Skip to content
HISTORY 627 KiB
Newer Older
Boris Mühmer's avatar
Boris Mühmer committed
	ending in <LF>).  This simplifies integration with third-party
	mail generating applications. Specify "sendmail_fix_line_endings
	= strict" to restore historical Postfix behavior (i.e. convert
	all input lines ending in <CR><LF> only if the first input
	line ends in <CR><LF>).  Files: sendmail/sendmail.c,
	global/mail_params.h, proto/postconf.proto.

20111017

	Cleanup: refined the heuristic that automagically transforms
	legacy "sendmail -V" VERP requests into contemporary "sendmail
	-XV" syntax.  File: sendmail/sendmail.c.

	Cleanup: when the cleanup daemon goes into discard mode,
	don't get stuck when it runs onto milter file descriptor
	information. File: cleanup/cleanup.c.

Boris Mühmer's avatar
Boris Mühmer committed
20111020

	EAI Future-proofing: don't apply strict_mime_encoding_domain
	checks to unknown message subtypes such as message/global*.
	File: global/mime_state.c.

Boris Mühmer's avatar
Boris Mühmer committed
20111025

Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced: Postfix 2.8): postscreen sent non-compliant
	SMTP responses (220- followed by 421) when it could not
	hand off a connection to a real smtpd process, causing some
	remote SMTP clients to bounce mail. The fix redirects the
	client to the dummy SMTP engine which sends the 421 reply
	at the first legitimate opportunity.  Problem reported by
	Ralf Hildebrandt. Files: postscreen/postscreen_send.c,
	postscreen/postscreen_smtpd.c, postscreen/postscreen.h.
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: to improve inter-operability with broken remote
	SMTP servers, the Postfix SMTP client by default no longer
	appends the "AUTH=<>" option to the MAIL FROM command.
	Specify "smtp_send_dummy_mail_auth = yes" to restore the
	old behavior.
Boris Mühmer's avatar
Boris Mühmer committed
20111106
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: "postconf -M" support to show Postfix's idea of
	what is in the master.cf file. File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: postconf "-f" option to "nicely" format long lines
	from main.cf or master.cf. File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111108
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: postconf finally supports dynamic configuration
	parameter names: parameters whose name depend on a mail
	delivery transport or spawn service in master.cf, and
	parameters whose names are specified with smtpd_restriction_classes
	in main.cf. This adds 70 parameters to the "postconf" output,
	more if additional mail delivery transports are defined in
	master.cf.  File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111109
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: account for "," in smtpd_restriction_classes
	value (Victor Duchovni). File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111112
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: postconf finally warns about possible mis-typed
	main.cf and master.cf parameter names (i.e. parameters that
	aren't used anywhere), and it finally displays user-defined
	main.cf parameters that *are* used.  File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111113
Boris Mühmer's avatar
Boris Mühmer committed
	Portability: specify ``make makefiles "CCARGS=-DNO_NIS
	..."'' to build on systems without NIS support. Files:
	makedefs, util/sys_defs.h.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: documented the postconf algorithms and their
	limitations, and added regression tests to speed up future
	development. File: postconf/postconf.c
Boris Mühmer's avatar
Boris Mühmer committed
20111117
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: postconf didn't "bless" type "inet" service names.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: with pipelined sessions, smtp-sink flushed the
	output too often. Reported by Mark Martinec. File:
	smtpstone/smtp-sink.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: don't use IPv6 at build time. File: conf/main.cf.
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: don't abort when IPv6 is present but busted.
	File: util/inet_proto.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Portability: the Dovecot 2.0 authentication server supports
	more socket types for its authentication server. File:
	xsasl/xsasl_dovecot_server.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: the Dovecot 2.0 authentication server supports
	communication over TCP sockets. Patrick Ben Koetter.  File:
	proto/SASL_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
20111118
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: "postconf -M" now supports filtering. For example,
	"postconf -M inet" shows only services that listen on the
	network, and "postconf -M smtp.unix" shows the SMTP delivery
	agent. File: postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111119
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: "postconf" commands in postfix-install needed to
	be updated before master.cf was installed.  Reported by
	Sahil Tandon. File: postfix-install.
Boris Mühmer's avatar
Boris Mühmer committed
20111120
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: support for parameter name spaces for master.cf
	entries. With this, postconf should no longer log false
	warnings for "-o user-defined-name=value" in master.cf.  As
	a benefit, it will warn for user-defined parameters with
	"name=value" entries that are unused because they are hidden
	by master.cf "-o name=value" entries with the same parameter
	name.  File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111121
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: documentation fixes. File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: in postconf "main.cf management" mode, errors
	opening master.cf are non-fatal. File: postconf/postconf.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111122
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: examples to request VERP-style delivery at
	SMTP time with the smtpd_command_filter feature.  Files:
	proto/VERP_README.html, proto/postconf.proto.
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: TLS certificate public-key fingerprint matching
	(SMTP server and client), and TLS logging cleanup. Victor
	Duchovni. Files: proto/SMTPD_POLICY_README.html,
	proto/TLS_README.html, proto/postconf.proto, global/mail_proto.h,
	smtpd/smtpd_check.c, tls/tls.h, tls/tls_client.c, tls/tls_misc.c,
	tls/tls_proxy_print.c, tls/tls_proxy_scan.c, tls/tls_server.c,
	tls/tls_stream.c, tls/tls_verify.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: complete list of "make makefiles" overrides.
	File: proto/INSTALL.html.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: postscreen now logs more than the first word of
	non-SMTP commands. File: postscreen/postscreen_smtpd.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111124
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: eliminated false postconf "unused parameter"
	warnings with legacy parameters such as $virtual_maps, and
	with non-default parameter values for smtpd_expansion_filter
	that can contain legitimate "$" without a macro name.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: split postconf source into separate modules.
	Files: postconf/postconf.c, postconf/postconf_builtin.c,
	postconf/postconf_edit.c, postconf/postconf_main.c,
	postconf/postconf_master.c, postconf/postconf_misc.c,
	postconf/postconf_node.c, postconf/postconf_other.c,
	postconf/postconf_service.c postconf/postconf_unused.c,
	postconf/postconf_user.c, postconf/postconf.h.
Boris Mühmer's avatar
Boris Mühmer committed
20111126
Boris Mühmer's avatar
Boris Mühmer committed
	Bitrot: changes in error reporting to the under-documented
	OpenLDAP API. Problem reported by Quanah Gibson-Mount. Fix
	by Viktor Dukhovni. File: global/dict_ldap.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: four-space indentation had become a tab character.
	Files: postconf/postconf.h, postconf/test20.ref,
	postconf/test21.ref.
Boris Mühmer's avatar
Boris Mühmer committed
20111127
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: documented <transport>_suffix parameters that don't
	show in postconf command output of earlier Postfix versions.
