HISTORY

	Feature: postmulti mult-instance manager command, very
	lightly tested. The MULTI_INSTANCE_README still needs to
	be proofread.  Originally by Victor Duchovni.  Files:
	src/postmulti/*, proto/MULTI_INSTANCE_README.html,
	conf/postmulti-script.

20090216-24

	Cleanup: assorted code cleanups in postmulti.  File:
	src/postmulti/postmulti.c.

20090223

	Cleanup: multiple instances of the same global.  Files:
	util/inet_windowsize.c, util/inet_listen.c.

20090228

	Cleanup: the Postfix SMTP server now maintains a per-session
	"improper command pipelining detected" flag. This flag can
	be tested at any time with reject_unauth_pipelining, and
	is raised whenever a client command is followed by unexpected
	commands or message content.  Files: smtpd/smtpd.c,
	smtpd/smtpd_check.c.

	Logging: the Postfix SMTP server now logs the first command
	pipelining transgression as "improper command pipelining
	after <command> from <hostname>[<hostaddress>]".

	Cleanup: after DATA command failure, log "(approximately
	XX bytes)" only if Postfix actually accepted the DATA
	command.  File: smtpd/smtpd.c.

20090303

	Cleanup: word smithing of "sendmail -bv" probe message.
	File: sendmail/sendmail.c.

	Cleanup: OpenLDAP now provides a sane solution for conflicts
	with PAM ldap-over-tls. Victor Duchovni.  File: global/dict_ldap.c.

20090304

	Cleanup: skip over suspended or throttled queues while
	looking for delivery requests. File: *qmgr/qmgr_transport.c.

20090305

	Bugfix: in the "new queue manager", the _destination_rate_delay
	code needed to postpone the job scheduler updates after
	delivery completion, otherwise the scheduler could loop on
	blocked jobs.  Victor & Wietse.  File: qmgr/qmgr_entry.c,
	qmgr/qmgr_queue.c, qmgr/qmgr_job.c.

	Cleanup: report a "queue file write error", instead of
	passing though bogus 2xx replies from proxy filters to SMTP
	clients.  File: smtpd/smtpd_proxy.c.

20090307

	Cleanup: with "lmtp_assume_final = yes", the Postfix LMTP
	delivery agent assumes that delivery is final when talking
	to an LMTP server that announces no DSN support.  Otherwise,
	the Postfix LMTP delivery agent assumes that delivery is
	"relayed", to maintain compatibility with simple LMTP-based
	content filters.  Based on code by Michel Sebastien, ATOS
	Origin.  File: smtp/smtp_rcpt.c.

20090310

	Bugfix: Postfix used mumble_concurrency_failed_cohort_limit
	instead of mumble_destination_concurrency_failed_cohort_limit
	as documented. File: global/mail_params.h.

20090330

	Cleanup: add (Resent-) From:, Date:, Message-ID: or To:
	headers only when clients match $local_header_rewrite_clients.
	Specify "always_add_missing_headers = yes" for backwards
	compatibility.  Adding such headers to remote mail can break
	DKIM signatures that cover headers that are not present.
	File: cleanup/cleanup_message.c.

20090415

	Workaround: to avoid unnecessary "fatal" delivery agent
	exits, delivery agents retry getting a shared lock on a
	queue file.  This is necessary since the queue manager's
	behavior was changed years ago to refill the in-memory
	recipient list before it was completely empty.  File:
	global/deliver_request.c.

	Documentation: updated STRESS_README.

20090416

	Workaround: some AWK implementations have a limit of 10
	output files and lack a working close() function. It is too
	much trouble to find out what systems have this limitation,
	and where, if any, such systems store their XPG4-compatible
	AWK program.  So instead we generate a stream of here
	documents and let the shell split the stream into files.
	File: postconf/extract.awk.

	Documentation: clarification of certificate file usage.
	Victor Duchovni.  Files: proto/postconf.proto,
	proto/TLS_README.html.

	Feature: pass a "TLS is active" flag to the server-side
	SASL support.  Based on code by Timo Sirainen, except that
	the implementation uses an extensible API so that it will
	be less painful to add more attributes in future Postfix
	versions.  Files: xsasl/xsasl.h, xsasl/xsasl_*server.c,
	smtpd/smtpd_sasl_glue.c.

20090417

	Documentation: re-generate READMEs and manpages for updated
	hyperlinks.

	Documentation: missing hyperlinks and missing parameters
	in manpages. File: mantools/postlink, mantools/check-postlink.

