0.4.6 New feature: New configuration file parser New scoring mechanism allows users to modify scores for each DNSBL, including negative scores. 0.4.5 New feature: Synspam now uses the Netfilter xt_osf module. If your kernel is >= 2.6.30, chances are that this module can be loaded and used. See README for more information. A score is attributed to windows boxes, be careful not to change it, you might get false positives with some exchange servers ;-) A new script has been added: synspam_fw.sh which is in charge of loading and unloading iptables rules Arguments can be passed to the command line. Bugfix: Added a EUID check. 0.4.0 New feature: Synspam now checks both A and PTR records to be sure, the source ip doesn't have a reverse which belongs to another network. This is a technique used by spammers to bypass some spam filters. Improvment: INSTALL file updated with kernel support needed for synspam 0.3.6 Improvment: * Connections filtering code refactoring: further targets may be added in the future. Please note that configuration file has changed, instead of reject = 1, use filter = reject or filter = drop. Otherwise synspam won't start. * synspam-report: script now has new functions: average reject score, average accept score no longer makes correlation between spamassassin and synspam, this isn't our job, definitely. Bugfix: * added an extra check at startup to prevent success message to be printed when synspam segfaults 0.3.5 New feature: User can choose between dropping packets or rejecting them. That means that instead of simply discarding packets, synspam can send a TCP RST to the source IP so port 25 won't appear filtered but closed. It's possible to start synspam in foregroung or daemon mode. Default is daemon mode. Improvment: INSTALL updated with new iptables rules new ipinhostname score variable to adjust score 0.3.2 Bugfix: synspam now detects reverses with "ip in hostname" independently from "dialup" words. 0.3.1 Improvment: New client word in botnet regexp. Better detection of public IP addresses with a localhost reverse. 0.3.0 New feature: A blacklist and whitelist mechanism has been added. You can easily filter hosts to improve synspam treatments. Examples are given in synspam.conf comments. A perl library, NetAddr::Lite, is needed. Improvement: README updated with NFQUEUE related information 0.2.6 Bugfix: New way to bind to nfqueue should prevent errors on start or restart. 0.2.5 Improvement: The NFQUEUE mechanism is now used, it means you can have more than one queue on your system. Big thanks to Michael Kühm and Pierre Chifflier. 0.2.1 Improvement: The debug mode can be activated from config file now (default: off) The "clientwords" regexp has been improved A new regexp has been added : synspam now checks if reverse contains ip address. 0.2.0 Improvement: The synspam-report shell script has been tidied New feature: * Synspam now uses a configuration file to load its parameters (dnsbl, scores, dry run mode), parsing made via the AppConfig module 0.1.2 Bugfix: * added checks in sa-stats-ng to prevent illegal division by zero Improvement: * less verbose log messages * updated iptables rule so it no longer queues localhost connections * synspam-report now checks for sa-stats-ng availability before running it and does not create temp files any more. 0.1.1 Bugfix: * new algorithm to drop connections 0.1 Initial release