Schleuder/ documentation/ v2.2/

changelog

Please note: This ChangeLog is meant to help users and administrators of schleuder-lists and the underlying servers. It skips some minor or rather internal changes. If you want the full package please read the git log.

Version 2.2.4

New

  • New command: sign-this. Publish fingerprints signed by the schleuder list's public key!
  • Add support for multiple plugins directories.
  • Allow logging through syslog.
  • Allow list log files to be in the same directory.
  • Allow list config to be in the same directory.
  • schleuder-newlist: Enable passing group. This allows us to pass an extra group in environments where different schleuderlists run with different users.

Changed

  • Fix setting mime-variant in ADD-MEMBER. Breaks giving multiple arguments to a keyword separated by blanks. Only comma (",") and semicolon (";") are recognized as separating characters now (e.g.: "X-GET-KEYS: 0xDEADBEEF, 0xF00BA4").
  • Allow keywords to be written in lowercase. Until now the "X-"-prefix had to be uppercase.
  • Fix setting file-permissions for lists_configfile.
  • Fix: do not subscribe already subscribed members.
  • Fix display of list members
  • Better wording and more information for list admins.
  • schleuder-newlist: Adjust keylength to Debian trends (4096 instead of 2048 bits).
  • Fix broken member file created by interactive newlist.
  • Wrap output of check-expired-keys at 72 characters.
  • Fix check-expired-keys warning period (now actually 2 weeks).
  • Improve formatting of syslog output for lists.

version 2.2.3

Changed

  • Fix recognition of signatures from "inline"-signed multipart-messages.

version 2.2.2

Changed

  • Mark whole "inline"-encrypted multipart-message as encrypted/signed if all parts equally are.

  • Much improved automatic charset- and mime-type-detection for incoming "inline"-encrypted messages.

  • Better recognize inline-encrypted-binary attachments.

  • Fix bin/schleuder-newlist.

  • Fix bin/schleuder-fix-gem-dependencies for older versions of rubygems.

  • Fix and greatly improve the man-pages and examples.

  • Exit cleanly upon cancelling.

  • Verify that "realname"-attribute for OpenPGP-key is >4 chars. (GnuPG requires this.)

version 2.2.1

Technically neccessary bugfix release, no functionality changed.

version 2.2.0

New

  • New Keyword: unsubscribe. Removes the member associated with the key which signed the incoming message from the list. This helps list-admins to restrict the DELETE-MEMBER-keyword to admins but still enable users to unsubscribe themselves.

  • Script to help migrating lists from v2.1 to v2.2

  • New dependencies: ruby-filemagic, highline

  • key_fingerprint for members. Explicit key-binding for members. In members.conf you can now specifiy which key to use for each member. This is not meant to support shortcomings in key-administration (failing to include email-addresses into key-UIDs) but rather to ensure the use of the right key regardless of possible address-matches in the keyring.

  • key_fingerprint for list, eases lists' key lookup and aids against lookup collision problems. Also helps with list-key transitions.

  • New config-option: receive_from_member_emailaddresses_only. This allows one to configure a list in a closed down manner, where not yet everyone is using GPG and the receive_authenticated_only can't (yet) be used.

  • baseconfig option for executables: allows to use alternate configs than the one in /etc/schleuder/.

  • List-archive: Schleuder can now archive any messages sent to its listmembers. It will archive the messages in a subfolder archive in the list directory organized by the current day. This is also the first shot of an archiver class which should provide a convenient access to such archived messages.

  • Log4r-based logging: Configurable logging (syslog, io, file). Logs go by default still to listdir/list.log. Removed logging, log_rotate_keep and lists_logfile.

  • A gemspec.

  • Plugin to expose a keyword to report the version of schleuder, that the current list is running on.

  • man-pages (from the debian-package, thanks to Jérémy Bobbio!).

  • Domain-aware namespacing for lists: Lists now should reside in a subdirectory named like the domain-name. (As a fallback the old lists-dir is searched if no list is found.) Also the list-name now equals the list's address and should be given as argument when calling bin/schleuder.

  • keyword_notify_admin: Plugins now implement commands by keyword-name and need to specify a plugin_type: :list or :request. keyword_notify_admin sends a copy of the request-plugin-reply to the admins if listed request-keywords are met.

  • receive_admin_only: If true only emails that are encrypted and validly signed by a list-admin's key are accepted for the list. Others are bounced. This is useful for newsletters.

  • listname-request, for config-related commands: Messages to listname-request@hostname will not be forwarded to the list, independent from the result or recognition of the keywords or commands. Sending those requests to the list-address ist deprecated now. One exception: The resend-commands must be sent to the list, it will not be accepted in messages to listname-request. Resending is part of the list-communication and should take place in the open.

