCE as a
  final*destiny setting, a suppressed non-delivery notification (e.g.
  spam above cutoff_level) did not turn LMTP status into a success,
  so an undesired bounce was generated by MTA in a post-queue filtering
  setup, contributing to excessive bounce backscatter; reported by
  Michael Scheidell, thanks to Gary V for analysis;
- bug fix to amavisd-release: a regexp needs to be relaxed to allow
  quarantine names like Y/spam-Y5y7A3J5r2Ax.gz, reported by Rob Chanter;
- fix a bug in LDAP lookups which could lead to an infinite loop while
  expanding %%m in the filter; reported by Petr Vokac;
- add "LOCAL_STATE_DIR => '/var/lib'" to the SA object initialization
  for versions of SA 3.1.4 or older, so that SpamAssassin would see
  additional rules provided by sa-update and placed to its default location;
  the SA 3.1.5 provides its own default so this becomes unnecessary;
- bug fix: don't reject mail when mail size restriction is in force,
  the limit is exceeded, and $final_destiny_by_ccat{+CC_OVERSIZED}
  is not D_REJECT;
- treat blacklisting like high spam score when considering suppressing
  quarantining (@spam_quarantine_cutoff_level_maps) or suppressing sending
  a DSN (@spam_dsn_cutoff_level_maps);
- calling do_quarantine() multiple times on the same message would accumulate
  header edits from each invocation, fixed;  (such situation can only happen
  with a modified program);
- when defanging mail or releasing mail from a quarantine, with a goal
  of not breaking DKIM Sender Signing Policy and DomainKeys policy,
  do not copy existing Sender header field to a new header, and insert
  our own Sender field (configurable by %%hdrfrom_notify_recip_by_ccat);
  Note that dk-milter-0.4.1 (dk-filter) incorrectly signs mail released by
  amavisd from a quarantine - presence of X-Spam-* header fields preceded
  and followed by Received header fields makes dk-filter inappropriately
  reorder headers fields before signing. The dkim-milter works correctly.
  The bug has been reported, but has not yet been resolved at this time.
- explicitly set PerlIO layer to ":bytes" on a temporary file handle for
  email.txt (just in case); based on a problem report by Alexander Schäfer;
- in a string produced by a macro %%c remove a decimal dot if score happens
  to be an integer;
- reduce $sa_mail_body_size_limit from 512 kB to 400 kB in amavisd.conf
  and amavisd.conf-sample for the time being, while the SA folks work
  (MS Outlook Express seems to be chopping long mail in approx 500 kB chunks);
- another workaround for Perl taint bug: IO::Handle::_open_mode_string
  taints the $1 when mode string to IO::File::open is '+<', use O_RDWR
  instead; thanks to Ryan Frantz;
- abort if a specified syslog facility name is unknown, instead of
  switching to LOG_DAEMON as before;
- change the code which selects defanging so that defanging is triggered
  if any applicable contents category of a message chooses defanging;
  counterintuitive behaviour reported by Tapani Tarvainen;
- fix example in amavisd.conf-sample to use +CC_SPAM instead of CC_SPAM
  as a key to a hash, e.g. $final_destiny_by_ccat{+CC_SPAM}, otherwise Perl
  would implicitly turn CC_SPAM into a string when used in such a context.
  Note that any Perl expression syntax would do, as long as the argument
  does not look like a plain variable which receives implicit quoting;
  possibilities include $xx{&CC_SPAM}, $xx{+CC_SPAM}, $xx{CC_SPAM()},
  $xx{(CC_SPAM)} and similar; a more obvious &CC_SPAM is avoided because
  it prevents subroutine call inlining optimization in Perl;
- qmail: update amavisd-new-qmqpqq.patch to be compatible with Net::Server
  version 0.91 or later; thanks to mr from DBA Lab S.p.A.;
- AM.PDP protocol: change the order of attributes returned in an reply:
  delete and edit header fields before adding new header fields;
  problem of deleting just-inserted header fields in a sendmail milter
  setup reported by Petr Rehor;
- AM.PDP protocol change - with version 2 of the protocol the following
  changes to the protocol were made:
  * "version_server=2" is provided in a server response as the
  first attribute, older versions did not provide such attribute
  (assumed version on the server side was 1);
  * delheader and chgheader now stand in a response before insheader
  and addheader, assuming that milter MTA will execute these
  in the same order;
  * new attribute: "insheader=hdridx hdr_head hdr_body"
  (where hdridx as used by amavisd will always be 0 for now), making
  it possible to prepend header fields in a sendmail milter setup
  (instead of appending them, breaking compatibility with DomainKeys);
  problem noted by Adam Gibson and Petr Rehor;
  * new attribute: "quarantine=reason"
  place message on hold or to a quarantine maintained by MTA, and supply
  a reason text (e.g. client may call smfi_quarantine milter routine);
  For future use - it is currently (2.4.3 or earlier) never used.
