Skip to content
HISTORY 581 KiB
Newer Older
Boris Mühmer's avatar
Boris Mühmer committed

	Security: do not allow weird characters in the expansion
	of $names that appear in $forward_path. Just like with
	shell commands, replace bad characters in expansions by
	underscores.  Configuration parameter:  forward_expansion_filter.

19990902

	Documentation: added a sample postfix alias to the examples
	in the INSTALL document and in the conf/aliases file.
	Reminded by Simon J.  Mudd @ alltrading.com.

19990903

	Bugfix: in case of some error conditions the pickup daemon
	could leak small amounts of memory.

19990905

	Bugfix: no more "skipping further client input" warnings
	when a message header is rejected.

	Feature: reject_unauth_pipelining SMTP restriction that
	rejects mail from clients that improperly use SMTP command
	pipelining.

	Robustness: the LDAP client by default no longer looks up
	names containing "*". See the lookup_wildcards feature in
	LDAP_README. Update by John Hensley.

	Documentation: address masquerading with exceptions FAQ by
	Jim Seymour @ jimsun.LinxNet.com.

	Bugfix: mysql reconnect after disconnect by Scott Cotton
	Internet Consultants Group, Inc. File: util/dict_myqsl.c.

	Portability: the Postfix to PCRE interface now expects
	version 2.08.  Postfix is no longer compatible with PCRE
	versions before 2.6.

19990906

	Feature: INSTALL.sh script that makes Postfix installation
	a bit less painful. This script can be used for installing
	and for upgrading Postfix. It replaces files instead of
	overwriting them, and leaves existing configuration and
	queue files intact.

19990907

	Bugfix: reject_non_fqdn_sender used the wrong test to see
	if a sender address was given and could dump core. This
	must have been broken ever since the UCE tests were moved
	to the RCPT TO stage in 19990510.

	Bugfix: check_sender_access was recognized as a valid
	restriction name only if a sender had been specified.

19990908

	Portability: Unixware has <sysexits.h> only after sendmail
	is installed. Changed postlock.c to use global/sys_exits.h.

19990909

	Performance: added one-entry cache to the address rewriting
	client and to the address resolving client. This is because
	UCE restrictions tend to produce the same query repeatedly.
	Files: global/rewrite_clnt.c, global/resolve_clnt.c.

	Feature: the UCE restrictions are now fully recursive so
	you can have per-client/helo/sender/recipient restrictions.
	Instead of OK, REJECT or [45]xx, you can specify a sequence
	of restrictions on the right-hand side of an SMTPD access
	table. This means you can no longer use canonical/virtual/alias
	maps as SMTPD access tables. But the loss is compensated
	for.  File: smtpd/smtpd_access.c.

	Feature: restriction classes, essentially a short-hand for
	restriction lists.  These short hands are useful mostly on
	the right-hand side of SMTPD access tables. You must use
	restriction classes in order to have lookup tables on the
	right-hand side of an SMTPD access table.  File:
	smtpd/smtpd_access.c.

	Feature: "permit_recipient_map maptype:mapname" permits a
	recipient address when it matches the specified table.
	Lookups are done just as with canonical/virtual maps.  With
	this, you can also use passwd/aliases as SMTPD access maps.
	File: smtpd/smtpd_access.c.