	Files: proto/SMTPD_POLICY_README.html, proto/postconf.proto,
	proto/SCHEDULER_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: added the pipe(8) delivery agent to the list of
	programs that implement transport_time_limit parameters.
	File: postconf/postconf_service.c, postconf/test6.ref,
	postconf/test22.ref.
Boris Mühmer's avatar
Boris Mühmer committed
20111128
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: "postconf -C class,..." support to print parameters
	in one or more classes (builtin= built-in parameter names,
	service=service-defined parameter names, user=user-defined
	parameter names). Files: postconf/postconf.c, postconf/postconf.h,
	postconf_service.c, postconf/postconf_user.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111129
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: TLS logging level configuration. Files:
	global/mail_params.h, smtp/lmtp_params.c, smtp/smtp.c,
	smtp/smtp_params.c, smtp/smtp_proto.c, smtpd/smtpd.c,
	tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_server.c,
	tlsmgr/tlsmgr.c, tlsproxy/tlsproxy.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111203
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: time-dependent sender addresses of address
	verification probes.  Specify an address_verify_sender_ttl
	value of several hours or more to frustrate address harvesting.
	Files: global/verify_sender_addr.[hc], smtpd/smtpd.c,
	smtpd/smtpd_check.c, verify/verify.c, proto/postconf.proto,
	proto/ADDRESS_VERIFICATION_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
20111204
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: removed the log_level arguments from tls_client_start()
	and tls_server_start() calls. This information is already
	given to tls_client_init() and tls_server_init(). Files:
	smtpd/smtpd.c, tlsproxy/tlsproxy.c, smtp/smtp_proto.c,
	tls/tls.h, tls/tls_client.c, tls/tls_server.c, tls/tls_misc.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111205
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: made the postconf(5) manpage more precise
	in its use of "client" and "server"; reorganized the
	TLS_README presentation of client configuration so that
	most relevant information is presented earlier. Files:
	proto/postconf.proto, proto/TLS_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix: tlsproxy(8) stored TLS sessions with a serverID of
	"tlsproxy" instead of "smtpd", wasting an opportunity for
	session reuse.  File: tlsproxy/tlsproxy.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111206
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: removed descriptions of Postfix < 2.3 user
	interface from TLS_README. Users of earlier releases are
	referred to TLS_LEGACY_README. File: proto/TLS_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
20111207
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: tlsproxy(8) now receives the session cache serverID
	from its client (postscreen(8)). Files: global/mail_proto.h,
	postscreen/postscreen_starttls.c, tlsproxy/tlsproxy.[hc],
	tlsproxy_state.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the postscreen(8) daemon did not support a zero
	cache cleanup interval. This is needed for memcache support.
	File: postscreen/postscreen.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced: 20110227): null pointer bug while
	updating dictionary owner attributes, after reading an empty
	(database) configuration file. File: util/dict.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111208
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: db_common_parse_domain() could not be called without
	preceding db_common_parse() call. Files: global/db_common.[hc].
Boris Mühmer's avatar
Boris Mühmer committed
20111209
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: memcache client support. This implementation is
	based on the under-documented libmemcache library, and
	therefore supports only libmemcache version 1.4.0.  Files:
	conf/postfix-files, global/dict_memcache.[hc], global/mail_dict.c,
	html/index.html, mantools/postlink, postconf/postconf.c,
	postfix/postfix.c, proto/DATABASE_README.html,
	proto/MEMCACHE_README.html, proto/memcache_table.
Boris Mühmer's avatar
Boris Mühmer committed
20111209
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: support for scripted and manual database tests with
	LDAP, *SQL, and memcache. Files: util/dict_test.c, util/dict.c,
	global/mail_dict.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: apparently, some distributions use Postfix
	shared libraries without proper so-number versioning. This
	causes programs to fail mysteriously, after an update
	replaces the Postfix library but not the program (someone
	experienced this with an extra copy of the Postfix SMTP
	server).  Files: global/mail_version.[hc], master/*server.c,
	master/master.c, src/postalias/postalias.c,
	src/postdrop/postdrop.c, src/postfix/postfix.c,
	src/postlog/postlog.c, src/postmap/postmap.c,
	src/postmulti/postmulti.c, src/postqueue/postqueue.c,
	src/postsuper/postsuper.c, src/sendmail/sendmail.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111211
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: first/next (sequence) support in the proxymap
	protocol. This is needed for cache cleanup of a proxied
	postscreen or verify persistent cache. Files:
	global/dict_proxy.[hc], proxymap/proxymap.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: memcache client support without libmemcache
	dependencies. Files: global/memcache_proto.[hc],
	global/dict_memcache.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix: missing lookup table entry and terminator, causing
	proxymap(8) server segfault when postscreen(8) or verify(8)
	attempted to access their cache via the proxymap(8) server.
	This could never have worked anyway, because the Postfix
	proxymap protocol did not support cache cleanup.  File
	util/dict.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: support for persistent backup database in the
	memcache client. The database can be shared with the proxymap
	service, but it needs to be listed as "proxy:maptype:mapname"
	in the proxy_read_maps or proxy_write_maps parameter value
	(depending on whether the access is read-only or read-write).
	Support for proxymap-over-tcp (proxy:maptype:mapname@host:port)
	is under development.  File: global/dict_memcache.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111214
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: updated the submission and smtps examples
	in the sample master.cf file, so that their logging is
	easier to recognize.  File: conf/master.cf.
Boris Mühmer's avatar
Boris Mühmer committed
20111215
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: use different hosts to separate MUA "port
	25" traffic from the "port 25" MX service. Files:
	postscreen/postscreen.c, proto/POSTSCREEN_README.html.
Boris Mühmer's avatar
Boris Mühmer committed
20111216
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the proxymap client did not correctly propagate
	the "open_lock" flag, causing the proxymap service to open
	postscreen(8) and verify(8) caches twice, instead of once.
	File: global/dict_proxy.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the verify and postscreen caches were not listed
	as "authorized" for access via the proxywrite service. File:
	global/mail_params.h.
Boris Mühmer's avatar
Boris Mühmer committed
	Refactoring: the postscreen permanent access list code is
	now a library module, so that it can be also used for remote
	access to the proxymap server.  Files: global/server_acl.[hc].
Boris Mühmer's avatar
Boris Mühmer committed
	Hardening: read/write deadlines, to make the proxymap server
	suitable for remote access. File: proxymap/proxymap.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111217
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: more orthogonal definition of when the proxymap
	server can/cannot share a single map instance among multiple
	requestors, and corresponding code cleanup in the proxymap
	client and server. Files: util/dict.h, util/dict_test.c,
	global/dict_proxy.c, proxymap/proxymap.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Human factors: the postscreen/verify cache manager now logs
	the full database name including the proxy: prefix, to avoid
	WTF surprises. File: util/dict_cache.c.

