*** Changes for 1.2.7

- Fix a bug in spam prefix handling.

*** Changes for 1.2.6

- Fix a bug in the config file parser (handling of non-existent tables).

- Use '_' as the sendmail macro to get client address instead of {client_addr}.

- Documentation clarifications.


*** Changes for 1.2.5

- If a spam mail has no subject line and a spamprefix is set, a subject line
  consisting of only the spamprefix is constructed.


*** Changes for 1.2.4

- Proper termination when either the (unprivileged) child process or the
  (privileged) parent process is killed.  Remove the PID file in any case.

- Some minor bug fixes.


*** Changes for 1.2.3

- Bug fix in the config file parser.


*** Changes for 1.2.2

- Reactions can now be temporary, like the following example:
  react on virus add to table blacklist for 1 hour
  If you restart smtp-vilter, it will loose track of the entries, however.

- Corrected typos in man pages and sample config files.


*** Changes for 1.2.1

- New reaction: 'clear from table' to remove the IP address of a sending host
  from a pf table.

- Gather more data from sendmail for better SpamAssassin 3.10 support.


*** Changes for 1.2.0

- Run truly privilege separated and use the imsg framework to communicate.

- Add the concept of "reactions":  Virus senders, Spammers etc. can be added to
  pf tables (only available on OpenBSD).

- Add support for LDAP URLs.

- The backends vilter-savse and vilter-kavd do not exist any more.


*** Changes for 1.1.9

- Use lex & yacc for config file parsing.

- Move compatibility functions to compat/, remove linux/.

- Move user contributions to contrib/.

- Remove a.out support.

- New error-strategy "ignore".  Completely ignore an error.  Useful when
  different backends of the same type are chained and one fails.
  
- Backends can be bound to a specific local address with the "bind"
  configuration command.
  
- If smtp-vilter is started in verbose mode (-v) no pid file is written.  The
  check if the pid file is present is done, however.  Take care not to start a
  second instance of smtp-vilter accidentally.  You can not start smtp-vilter in
  verbose mode if a copy is already running but you can start another copy if
  smtp-vilter is running in verbose mode!
  
- man pages are installed on all supported operating systems.

- Default paths for config files are in /usr/local/etc/smtp-vilter on
  FreeBSD, in /etc/smtp-vilter for OpenBSD and Linux.
  
- New naming scheme for compile time options:  ENABLE_XXX enables feature XXX

- Changed syslog_r() calls to syslog().  FreeBSD and Linux do not have
  them and syslog() is thread safe when openlog() is called before any
  threads are started and with a first argument that is not NULL - and
  the format %m must not be used in syslog() messages.
  
- Added the possibility to take action when we receive virus infected e-mails,
  spam or otherwise unwanted content.  Currently no action has been defined.
  The new commands are 'virus-action', 'spam-action', and 'unwanted-action'.


*** Changes for 1.1.8

- Configuration file paths of backends can be specified in the main
  configuration file for smtp-vilter using config-file commands.
  
- New option '-k' to keep tempfiles (so they can be inspected or analyzed
  with vilter-test).  This option is for debugging purposes only and should
  never be enabled on a production server.
  
- The attachment backend can now scan for Content-Type patterns as well.

- The privileged supervisor process now restarts smtp-vilter when it quits.
  If the program crashes for unknown reasons, it will automatically be
  restartet.  The child process must run for at least three seconds otherwise
  an error condition is assumed and a message is logged in the system log.
  
- smtp-vilter does only fork into two processes when verbose mode is
  not set.
  
- Use bzero instead of memset(p, '\0', size).

- Better memory handling in the program mainline.

- Fixed some bugs in smtp-vilter.c.

- Fixed some bug in vilter-attachment.c.


*** Changes for 1.1.7

- Fixed memory leaks in the attachment scanning backend.

- Changed the set of allowd characters in message boundaries to be
  RFC_3046 conforming.
  
- Fixed memory leaks in the LDAP code.

- The privileged process changes it's process title to [priv].


*** Changes for 1.1.6

- New options "logvirus", "logspam" and "logunwanted" to define
  what gets logged in the extended log.
  
- The clamd backend only writes the "From <sender>" line to the
  temp file when the scantype is filesystem.  If the scan type
  is socket, the "From <sender>" line will be sent over the socket
  right in front of the actual message but using a fake sender.
  
