[AMaViS-user] Release candidate amavisd-new-2.5.3-rc1

There were some recent reports that a mail message with large
and mangled header could cause perl regular expressions used in
parsing a header to exceed available memory due to deep recursion,
and cause amavisd process to crash, letting such messages to stay
stuck in a MTA queue, reporting unsightly 'process went away'
by amavisd-nanny, and leaving behind temporary directories.

It is not a security threat, but is annoying nevertheless,
so I decided to release a last maintenance release of 2.5,
collecting all bug fixes that have accumulated by now, and
leave all new features to 2.6 (to be pre-released soon).

amavisd-new-2.5.3-rc1 release candidate is available at:

http://www.ijs.si/software/amavisd/a...5.3-rc1.tar.gz

Please try it out - I plan to release it in two or three days.
There are no compatibility issues with 2.5.2.



amavisd-new-2.5.3 release notes

BUG FIXES

- fix parsing a SMTP status response from MTA when releasing from a quarantine,
when a MTA response did not include an enhanced status code (RFC 3463),
(such as with old versions of Postfix); failed parsing resulted in
attribute "setreply=450 4.5.0 Unexpected:..." in AM.PDP protocol response,
even though a release itself was successful; reported by Ron Miller,
John M. Kupski, investigated by Tony Caduto and Jeremy Fowler;

- change parsing of addresses in From, To, and Cc header fields, avoiding
complex Perl regular expressions which could crash a process on certain
degenerate cases of these header fields; thanks for detailed problem
reports to Carsten Luehrs and Attila Nagy;

- completely rewritten parsing of Received header field to work around a
Perl regular expression problem which could crash a process on certain
degenerate cases of mail header fields; problem reported by Thomas Gelf;

- harden to some extent regular expressions in parse_message_id to cope better
with degenerate cases of header fields carrying message-id;

- sanitize 8-bit characters in In-Reply-To and References header fields
before using them in Pen Pals SQL lookups to avoid UTF-8 errors like:
penpals_check FAILED: sql exec: err=7, 22021, DBD::Pg::st execute failed:
ERROR: invalid byte sequence for encoding "UTF8": 0xd864

- when turning virus names into a spam report, avoid adding newly discovered
virus (=fraud) names to a cached list if the same names are already listed;
previously the list would just grow on each passage through a cache,
leading to unsightly long lists of spam tests in a report;
based on a patch by Henrik Krohns;

OTHER

- reduce log clutter when certain Perl modules are loaded late, after chrooting
and daemonizing, but still before a fork; now only issue one log entry by a
parent process: "extra modules loaded after daemonizing: ";

- slightly relax e-mail syntax in subroutine split_address;

- fetch additional information (tags) from SpamAssassin: TESTS, ASN, ASNCIDR,
DKIMDOMAIN, DKIMIDENTITY, and AWLSIGNERMEAN, making them available through
macro 'supplementary_info' (if a version of SpamAssassin in use provides
them);

- declared a dummy subroutine dkim_key and new dummy configuration
variables @dkim_signing_options_bysender_maps, %signed_header_fields,
and $sql_partition_tag, also members of policy banks, in preparation
for 2.6.0 - declared now for upwards/downwards compatibility;


Mark

-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/