Skip to content
HISTORY 501 KiB
Newer Older
Boris Mühmer's avatar
Boris Mühmer committed
	qmqpd_client_port_logging parameter setting. File:
	qmqpd/qmqpd.c.
Boris Mühmer's avatar
Boris Mühmer committed
20071216
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: show the remote SMTP server port in verbose logging,
	warnings and postmaster notices.  Still don't show the port
	in delivery status notifications. Files: smtp/smtp_chat.c,
	smtp/smtp_sasl_glue.c, smtp/smtp_sasl_proto.c.
Boris Mühmer's avatar
Boris Mühmer committed
	The "tls_require_cert" is now compatible with OpenLDAP 2.1
	and later. Victor Duchovni. Files: proto/ldap_table,
	global/dict_ldap.c.
Boris Mühmer's avatar
Boris Mühmer committed
20071218
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: removed the "#ifdef USE_LIBMILTER_INCLUDES"
	dependencies on system-installed Milter protocol include
	files. Verified that the object code has not changed. File:
	milter/milter8.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Sanity check: idiot filter to detect attempts to use the
	same database file for different TLS session caches.  File:
	tlsmgr/tlsmgr.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: updated the spell check stoplist and the spell
	check script. Files: mantools/spell, proto/stop.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: replaced documentation references to xxgdb by ddd.
	The xxgdb program hasn't been updated in more than 10 years.
	Files: proto/postconf.proto, conf/main.cf.
Boris Mühmer's avatar
Boris Mühmer committed
20071219-20
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: support for all new Sendmail 8.14 Milter features
	except SMFIR_SKIP (skip further events of this type),
	SMFIP_RCPT_REJ (report rejected recipients to the mail
	filter), SMFIR_CHGFROM (replace sender, with optional ESMTP
	command parameters), and SMFIR_ADDRCPT_PAR (add recipient,
	with optional ESMTP command parameters). Files: milter/milters.c,
	milter/milter8.c, milter/test-milter.c, cleanup/cleanup_milter.c.
Boris Mühmer's avatar
Boris Mühmer committed
20071221
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: support for Sendmail 8.14 Milter SMFIR_SKIP (skip
	further events of this type). Files: milter/milter8.c,
	milter/test-milter.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: don't try sending HELO after a 421 EHLO reply.
	File: smtp/smtp_proto.c.
Boris Mühmer's avatar
Boris Mühmer committed
20071221-nonprod

	Using 20071221 as reference point.

	Cleanup: Simplified TLS library cipher and protocol API to
	just pass string-valued properties to tls_client_init() and
	tls_client_start(). The client is now agnostic of the
	mechanics of cipher management internal to the library. The
	main.cf parameters used internally in the library are now
	loaded by the library, not the caller. Files:
	src/smtp/lmtp_params.c, src/smtp/smtp.c, src/smtp/smtp.h,
	src/smtp/smtp_params.c, src/smtp/smtp_proto.c,
	src/smtp/smtp_session.c, src/smtpd/smtpd.c, src/tls/tls.h,
	src/tls/tls_client.c, src/tls/tls_level.c, src/tls/tls_misc.c,
	src/tls/tls_server.c, src/tls/tls_session.c, src/tls/tls_verify.c
	and src/tlsmgr/tlsmgr.c

	Cleanup: Client session lookup key "salting" is now handled
	internally in the tls library. Files: src/tls/tls_client.c

	Cleanup: Cipher state is cached, and only updated when
	necessary.  Files: src/tls/tls_misc.c

	Feature: Extended the syntax of protocol selection to allow
	exclusions as well as inclusions. Files: src/tls/tls_misc.c

	Cleanup: Updated default verification depth to match reality:
	default is 9 in OpenSSL and we don't yet override it.  When
	we do (soon), the default will match previous behavior.
	Files: src/global/mail_params.h

	Bugfix: Reference to obsolete "pfixtls" code won't compile
	inside #ifdef for OpenSSL <= 0.9.5a. Using an OpenSSL release
	that old has not been tested for some time, but may now
	work. Files: src/tls/tls_bio_ops.c.

