HISTORY

	Feature: postmulti mult-instance manager command, very
	lightly tested. The MULTI_INSTANCE_README still needs to
	be proofread.  Originally by Victor Duchovni.  Files:
	src/postmulti/*, proto/MULTI_INSTANCE_README.html,
	conf/postmulti-script.

20090216-24

	Cleanup: assorted code cleanups in postmulti.  File:
	src/postmulti/postmulti.c.

20090223

	Cleanup: multiple instances of the same global.  Files:
	util/inet_windowsize.c, util/inet_listen.c.

20090228

	Cleanup: the Postfix SMTP server now maintains a per-session
	"improper command pipelining detected" flag. This flag can
	be tested at any time with reject_unauth_pipelining, and
	is raised whenever a client command is followed by unexpected
	commands or message content.  Files: smtpd/smtpd.c,
	smtpd/smtpd_check.c.

	Logging: the Postfix SMTP server now logs the first command
	pipelining transgression as "improper command pipelining
	after <command> from <hostname>[<hostaddress>]".

	Cleanup: after DATA command failure, log "(approximately
	XX bytes)" only if Postfix actually accepted the DATA
	command.  File: smtpd/smtpd.c.

20090303

	Cleanup: word smithing of "sendmail -bv" probe message.
	File: sendmail/sendmail.c.

	Cleanup: OpenLDAP now provides a sane solution for conflicts
	with PAM ldap-over-tls. Victor Duchovni.  File: global/dict_ldap.c.

20090304

	Cleanup: skip over suspended or throttled queues while
	looking for delivery requests. File: *qmgr/qmgr_transport.c.

20090305

	Bugfix: in the "new queue manager", the _destination_rate_delay
	code needed to postpone the job scheduler updates after
	delivery completion, otherwise the scheduler could loop on
	blocked jobs.  Victor & Wietse.  File: qmgr/qmgr_entry.c,
	qmgr/qmgr_queue.c, qmgr/qmgr_job.c.

	Cleanup: report a "queue file write error", instead of
	passing though bogus 2xx replies from proxy filters to SMTP
	clients.  File: smtpd/smtpd_proxy.c.

20090307

	Cleanup: with "lmtp_assume_final = yes", the Postfix LMTP
	delivery agent assumes that delivery is final when talking
	to an LMTP server that announces no DSN support.  Otherwise,
	the Postfix LMTP delivery agent assumes that delivery is
	"relayed", to maintain compatibility with simple LMTP-based
	content filters.  Based on code by Michel Sebastien, ATOS
	Origin.  File: smtp/smtp_rcpt.c.

20090310

	Bugfix: Postfix used mumble_concurrency_failed_cohort_limit
	instead of mumble_destination_concurrency_failed_cohort_limit
	as documented. File: global/mail_params.h.

20090330

	Cleanup: add (Resent-) From:, Date:, Message-ID: or To:
	headers only when clients match $local_header_rewrite_clients.
	Specify "always_add_missing_headers = yes" for backwards
	compatibility.  Adding such headers to remote mail can break
	DKIM signatures that cover headers that are not present.
	File: cleanup/cleanup_message.c.

20090415

	Workaround: to avoid unnecessary "fatal" delivery agent
	exits, delivery agents retry getting a shared lock on a
	queue file.  This is necessary since the queue manager's
	behavior was changed years ago to refill the in-memory
	recipient list before it was completely empty.  File:
	global/deliver_request.c.

	Documentation: updated STRESS_README.

20090416

	Workaround: some AWK implementations have a limit of 10
	output files and lack a working close() function. It is too
	much trouble to find out what systems have this limitation,
	and where, if any, such systems store their XPG4-compatible
	AWK program.  So instead we generate a stream of here
	documents and let the shell split the stream into files.
	File: postconf/extract.awk.

	Documentation: clarification of certificate file usage.
	Victor Duchovni.  Files: proto/postconf.proto,
	proto/TLS_README.html.

