Newer
Older
12001
12002
12003
12004
12005
12006
12007
12008
12009
12010
12011
12012
12013
12014
12015
12016
12017
12018
12019
12020
12021
12022
12023
12024
of waiting for another 100 seconds. This allows the processes
to refresh more frequently on low-traffic systems.
Cleanup: smtpd_delay_open_until_valid_rcpt (default: yes)
controls whether Postfix delays the start of a mail transaction
until after the first valid recipient, or if it starts a
transaction immediately after MAIL FROM. File: smtpd/smtpd.c.
20060217
Bugfix: don't terminate with a non-standard exit status
when the pipe-to-command feature has a problem before it
executes the command. File: global/pipe_command.c.
20060223
Bugfix: detect integer overflow when multiplying time values
with non-trivial time units. File: global/conv_time.c.
20060307
Bugfix: reset the msg_cleanup() fatal error handler in child
processes. See also change 20060217. Files: postlock/postlock.c,
master/multi_server.c, global/mail_run.c, util/vstream_popen.c.
12028
12029
12030
12031
12032
12033
12034
12035
12036
12037
12038
12039
12040
12041
12042
12043
12044
Bugfix: the MIME processor assumed that input was null
terminated. This broke with CRLF input to the "sendmail -t"
command in Postfix 2.1 and later (see change 20030416).
Found by Leandro Santi. Based on patch by Victor Duchovni.
Files: global/mime_state.c, global/is_header.c.
20060313
Cleanup: the message arrival time (start of the receive
transaction) no longer controls message expiration or
delivery attempts. Instead, expiration and delivery are
now controlled by the time when the cleanup server creates
a queue file. This closes a problem that was introduced
with the 20051104 change that introduced higher-resolution
delay time keeping: as a result, "postsuper -r" could no
longer manipulate the mail expiration schedule, so that
mail "on hold" could expire too soon.
Workaround. the PCRE library reports an inappropriate error
code (invalid substring) when $number refers to a valid ()
expression that matches the null string. This caused fatal
run-time errors. File: dict_pcre.c.
20060324
Cleanup: eliminated name collisions between global and local
variables, and other forms of shadowing. Documented switch
fall-throughs with /* FALLTHROUGH */ where this wasn't
already done. Replaced (var = expr) by (var = expr) != 0
where this wasn't already done.
20060324
Bugfix: mis-placed parenthesis in a before-filter error
test. A filter timeout was mis-reported as lost connection.
Found in code review. File: smtpd/smtpd_proxy.c.
12067
12068
12069
12070
12071
12072
12073
12074
12075
12076
12077
12078
12079
12080
12081
12082
12083
12084
12085
12086
12087
12088
12089
12090
12091
12092
12093
12094
12095
12096
20060327
Cleanup: the SQL and LDAP clients now log a warning when
they skip an empty lookup result, so that humans don't have
to wonder why Postfix doesn't find all the database entries.
File: global/db_common.c.
Moved SMTP/LMTP parameter initialization from global/mail_params.c
to the combined smtp/lmtp delivery agent. Added missing
lmtp parameters.
20060328
Feature: configurable chroot directive for the pipe(8)
delivery agent, by Przemyslaw Wegrzyn. Files:
global/pipe_command.c, pipe/pipe.c.
Bugfix: cut-and-paste error: lmtp_connection_cache_limit
was left with the name of smtp_connection_cache_limit.
Reported by Victor? File: src/global/mail_params.h.
20060329
More extensible interface for TLS client/server library,
now passes property structures that combine all the relevant
parameters in one type-safe structure.
TLS session cache activity logging now takes place at TLS
log level 2 or greater.
Cleanup: made fcntl/flock handling consistent with respect
to EINTR (reported by Carlo Contavalli). However, Postfix
is not meant to be signal safe. Only the master daemon
handles signals without terminating, and it uses only a
small subset of Postfix library routines. File: util/myflock.c.