20090418

	Cleanup: use the extensible API to pass SMTP client address
	information to the dovecot SASL plugin, and prepare for
	passing server address information. Files: xsasl/xsasl.h,
	xsasl/xsasl_dovecot_server.c, smtpd/smtpd_sasl_glue.c.

	Same extensible API transformation for the SASL client-side
	code to make future extensions less painful. Files:
	xsasl/xsasl.h, xsasl/xsasl*client.c, smtp/smtp_sasl_glue.c.

	More postlink fixes. File: mantools/postlink.

20090419

	Bugfix: don't re-enable SIGHUP if it is ignored in the
	parent. This may cause random "Postfix integrity check
	failed" errors at boot time (POSIX SIGHUP death), causing
	Postfix not to start. We duplicate code from postdrop and
	thus avoid past mistakes.  File: postsuper/postsuper.c.

	Robustness: don't re-enable SIGTERM if it is ignored in the
	parent. Files: postsuper/postsuper.c, postdrop/postdrop.c.

20090422

	Undo delivery agent change 20090415. The queue manager never
	locks a queue file to read additional recipients into memory,
	so if a delivery agent runs into a locked file, then something
	is seriously wrong. File: global/deliver_request.c.

20090424

	Compatibility: the Postfix SMTP client no longer uses the
	obsolete SSLv2 by default for opportunistic encryption.
	This has nothing to do with security (we're willing to send
	plaintext over an unauthenticated connection) but with the
	loss of advanced options that give better performance.
	Victor Duchovni. Files: proto/postconf.proto, global/mail_params.h.

20090426

	Feature: more accurate support for Milter macros {mail_addr}
	and {rcpt_addr}, and new support for Milter macros {mail_host},
	{mail_mailer}, {rcpt_host}, and {rcpt_mailer}.  Files:
	milter/milter.[hc], smtpd/smtpd.[hc], smtpd/smtpd_milter.c,
	smtpd/smtpd_resolve.c.

	Feature: support to report rejected recipients to Milters
	(SMFIP_RCPT_REJ). Postfix reports the event as decribed in
	Sendmail 8.14.0 documentation: {rcpt_mailer} = "error",
	{rcpt_host} = enhanced status code (e.g., "5.7.1"), and
	{rcpt_addr} = reason to reject (e.g., "Relay access denied").
	Files: milter/milter.[hc], milter/milter8.c, smtpd/smtpd.[hc],
	smtpd/smtpd_milter.c.

20090427

	Feature: Milter support for replacing the envelope sender
	and adding recipients (SMFIR_CHGFROM, SMFIR_ADDRCPT_PAR).
	This support currently ignores ESMTP command parameters.
	Files: milter/milter8.c, cleanup/cleanup_milter.c.

20090428

	Compatibility: to make all the new Milter features usable,
	raise the default milter_protocol setting from 2 to 6.
	This has been tested with a Sendmail 8.14 libmilter.
	File: global/mail_params.h.

	Bugfix: don't disable MIME parsing with smtp_header_checks,
	smtp_mime_header_checks, smtp_nested_header_checks or with
	smtp_body_checks. Bug reported by Victor. File: smtp/smtp_proto.c.

	Code cleanups: respect VSTRING invariants by using VSTRING_RESET
	and VSTRING_TERMINATE instead of directly groping the
	underlying character buffer. Files: global/dsn_buf.c,
	milter/milter8.c.

20090507

	main.cf:tls_random_source now defaults to /dev/arandom on
	OpenBSD.  This device was introduced before Postfix development
	began. Files: util/sys_defs.h, global/mail_params.h.

20090510

	Code cleanups: while emulating SMTP client requests for
	Milter applications, use user@domain form addresses as
	required by the SMTP protocol, instead of bare usernames.
	This avoids hard to debug errors from some Milter applications.
	Files: cleanup/cleanup_envelope.c, cleanup/cleanup_extracted.c,
	cleanup/cleanup_addr.c.

20090511

	Code cleanups: don't clobber -o command-line arguments so
	that Linux people can debug daemon command lines more easily.
	Files: master/*server.c.

20090519

	Bugfix (introduced: Postfix 2.3, but did not cause trouble
	until 20090427).  Queue file corruption, with (smtpd_milters
	or non_smtpd_milters) enabled, AND with delay_warning_time
	enabled, AND with short envelope sender addresses e.g.,
	local submissions with bare usernames, but not bounces).
	The queue file would be corrupted when the delay_warning_time
	record was marked as "done" after sending the "your mail
	is delayed" notice.  File: qmgr/qmgr_message.c.

