Log message:
Update to 4.3.0. From the changelog:

This version adds the ability to filter messages based on the content
of their headers. Please note that enabling this feature should
be accompanied by disabling the use of the "softlimit" program. In
addition to fixing some small bugs and a compiling error on Debian
7, it also fixes a series of major bugs that could lead to buffer
overflows. Depending on spamdyke's configuration, these could cause
remotely exploitable security holes. Please upgrade immediately!

Looks like there's a bug in the header blacklist filter. Don't
enable that filter yet.

  Fixed config-test message for a graylist domain folder when the domain is not
    in the list of local domains from ERROR to INFO. Thanks to Eric Shubert
    for reporting this one.
  Fixed a bunch of copy-and-paste errors in the option_list array in
    prepare_settings() where options were designated
    CONFIG_TYPE_STRING_SINGLETON instead of CONFIG_TYPE_OPTION_SINGLETON or
    CONFIG_TYPE_STRING_ARRAY instead of CONFIG_TYPE_OPTION_ARRAY.
  Fixed configure script errors and compilation warnings on Debian 7, which
    enables the new GCC flags -Waddress and -Wunused-but-set-variable by
    default.  Thanks to Steve Cole for reporting this one.
  Added some explanitory comments to spamdyke.h and spamdyke.c.
  Added FILTER_FLAG_RETAIN and modified middleman() to buffer any data as long
    as it is given.
  Added FILTER_FLAG_CHILD_RESPONSE_INTERCEPT and modified middleman() to discard
    any input from qmail when it is given.
  Added FILTER_FLAG_DATA_CAPTURE and modified middleman() to capture qmail's
    response to the end of the message data when it is given.
  Fixed output_writeln() to send the data in bursts if more than one line is
    given and no CRs need to be inserted.  Previously, all data was sent
    line-by-line, even though middleman() was trying to send bursts of data when
    possible.
  Changed middleman() to buffer the names of the accepted recipients until after
    the message data is sent, then check qmail's response to the message body
    and print ALLOWED/DENIED for each recipient accordingly, along with the text
    of qmail's response.
  Added the options header-blacklist-entry and header-blacklist-file to block
    messages based on the contents of their headers.
  Added the option rejection-text-header-blacklist to control the message from
    the header blacklist filter.
  Added a flag to smtpdummy to force it to reject all message content with an
    error.
  Added a more complete usage message to smtpdummy.
  Fixed a number of very serious errors in the usage of snprintf()/vsnprintf().
    The return value was being used as the length of the string printed into
    the buffer, but the return value really indicates the length of the string
    that *could* be printed if the buffer were of infinite size. Because the
    returned value could be larger than the buffer's size, this meant remotely
    exploitable buffer overflows were possible, depending on spamdyke's
    configuration.
  Added options to smtpdummy to make it appear to process authentication (and
    unconditionally succeed or fail).
  Changed the ALLOWED log message to show the text given by qmail when the
    message is accepted.

Log message:
Indent.

Log message:
Update to 4.2.1. From the changelog:

This version extends the log messages to show why a blacklist is
matched. It also fixes a few minor bugs.

