# Legend:
# --- = A new release
#   + = Added a feature (in a backwards compatible way)
#   ! = Changed something significant, or removed a feature
#   * = Fixed a bug, or made a minor improvement

--- 3.1.0 (2024-07-07)
  * Clarified the relationship between HELO/Mail From rejection policy
    settings and the No_Mail option in policyd-spf.conf.5
  + Add new configuration setting, Reason_URL, to allow setting of a custom
    URL to accompany a custom Reason_Message (LP: #1896912)
  + Updated milter processing so that with pymilter 1.0.5 and later IDN
    domains in Mail From are supported
  * Fixed HELO_reject is 'Null' processing so it works
  + Update milter processing so that for the milter interface, SPF checks are
    skipped for connections authenticated with SMTP Auth (LP: #1857234)
  * Added logging at debugLevel 2 or higher of internal connection rationale

--- 3.0.4 (2023-04-07)
  * Fix recipient logging to not cause an error for local (not fully
    qualified) email addresses (LP: #2015609)

--- 3.0.3 (2023-02-19)
  * Fix reference to QueueID in policydspfsupp.py (LP: #2007123), thanks to
    Wolfgang Karall-Ahlborn for the bug and the fix

--- 3.0.2 (2022-12-16)
  * Document limits of Hide_Receiver option when using the milter interface
  * Fix parsing of multiple value comma separated datasets
  * Fix InternalHosts configuration file parsing and data type conversions
  * Add documentation of milter only options to policyd-spf.conf (5)

--- 3.0.1 (2022-12-08)
  * Documentation cleanup
  ! Moved data files, removing /local component of paths, since it led to
    inappropriate installation paths with some pip options

--- 3.0.0 (2022-11-30)
  ! Replaced setuptools with flit for building/installing (packagers: this
    require changes)
    + Modern PEP 517/PEP 621 based build interface (requires flit 3.8)
    + Dependencies now specified
    + Distributed as both sdist and wheel
  * Use capitalized qtype for spf.DNSLookup calls (Fixes HELO_Whitelist test
    failues)
  ! Changed recipient tracking to only use recipient host name (per RFC 7208)
    in the policy server if per user processing is not being used and as a
    result, changed Hide_Receiver default to No since it will no longer have
    user specific personal information in most cases (LP: #1822679)
  + Added new option QueueID to include Postfix queue ID for normal policy
    server logging when configured for post-queue operations (LP: #1963816)
  * Fixed type definitions for UMask and IntHosts (LP: #1939598)
  * Fix milter macro types so they can be found (LP: #1986753)
  + Ship default pyspf-milter.conf in tarball
  + Add pyspf.milter.8 man page for milter interface documentation
  * Correct pyspf-milter.conf location in init script
  * Fix failures with non-UTF-8 Mail From addresses in the milter (also
    requires pymilter 1.0.5 or later)

--- 2.9.3 (2022-02-07)
  * Add mention in policyd-spf.conf (5) in the Lookup_Time and Whitelist_
    Lookup_Time entries that errors will occur if the policy server timeout
    limits exceed Postfix's smtpd_policy_service_timeout.  This is only
    relevant to the policy server interface.
  * Add more information about setting policyd-spf_time_limit to 
    policyd-spf.1.  This is only relevant to the policy server interface.
  * Fixup test suite since earthlink.com and some others have SPF records now
    (LP #1930132).
  * Remove stray leftover import of own_socketfile so milter variant will
    start (LP: #1856391), (Debian #1005110).