	Replaced "void *" TLS library application handles by explicit
	pointer types, while hiding data structure implementation
	details from the TLS library users. Files: tls/tls_client.c,
	tls/tls_server.c, smtp/smtp.c, smtpd/smtpd.c.

	The TLS library no longer modifies VSTRINGs passed in by
	the caller. Where possible, information is passed as "const"
	from application to library. Files: smtp/smtp_proto.c,
	tls/tls_client.c.
Boris Mühmer's avatar
Boris Mühmer committed
20071227-nonprod
Boris Mühmer's avatar
Boris Mühmer committed
	Replaced explicit initialization of props structures by
	emulating function calls with named parameter lists.  Files:
	tls/tls.h, smtp/smtp.c, smtp/smtp_proto.c, smtpd/smtpd.c.
Boris Mühmer's avatar
Boris Mühmer committed
20071222
Boris Mühmer's avatar
Boris Mühmer committed
	Further polishing of the Milter code and logging. File:
	milter/milter8.c.
Boris Mühmer's avatar
Boris Mühmer committed
20071123
Boris Mühmer's avatar
Boris Mühmer committed
	Further polishing of the Milter code. With SETSYMLIST, each
	Milter can now update its own macros instead of clobbering
	the global copy that is shared with other Milters. Also an
	opportunity to clean up some ad-hoc code for sending macro
	lists from smtpd(8) to cleanup(8). Files: milter/milter.c,
	milter/milter8.c, milter/milter_macros.c.
Boris Mühmer's avatar
Boris Mühmer committed
20071224
Boris Mühmer's avatar
Boris Mühmer committed
	Further polishing of the Milter code. Eliminated unnecessary
	steps from the initial smtpd/cleanup Milter handshake. Files:
	milter/milter.c, milter/milter8.c, milter/milter_macros.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: name_code(3) and name_mask(3) now support read-only
	tables. Files: util/name_code.[hc], util/name_mask.[hc].
Boris Mühmer's avatar
Boris Mühmer committed
20071227
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: further refinements of the Milter code, allowing
	for multiple macro overrides. The code is now ready for
	serious testing. File: milter/milter8.c.
Boris Mühmer's avatar
Boris Mühmer committed
20071229
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix: the Milter client did not replace the Postfix-specific
	form for unknown host names by the Sendmail-specific form.
Boris Mühmer's avatar
Boris Mühmer committed
	File: milter/milter8.c.

Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: when a cleanup milter reports a problem don't log
	generic "4.3.0 Sevice unavailable", but log the text for
	the actual error. File: cleanup/cleanup_milter.c.
Boris Mühmer's avatar
Boris Mühmer committed
20080102-nonprod
Boris Mühmer's avatar
Boris Mühmer committed
	SMTP client fingerprint security level support and configurable
	fingerprint digest algorithm. Victor Duchovni. Files:
	smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp.h,
	src/smtp/smtp_params.c, src/smtp/smtp_proto.c,
	src/smtp/smtp_session.c, tls/tls_client.c, tls/tls_level.c,
	tls/tls_verify.c.
Boris Mühmer's avatar
Boris Mühmer committed
20080103-nonprod
Boris Mühmer's avatar
Boris Mühmer committed
	Missed "invalid TLS configuration" patch for SMTP client.
	Victor Duchovni. File: smtp/smtp_proto.c.
Boris Mühmer's avatar
Boris Mühmer committed
	SMTP server configurable fingerprint digest algorithm.
	Victor Duchovni. Files: smtpd/smtpd.c, tls/tls.h,
	tls/tls_server.c, tls/tls_verify.c.
Boris Mühmer's avatar
Boris Mühmer committed
20080104-nonprod
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: finally implemented certificate verification depth
	limit parameters. Prior to Postfix 2.5 these were ignored.
	For backwards compatibility, the default verification depth
	limit is now 9, the OpenSSL default. Victor Duchovni. Files:
	src/tls/tls_client.c, src/tls/tls_server.c, src/tls/tls_verify.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Robustness: Avoid possibility of NULL pointer issues in
	application code that checks certificate names, by providing
	"empty string" values when no data is available.  Victor
	Duchovni.  Files: src/tls/tls_verify.c, src/tls/tls_client.c,
	src/tls/tls_server.c, src/smtpd/smtpd_check.c, src/smtpd/smtpd.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: separation of TLS handshake from security level
	enforcement. The library shakes hands; the application
	decides if the resulting security is acceptable. Victor
	Duchovni.  Files: smtpd/smtpd.c, smtpd/smtpd_proto.c,
	tls/tls_server.c, tls/tls_client.c, tls/tls_verify.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Robustness: more robust processing of ASN.1 string attributes
	in x509v3 certificates, plus additional sanity checks (e.g.
	embedded null characters). Victor Duchovni. File:
	src/tls/tls_verify.c.
Boris Mühmer's avatar
Boris Mühmer committed
20080104
Boris Mühmer's avatar
Boris Mühmer committed
	Workaround: minor change to the Dovecot AUTH request to
	prevent dovecot-auth memory wastage. Timo Sirainen.  File:
	xsasl/xsasl_dovecot_server.c.
Boris Mühmer's avatar
Boris Mühmer committed
20080105-nonprod
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: renamed TLS-related symbols for consistency (always
	include the init, start, stop prefix in the TLS library
	function and data structure names; consistently distinguish
	between per-application TLS state and per-session TLS state;
	consistently use the fpt prefix for fingerprint related
	variables and structure members; consistent use of monocase
	typedef-ed names).
Boris Mühmer's avatar
Boris Mühmer committed
20080106-nonprod
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: consistent use of <pre> and <blockquote> in examples;
	instead of emphasizing new Postfix 2.5 behavior in reference
	documentation, describe the new behavior as "current", with
	historical behavior as a supplemental note.
Boris Mühmer's avatar
Boris Mühmer committed
20080107
Boris Mühmer's avatar
Boris Mühmer committed
	Feature: new "pass" service type (in addition to "inet",
	"unix" and "fifo").  The "pass" service type supports
	front-end daemons that accept all inbound connections and
	that permit only well-behaved clients to talk to the MTA.
	This service type had been sitting in the master daemon for
	years but was disabled by default.  Actual applications for
	this will have to be developed later.  Files: util/upass_connect.c,
	util/upass_trigger.c.
Boris Mühmer's avatar
Boris Mühmer committed
20080108
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: where possible, store data structures in read-only
	memory. Besides the security advantage of no write access,
	this also gives slightly better memory utilization when
	many processes execute the same file. Files: pretty much
	everything that has a static table, except for a few tables
	in the benchmark tools with flags that are controlled by
	command-line information.
Boris Mühmer's avatar
Boris Mühmer committed
20080109
Boris Mühmer's avatar
Boris Mühmer committed
	Cleanup: more read-only data. Files: everything that passes
	around a HEADER_OPTS pointer.
Boris Mühmer's avatar
Boris Mühmer committed
20080112
Boris Mühmer's avatar
Boris Mühmer committed
	Safety: optional lookup table to prevent the Postfix SMTP
	client from making repeated SASL login failures with the
	same hostname, username and password.  This introduces new
	parameters: smtp_sasl_auth_cache_name, smtp_sasl_auth_cache_time.
	Based on code by Keean Schupke.  Files: smtp/smtp_sasl_glue.c,
	smtp/smtp_sasl_auth_cache.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Safety: the Postfix SMTP client now by default defers mail
	after the server rejects a SASL login attempt with a 535
	status code.  Specify "smtp_sasl_auth_soft_bounce = no" to
	get the earlier behavior.  Based on code by Keean Schupke.
	Files: smtp/smtp_sasl_glue.c.
Boris Mühmer's avatar
Boris Mühmer committed
20080114
Boris Mühmer's avatar
Boris Mühmer committed
	Safety: the smtpd_client_new_tls_session_rate_limit setting
	now also limits the number of failed TLS handshakes. This
	limits the impact of broken configurations. File: smtpd/smtpd.c.
Boris Mühmer's avatar
Boris Mühmer committed
20080115
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced 20080112): Patrik Rak found two bugs
	that largely canceled each other out, causing Postfix not
	to complain about a missing "proxy:" prefix with the new
	smtp_sasl_auth_cache_name parameter setting. File:
	smtp/smtp_sasl_glue.c.
Boris Mühmer's avatar
Boris Mühmer committed
	Documentation: new SOHO_README file for small/home offices.
	The text is automatically generated from bits and pieces of
	information that are scattered across other documents.
	File: mantools/make_soho_readme.
Boris Mühmer's avatar
Boris Mühmer committed
20080116
Boris Mühmer's avatar
Boris Mühmer committed
	Bugfix (introduced 20080112): missing #ifdef for the SASL
	login failure cache. File: smtp/smtp_sasl_auth_cache.h.
Boris Mühmer's avatar
Boris Mühmer committed
20080123
Boris Mühmer's avatar
Boris Mühmer committed
	Name fix: renamed the mumble_delivery_rate_delay parameter
	to mumble_destination_rate_delay, because it really is a
	per-destination feature. With this change we keep the option
	of implementing a future per-transport rate delay.
Boris Mühmer's avatar
Boris Mühmer committed