	Feature: pass a "TLS is active" flag to the server-side
	SASL support.  Based on code by Timo Sirainen, except that
	the implementation uses an extensible API so that it will
	be less painful to add more attributes in future Postfix
	versions.  Files: xsasl/xsasl.h, xsasl/xsasl_*server.c,
	smtpd/smtpd_sasl_glue.c.

20090417

	Documentation: re-generate READMEs and manpages for updated
	hyperlinks.

	Documentation: missing hyperlinks and missing parameters
	in manpages. File: mantools/postlink, mantools/check-postlink.

20090418

	Cleanup: use the extensible API to pass SMTP client address
	information to the dovecot SASL plugin, and prepare for
	passing server address information. Files: xsasl/xsasl.h,
	xsasl/xsasl_dovecot_server.c, smtpd/smtpd_sasl_glue.c.

	Same extensible API transformation for the SASL client-side
	code to make future extensions less painful. Files:
	xsasl/xsasl.h, xsasl/xsasl*client.c, smtp/smtp_sasl_glue.c.

	More postlink fixes. File: mantools/postlink.

20090419

	Bugfix: don't re-enable SIGHUP if it is ignored in the
	parent. This may cause random "Postfix integrity check
	failed" errors at boot time (POSIX SIGHUP death), causing
	Postfix not to start. We duplicate code from postdrop and
	thus avoid past mistakes.  File: postsuper/postsuper.c.

	Robustness: don't re-enable SIGTERM if it is ignored in the
	parent. Files: postsuper/postsuper.c, postdrop/postdrop.c.

20090422

	Undo delivery agent change 20090415. The queue manager never
	locks a queue file to read additional recipients into memory,
	so if a delivery agent runs into a locked file, then something
	is seriously wrong. File: global/deliver_request.c.

20090424

	Compatibility: the Postfix SMTP client no longer uses the
	obsolete SSLv2 by default for opportunistic encryption.
	This has nothing to do with security (we're willing to send
	plaintext over an unauthenticated connection) but with the
	loss of advanced options that give better performance.
	Victor Duchovni. Files: proto/postconf.proto, global/mail_params.h.

20090426

	Feature: more accurate support for Milter macros {mail_addr}
	and {rcpt_addr}, and new support for Milter macros {mail_host},
	{mail_mailer}, {rcpt_host}, and {rcpt_mailer}.  Files:
	milter/milter.[hc], smtpd/smtpd.[hc], smtpd/smtpd_milter.c,
	smtpd/smtpd_resolve.c.

	Feature: support to report rejected recipients to Milters
	(SMFIP_RCPT_REJ). Postfix reports the event as decribed in
	Sendmail 8.14.0 documentation: {rcpt_mailer} = "error",
	{rcpt_host} = enhanced status code (e.g., "5.7.1"), and
	{rcpt_addr} = reason to reject (e.g., "Relay access denied").
	Files: milter/milter.[hc], milter/milter8.c, smtpd/smtpd.[hc],
	smtpd/smtpd_milter.c.

20090427

	Feature: Milter support for replacing the envelope sender
	and adding recipients (SMFIR_CHGFROM, SMFIR_ADDRCPT_PAR).
	This support currently ignores ESMTP command parameters.
	Files: milter/milter8.c, cleanup/cleanup_milter.c.

20090428

	Compatibility: to make all the new Milter features usable,
	raise the default milter_protocol setting from 2 to 6.
	This has been tested with a Sendmail 8.14 libmilter.
	File: global/mail_params.h.

	Bugfix: don't disable MIME parsing with smtp_header_checks,
	smtp_mime_header_checks, smtp_nested_header_checks or with
	smtp_body_checks. Bug reported by Victor. File: smtp/smtp_proto.c.

	Code cleanups: respect VSTRING invariants by using VSTRING_RESET
	and VSTRING_TERMINATE instead of directly groping the
	underlying character buffer. Files: global/dsn_buf.c,
	milter/milter8.c.

20090507

	main.cf:tls_random_source now defaults to /dev/arandom on
	OpenBSD.  This device was introduced before Postfix development
	began. Files: util/sys_defs.h, global/mail_params.h.