19990910

	Changed "permit_address_map" into "permit_recipient_map"
	and added a test for the case that they specify a lookup
Boris Mühmer's avatar
Boris Mühmer committed
	table on the right-hand side of an SMTPD access map.  File:
	smtpd/smtpd_access.c.
Boris Mühmer's avatar
Boris Mühmer committed
3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110 3111 3112 3113 3114 3115 3116 3117 3118 3119 3120 3121 3122 3123 3124 3125 3126 3127 3128 3129 3130 3131 3132 3133 3134 3135 3136 3137 3138 3139 3140 3141 3142 3143 3144 3145 3146 3147 3148 3149 3150 3151 3152 3153 3154 3155 3156 3157 3158 3159 3160 3161 3162 3163 3164 3165 3166 3167 3168 3169 3170 3171 3172 3173 3174 3175 3176 3177 3178 3179 3180 3181 3182 3183 3184 3185 3186 3187 3188 3189 3190 3191 3192 3193 3194 3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227 3228 3229 3230 3231 3232 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 3249 3250 3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263 3264 3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 3275 3276 3277 3278 3279 3280 3281 3282 3283 3284 3285 3286 3287 3288 3289 3290 3291 3292 3293 3294 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 3344 3345 3346 3347 3348 3349 3350 3351 3352 3353 3354 3355 3356 3357 3358 3359 3360 3361 3362 3363 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373 3374 3375 3376 3377 3378 3379 3380 3381 3382 3383 3384 3385 3386 3387 3388 3389 3390 3391 3392 3393 3394 3395 3396 3397 3398 3399 3400 3401 3402 3403 3404 3405 3406 3407 3408 3409 3410 3411 3412 3413 3414 3415 3416 3417 3418 3419 3420 3421 3422 3423 3424 3425 3426 3427 3428 3429 3430 3431 3432 3433 3434 3435 3436 3437 3438 3439 3440 3441 3442 3443 3444 3445 3446 3447 3448 3449 3450 3451 3452 3453 3454 3455 3456 3457 3458 3459 3460 3461 3462 3463 3464 3465 3466 3467 3468 3469 3470 3471 3472 3473 3474 3475 3476 3477 3478 3479 3480 3481 3482 3483 3484 3485 3486 3487 3488 3489 3490 3491 3492 3493 3494 3495 3496 3497 3498 3499 3500 3501 3502 3503 3504 3505 3506 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516 3517 3518 3519 3520 3521 3522 3523 3524 3525 3526 3527 3528 3529 3530 3531 3532 3533 3534 3535 3536 3537 3538 3539 3540 3541 3542 3543 3544 3545 3546 3547 3548 3549 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590 3591 3592 3593 3594 3595 3596 3597 3598 3599 3600 3601 3602 3603 3604 3605 3606 3607 3608 3609 3610 3611 3612 3613 3614 3615 3616 3617 3618 3619 3620 3621 3622 3623 3624 3625 3626 3627 3628 3629 3630 3631 3632 3633 3634 3635 3636 3637 3638 3639 3640 3641 3642 3643 3644 3645 3646 3647 3648 3649 3650 3651 3652 3653 3654 3655 3656 3657 3658 3659 3660 3661 3662 3663 3664 3665 3666 3667 3668 3669 3670 3671 3672 3673 3674 3675 3676 3677 3678 3679 3680 3681 3682 3683 3684 3685 3686 3687 3688 3689 3690 3691 3692 3693 3694 3695 3696 3697 3698 3699 3700 3701 3702 3703 3704 3705 3706 3707 3708 3709 3710 3711 3712 3713 3714 3715 3716 3717 3718 3719 3720 3721 3722 3723 3724 3725 3726 3727 3728 3729 3730 3731 3732 3733 3734 3735 3736 3737 3738 3739 3740 3741 3742 3743 3744 3745 3746 3747 3748 3749 3750 3751 3752 3753 3754 3755 3756 3757 3758 3759 3760 3761 3762 3763 3764 3765 3766 3767 3768 3769 3770 3771 3772 3773 3774 3775 3776 3777 3778 3779 3780 3781 3782 3783 3784 3785 3786 3787 3788 3789 3790 3791 3792 3793 3794 3795 3796 3797 3798 3799 3800 3801 3802 3803 3804 3805 3806 3807 3808 3809 3810 3811 3812 3813 3814 3815 3816 3817 3818 3819 3820 3821 3822 3823 3824 3825 3826 3827 3828 3829 3830 3831 3832 3833 3834 3835 3836 3837 3838 3839 3840 3841 3842 3843 3844 3845 3846 3847 3848 3849 3850 3851 3852 3853 3854 3855 3856 3857 3858 3859 3860 3861 3862 3863 3864 3865 3866 3867 3868 3869 3870 3871 3872 3873 3874 3875 3876 3877 3878 3879 3880 3881 3882 3883 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 3895 3896 3897 3898 3899 3900 3901 3902 3903 3904 3905 3906 3907 3908 3909 3910 3911 3912 3913 3914 3915 3916 3917 3918 3919 3920 3921 3922 3923 3924 3925 3926 3927 3928 3929 3930 3931 3932 3933 3934 3935 3936 3937 3938 3939 3940 3941 3942 3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 3953 3954 3955 3956 3957 3958 3959 3960 3961 3962 3963 3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 3974 3975 3976 3977 3978 3979 3980 3981 3982 3983 3984 3985 3986 3987 3988 3989 3990 3991 3992 3993 3994 3995 3996 3997 3998 3999 4000

	Cleanup: removed spurious sender address checks for <>.
	File: smtpd/smtpd_check.c.

	Cleanup: the smtp client now consistently logs host[address]
	for all connection attempts.

19990919

	Feature: in an SMTPD access map, an all-numeric right-hand
	side now means OK, for better cooperation with out-of-band
	authentication mechanisms.

19990922

	Security: recipient addresses must not start with '-', in
	order to protect external commands. The old behavior is
	re-instated when main.cf specifies:  "allow_min_user =
	yes".  Credits to Mads Kiilerich @ Kiilerich.com.  File:
	qmgr/qmgr_message.c.

	Bugfix: after 19990831, the queue manager would throw away
	defer logs after deferring mail to known-to-be-dead hosts
	or message transports. This means that in some cases, mailq
	would not show why mail is delayed, and that delayed mail
	could be sent back with recipients missing from the error
	report. Reported by Giulio Orsero @ tiscalinet.it.

19990923

	Bugfix: the above bugfix broke bounces of mail with bad
	address syntax and relocated users. Problem diagnosed by
	Dick Porter @ acm.org.

	Documentation: added DO NOT EDIT THIS FILE. EDIT MAIN.CF
	INSTEAD notices to the sample-xxx.cf files.

19991007

	Compatibility: ignore the sendmail -U (initial user
	submission) option. Thomas Quinot @ cuivre.fr.eu.org.