20080125

	Bugfix (introduced 20071216): missing {} in the LDAP client
	broke OpenLDAP TLS.  The setting tls_require_cert=no was
	further broken because Postfix used OpenLDAP incorrectly.
	Victor Duchovni.  This broke tls_require_cert=no File:
	global/dict_ldap.c.

20080130

	Bugfix (introduced 20071204): wrong proxywrite process limit
	in the default master.cf file.  File: conf/master.cf.

20080201

	Workaround: pick up a missing data_directory setting from
	main.cf when "postfix start" is invoked with an obsolete
	postfix command. File: conf/post-install.

20080207

	Cleanup: soft_bounce support for multi-line Milter replies.
	File: src/milter/milter8.c.

	Cleanup: preserve multi-line format of header/body Milter
	replies. Files: cleanup/cleanup_milter.c, smtpd/smtpd.c.

	Cleanup: multi-line support in SMTP server replies.  File:
	smtpd/smtpd_chat.c.

Boris Mühmer's avatar
Boris Mühmer committed
20080215

	Safety: break SASL loop in case both the SASL library and
	the remote SMTP server are confused. File: smtp/smtp_sasl_glue.c.

20080220

	Safety: the master daemon now sets an exclusive lock on a
	file $data_directory/master.lock, so that the data directory
	can't be shared between multiple Postfix instances.  This
	would corrupt files that rely on single-writer updates
	(examples: verify(8) cache, tlsmgr(8) caches, etc.). File:
	master/master.c.

20080228

	Bugfix: bounce(8) segfault on one-line template text.
	Problem found by Sacha Chlytor. File: bounce/bounce_template.c.

20080310

	Safety: the SMTP server's Dovecot authentication client now
	enforces the SASL mechanism output filter also on client
	command input. File: src/xsasl/xsasl_dovecot_server.c.

20080311

	Bugfix (introduced 20070811): the MAIL and RCPT Milter
	application call-backs no longer received {mail_addr} or
	{rcpt_addr} information. Problem reported by Anton Yuzhaninov.
	File: smtpd/smtpd.c.

20080318

	Human factors: the PCRE and regexp maps now give more
	comprehensible error messages when people make the common
	mistake of indenting if/endif blocks. Files: util/dict_pcre.c,
	util/dict_regexp.c.

20080411

	Bugfix (introduced Postfix 2.0): after "warn_if_reject
	reject_unlisted_recipient/sender", the SMTP server mistakenly
	remembered that recipient/sender validation was already
	done. File: smtpd/smtpd_check.c.

	Bugfix (introduced Postfix 2.3): the queue manager would
	initialize missing client logging attributes (from xforward)
	with real client attributes. Fix: enable this backwards
	compatibility feature only with queue files that don't
	contain logging attributes. Problem reported by Liviu Daia.
	Files *qmgr/qmgr_message.c.