--- 2.9.2 (2019-11-22)
  * Add mention in policyd-spf.conf (5) in the TestOnly entry that to get both
    TestOnly behavior and no header field appended, Header_Type = None also
    needs to be set (LP: #1849994)
  * Milter: Move drop_privileges before Milter.runmilter and delete
    own_socketfile so that the milter interface runs as the correct user
    without race conditions about changing ownership of the socket file when
    it hasn't been created yet (When the milter is started, it will create the
    socket based on uMask, so we don't need to manually change it)

--- 2.9.1 (2019-10-06)
  * Use /run instead of /var/run
  * Fix-up sysv init so it works
  * Catch pyspf tracebacks so at least we don't die (thanks to Adi Pircalabu
    for both the report and the suggested fix) (LP: #1842005)
  * Correct over-writing of SPF identity by SPF reason for HELO checks and the
    reverse for Mail From (LP: #1822685)

--- 2.9.0 (2019-02-01)
  + Initial alpha release with pyspf-milter added
  * Use HOSTNAME for Authserv_Id lookup function from dkimpy-milter for both
    pyspf-milter and policyd-spf
  * Fixed url in setup to point to the spf-engine project

--- 2.1.0 (2018-06-17)
  ! Rename to SPF_Engine due to plan to add a milter front end in addition to
    current policy service front end
  ! Switched to use of setuptools and entry points (because its the future)
  ! Refactored common policy code into __init__.py

--- 2.0.2 (2017-12-14)
  * Fix treatment of No_Mail configuration parameter so that specifying
    No_Mail = False (the default) does not cause incorrect results (Thanks to
    David Jones on spf-devel for reporting)
  * Conditionally import authres is Header_Type is AR and raise an error if it
    is missing (sorry pep-8) to avoid cases where users change the config
    and suddenly it doesn't work for an example, see:
    https://bugzilla.redhat.com/show_bug.cgi?id=1208876
  * Update and correct Mail_From_pass_restriction description in
    policyd-spf.conf(5 ()
  * Update HELO checking default option in policyd-spf.conf(5) (LP: #1724107)
  * Note that SPF_Not_Pass is not consistent with RFC 7208 in the HELO
    checking section of policyd-spf.conf(5) - already documented for Mail From

--- 2.0.1 (2016-12-08)
  * Man page formatting and spelling corrections
  * Corrected default debug level (LP: #1647089)
  * Amplified loging level '-1' description
  * Forward port version 1.3.2 fixes for detection of missing Authserv_Id that
    were inadvertently not brought back to trunk

--- 2.0.0 (2016-12-02)
  ! No longer python2 compatible, minimum python3 version is 3.3 for ipaddress
  ! Removed support for use of ipaddr
  ! Changed default for HELO checking from SPF_Not_Pass to Fail (same as
    MailFrom) even though I think Not Pass makes more sense in order to
    still the complaints (Fedora, you can drop your sed call in the spec file
    now). (LP: #1571144)
  ! Changed default for Authserv-ID to use local hostname to provide a
    reasonable default Authserv-ID. (LP: #1575608)
  ! Increased minimum pyspf (python-spf) version to 2.0.9 so that Void_Limit
    is always available and used.
  ! Added new Hide_Receiver option to prevent accidental disclosure of BCC
    receivers and enabled it by default to maximize privacy.  (LP: #1394294)
  ! Changed the name of the defaultSeedOnly option to TestOnly.  The previous
    name is still accepted, but an error is logged.  The old name is a legacy
    from the greylising functionaliy in tumgreyspf (from which this was forked
    in 2007).  The new name better reflects what the option does.
  + Added new Reason_Message option to allow for custom reject/defer message
    (LP: #1422324) - Thanks to Bastian Blank for the significant patch
  + Added support for RFC 7372 email authentication specific enhanced status
    codes as well as an option to use standard Postfix codes instead
  + Added new HELO_Whitelist option to allow for whitelisting from SPF checks
    based on specific HELO/EHLO names (LP: #1602761)
  + Added new Whitelist_Lookup_Time to allow for adjustments on the maximum
    time allowed for whitelist related DNS lookups to complete - This should
    also help with LP: #1622137
  + Refactored and extended per user configuration to work for more
    configuration options
  + Added new 'None' option for Header_Type.  When set, no header field of any
    kind is added to the message (LP: #1531724)
  + Added new Mock option for enhanced interoperability with downstream
    milters - See policyd-spf.conf.5 for details
  * Fix additional cases of choking on invalid email addresses (LP: #1342105)
  * Reviewed and refactored logging to provide logging details at various
    detail levels more consistent with the documentation.  Also added a new
    log level, '-1' for completely silent running.
  * Added a new PERFORMANCE CONSIDERATIONS section to policyd-spf.1.
  * Fix python3 incompatibility in cases where HELO name is somehow missing
    (LP: #1184102)
  * Improved per-user settings processing to avoid issues with multiple or
    incorrect header fields being appended to multi-recipient messages
  * Refactored processing for the No_Mail option to use the pyspf cache from
    the previous SPF query rather than a new DNS lookup - should help with
    LP: #1622137
  * Fixed an issue that may have caused issues with multi-recipient use of
    restriction classes
  * Fixed a typo in policyd-spf-peruser.5 that made the example configuration
    file invalid