19991103

	Code cleanup: don't send postmaster notifications when an
	SMTP client sends a DATA command while no recipients were
	accepted.  This can happen when a pipelined client runs
	into an UCE block. File:  smtpd/smtpd.c.

19991104

	Robustness: do not apply UCE header checks to mail that is
	generated by Postfix (bounces, forwarded mail etc.).  Files:
	smtpd/smtpd.c, pickup/pickup.c, cleanup/cleanup_message.c.

	Robustness: new generic watchdog module that can deal with
	clocks that jump occasionally. Files: util/watchdog.c,
	master/master.c, master/{single,multi,trigger}_server.c.
	This hopefully ends the false watchdog alarms that happen
	when clocks are set or when laptops are resumed.

	Code cleanup: BSMTP requires dot quoting as per RFC 821.
	Based on code by Florian Lohoff @ rfc822.org. Files:
	global/mail_copy.[hc], pipe/pipe.c.

19991105

	Bugfix: the crufty code in inet_addr_local() did not find
	IP aliases. File: util/inet_addr_local.c.

	Portability: the INSTALL.sh utility did not find users or
	groups in NIS or Netinfo tables. The script no longer
	searches the /etc/passwd and /etc/group files.  Instead it
	now queries the unix:passwd.byname and unix:group.byname
	maps.  For this, a -q (query) option was added to postmap
	(and to postalias, for symmetry).  Files: util/dict_unix.c,
	postalias/postalias.c, postmap/postmap.c, INSTALL.sh.

	Bugfix: LDAP lookup timeout settings were ignored. Patch
	by John Hensley. File: util/dict_ldap.c.

19991108

	Bugfix: when doing a fresh install, INSTALL.sh didn't set
	main.cf:mail_owner properly (Simon J. Mudd).

19991109

	Bugfix: when doing a fresh install, INSTALL.sh no longer
	worked (missing main.cf file).  Fix: add "-c" argument to
	the postmap commands (Lars Hecking @ nmrc.ucc.ie).

	Documentation: removed spurious "do not edit" comments from
	the sample pcre and regexp configuration files.

19991110-13

	Code cleanup: greatly simplified the SMTPD command parser
	and somewhat simplified the code that groks RFC 822-style
	address syntax in MAIL FROM and RCPT TO commands.

	New parameter: strict_rfc821_envelopes (default: no) to
	reject RFC 822 address forms (with comments etc.) in SMTP
	envelopes. By default, the Postfix SMTP server only logs
	a warning.

19991113

	Oops, also updated the SMTP VRFY code in the light of
	changes to the SMTPD command parser.

	Cleanup: the local delivery agent now explicitly rejects
	recipients with an empty username.

19991114

	Workaround: with some gawk versions, postconf/extract.awk
	reportedly returns a non-zero exit status upon success.
	Added an explicit exit(0) statement.

19991115

	Feature: DNS TXT record lookup support, based on initial
	code by Simon J Mudd.  File: dns/dns_lookup.c.

	Feature: RBL TXT record lookups, based on initial code by
	Simon J Mudd.  File: smtpd/smtpd_check.c.

	Feature: permit_auth_destination restriction based on code
	by Jesper Skriver @ skriver.dk.

	Code cleanup: the transport table now can override all
	deliveries, including local ones.

19991116

	Code cleanup: a new "local_transports" configuration
	parameter explicitly lists all transports that deliver mail
	locally. The first name listed there is the default local
	transport.  This is the end of the "empty next-hop hostname"
	hack to indicate that a destination is local.  Files:
	trivial-rewrite/resolve.c, global/local_transport.[hc]

	Feature: "postconf -m" shows what lookup table types are
	available.  Code by Scott Cotton, Internet Consultants
	Group, Inc.

	Feature: "postconf -e" edits any number of main.cf parameters.
	The edit is done on a copy, and the copy is renamed into
	the place of the original. File: postconf/postconf.c,
	util/readlline.[hc].

19991117

	Portability: SunOS 4 has no SA_RESTART. File: util/watchdog.c.

	Feature: on systems with h_errno, the "reject_unknown_client"
	restriction now distinguishes between soft errors (always
	reply with 450) and hard errors (use the user-specified
	reply code).  This should lessen the load by broken mailers
	that re-connect once a minute.

	Feature: forward/reverse name/address check for SMTP client
	hostnames. This fends off some hypothetical attacks by
	spammers who are in control of their own reverse mapping.

	Robustness: postconf no longer aborts when it can't figure
	out the local domain name; it prints a warning instead.
	This allows you to use "postconf -e" to fix the problem.

19991118

	Bugfix: the RFC822 address parser would misparse a leading
	\ as an atom all by itself. Problem reported by Keith
	Stevenson @ louisville.edu. File: global/tok822_parse.c.

19991119

	Bugfix: tiny memory leak in pipe_command() when fork()
	fails.  File: global/pipe_command.c.

19991120

	Bugfix: reversed test for all-numerical results in SMTPD
	access maps. File: smtpd/smtpd_check.c.

19991121

	Robustness: INSTALL.sh no longer uses postmap for sanity
	checks.