20090510

	Code cleanups: while emulating SMTP client requests for
	Milter applications, use user@domain form addresses as
	required by the SMTP protocol, instead of bare usernames.
	This avoids hard to debug errors from some Milter applications.
	Files: cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c,
	cleanup/cleanup_addr.c.

20090511

	Code cleanups: don't clobber -o command-line arguments so
	that Linux people can debug daemon command lines more easily.
	Files: master/*server.c.

20090513

	Code cleanups: better parsing of Postfix daemon "-o"
	command-line options, with better error handling.  Files:
	master/*server.c.

20090518

	Documentation: missing dummy entries for lmtp_mumble_checks.
	File: proto/postconf.proto.

20090519

	Bugfix (introduced: Postfix 2.3, but did not cause trouble
	until 20090427).  Queue file corruption with (smtpd_milters
	or non_smtpd_milters) enabled, AND with delay_warning_time
	enabled, AND with short envelope sender addresses (e.g.,
	local submissions with bare usernames, but not bounces).
	The queue file would be corrupted when the delay_warning_time
	record was marked as "done" after sending the "your mail
	is delayed" notice.  File: qmgr/qmgr_message.c.

20090522

	Bugfix (introduced: Postfix 2.3).  The cleanup server
	rejected mail with records of type REC_TYPE_DRCP (recipient
	deleted by Milter), but such records could be present in
	mail re-submitted with "postsuper -r". Found during code
	review. Files: global/record.h, cleanup/cleanup_envelope.c.

20090524

	Feature: new postcat options: -e (print envelope), -h (print
	header), and -b (print body). Specify "postcat -bh" to
	suppress information about envelope records, and "postcat
	-h" to get the message header only. With large messages,
	"postcat -h" is much faster than manually stripping the
	message body from the output. File: postcat/postcat.c.

20090528

	Bugfix (introduced: Postfix 2.6 change 20080629): with
	plaintext sessions, smtpd_tls_auth_only=yes caused spurious
	warnings with reject_authenticated_sender_login_mismatch,
	and broke reject_unauthenticated_sender_login_mismatch and
	reject_sender_login_mismatch.  Based on fix by Victor
	Duchovni. File: smtpd/smtpd_check.c.

20090603

	Cleanup: Postfix 2.3 adopted a file descriptor passing
	workaround for OpenBSD. This workaround was hard-coded for
	all platforms because there were no have adverse effects.
	This is no longer the case: OpenBSD is fixed, and NetBSD
	does not like the workaround. We now default back to the
	non-workaround code and turn on the workaround dynamically.
	Files: util/unix_send_fd.c, unix_recv_fd.c, unix_pass_fd_fix.c.

20090605

	Portability: modern kernels below ancient user-land. File:
	makedefs.

20090606

	Feature: post-Milter header checks, with all actions except
	PREPEND. To enable, specify for example "milter_header_checks
	= pcre:/path/to/file".  Files: cleanup/cleanup_init.c,
	cleanup/cleanup_milter.c, cleanup/cleanup_extracted.c,
	cleanup/cleanup_state.c.

	Bugfix: non-portable command pathname in postmulti-script.

	Safety: "postmulti -e destroy" no longer attempts to remove
	files that are created AFTER "postmulti -e create". Rationale:
	by design, postfix queue/data directories are not trusted;
	actions within those directory trees must not affect files
	outside those those trees (e.g. by symlink race attacks).
	We don't want to be nailed with a bunch of CVEs for unsafe
	pathname handling.  File: conf/postmulti-script.

20090607

	Cleanup: revise milter_header_checks action implementation,
	and avoid redundant logging and work when milter_header_checks
	and Milters make redundant or conflicting decisions. File:
	cleanup_milter.c.

20090614

	Preliminary postscreen triage server for all inbound SMTP
	connections.  This is not a proxy: it rejects bad clients
	and forwards the rest of the connections to a real Postfix
	SMTP server. The initial version does a simple "friend or
	foe" based on whether the client starts talking too soon.
	Decisions are cached, so "good" clients have no overhead.
	File: postscreen/postscreen.c.

