News

BarricadeMX version 2.2-23 is out with some improvements

The new BarricadeMX version 2.2-23 is mainly a bug-fix release but has some additional features as well.

 

 

 

New features:

• Added ClamAV 'INSTREAM' command support introduced in ClamAV 0.95; this greatly improves the efficiency of clamd as only a single TCP socket is required.  The old 'STREAM' method is no longer supported.

• Add new 'mail-strict' option; this enforces a rule that mail from frequently spoofed domains (currently: aim, aol, gmail, googlemail, googlegroups, hotmail, live, yahoo, ymail.com, rocketmail.com and groups.yahoo.com) is only accepted from their home servers (e.g. mail from user@hotmail.com is only accepted from servers with a PTR record containing 'hotmail.com').  This option has worked well in testing; but is disabled by default as it could cause some false-positives; however if 'Click Whitelisting' is enabled; the sender can still whitelist themselves if they fail this test.

• Added 'rfc822-missing-eoh' option to allow for the rejection of messages that do not contain a correct end-of-headers marker.  This option is disabled by default.

• Added 'smtp-drop-dot' option which if enabled will drop the connected client if the message being received was rejected for any reason (e.g. spamd score, URI blacklisting, virus etc.).  This is to reduce system load and prevent the connected host from resetting the session and attempting to send further messages.  This option is disabled by default but is perfectly safe to enable on all systems.

• Per-message bad recipient count has been added to the X-smtpf-Report header.  This is used by the supplied BarricadeMX SpamAssassin ruleset to add additional score to messages that were attempted to be sent to one or more invalid recipients.

• Per-session flag added for SMTP clients that use lower-case SMTP commands, this is used by the BarricadeMX SpamAssassin ruleset to add additional score to messages that have this flag set.  Although lower-case commands are not illegal in the RFC; this behaviour is seen more in spam than non-spam messages.

• Added a SpamAssassin plug-in for BarricadeMX; this uses the X-smtpf-Report to add the smtpf 'Session ID' to the log output produced by spamd to improve log searches.

• DSNs (bounce messages) are now sent in RFC 3464 format (MIME formatted).

• Added support for DNS blacklists that contain full e-mail addresses in MD5 format.

• Added support for the XCLIENT ESMTP extension (see www.postfix.org/XCLIENT_README.html for further information).

 

Bugs fixes:

• Overhaul of MIME API to fix multiple decode and parsing issues.

• Removed 'smtp-disconnect-after-dot' option; this was originally used to prevent duplicate messages but was superseded by the improved duplicate message detection introduced some time ago.

• Updated internal TLD list.

• All DNS lookups are now automatically terminated by a dot to prevent issues with wildcards.

• Limit all DNS list positive lookups to 127.0.0.0/8; to prevent rejecting mail when the DNS list returns an IP address not within 127/8.

• SMTP sessions with multiple resets caused session flag to be cleared allowing messages to be input that should have been rejected.

• Correctly handle messages that have headers, but no body or a message that does not contain a correct body separator.

• Correct call-ahead log message that was incorrectly showing the wrong data.

• Log warning if greylist function returns an unexpected value.

• Fix web interface build_maps.sh utility that breaks after update to CentOS 5.3.

These updates are available now for customers with valid support and maintenance contracts.