20090528

	Bugfix (introduced: Postfix 2.6 change 20080629): with
	plaintext sessions, smtpd_tls_auth_only=yes caused spurious
	warnings with reject_authenticated_sender_login_mismatch,
	and broke reject_unauthenticated_sender_login_mismatch and
	reject_sender_login_mismatch.  Based on fix by Victor
	Duchovni. File: smtpd/smtpd_check.c.

20090605

	Bugfix: "postmulti -e destroy" used hard-coded /bin/env
	command. Simplified the "destroy" procedure to destroy only
	known safe names without "/". File: conf/postmulti-script.

20090710

	Bugfix (introduced Postfix 2.3): Postfix got out of sync
	with a Milter application after the application sent a
	"quarantine" request at end-of-message time. The milter
	application would still be in the end-of-message state,
	while Postfix would already be working on the next SMTP
	event (typically, QUIT or MAIL FROM).  Problem diagnosed
	with help from Alban Deniz. File: milter/milter8.c.

20090712

	Bugfix (garbage introduced Postfix 2.6): the ugly
	${multi_instance_name:postfix}${multi_instance_name
	?$multi_instance_name} garbage in Postfix logging is now
	hopefully gone.  File: global/mail_task.c.

20090715

	Documentation: as of Postfix 2.6, the reject_unauth_pipelining
	feature can be used meaningfully at any protocol stage.
	File: proto/postconf.proto.

20090805

	Bugfix: don't panic when an unexpected smtpd access map is
	specified. File: smtpd/smtpd_check.c.

20090918

	Bugfix (introduced Postfix 2.3): with Milter RCPT TO replies
	turned off, there was no automatic flush-before-read on the
	smtpd-to-milter stream, because the read was done on the
	cleanup-to-milter stream. Problem reported by Stephen Warren.
	File: milter/milter8.c.

20091005

	Bugfix: core dump while printing error message for malformed
	%<letter> sequence in LDAP, MySQL or PostgreSQL configuration.
	File: global/db_common.c. Fix by Victor Duchovni.

20091012

	Bugfix: postmulti did not skip commands with -p.  Luca
	Berra. File: postmulti/postmulti.c.

20091026

	Cleanup: changed parameter evaluation order so that the
	multi_instance_wrapper parameter value is evaluated after
	the command and daemon directory parameters. File:
	global/mail_params.h.

20091209

	Bugfix: sender_dependent_relayhost_maps did not reject an
	empty lookup result, and did not recognize lookup errors,
	thus treating errors as "not found". Problem found during
	code maintenance. File: trivial-rewrite/resolve.c.

20091229

	Cleanup: the address_verify_poll_count default parameter
	value is now stress-dependent, so that the Postfix SMTP
	server will not wait (up to 6 seconds) for the address
	verification result. File: global/mail_params.h.

20100107

	Documentation: the access(5) manual page did not document
	the "send 521 and disconnect" behavior in the Postfix SMTP
	server. File: proto/access.

	Bugfix: the pickup daemon did not discard messages that
	were requeued after all recipients were delivered (or
	bounced), and the cleanup server tried to bounce such
	messages. Files: pickup/pickup.c, global/cleanup_user.h.

20100115

	Bugfix: the valid_hostname() fuction did not set the
	"non-numeric" flag after encountering the '-' character.
	Reported by Jan Schampera.  File: util/valid_hostname.c.

20100116

	Workaround: as of Postfix 2.3 the VRFY command did not allow
	a mailbox address inside <>, which broke expectations.  RFC
	2821 (and 5321) is vague about the VRFY request format, but
	spends lots of text on the reply format.  File: smtpd/smtpd.c.

20100515

	Bugfix (introduced Postfix 2.6): the Postfix SMTP client
	XFORWARD implementation did not skip "unknown" SMTP client
	attributes, causing a syntax error when sending a PORT
	attribute. Reported by Victor Duchovni. File: smtp/smtp_proto.c.

20100529

	Portability: OpenSSL 1.0.0 changes the priority of anonymous
	cyphers. Victor Duchovni. Files: postconf.proto,
	global/mail_params.h, tls/tls_certkey.c, tls/tls_client.c,
	tls/tls_dh.c, tls/tls_server.c.

	Portability: Mac OS 10.6.3 requires <arpa/nameser_compat.h>
	instead of <nameser8_compat.h>. Files: makedefs, util/sys_defs.h,
	dns/dns.h.

20100531

	Robustness: skip LDAP queries with non-ASCII search strings.
	The LDAP library requires well-formed UTF-8.  Victor Duchovni.
	File: global/dict_ldap.c.

20100601

	Portability: Berkeley DB 5.x has the same API as Berkeley
	DB 4.1 and later. File: util/dict_db.c.