12105
12106
12107
12108
12109
12110
12111
12112
12113
12114
12115
12116
12117
12118
12119
12120
12121
12122
12123
12124
12125
12126
12127
12128
12129
12130
Bugfix: the pipe-to-command error message was lost when the
command could not be executed. File: global/pipe_command.c.
20060404
Bugfix in sanity check: after reading a record from the
address verification database, a sanity check did not reject
a record with all-zero time stamp fields. Such records are
never written; the test is there just in case something is
broken, so that Postfix will not blindly march on and create
chaos. The sanity check tested pointer values, instead of
dereferencing the pointers. Found by Coverity. File:
verify/verify.c.
Bugfix in sanity check: when the maildir delivery routine
opens an output file it looks up the file attributes via
the file handle it just got. There is a sanity check that
detects if the attribute lookup fails, an error that never
happens. The code that handles the impossible error did not
close the output file. This would cause a virtual or local
delivery agent to waste up to 100 file descriptors. But
for that error to happen the system would have to be so
sick that you would have more serious problems than a file
descriptor leak. Found by Coverity. Files: local/maildir.c,
virtual/maildir.c.
20060405
Bugfix: the MIME parser assumed input is null terminated
when reporting errors. Fix by Leandro Santi. Files:
global/mime_state.c, cleanup/cleanup_message.c.
20060411
Bugfix: the SMTP server logged no warning when for some
reason the TLS engine was unavailable in wrappermode. Victor
Duchovni. File: smtpd/smtpd.c.
20060417
Cleanup: when SMTP access table lookup fails, reply with
4xx instead of aborting with a fatal run-time error. The
old behavior assumes local file access, and is inappropriate
with deployment of LDAP and SQL tables. File: smtpd/smtpd_check.c.
20060423
Bugfix: postcat did not print the attribute value of records
containing a named attribute. File: postcat/postcat.c.
20060430
Bugfix: dangling pointer in a function that has no caller.
Found by Coverity. File: tls/tls_prng_exch.c.
Bugfix: the workaround for CA-2003-07 (Sendmail) did not
null terminate the address before logging a warning. Reported
by Kris Kennaway. File: global/tok822_parse.c.
12164
12165
12166
12167
12168
12169
12170
12171
12172
12173
12174
12175
12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
20060301-20060515
Sendmail 8 Milter support, distributed across the smtpd(8)
server for SMTP commands, and the cleanup(8) server for
content inspection and manipulation. The code supports all
requests to add/delete recipients, and to add/delete/replace
message headers, but does not yet support requests to replace
the message body. See MILTER_README for more. Files:
smtpd/smtpd.c, smtpd/smtpd_milter.c, cleanup/cleanup_api.c,
cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c,
cleanup/cleanup_milter.c, milter/milter.c, milter/milter8.c.
That's 89 lines in smtpd, 1010 lines in cleanup, and 2449
lines of library support, comments not included.
A simple test Milter application for use in regression tests
is in src/milter/test-milter.c. Queue file modifications are
tested with a driver at the end src/cleanup/cleanup_milter.c
that reads commands from a script.
To make debugging easier, uncomment the "#define msg_verbose
2" lines at the top of cleanup_milter.c or milter8.c. This
produces logging without making everything else verbose.
20060510
Preliminary TLS_README and postconf(5) changes completed.
Added smtp_tls_policy_maps and smtp_tls_protocols features
to the smtp/lmtp client, changed smtp_tls_cipherlist to
only apply when TLS is mandatory. Victor Duchovni.
20060512
Destinations that share a common server may have distinct
TLS protocol and cipherlist requirements, with mandatory
TLS add the protocol and cipherlist values to the TLS session
20060516
Portability: __float80 alignment, by Albert Chin. File:
util/sys_defs.h.