20111218

	Cleanup: more configurable memcache client error handling.
	Files: global/dict_memcache.c, proto/memcache_table.

	Feature: the Postfix SMTP server XCLIENT command now supports
	the LOGIN attribute (e.g., login information from nginx).
	Based on the nginx:xclient-login-patch from citrin.ru (Anton
	Yuzhis). The patch was further enhanced to support SASL
	login information everywhere in the Postfix SMTP server
	without having to specify "smtpd_sasl_auth_enable = yes"
	in main.cf.  Files: smtpd.[hc], smtpd_sasl_glue.[hc],
	smtpd_check.c, smtpd_sasl_proto.[hc], smtpd_state.c,
	proto/XCLIENT_README.html.

	Incompatibility: the Postfix SMTP server now always checks
	the smtpd_sender_login_maps table, even without having
	"smtpd_sasl_auth_enable = yes" in main.cf.

20111219

	Cleanup: the match_list-based primitives now provide an
	option to return an error result instead of terminating the
	process with a fatal error.  Files: util/match_ops.[hc],
	util/match_list.c, global/addr_list_match.c, domain_list.c,
	string_list.c, namadr_list.c.

	Cleanup: a "fail:" database type that reliably fails all
	requests. The lookup table name specifies the internal error
	result code. having this table facilitates a systematic
	review of all Postfix table lookup error handling.