  Added a filter to sendrecv so input containing "\r\n" will be
    translated into CRLF without being interpreted as a line
    terminator (so multiple commands can be sent in a single "packet")
    and input containing "\0" will be translated into NULL bytes
    so NULL characters don't have to be embedded in the test scripts.
  Added support for the RSET command to smtpdummy.
  Added a "priority" field to the input file for dnsdummy to force
    some responses to be sent after others, no matter what order
    they were received.
  Fixed nihdns_mx() to query names for A records using the query
    types configured for MX queries, not A queries. Thanks to Eric
    Shubert for reporting this one.
  Changed smtp_filter() and middleman() to discard any buffered
    input after TLS is started. This prevents the injection of
    commands into a secure session by sending extra input in the
    same packet as the "STARTTLS" command. Not really a security
    problem but good practice anyway. Thanks to Eric Shubert for
    reporting this one.
  Fixed a bug in examine_entry() that was cutting off 1-3 characters
    from the end of target_entry every time it was called.
  Changed check_ip_in_rdns_keyword() to return the line number of
    the matching file as its return value and the name of the
    matchine file in a reference variable.
  Added reject_reason and strlen_reject_reason to struct rejection_data
    to allow the triggered filter to return some text to indicate
    why it triggered.
  Changed set_rejection() to accept new parameters to set reason
    text within the rejection structure if available.
  Changed set_rejection() to accept a new parameter to append to
    the rejection text if available.
  Added reset_rejection() to change either the rejection text or
    the reason text within an existing rejection_data structure
    without erasing previously-set values.
  Changed nihdns_rbl(), check_dnsrbl() and check_rhsbl() not to
    accept a format string or build part of the rejection message.
    That job belongs to the caller(s).
  Changed filter_rdns_blacklist(), filter_rdns_blacklist_file(),
    filter_rdns_blacklist_dir(), filter_ip_blacklist(),
    filter_ip_in_rdns_blacklist(), filter_dns_rbl(), filter_dns_rhsbl(),
    filter_sender_blacklist(), filter_sender_rhsbl() and
    filter_recipient_blacklist() to save the reason for their
    rejection in the reject_reason variable in rejection_data.
  Changed the log messages showing ALLOWED/DENIED to always output
    the "reason:" field and fill it with the text returned by the
    triggered filter so the sysadmin can figure out what happened
    or "(empty)" if no text was saved. Thanks to Eric Shubert for
    suggesting this one.
  Changed the way DNS timeout values are read from the configuration
    file, the command line, /etc/resolv.conf and the environment
    so that values given in the config file or on the command line
    are not overridden by values in /etc/resolv.conf or the
    environment. Thanks to Teodor Milkov for reporting this one.
  Changed the reject-empty-rdns filter, the IP-related black/whitelist
    filters and the IP-related RBL filters to skip their tests if
    the incoming IP address is 0.0.0.0. This is for connections
    from IPv6 hosts -- those filters can be skipped until full IPv6
    support can be added. Thanks to Daniel Anliker for suggesting
    this.
  Changed the way the flag FILTER_DECISION_TRANSIENT_DO_NOT_FILTER
    is handled by smtp_filter() and middleman() so a transient
    non-rejection (e.g a recipient whitelist) isn't held over to
    later recipients. The interaction between the recipient whitelist
    and the graylist filter was fixed in version 4.0.0 but an issue
    still remained between recipient whitelists and other non-transient
    rejections like the missing rDNS filter. Thanks to bischowski
    for reporting this one.
  Changed smtpdummy to use memchr() instead of strchr() so testing
    input with NULL bytes will work correctly.

Log message:
Update to 4.2.0. From the changelog:

  Changed read_file() to return the number of usable lines read, instead of the
    total number of lines (including comments and whitespace).
  Fixed a huge thinko in many calls to read_file() -- when the function returns
    0, the returned value is NULL.  This was causing spamdyke to crash when no
    content was read from files by "dns-blacklist-file", \ 
"dns-whitelist-file",
    "rhs-blacklist-file", "rhs-whitelist-file" and \ 
"hostname-file".  Thanks
    to David Stiller for reporting this one and providing a lot of help in
    tracking it down.
  Added the option "tls-cipher-list" for specifying the list of \ 
ciphers to use
    in SSL/TLS connections.  This won't be an option many people will ever use,
    but in specific setups it is required.  Thanks to Chris Boulton for
    suggesting this one and producing a patch to implement it.
  Added a new value to "tls-level": "smtp-no-passthrough" to \ 
allow spamdyke to
    offer TLS but prevent it from passing TLS through to qmail if the SSL
    library cannot be initialized for some reason.
  Fixed a bug in smtp_filter that allowed open relaying when spamdyke was
    configured with "local-domains-entry" instead of \ 
"local-domains-file".
  Moved code from do_spamdyke() that set stdin and stdout sockets to
    non-blocking into tls_read() and tls_write() instead.  Setting the sockets
    to non-blocking through the entire run was causing some strange behavior
    where logging would stop after a series of large inputs.
  Refactored the address parser (yet again) to fix a bug that wasn't handling
    routing addresses properly.  Thanks to Chris Boulton for reporting this one.
  Fixed process_config_file() to not reset a "multiple" value to \ 
default if it
    was deliberately cleared during configuration.
  Fixed prepare_settings() to initialize all default values before processing
    the command line or configuration files so a "multiple" value can \ 
be cleared
    during configuration.
  Fixed configure.ac to use a gcc #pragma command to treat format warnings as
    errors instead of relying on AC_LANG_WERROR (which doesn't always work).
  Added the options "dns-query-type-a", "dns-query-type-mx",
    "dns-query-type-ptr" and "dns-query-type-rbl" to limit \ 
the types of DNS
    queries that can be sent for different purposes.  Thanks to Teodor Milkov
    for suggesting this one.
  Fixed a bug that caused a timeout whenever a post-RCPT filter is triggered
    on a non-local address.  spamdyke is supposed to close the connection to
    qmail and wait for its exit, but instead was just waiting for its exit,
    leading to unnecessary timeouts.  Thanks to Ulrich C. Manns for reporting
    this one.
  Fixed a typo in policy.php.example.  Thanks to Richard Lamse for reporting
    this one.
  Fixed compiler warnings on Fedora 11.  Thanks to Ertan Orhan for reporting
    this one.
  Fixed a bug in sendrecv where an uninitialized variable was causing erroneous
    stalls and timeouts in CentOS 5.5.