	Cleanup: more robust code for receiving file descriptors
	via the "pass" master service protocol.  File:
	util/upass_listen.c.

20090617

	Temporary helper daemon that does parallel DNSBL lookups
	for postscreen(8). It logs successful lookups to the maillog
	file without blocking the client. postscreen(8) will use
	the results in a later non-production version. To enable
	DNSBL lookups, specify "postscreen_dnsbl_sites = name,
	name, etc". and restart postscreen(8) with "postfix reload".
	File: src/dnsblog/dnblog.c.

20090618

	postscreen(8) logging and actions are now documented in the
	postscreen(8) manpage. When a client is listed in DNSBLs
	specified with postscreen_dnsbl_sites, it is no longer
	whitelisted. Instead the number of blocklist hits is logged.
	File: postscreen/postscreen.c.

20090619

	postscreen(8) by default no longer immediately drops
	connections. Specify "postscreen_greet_action = drop" and
	"postscreen_hangup_action = drop" for the old behavior.
	There is also a new postscreen_dnsbl_action parameter, for
	completeness.  File: postscreen/postscreen.c.

20090708

	Portability: FreeBSD 8 has closefrom(). File: uti/sys_defs.h.

20090710

	Bugfix (introduced Postfix 2.3): Postfix got out of sync
	with a Milter application after the application sent a
	"quarantine" request at end-of-message time. The milter 
	application would still be in the end-of-message state,
	while Postfix would already be working on the next SMTP
	event (typically, QUIT or MAIL FROM).  Problem diagnosed
	with help from Alban Deniz. File: milter/milter8.c.

20090711-2

	New "event_server" Postfix server framework. It is similar
	to the "multi_server" framework but does not manage client
	I/O events.  This framework is suitable for servers such
	as postscreen that have complex event management requirements.
	File: master/event_server.c.

	New event_fork() primitive to resume event processing in a
	child process after it is created with fork(). This is
	needed by postscreen to complete work-in-progress in the
	background after "postfix reload". File: util/events.c.

	Cleanup: postscreen migrated to the "event_server" framework.
	File: postscreen/postscreen.c.

20090712

	Cleanup: ${multi_instance_name:postfix}${multi_instance_name
	?$multi_instance_name} garbage in Postfix logging is now
	hopefully gone.  File: global/mail_task.c.

20090715

	Documentation: as of Postfix 2.6, the reject_unauth_pipelining
	feature can be used meaningfully at any protocol stage.
	File: proto/postconf.proto.

20090717

	Cleanup: postscreen PREGREET detection now uses non-destructive
	read, so that the real SMTP server can still receive the
	HELO command (apparently some sites allow pregreeters to
	talk to their servers).  File: postscreen/postscreen.c.

20090805

	Bugfix: don't panic when an unexpected smtpd access map is
	specified. File: smtpd/smtpd_check.c.

20090918

	Bugfix (introduced Postfix 2.3): with Milter RCPT TO replies
	turned off, there was no automatic flush-before-read on the
	smtpd-to-milter stream, because the read was done on the
	cleanup-to-milter stream. Problem reported by Stephen Warren.
	File: milter/milter8.c.

20091005

	Bugfix: core dump while printing error message for malformed
	%<letter> sequence in LDAP, MySQL or PostgreSQL configuration.
	File: global/db_common.c. Fix by Victor Duchovni.

20091006

	Feature: "postscreen_whitelist_networks = $mynetworks" (the
	default) to avoid problems with buggy SMTP implementations
	in network appliances.  Note: this feature never uses the
	remote SMTP client hostname.  Files: global/addr_match_list.[hc],
	postscreen/postscreen.c.

	Feature: postscreen_blacklist_networks (default: empty) to
	permanently blacklist hosts or networks. Address syntax is
	as with mynetworks. Note: this feature never uses the remote
	SMTP client hostname.  File: postscreen/postscreen.c.

	Feature: postscreen_blacklist_action (default: continue)
	to control what happens with a permanently blacklisted
	client. File: postscreen/postscreen.c.