	Cleanup: trivial-rewrite now "catches" errors with implicit
	database lookups in virtual_alias_domains, relay_domains,
	virtual_mailbox_domains, just like it already caught explicit
	database lookup errors. This means there are fewer occasions
	where trivial-rewrite clients will appear to hang. File:
	trivial-rewrite/resolve.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: a broken relay_domains table would cause many
	Postfix processes to terminate with fatal error as they
	initialized the flush() client (used by defer_append()
	etc.). Postfix now logs a warning instead.  File:
	global/flush_clnt.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the Postfix SMTP server now "catches" errors with
	implicit database lookups in mynetworks, TLS client certificate
	tables, and local_header_rewrite_clients, and reports "server
	configuration error" or "table lookup error" instead of
	terminating with a fatal error. This is work in progress;
	errors with opening a database may be covered later. Files:
	smtpd/smtpd.c, smtpd/smtpd_check.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111220

	Cleanup: the Postfix SMTP server now "catches" errors with
	implicit database lookups in mynetworks, debug_peer_list,
	smtpd_client_event_limit_exceptions, permit_mx_backup_networks.
	This continues work started 20111219, and does not cover
	errors with opening a database.  Files: smtpd/smtpd.c,
	smtpd/smtpd_checks.c, smtpd/smtpd_error.in, smtpd/smtpd_error.ref.

	Cleanup: memory leak testing of error handling. File:
	util/name_mask.c.

20111222

	Cleanup: memory leak testing of error handling. File:
        util/name_mask.c.

	Cleanup: simplified the match_list error reporting, thereby
	reducing the footprint of the changes to "catch" errors
	with implicit database lookups in mynetworks, and other
	lists.  Files: util/match_ops.[hc], util/match_list.c,
	global/addr_list_match.c, domain_list.c, string_list.c,
	namadr_list.c, trivial-rewrite/resolve.c, smtpd/smtpd.c,
	smtpd/smtpd_check.c, global/flush_clnt.c, flush/flush.c.

20111224

	Cleanup: eliminated the global dict_errno variable that
	made error reporting convenient but not necessarily precise.
	This was a straightforward change except in the few modules
	that propagate errors from one dictionary API to another:
	dict_cache.c, dict_debug.c, maps.c, dict_memcache.c.  Files:
	src/cleanup/cleanup_map11.c, src/cleanup/cleanup_map1n.c,
	src/global/addr_match_list.c, src/global/dict_ldap.c,
	src/global/dict_memcache.c, src/global/dict_mysql.c,
	src/global/dict_pgsql.c, src/global/dict_proxy.c,
	src/global/dict_sqlite.c, src/global/domain_list.c,
	src/global/flush_clnt.c, src/global/mail_addr_find.c,
	src/global/mail_addr_map.c, src/global/maps.c, src/global/maps.h,
	src/global/match_parent_style.h, src/global/namadr_list.c,
	src/global/resolve_local.c, src/global/resolve_local.h,
	src/global/server_acl.c, src/global/string_list.c,
	src/local/alias.c, src/local/bounce_workaround.c,
	src/local/mailbox.c, src/local/unknown.c, src/proxymap/proxymap.c,
	src/qmqpd/qmqpd.c, src/smtp/smtp_map11.c, src/smtpd/smtpd_check.c,
	src/trivial-rewrite/resolve.c, src/trivial-rewrite/transport.c,
	src/util/dict.h, src/util/dict_alloc.c, src/util/dict_cache.c,
	src/util/dict_cidr.c, src/util/dict_db.c, src/util/dict_debug.c,
	src/util/dict_env.c, src/util/dict_fail.c, src/util/dict_ht.c,
	src/util/dict_pcre.c, src/util/dict_regexp.c,
	src/util/dict_static.c, src/util/dict_tcp.c, src/util/dict_test.c,
	src/util/dict_thash.c, src/util/dict_unix.c, src/util/match_list.c,
	src/util/match_list.h, src/util/match_ops.c, src/virtual/mailbox.c.
Boris Mühmer's avatar
Boris Mühmer committed
20111226
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced 20110426): after lookup error with
	mailbox_transport_maps, mailbox_command_maps or
	fallback_transport_maps, the local delivery agent did not
	log the problem before deferring mail, and produced no defer
	logfile record. Files: local/mailbox.c, local/unknown.c.
Boris Mühmer's avatar
Boris Mühmer committed
20120102
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: degrade gracefully when the network protocols
	specified with inet_protocols are unavailable.  Files:
	global/mail_params.c, global/mynetworks.c, global/own_inet_addr.c
	master/master_ent.c, master/master_vars.c, postscreen/postscreen.c,
	qmqpd/qmqpd.c, smtp/smtp_connect.c, smtpd/smtpd.c,
	util/inet_proto.c.

20120107

	Workaround: degrade gracefully when the "domain" feature
	of LDAP, *SQL and memcache databases has a table lookup
	problem.  Files: global/db_common.c, global/dict_ldap.c,
	global/dict*sql*.c, global/dict_memcache.c.

	Cleanup: fixed memcache client error handling for things
	that never happen.  global/dict_memcache.c.