--- 1.3.2 (2015-08-12)
  * Fix python3 incompatibility in cases where HELO name is somehow missing
    (LP: #1184102)
  * Updated README to mention the minimum ipaddr version, if needed, is 2.1.10
    (LP: #1229862)
  * Fix up header caching (LP: #1422325)
  * Fix and refactor for simplicity detection of Authserv_Id missing from
    configuration (LP: #1484239)
  * Add try/except around SPF record queries of No_Mail option to avoid errors
    on bogus TXT records

--- 1.3.1 (2014-06-14)
  * Fix case where, when run with python3 the policy server would choke on
    email addresses that contained non-ascii characters (LP: #1325579)

--- 1.3 (2014-05-09)
  ! Updates related to the new SPF RFC, RFC 7208
    - Added new config option, Lookup_Time, to adjust SPF record timeout limit
      (default 20 seconds per RFC 7208) Requires at least pyspf 2.0.7
    - Added new config option, Void_Limit, to enable the new void lookup limit
      instroduced in RFC 7208 to be adjusted - Default is 2 as recommended in
      RFC 7208, section 4.6.4.  Has no effect on pyspf before 2.0.9.
    - Updated documentation to refer to RFC 7208 (and RFC 7001 for
      authentication results)
    - Updated descriptions in documentation to describe spec compliance
      relative to RFC 7208 instead of RFC 4408
  * Guard against crashes when forming header field contents if the receiver
    is somehow missing

--- 1.2 (2013-07-25)
  ! Added external dependency on ipaddr module for python versions < 3.3
  * Fix PTR whitelist to work with IPv6 connections (patch from Frank
    Hunszinger) - LP: #1179266
  * Replace custom code with use of ipaddr/ipaddress to perform CIDR matching
  ! CIDR network definitions are now more limited to correct networks
    - Double slashes are no longer allowed
    - Updated defaults and documentation for skip_addresses to match

--- 1.1.2 (2013-05-10 13:13 -0400)
    Brown paper bag release
  * Add MANIFEST.in and rename in setup.py to make package compatible with
    using sdist (fixes missing files in 1.1.1)

--- 1.1.1 (2013-05-10 12:23 -0400)
  * Fixed documentation to be more compatible with running with Python3.

--- 1.1 (2012-07-21 21:30 -0400)
  + Ported to Python 3. Tested on python3.2, python2.7, and python2.6.
    Versions previous to python2.6 will not work. 

--- 1.0 (2012-03-17 23:34 -0400)
  * Fixed missing authentication results headers for no authentication
    performed cases (when authres is enabled)
  * Fixed ambiguous config file warning in per user processing
  * Make functions private (leading underscore)
  * Fixed erroneous use of syslog.LOG_ERR in per user processing

--- 0.9 (2012-01-10 22:35 -0500)
  + Add support for optionally generating RFC 5451 authentication results
    headers
  + Add new Header_Type configuration option to support generating RFC 4408
    Received-SPF and/or RFC 5451 Authentication-Results headers (default is
    Received-SPF)
  ! Changed license from GPL version 2 to Apache 2.0 with agreement from all
    copyright holders
  * Log message to the error facility for all OSErrors
  * Instead of crashing if per user configuration is missing, continue with
    global configuration
  * Use openspf.net instead of openspf.org for Why text in reject/defer
    messages due to extended openspf.org downtime
  * Fix install location of standard config file when installed with distutils
  * Fix example syntax in policyd-spf.peruser.5
  * Update and clarify inconsistencies in policyd-spf.conf.5