	Feature: INSTALL.sh now has an install_root option.

	Bugfix: INSTALL.sh now installs manual pages with proper
	permissions and ownership.

	Bugfix: the LDAP client did not properly escape special
	characters in lookup keys (patch by John Hensley).  File:
	util/dict_ldap.c.

19991122

	Bugfix: missing absolute path in INSTALL.sh broke fresh
	install.

19991124

	Bugfix: the local delivery agent's recipient duplicate
	filter did not work when configured to use unlimited memory
	(which is not a recommended setting). Patrik Rak @raxoft.cz.

19991125

	Bugfix: postconf didn't have an umask(022) call at the
	beginning (problem experienced by Matthias Andree).

19991126

	Bugfix: DNS TXT records now have string lengths before text
	(Mark Martinec @ nsc.ijs.si).

19991127

	Update: the LDAP client code now supports escapes as per
	RFC2254 (John Hensley).

19991207

	Performance: one message with many recipients no longer
	stops other mail from being delivered. The queue manager
	now frees in-memory recipients as soon as a message is
	delivered to one destination, rather than waiting until
	all in-memory destinations of that message have been tried.
	Patch by Patrik Rak @ raxoft.cz.  Files: qmgr/qmgr_entry.c,
	qmgr/qmgr_message.c.

	Performance: when delivering mail to a huge list of
	recipients, the queue manager now reads more recipients
	from the queue file before delivery concurrency drops too
	low.  Files:  qmgr/qmgr_entry.c, qmgr/qmgr_message.c.

19991208

	Updated LDAP client code by John Hensley with escape
	sequences as per RFC 2254. File: util/dict_ldap.c.

	Updated MYSQL client code by Scott Cotton. File: dict_mysql.c.

	Feature: added -N/-n options to include/exclude terminating
	nulls in keys and values in postmap/postalias DB or DBM
	files. Normally, Postfix uses whatever is appropriate for
	the host system.  A non-default setting can be necessary
	for inter-operability with third-party software.

	Bugfix: the local delivery agent would deliver to the user
	instead of the .forward file when the .forward file was
	already visited via some non-recursive path. Patch by Patrik
	Rak @ raxoft.cz. Files: global/been_here.c, local/dotforward.c.

	Robustness: attempt to deliver all addresses in the expansion
	of an alias or .forward file, even when some addresses must
	be deferred.  File: local/token.c.

19991211

	Performance: qmgr_fudge_factor controls what percentage of
	delivery resources Postfix will devote to one message.
	With 100%, delivery of one message does not begin before
	delivery of the previous message is completed. This is good
	for list performance, bad for one-to-one mail. With 10%,
	response time for one-to-one mail improves much, but list
	performance suffers. In the worst case, people near the
	start of a mailing list get a burst of postings today,
	while people near the end of the list get that same burst
	of postings a whole day later.  Files: qmgr/qmgr_message.c,
	qmgr/qmgr_entry.c.

	Bugfix: address rewriting would panic on a lone \ at the
	end of a line where an address was expected. Jason Hoos @
	thwack.net. File: global/rewrite_clnt.c.

19991215

	Bugfix: the strict RFC821 envelope address check should
	not be applied to VRFY commands. File: smtpd/smtpd.c.

	Cleanup: permit_recipient_maps is gone, because that could
	only be used inside UCE restrictions.

19991216

	Feature: allow an empty inet_interfaces parameter, just
	like an empty mydestination parameter. It's needed for true
	null clients and for firewalls that deliver no local mail.

	Feature: "disable_vrfy_command = yes" disables some forms
	of address harvesting used by spammers.

	Workaround: added the alias map parameter definition to
	the smtpd code.  This is a symptom of a general problem
	with parameters that have non-empty default values:  unless
	a program explicitly defines such a parameter, the parameter
	defaults to the empty string when used in other parameters.
	There's also a problem with evaluation order.

	Feature: the SMTP server rejects mail for unknown users in
	virtual domains that are defined by Postfix virtual domain
	files. File: smtpd/smtpd_check.c.

	Feature: reject mail for unknown local users at the SMTP
	port.  The local_recipient_maps configuration parameter
	specifies maps with all addresses that are local with
	respect to $mydestination or $inet_interfaces. Example:
	"local_recipient_maps = $alias_maps unix:passwd.byname".
	This feature is disabled by default. You may have to copy
	the passwd file into the chroot jail. File:  smtpd/smtpd_check.c.

	Feature: the sendmail -f option now understands '<user>'
	and even understands address forms with RFC 822-style
	comments.

19991217

	Cleanup: no more UCE checks for VRFY commands. It still
	reports unknown local/virtual users. File:  smtpd/smtpd_check.c.

	Robustness: upon Postfix startup, report discrepancies
	between system files inside and outside the chroot jail.
	Files: conf/postfix-script-nosgid, conf/postfix-script-sgid.

19991218

	Cleanup: INSTALL.sh produces relative symlinks, which is
	necessary when install_root is not /.

19991219

	Documentation: completely reorganized the FAQ and added
	many new entries. Rewrote the UCE html documentation.