	Future proofing: prepare postmap/postalias error logging
	for future changes to database code. Files: postalias/postalias.c,
	postmap/postmap.c.
Boris Mühmer's avatar
Boris Mühmer committed
20120108
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: the postscreen(8) and verify(8) cache managers log
	warnings at a reduced rate of one per second per cache
	operation, to avoid logging large numbers of warnings about
	a problem with low-value information. File: util/msg_rate_delay.c,
	util/dict_cache.c.
Boris Mühmer's avatar
Boris Mühmer committed
20120110

	Cleanup: added logging for failed table lookups, and replaced
	some "fatal" errors by warnings. Files: cleanup/cleanup_addr.c,
	cleanup/cleanup_message.c, cleanup/cleanup_milter.c,
	cleanup/cleanup_masquerade.c, global/header_body_checks.c,
	global/smtp_stream.c, postscreen/postscreen_dnsbl.c,
	postscreen/postscreen_smtpd.c, smtp/smtp_chat.c,
	smtp/smtp_proto.c, smtp/smtp_sasl_auth_cache.c,
	smtp/smtp_sasl_glue.c, smtp/smtp_session.c, smtp/smtp_trouble.c,
	smtpd/smtpd.c, smtpd/smtpd_check.c.

20120114

	Cleanup: gradual degradation after database file open errors.
	Instead of terminating immediately with a "fatal" error, a
	Postfix daemon logs an error and continues execution with
	reduced functionality. In other words, features that don't
	depend on the unavailable table will keep working.  However,
	for the sake of sanity, the number of such errors over the
	life of a process is limited to 13.  Files:
	src/global/cfg_parser.c, src/util/dict_thash.c,
	src/util/dict_cidr.c, src/util/dict_nis.c, src/util/dict_nisplus.c,
	src/global/dict_ldap.c, src/global/dict_mysql.c,
	src/global/dict_pgsql.c, src/global/dict_sqlite.c,
	src/postconf/postconf_main.c, src/global/mail_conf.c,
	src/util/dict.h, src/util/dict.c, src/global/dict_memcache.c,
	src/util/dict_tcp.c, src/util/dict_unix.c, src/util/dict_pcre.c,
	src/util/dict_regexp.c, src/master/trigger_server.c,
	src/master/single_server.c, src/master/multi_server.c,
	src/master/event_server.c, src/util/dict_test.c,
	src/util/dict_surrogate.c, src/util/dict_alloc.c, src/util/msg.c,
	src/util/dict_cdb.c, src/util/dict_dbm.c, src/util/msg.h,
	src/util/dict_db.c.

	Incompatibility: the Postfix SMTP server no longer reports
	transcripts of sessions where a client command is rejected
	because a table is unavailable.  To receive such reports,
	add the new "data" class to the notify_classes parameter
	value. The reports will be sent to the error_notice_recipient
	address as before. This class is also used by the Postfix
	SMTP client to report about sessions that fail because a
	table is unavailable. Files: global/mail_error.[hc],
	smtpd/smtpd_check.c, smtp/smtp_trouble.c.

20120115

	Fine tuning: SMTP server error messages. File: smtpd/smtpd.c.

	Fine tuning: documentation. Files: proto/MEMCACHE_README.html.
	proto/memcache_table.html.

	Apply "gradual degradation" also when an unsupported database
	*type* is specified. File: util/dict_open.c.

	Cleanup: tiny memory leaks after surrogate database opens.
	Files: util/dict_cidr.c, util/dict_db.c.

20120117

	Cleanup: support for legacy-style database configuration
	where parameter names are generated by appending suffixes
	to the database name. Files: postconf/postconf_dbms.c.

	Other: build without Berkeley DB support (make makefiles
	"CCARGS=$CCARGS -DNO_DB"). Files: makedefs, util/sys_defs.h,
	proto/DB_README.html, proto/INSTALL.html.

20120120

	Compatibility: added file pflogsumm_quickfix.txt with quick
	patches for pflogsumm that handle the new default master.cf
	entries for the submission and smtps services.

20120121

	Cleanup: getopt(3) compatibility in the postconf(1) master.cf
	parser. Process "--" as the end-of-options indicator, and
	process "-oname=value" as "-o name=value".  Files:
	util/argv.[hc], postconf/postconf_master.cf,
	postconf/postconf_user.c.

20120122

	Workaround: log a warning and suggested solution for common
	stat()/fstat()/lstat() problems caused by 32-bit overflow.
	This is a real stinker that causes Postfix to fail without
	any prior warning.  File: util/warn_stat.[hc], and everything
	that directly calls stat(), fstat() or lstat().

20120127

	Bugfix (introduced: Postfix 2.8): the Postfix client sqlite
	quoting routine returned the unquoted result instead of the
	quoted text.  The opportunities for misuse are limited,
	because Postfix sqlite files are usually owned by root, and
	Postfix daemons usually run with non-root privileges so
	they can't corrupt the database. Problem reported by Rob
	McGee (rob0).  File: global/dict_sqlite.c.

20120130

	Bugfix (introduced: Postfix 2.3): the trace service did not
Boris Mühmer's avatar
Boris Mühmer committed
	distinguish between DSN SUCCESS notifications for a non-bounce
	or a bounce message. This code pre-dates DSN support and
	should have been updated when it was re-purposed to handle
	DSN SUCCESS notifications. Problem reported by Sabahattin
Boris Mühmer's avatar
Boris Mühmer committed
	Gucukoglu.  File: bounce/bounce_trace_service.c.
Boris Mühmer's avatar
Boris Mühmer committed

20120202

	Bugfix (introduced: Postfix 2.3): the "change header" milter
	request could replace the wrong header. A long header name
	could match a shorter one, because a length check was done
	on the wrong string.  Reported by Vladimir Vassiliev.  File:
	cleanup/cleanup_milter.c.

