Newer
Older
Added RFC 7672 (SMTP security via opportunistic DANE TLS)
and RFC 7505 ("Null MX" No Service Resource Record) to the
lists of supported RFCs in manpages. Viktor Dukhovni. Files:
smtp/smtp.c, smtpd/smtpd.c.
Bitrot: OpenSSL API cleanups. Viktor Dukhovni. Files:
.indent.pro, tls/tls.h, tls/tls_dane.c, tls/tls_fprint.c,
tls/tls_misc.c, tls/tls_server.c, tls/tls_verify.c.
Bugfix (introduced: Postfix 3.0): don't throttle a destination
after opportunistic TLS failure. Viktor Dukhovni and Wietse.
Files: smtp/smtp_proto.c, smtp/smtp.h, smtp/smtp_trouble.c.
Feature: JSON-formatted queue listing with "postqueue -j".
Output is a stream of JSON objects, one per queue file. To
simplify stream-mode parsing, each JSON object is followed by
a newline character. Files: postqueue/postqueue.c,
postqueue/postqueue.h, postqueue/showq_compat.c,
postqueue/showq_json.c, showq/showq.c.
Bugfix (introduced: 20151128) bogus queue file parsing error.
File: showq/showq.c.
Cleanup: postlog(1) now pauses for 1s after reporting a
fatal or panic error. This makes behavior of scripts such
as postfix-script consistent with built-in error messages.
File: postlog/postlog.c.
Robustness: don't allow for whitespace in command-line
arguments. Files; postfix-install, conf/post-install.
Robustness: added a comment to discourage people who keep
adding code that calls gethostbyname() to determine the
default myhostname setting. This is a mistake: all Postfix
programs will hang when the DNS is unavailable. File:
global/mail_params.c.
22052
22053
22054
22055
22056
22057
22058
22059
22060
22061
22062
22063
22064
22065
22066
22067
22068
22069
22070
22071
Safety: a limit on the number of address verification probes
in the active queue (address_verify_pending_request_limit),
by default 1/4 of the active queue maximum size. The queue
manager tempfails probe messages that exceed the limit.
Files: mantools/postlink, proto/postconf.proto, cleanup/cleanup.h,
cleanup/cleanup_envelope.c, cleanup/cleanup_out_recipient.c,
cleanup/cleanup_state.c, global/mail_params.h, global/post_mail.c,
global/post_mail.h, global/verify.c, oqmgr/qmgr.c, oqmgr/qmgr.h,
oqmgr/qmgr_message.c, qmgr/qmgr.c, qmgr/qmgr.h,
qmgr/qmgr_message.c, verify/verify.c.
20160102
Workaround: MacOS/X 10.11.x /bin/sh unsets DYLD_LIBRARY_PATH,
which breaks the build and install. Viktor Dukhovni and
Wietse. Files: makedefs, postfix-install, Makefile.in.
Bitrot: OpenSSL 1.1.0-dev drops support for EXPORT ciphers
and ephemeral RSA. Viktor Dukhovni. Files: tls/tls_client.c,
tls/tls_rsa.c, tls/tls_server.c.
Bugfix: memory leak in tls_set_eecdh_curve(). Viktor Dukhovni.
File: tls/tls_dh.c.
Bugfix (introduced 20150326): when lmtp_fallback_relay
support was added, the code that generates lmtp_mumble
parameters from smtp_mumble parameters wasn't updated. File:
smtp/smtp-only.
Bugfix (introduced 20151017): the smtpd_client_auth_rate_limit
implementation was not guarded with #ifdef USE_SASL_AUTH.
File: smtpd/smtpd.c.
22085
22086
22087
22088
22089
22090
22091
22092
22093
22094
22095
22096
22097
22098
22099
22100
22101
22102
22103
22104
22105
20160103
Feature: enable DANE policies when an MX host has a secure
TLSA DNS record, even if the MX DNS record was obtained
with insecure lookups. The existence of a secure TLSA record
implies that the host wants to talk TLS and not plaintext.
This behavior is controlled with smtp_tls_dane_insecure_mx_policy
(default: "dane", other settings: "encrypt" and "may"; the
latter is backwards-compatible with earlier Postfix releases).
Viktor Dukhovni. Files: mantools/postlink, proto/postconf.proto,
src/global/mail_params.h, src/posttls-finger/posttls-finger.c,
src/smtp/smtp-only, src/smtp/smtp.c, src/smtp/smtp.h,
src/smtp/smtp_addr.c, src/smtp/smtp_params.c,
src/smtp/smtp_tls_policy.c, src/tls/tls.h, src/tls/tls_client.c.