	Cleanup: INSTALL.sh uses a configurable directory for
	scratch files, so that it can install from a file system
	that is not writable by the super-user.

	Cleanup: INSTALL.sh gives helpful hints when the "mv"
	command is unable to move symlinks across file system
	boundaries.

19991220

	Cleanup: it is no longer necessary to list $virtual_maps
	as part of the relay_domains definition. The SMTP server
	now by default accepts mail for destinations that match
	$inet_interfaces, $mydestination or $virtual_maps, whether
	or not these are specified in relay_domains.  We still need
	the ugly "virtual.domain whatever" hack in the virtual
	maps. Files:  smtpd/smtpd_check.c and lots of documentation
	and sample config files.

19991221

	Removed cyrus -q flag (ignore quotas) from the sample
	master.cf file.

19991223

	Bugfix: smtpd should not check for unknown users when
	running in stand-alone (sendmail -bs) mode. Problem
	experienced by Chuck Mead.  File: smtpd/smtpd.c.

	Retraction: the "local_transports" configuration parameter
	is gone. Adjusted code and documentation accordingly.
	Instead, use just one "local_transport" parameter with the
	name of the default local transport. Files:  smtpd/smtpd_check.c,
	qmgr/qmgr_message.c, trivial-rewrite/ resolve.c, local/resolve.c.

	Feature: Postfix SMTPD now insists that the smtpd recipient
	restrictions contain at least one restriction that by
	default rejects mail. This should make it much more difficult
	to change Postfix into an open relay.  File:  smtpd/smtpd_check.c.

	Retraction: null-length inet_interfaces is too confusing.

19991224

	Bugfix: the relative symlink code in INSTALL.sh computed
	the ../ prefix from the wrong pathname.

1999122[5-7]

	Feature: "allow_untrusted_routing = no" (default) prevents
	forwarding of source-routed mail from untrusted clients to
	destinations that are blessed by the relay_domains parameter
	(example:  user@domain2@domain1 etc.).  This plugs a mail
	relay loophole where a backup MX host forwards junk mail
	to a primary MX host which forwards the junk to the Internet.
	Files:  global/quote_822_local.c, smtp/quote_821_local.c,
	trivial-rewrite/rewrite.c, trivial-rewrite/resolve.c,
	smtp/smtpd_check.c.

	In order to make this possible, the Postfix resolver data
	structure and protocol has changed, so that all resolver
	clients need to be re-compiled.

	Side effect from the above change: from now on, an address
	with @ in the recipient localpart no longer bounces with
	"user unknown" but instead is rejected with "relay access
	denied" or "source-routed relay access denied".

19991227

	Workaround: the BSD/OS "mkdir -p" and "cmp -s" commands
	misbehave on boundary cases: directory exists or file does
	not exist. Those who re-invent...

19991229

	Added the no source routing info requirement to addresses
	accepted by the permit_mx_backup UCE restriction.

19991230

	Added a spawn daemon (not compiled and installed by default)
	to enable LMTP delivery over UNIX-domain sockets. The goal
	is to simplify the experimental LMTP delivery agent by
	ripping out the privileged code that forks the LMTP server.

20000102

	Clarified documentation after early feedback on the 19991231
	release by Drew Derbyshire, Ollivier Robert, Khetan Gajjar.

	Sanity check: a common error is to list Postfix virtual
	domains in the mydestination parameter. This causes the
	new optional local_recipient_maps feature to reject mail
	for virtual users.  The SMTP server now explicitly tests
	for this common error and logs a warning instead of refusing
	the mail.  File:  smtpd/smtpd_check.c.

20000104

	Bugfix: a case sensitivity bug had slipped through in the
	anti-relaying code, causing mail for USER@VIRTUAL.DOMAIN
	to be rejected with "relay access denied". This was found
	by Jim Maenpaa @ jmm.com.

	Questionable feature: set "smtp_skip_5xx_greeting = yes"
	to make Postfix more sendmail compatible, even though this
	is wrong, IMNSHO. File: smtp/smtp_connect.c.

	Portability: Ultrix patch from Simon Burge @ thistledown.com.au.

	Portability: Siemens Pyramid (dcosx) patch by Thomas D.
	Knox @ vushta.com.

	Performance: FreeBSD has bidirectional pipes that are faster
	than socketpairs. Anticipating on more platform-specific
	optimizations, all duplex pipe plumbing is now isolated in
	a duplex_pipe.c module that provides a system-independent
	interface.

20000105

	Cleanup: the INSTALL.sh script now updates the sample files
	in /etc/postfix even when main.cf exists.

20000106

	Bugfix: the SMTP server should consult the relocated map
	for virtual destinations (Denis Shaposhnikov). Files:
	smtpd/smtpd.c smtpd/smtpd_check.c.

20000108

	Workaround: rename() over NFS can fail with ENOENT even
	when the operation succeeds (Graham Orndorff @ WebTV). This
	is not news. Any non-idempotent operation can fail over
	NFS when the NFS server's acknowledgment is lost and the
	NFS client code retries the operation (other examples are:
	create, symlink, link, unlink, mkdir, rmdir).  Postfix has
	workarounds for the cases where this is most likely to
	cause trouble. Files:  util/sane_{rename,link}.[hc].  If
	you want reliable mail system, do not use NFS.