20120214

Boris Mühmer's avatar
Boris Mühmer committed
        Bugfix (introduced: Postfix 2.4): extraneous null assignment
        caused core dump when postlog emitted the "usage" message.
        Reported by Kant (fnord.hammer). File: postlog/postlog.c.
Boris Mühmer's avatar
Boris Mühmer committed

20120217

	Bugfix (introduced 20111219): sendmail -bs segfault, due
	to a missing guard statement after an smtpd_check_rewrite()
	call was moved closer to the command processor loop. Fix
	by Bartek Szady. File: smtpd/smtpd.c.
Boris Mühmer's avatar
Boris Mühmer committed
20120220

	Cleanup: documentation of how to use only system-supplied
	certificates with *CAfile and *CApath. File: proto/postconf.proto.

	Cleanup: documentation of smtp_sasl_mechanism_filter.  File:
	proto/postconf.proto.

20120222

	Cleanup: when multiple DNSBLs block an SMTP client, the
	postscreen "reject" message now gives credit to the DNSBL
	with the largest weight, instead of the DNSBL that replies
	first. File: postscreen/postscreeb_dnsbl.c.

	Cleanup: memcache_table(5) manpage. File proto/memcache_table.

20120225

	Cleanup: eliminated the build-time Perl dependency.  File:
	bounce/annotate.sh.

	Cleanup: when -DNO_DB support was added, the makedefs script
	was not updated to skip the Linux Berkeley DB tests.

	FreeBSD9 is now a supported platform. Files: makedefs,
	util/sys_defs.h.

20120226

	Cleanup: documentation in postfix-install.

20120229

	Feature: smtpd_log_access_permit_actions to enable logging
	of specific permit-like actions in Postfix SMTP server
	access lists.  Files: mantools/postlink, proto/postconf.proto,
	global/mail_params.h, smtpd/smtpd.c, smtpd/smtpd_check.c.

20120306

	To improve the interaction with start-up scripts, "postfix
	start" now waits for master daemon process initialization
	to complete, and returns a non-zero exit status if daemon
	initialization failed or if it did not complete in a
	reasonable amount of time. This involves a new "-w" master
	option.  Files: conf/postfix-script, master/master.c,
	master/master.h.  master/master_monitor.c.

20120307

	postconf -X option to exclude parameters from main.cf
	(require two-finger action, because this is irreversible).
	Files: postconf/postconf.[hc], postconf/postconf_edit.c.

20120317

	Feature: Sendmail-style socketmap.  Files: util/dict_sockmap.[hc],
	util/netstring.[hc], proto/DATABASE_README.html,
	postconf/postconf.c.

20120330

	Workaround: specify "\c" at the start of an smtp_reject_footer
	template to suppress the line break between the reply text
	and the footer text. Files: global/smtp_reply_footer.c,
	proto/postconf.proto.

Boris Mühmer's avatar
Boris Mühmer committed
20120401

Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced Postfix 2.6): irrelevant memory leak
	that was introduced with postconf -#. File:
	postconf/postconf_edit.c.

Boris Mühmer's avatar
Boris Mühmer committed
	Bitrot: shut up useless warnings about Cyrus SASL call-back
	function pointer type mis-matches. Files: xsasl/xsasl_cyrus.h,
	xsasl/xsasl_cyrus_server.c, xsasl/xsasl_client.c.

Boris Mühmer's avatar
Boris Mühmer committed
20120404

	Cleanup: added smtpd_sender_login_maps to the default
	proxy_read_maps value. Files: global/mail_params.h,
	proxymap/proxymap.c.

	Cleanup: weed out stale TODO's from the WISHLIST, and moved
	some CYA text from WISHLIST into the code. Files: WISHLIST,
	smtpd/smtpd_proxy.c.

20120407

	Bugfix (introduced: 20120330): don't replace <reply-code>
	<space> by <reply-code> <hyphen> when a reply footer starts
	with \c and contains no \n. File: global/smtp_reply_footer.c.

Boris Mühmer's avatar
Boris Mühmer committed
20120422

	Bit-rot: OpenSSL 1.0.1 introduces new protocols. Update the
	known TLS protocol list so that protocols can be turned off
	selectively to work around implementation bugs.  Based on
	a patch by Victor Duchovni.  Files: proto/TLS_README.html,
	proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c,
	tls/tls_server.c.
Boris Mühmer's avatar
Boris Mühmer committed

20120425

	Workaround: bugs in 10-year old gcc versions break compilation
	with #ifdef inside a macro invocation (NOT: definition).
Boris Mühmer's avatar
Boris Mühmer committed
	Files: tls/tls.h, tls/tls_client.c, tls/tls_server.c.
Boris Mühmer's avatar
Boris Mühmer committed

20120426

	Bugfix (introduced Postfix 2.9): the postconf command flagged
	parameters defined in master.cf as "unused" when they were
	used only in main.cf. Problem reported by Michael Tokarev.
Boris Mühmer's avatar
Boris Mühmer committed
	Files: postconf/postconf_user.c, postconf/test4b.ref,
	postconf Makefile.in.

