0.1.12 beta-4

- don't perform multiparted check of sender domain if client is an MX for that
  domain (fix)

- cache cleanup process optimized by 80%

- HELO vs FROM check made more reliable (fix)

--------------------------------------------------------------------------------
0.1.12 beta

- improved multirecipient awareness. It is now possible to build up restriction
  classes within postfix to either explicitly say "check policy service" or to
  make user exceptions. This is important for ISP. This was not possible with 
  previous versions.

- -d debug switch added. In debug mode nothing is sent to syslog but STDOUT
  also it turns on Net::DNS debugging
  It prints some perl/OS/Net:DNS/policyd-weight version infos and configuration
  this switch is NOT FOR USE IN MASTER.CF

- permission/accessibility checks for configuration files added. Syslog if
  either permission denied, or config is world-writeable. Recommended mode is
  0644 and owner root, group root (or wheel on bsd).

- cache outsourced to an own cache daemon. Decreases drastically frequent DNS
  lookups and thus network delays and CPU time.
  For security reasons policyd-weight must not run as nobody or root. Set up
  an own user for that and update master.cf (user=$your_user)
  Several configuration items for the cache have been added

- some scores adjusted to let pass DynDNS MX users with a envelope of 
  foo@bar.dyndns.org
  Also the spamcop score has been lowered

- helo_from_mx_eq_ip_score added

- some more scores adjusted

- FROM Domain vs HELO regex check adjusted

- Process UID check added, policyd-weight must have it's own user. Update
  master.cf

- dynmaic clients whose score cause a REJECT will be rejected with a note:
  "; please relay via your ISP ($from_domain)"

- critical fix: First perform Sender Domain MX lookups. If the Client is a
  MX for that Domain, don't do HELO vs FROM pattern matching.

- Halved the weight of RBL results agains HELO/FROM pattern mismatches.

- removed scoring for HELO == dynamic host regexp check if client address ==
  dynhost check was true. This might (and will) permit more spam to get through.
  But also some dynamic host MTAs which don't use dyndns possibilities.

--------------------------------------------------------------------------------
0.1.11 beta

- (fix) Using of appropriate methods for fetching truncated packets via TCP
  Net::DNS version < 0.50: igntc() (ignore truncated packets)
  Net::DNS version >= 0.50 force_v4() (force IPv4 usage)

- X-policyd-weight header for multirecipient mail is now inserted only once

- Caching of spam-results happens only if no DNS error (timeout) occured

- RHSBL results are appended at the reject-message

- Messages to STDERR end now in nirvana to don't confuse the SMTPD
  STDERR messages caused by a die() end up in syslog

- Config errors end in syslog, if config file couldn't be loaded due to a syntax
  error then we fall back to builtin defaults and append a message to 
  X-policyd-weight header.

- Scores for from_match_regex_unverified_helo and helo_ip_in_cl16_subnet 
  adjusted to let pass msn.com mail relayed via hotmail.com

- Order and scores for RHSBL entries adjusted

- (fix) The special recipients postmaster and abuse pass now with DUNNO instant.
  This was the case for virtual domains.

- (fix) The array for the reverse IP lookup result was build wrong, in some
  circumstances this may lead to an empty array and thus some _badly_ configured
  mailer with incorrect DNS (those with broken forward DNS) may have been 
  blocked.

- (fix) NULL (<>) Sender now pass (RFC compliance)

- LOG_BAD_RBL_ONLY added which logs only successfull RBL hits. If there was
  no RBL hit, but the "good" score was not equal zero, it is logged though.
  Default is 1 (ON).


--------------------------------------------------------------------------------
0.1.10 beta

- Caching of positive and negative results added

- (fix) improved error-handling on DNS timeouts and empty objects.

- code optimizations
  DNS Resolver is created in main
  reverse IP records get fetched only one time

- cosmetic changes (leading tabs substituted with blanks)


--------------------------------------------------------------------------------
0.1.9 beta

- RHSBL support added

- dnsbl_checks_only switch added

- X-policyd-weight: header on/off switchable

- DNSBLMAXSCORE added

- config file support added

- multipart FROM check/scoring added

- Reverse IP == dynhost check added

- Net::DNS retries and retry interval changed

- Net::DNS support for persistant udp sockets added

- Net::DNS igntc option set to on (0.53 has bugs with truncated packets and
  tcp connections)

- minor code cleanups (loops removed, regexps optimized, etc) for
  speedup

- FreeBSD: first GPLed version


--------------------------------------------------------------------------------
0.1.8.1 beta

- set under GPL (http://www.gnu.org/licenses/gpl.txt)


--------------------------------------------------------------------------------
0.1.8 beta