20000115

	Workaround: better detection of bad hardware. Added SIGBUS
	to the list of signals that the master will log before
	exiting.

20000122

	Portability: preliminary SCO5 port Christopher Wong @
	csports.com. This still needs to a workaround for "find"
	not supporting "-type s" (actually, UNIX-domain sockets
	have no unique representation in the file system and show
	up as FIFOs).

20000115-22

	Bugfix: in case of a too long message header, don't extract
	recipients from message headers.  With the previous behavior,
	Bcc information could be left in the message body, as one
	person found out the hard way.  Files:  cleanup/cleanup.c,
	cleanup/cleanup_extracted.c, global/cleanup_user.h.

20000124

	Whatever: RFC 1869 amends RFC 821 and specifies that code
	555 is to be used when a MAIL FROM or RCPT TO parameter is
	not implemented or not recognized. Russ Allbery @stanford.edu.
	This reply code is added to the list of reply codes that
	cause the Postfix SMTP client to mail a transcript to the
	postmaster.  File: smtp/smtp_trouble.c.

20000126

	Emergency feature: qmgr_site_hog_factor (default: 90 percent)
	limits the amount of resources that Postfix devotes to a
	single destination. With less than 100, Postfix defers the
	excess mail so that one site with a large backlog does not
	block other deliveries. Files: qmgr/qmgr.c, qmgr/qmgr_message.c.

20000128

	Cleanup: the queue manager no longer replaces the nexthop
	field by the recipient localpart when a destination matches
	$mydestination/$inet_interfaces. The price is the introduction
	of a new parameter local_destination_recipient_limit which
	defaults to 1 in order to maintain backwards compatibility.
	Files: qmgr/qmgr.c, qmgr/qmgr_message.c.

20000129

	Bugfix: extracted recipients were misfiled when a message
	was moved back to the maildrop queue. But they still worked
	due to a coincidence.

	Feature: bounce_recip() bounces a recipient immediately
	without accessing a bounce logfile.  This is necessary for
	VERP bounces, for bounces by delivery agents that change
	the sender address, and for bounces that for some reason
	must not use temporary logfiles.  Files: global/bounce.c,
	bounce/bounce_recip_service.c.

20000130

	Bugfix: the too long header fix of 20000115-22 lost mail
	with too long headers that didn't need to extract recipients
	from message headers.

	Bugfix: the too long header fix of 20000115-22 lost mail
	without (blank line + message body).

	Code rewrite: reorganized the cleanup daemon source code
	so that the cleanup service can be called one record at a
	time (see cleanup/cleanup_api.c); also got rid of the global
	state variables and fixed a couple bugs that were introduced
	with 20000115-22.

20000204

	Feature: in daemon mode, the MAIL FROM size check can be
	postponed until RCPT TO so that Postfix can log sender and
	recipient. Simon J Mudd.  Files: smtpd/smtpd.c

	Robustness: limit the number of recipient addresses that
	can be extracted from message headers. Parameter:
	extract_recipient_limit (default:  10240). Files:
	cleanup/cleanup_message.c, cleanup/cleanup_extracted.c.

	Cleanup: the message header reject logging now includes
	sender and recipient address (if possible), so that the
	logging looks more like the other reject logging.  File:
	cleanup/cleanup_message.c.

	Documentation: added sections on regular expression tables
	to the access, canonical, virtual, transport and relocated
	man pages, and write new man pages that are specific to
	regular expressions: pcre_table.5 and regexp_table.5.

20000214

	Bugfix: postconf reported some parameters more than once
	because the parameter extracting script didn't recognize
	lines that differ in whitespace only. File: postconf/extract.awk.
	Reported by Kenn Martin.

20000221

	Logging: the SMTP client now logs log host+port when it is
	unable to connect to a non-MX host, just like it logs
	host+port when unable to connect to an MX host.

20000226

	Bugfix: the SMTP server's "User unknown" test didn't notice
	LDAP etc. dictionary access errors. The code now reports
	a 450 status (try again instead of bounce) if the reply is
	not definitive.  File: smtp/smtpd_check.c.

	Robustness: the smtp-source program could stall when making
	hundreds of parallel connections to a Postfix system with
	only one SMTP server process. The fix is to use non-blocking
	connect() calls, very carefully. File: smtpstone/smtp-source.c.

20000303

	Feature: with smtp_always_send_ehlo the SMTP client will
	send EHLO regardless of the content of the SMTP server's
	greeting.  File: smtp/smtp_proto.c.

20000304

	Feature: DICT_FLAG_SYNC_UPDATE flag for synchronous dictionary
	updates, if supported by the underlying mechanism. Files:
	util/dict.h, util/dict_open.c, util/dict_db.c.

20000307

	Cleanup: the manual pages in Postfix configuration files
	no longer contain troff formatting codes.  The text is now
	generated from prototype files in a new "proto" subdirectory.
	Requested by Matthias Andree @ stud.uni-dortmund.de.