- new feature: "pen pals soft-whitelisting" lowers spam score of received
  replies to a message previously sent by a local user to this address;
- new feature: added command line options to override certain configuration
  settings from a config file, see below;
- documentation bug fixes, especially on the use of SQL data type TIMESTAMP;
- zoo decoder interface routine can now use utility unzoo(1) or zoo(1);
- LDAP.schema: add missing LDAP attribute amavisSpamQuarantineCutoffLevel
  to the list of allowed attributes in objectclass amavisAccount;
  pointed out by Paolo Cravero;
-  Delivery status notifications (DSN) are now supported, both as a SMTP
  protocol extension and in notifications. Header fields like X-Amavis
  and X-Spam are now prepended to mail header for DomainKeys compatibility.
  Configuration variables can be chosen based on mail contents category,
  which is now represented explicitly. A built-in macro expander is enhanced,
  providing new macros and call types. Added support for passive operating
  system fingerprinting with the use of p0f, supplying collected information
  as a header field to SpamAssassin. Provide compatibility with Net::Server
  0.91 and later.
- fix insufficient sender address sanitation when storing quarantined or
  forwarded files as BSMTP files _and_ having a %%s in the corresponding
  *_method template; potential security vulnerability (with limited scope)
  in versions of amavisd-new 2.3.1, 2.3.2 and 2.3.3 discovered by Thomas
- recognize result "ms-windows metafile" (or "ms-windows metafont") from a
  file(1) utility and provide short type 'wmf' for it; added two example
  rules to amavisd.conf (and amavisd.conf-sample) to block files containing
  Windows Metafiles, based on US-CERT Alert TA05-362A;
* Wed Jan 25 2006
- converted neededforbuild to BuildRequires
* Mon Aug 29 2005
- change clamav default setting from unix socket to tcp to be
  compliant with the default settings of the clamav package
* Fri Aug 26 2005
- amavisd does not behave LSB conform with it's return codes of start and stop,
  so work around it in start and stop section of init script
- version 2.3.3 now requires uname(2) to return an FQHN, which isn't
  the case with SUSE Linux; work around it in %%post
* Mon Aug 22 2005
- update to version 2.3.3
* Mon Jul 04 2005
* Wed Jun 29 2005
- update to version 2.3.2
* Tue May 10 2005
- update to version 2.3.1
* Mon Apr 25 2005
- update to version 2.3.0
* Thu Feb 03 2005
- s/X-UnitedLinux-Should-Start/Should-Start/
* Mon Jan 24 2005
- removed arc dependency (deleted package)
* Fri Jan 21 2005
- update to version 2.2.1
* Wed Nov 24 2004
- update to version 2.2.0
* Tue Oct 05 2004
- bugfix: untainting filename in unlink() in function
  files_to_scan(). Without untaint() amavisd-new will
  e.g. fail in case of a message with an attachment that
  has more than $MAXFILES files in it.