Log message:
Update to 4.1.0. From the changelog:

Changed the option "hostname-file" to read /var/qmail/control/me by \ 
default.
Added the option "dns-resolv-conf" to read the nameserver from a file other
  than /etc/resolv.conf if necessary.  Multiple files can be read, if needed.
Changed all uses of strncpy() to memcpy() because strncpy() will fill the
  remainder of the destination buffer with zeroes if the source string is
  too short.  This is not needed because all strings are being explicitly
  terminated after copies anyway.
Added two new parameters to search_file() to allow the matching line data to
  be returned to the caller.
Changed process_access() to save the contents of the RELAYCLIENT environment
  variable, if set.
Added the timefilter program to the utils folder.
Reversed a small change to spamdyke_log() made 4.0.8 that will prevent buffer
  overflows in obscure situations.
Changed is_ip_in_name() to look for more patterns of IP addresses in rDNS
  names: 044.033.022.011, 44.033.022.011, 44.33.022.011 and 44.33.22.011.
  Thanks to Eduard Svarc for suggesting this one.
Changed the syslog output to include an "encryption:" tag at the end that
  shows the current status of TLS/SSL encryption.  Thanks to Eric Shubert for
  suggesting this one.
Added a "-R" option to smtpdummy so it will reject all recipients.
Completely rewrote find_address() to completely conform to RFC 2822 when
  parsing addresses, including quoting, comments, folded whitespace and
  all the rest.
Added the option "reject-identical-sender-recipient" to block any messages
  where the sender and recipient are the same.  Thanks to almost everyone
  on the mailing list for suggesting this one.
Changed nihdns_mx() to tolerate MX records that contain IP addresses (illegal)
  instead of names.
Fixed Makefile.in to use the CPPFLAGS variable from the "configure" \ 
script, if
  the user provided it in an environment variable.  Thanks to Iavor Stoev for
  reporting this one.
Fixed the "configure" script to correctly include header files on \ 
FreeBSD 7.0.
  Thanks to Andrew Khon for reporting this one.
Added a "-S" flag to sendrecv to prevent it from starting a TLS \ 
session when
  it sees "STARTTLS".
Improved sendrecv's usage display to document what each option does.
Changed do_spamdyke() to set the stdin and stdout file descriptors to
  nonblocking before calling middleman().  This works around a bug in the SSL
  library that will block forever waiting for input, even after SSL_pending()
  and/or select() has already indicated the socket is ready.  Thanks to
  Teodor Milkov for identifying this problem more than a year ago and trog for
  producing a patch to fix it!
Fixed process_config_file() to reject configuration file lines with
  bad/missing characters.
Fixed process_config_file() to print an "unknown option" error message \ 
instead
  of an "illegal option" message when an unknown option is found in a
  configuration file.
Added option "rejection-text-identical-sender-recipient" to set the \ 
rejection
  message for the identical sender/recipient filter.
Created dnsdummy to simulate a nameserver but exit after a short while for
  testing spamdyke's DNS routines.
Converted all DNS-related tests to use dnsdummy and removed all references to
  spamdyke.org and silence.org.  This will also allow the removal of the
  (hundreds of) bogus entries from the spamdyke.org zone file.
Removed the use of getprotobyname() from dns.c and used the defined protocol
  values in netinet/in.h.
Changed nihdns_query() to retry DNS queries via TCP if the response received
  via UDP has the "truncation" flag set (indicating the answers are \ 
too large
  for a UDP packet).  Thanks to Roland Moelle for suggesting this one.
Added option "dns-tcp" to control if spamdyke will retry DNS queries \ 
via TCP.
Added option "dns-spoof" to control if spamdyke will attempt to detect DNS
  spoofing and, if so, what it should do about it.
Fixed smtp_filter() to offer and accept SMTP AUTH (when appropriate) even if
  the connection is already whitelisted.  Thanks to Ratko Rudic for
  reporting this one.