20091007

	Feature: hostname-based check_client_{mx,ns}_access,
	check_reverse_client_hostname_{mx,ns}_access (the client
	IP address is not used). Rob Foehl.  Files: smtpd/smtpd_check.c,
	global/mail_params.h, proto/postconf.proto, mantools/postlink.

20091008

	Documentation: restructured the postscreen(8) manpage
	as a sequence of tests. File: postscreen/postscreen.c.

20091012

	Bugfix: postmulti did not skip commands with -p.  Luca
	Berra. File: postmulti/postmulti.c.

20091023

	Feature: specify "smtpd_command_filter = pcre:/file/name"
	to replace remote SMTP client commands before they are
	executed by the Postfix SMTP server. This a last-resort
	tool to fix inter-operability problems.  See examples in
	the postconf(5) manual page.  File: smtpd/smtpd.c.

20091026

	Cleanup: changed parameter evaluation order so that the
	multi_instance_wrapper parameter value is evaluated after
	the command and daemon directory parameters. File:
	global/mail_params.h.

20091101

	Performance: specify "smtpd_proxy_options = speed_adjust"
	to receive an entire message before sending it through a
	before-queue content filter. This reduces the number of
	simultaneous content filtering processes, and thus, the
	system memory requirements.  Files: smtpd/smtpd.[hc],
	smtpd/smtpd_proxy.[hc].

20091103-4

	Cleaned up the speed-adjust code, streamlined the error
	handling, and updated documentation. Files: smtpd/smtpd.[hc],
	smtpd/smtpd_proxy.[hc], proto/SMTPD_PROXY_README.html.

20091105

	Cleaning up after speed_adjust introduction: smtpd segfault
	caused by an incomplete API change; refined the queue space
	check; release scratch space immediately after delivering
	mail to the before-queue filter. Files: smtpd.c, smtpd_proxy.c.

20091110

	Workaround: specify "smtp_tls_block_early_mail_reply = yes"
	to detect a mail hijacking attack based on a TLS protocol
	vulnerability (CVE-2009-3555). The attack involves prepending
	malicious HELO/MAIL/RCPT/DATA commands to a Postfix SMTP
	client TLS session. The attack would succeed with non-Postfix
	SMTP servers that reply to the malicious commands after
	negotiating the Postfix SMTP client TLS session. File:
	smtp/smtp_proto.c.

20091113

	Workaround: skip interfaces without netmask, to avoid
	segfaults (reported by Dmitry Karasik). Don't supply a dummy
	null netmask, as that would turn Postfix into an open relay
	(mynetworks = 0.0.0.0/0). File: util/inet_addr_local.c.

	Bugfix: forgot to flush output to the smtpd_proxy speed-adjust
	buffer before truncating the file. Reported by Mark Martinec,
	fix by Victor Duchovni. File: smtpd/smtpd_proxy.c.

20091114

	Feature: specify "smtp_reply_filter = pcre:/file/name" to
	replace remote SMTP server reply lines before they are
	parsed by the Postfix SMTP client. This a last-resort tool
	to fix inter-operability problems.  See examples in the
	postconf(5) manual page.  File: smtp/smtp_chat.c.

	Safety: don't send postmaster notifications to report
	problems delivering (possible) postmaster notifications.
	File: smtp/smtp_connect.c.

20091121

	Feature: sender_dependent_default_transport_maps, to override
	the default transport in a sender-dependent manner. This
	is not a transport_maps override, and therefore it does not
	use the transport_maps syntax for null transport, null
	nexthop, or null email address.

20091127

	Usability: the Postfix SMTP client now logs a warning that
	wrappermode TLS is not supported, when configured to connect
	to port smtps/465. File: smtp/smtp_connect.c.

20091203

	Safety: the postscreen daemon logs a warning when table
	lookup is slow. Slow lookups cause postscreen to fall behind,
	and worse, to catch up in bursts, which results in overload
	elsewhere.  File: postscreen/postscreen.c.

20091206

	Feature: by popular demand, the Postfix SMTP server now
	logs the before-queue content filter's end-of-message
	accept/reject response.  File: smtpd/smtpd.c.