- Removed the "vilter-" from the backend names (but not from the
  file names of the shared libraries).  This means that also the
  names of the configuration files have changed.
   
- New (epxerimental) backend vilter-norman for an upcoming Norman Data
  Defense daemon scanner.
  
- New spam strategy "reject" to reject instead of just discard or mark
  spam messages.
  
- The headers that are inserted into an email have been reworked to be
  more concise.
  
- Each backend gets its own private storage for internal state etc.

- smtp-vilter forks into two processes, one to drop privileges and do the
  work, one to stay privileged and to do the cleaning up after the
  unprivileged process terminated.

- smtp-vilter writes it's PID file before changing the uid and chrooting.

- New backend type for unwanted content.

- Backend may now replace the message body (e.g. to replace or discard
  an unwanted attachement).
  
- New backend vilter-attachment to scan for unwanted attachments (by
  filename pattern).
  
- New strategy "unwanted-strategy".

 
*** Changes for 1.1.5

- vilter-clamd, vilter-savse, and vilter-spamd default timeouts are
  set to 60 seconds.

- Added an example backend, vilter-example, to serve as a starting
  point for new backends.  It documents the backend interface.
  
- New command line utility vilter-test to test backends.

- New strategy: reject.

- Fixed a bug with timeouts, 0 means no timeout.
  
- dlopen() in smtp-vilter only use the major version number when
  loading a backend.
  
- Added keywords and commandline options for connecting to a LDAP
  directory server.
  
- Added experimental support for per-user and per-domain configuration
  stored in a LDAP directory server.
  
- For system logging reentrant functions are used where available.

- If smtp-vilter is started in verbose mode (-v) then log messages
  are displayed on stderr as well as being sent to the system log.
  
  
*** Changes for 1.1.4

- Fixed typos in warning messages.

- New command line option -a to define a prefix for the Subject line
  of messages identified as spam.

- New keyword "spam-subject-prefix" in smtp-vilter.conf to define a
  prefix for the Subject line of messages identified as spam.
  
- Better error handling in the vilter-clamd backend.

 
*** Changes for 1.1.3

- Better handling of clamd responses in vilter-clamd.

- Changed the X-SMTP-Vilter-Spam-Status header to X-Spam-Status.
  Its value ist "spam" if the message has been classified as spam.
  If the message is not considered spam, this header is not added
  (unlike the other X-Spam-... headers which are always added.)
  
- Different handling of virus scanning backends and spam scanning
  backends.
  
- All e-mails scanned by a spam scanner are marked with the following
  spam related headers:
 
  X-Spam-Score:  The spam detection engines spam core
  X-Spam-Threshold: The spam detection engines spam threshhold
  X-Spam-Probability: The probability of a message being spam
  (values < 1: no spam, values >= 1: spam)
  X-Spam-Level: A graphical representation of X-Spam-Score
 
 
*** Changes for 1.1.2:

- Bugfix:  Backend chaining works now as expected, i.e. the next
  backend is only used if the scan result is OK.
  
- Changed the source code directory hierarchy a bit.  "lib" became
  "backend".

- Renamed the backends in the configuration files and documentation
  for consistency.  The naming scheme for a backend is now as follows:
  
  Engine is named "<abc>".  The backend then is named "vilter-<abc>" and
  the corresponding shared object "libvilter-<abc>.<major>.<minor>.so".
  The configuration file names have been changed accordingly.
  
- Added a man page for smtp-vilter.conf.


*** Changes for 1.1.1:

- New backend "spamd" to scan for Spam using Spamassassins spamd.

- Provisions to scan for spam.

- New keyword "spam-strategy" to define what to do with spam mails.
  Possible values are "discard" or "mark".
  
- New command line option -U to define a spam-strategy.

- Renamed the keyword "strategy" to "virus-strategy".

- Added a man page for smtp-vilter.

- New keyword "maxfiles" to set the maximum number of open file
  descriptors.

- New command line option -f to set the maximum number of open
  file descriptors.
  
- Better handling of timeouts while communicating with the scan
  egines.  
  
  
*** Changes for 1.1.0:

- Increased the major version number of all backends due to interface
  changes.
  
