Newer
Older
qmqpd_client_port_logging parameter setting. File:
qmqpd/qmqpd.c.
Cleanup: show the remote SMTP server port in verbose logging,
warnings and postmaster notices. Still don't show the port
in delivery status notifications. Files: smtp/smtp_chat.c,
smtp/smtp_sasl_glue.c, smtp/smtp_sasl_proto.c.
The "tls_require_cert" is now compatible with OpenLDAP 2.1
and later. Victor Duchovni. Files: proto/ldap_table,
global/dict_ldap.c.
Cleanup: removed the "#ifdef USE_LIBMILTER_INCLUDES"
dependencies on system-installed Milter protocol include
files. Verified that the object code has not changed. File:
milter/milter8.c.
Sanity check: idiot filter to detect attempts to use the
same database file for different TLS session caches. File:
tlsmgr/tlsmgr.c.
Cleanup: updated the spell check stoplist and the spell
check script. Files: mantools/spell, proto/stop.
Cleanup: replaced documentation references to xxgdb by ddd.
The xxgdb program hasn't been updated in more than 10 years.
Files: proto/postconf.proto, conf/main.cf.
Feature: support for all new Sendmail 8.14 Milter features
except SMFIR_SKIP (skip further events of this type),
SMFIP_RCPT_REJ (report rejected recipients to the mail
filter), SMFIR_CHGFROM (replace sender, with optional ESMTP
command parameters), and SMFIR_ADDRCPT_PAR (add recipient,
with optional ESMTP command parameters). Files: milter/milters.c,
milter/milter8.c, milter/test-milter.c, cleanup/cleanup_milter.c.
Feature: support for Sendmail 8.14 Milter SMFIR_SKIP (skip
further events of this type). Files: milter/milter8.c,
milter/test-milter.c.
Cleanup: don't try sending HELO after a 421 EHLO reply.
File: smtp/smtp_proto.c.
14052
14053
14054
14055
14056
14057
14058
14059
14060
14061
14062
14063
14064
14065
14066
14067
14068
14069
14070
14071
14072
14073
14074
14075
14076
14077
14078
14079
14080
14081
14082
14083
14084
14085
14086
14087
14088
14089
14090
14091
14092
14093
14094
14095
14096
20071221-nonprod
Using 20071221 as reference point.
Cleanup: Simplified TLS library cipher and protocol API to
just pass string-valued properties to tls_client_init() and
tls_client_start(). The client is now agnostic of the
mechanics of cipher management internal to the library. The
main.cf parameters used internally in the library are now
loaded by the library, not the caller. Files:
src/smtp/lmtp_params.c, src/smtp/smtp.c, src/smtp/smtp.h,
src/smtp/smtp_params.c, src/smtp/smtp_proto.c,
src/smtp/smtp_session.c, src/smtpd/smtpd.c, src/tls/tls.h,
src/tls/tls_client.c, src/tls/tls_level.c, src/tls/tls_misc.c,
src/tls/tls_server.c, src/tls/tls_session.c, src/tls/tls_verify.c
and src/tlsmgr/tlsmgr.c
Cleanup: Client session lookup key "salting" is now handled
internally in the tls library. Files: src/tls/tls_client.c
Cleanup: Cipher state is cached, and only updated when
necessary. Files: src/tls/tls_misc.c
Feature: Extended the syntax of protocol selection to allow
exclusions as well as inclusions. Files: src/tls/tls_misc.c
Cleanup: Updated default verification depth to match reality:
default is 9 in OpenSSL and we don't yet override it. When
we do (soon), the default will match previous behavior.
Files: src/global/mail_params.h
Bugfix: Reference to obsolete "pfixtls" code won't compile
inside #ifdef for OpenSSL <= 0.9.5a. Using an OpenSSL release
that old has not been tested for some time, but may now
work. Files: src/tls/tls_bio_ops.c.
Replaced "void *" TLS library application handles by explicit
pointer types, while hiding data structure implementation
details from the TLS library users. Files: tls/tls_client.c,
tls/tls_server.c, smtp/smtp.c, smtpd/smtpd.c.
The TLS library no longer modifies VSTRINGs passed in by
the caller. Where possible, information is passed as "const"
from application to library. Files: smtp/smtp_proto.c,
tls/tls_client.c.
Replaced explicit initialization of props structures by
emulating function calls with named parameter lists. Files:
tls/tls.h, smtp/smtp.c, smtp/smtp_proto.c, smtpd/smtpd.c.
Further polishing of the Milter code and logging. File:
milter/milter8.c.
Further polishing of the Milter code. With SETSYMLIST, each
Milter can now update its own macros instead of clobbering
the global copy that is shared with other Milters. Also an
opportunity to clean up some ad-hoc code for sending macro
lists from smtpd(8) to cleanup(8). Files: milter/milter.c,
milter/milter8.c, milter/milter_macros.c.
Further polishing of the Milter code. Eliminated unnecessary
steps from the initial smtpd/cleanup Milter handshake. Files:
milter/milter.c, milter/milter8.c, milter/milter_macros.c.
Cleanup: name_code(3) and name_mask(3) now support read-only
tables. Files: util/name_code.[hc], util/name_mask.[hc].