20000308

	Bugfix: the unused db and dbm "delete" routines would
	clobber the per-dictionary flags when called before reading
	or writing the table. Files: util/dict_dbm.c, util/dict_db.c.
	Lutz Jaenicke @ aet.TU-Cottbus.DE.

	Bugfix: the SMTP server would produce a cryptic message
	when a queue file write error happened before it had written
	any recipients.  Keith Stevenson. File: smtpd/smtpd.c.

	Robustness: the db and dbm "delete" routines didn't adjust
	to dictionaries with/without one trailing null in lookup
	keys and values. Did a complete rewrite of the routines.
	Files: util/dict_db.c, util/dict_dbm.c.

	Feature: specify "-d key" to postalias or postmap in order
	to remove one key. This still needs to be generalized to
	multi-key removal (read stdin?). Files: postmap/postmap.c,
	postalias/postalias.c.

	Test: added test targets for the dictionary delete operations.
	Files: util/Makefile.in, util/dict_test.{c,in,ref}.

	Feature: added data offset and recipient count fields to
	the first queue file record output from the cleanup daemon.
	The recipient counts provides an initial estimate for a
	more advanced queue manager scheduling algorithm. Files:
	cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c.

20000311

	Portability: HP-UX awk can't handle bare { in regexps
	(Lamont Jones. HP). File: postconf/extract.awk.

	Compatibility: sendmail now recognizes '.' as end of input.
	File: sendmail/sendmail.c.

20000313

	Compatibility: dtcm (CDE desktop calendar manager) leaks
	a file descriptor into its child process, and requires that
	sendmail closes the descriptor, otherwise mail notification
	will hang.  These GUI programmers never figured out that
	the child process must close the writing end of a pipe.
	File:  sendmail/sendmail.c.

20000314

	Feature: SASL authentication in the SMTP server and client.
	Based on code contributed by Till Franke, SuSE.  Specify:
	"smtpd_sasl_auth_enable = yes" and "smtp_sasl_auth_enable
	= yes". The "permit_sasl_authenticated" UCE restriction
	gives special treatment to authenticated clients.

20000315

	Workaround: added -blibpath option for AIX 4.x, to close
	hole in case postdrop needs to be set-gid.

20000320

	Portability: FreeBSD 5.x added to the list of supported
	systems (Mark Huizer).

20000323

	Portability: INSTALL.sh looks if sendmail is in /usr/lib
	rather than in /usr/sbin.

20000326

	Bugfix: settings in one mysql configuration file would act
	as the implicit defaults for the next one, which could be
	confusing.  Patch by Scott Cotton. File: util/dict_mysql.c.

	Robustness: limit the number of "junk" commands that can
	be issued in an SMTP session (ex.: NOOP, VRFY, ETRN, RSET).
	Problem report by Michael Ju. Tokarev @ tls.msk.ru.  Files:
	global/mail_params.h, smtpd/smtpd.c.

20000413

	Portability: more MacOS X patches by Gerben Wierda.

	Bugfix: RFC 822 requires the presence of at least one
	destination message header. The cleanup daemon now generates
	a generic "To: undisclosed-recipients:;" message header
	when no destination header is present.  The header content
	is specified with the undisclosed_recipients_header parameter.
	Problem pointed out by Geoff Gibbs, UK-Human Genome Mapping
	Project-Resource Centre.

20000416

	Workaround: allow <(comment)> as SMTP MAIL FROM address.

20000417

	The SASL authentication in the SMTP server and client works,
	but only on Linux and Solaris, neither of which I wish to
	run on my laptop.

20000418

	Added LMTP support to the smtp-source and smtp-sink utilities
	so that I don't have to install Cyrus IMAP just to test
	LMTP.

20000419

	Bugfix: removed the () from the tokenized representation
	of RFC 822 comments, so that comments with \( or \) can be
	unparsed correctly.  Problem reported by Bodo Moeller.

20000423

	Bugfix: mail_copy() could prepend > or . in the middle of
	long lines. Found by code inspection.

20000427

	New code: unescape module that translates C escape sequences
	into their equivalent character values.  File: util/unescape.c.

	Feature: the pipe mailer now has a way to specify the output
	record delimiter (for example, eol=\r\n). This is necessary
	for transports that require CRLF instead of UNIX-style LF.

20000502

	In order to support timeouts more conveniently, VSTREAMs
	now have built into them the concept of timeout.  Instead
	of calling read() and write(), the low-level VSTREAM
	interface now by default uses timed_read() and timed_write()
	which receive a timeout parameter; vstream_ctl(stream,
	VSTREAM_CTL_TIMEOUT...) sets the timeout deadline on a
	stream, and vstream_ftimeout(stream) queries a stream for
	timeout errors.  This change simplified timeout handling
	considerably.  Files: util/vbuf.h, util/vstream.[hc],
	global/smtp_stream.c, global/timed_ipc.c.