12209
12210
12211
12212
12213
12214
12215
12216
12217
12218
12219
12220
12221
12222
12223
12224
12225
12226
12227
12228
12229
12230
12231
Further testing of Milter support uncovered typos; a missing
null pointer test while cleaning up after content miltering;
the need for a workaround to not bounce+delete local
submission after it triggers a temporary reject Milter
action.
Workaround: don't bounce+delete a local submission after
it triggers a "reject 4.x.x" action in header/body_checks.
This means an SMTP client now sees "queue file write error"
instead of the text from the "reject 4.x.x text" action.
File: cleanup/cleanup_message.c.
Workaround: OpenSSL 0.9.8[ab] with zlib support interoperability
problem. Victor Duchovni. Files: tls/tls_client.c,
tls/tls_misc.c, tls/tls_server.c.
Added smtpd_tls_protocols parameter to complement
smtp_tls_protocols. Victor Duchovni.
20060517
The smtp_tls_policy_maps table now implements parent domain
matching for destinations that are bare domains (without
enclosing [] or optional :port suffix). This allows one to
set TLS policy for a domain and all sub-domains. Victor
Duchovni.
20060519
The same parameter can bind to different variables in
different daemons. Ignore the variable name when eliminating
duplicates in extract.awk. Victor Duchovni.
20060523
Improved handling of smtp_tls_protocols and smtpd_tls_protocols,
names now processed via name_mask(3) and canonicalized prior
to use in the SMTP/LMTP client TLS session lookup key. Also
simplifies the corresponding code in the TLS driver. Victor
Duchovni.
20060524
Cleanup: send ETRN command parameter when using check_policy
in the context of an ETRN command. Joshua Goodall. File:
smtpd/smtpd_check.c.
20060601
Bugfix (bug introduced 20051118): permit_mx_backup authorized
domains without secondary MX records. Joshua Goodall. File:
smtpd/smtpd_check.c.
20060601
Fixed default value of LMTP TLS client certificate parameters,
using the SMTP values as a default was wrong. Victor Duchovni.
20060603
Different transports may have different CAfile or CApath
settings. We need to add the transport name to the TLS
session lookup key so that sessions verified with one set
of trusted roots are not inadvertantly considered verified
for another. Victor Duchovni.
20060604
Cleanup: minor fluff found with the BEAM source code analyzer.
12278
12279
12280
12281
12282
12283
12284
12285
12286
12287
12288
12289
12290
12291
12292
12293
12294
12295
12296
12297
12298
12299
12300
12301
12302
12303
12304
12305
12306
12307
12308
12309
12310
12311
12312
12313
12314
12315
12316
12317
12318
12319
Files: global/quote_821_local.c, global/quote_822_local.c,
master/master_spawn.c, pickup/pickup.c, util/match_ops.c,
util/safe_open.c, xsasl/xsasl_cyrus_client.c.
20060606
Safety: mail receiving daemons (smtpd, qmqpd) now pass
actual client name/addres/helo attributes in addition to
the attributes used for logging (xforward). This prevents
Milter applications from treating qmqpd mail as if it
originated locally, and prevents incorrect Milter decisions
after "postsuper -r". Files: smtpd/smtpd.c, qmqpd/qmqpd.c,
cleanup/cleanup_envelope.c, cleanup/cleanup_milter.c,
cleanup/cleanup_state.c, global/post_mail.c, *qmgr/qmgr_message.c,
*qmgr/qmgr_deliver.c, global/deliver_request.c,
global/deliver_pass.c, local/forward.c.
Bugfix: qmgr panic after queue file corruption by Mailscanner.
Files: *qmgr/qmgr_message.c.
Bugfix: XCLIENT didn't work with smtpd_delay_reject=no
(problem reported by Joshua Goodall). To make XCLIENT work
correctly with built-in restrictions and with Milter
applications, the SMTP server now jumps back to the very
start (the 220 phase) of an SMTP session. File: smtpd/smtpd.c.
20060606
Portability: Some systems no longer support the traditional
"sort +0 -2 +3". Victor Duchovni.