--- 0.8.1 (2010-11-27 22:41 -0500)
  * Prepend headers even when defaultSeedOnly = 0 (now does what's documented)
  * Fix typos in policyd-spf.conf(5)

--- 0.8 (2010-02-17 01:38 -0500)
  + Add Domain_Whitelist_PTR to allow whitelisting from SPF tests based on
    rDNS PTR match (patch from Colin Stewart <colin@owlfish.com>)
  * Only check Domain_Whitelist if it actually exists in the configuration
  + Add No_Mail option to allow for only rejecting from hosts/domains that
    send no mail ("v=spf1 -all")
  + Add ability to provide per user (per recipient) settings
  * Fixed a bug so that skipping SPF checks due to localhost or any whitelist
    settings does not prepend multiple headers per message for multi recipient
    messages
  * Fixed a bug so that non-reject HELO results are correctly used when Mail
    From checks are disabled (No_Check)
  * Clean up unused code in policydspfsupp.py

--- 0.7.3 (2010-01-07 01:00 -0500)
  * No longer require Python 2.5 (Thanks to Matthew Munsey
    <openspf@msm.unending.org>)
  * Update copyright for new year
  * Update for new project location
  * Clean up imports (PEP-8 style, remove redundancy, removed unused)
  * Remove deprecated licence distribution option from setup.py

--- 0.7.2 (2009-10-22 02:54 -0400)
  ! Require at least Python 2.5
  * Fix to not crash on invalid senders that lack a domain part
  * Remove unused imports of deprecated popen2 module

--- 0.7.1 (2008-07-25 23:54 -0400)
  * Fix default log level in policyd-spf.conf.commented to match default
  * Update configuration recommendations in policyd-spf.1

--- 0.7 (2008-06-22 13:45 -0400)
  + Reject option for Mail From not pass or none (parallel HELO option)
  + Reject on Softfail for HELO and Mail From
  + Add receiver policy options per sender domain to reject non-SPF Pass mail
    for specific domains
  + Update policyd-spf(5) for new options
  ! Refactor result processing for better scalability and easier testing
  ! Move commented config file to a new file and use/install an uncommented
    minimal config file to reduce future churn in the operational config file
  * Fix prepend only (no action) options to work
  * Clarify in policyd-spf(5) that permerror and temperror setting affect
    both HELO and Mail From checks when those checks are enabled

--- 0.6.1 (2008-04-05 01:23 -0400)
  * Pre-initialize helo_result to None to avoid crash if HELO checking is
    disabled

--- 0.6 (2008-02-20 16:35 -0500)
  ! Logging redesign:
    - Change default loglevel to 1 and readjust loglevel 1 and 2 to 2 and 3
    - Loglevel 0 changed to no logging
    - Move all non-error config file related logging to level 5
    - Don't log SPF result comments
    - Updated policyd-spf(5) debugLevel description
    - Don't log errors for known config options
  * Added exit log message promised in policyd-spf(5)
  * Removed adding policyd-spf to %PYTHONPATH
  + Added prospective SPF checks to see if mail sent from current IP would Fail
    SPF after being sent. Don't add SPF Received headers for these.
  * Fixed IP whitelisting to work with multiple IP ranges (patch from Nicolas
    Litchinko)
  * Fixed 'seed only' option to work (patch from Nicolas Litchinko)
  * Fixed domain whitelist to work
  * Fixed domain whitelist to work with multiple domains (patch from Nicolas
    Litchinko)
  * Correctly detect IPv6 addresses in skip and white lists and use correct
    implicit CIDR for IPv6
  * Correct examples and policyd-spf(5) to not have spaces in IP and domain
    lists
  + Log error if IP whitelist or skip list have non-IP address items in the
    lists and then don't crash
  ! Install man pages and config files in FHS compliant locations.
  ! Removed spec files since I'm not qualified to maintain them