20080424

	Cleanup: some warning messages said "regexp" or "regexp
	map" instead of "pcre map". File: util/dict_pcre.c.

20080428

	Cleanup: the proxy_read_maps (Postfix 2.0) default setting
	was not updated when adding sender/recipient_bcc_maps
	(Postfix 2.1) and smtp/lmtp_generic_maps (Postfix 2.3).
	File: global/mail_params.h.

	Cleanup: the SMTP server's XFORWARD and XCLIENT support was
	not updated when the smtpd_client_port_logging configuration
	parameter was added. Code by Victor Duchovni. Files:
	smtpd/smtpd.c, smtpd/smtpd_peer.c.
Boris Mühmer's avatar
Boris Mühmer committed

20080509

	Bugfix: null-terminate CN comment string after sanitization.
	File: smtpd/smtpd.c.

20080603

	Workaround: avoid "bad address pattern" errors with non-address
	patterns in namadr_list_match() calls. File: util/match_ops.c.

20080620

	Bugfix (introduced 20080207): "cleanup -v" panic because
	the new "SMTP reply" request flag did not have a printable
	name. File: global/cleanup_strflags.c.

	Cleanup: using "Before-queue content filter", RFC3848
	information was not added to the headers. Carlos Velasco.
	File smtpd/smtpd.c.

20080717

	Cleanup: a poorly-implemented integer overflow check for
	TCP MSS calculation had the unexpected effect that people
	broke Postfix on LP64 systems while attempting to silence
	a compiler warning.  File: util/vstream_tweak.c.

20080725

	Paranoia: defer delivery when a mailbox file is not owned
	by the recipient. Requested by Sebastian Krahmer, SuSE.
	Specify "strict_mailbox_ownership=no" to ignore ownership
	discrepancies.  Files: local/mailbox.c, virtual/mailbox.c.
Boris Mühmer's avatar
Boris Mühmer committed

20080804

	Bugfix: dangling pointer in vstring_sprintf_prepend().
	File: util/vstring.c.

20080814

	Security: some systems have changed their link() semantics,
	and will hardlink a symlink, contrary to POSIX and XPG4.
	Sebastian Krahmer, SuSE. File: util/safe_open.c.

	The solution introduces the following incompatible change:
	when the target of mail delivery is a symlink, the parent
	directory of that symlink must now be writable by root only
	(in addition to the already existing requirement that the
	symlink itself is owned by root).  This change will break
	legitimate configurations that deliver mail to a symbolic
	link in a directory with less restrictive permissions.
Boris Mühmer's avatar
Boris Mühmer committed

20080826

	Bugfix (introduced Postfix 2.4): epoll file descriptor leak.
	With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll
	file descriptor leak when it executes non-Postfix commands
	in, for example, user-controlled $HOME/.forward files.  A
	local user can access a leaked epoll file descriptor to
	implement a denial of service attack on Postfix. Data
	confidentiality and integrity are not affected.  File:
	util/events.c.
Boris Mühmer's avatar
Boris Mühmer committed

20081022

	Documentation: removed inapplicable daemon_timeout reference
	from qmgr(8), oqmgr(8), pickup(8). These daemons need to
	use a much shorter watchdog timer.

20081108

	Bugfix (introduced Postfix 2.5): the Postfix SMTP server
	did not ask for a client certificate with "smtpd_tls_req_ccert
	= yes". Reported by Rob Foehl. File: smtpd/smtpd.c.

20081126

	Documentation: pcre_table(5) incorrectly claimed that the
	'x' flag supports #comment after text. File: proto/pcre_table.

20081203

	Cleanup: adjust the VSTREAM buffer strategy when reusing
	an SMTP connection with a large TCP MSS value. File:
	smtp/smtp_reuse.c.

20081222

	Documentation: log the "*" pattern as the last transport
	map lookup. File: proto/transport.
Boris Mühmer's avatar
Boris Mühmer committed

20090122

	Bugfix: the data_directory was not automatically created!
	File: conf/postfix-files.

20090304

	Cleanup: skip over suspended or throttled queues while
	looking for delivery requests. File: *qmgr/qmgr_transport.c.