20120513

	Cleanup: report both the first and last line number when a
	malformed main.cf entry spans multiple lines, instead of
	reporting the last line number only. File: util/dict.c,
	util/line_number.[hc].
Boris Mühmer's avatar
Boris Mühmer committed

20120516

	Workaround: apparently, FreeBSD 8.3 kqueue notifications
	sometimes break when a dnsblog(8) process loses an accept()
	race on a shared socket, resulting in repeated "connect to
	private/dnsblog service: Connection refused" warnings.  This
	condition is unique to dnsblog(8). The postscreen(8) daemon
	closes a postscreen-to-dnsblog connection as soon as it
	receives a dnsblog(8) reply, resulting in hundreds or
	thousands of connection requests per second.  All other
	multi-server daemons such as anvil(8) or proxymap(8) have
	connection lifetimes ranging from 5s to 1000s depending on
	server load.  The workaround is for dnsblog to use the
	single_server driver instead of the multi_server driver.
	This one-line code change eliminates the accept() race
	without any Postfix performance impact.  Problem reported
	by Sahil Tandon.  File: dnsblog/dnsblog.c.

Boris Mühmer's avatar
Boris Mühmer committed
	Logging: postscreen now logs a warning when a dnsblog(8)
	request takes longer than the hard-coded time limit of 10s.
	File: postscreen/postscreen_dnsbl.c.

Boris Mühmer's avatar
Boris Mühmer committed
20120517

	Workaround: to avoid crashes when the OpenSSL library is
	updated without "postfix reload", the Postfix TLS session
	cache ID now includes the OpenSSL library version number.
	Note: this problem cannot be fixed in tlsmgr(8). Code by
	Victor Duchovni. Files: tls/tls_server.c, tls_client.c.

20120520

	Bugfix (introduced Postfix 2.4): the event_drain() function
	was comparing bitmasks incorrectly causing the program to
	always wait for the full time limit. This error affected
	the unused postkick command, but only after s/fifo/unix/
	in master.cf.  File: util/events.c.

	Cleanup: laptop users have always been able to avoid
	unnecessary disk spin-up by doing s/fifo/unix/ in master.cf
	(this is currently not supported on Solaris systems).
	However, to make this work reliably, the "postqueue -f"
	command must wait until its requests have reached the pickup
	and qmgr servers before closing the UNIX-domain request
	sockets.  Files: postqueue/postqueue.c, postqueue/Makefile.in.
Boris Mühmer's avatar
Boris Mühmer committed
20120522

	Robustness: set LC_ALL=C in post-install to avoid surprises
	when parsing output from Postfix or non-Postfix commands.
	File: postfix-install.

20120611

	Bugfix (introduced: 20031216-21): with soft_bounce=yes, the
	SMTP client did not move on to the next MX host or fallback
	relay after a 5xx reply. File: smtp/smtp_trouble.c.

20120527-8

	Infrastructure: limited support to shrink VSTREAM buffers.
	The change takes place when reading from (a stream for the
	first time | an empty buffer) or when writing to (a stream
	for the first time | a full buffer). TODO: the change should
	also happen after purging or flushing a buffer.  File:
	util/vstream.c.

20120531-617

	Feature: haproxy support in postscreen(8) and smtpd(8).  To
	enable, specify "smtpd_upstream_proxy_protocol = haproxy"
	or "postscreen_upstream_proxy_protocol = haproxy".  Files:
	mantools/postlink, proto/postconf.proto, global/Makefile.in,
	global/haproxy_srvr.c, global/haproxy_srvr.h, global/mail_params.h,
	global/mail_proto.h, master/single_server.c, master/multi_server.c,
	master/event_server.c, postscreen/Makefile.in,
	postscreen/postscreen.c, postscreen/postscreen.h,
	postscreen/postscreen_endpt.c, postscreen/postscreen_haproxy.c,
	postscreen/postscreen_haproxy.h, postscreen/postscreen_send.c,
	postscreen/postscreen_state.c, smtpd/Makefile.in, smtpd/smtpd.h,
	smtpd/smtpd_peer.c, smtpd/smtpd_sasl_glue.c, smtpd/smtpd_haproxy.c,
	util/Makefile.in, util/listen.h, util/recv_pass_attr.c,
	util/stream_listen.c, util/sys_defs.h, util/unix_pass_listen.c.


20120618

	Cleanup: made the postscreen-to-smtpd haproxy attribute
	transmission more robust for Solaris. Files: util/sys_defs.h,
	util/connect.h, util/steam_listen.c, postscreen/postscreen_send.c.

	Cleanup: simplified the "stream used" workaround. Files:
	util/vstream.h, master/event_server.c, master/multi_server.c.