--- 0.5.2 (2007-10-26 15:30 -0400)
  * Corrected regression so appending a header on Permerror works (introduced 
    in 0.4) - Thanks to "John A. Martin" <jam@jamux.com> for the bug report.
  * Log and prepend Mail From result instead of HELO result if both are None.
  * Provide default explanation for None results (so header and log fields are
    not left empty
  * Use correct RFC 4408 identity names (mailfrom/helo) in headers, logging,
    and SMTP replies
  * Use package installed config file if none is specified and related
    documentation updates
  * Fix default installation location for man pages and config file
  * Revised README.per_user_whitelisting

--- 0.5.1 (2007-10-17 14:47 -0400)
  * Corrected regression so reject on Permerror works (introduced in 0.4)
    Thanks to "John A. Martin" <jam@jamux.com> for the bug report.
  * Fixed Restriction Class option to be useful.
  + Made restriction class names configurable
  + Added per user whitelisting README to explain how it's useful
    Thanks to "John A. Martin" <jam@jamux.com> for the contribution.
  * Corrected SPF-Recieved header to us <> for null sender
  * Corrected Postfix integration section of policyd-spf(1) to reflect correct
    policy service time limit name.
  * Corrected installed config file locations in both man pages.
  * Header and logging cleanup (removed trailing ';' and adjusted whitespace).

--- 0.5 (2007-10-03 13:39 -0400)
  + Added man page for configuration file formatting (man 5 policyd-spf.conf) 
  * Moved explicit logging of the result headers for HELO and Mail From from
    debug level 1 to debug level 2 (SPF results are already logged at debug
    level 1)
  * Moved config file item logging to a new debug level 5.  This should only be
    needed for development and not for operational use.
  ! Shifted list of local addresses to skip SPF from hard coded to a config
    option.
  * Changed default (no config file) TempError defer to False to match docs and
    default in config file.
  ! Refactored Whitelisting/SPF skipping code for reduced size and better
    extensibility and maintainability.
  + Added Forwarder Domain SPF Whitelist
  + Added Restriction Class mode to return only SPF result to Postfix
  + Return link to SPF "Why" page for reject/defer actions.

--- 0.4.1 (2007-08-13 11:00 -0400)
  * Correct multi-recipient caching to work for multi-recipient rejections

--- 0.4 (2007-07-09 17:24)
  + Process HELO first and reject if allowed before looking up Mail From
  + Log failure to find SPF library
  ! Rationalize text of logging and comments back to Postfix - any script that
    parses logs from this program automatically will need to be updated.
  * Remove obsolete code for using non-Python SPF libraries
  + Activate support for config files (refactored legacy code)
  ! Change PermError default from Reject to Prepend
    - Reject on PermError was inconsistent with traditional SPF usage.
  ! Remove obsolete undistributed files from SVN trunk
  ! Remove INSTALL file (redundant to man 1 policyd-spf)
  * Adjust master.cf recommendations in INSTALL for new recommendations from
    Weitse Venema (postfix-users mailing list).
  * Change indentation from tabs to spaces in legacy code
  + Support case insensitive SPF results as required by RFC 4408.
  + SPF results reported with initial capitalization.
  + Add SPF whitelist facility in config file

--- 0.3 (2007-02-23 11:54)
  * Refactored and simplified SPF results reporting/logging
  * Changed logging to match RFC 4408 SPF-Received: terminology
  * Fixed processing to skip SPF for localhost connections to work for IPv6
  + Implemented prepending of SPF-Received: header.
  + Added man page (man 1 policyd-spf)

--- 0.2 (2007-02-07 16:50)
  * Changed skip local connections to use CIDR match rather than string.
  * Log non-fail/error results to syslog

--- 0.1 (2007-01-17 18:00)

  ! Initial release
  ! Removed greylisting
  ! Stubbed out config files until they can be updated and integrated
  + Defer on temperror
  + Reject on permerror
  + Check HELO for null Sender (Mail From)


--- 0.0 Source from Tumgreyspf (2007-01-11 00:00)

  ! Source Tumgreyspf Version 1.24