  • listname-owner@hostname: a forward to adminaddr.

  • List-Post-header: Included into the include_list_headers-option.

  • List-Help-header: Simple link to website.

  • max_message_size: Measured on the raw incoming message in kilobyte.

  • smtp_port-option for outgoing smtp-connections.

  • Try to detect auto-replies and forward to admin.

  • Easy error message on unusable public key. Contributor: henning mueller.

  • Add Mime-Version-header to outgoing emails.

  • New contrib: script to check for expiring keys, to be run from cron.

Changed

  • Fix bounce-detection: Don't match mails sent by cron daemons by looking for X-Cron-Env in the headers.

  • Improved bounce-notification: Now includes the originally incoming messages as attachment.

  • Ignore invalid keys when looking up keys to use for encryption or member identification.

  • Improved error messages for various situations.

  • When finding members based on an incoming signature, compare keys, not addresses.

  • ListConfig::admins is a list of Members now.

  • Ignore text/html-parts in non-pgp/mime-messages. Under some circumstances some MUAs (Thunderbird) hide ciphertext in QP-encoded HTML, but handling that is beyond sane operation.

  • Use full fingerprint as key identifier.

  • Changed members-keywords: now more member-focussed. The commands now focus on the member, not on the storage. Please welcome ADD-MEMBER, GET-MEMBER, DELETE-MEMBER and LIST-MEMBERS. ADD, GET and LIST now also give information about present keys to the requested address(es). (Detailed description to follow.)

  • Changed key-management-keywords: GET-KEY and DELETE-KEY (no change in functionality). SEND-KEY and DEL-KEY are now deprecated.

  • Include expiry-information in LIST-KEY-output.

  • Split keywords at blanks, too: Keywords don't need to be separated from their argument by a colon, white-space also works now.

  • Enable multiple matches for send-key: Subscribers can now request multiple keys at once by specifying an argument to X-SEND-KEY that matches all the keys wanted. To request all keys use a single dot as argument.

  • Enable use of multiple key-commands: This enables users to exchange their own key by writing both, del-key and add-key into one email. It comes at the cost that we need to change the way we determine whom to reply to: before we looped over the list of members to find the key that matched the signing key; now we loop over the list of uids to find the member. That gives more power to the key, and by that to the user.

  • Renamed contrib/newlist.rb to bin/schleuder-newlist.

  • schleuder-newlist: Don't echo passphrase to terminal

  • Check for member's public key not being expired before using.

  • Check for each member's email-address being non-empty, ignore otherwise.

  • More verbose error messages in metadata.

  • Nicer log messages on sending errors.

  • Work around '$keylength$keytype/'-prefix on key-ID. Some people like including length and type of key when giving a key ID ("2048R/DEADBEEF"). This fix makes schleuder splits at slashes and take the last part.

  • Improved error handling on admin notifications: Up to now, notification of admins could have produced errors which would have been directly exposed to users. Now, we first try to notify the superadmin and only in a severe failure print a nicer message to the user.

  • Don't enforce encryption on superadmin notification: Up to now schleuder required encryption to notify the super admin. However, for this address there is likely no key in the keyring or it is by intend an address without any encryption. And if the superadmin is notified, there is likely something seriously broken with encryption.

  • Fixed endless loop on double listadmin key: If there were more than one key for a listadmin we triggered an error which should have notified the admin. However, notification failed as well due to the multiple key problem, which triggered another error. And so on.

  • Append public footer if not empty and suffix newline: public_footer might lack a final newline which might cause problems with mime-part-separation.

  • Fixed clear-signing: QP-encoding for text/*-parts (RFC 3156 requires no trailing white-space); always consider a newline might already be CR-loaded.

  • Fixed binary pgp-inline-attachments.

  • Fixed too big regexp problem: Messages bigger than a certain level caused problems when we wanted to substitude the part that is signed.

  • Better workaround for ruby-gpgme-1.0.8 (for use with gpgme-1.2).

  • Fix newlist.rb for ruby-gpgme-1.0.8.

  • Ruby compatibility fixes for >=1.8.7.

  • Fixed truncating of QP-encoded emails (closes the clipping bug).

  • Catch invalid resend-addresses.

  • Store member-address only if it's a valid one, else log error.

  • Re-enable writing bounce message to MTA.

  • Dump original message on encryption failure, not cleartext.

  • Let admins trigger special commands (plugins), also if not listed as members.

  • Use superadminaddr as envelop-sender (bounce-target) for emails to admin.

  • Nicer and cleaner log-messages.