20060607
Portability: Found by BEAM static code analyzer. SSL options
(long) were stored as int.
20060610
Cleanup: XCLIENT and XFORWARD attribute values are now sent
as xtext encoded strings. For backwards compatibility,
Postfix will still accept unencoded attribute values. Files:
smtpd/smtpd.c, smtpd/smtpd_proxy.c, smtp/smtp_proto.c.
Robustness: additional sanity checks for common database
routines. Viktor Dukhovni. File: global/db_common.c.
Portability: LDAP 2.3 API support. Viktor Dukhovni. File:
global/dict_ldap.c.
Security: the PostgreSQL client was updated after the
PostgreSQL developers made major database API changes in
response to PostgreSQL security issues. This breaks support
for PGSQL versions prior to 8.1.4, 8.0.8, 7.4.13, and 7.3.15.
Support for these requires major code changes which are not
possible in the time that is left for the Postfix 2.3 stable
release.
Specific PostgreSQL client changes: use connection-aware
quoting, and more robust PQexec() result handling. Previous
versions of the dict_pgsql driver didn't check the status
of the result pointer, and certain exceptional events can
be mis-interpreted as an empty result set. Fixes by Leandro
Santi. File: global/dict_pgsql.c.
12344
12345
12346
12347
12348
12349
12350
12351
12352
12353
12354
12355
12356
12357
12358
12359
12360
12361
12362
12363
12364
12365
12366
12367
12368
12369
12370
12371
12372
12373
12374
12375
12376
12377
12378
12379
12380
12381
12382
12383
12384
12385
12386
12387
12388
12389
12390
12391
12392
12393
12394
12395
20060612
Changed smtp security level parsing and level->name conversion
to use name_code(3). Victor Duchovni.
Implemented new smtp_tls_security_level parameter, to replace
the unnecessarily complex smtp_use_tls, smtp_enforce_tls
and smtp_tls_enforce_peername parameters. The main.cf
security level settings are now consistent with the new
policy table. Victor Duchovni.
The smtp_sasl_tls_verified_security_options feature is not
yet complete, added #ifdef SNAPSHOT and changed documentation
to delay introduction until Postfix 2.4. Victor Duchovni.
20060614
Merged in Victor's work including the new TLS policy table
and a complete set of configuration parameters for the LMTP
personality of the unified SMTP/LMTP client.
Allow mandatory TLS encryption with LMTP over UNIX-domain
sockets. Victor Duchovni.
Safety: improved code to avoid I/O on connections after the
TLS handshake fails. Victor Duchovni.
20060615
Cosmetic patch for const strings. Stefan Huehner.
Other cosmetic changes, mainly whitespace.
20060616
The qshape.pl script was updated for the pointer records
that were introduced to support message content modification
by Milter applications. Victor Duchovni.
20060620
Feature: Substantially better cipherlist specification
interface and support for anonymous ciphers when certificates
are not needed. The primary interface in main.cf and the
policy table selects one of 5 grades for mandatory TLS with
smtp(8) or lmtp(8) or for all TLS sessions with smtpd(8).
The levels are "high", "medium" (or better), "low" (or
better), "export" (or better) and "null". The underlying
definitions of these levels are configurable, but users are
strongly encouraged to not change those definitions. Victor
Duchovni.
Bugfix: the Milter reply syntax checker was off by one.
File: milter/milter8.c.
Workaround: disable SMTP connection cache lookup by server
IP address when the tls_per_site policy table is enabled.
This is a workaround for a shortcoming in the SMTP connection
cache implementation, which retrieves the server hostname
from the cached connection. Since this server name is not
obtained in a secure manner, it must not be allowed to
control the tls_per_site policy. File: smtp/smtp_reuse.c.
Cleanup: mumble_mandatory_tls_mumble parameters renamed to
mumble_tls_mandatory_mumble; added _mandatory_ qualifier
to names of parameters that affect only mandatory TLS.