- Return DUNNO in case of IPv6 Clients

- Splitted NJABL to treat dyn RBL listed clients different

- some regex made case-insensitive

- More details for the foreign MTA if HELO checks failed

- Little cleanups for better reading


--------------------------------------------------------------------------------
0.1.7 beta

- REV_IP_EQ_HELO_DOMAIN regex corrected again

- DNSBL scores adjusted

- $total_dnsbl_score added which holds the overall score of positive
  DNSBL scores. This affects HELO/IP verification

- Return message for too many DNSBL hits changed, rbl.org link added
  to this message

- Mails pass now with PREPEND instead of DUNNO and adds a X-policyd-weight
  header containing the detailed score evaluation plus rate


--------------------------------------------------------------------------------
0.1.6 beta

- if HELO IP is in /24 of Client IP then it is treated as helo_ok
  (this cause less false positives for MTAs which use a different HELO
   hostname/IP than MTA's hostname/IP; but are in the same
   domain/subnet - badly written/administrated www mail interfaces are such a 
   candidate)


--------------------------------------------------------------------------------
0.1.5 beta

- Cleanup (@array[0] changed to $array[0])

- regexp for REV_IP_EQ_HELO_DOMAIN corrected (again)

- typos fixed

- HELO_IP_IN_CL_SUBNET made configurable


--------------------------------------------------------------------------------
0.1.4 beta

- checks for dialup HELOs added

- failed HELO checks for dialup HELOs now increase dnsb_hits counter


--------------------------------------------------------------------------------
0.1.3 beta

- regexp for REV_IP_EQ_HELO_DOMAIN corrected


--------------------------------------------------------------------------------
0.1.2 beta

- REV_IP_EQ_HELO_DOMAIN check rewritten. It checks now only the part before
  TLD.
  
  HELO foo.bar.com
  Client Host: blah.bar.com

  It checks now, whether the client or HELO "bar" matches against HELO or client
  "bar".


--------------------------------------------------------------------------------
0.1.1 beta

- REV_IP_EQ_HELO_DOMAIN did not really a domain check, now it does.


--------------------------------------------------------------------------------
0.1.0 beta

- state changed to beta

- some planned knobs removed

- name changed to policyd-weight


--------------------------------------------------------------------------------
0.0.18 alpha 

- changed /24 score to -0.6

- FROM_MATCHES_NOT_HELO gets extra score per DNSBL hit

- if correct MX record for helo, it gets plus -0.5


--------------------------------------------------------------------------------
0.0.17 alpha

- using now MAXDNSBLHITS. Above this level the mail gets REJECTed immediately.

- checking client IP against helo IPs now also tries a /24 check as last resort.
  The results of this check may reduce the score by -0.20.
  A CIDR check will never be performed as this is too expensive.


--------------------------------------------------------------------------------
0.0.16 alpha

- added ix.dnsbl.manitu.net


--------------------------------------------------------------------------------
0.0.15 alpha

- (fix) gettings MX/A records now also asks the MAIL FROM: domain/host
  (reducing "false positives" if client messed up HELO but the from
   domain has correct DNS records and matches client IP)


--------------------------------------------------------------------------------
0.0.14 alpha

- If MX/A query failed, it gets lower scored than MX/A forged

- More verbose output

- If _ALL_ DNS queries returned NXDOMAIN then return with 450 and DNSERRMSG
  when not too much dnsbl listed


--------------------------------------------------------------------------------
0.0.13 alpha

- (fix) getting MX/A records of HELO now also asks parent domains


--------------------------------------------------------------------------------
0.0.12 alpha

- (fix) perl DNS module caused warnings and server misconfigured
  errors when MX record pointed to a CNAME and we treated it
  as A-record (CNAME RR: print $foo->address == error)


--------------------------------------------------------------------------------
0.0.11 alpha

- added dnsbl.org


--------------------------------------------------------------------------------
0.0.10 alpha

- set $VERBOSE to default 0


--------------------------------------------------------------------------------
0.0.9 alpha

- removed all other handlers, since the
  # push @foo, "bar";
  seems to be ignored on some systems (NOTE: '#`-lines should NEVER
  get parsed by perl)
  NOTE: I am dumb. VERBOSE was default 1, and my syslog debug ends not
        in maillog. I thought it ignored the commenting of "testing". 


--------------------------------------------------------------------------------
0.0.8 alpha

- Changed spamcop back to 4 since it would outweight legitimate mails if
  they are accidentially listed in spamcop (happened in the past (gmx, web.de))
  And that is not the purpose of this script.


--------------------------------------------------------------------------------
0.0.7 alpha

- Gave spamcop a score of 8 because it seems reasonable and updated fast
  and is not a DUL list


--------------------------------------------------------------------------------
0.0.6 alpha

- Client IPs which had no MX, A, PTR record at all did not get scored extra.

- tuned scores some more

- unneeded handlers removed from code (cleanup)