20090305

	Bugfix: in the "new queue manager", the _destination_rate_delay
	code needed to postpone the job scheduler updates after
	delivery completion, otherwise the scheduler could loop on
	blocked jobs.  Victor & Wietse.  File: qmgr/qmgr_entry.c,
	qmgr/qmgr_queue.c, qmgr/qmgr_job.c.

	Cleanup: report a "queue file write error", instead of
	passing though bogus 2xx replies from proxy filters to SMTP
	clients.  File: smtpd/smtpd_proxy.c.

20090310

	Bugfix: Postfix used mumble_concurrency_failed_cohort_limit
	instead of mumble_destination_concurrency_failed_cohort_limit
	as documented. File: global/mail_params.h.

20090419

	Bugfix: don't re-enable SIGHUP if it is ignored in the
	parent. This may cause random "Postfix integrity check
	failed" errors at boot time (POSIX SIGHUP death), causing
	Postfix not to start. We duplicate code from postdrop and
	thus avoid past mistakes.  File: postsuper/postsuper.c.

	Robustness: don't re-enable SIGTERM if it is ignored in the
	parent. Files: postsuper/postsuper.c, postdrop/postdrop.c.

20090428

	Bugfix: don't disable MIME parsing with smtp_header_checks,
	smtp_mime_header_checks, smtp_nested_header_checks or with
	smtp_body_checks. Bug reported by Victor. File: smtp/smtp_proto.c.
Boris Mühmer's avatar
Boris Mühmer committed

20090710

	Bugfix (introduced Postfix 2.3): Postfix got out of sync
	with a Milter application after the application sent a
	"quarantine" request at end-of-message time. The milter
	application would still be in the end-of-message state,
	while Postfix would already be working on the next SMTP
	event (typically, QUIT or MAIL FROM).  Problem diagnosed
	with help from Alban Deniz. File: milter/milter8.c.

20090805

	Bugfix: don't panic when an unexpected smtpd access map is
	specified. File: smtpd/smtpd_check.c.
Boris Mühmer's avatar
Boris Mühmer committed

20090918

	Bugfix (introduced Postfix 2.3): with Milter RCPT TO replies
	turned off, there was no automatic flush-before-read on the
	smtpd-to-milter stream, because the read was done on the
	cleanup-to-milter stream. Problem reported by Stephen Warren.
	File: milter/milter8.c.

20091005

	Bugfix: core dump while printing error message for malformed
	%<letter> sequence in LDAP, MySQL or PostgreSQL configuration.
	File: global/db_common.c. Fix by Victor Duchovni.

20091209

	Bugfix: sender_dependent_relayhost_maps did not reject an
	empty lookup result, and did not recognize lookup errors,
	thus treating errors as "not found". Problem found during
	code maintenance. File: trivial-rewrite/resolve.c.

20100107

	Bugfix: the pickup daemon did not discard messages that
	were requeued after all recipients were delivered (or
	bounced), and the cleanup server tried to bounce such
	messages. Files: pickup/pickup.c, global/cleanup_user.h.

20100115

	Bugfix: the valid_hostname() fuction did not set the
	"non-numeric" flag after encountering the '-' character.
	Reported by Jan Schampera.  File: util/valid_hostname.c.

20100116

	Workaround: as of Postfix 2.3 the VRFY command did not allow
	a mailbox address inside <>, which broke expectations.  RFC
	2821 (and 5321) is vague about the VRFY request format, but
	spends lots of text on the reply format.  File: smtpd/smtpd.c.

Boris Mühmer's avatar
Boris Mühmer committed
20100422

	Workaround (introduced: postfix-19990906 a.k.a. Postfix
	0.8.0).  The Postfix local delivery agent did not properly
	distinguish between "address has no extension" and "address
	has an extension, but the extension is invalid". In both
	cases it would run only the full recipient local-part through
	the alias maps.  Instead, it now drops the faulty extension
	from the recipient address local-part (it would be too
	error-prone to replace all tests for "no extension" by tests
	for "no valid extension".  File: local/recipient.c.