Cleanup: further refinements of the Milter code, allowing
for multiple macro overrides. The code is now ready for
serious testing. File: milter/milter8.c.
Bugfix: the Milter client did not replace the Postfix-specific
form for unknown host names by the Sendmail-specific form.
Cleanup: when a cleanup milter reports a problem don't log
generic "4.3.0 Sevice unavailable", but log the text for
the actual error. File: cleanup/cleanup_milter.c.
SMTP client fingerprint security level support and configurable
fingerprint digest algorithm. Victor Duchovni. Files:
smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp.h,
src/smtp/smtp_params.c, src/smtp/smtp_proto.c,
src/smtp/smtp_session.c, tls/tls_client.c, tls/tls_level.c,
tls/tls_verify.c.
Missed "invalid TLS configuration" patch for SMTP client.
Victor Duchovni. File: smtp/smtp_proto.c.
SMTP server configurable fingerprint digest algorithm.
Victor Duchovni. Files: smtpd/smtpd.c, tls/tls.h,
tls/tls_server.c, tls/tls_verify.c.
Cleanup: finally implemented certificate verification depth
limit parameters. Prior to Postfix 2.5 these were ignored.
For backwards compatibility, the default verification depth
limit is now 9, the OpenSSL default. Victor Duchovni. Files:
src/tls/tls_client.c, src/tls/tls_server.c, src/tls/tls_verify.c.
Robustness: Avoid possibility of NULL pointer issues in
application code that checks certificate names, by providing
"empty string" values when no data is available. Victor
Duchovni. Files: src/tls/tls_verify.c, src/tls/tls_client.c,
src/tls/tls_server.c, src/smtpd/smtpd_check.c, src/smtpd/smtpd.c.
Cleanup: separation of TLS handshake from security level
enforcement. The library shakes hands; the application
decides if the resulting security is acceptable. Victor
Duchovni. Files: smtpd/smtpd.c, smtpd/smtpd_proto.c,
tls/tls_server.c, tls/tls_client.c, tls/tls_verify.c.
Robustness: more robust processing of ASN.1 string attributes
in x509v3 certificates, plus additional sanity checks (e.g.
embedded null characters). Victor Duchovni. File:
src/tls/tls_verify.c.
Workaround: minor change to the Dovecot AUTH request to
prevent dovecot-auth memory wastage. Timo Sirainen. File:
xsasl/xsasl_dovecot_server.c.
Cleanup: renamed TLS-related symbols for consistency (always
include the init, start, stop prefix in the TLS library
function and data structure names; consistently distinguish
between per-application TLS state and per-session TLS state;
consistently use the fpt prefix for fingerprint related
variables and structure members; consistent use of monocase
typedef-ed names).
Cleanup: consistent use of <pre> and <blockquote> in examples;
instead of emphasizing new Postfix 2.5 behavior in reference
documentation, describe the new behavior as "current", with
historical behavior as a supplemental note.
Feature: new "pass" service type (in addition to "inet",
"unix" and "fifo"). The "pass" service type supports
front-end daemons that accept all inbound connections and
that permit only well-behaved clients to talk to the MTA.
This service type had been sitting in the master daemon for
years but was disabled by default. Actual applications for
this will have to be developed later. Files: util/upass_connect.c,
util/upass_trigger.c.
Cleanup: where possible, store data structures in read-only
memory. Besides the security advantage of no write access,
this also gives slightly better memory utilization when
many processes execute the same file. Files: pretty much
everything that has a static table, except for a few tables
in the benchmark tools with flags that are controlled by
command-line information.
Cleanup: more read-only data. Files: everything that passes
around a HEADER_OPTS pointer.
Safety: optional lookup table to prevent the Postfix SMTP
client from making repeated SASL login failures with the
same hostname, username and password. This introduces new
parameters: smtp_sasl_auth_cache_name, smtp_sasl_auth_cache_time.
Based on code by Keean Schupke. Files: smtp/smtp_sasl_glue.c,
smtp/smtp_sasl_auth_cache.c.
Safety: the Postfix SMTP client now by default defers mail
after the server rejects a SASL login attempt with a 535
status code. Specify "smtp_sasl_auth_soft_bounce = no" to
get the earlier behavior. Based on code by Keean Schupke.
Files: smtp/smtp_sasl_glue.c.
Safety: the smtpd_client_new_tls_session_rate_limit setting
now also limits the number of failed TLS handshakes. This
limits the impact of broken configurations. File: smtpd/smtpd.c.
Bugfix (introduced 20080112): Patrik Rak found two bugs
that largely canceled each other out, causing Postfix not
to complain about a missing "proxy:" prefix with the new
smtp_sasl_auth_cache_name parameter setting. File:
smtp/smtp_sasl_glue.c.
Documentation: new SOHO_README file for small/home offices.
The text is automatically generated from bits and pieces of
information that are scattered across other documents.
File: mantools/make_soho_readme.
Bugfix (introduced 20080112): missing #ifdef for the SASL
login failure cache. File: smtp/smtp_sasl_auth_cache.h.
Name fix: renamed the mumble_delivery_rate_delay parameter
to mumble_destination_rate_delay, because it really is a
per-destination feature. With this change we keep the option
of implementing a future per-transport rate delay.