20160104
Cleanup: distinct TLS levels for "full" DANE and for DANE
with insecure MX records. Viktor Dukhovni. Files:
posttls-finger/posttls-finger.c, smtp/smtp_tls_policy.c,
tls/tls.h, tls/tls_client.c, tls/tls_level.c.
Cleanup: smtp_reply_footer() now restores state in case of
input error; unit tests that cover most if not all error
and non-error cases. Files: global/smtp_reply_footer.c,
global/smtp_reply_footer.ref.
Bitrot: const-ification for OpenSSL 1.1.0. Viktor Dukhovni.
File: tls/tls_misc.c.
"postconf -H" support (show names without the =value).
Initial use case: mass reversal of TLS-related main.cf
parameters (postconf -nH | grep _tls_ | xargs postconf -X).
This flag also works with "postconf -F" and "postconf -P".
Added missing documentation that -h works with "postconf
-F" and "postconf -P". Files: postconf.c, postconf.h,
postconf_master.c, postconf_main.c.
Robustness: force html2text to produce ASCII output. File:
mantools/html2readme.
Feature: "postfix tls" commands to enable opportunistic TLS
in the Postfix SMTP client or server, or generate or replace
Postfix SMTP server TLS private keys and server certificates.
Viktor Dukhovni, Wietse. Files: conf/postfix-files,
conf/postfix-script, conf/postfix-tls-script, makedefs,
proto/INSTALL.html, proto/postconf.proto, global/mail_params.h,
postfix/postfix.c, tls/tls_misc.c.
Portability: added a tls_random_source default setting for
MacOS X. Viktor Dukhovni. File: util/sys_defs.h.
Bitrot: OpenSSL 1.1.0-dev (aka the "master" branch) has new
security levels ranging from 0 to 5. Level "0" is backwards
compatible, and other levels are increasingly restrictive.
Viktor Dukhovni. Files: tls/tls_server.c, tls/tls_client.c.
Portability: Postfix TLS support uses /dev/urandom if
available and no system-specific setting exists in sys_defs.h.
Files: makedefs, util/sys_defs.h.
Cleanup: building the INSTALL file had failed, added
hyperlinks for "postfix tls". Files: mantools/postlink.
Feature: all-default-client and all-default-server subcommands.
Eray Aslan. File: conf/postfix-tls-script.
Bugfix: the postqueue(1) JSON formatter wrote a spurious
comma after the delay reason. Reported by Christian Roessner.
File: postqueue/showq_json.c.
Cleanup: "match_list_match: permit_mynetworks: no match" after
a SUCCESSFUL permit_mynetworks match of a client IP address was
complicating troubleshooting. The fix is to log additional
context to clarify that this "no match" condition is for
smtpd_log_access_permit_actions. File: smtpd/smtpd_check.c.
22189
22190
22191
22192
22193
22194
22195
22196
22197
22198
22199
22200
22201
22202
22203
22204
22205
22206
22207
22208
22209
22210
22211
22212
22213
22214
22215
22216
22217
22218
20160228
Documentation: typos in postfix-tls-script(1) manpage.
20160327
Documentation: line wrapping in postconf(1) manpage.
20160310
Bugfix (introduced: Postfix 2.6): the Milter SMFIR_CHGFROM
(replace sender) request lost the sender_bcc_maps address.
Fixed by moving some record keeping to the sender output
function. Files: cleanup/cleanup_envelope.c,
cleanup/cleanup_addr.c, cleanup/cleanup_milter.c,
cleanup/cleanup.h, regression tests.
20160410
Bugfix (introduced: Postfix 2.6): the "bad filetype"
header_checks pattern falsely rejected Content-Mumble headers
with ``name="example"; x-apple-part-url="example.com"''.
Fixed by respecting the ";" separator between content
attribute values. Reported by Cedric Knight. File:
proto/header_checks.
20160515
Portability: OpenBSD 6.0. Files: makedefs, util/sys_defs.h.
22219
22220
22221
22222
22223
22224
22225
22226
22227
22228
22229
22230
22231
22232
22233
22234
22235
22236
22237
22238
20160819
Bugfix (introduced: Postfix 3.0): the makedefs script ignored
readme_directory=pathname overrides. Fix by Todd C. Olson.
File: makedefs.
20160821
Bugfix (introduced: Postfix 3.0): the tls_session_ticket_cipher
documentation says aes-256-cbc, but the implementation was
using aes-128-cbc (note that Postfix SMTP server and client
processes have a limited life time).
20160828
Bitrot: fixes for incompatible OpenSSL 1.1.0 API changes.
Viktor Dukhovni. Files: posttls-finger/posttls-finger.c,
tls/tls.h, tls/tls_dane.c, tls/tls_verify.c, tls/tls_server.c,
tls/tls_client.c.