Boris Mühmer's avatar
Boris Mühmer committed
20100610

	Bugfix (introduced Postfix 2.2): Postfix no longer appends
	the system default CA certificates to the lists specified
	with *_tls_CAfile or with *_tls_CApath.  This prevents
	third-party certificates from getting mail relay permission
	with the permit_tls_all_clientcerts feature.  Unfortunately
	this may cause compatibility problems with configurations
	that rely on certificate verification for other purposes.
	To get the old behavior, specify "tls_append_default_CA =
	yes".  Files: tls/tls_certkey.c, tls/tls_misc.c,
	global/mail_params.h.  proto/postconf.proto, mantools/postlink.

20100714

	Compatibility with Postfix < 2.3: fix 20061207 was incomplete
	(undoing the change to bounce instead of defer after
	pipe-to-command delivery fails with a signal). Fix by Thomas
	Arnett. File: global/pipe_command.c.

20100827

	Performance: fix for poor smtpd_proxy_filter TCP performance
	over loopback (127.0.0.1) connections. Problem reported by
	Mark Martinec.  Files: smtpd/smtpd_proxy.c.

20101023

	Cleanup: don't apply reject_rhsbl_helo to non-domain forms
	such as network addresses.  This would cause false positives
	with dbl.spamhaus.org.  File: smtpd/smtpd_check.c.

20101117

	Bugfix: the "421" reply after Milter error was overruled
	by Postfix 1.1 code that replied with "503" for RFC 2821
	compliance. We now make an exception for "final" replies,
	as permitted by RFC. Solution by Victor Duchovni. File:
	smtpd/smtpd.c.
Boris Mühmer's avatar
Boris Mühmer committed

20101201

	Workaround: BSD-ish mkdir() ignores the effective GID and
	copies group ownership from the parent directory.  File:
	util/make_dirs.c.

20101202

	Cleanup: the cleanup server now reports a temporary delivery
	error when it reaches the virtual_alias_expansion_limit or
	virtual_alias_recursion_limit. Previously, it would silently
	ignore the excess recipients and deliver the message.  File:
	cleanup/cleanup_map1n.c.

20110105

	Bugfix (introduced with the Postfix TLS patch): discard
	plaintext following the STARTTLS command or response. This
	matters only for the minority of SMTP clients that actually
	verify server certificates.  Files: smtpd/smtpd.c,
	smtp/smtp_proto.c.

	This vulnerability is also known as CVE-2011-0411.

20110109

	Bugfix (introduced Postfix 2.4): on Solaris the Postfix
	event engine was deaf for SIGHUP and SIGALRM signals after
	the switch to /dev/poll. Symptoms were delayed "postfix
	reload" response, and killed processes when the watchdog
	timeout was less than max_idle.  The fix is to set up SIGHUP
	and SIGALRM handlers that write to a pipe, and to monitor
	that pipe for read events via the Postfix event engine.
	Files: master/master_sig.c, util/watchdog.c, util/sys_defs.h.

20110117

	Bugfix (introduced Postfix alpha, or thereabouts): on HP-UX
	the Postfix event engine was deaf for SIGALRM signals.
	Symptoms were killed processes when the watchdog timeout
	was less than max_idle.  The fix is the same as Solaris fix
	20110109. Since we can't know what other systems need this,
	the workaround is enabled by default.  Files: util/sys_defs.h.

20110225

	Workaround (problem introduced with IPv6 support in Postfix
	2.2): the SMTP client did not support mail to [ipv6:ipv6addr].
	Fix based on a patch by Gurusamy Sarathy (Sophos).  File:
	util/host_port.c and regression test files.

20110227

	Portability: FreeBSD closefrom() support time window.  Sahil
	Tandon. File: util/sys_defs.h.
Boris Mühmer's avatar
Boris Mühmer committed

20110414

        Bugfix (introduced with Postfix SASL patch 20000314): don't
        reuse a server SASL handle after authentication failure.
        Problem reported by Thomas Jarosch of Intra2net AG. File:
        smtpd/smtpd_proto.c.