20091209

	Portability: as the result of continuous improvement,
	Berkeley DB no longer allows fork-then-close. File:
	postscreen/postscreen.c.

	Bugfix: sender_dependent_relayhost_maps did not reject an
	empty lookup result, and did not recognize lookup errors,
	thus treating errors as "not found". Problem found during
	code maintenance. File: trivial-rewrite/resolve.c.

	Cleanup: the postscreen daemon now applies the permanent
	whitelist first. It is a safety feature that prevents mail
	from being blocked. File: postscreeb/postscreen.c.

20091224

	Bugfix (introduced 20041215): dict_dbm_sequence() did not
	release the shared lock when the end of the sequence was
	reached. File: util/dict_dbm.c.

20091227

	Cleanup: postscreen and verify periodic cache cleanup
	(default: 12 hours after the previous cache cleanup run).
	This is based on a new dict_cache(3) module that implements
	a generalized version of the tlsmgr(8) cache maintenance
	code.  Once the new dict_cache(3) code is burned in, the
	tlsmgr(8) will be migrated to it. See the RELEASE_NOTES for
	user interface details. Files: util/htable.[hc], util/dict_ht.c,
	util/dict_cache.[hc], postscreen/postscreen.c, verify/verify.c.

	Bugfix: the event handler starved I/O events when a timer
	call-back routine scheduled a zero-delay timer request.
	This bug was exposed when adding the new dict_cache(3)
	module for cache expiration.  File: util/events.c.

20091228

	Cleanup: postscreen and verify periodic cache cleanup is
	now optional (specify a null time interval between cache
	cleanup runs).

20091229

	Cleanup: the address_verify_poll_count default parameter
	value is now stress-dependent, so that the Postfix SMTP
	server will not wait (up to 6 seconds) for the address
	verification result. File: global/mail_params.h.

	Final slution for the I/O event starvation problem when a
	timer call-back schedules a zero-delay timer request.  File:
	util/events.c.

20091231

	Cleanup: the non-shared, in-memory hash table is now
	accessible as the "internal:" map type. This simplifies
	code by eliminating some special cases. Files: util/dict_ht.c,
	util/dict_open.c, and documentation.

20100101

	Bugfix: the mantools/postlink script applied hyperlinks
	for the "virtual:" transport to "/etc/postfix/virtual:".
	Symptom reported by Christoph Anton Mitterer.

20200102

	Workaround: don't report bogus Berkeley DB close errors as
	fatal errors. All operations before close are already error
	checked, so the data is known to be safe.  File: util/dict_db.c.

20100107

	Documentation: the access(5) manual page did not document
	the "send 521 and disconnect" behavior in the Postfix SMTP
	server (introduced with Postfix 2.6). File: proto/access.

	Bugfix: the pickup daemon did not discard messages that
	were requeued after all recipients were delivered (or
	bounced), and the cleanup server tried to bounce such
	messages. Files: pickup/pickup.c, global/cleanup_user.h.

	Future proofing: redundant code in postdrop to reject a
	submission without recipient record. File: postdrop/postdrop.c.

20100109

	Cleanup: "postcat -q" will now access files in the "saved"
	queue directory (for corrupted queue files). As before, the
	"postsuper" command will not, to avoid suddenly deleting
	such files. Files: global/mail_queue.h postcat/postcat.c.

20100113

	Cleanup: don't supply the "-o stress" command-line option
	with a single-process service. File: master/master_ent.c.

20100115

	Bugfix: the valid_hostname() fuction did not set the
	"non-numeric" flag after encountering the '-' character.
	Reported by Jan Schampera.  File: util/valid_hostname.c.

20100116

	Documentation: the content_filter and FILTER features never
	supported the special cases of transport_maps. References
	to transport_maps syntax are now removed from content filter
	discussions.  Files: proto/postconf.proto, proto/FILTER_README.

	Workaround: as of Postfix 2.3 the VRFY command did not allow
	a mailbox address inside <>, which broke expectations.  RFC
	2821 (and 5321) is vague about the VRFY request format, but
	spends lots of text on the reply format.  File: smtpd/smtpd.c.