Features promoted from SNAPSHOT to STABLE: the "sleep"
pseudo restriction; Postfix daemons now read the local
timezone file before chrooting; trivial-rewrite now detects
table changes every 10 seconds, so it restarts more timely.
Features that stay #ifdef SNAPSHOT: tcp_table,
lmtp_sasl_tls_verified_security_options, and
smtp_sasl_tls_verified_security_options.
Compatibility: Sendmail does not send its own Received:
header to Milter applications. Offsets in header replace
requests are relative to the message content as received
(i.e. without our own Received: header), while offsets in
header insert requests are relative to the message as
delivered (i.e. they include our own Received: header).
This explains why dk-filter would sign our own Received:
header but place the signature between our own Received:
header and the rest of the message, violating the draft
domainkeys spec.
Cleanup: more graceful handling of queue file read/write
errors while processing milter message modification requests.
Files: cleanup/cleanup_milter.c, milter/milter8.c.
Debugging: the Postfix milter client gives more context
when it experiences trouble while talking to an uncooperative
Milter application. File: milter/milter8.c.
Compatibility: with OpenBSD 2.7 and later, the alias file
is now in /etc/mail/aliases.
Bugfix: the Milter client skipped zero-length body lines.
File: milter/milter8.c.
12457
12458
12459
12460
12461
12462
12463
12464
12465
12466
12467
12468
12469
12470
12471
12472
12473
12474
12475
12476
12477
Feature (just this one): RFC 3834 "Auto-Submitted:" message
header in DSNs. File: bounce/bounce_notify_util.c.
20060705
Portability: LP64 systems required a few ssize_t->int casts
in debug logging statements. Files: milter/test_milter.c,
cleanup/cleanup_milter.c.
Cleanup: comments, error messages, and crumbling interfaces.
20060707
Workaround: apparently, Solaris gettimeofday() can return
out-of range microsecond values. File: src/global/log_adhoc.c.
Robustness: the SMTPD policy client now encodes the
ccert_subject and ccert-issuer attributes as xtext. Some
characters are replaced by +XX, where XX is the two-digit
hexadecimal code for the character value. File:
smtpd/smtpd_check.c.
Safety: the SMTP/LMTP client now defers delivery when a
SASL password exists, but the server does not offer SASL
authentication. Mail could be rejected otherwise. This may
become an issue now that Postfix retries delivery in plaintext
after an opportunistic TLS handshake fails. Specify
"smtp_sasl_auth_enforce = no" to deliver mail anyway. File:
smtp/smtp_proto.c. See workaround 20060711 for sender-dependent
SASL passwords. This was undone with the 20060719 workaround.
12487
12488
12489
12490
12491
12492
12493
12494
12495
12496
12497
12498
12499
12500
12501
12502
12503
12504
12505
12506
12507
12508
12509
12510
12511
12512
12513
12514
12515
12516
12517
12518
12519
12520
12521
12522
12523
12524
12525
12526
20060709
Cleanup: the new single smtpd_tls_security_level parameter
obsoletes the multiple smtpd_use_tls and smtpd_enforce_tls
parameters. This is done for consistency with the Postfix
SMTP client. In the Postfix SMTP server, the levels "verify"
and "secure" are currently not applicable, and are treated
as "encrypt", after logging a warning. Files: smtpd/smtpd.c,
tls/tls_level.c, smtp/smtp_session.c.
Compatibility: don't send the first (blank) body line to
Milter applications. This broke domain key etc. signatures
when verified by non-Postfix MTAs. File: milter/milter8.c.
20060710
Cleanup: more consistency between smtpd(8) and smtp(8) TLS
configuration interfaces: smtpd_tls_mandatory_exclude_ciphers,
smtpd_tls_mandatory_ciphers, smtpd_tls_mandatory_protocols.
By Victor. Files:smtpd/smtpd.c.