  • Improved code-style and exception-handling.

version 2.1.1

New

  • Implement openpgp-headers

  • Introduce rfc-compliant list-id header

Changed

  • Only add prefix_out once: prefix_out was added for each recipient for which the mail was resent. This also fixes empty spaces being added to the subject when prefix_out was empty. (Jérémy Bobbio)

  • Also protect prefix_in from being added multiple times (Jérémy Bobbio)

  • Only log 'adding prefix' when actually done (Jérémy Bobbio)

  • Don't set empty charset: This fixes also parsing problems for TMail if such a mime-part comes in (see the "recognition of nested signatures"-bug).

  • Restrict lookup pattern for emailaddresses: If 2 keys existed in the keyring one for a@bar.com and one for fooba@bar.com we found 2 keys for a@bar.com and failed. Wrapping <> around the pattern if it represents an emailaddress fixes this bug.

  • Fix Crypt#delete_key()

version 2.1.0

Removed

  • No key-attribute for members anymore. It was a feature to work around bad practice, which we don't want to support any further.

New

  • Also match uid.name to find a key: Some people write their address into the name-field of the key, instead of the email-field. That behaviour is not encouraged, but worked around.

  • Finer restrictions on receiving of emails: You may now specify to allow only encrypted (receive_encrypted_only), signed (received_signed_only), or member-signed (receive_authenticated_only) emails to be sent over the list. Other emails will be bounced. The variable allow_plaintext_receiving has been removed.

  • Basic log-rotation: list-logs are rotated daily and kept for a configurable number of days (log_rotate_keep)

  • smtp_host configurable: You may now specify a different host to connect to when sending out mail.

  • X-SEND-KEY: $gpgid: New keyword that sends you the public key of a list-member

  • keywords_admin_only: List option to restrict specific keywords to the list-admin. This way you can use schleuder for more anonymous lists which shouldn't be open to list-members. We're loosing the possibility to bar the admin from using specific keywords, but that's a cheap price, I think.

  • Prefix member-signed emails: you may no specify a subject-prefix for emails validly signed by a list-member. Using all three prefix-configuration options you can now tag every email going over the list like with other list managers.

  • prefix_in: Insert prefix_in to subject if no valid listmember-signature is found

  • prefix_out: Insert prefix_out to subject if recipient is not a list-member.

  • Two mutt-config pieces: A helper to insert RESEND*-lines and some colors for meta-data

  • A script to automate list-migration from schleuder-1.x to schleuder-2.x (schleuder-migration-helper.pl)

  • Bounce on DecryptFailed: If a messsage cannot be decrypted it is bounced with a short explanation

  • Catch bounces: Incoming bounces no longer are distributed over the list but only forwarded to the list-admin

  • keep_msg_ids: List option to pass/populate In-Reply-To- and References-headers with (previously) self-generated Message-ID's. This enables threading in MUAs without revealing much information.

Changed

  • resend-keyword: allow also blanks and semicolons as address-separators

  • Allow for multiple admins: adminaddr now needs to be an array.

  • allow_plaintext_receiving has been removed, see below on receive_encrypted_only.

  • allow_plaintext_sending renamed to send_encrypted_only (in favor of a more consistent variable naming scheme).

  • Only distincly matching key-IDs allowed: Whenever schleuder detects that a given address or pattern is matching more than one gpg-key it will refuse to use any of them but inform the admin, that there's a problem. Until before schleuder simply used the first matching key, which is an invitation to misuse.

  • List-public-key-request via address-extension: Instead of "Subject: send key!" and empty body you now need to send an email to listname-sendkey@host to receive the public key of the list. That hopefully will work better for many users than the old concept. (The old request-trigger is still usable as legacy feature, and will be removed in some later release.)

  • headers_to_meta: Information on incoming email (encryption and signature status, sender -- aka meta-data) is now inserted in the beginning of the encrypted content (or prefixed as own mime-part) and is configurable.

  • Inserted strings as own mime-part: Meta-data and public-footer are added as as own mime-part if first mime-part/body is not text/plain.

  • Better logfile-dumps: The dumps are now filtered to include all relevant lines but not more. Implementation is now in pure ruby (no grep anymore)

  • Improvements for newlist.rb: The helper script can now be executed from a non terminal, as well got minor fixes to run with ruby versions prior to 1.8.6.

  • Bugfix: Replace each_char with each_byte to make that code working on earlier ruby distributions

  • Bugfix: Storage-objects (list-members, list-config, ...) are always saved as hashes, never as ruby-objects.

  • Bugfix: text/plain as default content-type (as suggested by RFC 2045)

  • Bugfix: Quote 8-bit-subject (as suggested by RFC 2047)