* Thu Sep 23 2004
- setting "$final_spam_destiny = D_PASS;" again
- changing /var/run/clamav/clamd to /var/lib/clamav/clamd-socket
* Wed Sep 15 2004
- HUPing no longer possible in version 2.1, using
  amavisd reload instead
* Tue Sep 07 2004
- update to minor maintenance release 2.1.2
  - fixed (hard)black- and white-listing on static lookup tables
  which failed to match any sender; reported by Derck Floor;
  - use $hdrfrom_notify_recip address in the From: field for recipient
  notifications, instead of $hdrfrom_notify_admin; inconsistency pointed out
  by Ekkehard Burkon;
  - the 'neutral' sender notification template was joining the Subject and the
  Message-ID header fields into one longer Subject when it was reporting some
  nondelivery other than the 'invalid characters in header'.  Likewise the
  first body line of this same DSN was eaten up: "This nondelivery report was
  generated by the amavisd-new program" (the problem was introduced in
  amavisd-new-20030616 and never reported);
  - in amavisd-agent, amavisd-nanny, amavisd: extend the signal and error
  handling in code sections holding bdb locks from just ignoring the SIGINT,
  to controlled catching and re-signaling several signals and error
  conditions; problem reported by Tom Mulder;
  - provide new macro %%e which evaluates to our best guess of the originator IP
  address collected from the Received trace, complementing similar macros
  %%t, %%a and %%g; suggested by Gregor Weiss;
  - add the result of macro %%e to the default 0-level log entry;
* Thu Aug 26 2004
- uncomment $unix_socketname in amavisd.conf to be able to
  pipe into /usr/sbin/amavis, which needs to connect to
* Thu Aug 26 2004
- Bugfix: amavisd 2.1.1 still announces itself as 2.1.0
* Wed Aug 25 2004
- update to latest version 2.1.1
- fixed specfile (now needs to additional directories %%{avspool}/tmp
  and %%{avspool}/db
- fixed hardcoded berkeleydb home path to /var/spool/amavis/db in
  amavisd-agent and amavisd-nanny
- added perl-BerkeleyDB to Requires
* Tue Aug 17 2004
- update to latest version 2.1.0 (20040815)
* Mon Jun 28 2004
- Bugfix ID#42381 - amavisd-new reload/restart kills service
  chown logfile to $daemon_user when using file logging instead
  of syslog
- Bugfix ID#42223 - amavis-new spams mail.warn
  do not enable amavisd-new per default in sysconfig.amavis
* Mon Jun 07 2004
- added clamd to X-UnitedLinux-Should-Start in init-script
  (related to Bugzilla ID#41722)
* Fri Apr 23 2004
- Bugfix Bugzilla ID#39293, amavisd-new + bind9 cache
  When using rbl checks etc. in amavisd-new (/etc/amavsid.conf:
  $sa_local_tests_only = 0;   # (default: false)) amavis seems to check for a
  working DNS resolver.  If not present, remote tests are disabled.
  -> added $named to X-UnitedLinux-Should-Start in init-script
* Tue Apr 06 2004
- update to patchlevel 9:
  The P9 fixes few minor problems that P8 introduced, adds more workarounds for
  Perl taint bugs, recognizes SFX LHA archives, supports DrWebD 4.31, The
  helper program amavis-milter.c now checks and properly reports the status of
  all calls to mkdir/rmdir/open/unlink/write, and makes a clear distinction
  between message data and connection data. Please see the RELEASE NOTES.
* Tue Mar 30 2004
- forgot to add the patch for the X-Amavis-Alert changes
* Fri Mar 26 2004
- added sendmail to neededforbuild
- always use the same X-Amavis-Alert header (and not X-AMaViS-Alert on
  one place)
* Wed Mar 17 2004
- update to patchlevel 8
  Improved W32/Bagle-{F,...} detection (password-protected zip archives)
  Bugzilla ID#36041
* Thu Feb 26 2004
- forgot to increase patchlevel in version number
* Fri Jan 09 2004
- update to 20030616-p7
* Thu Dec 11 2003
- add amavis LDAP.schema to filelist (/etc/openldap/schema/amavisd-new.schema)
- deaktivate virus-scanner per default, as this requires one of the
  commercial virus scanners to be installed.
* Mon Nov 17 2003
- update to 20030616-p6
* Fri Oct 31 2003
- Don't build as root
* Fri Sep 05 2003
- security: create own group vscan and put user vscan into
  group vscan as documented in the INSTALL document
* Thu Sep 04 2003
- update to 20030616-p5
  The p5 fixes SQL white/blacklist caching bug, fixes a failure when attempting
  to parse nonexistent Received header field, and few minor details. See the
* Tue Sep 02 2003
- only copy /etc/amavisd.conf, if it had been really changed in %%post
* Mon Sep 01 2003
- added spamassassin to Requires (Bugzilla ID#29731)
* Fri Aug 29 2003
- Add -r option to useradd for systemaccounts [Bug #29611]
* Fri Aug 29 2003
- Add sysconfig metadata [#28812]
* Wed Jul 30 2003
- new macros for stop/restart of services on rpm update/removal
* Mon Jul 28 2003
- added AMAVIS_SENDMAIL_MILTER feature to sysconfig.amavis
- added AMAVIS_SENDMAIL_MILTER to init-script
- updated README.SuSE
- added patch to 20030616-p3
* Tue Jul 01 2003
- do not quarantine spam mails, because the amavisd-new default is to reject
  spam, which I changed to pass and tag, so there's no need to store them.
- set default spam score to 5.0, which is the spamassassin default
- added sysconfig.amavis to integrate into postfix/sendmail as with
* Tue Jul 01 2003
- use --with-milterlib=%%{_libdir} in order to find libmilter.a on
  64bit biarchs
* Mon Jun 30 2003
- initial version 20030616-p2