20010117

	Cleanup: when a content_filter parameter or FILTER command
	specifies an empty next-hop destination, the queue manager
	now uses the recipient domain instead of $myhostname. Specify
	"default_filter_nexthop = $myhostname" for compatibility
	with Postfix 2.6 and earlier, or specify a non-empty next-hop
	filter destination.  Files: *qmgr/qmgr_message.c proto/access,
	proto/header_checks, proto/postconf.proto, proto/FILTER_README.

20100120

	Cleanup: detect illegal pipelining after HELO, EHLO.  File:
	smtpd/smtpd.c.

20100128

	Documentation: streamlined the decriptions of protocol and
	cipher tweaks. Victor Duchovni. Files: proto/TLS_README,
	proto/postconf.proto.

20100131

	Documentation: the address verification database is now
	persistent by default. This, combined with the now default
	stress-dependent configuration, improves the performance
	limits and simplifies database maintenance.  Files:
	proto/ADDRESS_VERIFICATION_README, verify/verify.c.

	Cleanup: undo the proxymap and trivial-rewrite max_idle=1s
	override that was introduced with Postfix 2.3. It did not
	help to retire long-lived proxymap or trivial-rewrite
	processes on busy servers, and worsened performance on
	low-traffic servers. The reduced ipc_ttl value (introduced
	with Postfix 2.4) already solves the problem of retiring
	long-lived proxymap or trivial-rewrite processes.  Files:
	proxymap/proxymap.c, trivial-rewrite/trivial-rewrite.c.

20100202

	Documentation: major revision of SASL_README with many
	details on how to configure Cyrus SASL internals. Patrick
	Koetter.  File: proto/SASL_README.html

20100204

	Feature: added "forward_secrecy" option for Cyrus SASL.
	File: xsasl/xsasl_cyrus_security.c.

20100206

	Bugfix (from day zero): the local delivery agent returned
	undeliverable mail to the envelope sender instead of the
	owner- alias, when delivering to command or file. This
	reuses the workaround that was implemented to report a
	Delivered-To: loop. Files: local/file.c, local/command.c,
	local/recipient.c, local/bounce_workaround.c.

20100209

	The tcp_table(5) interface is now part of the stable release.
	The last protocol change was in Postfix 2.1. File:
	util/dict_open.c.

20100422

	Workaround (introduced: postfix-19990906 a.k.a. Postfix
	0.8.0).  The Postfix local delivery agent did not properly
	distinguish between "address has no extension" and "address
	has an extension, but the extension is invalid". In both
	cases it would run only the full recipient local-part through
	the alias maps.  Instead, it now drops the faulty extension
	from the recipient address local-part (it would be too
	error-prone to replace all tests for "no extension" by tests
	for "no valid extension".  File: local/recipient.c.

20100515

	Bugfix (introduced Postfix 2.6): the Postfix SMTP client
	XFORWARD implementation did not skip "unknown" SMTP client
	attributes, causing a syntax error when sending a PORT
	attribute. Reported by Victor Duchovni. File: smtp/smtp_proto.c.

20100526

	Cleanup: a unit-test driver (for stand-alone tests) was not
	updated after an internal API change. Vesa-Matti J Kari
	File: milter/milter.c.

20100529

	Portability: OpenSSL 1.0.0 changes the priority of anonymous
	cyphers. Victor Duchovni. Files: postconf.proto,
	global/mail_params.h, tls/tls_certkey.c, tls/tls_client.c,
	tls/tls_dh.c, tls/tls_server.c.

	Portability: Mac OS 10.6.3 requires <arpa/nameser_compat.h>
	instead of <nameser8_compat.h>. Files: makedefs, util/sys_defs.h,
	dns/dns.h.

20100531

	Robustness: skip LDAP queries with non-ASCII search strings.
	The LDAP library requires well-formed UTF-8.  Victor Duchovni.
	File: global/dict_ldap.c.

20100601

	Safety: Postfix processes log a warning when a matchlist
	has a #comment at the end of a line (for example mynetworks
	or relay_domains).  File: util/match_list.c.