20000504

	Added application context to VSTREAMs, which is passed on
	transparently to application-provided read/write routines.
	vstream_ctl(stream, VSTREAM_CTL_CONTEXT...) sets the context.
	Files:  util/vstream.[hc].

	Added vstream_setjmp() and vstream_longjmp() support to
	make exception handling more convenient. Turn on exception
	handling with vstream_ctl(stream, VSTREAM_CTL_EXCEPT...).
	Files:  util/vstream.[hc].

	Cleaned up the smtp_stream module further and got rid of
	the global state that limited the use of this module to
	one stream per process. Files: global/smtp_stream.[hc].

20000505

	Bugfix: the SMTP server now flushes unwritten output before
	tarpit delays, to avoid protocol timeouts in pipelined
	sessions when a client causes lots of errors. Found by
	Lamont Jones, HP. File:  smtpd/smtpd_chat.c.

	Finished the LMTP client, which is based on a modified
	version of the SMTP client by Philippe Prindeville, Mirapoint,
	Inc., later modified by Amos Gouaux, UTDallas, and then
	Wietse ripped it all up again. Currently this talks LMTP
	over TCP only.

	Feature: override main.cf parameters in master.cf. Specify
	"-o parameter=value" after the program name. This allows
	you to selectively override myhostname etc. See also the
	new smtp_bind_address parameter below.

20000506

	Convenience: the LMTP and SMTP clients now append the local
	domain to unqualified nexthop destinations. This makes it
	more convenient to set up transport maps. Files:
	lmtp/lmtp_addr.c, smtp/smtp_addr.c.

	Sendmail compatibility: the Postfix SMTP client now skips
	servers that greet the client with a 4xx or 5xx status
	code.  To disable, set both smtp_skip_4xx_greeting and
	smtp_skip_5xx_greeting to "no".

20000507

	Portability: NetBSD has migrated to /etc/mail/aliases. We
	can expect to see this happen more often when systems start
	shipping Sendmail 8.10. File: util/sys_defs.h

	Updated LDAP code by John Hensley, with support for
	dereferencing of LDAP aliases, which have nothing to do
	with Postfix aliases.

	Feature: "smtp_bind_address=x.x.x.x" specifies the source
	IP address for SMTP client connections. Specify in master.cf
	as "smtp -o smtp_bind_address=x.x.x.x" in order to give
	different delivery agents different source addresses.

20000510

	Cleanup: mailbox_transport did not work with the lmtp
	delivery agent. This dates back to when Postfix used empty
	nexthop information to indicate that a destination was
	local. File: global/deliver_pass.c.

	Bugfix: configuration parameters for one mysql dictionary
	would become default settings for the next one. File:
	dict_mysql.c. This patch was merged into Postfix a while
	back but apparently that Postfix version was nuked when
	other parts were redesigned. Update by Scott Cotton.

	Bugfix: some Postfix delivery agents would abort on addresses
	of the form `stuff@.' which could be generated only locally.
	Found by Patrik Rak. File:  trivial-rewrite/resolve.c.

	Third-party Berkeley DB support for HP-UX by Lamont Jones.
	File: makedefs.

20000511

	Bugfix: Postfix would incorrectly reject domain names with
	adjacent - characters. File: util/valid_hostname.c.

	Bugfix: the 20000505 pipeline tarpit delay flush was wrong
	and caused the client and server to get out of phase. Yuck!

20000513

	Feature: VSTREAMs now have the concept of last fill/flush
	time, which is needed to prevent timeouts with pipelined
	SMTP sessions as detailed in the next item.

	Bugfix: delayed SMTP command/reply flushing to prevent
	sender delays from accumulating too much and causing timeouts
	with pipelined sessions.  For example, client-side delays
	happen when a client does DNS lookups to replace hostname
	aliases in MAIL FROM or RCPT TO commands; server-side delays
	happen when an UCE restriction involves a time-consuming
	DNS lookup, or when a server generates tarpit delays.
	Files:  lmtp/lmtp_proto.c, smtp/smtp_proto.c, smtpd/smtpd_chat.c.

	Portability: define ANAL_CAST for compilation environments
	that reject explicit casts between pointers and integral
	types. File: util/sys_defs.h, master/*server.c.  Upon closer
	investigation, this turned out to be the result of someone's
	compiler configuration preferences.  Therefore the change
	is likely to go away after a code cleanup.

20000514

	Feature: mysql client support for multi-valued queries
	(select email, email2 from aliastbl where username='$local')
	By Loic Le Loarer @ m4x.org. File: util/dict_mysql.c.

	Finalized the delayed SMTP command/reply flushing code in
	the SMTP and LMTP clients after lots of testing and review.

20000520

	Robustness: upon receipt of mail, map the mailer-daemon
	sender address back into the magic null string. File:
	cleanup/cleanup_envelope.c.

20000524

	Bugfix: the code for masquerade_exceptions was case sensitive.
	Reported by Eduard Vopicka.  File: cleanup/cleanup_masquerade.c.

20000526

	Feature: experimental queue manager by Patrik Rak with a
	fancy pre-emptive scheduling algorithm that improves delivery
	performance of mail with few recipients. This queue manager