Boris Mühmer's avatar
Boris Mühmer committed
20120621

Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: simplified workarounds for Solaris streams versus
	UNIX-domain sockets.  Files: util/pass_accept.c (new),
	util/pass_trigger.c (new), util/stream_pass_connect.c
	(deleted), util/unix_pass_listen.c (deleted),
	util/unix_pass_trigger.c (deleted), updated header files,
	and replaced PASS_XXX macros by pass_xxx function calls.

	Cleanup: don't clobber errno when logging a problem.
	File util/msg_output.c.

20120627

	Bugfix (introduced: 20120531-617): in the postscreen module
	for HAproxy sypport, a VSTREAM buffer size request was not
	LP64-clean.  File: postscreen/postscreen_haproxy.c.

	Cleanup: avoid single-character reads in the postscreen
	HAproxy module. File: postscreen/postscreen_haproxy.c.

20120628

	Workaround: heuristic to detect missing (ssize_t) type-cast
	in VSTREAM buffer size requests. File: util/vstream.c.

20120629

	Workaround: "sendmail -bl" emulation. File: sendmail/sendmail.c.

20120630

	Cleanup: sub-optimal hash performance on systems where the
	"char" type is signed.  Files: util/htable.c, util/binhash.c.
Boris Mühmer's avatar
Boris Mühmer committed

20120702

	Bugfix (introduced: 19990127): the BIFF client leaked an
	unprivileged UDP socket. Fix by Jaroslav Skarvada.  File:
	local/biff_notify.c.

Boris Mühmer's avatar
Boris Mühmer committed
20120713

	Bugfix (introduced: 20120527-8): infrastructure to specify
	a smaller-than-default VSTREAM buffer, without the complex
	run-time checks. File: util/vstream.c, vstream_tweak.c.

20120714

	Cleanup: semantics of requests to query or modify the VSTREAM
	buffer size that will be used with the next read(2) or
	write(2) operation. Files: util/vstream.c, util/vstream.h,
	util/vstream_tweak.c.

20120717

	Documentation: update to RFC5321.

Boris Mühmer's avatar
Boris Mühmer committed
20120730

	Bugfix (introduced: 20000314): AUTH is not allowed after
Boris Mühmer's avatar
Boris Mühmer committed
	MAIL. Timo Sirainen.  Files: smtpd/smtpd.c, smtpd/smtpd.h,
	smtpd/smtpd_sasl_proto.c.

20120801

	Documentation: point of what virtual_xxx parameters are
	specific to the virtual(8) delivery agent, and will have
	no effect when mail is delivered with a different program.
	Files: proto/postconf.proto, proto/VIRTUAL_README.html.

20120824

	Feature: support for "sendmail -R hdrs|full". Jan Kundrát.
	File: sendmail/sendmail.c.

20120902

	Documentation: updated TUNING_README with new pointers to
	the STRESS_README and POSTSCREEN_README documents. Miscellaneous
	documentation clarifications based on postfix-users discussions.

20120903

	Bugfix (introduced 20120317): the socketmap client should
	not share unrelated client endpoint handles. File:
	util/dict_sockmap.c.

20120907

	Cleanup (for change 20120824): the DSN RET attribute should
	not be stored once per recipient. It is a message property
	just like DSN ENVID.  File: sendmail/sendmail.c.

20120911

	Documentation: more explicit enumeration of what happens
	when setting a per-destination recipient limit value to 1.
	File: proto/postconf.proto.

20120918

	Documentation: clarified the bounce/queue_life-time parameter
	descriptions. File: proto/postconf.proto.

20120920

	Documentation: the postscreen_whitelist_interfaces parameter
	syntax was defined only by example. File: proto/postconf.proto.

20120923

	Infrastructure: cleaned up the support for database
	lock-on-open. This is needed for databases that are not
	multi-updater safe.  Files: util/dict_alloc.c, util/dict.c,
	util/dict_open.c, util/dict.h.  tls/tls_scache.c.

20120924

	Documentation: some people are read-challenged distribute
	their own incorrect understanding of master.cf syntax.
	File: proto/master.

	Cleanup: don't emulate UNIX-domain sockets over FIFOs on
	Solaris systems less than 10 years old. This allows us to
	globally s/fifo/unix/ in master.cf.  Files: makedefs,
	util/sys_defs.h.

	Laptop-friendliness: avoid disk spin-up on idle systems by
	s/fifo/unix/ in master.cf.  Files: conf/master.cf.

20120928-30

	Feature: smtpd_relay_restrictions, proposed long ago by
	Victor. The idea is to separate the mail relay policy from
	the spam blocking policy, so that a permissive spam blocking
	policy under smtpd_recipient_restrictions will no longer
	unexpectedly result in a permissive mail relay policy.

	This involves a change in default settings.  Similar to the
	way that local_recipient_maps was introduced, there is a
	safety net that prevents unexpected mail bounces when a
	site upgrades to Postfix 2.10 or later, and there is no
	change in documented smtpd_recipient_restrictions behavior.
	See the RELEASE_NOTES file for details.  Files:
	global/mail_params.h, smtpd/smtpd.c, smtpd/smtpd_check.c,
	proto/postconf.proto, proto/SMTPD_ACCESS_README.html,
	mantools/postlink, conf/post-install, RELEASE_NOTES.