- A new security model justifies increasing the minor version number
  from 0 to 1:  Unlike the previous versions smtp-vilter must not
  be run as root.  smtp-vilter can now change its user id and group
  id to user-defined values and it can chroot to a user-defined
  directory.

- Changed the binary mode of the program to 0755 on Linux.

- Fixed a problem with loading the backend shared libraries on Linux.

- New option "chroot-scanrealpath" in the backend configuration
  files:  If  scanning is perfomed by handing over the path name
  of the temporary file containg the message content, the real
  file system path is used instead of the path within the chroot
  jail.
  
- New keyword "tmpfiles" to define options for temporary files.
  Like the "option" keyword, "tmpfiles" can be used repeatedly
  to define the various options.  Currently allowed values are
  "g+r" to create temporary files with group read access and
  "setgrp" to explicitely set group ownership of temporary files
  to the group smtp-vilter runs as.
  
- New command line option -G to create group readable tempfiles.

- New keywords "user", "group", and "chroot" to set the user and group
  as which smtp-vilter is to be run and to specify a directory to
  which to chroot at startup.
  
- New command line option -t to set a directory to which to chroot
  at startup.
  
- New command line option -u to set the username as which smtp-vilter
  is to be run.
  
- New command line option -g to set the group name as which smtp-vilter
  is to be run. 

- New keyword "scantype" in clamd.conf.  Set to "filesystem" to
  perform a filesystem scan, set to "socket" to perform a socket scan.


*** Changes for 1.0.9:

- A new keyword 'option' has been added to the configuration file.

- Uninfected messages are only marked when the option 'markall'
  is set.
  
- A timeout in seconds can be set for the communication between
  the backends and the scan engines (option 'timeout' in the
  config files).
  
- The backend vilter_exit() function is now called.

- New command line option -V shows the smtp-vilter version number
  and exits.

- New command line option -C to set the path to the configuration
  file (with /etc/smtp-vilter/smtp-vilter.conf being the default
  value.)
  
- New command line option -P to set the path to the file where
  smtp-vilter stores its PID (with /var/run/smtp-vilter.pid
  being the default value.)
  
- Better command line processing, fixed a small memory leak.

- Renamed the include file vilter.h to smtp-vilter.h.

- Minor bug-fixes.


*** Changes for 1.0.8:

- New Makefile target dist on OpenBSD:  Create a distribution
  tarball.  Dependency files (.depend) are removed before the
  tarball is created.

- Bugfix:  smtp-vilter ran out of file descriptors under some
  circumstances.
   
- Better handling of situations where sendmail has no milter
  support on OpenBSD.  Print an error message with instructions
  to recompile sendmail with milter support.


*** Changes for 1.0.7:

- New error strategy: tempfail.  If the smtp-vilter backend
  fails (normally because it cannot connect to the virus
  scanning engine) return a temporary failure instead of
  discarding the message.

- Bugfix:  If no error-strategy was defined in the config
  file and on the command line the value was undefined and
  thus also the behaviour.  error-strategy now defaults
  to tempfail, return a temporary failure to the sender.

- Duplicate To, From or Message-Id headers no longer cause
  a temporary failure.
  

*** Changes for 1.0.6:

- New strategy: notify-recipient.  If a virus is found in a
  message, the message body is replaced with a notification
  message.  The default message can be overridden with setting
  recipient-notification in smtp-vilter.conf.

- The LDAP libraries (libldap_r, liblber) are only linked to
  smtp-vilter if WANT_LDAP is defined in /etc/mk.conf.

- More logging with syslog.

- Removed a lot of warnx() calls.  Use syslog() instead.

- The Makefile works with a.out and ELF binary format machines.

- The code can be compiled on a.out and ELF binary format machines.


*** Changes for 1.0.5:

- Renamed the term 'engine' to 'backend'.  The engine is the
  piece of software doing the actual scanning, the interface
  to the engine therefore has been renamed backend.

- Renamed the 'engine' token in /etc/smtp-vilter/smtp-vilter.conf
  to 'backend'.
  
- Changed the commandline option -e engine to -b backend.

- The inserted header "Header X-SMTP-Vilter-ScanEngine" has been
  changed to "X-SMTP-Vilter-Backend".

- clamd is now the default backend.


*** 1.0.4:	Initial public release