Cleanup: to support domainkey signing of bounces and
Postmaster notices, enable content inspection of Postfix-
generated mail with the new internal_mail_filter_classes
feature. This is disabled by default, because it is not
yet safe enough. Files: global/int_filt.[hc] and everything
that calls post_mail_fopen*().
20060711
Cleanup: smtpd_tls_mumble -> smtpd_tls_mandatory_mumble,
and finer control over the Postfix SMTP server TLS ciphers,
all this for consistency with the same functionality in the
Postfix SMTP client. Victor Duchovni.
Compatibility: Sendmail's milter client handles whitespace
after the header label and ":" in an interesting manner.
It eats one space (not tab). File: milter/milter8.c.
Workaround: if sender-dependent SASL passwords are enabled,
don't defer delivery when a SASL password exists but the
server doesn't announce SASL support. File: smtp/smtp_proto.c.
Cleanup: format of cleanup milter reject messages. File:
cleanup_milter.c.
Bugfix: file/memory leak if a transfer of multiple milters
from smtpd to cleanup broke in the middle. Found by Coverity.
File: milter/milter.c.
12538
12539
12540
12541
12542
12543
12544
12545
12546
12547
12548
12549
12550
12551
12552
12553
12554
12555
12556
12557
12558
12559
12560
12561
12562
12563
12564
12565
12566
12567
12568
12569
12570
12571
12572
12573
12574
12575
12576
12577
12578
12579
12580
12581
12582
12583
12584
12585
12586
12587
12588
12589
12590
12591
12592
12593
12594
12595
12596
12597
12598
12599
12600
12601
12602
12603
12604
12605
12606
12607
12608
12609
12610
12611
12612
12613
20060716
Bugfix: "sendmail -bs" panic caused by a missing
SMTPD_STATE_ALONE() guard before a milter_abort() call.
File: smtpd/smtpd.c.
Bugfix (bug introduced with Postfix 2.2): the Postfix SMTP
client enforced Mandatory TLS only when talking to an ESMTP
server; enforcement did not happen if Postfix could somehow
be forced to send HELO instead of EHLO. Victor Duchovni.
File: src/smtp/smtp_proto.c.
20060718
Bugfix (bug introduced 20060711): null pointer bug when
rejecting SMTP mail with Milter application. File:
cleanup/cleanup_milter.c.
Workaround (problem introduced in 200605/200606 TLS update):
the Postfix SMTP server now issues TLS session IDs even
when TLS session caching is turned off, otherwise MS Outlook
fails to deliver mail. There may also be interoperability
issues with other MTAs that we haven't discovered yet.
Specify "smtpd_tls_always_issue_session_ids = no" to disable
the workaround. Victor Duchovni. Files: smtpd/smtpd.c,
tls/tls_server.c.
20060719
Cleanup: the smtp_sasl_auth_enforce feature is gone. It was
meant to work around a problem that was introduced with
plaintext fallback after a failed TLS handshake. Unfortunately,
it created more problems than it solved. We now address the
underlying problem more directly as described next. File:
smtp/smtp_proto.c.
Safety: don't fall back to plaintext delivery after failed
TLS handshake, when the Postfix SMTP client would have
attempted to log in with SASL after successful TLS handshake.
This avoids undesirable behavior regardless of whether the
server does support SASL over plaintext (unexpected password
disclosure) and whether the server doesn't support SASL
over plaintext (insufficient mail relay permission). Files:
smtp/smtp_connect.c, smtp/smtp_session.c, smtp/smtp_proto.c.
20060720
Compatibility: replace %% in milter replies by %, and strip
single (i.e. invalid) % characters. File: milter/milter8.c.
Compatibility: $_ macro support for Milter applications.
Files: smtpd/smtpd.c, smtpd/smtpd_milter.c,
cleanup/cleanup_state.c, cleanup/cleanup_milter.c.
20060721
Safety: disable Milter processing after "postsuper -r". If
the mail has been filtered there is no need to do it again.
