The attempt list can be view with sbbscon->'a' command or sbbsctrl->view->Login
Attempt List...
Delay/throttle/hacklog/and auto-filter values/thresholds are now configurable
in sbbs.ini.

recent), and automatically filter IPs of obvious hackers
(100 consecutive unique failed login attempts).

from the same host (but not necessarily the same connection).
No login retry is allowed for suspected hackers (one authentication attempt per
connection).
New-connections from suspected hack hosts are now delayed increasingly with
the number of failed login attempts.

especially through SMTP (where these values are exposed via the Originator-info
header field): SENDERUSERID, SENDERSERVER, and SERVERTIME.

Added the "Originator-info" header field for transmitted messages which will
help track the original submission, especially when submitted via protocols
other than SMTP.
The RECIPIENT/To header field for SMTP-submitted msgs now contains the
parsed "To:" name, if possible (instead of the address).
Added security delay to failed SMTP AUTH-MD5 logins.

- added 5 second delay before responding to POP or SMTP
  client regarding invalid username or password attempt (limit number of
  effective brute force hack attempts per minute).
-  increment the user email sent statistics for authenticated SMTP msg recvs
- check the configured max emails per day value (for the user's security level)
  and reject any messages that would exceed this value (exept for 'M'-exempt
  users) - this has been on the todo list for a long time.

the RCPT TO user), before checking for the "sub:code" recipient. This allows
SMTP posts (e.g. using the "sub:code" syntax in the ctrl/alias.cfg file) to be
processed by external mail processors before being posted (e.g. to strip HTML).

subjects shorter than 10 chars were not supposed to be hashed (for SPAM
detection), but the SPAM source is a bit position, not an ordinal, so the wrong
SPAM sources (body and msg-id) were removed from the hashing souce list rather
than the subject (which was still hashed).

commonly modified by multiple threads, potentially simultaneously, resulting in
bad values (e.g. active_clients = -1).
Updated copyright date to 2011.
Fixed Win32 compile bug in main.cpp introduced in last commit.
Eliminated some unused variables and updated some times (e.g. ulong in place
fo uint32_t).

acknowledgement ("250 OK") can be sent. In this case, the sender is either a
spammer or it is a legitimate delivery attempt that has been aborted for some
reason (e.g. timeout due to throttling).

Updated copyright dates.

make system.matchuserdata return an array of all matches if match_all==true, starting at usernumber if specified. (userdatdupe now takes an additional paremeter)

heap corruption in mailserver.

(potentially) non-blank for external JS modules configured in SCFG->External
Programs, as well as those executed from jsexec. If the startup_dir is
specified in SCFG and no path is given for the .js file, it will look in the
startup_dir first. js.startup_dir will be an empty string for all other cases
(currently).

SMTP clients whose IP address or hostname matches a line in this file will not
be blocked (if also matching a listing in spamblock.cfg) and will not be added
to the spamblock.cfg if attempting to send to a spambait e-mail address.

header field into separate name and address fields. On the name portion is used
for the recipient of posts.
When posting to a sub via authenticated SMTP, the sender/extension fields are
set appropriately and the sender net type is set to none (i.e. locally posted).
More debug log-level output for SPAM hash creation/checking.
Bug-fix: attempting to use uninitialized 2nd MX address when relaying to local
SMTP server address.

if/when the SPAM database open fails.

warning log level.
Added more debug log output.

error counting/logging/messages to be handled by front-end (e.g. control panel)
regardless of log_level setting.
Mail server now filters blocked-subjects before applying DNSBL tag.
Received message header TO and FROM fields are no longer checked against the
email.can file for SMTP-authenticated clients.
SMTP MAIL FROM and RCTP TO addresses are no longer checked against the
email.can file for SMTP-authenticated clients.
Statistics are displayed in a more legible manner when the mail server is
terminated.
The msgs_received stats counter now includes blocked and ignored messages too.

system (in a multi-computer BBS) the error occurred.
For the mail server:
- keep track of the number of times each mailproc handled a message
- display counters when blocking/filtering messages in log output
- advertise 8BITMIME in the ESMTP EHLO response
- do not route mail to mailproc when the execution requirements are not met
  (e.g. ARS, DNSBL, SPAM, etc.)

Increase some log entry levels from LOG_ERR to LOG_CRIT.
Changed spam.log entry for spam-bait messages from "REFUSED" to "IGNORED".
Added several statistics counters for connections/messages refused, ignored,
etc. and display the values when the mail server is terminated.
Handle lines of exactly MAX_LINE_LEN chars better in sockmimetext() - don't
add an extra blank line between lines.

  SPAM-bait takers by using the mailproc.ini keys ProcessDNSBL and ProcessSPAM
  (default: True) respectively.
* sockmimetext() (used for sending message text over SMTP and POP3) now handles
  lines longer than 998 characters correctly (doesn't drop any characters).
  We may need to change this function to split at 510 chars for POP3 and/or use
  quoted-printable content-transfer-encoding for messages with long lines.
* "!SMTP ..." log lines changed to "SMTP ..." for non-terminal SPAM-related log
  entries.
* Handle header "field : value" syntax for subject, from, and to field parsing
   for early filtering.
* Don't tag message (subject and/or header) from DNSBL-listed servers when
   DNSBL_IGNORE option is set.
* Don't hash message subjects < 10 chars in length (too short for SPAM
  detection).
* Support Base64 and Quoted-Printable Content-Transfer-Encodings in SMTP
   message headers (decode and store message body accordingly).
* Clear mailproc 'to' match results when receiving SMTP MAIL FROM command.
* Allow SMTP authenticated clients to feed the SPAM database by sending mail
  to one of the spam-bait addresses (the sender won't be added to
  spamblock.cfg).

"Normally, this response will be a multiline reply. Each line of the
response contains a keyword and, optionally, one or more parameters."
Added RFC1870 Message Size Declaration support to EHLO response.
Strip optional parameters from MAIL FROM command (per RFC1869).

be replied to (e.g. with a bounce message) - used by the list server.

* double spam.log entry ("TAGGED" and "IGNORED") for the same message
* DNSBL_IGNORE option did not work unless the DNSBL_SPAMHASH was enabled

created:
js.exec_path - full path and filename of file executed
js.exec_dir - directory of executed file
js.exec_file - filename executed (with no path)