Log message:
Remove @dirrm entries from PLISTs

Log message:
Update to 4.0.10. From the changelog:

This version adds a workaround for a bug in Plesk 9 that provides
the text "localhost" instead of the IP address for some connections.
Thanks to Medovarszky Zoltan and Christian Aust for reporting this
one.

Log message:
Update to 4.0.9. From the changelog:

This version fixes a bug in the address parser that was preventing
some sender/recipient whitelist/blacklist entries from matching.
Thanks to John Devenport for reporting this one. This version also
fixes a bug in the "config-test" feature that prevented spamdyke
from finding its own binary when the file is not in the current
directory. Thanks to John Hallam for reporting this one.

Log message:
Update to 4.0.8. From the changelog:

Changed spamdyke_log() to send all messages to stderr (when appropriate) using
  a single call to vfprintf() by adding newline characters and PID prefixes to
  the format before outputting anything.  This is necessary to work around a
  problem with the design of DJB's multilog program, which uses a single pipe
  to accept input from all processes and thus cannot keep log messages
  separate.  This means partial output from some spamdyke processes could
  overlap output from other spamdyke processes when the load rises (a race
  condition).  Thanks to Philip Nix Guru for reporting this one.

Log message:
Update to 4.0.7. From the changelog:

VERSION 4.0.7: 10/17/2008
  Changed Makefile.in to compile configuration.c in two steps: first use gcc
    to produce the preprocessed source, then use gcc to compile it.  For some
    reason, gcc crashes on FreeBSD 6.0 when the file is compiled in one step.
    Thanks to K. Shantanu for reporting this one and Felix Buenemann for
    suggesting the fix.

VERSION 4.0.6: 10/16/2008
  Fixed a problem in examine_ip_in_rdns_keyword_entry() that was not correctly
    terminating the end of the keyword buffer, causing strstr() to search too
    far, leading to false negatives (and potentially segmentation faults).
    Thanks to Erald Troja for reporting this one.
  Fixed another problem in middleman() that was not correctly replacing _all_
    of qmail's AUTH advertisements when the "smtp-auth-level" option is
    "always" or "always-encrypted".  Thanks to Youri \ 
Kravatsky for reporting
    this one (again).
  Fixed the fix to a bug in nihdns_query() that was setting
    return_target_name_index to 0 in all cases.  This was causing log messages
    to print the first RBL/RHSBL name instead of the one that actually matched.
    Thanks to Arthur Girardi for reporting this one (again).
  Reverted a change from 4.0.5 -- removing the usable_buf_input flag from
    middleman() meant could only tell if there was input in the buffer, not if
    any of it was actually usable.  If the remote server delays sending its
    data for any reason, middleman() will loop rapidly to continually check if
    its buffered data can be sent to qmail.  Removing the flag meant spamdyke
    was consuming 100% CPU while receiving messages with large attachments.
    Thanks to Paulo Henrique Fonseca for reporting this one.
  Added the "cputime" program to the "tests" folder to \ 
measure the CPU time
    used by a process.  Neither the shell "time" command nor the POSIX \ 
"time"
    command seem to do that.
  Changed sendrecv to always wait() for its child processes so CPU accounting
    will be performed correctly.
  Fixed check_rhsbl() to correctly return the name of the matching RHSBL instead
    of an index that could be beyond the end of the array.
  Changed the values of LOG_USE_CONFIG_TEST, LOG_USE_STDERR and LOG_USE_SYSLOG
    to make none of them equal to 0.  Because the "log-target" option is a
    CONFIG_TYPE_NAME_MULTIPLE option, it is set to 0 until the command line and
    all configuration files are parsed.  When LOG_USE_CONFIG_TEST is 0, the
    progress messages from process_config_file() are sent to stderr until the
    configuration file is completely loaded.  For Plesk users, xinetd sends
    stderr to the network connection, so the remote server gets the output.
    Thanks to Arthur Girdari for reporting this one and helping track it down.