Moreover, when mail has passed through an external content
filter, we don't have sufficient information to reproduce
the exact same SMTP events and Sendmail macros that Milters
received when the mail originally arrived in Postfix. This
change does not affect Milter applications that run behind
an after-queue content filter. File: pickup/pickup.c.
Bugfix: Milters received a truncated ORCPT=xxx parameter
due to destructive parsing of something that didn't have
to be preserved before Milter support was added to Postfix.
File: smtpd/smtpd.c.
20060724
Bugfix: when updating the same header multiple times, the
Postfix Milter client created a queue file that caused
delivery agents to loop. File: cleanup/cleanup_milter.c.
12614
12615
12616
12617
12618
12619
12620
12621
12622
12623
12624
12625
12626
12627
12628
12629
12630
12631
12632
12633
12634
12635
12636
12637
12638
12639
20060725
Bugfix: damaged queue file record after a Milter request
to modify a message header when 1) it was the last header
in the unmodified message, and 2) the old header was less
than 15 characters long. File: cleanup/cleanup_milter.c.
Bugfix: don't panic in smtp_rcpt_cleanup() after detecting
a damaged queue file record. File: smtp/smtp_proto.c.
20060726
Bugfix: the 20051013 change to enforce the message size
limit in the SMTP server didn't work for size limits close
enough to INT_MAX. File: smtpd/smtpd.c.
Bugfix: after an SMTP client was rejected with "smtpd_delay_reject
= no", the SMTP server would panic as it generated spurious
Milter requests for unrecognized commands. File: smtpd/smtpd.c.
20060727
Cleanup: change redundant milter_abort() and milter_disc_event()
calls into NO-OPs. This avoids unnecessary panic() events
for completely harmless conditions. File: milter/milter8.c.
12640
12641
12642
12643
12644
12645
12646
12647
12648
12649
12650
12651
12652
12653
12654
12655
12656
12657
12658
12659
12660
12661
12662
12663
12664
12665
12666
12667
12668
12669
12670
12671
12672
12673
12674
12675
12676
12677
12678
12679
12680
12681
12682
12683
12684
12685
12686
12687
12688
12689
12690
12691
12692
12693
20060805
Bugfix (introduced Postfix 2.3): #ifdef damage caused
smtp_sasl_start() to be invoked twice. Reported by C-J
Lofstedt. File: smtp/smtp_sasl_proto.c.
20060806
Postfix no longer announces its name in delivery status
notifications. Users believe that Wietse provides a free
helpdesk service that solves all their email problems.
Credits to Jonathan Balester. File: bounce/bounce_templates.c.
20060807
Bugfix (introduced Postfix 2.2): when upgrading from Postfix
< 2.2 with the third-party TLS patch, the post-install
upgrade procedure didn't put a "?" in the existing tlsmgr
entry, causing tlsmgr to repeatedly start and exit when TLS
support was not compiled in. File: conf/post-install.
20060812
Bugfix (introduced Postfix < alpha): safety mechanism in
mail_date() didn't work. Found in code review. File:
global/mail_date.c.
20060822
Added missing logging for "message to large" etc. Files:
smtpd/smtpd.c, cleanup/cleanup_milter.c.
20060823
Bugfix (introduced Postfix 2.2): segfault when vstream_fclose()
attempted to flush unwritten output, after vstream_fdclose()
had already disconnected the stream from its file descriptor.
File: util/vstream.c.
Bugfix (introduced Postfix 2.2): vstream_fdclose() did not
flush unwritten output before disconnecting a stream from
its file descriptor(s). File: util/vstream.c.
20060825
Bugfix (introduced Postfix 2.3): with headers-only mail, a
Milter "header insert" action corrupted the queue file. The
cleanup server executed some end-of-body action before the
end-of-header actions. File: cleanup/cleanup_message.c.
Robustness: mail delivery agents now detect loops in queue
files. Files with too many backward jumps are saved to the
"corrupt" directory. File: global/record.c.