	Portability: Berkeley DB 5.x has the same API as Berkeley
	DB 4.1 and later. File: util/dict_db.c.

20100610

	Bugfix (introduced Postfix 2.2): Postfix no longer appends
	the system default CA certificates to the lists specified
	with *_tls_CAfile or with *_tls_CApath.  This prevents
	third-party certificates from getting mail relay permission
	with the permit_tls_all_clientcerts feature.  Unfortunately
	this may cause compatibility problems with configurations
	that rely on certificate verification for other purposes.
	To get the old behavior, specify "tls_append_default_CA =
	yes".  Files: tls/tls_certkey.c, tls/tls_misc.c,
	global/mail_params.h.  proto/postconf.proto, mantools/postlink.

20100714

	Compatibility with Postfix < 2.3: fix 20061207 was incomplete
	(undoing the change to bounce instead of defer after
	pipe-to-command delivery fails with a signal). Fix by Thomas
	Arnett. File: global/pipe_command.c.

20100727

	Bugfix: the milter_header_checks parser provided only the
	actions that change the message flow (reject, filter,
	discard, redirect) but disabled the non-flow actions (warn,
	replace, prepend, ignore, dunno, ok).  File:
	cleanup/cleanup_milter.c.

20100827

	Performance: fix for poor smtpd_proxy_filter TCP performance
	over loopback (127.0.0.1) connections. Problem reported by
	Mark Martinec.  Files: smtpd/smtpd_proxy.c.

20101023

	Cleanup: don't apply reject_rhsbl_helo to non-domain forms
	such as network addresses.  This would cause false positives
	with dbl.spamhaus.org.  File: smtpd/smtpd_check.c.

20101117

	Bugfix: the "421" reply after Milter error was overruled
	by Postfix 1.1 code that replied with "503" for RFC 2821
	compliance. We now make an exception for "final" replies,
	as permitted by RFC. Solution by Victor Duchovni. File:
	smtpd/smtpd.c.

20101201

	Workaround: BSD-ish mkdir() ignores the effective GID and
	copies group ownership from the parent directory.  File:
	util/make_dirs.c.

20101202

	Cleanup: the cleanup server now reports a temporary delivery
	error when it reaches the virtual_alias_expansion_limit or
	virtual_alias_recursion_limit. Previously, it would silently
	ignore the excess recipients and deliver the message.  File:
	cleanup/cleanup_map1n.c.

20110105

	Bugfix (introduced with the Postfix TLS patch): discard
	plaintext following the STARTTLS command or response. This
	matters only for the minority of SMTP clients that actually
	verify server certificates.  Files: smtpd/smtpd.c,
	smtp/smtp_proto.c.

	This vulnerability is also known as CVE-2011-0411.

20110109

	Bugfix (introduced Postfix 2.4): on Solaris the Postfix
	event engine was deaf for SIGHUP and SIGALRM signals after
	the switch to /dev/poll. Symptoms were delayed "postfix
	reload" response, and killed processes when the watchdog
	timeout was less than max_idle.  The fix is to set up SIGHUP
	and SIGALRM handlers that write to a pipe, and to monitor
	that pipe for read events via the Postfix event engine.
	Files: master/master_sig.c, util/watchdog.c, util/sys_defs.h.

20110117

	Bugfix (introduced Postfix alpha, or thereabouts): on HP-UX
	the Postfix event engine was deaf for SIGALRM signals.
	Symptoms were killed processes when the watchdog timeout
	was less than max_idle.  The fix is the same as Solaris fix
	20110109. Since we can't know what other systems need this,
	the workaround is enabled by default.  Files: util/sys_defs.h.

20110225

	Workaround (problem introduced with IPv6 support in Postfix
	2.2): the SMTP client did not support mail to [ipv6:ipv6addr].
	Fix based on a patch by Gurusamy Sarathy (Sophos).  File:
	util/host_port.c and regression test files.

20110227

	Portability: FreeBSD closefrom() support time window.  Sahil
	Tandon.  File: util/sys_defs.h.